:: IT Security Neophyte Investigator's MEMO ::: 20日水曜日、大安

2013年2月20日水曜日

20日水曜日、大安

+ RHSA-2013:0270 Moderate: jakarta-commons-httpclient security update
http://rhn.redhat.com/errata/RHSA-2013-0270.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5783

+ RHSA-2013:0271 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-0271.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783

+ RHSA-2013:0272 Critical: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-0272.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783

+ RHSA-2013:0269 Moderate: axis security update
http://rhn.redhat.com/errata/RHSA-2013-0269.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5784

+ RHSA-2013:0271 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-0271.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0780
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0782
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0783

+ About the security content of Java for OS X 2013-001 and Mac OS X v10.6 Update 13
http://support.apple.com/kb/HT5666

+ nginx-1.3.13 development version released
http://nginx.org/en/download.html

+ Mozilla Firefox 19.0 released

+ Mozilla Thunderbird 17.0.3 released

+ MFSA 2013-28 Use-after-free, out of bounds read, and buffer overflow issues found using Address Sanitizer
http://www.mozilla.org/security/announce/2013/mfsa2013-28.html

+ MFSA 2013-27 Phishing on HTTPS connection through malicious proxy
http://www.mozilla.org/security/announce/2013/mfsa2013-27.html

+ MFSA 2013-26 Use-after-free in nsImageLoadingContent
http://www.mozilla.org/security/announce/2013/mfsa2013-26.html

+ MFSA 2013-25 Privacy leak in JavaScript Workers
http://www.mozilla.org/security/announce/2013/mfsa2013-25.html

+ MFSA 2013-24 Web content bypass of COW and SOW security wrappers
http://www.mozilla.org/security/announce/2013/mfsa2013-24.html

+ MFSA 2013-23 Wrapped WebIDL objects can be wrapped again
http://www.mozilla.org/security/announce/2013/mfsa2013-23.html

+ MFSA 2013-22 Out-of-bounds read in image rendering
http://www.mozilla.org/security/announce/2013/mfsa2013-22.html

+ MFSA 2013-21 Miscellaneous memory safety hazards (rv:19.0 / rv:17.0.3)
http://www.mozilla.org/security/announce/2013/mfsa2013-21.html

+ FreeBSD-SA-13:02.libc glob(3) related resource exhaustion
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:02.libc.asc

+ FreeBSD-SA-13:01.bind BIND remote DoS with deliberately crafted DNS64 query
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:01.bind.asc

+ J2SE JDK/JRE 1.7.0_15, 1.6.0_41 released
http://www.oracle.com/technetwork/java/javase/7u15-relnotes-1907738.html
http://www.oracle.com/technetwork/java/javase/6u41-relnotes-1907743.html

TROJ_GEN.RCBZ7BI の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1914

ServerProtect for Windows 5.8 Critical Patch build 1341 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1913

Foswiki Security: Alert CVE-2013-1666 - Remote Code Execution Vulnerability in MAKETEXT
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00087.html

FreeBSD Security Advisory FreeBSD-SA-13:02.libc
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00086.html

FreeBSD Security Advisory FreeBSD-SA-13:01.bind
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00085.html

SQLi found in Kodak Insite
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2013-02/msg00088.html

「標的型攻撃ウイルス」は実行形式が7割、PDFやDOC形式は3割以下に
「理由はオフィスソフトのセキュリティ強化」、トレンドマイクロが分析
http://itpro.nikkeibp.co.jp/article/NEWS/20130220/457301/?ST=security

日本プルーフポイント、メール添付をダウンロードURLに変換するサービスを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130219/457121/?ST=security

欧州当局、米Googleのプライバシーポリシーを巡る規制をさらに強化へ
http://itpro.nikkeibp.co.jp/article/NEWS/20130219/457042/?ST=security

Burger KingのTwitterアカウントがハッキング被害に---米英メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130219/457022/?ST=security

JVN#74829345 Android OS を搭載した複数の端末におけるサービス運用妨害 (DoS) の脆弱性
http://jvn.jp/jp/JVN74829345/

JVNVU#960468 HP ArcSight アプライアンス製品にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU960468/

APT1, Unit 61398 and are state sponsored attacks real
https://isc.sans.edu/diary.html?storyid=15190

Oracle Updates Java (Java 7 Update 15, Java 6 update 41)
https://isc.sans.edu/diary.html?storyid=15193

EDUCAUSE Breach
https://isc.sans.edu/diary.html?storyid=15199

Apple Java Update APPLE-SA-2013-02-19-1 Java for OS X 2013-001 and Mac OS X v10.6 Update
https://isc.sans.edu/diary.html?storyid=15202

Oracle Java Flaws Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028155

Cisco Secure Access Control System Command Line Interface Flaw Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1028154

Cisco Prime LAN Management Solution Command Line Interface Flaw Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1028153

Cisco Identity Services Engine Software Command Line Interface Flaw Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1028152

Cisco Application Networking Manager Command Line Interface Flaw Lets Local Users Gain Root Privileges
http://www.securitytracker.com/id/1028151

CometChat Two Vulnerabilities
http://secunia.com/advisories/52182/

Sonar Multiple Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52146/

Sonar Project Analysis Roles Reset Security Issue
http://secunia.com/advisories/52069/

MIMEsweeper for SMTP Error Message Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52231/

PHP-Fusion Two SQL Injection Vulnerabilities
http://secunia.com/advisories/52226/

Cisco TelePresence System Products libupnp Buffer Overflow Vulnerabilities
http://secunia.com/advisories/52221/

WordPress Car Demon Plugin Multiple Script Insertion Vulnerabilities
http://secunia.com/advisories/51088/

SUSE update for java-1_6_0-openjdk
http://secunia.com/advisories/52220/

Debian update for nss-pam-ldapd
http://secunia.com/advisories/52242/

nss-pam-ldapd File Descriptor Handling Buffer Overflow Vulnerability
http://secunia.com/advisories/52212/

SUSE update for roundcubemail
http://secunia.com/advisories/52222/

WordPress Marekkis Watermark Plugin "pfad" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52227/

dbus-glib D-Bus GLib Bindings "NameOwnerChanged" Signal Handling Vulnerability
http://secunia.com/advisories/52225/

Open Review Script "keyword" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52238/

Ubuntu update for linux-ec2
http://secunia.com/advisories/52214/

AdaptaWeb Cms Sql Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013020133

Open Review Script Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020132

MIMEsweeper For SMTP 5.5 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020131

USB Sharp 1.3.4 iPad iPhone Multiple Web Vulnerabilities
http://cxsecurity.com/issue/WLB-2013020130

PHP-Fusion CMS 7.02.05 SQL Injection
http://cxsecurity.com/issue/WLB-2013020129

ZeroClipboard 1.0.7 Cross Site Scripting
http://cxsecurity.com/issue/WLB-2013020128

Air Transfer 1.2.0 Local File Inclusion
http://cxsecurity.com/issue/WLB-2013020127

Multiple TLS And DTLS Implementations CVE-2013-0169 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57778

GNU libc glob(3) 'GLOB_LIMIT' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/43819

ISC BIND 9 DNS64 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/56817

Oracle Java SE CVE-2013-0428 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57713

Oracle Java SE CVE-2013-0427 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57724

Oracle Java SE CVE-2013-0426 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57711

Oracle Java SE CVE-2013-0432 Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57727

Oracle Java SE CVE-2013-0443 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57702

Oracle Java SE CVE-2013-0424 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57715

Oracle Java SE CVE-2013-0435 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57729

Oracle Java SE CVE-2013-0440 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57712

Oracle Java SE CVE-2013-0442 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57687

Oracle Java SE CVE-2013-0450 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57703

Oracle Java SE CVE-2013-0433 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57719

Oracle Java SE CVE-2013-0441 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57692

Oracle Java SE CVE-2013-1476 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57696

Oracle Java SE CVE-2013-1475 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57694

Oracle Java SE CVE-2013-0429 Remote Java Runtime Environment Remote Security Vulnerability
http://www.securityfocus.com/bid/57710

Oracle Java SE CVE-2013-0434 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57730

Oracle Java SE CVE-2013-0425 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/57709

TWiki and Foswiki 'MAKETEXT' Variable Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56950

libupnp Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57602

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0767 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57195

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0758 Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57232

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0759 Address Bar URI Spoofing Vulnerability
http://www.securityfocus.com/bid/57228

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0748 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57234

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0744 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/57218

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0762 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57193

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0754 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57217

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0753 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/57209

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0750 Heap Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57235

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0769 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57203

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0766 Use After Free Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57194

Perl Digest Module 'Digest->new()' Code Injection Vulnerability
http://www.securityfocus.com/bid/49911

Microsoft Windows 'Win32k.sys' CVE-2013-1271 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57813

Perl CGI.pm Header Values Newline Handling Unspecified Security Vulnerability
http://www.securityfocus.com/bid/45145

Microsoft Windows 'Win32k.sys' CVE-2013-1274 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57816

Microsoft Windows 'Win32k.sys' CVE-2013-1276 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57818

Microsoft Windows 'Win32k.sys' CVE-2013-1275 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57817

Microsoft Windows 'Win32k.sys' CVE-2013-1277 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57819

Microsoft Windows 'Win32k.sys' CVE-2013-1272 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57814

Microsoft Windows 'Win32k.sys' CVE-2013-1273 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57815

Microsoft Windows 'Win32k.sys' CVE-2013-1267 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57809

Microsoft Windows 'Win32k.sys' CVE-2013-1266 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57808

Microsoft Windows 'Win32k.sys' CVE-2013-1270 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57812

Microsoft Windows 'Win32k.sys' CVE-2013-1268 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57810

Microsoft Windows 'Win32k.sys' CVE-2013-1269 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57811

Microsoft Windows 'Win32k.sys' CVE-2013-1259 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57801

Microsoft Windows 'Win32k.sys' CVE-2013-1262 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57804

Microsoft Windows 'Win32k.sys' CVE-2013-1261 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57803

Microsoft Windows 'Win32k.sys' CVE-2013-1258 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57800

Microsoft Windows 'Win32k.sys' CVE-2013-1264 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57806

Microsoft Windows 'Win32k.sys' CVE-2013-1265 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57807

Microsoft Windows 'Win32k.sys' CVE-2013-1260 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57802

Microsoft Windows 'Win32k.sys' CVE-2013-1263 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57805

ZoneMinder 'view' Parameter Local File Include Vulnerability
http://www.securityfocus.com/bid/48949

Xen 'xen_failsafe_callback()' Function Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/57433

Microsoft Windows 'Win32k.sys' CVE-2013-1257 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57799

Microsoft Windows 'Win32k.sys' CVE-2013-1256 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57798

Microsoft Windows 'Win32k.sys' CVE-2013-1251 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57793

Microsoft Windows 'Win32k.sys' CVE-2013-1248 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57786

Microsoft Windows 'Win32k.sys' CVE-2013-1255 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57797

Microsoft Windows 'Win32k.sys' CVE-2013-1250 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57792

Microsoft Windows 'Win32k.sys' CVE-2013-1253 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57795

Microsoft Windows 'Win32k.sys' CVE-2013-1252 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57794

Microsoft Windows 'Win32k.sys' CVE-2013-1254 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57796

Microsoft Windows 'Win32k.sys' CVE-2013-1249 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57791

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

Vino CVE-2012-4429 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55548

Vino Framebuffer Request Processing Multiple Remote Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/47681

Microsoft .NET Framework CVE-2013-0073 Remote Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57847

Net-SNMP SNMP GET Request Denial of Service Vulnerability
http://www.securityfocus.com/bid/53255

OpenLDAP LDAP Search Request Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/52404

Linux Kernel Key Management CVE-2012-2745 Denial of Service Vulnerability
http://www.securityfocus.com/bid/54365

Linux Kernel IPv6 'nf_ct_frag6_reasm()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/54367

Linux Kernel epoll Subsystem 'eventpoll.c' Multiple Local Denial of Service Vulnerabilities
http://www.securityfocus.com/bid/46630

Linux Kernel NFS Client 'decode_getacl()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/50655

GNU glibc 'addmntent()' Mount Helper Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/46740

GNU glibc Timezone Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/50898

GNU glibc 'ld.so' ELF Header Parsing Remote Integer Overflow Vulnerability
http://www.securityfocus.com/bid/40063

GNU glibc 'svc_run()' EMFILE Error Handling Denial of Service Vulnerability
http://www.securityfocus.com/bid/51439

'glibc' Library 'locale/programs/locale.c' Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/47370

GNU glibc 'fnmatch()' Function Stack Corruption Vulnerability
http://www.securityfocus.com/bid/46563

GIMP Multiple Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/55101

GIMP CVE-2012-3402 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/55103

GIMP GIF Image Parsing 'LZWReadByte()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/49148

GIMP PSD Image Parsing Integer Overflow Vulnerability
http://www.securityfocus.com/bid/37040

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4196 Cross-Origin Security Bypass Vulnerability
http://www.securityfocus.com/bid/56306

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4194 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56301

Mozilla Firefox/SeaMonkey/Thunderbird CVE-2012-4195 Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/56302

Microsoft Internet Explorer Vector Markup Language CVE-2013-0030 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/57852

Oracle Sun Products Suite CVE-2013-0399 Local Solaris Vulnerability
http://www.securityfocus.com/bid/57399

Oracle Java SE CVE-2013-1487 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58031

Mozilla Firefox/Thunderbird/SeaMonkey MFSA 2013-21 through -28 Multiple Vulnerabilities
http://www.securityfocus.com/bid/58030

Oracle Java SE CVE-2013-1486 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58029

Oracle Java SE CVE-2013-1485 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58028

Oracle Java SE CVE-2013-1484 Remote Java Runtime Environment Vulnerability
http://www.securityfocus.com/bid/58027

Squirrelcart 'table' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/58025

Kodak InSite 'EmailPassword.asp' SQL Injection Vulnerability
http://www.securityfocus.com/bid/58023

WordPress Car Demon Plugin Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/58017

:: IT Security Neophyte Investigator's MEMO ::

2013年2月20日水曜日

20日水曜日、大安

0 件のコメント:

コメントを投稿

2013年2月20日水曜日

20日 水曜日、大安

0 件のコメント:

コメントを投稿

20日水曜日、大安