:: IT Security Neophyte Investigator's MEMO ::: 4日月曜日、大安

2013年2月4日月曜日

4日月曜日、大安

+ About the security content of Java for Mac OS X v10.6 Update 12
http://support.apple.com/kb/HT5647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0426
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0441
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0443
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0445
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0446
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0450
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1473
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1475
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1476
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1478
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1481

+ CESA-2013:0219 Moderate CentOS 6 mysql Update
http://lwn.net/Alerts/535681/

+ CESA-2013:0215 Important CentOS 6 libreport Update
http://lwn.net/Alerts/535682/

+ CESA-2013:0215 Important CentOS 6 abrt Update
http://lwn.net/Alerts/535683/

+ CESA-2013:0217 Important CentOS 6 mingw32-libxml2 Update
http://lwn.net/Alerts/535679/

+ CESA-2013:0218 Moderate CentOS 6 xorg-x11-drv-qxl Update
http://lwn.net/Alerts/535680/

+ CESA-2013:0216 Important CentOS 6 freetype Update
http://lwn.net/Alerts/535676/

+ CESA-2013:0213 Important CentOS 6 nspr Update
http://lwn.net/Alerts/535678/

+ CESA-2013:0216 Important CentOS 5 freetype Update
http://lwn.net/Alerts/535675/

+ CESA-2013:0214 Important CentOS 5 nss Update
http://lwn.net/Alerts/535677/

+ squid 3.2.7 released
http://www.squid-cache.org/Versions/v3/3.2/RELEASENOTES.html

+ VMSA-2013-0001 VMware vSphere security updates for the authentication service and third party libraries
http://www.vmware.com/security/advisories/VMSA-2013-0001.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871

+ Sudo 1.8.6p6, 1.7.10p5 released
http://www.sudo.ws/sudo/stable.html#1.8.6p6
http://www.sudo.ws/sudo/stable.html#1.7.10p5

+ J2SW JDK/JRE 1.7.0_13, 1.6.0_39 released
http://www.oracle.com/technetwork/java/javase/7u13-relnotes-1902884.html
http://www.oracle.com/technetwork/java/javase/6u39-relnotes-1902886.html

2013年2月の呼びかけ
「毎年2月は情報セキュリティ月間です！」
～　セキュリティ向上のために今できること　～
http://www.ipa.go.jp/security/txt/2013/02outline.html

情報セキュリティ月間における
官民連携による「情報セキュリティ啓発活動」の実施について
http://www.ipa.go.jp/security/event/2013/security_month/0201/index.html

初代王者はネットエージェントの技術者チーム、CTFチャレンジジャパンが初の決勝大会
http://itpro.nikkeibp.co.jp/article/NEWS/20130204/453861/?ST=security

最新サイバー攻撃に備える
ハッカー集団があなたの会社を狙う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130201/453549/?ST=security

Twitterに大規模セキュリティ攻撃「約25万人の情報にアクセスされた可能性」
http://itpro.nikkeibp.co.jp/article/NEWS/20130202/453781/?ST=security

「サイバー攻撃対策を怠れば、企業は存亡の危機に」遠藤政府CIOが警告
http://itpro.nikkeibp.co.jp/article/NEWS/20130201/453701/?ST=security

Facebookで蔓延する動画詐欺に注意、マカフィーが呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20130201/453562/?ST=security

Facebook、チャージ式のギフトカード「Facebook Card」を米国で提供へ
http://itpro.nikkeibp.co.jp/article/NEWS/20130201/453561/?ST=security

大丈夫？政府の情報セキュリティ対策
http://itpro.nikkeibp.co.jp/article/COLUMN/20130131/453304/?ST=security

NYTに続きWSJも、「中国ハッカーからサイバー攻撃を受けた」と報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130201/453461/?ST=security

JVNVU#90348117 Portable SDK for UPnP にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU90348117/index.html

US-CERT Alert TA13-032A - Oracle Java 7 Multiple Vulnerabilities
http://www.derkeiler.com/Mailing-Lists/Cert/2013-02/msg00000.html

Is it Really an Attack?
https://isc.sans.edu/diary.html?storyid=15067

Twitter Confirms Compromise of Approximately 250,000 Users
https://isc.sans.edu/diary.html?storyid=15064

Oracle quitely releases Java 7u13 early
https://isc.sans.edu/diary.html?storyid=15061

Oracle Java Flaws Let Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028071

Oracle Automated Service Manager Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028070

HP Network Node Manager i (NNMi) Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028069

VMware ESX/ESXi Authentication Protocol Implementation Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028068

VMware vCenter Server Authentication Protocol Implementation Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028067

VMware vSphere Client Authentication Protocol Implementation Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028066

Glibc Regex Bug Lets Remote or Local Users Deny Service
http://www.securitytracker.com/id/1028063

VU#858729 Java 7 contains multiple vulnerabilities
http://www.kb.cert.org/vuls/id/858729

Apple Mac OS X update for Java
http://secunia.com/advisories/52066/

Oracle JavaFX Multiple Vulnerabilities
http://secunia.com/advisories/52065/

Oracle Java Multiple Vulnerabilities
http://secunia.com/advisories/52064/

Vaadin "JsonPaintTarget.addAttribute()" Script Insertion Vulnerability
http://secunia.com/advisories/52063/

Red Hat update for JBoss Enterprise BRMS Platform
http://secunia.com/advisories/52054/

WordPress WP-Table Reloaded Plugin "id" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52027/

Snorby "in_xml()" Information Disclosure Weakness
http://secunia.com/advisories/52057/

VMware ESXi Multiple Vulnerabilities
http://secunia.com/advisories/52062/

VMware ESX Server Multiple Vulnerabilities
http://secunia.com/advisories/52061/

VMware vSphere Products Client-Side Authentication Vulnerability
http://secunia.com/advisories/52047/

Drupal Google Authenticator Login Module Security Bypass Security Issue
http://secunia.com/advisories/51987/

Netgear SPH200D Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52029/

D-Link DCS-930L / DCS-932L Configuration Disclosure Security Issue
http://secunia.com/advisories/51970/

IBM Smart Analytics System / InfoSphere Balanced Warehouse OpenSSL Vulnerabilities
http://secunia.com/advisories/52019/

WordPress yolink Search Plugin "s" Cross-Site Scripting Vulnerability
http://secunia.com/advisories/52030/

Red Hat update for mingw32-libxml2
http://secunia.com/advisories/52051/

Red Hat update for mysql
http://secunia.com/advisories/52050/

HP Network Node Manager Unspecified Cross-Site Scripting Vulnerabilities
http://secunia.com/advisories/52048/

Red Hat update for xorg-x11-drv-qxl
http://secunia.com/advisories/52052/

REMOTE: DataLife Engine preview.php PHP Code Injection
http://www.exploit-db.com/exploits/24444

Armor Safe Technologies CacheTALK III Default Admin Password
http://cxsecurity.com/issue/WLB-2013020009

FreeBSD 9.1 ftpd Remote Denial of Service
http://cxsecurity.com/issue/WLB-2013020003

Wordpress dt-chocolate Theme Image Open redirect
http://cxsecurity.com/issue/WLB-2013020011

WordPress theme Flash News Multiple vulnerabilities
http://cxsecurity.com/issue/WLB-2013020010

ArrowChat 1.5.61 Cross Site Scripting & Local File Inclusion
http://cxsecurity.com/issue/WLB-2013020008

AdaptCMS <= 2.0.4 SQL Injection vulnerability
http://cxsecurity.com/issue/WLB-2013020007

MiDas Technologies Goverment SQL Injection
http://cxsecurity.com/issue/WLB-2013020006

Morvarid Official Automation SQL Injection Vulnerability
http://cxsecurity.com/issue/WLB-2013020005

Vastal Freelance SQL Injection
http://cxsecurity.com/issue/WLB-2012010130

Marinet CMS SQL Injection
http://cxsecurity.com/issue/WLB-2012040142

FreeBSD/GNU ftpd remote denial of service exploit
http://cxsecurity.com/issue/WLB-2013010233

Oracle Automated Service Manager 1.3 local root during install
http://cxsecurity.com/issue/WLB-2013020002

Wordpress wp-table-reloaded plugin cross-site scripting in SWF
http://cxsecurity.com/issue/WLB-2013020001

Oracle Java Runtime Environment Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/57670

Drupal email2image Module Access Bypass Vulnerability
http://www.securityfocus.com/bid/57639

Corosync HMAC Denial of Service Vulnerability
http://www.securityfocus.com/bid/57617

Apache Axis and Axis2/Java SSL Certificate Validation Security Bypass Vulnerability
http://www.securityfocus.com/bid/56408

GNU Coreutils 'sort' Text Utility Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57492

GNU Coreutils 'join' Text Utility Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57516

GNU Coreutils 'uniq' Text Utility Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/57517

Ettercap Multiple Stack Buffer Overflow Vulnerabilities
http://www.securityfocus.com/bid/57175

QEMU KVM QXL Denial of Service Vulnerability
http://www.securityfocus.com/bid/57637

OpenSSL CMS PKCS #7 Decryption CVE-2012-0884 Security Bypass Vulnerability
http://www.securityfocus.com/bid/52428

OpenSSL ECDH Ciphersuites Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/49471

OpenSSL Multiple Vulnerabilities
http://www.securityfocus.com/bid/51281

OpenSSL TLS Server Extension Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44884

OpenSSL DTLS CVE-2012-0050 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51563

OpenSSL CVE-2012-2131 Encoded ASN.1 Data Incomplete Fix Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53212

OpenSSL Encoded ASN.1 Data Integer Truncation Memory Corruption Vulnerability
http://www.securityfocus.com/bid/53158

OpenSSL OCSP Stapling 'ClientHello' Handshake Message Parsing Security Vulnerability
http://www.securityfocus.com/bid/46264

Mozilla Firefox/Thunderbird/SeaMonkey CVE-2013-0743 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57258

abrt PYTHONPATH Environment Variable Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57661

abrt Race Condition Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/57662

Oracle MySQL Server CVE-2013-0384 Remote Security Vulnerability
http://www.securityfocus.com/bid/57416

Oracle MySQL Server CVE-2013-0383 Remote Security Vulnerability
http://www.securityfocus.com/bid/57405

Oracle MySQL Server CVE-2012-0572 Remote Security Vulnerability
http://www.securityfocus.com/bid/57385

Oracle MySQL Server CVE-2012-0574 Remote Security Vulnerability
http://www.securityfocus.com/bid/57414

Oracle MySQL Server CVE-2012-1705 Remote Security Vulnerability
http://www.securityfocus.com/bid/57410

Oracle MySQL Server CVE-2013-0375 Remote Security Vulnerability
http://www.securityfocus.com/bid/57391

Oracle MySQL Server CVE-2013-0385 Local Security Vulnerability
http://www.securityfocus.com/bid/57412

Oracle MySQL Server CVE-2013-0389 Remote Security Vulnerability
http://www.securityfocus.com/bid/57417

Oracle MySQL Server CVE-2012-1702 Remote Security Vulnerability
http://www.securityfocus.com/bid/57388

libxml2 Unspecified Out-of-Bounds Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/51084

Google Chrome Prior to 14.0.835.163 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49658

libxml2 Hash Collision Denial Of Service Vulnerability
http://www.securityfocus.com/bid/52107

libxml2 Invalid XPath Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/48056

JBoss Enterprise Application Platform CVE-2012-3370 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57550

JBoss Cache 'NonManagedConnectionFactory.java' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/51392

Apple Safari 'libxml' (CVE-2011-0216) Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/48832

JBoss Enterprise Application Platform CVE-2012-5478 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57551

Google Chrome Prior to 16.0.912.75 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51300

JBoss 'twiddle.sh' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/54631

JBoss Web Services W3C XML Encryption Standard Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55770

Spring Framework Expression Language JSP Attributes Handling Information Disclosure Vulnerability
http://www.securityfocus.com/bid/49543

Apache Tomcat CVE-2012-3546 Security Bypass Vulnerability
http://www.securityfocus.com/bid/56812

JBoss Enterprise Application Platform CVE-2012-3369 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57547

JBoss Enterprise Application Platform CVE-2011-4575 HTML Injection Vulnerability
http://www.securityfocus.com/bid/57548

JBoss Enterprise Application Platform CVE-2012-0874 Multiple Security Bypass Vulnerabilities
http://www.securityfocus.com/bid/57552

JBoss Enterprise Application Platform CVE-2011-2487 Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57549

FreeType 'src/psaux/t1decode.c' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/48619

FreeType 'ft_var_readpackedpoints()' Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/44214

FreeType Font Document Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50155

FreeType Versions Prior to 2.4.11 Multiple Remote Security Vulnerabilities
http://www.securityfocus.com/bid/57041

Apple iOS FreeType CVE-2011-3439 Multiple Memory Corruption Vulnerabilities
http://www.securityfocus.com/bid/50643

Google Chrome Prior to 23.0.1271.91 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/56684

libxml2 CVE-2012-2807 Multiple Integer Overflow Vulnerabilities
http://www.securityfocus.com/bid/54718

Google Chrome Prior to 19 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/53540

Oracle Java Runtime Environment CVE-2012-3136 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55337

Oracle Java Runtime Environment Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55213

Oracle Java SE CVE-2012-0547 Remote Java Runtime Environment Weakness
http://www.securityfocus.com/bid/55339

Google Chrome Prior to 20.0.1132.43 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/54203

Google Chrome Prior to 21.0.1180.89 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/55331

ISC BIND 9 DNS Resource Records Handling CVE-2012-4244 Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/55522

libxslt 'generate-id()' Function Information Disclosure Vulnerability
http://www.securityfocus.com/bid/47668

Google Chrome Prior to 17.0.963.46 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/51911

Linux Kernel 'binfmt_script.c' Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/55878

Linux Kernel KVM CVE-2012-4461 Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/56414

Linux Kernel hypervkvpd 'hv_kvp_daemon.c' Netlink Packet Processing Denial of Service Vulnerability
http://www.securityfocus.com/bid/56710

Drupal Core Multiple Access Bypass and Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/57437

DataLife Engine 'catlist' Parameter PHP Code Injection Vulnerability
http://www.securityfocus.com/bid/57603

Linux Kernel '/dev/ptmx' File Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/57176

libxml2 'XPATH' Memory Corruption Vulnerability
http://www.securityfocus.com/bid/44779

Google Chrome Prior to 13.0.782.215 Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/49279

libxml2 'XPATH' Expressions Memory Corruption Vulnerability
http://www.securityfocus.com/bid/45617

Oracle Java Runtime Environment CVE-2012-1682 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/55336

Linux Kernel GFS2 File Attribute Security Bypass Vulnerability
http://www.securityfocus.com/bid/40356

Linux Kernel 'sctp_process_unk_param()' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/39794

Linux Kernel 'tipc' Module Local Denial of Service Vulnerability
http://www.securityfocus.com/bid/39120

djbdns CVE-2012-1191 Security Bypass Vulnerability
http://www.securityfocus.com/bid/57669

Snorby 'in_xml()' Information Disclosure Weakness
http://www.securityfocus.com/bid/57668

Vaadin 'JsonPaintTarget.addAttribute()' HTML Injection Vulnerability
http://www.securityfocus.com/bid/57667

WordPress yolink Search Plugin 's' Parameter Cross Site Scripting Vulnerability
http://www.securityfocus.com/bid/57665

:: IT Security Neophyte Investigator's MEMO ::

2013年2月4日月曜日

4日月曜日、大安

0 件のコメント:

コメントを投稿

2013年2月4日月曜日

4日 月曜日、大安

0 件のコメント:

コメントを投稿

4日月曜日、大安