:: IT Security Neophyte Investigator's MEMO ::: 5月 2013

2013年5月31日金曜日

31日金曜日、先勝

+ RHSA-2013:0884 Moderate: libtirpc security update
http://rhn.redhat.com/errata/RHSA-2013-0884.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1950

+ RHSA-2013:0883 Important: gnutls security update
http://rhn.redhat.com/errata/RHSA-2013-0883.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116

+ UPDATE: HPSBGN02589 SSRT100296 rev.2 - HP ProCurve Access Points, Access Controllers, and Mobility Controllers, Privilege Escalation
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c02544568-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

Check Point response to 'SSH encapsulated in DNS traffic is not detected by Application Control'
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92938&src=securityAlerts

Trend Micro Web Security for Yamaha 新機種のサポート開始のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1964

チェックしておきたい脆弱性情報＜2013.05.31＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479962/?ST=security

IDとパスワードに頼る認証は、もう破綻している
http://itpro.nikkeibp.co.jp/article/Watcher/20130530/480791/?ST=security

阪急阪神百貨店のショッピングサイトで、クレジットカード情報など2382人分の個人情報が漏洩
http://itpro.nikkeibp.co.jp/article/NEWS/20130530/480861/?ST=security

Cisco NX-OS Nexus 1000v Bugs Let Remote Users Gain Control, Deny Service, and Bypass Security
http://www.securitytracker.com/id/1028606

REMOTE: Logic Print 2013 - Stack Overflow (vTable Overwrite)
http://www.exploit-db.com/exploits/25835

REMOTE: Intrasrv Simple Web Server 1.0 - SEH Based Remote Code Execution
http://www.exploit-db.com/exploits/25836

REMOTE: IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
http://www.exploit-db.com/exploits/25814

DoS/PoC: Monkey HTTPD 1.1.1 - Crash PoC
http://www.exploit-db.com/exploits/25837

2013年5月30日木曜日

30日木曜日、赤口

+ CESA-2013:0868 Moderate CentOS 6 haproxy Update
http://lwn.net/Alerts/552183/

+ CESA-2013:0869 Important CentOS 6 tomcat6 Update
http://lwn.net/Alerts/552184/

+ CESA-2013:0870 Important CentOS 5 tomcat5 Update
http://lwn.net/Alerts/552157/

+ BIND 9.9.3, 9.8.5, 9.6-ESV-R9 released
https://kb.isc.org/article/AA-00927
https://kb.isc.org/article/AA-00928
https://kb.isc.org/article/AA-00929

+ DHCP 4.2.5-P1 released
https://kb.isc.org/article/AA-00891

+ A Vulnerability in libdns Could Cause Excessive Memory Use in ISC DHCP 4.2
https://www.isc.org/software/dhcp/advisories/cve-2013-2494
CVE-2013-2494

+ A Maliciously Crafted Regular Expression Can Cause Memory Exhaustion in named
https://www.isc.org/software/bind/advisories/cve-2013-2266
CVE-2013-2266

+ UPDATE: HPSBPI02869 SSRT100936 rev.2 - HP LaserJet MFP Printers, HP Color LaserJet MFP Printers, Certain HP LaserJet Printers, Remote Unauthorized Access to Files
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03744742-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ SA53154 Apache HTTP Server mod_rewrite Vulnerability
http://secunia.com/advisories/53154/
CVE-2013-1862

+ Linux kernel net oops from tcp_collapse() using splice(2)
http://cxsecurity.com/issue/WLB-2013050210

VSX Virtual System might be left without 'Default Policy' if installation of policy fails
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92812&src=securityAlerts

世界のセキュリティ・ラボから
企業に提案するサイバーセキュリティのロードマップ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130529/480401/?ST=security

JVN#90289505 モバツイtouch の Content Provider にアクセス制限不備の脆弱性
http://jvn.jp/jp/JVN90289505/

JVN#22756333 Sleipnir Mobile for Android におけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN22756333/

REMOTE: IBM SPSS SamplePower C1Tab ActiveX Heap Overflow
http://www.exploit-db.com/exploits/25814

DoS/PoC: CodeBlocks 12.11 (Mac OS X) - Crash POC
http://www.exploit-db.com/exploits/25809

2013年5月29日水曜日

29日水曜日、大安

+ RHSA-2013:0869 Important: tomcat6 security update
http://rhn.redhat.com/errata/RHSA-2013-0869.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2051

+ Opera 15.0 Next released
http://www.opera.com/docs/changelogs/unified/1500n/

+ RHSA-2013:0870 Important: tomcat5 security update
http://rhn.redhat.com/errata/RHSA-2013-0870.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976

+ Windows Kernel 'win32k.sys' Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028591

+ REMOTE: Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
http://www.exploit-db.com/exploits/25775

+ Facebook HTTP Graph API Users ID (and others) Information Disclosure
http://cxsecurity.com/issue/WLB-2013050198

+ Nginx HTTP Server 1.3.9-1.4.0 Chuncked Encoding Stack Buffer Overflow
http://cxsecurity.com/issue/WLB-2013050174

+ Apache Tomcat CVE-2013-1976 Insecure Temporary File Handling Vulnerability
http://www.securityfocus.com/bid/60186
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1976

Trend Micro Control Manager 5.5 Service Pack 1 Patch 3 build 1850 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1961

チェックしておきたい脆弱性情報＜2013.05.28＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479681/?ST=security

ファイルの「メタデータ」に重要な情報が潜む――ケビン・ミトニック氏
企業のソフトウエア利用状況やネットワーク情報が丸裸に
http://itpro.nikkeibp.co.jp/article/NEWS/20130528/480063/?ST=security

LOCAL: AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass
http://www.exploit-db.com/exploits/25776

2013年5月28日火曜日

28日火曜日、仏滅

+ Apache Struts 'includeParams' CVE-2013-2115 Incomplete Fix Security Bypass Vulnerability
http://www.securityfocus.com/bid/60167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2115

+ Apache Struts 'includeParams' CVE-2013-1966 Security Bypass Vulnerability
http://www.securityfocus.com/bid/60166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1966

Universal Database Tools - DtSQL 2.5.1 is released (FREE)
http://www.postgresql.org/about/news/1466/

宮本和明のシリコンバレー最新技術報告
仮想化技術で攻撃を封じ込める次世代ファイアウオール、XenSource創業者が開発
http://itpro.nikkeibp.co.jp/article/COLUMN/20130526/479642/?ST=security

最新サイバー攻撃に備える
Yahoo!に続き三越も攻撃、不正ログインにサイト運営者はどう対抗する
http://itpro.nikkeibp.co.jp/article/COLUMN/20130527/479767/?ST=security

約11万件のカード情報が流出、携帯とWi-FiレンタルのGLOBALDATAとGlobal Cellularから
http://itpro.nikkeibp.co.jp/article/NEWS/20130527/480001/?ST=security

JVN#31817913 Yahoo!ブラウザーにおけるアドレスバー偽装の脆弱性
http://jvn.jp/jp/JVN31817913/

2013年5月27日月曜日

27日月曜日、先負

+ About the security content of QuickTime 7.7.4

http://support.apple.com/kb/HT5770

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1015

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1016

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1017

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1018

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0989

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1020

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0987

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1021

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0986

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0988

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1022

+ CESA-2013:0847 Moderate CentOS 5 kernel Update

http://lwn.net/Alerts/551400/

+ CESA-2013:0830 Important CentOS 6 kernel Update

http://lwn.net/Alerts/551049/

+ CESA-2013:0831 Moderate CentOS 6 libvirt Update

http://lwn.net/Alerts/551051/

+ phpMyAdmin 4.0.2 released

http://sourceforge.net/p/phpmyadmin/news/2013/05/phpmyadmin-402-is-released/

+ Squid 3.3.5 released

http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html

+ Wireshark 1.8.7 Released

http://www.wireshark.org/docs/relnotes/wireshark-1.8.7.html

+ Update: Multiple Vulnerabilities in Cisco ASA Software

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130410-asa

+ Update: HPSBMU02742 SSRT100740 rev.2 - HP System Management Homepage (SMH) for Linux, Windows and ESX 4.1, Remote Unauthorized Disclosure of Information

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03164351-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Update: HPSBPV02855 SSRT100512 rev.2 - HP ProCurve 1700-8(J9079A) and 1700-24(J9080A) Switches, Cross Site Request Forgery (CSRF)

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03699981-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBUX02881 SSRT101189 rev.1 - HP-UX Directory Server, Remote Disclosure of Information

https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03772083-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ CVE-2012-0814 Credentials Management vulnerability in SSH

https://blogs.oracle.com/sunsecurity/entry/cve_2012_0814_credentials_management

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0814

+ Lucky Thirteen vulnerability in Solaris OpenSSL

https://blogs.oracle.com/sunsecurity/entry/lucky_thirteen_vulnerability_in_solaris

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ Multiple Permissions, Privileges, and Access Control vulnerabilities in Sudo

https://blogs.oracle.com/sunsecurity/entry/multiple_permissions_privileges_and_access

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776

+ CVE-2012-5134 Buffer Overflow vulnerability in libxml2

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5134_buffer_overflow

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134

+ CVE-2013-0338 Denial of Service (DoS) vulnerability in libxml2

https://blogs.oracle.com/sunsecurity/entry/cve_2013_0338_denial_of

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338

+ CVE-2012-5526 Configuration vulnerability in Perl

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526

+ CVE-2010-5107 Denial of Service vulnerability in SSH

https://blogs.oracle.com/sunsecurity/entry/cve_2010_5107_denial_of

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5107

+ Multiple Cross Site Scripting vulnerabilities in Apache HTTP server

https://blogs.oracle.com/sunsecurity/entry/multiple_cross_site_scripting_vulnerabilities

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558

+ CVE-2012-4429 Information Leak / Disclosure in vino

https://blogs.oracle.com/sunsecurity/entry/cve_2012_4429_information_leak

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4429

+ CVE-2012-4564 Design Error vulnerability in GIMP

https://blogs.oracle.com/sunsecurity/entry/cve_2012_4564_design_error

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4564

+ CVE-2012-5195 Heap Buffer Overrun vulnerability in Perl

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_heap_buffer

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195

+ CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep

https://blogs.oracle.com/sunsecurity/entry/cve_2012_5667_heap_buffer

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5667

+ CVE-2012-6329 Code Injection vulnerability in Perl 5.8

https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection1

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329

+ CVE-2012-6329 Code Injection vulnerability in Perl

https://blogs.oracle.com/sunsecurity/entry/cve_2012_6329_code_injection

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6329

+ Multiple vulnerabilities fixed in Wireshark 1.8.4

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_fixed_in_wireshark

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6052

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6053

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6054

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6055

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6056

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6057

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6058

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6059

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6060

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6061

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6062

+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.16

https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of2

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.12

https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of1

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.8

https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ Multiple vulnerabilities in Samba Web Administration Tool (SWAT)

https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba_web

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214

+ HS13-012 Vulnerability in JP1/Integrated Management - TELstaff Alarm View

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-012/index.html

+ HS13-011 Cross-site Scripting Vulnerability in JP1/Automatic Operation

http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-011/index.html

+ HS13-012 JP1/Integrated Management - TELstaff Alarm Viewにおける脆弱性

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-012/index.html

+ HS13-011 JP1/Automatic Operationにおけるクロスサイトスクリプティングの脆弱性

http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-011/index.html

+ RHSA-2013:0847 Moderate: kernel security and bug fix update

http://rhn.redhat.com/errata/RHSA-2013-0847.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0153

+ Apache Ant 1.9.1 Released

http://ftp.meisei-u.ac.jp/mirror/apache/dist//ant/README.html

+ Apache Struts 2.3.14.2 released

http://struts.apache.org/release/2.3.x/docs/version-notes-23142.html

+ Dovecot 2.2.2 released

http://www.dovecot.org/list/dovecot-news/2013-May/000255.html

+ Perl 5.18.0 released

http://www.perl.org/get.html

+ Samba 4.0.6 Available for Download

http://samba.org/samba/history/samba-4.0.6.html

+ REMOTE: SIEMENS Solid Edge ST4 WebPartHelper ActiveX - RFMSsvs!JShellExecuteEx RCE

http://www.exploit-db.com/exploits/25713

+ LOCAL: Sony Playstation 3 (PS3) 4.31 - Save Game Preview SFO File Handling Local Command Execution

http://www.exploit-db.com/exploits/25718

+ LOCAL: AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass

http://www.exploit-db.com/exploits/25725

+ DoS/PoC: SIEMENS Solid Edge ST4 SEListCtrlX ActiveX - SetItemReadOnly Arbitrary Memory Rewrite RCE

http://www.exploit-db.com/exploits/25712

+ DoS/PoC: SAS Integration Technologies Client 9.31_M1 (SASspk.dll) - Stack-Based Overflow

http://www.exploit-db.com/exploits/25714

+ DoS/PoC: Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities

http://www.exploit-db.com/exploits/25719

+ Dovecot 'APPEND' Parameter Denial of Service Vulnerability

http://www.securityfocus.com/bid/60052

InterScan Web Security Suite 3.1 Linux 版 Patch 7 (Build 1320) 公開のお知らせ

http://www.trendmicro.co.jp/support/news.asp?id=1954

【復旧】ウイルスバスターのお客さまサポート電話窓口に繋がりにくい問題

http://www.trendmicro.co.jp/support/news.asp?id=1962

InterScan Web Security Suite 5.6 Linux版公開のお知らせ

http://www.trendmicro.co.jp/support/news.asp?id=1955

パターンファイル番号の桁上がりにより発生するパターンアップデートが出来ない問題について

http://www.trendmicro.co.jp/support/news.asp?id=1959

定期サーバメンテナンスのお知らせ（2013年5月24日）

http://www.trendmicro.co.jp/support/news.asp?id=1960

MicroOLAP Database Designer for PostgreSQL v1.9.0 released

http://www.postgresql.org/about/news/1465/

「EC-CUBE」におけるアクセス制限不備の脆弱性対策について(JVN#45306814)

http://www.ipa.go.jp/security/ciadr/vul/20130523-jvn.html

ミツバチを使って地雷探査：クロアチアと米国（WIRED.jp）

http://itpro.nikkeibp.co.jp/article/NEWS/20130527/479704/?ST=security

三越の通販サイトで8289件の顧客情報漏洩、520万件の不正ログイン試行

http://itpro.nikkeibp.co.jp/article/NEWS/20130525/479541/?ST=security

農水省へのサイバー攻撃で124点の行政文書の流出の可能性

http://itpro.nikkeibp.co.jp/article/NEWS/20130525/479521/?ST=security

Yahoo! JAPAN ID約148万6000件で暗号化パスワードなど漏洩の可能性

http://itpro.nikkeibp.co.jp/article/NEWS/20130523/479201/?ST=security

トレンドマイクロ、Windows XP対応製品のサポートを2014年4月以降も継続

個人向けウイルスバスターは2015年12月、企業向けは2017年1月まで

http://itpro.nikkeibp.co.jp/article/NEWS/20130523/479161/?ST=security

日本セーフネット、暗号鍵管理機器「Luna SA」を仮想サーバー型に刷新

http://itpro.nikkeibp.co.jp/article/NEWS/20130523/478984/?ST=security

Twitterが2段階認証を導入、アカウント保護を強化

http://itpro.nikkeibp.co.jp/article/NEWS/20130523/478943/?ST=security

世界のセキュリティ・ラボから

Facebookプロフィールを乗っ取るブラウザー拡張機能

http://itpro.nikkeibp.co.jp/article/COLUMN/20130522/478707/?ST=security

JVN#39699406 EC-CUBE における不適切な入力確認に起因する情報漏えいの脆弱性

http://jvn.jp/jp/JVN39699406/

JVN#45306814 EC-CUBE におけるアクセス制限不備の脆弱性

http://jvn.jp/jp/JVN45306814/

JVN#00985872 EC-CUBE におけるセッション固定の脆弱性

http://jvn.jp/jp/JVN00985872/

JVN#52552792 EC-CUBE におけるクロスサイトスクリプティングの脆弱性

http://jvn.jp/jp/JVN52552792/

JVNVU#92679127 Apple QuickTime における複数の脆弱性に対するアップデート

http://jvn.jp/cert/JVNVU92679127/index.html

2013年5月17日金曜日

17日金曜日、大安

+ RHSA-2013:0830 Important: kernel security update
http://rhn.redhat.com/errata/RHSA-2013-0830.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094

+ RHSA-2013:0831 Moderate: libvirt security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0831.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1962

+ RHSA-2013:0827 Important: openswan security update
http://rhn.redhat.com/errata/RHSA-2013-0827.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2053

+ About the security content of iTunes 11.0.3
http://support.apple.com/kb/HT5766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1014
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2857
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5112
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0912
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0948
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0949
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0956
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0958
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0959
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0960
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1011

+ CESA-2013:0827 Important CentOS 6 openswan Update
http://lwn.net/Alerts/550921/

+ CESA-2013:0827 Important CentOS 5 openswan Update
http://lwn.net/Alerts/550920/

+ CESA-2013:0820 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/550709/

+ CESA-2013:0820 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/550710/

+ CESA-2013:0821 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/550711/

+ CESA-2013:0821 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/550712/

+ Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130515-mse
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1236

+ OpenSSH 6.2p2 released
http://www.openssh.com/txt/release-6.2p2

+ Linux Kernel Array Bounds Checking Flaw Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094

+ SA53393 Ajax Availability Calendar Multiple Vulnerabilities
http://secunia.com/advisories/53393/

+ SA53392 ownCloud Multiple Vulnerabilities
http://secunia.com/advisories/53392/

+ SSH User Code Execution
http://cxsecurity.com/issue/WLB-2013050135

+ python backports ssl_match_hostname Resource Exhaustion 0day
http://cxsecurity.com/issue/WLB-2013050127

+ Python 'ssl.match_hostname()' Function Denial of Service Vulnerability
http://www.securityfocus.com/bid/59877
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2098

Adobe Reader および Acrobat の脆弱性対策について (APSB13-15)(CVE-2013-2549等)
http://www.ipa.go.jp/security/ciadr/vul/20130515-adobereader.html

Adobe Flash Player の脆弱性対策について (APSB13-14)(CVE-2013-2728等)
http://www.ipa.go.jp/security/ciadr/vul/20130515-adobeflashplayer.html

Microsoft 製品の脆弱性対策について(5月)
http://www.ipa.go.jp/security/ciadr/vul/20130515-ms.html

警察庁が「サイバー攻撃分析センター」、全国の警察から情報を収集
http://itpro.nikkeibp.co.jp/article/NEWS/20130517/477483/?ST=security

脅威高まる車載ソフトへの攻撃
第5回対策に「王道」を求めるな
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475088/?ST=security

自分のパスワードを棚卸ししてみた
http://itpro.nikkeibp.co.jp/article/Watcher/20130514/476805/?ST=security

シマンテック、公明党議員向けにネット選挙対策勉強会を開催
http://itpro.nikkeibp.co.jp/article/NEWS/20130516/477385/?ST=security

チェック・ポイント、SMB向け弁当箱UTMの後継機「600 Appliance」を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130516/477383/?ST=security

デル、ハイエンド級ファイアウォールの下位シリーズ「SuperMassive 9000」を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130516/477343/?ST=security

IE8のゼロデイ脆弱性を修正するパッチ公開、早急に適用を
別バージョンのIEにも危険な脆弱性、10件中2件は危険度が最悪の「緊急」
http://itpro.nikkeibp.co.jp/article/NEWS/20130516/477204/?ST=security

世界のセキュリティ・ラボから
Google Glassとセキュリティの懸念
http://itpro.nikkeibp.co.jp/article/COLUMN/20130511/476281/?ST=security

トレンドマイクロが「3D戦略」公開、ウイルスバスターモバイルなど新製品3種を発売
http://itpro.nikkeibp.co.jp/article/NEWS/20130515/477022/?ST=security

JVNVU#91592755 Mutiny にディレクトリトラバーサルの脆弱性
http://jvn.jp/cert/JVNVU91592755/

JVNVU#98097798 IBM Notes のメールクライアントに Java および Javascript が実行される問題
http://jvn.jp/cert/JVNVU98097798/

JVNTA13-134A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-134A/

JVNVU#91241075 Serva にバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU91241075/

JVNVU#91064079 ColdFusion に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU91064079/

JVN#85371480 Wi-Fiスポット設定用ソフトウェアにおける接続処理に関する脆弱性
http://jvn.jp/jp/JVN85371480/index.html

VU#701572 Mutiny Appliance contains multiple directory traversal vulnerabilities
http://www.kb.cert.org/vuls/id/701572

DoS/PoC: Serva 32 TFTP 2.1.0 - Buffer Overflow Denial of service
http://www.exploit-db.com/exploits/25472

2013年5月15日水曜日

15日水曜日、先負

+ 2013 年 5 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-may

+ MS13-037 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2829530)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1297

+ MS13-038 - 緊急 Internet Explorer 用のセキュリティ更新プログラム (2847204)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347

+ MS13-039 - 重要 HTTP.sys の脆弱性により、サービス拒否が起こる (2829254)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1305

+ MS13-040 - 重要 .NET Framework の脆弱性により、なりすましが行われる (2836440)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1337

+ MS13-041 - 重要 Lync の脆弱性により、リモートでコードが実行される (2834695)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1302

+ MS13-042 - 重要 Microsoft Publisher の脆弱性により、リモートでコードが実行される (2830397)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1329

+ MS13-043 - 重要 Microsoft Word の脆弱性により、リモートでコードが実行される (2830399)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1335

+ MS13-044 - 重要 Microsoft Visio の脆弱性により、情報漏えいが起こる (2834692)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1301

+ UPDATE: Microsoft Security Advisory (2847140) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140

+ Microsoft Security Advisory (2846338) Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2846338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1346

+ Microsoft Security Advisory (2820197) Update Rollup for ActiveX Kill Bits
http://technet.microsoft.com/en-us/security/advisory/2820197

+ UPDATE: Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801

+ マイクロソフトセキュリティアドバイザリ (2846338) Microsoft Malware Protection Engine の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2846338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1346

+ マイクロソフトセキュリティアドバイザリ (2820197) ActiveX の Kill Bit 更新プログラムのロールアップ
http://technet.microsoft.com/ja-jp/security/advisory/2820197

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ RHSA-2013:0821 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-0821.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681

+ RHSA-2013:0820 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-0820.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681

+ Mozilla Firefox 21.0 released
http://www.mozilla.jp/firefox/21.0/releasenotes/

+ Mozilla Thunderbird 17.0.6 released
http://www.mozilla.jp/thunderbird/17.0.6/releasenotes/

+ MFSA 2013-48 Memory corruption found using Address Sanitizer
http://www.mozilla.org/security/announce/2013/mfsa2013-48.html

+ MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html

+ MFSA 2013-46 Use-after-free with video and onresize event
http://www.mozilla.org/security/announce/2013/mfsa2013-46.html

+ MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
http://www.mozilla.org/security/announce/2013/mfsa2013-45.html

+ MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
http://www.mozilla.org/security/announce/2013/mfsa2013-44.html

+ MFSA 2013-43 File input control has access to full path
http://www.mozilla.org/security/announce/2013/mfsa2013-43.html

+ MFSA 2013-42 Privileged access for content level constructor
http://www.mozilla.org/security/announce/2013/mfsa2013-42.html

+ MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
http://www.mozilla.org/security/announce/2013/mfsa2013-41.html

+ APSB13-15 Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3342

+ APSB13-14 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3335

+ APSB13-13 Security update: Hotfix available for ColdFusion
http://www.adobe.com/support/security/bulletins/apsb13-13.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3336

+ CESA-2013:0815 Moderate CentOS 6 httpd Update
http://lwn.net/Alerts/550572/

+ CESA-2013:0815 CentOS 5 httpd Update
http://lwn.net/Alerts/550563/

+ phpMyAdmin 4.0.1 released
http://sourceforge.net/p/phpmyadmin/news/2013/05/phpmyadmin-401-is-released/

+ UPDATE: HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714526-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ SA53348 Apache Tomcat FormAuthenticator Session Hijacking Weakness
http://secunia.com/advisories/53348/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067

+ LOCAL: Linux PERF_EVENTS - Local Root Exploit
http://www.exploit-db.com/exploits/25444

+ LOCAL: Linux Kernel open-time Capability file_ns_capable() Privilege Escalation
http://www.exploit-db.com/exploits/25450

+ Linux Kernel PERF_EVENTS Local Root Exploit
http://cxsecurity.com/issue/WLB-2013050119

+ Linux Kernel open-time Capability file_ns_capable() Privilege Escalation
http://cxsecurity.com/issue/WLB-2013050123

+ Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/59846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094

JS_REDIR.SMSA/JS_REDIR.BK の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1958

脅威高まる車載ソフトへの攻撃
第3回クルマはどこから攻撃されるのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475086/?ST=security

ぷらっとホーム、URLフィルタリング機器に端末50台規模の小規模版を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476843/?ST=security

リコーITソリューションズ、米国訴訟向けのメールアーカイブ構築サービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476787/?ST=security

「全国民を顔写真付きでデータベース化」？米国で法案審議に懸念の声（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476683/?ST=security

“地下サイト”では日本ブランドが高値、「jp」は「com」の10倍以上
トレンドマイクロが報告、日本のメールアドレスやパスワードも高額買い取り
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476681/?ST=security

VU#127108 Serva32 2.1.0 TFTPD service buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/127108

VU#113732 Adobe ColdFusion 9 & 10 code injection vulnerability
http://www.kb.cert.org/vuls/id/113732

REMOTE: SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution
http://www.exploit-db.com/exploits/25445

REMOTE: SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
http://www.exploit-db.com/exploits/25446

LOCAL: ERS Viewer 2011 ERS File Handling Buffer Overflow
http://www.exploit-db.com/exploits/25448

LOCAL: Kloxo 6.1.6 - Local Privilege Escalation
http://www.exploit-db.com/exploits/25406

2013年5月14日火曜日

14日火曜日、友引

+ RHSA-2013:0815 Moderate: httpd security update
http://rhn.redhat.com/errata/RHSA-2013-0815.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862

+ Memory disclosure with specially crafted HTTP backend responses Severity: medium
http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070

+ CESA-2013:0807 Low CentOS 5 hypervkvpd Update
http://lwn.net/Alerts/550430/

+ UPDATE: HPSBMU02786 SSRT100877 rev.2 - HP System Management Homepage (SMH) Running on Linux, Windows, and VMware ESX, Remote Unauthorized Access, Disclosure of Information, Data Modification, Denial of Service (DoS), Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03360041-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ Apache HTTP Server Terminal Escape Sequence in Logs Command Injection Vulnerability
http://www.securityfocus.com/bid/59826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862

トレンドマイクロ：個人のお客様向け製品の管理システム改修のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1956

PostgreSQL 9.3 Beta 1 Released
http://www.postgresql.org/about/news/1463/

脅威高まる車載ソフトへの攻撃
第2回車載ソフトへの攻撃例が続々
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475085/?ST=security

ヤフーとデジタルハーツ、政治家向けにHPセキュリティ診断サービスを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130513/476572/?ST=security

UPDATE: JVNVU#97576465 Internet Explorer 8 に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU97576465/

JVN#18501376 OpenPNE におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN18501376/

LOCAL: Kloxo 6.1.6 - Local Privilege Escalation
http://www.exploit-db.com/exploits/25406

DoS/PoC: No-IP Dynamic Update Client (DUC) 2.1.9 - Local IP Address Stack Overflow
http://www.exploit-db.com/exploits/25411

2013年5月13日月曜日

13日月曜日、先勝

+ UPDATE: Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp

+ Apache Tomcat 7.0.40 released
http://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.40
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071

+ Apache Tomcat FORM Authenticator Lets Remote Users Conduct Session Fixation Attacks
http://www.securitytracker.com/id/1028534
http://cxsecurity.com/issue/WLB-2013050090
http://www.securityfocus.com/bid/59799
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067

+ Apache Tomcat Lack of Chunked Transfer Encoding Extension Size Limit Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028533
http://cxsecurity.com/issue/WLB-2013050089
http://www.securityfocus.com/bid/59797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544

+ Apache Tomcat AsyncListeners Bug May Disclose Information from One Request to Another User
http://www.securitytracker.com/id/1028532
http://cxsecurity.com/issue/WLB-2013050088
http://www.securityfocus.com/bid/59798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071

+ Linux Kernel 'tun.c' Denial Of Service Vulnerability
http://www.securityfocus.com/bid/59804

UPDATE: Internet Explorer 8 の脆弱性対策について (KB2847140)(CVE-2013-1347)
http://www.ipa.go.jp/security/ciadr/vul/20130507-ms.html

チェックしておきたい脆弱性情報＜2013.05.13＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/474932/?ST=security

脅威高まる車載ソフトへの攻撃
第1回標的になる車載ソフト
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475084/?ST=security

ディノスに111万件の不正アクセス、1万5000件の不正ログイン
http://itpro.nikkeibp.co.jp/article/NEWS/20130510/475982/?ST=security

DoS/PoC: Lan Messenger sending PM Buffer Overflow(UNICODE) - Overwrite SEH
http://www.exploit-db.com/exploits/25363

2013年5月10日金曜日

10日金曜日、仏滅

+ マイクロソフトセキュリティ情報の事前通知 - 2013 年 5 月
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-may

+ APSB13-15 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-15.html

+ APSA13-03 Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-03.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3336

+ RHSA-2013:0807 Low: hypervkvpd security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-0807.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5532

+ Symantec Brightmail Gateway Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1028530
http://secunia.com/advisories/53366/
http://www.securityfocus.com/bid/59700
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1611

+ nginx 1.3.9 - 1.4.0 Remote Buffer Overflow
http://cxsecurity.com/issue/WLB-2013050059

+ Fujitsu Desktop Update Privilege Escalation
http://cxsecurity.com/issue/WLB-2013050076

+ Microsoft May 2013 Advance Notification Multiple Vulnerabilities
http://www.securityfocus.com/bid/59785

サーバメンテナンスのお知らせ（2013年5月13日）
http://www.trendmicro.co.jp/support/news.asp?id=1953

Seriously: PHP 5.4.15 and PHP 5.3.25 really were released!
http://php.net/archive/2013.php#id2013-05-09-3

「IE8へのゼロデイ攻撃」を回避するツール、マイクロソフトが公開
設定を変更して既知の攻撃を防ぐ、脆弱性は修正されない
http://itpro.nikkeibp.co.jp/article/NEWS/20130510/475962/?ST=security

法人向けAndroidセキュリティ製品「ESET Endpoint Security for Android」のベータ版が提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130509/475761/?ST=security

ラネクシー、企業向けWindowsイメージバックアップソフトの新版を発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130509/475723/?ST=security

2013年5月9日木曜日

9日木曜日、友引

+ Selenium IDE 2.0.0 released
http://code.google.com/p/selenium/wiki/SeIDEReleaseNotes

+ Selenium The Internet Explorer Driver Server 2.32.2 released
http://docs.seleniumhq.org/download/

+ UPDATE: Cisco Prime Data Center Network Manager Remote Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121031-dcnm

+ Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1224
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1225

+ PSN-2013-05-938 2013-05 Security Bulletin: Network and Security Manager: Multiple Apache Axis2 vulnerabilities fixed
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-938&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2103
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0219

+ PSN-2013-05-939 2013-05 Security Bulletin: Junos Space: CVE-2013-3497 Password disclosure while viewing configuration
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-939&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3497

+ PSN-2013-05-940 2013-05: Security Bulletin: SmartPass WLAN Security Management: CVE-2013-3498 XSS Vulnerability
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-940&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3498

+ PSN-2013-05-941 2013-05 Security Bulletin: Steel Belted Radius: OpenSSL vulnerability CVE-2012-2110
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-941&viewMode=view
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110

+ PSN-2013-05-942 2013-05 Network Management, Identity and Policy Control Security Advisories Released
https://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-05-942&viewMode=view

+ UPDATE: Microsoft Security Advisory (2847140) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140

+ SYM13-004 Security Advisories Relating to Symantec Products - Symantec Brightmail Gateway Management Console Stored XSS
http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20130508_00
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1611

+ Samba 3.6.15 Available for Download
http://samba.org/samba/history/samba-3.6.15.html

+ LOCAL: Linux Kernel open-time Capability file_ns_capable() - Privilege Escalation Vulnerability
http://www.exploit-db.com/exploits/25307

+ Multiple Linux setuid output redirection vulnerabilities
http://cxsecurity.com/issue/WLB-2013040197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1959

+ Linux Kernel Capability file_ns_capable() Privilege Escalation Vulnerability
http://cxsecurity.com/issue/WLB-2013050069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979

パスワードマネージャーのプログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=1952

世界のセキュリティ・ラボから
9000万の「いいね！」が付いた偽Facebookページ
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/474933/?ST=security

波紋を呼ぶ「Google Glass」、使用を禁止する動きが米国で相次ぐ
http://itpro.nikkeibp.co.jp/article/NEWS/20130508/475281/?ST=security

JVN#61972596 Online Service Gate におけるパスワード管理不備の問題
http://jvn.jp/jp/JVN61972596/

UPDATE: JVNVU#97576465 Internet Explorer 8 に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU97576465/index.html

2013年5月8日水曜日

8日水曜日、先勝

+ CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1667_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ CVE-2013-0169 "Lucky Thirteen" vulnerability in VirtualBox Extension pack
https://blogs.oracle.com/sunsecurity/entry/cve_2013_0169_lucky_thirteen
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ マイクロソフトセキュリティアドバイザリ (2847140) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2847140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347

+ nginx Stack Overflow Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028519
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028

+ REMOTE: Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
http://www.exploit-db.com/exploits/25294

+ REMOTE: Dovecot with Exim sender_address Parameter - Remote Command Execution
http://www.exploit-db.com/exploits/25297

+ SA53248 nginx "ngx_http_parse_chunked()" Buffer Overflow Vulnerability
http://secunia.com/advisories/53248/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028

+ nginx 'ngx_http_parse.c' Stack Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/59699
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2028

Internet Explorer 8 の脆弱性対策について (KB2847140)(CVE-2013-1347)
http://www.ipa.go.jp/security/ciadr/vul/20130507-ms.html

IE8に新たな脆弱性、ゼロデイ攻撃が出現
パッチの公開は未定、IE 6/7/9/10は影響を受けない
http://itpro.nikkeibp.co.jp/article/NEWS/20130508/475201/?ST=security

チェックしておきたい脆弱性情報＜2013.05.08＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/474924/?ST=security

トレンドマイクロのDeep Securityがエージェントレスの自動更新に対応
http://itpro.nikkeibp.co.jp/article/NEWS/20130507/475155/?ST=security

RSAがOTP認証サーバーに新版、OTPの代わりにリスクベース認証も可能
http://itpro.nikkeibp.co.jp/article/NEWS/20130507/475038/?ST=security

IPA、スマホを狙ったワンクリック詐欺に注意呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20130507/474881/?ST=security

JVNVU#97576465 Internet Explorer 8 に任意のコードが実行される脆弱性
http://jvn.jp/cert/JVNVU97576465/

VU#237655 Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability
http://www.kb.cert.org/vuls/id/237655

LOCAL: AudioCoder .M3U Buffer Overflow
http://www.exploit-db.com/exploits/25296

DoS/PoC: Huawei SNMPv3 Service - Multiple Buffer Overflow Vulnerabilities
http://www.exploit-db.com/exploits/25295

nginx 1.3.9 - 1.4.0 Remote Buffer Overflow
http://cxsecurity.com/issue/WLB-2013050059

Microsoft Internet Explorer CGenericElement Object Use-After-Free Vulnerability
http://cxsecurity.com/issue/WLB-2013050060

2013年5月7日火曜日

7日火曜日、赤口

+ RHSA-2013:0788 Moderate: subscription-manager security update
http://rhn.redhat.com/errata/RHSA-2013-0788.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6137

+ phpMyAdmin 4.0.0 released
http://sourceforge.net/p/phpmyadmin/news/2013/05/phpmyadmin-400-is-released/

+ Tomcat 6.0.37 Released
http://tomcat.apache.org/tomcat-6.0-doc/changelog.html

+ VU#237655 Microsoft Internet Explorer 8 CGenericElement object use-after-free vulnerability
http://www.kb.cert.org/vuls/id/237655
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347

+ Apache VCL Input Validation Flaw Lets Remote Authenticated Users Gain Elevated Privileges
http://www.securitytracker.com/id/1028515
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0267

+ Microsoft Internet Explorer Object Access Bug Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028514
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347

+ SA53193 Microsoft Internet Explorer Files and Folders Enumeration Weaknesses
http://secunia.com/advisories/53193/

+ SA53314 Microsoft Internet Explorer Unspecified Use-After-Free Vulnerability
http://secunia.com/advisories/53314/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347

+ Windows 8 factory preinstallation of Fujitsu Lifebook A512 Vulnerabilities
http://cxsecurity.com/issue/WLB-2013050043

+ Microsoft Security Essentials Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/59645

+ Microsoft Internet Explorer CVE-2013-1347 Use-After-Free Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/59641
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347

宮本和明のシリコンバレー最新技術報告
「パスワードでの保護は限界」と結論したGoogleが評価するセキュリティ技術
http://itpro.nikkeibp.co.jp/article/COLUMN/20130502/474661/?ST=security

［業界動向：NEC、日立］拡充進むビッグデータ関連サービス大手IT、得意技で競う
http://itpro.nikkeibp.co.jp/article/COLUMN/20130228/459744/?ST=security

“日本の標準暗号”が10年ぶり大改定、国産暗号削減よりもRC4とSHA-1の管理ポスト入りが影響大
http://itpro.nikkeibp.co.jp/article/Watcher/20130426/474102/?ST=security

LOCAL: ABBS Audio Media Player v3.1 (.lst) Buffer Overflow
http://www.exploit-db.com/exploits/25204

LOCAL: AudioCoder 0.8.18 - Buffer Overflow Exploit (SEH)
http://www.exploit-db.com/exploits/25141

2013年5月2日木曜日

2日木曜日、先勝

+ UPDATE: Multiple Vulnerabilities in Cisco Unified Computing System
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130424-ucsmulti

+ HPSBUX02876 SSRT101148 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03750073-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266

+ REMOTE: phpMyAdmin Authenticated Remote Code Execution via preg_replace()
http://www.exploit-db.com/exploits/25136

+ LOCAL: sudo v1.8.0-1.8.3p1 (sudo_debug) - Root Exploit + glibc FORTIFY_SOURCE Bypass
http://www.exploit-db.com/exploits/25134

+ Linux Kernel KVM CVE-2013-1798 Denial of Service Vulnerability
http://www.securityfocus.com/bid/58604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1798

緊急サーバメンテナンスを実施しました
http://www.trendmicro.co.jp/support/news.asp?id=1951

2013年5月の呼びかけ
「スマホにおける新たなワンクリック請求の手口に気をつけよう！」
http://www.ipa.go.jp/security/txt/2013/05outline.html

「Struts 2の脆弱性を突いて不正侵入」、JINS通販サイトのカード情報漏洩
http://itpro.nikkeibp.co.jp/article/NEWS/20130501/474536/?ST=security

JVNVU#98097798 IBM Notes のメールクライアントに Java および Javascript が実行される問題
http://jvn.jp/cert/JVNVU98097798/

REMOTE: Wordpress W3 Total Cache PHP Code Execution
http://www.exploit-db.com/exploits/25137

DoS/PoC: Syslog Watcher Pro 2.8.0.812 - (Date Parameter) - Cross Site Scripting Vulnerability
http://www.exploit-db.com/exploits/25135

DoS/PoC: WPS Office Wpsio.dll - Stack Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/25140

2013年5月1日水曜日

1日水曜日、赤口

+ Ubuntu 13.04 released
http://www.ubuntu.com/download/desktop/install-desktop-latest

+ Multiple vulnerabilities in Samba Web Administration Tool (SWAT)
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_samba_web
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0214

+ Algorithmic complexity vulnerability in Apache Ant
https://blogs.oracle.com/sunsecurity/entry/algorithmic_complexity_vulnerability_in_apache
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098

+ FreeBSD NFS Server Input Validation Bug May Let Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1028491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3266

+ VU#912420 IBM Notes runs arbitrary JAVA and Javascript in emails
http://www.kb.cert.org/vuls/id/912420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0538

+ phpMyAdmin 3.5.8 Authenticated Remote Code Execution Exploit
http://cxsecurity.com/issue/WLB-2013040203

+ phpMyAdmin 3.5.8 LFI & Array Overwrite & Remote code execution
http://cxsecurity.com/issue/WLB-2013040179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3238

+ phpMyAdmin CVE-2013-3238 Multiple Arbitrary PHP Code Execution Vulnerabilities
http://www.securityfocus.com/bid/59460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3238

Endpoint Security Client enhancement hotfix for Anti-Malware detection capabilities
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk92745&src=securityAlerts

TROJ_GEN.FC2CKDT の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1950

AXLE improves analytics on Big Data
http://www.postgresql.org/about/news/1461/

「ITセキュリティ評価及び認証制度に関する説明会
～政府調達における海外動向と日本への影響について～」開催のご案内
http://www.ipa.go.jp/security/jisec/seminar/cc_semi_20130530.html

チェックしておきたい脆弱性情報＜2013.05.01＞
http://itpro.nikkeibp.co.jp/article/COLUMN/20130426/474101/?ST=security

JVNVU#94853684 McAfee ePolicy Orchestrator に複数の脆弱性
http://jvn.jp/cert/JVNVU94853684/

JVNVU#94115218 Dentrix G5 の認証情報に関する脆弱性
http://jvn.jp/cert/JVNVU94115218%20/

登録: 投稿 (Atom)