:: IT Security Neophyte Investigator's MEMO ::: 15日水曜日、先負

2013年5月15日水曜日

15日水曜日、先負

+ 2013 年 5 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-may

+ MS13-037 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2829530)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1297

+ MS13-038 - 緊急 Internet Explorer 用のセキュリティ更新プログラム (2847204)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1347

+ MS13-039 - 重要 HTTP.sys の脆弱性により、サービス拒否が起こる (2829254)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1305

+ MS13-040 - 重要 .NET Framework の脆弱性により、なりすましが行われる (2836440)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1337

+ MS13-041 - 重要 Lync の脆弱性により、リモートでコードが実行される (2834695)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1302

+ MS13-042 - 重要 Microsoft Publisher の脆弱性により、リモートでコードが実行される (2830397)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1329

+ MS13-043 - 重要 Microsoft Word の脆弱性により、リモートでコードが実行される (2830399)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1335

+ MS13-044 - 重要 Microsoft Visio の脆弱性により、情報漏えいが起こる (2834692)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1301

+ UPDATE: Microsoft Security Advisory (2847140) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140

+ Microsoft Security Advisory (2846338) Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2846338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1346

+ Microsoft Security Advisory (2820197) Update Rollup for ActiveX Kill Bits
http://technet.microsoft.com/en-us/security/advisory/2820197

+ UPDATE: Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer 10
http://technet.microsoft.com/en-us/security/advisory/2755801

+ マイクロソフトセキュリティアドバイザリ (2846338) Microsoft Malware Protection Engine の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2846338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1346

+ マイクロソフトセキュリティアドバイザリ (2820197) ActiveX の Kill Bit 更新プログラムのロールアップ
http://technet.microsoft.com/ja-jp/security/advisory/2820197

+ UPDATE: マイクロソフトセキュリティアドバイザリ (2755801) Internet Explorer 10 上の Adobe Flash Player の脆弱性用の更新プログラム
http://technet.microsoft.com/ja-jp/security/advisory/2755801

+ RHSA-2013:0821 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-0821.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681

+ RHSA-2013:0820 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-0820.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1670
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1674
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1675
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1676
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1677
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1678
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1679
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1680
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1681

+ Mozilla Firefox 21.0 released
http://www.mozilla.jp/firefox/21.0/releasenotes/

+ Mozilla Thunderbird 17.0.6 released
http://www.mozilla.jp/thunderbird/17.0.6/releasenotes/

+ MFSA 2013-48 Memory corruption found using Address Sanitizer
http://www.mozilla.org/security/announce/2013/mfsa2013-48.html

+ MFSA 2013-47 Uninitialized functions in DOMSVGZoomEvent
http://www.mozilla.org/security/announce/2013/mfsa2013-47.html

+ MFSA 2013-46 Use-after-free with video and onresize event
http://www.mozilla.org/security/announce/2013/mfsa2013-46.html

+ MFSA 2013-45 Mozilla Updater fails to update some Windows Registry entries
http://www.mozilla.org/security/announce/2013/mfsa2013-45.html

+ MFSA 2013-44 Local privilege escalation through Mozilla Maintenance Service
http://www.mozilla.org/security/announce/2013/mfsa2013-44.html

+ MFSA 2013-43 File input control has access to full path
http://www.mozilla.org/security/announce/2013/mfsa2013-43.html

+ MFSA 2013-42 Privileged access for content level constructor
http://www.mozilla.org/security/announce/2013/mfsa2013-42.html

+ MFSA 2013-41 Miscellaneous memory safety hazards (rv:21.0 / rv:17.0.6)
http://www.mozilla.org/security/announce/2013/mfsa2013-41.html

+ APSB13-15 Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2549
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2550
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2724
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2726
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2727
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2729
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2731
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2733
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2734
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2737
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3342

+ APSB13-14 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-14.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2728
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3335

+ APSB13-13 Security update: Hotfix available for ColdFusion
http://www.adobe.com/support/security/bulletins/apsb13-13.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3336

+ CESA-2013:0815 Moderate CentOS 6 httpd Update
http://lwn.net/Alerts/550572/

+ CESA-2013:0815 CentOS 5 httpd Update
http://lwn.net/Alerts/550563/

+ phpMyAdmin 4.0.1 released
http://sourceforge.net/p/phpmyadmin/news/2013/05/phpmyadmin-401-is-released/

+ UPDATE: HPSBUX02859 SSRT101144 rev.3 - HP-UX Running XNTP, Remote Denial of Service (DoS) and Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03714526-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ SA53348 Apache Tomcat FormAuthenticator Session Hijacking Weakness
http://secunia.com/advisories/53348/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067

+ LOCAL: Linux PERF_EVENTS - Local Root Exploit
http://www.exploit-db.com/exploits/25444

+ LOCAL: Linux Kernel open-time Capability file_ns_capable() Privilege Escalation
http://www.exploit-db.com/exploits/25450

+ Linux Kernel PERF_EVENTS Local Root Exploit
http://cxsecurity.com/issue/WLB-2013050119

+ Linux Kernel open-time Capability file_ns_capable() Privilege Escalation
http://cxsecurity.com/issue/WLB-2013050123

+ Linux Kernel CVE-2013-2094 Local Privilege Escalation Vulnerability
http://www.securityfocus.com/bid/59846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2094

JS_REDIR.SMSA/JS_REDIR.BK の誤警告情報
http://www.trendmicro.co.jp/support/news.asp?id=1958

脅威高まる車載ソフトへの攻撃
第3回クルマはどこから攻撃されるのか
http://itpro.nikkeibp.co.jp/article/COLUMN/20130507/475086/?ST=security

ぷらっとホーム、URLフィルタリング機器に端末50台規模の小規模版を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476843/?ST=security

リコーITソリューションズ、米国訴訟向けのメールアーカイブ構築サービスを開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476787/?ST=security

「全国民を顔写真付きでデータベース化」？米国で法案審議に懸念の声（WIRED.jp）
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476683/?ST=security

“地下サイト”では日本ブランドが高値、「jp」は「com」の10倍以上
トレンドマイクロが報告、日本のメールアドレスやパスワードも高額買い取り
http://itpro.nikkeibp.co.jp/article/NEWS/20130514/476681/?ST=security

VU#127108 Serva32 2.1.0 TFTPD service buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/127108

VU#113732 Adobe ColdFusion 9 & 10 code injection vulnerability
http://www.kb.cert.org/vuls/id/113732

REMOTE: SAP SOAP RFC SXPG_CALL_SYSTEM Remote Command Execution
http://www.exploit-db.com/exploits/25445

REMOTE: SAP SOAP RFC SXPG_COMMAND_EXECUTE Remote Command Execution
http://www.exploit-db.com/exploits/25446

LOCAL: ERS Viewer 2011 ERS File Handling Buffer Overflow
http://www.exploit-db.com/exploits/25448

LOCAL: Kloxo 6.1.6 - Local Privilege Escalation
http://www.exploit-db.com/exploits/25406

:: IT Security Neophyte Investigator's MEMO ::

2013年5月15日水曜日

15日水曜日、先負

0 件のコメント:

コメントを投稿

2013年5月15日水曜日

15日 水曜日、先負

0 件のコメント:

コメントを投稿

15日水曜日、先負