2013年9月30日月曜日

30日 月曜日、先負

+ About the security content of iOS 7.0.2
http://support.apple.com/kb/HT5957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5161

+ CESA-2013:1292 Moderate CentOS 5 kernel Update
http://lwn.net/Alerts/568641/

+ Courier-IMAP 4.14 released
http://www.courier-mta.org/imap/

+ ProFTPD SFTP Integer Overflow Lets Remote Users Deny Service
http://www.securitytracker.com/id/1029101

+ SA54813 Apple iOS Passcode Lock Two Security Bypass Weaknesses
http://secunia.com/advisories/54813/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5161

+ Linux kernel memory corruption with ipv6 udp offloading
http://cxsecurity.com/issue/WLB-2013090188

パスワードマネージャー プログラムアップデートのお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2014

InterScan Web Manager 8.5 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2012

「Gmail」を巡る盗聴法違反訴訟、Googleの主張が退けられる
http://itpro.nikkeibp.co.jp/article/NEWS/20130927/507246/?ST=security

Appleが「iOS 7」のアップデートを公開、ロック画面の脆弱性を修正
http://itpro.nikkeibp.co.jp/article/NEWS/20130927/507186/?ST=security

2013年9月27日金曜日

27日 金曜日、赤口

+ RHSA-2013:1292 Moderate: kernel security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1292.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3511
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162

+ Apple iOS Null Pointer Dereference in Phone Dialer Lets Physically Local Users Bypass the Passcode Lock
http://www.securitytracker.com/id/1029100
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5160

+ SA54756 ProFTPD "mod_sftp/mod_sftp_pam" Integer Overflow Denial of Service Vulnerability
http://secunia.com/advisories/54756/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4359

InterScan Web Manager 8.5 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2012

チェックしておきたい脆弱性情報<2013.09.27>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130923/506203/?ST=security

2013年9月26日木曜日

26日 木曜日、大安

+ CESA-2013:1282 Important CentOS 6 rtkit Update
http://lwn.net/Alerts/568253/

+ Cisco IOS Software Multicast Network Time Protocol Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ntp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5472

+ Cisco IOS Software Network Address Translation Vulnerabilities
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-nat
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5479
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5480
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5481

+ Cisco IOS Software IPv6 Virtual Fragmentation Reassembly Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ipv6vfr
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5474

+ Cisco IOS Software Zone-Based Firewall and Content Filtering Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-cce
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5476

+ Cisco IOS Software DHCP Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-dhcp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5475

+ Cisco IOS Software Queue Wedge Denial of Service Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-wedge
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5477

+ Cisco IOS Software Resource Reservation Protocol Interface Queue Wedge Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-rsvp
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5478

+ Cisco IOS Software Internet Key Exchange Memory Leak Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130925-ike
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5473

+ Dovecot 2.2.6 released
http://www.dovecot.org/list/dovecot-news/2013-September/000262.html

+ Samba 3.6.19 Available for Download
http://samba.org/samba/history/samba-3.6.19.html

+ Google Chrome 31.0 Webkit Auditor Bypass
http://cxsecurity.com/issue/WLB-2013090173

+ Google Chrome CVE-2013-0837 Denial of Service Vulnerability
http://www.securityfocus.com/bid/59435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0837

InterScan Web Security Virtual Appliance 5.0 Patch 3 (Build 1471) 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2008

世界のセキュリティ・ラボから
Android端末を人質に取るランサムウエア
http://itpro.nikkeibp.co.jp/article/COLUMN/20130923/506204/?ST=security

3万円台の低価格Raspberry Piロボット「ラピロ」
[3]DUALSHOCK3の信号を解析して制御
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/504910/?ST=security

クライアントソフトウエアの脆弱性対策
第3回 脆弱性の悪用を防ぐEMET、検証でわかるその有用性
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/505095/?ST=security

マトリクス認証ソフト「SECUREMATRIX」が強化、スマホの使い勝手を向上
http://itpro.nikkeibp.co.jp/article/NEWS/20130925/506784/?ST=security

総務省がサイバー攻撃の防御演習を実施、大規模LAN環境で実地対策
http://itpro.nikkeibp.co.jp/article/NEWS/20130925/506744/?ST=security

Dropbox、米政府による情報要求のデータ公開を巡りGoogleやMSらに加勢
http://itpro.nikkeibp.co.jp/article/NEWS/20130925/506683/?ST=security

JVNVU#99680484 HP System Management Homepage にスタックバッファオーバーフローの脆弱性
http://jvn.jp/cert/JVNVU99680484/

JVN#62507275 複数のブロードバンドルータがオープンリゾルバとして機能してしまう問題
http://jvn.jp/jp/JVN62507275/

2013年9月25日水曜日

25日 水曜日、仏滅

+ RHSA-2013:1282 Important: rtkit security update
http://rhn.redhat.com/errata/RHSA-2013-1282.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4326

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4920
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4922
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4923
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4924
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4925
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4927
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4930
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4931
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4932
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4933
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4936

+ CVE-2012-6139 Denial of Service (DoS) vulnerability in LibXSLT
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6139

+ CVE-2013-4073 Cryptographic Issues vulnerability in Ruby
https://blogs.oracle.com/sunsecurity/entry/cve_2013_4073_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4073

+ Multiple vulnerabilities in Ruby
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_ruby
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4481

+ Multiple vulnerabilities in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http4
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862

+ CVE-2013-1896 Denial of Service (DoS) vulnerability in Apache HTTP Server
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1896_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896

+ Multiple vulnerabilities in Tomcat
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_tomcat
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3544
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2067

+ Multiple vulnerabilities in ImageMagick
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_imagemagick2
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1798

+ CVE-2011-0284 Resource Management Errors vulnerability in kerberos
https://blogs.oracle.com/sunsecurity/entry/cve_2011_0284_resource_management
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0284

+ CVE-2010-1322 Improper Input Validation vulnerability in kerberos
https://blogs.oracle.com/sunsecurity/entry/cve_2010_1322_improper_input
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1322

+ Multiple vulnerabilities in kerberos
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_kerberos
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1324
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4021

+ CVE-2012-5195 Buffer Errors vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5195_buffer_errors
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5195

+ Multiple vulnerabilities in Perl 5.8
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_perl_5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0452
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939

+ CVE-2012-5526 Configuration vulnerability in Perl
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5526_configuration_vulnerability1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5526

+ CVE-2012-6095 Race Conditions vulnerability in ProFTPD
https://blogs.oracle.com/sunsecurity/entry/cve_2012_6095_race_conditions
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6095

+ CVE-2013-2116 Input Validation vulnerability in GnuTLS
https://blogs.oracle.com/sunsecurity/entry/cve_2013_2116_input_validation
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116

+ CVE-2013-1619 Cryptographic Issues vulnerability in GnuTLS
https://blogs.oracle.com/sunsecurity/entry/cve_2013_1619_cryptographic_issues
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1619

+ Multiple vulnerabilities in MySQL
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_mysql
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4098
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1861

+ Multiple vulnerabilities in Wireshark
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_wireshark5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2486
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3556
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3559
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3560
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4083

+ CVE-2012-5581 Denial of Service vulnerability in LibTIFF
https://blogs.oracle.com/sunsecurity/entry/cve_2012_5581_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5581

+ Multiple vulnerabilities in Poppler
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_poppler
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1790

+ CVE-2007-4460 Symlink attack vulnerability in id3lib (aka libid3)
https://blogs.oracle.com/sunsecurity/entry/cve_2007_4460_symlink_attack
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4460

+ CVE-2002-2443 Denial of Service vulnerability in Kerberos
https://blogs.oracle.com/sunsecurity/entry/cve_2002_2443_denial_of
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-2443

+ Multiple vulnerabilities in the PKINIT implementation in the Key Distribution Center (KDC)
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_the_pkinit
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1016
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1415

+ Multiple vulnerabilities in X.org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2062

+ Multiple vulnerabilities in X.org
https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_x_org
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2063
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2064
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2066
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1983

+ Apache Struts Dynamic Method Invocation Flaw Has Unspecified Impact
http://www.securitytracker.com/id/1029078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4316

+ Apache Struts 'action:' Parameter Flaw Lets Remote Users Bypass Security Constraints
http://www.securitytracker.com/id/1029077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4310

+ VU#895524 HP System Management Homepage vulnerable to a denial-of-service condition
http://www.kb.cert.org/vuls/id/895524
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4821

+ LOCAL: IBM AIX 6.1 / 7.1 - Local root Privilege Escalation
http://www.exploit-db.com/exploits/28507

+ SA54753 Linux Kernel "free_netdev()" Use-After-Free Vulnerability
http://secunia.com/advisories/54753/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4343

+ SA54922 McAfee Application Control / Change Control Write Protection Security Bypass Vulnerability
http://secunia.com/advisories/54922/

+ SA54822 Linux Kernel SCTP IPv6 IPsec Unencrypted Traffic Weakness
http://secunia.com/advisories/54822/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4350

+ IBM AIX 6.1 / 7.1 local root privilege escalation
http://cxsecurity.com/issue/WLB-2013090166

ウイルスバスタービジネスセキュリティサービス 5.3公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2013

チェックしておきたい脆弱性情報<2013.09.25>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130923/506202/?ST=security

3万円台の低価格Raspberry Piロボット「ラピロ」
[2]PS3コントローラーをラピロのリモコンに!
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/504909/?ST=security

クライアントソフトウエアの脆弱性対策
第2回 攻撃を受けても被害は最小限に、「緩和策」で身を守る
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/505094/?ST=security

NRIセキュア、セキュアなアプリ開発のためのeラーニングを提供開始
http://itpro.nikkeibp.co.jp/article/NEWS/20130924/506506/?ST=security

サイボウズが自社クラウドの脆弱性発見大会を開催、賞金総額300万円
http://itpro.nikkeibp.co.jp/article/NEWS/20130924/506503/?ST=security

セキュリティ・ホットトピックス
「偽の指」で認証を突破、iPhone 5sの指紋認証「Touch ID」はどこまで信頼できる
http://itpro.nikkeibp.co.jp/article/COLUMN/20130924/506416/?ST=security

NEC、オフィスに最大3日間分の電力を供給できる蓄電システムを発表
http://itpro.nikkeibp.co.jp/article/NEWS/20130924/506348/?ST=security

iPhone 5sの指紋認証機能、「迂回に成功」と独ハッキング集団が声明
http://itpro.nikkeibp.co.jp/article/NEWS/20130924/506302/?ST=security

JVNVU#93784365 KnowledgeView 製品にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU93784365/index.html

JVNVU#99975381 NETELLER Direct に HTTP リクエストの検証不備の脆弱性
http://jvn.jp/cert/JVNVU99975381/index.html

JVNVU#96078234 iDRAC にクロスサイトスクリプティングの脆弱性
http://jvn.jp/cert/JVNVU96078234/index.html

REMOTE: Raidsonic NAS Devices Unauthenticated Remote Command Execution
http://www.exploit-db.com/exploits/28508

2013年9月24日火曜日

24日 火曜日、先負

+ About the security content of Apple TV 6.0
http://support.apple.com/kb/HT5935
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128

+ CESA-2013:1274 Important CentOS 6 hplip Update
http://lwn.net/Alerts/567677/

+ CESA-2013:1272 Important CentOS 6 libvirt Update
http://lwn.net/Alerts/567678/

+ CESA-2013:1270 Important CentOS 6 polkit Update
http://lwn.net/Alerts/567679/

+ CESA-2013:1273 Important CentOS 6 spice-gtk Update
http://lwn.net/Alerts/567680/

+ phpMyAdmin 4.0.7 is released
http://sourceforge.net/p/phpmyadmin/news/2013/09/phpmyadmin-407-is-released/

+ UPDATE: Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm

+ HPSBGN02925 rev.1 - HP IceWall SSO, IceWall File Manager and IceWall Federation Agent, Multiple Remote Unauthorized Access Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03918632-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HS13-020 Multiple vulnerabilities in Java bundled with JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-020/index.html

+ HS13-019 Multiple vulnerabilities in JP1/Cm2/Network Node Manager i
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-019/index.html

+ HS13-020 JP1/Cm2/Network Node Manager iが同梱するJavaにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-020/index.html

+ HS13-019 JP1/Cm2/Network Node Manager iにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-019/index.html

+ libpng 1.6.6 released
http://www.libpng.org/pub/png/src/libpng-1.6.6-README.txt

+ MySQL 5.1.72 released
http://dev.mysql.com/doc/relnotes/mysql/5.1/en/news-5-1-72.html

+ PHP 5.4.20 released
http://php.net/archive/2013.php#id2013-09-19-2

+ Tcl/Tk 8.6.1 released
http://www.tcl.tk/software/tcltk/8.6.html

+ Apple iOS Lets Local Users Bypass Passcode Lock to Access Photos
http://www.securitytracker.com/id/1029072

+  BIND 9.9.4、9.8.6、9.6-ESV-R10 released
http://article.gmane.org/gmane.network.dns.bind.announce/459/match=
http://article.gmane.org/gmane.network.dns.bind.announce/457/match=
http://article.gmane.org/gmane.network.dns.bind.announce/458/match=

+ REMOTE: CA BrightStor ARCserve Tape Engine 0x8A Buffer Overflow
http://www.exploit-db.com/exploits/28480

+ REMOTE: MS13-069 Microsoft Internet Explorer CCaret Use-After-Free
http://www.exploit-db.com/exploits/28481

+ REMOTE: MS13-071 Microsoft Windows Theme File Handling Arbitrary Code Execution
http://www.exploit-db.com/exploits/28482

+ Apache Struts 2.3.15.2 released
http://struts.apache.org/release/2.3.x/docs/version-notes-23152.html

+ Apache Struts "action:" Action Mapping Security Bypass Vulnerability
http://secunia.com/advisories/54919/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4310

+ Microsoft Internet Explorer CCaret Use-After-Free
http://cxsecurity.com/issue/WLB-2013090151

+ Microsoft Windows Theme File Handling Arbitrary Code Execution
http://cxsecurity.com/issue/WLB-2013090150

+ Apache Struts CVE-2013-4316 Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/62587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4316

+ Apache Struts CVE-2013-4310 Security Bypass Vulnerability
http://www.securityfocus.com/bid/62584
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4310

+ Apple iOS 7 for iPhone Emergency Calling Function Local Security Bypass Vulnerability
http://www.securityfocus.com/bid/62599

PostgreSQL Code Factory 13.9 released
http://www.postgresql.org/about/news/1483/

JVNDB-2013-000092 SEIL シリーズにおけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000092.html

JVNDB-2013-000091 SEIL シリーズにおける RADIUS 認証に関する脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000091.html

JVNDB-2013-000090 D-Link DES-3810 シリーズにおけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000090.html

JVNDB-2013-000089 D-Link DWL-2100AP におけるサービス運用妨害 (DoS) の脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000089.html

世界のセキュリティ・ラボから
高度なAndroidマルウエア「Obad.a」、ボットネットで拡散
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/504843/?ST=security

3万円台の低価格Raspberry Piロボット「ラピロ」
[1]歩いて物をつかめるかわいいロボット
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/504908/?ST=security

クライアントソフトウエアの脆弱性対策
第1回 基本対策を取らないユーザーたち、狙われるクライアント
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/505093/?ST=security

拡大する「バックドア」問題、RSAが暗号ツールへの注意を呼びかけ
http://itpro.nikkeibp.co.jp/article/NEWS/20130920/506064/?ST=security

MDMのMobileIronがiOS 7に対応へ
http://itpro.nikkeibp.co.jp/article/NEWS/20130920/506063/?ST=security

テレコムスクエアのサーバーに不正アクセス、10万件近くのカード情報が流出した可能性
http://itpro.nikkeibp.co.jp/article/NEWS/20130920/505983/?ST=security

インタビュー&トーク
標的型攻撃の攻撃者を特定し、攻撃のコストを上げて顧客を守る---これが我々のミッションだ
米クラウドストライク
バイスプレジデント インテリジェンス
アダム・メイヤーズ氏
http://itpro.nikkeibp.co.jp/article/Interview/20130913/504663/?ST=security

VU#521348 KnowledgeView Editorial and Management application cross-site scripting vulnerability
http://www.kb.cert.org/vuls/id/521348

VU#705004 NETELLER Direct Payment API vulnerable to parameter manipulation
http://www.kb.cert.org/vuls/id/705004

VU#920038 Dell iDRAC 6 is vulnerable to a cross-site scripting (XSS) attack
http://www.kb.cert.org/vuls/id/920038

REMOTE: GLPI install.php Remote Command Execution
http://www.exploit-db.com/exploits/28483

REMOTE: Linksys WRT110 Remote Command Execution
http://www.exploit-db.com/exploits/28484

DoS/PoC: SolarWinds Server and Application Monitor ActiveX (Pepco32c) Buffer Overflow
http://www.exploit-db.com/exploits/28463

DoS/PoC: Share KM 1.0.19 - Remote Denial Of Service
http://www.exploit-db.com/exploits/28451

2013年9月20日金曜日

20日 金曜日、大安

+ RHSA-2013:1274 Important: hplip security update
http://rhn.redhat.com/errata/RHSA-2013-1274.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4325

+ RHSA-2013:1273 Important: spice-gtk security update
http://rhn.redhat.com/errata/RHSA-2013-1273.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4324

+ RHSA-2013:1272 Important: libvirt security and bug fix update
http://rhn.redhat.com/errata/RHSA-2013-1272.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4311

+ RHSA-2013:1270 Important: polkit security update
http://rhn.redhat.com/errata/RHSA-2013-1270.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4288

+ Google Chrome 29.0.1547.76 released
http://googlechromereleases.blogspot.jp/2013/09/chrome-stable-update.html

+ HPSBGN02923 rev.1 - HP ArcSight Enterprise Security Manager Management Web Interface, Remote Cross Site Scripting (XSS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03901176-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4815

+ UPDATE: HPSBMU02900 rev.3 - HP System Management Homepage (SMH) running on Linux and Windows, Multiple Remote and Local Vulnerabilities
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03839862-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBMU02917 rev.1 - HP System Management Homepage (SMH) running on Linux and Windows, Remote Command Execution and Privilege Escalation
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03895050-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3576

+ HPSBUX02927 SSRT101288 rev.1 - HP-UX Apache Web Server, Remote Execution of Arbitrary Code, Denial of Service (DoS)
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1862
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1896

+ MySQL 5.6.14, 5.5.34 released
http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-14.html
http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-34.html

+ PHP 5.5.4 released
http://php.net/archive/2013.php#id2013-09-19-1
http://www.php.net/ChangeLog-5.php#5.5.4

Trend Micro Deep Discovery Advisor 3.0 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2009

JVNDB-2013-000093 Internet Explorer において任意のコードが実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000093.html

JVNDB-2013-000087 複数のブロードバンドルータがオープンリゾルバとして機能してしまう問題
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000087.html

トレンドマイクロがウイルスバスター新版、プライバシー保護を訴求
パスワードマネージャーはOS Xに新規対応
http://itpro.nikkeibp.co.jp/article/NEWS/20130920/505803/?ST=security

IEに深刻な脆弱性、修正プログラムは未提供、すでに被害も発生
http://itpro.nikkeibp.co.jp/article/NEWS/20130919/505762/?ST=security

RSA、Webサイト会員の振る舞いから不正ログインを検知するソフトを販売
http://itpro.nikkeibp.co.jp/article/NEWS/20130919/505599/?ST=security

JVNVU#90838310 Apple iTunes におけるメモリ破損の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU90838310/

JVNVU#98681940 Apple iOS における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU98681940/

JVNVU#94003545 Apple Safari 5 におけるメモリ破損の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU94003545/

JVN#27443259 Internet Explorer において任意のコードが実行される脆弱性
http://jvn.jp/jp/JVN27443259/

JVN#62507275 複数のブロードバンドルータがオープンリゾルバとして機能してしまう問題
http://jvn.jp/jp/JVN62507275/

REMOTE: McKesson ActiveX File/Environmental Variable Enumeration
http://www.exploit-db.com/exploits/28376

DoS/PoC: TeraCopy 2.3 (default.mo) Language File Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/28375

2013年9月19日木曜日

19日 木曜日、仏滅










+ About the security content of Xcode 5.0
http://support.apple.com/kb/HT5937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0308

+ About the security content of iOS 7
http://support.apple.com/kb/HT5934
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1019
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3950
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3955
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3953
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3954
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3102
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0841
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2807
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2870
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2871
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4616
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0999
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1000
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1002
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1003
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1004
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1010
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1037
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1038
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1039
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1040
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1042
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1043
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1044
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1046
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2842
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5127
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5128
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5159
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1012
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5131

+ About the security content of iTunes 11.1
http://support.apple.com/kb/HT5936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1035

+ CESA-2013:1268 Critical CentOS 6 firefox Update
http://lwn.net/Alerts/567238/

+ CESA-2013:1269 Important CentOS 6 thunderbird Update
http://lwn.net/Alerts/567240/

+ CESA-2013:1268 Critical CentOS 5 firefox Update
http://lwn.net/Alerts/567237/

+ CESA-2013:1269 Important CentOS 5 thunderbird Update
http://lwn.net/Alerts/567239/

+ Multiple Vulnerabilities in Cisco Prime Data Center Network Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-dcnm
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5487
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5490

+ Cisco Prime Central for Hosted Collaboration Solution Assurance Unauthenticated Username and Password Enumeration Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130918-pc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3473

+ Tcl/Tk 8.5.15 released
http://www.tcl.tk/software/tcltk/8.5.html

+ Apple iTunes Memory Corruption Flaw in ActiveX Control Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029053
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1035

+ SA54884 Microsoft Internet Explorer HTML Rendering Engine Use-After-Free Vulnerability
http://secunia.com/advisories/54884/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893

+ Squid Proxy Cache Denial of service
http://cxsecurity.com/issue/WLB-2013090130

+ Vino VNC Server 3.7.3 Denial Of Service
http://cxsecurity.com/issue/WLB-2013090129

+ Apple iPhone/iPad/iPod touch Prior to iOS 7 Multiple Vulnerabilities
http://www.securityfocus.com/bid/62491
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2391
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0957
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1036
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5129
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5131
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5134
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5138
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5139
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5140
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5142
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5145
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5147
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5149
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5150
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5151
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5152
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5153
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5155
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5156
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5159

チェックしておきたい脆弱性情報<2013.09.19>
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/504862/?ST=security

NECが検疫ネット製品を強化、信頼できるMACアドレス台帳を外部取り込み
http://itpro.nikkeibp.co.jp/article/NEWS/20130918/505343/?ST=security

イランで「Facebook」と「Twitter」が再び遮断---英米メディアの報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130918/505264/?ST=security

DoS/PoC: TeraCopy 2.3 (default.mo) Language File Integer Overflow Vulnerability
http://www.exploit-db.com/exploits/28375

2013年9月18日水曜日

18日 水曜日、先負










+ RHSA-2013:1269 Important: thunderbird security update
http://rhn.redhat.com/errata/RHSA-2013-1269.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737

+ RHSA-2013:1268 Critical: firefox security update
http://rhn.redhat.com/errata/RHSA-2013-1268.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1725
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1730
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1732
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1735
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1736
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1737

+ About the security content of OS X Server v2.2.2
http://support.apple.com/kb/HT5892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1034

+ Mozilla Firefox 24.0 released
http://www.mozilla.org/en-US/firefox/24.0/releasenotes/

+ Mozilla Thunderbird 24.0 released
http://www.mozilla.org/en-US/thunderbird/24.0/releasenotes/

+ MFSA 2013-92 GC hazard with default compartments and frame chain restoration
http://www.mozilla.org/security/announce/2013/mfsa2013-92.html

+ MFSA 2013-91 User-defined properties on DOM proxies get the wrong "this" object
http://www.mozilla.org/security/announce/2013/mfsa2013-91.html

+ MFSA 2013-90 Memory corruption involving scrolling
http://www.mozilla.org/security/announce/2013/mfsa2013-90.html

+ MFSA 2013-89 Buffer overflow with multi-column, lists, and floats
http://www.mozilla.org/security/announce/2013/mfsa2013-89.html

+ MFSA 2013-88 compartment mismatch re-attaching XBL-backed nodes
http://www.mozilla.org/security/announce/2013/mfsa2013-88.html

+ MFSA 2013-87 Shared object library loading from writable location
http://www.mozilla.org/security/announce/2013/mfsa2013-87.html

+ MFSA 2013-86 WebGL Information disclosure through OS X NVIDIA graphic drivers
http://www.mozilla.org/security/announce/2013/mfsa2013-86.html

+ MFSA 2013-85 Uninitialized data in IonMonkey
http://www.mozilla.org/security/announce/2013/mfsa2013-85.html

+ MFSA 2013-84 Same-origin bypass through symbolic links
http://www.mozilla.org/security/announce/2013/mfsa2013-84.html

+ MFSA 2013-83 Mozilla Updater does not lock MAR file after signature verification
http://www.mozilla.org/security/announce/2013/mfsa2013-83.html

+ MFSA 2013-82 Calling scope for new Javascript objects can lead to memory corruption
http://www.mozilla.org/security/announce/2013/mfsa2013-82.html

+ MFSA 2013-81 Use-after-free with select element
http://www.mozilla.org/security/announce/2013/mfsa2013-81.html

+ MFSA 2013-80 NativeKey continues handling key messages after widget is destroyed
http://www.mozilla.org/security/announce/2013/mfsa2013-80.html

+ MFSA 2013-79 Use-after-free in Animation Manager during stylesheet cloning
http://www.mozilla.org/security/announce/2013/mfsa2013-79.html

+ MFSA 2013-78 Integer overflow in ANGLE library
http://www.mozilla.org/security/announce/2013/mfsa2013-78.html

+ MFSA 2013-77 Improper state in HTML5 Tree Builder with templates
http://www.mozilla.org/security/announce/2013/mfsa2013-77.html

+ MFSA 2013-76 Miscellaneous memory safety hazards (rv:24.0 / rv:17.0.9)
http://www.mozilla.org/security/announce/2013/mfsa2013-76.html

+ Microsoft Security Advisory (2887505) Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2887505

+ マイクロソフト セキュリティ アドバイザリ (2887505) Internet Explorer の脆弱性により、リモートでコードが実行される
http://technet.microsoft.com/ja-jp/security/advisory/2887505

+ Mac OS X Server Input Validation Flaws in Wiki Server Permit Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029047
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1034

+ Microsoft Internet Explorer Object Access Memory Corruption Flaw Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/id/1029041
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893

+ REMOTE: Oracle Java ShortComponentRaster.verify() Memory Corruption
http://www.exploit-db.com/exploits/28331

+ REMOTE: HP ProCurve Manager SNAC UpdateDomainControllerServlet File Upload
http://www.exploit-db.com/exploits/28336

+ REMOTE: HP ProCurve Manager SNAC UpdateCertificatesServlet File Upload
http://www.exploit-db.com/exploits/28337

+ DoS/PoC: Vino VNC Server 3.7.3 - Persistent Denial of Service
http://www.exploit-db.com/exploits/28338

+ ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication
http://cxsecurity.com/issue/WLB-2013090109

+ Oracle Java ShortComponentRaster.verify() Memory Corruption
http://cxsecurity.com/issue/WLB-2013090117

+ Microsoft Internet Explorer CVE-2013-3893 Memory Corruption Vulnerability
http://www.securityfocus.com/bid/62453
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3893

+ Apple Mac OS X Server CVE-2013-1034 Multiple Cross Site Scripting Vulnerabilities
http://www.securityfocus.com/bid/62449
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1034

世界のセキュリティ・ラボから
産業制御デバイスに対する攻撃の傾向
http://itpro.nikkeibp.co.jp/article/COLUMN/20130917/504842/?ST=security

NSAはクレジットカードの国際決済データにもアクセス---ドイツ誌が報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130917/504922/?ST=security

HPがセキュリティ新サービスを2014年開始、ハードウエアレベルでPCを保護
http://itpro.nikkeibp.co.jp/article/NEWS/20130917/504882/?ST=security

JVNVU#99181254 Dahua Technology 製 DVR に複数の脆弱性
http://jvn.jp/cert/JVNVU99181254/index.html

REMOTE: PCMAN FTP 2.07 STOR Command - Stack Overflow Exploit (MSF)
http://www.exploit-db.com/exploits/28328

REMOTE: D-Link Devices UPnP SOAP Telnetd Command Execution
http://www.exploit-db.com/exploits/28333

REMOTE: Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
http://www.exploit-db.com/exploits/28334

LOCAL: Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
http://www.exploit-db.com/exploits/28332

LOCAL: Agnitum Outpost Internet Security Local Privilege Escalation
http://www.exploit-db.com/exploits/28335

2013年9月17日火曜日

17日 火曜日、友引

+ Selenium IDE 2.4.0 released
https://code.google.com/p/selenium/wiki/SeIDEReleaseNotes

+ libpng 1.6.5 released
http://www.libpng.org/pub/png/src/libpng-1.6.5-README.txt

+ OpenSSH 6.3 released
http://www.openssh.com/txt/release-6.3

+ Sysstat 10.1.7 released (development version)
http://sebastien.godard.pagesperso-orange.fr/

+ Cisco Unified MeetingPlace Input Validation Hole Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029038
VE-2013-5495

+ Cisco SocialMiner 'administration.jsp' Lets Remote Users Obtain Potentially Sensitive Information
http://www.securitytracker.com/id/1029033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5492

+ Cisco Virtualization Experience Client Input Validation Flaw in Diagnostic Module Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5493

+ Cisco Prime LAN Management Solution Input Validation Flaw Permits Cross-Frame Scripting Attacks
http://www.securitytracker.com/id/1029031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5482

+ Juniper Junos Pulse Secure Access Service (SSL VPN) Input Validation Flaw Permits Cross-Site Scripting Attacks
http://www.securitytracker.com/id/1029029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5649

+ Apple OS X Multiple Bugs Let Remote Users Obtain Information, Execute Arbitrary Code, and Deny Service and Let Local Users View Passwords and Bypass Access Controls
http://www.securitytracker.com/id/1029028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1033

+ REMOTE: Mitsubishi MC-WorkX 8.02 ActiveX Control (IcoLaunch) File Execution
http://www.exploit-db.com/exploits/28284
http://cxsecurity.com/issue/WLB-2013090115

+ Linux kernel 3.6.32/2.6.18 net/sctp ipv6 ipsec encryption bug
http://cxsecurity.com/issue/WLB-2013090108

+ ProFTPd mod_sftp/mod_sftp_pam invalid pool allocation during kbdint authentication
http://cxsecurity.com/issue/WLB-2013090109

+ OpenSSL,OpenSSH ecdsa authentication code inconsistent return values
http://cxsecurity.com/issue/WLB-2013090100

+ MS13-053 Win32k Memory Allocation Vulnerability
http://cxsecurity.com/issue/WLB-2013090099

ウイルス検索エンジン VSAPI 9.750 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2006

JVNVU#97033473 Apple OS X における複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNVU97033473/

JVN#77455005 ChamaCargo におけるクロスサイトスクリプティングの脆弱性
http://jvn.jp/jp/JVN77455005/

VU#800094 Dahua Security DVRs contain multiple vulnerabilities
http://www.kb.cert.org/vuls/id/800094

2013年9月13日金曜日

13日 金曜日、仏滅

+ About the security content of Safari 5.1.10
http://support.apple.com/kb/HT5921
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3748
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0997

+ About the security content of OS X Mountain Lion v10.8.5 and Security Update 2013-004
http://support.apple.com/kb/HT5880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3499
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5688
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2020
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2021
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1025
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1026
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1027
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1028
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1029
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1030
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0166
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1643
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1824
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1899
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1900
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1901
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1032
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1033
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775

+ CESA-2013:X011 Xen4CentOS Low libvirt Security Update
http://lwn.net/Alerts/566434/

+ CESA-2013:X010 Important Xen4CentOS xen Security Update
http://lwn.net/Alerts/566435/

+ Squid 3.3.9 released
http://www.squid-cache.org/Versions/v3/3.3/RELEASENOTES.html

+ HPSBUX02928 SSRT101274 rev.1 - HP-UX running perl, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03924247-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1667

+ HPSBUX02926 SSRT101281 rev.1 - HP-UX Running BIND, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922396-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4854

+ NetBSD BPF Buffer Size Processing Lets Local Users Deny Service
http://www.securitytracker.com/id/1029021

サーバメンテナンスのお知らせ(2013年9月17日)
http://www.trendmicro.co.jp/support/news.asp?id=2010

JVNDB-2013-000088 ChamaCargo におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000088.html

JVNDB-2013-000086 Opera におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000086.html

ロックインターナショナル、未知ファイルの実行禁止ソフト新版はログ運用を自動化
http://itpro.nikkeibp.co.jp/article/NEWS/20130913/504507/?ST=security

Facebook、プライバシーポリシー変更案でFTCが調査---米英メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130913/504463/?ST=security

エアガン販売サイトからカード情報417件流出の可能性、原因はSQLインジェクション
http://itpro.nikkeibp.co.jp/article/NEWS/20130912/504367/?ST=security

ファイア・アイ、Web経由の標的型攻撃対策ゲートウエイに4万人規模のハイエンド機を追加
http://itpro.nikkeibp.co.jp/article/NEWS/20130912/504262/?ST=security

NSAのプライバシー違反を示す文書が公開---米英メディアが報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130912/504186/?ST=security

2013年9月12日木曜日

12日 木曜日、先負

+ HPSBPV02918 rev.1 - HP ProCurve Manager (PCM), HP PCM+ and HP Identity Driven Manager (IDM), SQL Injection, Remote Code Execution, Session Reuse
https://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03897409-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4809
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4811
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4812
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4813

+ Wireshark Multiple Bugs Let Remote Users Deny Service
http://www.securitytracker.com/id/1029020
http://secunia.com/advisories/54765/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5717
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5718
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5719
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5720
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5721
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5722

+ Juniper Junos J-Web '/jsdm/ajax/port.php' Script Lets Remote Authenticated Users Execute Arbitrary Commands
http://www.securitytracker.com/id/1029016

+ Microsoft SharePoint 2013 (Cloud) Persistent Exception Handling Web Vulnerability
http://cxsecurity.com/issue/WLB-2013090084

+ Microsoft SharePoint CVE-2013-3179 Multiple HTML Injection Vulnerabilities
http://www.securityfocus.com/bid/62227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3179

+ ProFTPD 'mod_sftp_pam' Remote Denial of Service Vulnerability
http://www.securityfocus.com/bid/62328

+ Wireshark Bluetooth HCI ACL Dissector CVE-2013-5717 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5717

+ Wireshark LDAP Dissector CVE-2013-5722 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5722

+ Wireshark MQ Dissector CVE-2013-5721 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5721

+ Wireshark RTPS Dissector CVE-2013-5720 Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/62319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5720

+ Wireshark ASSA R3 Dissector CVE-2013-5719 Denial of Service Vulnerability
http://www.securityfocus.com/bid/62318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5719

携帯/スマホのフィルタリング使用率は未成年で32.8%、デジタルアーツ調査
10~18歳の男女とその保護者の1236人を調査
http://itpro.nikkeibp.co.jp/article/NEWS/20130911/503865/?ST=security

シマンテック、会津大学にサイバー演習方式のセキュリティ人材育成プログラムを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130910/503842/?ST=security

Google、Facebook、Yahoo!が米政府にさらなる透明性向上を要求
http://itpro.nikkeibp.co.jp/article/NEWS/20130910/503565/?ST=security

三井住友銀行がワンタイムパスワード生成カードを本格導入、将来はMITB攻撃対策も
http://itpro.nikkeibp.co.jp/article/NEWS/20130910/503543/?ST=security

JVNTA13-253A Microsoft 製品の複数の脆弱性に対するアップデート
http://jvn.jp/cert/JVNTA13-253A/

2013年9月11日水曜日

11日 水曜日、友引

+ 2013 年 9 月のセキュリティ情報
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-sep

+ MS13-067 - 緊急 Microsoft SharePoint Server の脆弱性により、リモートでコードが実行される (2834052)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3180

+ MS13-068 - 緊急 Microsoft Outlook の脆弱性により、リモートでコードが実行される (2756473)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-068
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3870

+ MS13-069 - 緊急 Internet Explorer 用の累積的なセキュリティ更新プログラム (2870699)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-069

+ MS13-070 - 緊急 OLE の脆弱性により、リモートでコードが実行される (2876217)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-070
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3863

+ MS13-071 - 重要 Windows テーマ ファイルの脆弱性により、リモートでコードが実行される (2864063)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0810

+ MS13-072 - 重要 Microsoft Office の脆弱性により、リモートでコードが実行される (2845537)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3160

+ MS13-073 - 重要 Microsoft Excel の脆弱性により、リモートでコードが実行される (2858300)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3159

+ MS13-074 - 重要 Microsoft Access の脆弱性により、リモートでコードが実行される (2848637)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-074

+ MS13-075 - 重要 Microsoft Office IME (中国語版) の脆弱性により、特権が昇格される (2878687)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-075
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3859

+ MS13-076 - 重要 カーネルモード ドライバーの脆弱性により、特権が昇格される (2876315)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-076
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3866

+ MS13-077 - 重要 Windows サービス コントロール マネージャーの脆弱性により、特権が昇格される (2872339)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3862

+ MS13-078 - 重要 FrontPage の脆弱性により、情報漏えいが起こる (2825621)
http://technet.microsoft.com/ja-jp/security/bulletin/ms13-078
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3137

+ MS13-079 - 重要 Active Directory の脆弱性により、サービス拒否が起こる (2853587)
https://technet.microsoft.com/ja-jp/security/bulletin/ms13-079
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3868

+ Google Chrome 29.0.1547.66 released
http://googlechromereleases.blogspot.jp/2013/09/stable-channel-update.html

+ APSB13-23 Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb13-23.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3360

+ APSB13-21 Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb13-21.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5324

+ iTunes 11.0.5 released
http://www.apple.com/itunes/download/

+ phpMyAdmin 4.0.6 is released
http://sourceforge.net/p/phpmyadmin/news/2013/09/phpmyadmin-406-is-released/

+ VMware player 6.0.0 released
https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0

+ Wireshark 1.10.2 released
http://www.wireshark.org/docs/relnotes/wireshark-1.10.2.html

+ UPDATE: Microsoft Security Advisory (2755801) Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
http://technet.microsoft.com/en-us/security/advisory/2755801

+ FreeBSD-SA-13:13.nullfs: Cross-mount links between nullfs(5) mounts
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:13.nullfs.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5710

+ FreeBSD-SA-13:12.ifioctl: Insufficient credential checks in network ioctl(2)
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:12.ifioctl.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5691

+ FreeBSD-SA-13:11.sendfile: Kernel memory disclosure in sendfile(2)
http://www.freebsd.org/security/advisories/FreeBSD-SA-13:11.sendfile.asc
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5666

+ Java SE Development Kit 7, Update 40 (JDK 7u40) released
http://www.oracle.com/technetwork/java/javase/7u40-relnotes-2004172.html

+ Microsoft Internet Explorer CAnchorElement Use-After-Free (MS13-055)
http://cxsecurity.com/issue/WLB-2013090079

+ REMOTE: MS13-055 Microsoft Internet Explorer CAnchorElement Use-After-Free
http://www.exploit-db.com/exploits/28187

携帯/スマホのフィルタリング使用率は未成年で32.8%、デジタルアーツ調査
10~18歳の男女とその保護者の1236人を調査
http://itpro.nikkeibp.co.jp/article/NEWS/20130911/503865/?ST=security

シマンテック、会津大学にサイバー演習方式のセキュリティ人材育成プログラムを提供
http://itpro.nikkeibp.co.jp/article/NEWS/20130910/503842/?ST=security

Google、Facebook、Yahoo!が米政府にさらなる透明性向上を要求
http://itpro.nikkeibp.co.jp/article/NEWS/20130910/503565/?ST=security

三井住友銀行がワンタイムパスワード生成カードを本格導入、将来はMITB攻撃対策も
http://itpro.nikkeibp.co.jp/article/NEWS/20130910/503543/?ST=security

JVNVU#96465452 Open Shortest Path First (OSPF) プロトコルの Link State Advertisement (LSA) に関する問題
http://jvn.jp/cert/JVNVU96465452/

REMOTE: eM Client e-mail client v5.0.18025.0 Stored XSS vulnerability
http://www.exploit-db.com/exploits/28183

REMOTE: HP SiteScope Remote Code Execution
http://www.exploit-db.com/exploits/28188

REMOTE: freeFTPd 1.0.10 PASS Command SEH Overflow (msf)
http://www.exploit-db.com/exploits/28170

2013年9月10日火曜日

10日 火曜日、先勝

+ RHSA-2013:1192 Moderate: spice-server security update
http://rhn.redhat.com/errata/RHSA-2013-1192.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4130

+ APSB13-22 Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-22.html

+ CESA-2013:1213 Important CentOS 5 initscripts Update
http://lwn.net/Alerts/565939/

+ CESA-2013:1213 Important CentOS 5 gdm Update
http://lwn.net/Alerts/565938/

+ CESA-2013:1192 Moderate CentOS 6 spice-server Update
http://lwn.net/Alerts/565693/

+ Multiple Vulnerabilities in the Cisco WebEx Recording Format and Advanced Recording Format Players
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130904-webex
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1116
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1117
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1119

+ HPSBHF02888 rev.3 - HP Network Products including H3C and 3COM Routers and Switches, Remote Information Disclosure and Code Execution
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03808969-3%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2340
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2341

+ RHSA-2013:1213 Important: gdm security update
http://rhn.redhat.com/errata/RHSA-2013-1213.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4169

+ HS13-018 Multiple Vulnerabilities in Cosminexus
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS13-018/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ HS13-018 Cosminexusにおける複数の脆弱性
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS13-018/index.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169

+ Postfix 2.10.2, 2.9.8, 2.8.16, 2.7.15 released
http://mirror.postfix.jp/postfix-release/official/postfix-2.10.2.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.9.8.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.8.16.HISTORY
http://mirror.postfix.jp/postfix-release/official/postfix-2.7.15.HISTORY

+ JDBC driver 9.2 Build 1002 released
http://jdbc.postgresql.org/download.html#current

+ PostgreSQL 9.3 released!
http://www.postgresql.org/about/news/1481/

+ VU#826463 Oracle E-Business Suite password disclosure vulnerability
http://www.kb.cert.org/vuls/id/826463

+ VU#704526 AdvancePro Technologies Advanceware software suite vulnerable to privilege bypass
http://www.kb.cert.org/vuls/id/704526

+ VU#830316 Cisco Prime Network Control System (NCS) and Wireless Control System (WCS) vulnerable to cross-site scripting (XSS)
http://www.kb.cert.org/vuls/id/830316

+ Apple iOS WebKit Character Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028974

+ Mac OS X WebKit Character Processing Flaw Lets Remote Users Deny Service
http://www.securitytracker.com/id/1028973

+ Linux Kernel 3.10.10 scm_check_creds() PID spoofing Privileges Escalation
http://cxsecurity.com/issue/WLB-2013090044

+ Apple Safari Heap Buffer Overflow
http://cxsecurity.com/issue/WLB-2013090040

+ SA54733 Apple AirPort / Time Capsule Frame Handling Denial of Service Vulnerability
http://secunia.com/advisories/54733/

+ REMOTE: Apple Safari 6.0.1 for iOS 6.0 and OS X 10.7/8 - Heap Buffer Overflow
http://www.exploit-db.com/exploits/28081

+ REMOTE: MS13-059 Microsoft Internet Explorer CFlatMarkupPointer Use-After-Free
http://www.exploit-db.com/exploits/28082

+ REMOTE: HP LoadRunner lrFileIOService ActiveX WriteFileString Remote Code Execution
http://www.exploit-db.com/exploits/28083

+ LOCAL: IKE and AuthIP IPsec Keyring Modules Service (IKEEXT) Missing DLL
http://www.exploit-db.com/exploits/28130

+ LOCAL: OSX <= 10.8.4 - Local Root Priv Escalation (py)
http://www.exploit-db.com/exploits/27965

+ DoS/PoC: Oracle Java lookUpByteBI - Heap Buffer Overflow
http://www.exploit-db.com/exploits/28050

Check Point response to "Check Point ClusterXL/CCP issue (DoS)"
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk94849&src=securityAlerts

脅威情報:TROJ_DLOADE.FBVの検出について
http://www.trendmicro.co.jp/support/news.asp?id=2007

定期サーバメンテナンスのお知らせ(2013年9月13日)
http://www.trendmicro.co.jp/support/news.asp?id=2005

Trend Micro Mobile Security 9.0 公開のお知らせ
http://www.trendmicro.co.jp/support/news.asp?id=2004

Error 0x80131604 shown when the console fails to open
http://www.sophos.com/en-us/support/knowledgebase/118219.aspx

Barman 1.2.3 released
http://www.postgresql.org/about/news/1480/

JVNDB-2013-000082 サイボウズ Office におけるクロスサイトスクリプティングの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000082.html

JVNDB-2013-000085 VMware ESX および ESXi におけるバッファオーバーフローの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000085.html

JVNDB-2013-000084 VMware ESX および ESXi におけるディレクトリトラバーサルの脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000084.html

JVNDB-2013-003469 Apache Struts において任意のコマンドを実行される脆弱性
http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-003469.html

バッファロー、ウイルスチェック機能搭載のUSB3.0対応USBメモリー
http://itpro.nikkeibp.co.jp/article/NEWS/20130910/503503/?ST=security

Yahoo!が透明性レポートを公開、米政府の要請は2013年前半に約1万2000件
http://itpro.nikkeibp.co.jp/article/NEWS/20130909/503307/?ST=security

米英情報当局はほとんどの主要スマホに侵入可能---ドイツ誌が報道
http://itpro.nikkeibp.co.jp/article/NEWS/20130909/503244/?ST=security

日本IBMがメインフレーム用セキュリティーソフトに新版、権限管理を強化
http://itpro.nikkeibp.co.jp/article/NEWS/20130906/502942/?ST=security

クオリティソフト、IT資産管理ソフト「QND」新版でデジカメ/スマホの接続を制御可能に
http://itpro.nikkeibp.co.jp/article/NEWS/20130906/502887/?ST=security

世界のセキュリティ・ラボから
効果的なソーシャルエンジニアリングトレーニングとは
http://itpro.nikkeibp.co.jp/article/COLUMN/20130904/502165/?ST=security

米英政府はインターネットの暗号化通信を解読可能、米英紙が報じる
http://itpro.nikkeibp.co.jp/article/NEWS/20130906/502762/?ST=security

Xoops 2.5.6 Multiple XSS vulnerabilities
http://cxsecurity.com/issue/WLB-2013090066