:: IT Security Neophyte Investigator's MEMO ::: 11日火曜日、赤口

2014年3月11日火曜日

11日火曜日、赤口

+ About the security content of Apple TV 6.1
http://support.apple.com/kb/HT6163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1280

+ About the security content of iOS 7.1
http://support.apple.com/kb/HT6162
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5133
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1274
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1276
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5227
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6835
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2909
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2926
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2928
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5197
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5198
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5199
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5228
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6635
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1294

+ HPSBGN02970 rev.1 - HP Rapid Deployment Pack (RDP) or HP Insight Control Server Deployment, Multiple Remote Vulnerabilities affecting Confidentiality, Integrity and Availability
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04135307-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4494
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2182
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2213
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2492
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2518
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2723
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3188
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4077
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0879
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1088
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1179
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2137
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6205
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6206

+ HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS), Disclosure of Information
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04039150-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1535
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4163
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4167
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4168
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0650
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2555

+ HPSBMU02947 rev.1 - HP System Management Homepage (SMH) Running on Linux and Windows, Remote Disclosure of Information and Cross-Site Request Forgery (CSRF)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04039138-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4846
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6188

+ UPDATE: HPSBST02937 rev.2 - HP StoreVirtual 4000 and StoreVirtual VSA Software dbd_manager, Remote Execution of Arbitrary Code
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03995204-2%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken

+ HPSBUX02976 SSRT101236 rev.1 - HP-UX Running NFS rpc.lockd, Remote Denial of Service (DoS)
https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c04174142-1%257CdocLocale%253Dja_JP%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6209

+ Linux kernel 3.12.14 released
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.14

+ RHSA-2014:0266 Moderate: sudo security update
http://rhn.redhat.com/errata/RHSA-2014-0266.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106

+ Sudo 1.8.10 released
http://www.sudo.ws/sudo/stable.html#1.8.10

+ Sudo validate_env_vars() Bug Lets Local Users Gain Elevated Privileges
http://www.securitytracker.com/id/1029886
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106

+ REMOTE: HP Data Protector Backup Client Service Remote Code Execution
http://www.exploit-db.com/exploits/32164

+ Linux Kernel IPv6 Router Advertisement Packets Processing Denial of Service Vulnerability
http://secunia.com/advisories/57250/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309

+ Wireshark Multiple Vulnerabilities
http://secunia.com/advisories/57265/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2299

+ Apple TV CVE-2014-1279 Local Information Disclosure Vulnerability
http://www.securityfocus.com/bid/66090
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1279

+ Apple iOS and TV Multiple Security Vulnerabilities
http://www.securityfocus.com/bid/66089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1273
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1275
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1287

Some protections may not work for specific HTTP evasions in R77.10 / R77 / R76
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk98814&src=securityAlerts

PostgreSQL Database Appliance from Fujitsu
http://www.postgresql.org/about/news/1510/

「偽メールにだまされないで！」三菱東京UFJ銀行をかたるフィッシング
http://itpro.nikkeibp.co.jp/article/NEWS/20140310/542484/?ST=security

Bitcoin考案者特定を報じたNewsweek、疑問の声に対して「記事を支持する」と声明
http://itpro.nikkeibp.co.jp/article/NEWS/20140310/542262/?ST=security

［CD 2014］「スマホの問題は心の問題。子供たちの相談に乗ってあげてほしい」---兵庫県立大学の竹内准教授
http://itpro.nikkeibp.co.jp/article/NEWS/20140310/542242/?ST=security

REMOTE: SolidWorks Workgroup PDM 2014 pdmwService.exe Arbitrary File Write
http://www.exploit-db.com/exploits/32163

REMOTE: GetGo Download Manager 4.9.0.1982 - HTTP Response Header Buffer Overflow Remote Code Execution
http://www.exploit-db.com/exploits/32132

LOCAL: KMPlayer 3.8.0.117 - Buffer Overflow
http://www.exploit-db.com/exploits/32152

LOCAL: QNX 6.4.x/6.5.x ifwatchd - Local root Exploit
http://www.exploit-db.com/exploits/32153

LOCAL: QNX 6.5.0 x86 io-graphics - Local root Exploit
http://www.exploit-db.com/exploits/32154

LOCAL: QNX 6.5.0 x86 phfont - Local root Exploit
http://www.exploit-db.com/exploits/32155

LOCAL: QNX 6.4.x/6.5.x pppoectl - Information Disclosure
http://www.exploit-db.com/exploits/32156

LOCAL: iCAM Workstation Control 4.8.0.0 - Authentication Bypass
http://www.exploit-db.com/exploits/32158

:: IT Security Neophyte Investigator's MEMO ::

2014年3月11日火曜日

11日火曜日、赤口

0 件のコメント:

コメントを投稿

2014年3月11日火曜日

11日 火曜日、赤口

0 件のコメント:

コメントを投稿

11日火曜日、赤口