今日のセキュリティホール情報

■NetSecurity

NetSecurity - セキュリティホール情報＜2005/07/21＞
NetSecurity - 今週のNetSecurityアクセスランキング＜2005-07-11〜07-17＞
NetSecurity - ネットオークションで海賊版を販売した、香川県の公立中学校教諭を逮捕
 NetSecurity - Cybertrust、UniCERT技術によってロシア連邦財務省のPKI取引を実現（ビートラステッド・ジャパン）
NetSecurity - 高速Webアプリケーション処理とセキュリティ強化を1台で実現するアプリケーションデリバリーシステムの販売を開始（ネットワンシステムズ）
NetSecurity - 「SS70V」モバイルソリューションの無線LANプラットホームを強化（NTTコムウェア）
NetSecurity - ボーダフォン、家族向け割引サービスで合計約1,300万円の誤請求
 NetSecurity - NTT西日本、フレッツアクセスサービスの一部顧客に誤請求
 NetSecurity - 東邦ガス、契約に関する書類93件の紛失が判明
 NetSecurity - JCBの業務委託会社、18名分のカード受付表を紛失
 NetSecurity - ビックカメラ、サイトの信頼度向上を目的にセコム社ソリューションを導入(セコムトラストネット)
NetSecurity - Scan Security Management：ダイジェスト　Vol.071

■SIDfm - セキュリティ情報提供サービス

KDE の Kopete に DoS 攻撃を受けたり任意のコードを実行される問題

■Secunia - Security and Virus Information

2005-07-15
BitDefender for Mail Servers Malware Detection Bypass
Avaya Various Products glibc Vulnerabilities
Sophos Anti-Virus ZIP Archive Denial of Service Vulnerability
Macromedia JRun Authentication Token Security Issue
Winamp ID3v2 Tag Handling Buffer Overflow Vulnerability
Hosting Controller Multiple Vulnerabilities
Avaya telnet Two Vulnerabilities
MooseGallery "type" File Inclusion Vulnerability
2005-07-18
Hosting Controller Multiple Vulnerabilities
PowerDNS Two Denial of Service Vulnerabilities
SGI Advanced Linux Environment Multiple Updates
Sybase EAServer WebConsole Buffer Overflow Vulnerability
Skype "skype_profile.jpg" Insecure Temporary File Creation
VP-ASP Shopping Cart SQL Injection Vulnerabilities
Shorewall Rules / Policies Bypass Security Issue
2005-07-19
Avaya Predictive Dialing System TCP/IP Denial of Service
ekg Shell Command Injection and Insecure Temporary File Creation
KDE Kate / KWrite Backup File Insecure File Permissions
Novell GroupWise WebAccess Script Insertion Vulnerability
MDaemon IMAP Authentication Denial of Service Vulnerability
Race Driver Format String and Buffer Overflow Vulnerabilities
CaLogic "CLPATH" Arbitrary File Inclusion Vulnerability
SEO-Board "smilies_popup.php" Cross-Site Scripting
PHPFinance Logon Bypass Vulnerability
Sun Management Center Oracle Listener Vulnerabilities
HP Tru64 UNIX TCP/IP Implementation Vulnerabilities
PHPPageProtect Cross-Site Scripting Vulnerabilities
2005-07-20
Hitachi Groupmax Form and Web Workflow Server Set Denial of Service
ReviewPost PHP Pro "sort" SQL Injection Vulnerability
Apple Airport Insecure Association Security Issue
DVBBS "showerr.asp" Cross-Site Scripting Vulnerability
CuteNews "selected_search_arch" Cross-Site Scripting Vulnerability
Check Point VPN-1 SecuRemote / SecureClient Information Disclosure Weakness
Blue Coat Products ICMP Message Handling Denial of Service
F5 Networks BIG-IP / 3-DNS Three Vulnerabilities
PeanutHull Privilege Escalation Vulnerability
PHP Surveyor SQL Injection Vulnerabilities
e107 Nested BBcode Script Insertion Vulnerability
PHP-Fusion BBcode "color" CSS Code Insertion Vulnerability
Oracle Reports / Forms Multiple Vulnerabilities
2005-07-21
Firefox Greasemonkey Extension Disclosure of Sensitive Information
avast! Antivirus ACE File Handling Two Vulnerabilities
F5 Networks BIG-IP / 3-DNS Multiple Vulnerabilities
PHPSiteSearch "query" Cross-Site Scripting Vulnerability
Pyrox Search "whatdoreplace" Cross-Site Scripting Vulnerability
Sun Solaris gzip Directory Traversal Vulnerability
phpBB BBcode "url" Script Insertion Vulnerability
PHPNews "user" and "password" SQL Injection Vulnerability
CMSimple "search" Cross-Site Scripting Vulnerability
FreeBSD devfs Ruleset Bypass Security Issue
Ultimate PHP Board Cross-Site Scripting and Script Insertion
dxxo Count Web Statistics SQL Injection Vulnerability
Domain Name Relay Daemon Two Vulnerabilities
ekg libgadu Multiple Vulnerabilities
zlib Denial of Service Vulnerability

■SecurityFocus

SecurityFocus Microsoft Newsletter #248

■FrSIRT

■CIAC

P-255: Heimdal
P-256: Targeted Attacks
P-258: Security Vulnerability Involving the Common Desktop Environment (CDE) dtlogin(1X) Command

■情報元

セキュリティ情報