□セキュリティホール情報

■NetSecurity

NetSecurity - セキュリティホール情報＜2005/07/29＞
NetSecurity - 7月28日のWeb改竄情報
NetSecurity - 7月29日のWeb改竄情報
NetSecurity - 情報セキュリティ戦略についてディスカッションを行うシンポジウム開催（セキュアなデジタル社会を推進する会）
NetSecurity - 三重県のサーバに不正アクセス、ネームサーバが乗っ取られたことも判明

■Secunia - Security and Virus Information

2005-07-29
@Mail Multiple Cross-Site Scripting Vulnerabilities
Microsoft Office Insecure Shared Section Permissions
PHPmyGallery "confdir" File Inclusion Vulnerability
Website Baker Cross-Site Scripting and File Upload Vulnerabilities
Easy PX 41 CMS Cross-Site Scripting and Information Disclosure
Gaim libgadu Memory Alignment Weakness
Novell eDirectory NMAS Password Challenge Bypass
Novell eDirectory NMAS Password Challenge Bypass
Thomson Web Skill Vantage Manager SQL Injection
UNG "name" and "email" Mail Header Injection
Linksys WRT54G Router Common SSL Private Key Disclosure
Cisco IOS IPv6 Packet Handling Vulnerability
Simplicity oF Upload "language" File Inclusion Vulnerability

■US-CERT

TA05-210A Cisco IOS IPv6 Vulnerability (US-CERT)
SB05-208 Summary of Security Items from July 20 through July 26, 2005 (US-CERT)

■N.S.L. Security Report

(Linux/Unix)
FreeBSD IPsec AES-XCBC-MAC 認証にセキュリティ回避の脆弱性
Snort 2.4リリース
Rsync 2.6.6リリース
Sophos Anti-Virusにバッファオーバーフローの脆弱性
(Windows)
Sophos Anti-Virusにバッファオーバーフローの脆弱性
Microsoft Windows USB デバイスドライバにバッファオーバーフローの脆弱性

■FrSIRT

29.07.2005 : SPI Dynamics WebInspect Cross Application Scripting Vulnerability
29.07.2005 : Simplicity oF Upload "language" Remote File Inclusion Vulnerability
29.07.2005 : PHPmyGallery "confdir" Remote File Inclusion Vulnerability
29.07.2005 : UNG "name" and "email" Email Header Injection Vulnerability
29.07.2005 : Gaim libgadu Memory Alignment Denial of Service Vulnerability
29.07.2005 : Thomson Web Skill Vantage Manager SQL Injection Vulnerability
29.07.2005 : Linksys WRT54G Wireless Router Default SSL Certificate Issue
29.07.2005 : Cisco IOS IPv6 Packet Code Execution and Denial of Service Issue
29.07.2005 : Novell eDirectory NMAS Authentication Bypass Vulnerability
29.07.2005 : Easy PX 41 Cross Site Scripting and Database Disclosure Issues
29.07.2005 : @Mail Multiple Scripts Cross Site Scripting Vulnerabilities
29.07.2005 : UseBB Multiple SQL Injection and Cross Site Scripting Issues
29.07.2005 : HP NonStop Server DCE Core Services Remote Denial of Service
29.07.2005 : Gopher Unspecified Insecure Temporary File Creation Vulnerability

■JVN

JVNTA05-210A Cisco IOS IPv6 に関する脆弱性

■CIAC

P-262 Cisco IPv6 Crafted Packet Vulnerability (Released 07/29/2005)

■情報元

情報セキュリティニュース / Computer Security News