ソフト名:MiniUPnP Project MiniSSDPd 1.x
回避策:未対応
脆弱性:機密情報の奪取, DoS攻撃, システムアクセス, バッファオーバーフロー, スタックメモリの曝露, メモリアロケーションエラー, クラッシュ, オフバイワンエラー
ソース:
危険性:Medium Risk
2011-08-02
2011-02-15
Novell SUSE Linux Enterprise Server
ソフト名:Novell SUSE Linux Enterprise Server 9
回避策:SUSE-SA:2011:008にて対応
脆弱性:セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃, スタックメモリの曝露, 整数オーバーフロー, クラッシュ
ソース:http://www.novell.com/products/server/
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
http://secunia.com/advisories/40965/
http://secunia.com/advisories/41284/
http://secunia.com/advisories/41440/
http://secunia.com/advisories/41493/
http://secunia.com/advisories/41650/
http://secunia.com/advisories/42035/
http://secunia.com/advisories/42094/
http://secunia.com/advisories/42684/
http://secunia.com/advisories/42765/
http://secunia.com/advisories/43056/
http://secunia.com/advisories/43291/
http://dvw-j.blogspot.com/2010/12/kernelorg-linux-kernel_24.html
http://dvw-j.blogspot.com/2011/01/linux-kernel.html
http://dvw-j.blogspot.com/2011/01/suse-linux-enterprise-server.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4529
CVE:CVE-2010-2946, CVE-2010-3067, CVE-2010-3310, CVE-2010-3442, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3873, CVE-2010-4072, CVE-2010-4073, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4160, CVE-2010-4164, CVE-2010-4242, CVE-2010-4342, CVE-2010-4258, CVE-2010-4527, CVE-2010-4529
危険性:Medium Risk
回避策:SUSE-SA:2011:008にて対応
脆弱性:セキュリティ制限の回避, 機密情報の奪取, 権限の昇格, DoS攻撃, スタックメモリの曝露, 整数オーバーフロー, クラッシュ
ソース:http://www.novell.com/products/server/
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00002.html
http://secunia.com/advisories/40965/
http://secunia.com/advisories/41284/
http://secunia.com/advisories/41440/
http://secunia.com/advisories/41493/
http://secunia.com/advisories/41650/
http://secunia.com/advisories/42035/
http://secunia.com/advisories/42094/
http://secunia.com/advisories/42684/
http://secunia.com/advisories/42765/
http://secunia.com/advisories/43056/
http://secunia.com/advisories/43291/
http://dvw-j.blogspot.com/2010/12/kernelorg-linux-kernel_24.html
http://dvw-j.blogspot.com/2011/01/linux-kernel.html
http://dvw-j.blogspot.com/2011/01/suse-linux-enterprise-server.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2946
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3067
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3442
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3873
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4081
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4083
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4157
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4158
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4160
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4164
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4527
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4529
CVE:CVE-2010-2946, CVE-2010-3067, CVE-2010-3310, CVE-2010-3442, CVE-2010-3848, CVE-2010-3849, CVE-2010-3850, CVE-2010-3873, CVE-2010-4072, CVE-2010-4073, CVE-2010-4081, CVE-2010-4083, CVE-2010-4157, CVE-2010-4158, CVE-2010-4160, CVE-2010-4164, CVE-2010-4242, CVE-2010-4342, CVE-2010-4258, CVE-2010-4527, CVE-2010-4529
危険性:Medium Risk
2011-02-08
OpenBSD OpenSSH
ソフト名:OpenBSD OpenSSH 5.6/5.7
回避策:アップデートにて対応
脆弱性:ブルートフォース攻撃, 機密情報の奪取, ハッシュ衝突攻撃, スタックメモリの曝露
ソース:http://www.openssh.com/
http://www.openssh.com/txt/legacy-cert.adv
http://www.openssh.com/txt/release-5.8
http://secunia.com/advisories/43181/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0539
CVE:CVE-2011-0539
危険性:Low Risk
回避策:アップデートにて対応
脆弱性:ブルートフォース攻撃, 機密情報の奪取, ハッシュ衝突攻撃, スタックメモリの曝露
ソース:http://www.openssh.com/
http://www.openssh.com/txt/legacy-cert.adv
http://www.openssh.com/txt/release-5.8
http://secunia.com/advisories/43181/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0539
CVE:CVE-2011-0539
危険性:Low Risk
Canonical Ltd. Ubuntu Linux
ソフト名:Canonical Ltd. Ubuntu Linux 6.06
回避策:USN-1057-1にて対応
脆弱性:機密情報の奪取, スタックメモリの曝露, メモリリーク, 権限の昇格, カーネルのクラッシュ, 整数オーバーフロー
ソース:http://www.ubuntu.com/
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001241.html
http://secunia.com/advisories/40205/
http://secunia.com/advisories/41440/
http://secunia.com/advisories/43161/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
CVE:CVE-2010-2943, CVE-2010-3297, CVE-2010-4072
危険性:Medium Risk
回避策:USN-1057-1にて対応
脆弱性:機密情報の奪取, スタックメモリの曝露, メモリリーク, 権限の昇格, カーネルのクラッシュ, 整数オーバーフロー
ソース:http://www.ubuntu.com/
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001241.html
http://secunia.com/advisories/40205/
http://secunia.com/advisories/41440/
http://secunia.com/advisories/43161/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2943
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4072
CVE:CVE-2010-2943, CVE-2010-3297, CVE-2010-4072
危険性:Medium Risk
2011-02-04
Canonical Ltd. Ubuntu Linux
ソフト名:Canonical Ltd. Ubuntu Linux 10.04~10.10
回避策:USN-1054-1にて対応
脆弱性:DoS攻撃, スタックメモリの曝露, カーネルのクラッシュ, 区域外メモリの使用
ソース:http://www.ubuntu.com/
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001239.html
http://secunia.com/advisories/42148/
http://secunia.com/advisories/42172/
http://secunia.com/advisories/42354/
http://secunia.com/advisories/43110/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
CVE:CVE-2010-0435, CVE-2010-4165, CVE-2010-4169, CVE-2010-4249
危険性:Low Risk
回避策:USN-1054-1にて対応
脆弱性:DoS攻撃, スタックメモリの曝露, カーネルのクラッシュ, 区域外メモリの使用
ソース:http://www.ubuntu.com/
https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001239.html
http://secunia.com/advisories/42148/
http://secunia.com/advisories/42172/
http://secunia.com/advisories/42354/
http://secunia.com/advisories/43110/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4165
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4249
CVE:CVE-2010-0435, CVE-2010-4165, CVE-2010-4169, CVE-2010-4249
危険性:Low Risk
2010-11-12
Linux Kernel
ソフト名:Linux Kernel 2.6.0/2.6.37
回避策:未対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://kernel.org/
http://marc.info/?l=linux-netdev&m=128934173821229&w=2
http://www.securityfocus.com/bid/44758
危険性:Low Risk
回避策:未対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://kernel.org/
http://marc.info/?l=linux-netdev&m=128934173821229&w=2
http://www.securityfocus.com/bid/44758
危険性:Low Risk
2010-11-09
Linux Kernel
ソフト名:Linux Kernel 2.6.0
回避策:あり
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://git.kernel.org/?p=virt/kvm/kvm.git;a=commitdiff;h=831d9d02f9522e739825a51a11e3bc5aa531a905
http://www.securityfocus.com/bid/44666
http://secunia.com/advisories/42148
危険性:Low Risk
回避策:あり
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://git.kernel.org/?p=virt/kvm/kvm.git;a=commitdiff;h=831d9d02f9522e739825a51a11e3bc5aa531a905
http://www.securityfocus.com/bid/44666
http://secunia.com/advisories/42148
危険性:Low Risk
2010-11-05
Linux Kernel
ソフト名:Linux Kernel 2.6.0~2.6.36 rc4
回避策:未対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://permalink.gmane.org/gmane.comp.security.oss.general/3690
http://www.kernel.org/
http://www.securityfocus.com/bid/44630
危険性:Low Risk
回避策:未対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://permalink.gmane.org/gmane.comp.security.oss.general/3690
http://www.kernel.org/
http://www.securityfocus.com/bid/44630
危険性:Low Risk
Linux Kernel
ソフト名:Linux Kernel 2.6.0~2.6.36 rc4
回避策:未対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://permalink.gmane.org/gmane.linux.network/176803
http://permalink.gmane.org/gmane.linux.network/176804
http://www.kernel.org/
http://www.securityfocus.com/bid/44630
http://secunia.com/advisories/42061
危険性:Low Risk
回避策:未対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://permalink.gmane.org/gmane.linux.network/176803
http://permalink.gmane.org/gmane.linux.network/176804
http://www.kernel.org/
http://www.securityfocus.com/bid/44630
http://secunia.com/advisories/42061
危険性:Low Risk
2010-10-12
Linux Kernel
ソフト名:Linux Kernel 2.6.0 test1~2.6.35 rc5
回避策:[PATCH] drivers/usb/serial/mos*: prevent reading uninitialized stack memory -- Linux USBにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.spinics.net/lists/linux-usb/msg36150.html
http://www.kernel.org/
http://www.securityfocus.com/bid/43803
危険性:Low Risk
回避策:[PATCH] drivers/usb/serial/mos*: prevent reading uninitialized stack memory -- Linux USBにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.spinics.net/lists/linux-usb/msg36150.html
http://www.kernel.org/
http://www.securityfocus.com/bid/43803
危険性:Low Risk
Linux Kernel
ソフト名:Linux Kernel 2.6.0 test1~2.6.35 rc5
回避策:[PATCH] sound/pci/rme9652: prevent reading uninitialized stack memoryにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://comments.gmane.org/gmane.linux.kernel/1040823
http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43808
危険性:Low Risk
回避策:[PATCH] sound/pci/rme9652: prevent reading uninitialized stack memoryにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://comments.gmane.org/gmane.linux.kernel/1040823
http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43808
危険性:Low Risk
Linux Kernel
ソフト名:Linux Kernel 2.6.0 test1~2.6.35 rc5
回避策:+ sys_semctl-fix-kernel-stack-leakage.patch added to -mm tree -- MM Commitsにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.spinics.net/lists/mm-commits/msg80234.html
http://www.kernel.org/
http://www.securityfocus.com/bid/43809
危険性:Low Risk
回避策:+ sys_semctl-fix-kernel-stack-leakage.patch added to -mm tree -- MM Commitsにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.spinics.net/lists/mm-commits/msg80234.html
http://www.kernel.org/
http://www.securityfocus.com/bid/43809
危険性:Low Risk
Linux Kernel
ソフト名:Linux Kernel 2.6.0 test1~2.6.35 rc5
回避策:未対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43806
http://www.securityfocus.com/bid/43815
危険性:Low Risk
回避策:未対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43806
http://www.securityfocus.com/bid/43815
危険性:Low Risk
Linux Kernel
ソフト名:Linux Kernel 2.6.0 test1~2.6.35 rc5
回避策:LKML: Alan Cox: [PATCH 0/3] Fix the TIOCGICOUNT problem for goodにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://lkml.org/lkml/2010/9/16/294
http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43810
http://www.securityfocus.com/bid/43816
http://www.securityfocus.com/bid/43817
危険性:Low Risk
回避策:LKML: Alan Cox: [PATCH 0/3] Fix the TIOCGICOUNT problem for goodにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://lkml.org/lkml/2010/9/16/294
http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43810
http://www.securityfocus.com/bid/43816
http://www.securityfocus.com/bid/43817
危険性:Low Risk
Linux Kernel
ソフト名:Linux Kernel 2.6.0 test1~2.6.35 rc5
回避策:LKML: Dan Rosenberg: [PATCH v3] IPC: Initialize structure memory to zero for compat functionsにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://lkml.org/lkml/2010/10/6/492
http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43828
危険性:Low Risk
回避策:LKML: Dan Rosenberg: [PATCH v3] IPC: Initialize structure memory to zero for compat functionsにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://lkml.org/lkml/2010/10/6/492
http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43828
危険性:Low Risk
Linux Kernel
ソフト名:Linux Kernel 2.4.0~2.6.35 rc5
回避策:LKML: Kees Cook: [PATCH] ipc: initialize structure memory to zero for shmctlにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://lkml.org/lkml/2010/10/6/454
http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43829
危険性:Low Risk
回避策:LKML: Kees Cook: [PATCH] ipc: initialize structure memory to zero for shmctlにて対応
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://lkml.org/lkml/2010/10/6/454
http://comments.gmane.org/gmane.comp.security.oss.general/3555
http://www.kernel.org/
http://www.securityfocus.com/bid/43829
危険性:Low Risk
2010-09-17
Linux Kernel
ソフト名:Linux Kernel 2.6.0~2.6.35 rc5
回避策:あり
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://lkml.org/lkml/2010/9/11/167
http://lkml.org/lkml/2010/9/11/168
http://lkml.org/lkml/2010/9/11/170
http://lkml.org/lkml/2010/9/14/317
http://www.kernel.org/
http://www.securityfocus.com/bid/43221
http://www.securityfocus.com/bid/43226
http://www.securityfocus.com/bid/43229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3298
http://secunia.com/advisories/41440
CVE:CVE-2010-3295, CVE-2010-3296, CVE-2010-3297, CVE-2010-3298
危険性:Low Risk
回避策:あり
脆弱性:機密情報の奪取, スタックメモリの曝露
ソース:http://lkml.org/lkml/2010/9/11/167
http://lkml.org/lkml/2010/9/11/168
http://lkml.org/lkml/2010/9/11/170
http://lkml.org/lkml/2010/9/14/317
http://www.kernel.org/
http://www.securityfocus.com/bid/43221
http://www.securityfocus.com/bid/43226
http://www.securityfocus.com/bid/43229
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3298
http://secunia.com/advisories/41440
CVE:CVE-2010-3295, CVE-2010-3296, CVE-2010-3297, CVE-2010-3298
危険性:Low Risk
登録:
投稿 (Atom)
