$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Fri Nov 25 20:27:53 2011 +0900 (JST)
$BC;=L(B URL: http://goo.gl/pwSG$B!!(BQR $B%3!<%I(B: http://goo.gl/pwSG.qr

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B45$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B109$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B172$BI<(B)
$B2f$i9_Iz$;$:!]%5%$%Q%s6L:U@o$N685$$H?? ($B8=:_(B136$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2011.11.25

$B"#(B $BDI5-(B

Apple $B$+$i$$$m$$$mBgNL$K(B (2011.10.12)

$B!!(B$B!Z(BiOS4.x$B?_;`K4![(BAppleID$B$N%Q%9%o!<%I$,%m!<%+%k%U%!%$%k$K5-O?$5$l$k2DG=@-(B (iPhone $B$A$c$s$M$k(B, 2011.11.23)$B!#(BiOS 5 $B$N$3$N=$@59`L\$N7o(B:

CFNetwork

$BBP>]$H$J$k%P!<%8%g%s!'(BiPhone 3GS $B$*$h$S(B iPhone 4$B!'(BiOS 3.0 $B!A(B 4.3.5$B!"(BiPod touch (3rd generation) $B0J9_!'(BiOS 3.1 $B!A(B 4.3.5$B!"(BiPad$B!'(BiOS 3.2 $B!A(B 4.3.5

$B1F6A!'%f!<%6$N(B Apple ID $B$N%Q%9%o!<%I$,%m!<%+%k%U%!%$%k$K5-O?$5$l$k2DG=@-$,$"$k!#(B

$B@bL@!'%f!<%6$N(B Apple ID $B$N%Q%9%o!<%I$H%f!<%6L>$O%7%9%F%`>e$N%"%W%j%1!<%7%g%s$+$iFI$_pJs$N5-O?$rGQ;_$9$k$3$H$G2r7h$5$l$F$$$^$9!#(B

CVE-ID

CVE-2011-3255$B!'(Bqdevelop $B$N(B Peter Quade $B;a(B

Firefox 8.0 / 3.6.24$B!"(BThunderbird 8.0 / 3.1.16 $BEP>l(B

$B!!(BFirefox 8.0.1 $B$,EP>l$7$F$$$^$9!#(B$B%j%j!<%9%N!<%H(B$B!#(Biida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

  • Mac OS X $B$K!V(BJava SE 6$B!W%W%i%0%$%s$N%P!<%8%g%s(B 1.6.0_29 $B$,%$%s%9%H!<%k$5$l$F$$$k4D6-$G!"(BJava $B%"%W%l%C%HFI$_9~$_;~$KFCDj$N%1!<%9$GH/@8$7$F$$$?%/%i%C%7%e$r=$@5$7$^$7$?!#(B

  • Windows $B$G!"!V(BRoboForm$B!W3HD%5!G=$N(B 7.6.2 $B$h$j8E$$%P!<%8%g%s$K$h$C$F0z$-5/$3$5$l$F$$$?5/F0;~$N%/%i%C%7%e$r=$@5$7$^$7$?!#(B

$B"#(B 2011.11.24

$B"#(B $BDI5-(B

Firefox 8.0 / 3.6.24$B!"(BThunderbird 8.0 / 3.1.16 $BEP>l(B

$B!!(BWeb$B%V%i%&%6$d%a!<%k5!G=$r;}$DE}9g%$%s%?!<%M%C%H%9%$!<%H(BSeaMonkey 2.5$B%j%j!<%9!"(BWeb$B%V%i%&%65!G=$,(BFirefox 8$BAjEv$K(B (sourceforge.jp, 2011.11.24)

$B"#(B 2011.11.23

$B"#(B RealNetworks, Inc.$B!"%;%-%e%j%F%#@H
(RealNetworks, 2011.11.18)

$B!!(BRealPlayer 15.0.0$B!"(BMac $BMQ(B RealPlayer 12.0.0.1703 $BEP>l!#7W(B 19 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#B?$/$OG$0U$N%3!<%I$,

$B"#(B 2011.11.22

$B"#(B $BDI5-(B

About the security content of iTunes 10.5.1

$B!!(BGerman spyware exploits iTunes vulnerability (H Online, 2011.11.21)$B!#$3$N7g4Y!"%I%$%D@/I\8fMQC#%9%Q%$%&%'%"$GMxMQ$5$l$F$$$?LOMM!#(B

$B"#(B $B$$$m$$$m(B (2011.11.22)
(various)

$B"#(B ZeroAccess Rootkit Launched by Signed Installers
(McAfee Labs Blog, 2011.11.21)

$B!!(BDLL $B%W%j%m!<%I$M$?$r;H$C$F!"(BAdobe $B$K=pL>$5$l$F$$$k$h$&$K8+$($k%^%k%&%'%"%$%s%9%H!<%i$rhttp://vil.nai.com/images/562354_4.zip

$B"#(B Invisible YNK, a Code Signing Conundrum
(Norman, 2011.11.17)

$B!!=pL>$5$l$?%^%k%&%'%"$M$?!#(B WeMade Online $B$N5l>N(B YNK Japan Inc $B$N>ZL@=q$,;H$o$l$?;vNc!#(B $B%^%k%&%'%"$K$h$k0-MQ$,H/3P$7!"C$7$?$O$:$N>ZL@=q$K$h$k=pL>$J$N$K!"(Bvalid $B$K$J$C$F$7$^$&!#(B

When Symantec (and I assume other CA$B!G(Bs) revoke a certificate, the revocation is active from the revocationDate field in the Certificate Revocation List (CRL). This means that files signed and timestamped after revocationDate, and files signed and not timestamped, will no longer validate. It also means that files signed and timestamped before revocationDate will validate, and such is the case with the trojan shown above. It is signed June 30. 2011, a month before revocation. It is worth noting that timestamping here means signed with a cryptographically valid timestamp, such as VeriSign Time Stamping Services.

$B!!C$5$l$?F|$h$jA0$N%?%$%`%9%?%s%W$,$D$$$F$$$l$P(B ok ok $B$HH=CG$5$l$F$7$^$&LOMM!#(BCRL $B$N(B Revocation Date $B$r%P%C%/%G!<%H$9$k;v$GBP1~!#(B

$B!!4XO"(B: Digital Certificates Used by Malware (CCSS Forum)$B!#$3$s$J%5%$%H$,$"$k$N$G$9$M!#(B

$B"#(B au$B$N(BPC$B%5%$%H%S%e!<%"!<$G@H
(bROOM.LOG !, 2011.11.22)

$B!!B3Js$rBT$F!#(B

$B"#(B 2011.11.21

$B"#(B 2011.11.19

$B"#(B 2011.11.18

$B"#(B SYM11-014: $B%m!<%+%k%"%/%;%9$N%5!<%S%95qH]$KBP1~$9$k(B Gear $B%I%i%$%P$r%7%^%s%F%C%/$,99?7(B
($B%7%^%s%F%C%/(B, 2011.11.09)

$B!!(BBackup Exec System Recovery 8.5.x / 2010 (9.0.x)$B!"(BSymantec System Recovery 2011 (10.0)$B!"(BNorton 360 ($B%P!<%8%g%s(B5)$B!"(BNorton Ghost 15 $B0JA0$K7g4Y!#(B Gear Software CD DVD $B%U%#%k%?%I%i%$%P(B GEARAspiWDM.sys $B$K7g4Y$,$"$j!"(Blocal user $B$K$h$k(B DoS $B967b$,2DG=!#(BCVE-2011-3477

$B!!(BBackup Exec System Recovery $B$H(B Norton Ghost $B$O:G?7%I%i%$%P$N%$%s%9%H!<%k$K$h$C$FBP1~$G$-$k!#(BSymantec System Recovery 2011 $B$OBPOC%b!<%I$G!"(BNorton 360 $B$O

$B"#(B Google Chrome Stable Channel Update
(Google, 2011.11.16)

$B!!(BGoogle Chrome 15.0.874.121 $BEP>l!#(B1 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

$B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B

$B!!4XO"(B:

$B"#(B 2011.11.17

$B"#(B $BDI5-(B

BIND 9 Resolver crashes after logging an error in query.c

$B!!@5<0HG(B Advisory $B=P$^$7$?!#BP1~HG(B BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 $B$b=P$F$$$^$9(B ($BMn$A$J$$$h$&$K$9$k=$@5(B)$B!#967b$J$N$+$I$&$+$O$^$@ITL@!#(B

$B"#(B 2011.11.16

$B"#(B BIND 9 Resolver crashes after logging an error in query.c
(ISC, 2011.11.16)

$B!!(BBIND 9 $B$,(B query.c:1781: INSIST(! dns_rdataset_isassociated(sigrdataset)) failed, back trace $B$H$$$&%m%0$r;D$7$F(B crash $B$9$k$H$$$&;vNc$,J#?tH/@8$7$F$$$kLOMM!#860x$OITL@!"D4::Cf!#8=;~E@$G(B crash $B$,Js9p$5$l$F$$$k$N$O(B cache DNS $B%5!<%P$@$1$@$=$&$G$9!#(B

2011.11.17 $BDI5-(B:

$B!!@5<0HG(B Advisory $B=P$^$7$?!#BP1~HG(B BIND 9.8.1-P1, 9.7.4-P1, 9.6-ESV-R5-P1, 9.4-ESV-R5-P1 $B$b=P$F$$$^$9(B ($BMn$A$J$$$h$&$K$9$k=$@5(B)$B!#967b$J$N$+$I$&$+$O$^$@ITL@!#(B

$B"#(B 2011.11.15

$B"#(B About the security content of iTunes 10.5.1
(Apple, 2011.11.14)

$B!!(BiTunes 5.0 $B0JA0$K7g4Y!#(BiTunes $B$ODj4|E*$K99?7%A%'%C%/$r9T$&$,!"(BApple Software Update for Windows $B$,%$%s%9%H!<%k$5$l$F$$$J$$>l9g$K!"(BDNS $B%-%c%C%7%eFGF~$l967b$K$h$C$F%K%;$N99?7%U%!%$%k$r%f!<%6$KDO$^$;$k$3$H$,$G$-$k!#(B CVE-2008-3434 (3 $BG/A0$KH/8+$5$l$?7g4Y(B)

$B!!(BiTunes 10.5.1 $B$G=$@5$5$l$F$$$k!#(BMac $BHG$G$O(B Apple Software Update $B$,>o$KB8:_$9$k$?$a$K$3$N7g4Y$N1F6A$r

2011.11.22 $BDI5-(B:

$B!!(BGerman spyware exploits iTunes vulnerability (H Online, 2011.11.21)$B!#$3$N7g4Y!"%I%$%D@/I\(BfMQC#%9%Q%$%&%'%"$GMxMQ$5$l$F$$$?LOMM!#

$B"#(B 2011.11.14

$B"#(B $B$$$m$$$m(B (2011.11.14)
(various)

$B"#(B $BDI5-(B

$B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B

$B!!J#?t$N(B Duqu $BH/8+%D!<%k$,8x3+$5$l$F$^$9!#(B

Microsoft 2011 $BG/(B 4 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMicrosoft Office Excel$B$K$*$1$kJQ?t=i4|2==hM}$N@HZ%l%]!<%H(B (NTT$B%G!<%?@hC<5;=Q(B, 2011.11.14)

APSB11-27: Security update available for Adobe Shockwave Player

$B!!(BCORE-2011-0825: Adobe Shockwave Player TextXtra.x32 vulnerability (CoreLabs Research, 2011.11.08)$B!#(BCVE-2011-2447 $B$N7o!#(B

$B"#(B 2011.11.13

$B"#(B $B$$$m$$$m(B (2011.11.13)
(various)

$B"#(B 2011.11.11

$B"#(B $BDI5-(B

$B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B

$B!!(BKB 2639658 $B1Q8lHG(B $B$,(B revision 1.3 $B$K$J$C$F$$$k!#(B $B$3$s$JJ88@$,DI2C$5$l$F$$$k(B:

After you apply this workaround on a system that is running Windows XP or Windows Server 2003, you may be reoffered security updates 982132 and 972270. You will be unable to install these reoffered updates. The reoffering is a detection logic issue. Users who have previously applied both security updates successfully can ignore the reoffer.

$B!!(BWindows XP / Server 2003 $B$K2sHr:v$ruBV$G$O!"$3$l$i$O%$%s%9%H!<%k$G$-$J$$!#99?7%W%m%0%i%`$N8!=P%m%8%C%/$NLdBj$G$"$j!"4{$K99?7%W%m%0%i%`$rE,MQ:Q$G$"$k$J$iL5;k$7$F$h$$!#!D!D$@$=$&$G$9!#(B

$B!!(Bcadz $B$5$s!"@PDM$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$BF02h!'(BiOS $B$KHs=pL>%3!<%I$rF0$+$9@H(B

$B!!(BiOS 5.0.1 $B$G=$@5$5$l$?$N$+$J!#(BAbout the security content of iOS 5.0.1 Software Update (Apple, 2011.11.10)

Kernel

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: An application may execute unsigned code

Description: A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3.

CVE-ID

CVE-2011-3442 : Charlie Miller of Accuvant Labs

SSL$BG'>Z6ILdBj$,:F$SH/3P!"(BMicrosoft$B$H(BMozilla$B$,BP1~I=L@(B

$B!!(BDigiCert Sdn. Bhd $B$N7o!"(BMicrosoft $B$+$i%"%I%P%$%6%j$H99?7%W%m%0%i%`=P$^$7$?(B:

$B!!$^$?(B Firefox 8 / 3.6.24 $B$O(B 2011.11.09 $B$K%j%j!<%9:Q(B$B$G$9!#(B

$B"#(B Google Chrome Stable Channel Update
(Google, 2011.11.10)

$B!!(BGoogle Chrome 15.0.874.120 $BEP>l!#(B7 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B CVE-2011-3892 CVE-2011-3893 CVE-2011-3894 CVE-2011-3895 CVE-2011-3896 CVE-2011-3897 CVE-2011-3898

$B"#(B $B$$$m$$$m(B (2011.11.11)
(various)

$B"#(B About the security content of Time Capsule and AirPort Base Station (802.11n) Firmware 7.6
(Apple, 2011.11.10)

$B!!96N,(B DHCP $B%l%9%]%s%9$r;H$C$FG$0U$N%3%^%s%I$rCVE-2011-0997

$B!!4XO"(B: JVNVU#309451: Apple Time Capsule $B$*$h$S(B AirPort Base Station (802.11n) $B$K$*$1$kJ#?t$N@H (JVN, 2011.11.11)

$B"#(B About the security content of iOS 5.0.1 Software Update
(Apple, 2011.11.10)

$B!!(BiOS 5.0.1 $BEP>l!#(B $B!V(B$BF02h!'(BiOS $B$KHs=pL>%3!<%I$rF0$+$9@H(B$B!W(B $B$N7o$r4^$`!"7W(B 5 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B CVE-2011-3246 CVE-2011-3439 CVE-2011-3442 CVE-2011-3441 CVE-2011-3440

$B"#(B APSB11-28: Security update available for Adobe Flash Player
(Adobe, 2011.11.10)

$B!!(BAdobe Flash Player / AIR $B$K(B 12 $B$N7g4Y!#(B $BFb(B 11 $B$O!"G$0U$N%3!<%I$N7$/!#;D$j(B 1 $B$D$O!"%/%m%9%I%a%$%s%]%j%7!<$r2sHr$G$-$k7g4Y!#(B0-day $B$O$J$$LOMM!#(B CVE-2011-2445 CVE-2011-2450 CVE-2011-2451 CVE-2011-2452 CVE-2011-2453 CVE-2011-2454 CVE-2011-2455 CVE-2011-2456 CVE-2011-2457 CVE-2011-2458 CVE-2011-2459 CVE-2011-2460

$B!!(BFlash Player 11.1.102.55 / 10.3.183.11$B!"(BAdobe Flash Player for Android 11.1.102.59$B!"(BAIR 3.1.0.4880 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2011.11.10

$B"#(B $B$$$m$$$m(B (2011.11.10)
(various)

$B"#(B APSB11-27: Security update available for Adobe Shockwave Player
(Adobe, 2011.11.08)

$B!!(BShockwave Player $B$K(B 4 $B$D$N7g4Y!#$$$:$l$b%a%b%jGK2u$,H/@8$7!"G$0U$N%3!<%I$N7$/!#(BShockwave Player 11.6.3.633 $B$G=$@5$5$l$F$$$k!#(BCVE-2011-2446 CVE-2011-2447 CVE-2011-2448 CVE-2011-2449

2011.11.14 $BDI5-(B:

$B!!(BCORE-2011-0825: Adobe Shockwave Player TextXtra.x32 vulnerability (CoreLabs Research, 2011.11.08)$B!#(BCVE-2011-2447 $B$N7o!#(B

$B"#(B $BF02h!'(BiOS $B$KHs=pL>%3!<%I$rF0$+$9@H(B
(engadget, 2011.11.08)

$B!!(BiOS $B$K7g4Y!#=pL>:Q$_%"%W%j$+$iL$=pL>$N%3!<%I$r%@%&%s%m!<%I$7

$BCmL\$9$Y$-$O!"0l8+L532$G$"$j$D$D1#$l$?5!G=$r;}$D%"%W%j$r(BApp Store $B$N?3::$KDL$7$?$3$H(B($B$@$1(B) $B$G$O$J$/!"K\Mh$O%5%s%I%\%C%/%9e$2$k$?$a%a%b%j>e$N07$$$rJQ99$7$?$3$H$K860x$,$"$k$H$N$3$H!#$3$NItJ,$r30It%"%W%j$+$iFM$/$3$H$G%7%9%F%`$X$N9-HO$J%"%/%;%9$r2DG=$K$7$?$H2r@b$5$l$F$$$^$9!#(B

2011.11.11 $BDI5-(B:

$B!!(BiOS 5.0.1 $B$G=$@5$5$l$?$N$+$J!#(BAbout the security content of iOS 5.0.1 Software Update (Apple, 2011.11.10)

Kernel

Available for: iOS 3.0 through 5.0 for iPhone 3GS, iPhone 4 and iPhone 4S, iOS 3.1 through 5.0 for iPod touch (3rd generation) and later, iOS 3.2 through 5.0 for iPad, iOS 4.3 through 5.0 for iPad 2

Impact: An application may execute unsigned code

Description: A logic error existed in the mmap system call's checking of valid flag combinations. This issue may lead to a bypass of codesigning checks. This issue does not affect devices running iOS prior to version 4.3.

CVE-ID

CVE-2011-3442 : Charlie Miller of Accuvant Labs

$B"#(B 2011.11.09

$B"#(B Firefox 8.0 / 3.6.24$B!"(BThunderbird 8.0 / 3.1.16 $BEP>l(B
(mozilla.jp, 2011.11.09)

$B!!=P$^$7$?!#J#?t$N%;%-%e%j%F%#7g4Y$b=$@5$5$l$F$$$^$9!#(B

$B!!4XO"(B:

2011.11.24 $BDI5-(B:

$B!!(BWeb$B%V%i%&%6$d%a!<%k5!G=$r;}$DE}9g%$%s%?!<%M%C%H%9%$!<%H(BSeaMonkey 2.5$B%j%j!<%9!"(BWeb$B%V%i%&%65!G=$,(BFirefox 8$BAjEv$K(B (sourceforge.jp, 2011.11.24)

2011.11.25 $BDI5-(B:

$B!!(BFirefox 8.0.1 $B$,EP>l$7$F$$$^$9!#(B$B%j%j!<%9%N!<%H(B$B!#(Biida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

  • Mac OS X $B$K!V(BJava SE 6$B!W%W%i%0%$%s$N%P!<%8%g%s(B 1.6.0_29 $B$,%$%s%9%H!<%k$5$l$F$$$k4D6-$G!"(BJava $B%"%W%l%C%HFI$_9~$_;~$KFCDj$N%1!<%9$GH/@8$7$F$$$?%/%i%C%7%e$r=$@5$7$^$7$?!#(B

  • Windows $B$G!"!V(BRoboForm$B!W3HD%5!G=$N(B 7.6.2 $B$h$j8E$$%P!<%8%g%s$K$h$C$F0z$-5/$3$5$l$F$$$?5/F0;~$N%/%i%C%7%e$r=$@5$7$^$7$?!#(B

$B"#(B $BDI5-(B

Microsoft 2011 $BG/(B 6 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(B2011.11.09 $BIU$G!"(BMS11-037 - $B=EMW(B: MHTML $B$N@HpJsO3$($$$,5/$3$k(B (2544893) $B$N!"(BWindows XP / Server 2003 $B8~$1$N99?7%W%m%0%i%`$,:F%j%j!<%9$5$l$F$$$k!#(B $B0JA0$N%P!<%8%g%s$r%$%s%9%H!<%k:Q$N>l9g$b!"?7$7$$99?7%W%m%0%i%`$r%$%s%9%H!<%k$9$kI,MW$,$"$k!#(B

Oracle Java SE Critical Patch Update Advisory - October 2011

$B!!(BJava SE 6 Update 29 $B$KBP1~$9$k(B Mac OS X $BMQ(B Java $B$,8x3+$5$l$^$7$?(B: About the security content of Java for Mac OS X 10.7 Update 1 and Java for Mac OS X 10.6 Update 6 (Apple, 2011.11.08)

$B"#(B Microsoft 2011 $BG/(B 11 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2011.11.09)

$B!!M=Dj$I$*$j(B 4 $B7o!#(BDuqu $B$K0-MQ$5$l$?7g4Y(B (SA 2639658: TrueType $B%U%)%s%H2r@O$N@H:3J$5$l$k(B) $B$N(B patch $B$O!"$^$@$G$-$F$^$;$s!#(B

MS11-083 - $B6[5^(B: TCP/IP $B$N@H

$B!!(BWindows Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(B

$B!!!!!!!!!!!!!!!!(B ,. -$B!>(B'''''""$B!/!/!/!3(B
$B!!!!!!!!(B $B!!(B $B!!(B (.$B!2!2(B_,,,... -(I'$B%!(IL(B|$B!!!!!!!!!!!!!!!!!!!!$"!D$"$j$N$^$^(B $B:#!!5/$3$C$?;v$rOC$9$ $B!!(B $B!!(B $B!!(B $B!!(B $B!!(B |i i|$B!!(B $B!!(B }!$B!!(B}} /$B!?(B|
$B!!!!!!!!(B $B!!(B $B!!(B |l(I$(B{$B!!(B $B!!(Bj}$B!!(B/,,(I((B//$B!C!!!!!!!!!!!!!!!XJD$8$F$$$?%]!<%H$K(B UDP $B%Q%1%C%H$rAw$i$l$?$H(B
$B!!!!!!!!!!!!!!(B i|:!$B!4(I$(B_(II$B!?(B u {:}//(IM$B!!!!!!!!!!!!!!!!;W$C$?$i$$$D$N$^$K$+%3!<%I$, $B!!!!!!!!!!!!!!(B |(IX(B u' }$B!!(B ,(II$B!!(B_,!V,(IJ(B |
$B!!!!(B $B!!(B $B!!(B $B!?!-(Bf$B%H(I$(B_{(IY(B{,$B%#(B'$B#e(IW$B!!(B, (I@$B?M!!!!!!!!!!!!!!!!$J!D!!2?$r8@$C$F$k$N$+!!$o$+$i$M!<$H;W$&$,(B
$B!!!!!!!!(B /' $B!!(B $B!4(B|$BU_(B| {$B!-(B,)$B"^(B`/ |<$B!3(ID(Bi$B!5!!!!!!!!!!!!!!!!$*$l$b2?$r$5$l$?$N$+$o$+$i$J$+$C$?!D(B
$B!!!!!!!!(B,(I^$B!!(B $B!?(B )$B!3(B iL(IZ(B $B!!(Bu' |$B!!(B| $B!4#l(IDJ$B!S(B
$B!!!!(B $B!!(B |$B!?(B_$B!?!!(B (IJ(B !$B%K"=!!(B'$B!?(B:} $B!!(BV:::::$B!3!!!!!!!!!!!!!!!!F,$,$I$&$K$+$J$j$=$&$@$C$?!D(B
$B!!!!!!(B /$B!?(B $BFsFsFs(B7'T'' $B!?(Bu'$B!!(B__ /:::::::/$B!.!3(B
$B!!!!!!(B/'$B!-(Br$B!!(B-$B!=!=(I'$B!>(I^$B#T!-!!(B'"$B!-(B $B!?(B::::$B!?(B-$B!>(B $B!!!@!!!!!!!!%^%k%&%'%"$@$H$+%U%#%C%7%s%0$@$H$+(B
$B!!!!(B / // $B!!(B $BVx!/!-(B $B!!(B/'$B!!!!(B $B!?(B:::::$B!?!-!1!.!3(B $B"^!3!!!!!!!!$=$s$J%A%c%A$J$b$s$8$c$"!!CG$8$F$M$((B
$B!!!!(II(B ' /$B!!(B $B%N(B:::::`$B!<(B-(I$(B___$B!?(B:::::$B!?(B/ $B!!(B $B!!(B $B!!(B $B!3!!!!(B}
_$B!?!.P&!!(B/::::::::::::::::::::::::::$B!1(B`$B!<(B-{:::...$B!!!!!!(B $B!!!!!!(I2$B!!(B $B$b$C$H62$m$7$$$b$N$NJRNZ$rL#$o$C$?$

$B!!(BWindows $B$N(B TCP/IP $B%9%?%C%/$O(B UDP $B%Q%1%C%H$N%U%m!<$r%a%b%j>e$K5-O?$9$k$N$@$,!"$=$N=hM}$K$*$$$F@0?t%*!<%P!<%U%m!<$,H/@8$9$k$?$a!"0lO"$N96N,(B UDP $B%Q%1%C%H$rJD$8$i$l$?%]!<%H$KAw$k$HG$0U$N%3!<%I$rCVE-2011-2013

$B!!(B$?$@$7 Exploitability Index $B$O(B 2 $B$J$N$G!"0BDjE*$K@.8y$5$;$k$N$OFq$7$$$H$$$&$3$H$+!#(B

$B!!>\:Y(B: Assessing the exploitability of MS11-083 (Microsoft Security Research & Defense, 2011.11.08)$B!#(B $B$3$No$O6-3&%U%#%k%?$GMn$H$5$l$F$k$@$m$&$7!"(B $B96N,$N$?$a$N%?%$%_%s%0$,C;$/$F!"$7$+$bBgNL$N(B UDP $B%Q%1%C%H$,I,MW$J$N$G(B Exploitability Index $B$O(B 2$B!"$G$9$+!#(BLAN $B7PM3$G$N

MS11-084 - $B7Y9p(B: Windows $B%+!<%M%k%b!<%I(B $B%I%i%$%P!<$N@H

$B!!(BWindows 7 / Server 2008 R2 $B$K7g4Y!#(BWindows $B%+!<%M%k%b!<%I%I%i%$%P!<$K$*$1$k(B TrueType $B%U%)%s%H$N=hM}$K7g4Y$,$"$j!"96N,(B TrueType $B%U%)%s%H$K$h$C$F(B PC $B$,:F5/F0$9$k!#(B CVE-2011-2004

$B!!(BExploitability Index: N/A

MS11-085 - $B=EMW(B: Windows $B%a!<%k$*$h$S(B Windows $B%_!<%F%#%s%0(B $B%9%Z!<%9$N@H

$B!!(BWindows Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(BWindows $B%a!<%k$H(B Windows $B%_!<%F%#%s%0%9%Z!<%9$K!"(BDLL $BFI$_9~$_$K4X$9$k@H$B$,$"$k!#(B CVE-2011-2016

$B!!(BExploitability Index: 1

MS11-086 - $B=EMW(B: Active Directory $B$N@H:3J$5$l$k(B (2630837)

$B!!(BWindows XP / Server 2003 / Vista / Server 2008 / 7 / Server 2008 R2 $B$K7g4Y!#(BActive Directory$B!"(BActive Directory Application Mode (ADAM)$B!"(BActive Directory Lightweight Directory Service (AD LDS) $B$K7g4Y$,$"$j!"(BActive Directory $B$,(B LDAPS $B$r;H$&>l9g$K!"<:8z$7$?>ZL@=q$G$"$C$F$b$=$N$^$^MxMQ$G$-$F$7$^$&!#(B

$B!!(BExploitability Index: 1

$B!!4XO"(B:

$B"#(B 2011.11.08

$B"#(B Juniper$B$N(BBGP$B$KLdBj$,$"$j!"9-HO0O$K%M%C%H%o!<%/$,%@%&%s(B
(yebo blog, 2011.11.08)

$B!!(BJuniper $B$N%k!<%?$,3FCO$G%@%&%s!#(BBGP UPDATE $B$N=hM}$K7g4Y$,$"$j!"(B$B99?7HG(B JunOS $B$,(B 2011.08.08 $BIU$GMQ0U$5$l$F$$$?$,!"L$99?7$@$C$?>l9g$K(B crash $B$7$F$7$^$C$?LOMM!#(B

The trigger for the MPC crash was determined to be a valid BGP UPDATE received from a registered network service provider, although this one UPDATE was determined to not be solely responsible for the crashes. A complex sequence of preconditions is required to trigger this crash. Both IPv4 and IPv6 routing prefix updates can trigger this MPC crash.

$B!!$=$N!V(Ba complex sequence$B!W$,

$B"#(B 2011.11.07

$B"#(B $B$$$m$$$m(B (2011.11.07)
(various)

$B"#(B $BDI5-(B

$B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B

$B!!(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (2639658) TrueType $B%U%)%s%H2r@O$N@H:3J$5$l$k(B $B$,2~D{$5$l$^$7$?!#(B

V1.2 (2011/11/07): $B!V(BT2EMBED.DLL $B$N%"%/%;%9$r5qH]$9$k!W$N2sHr:v$r99?7$7!"1Q8lHG0J30$N(BWindows Vista$B!"(BWindows Server 2008$B!"(BWindows 7 $B$*$h$S(B Windows Server 2008 R2 $B$G$N%5%]!<%H$,8~>e$5$l$^$7$?!#1Q8lHG0J30$N(B Microsoft Windows $B$r$4MxMQ$N$*5RMM$O!"$3$l$i$N4D6-$N2~Dj$5$l$?2sHr:v$NE,MQ@-$r:FI>2A$9$kI,MW$,$"$j$^$9!#(B

$B$$$m$$$m(B (2011.10.13)

$B!!(BDAEMON Tools $B$N7o(B: [FFRRA-20111020] DAEMON Tools B$K$*$1$k%5!<%S%91?MQK832 (DoS) $B$N@H (FFR, 2011.10.20)$B!#(BCVE-2011-3987

$B"#(B 2011.11.05

$B"#(B 2011.11.04

$B"#(B $B$$$m$$$m(B (2011.11.04)
(various)

$B"#(B SSL$BG'>Z6ILdBj$,:F$SH/3P!"(BMicrosoft$B$H(BMozilla$B$,BP1~I=L@(B
(ITmedia, 2011.11.04)

$B!!(BMicrosoft $B$H(B Mozilla $B$O!"(B Entrust $B$+$iDs6!$5$l$?>pJs$K4p$E$-!"(B DigiCert Sdn. Bhd $B$NCf4VG'>Z6I$r?.Mj$7$J$$$3$H$r7hDj!#(B

2011.11.11 $BDI5-(B:

$B!!(BDigiCert Sdn. Bhd $B$N7o!"(BMicrosoft $B$+$i%"%I%P%$%6%j$H99?7%W%m%0%i%`=P$^$7$?(B:

$B!!$^$?(B Firefox 8 / 3.6.24 $B$O(B 2011.11.09 $B$K%j%j!<%9:Q(B$B$G$9!#(B

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2011 $BG/(B 11 $B7n(B
(Microsoft, 2011.11.04)

$B!!(B4 $B7o!#6[5^(B x 1$B!"=EMW(B x 2$B!"7Y9p(B x 1$B!#(BWindows $B$N$_!#(B

$B"#(B $BDI5-(B

Zero Day Vulnerability in many WordPress Themes

$B!!$^$?$7$F$b!"(BTimThumb $B$N7g4Y$rMxMQ$7$?(B WordPress $B$X$NBg5,LO967b$,9T$o$l$F$$$k$=$&$G(B: Thousands of WordPress blogs hijacked to deploy malicious code (H Online, 2011.11.03)$B!#(B

$B!!$3$N7g4Y$O!":G?7HG$G$"$k(B TimThumb 2.0 $B$G$O=$@5$5$l$F$$$^$9!#(B

$B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B

$B!!(BMicrosoft $B$+$i(B Advisory $B=P$^$7$?!#(B

$B!!$=$NB>!"(Bduqu $B4XO"(B:

  • Zero-Day Exploit Used for DUQU (trendmicro blog, 2011.11.02)

  • Duqu$B!W967b$N%$%s%9%H!<%i$rH/8+(B ($B%(%U%;%-%e%"%V%m%0(B, 2011.11.02)

    $B!!0J2<$N$h$&$K9M$($k$HNI$$!'!V(BDuqu$B967b!W$O!V(BStuxnet$B967b!W$G;HMQ$5$l$?$N$HF1$8!V%3%s%]!<%M%s%H!W$,;HMQ$5$l$F$$$k!#$7$+$7$=$l$O967b$,F1$8$H$$$&0UL#$G$O$J$$!# $B!!/!9N`$$$^$l$J$[$I$KIaDL$NI8E*7?967b$@!#$D$^$j!"I8E*7?967b$No$K0lHLE*!JE:IU%U%!%$%kIU$-$NEE;R%a!<%k!K$@$,!"967b$K;HMQ$5$l$k%D!<%k$OHs>o$K9bEY$J$b$N!JE:IU=qN`$K$9$4$$%(%/%9%W%m%$%H!D!K$J$N$@!#(B

  • Duqu: Questions and Answers (F-Secure blog, 2011.11.03)$B!#6=L#?<$$!#(B $BF|K\8lHG(B: Duqu$B!' ($B%(%U%;%-%e%"%V%m%0(B, 2011.11.04)

  • The Mystery of Duqu: Part Three (Kaspersky, 2011.11.02)

    We discovered a similar vulnerability (see MS10-073) a year ago when analyzing the Stuxnet worm. Another interesting problem in win32k.sys (MS11-077) was fixed by Microsoft on 11 October this year - a code execution vulnerability than can be exploited through font files.

    Microsoft said it was working on the vulnerability used by Duqu, although it looks like a patch won't be available in November's updates.

$B"#(B 2011.11.03

$B"#(B $BDI5-(B

Advisory: Range header DoS vulnerability Apache HTTPD 1.3/2.x (CVE-2011-3192)

$B!!(BePolicy Orchestrator: CVE-2011-3192 $B$K$FJs9p$5$l$?(B Apache HTTP Server $B$N@H ($B%^%+%U%#!<(B, 2011.11.02)$B!#(BePO 4.0 / 4.5 / 4.6 $B$G;H$o$l$F$k(B Apache $B$K$b$3$N7g4Y$,$"$j$^$9!"(Bhotfix $B$"$k$N$GE,MQ$7$F$/$@$5$$!#$"$H(B ePO 4.0 $B$O(B 2011.09.30 $B$G%5%]!<%H=*N;$7$F$^$9!#(B

$B"#(B 2011.11.02

$B"#(B $B$$$m$$$m(B (2011.11.02)
(various)

$B"#(B $B%^%k%&%'%"!V(BDuqu$B!W$N%I%m%C%Q!<$O(B Windows $B%+!<%M%k$N(B 0-day $B7g4Y$rMxMQ$7$F$$$?$3$H$,H=L@(B
(various, 2011.11.02)

$B!!(BWord $B%U%!%$%k$r3+$/$H(B Windows $B%+!<%M%k$N7g4Y$rFM$+$l$F%7%'%k%3!<%I$,

$B!!(Bpatch $B$O3+H/Cf!#(B

2011.11.04 $BDI5-(B:

$B!!(BMicrosoft $B$+$i(B Advisory $B=P$^$7$?!#(B

$B!!$=$NB>!"(Bduqu $B4XO"(B:

2011.11.07 $BDI5-(B:

$B!!(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (2639658) TrueType $B%U%)%s%H2r@O$N@H:3J$5$l$k(B $B$,2~D{$5$l$^$7$?!#(B

V1.2 (2011/11/07): $B!V(BT2EMBED.DLL $B$N%"%/%;%9$r5qH]$9$k!W$N2sHr:v$r99?7$7!"1Q8lHG0J30$N(BWindows Vista$B!"(BWindows Server 2008$B!"(BWindows 7 $B$*$h$S(B Windows Server 2008 R2 $B$G$N%5%]!<%H$,8~>e$5$l$^$7$?!#1Q8lHG0J30$N(B Microsoft Windows $B$r$4MxMQ$N$*5RMM$O!"$3$l$i$N4D6-$N2~Dj$5$l$?2sHr:v$NE,MQ@-$r:FI>2A$9$kI,MW$,$"$j$^$9!#(B

2011.11.11 $BDI5-(B:

$B!!(BKB 2639658 $B1Q8lHG(B $B$,(B revision 1.3 $B$K$J$C$F$$$k!#(B $B$3$s$JJ88@$,DI2C$5$l$F$$$k(B:

After you apply this workaround on a system that is running Windows XP or Windows Server 2003, you may be reoffered security updates 982132 and 972270. You will be unable to install these reoffered updates. The reoffering is a detection logic issue. Users who have previously applied both security updates successfully can ignore the reoffer.

$B!!(BWindows XP / Server 2003 $B$K2sHr:v$ruBV$G$O!"$3$l$i$O%$%s%9%H!<%k$G$-$J$$!#99?7%W%m%0%i%`$N8!=P%m%8%C%/$NLdBj$G$"$j!"4{$K99?7%W%m%0%i%`$rE,MQ:Q$G$"$k$J$iL5;k$7$F$h$$!#!D!D$@$=$&$G$9!#(B

$B!!(Bcadz $B$5$s!"@PDM$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2011.11.14 $BDI5-(B:

$B!!J#?t$N(B Duqu $BH/8+%D!<%k$,8x3+$5$l$F$^$9!#(B

2011.11.18 $BDI5-(B:

$B!!4XO"(B:

$B"#(B 2011.11.01

$B"#(B $B$$$m$$$m(B (2011.11.01)
(various)

$B2a5n$N5-;v(B: 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]