==============================================================

マカフィー サポート通信 - リスク管理ソリューション 2010.06.24
==============================================================

平素McAfee Vulnerability Managerをご愛用いただきありがとうございます。
本メールはMcAfee Vulnerability Manager製品のサポートをご購入のお客様
に配信しております。

○-======  今週のマカフィー Vulnerability Manager (目次)  =======-○
1) FSL UPDATE
2) OSパッチアップデート
3) McAfee Vulnerability Manager新バージョンソフトウェアv6.8のリリースについて
4) McAfee Vulnerability Manager 3000 Appliance (MVM3000)提供開始のお知らせ
5) McAfee Vulnerability Manager v6.5 のサポート終了について
6) 「サポート通信」登録方法変更のお知らせ

※) マカフィーからのサービス
○-===================================================-○

-------------------------------------------------------
1) FSL UPDATE
-------------------------------------------------------
マカフィーは以下のVulnerability Manager製品のアップデートを提供しています。
最新更新日: 2010-JUN-23 (日本時間)

(SUMMARY)
新しいチェック項目:  100
改善されたチェック項目:  37
削除されたチェック項目:   6

 追加・改善されたシグネチャ項目等の詳細は以下の製品ダウンロード
 ページから「McAfee Foundstone Update」の最新版を入手してください。

 http://www.mcafee.com/japan/licensed2/

-----VULNERABILITY CHECKS ----------------------------------------

新しいチェック項目:

  * FID #12260 Symantec Mail Security KeyView File Processing Vulnerabilities
    Risk: High
  * FID #12264 Oracle Web Server Expect Header Cross Site Scripting Remote Code Execution
    Risk: High
  * FID #12267 (APSB11-14) Adobe ColdFusion Remote Denial of Service
    Risk: High
  * FID #12268 (HPSBUX02657) HP-UX CIFS Server Multiple Vulnerabilities
    Risk: High
  * FID #12269 Cisco Network Registrar Credentials Security Bypass
    Risk: High
  * FID #12270 Google Chrome Flash Player Memory Corruption Remote Code Execution
    Risk: High
  * FID #12272 Sunway PNetPower SCADA Remote Code Execution
    Risk: High
  * FID #41677 Red Hat Enterprise Linux RHSA-2011-0857 Update Is Not Installed
    Risk: High
  * FID #41678 Red Hat Enterprise Linux RHSA-2011-0856 Update Is Not Installed
    Risk: High
  * FID #43011 HP-UX 11.X PHCO_42123 Update Is Not Installed
    Risk: High
  * FID #50265 Ubuntu Linux 8.04 LTS USN-1146-1 Update Is Not Installed
    Risk: High
  * FID #81697 Fedora Linux 13 FEDORA-2011-0650 Update Is Not Installed
    Risk: High
  * FID #81698 Fedora Linux 14 FEDORA-2011-7551 Update Is Not Installed
    Risk: High
  * FID #81706 Fedora Linux 13 FEDORA-2011-7397 Update Is Not Installed
    Risk: High
  * FID #81714 Fedora Linux 14 FEDORA-2011-8003 Update Is Not Installed
    Risk: High
  * FID #85139 CentOS 5 CESA-2011-0857 Update Is Not Installed
    Risk: High
  * FID #90775 Oracle Enterprise Linux ELSA-2011-0857 Update Is Not Installed
    Risk: High
  * FID #90777 Oracle Enterprise Linux ELSA-2011-0856 Update Is Not Installed
    Risk: High
  * FID #94593 SuSE SLES 10 kernel-7538 Update Is Not Installed
    Risk: High
  * FID #94603 SuSE SLES 10 kernel-7539 Update Is Not Installed
    Risk: High
  * FID #94610 SuSE SLES 10 kernel-7537 Update Is Not Installed
    Risk: High
  * FID #12189 VMware Host Guest File System (HGFS) Mount.vmhgfs Information Disclosure
    Risk: Medium
  * FID #12190 VMware Host Guest File System (HGFS) Mount.vmhgfs Race Condition Privilege Escalation
    Risk: Medium
  * FID #12191 VMware Host Guest File System (HGFS) Mount.vmhgfs User Suid Wrapper Privilege Escalation
    Risk: Medium
  * FID #12192 VMware Service Kernel Memory Management Remote Code Execution
    Risk: Medium
  * FID #12193 VMware Service Console Kernel SCSI Driver Denial Of Service
    Risk: Medium
  * FID #12194 VMware Service Console kernel IPv4 Remote Denial Of Service
    Risk: Medium
  * FID #12195 VMware Vmkernel Third Party e1000 Driver Packet Filter Security Bypass
    Risk: Medium
  * FID #12197 VMware Workstation Host Guest File System (HGFS) Mount.vmhgfs Race Condition Privilege Escalation
    Risk: Medium
  * FID #12198 VMware Workstation Host Guest File System (HGFS) Mount.vmhgfs User Suid Wrapper Privilege Escalation
    Risk: Medium
  * FID #12199 VMware Workstation Host Guest File System (HGFS) Mount.vmhgfs Information Disclosure
    Risk: Medium
  * FID #12200 VMware Workstation Host Guest File System (HGFS) Mount.vmhgfs Race Condition Privilege Escalation
    Risk: Medium
  * FID #12201 VMware Workstation Host Guest File System (HGFS) Mount.vmhgfs User Suid Wrapper Privilege Escalation
    Risk: Medium
  * FID #12202 VMware Workstation Host Guest File System (HGFS) Mount.vmhgfs Information Disclosure
    Risk: Medium
  * FID #12224 Google Chrome Multiple Vulnerabilities Prior To 12.0.742.91
    Risk: Medium
  * FID #12255 OpenSSH Legacy Certificate Signing Information Disclosure
    Risk: Medium
  * FID #12265 FCKeditor.NET Arbitrary File Upload Vulnerability
    Risk: Medium
  * FID #12266 (APSB11-14) Adobe ColdFusion CSRF Security Bypass
    Risk: Medium
  * FID #12271 EMC NetWorker RPC Library Packet Spoofing Security Bypass
    Risk: Medium
  * FID #12273 IBM WebSphere Application Server Cross Site Request Forgery
    Risk: Medium
  * FID #41679 Red Hat Enterprise Linux RHSA-2011-0862 Update Is Not Installed
    Risk: Medium
  * FID #41680 Red Hat Enterprise Linux RHSA-2011-0861 Update Is Not Installed
    Risk: Medium
  * FID #41681 Red Hat Enterprise Linux RHSA-2011-0859 Update Is Not Installed
    Risk: Medium
  * FID #41682 Red Hat Enterprise Linux RHSA-2011-0858 Update Is Not Installed
    Risk: Medium
  * FID #58151 Debian Linux 5.0, 6.0 DSA-2259-1 Update Is Not Installed
    Risk: Medium
  * FID #85140 CentOS 5 CESA-2011-0859 Update Is Not Installed
    Risk: Medium
  * FID #85141 CentOS 5 CESA-2011-0862 Update Is Not Installed
    Risk: Medium
  * FID #90772 Oracle Enterprise Linux ELSA-2011-0861 Update Is Not Installed
    Risk: Medium
  * FID #90773 Oracle Enterprise Linux ELSA-2011-0859 Update Is Not Installed
    Risk: Medium
  * FID #90774 Oracle Enterprise Linux ELSA-2011-0862 Update Is Not Installed
    Risk: Medium
  * FID #90776 Oracle Enterprise Linux ELSA-2011-0858 Update Is Not Installed
    Risk: Medium
  * FID #92773 Mandriva Linux 2009.0, 2010.1 MDVSA-2011-108 Update Is Not Installed
    Risk: Medium
  * FID #32819 Sun Solaris 140388-02 Update Is Not Installed
    Risk: Low
  * FID #32820 Sun Solaris 140387-02 Update Is Not Installed
    Risk: Low
  * FID #43010 HP-UX 11.X PHCO_42236 Update Is Not Installed
    Risk: Low
  * FID #50266 Ubuntu Linux 10.04, 10.10, 11.04 USN-1148-1 Update Is Not Installed
    Risk: Low
  * FID #50267 Ubuntu Linux 10.04, 10.10, 11.04 USN-1145-1 Update Is Not Installed
    Risk: Low
  * FID #50268 Ubuntu Linux 10.04, 10.10, 11.04 USN-1147-1 Update Is Not Installed
    Risk: Low
  * FID #55110 Top Weekly Malware Env - FakeAlert-PackWin
(pack_windows106d_2328.exe)
    Risk: Low
  * FID #58150 Debian Linux 6.0 DSA-2256-1 Update Is Not Installed
    Risk: Low
  * FID #58152 Debian Linux 6.0 DSA-2257-1 Update Is Not Installed
    Risk: Low
  * FID #58153 Debian Linux 5.0, 6.0 DSA-2258-1 Update Is Not Installed
    Risk: Low
  * FID #81695 Fedora Linux 13 FEDORA-2011-4879 Update Is Not Installed
    Risk: Low
  * FID #81696 Fedora Linux 14 FEDORA-2011-7697 Update Is Not Installed
    Risk: Low
  * FID #81699 Fedora Linux 15 FEDORA-2011-7919 Update Is Not Installed
    Risk: Low
  * FID #81700 Fedora Linux 14 FEDORA-2011-7602 Update Is Not Installed
    Risk: Low
  * FID #81701 Fedora Linux 15 FEDORA-2011-7801 Update Is Not Installed
    Risk: Low
  * FID #81702 Fedora Linux 13 FEDORA-2011-7703 Update Is Not Installed
    Risk: Low
  * FID #81703 Fedora Linux 14 FEDORA-2011-7751 Update Is Not Installed
    Risk: Low
  * FID #81704 Fedora Linux 15 FEDORA-2011-7739 Update Is Not Installed
    Risk: Low
  * FID #81705 Fedora Linux 15 FEDORA-2011-7821 Update Is Not Installed
    Risk: Low
  * FID #81707 Fedora Linux 13 FEDORA-2011-7694 Update Is Not Installed
    Risk: Low
  * FID #81708 Fedora Linux 13 FEDORA-2011-7621 Update Is Not Installed
    Risk: Low
  * FID #81709 Fedora Linux 13 FEDORA-2011-7612 Update Is Not Installed
    Risk: Low
  * FID #81710 Fedora Linux 14 FEDORA-2011-7702 Update Is Not Installed
    Risk: Low
  * FID #81711 Fedora Linux 13 FEDORA-2011-7193 Update Is Not Installed
    Risk: Low
  * FID #81712 Fedora Linux 14 FEDORA-2011-7217 Update Is Not Installed
    Risk: Low
  * FID #81713 Fedora Linux 15 FEDORA-2011-7867 Update Is Not Installed
    Risk: Low
  * FID #83578 FreeBSD linux-flashplugin Cross-site Scripting Vulnerability
(57573136-920e-11e0-bdc9-001b2134ef46)
    Risk: Low
  * FID #92774 Mandriva Linux 2009.0, 2010.1 MDVSA-2011-109 Update Is Not Installed
    Risk: Low
  * FID #94592 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 yast2-network-4681 Update Is Not Installed
    Risk: Low
  * FID #94594 SuSE SLES 11, 11 SP1 libpapi-4468 Update Is Not Installed
    Risk: Low
  * FID #94595 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 vino-4575 Update Is Not Installed
    Risk: Low
  * FID #94596 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 perl-Bootloader-4695 Update Is Not Installed
    Risk: Low
  * FID #94597 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 dhcp-4413 Update Is Not Installed
    Risk: Low
  * FID #94598 SuSE SLED 11 SP1 java-1_6_0-sun-4698 Update Is Not Installed
    Risk: Low
  * FID #94599 SuSE SLES 10 SP4, SLED 10 SP4 apparmor-profiles-7522 Update Is Not Installed
    Risk: Low
  * FID #94600 SuSE SLES 10 SP3 sysconfig-7562 Update Is Not Installed
    Risk: Low
  * FID #94601 SuSE SLES 10 SP3 openssl-7552 Update Is Not Installed
    Risk: Low
  * FID #94602 SuSE SLES 10 SP3 apparmor-profiles-7520 Update Is Not Installed
    Risk: Low
  * FID #94604 SuSE SLED 10 SP4 flash-player-7559 Update Is Not Installed
    Risk: Low
  * FID #94605 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1
xorg-x11-driver-input-sax2-4596 Update Is Not Installed
    Risk: Low
  * FID #94606 SuSE SLES 11, 11 SP1 iotop-4686 Update Is Not Installed
    Risk: Low
  * FID #94607 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 libopenssl-devel-4662 Update Is Not Installed
    Risk: Low
  * FID #94608 SuSE SLES 10 SP4, SLED 10 SP4 openssl-7550 Update Is Not Installed
    Risk: Low
  * FID #94609 SuSE SLED 10 SP4 java-1_6_0-sun-7569 Update Is Not Installed
    Risk: Low
  * FID #94611 SuSE SLED 11 SP1 flash-player-4666 Update Is Not Installed
    Risk: Low
  * FID #94612 SuSE SLES 10 SP4, SLED 10 SP4 vino-7531 Update Is Not Installed
    Risk: Low
  * FID #94613 SuSE SLES 10 SP3 vino-7532 Update Is Not Installed
    Risk: Low
  * FID #94614 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1
MIME-Convert-BinHex-4426 Update Is Not Installed
    Risk: Low

改善されたチェック項目:

  * FID #6459 Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution (968272)
    Recommendation is updated
  * FID #6595 (MS09-009) Microsoft Office Excel Memory Corruption Vulnerability (968557)
    Recommendation is updated
  * FID #7416 (MS09-009) Vulnerabilities In Microsoft Office Excel Could Cause Remote Code Execution (968557)
    Recommendation is updated
  * FID #12027 (APSB11-12) Adobe Flash Player Multiple Vulnerabilities
    FASLScript is updated
  * FID #12174 Wireshark Multiple Denial of Service (CVE-2011-1956)
    Risk is updated
  * FID #12176 Wireshark Multiple Denial of Service (CVE-2011-1957)
    Recommendation is updated
    Risk is updated
  * FID #12177 Wireshark Multiple Denial of Service (CVE-2011-1958)
    Recommendation is updated
    Risk is updated
  * FID #12178 Wireshark Multiple Denial of Service (CVE-2011-1959)
    Risk is updated
  * FID #12179 Wireshark Multiple Denial of Service (CVE-2011-2175)
    Recommendation is updated
    Risk is updated
  * FID #12180 Wireshark Multiple Denial of Service (CVE-2011-2174)
    Recommendation is updated
    Risk is updated
  * FID #30010 Sun Solaris 119757-20 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #30795 Sun Solaris 119758-20 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #31569 Sun Solaris 125720-50 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32194 Sun Solaris 126206-07 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32195 Sun Solaris 126207-07 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32346 Sun Solaris 140455-02 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32364 Sun Solaris 140456-02 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #90765 Oracle Enterprise Linux ELSA-2011-0843 Update Is Not Installed
    FASLScript is updated
  * FID #2326 DNS Zone Transfer
    Description is updated
    Recommendation is updated
    FASLScript is updated
  * FID #31558 Sun Solaris 119783-18 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #31564 Sun Solaris 119784-18 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #32170 Sun Solaris 137000-08 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32171 Sun Solaris 137004-09 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32177 Sun Solaris 137001-08 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32178 Sun Solaris 137005-09 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32453 Sun Solaris 138823-08 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32457 Sun Solaris 138822-08 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32464 Sun Solaris 138827-08 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32465 Sun Solaris 138826-08 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32467 Sun Solaris 138825-08 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32468 Sun Solaris 138824-08 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32659 Sun Solaris 143323-05 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #85133 CentOS 5 CESA-2011-0844 Update Is Not Installed
    FASLScript is updated
  * FID #90762 Oracle Enterprise Linux ELSA-2011-0844 Update Is Not Installed
    FASLScript is updated
  * FID #11722 Citrix MetaFrame Client Specified Published Applications Enumeration Information Disclosure Vulnerability
    Risk is updated
  * FID #32161 Sun Solaris 136998-10 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32164 Sun Solaris 136999-10 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated

削除されたチェック項目:

  * FID #11917 Oracle Warehouse Builder Remote Code Execution I
  * FID #11918 Oracle Warehouse Builder Remote Code Execution II
  * FID #32777 Sun Solaris 146363-01 Update Is Not Installed
  * FID #32778 Sun Solaris 146364-01 Update Is Not Installed
  * FID #42952 HP-UX 11.X PHCO_41297 Update Is Not Installed
  * FID #42978 HP-UX 11.X PHCO_41813 Update Is Not Installed

-------------------------------------------------------
2) アプライアンス OSパッチアップデート
-------------------------------------------------------
 期間: 2010/06/17 ~ 2010/06/24 (日本時間)

今回のアップデートはありません。


-------------------------------------------------------
3) McAfee Vulnerability Manager新バージョンソフトウェアv6.8のリリースについて
-------------------------------------------------------

■対象製品
McAfee Vulnerability Manager(旧名称:Foundstone) 6.8

■リリース日(RTW)
2010年1月18日(Webダウンロード)

■新機能概要
○インストール手順の改善
すべてのコンポーネントを1サーバ上にインストールする場合は「Standard installation」を、
分散した複数のサーバー上にインストールする場合には「Advanced installation」を選択可能。

○Javaアプレットの削除
Foundstone Enterprise Managerより、Javaアプレットが削除されました。これにより、
システム上にFoundstone Enterprise Managerを使用するJavaの最新アップデートをインストールしておく
必要がなくなりました。

○スキャンされたホストの情報保持
スキャン設定を作成する場合に、脆弱性のあり/なし/不明といったスキャン対象ホストのすべての情報を
保存することが可能。本設定は「scan configuration」ウインドウより可能です。

○政府機関向け機能の追加
本バージョンは、以下の認証を取得済みです。
・SCAP/FDCC certification
・FIPS-140 compliant encryption
・NIAP Common Criteria certification

■ローカライゼーションレベル
英語版でのご提供となります。ダウンロードサイトよりパッチを入手いただくことにより、
日本語でのレポート出力が可能です。

■本リリースに伴いサポート終了となる旧バージョン
ありません。なお、旧バージョン6.5は、2010年6月30日にサポート終了を予定しております。


-------------------------------------------------------
4) McAfee Vulnerability Manager 3000 Appliance (MVM3000)提供開始のお知らせ
-------------------------------------------------------
McAfee Vulnerability Manager 1000 Appliance (FS1000) McAfee Vulnerability Manager 850 Appliance (FS850)

が下記モデルに統合されました。

McAfee Vulnerability Manager 3000 Appliance (MVM3000)

MVM3000は2009年9月16日(水)より提供開始されています。

FS1000およびFS850のサポート終了日は2014年8月25日、
もしくは購入から5年の日付の早いほうとなります。


-------------------------------------------------------
5) McAfee Vulnerability Manager v6.5 のサポート終了について
-------------------------------------------------------
Vulnerability Manager(旧称:Foundstone) 6.5のサポート終了日が確定しましたのでお知らせします。
サポート終了日までに上位バージョンへの移行準備をお願いいたします。

サポート終了日: 2010年6月30日
現行の最新バージョン: v6.8

※アップグレードのツールおよび手順書は、ダウンロードページよりご入手いただけます。
 http://www.mcafee.com/japan/licensed2/


-------------------------------------------------------
6) 「サポート通信」登録方法変更のお知らせ
-------------------------------------------------------
サポート通信の登録方法が下記の通り変更となりましたのでお知らせいたします。

6月1日以降に新規契約をしたお客様には、4種類のサポート通信を配信いたします。各種サ
ポート通信が不要な方は、各サポート通信の文末に記載されているURLにアクセスして、解除
手続きを行っていただきます。

障害などでサポート窓口にお問い合わせいただいた新規のご担当者様には、今までどおり、
「サポート通信 - 登録のご案内」メールを1回のみ配信いたします。
http://www.mcafee.com/japan/support/customer_support/techsupport_regform.asp


---------------------------------------------------------
※ マカフィーからのサービス
---------------------------------------------------------
○マカフィーサポート通信について
- 配信停止
  「マカフィー サポート通信 - リスク管理ソリューション 」の配信停止をご希望される方は、
  以下のページより手続きをお願い致します。
  https://md.pbz.jp/s/r-ctrl.php?act=PCDelAuth&funcinfo_allreset=1&uid=mcafee&mid= foundstone_supp
- 各種法人ユーザ登録情報の変更はこちら
   ⇔ http://www.mcafee.com/japan/support/customer_support/tourokuhenkou.asp

○マカフィーでは、製品の技術的FAQ等多くのサービスや情報提供を行っています。是非ご活用ください。
 http://www.mcafee.com/japan/support/

●===McAfee=============================================○
発信元:
マカフィー株式会社
テクニカルサポートセンター インフォメーション係
(c) 2010 McAfee, Inc. All Rights Reserved.
お客様は,マカフィー株式会社の事前の書面による承諾を得ることなく、
掲載内容の無断転載を禁じます。
○=============================================McAfee===●