==============================================================

マカフィー サポート通信 - リスク管理ソリューション 2011.07.04
==============================================================

平素McAfee Vulnerability Managerをご愛用いただきありがとうございます。
本メールはMcAfee Vulnerability Manager製品のサポートをご購入のお客様
に配信しております。

○-======  今週のマカフィー Vulnerability Manager (目次)  =======-○
1) FSL UPDATE
2) OSパッチアップデート
3) McAfee Vulnerability Manager新バージョンソフトウェアv6.8のリリースについて
4) McAfee Vulnerability Manager 3000 Appliance (MVM3000)提供開始のお知らせ
5) McAfee Vulnerability Manager v6.5 のサポート終了について
6) 「サポート通信」登録方法変更のお知らせ

※) マカフィーからのサービス
○-===================================================-○

-------------------------------------------------------
1) FSL UPDATE
-------------------------------------------------------
マカフィーは以下のVulnerability Manager製品のアップデートを提供しています。
最新更新日: 2011-JUL-01

(SUMMARY)

新しいチェック項目 :      82
改善されたチェック項目 :     302
削除されたチェック項目 :       8

 追加・改善されたシグネチャ項目等の詳細は以下の製品ダウンロード
 ページから「McAfee Foundstone Update」の最新版を入手してください。

 http://www.mcafee.com/japan/licensed2/

新しいチェック項目:

  * FID #12274 Sunway Forcecontrol SCADA Remote Code Execution
    Risk: High
  * FID #12277 Mozilla Firefox Multiple Vulnerabilities Prior To 5.0
    Risk: High
  * FID #12278 Mozilla Firefox Multiple Vulnerabilities Prior To 3.6.18
    Risk: High
  * FID #12279 Mozilla Thunderbird Multiple Vulnerabilities Prior To 3.1.11
    Risk: High
  * FID #12280 Apple Mac OS X Security Update 2011-004
    Risk: High
  * FID #12285 InduSoft ISSymbol ActiveX Control Multiple Buffer Overflows
    Risk: High
  * FID #12291 AN-HTTPd count.pl Directory Traversal Vulnerability
    Risk: High
  * FID #41683 Red Hat Enterprise Linux RHSA-2011-0886 Update Is Not Installed
    Risk: High
  * FID #41685 Red Hat Enterprise Linux RHSA-2011-0887 Update Is Not Installed
    Risk: High
  * FID #41686 Red Hat Enterprise Linux RHSA-2011-0885 Update Is Not Installed
    Risk: High
  * FID #41687 Red Hat Enterprise Linux RHSA-2011-0888 Update Is Not Installed
    Risk: High
  * FID #50273 Ubuntu Linux 10.04, 10.10, 8.04 LTS USN-1155-1 Update Is Not Installed
    Risk: High
  * FID #58157 Debian Linux 5.0 DSA-2264-1 Update Is Not Installed
    Risk: High
  * FID #81722 Fedora Linux 13 FEDORA-2011-7858 Update Is Not Installed
    Risk: High
  * FID #81732 Fedora Linux 13 FEDORA-2011-6447 Update Is Not Installed
    Risk: High
  * FID #81733 Fedora Linux 13 FEDORA-2011-8020 Update Is Not Installed
    Risk: High
  * FID #12281 BackDoor-WPtouch-WordPress Trojan
    Risk: Medium
  * FID #12282 BackDoor-W3 Total Cache-WordPress Trojan
    Risk: Medium
  * FID #12283 BackDoor-AddThis-WordPress Trojan
    Risk: Medium
  * FID #12292 FCKeditor upload.php TYPE Parameter Arbitrary File Upload Vulnerability
    Risk: Medium
  * FID #41684 Red Hat Enterprise Linux RHSA-2011-0871 Update Is Not Installed
    Risk: Medium
  * FID #50270 Ubuntu Linux 10.10, 11.04 USN-1156-1 Update Is Not Installed
    Risk: Medium
  * FID #50272 Ubuntu Linux 10.04, 10.10, 11.04 USN-1152-1 Update Is Not Installed
    Risk: Medium
  * FID #81717 Fedora Linux 14 FEDORA-2011-7994 Update Is Not Installed
    Risk: Medium
  * FID #81723 Fedora Linux 15 FEDORA-2011-7997 Update Is Not Installed
    Risk: Medium
  * FID #83583 FreeBSD samba Denial Of Service - Memory Corruption (bfdbc7ec-9c3f-11e0-9bec-6c626dd55a41)
    Risk: Medium
  * FID #90778 Oracle Enterprise Linux ELSA-2011-0871 Update Is Not Installed
    Risk: Medium
  * FID #32821 Sun Solaris 147227-01 Update Is Not Installed
    Risk: Low
  * FID #32822 Sun Solaris 147228-01 Update Is Not Installed
    Risk: Low
  * FID #50269 Ubuntu Linux 10.04, 10.10, 11.04, 8.04 LTS USN-1153-1 Update Is Not Installed
    Risk: Low
  * FID #50271 Ubuntu Linux 10.04, 10.10, 11.04 USN-1154-1 Update Is Not Installed
    Risk: Low
  * FID #50274 Ubuntu Linux 10.04, 10.10, 11.04 USN-1151-1 Update Is Not Installed
    Risk: Low
  * FID #55111 Top Weekly Malware Env - FakeAlert-FlashSecUpdate (FlashSecurityUpdate.exe)
    Risk: Low
  * FID #58154 Debian Linux 5.0 DSA-2263-1 Update Is Not Installed
    Risk: Low
  * FID #58155 Debian Linux 6.0 DSA-2261-1 Update Is Not Installed
    Risk: Low
  * FID #58156 Debian Linux 6.0 DSA-2262-1 Update Is Not Installed
    Risk: Low
  * FID #58158 Debian Linux 5.0, 6.0 DSA-2265-1 Update Is Not Installed
    Risk: Low
  * FID #81715 Fedora Linux 14 FEDORA-2011-8006 Update Is Not Installed
    Risk: Low
  * FID #81716 Fedora Linux 15 FEDORA-2011-7747 Update Is Not Installed
    Risk: Low
  * FID #81718 Fedora Linux 13 FEDORA-2011-7756 Update Is Not Installed
    Risk: Low
  * FID #81719 Fedora Linux 14 FEDORA-2011-8117 Update Is Not Installed
    Risk: Low
  * FID #81720 Fedora Linux 15 FEDORA-2011-8028 Update Is Not Installed
    Risk: Low
  * FID #81721 Fedora Linux 15 FEDORA-2011-8022 Update Is Not Installed
    Risk: Low
  * FID #81724 Fedora Linux 13 FEDORA-2011-8036 Update Is Not Installed
    Risk: Low
  * FID #81725 Fedora Linux 13 FEDORA-2011-8059 Update Is Not Installed
    Risk: Low
  * FID #81726 Fedora Linux 15 FEDORA-2011-8011 Update Is Not Installed
    Risk: Low
  * FID #81727 Fedora Linux 14 FEDORA-2011-7374 Update Is Not Installed
    Risk: Low
  * FID #81728 Fedora Linux 13 FEDORA-2011-7818 Update Is Not Installed
    Risk: Low
  * FID #81729 Fedora Linux 14 FEDORA-2011-7805 Update Is Not Installed
    Risk: Low
  * FID #81730 Fedora Linux 14 FEDORA-2011-8021 Update Is Not Installed
    Risk: Low
  * FID #81731 Fedora Linux 14 FEDORA-2011-7846 Update Is Not Installed
    Risk: Low
  * FID #83579 FreeBSD piwik Remote Command Execution Vulnerability (23c8423e-9bff-11e0-8ea2-0019d18c446a)
    Risk: Low
  * FID #83580 FreeBSD dokuwiki Cross Site Scripting Vulnerability (0b535cd0-9b90-11e0-800a-00215c6a37bb)
    Risk: Low
  * FID #83581 FreeBSD linux-flashplugin Remote Code Execution Vulnerability (55a528e8-9787-11e0-b24a-001b2134ef46)
    Risk: Low
  * FID #83582 FreeBSD mozilla Multiple Vulnerabilities (dfe40cff-9c3f-11e0-9bec-6c626dd55a41)
    Risk: Low
  * FID #83584 FreeBSD ikiwiki Tty Hijacking Via Ikiwiki-mass-rebuild (3145faf1-974c-11e0-869e-000c29249b2e)
    Risk: Low
  * FID #88431 Slackware Linux 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, 8.1, 9.0, 9.1 SSA:2011-171-01 Update Is Not Install
    Risk: Low
  * FID #92775 Mandriva Linux 2009.0 MDVSA-2011-110 Update Is Not Installed
    Risk: Low
  * FID #94615 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 libpcap-4667 Update Is Not Installed
    Risk: Low
  * FID #94616 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 rsh-4711 Update Is Not Installed
    Risk: Low
  * FID #94617 SuSE SLES 11, 11 SP1 stunnel-4679 Update Is Not Installed
    Risk: Low
  * FID #94618 SuSE SLES 11, 11 SP1 apache2-mod_php5-4663 Update Is Not Installed
    Risk: Low
  * FID #94619 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 yast2-iscsi-client-4685 Update Is Not Installed
    Risk: Low
  * FID #94620 SuSE SLED 11 SP1 flash-player-4715 Update Is Not Installed
    Risk: Low
  * FID #94621 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 pam-modules-4728 Update Is Not Installed
    Risk: Low
  * FID #94622 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 ConsoleKit-4613 Update Is Not Installed
    Risk: Low
  * FID #94623 SuSE SLES 10 SP4 apache2-mod_php5-7553 Update Is Not Installed
    Risk: Low
  * FID #94624 SuSE SLES 10 SP4, SLED 10 SP4 openssh-7546 Update Is Not Installed
    Risk: Low
  * FID #94625 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 bind-4635 Update Is Not Installed
    Risk: Low
  * FID #94626 SuSE SLED 10 SP4 flash-player-7571 Update Is Not Installed
    Risk: Low
  * FID #94627 SuSE SLES 10 SP4, SLED 10 SP4 clamav-7570 Update Is Not Installed
    Risk: Low
  * FID #94628 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 clamav-4706 Update Is Not Installed
    Risk: Low
  * FID #94629 SuSE SLES 10 SP3 apache2-mod_php5-7554 Update Is Not Installed
    Risk: Low
  * FID #94630 SuSE SLES 11 SP1 powerpc-utils-4657 Update Is Not Installed
    Risk: Low
  * FID #94631 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 pam-modules-4690 Update Is Not Installed
    Risk: Low
  * FID #94632 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 yast2-x11-4519 Update Is Not Installed
    Risk: Low
  * FID #94633 SuSE SLES 11, 11 SP1, SLED 11 indian-rupee-support-4553 Update Is Not Installed
    Risk: Low
  * FID #94634 SuSE SLES 10 SP3 yast2-iscsi-client-7557 Update Is Not Installed
    Risk: Low
  * FID #94635 SuSE SLES 10 SP4 yast2-iscsi-client-7558 Update Is Not Installed
    Risk: Low
  * FID #94636 SuSE SLED 11 SP1 libflaim-4472 Update Is Not Installed
    Risk: Low
  * FID #12290 FTP Server Accepting Any Command Detected
    Risk: Informational
  * FID #12293 FreePBX Or PBXconfig Default Credentials Detected
    Risk: Informational

改善されたチェック項目:

  * FID #536 WU-FTPD SITE EXEC Format String
    FASLScript is updated
  * FID #630 Checkpoint Firewall-1 Authentication Server Format String
    FASLScript is updated
  * FID #653 SubSeven Detected
    FASLScript is updated
  * FID #660 QPOP 3b Buffer Overflow
    FASLScript is updated
  * FID #661 QPOP Euidl Command Execution
    FASLScript is updated
  * FID #663 Finger Command Execution
    FASLScript is updated
  * FID #664 Netbus Detected
    FASLScript is updated
  * FID #670 Shiva Router Default Password
    FASLScript is updated
  * FID #690 Deep Throat Detected
    FASLScript is updated
  * FID #716 NSI Rwhoisd Format String
    CVE is updated
    FASLScript is updated
  * FID #724 Solaris AnswerBook2 Command Execution
    FASLScript is updated
  * FID #745 Wingate Proxy Accessible Without Password
    FASLScript is updated
  * FID #747 HTTP Proxy CONNECT
    FASLScript is updated
  * FID #756 Cisco IOS HTTP Unauthorized Admin Access
    FASLScript is updated
  * FID #828 Cisco Aironet 340 Series WLAN AP Web Administration Access.
    FASLScript is updated
  * FID #829 Cisco Aironet 340 WLAN AP Telnet Access
    FASLScript is updated
  * FID #870 PHP File Upload Buffer Overflow
    FASLScript is updated
  * FID #882 LinkSys WLAN Access Point WEP Key Disclosure
    FASLScript is updated
  * FID #892 Kuang2 Detected
    FASLScript is updated
  * FID #894 Trinity Detected
    FASLScript is updated
  * FID #900 Cisco Aironet 350 Series Web Administration Access
    FASLScript is updated
  * FID #914 Cisco HTTP Command Execution
    FASLScript is updated
  * FID #923 Linksys Router Admin Login
    FASLScript is updated
  * FID #937 Apple Airport Base Station WEP Key Disclosure
    FASLScript is updated
  * FID #1131 (MS01-021) Microsoft ISA Server Web Proxy Denial-of-Service
    FASLScript is updated
  * FID #1183 (MS02-065) Microsoft Windows Remote MDAC Buffer Overflow
    FASLScript is updated
  * FID #1235 SGI IRIX infosrch.cgi fname Command Execution
    FASLScript is updated
  * FID #1332 Sun AnswerBook Inso DynaWeb httpd Format String
    FASLScript is updated
  * FID #1598 (MS03-007) Microsoft IIS WebDAV ntdll.dll Buffer Overflow Intrusive
    FASLScript is updated
  * FID #1600 (MS03-008) Windows Script Engine Code Execution
    FASLScript is updated
  * FID #1651 (MS03-011) Microsoft Virtual Machine ByteCode Code Execution
    FASLScript is updated
  * FID #2087 (MS03-038) Microsoft Access Snapshot Viewer ActiveX Control Parameter Buffer Overflow
    FASLScript is updated
  * FID #2261 BlackICE Server Message Block (SMB) Processing Heap Memory Overwrite
    FASLScript is updated
  * FID #2262 BlackICE PAM ICQ Server Response Processing Buffer Overflow
    FASLScript is updated
  * FID #2268 (MS04-013) Outlook Express IE Key
    FASLScript is updated
  * FID #2669 (MS04-027) Microsoft Office Word Perfect Converter Remote Code Execution
    FASLScript is updated
  * FID #2671 (MS04-028) Microsoft Office Buffer Overrun in JPEG Processing (GDI+)
    FASLScript is updated
  * FID #3066 Trillian IRC User Mode Numeric Remote Buffer Overrun
    FASLScript is updated
  * FID #3067 Trillian IRC Oversized Data Block Buffer Overrun
    FASLScript is updated
  * FID #3068 Trillian IRC JOIN Buffer Overrun
    FASLScript is updated
  * FID #3192 Nullsoft Winamp in_cdda.dll .pls Buffer Overflow
    CVE is updated
    FASLScript is updated
  * FID #3910 Symantec Brightmail AntiSpam MySQL Default Login
    FASLScript is updated
  * FID #3934 Ethereal Multiple Dissector Vulnerabilities
    FASLScript is updated
  * FID #4097 Oracle Database Server Default Credentials
    FASLScript is updated
  * FID #4142 Mozilla Firefox QueryInterface Vulnerability
    CVE is updated
    FASLScript is updated
  * FID #4150 Mozilla Firefox Integer Overflow
    FASLScript is updated
  * FID #4156 Mozilla Firefox Element Change Vulnerability
    FASLScript is updated
  * FID #4575 PHP Zend Multiple Vulnerabilities
    FASLScript is updated
  * FID #4715 Novell eDirectory Stack Overflow Remote Code Execution Vulnerability
    FASLScript is updated
  * FID #5045 W32/Grum, Malware Spoofing IE7 Download
    FASLScript is updated
  * FID #5114 Symantec Enterprise Security Manager Remote Upgrade Vulnerability
    FASLScript is updated
  * FID #5115 VMware Workstation Shared Folders Directory Traversal
    CVE is updated
    FASLScript is updated
  * FID #5459 Novell Client NWSPOOL.DLL Buffer Overflow Vulnerabilities
    FASLScript is updated
  * FID #5529 CA BrightStor ARCserve Backup Authentication Integer Overflow
    FASLScript is updated
  * FID #5935 Novell Groupwise Messenger Client Buffer Overflows
    FASLScript is updated
  * FID #6797 Asterisk Chan_Skinny Remote Buffer Overflow Vulnerability
    FASLScript is updated
  * FID #6798 Asterisk Stack Buffer Overflows in SIP Channel's T.38 SDP Parsing Code
    FASLScript is updated
  * FID #6799 Asterisk SDP Excessive RTP Payloads Overflow
    FASLScript is updated
  * FID #7260 Symantec Altiris Deployment Solution Unspecified Denial of Service Vulnerability (CVE-2009-3178)
    FASLScript is updated
  * FID #7262 Symantec Altiris Deployment Solution Multiple Unspecified Vulnerabilities (CVE-2009-3179)
    FASLScript is updated
  * FID #8512 Microsoft Windows SMB Response Denial Of Service Vulnerability
    Recommendation is updated
  * FID #9005 Symantec Altiris Deployment Solution ListView Control Local Privilege Escalation Vulnerability
    FASLScript is updated
  * FID #9008 Symantec Altiris Deployment Solution Altiris Client Local Privilege Escalation Vulnerability
    FASLScript is updated
  * FID #9009 Symantec Altiris Deployment Solution Enable Key Based Authentication Local Privilege Escalation Vulnerability
    FASLScript is updated
  * FID #9010 Symantec Altiris Deployment Solution Aclient Log File Viewer Local Privilege Escalation Vulnerability
    FASLScript is updated
  * FID #9047 (APSB10-15)  Adobe Products authplay.dll Code Execution Vulnerability
    FASLScript is updated
  * FID #9112 CA ARCserve Backup For Laptops And Desktops Server NetBackup Service Code Execution Vulnerability
    FASLScript is updated
  * FID #9114 Gracenote CDDBControl ActiveX Control Buffer Overflow Vulnerability
    FASLScript is updated
  * FID #9115 CA ARCserve Backup For Laptops And Desktops Server LGServer Service Buffer Overflow Vulnerability
    FASLScript is updated
  * FID #9118 Gracenote CDDBControl Multiple Parameters ActiveX Control Buffer Overflow Vulnerability
    FASLScript is updated
  * FID #9345 CA ARCserve Backup For Laptops And Desktops rxRPC.dll Buffer Overflow Vulnerability
    FASLScript is updated
  * FID #10151 HP Power Manager Login Buffer Overflow Vulnerability
    FASLScript is updated
  * FID #11790 (MS11-025) Microsoft MFC Insecure Library Loading (2500212)
    FASLScript is updated
  * FID #12018 Management Homepage Remote Code Execution CVE-2010-2950
    Observation is updated
  * FID #12101 WordPress Universal Post Manager Plugin Multiple Cross Site Scripting Vulnerabilities
    Recommendation is updated
  * FID #12261 Microsoft Office XP Remote Code Execution Vulnerability
    Recommendation is updated
  * FID #12264 Oracle Web Server Expect Header Cross Site Scripting Remote Code Execution
    Recommendation is updated
  * FID #32095 Sun Solaris 125332-18 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #32096 Sun Solaris 125333-17 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #628 SSH 3.0.0 Short Password
    FASLScript is updated
  * FID #629 FreeBSD Finger File Disclosure
    FASLScript is updated
  * FID #636 WU-FTPD SITE NEWER Denial-of-Service
    FASLScript is updated
  * FID #723 Solaris AnswerBook2 Unauthorized Admin Access
    FASLScript is updated
  * FID #736 HP Printer Telnet Admin
    FASLScript is updated
  * FID #738 HP Printer FTP Access
    FASLScript is updated
  * FID #748 Netscape Enterprise Server /?wp-cs-dump Directory Disclosure
    FASLScript is updated
  * FID #791 IMAP Brute Force
    FASLScript is updated
  * FID #793 POP Brute Force
    FASLScript is updated
  * FID #879 AdMentor Remote SQL Injection
    FASLScript is updated
  * FID #980 Lotus Domino Server HTTP Header Denial-of-Service
    FASLScript is updated
  * FID #981 Lotus Domino Server GET Unicode Denial-of-Service
    FASLScript is updated
  * FID #982 Lotus Domino Server DIIOP / CORBA Denial-of-Service
    FASLScript is updated
  * FID #984 Lotus Domino Webserver DOS Device Extension Denial-of-Service
    FASLScript is updated
  * FID #1052 BEA WebLogic DOS Device Denial-of-Service
    FASLScript is updated
  * FID #1064 (MS02-037) Microsoft Exchange Server 5.5 IMC Buffer Overflow
    FASLScript is updated
  * FID #1079 Cobalt Cube Webmail Directory Traversal
    FASLScript is updated
  * FID #1097 Microsoft Outlook 2002 allows users access to blocked attachments
    FASLScript is updated
  * FID #1157 Oracle 8i/9i TNS Listener SERVICE_CURLOAD Denial-of-Service
    FASLScript is updated
  * FID #1249 Apache Scoreboard Memory Segment Overwriting Denial-of-Service
    FASLScript is updated
  * FID #1276 Ipswitch IMail Web Calendaring Incomplete Post Denial Of Service
    FASLScript is updated
  * FID #1459 IBM WebSphere Large HTTP Header Buffer Overflow
    FASLScript is updated
  * FID #1847 Apache apr_psprintf() Denial-of-Service
    FASLScript is updated
  * FID #1863 Apache WebDAV Module Denial-of-Service
    FASLScript is updated
  * FID #1890 iisProtect Authentication Bypass
    FASLScript is updated
  * FID #2083 (MS03-051) Microsoft FrontPage Server Extensions Buffer Overrun Patch
    FASLScript is updated
  * FID #2095 (MS03-035) Microsoft Word Macro Execution Security Bypass
    FASLScript is updated
  * FID #2335 (MS03-017) Windows Media Player Skins Downloading Code Execution
    FASLScript is updated
  * FID #2336 DCOM RPC over HTTP Enabled
    FASLScript is updated
  * FID #2563 (MS04-018) Microsoft Outlook Express Denial-of-Service Patch
    FASLScript is updated
  * FID #2826 Apple QuickTime for Windows Integer Overflow Vulnerability
    FASLScript is updated
  * FID #2991 Adobe Acrobat Reader .ETD File Format String Vulnerability
    FASLScript is updated
  * FID #3013 MSN Chat ActiveX Control Patch
    FASLScript is updated
  * FID #3045 Morpheus FastTrack P2P Message Service Denial-of-Service
    CVE is updated
    FASLScript is updated
  * FID #3046 Kazaa FastTrack P2P Message Service Denial-of-Service
    CVE is updated
    FASLScript is updated
  * FID #3047 Grokster FastTrack P2P Message Service Denial-of-Service
    CVE is updated
    FASLScript is updated
  * FID #3048 Morpheus FastTrack Service Identity Spoofing Vulnerability
    FASLScript is updated
  * FID #3049 Grokster FastTrack Service Identity Spoofing Vulnerability
    FASLScript is updated
  * FID #3050 Kazaa FastTrack Service Identity Spoofing Vulnerability
    CVE is updated
    FASLScript is updated
  * FID #3051 eDonkey 2000 URI Handler Buffer Overrun
    FASLScript is updated
  * FID #3052 Grokster FastTrack P2P Supernode Packet Handler Buffer Overrun
    FASLScript is updated
  * FID #3054 Morpheus FastTrack P2P Supernode Packet Handler Buffer Overrun
    FASLScript is updated
  * FID #3055 Kazaa FastTrack P2P Supernode Packet Handler Buffer Overrun
    FASLScript is updated
  * FID #3056 YIM Script Injection Vulnerability
    FASLScript is updated
  * FID #3057 YIM Call Center Buffer Overrun
    CVE is updated
    FASLScript is updated
  * FID #3058 YIM Message Field Overrun
    CVE is updated
    FASLScript is updated
  * FID #3059 YIM IMvironment Field Overrun
    CVE is updated
    FASLScript is updated
  * FID #3063 MSN ActiveX Object Information Disclosure
    FASLScript is updated
  * FID #3319 Apple QuickTime PictureViewer JPEG Denial of Service
    FASLScript is updated
  * FID #3418 Yahoo! Messenger Denial of Service
    FASLScript is updated
  * FID #3456 Apple iTunes MPEG4 Vulnerability
    FASLScript is updated
  * FID #3822 Adobe Reader Plug In Buffer Overflow
    FASLScript is updated
  * FID #3823 Alt-N MDaemon Local Privilege Escalation
    FASLScript is updated
  * FID #3824 Nullsoft Winamp ID3v2 Buffer Overflow
    CVE is updated
    FASLScript is updated
  * FID #3861 Home FTP Information Disclosure
    CVE is updated
    FASLScript is updated
  * FID #3862 Home FTP Directory Traversal
    FASLScript is updated
  * FID #3879 Adobe Acrobat Plug In Buffer Overflow
    FASLScript is updated
  * FID #4060 Ethereal IRC, GTP and OSPF Dissector Vulnerabilities
    FASLScript is updated
  * FID #4068 Blue Coat Systems WinProxy Host Header Overflow
    FASLScript is updated
  * FID #4071 Symantec pcAnywhere Winaw32.exe Pre-Authentication Heap Overflow Vulnerability
    FASLScript is updated
  * FID #4144 Mozilla Firefox JScript Garbage Collection Vulnerability
    CVE is updated
    FASLScript is updated
  * FID #4148 Mozilla Firefox XML Parsing Vulnerability
    CVE is updated
    FASLScript is updated
  * FID #4152 Mozilla Firefox XULDocument.persist() Vulnerability
    CVE is updated
    FASLScript is updated
  * FID #4259 SuSE Linux HTTP Referer Vulnerability
    FASLScript is updated
  * FID #5085 PWS-LDPinch
    FASLScript is updated
  * FID #5180 Symantec Enterprise Security Manager Vulnerability
    FASLScript is updated
  * FID #5219 Yahoo! Webcam ActiveX Vulnerabilities
    FASLScript is updated
  * FID #5407 Novell Client NWSPOOL.DLL Vulnerability
    FASLScript is updated
  * FID #5642 NFS Shares Mountable By Everyone
    FASLScript is updated
  * FID #5660 Novell Client nicm.sys Privilege Escalation
    FASLScript is updated
  * FID #6105 (MS08-052) Microsoft GDI+ VML Buffer Overrun Vulnerability (954593)
    FASLScript is updated
  * FID #6106 (MS08-052) Microsoft GDI+ EMF Memory Corruption Vulnerability (954593)
    FASLScript is updated
  * FID #6107 (MS08-052) Microsoft GDI+ GIF Parsing Vulnerability (954593)
    FASLScript is updated
  * FID #6108 (MS08-052) Microsoft GDI+WMF Buffer Overrun Vulnerability (954593)
    FASLScript is updated
  * FID #6109 (MS08-052) Microsoft GDI+ BMP Integer Overflow Vulnerability (954593)
    FASLScript is updated
  * FID #6371 Samba 'Root File' Security Bypass Vulnerability
    FASLScript is updated
  * FID #6462 SMB User Enumeration By Host/Domain SID
    FASLScript is updated
  * FID #6741 Asterisk Invalid From Header SIP Authentication Bypass
    FASLScript is updated
  * FID #6800 Asterisk Skinny Channel Driver Remote Denial-of-Service Vulnerability
    FASLScript is updated
  * FID #6801 Asterisk SIP Channel Driver Pedantic Mode Remote Denial-of-Service Vulnerability
    FASLScript is updated
  * FID #7118 Microsoft Internet Information Server FTP LIST Command Stack Consumption Vulnerability
    FASLScript is updated
  * FID #7184 Symantec Altiris Deployment Solution 'DbManager' Authentication Bypass Vulnerability
    FASLScript is updated
  * FID #7185 Symantec Altiris Deployment Solution 'Aclient' Local Privilege Escalation Vulnerability
    FASLScript is updated
  * FID #7186 Symantec Altiris Deployment Solution File Transfer Authentication Bypass Vulnerability
    FASLScript is updated
  * FID #7187 Symantec Altiris Deployment Solution File Transfer Port Security Bypass Vulnerability
    FASLScript is updated
  * FID #7429 Websense Email Security Web Administrator Service Denial Of Service Vulnerability
    FASLScript is updated
  * FID #7684 Symantec Altiris Deployment Solution Multiple Vulnerabilities
    FASLScript is updated
  * FID #7701 (MS08-052) Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
    FASLScript is updated
  * FID #7838 Apache Tomcat WebDav SYSTEM Tag Information Disclosure Vulnerability
    FASLScript is updated
  * FID #7916 Apache Geronimo Multiple XSS Vulnerabilities
    FASLScript is updated
  * FID #8319 Microsoft IIS WebDAV PROPFIND/SEARCH Request Denial Of Service Vulnerability
    FASLScript is updated
  * FID #8380 Microsoft IIS Sample Application Cross Site Scripting Vulnerability
    FASLScript is updated
  * FID #8691 Internet Explorer XSS Filter Cross-Site Scripting Vulnerability
    Recommendation is updated
  * FID #8692 Apache Tomcat Authentication Header Host Information Disclosure Vulnerability
    FASLScript is updated
  * FID #8813 Microsoft WebDAV Large Body Denial Of Service Vulnerability
    FASLScript is updated
  * FID #8949 Symantec Altiris Deployment Solution Agent User Interface Unspecified Vulnerability
    FASLScript is updated
  * FID #8950 Symantec Altiris Deployment Solution Tooltip Element Unspecified Vulnerability
    FASLScript is updated
  * FID #8951 Symantec Altiris Deployment Solution Denial Of Service Vulnerability
    FASLScript is updated
  * FID #8952 Symantec Altiris Deployment Solution Install Directory Local Privilege Escalation Vulnerability
    FASLScript is updated
  * FID #9006 Symantec Altiris Deployment Solution AClient Information Disclosure Vulnerability
    FASLScript is updated
  * FID #9231 CA ARCserve Backup Information Disclosure Vulnerability
    FASLScript is updated
  * FID #9604 Oracle Reports Server rwcgi60 Buffer Overflow Vulnerability
    FASLScript is updated
  * FID #9799 SMTP Generic Overflow Vulnerability
    FASLScript is updated
  * FID #10220 Symantec Products Log Viewer ccLgView.exe Multiple Cross Site Scripting Vulnerabilities
    FASLScript is updated
  * FID #10385 (MS10-061) Microsoft Windows Print Spooler Service Impersonation (2347290)
    FASLScript is updated
  * FID #10515 Nuked-Klan Cross Site Scripting Vulnerability
    Recommendation is updated
  * FID #10591 Oracle Fusion Middleware WebLogic Server Remote Encoded URL Vulnerability
    FASLScript is updated
  * FID #10617 Microsoft IIS Partial HTTP Request Denial Of Service Vulnerability
    FASLScript is updated
  * FID #10715 Generic PWS.tk!dldr Trojan
    FASLScript is updated
  * FID #11175 (MS11-026) Microsoft MHTML Mime-Formatted Request (2503658)
    Name is updated
  * FID #11201 Oracle WebLogic Server JDBC Connection Pool Unauthorized Access Vulnerability
    FASLScript is updated
  * FID #12016 HP System Management Homepage Remote Code Execution CVE-2010-2531
    Observation is updated
  * FID #12019 Management Homepage Remote Code Execution CVE-2010-4008
    Description is updated
    Observation is updated
  * FID #12123 IBM Lotus Domino ReadDesign Request Design Element Disclosure Vulnerability
    Recommendation is updated
  * FID #12142 Apache mod_info /server-info Information Disclosure Vulnerability
    Recommendation is updated
  * FID #32020 Sun Solaris 119209-26 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #32021 Sun Solaris 119211-26 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #32022 Sun Solaris 119212-26 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #32023 Sun Solaris 119213-26 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #32024 Sun Solaris 119214-26 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #32097 Sun Solaris 125358-14 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #32098 Sun Solaris 125359-14 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    CVE is updated
    FASLScript is updated
  * FID #44005 Microsoft Windows spoolss Remote Denial of Service
    FASLScript is updated
  * FID #647 Netscape Enterprise Server INDEX Directory Disclosure
    FASLScript is updated
  * FID #650 BEA WebLogic 5.1.0 JSP Source Disclosure
    FASLScript is updated
  * FID #712 Solaris in.fingerd User Enumeration
    FASLScript is updated
  * FID #722 Lotus Domino names.nsf Accessible
    FASLScript is updated
  * FID #726 Lotus Domino /cgi-bin Path Disclosure
    FASLScript is updated
  * FID #730 Solaris in.ftpd User Enumeration
    FASLScript is updated
  * FID #743 LPD Information Leakage
    FASLScript is updated
  * FID #755 Allaire JRun %3f Directory Disclosure
    FASLScript is updated
  * FID #784 BEA WebLogic SSIServlet Source Disclosure
    FASLScript is updated
  * FID #790 Sun Solaris Common Desktop Environment (CDE) dtspcd Information Leakage
    FASLScript is updated
  * FID #806 ActiveState ActivePerl Path Disclosure
    FASLScript is updated
  * FID #807 Apache MultiView Directory Disclosure
    FASLScript is updated
  * FID #809 (KB218180) Microsoft IIS Internal IP Address Disclosure
    FASLScript is updated
  * FID #810 Apache Internal IP Address Disclosure
    FASLScript is updated
  * FID #860 Netscape Enterprise Server Internal IP Address Disclosure
    FASLScript is updated
  * FID #876 Microsoft IIS 5.0 WebDAV PROPFIND Internal IP Address Disclosure
    FASLScript is updated
  * FID #883 Microsoft IIS Blank Host Auth Internal IP Disclosure
    FASLScript is updated
  * FID #916 Anonymous FTP Writeable Directory
    FASLScript is updated
  * FID #917 Remotely Anywhere SSH Server Detected
    FASLScript is updated
  * FID #940 BEA WebLogic Path Disclosure
    FASLScript is updated
  * FID #943 Remotely Anywhere HTTP Server Detected
    FASLScript is updated
  * FID #944 3com Superstack II Switch monitor login via Web
    FASLScript is updated
  * FID #968 New Atlanta ServletExec 4.x ISAPI Physical Path Disclosure
    FASLScript is updated
  * FID #969 Lotus Domino Server R5 Cross-Site Scripting
    FASLScript is updated
  * FID #970 Lotus Domino Server ReplicaID File Disclosure
    FASLScript is updated
  * FID #979 Apache Tomcat Web Server Directory Listing
    FASLScript is updated
  * FID #988 Apache Tomcat Webroot Path Disclosure
    FASLScript is updated
  * FID #1025 Microsoft Exchange Routing Server DEBUG Information Leakage
    FASLScript is updated
  * FID #1026 Caucho Resin HelloServlet Path Disclosure
    FASLScript is updated
  * FID #1050 Caucho Resin DOS Device Path Disclosure
    FASLScript is updated
  * FID #1121 SGI IRIX 6.x objectserver System ID Disclosure
    FASLScript is updated
  * FID #1192 FTP Sensitive File Extension
    FASLScript is updated
  * FID #1193 %3f.jsp Directory Traversal
    FASLScript is updated
  * FID #1208 IBM HTTP Server/Apache HTTP Server (win32) Root Directory Listing
    FASLScript is updated
  * FID #1233 Apache 2.0 CGI Path Disclosure
    FASLScript is updated
  * FID #1243 Apache  Mass Virtual Hosting File Retrieval
    FASLScript is updated
  * FID #1252 PHPMyExplorer Directory Traversal
    FASLScript is updated
  * FID #1294 pWins Perl Web Server Directory Traversal
    FASLScript is updated
  * FID #1341 Zeroo HTTP Server Directory Traversal
    FASLScript is updated
  * FID #1378 PHP PHP-Nuke modules.php (Your_Account) Path Disclosure
    FASLScript is updated
  * FID #1438 Oracle HTTP Reports Server Information Disclosure
    FASLScript is updated
  * FID #1476 Netscape .nsconfig Information Disclosure
    FASLScript is updated
  * FID #1478 Novell NetWare dir.bas Directory Disclosure
    FASLScript is updated
  * FID #1479 Novell NetWare 5.1 env.bas Information Disclosure
    FASLScript is updated
  * FID #1480 Novell NetWare 5.x fdir.bas Information Disclosure
    FASLScript is updated
  * FID #1481 Novell NetWare 5.0 Enterprise Web Server lcgitest.nlm Information Disclosure
    FASLScript is updated
  * FID #1482 Novell NetWare 5.1 Enterprise Web Server slist.bas Server List Information Disclosure
    FASLScript is updated
  * FID #1493 Apache Cocoon status Information Disclosure
    FASLScript is updated
  * FID #1569 Sybex E-Trainer Directory Traversal
    FASLScript is updated
  * FID #1718 Hewlett Packard HP-UX dtspcd Information Disclosure
    FASLScript is updated
  * FID #1812 ColdFusion MX Path Disclosure
    FASLScript is updated
  * FID #1816 Sambar Web Server Path Disclosure
    FASLScript is updated
  * FID #2326 DNS Zone Transfer
    FASLScript is updated
  * FID #2334 (MS03-003) Outlook Exchange Server Security Certificates Information Disclosure
    FASLScript is updated
  * FID #3007 iTunes File Sharing Detected
    FASLScript is updated
  * FID #3793 SoftICE DbgMsg.sys Local Denial of Service
    FASLScript is updated
  * FID #3794 Windows Media Player Arbitrary Site Display
    FASLScript is updated
  * FID #3993 Webmin miniserv.pl Perl Format String Vulnerability
    FASLScript is updated
  * FID #4069 Blue Coat Systems WinProxy HTTP Denial of Service
    CVE is updated
    FASLScript is updated
  * FID #4146 Mozilla Firefox "AnyName" Vulnerability
    CVE is updated
    FASLScript is updated
  * FID #4154 Mozilla Firefox Long Title Denial of Service
    FASLScript is updated
  * FID #4194 Opera Shortcut Icon Domain Spoof
    FASLScript is updated
  * FID #4438 Apache 2.0.x Multiple Denial-of-Service (Intrusive)
    FASLScript is updated
  * FID #4496 ISS RealSecure/BlackICE SMB Mailslot Parsing Vulnerability
    FASLScript is updated
  * FID #4992 IBM WebSphere Application Server Sample Scripts Multiple HTML Injection Vulnerabilities
    FASLScript is updated
  * FID #5906 PWS-FireMing.dll Trojan
    FASLScript is updated
  * FID #6040 Null Session Share Enumeration
    FASLScript is updated
  * FID #7428 Websense Email Security Web Administrator Cross Site Scripting Vulnerability
    FASLScript is updated
  * FID #8478 VMware Server WebAccess JSON Cross Site Scripting Vulnerability
    FASLScript is updated
  * FID #32760 Sun Solaris 145201-06 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32766 Sun Solaris 144489-17 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32767 Sun Solaris 144488-17 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #32768 Sun Solaris 145200-06 Update Is Not Installed
    Name is updated
    Description is updated
    Observation is updated
    Recommendation is updated
    FASLScript is updated
  * FID #700 KaZaa Detected
    FASLScript is updated
  * FID #888 LimeWire Server Detected on TCP Port
    FASLScript is updated
  * FID #889 Gnucleus Server Detected
    FASLScript is updated
  * FID #899 Gnutella Server Detected
    FASLScript is updated
  * FID #927 BearShare Server Detected
    FASLScript is updated
  * FID #929 ShoutCast Server Detected
    FASLScript is updated
  * FID #2327 DNS Dynamic Updates
    FASLScript is updated
  * FID #2361 Anti-Virus Software F-Secure Anti-Virus Old Signatures
    CVE is updated
    FASLScript is updated
  * FID #2837 Microsoft Windows All Drives NTFS Policy
    FASLScript is updated
  * FID #3941 Microsoft Windows Domain Or Workgroup Detection
    FASLScript is updated
  * FID #4251 RADIUS Server Detected
    FASLScript is updated
  * FID #4483 Microsoft Windows Network Interface DHCP Enabled
    FASLScript is updated
  * FID #4643 LSASS RPC Interface Detected
    FASLScript is updated
  * FID #5578 Enumerate Installed VMware Images
    FASLScript is updated
  * FID #5733 Microsoft Windows Shares And Permissions
    FASLScript is updated
  * FID #6995 Microsoft SQL Server Authentication Mode
    FASLScript is updated
  * FID #7279 Windows Policy Baselining
    FASLScript is updated
  * FID #8239 Microsoft IIS Server Detected
    FASLScript is updated
  * FID #8437 Microsoft IIS Script Source Access Not Disabled
    FASLScript is updated
  * FID #9798 DHCP Server Detected
    FASLScript is updated
  * FID #9987 Dns2TCP Service Detected
    FASLScript is updated
  * FID #10137 SOCKS5 Server Connection To Self Allowed
    FASLScript is updated
  * FID #10165 Microsoft Windows Shares With Everyone Permission
    FASLScript is updated
  * FID #11092 Disk Volume Is Encrypted By Bitlocker Drive Encryption
    FASLScript is updated
  * FID #11157 Microsoft Windows Kerberos Maximum Lifetime For User Ticket Permitted Policy
    FASLScript is updated
  * FID #45001 ShellInitialize.fasl3
    FASLScript is updated
  * FID #70014 netbios-helpers.fasl3.inc
    FASLScript is updated

削除されたチェック項目:

  * FID #9800 Microsoft Internet Explorer 8 toStaticHTML Bypass Weakness Vulnerability
  * FID #11068 FTP Server Accepting Any Command Detected
  * FID #11324 AN-HTTPd count.pl Directory Traversal Vulnerability
  * FID #11331 FCKeditor upload.php TYPE Parameter Arbitrary File Upload Vulnerability
  * FID #11338 FreePBX Or PBXconfig Default Credentials Detected
  * FID #11900 Microsoft Windows Mhtml Information Disclosure
  * FID #32773 Sun Solaris 145961-02 Update Is Not Installed
  * FID #32774 Sun Solaris 145962-02 Update Is Not Installed


-------------------------------------------------------
2) アプライアンス OSパッチアップデート
-------------------------------------------------------
 期間: 2011/06/29 ~ 2011/07/04 (日本時間)

今回のアップデートはございません。

-------------------------------------------------------
3) McAfee Vulnerability Manager新バージョンソフトウェアv6.8のリリースについて
-------------------------------------------------------

■対象製品
McAfee Vulnerability Manager(旧名称:Foundstone) 6.8

■リリース日(RTW)
2010年1月18日(Webダウンロード)

■新機能概要
○インストール手順の改善
すべてのコンポーネントを1サーバ上にインストールする場合は「Standard installation」を、
分散した複数のサーバー上にインストールする場合には「Advanced installation」を選択可能。

○Javaアプレットの削除
Foundstone Enterprise Managerより、Javaアプレットが削除されました。これにより、
システム上にFoundstone Enterprise Managerを使用するJavaの最新アップデートをインストールしておく
必要がなくなりました。

○スキャンされたホストの情報保持
スキャン設定を作成する場合に、脆弱性のあり/なし/不明といったスキャン対象ホストのすべての情報を
保存することが可能。本設定は「scan configuration」ウインドウより可能です。

○政府機関向け機能の追加
本バージョンは、以下の認証を取得済みです。
・SCAP/FDCC certification
・FIPS-140 compliant encryption
・NIAP Common Criteria certification

■ローカライゼーションレベル
英語版でのご提供となります。ダウンロードサイトよりパッチを入手いただくことにより、
日本語でのレポート出力が可能です。

■本リリースに伴いサポート終了となる旧バージョン
ありません。なお、旧バージョン6.5は、2010年6月30日にサポート終了を予定しております。


-------------------------------------------------------
4) McAfee Vulnerability Manager 3000 Appliance (MVM3000)提供開始のお知らせ
-------------------------------------------------------
McAfee Vulnerability Manager 1000 Appliance (FS1000) McAfee Vulnerability Manager 850 Appliance (FS850)

が下記モデルに統合されました。

McAfee Vulnerability Manager 3000 Appliance (MVM3000)

MVM3000は2009年9月16日(水)より提供開始されています。

FS1000およびFS850のサポート終了日は2014年8月25日、
もしくは購入から5年の日付の早いほうとなります。


-------------------------------------------------------
5) McAfee Vulnerability Manager v6.5 のサポート終了について
-------------------------------------------------------
Vulnerability Manager(旧称:Foundstone) 6.5のサポート終了日が確定しましたのでお知らせします。
サポート終了日までに上位バージョンへの移行準備をお願いいたします。

サポート終了日: 2010年6月30日
現行の最新バージョン: v6.8

※アップグレードのツールおよび手順書は、ダウンロードページよりご入手いただけます。
 http://www.mcafee.com/japan/licensed2/


-------------------------------------------------------
6) 「サポート通信」登録方法変更のお知らせ
-------------------------------------------------------
サポート通信の登録方法が下記の通り変更となりましたのでお知らせいたします。

6月1日以降に新規契約をしたお客様には、4種類のサポート通信を配信いたします。各種サ
ポート通信が不要な方は、各サポート通信の文末に記載されているURLにアクセスして、解除
手続きを行っていただきます。

障害などでサポート窓口にお問い合わせいただいた新規のご担当者様には、今までどおり、
「サポート通信 - 登録のご案内」メールを1回のみ配信いたします。
http://www.mcafee.com/japan/support/customer_support/techsupport_regform.asp


---------------------------------------------------------
※ マカフィーからのサービス
---------------------------------------------------------
○マカフィーサポート通信について
- 配信停止
  「マカフィー サポート通信 - リスク管理ソリューション 」の配信停止をご希望される方は、
  以下のページより手続きをお願い致します。
  https://md.pbz.jp/s/r-ctrl.php?act=PCDelAuth&funcinfo_allreset=1&uid=mcafee&mid= foundstone_supp
- 各種法人ユーザ登録情報の変更はこちら
   ⇔ http://www.mcafee.com/japan/support/customer_support/tourokuhenkou.asp

○マカフィーでは、製品の技術的FAQ等多くのサービスや情報提供を行っています。是非ご活用ください。
 http://www.mcafee.com/japan/support/

●===McAfee=============================================○
発信元:
マカフィー株式会社
テクニカルサポートセンター インフォメーション係
(c) 2011 McAfee, Inc. All Rights Reserved.
お客様は,マカフィー株式会社の事前の書面による承諾を得ることなく、
掲載内容の無断転載を禁じます。
○=============================================McAfee===●