==============================================================

 

マカフィー サポート通信 - リスク管理ソリューション 2011.07.14

==============================================================

 

本メールはMcAfee Vulnerability Manager製品のサポートをご購入のお客様

に配信しております。

 

 

○-======  今週のマカフィー Vulnerability Manager (目次)  =======-○

1) FSL UPDATE

2) OSパッチアップデート

3) 企業向けサポートコミュニティサイトの開設および Twitter サービスの開始について

4) 「サポート通信」登録方法変更のお知らせ

 

※) マカフィーからのサービス

○-===================================================-○

 

-------------------------------------------------------

1) FSL UPDATE

-------------------------------------------------------

マカフィーは以下のVulnerability Manager製品のアップデートを提供しています。

最新更新日: 2011-JUL-13

 

(SUMMARY)

 

新しいチェック項目     :     114

改善されたチェック項目 :      25

削除されたチェック項目 :       1

 

 追加・改善されたシグネチャ項目等の詳細は以下の製品ダウンロード

 ページから「McAfee Foundstone Update」の最新版を入手してください。

 

 http://www.mcafee.com/japan/licensed2/

 

新しいチェック項目:

 

  * FID #12297 Google Chrome NPAPI Out-of-bounds Denial of Service

    Risk: High

  * FID #12298 Google Chrome SVG Use-after-free Denial of Service

    Risk: High

  * FID #12299 Google Chrome CSS Memory Corruption Denial of Service

    Risk: High

  * FID #12300 Google Chrome Incorrect Bounds Check Denial Of Service

    Risk: High

  * FID #12301 Google Chrome Use After Free In Text Selection Denial Of Service

    Risk: High

  * FID #12302 Google Chrome Lifetime And Re-entrancy Issues Denial Of Service

    Risk: High

  * FID #12303 Google Chrome SVG Use Elements Use After Free Denial Of Service

    Risk: High

  * FID #12320 HP iNode Management Center iNodeMngChecker.exe Remote Code Execution

    Risk: High

  * FID #12321 Oracle Java Runtime Environment Deployment Applet2ClassLoader Remote Code Execution

    Risk: High

  * FID #12323 (MS11-053) Microsoft Windows Bluetooth Stack Error Allow Remote Code Execution (2566220)

    Risk: High

  * FID #12336 (MS11-054) Microsoft Windows Win32k Incorrect Parameter Privilege Escalation (2555917)

    Risk: High

  * FID #12337 (MS11-054) Microsoft Windows Win32k Null Pointer Dereference Privilege Escalation IV (2555917)

    Risk: High

  * FID #12338 (MS11-054) Microsoft Windows Win32k Null Pointer Dereference Privilege Escalation V (2555917)

    Risk: High

  * FID #12339 (MS11-053) Microsoft Windows Bluetooth Stack Error Allow Remote Code Execution (2566220)

    Risk: High

  * FID #12340 (MS11-055) Microsoft Visio Insecure Library Loading Remote Code Execution (2560847)

    Risk: High

  * FID #12348 (MS11-056) Microsoft Windows Client/Server Run-time Subsystem Could Allow Elevation Of Privilege (2507938)

    Risk: High

  * FID #41691 Red Hat Enterprise Linux RHSA-2011-0920 Update Is Not Installed

    Risk: High

  * FID #41692 Red Hat Enterprise Linux RHSA-2011-0919 Update Is Not Installed

    Risk: High

  * FID #50283 Ubuntu Linux 10.04 USN-1162-1 Update Is Not Installed

    Risk: High

  * FID #58160 Debian Linux 5.0, 6.0 DSA-2267-1 Update Is Not Installed

    Risk: High

  * FID #94658 SuSE SLES 10 SP3 kernel-7567 Update Is Not Installed

    Risk: High

  * FID #94659 SuSE SLES 10 SP3 kernel-7568 Update Is Not Installed

    Risk: High

  * FID #94667 SuSE SLES 10 SP3 kernel-7566 Update Is Not Installed

    Risk: High

  * FID #94676 SuSE SLES 10 SP3 kernel-7564 Update Is Not Installed

    Risk: High

  * FID #94688 SuSE SLES 10 SP3 kernel-7565 Update Is Not Installed

    Risk: High

  * FID #12287 Apache Tomcat MemoryUserDatabase Password Disclosure Weakness

    Risk: Medium

  * FID #12313 Trend Micro Data Loss Prevention Directory Traversal

    Risk: Medium

  * FID #12319 Microsoft Windows SMB Response Denial Of Service Vulnerability

    Risk: Medium

  * FID #12322 (HPSBUX02689) HP-UX OpenSSL Remote Denial Of Service Vulnerability

    Risk: Medium

  * FID #12341 (MS11-056) Microsoft Windows CSRSS Local EOP AllocConsole Privilege Escalation (2507938)

    Risk: Medium

  * FID #12343 (MS11-056) Microsoft Windows CSRSS Local EOP SrvSetConsoleLocalEUDC Privilege Escalation (2507938)

    Risk: Medium

  * FID #12344 (MS11-056) Microsoft Windows CSRSS Local EOP SrvSetConsoleNumberOfCommand Privilege Escalation (2507938)

    Risk: Medium

  * FID #12345 (MS11-056) Microsoft Windows CSRSS Local EOP SrvWriteConsoleOutput Privilege Escalation (2507938)

    Risk: Medium

  * FID #12346 (MS11-056) Microsoft Windows CSRSS Local EOP SrvWriteConsoleOutputString Privilege Escalation (2507938)

    Risk: Medium

  * FID #12349 WordPress Unauthorized Access And SQL Injection Vulnerabilities

    Risk: Medium

  * FID #41693 Red Hat Enterprise Linux RHSA-2011-0918 Update Is Not Installed

    Risk: Medium

  * FID #58164 Debian Linux 5.0 DSA-2262-2 Update Is Not Installed

    Risk: Medium

  * FID #58166 Debian Linux 5.0, 6.0 DSA-2266-1 Update Is Not Installed

    Risk: Medium

  * FID #85144 CentOS 5 CESA-2011-0918 Update Is Not Installed

    Risk: Medium

  * FID #85145 CentOS 5 CESA-2011-0909 Update Is Not Installed

    Risk: Medium

  * FID #90783 Oracle Enterprise Linux ELSA-2011-0909 Update Is Not Installed

    Risk: Medium

  * FID #90784 Oracle Enterprise Linux ELSA-2011-0910 Update Is Not Installed

    Risk: Medium

  * FID #90785 Oracle Enterprise Linux ELSA-2011-0908 Update Is Not Installed

    Risk: Medium

  * FID #94663 SuSE Linux  11.3,  11.4 suse-sa:2011:028 Update Is Not Installed

    Risk: Medium

  * FID #12324 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation I (2555917)

    Risk: Low

  * FID #12325 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation II (2555917)

    Risk: Low

  * FID #12326 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation III (2555917)

    Risk: Low

  * FID #12327 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation IV (2555917)

    Risk: Low

  * FID #12328 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation V (2555917)

    Risk: Low

  * FID #12329 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation VI (2555917)

    Risk: Low

  * FID #12330 (MS11-054) Microsoft Windows Win32k Null Pointer Dereference  Privilege Escalation I (2555917)

    Risk: Low

  * FID #12331 (MS11-054) Microsoft Windows Win32k Null Pointer Dereference  Privilege Escalation II (2555917)

    Risk: Low

  * FID #12332 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation VII (2555917)

    Risk: Low

  * FID #12333 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation VIII (2555917)

    Risk: Low

  * FID #12334 (MS11-054) Microsoft Windows Win32k Use After Free Privilege Escalation IX (2555917)

    Risk: Low

  * FID #12335 (MS11-054) Microsoft Windows Win32k Null Pointer Dereference  Privilege Escalation III (2555917)

    Risk: Low

  * FID #12342 (MS11-054) Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Elevation of Privilege (2555917)

    Risk: Low

  * FID #32825 Sun Solaris 147378-01 Update Is Not Installed

    Risk: Low

  * FID #32826 Sun Solaris 147379-01 Update Is Not Installed

    Risk: Low

  * FID #32827 Sun Solaris 144327-02 Update Is Not Installed

    Risk: Low

  * FID #32828 Sun Solaris 144328-02 Update Is Not Installed

    Risk: Low

  * FID #50281 Ubuntu Linux 10.04, 10.10, 11.04, 8.04 LTS USN-1163-1 Update Is Not Installed

    Risk: Low

  * FID #50282 Ubuntu Linux 10.04, 10.10 USN-1149-2 Update Is Not Installed

    Risk: Low

  * FID #58161 Debian Linux 6.0 DSA-2270-1 Update Is Not Installed

    Risk: Low

  * FID #58162 Debian Linux 6.0 DSA-2269-1 Update Is Not Installed

    Risk: Low

  * FID #58163 Debian Linux 5.0, 6.0 DSA-2272-1 Update Is Not Installed

    Risk: Low

  * FID #58165 Debian Linux 5.0, 6.0 DSA-2271-1 Update Is Not Installed

    Risk: Low

  * FID #81739 Fedora Linux 14 FEDORA-2011-8341 Update Is Not Installed

    Risk: Low

  * FID #81740 Fedora Linux 14 FEDORA-2011-8232 Update Is Not Installed

    Risk: Low

  * FID #81741 Fedora Linux 15 FEDORA-2011-8494 Update Is Not Installed

    Risk: Low

  * FID #81742 Fedora Linux 15 FEDORA-2011-8421 Update Is Not Installed

    Risk: Low

  * FID #81743 Fedora Linux 14 FEDORA-2011-8640 Update Is Not Installed

    Risk: Low

  * FID #81744 Fedora Linux 14 FEDORA-2011-8437 Update Is Not Installed

    Risk: Low

  * FID #81745 Fedora Linux 15 FEDORA-2011-8943 Update Is Not Installed

    Risk: Low

  * FID #81746 Fedora Linux 15 FEDORA-2011-8966 Update Is Not Installed

    Risk: Low

  * FID #81747 Fedora Linux 14 FEDORA-2011-8403 Update Is Not Installed

    Risk: Low

  * FID #81748 Fedora Linux 15 FEDORA-2011-8227 Update Is Not Installed

    Risk: Low

  * FID #81749 Fedora Linux 15 FEDORA-2011-7843 Update Is Not Installed

    Risk: Low

  * FID #81750 Fedora Linux 14 FEDORA-2011-7839 Update Is Not Installed

    Risk: Low

  * FID #81751 Fedora Linux 14 FEDORA-2011-8405 Update Is Not Installed

    Risk: Low

  * FID #81752 Fedora Linux 14 FEDORA-2011-7856 Update Is Not Installed

    Risk: Low

  * FID #81753 Fedora Linux 15 FEDORA-2011-7820 Update Is Not Installed

    Risk: Low

  * FID #81754 Fedora Linux 15 FEDORA-2011-8750 Update Is Not Installed

    Risk: Low

  * FID #81755 Fedora Linux 14 FEDORA-2011-8747 Update Is Not Installed

    Risk: Low

  * FID #81756 Fedora Linux 15 FEDORA-2011-8415 Update Is Not Installed

    Risk: Low

  * FID #83588 FreeBSD phpmyadmin Multiple Vulnerabilities (7e4e5c53-a56c-11e0-b180-00216aa06fc2)

    Risk: Low

  * FID #83589 FreeBSD BIND Remote DoS With Certain RPZ Configurations (4ccee784-a721-11e0-89b4-001ec9578670)

    Risk: Low

  * FID #83590 FreeBSD BIND Remote DoS Against Authoritative And Recursive Servers (fd64188d-a71d-11e0-89b4-001ec9578670)

    Risk: Low

  * FID #94657 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 tftp-4786 Update Is Not Installed

    Risk: Low

  * FID #94660 SuSE SLES 10 SP3 kernel-7603 Update Is Not Installed

    Risk: Low

  * FID #94661 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 lvm2-device-mapper-4810 Update Is Not Installed

    Risk: Low

  * FID #94662 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 iwl6000-ucode-4741 Update Is Not Installed

    Risk: Low

  * FID #94664 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 enscript-4739 Update Is Not Installed

    Risk: Low

  * FID #94665 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 MozillaFirefox-4804 Update Is Not Installed

    Risk: Low

  * FID #94666 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 sblim-cmpi-base-4618 Update Is Not Installed

    Risk: Low

  * FID #94668 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 gnome-media-4752 Update Is Not Installed

    Risk: Low

  * FID #94669 SuSE SLES 10 SP3 kernel-7599 Update Is Not Installed

    Risk: Low

  * FID #94670 SuSE SLES 10 SP3 kernel-7604 Update Is Not Installed

    Risk: Low

  * FID #94671 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 pure-ftpd-4766 Update Is Not Installed

    Risk: Low

  * FID #94672 SuSE SLED 11 SP1 cheese-4763 Update Is Not Installed

    Risk: Low

  * FID #94673 SuSE SLES 10 SP3 tftp-7589 Update Is Not Installed

    Risk: Low

  * FID #94674 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 nfs-client-4760 Update Is Not Installed

    Risk: Low

  * FID #94675 SuSE SLES 10 SP3 MozillaFirefox-7597 Update Is Not Installed

    Risk: Low

  * FID #94677 SuSE SLES 11, 11 SP1 perl-Config-General-4776 Update Is Not Installed

    Risk: Low

  * FID #94678 SuSE SLES 10 SP4, SLED 10 SP4 bash-7548 Update Is Not Installed

    Risk: Low

  * FID #94679 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 sysconfig-4746 Update Is Not Installed

    Risk: Low

  * FID #94680 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 libgnomesu-4805 Update Is Not Installed

    Risk: Low

  * FID #94681 SuSE SLES 10 SP4, SLED 10 SP4 tftp-7590 Update Is Not Installed

    Risk: Low

  * FID #94682 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 alsa-pulseaudio-4429 Update Is Not Installed

    Risk: Low

  * FID #94683 SuSE SLES 10 SP3 kernel-7605 Update Is Not Installed

    Risk: Low

  * FID #94684 SuSE SLES 10 SP3 pure-ftpd-7588 Update Is Not Installed

    Risk: Low

  * FID #94685 SuSE SLES 10 SP3 kernel-7602 Update Is Not Installed

    Risk: Low

  * FID #94686 SuSE SLES 11, 11 SP1, SLED 11, 11 SP1 libslab-4668 Update Is Not Installed

    Risk: Low

  * FID #94687 SuSE SLES 10 SP4, SLED 10 SP4 MozillaFirefox-7596 Update Is Not Installed

    Risk: Low

 

改善されたチェック項目:

 

  * FID #2279 (MS04-011) Microsoft Windows ASN.1 Double Free Heap Corruption via SMB

    FASLScript is updated

  * FID #11673 Apache SpamAssassin Milter Plugin mlfi_encrypt() Remote Code Execution Vulnerability

    FASLScript is updated

  * FID #12261 Microsoft Office XP Remote Code Execution Vulnerability

    Recommendation is updated

  * FID #12264 Oracle Web Server Expect Header Cross Site Scripting Remote Code Execution

    Recommendation is updated

  * FID #12310 Novell ZENworks Handheld Management Upload Directory Traversal Remote Code Execution

    Recommendation is updated

  * FID #7890 TLS / SSL Man-In-The-Middle Renegotiation Vulnerability

    Recommendation is updated

  * FID #9341 Microsoft ASP.NET Framework _VIEWSTATE Insecure Crypto Validation Vulnerability

    Recommendation is updated

  * FID #11861 TLS / SSL Man-In-The-Middle Renegotiation Vulnerability

    Recommendation is updated

  * FID #12142 Apache mod_info /server-info Information Disclosure Vulnerability

    Recommendation is updated

  * FID #10030 Xerver Administration Interface currentPath Cross Site Scripting Vulnerability

    Recommendation is updated

  * FID #31629 Sun Solaris 120273-33 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

    FASLScript is updated

  * FID #32056 Sun Solaris 120981-25 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

    FASLScript is updated

  * FID #32057 Sun Solaris 120982-25 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

    FASLScript is updated

  * FID #32237 Sun Solaris 137402-03 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

    FASLScript is updated

  * FID #32242 Sun Solaris 137403-03 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

    FASLScript is updated

  * FID #32445 Sun Solaris 121118-19 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

    FASLScript is updated

  * FID #32451 Sun Solaris 121119-19 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

    FASLScript is updated

  * FID #32752 Sun Solaris 143562-10 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

  * FID #32753 Sun Solaris 143561-10 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

  * FID #32761 Sun Solaris 145081-04 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

  * FID #83587 FreeBSD asterisk Multiple Vulnerabilities (40544e8c-9f7b-11e0-9bec-6c626dd55a41)

    FASLScript is updated

  * FID #1693 Anti-Virus Software Symantec AntiVirus Installation and Version Information

    FASLScript is updated

  * FID #1950 Anti-Virus Software Symantec AntiVirus Real-Time Detection

    FASLScript is updated

  * FID #31550 Sun Solaris 120272-31 Update Is Not Installed

    Name is updated

    Description is updated

    Observation is updated

    Recommendation is updated

    FASLScript is updated

  * FID #70014 netbios-helpers.fasl3.inc

    FASLScript is updated

 

削除されたチェック項目:

 

  * FID #10327 Microsoft Windows 32-bit Unspecified Privilege Escalation II (Stuxnet)

 

-------------------------------------------------------

2) アプライアンス OSパッチアップデート

-------------------------------------------------------

 期間: 2011/07/11 ~ 2011/07/14 (日本時間)

 

今回のアップデートはございません。

 

-------------------------------------------------------

3) 企業向けサポートコミュニティサイトの開設および Twitter サービスの開始について

-------------------------------------------------------

○ お知らせ

 

企業向けサポートコミュニティサイト「Japan Corporate Support」を開設いたしました。

また、「企業向けお客様サポート公式 Twitter」を開設し、サポート情報のリアルタイム

配信を開始しました。

 

マカフィー、ユーザー参加型の企業向け製品コミュニティサイトをオープン

~サポート部門が主体となり企業セキュリティに関するディスカッションの場を提供~

(4月18日発プレスリリース)

http://www.mcafee.com/japan/about/prelease/pr_11a.asp?pr=11/04/18-1

 

● 開始日

 

2011/04/18 (月) 9:00

 

○ 備考

 

- 企業向けサポートコミュニティサイト「Japan Corporate Support」

   https://community.mcafee.com/community/japan

   サポート通信や FAQ 掲載情報、製品及びパッチのリリース情報やドキュメントが掲載

   されます。また、製品に関する技術的な情報に関して、コミュニティご登録者が参加

   可能なフリーディスカッションのスペースがございます。

 

- 企業向けお客様サポート公式 Twitter

   http://twitter.com/McAfee_BTS_JP

   Twitter サービスを利用し、サポート通信や FAQ 掲載情報、製品及びパッチのリリー

   ス情報がリアルタイムで配信されます。

 

  コミュニティサイトの登録方法、 Twitter のフォロー方法などの詳細につきましては、

  以下のページをご覧ください。

  http://www.mcafee.com/Japan/support/japancorporate.asp

 

-------------------------------------------------------

4) 「サポート通信」登録方法変更のお知らせ

-------------------------------------------------------

サポート通信の登録方法が下記の通り変更となりましたのでお知らせいたします。

 

6月1日以降に新規契約をしたお客様には、4種類のサポート通信を配信いたします。各種サ

ポート通信が不要な方は、各サポート通信の文末に記載されているURLにアクセスして、解除

手続きを行っていただきます。

 

障害などでサポート窓口にお問い合わせいただいた新規のご担当者様には、今までどおり、

「サポート通信 - 登録のご案内」メールを1回のみ配信いたします。

http://www.mcafee.com/japan/support/customer_support/techsupport_regform.asp

 

---------------------------------------------------------

※ マカフィーからのサービス

---------------------------------------------------------

○マカフィーサポート通信について

- 配信停止

  「マカフィー サポート通信 - リスク管理ソリューション 」の配信停止をご希望される方は、

  以下のページより手続きをお願い致します。

 https://md.pbz.jp/s/r-ctrl.php?act=PCDelAuth&funcinfo_allreset=1&uid=mcafee&mid= foundstone_supp

- 各種法人ユーザ登録情報の変更はこちら

   ⇔ http://www.mcafee.com/japan/support/customer_support/tourokuhenkou.asp

 

○マカフィーでは、製品の技術的FAQ等多くのサービスや情報提供を行っています。是非ご活用ください。

 http://www.mcafee.com/japan/support/

 

●===McAfee=============================================○

発信元:

マカフィー株式会社

テクニカルサポートセンター インフォメーション係

(c) 2011 McAfee, Inc. All Rights Reserved.

お客様は,マカフィー株式会社の事前の書面による承諾を得ることなく、

掲載内容の無断転載を禁じます。

○=============================================McAfee===●