==============================================================

マカフィー サポート通信 - リスク管理ソリューション 2011.09.06
==============================================================

本メールはMcAfee Vulnerability Manager製品のサポートをご購入のお客様
に配信しております。

○-======  今週のマカフィー Vulnerability Manager (目次)  =======-○
1) FSL UPDATE
2) OSパッチアップデート
3) McAfee Vulnerability Manager Software v6.8のサポート終了について
4) 企業向けサポートコミュニティサイトの開設および Twitter サービスの開始について
5) 「サポート通信」配信について

※) マカフィーからのサービス
○-===================================================-○

-------------------------------------------------------
1) FSL UPDATE
-------------------------------------------------------
マカフィーは以下のVulnerability Manager製品のアップデートを提供しています。
最新更新日: 2011-SEP-05

(SUMMARY)

新しいチェック項目 :        7
改善されたチェック項目 :      114

 追加・改善されたシグネチャ項目等の詳細は以下の製品ダウンロード
 ページから「McAfee Foundstone Update」の最新版を入手してください。

 http://www.mcafee.com/japan/licensed2/

新しいチェック項目:

  * FID #12372 (HT4802) Apple iOS CoreGraphics FreeType Remote Code Execution
    Risk: High
  * FID #12517 Google Chrome Multiple Vulnerabilities Prior To 13.0.782.112
    Risk: High
  * FID #12566 (HT4564) Apple iOS Multiple Vulnerabilities Prior To 4.3
    Risk: High
  * FID #12587 Microsoft Windows Script Host 'wshesn.dll' DLL Loading Arbitrary Code Execution Vulnerability
    Risk: High
  * FID #12563 DotNetNuke Module Permission Check Security Bypass Vulnerability
    Risk: Medium
  * FID #12575 W32/Morto
    Risk: Medium
  * FID #12284 Apple iDevice Attached Detection
    Risk: Informational

改善されたチェック項目:

  * FID #3784 Adobe Acrobat LocalFile() Method Local File Enumeration
    Risk is updated
  * FID #4897 CA BrightStor ARCserve Backup Tape Engine RPC Vulnerability
    Risk is updated
  * FID #4946 Sun Solaris Telnet Remote Security Bypass
    FASLScript is updated
  * FID #6143 Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow
    Risk is updated
  * FID #6923 Mozilla Thunderbird UTF-8 URL Handling Stack Buffer Overflow
    Risk is updated
  * FID #6924 Mozilla SeaMonkey UTF-8 URL Handling Stack Buffer Overflow
    Risk is updated
  * FID #11514 IBM Informix Dynamic Server Oninit Buffer Overflow Remote Code Execution
    Recommendation is updated
  * FID #12261 Microsoft Office XP Remote Code Execution Vulnerability
    Recommendation is updated
  * FID #12264 Oracle Web Server Expect Header Cross Site Scripting Remote Code Execution
    Recommendation is updated
  * FID #12375 Oracle Java RMI Services Default Configuration Remote Code Execution
    Recommendation is updated
  * FID #12525 FlexNet License Server Manager Remote Code Execution
    Recommendation is updated
  * FID #12557 KingView SCADA HMI Heap Overflow Vulnerability
    Recommendation is updated
  * FID #3775 Webcom Wguest Arbitrary File Disclosure Vulnerability
    Risk is updated
    CVE is updated
  * FID #3778 Webmin Directory Traversal Vulnerability
    Risk is updated
  * FID #3783 Adobe Reader LocalFile() Method Local File Enumeration
    Risk is updated
  * FID #3823 Alt-N MDaemon Local Privilege Escalation
    Risk is updated
  * FID #3854 MYSQL User Defined Function Denial of Service Vulnerabilities
    Risk is updated
  * FID #3865 Axis Web Camera CGI Information Disclosure
    Risk is updated
    CVE is updated
  * FID #3866 Axis Web Camera Log Disclosure
    Risk is updated
  * FID #3930 PHP open_basedir Slash Directory Traversal
    Risk is updated
    CVE is updated
  * FID #3993 Webmin miniserv.pl Perl Format String Vulnerability
    Risk is updated
  * FID #4032 Sun Java JRE Deserialization Denial of Service Vulnerability
    Risk is updated
  * FID #4034 Trend Micro ServerProtect relay.dll Chunked Overflow Vulnerability
    Risk is updated
  * FID #4035 Trend Micro ServerProtect isaNVWRequest.dll Chunked Overflow
    Risk is updated
  * FID #4043 DB2 db2govd, db2start and db2stop Privilege Escalation Vulnerabilities
    Risk is updated
  * FID #4069 Blue Coat Systems WinProxy HTTP Denial of Service
    Risk is updated
  * FID #4143 Mozilla SeaMonkey QueryInterface Vulnerability
    Risk is updated
    CVE is updated
  * FID #4146 Mozilla Firefox "AnyName" Vulnerability
    Risk is updated
  * FID #4147 Mozilla SeaMonkey "AnyName" Vulnerability
    Risk is updated
    CVE is updated
  * FID #4148 Mozilla Firefox XML Parsing Vulnerability
    Risk is updated
  * FID #4152 Mozilla Firefox XULDocument.persist() Vulnerability
    Risk is updated
  * FID #4153 Mozilla SeaMonkey XULDocument.persist() Vulnerability
    Risk is updated
    CVE is updated
  * FID #4154 Mozilla Firefox Long Title Denial of Service
    Risk is updated
  * FID #4155 Mozilla SeaMonkey Long Title Denial of Service
    Risk is updated
  * FID #4188 Microsoft W3Who ISAPI Connection Headers Cross Site Scripting
    Risk is updated
  * FID #4204 Apache mod_mylo Buffer Overflow
    Risk is updated
  * FID #4239 Oracle 9iAS XSQL Servlet Information Disclosure
    Risk is updated
  * FID #4248 Pi3Web CGI Handler Vulnerability
    Risk is updated
  * FID #4261 AWOL PHP include Vulnerability
    Risk is updated
  * FID #4262 Basilix Webmail class/inc Information Disclosure
    Risk is updated
  * FID #4268 Gnome libgtop_daemon Vulnerability
    Risk is updated
    CVE is updated
  * FID #4301 YaBB catsearch Directory Traversal
    Name is updated
    Risk is updated
  * FID #4321 Apache::ASP source.asp Vulnerability
    Risk is updated
  * FID #4323 SawMill rfcf Parameter File Disclosure
    Risk is updated
  * FID #4334 W3C httpd Physical Path Disclosure
    Risk is updated
  * FID #4349 MiniSQL w3-msql Directory Disclosure
    Risk is updated
  * FID #4351 TFTP Not Running in Restricted Directory
    Risk is updated
  * FID #4430 Computer Associates BrightStor ARCserve Backup Agents Buffer Overflow
    Risk is updated
  * FID #4460 (MS06-035) Microsoft Server Service SMB Information Disclosure Vulnerability Non-Intrusive (917159)
    Risk is updated
  * FID #4498 Barracuda Spam Firewall Information Disclosure and Shell Command Injection
    Risk is updated
  * FID #4553 Alt-N MDaemon WebAdmin Multiple Vulnerabilities
    Risk is updated
  * FID #4637 ColdFusion Sample Application Command Execution Vulnerability
    Risk is updated
  * FID #4722 MailEnable SMTP NTLM Authentication Buffer Overflow
    Risk is updated
  * FID #4821 Thunderbird Layout Engine Vulnerability
    Risk is updated
  * FID #4822 Firefox Layout Engine Vulnerability
    Risk is updated
  * FID #4823 Seamonkey Layout Engine Vulnerability
    Risk is updated
  * FID #4827 Mozilla Firefox js_dtoa Vulnerability
    Risk is updated
  * FID #4828 Mozilla Thunderbird js_dtoa Vulnerability
    Risk is updated
  * FID #4829 Mozilla Seamonkey js_dtoa Vulnerability
    Risk is updated
  * FID #4956 IBM WebSphere Application Server Root JSP Source Code Disclosure
    Risk is updated
  * FID #4958 IBM WebSphere Application Server File Servlet Source Code Disclosure
    Risk is updated
  * FID #4984 FactoSystem Weblog Multiple SQL Injection Vulnerabilities
    Risk is updated
  * FID #5023 IBM WebSphere Application Server JSP Source Code Disclosure Vulnerability
    Risk is updated
  * FID #5191 Mozilla Firefox Cookie Path Abuse Vulnerability
    Risk is updated
  * FID #5192 Mozilla Firefox Autocomplete Denial of Service Vulnerability
    Risk is updated
    CVE is updated
  * FID #5206 Google Desktop Application Start Vulnerability
    Risk is updated
  * FID #5242 Microsoft Office MSODataSourceControl ActiveX Control Vulnerability
    Recommendation is updated
  * FID #5306 Cisco IOS SIP Protocol DoS Vulnerability
    Risk is updated
  * FID #5310 Cisco IOS Data Leak in UDP Echo Service Velnerability
    Risk is updated
  * FID #5369 Yahoo Messenger 8.1 Address Book Vulnerability
    Risk is updated
  * FID #5410 Microsoft Vista ATI Kernel atikmdag.sys Driver Vulnerability
    Risk is updated
  * FID #5479 (MS07-052) Microsoft Crystal Reports RPT Processing Vulnerability (941522)
    Risk is updated
  * FID #5480 (MS07-051) Microsoft Agent Remote Code Execution Vulnerability (938827)
    Risk is updated
  * FID #5484 Apple QuickTime Remote Security Bypass Vulnerability
    Risk is updated
  * FID #5526 Symantec Veritas Backup Exec For Windows Servers Unspecified Vulnerability
    Risk is updated
  * FID #5696 (MS08-004) Microsoft Windows Vista TCP/IP Vulnerability (946456)
    Risk is updated
  * FID #5826 Opera Password Input Handling Vulnerability
    Risk is updated
  * FID #5955 Mozilla Firefox Unspecified Vulnerability
    Risk is updated
  * FID #5956 Microsoft Word Unordered Lists Handling Denial of Service
    Risk is updated
  * FID #5985 Mozilla Firefox Fastload File Remote Code Execution Vulnerability
    Risk is updated
  * FID #6168 (MS08-062) Microsoft Integer Overflow in IPP Service Vulnerability (953155)
    Risk is updated
  * FID #6169 (MS08-061) Microsoft Windows Kernel Window Creation Vulnerability (954211)
    Risk is updated
  * FID #6170 (MS08-061) Microsoft Windows Kernel Unhandled Exception Vulnerability (954211)
    Risk is updated
  * FID #6171 (MS08-061) Microsoft Windows Kernel Memory Corruption Vulnerability (954211)
    Risk is updated
  * FID #6172 (MS08-058) Microsoft HTML Tag Element Cross-Domain Information Disclosure Vulnerability (956390)
    Risk is updated
  * FID #6173 (MS08-058) Microsoft Source Element Cross-Domain Information Disclosure Vulnerability (956390)
    Risk is updated
  * FID #6175 (MS08-058) Microsoft Uninitialized Memory Corruption Vulnerability (956390)
    Risk is updated
  * FID #6176 (MS08-058) Microsoft HTML Objects Memory Corruption Vulnerability (956390)
    Risk is updated
  * FID #6224 Mozilla Firefox 3.0.4 Security Bypass Vulnerability
    Risk is updated
  * FID #6225 Mozilla Firefox E4X Document XML Parsing Vulnerability
    Risk is updated
  * FID #6233 Adobe Reader Type 1 Font Parsing Out-Of-Bounds Write Vulnerability
    Risk is updated
  * FID #6234 Adobe Reader GetCosObj Method Code Execution Vulnerability
    Risk is updated
  * FID #6235 Adobe Reader JavaScript Method Input Validation Vulnerability
    Risk is updated
  * FID #6236 Adobe Reader Untrusted Search Path Vulnerability
    Risk is updated
  * FID #6238 Adobe Reader Download Manager AcroJS Function Vulnerability
    Risk is updated
  * FID #6246 Opera Browser file URI Handling Buffer Overflow
    Risk is updated
  * FID #6338 Apple ImageIO Image File Information Disclosure Vulnerability
    Risk is updated
  * FID #6351 Opera Web Browser Remote Code Execution Vulnerability
    Risk is updated
  * FID #6373 VMware ESX Server Memory Corruption Vulnerability
    Risk is updated
  * FID #6376 VMware Virtual Hardware Memory Corruption Vulnerability
    Risk is updated
  * FID #6408 Macrovision FlexNET Connect ActiveX Control Vulnerability
    Risk is updated
  * FID #6489 HP LaserJet Printer HP-ChaiSOE Web Administration Directory Traversal Vulnerability
    Risk is updated
  * FID #6505 Mozilla Firefox RDFXMLDataSource Information Disclosure Vulnerability
    Risk is updated
  * FID #6555 HP Laserjet Embedded Web Server Insecure Default Configuration
    Risk is updated
  * FID #6576 Mozilla Firefox Denial of Service Vulnerability
    Risk is updated
  * FID #6594 Wireshark 1.0.6 Multiple Vulnerabilities
    Risk is updated
  * FID #6701 Oracle Database Spatial Component Unspecified Vulnerability (CVE-2006-5340)
    Risk is updated
  * FID #6813 Apple AirPort / TimeCapsule IPv6 NDP Denial-of-Service vulnerability
    Risk is updated
  * FID #6814 Apple AirPort / TimeCapsule IPv6 PPoE Denial-of-Service Vulnerabiility
    Risk is updated
  * FID #6815 Apple AirPort / TimeCapsule IPv6 ICMPv6 Denial-of-Service Vulnerability
    Risk is updated
  * FID #6842 (MS09-031) Microsoft ISA Server Radius OTP Bypass Vulnerability (970811)
    Risk is updated
  * FID #6845 Mozilla Firefox Browser Engine Memory Corruption Vulnerability
    Risk is updated
  * FID #6847 Mozilla Thunderbird Browser Engine Memory Corruption Vulnerability
    Risk is updated
  * FID #6848 Mozilla SeaMonkey Browser Engine Memory Corruption Vulnerability
    Risk is updated
  * FID #6899 Microsoft Outlook Web Access owalogon.asp Script URL Redirection Vulnerability
    Risk is updated
  * FID #6929 Sun MySQL mysql_log Format String Vulnerability
    Risk is updated
  * FID #7117 Adobe Flash Media Servers Privilege Escalation Vulnerability
    Risk is updated
  * FID #7128 Asterisk SIP sscanf Multiple Denial of Service Vulnerabilities
    Risk is updated
  * FID #7503 Adobe Flash Player ActiveX Control Information Disclosure Vulnerability
    Risk is updated
  * FID #7534 Mozilla Thunderbird Fastload File Remote Code Execution Vulnerability
    Risk is updated
  * FID #7535 Mozilla SeaMonkey Fastload File Remote Code Execution Vulnerability
    Risk is updated
  * FID #7642 (MS10-001) Vulnerability In the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
    Risk is updated
  * FID #7820 OpenSSH Multiple Identical Block Denial Of Service Vulnerabilities
    Risk is updated
  * FID #7830 (MS08-037) Vulnerabilities In DNS Could Allow Spoofing (953230)
    Risk is updated
  * FID #7901 IBM HTTP Server mod_deflate Denial Of Service Vulnerability (CVE-2009-1891)
    Risk is updated
  * FID #7957 Cisco IOS Intrusion Prevention System Denial Of Service Vulnerability
    Risk is updated
  * FID #8020 (MS08-058) Cumulative Security Update For Internet Explorer (956390)
    Risk is updated
  * FID #8051 (MS08-062) Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution (953155)
    Risk is updated
  * FID #8065 Apache mod_isapi Module Unload Vulnerability (CVE-2010-0425)
    Risk is updated
  * FID #8214 (MS08-048) Security Update For Outlook Express And Windows Mail (951066)
    Risk is updated
  * FID #12313 Trend Micro Data Loss Prevention Directory Traversal
    Recommendation is updated
  * FID #12356 Sybase Advantage Database Server Memory Corruption Vulnerability
    Recommendation is updated
  * FID #12359 Oracle Java Runtime Environment Insecure File Loading
    Recommendation is updated
  * FID #12411 Novell File Reporter SRS Tag Arbitrary File Deletion Vulnerability
    Recommendation is updated
  * FID #12428 WordPress bSuite Plugin index.php Page Cross Site Scripting Vulnerability
    Recommendation is updated
  * FID #12504 WordPress Register Plus Redux Plugin Multiple Cross Site Scripting Vulnerabilities
    Recommendation is updated
  * FID #12531 Microsoft Internet Explorer 'Iedvtool.dll' Malformed HTML Denial Of Service Vulnerability
    Recommendation is updated
  * FID #12532 Microsoft Windows DHCPv6 Packets Remote Denial Of Service
    Recommendation is updated
  * FID #12537 WordPress WP Stats Dashboard Plugin onchange Cross Site Scripting Vulnerability
    Recommendation is updated
  * FID #34053 Cisco IOS Data Leak in UDP Echo Service Velnerability
    Risk is updated
  * FID #34056 Cisco IOS SIP Protocol DoS Vulnerability
    Risk is updated
  * FID #38216 Mozilla Firefox Browser Engine Memory Corruption Vulnerability
    Risk is updated
  * FID #12437 Microsoft Windows CSRSS SrvGetConsoleTitle Type Casting Weakness Information Disclosure
    Recommendation is updated
  * FID #70115 dotnetnuke.fasl3.inc
    FASLScript is updated

-------------------------------------------------------
2) アプライアンス OSパッチアップデート
-------------------------------------------------------
 期間: 2011/09/02 ~ 2011/09/06 (日本時間)

今回のアップデートはございません。

-------------------------------------------------------
3) McAfee Vulnerability Manager Software v6.8のサポート終了について
-------------------------------------------------------
McAfee Vulnerability Manager Softwareにつきまして、以下のバージョンの
サポート終了を予定しておりますのでご案内いたします。

McAfee Vulnerability Manager Software v6.8
サポート終了日:2012年6月30日

■備考
・現在の最新バージョンは、McAfee Vulnerability Manager Software v7.0です。
・本バージョンへの移行などに関しましては、弊社サポート窓口までお問い合わせください。
・ソフトウェアンおよびドキュメントは下記ダウンロードページよりご入手いただけます。
 http://www.mcafee.com/japan/licensed2/

-------------------------------------------------------
4) 企業向けサポートコミュニティサイトの開設および Twitter サービスの開始について
-------------------------------------------------------
○ お知らせ

企業向けサポートコミュニティサイト「Japan Corporate Support」を開設いたしました。
また、「企業向けお客様サポート公式 Twitter」を開設し、サポート情報のリアルタイム
配信を開始しました。

マカフィー、ユーザー参加型の企業向け製品コミュニティサイトをオープン
~サポート部門が主体となり企業セキュリティに関するディスカッションの場を提供~
(4月18日発プレスリリース)
http://www.mcafee.com/japan/about/prelease/pr_11a.asp?pr=11/04/18-1

● 開始日

2011/04/18 (月) 9:00

○ 備考

- 企業向けサポートコミュニティサイト「Japan Corporate Support」
   https://community.mcafee.com/community/japan
   サポート通信や FAQ 掲載情報、製品及びパッチのリリース情報やドキュメントが掲載
   されます。また、製品に関する技術的な情報に関して、コミュニティご登録者が参加
   可能なフリーディスカッションのスペースがございます。

- 企業向けお客様サポート公式 Twitter
   http://twitter.com/McAfee_BTS_JP
   Twitter サービスを利用し、サポート通信や FAQ 掲載情報、製品及びパッチのリリー
   ス情報がリアルタイムで配信されます。

  コミュニティサイトの登録方法、 Twitter のフォロー方法などの詳細につきましては、
  以下のページをご覧ください。
  http://www.mcafee.com/Japan/support/japancorporate.asp

-------------------------------------------------------
5) 「サポート通信」配信について
-------------------------------------------------------

新規契約をしたお客様には、4種類のサポート通信を配信いたします。
各種サポート通信が不要な方は、各サポート通信の文末に記載されているURLにアクセスして、
解除手続きを行っていただきます。

障害などでサポート窓口にお問い合わせいただいた新規のご担当者様には、
今までどおり、「サポート通信 - 登録のご案内」メールを1回のみ配信いたします。
http://www.mcafee.com/japan/support/customer_support/techsupport_regform.asp

---------------------------------------------------------
※ マカフィーからのサービス
---------------------------------------------------------
● マカフィーモバイルサービス
  携帯電話を利用して、緊急ウイルス情報をリアルタイムに確認し、
  ウイルス被害を抑制できます。
   ⇔ http://www.mcafee.com/japan/support/mobileservice.asp

○ サポートQ&A
- 製品の評価、導入、トラブル、障害の発生時に参考となる解決策や
   回避策のFAQをご確認頂けます。 是非お役立て下さい。
   ⇔ http://www.mcafee.com/japan/pqa/pqa.asp
- 1週間のあいだに更新(あるいは新掲載)されたQ&Aはこちら
   ⇔ http://www.mcafee.com/japan/pqa/pqa_newqa.asp

● 企業向けサポートコミュニティサイト「Japan Corporate Support」
   https://community.mcafee.com/community/japan
   サポート通信や FAQ 掲載情報、製品及びパッチのリリース情報やドキュメントが掲載
   されます。また、製品に関する技術的な情報に関して、コミュニティご登録者が
   参加可能なフリーディスカッションのスペースがございます。

○ 企業向けお客様サポート公式 Twitter
   http://twitter.com/McAfee_BTS_JP
   Twitter サービスを利用し、サポート通信や FAQ 掲載情報、製品及びパッチのリリース
   情報がリアルタイムで配信されます。

● マカフィーサポート通信について
- 配信停止
  「マカフィー サポート通信 - リスク管理ソリューション 」の配信停止をご希望される方は、
  以下のページより手続きをお願い致します。
 https://md.pbz.jp/s/r-ctrl.php?act=PCDelAuth&funcinfo_allreset=1&uid=mcafee&mid= foundstone_supp
- 各種法人ユーザ登録情報の変更はこちら
   ⇔ http://www.mcafee.com/japan/support/customer_support/tourokuhenkou.asp

●===McAfee=============================================○
発信元:
マカフィー株式会社
テクニカルサポートセンター インフォメーション係
http://www.mcafee.com/japan/support/customer_support/
(c) 2011 McAfee, Inc. All Rights Reserved.
お客様は,マカフィー株式会社の事前の書面による承諾を得ることなく、
掲載内容の無断転載を禁じます。
○=============================================McAfee===●