12/08/2009

12월 패치 투스 데이

12월 패치 투스 데이 뷸레틴들이 나왔네요. eEye에서의 마지막 패치 투스 데이입니다. 새로 옮길 회사는 Vulnerability Research보다는 Malware Research에 치중해서 아마도 패치 투스 데이때에 지금처럼 힘들게 분석할 일은 상대적으로 적을 듯 하네요.
 
전체 정보를 잘 보여 주는 테이블 하나 카피해 봅니다.
 
 

Bulletin ID

Vulnerability Title

CVE ID

Exploitability Index Assessment

Key Notes

MS09-069

Local Security Authority Subsystem Service Resource Exhaustion Vulnerability

CVE-2009-3675

3 - Functioning exploit code unlikely

The vulnerability does not allow remote code execution, only denial of service that a remote, authenticated attacker could attempt to exploit.

MS09-070

Single Sign On Spoofing in ADFS Vulnerability

CVE-2009-2508

3 - Functioning exploit code unlikely

The vulnerability does not allow remote code execution, only spoofing.

MS09-070

Remote Code Execution in ADFS Vulnerability

CVE-2009-2509

1 - Consistent exploit code likely

The vulnerability is only exploitable by an authenticated attacker.

MS09-071

Internet Authentication Service Memory Corruption Vulnerability

CVE-2009-2505

2 - Inconsistent exploit code likely

Limited possibility for remote code execution. Most likely result is denial of service.

MS09-071

MS-CHAP Authentication Bypass Vulnerability

CVE-2009-3677

3 - Functioning exploit code unlikely

The vulnerability does not allow remote code execution, only elevation of privilege due to bypassing of network authentication.

MS09-072

ATL COM Initialization Vulnerability

CVE-2009-2493

None 

(This vulnerability has already been given an exploitability index assessment in the July bulletin summary. This is because the vulnerability was first addressed in MS09-035.)

MS09-072

Uninitialized Memory Corruption Vulnerability

CVE-2009-3671

1 - Consistent exploit code likely

(None)

MS09-072

HTML Object Memory Corruption Vulnerability

CVE-2009-3672

1 - Consistent exploit code likely

(None)

MS09-072

Uninitialized Memory Corruption Vulnerability

CVE-2009-3673

1 - Consistent exploit code likely

(None)

MS09-072

Uninitialized Memory Corruption Vulnerability

CVE-2009-3674

1 - Consistent exploit code likely

(None)

MS09-073

WordPad and Office Text converter Memory Corruption Vulnerability

CVE-2009-2506

2 - Inconsistent exploit code likely

(None)

MS09-074

Project Memory Validation Vulnerability

CVE-2009-0102

2 - Inconsistent exploit code likely

(None)

 
 
Credit을 보면 재미 있네요.
 
이름이 나온 애들은 크레딧을 쫓는 사람들, anonymous는 무슨 이유에선지 이름은 밝히기 힘들고 돈만 받은 애들...
 
iDefense의 약진이 두드러지네요. 결국 Vulnerability Research 쪽도 어느 정도 통합과 집중화가 이뤄지는 듯.
 
• Ryan Smith of Verisign iDefense Labs for reporting an issue described in MS09-072
 
• Sam Thomas of eshu.co.uk, working with TippingPoint and the Zero Day Initiative, for reporting an issue described in MS09-072
 
• team509, working with Verisign iDefense Labs, for reporting an issue described in MS09-072
 
• An anonymous researcher, working with TippingPoint and the Zero Day Initiative, for reporting an issue described in MS09-072
 
• An anonymous researcher, working with TippingPoint and the Zero Day Initiative, for reporting another issue described in MS09-072
 
• Sean Larsson and Jun Mao of VeriSign iDefense Labs for reporting an issue described in MS09-073
 
• Bing Liu of Fortinet's FortiGuard Labs for reporting an issue described in MS09-074
 
 
Independent researcher들은 서서히 보안 회사들에게 자리를 내어 주게 될것 같습니다. 풀타임으로 페이를 받으면서 리서치하는 사람과 취미로 남는 시간에 무보수로 일하는 사람은 경쟁이 안되지요.
 
 
 

댓글 없음:

댓글 쓰기