Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
Return-Path: bugtraq-jp-return-126-kjm=ideon.st.ryukoku.ac.jp@securityfocus.com Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Delivered-To: mailing list bugtraq-jp@securityfocus.com Delivered-To: moderator for bugtraq-jp@securityfocus.com Received: (qmail 31329 invoked from network); 30 Apr 2002 12:37:42 -0000 To: bugtraq-jp@securityfocus.com Subject: SecurityFocus.com Newsletter #141 2002-4-15->2002-4-19 From: SAKAI Yoriyuki References: In-Reply-To: Message-Id: <200204302140.IEA78289.LBBJT@lac.co.jp> X-Mailer: Winbiff [Version 2.34PL1] X-Accept-Language: ja,en Date: Tue, 30 Apr 2002 21:40:17 +0900 Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; Boundary="---------1020170414-6996390" X-Virus-Scanned: by AMaViS perl-11 -----------1020170414-6996390 Content-Type: text/plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit $B:d0f(B@$B%i%C%/$G$9!#(B SecurityFocus.com Newsletter $BBh(B 141 $B9f$NOBLu$r$*FO$1$7$^$9!#(B $BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B --------------------------------------------------------------------------- SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ: http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml BugTraq-JP $B$K4X$9$k(B FAQ: http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml (SecurityFocus.com Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0le$G9T$o(B $B$l$F$$$^$9!#(B $B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews$B!"(BMailinglist$B!"(B World Wide Web$B!"=q@R!"$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B $BA4J80zMQ$r$*4j$$$7$^$9!#(B $B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B $B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B 1) http://www.securityfocus.com/archive/79 --------------------------------------------------------------------------- --------------------------------------------------------------------------- $B$3$NOBLu$K4X$9$kHw9M(B: $B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B --------------------------------------------------------------------------- --------------------------------------------------------------------------- $B86HG(B: Date: Mon, 22 Apr 2002 13:28:18 -0600 (MDT) Message-ID: SecurityFocus Newsletter #141 ----------------------------- This newsletter is sponsored by SecurityFocus (www.securityfocus.com) I. FRONT AND CENTER($BF|K\8lLu$J$7(B) 1. VBA Emulation: A Viable Method of Macro Virus Detection? Part One 2. Openwall: Improving Security with the Openwall Patch 3. Network Intrusion Detection Signatures, Part Five 4. Closing the Spycam Sniffer Loophole 5. Peddling Snake Oil as Security II. BUGTRAQ SUMMARY 1. Bradford Barrett Webalizer Reverse DNS Buffer Overflow... 2. Microsoft Internet Explorer History List Script Injection... 3. Microsoft BackOffice Server Web Administration Authentication... 4. WebTrends Reporting Center GET Request Buffer Overflow... 5. Microsoft Internet Explorer Dialog Same Origin Policy Bypass... 6. Microsoft Windows 2000 Lanman Denial of Service Vulnerability 7. Sambar Server Script Source Disclosure Vulnerability 8. AOLServer Developer API Ns_PdLog() Format String Vulnerability 9. MPE/iX Malformed IP Packet Denial of Service Vulnerability 10. Pipermail/Mailman Insecure Archives Permissions Vulnerability 11. PVote Unauthorized Administrative Password Change Vulnerability 12. PVote Poll Content Manipulation Vulnerability 13. ColdFusion DOS Device File Request System Information... 14. FreeBSD Routing Table ICMP Echo Reply Denial Of Service... 15. Compaq Tru64 C Library Buffer Overflow Vulnerability 16. Microsoft IIS CodeBrws.ASP File Extension Check Out By One... 17. MHonArc HTML Script Filter Bypass Vulnerability 18. Symantec Norton Personal Firewall 2002 Fragmented Packet... 19. SSH Restricted Shell Escaping Command Execution Vulnerability 20. Oracle E-Business Suite 11i Unauthorized PL/SQL Procedure... 21. XPilot Server Remote Buffer Overflow Vulnerability 22. IcrediBB Script Injection Vulnerability 23. Foundstone FScan Banner Grabbing Format String Vulnerability 24. WorkforceROI XPede Unprotected Administrative Facilities... 25. XPede DataSource.ASP Information Disclosure Vulnerability 26. WorkforceROI XPede Sprc.ASP SQL Injection Vulnerability 27. WorkforceROI XPede Weak File Protection Vulnerability 28. WorkforceROI XPede Arbitrary Time Sheet Disclosure Vulnerabiltiy 29. Apache Tomcat System Path Information Disclosure Vulnerability 30. OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability 31. Snitz Forums 2000 Members.ASP SQL Injection Vulnerability 32. PostBoard BBCode IMG Tag Script Injection Vulnerability 33. PostBoard Topic Title Script Execution Vulnerability 34. PostBoard BBCode Denial Of Service Vulnerability 35. Nortel CVX 1800 Multi-Service Access Switch Default SNMP... 37. Burning Board URL Parameter Manipulation Vulnerability 38. Mirabilis ICQ .hpf Denial of Service Vulnerability 39. Demarc PureSecure Authentication Check SQL Injection... 40. HP Photosmart Mac OS X Print Driver Weak File Permissions... 41. Microsoft Internet Explorer Unicode Character Handling DoS... 42. Multiple Microsoft Products for MacOS File URL Buffer Overflow... 43. Symantec Norton Personal Firewall 2002 Portscan Protection... 44. Oracle 9i ANSI Outer Join Access Control Bypass Vulnerability 45. Symantec Raptor / Enterprise Firewall FTP Bounce Vulnerability 46. FreeBSD 4.5 syncache / syncookies Denial Of Service Vulnerability 47. Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability 48. AOL Instant Messenger Arbitrary File Creation Vulnerability 49. TalentSoft Web+ WML Request Cookie Buffer Overflow Vulnerability III. SECURITYFOCUS.COM NEWS ARTICLES 1. GovNet Plans Moving Forward 2. Ashcroft, Ellison, Win 'Big Brother' Awards 3. National ID Plans Face Hurdles 4. FTC Chairman Pushes Net Crime Vigilance, Not New Laws 5. New Take On Klez Worm Spreading 6. Privacy Worries, Net Activism Top Privacy Show Agenda IV.SECURITY FOCUS TOP 6 TOOLS 1. Logwatch v2.8.5 2. TinyCA v0.3.0 3. Castellan Sentry v0.01 4. Nessus v1.2.0 5. lcrzoex v4.08 6. Firewall by Jim v0.28 I. FRONT AND CENTER($BF|K\8lLu$J$7(B) --------------------------------- II. BUGTRAQ SUMMARY ------------------- 1. Bradford Barrett Webalizer Reverse DNS Buffer Overflow Vulnerability BugTraq ID: 4504 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 15 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4504 $B$^$H$a(B: Webalizer $B$O(B Web $B%5%$%H$N%m%0$NE}7W=hM}$r%U%!%$%k2=$9$k!"(BWeb $B%5!<%P$N%m(B $B%0%U%!%$%k$rpJs!"%V(B $B%i%&%6>pJs!"(BWeb $B%5%$%H$N%R%C%H?t!"%"%/%;%9$5$l$?%U%!%$%k$J$I$N>pJs$,4^(B $B$^$l$F@8@.$5$l$F$$$k!#%m%0%U%!%$%k$N=hM}7k2L$O(B HTML $B7A<0$G@8@.$5$l$k$?(B $B$a!"4IM}H$,2DG=$G$"$k!#(B $B$$$/$D$+$N%P!<%8%g%s$N(B Webalizer $B$K$O%j%b!<%H$+$i$N%P%C%U%!%*!<%P!<%U%m!<(B $B$r@8$8$kLdBj$,H/8+$5$l$F$$$k!#(BDNS $B%5!<%P$r4IM}$7$F$$$k0-0U$"$k?MJ*$,!"(B $B5U0z$-(B DNS $B;2>H$,9T$o$l$k:]$K(B Webalizer $B$K0-0U$"$k%G!<%?$rAw?.$9$k2DG=(B $B@-$,$"$k!#$3$N$?$a!"%a%b%j%P%C%U%!$N%*!<%P!<%U%m!<$r0z$-5/$3$5$l$k2DG=(B $B@-$,$"$k!#(B $B$3$N%=%U%H%&%'%"$N%Y%s%@$O!"%W%m%;%9Fb$N%a%b%j$NG[CV>uBV$H!"CmF~$5$l$k(B $B0-0U$"$k%G!<%?$KMxMQ$5$l$kJ8;zH$5$l$?%Z!<%8$N%;%-%e%j%F%#%>!<%s$N@_Dj$r7Q>5$7$F$$$k!#$3$N;E(B $BMM$O!"0-0U$r$b$C$F:n@.$5$l$?(B Web $B%Z!<%8Fb$K4^$^$l$k(B javascript: $B$+$i;O(B $B$^$k(B URL $B$+$i!"%V%i%&%6$rJ]8n$9$k7k2L$r$b$?$i$7$F$$$k!#$7$+$7!"%V%i%&%6(B $B$N!VLa$k!W%\%?%s$rMxMQ$7$F!"%f!<%6$O(B javascipt: $B$+$i;O$^$k(B URL $B$r;2>H$9(B $B$k>l9g$,A[Dj$5$l$k$N$G$"$k!#$3$N>l9g!"CmF~$5$l$?%9%/%j%W%H$OB>$N%Z!<%8(B $B$HF13J$N%3%s%F%-%9%H$Gu67$K1~$8$F0[$J$k5sF0$r<((B $B$9$h$&$K;E8~$1$k$3$H$,2DG=$G$"$k!#$3$NLdBj$K$h$j!"967bl=j$X%j%@%$%l%/%H$5$;!"B3$$$F!VLa$k!W%\%?%s$,MxMQ$5$l$?>l9g(B $B$K$5$i$J$k9T0Y$,9T$o$l$k$h$&$K;E8~$1$k(B javascript: $B$+$i;O$^$k(B URL $B$rAH(B $B$_N)$F$k$3$H$,2DG=$G$"$k!#$3$N7k2L!"%f!<%6$,4|BT$7$F$$$k$h$&$J?6$kIq$$(B $B$KH?$7$F!"G$0U$N%3%s%F%-%9%H$GG$0U$N%9%/%j%W%H$r7$/$3$H$,2DG=$G$"$k!#$3$NLdBj(B $B$K$h$j!"%/%C%-!pJs$d!"%m!<%+%k$N%U%!%$%k$NFbMF$N3+<($r>7$/$3$H$,(B $B2DG=$G$"$k!#(B $B$3$NLdBj$O(B Internet Exolorer 5.5 $B$*$h$S(B 6.0 $B$K$*$$$FJs9p$5$l$F$$$k!#B>(B $B$N%P!<%8%g%s$N(B Internet Explorer $B$b$3$NLdBj$rF1MM$KJz$($F$$$k$H?d;!$5$l(B $B$k$,!"$7$+$7!"$3$l$K$D$$$F$OL$8!>Z$G$"$k!#(B 3. Microsoft BackOffice Server Web Administration Authentication Bypass Vulnerability BugTraq ID: 4528 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 17 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4528 $B$^$H$a(B: Microsoft BackOffice $B@=IJ%7%j!<%:$K$O(B IIS $B>e$GF0:n$9$k!"(BASP $B$rMxMQ$7$F(B $BAH$_N)$F$i$l$?!"4IM}MQ$N(B Web $B%$%s%?%U%'!<%9$rHw$($k%"%W%j%1!<%7%g%s$,F1(B $B:-$5$l$F$$$k!#(BBackOffice Server $B$N(B BackOffice Web Administrator $B%3%s%]!<(B $B%M%s%H$OL$G'>Z$N%f!<%6$,G'>Z$r2sHr2DG=$H$J$k!"@_7W$N8m$j$rJz$($F$$$k!#(B $B$3$l$O(B services.asp (Boadmin/Backoffice/Services.asp) $B$XD>@\(B HTTP $B%j%/(B $B%(%9%H$rM?$($k$3$H$GZMQ>pJs$OI,MW$J$/!"$3$N$h$&$J(B HTTP $B%j%/%(%9%H$O%m%0%$%s2hLL$r(B $B2sHr$5$;$F$7$^$&!#(B $B$3$NLdBj$O4pK\G'>Z$,MxMQ$5$l$F$$$k>l9g$K$N$_@8$8$kE@$ON10U$5$l$k$Y$-$G(B $B$"$k!#$^$?!"%G%U%)%k%H>uBV$K$D$$$F$5$i$K<($9$J$i$P!"(BBackOffice Web Administrator $B$O(B localhost (127.0.0.1) $B$+$i$N$_$N%3%M%/%7%g%s$ru67$rAH?%N)$C(B $B$?9=@.$KJB$YBX$(!"I=<($9$k$?$a$KMxMQ$5$l$k%=%U%H%&%'%"$G$"$k!#(B Reporting Center $B$O(B Windows NT $B$H(B Windows 2000$B!"(BLinux $B$H(B Solaris $B8~$1(B $B%P!<%8%g%s$,MxMQ2DG=$G$"$k!#(B $B$$$/$D$+$N%P!<%8%g%s$N(B WebTrends Reporting Center $B$K$OLdBj$,Js9p$5$l$F(B $B$$$k!#Hs>o$KD9$$(B GET $B%j%/%(%9%H$,%5!<%P$KM?$($i$l$?:]!"%a%b%j%P%C%U%!$N(B $B%*!<%P!<%U%m!<$,@8$8$k$N$G$"$k!#$3$NLdBj$rMxMQ$9$k967b$OG$0U$N%3!<%I$N(B SYSTEM $B8"8B$G$N7$/2DG=@-$,$"$k!#$G$?$i$a$J%G!<%?$r%5!<%P$KM?$($?(B $B>l9g$K$O!"7k2L$H$7$F(B DoS $B>uBV$K4Y$i$;$F$7$^$&%5!<%P$N%/%i%C%7%e$r0z$-5/(B $B$3$92DG=@-$,$"$k!#(B $B$3$NLdBj$rMxMQ$9$k967b$OG'>Z:Q$_$N%f!<%6$K$h$C$F$N$_%"%+%&%s%H$NG'>Z$bF1MM$KM-8z$G$"$j!"(BWebTrends $B$K$h$C$F@8@.(B $B$5$l$?$$$+$J$k8x3+%l%]!<%H$G$"$C$F$b!"967b$NBP>]$H$7$F0LCVIU$1$i$l$F$$(B $B$k2DG=@-$,$"$k$3$H$r0UL#$7$F$$$k!#(B $B$3$NLdBj$O(B WebTrend Reporting Center $B$N(B Windows $BHG$KB8:_$9$k$3$H$N$_$,(B $B8!>Z$5$l$F$$$k!#(B 5. Microsoft Internet Explorer Dialog Same Origin Policy Bypass Vulnerability BugTraq ID: 4527 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 16 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4527 $B$^$H$a(B: Internet Explorer $B$K$h$C$F!"(BshowModalDialog $B$H(B showModelessDialog $B4X?t(B $B$KBP$7$FE,MQ$5$l$F$$$k85!9@_Dj$5$l$F$$$k%]%j%7$r!"2sHr$9$k$3$H$,2DG=$J(B $BLdBj$,B8:_$9$k!#$$$/$D$+$N>u67$K$*$$$F!"=EMW$J%3%s%F%-%9%H$G%9%/%j%W%H(B $Bl=j$ruBV$G$N$_0z$-EO$5$l$k$3(B $B$H$r3NG'$9$k$?$a$N=hM}$,@.$5$l$F$$$k!#$3$N5!G=$O0-0U$"$k?MJ*$K$h$kG$0U$N(B $B%@%$%"%m!<%0$X$NFbMF$NCmF~$rKI;_$7$F$$$k!#$7$+$7!"%@%$%"%m!<%0$N85$K$J$k(B $B%Z!<%8$H$7$F;XDj$5$l$?(B URL $B$,JL$NBh(B 2 $B$N>l=j$X%j%@%$%l%/%H$r9T$C$F$$$k>l(B $B9g!":G=i$K;XDj$5$l$?(B URL $B$N$_$,%;%-%e%j%F%#$K4X$9$kBEEv@-$N3NG'$rl=j$KBP$7$FH=CG$r9T$&$?$a!"=hM}(B $B$O$=$N$^$^DL2a$5$l!"967b]$H$J$C$?%@%$%"%m!<%0$N5!G=$K(B $BHs>o$K0MB8$7$F$$$k!#$3$NLdBj$O>pJs$NGK2u$d%=!<%7%c%k%(%s%8%K%"%j%s%0$r(B $BMQ$$$k967b$r>7$/2DG=@-$,$"$kuBV$K$*$$$F!"%@%$%"%m!<(B $B%0$K%9%/%j%W%H$rCmF~2DG=$G$"$k$H$N>ZL@$,4{$K<($5$l$F$$$k!#$3$NLdBj$OG$(B $B0U$N%9%/%j%W%H$r%m!<%+%k%3%s%T%e!<%?$N8"8B$GuBV$K4Y$i$;$k$3$H$,2DG=$JLdBj$,(B Windows 2000 $B$K$*$$$FH/8+$5$l$F$$$k!#(B $B%]!<%HHV9f(B 445 $BHV$X0-0U$"$k%G!<%?$rM?$($k$3$H$K$h$j!"(BLanman $B%5!<%S%9$K(B CPU $B=hM}N($H%+!<%M%k%a%b%j$NMxMQN($NKX$I$r;H$$?T$/$5$;$F$7$^$&$3$H$,2D(B $BG=$J$N$G$"$k!#(B $BDL>oF0:n$X$NI|5l$K$"$?$C$F$O%5!<%P$N:F5/F0$,I,MW$G$"$k!#$7$+$7!"Js9p$K(B $B$h$k$H!"KX$I$N>u67$K$*$$$F$O4IM}l9g$,$"$k$3$H$,<($5$l$F$$$k!#(B 7. Sambar Server Script Source Disclosure Vulnerability BugTraq ID: 4533 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 17 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4533 $B$^$H$a(B: Sambar Server $B$K$O%f!<%6$,%9%/%j%W%H$N%=!<%9$r3+<(2DG=$G$"$kLdBj$,H/8+(B $B$5$l$F$$$k!#(B $B4{CN$N%9%/%j%W%H%U%!%$%k$X%9%Z!<%9$H%L%k(B (%00) $B$HH<$&$h$&$J(B HTTP $B%j%/%((B $B%9%H$r9T$&$3$H$G!"%5!<%PB&$G$N(B URL $B$N2rl9g!"FC8"$r;}$D%Z!<%8Fb$K4^$^$l$k=EMW(B $B$J>pJs$,3+<($5$l$k7k2L$r>7$/$3$H$,2DG=$G$"$k!#$3$N:]F@$i$l$k>pJs$O!"$5(B $B$i$J$k!V5;9*$r6E$i$7$?!W967b$NJd=u]$N%3%s%T%e!<%?$X$N$5$i$J$k967b$,2DG=$K$J$k!#(B 8. AOLServer Developer API Ns_PdLog() Format String Vulnerability BugTraq ID: 4535 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 17 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4535 $B$^$H$a(B: AOLServer $B$O(B AOL $B$H%*!<%W%s%=!<%9$K$h$k3+H/l(B $B9g!"=q<0;XDj;R$rMxMQ$9$k967b$N1F6A$,5Z$VLdBj$rJz$($k$3$H$,?d;!$5$l$k!#(B $B$3$NLdBj$rMxMQ$9967b$K$h$j!"G$0U$N%3!<%I$N7$/$3$H$,2DG=$G(B $B$"$k!#4IM}\$G$"$k$,!"$$$+$J$k%j%b!<%H$N967b]$N%3%s(B $B%T%e!<%?$XAw?.$9$k2DG=@-$,$"$k$H?d;!$5$l$k!#(B $B$3$NAw;~$K$*$$$F!"$3$NAuCV$O5!G=Dd;_$K@hN)$A!"(B'SA1457 out of i_port_timeout.fix_up_message_frame' $B$H$N%(%i!<%a%C%;!<%8$rI=<((B $B$9$k!#(B 10. Pipermail/Mailman Insecure Archives Permissions Vulnerability BugTraq ID: 4538 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: Apr 16 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4538 $B$^$H$a(B: Pipermail $B$O%a!<%j%s%0%j%9%H$N%"!<%+%$%V$r:n@.$9$k%=%U%H%&%'%"$G$"$j!"(B $B8=:_4{$KJ]uBV$G$$$+$J(B $B$k%f!<%6$G$"$C$F$bl=j$rM=B,$G$-F@$kI,MW$,$"$k!#(B $B$^$?!"$3$N%W%m%0%i%`$N@_7W$K$h$j!"@5Ev$J%f!<%6$K$h$C$F%"!<%+%$%VMQ$N%U%!(B $B%$%k$,FI$_=P$5$l$k>l9g$K$O!"$$$+$J$k%f!<%6$G$"$C$F$bl9g$G$N$_!"(B $B%;%-%e%j%F%#>e$N7|G0;v9`$H$J$k!#(B 11. PVote Unauthorized Administrative Password Change Vulnerability BugTraq ID: 4541 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 18 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4541 $B$^$H$a(B: PVote $B$O(B Web $B$rMxMQ$9$kEjI<%7%9%F%`$G$"$j!"(BPHP $B8@8l$rMxMQ$7$F3+H/$5$l$F(B $B$$$k!#$3$N%=%U%H%&%'%"$OMM!9$J(B UNIX $B$H(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows $B$K$*$$$F$bF0:n$9$k!#(B $B0-0U$"$k(B HTTP $B%j%/%(%9%H$rM?$($k$3$H$K$h$j!"4IM}MQ%Q%9%o!<%I$NJQ99$r9T(B $B$&$3$H$,2DG=$G$"$k!#967bZ$rI,MW4s$;$:$KCM$r@_Dj$7$F$7$^$&$N$G$"$k!#(B 12. PVote Poll Content Manipulation Vulnerability BugTraq ID: 4540 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 18 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4540 $B$^$H$a(B: PVote $B$O(B Web $B$rMxMQ$9$kEjI<%7%9%F%`$G$"$j!"(BPHP $B8@8l$rMxMQ$7$F3+H/$5$l$F(B $B$$$k!#$3$N%=%U%H%&%'%"$OMM!9$J(B UNIX $B$H(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows $B$K$*$$$F$bF0:n$9$k!#(B $B%j%b!<%H$N967bZMQ>pJs$O5a$a$i$l$J$$!#$3$NLdBj$K$h$j!"%j%b!<(B $B%H$N967be$GF0:n$9$k(B ColdFusion $B$K1F6A$r5Z$\$9!#(B $BFCDj$N!"B8:_$7$F$$$J$$(B .cfm $B$"$k$$$O(B .dbm $B$r3HD%;R$H$7$F;}$D%U%!%$%k$K(B $BBP$9$k(B HTTP $B%j%/%(%9%H$r9T$&$3$H$K$h$j!"(BColdFusion $B$rMxMQ$9$k%3%s%T%e!<(B $B%?$O(B Web $BMQ$N8x3+J8=qMQ$N%G%#%l%/%H%j$N%Q%9$r4^$`%(%i!<%a%C%;!<%8$rJV$7(B $B$F$7$^$&$N$G$"$k!#$3$NLdBj$O(B .cfm $B$+(B .dbm $B$N3HD%;R$r$D$1$?(B MS-DOS $BM3Mh(B $B$N%G%P%$%9L>(B (CON$B!"(BAUX$B!"(BPRN$B!"(BNUL) $B$X$N(B HTTP $B%j%/%(%9%H$r9T$&:]$K$b@8$8(B $B$k$3$H$,CN$i$l$F$$$k!#(B $B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967buBV$K4X$9(B $B$k=EMW$J>pJs$r3+<($7$F$7$^$$!"$5$i$J$k$h$jCN<1$rMxMQ$9$k967b$NJd=uu672<$K$*$$$F!"(BFreeBSD $B$rDd;_$5$;$k$3$H$,2DG=$J$N$G(B $B$"$k!#(BICMP echo reply $B$,LdBj$rJz$($k%3%s%T%e!<%?$KAw$i$l$k:]!"(BICMP $B$K4X(B $B$9$k%H%i%U%#%C%/$,=*N;$7$?8e$b$J$*!"IU$12C$($i$l$?%k!<%H$r2p$9$k!"8=:_(B $B@\B3Cf$N%3%M%/%7%g%s$rH<$&%[%9%H?t$N;2>H?t$O8:$i$5$l$J$$$^$^$J$N$G$"$k!#(B $B$3$N:]%k!<%F%#%s%0%F!<%V%k$N%(%s%H%j$K3d$jEv$F$i$l$?%a%b%j$,2rJ|$5$l$k(B $B$3$H$O$J$$!#(B $B$3$NLdBj$K$h$j!"%j%b!<%H%f!<%6$OLdBj$rJz$($k%3%s%T%e!<%?Fb$N%a%b%j;q8;(B $B$r;H$$?T$/$5$;$k$3$H$,2DG=$G$"$j!"7k2L$H$7$F(B DoS $B$K4Y$i$;$k$3$H$,2DG=$G(B $B$"$k!#(B 15. Compaq Tru64 C Library Buffer Overflow Vulnerability BugTraq ID: 4544 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: Apr 18 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4544 $B$^$H$a(B: Compaq $B$O(B Tru64 $B$N(B C $B%i%$%V%i%j$K%P%C%U%!%*!<%P!<%U%m!<$r@8$8$kLdBj$,B8(B $B:_$7$F$$$k$3$H$r8x3+$7$?!#%P%C%U%!%*!<%P!<%U%m!<$,@8$8$k>u67$O!"(BLANG $B$*$h$S(B LOCPATH $B4D6-JQ?t$NCM$No$KD9$$(B LOCPATH $B$H(B LANG $B4D6-JQ?t$NCM$K$h$C$F0z$-5/$3$5$l$k2DG=(B $B@-$,$"$k!#(B $B\$G$"$k$,!"$3$NLdBj$O%9%?%C%/$KM3Mh$9$k%*!<(B $B%P!<%U%m!<$G$"$k$H9M$($i$l$F$$$k!#(BC $B%i%$%V%i%jFb$K%*!<%P!<%U%m!<$,@8$8(B $B$k$?$a!"F10l%7%9%F%`>e$NKX$IA4$F$N%P%$%J%j7A<0$N%W%m%0%i%`$,LdBj$N1F6A(B $B$,5Z$V2DG=@-$,$"$k!#967bl9g!"967b:3J$5$l$?8"8B$rF~Aw$9$k5!9=$rHw$($F$*$j!"(B $B$3$N5!9=$rMxMQ$9$k967b$O2DG=$G$"$k$H9M$($i$l$F$$$k!#$7$+$7!"%j%b!<%H$+(B $B$i$3$NLdBj$rMxMQ$9$k967b$,Z$G$"(B $B$k!#$=$l$G$b$J$*!"$3$NLdBj$O(B telnet $B$r2p$7$F%j%b!<%H$+$i967b2DG=$G$"$k(B $B$H9MN8$9$Y$-$G$"$k!#(B 16. Microsoft IIS CodeBrws.ASP File Extension Check Out By One Vulnerability BugTraq ID: 4543 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 18 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4543 $B$^$H$a(B: Microsoft IIS 5.0 $B$K$O%5%s%W%k%9%/%j%W%HMQ$N%G%#%l%/%H%j(B (/IISSAMPLES) $BFb$NB>$N%9%/%j%W%H$N%=!<%9$r1\Mw$9$k$?$a$KMxMQ2DG=$J%5%s%W%k%9%/%j%W%H(B $B$,F1:-$5$l$F$$$k!#(B $B%5%s%W%kFb$N!"LdBj$rJz$($k%9%/%j%W%H(B (CodeBrws.asp) $B$O!"%f!<%6$+$iM?$((B $B$i$l$?F~NOCM$K$D$$$F!";2>H@h$H$7$F;XDj$5$l$?%U%!%$%k$,(B .html$B!"(B.htm$B!"(B.asp$B!"(B .inc $B$N$$$:$l$+$r3HD%;R$K;}$D%U%!%$%k$G$"$k$3$H$r3N$+$a$k$?$a$N3NG'=hM}(B $B$r9T$C$F$$$k!#$3$N=hM}$O;XDj$5$l$?%U%!%$%k$N%Q%9$N:G8e$NJ8;zNs$N0lIt$r(B $BBP>]$K$7$?3NG'$r9T$&$3$H$G]$N%Q%9ItJ,$O;XDj$5$l$?ItJ,$h$j$bBg$-$JHO0O$,;XDj$5$l(B $B$F$$$k$N$G$"$k!#$3$N7k2L!";XDj$5$l$?%U%!%$%k$N3HD%;R$K$O$5$i$KJ8;z$,IU(B $B$12C$($i$l!"$J$*$bBEEv@-$N3NG'=hM}$r@5>o$KDL2a$7$F$7$^$&2DG=@-$,$"$k!#(B $BNc$($P!"(B.NET $B%"!<%-%F%/%A%c$K$h$C$FMxMQ$5$l$k(B .aspx $B%U%!%$%k$b;2>H$G$-(B $BF@$F$7$^$&2DG=@-$,$"$k!#$3$NLdBj$K$h$j!"967bl9g!"%5%s%W%k%9%/%j%W%H3JG7$/$H?d;!$5$l$k!#(B 17. MHonArc HTML Script Filter Bypass Vulnerability BugTraq ID: 4546 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 18 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4546 $B$^$H$a(B: MHonArc $B$O(B Perl $B8@8l$rMxMQ$7$F3+H/$5$l!"<+F0E*$KEE;R%a!<%k$r2ro$KF0:n$9$kFbMF$rCmF~2DG=$G$"$k!#(B $B$3$l$O0J2<$K<($9J}K!$NB>!"$$$/$D$+$NJ}K!$K$h$C$FIPT>alert(document.domain)IPT>

$B$3$NLdBj$rMxMQ$9$k967b$K$h$j!"967b.5,LO4k6H(B $B8~$1$K!"$$$/$D$+$N]$N%3%s%T%e!<(B $B%?$+$i967b85$N(B IP $B%"%I%l%9$,40A4$K%V%m%C%/$5$l$F$$$k>l9g$K$*$$$F$b@8$8(B $B$k2DG=@-$,$"$k!#(B $BJs9p$K$h$k$H!"$3$NLdBj$O%U%i%0%a%s%H2=$5$l$?(B IP $B%Q%1%C%H$r%V%m%C%/$9$k(B $B5!G=$,M-8z2=$5$l$F$$$k>l9g$K@8$8$k!#(B $B$3$NLdBj$K$h$j!"B>$N%=%U%H%&%'%"$K$bLdBj$,B8:_$7$F$$$k>l9g$K!"J]8nBP>](B $B$N%3%s%T%e!<%?$,967b$KGx$5$l$k7k2L$r$b$?$i$92DG=@-$,$"$k!#(B $B8=;~E@$K$*$$$F$O!"$3$NLdBj$N>\:Y$K4X$9$k$5$i$J$k>pJs$O8x3+$5$l$F$$$J$$!#(B $B$3$l$i$NLdBj$K4X$7$F$OL$8!>Z$G$"$k!#(B 19. SSH Restricted Shell Escaping Command Execution Vulnerability BugTraq ID: 4547 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: Apr 18 2002 12:00A $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/4547 $B$^$H$a(B: SSH ($B$*$h$S$3$N@=IJ$+$iGI@8$7$?%=%U%H%&%'%"(B) $B$O(B Secure Shell $B%W%m%H%3%k(B $B$NZ$N(B $B%W%m%0%i%`$N$rM?$($k$3(B $B$H$K$h$j!"%j%b!<%H$+$i$N%3%^%s%I]$N%7%9%F%`>e$N%7%'%k$KD>@\%m%0%$%s$r(B $B9T$o$J$$>l9g$G$"$C$F$b!"%3%^%s%Ie$K%U%!%$%k$rE>Aw$9$k$3$H$,2DG=$H$J$j!"$=$N%G%#%l%/%H%j$+(B $B$i$N%3%^%s%I$NAw$5$l!"(B $BBP>]%7%9%F%`>e$NI8=`%7%'%k$X$N%"%/%;%9$,C%Aw$5$l$?%9(B $B%/%j%W%H$,Z$r9T$&$3$H(B $B$J$/%W%m%7!<%8%c$rr7o$O!"967b$r9T$&$?$a$K$O%V%i%&%6$G$N(B URL $B$N2~JQ$N$_$r(B $BI,MW$H$9$k$?$a$@$1$,I,MW>r7o$G$"$k$?$a!"%"%/%;%9$NBEEv@-$N3NG'$K4p$E$/%((B $B%i!<$KM3Mh$9$k$H9M$($i$l$k!#(B $B$3$l$O%G!<%?$NB;<:!"8"8B$N>:3J!"$=$NB>%;%-%e%j%F%#$K4X$9$kLdBj$J$I$N7k(B $B2L$r>7$/2DG=@-$,$"$k!#$3$NLdBj$KBP$9$k=$@5$O(B Oracle $B$+$i4{$K8x3+$5$l$F(B $B$$$k!#(B 21. XPilot Server Remote Buffer Overflow Vulnerability BugTraq ID: 4534 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 17 2002 12:00A $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/4534 $B$^$H$a(B: XPilot $B$OJ#?tBP@o$,2DG=$J(B 2 $Br7o$,H/8+$5$l$?!#$3$l$O30It$+$iAw$i$l$?%G!<%?$N6-3&%A%'%C%/$,(B $BIT==J,$J$?$a$K@8$8$k$N$G$"$k!#(B $B$3$NLdBj$rMxMQ$9$k%j%b!<%H$N967be(B $B=q$-$r0z$-5/$3$92DG=@-$,$"$k!#$3$NLdBj$K$h$j!"%j%b!<%H$N967be$G$bF0:n$9$k!#(B IcrediBB $B$O%U%)!<%i%`%a%C%;!<%8$KMxMQ$5$l$k%U%)!<%`%U%#!<%k%I$X$NCM$+(B $B$i!"(BHTML $B%?%0$r==J,$K%U%#%k%?%j%s%0$7$F$$$J$$LdBj$rJz$($F$$$k!#$3$N$?(B $B$a!"967bH$7$?>l9g!"$3$NLdBj$rJz$($k%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5%$%H(B $B$N%3%s%F%s%D$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G!"$=$N0-0U$"$k%9%/%j%W%H(B $B$O%f!<%6$N%V%i%&%6$Gh$CpJs$rMxMQ$7$?G'>ZMQ>pJs$rC%&MQ@=IJ$H$7(B $B$F;THN$5$l$F$$$k%M%C%H%o!<%/8!::%f!<%F%#%j%F%#$G$"$k!#K\(B BID $B$G<($5$l$k(B $BLdBj$O!"(BMicrosoft Windows $B$GF0:n$9$k%P!<%8%g%s$,1F6A$re$G%3!<%I$Nu672<$G$O!"%9%-%c%s85$N%[%9%H>e$GG$0U$N%3!<%I$r]$r%9%-%c%s$9$k:]$K!"%9%-%c%s$5(B $B$l$?%[%9%H$+$iAw$j$D$1$i$l$?%P%J!<$N%G!<%?$r(B FScan $B$,E,@Z$K=hM}$7$J$$(B $B$N$G$"$k!#$3$NLdBj$O7k2L$H$7$F=q<0;XDj;R$N7$-!"(B $B%a%b%jFb$NG$0U$NNN0h$X$N>e=q$-$,2DG=$K$J$k7k2L$r>7$-!"967bl9g$N$_!"$3$NLdBj$,l9g!"(BXPede $B$O4IM}ZMQ>pJs$r5a$a$J$$$N$G$"$k!#$3$N$?$a!"0-0U$"$k(B XPede $B$N%f!<%6$,!"%=%U%H%&%'%"$N4IM}5!G=$X$NG'>Z$rH<$o$J$$%"%/%;%9$r9T(B $B$&$?$a$K!"$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#Nc$($P!"0-0U$"$k%f!<%6$,(B XPede $B%W%m%8%'%/%H%"%+%&%s%F%#%s%0%7%9%F%`$NB>$N%f!<%6$KBP$7$FNs5s!"DI(B $B2C!":o=|$N$$$:$l$+$r9T$&$?$a$K!"(B/admin/adminproc.asp $B$X$N%"%/%;%9$r4k(B $B$F$k2DG=@-$,$"$k!#(B $B$3$NLdBj$rMxMQ$7$?967b$,@.8y$9$k$?$a$K$O!"967b$d3JG<>l=j$rM=$aCN$C$F$*$/$3$H$,I,MW$H$J$k!#(B $B$3$NLdBj$O(B XPede 4.1 $B$GH/8+$5$l$?!#$=$NB>$N%P!<%8%g%s$K$*$$$F$b1F6A$r(B $B$r4^$s$@(B HTML $B%U%)!<%`$r2p$7$F%f!<%6$+$i%"%/%;%9$5$l$k!#$3$N%9%/%j%W%H$O$$$:$l(B $B$+$NG'>Z$rI,MW$H$;$:$K!"$$$+$J$k(B Web $B%f!<%6$K$h$C$F$b%"%/%;%9$5$l$F$7(B $B$^$&2DG=@-$,$"$k!#(B $BIU$12C$($k$J$i$P!"$=$N%9%/%j%W%H$O%f!<%6$N%Q%9%o!<%IJQ99$N$?$a$N%$%s%?(B $B%U%'!<%9$rDs6!$9$k!#%Q%9%o!<%I$rJQ99$9$k$K$O!"8=:_$N%Q%9%o!<%I$rM?$($i(B $B$l$M$P$J$i$J$$!#$7$+$7!"$3$N%$%s%?%U%'!<%9$O8x3+$5$l!"$=$N$3$H$G%G!<%?(B $B%Y!<%9$K$*$1$k%f!<%6L>$b$^$?8x3+$5$l$k$?$a!"$3$l$O967b$N%P!<%8%g%s$K$*$$$F$b1F6A$r(B $BZMQ>pJs$O%G!<%?%Y!<%9Fb$K3JG<$5$l!"2C$($F!"%W%m%8%'(B $B%/%H%"%+%&%F%#%s%0$K4X$9$kB>$N>pJs$bF1MM$K3JG<$5$l$F$$$k!#(B $B%P%C%/%(%s%I%G!<%?%Y!<%9$,Jz$($kLdBj$d8m@_Dj$O!"$3$NLdBj$r2p$7$F967b$K(B $BMxMQ$5$l$k2DG=@-$,$"$k!#(B $B$3$NLdBj$O(B XPede 4.1 $B$GH/8+$5$l$?!#$=$NB>$N%P!<%8%g%s$K$*$$$F$b1F6A$,(B $B5Z$V2DG=@-$,$"$k!#(B 27. WorkforceROI XPede Weak File Protection Vulnerability BugTraq ID: 4554 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 19 2002 12:00A $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/4554 $B$^$H$a(B: XPede $B$O(B Web $B$rMxMQ$7$?%W%m%8%'%/%H%"%+%&%s%F%#%s%0%=%U%H%&%'%"$G$"$k!#(B $B$3$N%=%U%H$O(B Micfosoft Windows $B$GF0:n$9$k!#(B $B%f!<%6$,HqMQ@A5aI<$rH/9T$9$k:]!"%U%!%$%k$O$I$N$h$&$J%f!<%6$G$"$C$F$b=q(B $B$-9~$_2DG=$J(B /reports/temp $B%G%#%l%/%H%j>e$KJ]B8$5$l$k!#%G%U%)%k%H@_Dj$G(B $B$O!"$3$N%G%#%l%/%H%j$O0lMw$N$N%f!<%6$N0l;~E*$J%l%]!<%H(B $B%U%!%$%k$X$N%"%/%;%9$,2DG=$H$J$k$H?d;!$5$l$k!#(B $B$5$i$K!"(B/reports/temp $B%G%#%l%/%H%j$G$N0lMw:n@.$,L58z$K@_Dj$5$l$F$$$k>l(B $B9g$G$b!"$=$N%U%!%$%k$NFbMF$O$^$@C%e(B $B$NM}M3$+$i!"%U%!%$%kL>$O==J,$K%i%s%@%`$KA*Br$5$l$k$,!"$3$NJ}K!$K$O$N%i%s%@%`EY9g$$$OD9$5$,(B 5 $B%P%$%H$N$_!"$^$?!"(B $B%"%k%U%!%Y%C%H$H?t;z$+$i@.$kJ8;zNs$K@)Ls$5$l$F$$$k!#$3$N$?$a!"B8:_$7F@(B $B$k%U%!%$%kL>$NHO0O$rAjBPE*$K69$a!"<+F0E*$K$=$l$i$r?dB,$9$k%f!<%F%#%j%F%#(B $B$K$h$jMF0W$K?dB,2DG=$G$"$k!#(B $B7k2L$H$7$F!"0-0U$"$k%f!<%6$K$h$k%=!<%7%c%k%(%s%8%K%"%j%s%0$rMxMQ$9$k96(B $B7b$NJd=upJs$,C%$N%P!<%8%g%s$K$*$$$F$b1F6A$,(B $B5Z$V2DG=@-$,$"$k!#(B 28. WorkforceROI XPede Arbitrary Time Sheet Disclosure Vulnerabiltiy BugTraq ID: 4556 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 19 2002 12:00A $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/4556 $B$^$H$a(B: XPede $B$O(B Web $B$rMxMQ$7$?%W%m%8%'%/%H%"%+%&%s%F%#%s%0%=%U%H%&%'%"$G$"$k!#(B $B$3$N%=%U%H$O(B Micfosoft Windows $B$GF0:n$9$k!#(B $BJs9p$K$h$k$H!"(BXPede $B$K$O%j%b!<%H%f!<%6$,B>$N%f!<%6$N6PL3I=$K%"%/%;%9$G$-(B $BF@$kLdBj$,B8:_$7$F$$$k!#$3$NLdBj$O(B ets_app_process.asp $B$KM3Mh$7$F$*$j!"(B $B==J,$JG'>Z;~$N3NG'$,9T$o$l$F$$$J$$$?$a$K@8$8$k!#%j%b!<%H$N967b$N(B $B%f!<%6$N6PL3I=$r!"C1$KC1D4A}2CCM$H$7$FM?$($i$l$?(B TSN id $B%9%/%j%W%H$N%Q%i(B $B%a!<%?$r2~JQ$9$k$@$1$GF~l9g!"$=$N6PL3I=$O%/%i%$%"%s%HB&$GI=<($5$l$k!#(B $B$=$N7k2L!"G'>Z$5$l$F$$$J$$%f!<%6$,=EMW$J%f!<%6>pJs$r3+<($9$k$3$H$,2DG=(B $B$H$J$k$N$G$"$k!#$3$N>pJs$O%=!<%7%c%k%(%s%8%K%"%j%s%0$rMQ$$$k967b$NJd=u(B $B$N%P!<%8%g%s$K$*$$$F$b1F6A$,5Z(B $B$V2DG=@-$,$"$k!#(B 29. Apache Tomcat System Path Information Disclosure Vulnerability BugTraq ID: 4557 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 19 2002 12:00A $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/4557 $B$^$H$a(B: Apache Tomcat $B$O0-0U$r$b$C$FAH$_N)$F$i$l$?(B jsp $B7A<0$N%U%!%$%k$X$N(B HTTP $B%j%/%(%9%H$rE,@Z$K]$N%5!<%P$K$H$C$F!"@x:_E*$K=EMW$G$"$k$H9M$($i$l$k>pJs$rF~/file.jsp http://target/pJs$rF~]$N%[%9%H$X$N(B $B$5$i$J$k967b$NJd=uuBV$,@8$8$kLdBj$rJz$($F$$$k$HJs(B $B9p$5$l$F$$$k!#Js9p$K$h$k$H!"$3$N>uBV$O@55,$NG'>ZMQ>pJs$r$b$D%f!<%6$G$"(B $B$k967bZMQ>pJsMQ$N9=B$BN$X=q$-9~$^$l$k:]!"(B $B%*!<%P!<%U%m!<$,@8$8$k!#LdBj$NMW0x$H$J$k%W%m%0%i%`$NItJ,$O%;%-%e%"$G$O(B $B$J$$J8;zNs$N%3%T!l9g!"@55,$NG'>ZMQ>pJs$r;}$D967buBV$K$O1F6A$r5Z$\$5$J$$!#(B OpenSSH $B%5!<%P$,(B Kerveros 4 $B$b$7$/$O(B AFS $B$r;HMQ$9$k@_Dj$N>l9g$K$3$NLdBj(B $B$N1F6A$,5Z$V!#(B $BK\9`$O>\:Y>pJs$,$5$i$K8x3+$5$l$?CJ3,$G99?7$5$l$kM=Dj$G$"$k!#(B 31. Snitz Forums 2000 Members.ASP SQL Injection Vulnerability BugTraq ID: 4558 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 19 2002 12:00A $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/4558 $B$^$H$a(B: 3. Snitz Forums 2000 Members.ASP SQL Injection Vulnerability BugTraq ID: 4558 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 19 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4558 $B$^$H$a(B: Snitz Forums 2000 $B$O(B ASP $B$rMQ$$$F3+H/$5$l$?(B Web $B$rMxMQ$9$kEE;R7G<(HD5!(B $BG=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows $B$G(B $BF0:n$9$k!#$3$N%=%U%H%&%'%"$O%P%C%/%(%s%I%G!<%?%Y!<%9$rHw$(!"(BMicrosoft Access 97/2000$B!"(BSQL Server 6.5/7.0/2000$B!"(BMySQL $B$KBP1~$7$F$$$k!#(B Snitz Forums 2000 $B$K$O%f!<%6$,(B Web $B%U%)!<%i%`$KEPO?:Q$_$N%f!<%60lMw$rF~pJs$r3+<($9$k7k2L$r>7$/$+!"$"$k$$$O!"967b7$/(B $B2DG=@-$,$"$k!#$5$i$K$3$NLdBj$O@x:_E*$K!"%P%C%/%(%s%I%G!<%?%Y!<%9Fb$K@x:_(B $BE*$KB8:_$9$kLdBj$X$N967b$r0z$-5/$3$9$H9M$($i$l$k!#(B $B967bItJ,$K%9%/%j%W%H$rCmF~2DG=$J$N$G$"$k!#$3$l$O!"Ev3:%a%C%;!<%8$r%f!<(B $B%6$,%/%j%C%/$9$k:]$K!"$=$N%3!<%I$,$3$N%=%U%H%&%'%"$rMxMQ$7$F9=C[$5$l$?(B Web $B%5%$%H$N%3%s%F%s%D$HF13J$N8"8B$G7$/2DG=@-$,$"$k!#(B 34. PostBoard BBCode Denial Of Service Vulnerability BugTraq ID: 4562 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 19 2002 12:00A $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/4562 $B$^$H$a(B: PostBoard $B$O%U%j!<$G$"$j!"%*!<%W%s%=!<%9$G$"$j!"(BPostNuke $B%3%s%F%s%D4IM}(B $B%7%9%F%`8~$1$KEE;R7G<(HD5!G=$rDs6!$9$k%b%8%e!<%k$G$"$k!#$3$N%=%U%H%&%'%"(B $B$O(B UNIX $B$d(B Linux $B$GF0:n$9$k$h$&$K@_7W$5$l$F$$$k!#(B PostBoard $BFb$N(B BBcode $B$NuBV$K(B $B4Y$i$;$k$?$a$K!"(B[code] $B%?%0$N0-MQ$,2DG=$G$"$k!#(B[code] $B%?%0$O$$$+$J$k$N%?%0$b$3$NJ}K!$rMxMQ$9$k$3$H$G967b$KMQ$$(B $B$k$3$H$,2DG=$+$I$&$+$K$D$$$F$OL$>\$G$"$k!#(B $B$3$NLdBj$rMxMQ$9$k967b$N7k2L!"(BWeb $B%5!<%P$ODL>o$"$j$"$($J$$NL$N%7%9%F%`(B $B;q8;$r;H$$?T$/$7$F$7$^$&$3$H$K$J$k!#$3$NLdBj$K$h$j!"(BWeb $B%5!<%P$N(B DoS $B$r(B $B>7$/2DG=@-$,$"$j!"E,@Z$J;q8;NL$N@_Dj$,9T$o$l$F$$$J$$>l9g$K$O!"@x:_E*$K(B Web $B%5!<%P%W%m%0%i%`$r2TF0$5$;$F$$$k(B OS $B$=$N$b$N$b(B DoS $B$K4Y$i$;$i$l$k2D(B $BG=@-$,$"$k!#(B $B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"DL>oF0:n$XI|5l$9$k$?$a$K$O(B Web $B%5!<(B $B%P$N:F5/F0$,I,MW$K$J$k!#(B 35. Nortel CVX 1800 Multi-Service Access Switch Default SNMP Community Vulnerability BugTraq ID: 4507 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 15 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4507 $B$^$H$a(B: Nortel CVX 1800 Multi-Service Access Switch $B$OE}9g7?%b%G%`%O!<%I%&%'%"(B $B$G$"$k!#(B $B$3$N%G%P%$%9$K$O%G%U%)%k%H$G(B "public" $B$H$$$&L>$N(B SNMP $B%3%_%e%K%F%#$,B8(B $B:_$9$k!#%j%b!<%H$N967be$N%m!<%+%k%"%+%&%s%H$NG'>Z>pJs$d!"%M%C%H%o!<%/9=@.Fb$K$*(B $B$1$k$3$N%G%P%$%9$NG[CV>uBV$J$I!"=EMW$J>pJs$r3+<($7$F$7$^$&LdBj$rJz$($F(B $B$$$k!#(B 36. IRIX XFS Filesystem Local Denial of Service Attack BugTraq ID: 4511 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: Apr 15 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4511 $B$^$H$a(B: XFS $B%U%!%$%k%7%9%F%`$NFCDj$N%P!<%8%g%s$,LdBj$rJz$($F$$$k$HJs9p$5$l$F$$(B $B$k!#(B XFS $B$OA4$F$N(B IRIX 6.5 $B%7%9%F%`$N%G%U%)%k%H$N%U%!%$%k%7%9%F%`$G$"(B $B$k!#(B $B$3$NLdBj$K$h$j!"%m!<%+%k%f!<%6$O0-0U$"$k%U%!%$%k$r:n@.2DG=$G$"$k$H?d;!(B $B$5$l$k!#$$$+$J$k%W%m%;%9$b!"$3$N%U%!%$%k$X%"%/%;%9$r4k$F$k$HDd;_$7$F$7(B $B$^$&$N$G$"$k!#(B $BFCDj$N>r7o2<$G$O!"$3$NLdBj$O(B DoS $B>uBV$r>7$/2DG=@-$,$"$k!#Nc$($P!"0-0U(B $B$"$k%m!<%+%k%f!<%6$,!"(B Web $B%5!<%P$d(B Ftp $B%5!<%P$K$h$C$F%"%/%;%9$5$l$?$j!"(B $B$b$7$/$O<+F0E*$KF0:n$9$k%7%9%F%`%?%9%/$K$h$C$F=hM}$5$l$k$h$&$J>l=j$K!"(B $B%U%!%$%k$rG[CV$9$k2DG=@-$,$"$k!#(B 37. Burning Board URL Parameter Manipulation Vulnerability BugTraq ID: 4512 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 15 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4512 $B$^$H$a(B: Burning Board $B$O(B Web $B%U%)!<%i%`%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H$O(B PHP $B8@(B $B8l$rMxMQ$7$F:n@.$5$l$F$*$j!"%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F(B MySQL $B$rMxMQ(B $B$7$F$$$k!#$3$N%=%U%H%&%'%"$OKX$I$N(B UNIX $B$HMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(B Microsoft Windows $B4D6-$G$bF0:n$9$k!#(B $BJs9p$K$h$k$H!"967bH$7$FK,Ld$7$?@55,$N(B Burning Board $B%f!<(B $B%6$K@.$j$9$^$9$3$H$,$G$-$k$h$&$J0-0U$"$k%j%s%/$r:n@.$9$k2DG=@-$,$"$k$H(B $B$N$3$H$G$"$k!#$3$NLdBj$rMxMQ$7$?967b$r9T$&$K$O!"967bH(B $B$7$FK,Ld$7$?%f!<%6$K4uK>$N%"%/%7%g%s$rZ>pJs$r2p$7$F!"G'>Z$,9T$o$l$F$$(B $B$kI,MW$,$"$k!#967b$KMxMQ$5$l$k%O%$%Q!<%j%s%/$K$O(B BBCode $B$r4^$s$G$$$k2D(B $BG=@-$,$"$k!#(B $B$b$7967b$N(B Web $B%U%)!<%i%`%=%U%H$b$3$NLdBj$N1F6A$,5Z$V2DG=@-$,(B $B$"$k$3$H$,Js9p$5$l$F$$$k$b$N$N!"$3$l$K$D$$$F$OL$8!>Z$G$"$k!#(B 38. Mirabilis ICQ .hpf Denial of Service Vulnerability BugTraq ID: 4514 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 15 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4514 $B$^$H$a(B: ICQ $B$K?75,$N%f!<%6$,EPO?$5$l$k:]!"(B.pnq (ICQ Plugin) $B!"(B.scm (ICQ Sound Scheme$B!"(B.uin (ICQ User) $B!"(B.hpf (ICQ Home Page Factory) $B$J$I$N!"(B ICQ $BFC(B $BM-$NMM!9$J%U%!%$%k$,:n@.$5$l$k!#$3$l$i$N3HD%;R$r;}$D%U%!%$%k$O!"(BICQ $B$K(B $B4XO"IU$1$i$l$k!#(B ICQ $B$,%/%i%C%7%e$9$kLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"0-0U$K$h$C$F9*(B $BL/$KAH$_N)$F$i$l$?3HD%;R(B .hpf $B$N%U%!%$%k$KBP$7!"%f!<%6$,%"%/%;%9$r;n$_(B $B$k$3$H$G(B ICQ $B$O%/%i%C%7%e$9$k!#(B $B$3$NLdBj$OL$%A%'%C%/$N%P%C%U%!$KM3Mh$7$F$$$k2DG=@-$,$"$k!#FCDj$N>r7o$G!"(B $B$3$NLdBj$rJz$($k967bBP>]$N%3%s%T%e!<%?>e$GG$0U$N%3!<%I$r&MQ$N%0%i%U%#%+%k%U%m%s%H%(%s(B $B%I$G$"$j!"HFMQE*$J%M%C%H%o!<%/4F;k%=%j%e!<%7%g%s$G$"$k!#(B Snort $B$O%*!<%W(B $B%s%=!<%9$H$7$F8x3+$5$l$F$$$k(B NIDS (Network Intrusion Detection System) $B$G$"$k!#(B Demarc PureSecure $B$OKX$I$N(B UNIX $B$HMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(B Microsoft Windows NT/2000/XP $B$G$bF0:n$9$k!#(B PureSecure $B$NFCDj$N%P!<%8%g%s$K$*$$$FLdBj$,Js9p$5$l$F$$$k!#%f!<%6$,@8(B $B@.$7$?F~NO$,(B SQL $B9=J8$r9=@.$9$k$N$K;HMQ$5$l$F$*$j!"(B SQL injection $B967b(B $B$r2DG=$H$7$F$7$^$&$N$G$"$k!#$3$N7g4Y$rMxMQ$7$?967b$r2p$7$F!"4IM}uBV$K$"$k%/%C%-!<>pJs$+(B $B$i@8@.$5$l$F$$$k$N$G$"$k!#$3$N>pJs$O!"%f!<%6$,4IM}Z$G$"$k!#(B 40. HP Photosmart Mac OS X Print Driver Weak File Permissions Vulnerability BugTraq ID: 4518 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: Apr 15 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4518 $B$^$H$a(B: HP $B$N(B Photosmart $B%W%j%s%?%7%j!<%:$N@=IJ$O!"%G%8%?%k$N%U%!%$%k$X$N%7%s%\%j%C%/%j%s%/$d%H%m(B $B%$$NLZGO$N%3%T!<$HCV$-49$($k$3$H$,2DG=$G$"$k!#(B $BJs9p$K$h$k$H!"%f!<%6$,%7%9%F%`$K%m%0%*%s$9$k:]$O!">o$K$3$N%"%W%j%1!<%7%g(B $B%s$O8=:_$N%f!<%6$N8"8B$G:3J$5$;$?$j$9$k$3$H$,2DG=$H$J$k!#$^$?!"%f!<%6$,%U%!(B $B%$%k$N0u:~$r9T$&:]$K$bH$7$?:]$K!"$3$N>u67$,H/(B $B@8$9$k2DG=@-$,$"$k$H$N$3$H$G$"$k!#967b\:Y>pJs$,$5$i$K8x3+$5$l$?CJ3,$G99?7$5$l$kM=Dj$G$"$k!#(B 42. Multiple Microsoft Products for MacOS File URL Buffer Overflow Vulnerability BugTraq ID: 4517 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 16 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4517 $B$^$H$a(B: Internet Explorer$B!"(BOutlook Express$B!"(BEntourage$B!"(BPowerPoint$B!"(BExcel$B!"(BWord $B$H$$$C$?!"(BMacOS $B8~$1$NMM!9$J(B Microsoft $B@=IJ$K$*$$$FLdBj$,Js9p$5$l$F$$$k!#(B $BJs9p$K$h$k$H!">e5-$K$"$2$?@=IJ$N6&DL$N%3%s%]!<%M%s%H$O!"%P%C%U%!%*!<%P!<(B $B%U%m!<$NLdBj$rJz$($F$$$k$H$N$3$H$G$"$k!#$3$NLdBj$O(B file:/// $B$H$$$&(B URL $B$N07$$$KM3Mh$7$F$$$k!#(B $B967b/$J$/$H$b(B 1 $B$D$N%5(B $B%V%G%#%l%/%H%j$r0lMwI=<($5$l$k$h$&$J(B file:/// URL $B$r:n@.$9$k$3$H$K$h$j!"(B $B0-0U$r;}$C$F9*L/$K:n@.$5$l$?%j%s%/$K%"%/%;%9$9$k%f!<%6$KBP$7$F!"G$0U$N(B $B%G!<%?$,e=q$-$7!"%f!<(B $B%6$N8"8B$GG$0U$N%3!<%I$,l9g$O!"%"%W%j%1!<%7%g%s$N%/%i%C%7%e$r0z$-5/$3$9!#(B 43. Symantec Norton Personal Firewall 2002 Portscan Protection Bypass Vulnerability BugTraq ID: 4521 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 16 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4521 $B$^$H$a(B: Symantec Norton Personal Firewall 2002 (NPW) $B$O2H$d>.$5$J4k6H$N%3%s%T%e!<(B $B%?8~$1$N%U%!%$%d%&%)!<%k@=IJ$G$"$j!"FCDj$N%P!<%8%g%s$N(B Microsoft Windows $B>e$GF0:n$9$k!#$3$N@=IJ$O%]!<%H%9%-%c%s$rF0E*$KKI$05!G=$rHw$($F$$$k!#(B Personal Firewall 2002 $B$N%]!<%H%9%-%c%s$KBP$9$k07$$$KLdBj$,$"$k!#Js9p(B $B$K$h$k$H!"(B SYN $B%9%-%c%s$N$_$,8!CN$5$l$k$H$N$3$H$G$"$k!#967b$Ne$G$"$2$?J}K!(B $B$GBP>]$N%^%7%s$K967b$rB3$1$k2DG=@-$,$"$j!"@\B3$r3+$$$F$$$k$b$N$K4X$7$F(B $B$O%I%m%C%W$5$l$J$$$N$G$"$k!#(B $B%]!<%H%9%-%c%s$rKI;_$9$k$?$a$N%V%m%C%/%j%9%H$N(B 30 $BJ,4V$H$$$&;~4V$r@_Dj(B $B$G$-$J$$$3$H$bJs9p$5$l$F$$$k!#$3$N$3$H$K$h$j!"967be$NLdBj$,B8:_$9$k!#Js9p$K$h$k$H!"(B'outer join' $B$r4^$s$@%/%(%j$O%G!<%?%Y!<%9$N%"%/%;%9%3%s%H%m!<%k$r2sHr$9$k$3$H$,2DG=$G$"(B $B$k!#$3$NLdBj$K$h$C$F!"B>$N%G!<%?%Y!<%9%f!<%6$N%Q%9%o!<%I%O%C%7%eCM$H$$$C$?!"(B $BK\Mh%"%/%;%9$9$k$3$H$,$G$-$J$$%G!<%?$rC%Z$5$l$?>l9g!"%"%/%;%9%3%s%H%m!<%k$r$9$jH4(B $B$1$kB>$NLdBj$,@x:_$7$F$$$k2DG=@-$,$"$k!#(B 45. Symantec Raptor / Enterprise Firewall FTP Bounce Vulnerability BugTraq ID: 4522 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 16 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4522 $B$^$H$a(B: Raptor Firewall $B$O(B Axent Technologies $B$G3+H/$5$l!":#F|(B Symantec $B$K$h$C(B $B$FJ]C$5$l$F$$$k!#(B $B$7$+$7!"(BRaptor Firewall $B$N(B FTP $B%W%m%H%3%k$No5!G=$NI|5l$K$O%5!<(B $B%P$N:F5/F0$,I,MW$G$"$k!#(B $BBh(B 1 $B$NLdBj$O!"(B syncookies $B5!G=$,;HMQ2DG=$H$J$C$F$$$k>l9g$KH/@8$9$k!#(B SYN $B%Q%1%C%H$rH$5$l$k$N$G$"$k!#7k2LE*$K(B $B$O!"$3$N%]%$%s%?$,(B NULL $B%]%$%s%?$G$"$j!"%^%7%s$,%/%i%C%7%e$9$k!#(B $BBh(B 2 $B$NLdBj$O!"%W%m%;%9$r:F5/F0$5$;$k:]$K@8$8$k!#%W%m%;%9$,@ZCG$5$l$k0J(B $BA0$K(B syncache $B%(%s%H%j$,@8@.$5$l!"%W%m%;%9$,F1$8%=%1%C%H>e$G:F3+$5$l$?(B $B:]!"8e$KE~Ce$9$kE,9g$9$k(B ACK $B$dJ#r7o2<$G$O!"(B $B$3$N8E$$%]%$%s%?$X$N%"%/%;%9$,%7%9%F%`$N%/%i%C%7%e$r0z$-5/$3$92DG=@-$,(B $B$"$k!#(B 47. Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability BugTraq ID: 4525 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 16 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4525 $B$^$H$a(B: Microsoft IIS 5.0 $B$O!"%5%s%W%k%9%/%j%W%H$H6&$K=P2Y$5$l$F$*$j!"$=$N%5%s(B $B%W%k%9%/%j%W%H$,%5%s%W%k%9%/%j%W%H%G%#%l%/%H%j(B (/IISSAMPLES) $B$N%9%/%j(B $B%W%H$N%=!<%9%3!<%I$r;2>H$9$k$N$K;HMQ$5$l$k2DG=@-$,$"$k!#(B $BLdBj$N$"$k%9%/%j%W%H(B (CodeBrws.asp) $B$O!"(B dot-dot-slash $B$rMxMQ$7$?J]8n(B $B$5$l$?%G%#%l%/%H%jHO0O0J30$KBP$7$F$b%"%/%;%9$,2DG=$K$J$k967b(B (directory traversal attacks) $B$r;HMQ$7!"%5%s%W%k%9%/%j%W%H$N%G%#%l%/%H(B $B%j$rEp$_=P$90lHLE*$J;n$_$r%U%#%k%?%j%s%0$9$k$h$&$K$J$C$F$$$k!#$7$+$7$J(B $B$,$i!"$3$N%9%/%j%W%H$O%f%K%3!<%I$r;HMQ$7$?967b$KBP$7$F$O!"E,@Z$J=hM}$r(B $B9T$o$J$$$N$G$"$k!#Nc$($P!"967bpJs$rDs6!$7$F$7$^$&2D(B $BG=@-$,$"$k!#J?J8$N%G!<%?%Y!<%9$N>pJs$K$O!"$7$P$7$P%9%/%j%W%H%=!<%9%3!<(B $B%I$,4^$^$l$F$$$k!#$5$i$K967b]$N%[%9%H$KBP$7$F!"%9%/%j%W%H$KB8:_$9$k2DG=@-$N$"$kB>$N$h$j?<9o(B $B$JLdBj$rC5$7=P$9$N$KMxMQ$9$k2DG=@-$,$"$k!#(B $B$3$NLdBj$,!"LdBj$rJz$($F$$$k%9%/%j%W%H$,F0:n$7$F$$$k%[%9%H>e$G!"%U%!%$%k(B $B%7%9%F%`$N%G%#%l%/%H%j9=B$$r?^<($9$k$N$KMxMQ$G$-$k$3$H$O8!>Z$5$l$F$$$k!#(B $B%U%!%$%k$N%=!<%9%3!<%I$N1\Mw$r4k$F$?:]$K!"$3$N%9%/%j%W%H$O%U%!%$%k$d%G%#(B $B%l%/%H%j$,B8:_$7$F$$$k$+$I$&$+$N>pJs$r%f!<%6$KBP$7$F3+<($7$F$7$^$&$N$G(B $B$"$k!#Nc$($P!"B8:_$7$J$$%G%#%l%/%H%j$X$N%j%/%(%9%H$KBP$7$F!"(B "Path not found" $B$,JV$5$l$k!#B8:_$7$J$$%U%!%$%k$X$N%j%/%(%9%H$KBP$7$F$O!"(B "File not found" $B$,JV$5$l$k!#(B 48. AOL Instant Messenger Arbitrary File Creation Vulnerability BugTraq ID: 4526 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 17 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4526 $B$^$H$a(B: AIM $B%f!<%6$,B>$N%f!<%6$N%7%9%F%`>e$NG$0U$N>l=j$K%U%!%$%k$rJ]B8$9$k$3$H(B $B$,$G$-$F$7$^$&LdBj$,Js9p$5$l$F$$$k!#(B $BJs9p$K$h$k$H!"(B 2 $B?M$N(B AIM $B%f!<%6$N4V$KD>@\E*$J%3%M%/%7%g%s$,:n@.$5$l$?(B $B:]$K!"$3$N8=>]$,H/@8$9$k$H$$$&!#%f!<%6$K$h$C$F(B img $B%?%0$H(B data $B%?%0$r(B $B4^$s$@%U%!%$%k$,Aw$i$l$F$/$k$H!"DL>o!"A0$G!"(BWindows $B$N(B $B0l;~%G%#%l%/%H%j$K%U%!%$%k$,:n@.$5$l$k!#$3$N%U%!%$%k$O0l;~%G%#%l%/%H%j(B $B$+$iD>@\FI$_9~$^$l$k!#(B img $B%?%0$N(B SRC $B%Q%i%a%?$,(B '..\' $B$r2p$7$F!"@dBP%Q%9$GFCDj$N%G%#%l%/%H%j(B $B$r;XDj$7$F$$$?>l9g!"%U%!%$%k$O0l;~%G%#%l%/%H%j$G$O$J$/!"A*Br$5$l$?%G%#(B $B%l%/%H%j$K:n@.$5$l$k$N$G$"$k!#99$K!"(B img $B%?%0$N(B HEIGHT $B$H(B WIDTH $B$NCM$,!"(B $Bl=j$KJ]B8$5$l$k2DG=(B $B@-$,$"$k!#$3$l$O!"BP>]$N%f!<%6$KBP$9$k99$J$k967b$KMxMQ$5$l$k2DG=@-$,$"(B $B$k!#(B 49. TalentSoft Web+ WML Request Cookie Buffer Overflow Vulnerability BugTraq ID: 4530 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: Apr 17 2002 12:00A $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/4530 $B$^$H$a(B: TalentSoft Web+ $B$O!"(BWeb $B$rMxMQ$7$?%/%i%$%"%s%H%5!<%P%"%W%j%1!<%7%g%s$r(B $B3+H/$9$k$?$a$N4D6-$G$"$k!#(B Microsoft Windows 9x/NT/2000 $B>e$GF0:n$9$k!#(B Web+ $B$,(BWML $B%U%!%$%k$X$N%j%/%(%9%H$H6&$K$"$kD9$5$rD6$($?%/%C%-!<$rAw?.(B $B$9$k$3$H$G!"967b2DG=$J%P%C%U%!%*!<%P%U%m!<$,H/@8$9$kLdBj$rJz$($F$$$k!#(B IIS 3 $B>e$G(B Web+ $B%5!<%S%9$r(B SYSTEM $B8"8B$GF0:n$5$;$F$$$k:]$K!"%j%b!<%H%f!<(B $B%6$K$h$C$F$3$NLdBj$rJz$($F$$$k%=%U%H%&%'%"$,F0:n$7$F$$$k%[%9%H$r40A4$K(B $B>h$Ce$G(B IWAM_* $B8"8B$GF0:n$7$F$$$k>l9g$O!"(B $B$h$j>/$J$$1F6A$rl9g$G$bLdBj$r(B $BJz$($F$$$k%7%9%F%`$KBP$9$k%m!<%+%k%"%/%;%9$O2DG=$G$"$k$H?d;!$5$l$k!#(B III. SECURITYFOCUS NEWS AND COMMENTARY ------------------------------------------ 1. GovNet Plans Moving Forward $BCx(B $B5=;U$d>h$Ce$N%9%Q%`$NH/?.'$($?$N$G$"$k!#(B http://online.securityfocus.com/news/370 5. New Take On Klez Worm Spreading $BCxu67$K$"$j!":#F|$G$O@5>o$J(B $Be$G$N%W%i%$%P%7!e$N(B $B;TL1$N<+M3$K4X$9$kCDBN$r=8$o$;$k2ACM$N$"$k!":#=5:G$b=EMW$JF$5D;v9`$H$J$C(B $B$?!#(B http://online.securityfocus.com/news/368 IV.SECURITYFOCUS TOP 6 TOOLS ----------------------------- 1. Logwatch v2.8.5 $B:nZL@=q$r4IM}$9$k%7%s%W%k$G>.5,LO$J(B GUI $B$G$9!#$3$l$O(B OpenCA $B%W%m%8%'%/%H$+$iDs6!$5$l$F$$$k(B Perl $B%b%8%e!<%k$H(B OpenSSL $B$rMxMQ$7$F$$$^$9!#(BTinyCA $B$O(B x509 $B>ZL@=q$r4IM}$9$k5!G=$rDs6!$7$^(B $B$9!#%5!<%P$G;HMQ$9$k$?$a$N(B PEM $B$d(B DER $B$H$7$F!"$^$?%/%i%$%"%s%H$G;HMQ$9(B $B$k$?$a$N(B PKCS#12 $B!"EE;R%a!<%k%W%m%0%i%`$G;HMQ$9$k$?$a$N(B S/MIME $B>ZL@=q$J(B $B$I$H$7$F=PNO$9$k$3$H$,2DG=$G$9!#(B 3. Castellan Sentry v0.01 $B:ne$K%]%C%W%"%C(B $B%W%&%#%s%I%&$r=P$9$3$H$GCN$i$;$^$9!#$3$N%]%C%W%"%C%W$O%j%b!<%H%^%7%s$r(B $B%V%m%C%/$7$?$j!"%m%0%$%s$rL5;k$7$?$j!"D4::$r9T$C$?$j$9$k$3$H$r2DG=$H$7(B $B$^$9!#D4::$O!"(B nslookup $B$d(B DNS $B$N5U0z$-!"(BARIN$B!"$^$?$O(B NMAP $B$r;HMQ$7$?%7(B $B%s%W%k$J%]!<%H%9%-%c%s$N7k2L$rJs9p$7$^$9!#%=!<%9$,%V%m%C%/$9$Y$-$+$7$J(B $B$$$Y$-$+$rH=CG$9$k$N(B Unix $B$GMxMQ$G$-$k%j%b!<%H%;%-(B $B%e%j%F%#%9%-%c%J$G$9!#$3$l$O%^%k%A%9%l%C%I$G%W%i%0%$%s%Y!<%9$GF0:n$7!"(B $B;H$$$d$9$$(B GTK $B%$%s%?!<%U%'!<%9$r;}$A!"8=:_(B 470 $B0J>e$N%j%b!<%H%;%-%e%j(B $B%F%#%A%'%C%/$r9T$&$3$H$,$G$-$k$b$N$G$9!#(BHTML$B!"(BLaTex$B!"(BASCII $B%F%-%9%H$G(B $B%l%]!<%H$r:n@.$7!"%;%-%e%j%F%#>e$NLdBj$KBP$9$k$N2r7hJ}K!$rDs<($7$^$9!#(B 5. Lcrzoex v4.08 $B:ne$G2?$,5/$-$F$$$k$+$r8!=P$9$k$?$a$NEpD05!G=(B (7,8,9 $B$J$I(B) - $B@5>oF0:n$7$F$$$J$$%M%C%H%o!<%/%W%m%0%i%`$K$h$C$F@8@.$5$l$?%A%'%C%/%5(B $B%`$N8!::(B (16,17,18 $B$J$I(B) - $B%;%C%7%g%s$rK5qMp(B (80,81,82,83 $B$J$I(B) - $BFCJL$J%m!<%+%k%]!<%H$rMQ$$$F:n@.$5$l$?(B tcp/udp $B%/%i%$%"%s%H(B (85,89,86,93,97 $B$J$I(B) - $BHV9f4V$N@Z$jBX$((B (139,148 $B$J$I(B) - $B$=$NB>(B 6. Firewall by Jim v0.28 $B:npJs(B $B$rMxMQ$7$^$9!#@_Dj$rMF0W$K$9$k$?$a$K!"J,3d$7$?%U%!%$%k$r;HMQ$7$^$9!#(B LAN $BFb$N(B eth1 $B$H%$%s%?!<%M%C%H$N(B eth0 $B$r2p$7$FF0:n$9$k$h$&$K@_7W$5$l$F(B $B$$$^$9!#(B -- $BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B $BF#K\6)