Deprecated : The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456 SecurityFocus Newsletter #173 2002-11-25->2002-11-29
SecurityFocus Newsletter #173 2002-11-25->2002-11-29
�$B:d0f�(B@�$B%i%C%/$G$9!#�(B
SecurityFocus Newsletter �$BBh�(B 173 �$B9f$NOBLu$r$*FO$1$7$^$9!#�(B
�$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#�(B
---------------------------------------------------------------------------
BugTraq-JP �$B$K4X$9$k�(B FAQ(�$BF|K\8l�(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
�$B!&�(BSecurityFocus Newsletter �$B$NOBLu$O�(B BugTraq-JP �$B$G0lH$/$@$5$$�(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SecurityFocus Newsletter �$B$K4X$9$k�(BFAQ(�$B1Q8l�(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq �$B$K4X$9$k�(B FAQ(�$B1Q8l�(B):
http://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
---------------------------------------------------------------------------
�$B0zMQ$K4X$9$kHw9M�(B:
�$B!&$3$NOBLu$O�(B SecurityFocus �$B$N5v2D$r3t<02qe$G9T$o$l$F$$$^$9!#�(B
�$B!&�(BSecurityFocus Newsletter �$B$NOBLu$r�(B Netnews, Mailinglist, World Wide Web,
�$B=q@R�(B, �$B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#�(B
�$B!&F|K\8lHG%K%e!<%9%l%?!<�(B 1 �$B9f$+$i�(B 3 �$B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"�(B
�$B=`MQ$9$k$b$N$H$7$^$9!#�(B
�$B!&$^$?!"�(BSecurityFocus �$BDs6!$N�(B BugTraq-JP �$B%"!<%+%$%V�(B [*1] �$B$X$N$$$+$J$k7A<0$N�(B
�$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#�(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
�$B$3$NOBLu$K4X$9$kHw9M�(B:
�$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"�(BBugTraq-JP �$B$X�(B Errata �$B$H$7$F=$@5�(B
�$BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#�(B
---------------------------------------------------------------------------
This translation is encoded and posted in ISO-2022-JP.
�$B86HG�(B:
Date: Mon, 2 Dec 2002 10:20:34 -0700 (MST)
Message-ID: <Pine.LNX.4.43.0212021019550.16810-100000@mail.securityfocus.com>
SecurityFocus Newsletter #173
-----------------------------
This issue is sponsored by: Qualys
I. FRONT AND CENTER(�$BF|K\8lLu$J$7�(B)
1. SQL Injection and Oracle, Part Two
2. Secure Programming with .NET
3. When Washington Mimics Sci Fi
4. SecurityFocus DPP Program
5. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL)
II. BUGTRAQ SUMMARY
1. VBulletin Memberlist.PHP Cross Site Scripting Vulnerability
2. RealOne Player SMIL File Heap Corruption Vulnerability
3. Rational ClearCase Portscan Denial Of Service Vulnerability
4. RealPlayer Long File Name Now Playing Buffer Overflow...
5. RealPlayer RealFlash Source Loading Buffer Overflow Vulnerability
6. Open WebMail User Name Information Disclosure Vulnerability
7. Allied Telesyn Switch UDP Data Flood Management Denial Of...
8. acFTP Invalid Password Weak Authentication Vulnerability
9. acFreeProxy Cross Site Scripting Vulnerability
10. Calisto Internet Talker Denial Of Service Vulnerability
11. WSMP3 Multiple Buffer Overflow Vulnerabilities
12. Multiple Vendor fs.auto Remote Buffer Overrun Vulnerability
13. WSMP3 Remote Heap Corruption Vulnerability
14. Working Resources BadBlue Information Disclosure Vulnerability
15. Pserv HTTP POST Request Buffer Overflow Vulnerability
16. PHP-Nuke Multiple Cross Site Scripting Vulnerabilities
17. VBulletin members2.php Cross Site Scripting Vulnerability
18. NetScreen Malicious URL Filter Bypassing Vulnerability
19. NetScreen H.323 Control Session Denial Of Service Vulnerability
20. phpBB Script Injection Vulnerability
21. SSH Communications SSH Server Privilege Escalation Vulnerability
22. Web Server Creator Web Portal Remote File Include Vulnerability
23. NetScreen ScreenOS Predictable Initial TCP Sequence Number...
24. Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability
25. Working Resources BadBlue Search Page Cross Site Scripting...
26. Netscape Java canConvert() Buffer Overflow Vulnerability
27. Null HTTPD Remote Heap Corruption Vulnerability
28. Bugzilla quips Feature Cross Site Scripting Vulnerability
29. FreeNews Include Undefined Variable Command Execution...
30. AOL Instant Messenger Forced File Download Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off
2. Nasty virus Winevar insults infected users
3. Oracle in buffer overflow brown alert
4. First hackers sighted in high speed mobile phone arena
IV. SECURITYFOCUS TOP 6 TOOLS
1. MasarLabs NoArp v1.0.0
2. BW-IPFM v1.1
3. GPG-Ezmlm encrypted mailing list v0.3
4. SQUID User Management System v1.01
5. Sysload server monitor v4.5
6. pidentd v3.0.16
I. FRONT AND CENTER(�$BF|K\8lLu$J$7�(B)
---------------------------------
II. BUGTRAQ SUMMARY
-------------------
1. VBulletin Memberlist.PHP Cross Site Scripting Vulnerability
BugTraq ID: 6226
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 22 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6226
�$B$^$H$a�(B:
vBulletin �$B$O�(B PHP �$B$rMxMQ$7$F3+H/$5$l$?>&MQ$N�(B Web �$B%$%s%?%U%'!<%9$rHw$($k�(B
�$BEE;R7G<(HD5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$j!"%P%C%/%(%s%I%G!<%?%Y!<%9$H�(B
�$B$7$F�(B MySQL �$B$rMxMQ$7$F$$$k!#$3$N%=%U%H%&%'%"$OB?$/$N�(B Linux �$B$d�(B UNIX �$B$GF0�(B
�$B:n$7!"$^$?!"�(BMicrosoft Windows �$B$K$*$$$F$bF0:n$9$k!#�(B
�$B$3$N%=%U%H%&%'%"$O�(B URI �$B%Q%i%a!<%?Fb$K4^$^$l$k�(B HTML �$B%?%0$r%U%#%k%?%j%s%0�(B
�$B$7$F$$$J$$$?$a!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMxMQ$9$k967b$N1F6A�(B
�$B$,5Z$V5?$$$,$"$k!#$3$NLdBj$O�(B 'memberlist.php' �$B%9%/%j%W%H$N�(B what �$BJQ?t$X�(B
�$B;XDj$5$l$kCM$KBP$9$k%U%#%k%?%j%s%0$,IT==J,$G$"$k$?$a$K@8$8$F$$$k!#�(B
�$B$3$N7k2L!"%j%b!<%H$N967bZMQ>pJs$r@`ZMQ>pJs$O967bh$C�(B
�$B2. RealOne Player SMIL File Heap Corruption Vulnerability
BugTraq ID: 6227
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 22 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6227
�$B$^$H$a�(B:
RealPlayer �$B$*$h$S�(B RealOne Player �$B$O�(B Real Networks �$B$+$i8x3+$5$l$F$$$k1G�(B
�$BA|$*$h$S2;@<$r:F@8$9$k$?$a$N%=%U%H%&%'%"$G$"$k!#Cf$G$b�(B RealOne Player
�$B$O�(B Microsoft Windows �$B>e$GF0:n2DG=$G$"$k!#�(B
Synchronized Multimedia Integration Language (SMIL) �$B7A<0$N%U%!%$%k$r4^�(B
�$B$`%O%$%Q!<%j%s%/$K$3$N%=%U%H%&%'%"$,%"%/%;%9$9$k:]!"$3$N%=%U%H%&%'%"$O�(B
�$B$=$3$K4^$^$l$kFbMF$N:F@8$r;n$_$k!#�(B
�$B$3$N:]!"Hs>o$KD9$$J8;zNs$r%a%?%G!<%?%Q%i%a!<%?$K4^$`$h$&$J!"0-0U$"$k�(B SMIL
�$B7A<0$N%U%!%$%k$r:n@.$9$k$3$H$K$h$j!"LdBj$rJz$($k%=%U%H%&%'%"$K3d$jEv$F�(B
�$B$i$l$?%a%b%j$N%R!<%WNN0h$NFbMF$rGK2u2DG=$G$"$k!#$3$NLdBj$rMxMQ$9$k967b�(B
�$B$,@.8y$7$?>l9g!"967bpJs$r4^$`�(B
�$BIt0L$,>e=q$-$5$l$k7k2L$,0z$-5/$3$5$l$k2DG=@-$,$"$k!#$3$Nl9g!"967bBP>]$N%f!<%6$,$3$N%=%U%H%&%'%"$r3. Rational ClearCase Portscan Denial Of Service Vulnerability
BugTraq ID: 6228
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 22 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6228
�$B$^$H$a�(B:
Rational ClearCase �$B$O%=%U%H%&%'%"$N3+H/>u67$r4IM}$9$k$?$a$No5!G=$X$NI|5l$K$"$?$C$F$O�(B ClearCase �$B%5!<%S%9$N:F5/F0$,I,MW$G$"$k!#�(B
�$B$3$NLdBj$O�(B ClearCase 4.1 �$B$*$h$S�(B 2002.05 �$B$K$*$$$FH/8+$5$l$F$$$k!#�(B
4. RealPlayer Long File Name Now Playing Buffer Overflow Vulnerability
BugTraq ID: 6229
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 22 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6229
�$B$^$H$a�(B:
RealPlayer �$B$O%U%j!<$G8x3+$5$l$F$$$k�(B Real Media �$B7A<0$N2;@o$KD9$$%U%!%$%kL>$N%U%!%$%k$r:F@8$9�(B
�$B$k$h$&$K;E8~$1$i$l!"FCDj$N�(B 2 �$B$D$N=hM}$NCf$N$"$k�(B 1 �$B$D$,�(B "Now Playing" �$B%a�(B
�$B%K%e!<$Gl9g!"%P%C%U%!%*!<%P!<%U%m!<$,@8$8$k!#$3$NLdBj$K$h$j!"�(B
�$B%U%!%$%kL>$H$7$F;XDj$5$l$?FbMF$K4^$^$l$k%3!<%I$,5. RealPlayer RealFlash Source Loading Buffer Overflow Vulnerability
BugTraq ID: 6230
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 22 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6230
�$B$^$H$a�(B:
RealOne Player �$B$O%U%j!<$G8x3+$5$l$F$$$k�(B Real Media �$B7A<0$N2;@H$9$k:]$K�(B RealOne Player �$B$G�(B
�$B%P%C%U%!%*!<%P!<%U%m!<$,@8$8$kLdBj$,H/8+$5$l$F$$$k!#LdBj$rJz$($k%P!<%8%g�(B
�$B%s$N$3$N%=%U%H%&%'%"$,0-0U$"$k%W%l%<%s%F!<%7%g%s%U%!%$%k$N:F@8$r;n$_$k�(B
�$B:]!"%P%C%U%!$,%*!<%P!<%U%m!<$7!"7k2L$H$7$F%a%b%jFbMF$NGK2u$,@8$8$k!#�(B
�$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967bpJs$rCV$-49$(2DG=$K$J$k$H?d;!$5$l$k!#$3$NLdBj$K$h$j967b\:Y>pJs$O8=;~E@$G$O$^$@8x3+$5$l$F$$�(B
�$B$J$$!#K\�(B BID �$B$O$5$i$J$k>pJs$,8x3+$5$l$?;~E@$G99?7M=Dj$G$"$k!#�(B
�$BCm5-�(B:
�$BDI2CJs9p$K$h$k$H!"$3$NLdBj$KBP$9$kBP1~:v$H$7$F�(B Real Networks �$B$+$i8x3+$5�(B
�$B$l$F$$$k%Q%C%A$O$3$NLdBj$K4X$7$F$OM-8z$G$O$J$$$H$N$3$H$G$"$k!#�(B
6. Open WebMail User Name Information Disclosure Vulnerability
BugTraq ID: 6232
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 23 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6232
�$B$^$H$a�(B:
Open Webmail �$B$O%U%j!<$KMxMQ2DG=$J!"%*!<%W%s%=!<%9$N�(B Web �$B%a!<%k%"%W%j%1!<�(B
�$B%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O�(B UNIX �$B$*$h$S�(B Linux �$B$GMxMQ2DG=$G$"$k!#�(B
�$B$3$N%=%U%H%&%'%"$K$O%j%b!<%H%f!<%6$,%f!<%6L>$rC%Z;~$KBgNL$N>pJs$rO31L$7$F$7$^$&$N$G�(B
�$B$"$k!#%f!<%6$,%f!<%6L>$rF~NO$9$k:]!"$3$N%=%U%H%&%'%"$OF~NO$5$l$?%f!<%6�(B
�$BL>$NBEEv@-$r<($9>pJs$rJV$7$F$7$^$&$N$G$"$k!#$3$l$K$h$j!"%j%b!<%H%f!<%6�(B
�$B$O7+$jJV$7F1MM$N9T0Y$r9T$&$3$H$K$h$jM-8z$J%f!<%6L>$N0lMw$rF~@\E*$J1F6A$r5Z$\$9967b$r4k$F$k$?$a$KMxMQ2DG=$G�(B
�$B$"$k!#Nc$($P!"M-8z$J%f!<%6$N%Q%9%o!<%I$KBP$9$kAmEv$j967b$,5s$2$i$l$k!#�(B
7. Allied Telesyn Switch UDP Data Flood Management Denial Of Service Vulnerability
BugTraq ID: 6233
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 23 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6233
�$B$^$H$a�(B:
AT-8024 �$B$*$h$S�(B Rapier 24 �$B$O�(B Allied Telesyn �$B$+$iHNGd$5$l$F$$$k%$!<%5%M%C�(B
�$B%H4D6-8~$1$N%9%$%C%A$G$"$k!#�(B
�$B$3$l$i5!4o$K$O%j%b!<%H%f!<%6$,�(B DoS �$B967b$r4k$F$k$3$H$,2DG=$K$J$kLdBj$,B8�(B
�$B:_$9$k!#�(B
�$BFCDj$N>u672<$K$*$$$F!"LdBj$rJz$($k5!4o$O40A4$K5!G=$r<:$&2DG=@-$,$"$k!#�(B
�$BBgNL$N�(B UDP �$B%9%H%j!<%`%G!<%?$,$3$l$i5!4o$XAw?.$5$l$?>l9g!"5!4o$OF0:nITG=�(B
�$B>uBV$K4Y$C$F$7$^$&!#Js9p$K$h$k$H!"$3$N7$-!"$^$?!"%k!<%F%#%s%05!G=$rDd;_$5$;$F$7$^$&2DG=@-$,$"$k!#�(B
�$B$3$NLdBj$rMxMQ$9$k967b$O�(B UDP �$B$N%H%i%U%#%C%/$rH/@8$5$;$k$3$H$K$h$jl9g$Kl9g$K8. acFTP Invalid Password Weak Authentication Vulnerability
BugTraq ID: 6235
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6235
�$B$^$H$a�(B:
acFTP �$B$O%U%j!<$KMxMQ2DG=$J!"�(BMicrosoft Windows �$B8~$1$K@_7W$5$l$?�(B FTP �$B%5!<�(B
�$B%P$G$"$k!#�(B
acFTP �$B$K$OLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"$3$N%=%U%H%&%'%"$OIT@5$J�(B
�$B%Q%9%o!<%I$G$N%f!<%6G'>Z$,2DG=$G$"$k!#�(B
�$B967b$N%P!<%8%g%s$bF1MM$NLdBj�(B
�$B$rJz$($F$$$k$+$I$&$+$K$D$$$F$OL$>\$G$"$k!#�(B
9. acFreeProxy Cross Site Scripting Vulnerability
BugTraq ID: 6236
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6236
�$B$^$H$a�(B:
acFTP �$B$O%U%j!<$KMxMQ2DG=$J!"�(BMicrosoft Windows �$B8~$1$K@_7W$5$l$?�(B FTP �$B%5!<�(B
�$B%P$G$"$k!#�(B
�$BJs9p$K$h$k$H!"�(B acFreeProxy �$B$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMxMQ$9�(B
�$B$k967b$N1F6A$,5Z$V5?$$$,$"$k!#e$G$$$+$J$k%I%a%$%s$N%;%-%e%j%F%#%3%s�(B
�$B%F%-%9%H$G$bZMQ>pJs$r$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$�(B
�$B$k%5!<%P$N@5Ev$J%f!<%6$+$i@`ZMQ>pJs$O967bh$C10. Calisto Internet Talker Denial Of Service Vulnerability
BugTraq ID: 6238
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6238
�$B$^$H$a�(B:
Calisto �$B$O%j%b!<%H$N%f!<%6$,�(B telnet �$B$b$7$/$O�(B chat �$B$r;HMQ$7$F%5!<%P$K@\B3�(B
�$B$9$k$N$KMxMQ2DG=$J�(B Internet Talker �$B$G$"$k!#�(B
�$B$3$N%=%U%H%&%'%"$KLdBj$,H/8+$5$l$F$*$j!"7k2L$H$7$F�(B DoS �$B>uBV$K4Y$k2DG=@-�(B
�$B$,B8:_$9$k!#�(B 512 byte �$B0J>e$N%G!<%?$rLdBj$rJz$($k%G!<%b%s$K0z$-EO$9$3$H$G�(B
�$B$3$N>uBV$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#$3$NLdBj$rMxMQ$9$k$3$H$K$h$j967b�(B
�$BBP>]$N%W%m%;%9$,Dd;_$9$k$H?d;!$5$l$k!#�(B
Calisto �$B$O%/%i%C%7%e$7$?:]!"DL>o�(B autorun �$B%7%'%k%9%/%j%W%H$N;HMQ$r2p$7$F�(B
�$BI|5l$9$kE@$KN10U$9$Y$-$G$"$k!#�(B Calisto �$B%W%m%;%9$,%/%i%C%7%e$G$O$J$/Dd;_�(B
�$B$9$k>l9g$K$O�(B autorun �$B%9%/%j%W%H$O5/F0$7$J$$$?$a!"%5!<%S%9$rI|5l$9$k$?$a�(B
�$B$K$O%5!<%P$NZ$G$"$k!#�(B
11. WSMP3 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 6239
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6239
�$B$^$H$a�(B:
WSMP3 �$B$O�(B MP3 �$B7A<0$N%U%!%$%k$N%9%H%j!<%_%s%0G[?.$r9T$&$?$a$KMxMQ2DG=$J%U%j!<�(B
�$B$GMxMQ2DG=$J%5!<%P%=%U%H%&%'%"$G$"$k!#�(B
WSMP3 �$B$K$O$$$/$D$+$N%P%C%U%!%*!<%P!<%U%m!<>uBV$rH/@8$9$kLdBj$,Js9p$5$l$F�(B
�$B$$$k!#$3$NLdBj$O%m!<%+%k%P%C%U%!$K%G!<%?$,%3%T!<$5$l$k:]$K==J,$J6-3&%A%'%C�(B
�$B%/$r9T$o$J$$$3$H$KM3Mh$9$k!#$3$NLdBj$O�(B web_server.c �$B%U%!%$%kFb$KB8:_$9$k!#�(B
�$B967be$NJ8;zNs$+$i$J$k%j%/%(%9%H$rLdBj$rJz$($k�(B
�$B%5!<%P$KAw?.$9$k$3$H$G!"$3$NLdBj$rMxMQ2DG=$J967b$r4k$F$k$3$H$,2DG=$G$"$k!#�(B
�$B$3$N967b$O%P%C%U%!%*!<%P!<%U%m!<>uBV$r0z$-5/$3$7!"7k2L%a%b%jFbMF$NGK2u$r�(B
�$B$b$?$i$9!#=EMW$J%a%b%j$r0U?^E*$K:n@.$5$l$?CM$K>e=q$-$9$k$3$H$G967b]$N%7%9%F%`>e$GG$0U$N%3!<%I$r12. Multiple Vendor fs.auto Remote Buffer Overrun Vulnerability
BugTraq ID: 6241
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6241
�$B$^$H$a�(B:
�$BJ#?t$N%Y%s%@$+$iDs6!$5$l$F$$$k�(B OS �$B$K$O%G%U%)%k%H$G�(B XFS �$B%U%)%s%H%5!<%P!"�(B
fs.auto �$B$,F1:-$5$l$F$$$k$b$N$,$"$k!#$3$N%5!<%S%9$O�(B X Window �$B4D6-4V$G%M%C�(B
�$B%H%o!<%/1[$7$K%U%)%s%H>pJs$r6&M-$9$k$N$KMxMQ2DG=$G$"$k!#�(B
fs.auto �$B$K$O%j%b!<%H$N967buBV$r0z$-5/$3$92DG=�(B
�$B@-$,$"$k$3$H$,Js9p$5$l$F$$$k!#Js9p$K$h$k$H!"$3$NLdBj$O=EMW$J%a%b%j%3%T!<�(B
�$B=hM}$K@hN)$A!"%/%i%$%"%s%H$+$iM?$($i$l$?%G!<%?$KBP$7$F==J,$K6-3&%A%'%C%/�(B
�$B$r9T$o$J$$$?$a$K@8$8$F$$$k!#�(B
�$B0-0U$"$k%j%b!<%H$N%/%i%$%"%s%H$O$3$NLdBj$rMxMQ$7$F0U?^E*$K:n@.$7$?�(B XFS
�$B%j%/%(%9%H$rAw?.$9$k$3$H$G967bBP>]$N%[%9%H>e$G%3!<%I$r]%[%9%H$N%m!<%+%k%"%/%;%98"8B$rC%13. WSMP3 Remote Heap Corruption Vulnerability
BugTraq ID: 6240
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6240
�$B$^$H$a�(B:
WSMP3 �$B$O�(B MP3 �$B7A<0$N%U%!%$%k$N%9%H%j!<%_%s%0G[?.$r9T$&$?$a$KMxMQ2DG=$J%U%j!<�(B
�$B$GMxMQ2DG=$J%5!<%P%=%U%H%&%'%"$G$"$k!#�(B
WSMP3 �$B$K$O%j%b!<%H$N967be=q$-$5$l$k$3$H$K$h$j%j%b!<%H$N967bH$5$l$k:]$K967bl9g!"7k2L$H$7$F%j%b!<%H$+$iG$0U$N%3!<�(B
�$B%I$,14. Working Resources BadBlue Information Disclosure Vulnerability
BugTraq ID: 6243
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6243
�$B$^$H$a�(B:
BadBlue �$B$O�(B Working Resources �$B$K$h$C$FG[I[$5$l$k�(B P2P �$B%U%!%$%k6&M-%"%W%j�(B
�$B%1!<%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O�(B Microsoft Windows �$B4D6-$GMxMQ$5$l�(B
�$B$k$h$&$K@_7W$5$l$F$$$k!#�(B
�$B$3$N%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"%j%b!<%H$N967bpJs$r�(B
�$BO31L2DG=$G$"$k!#�(B
�$B>pJs$rO31L$7$F$7$^$&LdBj$,%G%U%)%k%H$G�(B BudBlue �$B$KF1:-$5$l$F$$$k�(B PHP �$B%9�(B
�$B%/%j%W%H$GH/8+$5$l$F$$$k!#$3$NLdBj$rJz$($k�(B 'soinfo.php' �$B%9%/%j%W%H$O�(B
'phpinfo()' �$B4X?t$rpJs$K%"%/%;%9$,2DG=$G$"$k!#�(B
�$B$J$*!"La$5$l$k>pJs$K$O�(B ODBC �$B%Q%9%o!<%I$N$h$&$J=EMW$J>pJs$,4^$^$l$k$H?d�(B
�$B;!$5$l$k!#�(B
�$B$3$NJ}K!$K$h$k=EMW$J>pJs$rO31L$5$;$k$3$H$K$h$j!"967b]$N�(B
�$B%7%9%F%`$KBP$9$k99$J$k967b$NJd=u]$N�(B BadBlue �$B%5!<%P>e$G�(B PHP �$B%9%/%j%W%H�(B
�$B$,MxMQ2DG=$K@_Dj$5$l$F$$$kI,MW$,$"$kE@$KN10U$9$Y$-$G$"$k!#�(B
15. Pserv HTTP POST Request Buffer Overflow Vulnerability
BugTraq ID: 6242
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6242
�$B$^$H$a�(B:
Pserv (Pico Server) �$B$O!"�(BLinux �$B$*$h$S�(B UNIX �$BMQ$K@_7W$5$l$?!"%U%j!<$G8x3+$5�(B
�$B$l$F$$$k�(B Web �$B%5!<%P$G$"$k!#�(B
Pserv �$B$K$O%P%C%U%!%*!<%P!<%U%m!<$NLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"0-�(B
�$B0U$"$k�(B HTTP �$B%j%/%(%9%H$r:n@.$9$k$3$H$G!"%m!<%+%k%P%C%U%!%*!<%P!<%U%m!<$r�(B
�$BH/@8$5$;$k$3$H$,2DG=$G$"$k!#�(B
�$B%f!<%6$,M?$($?0-0U$"$k�(B HTTP �$B$N�(B POST �$B%j%/%(%9%HFb$K4^$^$l$F$$$k!"�(B'\n' �$B$K�(B
�$B4X$9$k=|30=hM}$K4X$9$k%f!<%6$+$iM?$($i$l$?CM$X$NBEEv@-$N3NG'$,IT==J,$G�(B
�$B$"$k$?$a$K!"�(Btoken �$B$N=hM}$K4X$9$k%P%C%U%!$r>e=q$-2DG=$G$"$k!#�(B
�$B$3$NLdBj$rMxMQ$7$?967b$K$h$j�(B DoS �$B$K4Y$k2DG=@-$,$"$k!#$J$*!"$3$l$OL$3NG'�(B
�$B$G$"$k$,!"967b16. PHP-Nuke Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 6244
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6244
�$B$^$H$a�(B:
PHPNuke �$B$O�(B Web �$B%$%s%?%U%'!<%9$rHw$($k%]!<%?%k%7%9%F%`$G$"$k!#�(BPHP �$B$rMxMQ�(B
�$B$7$F$N%b%8%e!<%k4V$GMxMQ$5$l$k�(B PM �$B%b%8%e!<%k$,4^$^$l$k!#$3$NLd�(B
�$BBj$O�(B HTML �$B%?%0A4$F$KBP$9$k%U%#%k%?%j%s%0$,IT==J,$G$"$k$?$a$K@8$8$F$$$k!#�(B
�$B967b]$H$J$k%f!<%6$,0-0U$"$k%O%$%Q!<%j%s%/$rC)$k$h$&$K;E8~$1$k�(B
�$B$3$H$G!"$3$NLdBj$rMxMQ$7$?967b$r4k$F$k2DG=@-$,$"$k!#967bZMQ>pJs$r@`�(B
�$B]$H$J$k%f!<%6$H$7$FG$0U$NA`:n$r9T$&$3$H$,2DG=$G$"$k$H�(B
�$B?d;!$5$l$k!#�(B
�$B$3$l$i$NLdBj$O�(B PHP-Nuke 6.5b1 �$B$*$h$S$=$l0JA0$N%P!<%8%g%s$GJs9p$5$l$F$$$k!#�(B
17. VBulletin members2.php Cross Site Scripting Vulnerability
BugTraq ID: 6246
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6246
�$B$^$H$a�(B:
vBulletin �$B$O�(B PHP �$B$rMxMQ$7$F3+H/$5$l$?>&MQ$N�(B Web �$B%$%s%?%U%'!<%9$rHw$($k�(B
�$BEE;R7G<(HD5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$j!"%P%C%/%(%s%I%G!<%?%Y!<%9$H�(B
�$B$7$F�(B MySQL �$B$rMxMQ$7$F$$$k!#$3$N%=%U%H%&%'%"$OB?$/$N�(B Linux �$B$d�(B UNIX �$B$GF0�(B
�$B:n$7!"$^$?!"�(BMicrosoft Windows �$B$K$*$$$F$bF0:n$9$k!#�(B
$perpage �$BJQ?t$OEE;R7G<(HD$K5-=R$5$l$?%9%l%C%I$rNs5s$9$kJ}K!$r4IM}$9$k$?�(B
�$B$a$K;HMQ$5$l$k!#$3$NJQ?t$NCM$O0J8e$N=hM}$G%G!<%?%Y!<%9Fb$N%l%3!<%I$+$i�(B
�$BCM$rl9g$K$O%(%i!<%Z!<%8$,@8@.$5$l$k!#$7$+$7!"%(%i!<%Z!<%8$N�(B
�$B@8@.=hM}$K$*$$$F!"�(B$perpage �$BJQ?t$NCM$KBP$9$k%U%#%k%?%j%s%0$,IT==J,$G$"$k�(B
�$B$?$a!"7k2L$H$7$F%(%i!<%Z!<%8$KAH$_9~$^$l$k$h$&$K$3$NJQ?t$K%9%/%j%W%H$r�(B
�$BCmF~$9$k$3$H$,2DG=$G$"$k!#�(B
�$B$3$N7k2L!"%j%b!<%H$N967bZMQ>pJs$r@`ZMQ>pJs$O967bh$C�(B
�$B18. NetScreen Malicious URL Filter Bypassing Vulnerability
BugTraq ID: 6245
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6245
�$B$^$H$a�(B:
NetScreen �$B$O!"%U%!%$%"%&%)!<%k!"�(BVPN �$B!"%H%i%U%#%C%/4IM}5!G=$rE}9g$7$?!"�(B
�$B%$%s%?!<%M%C%H%;%-%e%j%F%#%"%W%i%$%"%s%9@=IJ72$G$"$k!#�(BScreenOS �$B$O!"%U%!�(B
�$B%$%"%&%)!<%k$N4IM}!"@_Dj$K;HMQ$5$l$k%=%U%H%&%'%"$G$"$k!#�(B
�$B$3$N@=IJ$O�(B Windows 95�$B!"�(B98�$B!"�(BME�$B!"�(BWindows NT�$B!"�(BWindows 2000 �$B$r%5%]!<%H$7$F�(B
�$B$$$k!#$3$N@=IJ$K$OLdBj$,H/8+$5$l$F$$$k!#�(B
�$B4IM}e$N%[%9%H$NDL>o%"�(B
�$B%/%;%9IT2DG=$J�(B URL �$B$X%"%/%;%9$9$k$?$a$K!"$3$NLdBj$rMxMQ$7$?967b$r4k$F$k�(B
�$B$3$H$,2DG=$G$"$k!#�(B
�$B$3$NLdBj$O!"�(BScreenOS v3.0.1r2.0 �$B$r;HMQ$7$F$$$k�(B NetScreen �$B%"%W%i%$%"%s%9�(B
�$B@=IJ$GJs9p$5$l$F$$$?!#�(BScreenOS �$B$N8E$$%P!<%8%g%s$K$bF1MM$NLdBj$,B8:_$9$k�(B
�$B2DG=@-$,$"$k!#�(B
19. NetScreen H.323 Control Session Denial Of Service Vulnerability
BugTraq ID: 6250
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6250
�$B$^$H$a�(B:
NetScreen �$B$O!"%U%!%$%"%&%)!<%k!"�(BVPN �$B!"%H%i%U%#%C%/4IM}5!G=$rE}9g$7$?!"�(B
�$B%$%s%?!<%M%C%H%;%-%e%j%F%#%"%W%i%$%"%s%9@=IJ72$G$"$k!#�(BScreenOS �$B$O!"%U%!�(B
�$B%$%"%&%)!<%k$N4IM}!"@_Dj$K;HMQ$5$l$k%=%U%H%&%'%"$G$"$k!#�(B
�$B$3$N@=IJ$O�(B Windows 95�$B!"�(B98�$B!"�(BME�$B!"�(BWindows NT�$B!"�(BWindows 2000 �$B$r%5%]!<%H$7$F�(B
�$B$$$k!#$3$N@=IJ$K$OLdBj$,H/8+$5$l$F$$$k!#�(B
H.323 �$B$O!"1GA|$*$h$S2;@<$rMxMQ$7$?EE;R2q5D$N$?$a$N%"%W%j%1!<%7%g%sMQ$K!"�(B
�$BFCDj$N�(B QoS (Quality of Service) �$B$rJ]>Z$9$k%M%C%H%o!<%/5,3J$G$"$k!#�(B
H.323 �$B%3%s%H%m!<%k%;%C%7%g%s$N=hM}$ruBV$K4Y$kLdBj$,Js9p$5$l$F$$$k!#$3$NLdBj$O4{B8$N%O!<%U�(B
�$B%*!<%W%s$J>uBV$N�(B H.323 �$B%3%s%H%m!<%k%;%C%7%g%s$r40A4$K=|5n$7$J$$$3$H$K$h�(B
�$B$j@8$8$k!#:G=*E*$KA4$F$N%U%!%$%"%&%)!<%k$N%;%C%7%g%s%F!<%V%k%(%s%H%j$r�(B
�$B>CHq$7?T$/$97k2L$H$J$jF@$k!#�(B
�$B$3$NLdBj$O�(B NetScreen �$B%"%W%i%$%"%s%9@=IJ$KBP$7$F�(B H.323 �$B$b$7$/$O�(B Netmeeting
�$B%H%i%U%#%C%/$NE>Aw$rL@<(E*$K5v2D$9$k@_Dj$K$7$F$$$k>l9g$K$N$_1F6A$r5Z$\�(B
�$B$9$H$NJs9p$,$"$k!#�(B
�$B$3$NLdBj$O�(B ScreenOS 2.8 �$B0J9_$N%P!<%8%g%s$KBP$7$F$N$_1F6A$r5Z$\$9!#�(B
20. phpBB Script Injection Vulnerability
BugTraq ID: 6248
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6248
�$B$^$H$a�(B:
phpBB2 �$B$O�(B PHP �$B8@8l$rMxMQ$7$F3+H/$7$?%*!<%W%s%=!<%9$N!"�(BWeb �$B%$%s%?%U%'!<�(B
�$B%9$rHw$($?EE;R7G<(HD5!G=$rDs6!$9$k%"%W%j%1!<%7%g%s$G$"$k!#$3$N%=%U%H%&%'�(B
�$B%"$OMM!9$J%G!<%?%Y!<%9@=IJ$KBP1~$7$F$$$k!#$3$N%=%U%H%&%'%"$OMM!9$J�(B UNIX
�$B$d�(B Linux �$B$GF0:n$7!"$^$?!"�(BMicrosoft Windows �$B4D6-$G$bF0:n2DG=$G$"$k!#�(B
�$B$3$N%=%U%H%&%'%"$O!"EE;R7G<(HD$NEj9FFbMF$K4^$^$l$k�(B HTML �$B%?%0$d%9%/%j%W�(B
�$B%H$KBP$9$k%U%#%k%?%j%s%0$r==J,$K9T$C$F$$$J$$!#$3$N$?$a$K!"%f!<%6$OEE;R�(B
�$B7G<(HD$X$NEj9FFbMF$K0-0U$"$k%9%/%j%W%H$rCmF~2DG=$G$"$k$H?d;!$5$l!"$5$i�(B
�$B$K$O$3$NZMQ>pJs$r4^$`!"�(BCookie �$BFb$N>pJs$X$N%"�(B
�$B%/%;%9$,2DG=$G$"$j!"967b;~E@$GG'>Z:Q$_$N%f!<%68"8B$GLdBj$rJz$($k%5%$%H�(B
�$B>e$G$N9T0Y$r4k$F$k$3$H$,2DG=$G$"$k!#�(B
21. SSH Communications SSH Server Privilege Escalation Vulnerability
BugTraq ID: 6247
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6247
�$B$^$H$a�(B:
Secure Shell �$B$O�(B SSH Communications �$B$K$h$C$FJ]&MQ$N�(B SSH
�$B$N:3J$r0z$-5/$3$9Ld�(B
�$BBj$,B8:_$9$k$3$H$r8xI=$7$?!#�(B
setsid() �$B4X?t$O%U%)!<%/$5$l$?%W%m%;%9MQ$N?7$7$$%W%m%;%9%0%k!<%W$r:n@.$9�(B
�$B$k$?$a$K;HMQ$5$l$k!#$7$+$7!"LdBj$rJz$($k%P!<%8%g%s$N�(B SSH �$B%5!<%P$G$OHsBP�(B
�$BOC$N�(B SSH �$B%;%C%7%g%s$r9T$&$K$"$?$C$F!"�(Bsetsid() �$B4X?t$N=hM}$r<:GT$7!"7k2L�(B
�$B$H$7$F?F%W%m%;%9%0%k!<%WFb$N%f!<%6%W%m%;%9$,%f!<%6L>�(B 'root' �$B$rJ];}$7$?�(B
�$B$^$^$G$"$k$3$H$,Js9p$5$l$?!#�(B
�$BNc$($P!"�(B*BSD �$BM3Mh$N�(B getlogin() �$B4X?t$K0MB8$9$k$h$&$J!"%m%0%$%sL>$KBP1~$9�(B
�$B$k8"8B$r3NG'$9$k%W%m%0%i%`$rMxMQ$9$k$3$H$K$h$j!"8"8B$N>:3J$rH<$&MM!9$J�(B
�$B9T0Y$r4k$F$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#�(B
�$B$3$NLdBj$rMxMQ$7$?967b$N7k2L$O!"�(BSSH �$B%5!<%P$r2TF0$5$;$F$$$k�(B OS �$B$K0MB8$9�(B
�$B$k!#�(B
�$B$3$NLdBj$rMxMQ$9$k967b$r9T$&$?$a$K$O!"967b]$H$J$k%7%9%F%`>e�(B
�$B$N%m!<%+%k%"%+%&%s%H$rJ];}$7$F$$$J$1$l$P$J$i$J$$!#�(B
22. Web Server Creator Web Portal Remote File Include Vulnerability
BugTraq ID: 6251
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6251
�$B$^$H$a�(B:
Web Server Creator �$B$O�(B PHP �$B$rMxMQ$7$F3+H/$5$l$?!"EE;R7G<(HD!"%A%c%C%H!"�(B
�$B%2%9%H%V%C%/$*$h$S%K%e!<%95!G=$r;}$D%]!<%?%k%7%9%F%`$G$"$k!#$3$N%=%U%H�(B
�$B%&%'%"$O�(B Microsoft Windows�$B!"�(BLinux �$B$*$h$S�(B UNIX �$B$GMxMQ2DG=$G$"$k!#�(B
Web Server Creator Web Portal �$B$O!"%j%b!<%H$N967be�(B
�$B$KB8:_$9$k!"0U?^$9$k%U%!%$%k$r%$%s%/%k!<%I2DG=$G$"$k$H?d;!$5$l$kLdBj$r�(B
�$BJz$($k5?$$$,$"$k!#$3$NLdBj$O�(B customize.php �$B$*$h$S�(B index.php �$B%9%/%j%W%H�(B
�$B%U%!%$%k$K4^$^$l$k!#�(B
�$B967be$K0LCV$9$k!"0-0U$r;}$C$F:n@.$7$?%U%!%$%k%Q%9$rM?$($k$3�(B
�$B$H$K$h$j$3$NLdBj$rMxMQ$9$k967b$r9T$&$3$H$,2DG=$G$"$k!#�(B
�$B%j%b!<%H$N%U%!%$%k$,�(B PHP �$B%9%/%j%W%H$G$"$k>l9g!"�(BWeb �$B%5!<%P$HF13J$N8"8B$G�(B
�$B967bl9g!"967b23. NetScreen ScreenOS Predictable Initial TCP Sequence Number Vulnerability
BugTraq ID: 6249
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6249
�$B$^$H$a�(B:
NetScreen �$B$O!"%U%!%$%"%&%)!<%k!"�(BVPN �$B!"%H%i%U%#%C%/4IM}5!G=$rE}9g$7$?!"�(B
�$B%$%s%?!<%M%C%H%;%-%e%j%F%#%"%W%i%$%"%s%9@=IJ72$G$"$k!#�(BScreenOS �$B$O!"%U%!�(B
�$B%$%"%&%)!<%k$N4IM}!"@_Dj$K;HMQ$5$l$k%=%U%H%&%'%"$G$"$k!#�(B
�$B$3$N@=IJ$O�(B Windows 95�$B!"�(B98�$B!"�(BME�$B!"�(BWindows NT�$B!"�(BWindows 2000 �$B$r%5%]!<%H$7$F�(B
�$B$$$k!#�(B
NetScreen �$B$O�(B ScreenOS �$B$,�(B TCP �$B%7!<%1%s%9HV9f$N=i4|CM$r@8@.$9$k$?$a$KMxMQ�(B
�$B$7$F$$$k%"%k%4%j%:%`$NLdBj$r8xI=$7$?!#�(BTCP �$B%7!<%1%s%9HV9f$,M=B,2DG=$G$"�(B
�$B$k$?$a$K!"%j%b!<%H$N967bZpJs$r2~$6$s$7$?$j@`h$C24. Netscape/Mozilla POP3 Mail Handler Integer Overflow Vulnerability
BugTraq ID: 6254
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 26 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6254
�$B$^$H$a�(B:
Netscape Communicator �$B$*$h$S�(B Mozilla �$B%V%i%&%6$OEE;R%a!<%k$KBP1~$7$F$*$j!"�(B
POP3 �$B%5!<%P$r2p$7$FEE;R%a!<%k$ro$KBg$-$J@0?tCM$rM?$($k$3$H$K$h$j!"@0?tCM$N%*!<%P!<�(B
�$B%U%m!<$r0z$-5/$3$7!"Hs>o$K>.$5$$%P%C%U%!$r3d$jEv$F$k$3$H$,2DG=$G$"$k$H�(B
�$B?d;!$5$l$k!#967bl9g!"%P%C%U%!�(B
�$B%*!<%P!<%U%m!<$,H/@8$9$k2DG=@-$,$"$k!#�(B
�$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b25. Working Resources BadBlue Search Page Cross Site Scripting Vulnerability
BugTraq ID: 6253
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 25 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6253
�$B$^$H$a�(B:
BadBlue �$B$O�(B Working Resources �$B$K$h$C$FG[I[$5$l$k�(B P2P �$B%U%!%$%k6&M-%"%W%j�(B
�$B%1!<%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O�(B Microsoft Windows �$B4D6-$GMxMQ$5$l�(B
�$B$k$h$&$K@_7W$5$l$F$$$k!#�(B
�$B$3$N%=%U%H%&%'%"$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMxMQ$9$k967b$r�(B
�$Be$2$k!#%f!<%6$,$3$N%=%U%H%&%'%"$N8!:wMQ%$%s%?%U%'!<%9�(B
�$B$rMxMQ$7$F8!:w$r9T$&:]$K!"�(BISAPI �$B4XO"$N�(B DLL �$B$G$"$k�(B ext.dll �$B$,$3$N%=%U%H�(B
�$B%&%'%"$N8!:w=hM}$r7$/$h$&$J�(B URL �$B$r:n@.$9$k$3$H$,2DG=�(B
�$B$G$"$k$H?dB,$5$l$k!#�(B
�$B$3$NLdBj$K$h$j!"�(BBadBlue �$B%5!<%P$HF13J$N0U?^$9$k%;%-%e%j%F%#%3%s%F%-%9%H�(B
�$B$G%9%/%j%W%H$,26. Netscape Java canConvert() Buffer Overflow Vulnerability
BugTraq ID: 6256
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 26 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6256
�$B$^$H$a�(B:
Netscape Communications Corp. �$B$,8x3+$7$F$$$k�(B Netscape Communicator �$B$O9-�(B
�$BHO0O$GMxMQ$5$l$F$$$k�(B Web �$B%V%i%&%6�(B (Navigator)�$B!"EE;R%a!<%k%/%i%$%"%s%H!"�(B
�$B%K%e!<%9%/%i%$%"%s%H!"$*$h$S%"%I%l%9D"$rF1:-$7$F$$$k%Q%C%1!<%8$G$"$k!#�(B
Netscape 4 �$B$N�(B Java �$B$Ne$N�(B canConvert() �$B%a%=%C%I$r8F$S=P�(B
�$B$9$3$H$K$h$j%*!<%P!<%U%m!<$r0z$-5/$3$92DG=@-$,$"$k!#�(B
new WDefaultFontCharset(long_string).canConvert('x');
�$B$J$*!"$3$N:]0U?^E*$J%3!<%I$,�(B Web �$B%V%i%&%6$N%;%-%e%j%F%#%3%s%F%-%9%H$Ge$G2TF0$9$k�(B Netscape 4 �$B$X1F6A$r5Z$\$9$3$H�(B
�$B$,Js9p$5$l$F$$$k!#�(B
27. Null HTTPD Remote Heap Corruption Vulnerability
BugTraq ID: 6255
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 26 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6255
�$B$^$H$a�(B:
Null httpd �$B$O7ZNL7?$G$"$j!"$^$?!"%^%k%A%9%l%C%I$GF0:n$9$k�(B Linux �$B$H�(B
Microsoft Windows �$B8~$1$N�(B Web �$B%5!<%P$G$"$k!#$3$N%=%U%H%&%'%"$O�(B NullLogic
�$B$K$h$C$FJ]e$N�(B POST �$B%G!<%?$rAw?.$9$k$H%5!<%P$O%=%1%C%H$+$iB>$N�(B 1024
�$B%P%$%H$rFI$_9~$`2DG=@-$,$"$k!#967bl9g!"�(B2 �$BHVL\$N%Q%1%C%H$N%G!<%?$rFI$_9~$`:]$K%P%C%U%!%*!<%P!<�(B
�$B%U%m!<$r@8$8$k2DG=@-$,$"$k!#$3$NLdBj$O%M%C%H%o!<%/$+$i%G!<%?$re=q$-$9$k$3$H$G$3�(B
�$B$N>u67$r0-MQ$9$k$3$H$,2DG=$H$J$k!#$3$NLdBj$K$h$j0U?^E*$J%3!<%I$,28. Bugzilla quips Feature Cross Site Scripting Vulnerability
BugTraq ID: 6257
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 26 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6257
�$B$^$H$a�(B:
Bugzilla �$B$O%U%j!<$GF~e$G%f!<%6$,M?$($k%3%a%s%H$rC;$/CV$-49$($k$h$&@_�(B
�$B7W$5$l$F$$$k!#Js9p$K$h$k$H�(B Bugzilla �$B$O%f!<%6$K$h$jAw?.$5$l$?A4$F$NF~NO�(B
�$B$KE,@Z$J%U%#%k%?%j%s%0$r9T$o$J$$!#�(B
�$B7k2L$H$7$F!"�(BBugzilla �$B$,2TF0$7$F$$$k�(B Web �$B%5!<%P$N%3%s%F%-%9%HFb$G%j%b!<�(B
�$B%H$N967bZMQ>pJs$r:q29. FreeNews Include Undefined Variable Command Execution Vulnerability
BugTraq ID: 6258
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 26 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6258
�$B$^$H$a�(B:
FreeNews �$B$O%U%j!<$KMxMQ2DG=$J%*!<%W%s%=!<%9$N%M%C%H%K%e!<%9%=%U%H%&%'%"�(B
�$B%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O�(B PHP �$B$rMxMQ$7$F3+H/$5$l!"�(BUNIX �$B$*$h�(B
�$B$S�(B Linux �$B>e$GMxMQ$9$k$h$&$K@_7W$5$l$F$$$k!#�(B
FreeNews �$B$K$O%3%^%s%I$Ne$G2TF0$5$l$F�(B
�$B$$$k$3$N�(B Web �$B%"%W%j%1!<%7%g%s$X0U?^$9$k%U%!%$%k$rAH$_9~$^$;$k$3$H$,2DG=�(B
�$B$H$J$k!#$3$N7k2L!"%j%b!<%H%f!<%6$O%m!<%+%k4D6-$G%3%^%s%I$rl=j$KJQ?t�(B chemin �$B$NCM$rDj5A$9$k$3$H$K$h$j!"%m!<%+%k$N�(B
�$B%3%s%T%e!<%?$G%3%^%s%I$rpJs$rO31L$5$;$k$?$a$KMxMQ$5$l$k2DG=@-$,$"�(B
�$B$k!#�(B
30. AOL Instant Messenger Forced File Download Vulnerability
BugTraq ID: 6259
�$B%j%b!<%H$+$i$N:F8=@-�(B: �$B$"$j�(B
�$B8xI=F|�(B: Nov 26 2002 12:00AM
�$B4XO"$9$k�(BURL:
http://www.securityfocus.com/bid/6259
�$B$^$H$a�(B:
AOL Instant Messenger (AIM) �$B$O�(B MacOS �$B$*$h$S�(B Microsoft Windows �$B$r4^$`MM!9�(B
�$B$J%W%i%C%H%U%)!<%`$GMxMQ2DG=$J%$%s%9%?%s%H%a%C%;!<%8%/%i%$%"%s%H$G$"$k!#�(B
AIM �$B$O%j%b!<%H%f!<%6$,�(B AIM �$B$N%f!<%6$KDLCN$9$k$3$H$J$/6&M-%U%!%$%k$r%@%&�(B
�$B%s%m!<%I$5$;$k$3$H$,2DG=$K$J$k%*%W%7%g%s$rHw$($F$$$k!#$3$N%*%W%7%g%s$O�(B
�$B%j%b!<%H$N967b]$N%f!<%6$K0-0U$"$k%U%!%$%k$rG'>Z9T0Y$r<($9$3�(B
�$B$H$J$/%@%&%s%m!<%I$5$;$F$7$^$&LdBj$rJz$($F$$$k!#�(B
�$B967b]$N%f!<%6$X�(B USER.lst �$B%U%!%$%k$r%@%&%s%m!<%I$5$;$k>l9g!"�(B
�$B0U?^E*$J%U%!%$%k$N%U%!%$%kL>$r�(B USER.lst �$B$KJQ99$7!"JQ99$7$?%U%!%$%k$r�(B
�$B6/@)E*$K967bBP>]$N%f!<%6$K%@%&%s%m!<%I$5$;$i$l$k2DG=@-$,$"$k!#$3$NLd�(B
�$BBj$rMxMQ$9$k967b$,9T$o$l$?>l9g!"G'>Z$NA0$NDL9p$,9T$o$l$k$3$H$J$/%@%&�(B
�$B%s%m!<%I$,3+;O$5$l$k!#�(B
�$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"967b]$N%O!<%I%G%#%9%/$rHs>o$K�(B
�$BBg$-$J%U%!%$%k$G0lGU$K$9$k2DG=@-$,$"$k!#�(B
III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. 'Hacking Challenge' Winners Allege $43,000 Contest Rip-Off
�$BCxH=$N9b$$@$3&E*$J%3%s%F%9%H$G@$3&$NOS$K<+?H$,$"$k?M!9�(B
�$B$XF1!^6b$N;YJ'$$$r$^$@BT$C$F�(B
�$B$$$k$H8l$C$?!#�(B
Argus �$Be$N$b$N$rER$1$?$N$@$m$&$+!#�(B
http://online.securityfocus.com/news/1717
2. Nasty virus Winevar insults infected users
�$BCxhttp://online.securityfocus.com/news/1726
3. Oracle in buffer overflow brown alert
�$BCxb$rLD$i$7$F$$$k!#$3$N$K2C$($F!"�(B
Oracle 9i �$B$N�(B iSQL*Plus �$B%b%8%e!<%k$,Jz$($k%P%C%U%!%*!<%P!<%U%m!<$r@8$8$k�(B
�$BLdBj$K$h$j!"967bhttp://online.securityfocus.com/news/1725
4. SMS security risks highlighted by Friends Reunited hacking case
�$BCx7�(B
�$B$$$?;dE*$J%F%-%9%H%a%C%;!<%8$N8xI=$r>7$$$?!#�(B
http://online.securityfocus.com/news/1724
IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. MasarLabs NoArp v1.0.0
�$B:nhttp://www.masarlabs.com/noarp/
�$BF0:n4D6-�(B: Linux, POSIX
�$B$^$H$a�(B:
MasarLabs NoArp �$B$OL5MQ$N�(B ARP �$B%j%/%(%9%H$r%U%#%k%?%j%s%0$*$h$S%I%m%C%W$9�(B
�$B$k�(B Linux �$B$N%+!<%M%k%b%8%e!<%k$G$9!#$3$N%=%U%H%&%'%"$O!"%m!<%I%P%i%s%5$r�(B
�$B;HMQ$9$k$?$a$K%k!<%W%P%C%/%$%s%?!<%U%'%$%9$X$N%(%$%j%"%9$rDI2C$9$kI,MW$,�(B
�$B$"$k;~$KMxMQ2ACM$,$"$j$^$9!#�(B
2. BW-IPFM v1.1
�$B:nhttp://bw.intellos.net/
�$BF0:n4D6-�(B: Linux, POSIX
�$B$^$H$a�(B:
BW-IPFM �$B$O�(B ipfm (IP Flow Meter) �$B7A<0$N%m%0%U%!%$%k$rMQ$$$F2DFI@-$,$"$k�(B
�$B%l%]!<%H$r:n@.$9$k%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$rMQ$$$FKhF|!"Kh7n!"�(B
�$B$"$k$$$OFCDj$N4|8B$4$H$K%l%]!<%H@8@.$,2DG=$G$9!#�(B
3. GPG-Ezmlm encrypted mailing list v0.3
�$B:nhttp://www.synacklabs.net/projects/crypt-ml/
�$BF0:n4D6-�(B: Perl (perl �$B$,F0:n$9$k4D6-�(B)
�$B$^$H$a�(B:
GPG-Ezmlm �$B$O�(B OpenPGP �$B$K$h$j0E9f2=$5$l$?EE;R%a!<%k$r�(B Ezmlm �$B$G4. SQUID User Management System v1.01
�$B:nhttp://www.tumgasa.ru/cyberos/statman/index.html
�$BF0:n4D6-�(B: POSIX
�$B$^$H$a�(B:
SQUID User Management System �$B$O%M%C%H%o!<%/Fb$N%H%i%U%#%C%/$,:.;($7$F$$�(B
�$B$k>l9g$K!"3F%f!<%6$N%H%i%U%#%C%/MxMQ$N@)8B$*$h$S%V%m%C%-%s%05!G=$rDs6!�(B
�$B$7$^$9!#�(B
5. Sysload server monitor v4.5
�$B:nhttp://www.nrgglobal.com/products/sysload.php
�$BF0:n4D6-�(B: AS/400, Linux, Netware, UNIX, Windows 2000, Windows NT, Windows
XP
�$B$^$H$a�(B:
Sysload �$B$O%*%Z%l!<%F%#%s%0%7%9%F%`�(B (UNIX�$B!"�(BLinux�$B!"�(BWindows 2000/XP/NT�$B!"�(B
Netware�$B!"�(BAS/400�$B!"�(BGC0S7)�$B!"%G!<%?%Y!<%9�(B (Oracle�$B!"�(BSQL Server�$B!"�(BDB2�$B!"�(BInformix�$B!"�(B
Sybase)�$B!"$*$h$S%"%W%j%1!<%7%g%s�(B (Oracle Applications�$B!"�(BSAP�$B!"�(BExchange�$B!"�(BIIS)
�$B$N@-G=$r%b%K%?%j%s%0$9$k%7%9%F%`$G$9!#$3$N%=%U%H%&%'%"$O6/NO$J%"%i!<%H�(B
�$B5!G=$*$h$S%b%K%?%j%s%05!G=!"$=$7$F%Q%U%)!<%^%s%94IM}6. pidentd v3.0.16
�$B:nhttp://www.lysator.liu.se/~pen/pidentd/
�$BF0:n4D6-�(B: POSIX
�$B$^$H$a�(B:
Pidentd v3 �$B$O!"B.EY!"%3!<%IIJ$5$l�(B
�$B$?�(B C �$B$N%=!<%9%3!<%I!"5/F08e$K�(B root �$B8"8B$GF0:n$7$J$$!"@_Dj%U%!%$%k$r;}$D�(B
�$B$H$$$C$?FCD'$,$"$j$^$9!#$^$?!"�(BSysV init �$B$r;HMQ$9$k%7%9%F%`>e$N�(B /etc/inittab
�$B$+$i5/F0$9$k$3$H$,2DG=$G$9!#�(B
--
�$BLu�(B: �$B:d0f=g9T�(B(SAKAI Yoriyuki)�$B!"@PED6G5W�(B(ISHIDA Akihisa)�$B!"�(B
�$Bhttp://www.lac.co.jp/security/
smime.p7s