[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SecurityFocus Newsletter #219 2003-10-13->2003-10-17

To: bugtraq-jp@xxxxxxxxxxxxxxxxx
Subject: SecurityFocus Newsletter #219 2003-10-13->2003-10-17
From: tomokazu.masuda@xxxxxxxxx (tomokazu.masuda)
Date: Tue, 11 Nov 2003 23:14:57 +0900
$BA}ED(B@$B%i%C%/$G$9!#(B
(B
(BSecurityFocus Newsletter $BBh(B 219 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B
(B
(B------------------------------------------------------------------------
(B---
(BBugTraq-JP $B$K4X$9$k(B FAQ($BF|K\8l(B):
(Bhttp://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0lH$/$@$5$$(B
(B------------------------------------------------------------------------
(B---
(B------------------------------------------------------------------------
(B---
(BSecurityFocus Newsletter $B$K4X$9$k(BFAQ($B1Q8l(B):
(Bhttp://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
(BBugTraq $B$K4X$9$k(B FAQ($B1Q8l(B):
(Bhttp://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
(B------------------------------------------------------------------------
(B---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02qe$G9T$o$l$F$$$^(B
$B$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
(B  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^(B
$B$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
(B  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0(B
$B$N(B
(B  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
(B1) http://online.securityfocus.com/archive/79
(B------------------------------------------------------------------------
(B---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
(B  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
(B------------------------------------------------------------------------
(B---
(BThis translation is encoded and posted in ISO-2022-JP.
(B
$B86HG(B:
(BDate: Mon, 20 Oct 2003 10:53:46 -0600 (MDT)
(BMessage-ID: <Pine.LNX.4.58.0310201050230.1503@xxxxxxxxxxxxxxxxxxxxxx>
(B
(BSecurityFocus Newsletter #219
(B-----------------------------
(B
(BThis Issue is Sponsored by: ISS
(B
(BI. FRONT AND CENTER($BF|K\8lLu$J$7(B)
(B     1. Incident Response Tools For Unix, Part Two: File-System Tools
(B     2. Transparent, Bridging Firewall Devices
(B     3. Disclosure Plan Won't Help
(B     4. Too Many Hacks
(B     5. CCIA Report is Bad Medicine
(B     6. The Flaw of Security Through Diversification
(B     7. Counterpoint: Linux vs. Windows Viruses
(BII. BUGTRAQ SUMMARY
(B     1. Rit Research Labs TinyWeb Server Remote Denial of Service Vu...
(B     2. Microsoft Windows RPCSS Multi-thread Race Condition Vulnerab...
(B     3. HP Tru64 CDE dtmailpr Unspecified Privileged Access Vulnerab...
(B     4. Gallery index.php Remote File Include Vulnerability
(B     5. Hummingbird CyberDOCS Path Disclosure Vulnerability
(B     6. IRCnet IRCD Local Buffer Overflow Vulnerability
(B     7. mIRC DCC SEND Buffer Overflow Vulnerability
(B     8. mIRC IRC URL Buffer Overflow Vulnerability
(B     9. Multiple myPHPCalendar File Include Vulnerabilities
(B     10. WinSyslog Long Syslog Message Remote Denial Of Service Vulne...
(B     11. Apache Mod_Throttle Module Local Shared Memory Corruption Vu...
(B     12. WrenSoft Zoom Search Engine Cross-Site Scripting Vulnerabili...
(B     13. Apache Tomcat Non-HTTP Request Denial Of Service Vulnerabili...
(B     14. AOL Instant Messenger Getfile Screenname Buffer Overrun Vuln...
(B     15. Microsoft Messenger Service Buffer Overrun Vulnerability
(B     16. Microsoft ListBox/ComboBox Control User32.dll Function Buffe...
(B     17. Microsoft Windows Help And Support Center URI Handler Buffer...
(B     18. DBMail IMAP Service SQL Injection Vulnerability
(B     19. Microsoft ActiveX Authenticode Verification Bypass Vulnerabi...
(B     20. Sun Solaris SysInfo System Call Kernel Memory Reading Vulner...
(B     21. Microsoft Exchange Server 5.5 Outlook Web Access Cross-Site ...
(B     22. Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer...
(B     23. Linksys BEFSX41 EtherFast Router Log Viewer Denial Of Servic...
(B     24. Microsoft Word Macro Name Handler Buffer Overflow Vulnerabil...
(B     25. Sun Solaris Pipe Function Unspecified Kernel Race Condition ...
(B     26. Planet WGSD-1020 Switch Undocumented Administrative User Una...
(B     27. Microsoft Exchange Server Buffer Overflow Vulnerability
(B     28. RealOne Player Temporary File Default Browser Script Executi...
(B     29. Macromedia ColdFusion MX  SQL Error Message Cross-Site Scrip...
(B     30. Bajie HTTP Server Example Scripts And Servlets Cross-Site Sc...
(BIII. SECURITYFOCUS NEWS ARTICLES
(B     1. Senators propose Patriot Act limitations
(B     2. Prosecutors admit error in whistleblower conviction
(B     3. Teen charged in cyber stock scam
(B     4. Spam inspires musos to song
(B     5. NetScreen firms firewalls against app attacks
(B     6. Teen computer whiz cleared in Houston hacking
(BIV. SECURITYFOCUS TOP 6 TOOLS
(B     1. Webmin Usermonitor v0.11a
(B     2. radmind v1.2.0
(B     3. w3pw v1.10
(B     4. testmail v3.1.5
(B     5. Steghide v0.5.1
(B     6. NISCA v2.5
(B
(BI. FRONT AND CENTER($BF|K\8lLu$J$7(B)
(B---------------------------------
(B
(BII. BUGTRAQ SUMMARY
(B-------------------
(B1. Rit Research Labs TinyWeb Server Remote Denial of Service Vu...
(BBugTraq ID: 8810
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 10 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8810
$B$^$H$a(B:
(B
(BTinyWeb $B$O!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$J!"7ZNL$N(B Web $B%5!<%P%G!<%b(B
$B%s$G$"$k!#(B
(B
$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967buBV$r(B
$B0z$-5/$3$5$l$k2DG=@-$,$"$kLdBj$,B8:_$9$k!#$3$NLdBj$O!"967bCHq$7$F!"%/%i%C%7%e$^$?$O%O%s%0$r0z$-5/$3$92DG=@-(B
$B$,$"$k!#(B
(B
$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b$N%P!<%8%g%s$bF1(B
$BMM$KLdBj$rJz$($F$$$k2DG=@-$,$"$k!#(B
(B
(B2. Microsoft Windows RPCSS Multi-thread Race Condition Vulnerab...
(BBugTraq ID: 8811
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 10 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8811
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BMicrosoft Windows $B$N(B RPCSS $B%5!<%S%9$K$O!"%^%k%A%9%l%C%I$N(B
$B6%9g>uBV$,B8:_$9$k!#$3$N$?$a!"967bl9g!"0lJ}$N%9%l%C%I$,0MA3$H$7$F%Q%1%C%H$r=hM}$7$F$$$k4V(B
$B$K!"$b$&0lJ}$N%9%l%C%I$,$=$N%Q%1%C%H$r3+J|$9$k2DG=@-$,$"$k!#(B
(B
(B
(B
$B$3$l$K$h$j!"%a%b%j$N=q$-49$($,0z$-5/$3$5$l$k2DG=@-$,$"$k!#FCDj$N>u672<$K(B
$B$*$$$F!"0U?^$9$k%3!<%I$ruBV$H$$$C$?FCDj$NMW0x$K$h$j!"3NuBV$r0z$-5/$3$92DG=@-$,$"$k!#$^$?!"K\LdBj$,%Y%s%@$KDLCN$5$l(B
$B$F$$$k$3$H$b<($5$l$F$$$k!#(B
(B 
$BK\LdBj$rMxMQ$9$k967b$K$h$j40A4$K%Q%C%A$rE,MQ$7$?(B Windows 2000 $B%7%9%F%`$K(B
$B%5!<%S%9ITG=>uBV$r0z$-5/$3$9$HpJs$r?.Mj6Z$+$iF~\$G$"$k!#(B
(B
(B3. HP Tru64 CDE dtmailpr Unspecified Privileged Access Vulnerab...
(BBugTraq ID: 8813
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 10 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8813
$B$^$H$a(B:
(B
(BTru64 $B$O!"(BHP $B$K$h$jHNGd$*$h$SJ]Z:Q$_$N967bp(B
$BJs$O!"8=;~E@$G$O8x3+$5$l$F$$$J$$!#(B
(B
$BK\LdBj$,B>$NF0:n4D6-$N(B CDE $B$K1F6A$r5Z$\$9$+$I$&$+$OL$>\$G$"$k!#$^$?!"K\(B
$BLdBj$K4X$9$kL@3N$J>pJs$O!"8=;~E@$G$O8x3+$5$l$F$$$J$$!#(B
(B
(B4. Gallery index.php Remote File Include Vulnerability
(BBugTraq ID: 8814
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 11 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8814
$B$^$H$a(B:
(B
(BGallery $B$O!"%U%)%H%"%k%P%`$N:n@.$H$$$C$?!"(BWeb $B%5%$%H>e$N%$%a!<%8$N4IM}$N(B
$BL\E*$H$7$?(B Web $B%"%W%j%1!<%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O!"(BPHP $B%9%/%j%W(B
$B%H8@8l$rMxMQ$7$F3+H/$5$l$F$$$k!#(B
(B
$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O!"%j%b!<%H$N%U%!%$%k$r%$%s%/%k!<%I$5$l$k(B
$BLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"(Bindex.php $B%9%/%j%W%H$X$N%j%/%(%9(B
$B%HMQ$N%Y!<%9%G%#%l%/%H%j$r;XDj$9$k$?$a$KMQ$$$i$l$k(B GALLERY_BASEDIR URI 
$B%Q%i%a!<%?$r=hM}$9$k:]$K@8$8$k!#6qBNE*$K$O!"$3$N%=%U%H%&%'%"$O!"$3$N%Q%i(B
$B%a!<%?$K$h$j;XDj$5$l$?>l=j$N4pE@$NBEEv@-3NG'$,IT==J,$G$"$k!#7k2L$H$7$F!"(B
$B967b(B util.php $B$rMQ$$$F0-0U$"$k(B PHP $B%9%/%j%W%H%U%!%$%k$r%[(B
$B%9%F%#%s%0$5$;!"(BPHP $B%3!<%I$K%$%s%/%k!<%I$7$?%U%!%$%k$r(B Web $B%5!<%P$K$h$j(B
$Bl9g!":G=*E*$K%j%b!<%H$N%3%s%T%e!<%?>e$G(B
$B0U?^$9$k%3!<%I$Ne$G$N(B 'configuration mode' $B$K(B
$B$*$$$F$N$_967b2DG=$G$"$k$HJs9p$7$F$$$k!#(BWindows $B%f!<%6$O>o$K$3$NLdBj$rJz(B
$B$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#(B
(B
(B5. Hummingbird CyberDOCS Path Disclosure Vulnerability
(BBugTraq ID: 8816
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 11 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8816
$B$^$H$a(B:
(B
(BHummingbird CyberDOCS (DM) $B$O!"(BMicrosoft Windows server $B4D6-$G(B SQL $B%G!<(B
$B%?%Y!<%9$HO"7H$7$FF0:n$9$k$h$&$K@_7W$5$l$?!"J8=q4IM}%=%U%H%&%'%"$G$"$k!#(B
(B
$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O%Q%9>pJs$,O31L$9$kLdBj$rJz$($F$$$k5?$$$,(B
$B$"$k!#967bpJs$K%"%/%;%92DG=(B
$B$G$"$k!#$3$l$K$h$j!";ve!"$3$N%=%U%H%&%'%"$N%$%s%9%H!<%k%G%#%l%/%H%j$,(B
$B4^$^$l$k%(%i!<%Z!<%8$,JV$5$l$k!#(B
(B
$B$3$N>pJs$X$N%"%/%;%9$O!"$5$i$J$k967b$r;E3]$1$k:]$K967bhttp://www.securityfocus.com/bid/8817
$B$^$H$a(B:
(B
(BIRCnet IRCD $B$O!"(BLinux/Unix $BM3Mh$N(B OS $B$r4^$`B?$/$N4D6-$GMxMQ2DG=$J!"(BIRC 
$B$Ne$N%f!<%6$K$h$j967b$5$l$k2DG=(B
$B@-$,$"$k%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$N(B
$BLdBj$O!"%a%b%j$N3NJ]:Q$_%P%C%U%!$K%3%T!<$5$l$kA0$N!"%f!<%6$,M?$($?%G!<%?(B
$B$KBP$9$k6-3&%A%'%C%/$,IT==J,$G$"$k$3$H$K5/0x$9$k$H?d;!$5$l$k!#1F6A$rZ$G(B
(B
(B
$B$O$"$k$,!"$3$NLdBj$NK\http://www.securityfocus.com/bid/8818
$B$^$H$a(B:
(B
(BmIRC $B$O!"(BMicrosoft Windows $B8~$1$K@_7W$5$l$?(B IRC $B%W%m%H%3%k$rMxMQ$9$k%A%c(B
$B%C%H%/%i%$%"%s%H$G$"$k!#(B
(B
$B$3$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967b]$H$J$k%f!<%6$KAw(B
$B?.2DG=$G$"$k!#L$8!>Z$G$"$k$,!"$3$NLdBj$NK\$N%P!<(B
$B%8%g%s$bF1MM$K1F6A$rhttp://www.securityfocus.com/bid/8819
$B$^$H$a(B:
(B
(BmIRC $B$O!"(BMicrosoft Windows $B8~$1$K@_7W$5$l$?(B IRC $B%W%m%H%3%k$rMxMQ$9$k%A%c(B
$B%C%H%/%i%$%"%s%H$G$"$k!#$3$N%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$k:]!"(B'irc://'
(B $B7A<0$N(B URL $B$N%O%s%I%i$,EPO?$5$l$k!#$3$l$K$h$j!"(B'IRC URL' $B%j%s%/$rC)$k:]!"(B
$B$3$N%=%U%H%&%'%"$,8F$S=P$5$l$k!#(B
(B
$B$3$N%=%U%H%&%'%"$O!"0-0U$"$k(B 'IRC URL' $B$r=hM}$9$k:]!"%P%C%U%!%*!<%P!<%U(B
$B%m!<$,H/@8$9$kLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#6qBNE*$K$O!"Ld(B
$BBj$rJz$($k%P!<%8%g%s$N%=%U%H%&%'%"$r2TF0$7$F$$$k%f!<%6$K$h$C$F!"(B998 $B%P%$(B
$B%H$rD6$($k(B 'IRC URL' $B%j%s%/$,%/%j%C%/$5$l$?:]$KH/@8$9$k!#(B
(B
$B$3$NLdBj$O!"(B'IRC URL' $B%G!<%?$,%a%b%j$N%P%C%U%!$K%3%T!<$5$l$k:]$N6-3&%A%'(B
$B%C%/$,IT==J,$G$"$k$3$H$K5/0x$7$F$$$k$H?d;!$5$l$k!#3NJ]:Q$_$N%P%C%U%!$rD6(B
$B$($k%G!<%?$,6-3&$r0n$l!"NY@\$9$k%a%b%j$r=q$-49$($k!#1F6A$r$N%P!<%8(B
$B%g%s$bF1MM$K1F6A$rhttp://www.securityfocus.com/bid/8820
$B$^$H$a(B:
(B
(BmyPHPCalendar $B$O!"(BPHP $B$rMxMQ$7$F3+H/$5$l$?!"%*%s%i%$%s$GMxMQ2DG=$J%$%Y%s(B
$B%H7W2h(B/$B%+%l%s%@!<%=%U%H%&%'%"$G$"$k!#(B
(B
$B$3$N%=%U%H%&%'%"$O!"%U%!%$%k$r%$%s%/%k!<%I2DG=$H$J$kJ#?t$NLdBj$rJz$($F$$(B
$B$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#$3$l$i$NLdBj$O!"%f!<%6$,(B 'cal_dir' URI $B%Q(B
$B%i%a!<%?$KM?$($kCM$KBP$9$kL5322=$,IT==J,$G$"$k$3$H$K5/0x$9$k!#(B
(B
$B$3$l$i$NLdBj$rMxMQ$9$k967b$K$h$j!"%j%b!<%H$N967b$N%P!<%8%g%s$b1F6A$rhttp://www.securityfocus.com/bid/8821
$B$^$H$a(B:
(B
(BWinSyslog $B$O!"%7%9%F%`%$%Y%s%H$r5-O?$9$k%5!<%P$G$"$k!#$3$N%=%U%H%&%'%"$O!"(B
(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B
(B
$B$3$N%=%U%H%&%'%"$O!"%j%b!<%H$+$i967b2DG=$J!"%5!<%S%9ITG=>uBV$r0z$-5/$3$5(B
$B$l$kLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"%W%m%0%i%`$,BT$AuBV$r0z$-5/$3$9967b%9%/(B
$B%j%W%H$,8x3+$5$l$F$$$k!#(B
(B
$B$3$l$K$h$j!"%j%=!<%9$N8O3i$K5/0x$9$k$H?d;!$5$l$k!"%7%9%F%`$,IT0BDj$K$J$k(B
$B$3$H$bJs9p$5$l$F$$$k!#$3$NLdBj$,6-3&%A%'%C%/$KM3Mh$9$kLdBj$H$$$C$?!"$h$j(B
$B?<9o$JLdBj$K5/0x$7$F$$$k$+$I$&$+$OL$>\$G$"$k!#(B
(B
$B$3$NLdBj$O!"(BWinSyslog 4.21 SP1 $B$K1F6A$r5Z$\$9$HJs9p$5$l$F$$$k!#B>$N%P!<(B
$B%8%g%s$b1F6A$rhttp://www.securityfocus.com/bid/8822
$B$^$H$a(B:
(B
(Bmod_throttle Apache $B%b%8%e!<%k$O!"(Bsert.com $B$K$h$C$F3+H/$5$l$?%"%W%j%1!<(B
$B%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O!"FCDj$N%5!<%P%j%/%(%9%H$r=hM}$9$k:]$NIi(B
$B2Y$r8:$i$9$h$&@_7W$5$l$F$$$k!#$3$N%=%U%H%&%'%"$O!"(BBSD$B!"(BLinux$B!"$*$h$S(B 
(BSolaris $B4D6-$GMxMQ2DG=$G$"$k!#(B
(B
$B$3$N%b%8%e!<%k$O!"%m!<%+%k$G$N8"8B>:3J$r2DG=$K$9$kLdBj$rJz$($F$$$k5?$$$,(B
$B$"$k$HJs9p$5$l$F$$$k!#$3$NLdBj$O!"$3$N%b%8%e!<%k$,!"=EMW$J%G!<%?$r(B '
(Bapache' $B8"8B$r;}$D%f!<%6$,%"%/%;%92DG=$J6&M-%a%b%j$K8m$C$F3JG<$7$F$$$k$3(B
$B$H$K5/0x$9$k!#7k2L$H$7$F!"967b:3J$r0z$-5/$3$92DG=(B
$B@-$,$"$j!"7k2L$H$7$F967b$NJ}K!$bMxMQ$5$l$k2DG=@-$,$"$k!#(B
(B
(B12. WrenSoft Zoom Search Engine Cross-Site Scripting Vulnerabili...
(BBugTraq ID: 8823
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 14 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8823
$B$^$H$a(B:
(B
(BWrenSoft Zoom Search Engine $B$O(B Web $B%5%$%H$K8!:w%(%s%8%s$rDI2C2DG=$K$J$k(B
$B8!:w%f!<%F%#%j%F%#$G$"$k!#(B
(B
$B%j%b!<%H$N967bl9g!"967bZMQ>p(B
$BJs$N@`$N967b$b2DG=$G$"$k$H?d;!$5$l$k!#(B
(B
(BWrenSoft Zoom Search Engine 2.0 - $B%S%k%I(B: 1018 $B$OLdBj$rJz$($k%Q%C%1!<%8(B
$B$G$"$k$HJs9p$5$l$F$$$k$,!"B>$N%P!<%8%g%s$bF1MM$K1F6A$rhttp://www.securityfocus.com/bid/8824
$B$^$H$a(B:
(B
(BTomcat $B$O(B Jakarta $B%W%m%8%'%/%H$N0lIt$H$7$F(B Apache $B$K$h$j3+H/$5$l$F$$$k(B 
(BWeb $B%5!<%P!"$*$h$S(B JSP/Servlet $B%3%s%F%J$G$"$k!#(B
(B
(BApache Tomcat 4 $B$O>\:YITL@$N(B HTTP $B$G$O$J$$%j%/%(%9%H%?%$%W$r=hM}$9$k:]$K!"(B
$B%j%b!<%H$+$i%5!<%S%9ITG=>uBV$r0z$-5/$3$5$l$kLdBj$rJz$($F$$$k5?$$$,$"$k$H(B
$BJs9p$5$l$F$$$k!#(B
(B
$BJs9p$K$h$k$H!"$"$kFCDj$N(B HTTP $B$G$O$J$$%j%/%(%9%H%?%$%W$r(B Tomcat HTTP $B%3(B
$B%M%/%?$,=hM}$9$k:]$K!"(BTomcat $B%5!<%P$O%5!<%S%9$,:F5/F0$5$l$k$^$G!"1F6A$r(B
$Be!"@5Ev$J%f!<%68~$1$N%5!<%S%9$rMxMQITG=>u(B
$BBV$K4Y$i$;$k$3$H$,2DG=$G$"$k!#(B
(B
$B$3$NLdBj$O(B Tomcat 4.0.x $B$KJs9p$5$l$F$$$k$3$H$KN10U$9$Y$-$G$"$k!#(B
(B
(B14. AOL Instant Messenger Getfile Screenname Buffer Overrun Vuln...
(BBugTraq ID: 8825
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8825
$B$^$H$a(B:
(B
(BAOL Instant Messenger (AIM) $B$O(B Microsoft Windows $B$r4^$`MM!9$J4D6-$GMxMQ(B
$B2DG=$J%$%s%9%?%s%H%a%C%;%s%8%c!<%/%i%$%"%s%H$G$"$k!#(B
(B
$B$3$N%=%U%H%&%'%"$O%j%b!<%H$+$i967b2DG=$J%P%C%U%!%*!<%P!<%U%m!<$NLdBj$rJz(B
$B$($F$$$k5?$$$,$"$k!#(B
(B
$B$3$N%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$k:]!"(BAIM URI $BMQ$N%W%m%H%3%k%O%s%I%i$b(B
$B%$%s%9%H!<%k$5$l!"$=$l$K$h$j!"$3$N%=%U%H%&%'%"$,(B Web $B%Z!<%8Fb$+$i8F$S=P(B
$B$5$l$k2DG=@-$,$"$k!#Js9p$K$h$k$H!"(BAIM URI $B%O%s%I%i$r2p$7$FH/@8$9$kLdBj$,(B
$BB8:_$9$k!#6qBNE*$K$O!"$3$NLdBj$O!"(B"getfile" $BA`:n$G;XDj$5$l$?>l9g$N%9%/%j(B
$B!<%s%M%$%`%Q%i%a!<%?$N6-3&%A%'%C%/$,IT==J,$G$"$k$3$H$K5/0x$9$k!#$3$l$K$h(B
$B$j!"967be$ND9$5$r;}$D%9%/%j!<%s%M%$%`$rM?$($k(B
$B$3$H$K$h$j!":F8=2DG=$G$"$k!#(B
(B
(B15. Microsoft Messenger Service Buffer Overrun Vulnerability
(BBugTraq ID: 8826
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8826
$B$^$H$a(B:
(B
(BMicrosoft Messenger Service $B$O(B "net send" $B%a%C%;!<%8$NAwuBV!"$^$?$O(B Local System $B8"8B$G$N0-0U$"$k%3(B
$B!<%I$Nhttp://www.securityfocus.com/bid/8827
$B$^$H$a(B:
(B
(BComboBox $B%3%s%H%m!<%k$O!"=jDj$NCM$N%I%m%C%W%@%&%s%j%9%H$HF1MM$K!"%f!<%6(B
$B$,M?$($kF~NO$rJ];}$9$k%U%#!<%k%I$rI=<($9$k$?$a$K;HMQ$5$l$k%/%i%9$G$"$k!#(B
(BListBox $B%3%s%H%m!<%k$OF1MM$N%/%i%9$G$"$k$,!"C1=c$K=jDj$NCM$rI=<($9$k$h$&(B
$B$K0U?^$5$l!"%f!<%6$O0l$D$NCM$rA*Br$9$k$3$H$,2DG=$G$"$k!#(B
(B
(BMicrosoft $B$O!">\:YITL@$N(B User32.dll $B%i%$%V%i%j4X?tFb$K%m!<%+%k%P%C%U%!%*(B
$B!<%P!<%U%m!J}(B
$B$N%3%s%H%m!<%k$O!"(BWindows $B%a%C%;!<%8%s%0%$%Y%s%H$r=hM}$9$k:]$K!"$3$N(B 
(BUser32.dll $B4X?t$r8F$S=P$9!#$3$N4X?t$O!"$3$l$i$N(B Windows $B%a%C%;!<%8Fb$KG[(B
$BCV$5$l$F$$$kFCDj$N%G!<%?$r=hM}$9$k:]$K!"7rA4@-$N%A%'%C%/$,IT==J,$G$"$k$H(B
$B8@$o$l$F$$$k!#6qBNE*$K$O!"FCJL$KAH$_N)$F$i$l$?(B ListBox $B$KBP$9$k(B LB_DIR 
$B%a%C%;!<%8!"$^$?$O(B ComboBox $B$KBP$9$k(B CB_DIR $B%a%C%;!<%8$rAw?.$9$k$3$H$K$h(B
$B$j!"$3$NLdBj$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#967b$l$N%a%C%;!<%8$KBP$7$FD9$$%Q%9L>$r;XDj$9$kI,MW$,$"$k!#Js9p(B
$B$K$h$k$H!"$3$NLdBj$O(B ($BJ8;zNs$r%3%T!<$9$k4X?t$G$"$k(B) wcscpy $B$r8F$S=P$7$F(B
$B$$$k4V$K!"Nc30$r0z$-5/$3$9!#(B
(B
$B$3$NLdBj$O!"FC8"$N%"%W%j%1!<%7%g%s$,$3$l$i$N1F6A$re!"%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$9$h$&$K0U(B
$B?^$5$l$?2aEY$J%G!<%?$r4^$`0-0U$"$k(B Windows $B%a%C%;!<%8$rAw?.$7!"967bBP>](B
$B$N%W%m%0%i%`$N=hM}e$NMM!9$J%f!<%6Jd=u%f!<%F%#%j%F%#$r4IM}(B
$B$9$k$h$&$K0U?^$5$l$?(B Utility Manager $B$K1F6A$r5Z$\$9$3$H$bJs9p$7$F$$$k!#(B
$B$3$N%"%W%j%1!<%7%g%s$O!"(BWindows 2000 $B$G$O%G%U%)%k%H$G4IM}]$H$J$j$($k!#$7$+$7!"$3$NLdBj$,1F6A$r5Z$\$9HO0O$O(B 
(BUtility Manager $B$K8B$i$l$F$*$i$:!"1F6A$r:3J$5$l$k$3$H$O$J$/!"%m%0%$%s(B
$B%f!<%6$N8"8B$G8F$S=P$5$l$k$HH/I=$7$F$$$k!#(B
(B
(B17. Microsoft Windows Help And Support Center URI Handler Buffer...
(BBugTraq ID: 8828
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8828
$B$^$H$a(B:
(B
(BMicrosoft Windows $B$K$O!"(BWindows $B$N5!G=$d%O!<%I%&%'%"%5%]!<%H$K$D$$$F$N4v(B
$B$D$+$N%H%T%C%/%9$rDs6!$9$k(B Help and Support Center ($B!V%X%k%W$H%5%]!<%H!W!"(B
(BHSC) $B5!G=$rHw$($F$$$k!#$^$?!"(BHSC $B$O!V(Bhcp://$B!W%W%l%U%#%C%/%9$r2p$7$F%Z!<(B
$B%8$rI=<($9$k$3$H$,2DG=$J(B URI $B%O%s%I%i$rDs6!$7$F$$$k!#(B
(B
$BJs9p$K$h$k$H!"%P%C%U%!%*!<%P!<%U%m!<$NLdBj$O!"(BMicrosoft Windows $B$N(B Help 
(Band Support Center $B$K1F6A$rM?$($k!#$3$NLdBj$O!"(Bhelpsvc.exe $B$KB8:_$7$F$*(B
$B$j!"(Bsvchost.exe $B%W%m%;%9$K$h$j5/F0$9$k!#(B
(B
$B$3$NLdBj$O!"!V(Bhcp://$B!W(BURI $B%j%s%/$r:3J$r0z$-5/$3$9$?$a$K%m!<%+%k>e$G$3$NLdBj$rMxMQ$9$k967b$,9T$o$l$k2DG=(B
$B@-$,$"$k!#(B
(B
$B%Y%s%@$O!"LdBj$rJz$($k%3!<%I$OA4$F$N%5%]!<%H(B OS $B$KB8:_$9$k$,!"967b$KMxMQ(B
$B2DG=$JLdBj$X$H7R$,$k967b$NG^2p$O!"(BWindows XP $B$*$h$S(B Windows Server 2003 
$B$N$_$KB8:_$9$k$H9M$($i$l$F$$$k$H=R$Y$F$$$k$3$H$KN10U$9$Y$-$G$"$k!#$3$l$O!"(B
(BHCP $B%W%m%H%3%k$,B>$N$9$Y$F$N(B Windows OS $B$G$O%5%]!<%H$5$l$F$$$J$$$?$a$G$"(B
$B$k!#(B
(B
$BK\LdBj$O!"(BBID 6802 $B$GJs9p$5$l$F$$$kLdBj$K4XO"$7$F$$$k2DG=@-$,$"$k!#(B
(B
(B18. DBMail IMAP Service SQL Injection Vulnerability
(BBugTraq ID: 8829
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8829
$B$^$H$a(B:
(B
(Bdbmail $B$O!"EE;R%a!<%k%a%C%;!<%8$NJ]B8$*$h$S%G!<%?%Y!<%9$+$i$N8!:w$r9T$&(B
$B$?$a$KMxMQ$5$l$k0lO"$N%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O!"(BMySQL $B$^$?(B
$B$O(B PostgreSQL $B%G!<%?%Y!<%9$KBP1~$7$F$$$k!#(B
(B
$BJs9p$K$h$k$H!"(Bdbmail IMAP $B%5!<%S%9$K$O!"%j%b!<%H$N967b$*$h$S%Q%9%o!<%I$H$$$C$?MM!9$J%Q%i%a!<%?$KB8:_$9$k$HJs(B
$B9p$5$l$F$$$k!#Js9p$K$h$k$H!"LdBj$rJz$($k%Q%i%a!<%?$O!"%G!<%?%Y!<%9$KAH$_(B
$B9~$^$l$kA0$N%f!<%6$,M?$($?F~NO$,L5322=$5$l$J$$!#$3$NLdBj$rMxMQ$9$k967b$K(B
$B$h$j!"%j%b!<%H$N967bZ$r;n$_$k:]$K(B SQL $B%/%(%j$NO@M}9=(B
$B@.$r2~JQ$9$k2DG=@-$,$"$k!#(B
(B
$B0-0U$"$k%f!<%6$O!"=EMW$J>pJs$r1\Mw$^$?$OJQ99$9$k$?$a$K!"%G!<%?%Y!<%9%/%((B
$B%j$r2~JQ$9$k2DG=@-$,$"$j!"@x:_E*$K$3$N%=%U%H%&%'%"$^$?$O%G!<%?%Y!<%9$X$N(B
$B%;%-%e%j%F%#>e$N6<0R$r0z$-5/$3$9!#(B
(B
(Bdbmail 1.1 $B0JA0$,$3$NLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k$,!"B>$N%P!<%8%g%s(B
$B$bF1MM$K1F6A$rhttp://www.securityfocus.com/bid/8830
$B$^$H$a(B:
(B
(BAuthenticode $B$O!"(BActiveX $B%3%s%H%m!<%k$NBEEv@-3NG'$r9T$&%3%s%]!<%M%s%H$G(B
$B$"$k!#(BWeb $B%Z!<%8$,(B ActiveX $B%3%s%H%m!<%k$N%$%s%9%H!<%k$r;n$_$k:]!"(B
(BAuthenticode $B$O=pL>$5$l$?(B ActiveX $B%3%s%H%m!<%k$NH/9TZ$7!"%f!<%6$,(B
$B$=$N%3%s%H%m!<%k$r%$%s%9%H!<%k$9$k$+$I$&$+$N3NG'2hLL$rI=<($9$k!#(B
(B
(BAuthenticode $B$,(B ActiveX $B%3%s%H%m!<%k$K$h$j1*2s$5$l$kLdBj$,B8:_$9$k!#(B
(B
(B
$B%a%b%jMFNL$,>/$J$/$J$C$F$$$kFCDj$N>u672<$K$*$$$F!"(BAuthenticode $B$,%f!<%6(B
$B$X$N3NG'2hLL$rI=<($;$:$K!"(BActiveX $B%3%s%H%m!<%k$,%$%s%9%H!<%k$5$l$k2DG=@-(B
$B$,$"$k!#$3$NLdBj$K$h$j!"(BWeb $B%Z!<%8$^$?$O(B HTML $B7A<0$NEE;R%a!<%k$KKd$a9~$^(B
$B$l$?0-0U$"$k(B ActiveX $B%3%s%H%m!<%k$,!"LdBj$rJz$($k%3%s%T%e!<%?>e$K%$%s%9(B
$B%H!<%k$5$lhttp://www.securityfocus.com/bid/8831
$B$^$H$a(B:
(B
(BSolaris $B$O(B Sun Microsystems $B$K$h$C$FJ]pJs$K%"%/%;%92DG=$G$"$k$H?d;!$5$l$k!#(B
(B
$B$3$NLdBj$O!"%m!<%+%k$N%f!<%6$K$h$k%+!<%M%k>pJs$NFI$_l=j$rFI(B
$B$_\$G$"$k!#$7$+$7$J$,$i!"K\LdBj$K(B
$B$h$k%a%b%j%@%s%W$K%Q%9%o!<%I>pJs$H$$$C$?=EMW$J>pJs$,4^$^$l$k2DG=@-$,$"$k!#(B
(B
$B$3$NLdBj$K$h$j%+!<%M%k%a%b%j$NFI$_http://www.securityfocus.com/bid/8832
$B$^$H$a(B:
(B
(BMicrosoft Exchange Server 5.5 $B$O!"(BMicrosoft $B$K$h$jHNGd$5$l$F$$$kEE;R%a!<(B
$B%k$*$h$S%G%#%l%/%H%j%5!<%P$G$"$k!#(BOutlook Web Access $B$O!"%f!<%6$,(B Web $B$r(B
$B2p$7$F(B Exchange $B%a!<%k%\%C%/%9$K%"%/%;%92DG=$H$J$k!"(BExchange $B%5!<%P$K$h(B
$B$jDs6!$5$l$k%5!<%S%9$G$"$k!#(B
(B
$B$3$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967bl9g!"967bZMQ>pJs$N@`http://www.securityfocus.com/bid/8833
$B$^$H$a(B:
(B
(BMicrosoft TroubleShooter ActiveX $B%3%s%H%m!<%k$KLdBj$,H/8+$5$l$F$$$k!#$3(B
$B$NLdBj$K$h$j!"%j%b!<%H$N967b$N%W%m%0%i%`$H$$$C$?!"?thttp://www.securityfocus.com/bid/8834
$B$^$H$a(B:
(B
(BLinksys Instant Broadband EtherFast Cable/DSL Firewall Router with 4-
(BPort Switch/VPN Endpoint $B$O2HDm!"$*$h$S>.5,LO%*%U%#%9$N%f!<%6$rBP>]$H$7(B
$B$?%O!<%I%&%'%"7?$N%k!<%?$G$"$k!#(B
(B
$B$3$N%k!<%?$N(B BEFSX41 $B%P!<%8%g%s$O%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$k!#$3$N(B
$BLdBj$O(B  Web $B4IM}%$%s%?!<%U%'!<%9$N%m%0%S%e!<%"$r2p$7$FH/3P$9$k!#IT@5$JCM(B
$B$r(B "Log_Page_Num" $B%Q%i%a!<%?$KAw?.$9$k$3$H$K$h$j!"$3$N>uBV$r0z$-5/$3$7!"(B
$B$3$N%k!<%?$N1~Ez$rDd;_$5$;$k$3$H$,2DG=$H$J$k!#%m%0%S%e!<%"$O(B Group.cgi 
$B$r2p$7$Fhttp://192.168.1.1/Group.cgi?Log_Page_Num=1111111111&LogClear=0
(B
$B$3$NLdBj$rMxMQ$9$k967b$O!"%m%0%S%e!<%"$K0U?^E*$J%Q%i%a!<%?$G%j%/%(%9%H$r(B
$BAw?.$9$k$?$a$K!"4IM}$N%k!<%?$N%3%^(B
(B
(B
$B%s%I$rZ$G$"$k!#(B
(B
(B24. Microsoft Word Macro Name Handler Buffer Overflow Vulnerabil...
(BBugTraq ID: 8835
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8835
$B$^$H$a(B:
(B
(BMicrosoft Word $B$O(B Microsoft Office $B%Q%C%1!<%8$N0lIt$H$7$FHNGd$5$l$F$$$k(B
$B%F%-%9%H%I%-%e%a%s%HJT=8%=%U%H$G$"$k!#(B
(B
$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kLdBj$,(B
$BB8:_$9$k5?$$$,$"$k!#(B
(B
$B$3$NLdBj$O!"%^%/%mL>%O%s%I%i%k!<%A%s$G9T$o$l$k6-3&%A%'%C%/$,IT==J,$G$"$k(B
$B$3$H$K5/0x$9$k$HJs9p$5$l$F$$$k!#Js9p$K$h$k$H!"%^%/%m$,J]B8$5$l$k:]!"(B
(BUnicode $BFbIt(B/$B30It%^%/%mL>$*$h$SBP1~$9$kJ8;zNs$N%5%$%:$r4^$`%^%/%m$N>pJs(B
$B$O!"4XO"$9$k%o!<%I%I%-%e%a%s%H$KKd$a9~$^$l$F$$$kFbIt9=B$$K3JG<$5$l$k!#$3(B
$B$l$i$N%^%/%mL>$,=hM}$5$l$k:]!"%^%/%mL>$O(B Unicode 256 $BJ8;z$N%^%/%mL>$r3J(B
$BG<$9$k8GDjD9$N%a%b%jFbIt$N3NJ]:Q$_%P%C%U%!$K%3%T!<$5$l$k!#(B
(B
$BJs9p$K$h$k$H!"%^%/%mL>$r3NJ]:Q$_%P%C%U%!$K%3%T!<$9$kr7oL?Na$,IT==J,$G$"$k!#$3$NLdBj$N7k2L$H$7$F!"967bJ8(B
$B;zNs$N%5%$%:$K2~JQ$9$k2DG=@-$,$"$k!#967b$rM=4|$7$F$$$J$$%f!<%6$,$3$N%o!<(B
$B%I%I%-%e%a%s%H$r3+$/$H!"%a%b%j$N=q$-49$($,@8$8!"(BWord $B$,%/%i%C%7%e$9$k2D(B
$BG=@-$,$"$k!#(B
(B
$B8=;~E@$G$O!"$3$NLdBj$,0U?^$9$k%3!<%I$r\$G$"$k!#(B
(B
(BOffice XP $B$KF1:-$5$l$F$$$k(B Microsoft Word $B$O!"$3$NLdBj$rJz$($F$$$k$HJs9p(B
$B$5$l$F$$$J$$!#(B
(B
(B25. Sun Solaris Pipe Function Unspecified Kernel Race Condition ...
(BBugTraq ID: 8836
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8836
$B$^$H$a(B:
(B
(BSolaris $B$O(B Sun Microsystems $B$K$h$C$FJ]uBV$G$"$k!#FCDj$N>u672<$G$O!"%m!<(B
$B%+%k$N%f!<%6$O%Q%$%W4X?t$H(B STREAMS $B%k!<%A%s$rMxMQ$7$F!"0U?^E*$K%+!<%M%k(B
$B$G6%9g>uBV$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#$3$l$K$h$j!"%3%s%T%e!<%?$rIT0BDj(B
$B$K$5$;!"%/%i%C%7%e$5$;$k$3$H$,2DG=$G$"$k!#(B
(B
$BLdBj$N$"$k%3%s%]!<%M%s%H!"$*$h$S$3$NLdBj$rMxMQ$9$k\:Y(B
$B$O8x3+$5$l$F$$$J$$!#K\(B BID $B$O$5$i$J$k>pJs$,8x3+$5$l$?;~E@$G99?7$5$l$k!#(B
(B
(B26. Planet WGSD-1020 Switch Undocumented Administrative User Una...
(BBugTraq ID: 8837
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8837
$B$^$H$a(B:
(B
(BPlanet WGSD-1020 $B$O!"%.%,%S%C%H%M%C%H%o!<%/%5%]!<%H$r4^$`!"%9%$%C%A%s%0(B
$B%G%P%$%9$G$"$k!#$3$N%G%P%$%9$O!"(BSNMP $B$*$h$S(B Web $B%V%i%&%6$GMxMQ2DG=$J4IM}(B
$B%$%s%?!<%U%'%$%9$rHw$($F$$$k!#(B
(B
$BJs9p$K$h$k$H!"$3$N%G%P%$%9$K$O!"%I%-%e%a%s%H2=$5$l$F$$$J$$%G%U%)%k%H$N4I(B
$BM}%f!<%6$,B8:_$9$k!#%f!<%6L>(B "superuser"$B!"%Q%9%o!<%I(B "planet" $B$rM?$($k$3(B
$B$H$G!"$3$N%f!<%6$K%"%/%;%92DG=$G$"$k!#$3$NLdBj$K$h$j!";ve!"$3$N%G%P%$(B
$B%9$X$N4IM}http://www.securityfocus.com/bid/8838
$B$^$H$a(B:
(B
(BMicrosoft $B$O!"(BExchange Server $B$,%j%b!<%H$+$i967b2DG=$J%P%C%U%!%*!<%P!<%U(B
$B%m!<$,H/@8$9$kLdBj$N1F6A$rZ$,9T$o$l$F$$$J$$(B SMTP $B%/%i%$%"%s%H$K$h$j%j%b!<%H$+$i0z$-5/$3$5$l$k2DG=(B
$B@-$,$"$k!#(B
(B
(BMicrosoft $B$O!"(BExchange 2000 Server $B$r2TF0$5$;$F$$$k%3%s%T%e!<%?>e$G%j%b(B
$B!<%H$+$i%3!<%I$N]$H$J$k%5!<%P$N(B SMTP $B%]!<%H$K@\B3$7!"2aBg$JD9(B
$B$5$N(B ESMTP $B%j%/%(%9%H$rAw?.$9$k2DG=@-$,$"$k!#7k2L$H$7$F!"(BExchange Server
(B 5.5 $B%7%9%F%`>e$G$O!"%a%b%j$N8O3i$K5/0x$7$F!"%5!<%S%9ITG=>uBV$,0z$-5/$3(B
$B$5$l$k!#(B
(B
(BExchange 2000 Server $B$r2TF0$5$;$F$$$k%3%s%T%e!<%?>e$G$O!"$3$N2aBg$JD9$5(B
$B$N%j%/%(%9%H$K$h$j!"FbIt%P%C%U%!$N%*!<%P!<%U%m!<$,0z$-5/$3$5$l$k!#(B
(BExchange $B%5!<%S%9$N%;%-%e%j%F%#%3%s%F%-%9%H$G0U?^$9$k%3!<%I$Nhttp://www.securityfocus.com/bid/8839
$B$^$H$a(B:
(B
(BRealOne Player $B$O!"(BMicrosoft Windows $B$*$h$S(B MacOS $B$r4^$`B?$/$N4D6-$GMxMQ(B
$B2DG=$J%a%G%#%"%W%l%$%d!<$G$"$k!#(B
(B
$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O0l;~%U%!%$%k$r\:Y$O8=;~E@$G$O8x3+$5$l$F$$$J$$!#FCDj$N>u672<$K$*(B
$B$$$F!"%3%s%T%e!<%?>e$N%G%U%)%k%H%V%i%&%6$K0l;~%U%!%$%k$,FI$_9~$^$l$kA0$K!"(B
$B0l;~%U%!%$%k$K=q$-9~$_2DG=$G$"$k$3$H$,H=L@$7$F$$$k!#$3$l$i$N%U%!%$%k$K=q(B
$B$-9~$^$l$k%G!<%?$K$O!"%9%/%j%W%H%3!<%I$d0U?^$9$k(B URL $B$,4^$^$l$k2DG=@-$,(B
$B$"$k!#(B
(B
$B$3$NLdBj$K$h$j!"FI$_9~$^$l$?%U%!%$%k$O!"%G%U%)%k%H%V%i%&%6$r2p$7$F%m!<%+(B
$B%k%;%-%e%j%F%#%>!<%s$G%9%/%j%W%H$Ne$GA`:n$,2DG=$G$"$k$H?d;!$5$l$k!#(B
$B$7$+$7$J$,$i!"$3$l$O(B Real $B$^$?$O(B Symantec $B$K$h$k8!>Z$O$5$l$F$$$J$$!#(B
(B
(B29. Macromedia ColdFusion MX  SQL Error Message Cross-Site Scrip...
(BBugTraq ID: 8840
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8840
$B$^$H$a(B:
(B
(BColdFusion MX $B$O!"(BMacromedia $B$,HNGd$7$F$$$k!"(BWeb $B%"%W%j%1!<%7%g%s%5!<%P(B
$B$r3+H/$7!"1?1D$9$k$?$a$N5!9=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'(B
$B%"$OC1BN$G(B UNIX$B!"(BLinux$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B
(B
$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967bZ$G$O$"$k$,!"Js9p$K$h$k$H!"$3$N%=%U%H%&%'%"(B
$B$,MxMQ$9$k%G!<%?%Y!<%9$K$h$j@8@.$5$l$k%(%i!<%Z!<%8$r$3$N%=%U%H%&%'%"$,I=(B
$B<($9$k:]$KLdBj$,@8$8$k!#$=$N$?$a!"967bl9g!"967bZMQ(B
$B>pJs$N@`$N967b$b2DG=$G$"$k!#(B
(B
(BMacromedia ColdFusion MX 6.0 $B$,$3$NLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k$,!"(B
$BB>$N%P!<%8%g%s$bF1MM$K1F6A$rhttp://www.securityfocus.com/bid/8841
$B$^$H$a(B:
(B
(BBajie HTTP Web Server $B$O!"(BJava $B$G5-=R$5$l$?(B Web $B%5!<%P$G$"$k!#$3$N%=%U%H(B
$B%&%'%"$O!"(BMicrosoft Windows $B$*$h$S(B Unix/Linux $BM3Mh$N(B OS $B$GMxMQ2DG=$G$"$k!#(B
(B 
(B
$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$N0lIt$H$7$FG[I[$5$l$F$$$k%G%b%s%9%H%l!<%7(B
$B%g%s%9%/%j%W%H$H%5!<%V%l%C%H$K$O!"J#?t$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLd(B
$BBj$rJz$($F$$$k5?$$$,$"$k!#$3$l$i$N%G%b%s%9%H%l!<%7%g%s%9%/%j%W%H$H%5!<%V(B
$B%l%C%H$O30It$+$i$N%"%/%;%9$KBP$9$k8x3+$rL\E*$H$9$k$b$N$G$O$J$/!"$3$N%=%U(B
$B%H%&%'%"$K4^$^$l$k5!G=@-$Ne$NLdBj$rJz$($k%G%b(B
$B%s%9%H%l!<%7%g%s%9%/%j%W%H$*$h$S%5!<%V%l%C%H$N2?$l$+$K!"%9%/%j%W%H$*$h$S(B
(B HTML $B%3!<%I$r4^$`0-0U$"$k%j%s%/$rAH$_N)$F$k2DG=@-$,$"$k!#$3$N%j%s%/$,C)(B
$B$i$l$?>l9g!"%j%s%/$K4^$^$l$k%3!<%I$O%j%s%/$rC)$C$?%f!<%6$N(B Web $B%V%i%&%6(B
$B$G2re$GZMQ(B
$B>pJs$N@`$N967b$b2DG=$G$"$k!#(B
(B
$B$3$NLdBj$O(B Bajie HTTP server 0.95zxv4 $B$K1F6A$r5Z$\$9$HJs9p$5$l$F$$$k$,!"(B
$BF10l$N%G%b%s%9%H%l!<%7%g%s%9%/%j%W%H$,F1:-$5$l$F$$$k!"$3$l$h$jA0$N%P!<%8(B
$B%g%s$bLdBj$rJz$($F$$$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$k!#(B
(B
(B
(BIII. SECURITYFOCUS NEWS ARTICLES
(B--------------------------------
(B1. Senators propose Patriot Act limitations
$BCxe1!5D2q$O!"JF9q0&9q5G'$7$?!#(B
$B$7$+$7!"N>E^$N;Y;}$rF@$F$$$k?7$?$JK!0F$O!"$3$N0&9qhttp://www.securityfocus.com/news/7245
(B
(B2. Prosecutors admit error in whistleblower conviction
$BCxpJs3+<($r9T$J$C$?$H$7$F!"JFO"K.7:L3=j$K(B 16 $B%v7n4V$K$o$?$jI~Lr$7$??MJ*$N(B
$BM-:aH=7h$rC$90U8~$G$$$k!#(B
(B
(Bhttp://www.securityfocus.com/news/7202
(B
(B3. Teen charged in cyber stock scam
$BCxZ7thttp://www.securityfocus.com/news/7177
(B
(B4. Spam inspires musos to song
$BCxhttp://www.securityfocus.com/news/7253
(B
(B5. NetScreen firms firewalls against app attacks
$BCxhttp://www.securityfocus.com/news/7252
(B
(B6. Teen computer whiz cleared in Houston hacking
$BCxhttp://www.securityfocus.com/news/7242
(B
(B
(BIV. SECURITYFOCUS TOP 6 TOOLS
(B-----------------------------
(B1. Webmin Usermonitor v0.11a
$B:nhttp://www.gehrigal.net/projects/webmin_usermonitor/
$BF0:n4D6-(B: AIX$B!"(BFreeBSD$B!"(BHP-UX$B!"(BIRIX$B!"(BLinux$B!"(BNetBSD$B!"(BOpenBSD$B!"(BSCO,
(BSolaris, SunOS, UNIX
$B$^$H$a(B:
(B
(BWebmin Usermonitor $B$O!"(BTelnet$B!"(BSSH$B!"$^$?$O(B Samba $B$K4p$E$/!"%3%s%T%e!<%?(B
$B$X$NA4$F$N%f!<%6@\B3$r1\Mw2DG=$J(B Webmin $B%b%8%e!<%k$G$"$k!#%f!<%6@\B3$N@Z(B
$BCG$d%f!<%6$X$N%a%C%;!<%8Aw?.$,2DG=$G$9!#(B
(B
(B2. radmind v1.2.0
$B:nhttp://rsug.itd.umich.edu/software/radmind
$BF0:n4D6-(B: FreeBSD$B!"(BLinux$B!"(BMacOS$B!"(BOpenBSD$B!"(BSolaris$B!"(BSunOS$B!"(BUNIX
$B$^$H$a(B:
(B
(Bradmind $B$O(B Unix $B$N%3%^%s%I%i%$%s$GF0:n$9$k%D!<%k72$G!"J#?t$N(B Unix $B$,F0:n(B
$B$9$k%3%s%T%e!<%?$N%U%!%$%k%7%9%F%`$r%j%b!<%H$+$i4IM}$G$-$k$3$H$r0U?^$7$F(B
$B3+H/$5$l$F$$$^$9!#Cf3K5!G=$H$7$F5s$2$i$l$k5!G=$O!"$"$?$+$b(B tripwire$B$N$h(B
$B$&$KF0:n$9$k5!G=$G$9!#$3$N5!G=$O4IM}2<$K$"$k%U%!%$%k%7%9%F%`Fb$N!"%U%!%$(B
$B%k!"%G%#%l%/%H%j!"%O!<%I%j%s%/!"%7%s%\%j%C%/%j%s%/$J$I$N%*%V%8%'%/%H$NJQ(B
$B2=$rH/8+2DG=$G$9!#%*%W%7%g%s$G$O$"$j$^$9$,!"$3$N%=%U%H%&%'%"$OJQ2=FbMF$r(B
$B85$KLa$9$3$H$,2DG=$G$9!#4IM}2<$K$"$k%3%s%T%e!<%?$N$=$l$>$l$K$OJ#?t$N:n@.(B
$B:Q$_%m!<%I%;%C%H!"3,AX2=$5$l$?%*!<%P!<%m!<%I$r@_Dj2DG=$G$9!#$3$N5!G=$K$h(B
$B$j!"Nc$($P%"%W%j%1!<%7%g%s$4$H$K(B OS $B$r$=$l$>$lJL8D$K3d$jEv$F$k$3$H$,2DG=(B
$B$K$J$j$^$9!#%m!<%I%;%C%H$O%j%b!<%H$N%5!<%PFb$K3JG<$5$l!"%5!<%PFb$N%m!<%I(B
$B%;%C%H$r99?7$9$k$3$H$K$h$j!"JQ99FbMF$O4IM}BP>]$N%3%s%T%e!<%?$XE>Aw2DG=$G(B
$B$9!#(B
(B
(B3. w3pw v1.10
$B:nhttp://w3pw.sourceforge.net/
$BF0:n4D6-(B: OS $B$K0MB8$7$J$$(B
$B$^$H$a(B:
(B
(Bw3pw $B$O!"(BPHP $B$rMxMQ$7$F3+H/$5$l!"(BWeb $B%$%s%?!<%U%'%$%9$rHw$($?%Q%9%o!<%I(B
$B4IM}%D!<%k$G$9!#0E9f2=$5$l$?>pJs$O!"(BMySQL $B%G!<%?%Y!<%9$K3JG<$5$l$^$9!#(B
(B
(B4. testmail v3.1.5
$B:nhttp://strony.wp.pl/wp/c_kruk/
$BF0:n4D6-(B: Perl (perl $B$,F0:n$9$k4D6-(B)
$B$^$H$a(B:
(B
(Btestmail $B$O!"(BPOP3 $B%5!<%P$G$NEE;R%a!<%k$N2DMQ@-$N%A%'%C%/!"Dj5A$5$l$?%k!<(B
$B%k$K4p$E$$$?%U%#%k%?%j%s%0!"$*$h$S(B ($BA*Br$5$l$?%a%=%C%I$K$h$C$F$O(B) $B%m!<%+(B
$B%k$N%a!<%k%\%C%/%9$K%a%C%;!<%8$rhttp://steghide.sourceforge.net
$BF0:n4D6-(B: AIX$B!"(BBSDI$B!"(BDigital UNIX/Alpha$B!"(BFreeBSD$B!"(BHP-UX$B!"(BIRIX$B!"(BLinux,
(BNetBSD, OpenBSD, SCO, Solaris, SunOS, True64 UNIX, Ultrix, UNIX, 
(BUnixware,
(BWindows 95/98, Windows NT
$B$^$H$a(B:
(B
(BSteghide $B$O!"%G!<%?%U%!%$%k$N%S%C%H$rB>$N%U%!%$%k$N:G2<0L%S%C%H$N0lIt$K(B
$B1#$7!"%G!<%?%U%!%$%k$NB8:_$rIT2D;k$K$7!"H=L@$G$-$J$$$h$&$K$9$k%9%F%,%N%0(B
$B%i%U%#!<%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$O0\?"2DG=$GI}9-$$@_Dj$,2DG=$G(B
$B$"$k$h$&$K0U?^$5$l$F$*$j!"(Bbmp$B!"(Bwav $B$*$h$S(B au $B%U%!%$%k$X$N%G!<%?1#JC!"(B
(Bblowfish $B0E9f2=!"(Bblowfish $B0E9f80$N%Q%9%U%l!<%:$N(B MD5 $B%O%C%7%e!"$*$h$S%3(B
$B%s%F%J%G!<%?Fb$N1#$7%S%C%H$N5<;w%i%s%@%`G[CV$NFCD'$,$"$j$^$9!#(B
(B
(B6. NISCA v2.5
$B:nhttp://nisca.sourceforge.net/
$BF0:n4D6-(B: POSIX
$B$^$H$a(B:
(B
(BNISCA (Network Interface Statistics Collection Agent) $B$O$h$j=@Fp$J!"(BPHP4
(B $B$rMxMQ$7$F3+H/$5$l$?(B MRTG $B$NBeBX%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$O!"(B
$BE}7W%G!<%?$r<}=8$9$k$?$a$K(B SNMP $B$*$h$S(B $B%m!<%+%k%[%9%H$N(B /proc/net/dev $B%G(B
$B%P%$%9%U%!%$%k%G%#%l%/%H%j$NFI$_Aw$5$l$?%P%$%H!"E>(B
$BAw$5$l$?%Q%1%C%H!"E>Aw%(%i!.>>%_%5(B(KOMATSU Misa)$B!"(B
$BGOCeFF(B(UMAKI Atsushi)$B!"3QED8<;J(B(KAKUDA Motoshi)$B!"(B
$B@P86J8;R(B(ISHIHARA Ayako)$B!">!3$D>?M(B(KATSUMI Naoto)$B!"(B
$B9b66=SB@O:(B(TAKAHASHI Shuntarou)
$B4F=$(B: $BA}EDCR0l(B(MASUDA Tomokazu)
(BLAC Co., Ltd.
(Bhttp://www.lac.co.jp/security/
Attachment: smime.p7s
Description: S/MIME cryptographic signature
Prev by Date: [SNS Advisory No.70] tsworks "Expand the Attachment" Buffer Overflow Vulnerability

Next by Date: [SNS Spiffy Reviews No.8] Successful Reproduction of MS03-049 "Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)" on Japanese Environments

Previous by thread: [SNS Advisory No.70] tsworks "Expand the Attachment" Buffer Overflow Vulnerability

Next by thread: [SNS Spiffy Reviews No.8] Successful Reproduction of MS03-049 "Buffer Overrun in the Workstation Service Could Allow Code Execution (828749)" on Japanese Environments

Index(es):

Date

Thread