[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SecurityFocus Newsletter #248 2004-5-3->2004-5-7

To: bugtraq-jp@xxxxxxxxxxxxxxxxx
Subject: SecurityFocus Newsletter #248 2004-5-3->2004-5-7
From: Yasuhiro Nishimura <y.nisimr@xxxxxxxxx>
Date: Tue, 20 Jul 2004 09:10:23 +0900
$B@>B<(B@$B%i%C%/$G$9!#(B
(B
(BSecurityFocus Newsletter $BBh(B 248 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B
(B
(B---------------------------------------------------------------------------
(BBugTraq-JP $B$K4X$9$k(B FAQ($BF|K\8l(B):
(Bhttp://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0lH$/$@$5$$(B
(B---------------------------------------------------------------------------
(B---------------------------------------------------------------------------
(BSecurityFocus Newsletter $B$K4X$9$k(BFAQ($B1Q8l(B):
(Bhttp://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
(BBugTraq $B$K4X$9$k(B FAQ($B1Q8l(B):
(Bhttp://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
(B---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02qe$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
(B  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
(B  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
(B  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
(B1) http://online.securityfocus.com/archive/79
(B---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
(B  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
(B---------------------------------------------------------------------------
(BThis translation is encoded and posted in ISO-2022-JP.
(B
$B86HG(B:
(BDate: 10 May 2004 21:52:22 -0000
(BMessage-ID: <20040510215222.26435.qmail@xxxxxxxxxxxxxxxxxxxxxx>
(B
(BSecurityFocus Newsletter #248
(B-----------------------------
(B
(BThis Issue is Sponsored By: SecurityFocus 
(B
(BI. FRONT AND CENTER($BF|K\8lLu$J$7(B)
(B     1. Automating Windows Patch Mngt: Part III
(BII. BUGTRAQ SUMMARY
(B     1. Sysklogd Crunch_List Buffer Overrun Vulnerability
(B     2. Sesame Unauthorized Repository Access Vulnerability
(B     3. 3Com SuperStack 3 NBX Netset Application Port Scan Denial of...
(B     4. JForum Unauthorized Forum Access Vulnerability
(B     5. Midnight Commander Multiple Unspecified Vulnerabilities
(B     6. Multiple LHA Buffer Overflow/Directory Traversal Vulnerabili...
(B     7. LibPNG Broken PNG Out Of Bounds Access Denial Of Service Vul...
(B     8. SquirrelMail Folder Name Cross-Site Scripting Vulnerability
(B     9. Microsoft Internet Explorer Meta Data Foreign Domain Spoofin...
(B     10. Rosiello Security Sphiro HTTPD Remote Heap Buffer Overflow V...
(B     11. ReciPants SQL Injection and Cross-Site Scripting Vulnerabili...
(B     12. Moodle Cross Site Scripting Vulnerability
(B     13. ProFTPD CIDR Access Control Rule Bypass Vulnerability
(B     14. Coppermine Photo Gallery Multiple Input Validation Vulnerabi...
(B     15. Web Wiz Forum Multiple Vulnerabilities
(B     16. Apple QuickTime Sample-to-Chunk Integer Overflow Vulnerabili...
(B     17. PROPS SQL Injection and Cross-Site Scripting Vulnerabilities
(B     18. Emacs flim Library Insecure Temporary File Creation Vulnerab...
(B     19. Business Objects Crystal Reports Multiple Unspecified Vulner...
(B     20. Sun Solaris Patch Information Disclosure Vulnerability
(B     21. Aldo's Web Server Multiple Input Validation Vulnerabilities
(B     22. YaBB Bulletin Board Corruption Vulnerability
(B     23. PaX 2.6 Kernel Patch Denial Of Service Vulnerability
(B     24. SmartPeer Undisclosed Local Vulnerability
(B     25. APSIS Pound Remote Format String Vulnerability
(B     26. IPMenu Log File Symbolic Link Vulnerability
(B     27. Apple Mac OS X CoreFoundation Unspecified Large Input Vulner...
(B     28. Apple Mac OS X AppleFileServer Remote Buffer Overflow Vulner...
(B     29. Titan FTP Server LIST Denial Of Service Vulnerability
(B     30. Check Point VPN-1 ISAKMP Remote Buffer Overflow Vulnerabilit...
(B     31. OMail Webmail Remote Command Execution Variant Vulnerability
(B     32. Verity Ultraseek Error Message Path Disclosure Vulnerability
(B     33. E-Zone Media FuzeTalk AddUser.CFM Administrator Command Exec...
(B     34. Kolab Groupware Server OpenLDAP Plaintext Password Storage V...
(B     35. E-Zone Media FuzeTalk Banning.CFM Authentication Bypass Vuln...
(B     36. SuSE Linux Kernel HbaApiNode Improper File Permissions Denia...
(B     37. JelSoft VBulletin Forum Creation HTML Injection Vulnerabilit...
(B     38. Simple Machines Forum Size Tag HTML Injection Vulnerability
(B     39. PHPNuke Modules.php Multiple SQL Injection Vulnerabilities
(B     40. PHPX Multiple Cross-Site Scripting Vulnerabilities
(B     41. PHPX Multiple Administrator Command Execution Vulnerability
(B     42. FreeBSD Kernel VM_Map Local Denial Of Service Vulnerability
(B     43. P4DB Multiple Input Validation Vulnerabilities
(B     44. SGI IRIX  Unspecified UDP Denial Of Service Vulnerability
(B     45. Heimdal K5AdminD Remote Heap Buffer Overflow
(B     46. SGI IRIX IFConfig -ARP Failure To Disable ARP Functionality ...
(B     47. Exim Sender Verification Remote Stack Buffer Overrun Vulnera...
(B     48. Exim Header Syntax Checking Remote Stack Buffer Overrun Vuln...
(B     49. Microsoft ASP.NET Malformed HTTP Request Information Disclos...
(B     50. e107 Website System Multiple Script HTML Injection Vulnerabi...
(B     51. SurgeLDAP Web Administration Authentication Bypass Vulnerabi...
(B     52. DeleGate SSLway Filter Remote Stack Based Buffer Overflow Vu...
(B     53. KAME Racoon Remote IKE Message Denial Of Service Vulnerabili...
(B     54. SuSE LINUX 9.1 Personal Edition Live CD-ROM SSH Server Defau...
(BIII. SECURITYFOCUS NEWS ARTICLES
(B     1. Prison time for cyber stock swindler
(B     2. Student hacks iTunes for compatibility
(B     3. Charges filed in 'Deceptive Duo' hacks
(B     4. New version of Sasser undermines lone coder theory
(B     5. German teenager admits creating Sasser
(B     6. Mystery of MS's missing AV software
(BIV. SECURITYFOCUS TOP 6 TOOLS
(B     1. Password Spyer 2k 2.4
(B     2. NatACL 1.0
(B     3. PCX Firewall (CGI Web Frontend) 1.3
(B     4. Burp proxy 1.22 1.22
(B     5. GNUnet v0.6.2a
(B     6. FTimes v3.4.0
(B
(B
(BI. FRONT AND CENTER($BF|K\8lLu$J$7(B)
(B---------------------------------
(B
(BII. BUGTRAQ SUMMARY
(B-------------------
(B1. Sysklogd Crunch_List Buffer Overrun Vulnerability
(BBugTraq ID: 10238
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 29 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10238
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(Bsysklogd $B$O%P%C%U%!%*!<%P!<%U%m!<$NLdBj$rJz$($F$$$k5?$$$,(B
$B$"$k!#(B
(B
$B$3$NLdBj$rMxMQ$9$k$3$H$G!"M}O@>e!"%m!<%+%k$N967buBV$G%$%s%9%H!<%k$5$l$F$$$k$H!"9b$$8"8B$G0U?^$7$?%3(B
$B%^%s%I$rZ$G$"$k!#(B
(B
(B2. Sesame Unauthorized Repository Access Vulnerability
(BBugTraq ID: 10239
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 29 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10239
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BRDF $B%j%]%8%H%j%"%W%j%1!<%7%g%s$G$"$k(B Sesame $B$K$O!"IT@5$K%j(B
$B%]%8%H%j$K%"%/%;%92DG=$JLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"0lC6%j%](B
$B%8%H%j$,%"%/%;%9$5$l$k$H!"%a%b%jFb$N%j%]%8%H%j%3%s%F%s%D$,0BA4$K=hM}$5$l(B
$B$J$$$3$H$K5/0x$9$k!#(B
(B
$B$3$NLdBj$K$h$j!"967b$N%f!<%6%j%]%8%H%j$X%"%/%;%9$7!"5!L)>pJs$N3+<((B
$B$9$k2DG=@-$,$"$k!#(B
(B
(B3. 3Com SuperStack 3 NBX Netset Application Port Scan Denial of...
(BBugTraq ID: 10240
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10240
$B$^$H$a(B:
(B
(B3Com SuperStack 3 NBX IPtelephones $B$K$OLdBj$,H/8+$5$l$F$$$k!#(B
(B
(BsafeChecks $B%b!<%I$G9=@.$5$l$?!"1F6A$re!"%/%i%C%7%e$9$k!#(B
(B
$B@5>o$J5!G=$r2sI|$9$k$?$a$K!"%O!<%I%&%'%"E*$J:F5/F0$,MW5a$5$l$k$3$H$,Js9p(B
$B$5$l$F$$$k!#(B
(B
(B4. JForum Unauthorized Forum Access Vulnerability
(BBugTraq ID: 10241
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10241
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BJForum $B$OIT@5$K%U%)!<%i%`$K%"%/%;%9$5$l$kLdBj$rJz$($F$$$k(B
$B5?$$$,$"$k!#$3$NLdBj$O!"F~NOCM$NBEEv@-3NG'$NITHw$K5/0x$7$F$*$j!"K\Mh5v2D(B
$B$5$l$F$$$J$$8D?M$,!"@)8B$5$l$?%U%)!<%i%`$K%"%/%;%92DG=$K$J$k!#(B
(B
$B$3$NLdBj$K$h$j!"967b\(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10242
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BMidnight Commander $B$OITL@3N$G$"$k$,J#?t$NLdBj$rJz$($F$$$k(B
$B5?$$$,$"$k!#$3$NLdBj$OMM!9$J@_7W>e$NITHw$d6-3&%A%'%C%/$NITHw$K5/0x$9$k!#(B
(B
$B$3$l$i$NLdBj$O!"1F6A$NuBV$K4Y$i$;$k$3$H$,MF0W$K$J$k!#(B
(B
(B6. Multiple LHA Buffer Overflow/Directory Traversal Vulnerabili...
(BBugTraq ID: 10243
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10243
$B$^$H$a(B:
(B
(BLHA $B$O!"%"!<%+%$%V$r=hM}$9$k:]$K!"0-0U$"$k%"!<%+%$%V$K$h$j0U?^$7$?%3!<%I(B
$B$Ne=q$-$,9T$o$l$k2DG=(B
$B@-$,$"$k!#(B
(B
(B7. LibPNG Broken PNG Out Of Bounds Access Denial Of Service Vul...
(BBugTraq ID: 10244
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10244
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(Blibpng $B%0%i%U%#%C%/%i%$%V%i%j$K$OFCDj$N%?%$%W$N2u$l$?%$%a!<(B
$B%8$r=hM}$9$k:]!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$rJz$($F$$$k5?$$$,$"$k!#(B
(B
$B$3$NLdBj$O!"LdBj$rJz$($k%i%$%V%i%j$K%j%s%/$5$l$?%=%U%H%&%'%"$,LdBj$r0z$-(B
$B5/$3$9$N$K==J,$J0-0U$"$k2u$l$?(B PNG $B%$%a!<%8$r=hM}$9$k$?$a$K;HMQ$5$l$k>l(B
$B9g!"FCDj$N%3%s%T%e!<%?>e$G%a%b%j%"%/%;%90cH?$r0z$-5/$3$92DG=@-$,$"$k$H?d(B
$B;!$5$l$k!#(B
(B
(B8. SquirrelMail Folder Name Cross-Site Scripting Vulnerability
(BBugTraq ID: 10246
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10246
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BSquirrelMail $B$K$O!"%U%)%k%@L>I=<($N=hM}$K$*$$$F%/%m%9%5%$(B
$B%H%9%/%j%W%F%#%s%0$NLdBj$,B8:_$9$k!#$3$NLdBj$O!"F0E*$K@8@.$5$l$k(B Web $B%3(B
$B%s%F%s%D$K%U%)%k%@L>$,4^$^$l$kA0$K!"%f!<%6$,M?$($?F~NOCM$KBP$9$kL5322=$,(B
$BIT==J,$G$"$k$3$H$K5/0x$9$k!#(B
(B
$B$3$NLdBj$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`$N967b$bF1MM$K2DG=$G$"$k!#(B
(B
(B9. Microsoft Internet Explorer Meta Data Foreign Domain Spoofin...
(BBugTraq ID: 10248
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10248
$B$^$H$a(B:
(B
(BMicrosoft Internet Explorer $B$K$OLdBj$,Js9p$5$l$F$*$j!">ZL@=q$N56Au$,MF0W(B
$B$K9T$o$l$k2DG=@-$,$"$k!#$3$NLdBj$O!"967bBP>]$N%f!<%6$K(B Web $B%3%s%F%s%D$r(B
$B56$C$FEA$($k$N$KM-MQ$G$"$k$H?d;!$5$l$k!#(B
(B
$B$3$NLdBj$O(B (SSL $B$r2p$7$F(B) $BL54X78$N%I%a%$%s$+$i$N>ZL@=q$d%3%s%F%s%D$r(B Web 
$B%Z!<%8Fb$KAH$_9~$`$3$H$,2DG=$G$"$k$3$H$K5/0x$7$F$$$k!#%/%i%$%"%s%H%f!<%6(B
$B$,$3$N(B Web $B%Z!<%8$K%"%/%;%9$7$?>l9g!"L54X78$N%I%a%$%s$+$i$N>ZL@=q$rG'2D(B
$B$9$k$h$&B%$5$l$k!#$3$l$K$h$j!"$^$k$G%"%/%;%9$7$F$$$k(B Web $B%Z!<%8$,L54X78(B
$B$N%I%a%$%s$KB8:_$7$F$$$k$+$N$h$&$J>u67$,H/@8$9$k!#(B
(B
$B$^$?!"%V%i%&%62hLL$N1&6y$KJD$8$?>{$N%"%$%3%s$,I=<($5$l$k$?$a!"$3$N@\B3$,(B
$B%;%-%e%"$G$"$k$+$N$h$&$K8+$($k$,!"{$N%"%$%3%s$r%/%j%C%/$9$k!K$G56(B
$BAu$5$l$?>ZL@=q$r8!::$7$F$$$J$$E@$KN10U$9$Y$-$G$"$k!#%f!<%6$,$3$N>{$N%"%$(B
$B%3%s$r%/%j%C%/$7$?>l9g!"$3$N%I%-%e%a%s%H$K4XO"$9$k>ZL@=q$rJ];}$7$F$$$J$$(B
$B$H$$$&%a%C%;!<%8$,%V%i%&%6$+$iJV?.$5$l$k!#$3$&$9$k$3$H$K$h$j!"$3$N>ZL@=q(B
$B$,56Au$5$l$F$$$k$3$H$r3NG'2DG=$G$"$k!#(B
(B
$B$3$NLdBj$r0-MQ$9$k$3$H$K$h$j!"%f!<%6$KBP$7$F0-0U$r;}$D(B Web $B%Z!<%8$r?.Mj(B
$B$9$k$h$&$KM6$&$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B
(B
$B$3$NLdBj$O(B Microsoft Internet Explorer 6 $B$K$*$$$FJs9p$5$l$F$$$k!#$7$+$7(B
$B$J$,$i!"$=$l0JA0$N%P!<%8%g%s$K$*$$$F$b1F6A$rhttp://www.securityfocus.com/bid/10249
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BSphiro HTTPD $B$O%j%b!<%H$+$iMxMQ2DG=$J!"%R!<%WNN0h$K$*$1$k(B
$B%P%C%U%!%*!<%P!<%U%m!<$NLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"$3$N%=%U(B
$B%H%&%'%"$,F~NO%G!<%?$r3NJ]$7$?%P%C%U%!$KJ]B8$9$kA0$K!"%P%C%U%!NN0hFb$N6-(B
$B3&$rE,@Z$K3NG'$7$F$$$J$$$3$H$K5/0x$7$F$$$k!#(B
(B
$B$3$N967b$K$h$kD>@\$N1F6A$H$7$F!"$3$NLdBj$rJz$($k%G!<%b%s$,%/%i%C%7%e$7@5(B
$BEv$J%f!<%6$KBP$9$k%5!<%S%9$,MxMQITG=$J>uBV$K4Y$k2DG=@-$,$"$k!#$5$i$K!"$3(B
$B$NLdBj$NK\http://www.securityfocus.com/bid/10250
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BReciPants $B$O(B SQL $BJ8$rA^F~$5$l$kLdBj$*$h$S%/%m%9%5%$%H%9%/(B
$B%j%W%F%#%s%0$NLdBj$rJz$($F$$$k!#$3$l$i$NLdBj$O!"%f!<%6$+$iF~NO$5$l$?FbMF(B
$B$,%G!<%?%Y!<%9$N%/%(%jFb$G;HMQ$5$l$kA0$K!"E,@Z$KL5322=$5$l$J$$$3$H$K5/0x(B
$B$9$k!#%/%(%j$,<:GT$7$?>l9g!"0-0U$N$"$k%3%s%F%s%D$r4^$`%(%i!<%a%C%;!<%8$,(B
$B967bBP>]e$KI=<($5$l$k!#(B
(B
$B$3$l$i$NLdBj$K$h$j!"967bpJs$NF~ZMQ>pJs$N@`$N967b$bF1(B
$BMM$K2DG=$G$"$k!#(B
(B
(B12. Moodle Cross Site Scripting Vulnerability
(BBugTraq ID: 10251
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10251
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BMoodle $B$O(B 'help.php' $B%9%/%j%W%H$K$*$$$F%/%m%9%5%$%H%9%/%j(B
$B%W%F%#%s%0$NLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"%f!<%6$+$iF~NO$5$l$?(B
$BFbMF$,F0E*$K@8@.$5$l$k(B Web $B%3%s%F%s%DFb$K4^$^$l$kA0$K!"E,@Z$KL5322=$5$l(B
$B$J$$$3$H$K5/0x$9$k!#(B
(B
$B$3$NLdBj$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`$N967b$bF1MM$K2DG=$G$"$k!#(B
(B
(B13. ProFTPD CIDR Access Control Rule Bypass Vulnerability
(BBugTraq ID: 10252
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10252
$B$^$H$a(B:
(B
(BProFTPD $B$O%"%/%;%9@)8f%k!<%k$r1*2s$5$l$kLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p(B
$B$5$l$F$$$k!#Js9p$K$h$k$H!"$3$NLdBj$O(B ProFTPD 1.2.9 $B$K0\?"@-$K4X$9$kl9g!"$3$NLdBj$O%5!<%P$,$"$?$+$b0BA4$G$"$k(B
$B$H$$$&8m2r$r>7$/!#http://www.securityfocus.com/bid/10253
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BCoppermine Photo Gallery $B$O!"F~NOCM$NBEEv@-3NG'$K4X$9$kJ#(B
$B?t$NLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$N$&$A$$$/$D$+$K$h$j!"0U?^$7$?%3(B
$B%^%s%I$,ZMQ>pJs$N@`$N967b$b2DG=$G$"$k!#(B
(B
(B15. Web Wiz Forum Multiple Vulnerabilities
(BBugTraq ID: 10255
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10255
$B$^$H$a(B:
(B
(BWeb Wiz Forum $B$O!"J#?t$NLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k!#$3$l$i$NLdBj$O!"(B
(BSQL $BJ8$rA^F~$9$k967b$r9T$&$?$a$K%f!<%6$,M?$($kF~NOCM$NL5322=$,IT==J,$G$"(B
$B$k$3$H$H!"FCDj$N(B Web $B%U%)!<%i%`5!G=$KL55v2D$G%"%/%;%92DG=$H$J$k@_7W>e$N(B
$BITHw$,B8:_$3$H$K5/0x$7$F$$$k!#(B
(B
(BSQL $BJ8$rA^F~$5$l$kLdBj$K$h$j!"967bpJs$X$N%"%/%;%98"$NC%$N967b(B
$B$b2DG=$G$"$k$H?d;!$5$l$k!#(B
(B
$B@_7W>e$NITHw$K$h$j!"G$0U$N%f!<%6$,%H%T%C%/JQ99%9%/%j%W%H$d(B IP $B%"%I%l%9http://www.securityfocus.com/bid/10257
$B$^$H$a(B:
(B
(BApple QuickTime Player $B$K$O!"@0?t7e$"$U$l$K$h$k%*!<%P!<%U%m!<$NLdBj$,B8(B
$B:_$9$k!#(B
(B
$B$3$NLdBj$O0U?^E*$KAH$_N)$F$i$l$?(B .mov $B%U%!%$%k$K$h$j0z$-5/$3$5$l!"(B
(BMicrosoft Windows $B4D6-$G0U?^$7$?%3!<%I$r$N4D6-$G$O$3$NLdBj$K$h$j$3$N%=%U%H%&%'%"$,%/%i%C%7%e(B
$B$9$k2DG=@-$,$"$k!#%Y%s%@$+$i$O!"$3$NLdBj$O(B Mac OS X $B$G$O%5!<%S%9$,ITG=$K(B
$B$J$k$@$1$G$"$k!"$H$$$&AjH?$9$k>pJs$,8x3+$5$l$F$$$k!#(B
(B
(B17. PROPS SQL Injection and Cross-Site Scripting Vulnerabilities
(BBugTraq ID: 10258
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 01 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10258
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BPROPS $B$K$O(B SQL $BJ8$rA^F~$5$l$kLdBj$*$h$S%/%m%9%5%$%H%9%/%j(B
$B%W%F%#%s%0$NLdBj$,B8:_$9$k!#$3$l$i$NLdBj$O!"%f!<%6$,M?$($?F~NOCM$,%G!<%?(B
$B%Y!<%9%/%(%j$X$NF~NOCM$H$7$F;HMQ$5$l$kA0$K==J,$KL5322=$5$l$J$$$3$H$K5/0x(B
$B$9$k!#%/%(%j$,<:GT$7$?:]!"0-0U$"$k%3%s%F%s%D$r4^$`%(%i!<%a%C%;!<%8$,967b(B
$BBP>]$N%f!<%6$N%V%i%&%6$KI=<($5$l$k!#(B
(B
$B$3$l$i$NLdBj$K$h$j967bpJs$X$N%"%/%;%98"$NC%ZMQ>pJs$N@`(B
$B$N967b$b2DG=$G$"$k!#(B
(B
(B18. Emacs flim Library Insecure Temporary File Creation Vulnerab...
(BBugTraq ID: 10259
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 02 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10259
$B$^$H$a(B:
(B
(BEmacs $B$N(B flim $B%i%$%V%i%j$O!"%7%s%\%j%C%/%j%s%/$K4X$9$kLdBj$rJz$($F$$$k5?(B
$B$$$,$"$k!#$3$NLdBj$K$h$j!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k%f!<%6$N8"8B$G(B
$B%U%!%$%k$r>e=q$-$G$-$k2DG=@-$,$"$k!#(B
(B
(B19. Business Objects Crystal Reports Multiple Unspecified Vulner...
(BBugTraq ID: 10260
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 03 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10260
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BCrystal Reports $B$O(B Web $B%$%s%?%U%'!<%9$KJ#?t$NLdBj$rJz$($F(B
$B$$$k5?$$$,$"$k!#$3$l$i$NLdBj$K$h$j!"967buBV(B
$B$r0z$-5/$3$9$3$H$b$G$-$k2DG=@-$,$"$k!#(B
(B
(BCrystal Reports 10.0 $B0JA0$N%P!<%8%g%s$,$3$l$i$NLdBj$rJz$($F$$$k$H?d;!$5(B
$B$l$k!#(B
(B
$B>\:Y$,ITB-$7$F$$$k$?$a!"8=;~E@$G$O$5$i$J$k>pJs$OF~pJs$,8x3+$5$lhttp://www.securityfocus.com/bid/10261
$B$^$H$a(B:
(B
(BSun $B$NJs9p$K$h$k$H!"(BSolaris $BMQ$K8x3+$5$l$F$$$k$$$/$D$+$N%Q%C%A$K$O!"?7$?(B
$B$J%;%-%e%j%F%#>e$NLdBj$,B8:_$9$k2DG=@-$,$"$k!#$3$NLdBj$O!"(BNIS $B%^%C%W%U%!(B
$B%$%k$,3JG<$5$l$F$$$k(B NIS $B%5!<%P$H$7$F2TF0$7$F$*$j!"(BSPARC $BMQ$N(B 113579-02 
$B$+$i(B 113579-05 $B$N4V$N%Q%C%A!"$^$?$O(B x86 $BMQ$N(B 114342-02 $B$+$i(B 114342-05 $B$N(B
$B4V$N%Q%C%A$,E,MQ$5$l$F$$$k(B Solaris 9 $B$N%3%s%T%e!<%?$KB8:_$9$k!#(B
(B
$B$3$NLdBj$rMxMQ$7$?967b$,@.8y$7$?>l9g!"7k2L$H$7$F967bpJs$r3+<((B
$B$G$-$k2DG=@-$,$"$k!#(B
(B
(B21. Aldo's Web Server Multiple Input Validation Vulnerabilities
(BBugTraq ID: 10262
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 03 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10262
$B$^$H$a(B:
(B
(BAldo's Web Server $B$K$O!"(B2 $B$D$NLdBj$,Js9p$5$l$F$$$k!#(B
(B
$B$3$NLdBj$K$h$j!"%j%b!<%H$N967bpJs$rpJs$K%"%/%;%92DG=$H$J$k!"%G%#%l%/%H%j;2>H$K4X$9$k(B
$BLdBj$bJs9p$5$l$F$$$k!#(B
(B
$B$3$l$i$NLdBj$O!"967bpJs$K%"%/%;%9$9$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#(B
(B
(B22. YaBB Bulletin Board Corruption Vulnerability
(BBugTraq ID: 10263
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 03 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10263
$B$^$H$a(B:
(B
(BYaBB $B$K$O!"7G<(HD$NFbMF$r2~JQ$5$l$kLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l(B
$B$F$$$k!#$3$l$O!"F~NOFbMF$NBEEv@-3NG'$NLdBj$K5/0x$7$F$*$j!"%f!<%6$O$3$N%=(B
$B%U%H%&%'%"$K4XO"IU$1$i$l$?%F%-%9%H%U%!%$%kFb$N0U?^$9$kCM$r;XDj2DG=$H$J$k!#(B
(B
$B$3$NLdBj$K$h$j!"$3$N%=%U%H%&%'%"$K4XO"$9$k7G<(HD$O2~JQ$5$l$?$jFI$_$N967b$b2DG=$G$"$k$H?d;!$5$l$k!#(B
(B
(B23. PaX 2.6 Kernel Patch Denial Of Service Vulnerability
(BBugTraq ID: 10264
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 03 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10264
$B$^$H$a(B:
(B
(BLinux $B%+!<%M%k(B 2.6 $B7O8~$1$N(B PaX $B$K$O!"%m!<%+%k$+$i%5!<%S%9ITG=>uBV$r0z$-(B
$B5/$3$9LdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#Js9p$K$h$k$H!"$3$NLdBj(B
$B$O(B PaX Address Space Layout Randomization Layout (ASLR) $B$,M-8z$K$5$l$F$$(B
$B$k:]$KH/@8$9$k!#(B
(B
$B$3$NLdBj$O!"%+!<%M%k$rL58B%k!<%W$K4Y$i$;$k$?$a$K%m!<%+%k$N967bhttp://www.securityfocus.com/bid/10265
$B$^$H$a(B:
(B
(BSmartPeer $B$O!">\:YITL@$NLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#Js9p(B
$B$K$h$k$H!"$3$NLdBj$O(B smartpeer -p mynewpassword $B%3%^%s%I$,8F$S=P$5$l$k:](B
$B$KH/@8$9$k!#(B
(B
(BSmartPeer 0.1 $B$,!"$3$NLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k$,!"$3$l(B
$B$h$jA0$N%P!<%8%g%s$b1F6A$rhttp://www.securityfocus.com/bid/10267
$B$^$H$a(B:
(B
(BAPSIS Pound $B$O!"%j%b!<%H$+$i967b$KMxMQ2DG=$J=q<0;XDj;R$r4^$`J8;zNs$Nhttp://www.securityfocus.com/bid/10269
$B$^$H$a(B:
(B
(Bipmenu $B$O!"%7%s%\%j%C%/%j%s%/$rMxMQ$7$?967b$N1F6A$re$N(B
$BITHw$K5/0x$7$F$*$j!"%7%s%\%j%C%/%j%s%/$rMxMQ$7$?967b$r;E3]$1$k:]$KM-MQ$H(B
$B$J$k!#(B
(B
$B$3$NLdBj$O!"MM!9$J4D6-$G%5!<%S%9ITG=>uBV$r0z$-5/$3$9$?$a$KMxMQ$5$l$k2DG=(B
$B@-$,$"$k!#$3$NLdBj$O!"1F6A$r:3J$5$;$k$?$a$KMx(B
$BMQ$5$l$k2DG=@-$b$"$k$,!"$3$l$O8=;~E@$G$OL$8!>Z$G$"$k!#(B
(B
(B27. Apple Mac OS X CoreFoundation Unspecified Large Input Vulner...
(BBugTraq ID: 10270
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 03 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10270
$B$^$H$a(B:
(B
(BCoreFoundation $B$O!"%m!<%+%k$NITFCDj$NBg$-$JF~NOCM$K$h$C$F0z$-5/$3$5$l$k(B
$BLdBj$K$h$k1F6A$r\:Y>pJs$OB8:_$7$J$$!#$3$N(B BID $B$O$5$i$J$k(B
$B>pJs$,8x3+$5$le$G0U?^$9$k%3!<%I$rZ$G$"$k!#(B
(B
$B$3$NLdBj$O!"J#?t$NLdBj$r4^$s$G$$$k(B BID 10268 (Apple OS X Multiple
(BUnspecified Large Input Vulnerabilities) $B$G4{$K8x3+$5$l$F$$$k$,!"?7$?$J(B 
(BBID $B$,3d$jEv$F$i$l$F$$$k!#(B
(B
(B28. Apple Mac OS X AppleFileServer Remote Buffer Overflow Vulner...
(BBugTraq ID: 10271
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 03 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10271
$B$^$H$a(B:
(B
(BAppleFileServer $B$O!"%j%b!<%H$N967bpJs$,8x3+$5$l$?7k2L!"?7$?$K(B BID $B$,3d$jEv$F$i$l$?!#(B
(B
(B29. Titan FTP Server LIST Denial Of Service Vulnerability
(BBugTraq ID: 10272
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 04 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10272
$B$^$H$a(B:
(B
(BTitan FTP $B$O!"(B'LIST' $B%3%^%s%I$r=hM}$9$k:]$K%j%b!<%H$+$i%5!<%S%9ITG=>uBV(B
$B$r0z$-5/$3$5$l$kLdBj$rJz$($F$$$k5?$$$,$"$k!#(B
(B
$B%j%b!<%H$N967bhttp://www.securityfocus.com/bid/10273
$B$^$H$a(B:
(B
(BCheck Point VPN-1 $B@=IJ72$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<(B
$B$NLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$*$j!"%j%b!<%H$N967buBV$,0z$-(B
$B5/$3$5$l$k2DG=@-$,$"$k!#(B
(B
(BRemote Access VPN$B!"$^$?$O(B gateway-to-gateway VPN $B$r;HMQ$7$F$$$J$$(B Check
(BPoint $B@=IJ$N%f!<%6$O!"$3$NLdBj$N1F6A$r\:YITL@$N$?$a!"8=;~E@$G$O!"99$J$k>pJs$O8x3+$5$l$F$$$J$$!#$3$N(B BID $B$O99(B
$B$J$k>pJs$,8x3+$5$lhttp://www.securityfocus.com/bid/10274
$B$^$H$a(B:
(B
(BOMail $B$K$O!"%j%b!<%H$N967be$G0U?^$9$k%3%^%s%I$rhttp://www.securityfocus.com/bid/10275
$B$^$H$a(B:
(B
$B8!:w%"%W%j%1!<%7%g%s$G$"$k(B Verity Ultraseek $B$O!"%j%b!<%H$N967bhttp://www.securityfocus.com/bid/10276
$B$^$H$a(B:
(B
(BFuseTalk $B$O!"(Badduser.cfm $B%9%/%j%W%H$K$*$$$F!"4IM}%3%^%s%I$,l9g!"$=$N4IM}$N(B
$B967b$Nhttp://www.securityfocus.com/bid/10277
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BKolab groupware Server $B$OJ?J8$G%Q%9%o!<%I$rJ]B8$7$F$$$kLd(B
$BBj$rJz$($F$$$k5?$$$,$"$j!"967bhttp://www.securityfocus.com/bid/10278
$B$^$H$a(B:
(B
(BFuseTalk $B$O!"(B'banning.cfm' $B%9%/%j%W%H$X%"%/%;%92DG=$K$J$k!"G'>Z$,1*2s$5(B
$B$l$kLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k!#$3$NLdBj$O!"$3$N%=%U%H%&%'%"$K$h$k(B
$BG'>ZMQ>pJs$NBEEv@-3NG'$,IT==J,$G$"$k$3$H$K5/0x$9$k!#(B
(B
$B$3$NLdBj$rMxMQ$9$k$3$H$G!"967bhttp://www.securityfocus.com/bid/10279
$B$^$H$a(B:
(B
(BSuSE Linux kernel $B$K$*$$$F!"%m!<%+%k$N967buBV$K4Y$i$;$k$3$H$,2DG=$G$"$k$H?dB,$5$l$kLdBj$,H/8+$5$l$F$$(B
$B$k!#$3$NLdBj$O(B '/proc/scsi/qla2300/HbaApiNode' $B%U%!%$%k$K$*$1$k%Q!<%_%C(B
$B%7%g%s$,E,@Z$G$J$$$?$a$K0z$-5/$3$5$l$k$HJs9p$5$l$F$$$k!#(B
(B
(BSuSE Linux Enterprise Server 8.0$B!"(BSuSE Linux 8.1$B!"(B9.0 $B$,!"$3$NLdBj$N1F6A(B
$B$r\:Y$,ITB-$7$F$$$k$?$a!"$5$i$J$k>pJs$O8=;~E@$G$O8x3+$5$l$F$$$J$$!#$3$N(B 
(BBID $B$O$5$i$J$k>pJs$,8x3+$5$lhttp://www.securityfocus.com/bid/10280
$B$^$H$a(B:
(B
(BJelsoft vBulletin $B$O?7$7$$%U%)!<%i%`$r:n@.$9$k:]$K(B HTML $B%?%0$rA^F~$5$l$k(B
$BLdBj$N1F6A$rZMQ>pJs$@$1$G$J$/B>$N=EMW$J>pJs$b@`$N967b$b2DG=$H$J$k!#(B
(B
(B38. Simple Machines Forum Size Tag HTML Injection Vulnerability
(BBugTraq ID: 10281
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 05 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10281
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BSimple Machines Forum (SMF) $B$O(B HTML $B%?%0$rA^F~$5$l$kLdBj$r(B
$BJz$($F$$$k5?$$$,$"$j!"967bZMQ>pJs$r@`$N967b$b2DG=$G$"$k!#(B
(B
(B39. PHPNuke Modules.php Multiple SQL Injection Vulnerabilities
(BBugTraq ID: 10282
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 05 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10282
$B$^$H$a(B:
(B
(BSQL $B$K4X$9$kJ#?t$NLdBj$,!"(BPHPNuke $B$N(B 'modules.php' $B%b%8%e!<%k$G3NG'$5$l(B
$B$F$$$k!#$3$l$i$NLdBj$K$h$j!"%j%b!<%H$N967bpJs$XK\Mh5v2D$5$l$F$$$J$$$K$b$+$+$o$i$:%"(B
$B%/%;%9$5$l$k2DG=@-$,$"$k!#(B
(B
$B$3$l$i$NLdBj$O(B PHPNuke 7.2 $B0JA0$N%P!<%8%g%s$KB8:_$9$k5?$$$,$"$k$HJs9p$5(B
$B$l$F$$$k!#(B
(B
(B40. PHPX Multiple Cross-Site Scripting Vulnerabilities
(BBugTraq ID: 10283
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 05 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10283
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H(B PHPX $B$OJ#?t$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$N1F6A$rl9g!"0-0U$"$k%3!<%I$,967bBP>]$N%f!<%6$N%V%i%&%6>e$GZMQ>pJs$N@`$N967b$b$G(B
$B$-$k2DG=@-$,$"$k!#(B
(B
(B41. PHPX Multiple Administrator Command Execution Vulnerability
(BBugTraq ID: 10284
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 05 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10284
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BPHPX $B$K$O4IM}l9g!"967bhttp://www.securityfocus.com/bid/10285
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BFreeBSD $B%+!<%M%k$N2>A[%a%b%j%^%C%T%s%0%b%8%e!<%k$O!"%m!<%+(B
$B%k$+$i%5!<%S%9ITG=>uBV$r0z$-5/$3$5$l$kLdBj$rJz$($F$$$k5?$$$,$"$k!#(B
(B
$B%m!<%+%k$N%f!<%6$O$3$NLdBj$r0-MQ$7!"(BFreeBSD $B%+!<%M%k$N2>A[%a%b%j%^%C%T%s(B
$B%0%b%8%e!<%k$K0U?^$7$?NL$N%a%b%jNN0h$r3NJ]$5$;$k$3$H$,2DG=$G$"$k!#$3$l$K(B
$B$h$j@x:_E*$K%7%9%F%`%j%=!<%9$,8O3i$9$k2DG=@-$,$"$k!#0lEY%a%b%j%j%=!<%9$,(B
$B8O3i$7$F$7$^$&$H!"%+!<%M%k%Q%K%C%/$,H/@8$7!";ve!"@55,$N%f!<%6$KBP$9$k(B
$B%5!<%S%9Ds6!$,ITG=$K$J$k!#(B
(B
$BB>$N(B BSD $B%G%#%9%H%j%S%e!<%7%g%s$,$3$NLdBj$N1F6A$r\$G$"$k!#(B
(B
(B43. P4DB Multiple Input Validation Vulnerabilities
(BBugTraq ID: 10286
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 05 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10286
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BP4DB $B$K$OF~NOFbMF$NBEEv@-3NG'$K4X$9$kJ#?t$NLdBj$,B8:_$9$k!#(B
$B$3$l$i$NLdBj$O!"%f!<%6$,M?$($k(B URI $B$r$3$N%=%U%H%&%'%"$,E,@Z$KL5322=$7$J(B
$B$$$3$H$K5/0x$9$k!#(B
(B
$B%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj!"$*$h$S!"%j%b!<%H$+$i$N0U?^$7$?%3%^%s%I(B
$B$rJ}$,Js9p$5$l$F$$$k!#(B
(B
$B%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$K$h$j!"%j%b!<%H$N967bl9g!"0-0U$"$k%3!<%I$O967bBP>]$N%f!<%6$N(B Web $B%V%i%&%6(B
$B>e$GZMQ>pJs$r@`pJs$O=\:Y$,J,$+$jhttp://www.securityfocus.com/bid/10287
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BSGI IRIX $B$O>\:Y$,L@$+$5$l$F$$$J$$(B UDP $B$rMxMQ$7$?%5!<%S%9$,(B
$BITG=$K4Y$kLdBj$rJz$($F$$$k$$$,$"$k!#(B
(B
(BSGI $B$O(B IRIX $B$N$5$^$6$^$J%P!<%8%g%s$N%f!<%6$K(B SGI $B$NFs$D$N%P%0!"(B773203 $B$H(B 
(B897764 $B$r2r7h$9$k$HJs9p$5$l$F$$$k%Q%C%A$rE,MQ$9$k$h$&$K4+9p$r$7$F$$$k!#(B
(B
(B45. Heimdal K5AdminD Remote Heap Buffer Overflow
(BBugTraq ID: 10288
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 05 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10288
$B$^$H$a(B:
(B
(Bk5admind $B%G!<%b%s$K$O!"%j%b!<%H$+$iMxMQ2DG=$J%R!<%W%*!<%P!<%U%m!<$NLdBj(B
$B$,B8:_$9$k$HJs9p$5$l$F$$$k!#$3$NLdBj$O!"F~NO%G!<%?$KBP$9$kBEEv@-3NG'$NIT(B
$BHw$K5/0x$7$F$*$j!"$3$N%G!<%b%s$O(B kerberos 4 $B$N%M%C%H%o!<%/DL?.$K$h$k%Q%1%C(B
$B%H$rAH$_N)$F$k:]$KM?$($i$l$kD9$5$K4X$7$FBEEv@-3NG'$r9T$o$J$$!#(B
(B
$B$3$NLdBj$O!"(BKerberos 4 $B$r%5%]!<%H$7$F$$$k%P!<%8%g%s$N%G!<%b%s$N$_$K1F6A(B
$B$9$k$HJs9p$5$l$F$$$k!#%G!<%b%s$K(B Kerberos 4 $B$H$N8_49@-$,$J$$>l9g!"$3$NLd(B
$BBj$OB8:_$7$J$$!#(B
(B
$B$3$N967b$N7k2L!"1F6A$ruBV$,0z$-5/$3$5$l$k2DG=(B
$B@-$,$"$k!#$^$?!"$3$NLdBj$K$h$j!"1F6A$rhttp://www.securityfocus.com/bid/10289
$B$^$H$a(B:
(B
(Bifconfig %interface% -arp $B$O!";XDj$5$l$?%$%s%?!<%U%'!<%9$G(B ARP $B$NDL?.$r(B
$BL58z$K$9$k$?$a$N%3%^%s%I$G$"$k!#(B
(B
(BSGI IRIX $B$G$O!"(Bifconfig %interface% -arp $B$K$h$j!";XDj$5$l$?%$%s%?!<%U%'!<(B
$B%9>e$N(B ARP $B=hM}$,L58z2=$5$l$J$$!#$3$l$K$h$j%M%C%H%o!<%/4IM}http://www.securityfocus.com/bid/10290
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BExim $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%9%?%C%/%P%C%U%!%*!<%P!<%U(B
$B%m!<$NLdBj$rJz$($F$$$k5?$$$,$"$k!#(B
(B
$B$3$NLdBj$O!"$3$N%=%U%H%&%'%"$K$FAw?.l9g$KB8:_(B
$B$7!"0-0U$"$kEE;R%a!<%k$K$h$C$F0z$-5/$3$5$l$k2DG=@-$,$"$k!#$3$NLdBj$rMxMQ(B
$B$9$k967b$K$h$j!"EE;R%a!<%k$K4^$^$l$k0U?^$7$?%3!<%I$Nhttp://www.securityfocus.com/bid/10291
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BExim $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%9%?%C%/%P%C%U%!%*!<%P!<%U(B
$B%m!<$NLdBj$rJz$($F$$$k5?$$$,$"$k!#(B
(B
$B$3$NLdBj$O!"$3$N%=%U%H%&%'%"$K$F%X%C%@$N9=J83NG'$,M-8z$K$J$C$F$$$k>l9g$K(B
$BB8:_$7!"0-0U$"$kEE;R%a!<%k$K$h$C$F0z$-5/$3$5$l$k2DG=@-$,$"$k!#967b$KMxMQ(B
$B2DG=$G$"$k$+L$8!>Z$G$O$"$k$,!"$3$NLdBj$,967b$KMxMQ2DG=$G$"$k>l9g!"$3$N%=(B
$B%U%H%&%'%"$N8"8B$G0U?^$9$k%3!<%I$Nhttp://www.securityfocus.com/bid/10292
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BASP.NET $B$O!"967bpJs$N3+<($,2DG=$K$J$k$H?d;!$5$l(B
$B$k!"%j%b!<%H$+$i>pJs$r3+<($5$l$kLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"(B
$B0U?^E*$KAH$_N)$F$i$l$?(B Cookie $B$N%X%C%@$,(B HTTP GET $B%j%/%(%9%H$r2p$7$F%5!<(B
$B%P$KAw?.$5$l$?:]$K@8$8$k!#(B
(B
$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"%j%b!<%H$N967bpJs$r3+<(2DG=$K$J$k$H?d;!$5$l$k!#(B
(B
(B50. e107 Website System Multiple Script HTML Injection Vulnerabi...
(BBugTraq ID: 10293
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 06 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10293
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(Be107 website system $B$O!"967bZMQ>p(B
$BJs$N@`http://www.securityfocus.com/bid/10294
$B$^$H$a(B:
(B
(BSurgeLDAP $B$O!"(BMicrosoft Windows $B$*$h$S(B $BMM!9$J(B Unix OS $B$GMxMQ2DG=$J!"(BLDAP 
$B%5!<%P$NZ$r1*2s$5$l$kLdBj$rJz$($F$$$k(B
$B5?$$$,$"$k!#(B
(B
$B4IM}l9g!"967bZMQ%G!<%?$H$7$F(B
$B$3$N%=%U%H%&%'%"$rMxMQ$9$kB>$N%5!<%S%9$KBP$9$k$5$i$J$k967b$,2DG=$K$J$k$H(B
$B?d;!$5$l$k!#(B
(B
(B52. DeleGate SSLway Filter Remote Stack Based Buffer Overflow Vu...
(BBugTraq ID: 10295
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 06 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10295
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BDeleGate $B$N(B SSLway $B%U%#%k%?$K$O%j%b!<%H$+$iMxMQ2DG=$J%P%C(B
$B%U%!%*!<%P!<%U%m!<$NLdBj$,B8:_$9$k!#$3$N%U%#%k%?$O!"$3$N%=%U%H%&%'%"$,0U(B
$B?^$9$k%W%m%H%3%k$K(B SSL $B$rE,MQ$9$k:]$KMxMQ$5$l$k!#(B
(B
$B$3$NLdBj$O!"%f!<%6$,M?$($?>ZL@=q$N%U%#!<%k%IFbMF$r%3%T!<$9$k:]$K9T$o$l$k(B
$B6-3&%A%'%C%/$,IT==J,$G$"$k$3$H$K5/0x$9$k!#(B
(B
$B$3$NLdBj$rMxMQ$9$k967b$K$h$j!"%j%b!<%H$N967b$NJ]B8$5$l$F$$$kCM$r=q$-49(B
$B$($k2DG=@-$,$"$k!#(B
(B
$BJs9p$K$h$k$H!"(BX509_NAME_oneline() $B4X?t$O!"J8;z%3!<%I$N(B16$B?JCM$,(B '0x20' $B$h(B
$B$jDc$$!"$^$?$O(B '0x7e' $B$h$j9b$$J8;z$KBP$7$FJ8;zJQ49$r9T$&!#$3$l$K$h$j!"$3(B
$B$NLdBj$rMxMQ$9$k967b$rK8$2$k2DG=@-$,$"$k!#(B
(B
(B53. KAME Racoon Remote IKE Message Denial Of Service Vulnerabili...
(BBugTraq ID: 10296
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 06 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10296
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BKAME $B$O!"0U?^E*$KAH$_N)$F$i$l$?(B IKE $B%a%C%;!<%8$r=hM}$9$k:](B
$B$K!"%j%b!<%H$+$i%5!<%S%9ITG=>uBV$r0z$-5/$3$5$l$kLdBj$N1F6A$re!"@55,%f!<%6$X$N%5!<%S%9Ds6!$,ITG=$K$J$k!#(B
(B
(B54. SuSE LINUX 9.1 Personal Edition Live CD-ROM SSH Server Defau...
(BBugTraq ID: 10297
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 06 2004
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/10297
$B$^$H$a(B:
(B
$BJs9p$K$h$k$H!"(BSuSE LINUX 9.1 Personal Edition Live CD-ROM $B$KB8:_$9$kLdBj(B
$B$K$h$j!"967be$NITHw$K5/0x$7(B
$B$F!"%G%U%)%k%H$G(B root $B%"%+%&%s%H$rMxMQ$7$F!"%3%s%T%e!<%?>e$N(B SSH $B%5!<%P(B
$B$r@_Dj$9$k!#(B
(B
(B
(BIII. SECURITYFOCUS NEWS ARTICLES
(B--------------------------------
(B1. Prison time for cyber stock swindler
$BCx5=;U$O!"2ACM$N$J$$(B Cisco $B$N%9%H%C%/%*%W%7%g%s$rEj$2Gd$j$9$k$?$a(B
$B$K!">Z7t2qhttp://www.securityfocus.com/news/8564
(B
(B2. Student hacks iTunes for compatibility
$BCxZ5;=Q$K$*$1$kLdBjE@$O!"(BiTunes $B$N%O%C%+!<$N<*$K$O?4CO$h$$$b(B
$B$N$G$"$C$?!#(B
(B
(Bhttp://www.securityfocus.com/news/8561
(B
(B3. Charges filed in 'Deceptive Duo' hacks
$BCx(B "The-Rev" $B$O!";d$?$A$NMx1W$N$?$a$K@/I\%7%9%F%`$r%/(B
$B%i%C%-%s%0$72~$6$s$7$?$3$H$K$h$j!"=E:a$NM-:aH=7h$rhttp://www.securityfocus.com/news/8559
(B
(B4. New version of Sasser undermines lone coder theory
$BCx8e$K!"0-L>9b$$(B Sasser $B%o!<%`(B
$B$N?7%P!<%8%g%s$,=P8=$7$?$3$H$K$h$j!"$3$N%o!<%`$N:n$N%&%#%k%9:nhttp://www.securityfocus.com/news/8568
(B
(B5. German teenager admits creating Sasser
$BCxhttp://www.securityfocus.com/news/8567
(B
(B6. Mystery of MS's missing AV software
$BCxe7W2h$O!"CfESH>C<$J>uBV$K$J$C$F$$$k!#$3$N5pBg4k(B
$B6H$O!"6b3[$OHs8x3+$G$"$k$,!"$[$\L5L>$N%k!<%^%K%"$N%"%s%A%&%#%k%92ql$K;2F~$7$?!#(B
(B
(Bhttp://www.securityfocus.com/news/8566
(B
(B
(BIV. SECURITYFOCUS TOP 6 TOOLS
(B-----------------------------
(B1. Password Spyer 2k 2.4
$B:nhttp://www.maros-tools.com/products/spyer/
$BF0:n4D6-(B: Windows 2000$B!"(BWindows 95/98$B!"(BWindows NT$B!"(BWindows XP
$B$^$H$a(B: 
(B
(BPassword Spyer 2k $B$O(B Windows $BMQ$N%Q%9%o!<%I2sI|%D!<%k$G$9!#(BPassword
(BSpyer 2k $B$O!"$9$Y$F$N%P!<%8%g%s$N(B Windows (2000$B!"(BXP$B$b4^$`(B)$B$G!"%"%9%?%j%9(B
$B%/(B (***) $B$K$h$C$F1#$5$l$?%Q%9%o!<%I$rL@$i$+$K$7$^$9!#(BOutlook$B!"(Bcute ftp$B!"(B
(Bws ftp$B!"(BICQ $B$*$h$S$=$NB>%"%W%j%1!<%7%g%s$H$$$C$?!"$[$H$s$I$N(B Windows $B%"(B
$B%W%j%1!<%7%g%s$G!"<:$o$l$?%Q%9%o!<%I$^$?$OK:$l$F$7$^$C$?%Q%9%o!<%I$r2sI|(B
$B$9$k$?$a$KMxMQ$9$k$3$H$,$G$-$^$9!#$^$?!"J]B8$5$l$?(B Web $B%Q%9%o!<%I$rL@$i(B
$B$+$K$9$k$?$a$KMxMQ$9$k$3$H$b2DG=$G$9!#(BPassword Spyer 2k $B$O!"$h$j8z2LE*$K(B
$B%Q%9%o!<%I8!:w$r9T$&$?$a$K!"%Q%9%o!<%I$rL@$i$+$K$9$k(B2$B$D$N%a%=%C%I$r%5%]!<(B
$B%H$7$F$$$^$9!#(B
(B
(B2. NatACL 1.0
$B:nhttp://www.hostname.org/proxy_auth/
$BF0:n4D6-(B: FreeBSD$B!"(BJava$B!"(BNetBSD$B!"(BOpenBSD
$B$^$H$a(B: 
(B
(BNatACL $B$O(B NAT $B$*$h$SF)2aE*%W%m%-%7$G;HMQ$5$l$kG'>ZMQ%G!<%b%s$G$9!#(B
(B
$B$3$N%=%U%H%&%'%"$G$OG'>Z>pJs$NF~NO$,%V%i%&%6$K$h$C$F9T$o$l$F$*$j!"$"$i$f(B
$B$k(B URL $B$,FbIt%Z!<%8$KE>Aw$5$l%m%0%$%sL>$H%Q%9%o!<%I$,MW5a$5$l$^$9!#(B
(B
$B%m%0%$%sL>$H%Q%9%o!<%I$,@5$7$$>l9g!"$3$N%H%i%U%#%C%/$rE>Aw$9$k$?$a$K(B NAT 
$B%k!<%k$N:n@.!"$^$?$O%W%m%-%7MQ%]!<%H$X$NE>Aw!JF)2a7?%W%m%-%7$N>l9g!K$,9T(B
$B$o$l$^$9!#(B
(B
(B3. PCX Firewall (CGI Web Frontend) 1.3
$B:nhttp://pcxfirewall.sf.net/frontends/index.html
$BF0:n4D6-(B: Linux$B!"(BPOSIX
$B$^$H$a(B: 
(B
(BPCX Firewall $B$O(B IPtables $B$K4p$E$/%U%!%$%"%&%)!<%k%Q%C%1!<%8$G!"%f!<%6$K(B
$B$h$k@_Dj>r7o$K4p$E$-@EE*$J%7%'%k%9%/%j%W%H$r:n@.$9$k$?$a$K(B Perl $B$rMxMQ$7(B
$B$F$$$^$9!#$3$N%=%U%H%&%'%"$K$h$j!"%U%!%$%"%&%)!<%k$N5/F0;~Kh$K@_Dj%U%!%$(B
$B%k$r2rhttp://portswigger.net/proxy/
$BF0:n4D6-(B: OS $B$K0MB8$7$J$$(B
$B$^$H$a(B: 
(B
(BBurp proxy $B$O!"(BWeb $B7PM3$GMxMQ2DG=$J%"%W%j%1!<%7%g%s$r967b$9$k$?$a$NBPOC(B
$BE*(B HTTP/S $B%W%m%-%7%5!<%P$G$9!#$3$N%=%U%H%&%'%"$O!"KvC<$N%V%i%&%6$HBP>]$N(B 
(BWeb $B%5!<%P$K$h$k$d$jZ!"(BNTLM $BG'>Z!"$^$?$O%@%$%8%'%9%HG'(B
$B>Z7A<0$rMQ$$$?G'>Z$r9T$&$3$H$,2DG=$G$9!#(B
(B
(B5. GNUnet v0.6.2a
$B:nhttp://www.ovmj.org/GNUnet/
$BF0:n4D6-(B: FreeBSD$B!"(BLinux$B!"(BNetBSD$B!"(BOpenBSD$B!"(BPOSIX
$B$^$H$a(B: 
(B
(BGNUnet $B$O!"0BA4@-$NDs6!$K>GE@$rEv$F$?(B P2P $B$N%U%l!<%`%o!<%/$G$9!#%M%C%H%o!<(B
$B%/>e$G$NA4$F$N(B link-to-link $B%a%C%;!<%8$OHkF?$5$l$F$*$j!"??@5@-$,>ZL@$5$l(B
$B$F$$$^$9!#$3$N%U%l!<%`%o!<%/$O!"%H%i%s%9%]!<%HCj>]2=AX$rDs6!$7$F$*$j!"8=(B
$B;~E@$G$O(B P2P $B$N%H%i%U%#%C%/$r(B UDP$B!"(BTCP$B!"$"$k$$$O(B SMTP $B%a%C%;!<%8$K%+%W%;(B
$B%k2=2DG=$G$9!#(BGNUnet$B$O!"$h$j$h$$%5!<%S%9$rHw$($?%N!<%I$NDs6!$KBP$7$FHqMQ(B
$BLL$G8e2!$7$7$^$9!#(BGNUnet $B$NCf3K$r@.$9%U%l!<%`%o!<%/$r%Y!<%9$K$7$?$N%U%!%$%k6&M-$G$9!#(B
(B
(B6. FTimes v3.4.0
$B:nhttp://ftimes.sourceforge.net/FTimes/
$BF0:n4D6-(B: AIX$B!"(BFreeBSD$B!"(BLinux$B!"(BMacOS$B!"(BPOSIX$B!"(BSolaris$B!"(BSunOS$B!"(BWindows 2000$B!"(BWindows NT
$B$^$H$a(B: 
(B
(BFTimes $B$O%7%9%F%`$N%Y!<%9%i%$%s$H>Z5r$r<}=8$9$k%D!<%k$G$9!#$3$N%D!<%k$N(B
$BpJs$r<}=8$*$h$S@0M}$9$k$3$H$G$9!#$3$N%D!<%k$O0J2<$N:n6H(B
$B$NBh0lJb$r;Y1g$9$k$?$a$K@_7W$5$l$F$$$^$9!'FbMF$N40A4@-$N4F;k!"%$%s%7%G%s(B
$B%H%l%9%]%s%9!"?/F~J,@O!"%3%s%T%e!<%?%U%)%l%s%8%C%/(B
(B
(B--
$BLu(B: $B@>B<9/MN(B(NISHIMURA Yasuhiro)$B!">.NS9nL&(B(KOBAYASHI Katsumi)$B!"(B
$BA}ED@;;R(B(MASUDA Kiyoko)$B!"A}EDCR0l(B(MASUDA Tomokazu)$B!"(B
$BGOCeFF(B(UMAKI Atsushi)$B!"3QED8<;J(B(KAKUDA Motoshi)$B!"(B
$B>!3$D>?M(B(KATSUMI Naoto)$B!"9b66=SB@O:(B(TAKAHASHI Shuntarou)$B!"(B
$B?e>B9n?M(B(MIZUNUMA Katsuhito)$B!"EDCfM%5#(B(TANAKA Yuuki)
$BAjGO4pK.(B(SOUMA Motokuni)
$B4F=$(B: $B@>B<9/MN(B(NISHIMURA Yasuhiro)
(BLAC Co., Ltd.
(Bhttp://www.lac.co.jp/security/
Attachment: smime.p7s
Description: S/MIME cryptographic signature
Prev by Date: SecurityFocus Newsletter #247 2004-4-26->2004-4-30

Next by Date: SecurityFocus Newsletter #249 2004-5-10->2004-5-14

Previous by thread: SecurityFocus Newsletter #247 2004-4-26->2004-4-30

Next by thread: SecurityFocus Newsletter #249 2004-5-10->2004-5-14

Index(es):

Date

Thread