SecurityFocus.com Newsletter #100 2001-6-28->2001-7-6

To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #100 2001-6-28->2001-7-6
From: KAGEYAMA Tetsuya <t.kageym@lac.co.jp>
Date: Thu, 12 Jul 2001 15:44:57 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$B1F;3(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 100 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

- ---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
<URL: http://www.securityfocus.com/forums/sf-news/faq.html>
BugTraq-JP $B$K4X$9$k(B FAQ:
<URL: http://www.securityfocus.com/forums/bugtraq-jp/faq.html>
- ---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02qe$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) <URL http://www.securityfocus.com/templates/archive.pike?list=79>
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B86HG(B:
Message-ID: <Pine.GSO.4.30.0107091555360.27714-100000@mail>
Date: Mon, 9 Jul 2001 15:57:04 -0600 (MDT)

SecurityFocus.com Newsletter #100
- ---------------------------------

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Linux Authentication Using OpenLDAP, Part Two
     2. Intrusion Detection Systems Terminology, Part One: A-H
II. BUGTRAQ SUMMARY
     1. Xvt Buffer Overflow Vulnerability
     2. Citrix Nfuse Webroot Disclosure Vulnerability
     3. Trend Micro InterScan WebManager HttpSave.dll Buffer Overflow...
     4. Transoft Broker .lnk Directory Traversal Vulnerability
     5. ArGoSoft FTP Server .lnk Directory Traversal Vulnerability
     6. Lotus Domino Server Cross Site Scripting Vulnerability
     7. BisonFTP BDL File Upload Directory Traversal Vulnerability
     8. Xvt -T Buffer Overflow Vulnerability
     9. phpMyAdmin Included File Arbitrary Command Execution...
     10. phpPgAdmin Included File Arbitrary Command Execution...
     11. SquirrelMail Remote Command Execution Vulnerability
     12. IBM WebSphere Cross-Site Scripting Vulnerability
     13. phpSecurePages Included File Arbitrary Command Execution...
     14. Xinetd Zero String Length Buffer Overflow Vulnerability
     15. CaesarFTPD FTP Command Buffer Overflow Vulnerability
     16. Microsoft IIS Device File Local DoS Vulnerability
     17. Cerberus FTP Server 'PASV' Denial of Service Vulnerability
     18. Caucho Technology Resin Cross-Site Scripting Vulnerability
     19. Apache Tomcat Cross-Site Scripting Vulnerability
     20. Allaire JRun Cross-Site Scripting Vulnerability
     21. Lmail Temporary File Race Condition Vulnerability
     22. XDM Session Cookie Guessing Vulnerability
     23. Cobalt Raq3 PopRelayD Arbitrary SMTP Relay Vulnerability
     24. Microsoft Windows 2000 SMTP Improper Authentication...
     25. Lucent RADIUS Remote Buffer Overflow Vulnerability
     26. Network Appliance NetCache Tunnelling Configuration...
     27. Merit RADIUS Buffer Overflow Vulnerability
     28. Lucent RADIUS Format String Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
     1. Mass web banking hack probed
     2. Max Vision begins 18-month term
IV.SECURITY FOCUS TOP 6 TOOLS
     1. Firewall Tester v0.1
     2. VisualSoft SecureDev v1.0
     3. MonMotha's IPTABLES Firewall 2.3.3
     4. Hark!
     5. XMail v0.74
     6. RazorBack 1.0.1

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
- ---------------------------------

II. BUGTRAQ SUMMARY
- -------------------
1. Xvt Buffer Overflow Vulnerability
BugTraq ID: 2955
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2955
$B$^$H$a(B:

xvt $B$O(B X11R6 $B$r2TF0$7$F$$$k%7%9%F%`MQ$NCo$JD9$5$NJ8;zNs$,;XDj$5$l$?>l9g!"%9%?(B
$B%C%/%*!<%P!<%i%s$,H/@8$7!"L54X78$J%G!<%?$,%9%?%C%/JQ?t$r>e=q$-$9$k!#$3(B
$B$N>r7o$O967be$G$O!"(BXvt $B$O(B setuid
root $B$K@_Dj$5$l%$%s%9%H!<%k$5$l$F$$$k!#$3$l$i$N%7%9%F%`>e$G$O!"%m!<%+%k(B
$B$N967bl9g!"1F6A$re$N40A4$J@)8f$rC%$N9b$$8"8B(B ($BNc$($P(B gid utmp) $B$G%$%s%9%H!<%k$5(B
$B$l$F$$$k>l9g$b$"$j$&$k!#$3$l$i$N8"8B$G$O!"99$J$k967b$KMxMQ$5$l$?$j!"B>(B
$B$N7k2L(B (DoS $B$J$I(B) $B$r$b$?$i$7$?$j$9$k2DG=@-$,$"$k!#(B

2. Citrix Nfuse Webroot Disclosure Vulnerability
BugTraq ID: 2956
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2956
$B$^$H$a(B:

Citrix Nfuse $B$O!"%5!<%P>e$N$I$s$J%"%W%j%1!<%7%g%s$N5!G=$r$b(B Web $B%V%i%&(B
$B%6$GDs6!2DG=$K$9$k$3$H0U?^$7$F:n@.$5$l$?%"%W%j%1!<%7%g%s%]!<%?%k%5!<%P(B
$B$G$"$k!#(BNfuse $B$O;vA0$K%$%s%9%H!<%k$5$l$F$$$k(B Web $B%5!<%P$HAH$_9g$o$;$FF0(B
$B:n$9$k!#(B

$B%j%b!<%H$+$i$N967bpJs$r;XDj$9$k$3$H$J$/%j%/%(%9%H$rAw?.$9(B
$B$k$3$H$N$_$G!"(BWeb $B%3%s%F%s%D$N(B / $B%G%#%l%/%H%j$N0LCV$rCN$k$3$H$,2DG=$G$"(B
$B$k$HJs9p$5$l$F$$$k!#(B

$B%5!<%P$O(B template.ica $B%U%!%$%k$X$N%Q%9$r4^$s$@%(%i!<%a%C%;!<%8$rI=<($7!"(B
$B$=$N7k2L!"(BWeb $B%3%s%F%s%D$N(B / $B%G%#%l%/%H%j$N0LCV$r3+<($7$F$7$^$&!#(B

$B$3$l$O3N3. Trend Micro InterScan WebManager HttpSave.dll Buffer Overflow Vulnerability
BugTraq ID: 2959
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2959
$B$^$H$a(B:

Interscan WebManager $B$O!"(BTrend Micro $B$h$jDs6!$5$l$k(B Web $B%"%/%;%94IM}%Q(B
$B%C%1!<%8$G$"$k!#$3$l$O(B HTTP $B%H%i%U%#%C%/Cf$N%&%$%k%9$d0-0U$"$k(B Java $B$d(B
ActiveX $B%"%W%l%C%H$r8!::$7!"$^$?7P1D4IM}l9g!"40A4$K%[%9%H$r@)8f$9$k$3$H$,2DG=$G$"$k!#(B

4. Transoft Broker .lnk Directory Traversal Vulnerability
BugTraq ID: 2960
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2960
$B$^$H$a(B:

Transoft Broker $B$O(B Windows $B%W%i%C%H%U%)!<%`MQ(B FTP $B%5!<%P$G$"$k!#(B

$B$I$s$J%G%#%l%/%H%j$KBP$7$F$b=q$-9~$_8"8B$r;}$D%f!<%6$O!"G$0U$N%G%#%l%/(B
$B%H%j$r;X$7<($9(B .lnk $B%U%!%$%k$N:n@.$*$h$S%"%C%W%m!<%I$,2DG=$G$"$k!#$=$N(B
$B:]!";XDj$7$?%G%#%l%/%H%j$H$=$NCf$K$"$kG$0U$N%U%!%$%k$NFI$_=P$7$*$h$S=q(B
$B$-9~$_$N%"%/%;%9$,2DG=$G$"$k!#(B

$B$3$Ne$K$"$kJ,3d$5$l$?O@M}%I%i%$%V$K$"$k%G(B
$B%#%l%/%H%j$r4^$`!"(BFTP $B%5!<%P$K$h$C$F%"%/%;%92DG=$JG$0U$N%U%!%$%k$d%G%#(B
$B%l%/%H%j$X$N%"%/%;%98"8B$NC%5. ArGoSoft FTP Server .lnk Directory Traversal Vulnerability
BugTraq ID: 2961
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2961
$B$^$H$a(B:

ArGoSoft FTP $B%5!<%P$O(B Windows $B%W%i%C%H%U%)!<%`MQ(B FTP $B%5!<%P$G$"$k!#(B

$B$I$s$J%G%#%l%/%H%j$KBP$7$F$b=q$-9~$_8"8B$r;}$D%f!<%6$O!"G$0U$N%G%#%l%/(B
$B%H%j$r;X$7<($9(B .lnk $B%U%!%$%k$N:n@.$*$h$S%"%C%W%m!<%I$,2DG=$G$"$k!#$=$N(B
$B:]!";XDj$7$?%G%#%l%/%H%j$H$=$NCf$K$"$kG$0U$N%U%!%$%k$NFI$_=P$7$*$h$S=q(B
$B$-9~$_$N%"%/%;%9$,2DG=$G$"$k!#(B

$B$3$Ne$K$"$kJ,3d$5$l$?O@M}%I%i%$%V$K$"$k%G%#%l(B
$B%/%H%j$r4^$`!"(BFTP $B%5!<%P$K$h$C$F%"%/%;%92DG=$JG$0U$N%U%!%$%k$d%G%#%l%/(B
$B%H%j$X$N%"%/%;%98"8B$NC%6. Lotus Domino Server Cross Site Scripting Vulnerability
BugTraq ID: 2962
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2962
$B$^$H$a(B:

Lotus Domino $B$O!"%a%C%;!<%8%s%0%5!<%S%9$HBPOCE*$J(B Web $B%"%W%j%1!<%7%g%s(B
$B$rE}9g$7$?%^%k%A%W%i%C%H%U%)!<%`(B Web $B%5!<%P$G$"$k!#(B

Lotus Domino Server $B$K$"$kl9g!"(BLotus Domino $B$O;XDj$7$?%F%-%9%H$r4^$`%(%i!<%a(B
$B%C%;!<%8$r@8@.$9$k!#$3$N%F%-%9%H$,%/%i%$%"%s%H%5%$%I$GF0:n$9$k%9%/%j%W(B
$B%H$G$"$C$?>l9g!"%/%i%$%"%s%H$N%V%i%&%6$Gl9g(B
$B$G$b(B) $B%(%i!<%a%C%;!<%8$rJV$9!#(B

http://trustedsite.com/<script>

$B$3$Nl9g!"40A4$K%[%9%H$r@)8f$9$k$3$H$,2DG=$G$"$k!#(B

7. BisonFTP BDL File Upload Directory Traversal Vulnerability
BugTraq ID: 2963
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2963
$B$^$H$a(B:

BisonFTP $B$O(B Windows $B%*%Z%l!<%F%#%s%0>e$GF0:n$9$k$h$&$K@_7W$5$l$?>&6H%"(B
$B%W%j%1!<%7%g%s$G$"$k!#(BBisonFTP $B$O(B Windows 9x$B!"(BNT4$B!"(BMe$B!"(B2000 $B%7%9%F%`$K(B
$B%"%I%*%s(B ftp $B%G!<%b%s$rDs6!$9$k!#(B

BisonFTP $B$NLdBj$N$?$a!"%m!<%+%k%f!<%6$O%[!<%`%G%#%l%/%H%j$+$iH4$1=P$7!"(B
$B%f!<%6$N%[!<%`%G%#%l%/%H%j$r3JG<$9$k(B / $B%G%#%l%/%H%j$r3+<($9$k$3$H$,2DG=(B
$B$G$"$k!#(B

$B$3$N%G!<%b%s$O%f!<%6$K(B Microsoft .bdl $B%U%!%$%k$N%"%C%W%m!<%I$r5v2D$9$k!#(B
.bdl $B%U%!%$%k$OJ#?t$N%G%#%l%/%H%j$r0l$D$N%U%!%$%k$K%j%s%/$9$k$?$a$K;HMQ(B
$B$5$l$k3HD%;R$G$"$k!#FCJL$KAH$_N)$F$i$l$?(B .bdl $B%U%!%$%k$r%"%C%W%m!<%I$9(B
$B$k$3$H$K$h$j!"%Q%C%1!<%8$N%f!<%6$O%[!<%`%G%#%l%/%H%j$rH4$1=P$7!"%I%i%$(B
$B%V$N(B / $B%G%#%l%/%H%j$KE~C#2DG=$G$"$k!#(B

ftp $B%3%s%F%s%D$N(B / $B%G%#%l%/%H%j$rH4$1=P$7$?:]!"%m!<%+%k%f!<%6$O%[!<%`%G(B
$B%#%l%/%H%j$+$i7Q>5$5$l$?F1Ey$N8"8B$GA4%U%!%$%k%7%9%F%`$r3+<(2DG=$G$"$k!#(B

8. Xvt -T Buffer Overflow Vulnerability
BugTraq ID: 2964
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2964
$B$^$H$a(B:

xvt $B$O(B X11R6 $B$r2TF0$7$F$$$k%7%9%F%`MQ$NCo$JD9$5$NJ8;zNs$,;XDj$5$l$?>l9g!"IT@5%a%b(B
$B%j%"%/%;%9$,H/@8$7!"%W%m%0%i%`$,%/%i%C%7%e$9$k!#%/%i%C%7%e$9$kItJ,$OIT(B
$BL@$G$"$k$,!"6-3&$,8!::$5$l$F$$$J$$%a%b%j$N%3%T!<$N4V$K%*!<%P!<%i%s$,H/(B
$B@8$7$F$$$k2DG=@-$,$"$k!#(B

$B%W%m%;%9$,%*!<%P!<%i%s$N$?$aGK2u$5$l$?%]%$%s%?$N;2>H2r=|$r;n$_$k:]!"%;(B
$B%0%a%s%F!<%7%g%s%U%)%k%H$,H/@8$9$k!#(B

$B$3$N%*!<%P!<%U%m!<$O%a%b%j$N%R!<%WNN0h$G@8$8$k!#(B

$B$3$N>r7o$O967b2DG=$+$I$&$+ITL@$G$"$k$,!"(BXvt $B$O$7$P$7$P9b$$8"8B$Ge$G$O!"(BXvt $B$O(B setuid root $B$K@_Dj$5$l%$%s%9%H!<%k$5$l$k!#$3$l$i$N%7%9(B
$B%F%`>e$G$O!"%m!<%+%k$N967bl9g!"1F6A$r$N9b$$8"8B(B ($BNc$($P(B gid utmp) $B$G%$%s%9%H!<%k$5(B
$B$l$F$$$k>l9g$b$"$j$&$k!#$3$l$i$N8"8B$G$O!"99$J$k967b$KMxMQ$5$l$?$j!"B>(B
$B$N7k2L(B (DoS $B$J$I(B) $B$r$b$?$i$7$?$j$9$k2DG=@-$,$"$k!#(B

9. phpMyAdmin Included File Arbitrary Command Execution Vulnerability
BugTraq ID: 2966
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2966
$B$^$H$a(B:

phpMyAdmin $B$O!"(BMySQL $B$N4IM}$rZ$N;EAH$_$r2sHr$9$k$3$H$b2DG=$G$"$k!#$3$NG'>Z$O(B phpMyAdmin $B$N%G(B
$B%U%)%k%H%$%s%9%H!<%k$G$OMxMQ2DG=$G$O$J$$!#(B

$B$=$N7k2L!"%j%b!<%H%f!<%6$O(B phpMyAdmin $B%=%U%H%&%'%"$r2TF0$7$F$$$k%[%9%H(B
$B$N%U%!%$%k%7%9%F%`>e$N$I$s$J>l=j$K0LCV$9$k%U%!%$%k$X$N%Q%9$r;XDj$9$k$3(B
$B$H$,2DG=$G$"$k!#967bl9g!"967b10. phpPgAdmin Included File Arbitrary Command Execution Vulnerability
BugTraq ID: 2967
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2967
$B$^$H$a(B:

phpPgAdmin $B$O!"(BPostgreSQL $B$N4IM}$rZ$N;EAH$_$r2sHr$9$k$3$H$b2DG=$G!"%9%/%j%W%H$O%f!<%6$rG'>Z$7$J$/(B
$B$J$k!#$3$l$O(B phpPgAdmin $B$N%G%U%)%k%H%$%s%9%H!<%k$G$OMxMQ2DG=$G$O$J$$!#(B

$B$=$N7k2L!"%j%b!<%H%f!<%6$O(B phpMyAdmin $B%=%U%H%&%'%"$r2TF0$7$F$$$k%[%9%H(B
$B$N%U%!%$%k%7%9%F%`>e$N$I$s$J>l=j$K0LCV$9$k%U%!%$%k$X$N%Q%9$r;XDj$9$k$3(B
$B$H$,2DG=$G$"$k!#967bl9g!"967b11. SquirrelMail Remote Command Execution Vulnerability
BugTraq ID: 2968
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2968
$B$^$H$a(B:

SquirrelMail $B$O!"(BPHP $B$G5-=R$5$l$?%U%j!<$GMxMQ2DG=$J(B Web $B%a!<%k$N%Q%C%1(B
$B!<%8$G$"$k!#(B

SquirrelMail $B$K$O!"$3$N%Q%C%1!<%8$r2TF0$7$F$$$k%[%9%H>e$G!"%j%b!<%H%f!<(B
$B%6$KG$0U$N%3%^%s%I$rZ$N;EAH$_$r%f!<%6$,2sHr$9$k$3$H$r2DG=$H$9$k!#0lEYG'(B
$B>Z$,2sHr$5$l$k$H!"%9%/%j%W%H$KB8:_$7$J$$%f!<%6$N$?$a$N@_Dj%U%!%$%k$r@8(B
$B@.$5$;$k$3$H$,2DG=$G$"$k!#(B

$B$=$N7k2L!"%j%b!<%H%f!<%6$O!"(BSquirrelMail $B$r2TF0$7$F$$$k%[%9%H>e$G!"G$0U(B
$B$N%3%^%s%I$r(B Web $B%5!<%P$N8"8B$G12. IBM WebSphere Cross-Site Scripting Vulnerability
BugTraq ID: 2969
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2969
$B$^$H$a(B:

IBM WebSphere $B$O0lO"$N>&MQ(B Web $B%5!<%P$H!"4XO"$9$k@=IJ$G$"$k!#(B

IBM WebSphere $B$O!"%5!<%P$N(B Web $B%5%$%H>e$KI=<($5$l$k%f!<%6$,F~NO$7$?%j%s(B
$B%/$+$iKd$a9~$^$l$F$$$k%9%/%j%W%H$r%U%#%k%?$7$J$$!#$3$NLdBj$O!"(BJavaServlet
Container $BCf$NF~NO$NBEEv@-8!::$N%(%i!<$K4X78$,$"$k!#(B

$B0-0U$"$k(B Web $B4IM}e$K%f!<%6$,M?$((B
$B$?>pJs$rI=<(2DG=$J%U%)!<%i%`!"%2%9%H%V%C%/$J$I$N%"%W%j%1!<%7%g%s$GMxMQ(B
$B2DG=$G$"$k!#(B

$B0-0U$"$k%O%$%Q!<%j%s%/$,%/%j%C%/$5$l$?:]!"(BWeb $B%5!<%P$NI8=`E*$J%(%i!<%a(B
$B%C%;!<%8$rI=<($9$k$,!"$^$?%I%a%$%s$HF1$8%V%i%&%6$G!"G$0U$N%W%m%0%i%`$r(B
$BpJs$r(B Web $B$KI=<($G$5$l$ke$N(B Web $B%5%$%H$r3NG'$7$J$1$l$P$J$i$J$$!#(B

13. phpSecurePages Included File Arbitrary Command Execution Vulnerability
BugTraq ID: 2970
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2970
$B$^$H$a(B:

phpSecurePages $B$O!"%m%0%$%sL>$H%Q%9%o!<%I$G%Z!<%8$r%;%-%e%"$K$9$k$?$a$N(B
PHP $B%b%8%e!<%k$G$"$k!#(B

$BF~NO$NBEEv@-8!::$K%j%b!<%H%f!<%6$,(B phpSecurePages $B$K$h$j;HMQ$5$l$k(B 
interface.php $B%9%/%j%W%H$rG$0U$N>l=j$+$i%m!<%I$9$k$3$H$,2DG=$G$"$k$H$$(B
$B$&LdBj$,B8:_$9$k!#(B

$BLdBj$O(B checklogin.php $B%9%/%j%W%H$K$h$j%m!<%I$5$l$k%U%!%$%k$NA0$NJQ?t$O(B interface.php $B$N@_Dj%G!<%?(B
$B%U%!%$%k$N%Q%9$rDj5A$9$k$?$a$K;HMQ$5$l!"%U%!%$%k$r%m!<%I$9$k$?$a$K;HMQ(B
$B$5$l$k(B include() $B%9%F!<%H%a%s%H$KD>@\EO$5$l$k!#(BPHP $B%$%s%?%W%j%?$O%/%(%j(B
$BCf$NMMAjL>$HF1$8JQ?t$r@8@.$7L>IU$1$k$?$a!"(BcfgProgPath $BJQ?t$KG$0U$NCM$r(B
$B3d$jEv$F$k$3$H$,2DG=$G$"$k!#(B

PHP $B$O%G%U%)%k%H$G!"(Binclude() $B%9%F!<%H%a%s%H$N;HMQ$r%j%b!<%H$K$"$k%U%!(B
$B%$%k$Ne$G!"%U%!%$%kCf$K$"$kG$0U$N%W%m%0%i%`$r(B checklogin.php 
$B%9%/%j%W%H$K$h$j(B Web $B%5!<%P$N8"8B$G14. Xinetd Zero String Length Buffer Overflow Vulnerability
BugTraq ID: 2971
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2971
$B$^$H$a(B:

xinetd $B%G!<%b%s$K!"%P%C%U%!%*!<%P!<%U%m!<>r7o$N2DG=@-$,B8:_$9$k!#(B

$BLdBj$O!"(Bxinetd $B$K$h$j;HMQ$5$l$k$$$/$D$+$NFbIt4X?tCf$NJ8;zNs%G!<%?$NITE,(B
$B@Z$Jl9g!"%9%?%C%/$NGK2u$K7R$,$k2DG=@-$,$"$k!#96(B
$B7be(B
$B=q$-$9$k$3$H$K$h$j!"G$0U$N%W%m%0%i%`$rl9g!"967be$G$N(B root $B8"8B$rC%15. CaesarFTPD FTP Command Buffer Overflow Vulnerability
BugTraq ID: 2972
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-04
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2972
$B$^$H$a(B:

CasesarFTP $B$O(B ACLogic $B$+$iDs6!$5$l$k(B Windows $BMQ(B FTP $B%5!<%P$G$"$k!#(B

$B$$$/$D$+$N(B FTP $B%3%^%s%I$N0z?t$KD9$$J8;zNs$r;XDj$7Aw?.$9$k$3$H$K$h$j!"96(B
$B7b$N%3%^%s%I$bF1(B
$BMM$Ke$^$G%*!<%P!<%U%m!<$7!"8F$S=P$5$l$?4X(B
$B?t$N%j%?!<%s%"%I%l%9$r%W%m%0%i%`$Ne=q$-2DG=$G$"$k!#(B

$BE,@Z$KMxMQ$7$?>l9g!"$3$l$O!"967b16. Microsoft IIS Device File Local DoS Vulnerability
BugTraq ID: 2973
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-07-04
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2973
$B$^$H$a(B:

Microsoft IIS $B$O%m!<%+%k%f!<%6$K$h$j(B DoS $B967b$r$G%U%!%$%k$NF~=PNO$r9T$&$3$H$r;n$_(B
$B$k(B .asp$B%U%!%$%k$r@8@.$7$?>l9g!"$3$NLdBj$OMxMQ2DG=$G$"$k!#(B

$B%9%/%j%W%H$,(B DOS $BM3Mh$N%G%P%$%9$r3+$/!"$"$k$$$O!"FI$_=P$9$?$a$K(B 
Scripting.FileSystemObject $B%a%=%C%I$r;HMQ$9$k:]!"(BASP $B%$%s%?%W%j%?$ODd;_(B
$B$9$k!#$3$N$?$a!"(BDoS $B>uBV$K4Y$k!#(B

$B%m!<%+%k$N967br7o$r0z$-5/$3$9(B .asp $B%U%!%$%k$r@8@.$9$k$3$H$,$G(B
$B$-$k>l9g!"$3$NLdBj$rMxMQ2DG=$G$"$k!#Nc$($P!"(BWeb $B%[%9%F%#%s%0%5!<%S%9>e(B
$B$N%f!<%6$O$3$N$N(B
Web $B%5%$%H(B DoS $B$K4Y$l$k$?$a$K;HMQ$9$k2DG=@-$,$"$k!#(B

$B$3$NA0$r;XDj$7$F%U%!%$%k$r3+$/$?$a$K;HMQ$7$F$$$k>l9g!"%j(B
$B%b!<%H$+$i$N967b$+$i3+$/$"$k$$$OFI$_=P$5$;$i$l$k>l9g!"(BDoS $B>uBV$r(B
$B0z$-5/$3$9$3$H$,2DG=$G$"$k!#(B

$B$3$No5!G=$NI|5l$K$O:F5/F0$,I,MW$G$"$k!#(B

17. Cerberus FTP Server 'PASV' Denial of Service Vulnerability
BugTraq ID: 2976
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-04
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2976
$B$^$H$a(B:

Cerberus FTP Server $B$O!"(BMicrosoft Windows $B%7%9%F%`MQ$N%U%j!<$G%^%k%A%9(B
$B%l%C%IBP1~$N%U%!%$%kE>Aw%f!<%F%#%j%F%#$G$"$k!#(B

Cerberus FTP Server $B$K$O967b2DG=$J(B DoS $B$Nl9g!"DL>o:rF|$NI|5l$K$O:F5/F0(B
$B$,I,MW$G$"$k!#(B

$B$3$NZ$bI,MW$H$7$J$$!#%j%b!<%H%f!<(B
$B%6$O%?!<%2%C%H%[%9%H>e$G(B DoS $B$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#(B

18. Caucho Technology Resin Cross-Site Scripting Vulnerability
BugTraq ID: 2981
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2981
$B$^$H$a(B:

Resin $B$O!"40A4$K(B JSP $B$r%5%]!<%H$7$?>&MQ$N!V9bB.$J!W(B Web $B%5!<%P$G$"$k!#(B

Resin $B$O!"%5!<%P$N(B Web $B%5%$%H>e$KI=<($5$l$?%f!<%6$,;XDj$7$?%j%s%/$KKd$a(B
$B9~$^$l$F$$$k%9%/%j%W%H$r%U%#%k%?$7$J$$!#$3$NLdBj$O(B JavaServlet Container 
$B$NF~NO$NBEEv@-8!::$N%(%i!<$K4X78$,$"$k!#(B

$B0-0U$"$k(B Web $B4IM}e$K%f!<%6$,M?$((B
$B$?>pJs$rI=<(2DG=$J%U%)!<%i%`!"%2%9%H%V%C%/$J$I$N%"%W%j%1!<%7%g%s$GMxMQ(B
$B2DG=$G$"$k!#(B

$B0-0U$"$k%O%$%Q!<%j%s%/$,%/%j%C%/$5$l$?:]!"(BWeb $B%5!<%P$NI8=`E*$J%(%i!<%a(B
$B%C%;!<%8$rI=<($9$k$,!"$^$?%I%a%$%s$HF1$8%V%i%&%6$G!"G$0U$N%W%m%0%i%`$r(B
$B19. Apache Tomcat Cross-Site Scripting Vulnerability
BugTraq ID: 2982
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2982
$B$^$H$a(B:

Apache Tomcat $B$O(B Apache Web $B%5!<%P$HAH$_9g$o$;$F!"$"$k$$$O(B Java $B%5!<%V(B
$B%l%C%H$H(B Java $B%Z!<%8$r;HMQ$9$k%9%?%s%I%"%m%s%5!<%P$H$7$F;HMQ$9$k$3$H$,(B
$B2DG=$G$"$k!#(BTomcat $B$O(BWeb $B%5!<%P$KAH$_9~$^$l$F=P2Y$5$l$F$$$k!#(B

Apache Tomcat $B$O%5!<%P$N(B Web $B%5%$%H>e$KI=<($5$l$?%f!<%6$,;XDj$7$?%j%s%/(B
$B$KKd$a9~$^$l$F$$$k%9%/%j%W%H$r%U%#%k%?$7$J$$!#$3$NLdBj$O(B JavaServlet 
Container $B$NF~NO$NBEEv@-8!::$N%(%i!<$K4X78$,$"$k!#(B

$B0-0U$"$k(B Web $B4IM}l9g!"%[%9%H$r40A4$K@)8f$9$k$3$H$,2DG=$G$"$k!#(B

20. Allaire JRun Cross-Site Scripting Vulnerability
BugTraq ID: 2983
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-02
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2983
$B$^$H$a(B:

Allaire JRun $B$O(B JSP $B$H(B Java $B%5!<%V%l%C%H$G$N(B Web $B%"%W%j%1!<%7%g%s3+H/%Q(B
$B%C%1!<%8$G$"$k!#(B

Allaire JRun $B$O%5%$%H>e$KI=<($5$l$?%f!<%6$,;XDj$7$?%j%s%/$KKd$a9~$^$l$F(B
$B$$$k%9%/%j%W%H$r%U%#%k%?$7$J$$!#$3$NLdBj$O(B JavaServlet Container $B$NF~NO(B
$B$NBEEv@-8!::$N%(%i!<$K4X78$,$"$k!#(B

$B0-0U$"$k(B Web $B4IM}l9g!"MxMQ$5$l$k2DG=@-$,(B
$B$"$k!#(B

$B0-0U$"$k%O%$%Q!<%j%s%/$,%/%j%C%/$5$l$?:]!";XDj$5$l$?!"$"$k$$$OKd$a9~$^(B
$B$l$?%9%/%j%W%H$r4^$s$@%(%i!<%a%C%;!<%8$r@8@.$9$k!#$3$N;XDj$5$l$?!"$"$k(B
$B$$$OKd$a9~$^$l$?%9%/%j%W%H$O%/%i%$%"%s%H$N%V%i%&%6$G21. Lmail Temporary File Race Condition Vulnerability
BugTraq ID: 2984
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-07-05
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2984
$B$^$H$a(B:

Jon Zeeff $B$N(B lmail $B$O!"%a!<%k$+$i%Q%$%W$X!"%a!<%k$+$i%U%!%$%k$X$N%(%$%j(B
$B%"%7%s%0$rDs6!$9$k$?$a$K@_7W$5$l$?%m!<%+%k%a!<%kG[Aw%(!<%8%'%s%H(B (LDA) 
$B$G$"$k!#(B

$B6%9g>r7o(B (race condition) $B$N$r:n@.(B
$B$7!"DL>o$O$$$+$J$k8"8B$G$b=q$-9~$_2DG=$J(B /tmp $B%G%#%l%/%H%jCf$K%U%!%$%k(B
$B$r@8@.$9$k$?$a$K;HMQ$9$k!#%U%!%$%k$,$9$G$KB8:_$7$F$$$k$+$N3NG'$r9T$o$J(B
$B$$$?$a!"(Blmail $B$O%7%s%\%j%C%/%j%s%/967b$r@\0l;~%U%!%$%k$K=q$-9~$`!#(B

lmail $B$ODL>o(B setuid root $B$K@_Dj$5$l$F%$%s%9%H!<%k$5$l$F$$$k$?$a!"%m!<%+(B
$B%k%f!<%6$O%7%9%F%`>e$NG$0U$N%U%!%$%k$rG$0U$N%G!<%?$G>e=q$-$9$k$3$H$,2D(B
$BG=$G$"$k!#(B

22. XDM Session Cookie Guessing Vulnerability
BugTraq ID: 2985
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-04
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2985
$B$^$H$a(B:

xdm $B$O(B XFree86 $B%Q%C%1!<%8$N(B 1 $B%3%s%]!<%M%s%H$G(B X Display Manager $B$NN,$G(B
$B$"$k!#(Bxdm $B$O%m!<%+%k$H%j%b!<%H$N(B X $B$NI=<((B $B%;%C%7%g%s$r4IM}$9$k!#(B

xdm $B$K$O!"%j%b!<%H%f!<%6$,B>$N%f!<%6$N%;%C%7%g%s$K%"%/%;%9=PMh$F$7$^$&(B
$BLdBj$,B8:_$9$k!#$3$l$O!"%j%b!<%H%f!<%6$,!"@x:_E*$K$O(B root $B$r4^$`G$0U$N(B
$B%f!<%6$N8"8B$G%m!<%+%k%7%9%F%`$X$N%"%/%;%98"$rC%23. Cobalt Raq3 PopRelayD Arbitrary SMTP Relay Vulnerability
BugTraq ID: 2986
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-04
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2986
$B$^$H$a(B:

poprelayd $B$O!"%/%i%$%"%s%H$N%m%0%$%s>pJs$K4p$E$-@5Ev$J(B POP $B%m%0%$%s$+(B
/var/log/maillog $B$r2r@O$7!"(BPOP3 $B%5!<%S%9$K%m%0%$%s$7$F$$$k%f!<%6$K!"%"(B
$B%/%;%9$7$F$$$k%7%9%F%`$N(B IP $B%"%I%l%9$+$iEE;R%a!<%k$rAw?.$9$k$?$a$3$H$r(B
$B2DG=$H$9$k%9%/%j%W%H$G$"$k!#(B

poprelayd $B%9%/%j%W%H$K$"$kLdBj$N$?$a!"%f!<%6$O(B SMTP $B$N%j%l!<$rMxMQ$G$-!"(B
$B$D$^$j!"%9%Q%`$NAw?.$,2DG=$G$"$k!#(B

$BLdBj$N860x$O!"(Bpoprelayd $B%9%/%j%W%H$,(B SMTP $B$N%j%l!<$r5v2D$5$l$?%f!<%6$N(B
$B<1JL$9$kJ}K!$N$?$a$G$"$k!#%9%/%j%W%H$O(B /var/log/maillog $B%U%!%$%k$r24. Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
BugTraq ID: 2988
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-05
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2988
$B$^$H$a(B:

SMTP (Simple Mail Transfer Protocol) $B%5!<%P$O!"(BSMTP $B%W%m%H%3%k$K$h$k%a(B
$B!<%k$NE>Aw$rZ%W%m%;%9$K$"$kZ$K@.8y$7!"(BSMTP $B%5!<%S%9$r;HMQ$9$k$3$H$,2DG=$G$"$k!#(B


$B$3$N?6$kIq$$$O!"G'>Z%W%m%;%9Cf$KIT@5$J>ZL@=q$,%5!<%S%9$KAw?.$5$l$?>l9g(B
$B@8$8$k!#@53N$J5;=Q$N>\:Y$O8=;~E@$G$OL$>\$G$"$k$,!"7k2L$H$7$F!"@5Ev$J>Z(B
$BL@=q$r;}$?$J$$%f!<%6$,G'>Z$K@.8y$7$F$7$^$&!#(B

$B$3$Ne$N5;=QE*$J>\:Y$ODs6!$5$l$F$$$J$$!#>pJs$,Ds6!$5$lpJs$,H/9T$5$l$k!#(B

25. Lucent RADIUS Remote Buffer Overflow Vulnerability
BugTraq ID: 2989
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-05
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2989
$B$^$H$a(B:

Lucent RADIUS $B$NZ%=%U%H%&(B
$B%'%"%Q%C%1!<%8$G$"$k!#8=:_%Q%C%1!<%8$O(B Lucent $B$K$h$C$F$O0];}$5$l$F$*$i(B
$B$:!"%Q%V%j%C%/%I%a%$%s$H$J$C$F$$$k!#(B

$B$3$N%=%U%H%&%'%"%Q%C%1!<%8$K$O%j%b!<%H$+$i$N%f!<%6$,G$0U$N%W%m%0%i%`$N(B
$Bl9g!"%j%b!<%H$+$i$N%f(B
$B!<%6$O%7%9%F%`$X$N%m!<%+%k%"%/%;%9$rC%e$NJQ?t$r>e=q$-2DG=$G$"$k!#(B

Lucent RADIUS $B$N%=!<%9%3!<%I$K$O!">/$J$/$H$b(B 11 $B$N0[$J$k%P%C%U%!%*!<%P(B
$B!<%U%m!<$,H/8+$5$l$F$$$k!#(Blog.c$B!"(Bmenu.c$B!"(Bversion.c$B!"(Bradiusd.c$B!"(Busers.c
$B$NB??t$N%k!<%A%s$,K\e=q$-$9$k(B
$B$?$a$K%P%C%U%!$N%5%$%:$h$jD9$$J8;zNs$r@8@.$7!"%*!<%P!<%i%s$,H/@8$9$k!#(B

$B$3$N%W%m%0%i%`$K4^$^$l$k0lHLE*$K$*$-$kJL$NLdBj$K(B strcpy() $B$N;HMQ$,$"$k!#(B
$B$3$l$O6-3&$N%A%'%C%/$J$7$GJ8;zNs$rJL$NJ8;zNs$K%3%T!<$9$k!#$3$N4X?t$O%P(B
$B%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$7!"%W%m%0%i%`$N26. Network Appliance NetCache Tunnelling Configuration Vulnerability
BugTraq ID: 2990
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-05
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2990
$B$^$H$a(B:

NetCache $B$O!"8zN($N$h$$%3%s%F%s%DG[?.$Ne$NG$0U$N%]!<%H$K$3$N(B
$B%"%W%i%$%"%s%9$rMxMQ$7!"DL$jH4$1$k$3$H$,2DG=$G$"$k!#(B

27. Merit RADIUS Buffer Overflow Vulnerability
BugTraq ID: 2991
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-05
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2991
$B$^$H$a(B:

Merit RADIUS $B$NZ%=%U%H%&%'(B
$B%"%Q%C%1!<%8$G$"$k!#(B

$B$3$N%=%U%H%&%'%"%Q%C%1!<%8$K$O%j%b!<%H$+$i$N%f!<%6$,G$0U$N%W%m%0%i%`$N(B
$Bl9g!"%j%b!<%H$+$i$N%f(B
$B!<%6$O%7%9%F%`$X$N%m!<%+%k%"%/%;%9$rC%e$NJQ?t$r>e=q$-2DG=$G$"$k!#(B

authenticate.c $B$H(B funcs.c $B$K4^$^$l$kK\28. Lucent RADIUS Format String Vulnerability
BugTraq ID: 2994
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-07-06
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2994
$B$^$H$a(B:

Lucent RADIUS $B$NZ%=%U%H%&(B
$B%'%"%Q%C%1!<%8$G$"$k!#8=:_%Q%C%1!<%8$O(B Lucent $B$K$h$C$F$O0];}$5$l$F$*$i(B
$B$:!"%Q%V%j%C%/%I%a%$%s$H$J$C$F$$$k!#(B

$B$3$N%=%U%H%&%'%"%Q%C%1!<%8$K$O%j%b!<%H$+$i$N%f!<%6$,G$0U$N%W%m%0%i%`$N(B
$Bl9g!"%j%b!<%H$+$i$N%f(B
$B!<%6$O%7%9%F%`$X$N%m!<%+%k%"%/%;%9$rC%l=j$K=q$-9~$`$?$a$K;H$o$l$kFCDj$N=q<0;XDj(B
$B;R$r4X?t$N8F$S=P$7$N:];HMQ$7$F$$$k!#$3$l$i$N4X?t$Ne$N=EMW$JCM$r0-0U$"$kBeBXJ*$G>e=q$-(B
$B$9$k$?$a$KMxMQ$9$k$3$H$,2DG=$G!"%7%'%k%3!<%I$N1. Mass web banking hack probed
$BCxpJs$K$h$k$H!"(BFBI $B$O2?I4$b$NJF6bM;5!4X$N8\5R>p(B
$BJs$,N.=P$7$?$H$$$&!"(B6 $B7n$N(B Web $B%P%s%-%s%02q$5$l$?(B S1 Corporation's Community and 
Regional eFinance Solutions Group $B$O!"%/%i%C%+!<$K%"%H%i%s%?$KK\5rCO$r(B
$BCV$/%G!<%?%;%s%?!<$NFbIt%M%C%H%o!<%/$X$N%"%/%;%9$r5v$7$F$7$^$C$?!#$=$3(B
$B$G$O!"9qCf$NLs(B 300 $B$N>.6d9T$HO"K.%/%l%8%C%HO"9g$N(B Web $B%P%s%-%s%0$N%K!<(B
$B%:$rhttp://www.securityfocus.com/templates/article.html?id=222

2. Max Vision begins 18-month term
$BCxpJs6Z$K$h$k$H!"%3%s%T%e!<%?%;%-%e%j%F%#%3%s%5%k%?%s%H$G!"<+Gr$7$?%5%$(B
$B%P!e$2$?!#(B

$BM'?M$dCg4V$K$O(B Max Vision $B$H$7$FCN$i$l$k(B Butler $B$O!":rG/(B 9 $B7n$K(B 1998 $BG/(B
$B$N?tF|$KEO$C$F73$HKI1R4X78$N@AIi6Hhttp://www.securityfocus.com/templates/article.html?id=221


IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------
1. Firewall Tester v0.1
$B:nhttp://www.securityfocus.com/tools/2102
$B%W%i%C%H%U%)!<%`(B: Perl (Perl $B$,;HMQ2DG=$J%7%9%F%`(B)
$B$^$H$a(B:

Firewall Tester $B$O!"0u$r$D$1$?%Q%1%C%H$rAw?.$9$k%/%i%$%"%s%H$H!"0u$r$D(B
$B$1$?%Q%1%C%H$rBT$Ae$G(B
$Bl9g!"@8@.$5$l$?$=$l$>$l$N%m%0$N0c$$$+$i!"%U%#%k%?%j%s%0(B
$B$N5,B'$N$?$a$K%G!<%b%s$KE~C#$G$-$J$+$C$?%Q%1%C%H$rD4$Y$k$3$H$,$G$-$^$9!#(B

2. VisualSoft SecureDev v1.0
$B:nhttp://www.securityfocus.com/tools/2101
$B%W%i%C%H%U%)!<%`(B: Windows 2000$B!"(BWindows 3.x$B!"(BWindows 95/98$B!"(BWindows NT
$B$^$H$a(B:
VisualSoft SecureDev $B$O0E9f$H!"%;%-%e%"$JDL?.$r$9$k$?$a$N%3%s%]!<%M%s%H(B
$B$+$i$J$kJq3gE*$J%Q%C%1!<%8$G$9!#(B

$B$3$N%Q%C%1!<%8$K4^$^$l$k%3%s%]!<%M%s%H$O(B VisualSoft Crypt$B!"(BVisualSoft
CryptPlus$B!"(BVisualSoft Mail$B!"(BVisualSoft HTTP$B!"(BVisualSoft XMLSecure$B!"(B
VisualSoft FSecure $B$G$9!#(B

VisualSoft SecureDev $B%Q%C%1!<%8$OEE;R>&3. MonMotha's IPTABLES Firewall 2.3.3
$B:nhttp://www.securityfocus.com/tools/1945
$B%W%i%C%H%U%)!<%`(B: Linux$B!"(BSolaris$B!"(BUNIX
$B$^$H$a(B:

MonMotha's IPTables firewall $B$O(B iptables $B$r;HMQ$7$?(B IP $B%^%9%+%l!<%I$H4p(B
$BK\E*$J%;%-%e%j%F%#$r4. Hark!
$B:nhttp://www.securityfocus.com/tools/2040
$B%W%i%C%H%U%)!<%`(B: Solaris$B!"(BUNIX$B!"(BWindows 2000$B!"(BWindows 95/98$B!"(BWindows NT
$B$^$H$a(B:

Hark! $B$O@$3&$G$O$8$a$F$N<+F0%$%s%F%j%8%'%s%H%"%/%;%9%3%s%H%m!<%k%=%j%e(B
$B!<%7%g%s$G$9!#(BCamelot $B$,Ds6!$9$k(B Network Intelligence $B5;=Q$K$h$j!"(BHark!
$B%M%C%H%o!<%/%$%Y%s%H$r2r@O$7!"AH?%$N5!G=9=B$$r?dO@$7!"%f!<%6$HB??t$N%M(B
$B%C%H%o!<%/;q8;$H$N4V$N4X78$rCj=P$7!"%^%C%T%s%0$9$k$?$a$K:G@hC<$NH/8+%"(B
$B%k%4%j%:%`$r;HMQ$7$^$9!#(B

5. XMail v0.74
$B:nhttp://www.securityfocus.com/tools/2099
$B%W%i%C%H%U%)!<%`(B: FreeBSD$B!"(BLinux$B!"(BSolaris$B!"(BWindows 2000$B!"(BWindows NT
$B$^$H$a(B:

XMail $B$O%$%s%?!<%M%C%H$d%$%s%H%i%M%C%H$N%a!<%k%5!<%P$G0J2<$N$h$&$J5!G=(B
$B$,$"$j$^$9!#(BSMTP $B%5!<%P!"(BPOP3 $B%5!<%P!"(Bfinger $B%5!<%P!"%^%k%A%W%k%I%a%$%s(B
$BBP1~!"%7%9%F%`>e$K%"%+%&%s%H$r:n@.$9$kI,MW$J$7!"(BSMTP $B%j%l!<%A%'%C%/!"(B
RBL/RSS/ORBS/DUL $B$d(B IP $B$d%"%I%l%9$G%+%9%?%^%$%:2DG=$J%9%Q%`$NKI8f!"(BSMTP
Authentication(PLAIN LOGIN CRAM-MD5 POP3-before-SMTP $BFH<+@_Dj2DG=(B)$B!"30(B
$BIt(B POP 3 $B%"%+%&%s%H$K$h$k(B POP3 $B%"%+%&%s%H%7%s%/%m%J%$%6!"%+%9%?%`%a!<%k(B
$B=hM}!"%@%$%l%/%H%a!<%k%U%!%$%kG[Aw!"%+%9%?%`%a!<%k%U%#%k%?!"%a!<%j%s%0(B
$B%j%9%H!"%j%b!<%H4IM}!"%+%9%?%`%a!<%k%(%/%9%A%'%s%8%c!"%m%0:N6. RazorBack 1.0.1
$B:nhttp://www.intersectalliance.com/contact.html>
$B4XO"$9$k(B URL:
http://www.securityfocus.com/tools/1955
$B%W%i%C%H%U%)!<%`(B: UNIX$B!"(BWindows NT
$B$^$H$a(B:

RazorBack $B$O%m%02r@O%W%m%0%i%`$G$"$j!"%*!<%W%s%=!<%9$N?/F~8!CN%7%9%F%`(B
$B$G$"$k(B Snort $B$N%$%s%?!<%U%'%$%9$H$7$F!"%M%C%H%o!<%/>e$K?/F~$NC{8u$,8=$l(B
$B$?:]$K!"%j%"%k%?%$%`$N;k3PE*$JDLCN5!G=$rDs6!$7$^$9!#(BRazorBack $B$O(B UNIX
$B%7%9%F%`>e$N(B GNOME $B%U%l!<%`%o!<%/$H$7$Fhttp://www.lac.co.jp/security/
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Edition 5.5.5J
Comment: KAGEYAMA Tetsuya

iQA/AwUBO0zIr832EXDdoEFfEQLKdgCgkpZumxNw7Cf2/8yFAHxLMo3qA/YAniPW
Rf3bFZIZTL8haQENWKpgn7gR
=gbHn
-----END PGP SIGNATURE-----