Return-Path: bugtraq-jp-return-47-kjm=ideon.st.ryukoku.ac.jp@securityfocus.com Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Unsubscribe: List-Subscribe: Delivered-To: mailing list bugtraq-jp@securityfocus.com Delivered-To: moderator for bugtraq-jp@securityfocus.com Received: (qmail 14446 invoked from network); 21 Aug 2001 05:44:29 -0000 To: bugtraq-jp@securityfocus.com Subject: SecurityFocus.com Newsletter #106 2001-8-10->2001-8-15 From: SAKAI Yoriyuki Message-Id: <200108210144.EBJ73887.BJBTL@lac.co.jp> X-Mailer: Winbiff [Version 2.33PL2] X-Accept-Language: ja,en Date: Tue, 21 Aug 2001 01:44:27 -0400 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 $B:d0f(B@$B%i%C%/$G$9!#(B SecurityFocus.com Newsletter $BBh(B 106 $B9f$NOBLu$r$*FO$1$7$^$9!#(B $BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B - --------------------------------------------------------------------------- SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ: BugTraq-JP $B$K4X$9$k(B FAQ: - --------------------------------------------------------------------------- $B0zMQ$K4X$9$kHw9M(B: $B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02qe$G9T$o(B $B$l$F$$$^$9!#(B $B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B $BA4J80zMQ$r$*4j$$$7$^$9!#(B $B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B $B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B 1) - --------------------------------------------------------------------------- - --------------------------------------------------------------------------- $B$3$NOBLu$K4X$9$kHw9M(B: $B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B - --------------------------------------------------------------------------- - --------------------------------------------------------------------------- $B86HG(B: Message-ID: Date: Mon, 20 Aug 2001 08:19:50 -0600 (MDT) SecurityFocus.com Newsletter #106 - -------------------------------- I. FRONT AND CENTER($BF|K\8lLu$J$7(B) 1. The Year of the Worm 2. Hacker Tools and their Signatures, Part Three: Rootkits 3. Laptop Security, Part Two: Preventing Information Loss 4. NT/2K Incident Response Tools II. BUGTRAQ SUMMARY 1. OpenView xlock Heap Overflow Vulnerability 2. WEBsweeper Script Filtering Bypass Vulnerability 3. Bsweeper Unicode Script Filtering Bypass Vulnerability 4. TrollFTPD Buffer Overflow Vulnerability 5. SIX-webboard 2.01 File Retrieval Vulnerability 6. Apache Mod ReWrite Rules Bypassing Image Linking Vulnerability 7. Window Maker Window Title Buffer Overflow Vulnerability 8. NetCode NC Book Book.CGI Arbitrary Command Execution Vulnerability 9. Webridge PX Application Suite Internal Server Error Message... III. SECURITYFOCUS.COM NEWS ARTICLES 1. SDMI code-breaker speaks 2. Full Disclosure is a necessary evil 3. Microsoft releases patch-scanner 4. Video crypto standard cracked? 5. Code Red's Cisco Side Effect 6. Code Red: it can happen here IV.SECURITY FOCUS TOP 6 TOOLS 1. KRSA 0.1.4 v0.14 2. EtherApe v0.8.2 3. Rafale Packet Builder v1.8 4. Stunnel v3.19 5. Nmap 2.54b29 6. Early Bird v2.1 I. FRONT AND CENTER($BF|K\8lLu$J$7(B) - --------------------------------- II. BUGTRAQ SUMMARY - ------------------- 1. OpenView xlock Heap Overflow Vulnerability BugTraq ID: 3160 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8x3+F|(B: 2001-08-10 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/3160 $B$^$H$a(B: xlock $B$O(B X window $B$N%k!<%H%&%$%s%I%&$r%m%C%/$9$k%f!<%F%#%j%F%#$G$"$k!#(B $B$3$N%f!<%F%#%j%F%#$O%m%C%/$5$l$?:]$K%f!<%6$N%Q%9%o!<%I$rDL>o$N%G%#%9%W(B $B%l%$I=<($N2DH]$rG'>Z$9$k$?$a$KMxMQ$7$F$$$k$?$a!"(Bsetuid root $B$H$7$F%$%s(B $B%9%H!<%k$5$l$F$$$k!#(B OpenView $B%Q%C%1!<%8$N0lIt$H$7$F(B Solaris $B$KF1:-$5$l$F$$$k(B xlock $B$O!"4D6-(B $BJQ?t$N.$5$$$N$G$"$k!#$b$74D6-JQ?t$ND9$5$,(B $B$3$l$rD62a$7$F$$$k>l9g$K$O!"%R!<%WFb$N6a@\$7$?%a%b%jFb$N%P%C%U%!$O>e=q(B $B$-$5$l$F$7$^$&2DG=@-$,$"$k!#(B $B$3$N$?$a967be=q$-$5$l$?4X?t$N%j%?!<%s%"%I%l%9$r%]%$%s%?(B $B$H$7$F<($9%7%'%k%3!<%I$r@_Dj$G$-$k$N$G$"$k!#(B $B$3$N:]%?!<%2%C%H$H$J$k4X?t$+$i%j%?!<%s$9$k:]!";XDj$5$l$?%7%'%k%3!<%I$,]$H$J$C$?%3%s%T%e!<%?$N4IM}uBV$N(B mailto $B%?%0!"%/%C%-! $B%?%0$O%U%#%k%?%j%s%0$5$l$J$$$N$G$"$k!#(B $B$3$N%=%U%H%&%'%"$K$h$C$F:n@.$5$l$?0J2<$N(B2$B$D$NNc$O%9%/%j%W%H%U%#%k%?%j%s(B $B%05!G=$r2sHr$7$F$7$^$&$N$G$"$k!#(B <RIPT language="javascript"> $B$3$NLdBj$rMxMQ$7$?967b$O(B Webmaster $B$K$h$k!"(BWeb $B%5%$%H$X%"%/%;%9$9$k%f!<(B $B%6$N4D6-2<$G$N!"0-0U$"$k%9%/%j%W%H$N7$/2DG=@-$,$"$k!#(B 3. WEBsweeper Unicode Script Filtering Bypass Vulnerability BugTraq ID: 3173 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8x3+F|(B: 2001-08-12 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/3173 $B$^$H$a(B: WEBseeper $B$O0-0U$"$k(B Web $B%3%s%F%s%D$NFbMF$r%U%#%k%?%j%s%0$9$k%"%W%j%1!<(B $B%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$NMxMQuBV$N(B mailto $B%?%0!"%/%C%-! $B%?%0$NMM!9$JI=5-$O(B $B%U%#%k%?%j%s%0$5$l$J$$$N$G$"$k!#(B $B$3$N%=%U%H%&%'%"$K$h$C$F:n@.$5$l$?0J2<$NNc$O%9%/%j%W%H%U%#%k%?%j%s%05!(B $BG=$r2sHr$7$F$7$^$&$N$G$"$k!#(B ($BLuCm(B: $B$3$NNc$O(B ISO-2022-JP $B$G$O@5$7$/I=5-$G$-$^$;$s!#H2<$5$$!#(B) $B$3$NLdBj$rMxMQ$7$?967b$O(B Web $B%5%$%H$X%"%/%;%9$9$k%f!<%6$N4D6-2<$G$N!"(B $B0-0U$"$k%9%/%j%W%H$N7$/2DG=@-$,$"$k!#(B 4. TrollFTPD Buffer Overflow Vulnerability BugTraq ID: 3174 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8x3+F|(B: 2001-08-13 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/3174 $B$^$H$a(B: TrollFTPD $B$O(B TrollTech $B$K$h$C$FDs6!$5$l$F$$$k>.5,LO$N(B FTP $B%5!<%P$G$"$k!#(B $B$3$N%=%U%H%&%'%"$K$OD9$$%Q%9I=5-$rl9g$K!"D9$$%G%#%l%/%H%j$KBP$9$k:F5"E*$J%G%#%l%/%H%j0lMw$N%j%/%(%9(B $B%H$,9T$o$l$k:]!"4X?t$N%9%?%C%/%U%l!<%`$rGK2u$9$k%9%?%C%/%*!<%P!<%U%m!<(B $B$,@8$8$k$N$G$"$k!#(B $B967be$K%G%#%l%/%H%j$r(B $B:n@.2DG=$J>l9g!"967bZ:Q$G$"$k!#(B 5. SIX-webboard 2.01 File Retrieval Vulnerability BugTraq ID: 3175 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8x3+F|(B: 2001-08-13 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/3175 $B$^$H$a(B: SIX-webboard 2.01 $B$K$O%f!<%6$+$iM?$($i$l$?CM$K4^$^$l$k(B .. $B$H(B / $B$K$D$$$F!"(B $B%U%#%k%?%j%s%0$r9T$o$J$$LdBj$,$"$k$?$a!"%j%b!<%H$N%3%s%T%e!<%?$+$iDL>o(B $B%"%/%;%9$G$-$J$$%U%!%$%k$r;2>H$"$k$$$OpJs$"$k$$$O%Q%9%o!<%I%j%9%H$NMM$J8D?M>pJs$NFbMF$rF~$H%G%#%l%/(B $B%H%jL>$rMxMQ$7!"%3%^%s%I;XDj$r9T$&J8;zNs$N:n@.$,2DG=$G$"$k!#(B $B967bpJs$rF~o$N%U%!%$%k$d2hA|%U%!%$%k$N%O%$%Q!<%j%s%/$r9T$($F(B $B$7$^$&LdBj$,H/8+$5$l$F$$$k!#(B $B$3$N%b%8%e!<%k$N%k!<%k$O%m!<%+%k%[%9%H0J30$K0LCV$9$k(B Web $B%5!<%P$+$i$N(B $B2hA|%U%!%$%k$dDL>o$N%U%!%$%k$X$N%O%$%Q!<%j%s%/$rKI;_$9$k$?$a$KMxMQ$5$l!"(B $B$^$?!"%m!<%+%k%[%9%H$N4D6-Ii2YA}2C$NKI;_$d%M%C%H%o!<%/Ii2Y$NA}2C$NKI;_(B $B$KMxMQ$5$l$F$$$k!#(B $BE57?E*$J$3$N%b%8%e!<%k$N%k!<%k$O0J2<$NMM$KNc<($5$l$k!#(B RewriteCond %{HTTP_REFERER} !^http://www\.yoursite\.com.*$ RewriteRule ^/images/.* - [G] $B$7$+$7!"(BHTTP $B$N(B GET $B%j%/%(%9%H$,(B //images $B$H8@$&%G%#%l%/%H%jI=5-$G%5!<%P(B $B$KM?$($i$l$k:]!"$3$l$O>e5-%k!<%k$K9gCW$7$J$$$N$G$"$k!#$3$N$?$a%f!<%6$OD>(B $B@\3:Ev$9$k%G%#%l%/%H%jFbMF$X$N%"%/%;%9$,2DG=$G$"$k!#(B $B$3$NLdBj$O(B mod_rewrite $B%b%8%e!<%k$N%k!<%k$N1*2s$r$b$?$i$7!"%5!<%P$NIi2Y(B $BA}2C!"%m!<%+%k%M%C%H%o!<%/$N;q8;$NA}2C$r0z$-5/$3$9;v$,A[Dj$G$-!"$5$i$K$O(B DoS $B$r>7$/2DG=@-$b$"$k!#(B 7. Window Maker Window Title Buffer Overflow Vulnerability BugTraq ID: 3177 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8x3+F|(B: 2001-08-12 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/3177 $B$^$H$a(B: WindowMaker $B$O(B X11 $B4D6-MQ$N%&%$%s%I%&%^%M!<%8%c$G$"$k!#$3$N%=%U%H%&%'%"(B $B$OB?$/$N>l9g%G%9%/%H%C%W%7%9%F%`$GMxMQ$5$l$F$$$k!#(B $B$3$N%=%U%H%&%'%"$K$O%j%b!<%H$N967br7o$O!"(BX11 $BMQ$N%"%W(B $B%j%1!<%7%g%s$,3F!9$N%&%$%s%I%&$N%?%$%H%kIt$K%?%$%H%k$r@_Dj$9$k:]$K@8$8(B $B$k!#(B $B$3$N%P%C%U%!%*!<%P!<%U%m!<$O(B sprintf $B$NMxMQJ}K!$KM3Mh$7$F$$$k!#(B libc $B$GDs6!$5$l$k4X?t!"(Bsprintf $B$O=q<0;XDj;R$K=>$&J8;zNs$NAH$_N)$F$r2DG=(B $B$K$9$k4X?t$G$"$k$,!"$7$+$7!"(Bsprintf $B$G$O$J$s$i6-3&%A%'%C%/$O9T$o$l$F$$$J(B $B$$$N$G$"$k!#=>$C$F3d$jEv$F$i$l$?%P%C%U%!$ND9$5$r!":n@.$5$l$?J8;zNs$ND9$5(B $B$,D62a$9$k>l9g(B sprintf $B$OD62a$7$?%G!<%?$r%a%b%j$N6aK5$K=q$-9~$s$G$7$^$&(B $B$N$G$"$k!#(B $B%&%$%s%I%&$N%?%$%H%kIt$K%?%$%H%k$r@_Dj$9$k967b2DG=$JNc$H$7$F5s$2$i$l$k(B sprintf $B$NMxMQJ}K!$OMM!9$G$"$k!#$3$N%"%W%j%1!<%7%g%s$O%&%$%s%I%&$N%?%$%H(B $B%k$r@_Dj$9$k5!G=$r;J$C$F$$$k$?$a!"$3$NLdBj$O0-0U$"$k(B X11 $B%W%m%0%i%`$K$h$C(B $B$F967b2DG=$G$"$k!#(B $B$^$?!"$3$NLdBj$O(B X $B%5!<%P$K@\B32DG=$J%j%b!<%H%[%9%H$+$i$b967b2DG=$G$"$k!#(B $B$$$/$D$+$N%7%9%F%`$G$O%G%U%)%k%H@_Dj>uBV$G(B X $B%5!<%P$X$N$I$N%[%9%H$+$i$N(B $B@\B3$r5v2D$7$F$*$j!"(B WindowMaker $B$rr7o$K9gCW$9$k%7%9%F(B $B%`$G$O%j%b!<%H$+$i$N6<0R$KGx$5$l$F$$$k;v$K$J$k!#(B $B$3$NLdBj$O(B X $B%5!<%P$X@\B32DG=$J(B X $B%"%W%j%1!<%7%g%s$K$h$C$F967b2DG=$G$"$j!"(B $B$$$+$J$kG$0U$N$J%3!<%I$G$"$C$F$b$3$N%=%U%H%&%'%"$rl9g!"(BWindowMaker $B$re$GG$0U$N$J%3!<(B $B%I$Oe$G$=$l(B $B$,e5-$NNc$N%j%/%(%9%H$r7$$$F$7$^$&$N$G$"$k!#(B $B$3$NLdBj$O0J8e$N8"8BC%:3J$r$b$?$i$92DG=@-$,$"$k!#(B 9. Webridge PX Application Suite Internal Server Error Message Vulnerability BugTraq ID: 3182 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8x3+F|(B: 2001-08-15 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/3182 $B$^$H$a(B: Web $B%V%i%&%6$r2p$7$F(B Webridge PX Application Suite server $B$XBEEv$G$O$J(B $B$$J}K!$GAH$_N)$F$i$l$?(B HTTP $B%j%/%(%9%H$,M?$($i$l$k:]!"%[%9%H$OFbIt%(%i!<(B $B%a%C%;!<%8$rJV$9!#$7$+$7!":G=i$KM?$($i$l$?%j%/%(%9%H$KBP$7$F(B Web $B%V%i%&(B $B%6>e$KI=<($5$l$k$3$N%a%C%;!<%8$K$O!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k%[(B $B%9%H$NFbIt(B IP $B%"%I%l%9!"(BWeb $B%3%s%F%s%D$N%I%-%e%a%s%H%k!<%H%G%#%l%/%H%j!"(B $B$3$N%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$?%G%#%l%/%H%j$X$N%Q%9$H$$$C$?=EMW$J(B $B%7%9%F%`>pJs$,4^$^$l$F$$$k$N$G$"$k!#(B $B$3$l$i>pJs$O967bY$OB3$/$N$G$"$C$?!#(B http://www.securityfocus.com/templates/article.html?id=239 2. Full Disclosure is a necessary evil $BCx\:Y$r=R$Y$?%"%I%P%$%6%j$O(B Code Red $B%o!<%`$NEAGE$rKI;_$7$J$+$C(B $B$?$N$G$"$k!#(B http://www.securityfocus.com/templates/article.html?id=238 3. Microsoft releases patch-scanner $BCx\:Y$K$D$$$F$OD@L[$ruBV$r2hA|$GI=(B $B<($7$^$9!#%H%i%U%#%C%/NL$K1~$8$F%[%9%H$d%j%s%/$N%5%$%:$rJQ2=$5$;$^$9!#(B ethernet$B!"(Bfddi$B!"(Bppp$B!"(Bslip $B%G%P%$%9$r%5%]!<%H$7$^$9!#I=<($5$l$?%H%i%U%#(B $B%C%/$r%U%#%k%?$9$k$3$H$,=PMh$^$9!#$^$?!"%M%C%H%o!<%/$+$i@8$N%G!<%?$r.$5$J%P%0$,=$@5!"%m%7%"8l$H%j%H%"%K%"8l$N%I%-%e%a%s%H$NDI2C!"(B $B%3%s%=!<%k%P!<%8%g%s$H(B X Window $B%P!<%8%g%s$,MxMQ2DG=$K!#(B 6. Early Bird v2.1 $B:ne$GSy$N(B default.ida $B$C$F@_7W$5$l$F$$$^$9!#%o!<%`(B (code red) $B$,$3$NSy(B $B%9%/%j%W%H$r967b$7$?:]!"$9$0$5$^%o!<%`$N%P!<%8%g%s(B (v1$B!"(Bv2) $B$r%f!<%6$K(B $BDLCN$7$^$9!#%o!<%`$rAw?.$7$F$-$?85$N%M%C%H%o!<%/$N=jM-$$(B APNIC $B$d(B RIPE $B$N%G!<%?%Y!<%9$bD4$Y$i$l$^$9!#(B) $BEE;R%a!<%k$K>\:Y$,5-=R$5$l!"O"Mm@h$KAw(B $B?.$5$l$^$9!#(B - -- Translated by SAKAI Yoriyuki, KAGEYAMA Tetsuya Supervised by SAKAI Yoriyuki LAC Co., Ltd. http://www.lac.co.jp/security/ -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Edition 5.5.5J iQA/AwUBO4H1OpQwtHQKfXtrEQIjiACfUM7ZKLslqAHx/zymWI53gRIfxYwAoLVx 6kCASXGvjwEHJvanbL/Yyltv =BU5q -----END PGP SIGNATURE-----