SecurityFocus.com Newsletter #107 2001-8-17->2001-8-22

To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #107 2001-8-17->2001-8-22
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Tue, 28 Aug 2001 10:50:45 -0400
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 107 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

- ---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
<URL: http://www.securityfocus.com/forums/sf-news/faq.html>
BugTraq-JP $B$K4X$9$k(B FAQ:
<URL: http://www.securityfocus.com/forums/bugtraq-jp/faq.html>
- ---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02qe$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) <URL http://www.securityfocus.com/templates/archive.pike?list=79>
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 27 Aug 2001 09:09:58 -0600 (MDT)
Message-ID: <Pine.GSO.4.30.0108270909070.3891-100000@mail>

SecurityFocus Newsletter #107
- --------------------------------
This issued sponsored by SecurityFocus

- -------------------------------------------------------------------------------

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. An Introduction to OpenSSL (Part One)
     2. Protecting Systems with Libsafe
     3. Keys to Successful Incident Response Teams
II. BUGTRAQ SUMMARY
     1. Sendmail Debugger Arbitrary Code Execution Vulnerability
     2. glFTPD LIST Denial of Service Vulnerability
     3. Nudester Unauthorized Arbitrary File Upload and Download...
     4. Arkeia Server Blank Default Root Password Vulnerability
     5. Arkeia Server Static Salt Weak Password Vulnerability
     6. FreeBSD IPFW Me Point To Point Interface Address Addition...
     7. TD Forum Cross-Site Scripting Vulnerability
     8. 4D WebServer v6.5.7 Directory Traversal Vulnerability
     9. Surf-Net ASP Forum Predictable Cookie ID Vulnerability
     10. Lotus Domino Mail Loop Denial of Service Vulnerability
     11. Intego FileGuard Weak Password Encryption Vulnerability
     12. RSA Keon Certificate Authority LDAP Denial of Service...
     13. Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service...
     14. Trend Micro Virus Buster Arbitrary File Disclosure Vulnerability
     15. FreeBSD linprocfs Privileged Process Memory Disclosure...
     16. WinWrapper Admin Server Arbitrary File Reading Vulnerability
     17. Sage Software MAS 200 Denial of Service Vulnerability
     18. BadBlue Source Code Disclosure Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
     1. Mitnick joins Vegas hack investigation
     2. Hacks remain unreported
     3. Admins Urged To Upgrade Sendmail
IV.SECURITY FOCUS TOP 6 TOOLS
     1. Blaster Scan v3.1
     2. Trophie v1.05
     3. fwanalog v0.4b
     4. dcetest
     5. wINJECT 0.95b
     6. Bugnosis

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)

II. BUGTRAQ SUMMARY
- -------------------
1. Sendmail Debugger Arbitrary Code Execution Vulnerability
BugTraq ID: 3163
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-08-17
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3163
$B$^$H$a(B:

sendmail $B$N%G%P%C%05!G=$K$OF~NO$NBEEv@-$r3NG'$7$F$$$J$$LdBj$,B8:_$7$F$$(B
$B$k!#(B

$BLdBj$O$3$N%W%m%0%i%`Fb$GMxMQ$5$l$F$$$k!"%3%^%s%I%i%$%s$+$i(B -d $B%9%$%C%A$H(B
$B6&$KM?$($i$l$?%Q%i%a!<%?$r=hM}$7!"CM$rFbIt$N!V%H%l!<%9%Y%/%?!W$X=q$-9~$`(B
$BF0:n$rC4$&!"(BtTflag() $B4X?tFb$NId9fIU@0?t$N7$$$F$7$^$&2DG=@-$,$"(B
$B$k!#$J$*!"$3$NLdBj$rMxMQ$7$?967b$O2. glFTPD LIST Denial of Service Vulnerability
BugTraq ID: 3201
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-17
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3201
$B$^$H$a(B:

dlFtpD $B$K$O0-0U$"$k%f!<%6$,$3$N%G!<%b%s$r2TF0$5$;$F$$$k%[%9%H$r(B DoS $B>u(B
$BBV$K4Y$i$;$F$7$^$($k$H9M$($i$l$k!"F~NO$NBEEv@-3NG'$,IT==J,$G$"$k$?$a$K(B
$B@8$8$kLdBj$,B8:_$9$k!#(B

$BLdBj$O%5!<%P$,FCJL$KAH$_N)$F$i$l$?(B LIST $B%3%^%s%I$rM?$($i$l$?:]$K@8$8$k!#(B
$B$b$7$3$N%3%^%s%I$N%Q%i%a!<%?$KBgNL$N(B * $B$,4^$^$l$F$$$?>l9g!"%5!<%P$O1~Ez(B
$B$rDd;_$7!"%7%9%F%`$GMxMQ2DG=$J(B CPU $B;q8;$O;H$$2L$?$5$l$F$7$^$&$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$9$k>l9g!"DL>oF0:n$X$NI|5l$O%5!<%P$N3. Nudester Unauthorized Arbitrary File Upload and Download Vulnerability
BugTraq ID: 3202
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-17
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3202
$B$^$H$a(B:

Nudester $B$O%U%!%$%kE>Aw$K:]$7$F(B FTP $B%W%m%H%3%k$rMxMQ$9$k%U%!%$%k6&M-5!(B
$BG=$rDs6!$9$k%W%m%0%i%`$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%j%b!<%H$N%f!<%6$,G$0U$N%U%!%$%k$r967bBP>]$H$J$C$?(B
$B%[%9%H$N!"$$$+$J$k%"%C%W%m!<%I@h$G$"$C$F$b%U%!%$%k$r%"%C%W%m!<%I2DG=$J(B
$BLdBj$,B8:_$9$k!#$^$?!"IU$12C$($k$J$i$P!"%f!<%6$O%[%9%HFb$N40A4$J%G%#%l(B
$B%/%H%j9=B$$rF~pJs$NF~pJs$O(B Nudester $B$r2TF0$5$;$F$$$k%[%9%H$X$N%m%0(B
$B%$%s$r9T$&:]$K0J8e$KEO$C$FMxMQ2DG=$G$"$j!"Nc$($PG$0U$N%U%!%$%k$r%?!<%2%C(B
$B%H$N%[%9%HFb$N%U%!%$%k%7%9%F%`Cf$N;XDj$7$?>l=j$X$N%"%C%W%m!<%I$H8@$C$?(B
$BMM!9$J9T0Y$,2DG=$G$"$k!#$^$?!"F1MM$K%f!<%6$O967bBP>]$N%[%9%HFb$N%G%#%l(B
$B%/%H%j9=B$$rD4::2DG=$G$"$j!"G$0U$N%U%!%$%k$N%@%&%s%m!<%I$,2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$N@.8y$O967bBP>]$H$J$C$?%[%9%H$N%;%-%e%j%F%#$r40(B
$BA4$K6<$+$97k2L$r>7$/2DG=@-$,$"$k!#(B

4. Arkeia Server Blank Default Root Password Vulnerability
BugTraq ID: 3203
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-08-17
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3203
$B$^$H$a(B:

Arleia Server $B$O(B Knox Software $B$K$h$C$FHNGd!"J]uBV$K$*$$$F!"(BArkeia Server $B$N(B
root $B%"%+%&%s%HMQ$N%Q%9%o!<%I$OL$@_Dj$G$"$k!#DL>oF0:n;~$K$*$$$F$O0lEY$3(B
$B$N%=%U%H%&%'%"$,40A4$K%$%s%9%H!<%k$5$l$?8e$G!"4IM}5. Arkeia Server Static Salt Weak Password Vulnerability
BugTraq ID: 3204
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-08-17
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3204
$B$^$H$a(B:

Arleia Server $B$O(B Knox Software $B$K$h$C$FHNGd!"J]pJs$OAmEv$jK!$rMQ$$$?%Q%9%o!<%I%/%i%C%/$d0E9f$rMQ$$$?2r@OJ}K!$NN`(B
$B$N1~MQ$r;n$_$k>l9g$KM-MQ$H$J$k!#(B

$B$3$NLdBj$O(B Arkeia Server $BMQ%Q%9%o!<%I$N:GBgD9$5$,(B 8 $BJ8;z$G$"$k$H8@$&;v(B
$B6. FreeBSD IPFW Me Point To Point Interface Address Addition Vulnerability
BugTraq ID: 3206
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-08-17
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3206
$B$^$H$a(B:

FreeBSD $B$O(B FreeBSD Project $B$K$h$C$FG[I[!"J]J}$N0U?^$7$J$$%[%9%H$,JL$N0lC<$N%7%9%F%`$X%"%/%;%9$G$-$F$7$^$&Ld(B
$BBj$,B8:_$9$k!#(B

$BLdBj$O(B PPP $B%$%s%?%U%'!<%9$N7. TD Forum Cross-Site Scripting Vulnerability
BugTraq ID: 3207
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3207
$B$^$H$a(B:

TD Forum $B$O(B UNIX $B4D6-8~$1$N(B Web $B%U%)!<%i%`$rDs6!$9$k>&6H%=%U%H%&%'%"$G(B
$B$"$k!#(B

$B$3$N%=%U%H%&%'%"$O%f!<%6$,M?$($kCM$K$D$$$FE,@Z$JFbMF$N8!::$r9T$C$F$$$J(B
$B$$$N$G$"$k!#$3$N$?$aG$0U$N(B HTML $B%?%0$,%U%)!<%i%`$X$N%a%C%;!<%8$K4^$^$l(B
$B$FEj9F$5$l$?>l9g$G$"$C$F$b!"$3$N%=%U%H$K$h$k%U%#%k%?%j%s%0$O$J$5$l$J$$(B
$B$N$G$"$k!#(B
$B0-0U$r;}$D%f!<%6$O%a%C%;!<%8$r;2>H$9$k%f!<%6$N(B Web $B%V%i%&%6$GZ8"8B$NC%]$H$J$C$?%7%9%F(B
$B%`$,K\Mh8x3+$5$l$F$O$J$i$J$$$O$:$N>pJs$r3+<($7$F$7$^$&MM$K;E8~$1$i$l$?(B
$B56$N%U%)!<%`$N:n@.Ey$G$"$k!#$3$N8. 4D WebServer v6.5.7 Directory Traversal Vulnerability
BugTraq ID: 3209
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3209
$B$^$H$a(B:

4D $B$O(B Web $B%"%W%j%1!<%7%g%s3+H/$*$h$S%"%W%j%1!<%7%g%sDs6!4D6-$rAH$_9~$s$@(B
$B%/%i%$%"%s%H%5!<%P7?%j%l!<%7%g%J%k%G!<%?%Y!<%94IM}%7%9%F%`$G$"$k!#(B

Microsoft Windows NT $B4D6-$GF0:n$9$k$3$N%=%U%H%&%'%"$N%P!<%8%g%s(B 6.5.7
$B$K$O!"%G%#%l%/%H%jFbMF$,3+<($5$l$F$7$^$&LdBj$rJz$($F$$$k!#$3$N$?$a!"%j(B
$B%b!<%H$N%f!<%6$O8x3+$5$l$F$$$k%G%#%l%/%H%j$NHO0O30$K$"$k%U%!%$%k$X$N%j(B
$B%/%(%9%H$r@.8y$5$;$k;v$,2DG=$J$N$G$"$k!#$3$l$O0J2<$K<($97A<0$GE,@Z$KAH(B
$B$_N)$F$i$l$?(B URL $B$rM?$($k;v$G9T$o$l$k!#(B

http://host.com/4DBin/_/../winnt/target

$B$3$NLdBj$O967b]$N%[%9%H$KBP$9$k!"0J8e$NMM!9$J967b$KMQ$$$k;v(B
$B$,2DG=$J!"=EBg!"5!L)>pJs$rF~9. Surf-Net ASP Forum Predictable Cookie ID Vulnerability
BugTraq ID: 3210
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3210
$B$^$H$a(B:

Surf-Net ASP Forum $B$O%U%j!<$+$D%*!<%W%s%=!<%9$G$"$k(B Web $B$rMxMQ$9$kEE;R(B
$B7G<(HD%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O%f!<%6$K%/%C%-!<$K0MB8$9$kG'>ZJ}K!$rDs6!$7$F$$$k!#$7(B
$B$+$7!"$3$N%=%U%H%&%'%"$O3F!9$N%f!<%6$N%3%s%T%e!<%?Fb$K%/%C%-!<$rJ]B8$5(B
$B$;$k:]$K!"M=B,2DG=$J%7!<%1%s%9HV9f$r3d$jEv$F$F$7$^$&$N$G$"$k!#%/%C%-!<(B
$B$XMp?t$r85$K$7$?(B ID $BHV9f$rM?$($k;n$_$NBe$o$j$K!"$3$N%=%U%H%&%'%"$r%f!<(B
$B%6$N(B UserID $B$rD>@\$N:`NA$H$7$F@8@.$5$l$?%7!<%1%s%9HV9f$rMxMQ$7$F$7$^$&(B
$B$N$G$"$k!#(B

$B%/%C%-!10. Lotus Domino Mail Loop Denial of Service Vulnerability
BugTraq ID: 3212
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3212
$B$^$H$a(B:

Lotus Domino Server $B$N$$$/$D$+$N%P!<%8%g%s$K$O(B DoS $B$K4Y$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"3:Ev$N%5!<%P$K$h$C$FHs%m!<%+%k$H8+$J$5$l$k%I%a%$%s08$NuBV$K4Y$j!"7k2L$H$7$F%7%9%F%`$GMxMQ2DG=$J(B CPU $B;q8;$r;H$$2L$?$7(B
$B$F$7$^$&$N$G$"$k!#DL>o>uBV$X$NI|5l$O%5!<%P$N:F5/F0$H%-%e!<$+$i$N11. Intego FileGuard Weak Password Encryption Vulnerability
BugTraq ID: 3213
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-08-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3213
$B$^$H$a(B:

Intego FileGuard $B$O(B Mac OS 7.x $B$+$i(B 9.1 $B$GMxMQ2DG=$J>&IJ$H$7$FDs6!$5$l(B
$B$F$$$k%"%/%;%9%3%s%H%m!<%k5!G=$rDs6!$9$k%f!<%F%#%j%F%#$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$N5!G=$K$O%"%/%;%98"8B$N6/@)!"%m%0$N:N:3J2DG=$JLdBj$,B8:_$9$k$N$G$"$k!#3F%"%+%&%s%HKh$K(B
$B@_Dj$5$l$k0E9f2=:Q$_%Q%9%o!<%I$O(B FileGuard $B$N%f!<%6%U%!%$%k$K3JG<$5$l$k!#(B
$B$7$+$7!"(BSYSTEM VITAL $B$H8@$&L>>N$N%U%!%$%k$K$O0E9f2=$5$l$F$$$J$$>uBV$G!"(B
$BFCDj$N(B 16$B?J?t$NJ8;zNs$rC5$9;v$GC5::2DG=$J0LCV$K3JG<$5$l$F$$$k$N$G$"$k!#(B

mSec $B$O%f!<%6%U%!%$%k$H(B SYSTEM VITAL$B%U%!%$%kFb$NFCDj$NJ8;zNs$r3F%"%+%&(B
$B%s%HMQ$N%Q%9%o!<%I$rI|9f2=$9$k$?$a$K8!:w$9$k(B Disengage $B$H8F$P$l$k%D!<%k(B
$B$r4{$K8x3+$7$F$$$k!#$3$*%D!<%k$OFCDj$N>r7o$K9gCW$9$k:]!"0U?^$9$kF0:n$r(B
$B9T$&$H9M$($i$l$k(B($BFCDj$N>r7o$H$7$F$OJ8;zNs$r8!:w$9$k:]$K!"(BIntego FileGuard
$B$,$3$l$i%U%!%$%k$r%a%b%jFb$KFI$_9~$s$@>uBV$G$"$j!"(BIntego FileGuard $B$N=h(B
$BM}$,<:GT$9$kMM$J>uBV$K(B OS $B$,3d$jEv$F$k%a%b%j$N@)Ls$,$"$k>l9g$G$"$k(B)$B!#(B

12. RSA Keon Certificate Authority LDAP Denial of Service Vulnerability
BugTraq ID: 3214
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3214
$B$^$H$a(B:

Lightweight Directory Access Protocol (LDAP) $B$O(B X.500 $B$r%5%]!<%H$9$k%G%#(B
$B%l%/%H%j%5!<%S%9$X7Z$$;q8;$K$h$k%"%/%;%9$r2DG=$K$9$kMM$K@_7W$5$l$?%W%m(B
$B%H%3%k$G$"$k!#$3$N%W%m%H%3%k$G$O8!:w!"%G%#%l%/%H%jFbMF$NF~u67$r>7$$$F$7$^$($k$N$G$"$k!#(B

$B$J$*!"8=:_$3$NLdBj$K4X$9$k5;=QE*>\:Y$O8x3+$5$l$F$$$J$$!#(B

13. Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
BugTraq ID: 3215
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-21
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3215
$B$^$H$a(B:

IrDA (Infrared Data Association) $B$O@V30@~%G%P%$%9$rMQ$$$?%G!<%?E>Aw$r9T(B
$B$&:]$NI8=`%W%m%H%3%k$G$"$k!#(B

Microsoft Windows 2000 $B$G]$H$J$C$?%7%9%F%`$,0-0U$"$k%Q%1%C%H$r(B
$BO"B3$7$Fl9g!"$3$NLdBj$rMQ$$$F(B DoS $B>uBV$K4Y$i$;$k;v$,2DG=$G$"$k!#(B

IrDA$B%G%P%$%9$NM-8zHO0O$OLs(B 3 $B$+$i(B 4 $B%U%#!<%H(B($BLuCm(B: $BLs(B 1.5 m $B$+$i(B 2 m $BDxEY(B)
$B$N]$N%7%9%F%`>e$G14. Trend Micro Virus Buster Arbitrary File Disclosure Vulnerability
BugTraq ID: 3216
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-22
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3216
$B$^$H$a(B:

Trend Micro Virus Buster Corporate Edition $B$O(B Officescan Corporate Edition
$B$NF|K\8~$1HG$G$"$j!"4k6H8~$1$N%&%$%k%9H/8+!"6n=|%=%U%H%&%'%"$G$"$k!#(B
$B$3$l$i%=%U%H%&%'%"$O$I$A$i$K$bF1MM$NLdBj$,B8:_$9$k!#(B

$B$3$l$i%=%U%H%&%'%"$O%j%b!<%H$N967bH$r9T$&;n$_$NGS=|$K<:GT$7$F$7$^$&E@$G$"$k!#$3$NLdBj$OFCJL$KAH$_N)$F$i(B
$B$l$?(B HTTP $B%j%/%(%9%H$rMQ$$$k;v$K$h$C$F967b2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$,@.8y$9$k>l9g$3$NLdBj$O!"967b]$H$J$C$?%[(B
$B%9%H$KBP$9$k0J8e$NMM!9$J967b$KMQ$$$k;v$,2DG=$J!"=EMW$J>pJs$rF~15. FreeBSD linprocfs Privileged Process Memory Disclosure Vulnerability
BugTraq ID: 3217
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-21
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/3217
$B$^$H$a(B:

FreeBSD $B$GDs6!$5$l$F$$$k(B linprofs $B$O(B Linux $B$G:NMQ$5$l$F$$$k(B /proc $B%U%!(B
$B%$%k%7%9%F%`$rpJs$d%Q%i%a!<%?$K4X$9$k>pJs$rDs6!$9$k$b$N$G$"$k!#$3$N%U%!%$%k%7%9%F%`(B
$B$O(B Linux $BMQ$NpJs$K%"%/%;%92DG=$K(B
$B$9$k$?$a$KMxMQ$5$l$F$$$k!#(B

$B$7$+$7!"Dc$$8"8B$N%W%m%;%9$,$"$k9b$$8"8B$N%W%m%;%9$r%G%P%C%0$9$k:]$K!"(B
$B%"%/%;%9@)8B$NBEEv@-3NG'$K4X$9$kLdBj$,@8$8$k2DG=@-$,$"$k!#Dc$$8"8B$N%W(B
$B%m%;%9$O%G%P%C%0@h$N%W%m%;%9$r%G%P%C%0$9$kA0$K!"(B/proc/<pid>/mem $B$r3+$-!"(B
$B9b$$8"8B$r;}$D%W%m%;%9$N%a%b%j$XFI$_=P$7%"%/%;%9$rJ]$C$?$^$^$K$9$k;v$,(B
$B2DG=$J$N$G$"$k!#(B

$B$3$NLdBj$N7k2L!"BP>]$N%W%m%;%9$N%a%b%jFb$N=EMW$J%G!<%?$,$=$&$"$C$F$O$J(B
$B$i$J$$$K$b4X$o$i$:!"3+<($5$l$F$7$^$&7k2L$r>7$/;v$,A[Dj$5$l$k!#(B

16. WinWrapper Admin Server Arbitrary File Reading Vulnerability
BugTraq ID: 3219
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-22
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/3219
$B$^$H$a(B:

WinWrapper $B$O(B Microsoft Windows $B4D6-8~$1$N%U%!%$%d%&%)!<%k$r@=IJ$H$7$F(B
$BpJs$X%"%/%;%9(B
$B2DG=$JLdBj$,B8:_$9$k$N$G$"$k!#$3$NLdBj$O>pJsO31L$dLdBj$rJz$($k%[%9%H$X(B
$B$N0J8e$N967b$r>7$$$F$7$^$&2DG=@-$,$"$k!#(B

$B$3$NLdBj$O%j%b!<%H$N%f!<%6$+$i!"(BWeb $B$rMxMQ$7$?4IM}MQ%$%s%?%U%'!<%9$XM?(B
$B$($i$l$?CM$NpJs$X$N%"%/%;%9$r$b$?$i$7!"%m!<(B
$B%+%k$N;q8;$X$N0J8e$N967b$r>7$$$F$$$7$^$&2DG=@-$,$"$k!#(B

17. Sage Software MAS 200 Denial of Service Vulnerability
BugTraq ID: 3221
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-21
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/3221
$B$^$H$a(B:

MAS 200 $B$O(B 32 bit Windows $B$GF0:n$9$k%/%i%$%"%s%H!"%5!<%P7?$N%"%+%&%s(B
$B%F%#%s%05!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

$B%f!<%6$O$3$N%=%U%H%&%'%"$rF0:n$5$;$F$$$k%5!<%P$N%]!<%HHV9f(B 10000 $BHV$X@\(B
$BB3$9$k;v$,2DG=$G$"$k!#0lEY@\B3$,3NN)$7$?8e!"%f!<%6$,%3%s%H%m!<%k%-!<$H(B
x $B%-!<$NAH$_9g$o$;$r@\B385$+$i(B 10 $B2sM?$($k;v$G%5!<%PB&$N%=%U%H%&%'%"$,(B
$BF0:n$7$J$$>uBV$K$9$k;v$,2DG=$G$"$k!#$3$N:]!"%/%i%$%"%s%HB&$N%=%U%H%&%'(B
$B%"$O$b$O$d%5!<%P$X$O@\B3ITG=$G$"$k!#(B

$B:FEY%5!<%P$NF1$8%]!<%HHV9f$X@\B3$r;n$_$k:]!"%[%9%H$OL58z$G$"$k;v$r<($9(B
$B%a%C%;!<%8$,I=<($5$l$k!#(B

$B%5!<%S%9$rI|5l$9$k$?$a$K$O!"4IM}$N(B
$B%-!<$NAH$_9g$o$;$bF1MM$N7k2L$r$b$?$i$9$HJs9p$5$l$F$$$k!#(B

18. BadBlue Source Code Disclosure Vulnerability
BugTraq ID: 3222
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-08-22
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/3222
$B$^$H$a(B:

BadBlue $B$O(B Microsoft Windows $B8~$1$N(B Web $B$rMxMQ$9$k%U%!%$%k6&M-%f!<%F%#(B
$B%j%F%#$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O(B HTTP $B%j%/%(%9%H$K4^$^$l$k$$$/$D$+$N0-0U$"$kJ8;zNs$r(B
$B%U%#%k%?%j%s%0$7$F$$$J$$$N$G$"$k!#Nc$($P!"$b$7(B null (%00) $B$,(B HTTP $B%j%/(B
$B%(%9%H$N=*$o$j$KDI2C$5$l$F$$$k>l9g!"$3$N%=%U%H%&%'%"$O%U%!%$%k$r]$N%[%9%HFb$N%U%!%$%k%7%9%F%`$r;2>H$G$-(B
$B$k$H8@$&Lu$G$O$J$$$,!"(BWeb $B7PM3$G8x3+$5$l$kJ8=q$,B8:_$9$k%G%#%l%/%H%j%D(B
$B%j!H$G$-$k$H8@$&E@$OIU5-$5$l$k$Y$-$G$"$k!#(B
$B$3$N$?$a!"$b$7967bBP>]$N%U%!%$%k$,%9%/%j%W%H$G$"$k>l9g!"%=!<%9%3!<%I$O(B
$B967bhttp://target-host/testfile.php%00

$B$3$NLdBj$rMxMQ$7$?967b$,@.8y8e!"%9%/%j%W%H$N%=!<%9%3!<%I$K4^$^$l$k!"Nc(B
$B$($P%G!<%?%Y!<%9$N%f!<%6L>$d%Q%9%o!<%I$H8@$C$?=EMW$J>pJs$,967bl9g!"$3$l$i>pJs$O967bBP>]$X$N0J8e$N967b$r9T$&1. Mitnick joins Vegas hack investigation
$BCx5G'$7$?!#(B
$B$3$N7o$K4X$7$F;v6HN$5$l$k;v$,(B
$B$"$C$?(B Kevin Mitnick $B$K$h$kA\::$r6D$0;v$rK>$s$G$$$k!#(B

http://www.securityfocus.com/templates/article.html?id=242

2. Hacks remain unreported
$BCxhttp://www.securityfocus.com/templates/article.html?id=243

3. Admins Urged To Upgrade Sendmail
$BCx$JEE;R%a!<%k%5!<%P%=%U%H%&%'%"$N(B
sendmail $B$N$$$/$D$+$N%P!<%8%g%s$rCV$-49$($kMM$K4+9p$7$F$$$k!#(B
$B:G6a$N%*!<%W%s%=!<%9%P!<%8%g%s$K$O%m!<%+%k$N967bhttp://www.securityfocus.com/templates/article.html?id=244


IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------
1. Blaster Scan v3.1
$B:nhttp://www.securityfocus.com/tools/1891
$B%W%i%C%H%U%)!<%`(B: Linux
$B$^$H$a(B:

Blaster Scan $B$O(B TCP $B$N%]!<%H%9%-%c%J$G$9!#(BSMTP $B$N(B VRFY $B$d(B EXPN $B%3%^%s%I(B
$B$rMxMQ$7$?%f!<%6$NCj=P!"(BFTP $B$X$NF?L>%"%/%;%9$N2DH]D4::!"(BFTP $B$d(B POP3 $B$X(B
$B$NAmEv$j967b(B (Brute Force) $B$N2DH]!"%G!<%b%s$N%P!<%8%g%s$NCj=P!"(BCGI $B%P%0(B
$B$N%9%-%c%s$,9T$($^$9!#(B
$B$^$?!"(BSYN $B%]!<%H%9%-%c%s!"(Bping $B%[%9%H%9%-%c%s!"%5%V%M%C%H%9%-%c%s$b2DG=(B
$B$G$9!#$3$N%P!<%8%g%s$K$O%m%0$X$NJ]B8!"(Bfinger $B$rMxMQ$7$?%f!<%6$NCj=P$9$k(B
$B%*%W%7%g%s$,MxMQ$G$-$^$9!#(B

$BJQ99E@(B: TCP $B$d(B SYN $B%9%-%c%s$K$"$C$?LdBjE@$N=$@5(B ($B$3$l$G%]!<%H$,%U%#%k%?(B
$B$5$l$F$$$k$H$-$b8!CN2DG=(B)$B!"AmEv$j967b(B (Brute force) $B%*%W%7%g%s$NLdBj$N(B
$B=$@5!"F?L>$N%A%'%C%/!#(BPing $B%*%W%7%g%s$O!"%[%9%H$,(B icmp $B%Q%1%C%H$r%U%#%k(B
$B%?$7$F$$$k>l9g$b8!CN2DG=$J7ABV$XJQ99!#(BVRFY $B$H(B EXPN $B%*%W%7%g%s$KB8:_$7$?(B
$BLdBj$N=$@5!"$9$Y$F$NI,MW$J%U%!%$%k$rD4::$7$I$N$h$&$J%;%0%a%s%H0cH?$b2s(B
$BHr2DG=$J=$@5!#B>$NMM!9$J>.$5$J%P%0$N=$@5!#(B

2. Trophie v1.05
$B:nhttp://www.securityfocus.com/tools/2153
$B%W%i%C%H%U%)!<%`(B: HP-UX$B!"(BLinux$B!"(BPOSIX$B!"(BSolaris$B!"(BSunOS
$B$^$H$a(B:

Trophie $B$O!"%"%s%A%&%#%k%9%Y%s%@$N(B TrendMicro $B$,Ds6!$9$k(B libvsapi $B%i%$(B
$B%V%i%j$r;HMQ$9$k%G!<%b%s$G$9!#5/F0;~$K!"(BTropie $B$O(B VSAPI $B$r=i4|2=$7!"%a(B
$B%b%j$K%&%#%k%9$NDj5A$rE83+$7!"%m!<%+%k$N(B Unix $B%I%a%$%s%=%1%C%H$r3+$-!"(B
$BC/$+$,@\B3$9$k$N$rBT$Ao$K9bB.$G$9!#(B

3. fwanalog v0.4b
$B:nhttp://www.securityfocus.com/tools/2174
$B%W%i%C%H%U%)!<%`(B: Linux$B!"(BOpenBSD
$B$^$H$a(B:

fwanalog $B$O%U%!%$%d%&%)!<%k$N%m%0%U%!%$%k$r2r@O$7!"<}=8$9$k%7%'%k%9%/%j(B
$B%W%H$G$9!#(BBSD ipf$B!"(BLinux 2.2 ipchains$B!"(BLinux 2.4 iptables $B$N%m%0$r2r@O(B
$B$G$-$^$9!#$9$P$i$7$$%m%02r@O%W%m%0%i%`$G$"$k(B Analog ($B$3$l$b$^$?%U%j!<%=(B
$B%U%H%&%'%"$G$9(B) $B$r%l%]!<%H$N:n@.$K;HMQ$7$^$9!#%U%!%$%d%&%)!<%k$N%m%0$r(B
Web $B%5!<%PN`;w$N%m%0$KJQ7A$7!"$3$N%=%U%HMQ$K=$@5$7$?@_Dj$G(B Analog $B$r8F(B
$B$S=P$9$3$H$K$h$j=hM}$r9T$$$^$9!#(B

4. dcetest
$B:nhttp://www.securityfocus.com/tools/2173
$B%W%i%C%H%U%)!<%`(B: UNIX
$B$^$H$a(B:

$B$3$N>.7?$N%f!<%F%#%j%F%#$r;H$($P!"(BWindows $B%7%9%F%`$N(B MSRPC $B%(%s%I%]%$%s(B
$B%H$r%@%s%W=PMh$^$9!#(BMicrosoft $B$+$iDs6!$5$l$F$$$k(B rpcdump $B$K$h$/;w$F$$$^(B
$B$9$,!"(BDCE $B%9%?%C%/$rI,MW$H$7$J$$$N$G!"(BUnix $B>e$Ge$N(B Windows $B%^%7%s$r%U%#%s%,!<%W%j%s%F%#%s%0$9(B
$B$k$?$a$K$H$F$bLr$KN)$A$^$9!#(Bdcetest $B$O(B TCP $B$N(B 135 $BHV%]!<%H7PM3$GA`:n$G(B
$B$-$^$9(B (Windows $B$N(B rpcinfo -p $B$HF1MM$G$"$k$H$*9M$(2<$5$$(B)$B!#(B

5. wINJECT 0.95b
$B:nhttp://www.securityfocus.com/tools/1893
$B%W%i%C%H%U%)!<%`(B: Windows 95/98
$B$^$H$a(B:

Winject $B$O(B Win9x $B$N%@%$%d%k%"%C%W%f!<%6$N$?$a$N!"Dc%l%Y%k$N%Q%1%C%H%S%k(B
$B%@(B/$B%$%s%8%'%/%?$G$9!#(BIP $B%"%I%l%9$r56B$$9$k$J$I<+M3$K%+%9%?%^%$%:$7$?%Q(B
$B%1%C%H$rAH$_N)$F$k$3$H$,$G$-$^$9!#(B

6. Bugnosis
$B:nhttp://www.securityfocus.com/tools/2172
$B%W%i%C%H%U%)!<%`(B: Windows 2000$B!"(BWindows 95/98$B!"(BWindows NT
$B$^$H$a(B:

Bugnosis $B$O(B Web $BMQ$N%P%08!CN4o$G$9!#(BWeb $B$r%5!<%U%#%s$9$k$h$&$K!"K,$l$?(B
$B%Z!<%8$r$9$Y$F2r@O$7!"(BWeb $B$N%P%0$rH/8+;~$K$*CN$i$;$7$^$9!#(BBugnosis $B$r;H(B
$B$$!"$$$D$b$HF1$8$K(B Web $B$r=d2s$9$k$@$1$G!"%W%m%0%i%`$N%(%-%9%Q!<%H$G$"$k(B
$BI,MW$O$"$j$^$;$s!#(B

- --
Translated by SAKAI Yoriyuki, KAGEYAMA Tetsuya
Supervised by SAKAI Yoriyuki
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Edition 5.5.5J
Comment: SAKAI Yoriyuki

iQA/AwUBO4uvxJQwtHQKfXtrEQLUnACbBhaAGh2+L50fqf+Sonpq1mcIk2MAniwq
pEt1QhGVw23dPpoD51aOcUe7
=+zxf
-----END PGP SIGNATURE-----