SecurityFocus.com Newsletter #110 2001-9-7->2001-9-12

To: bugtraq-jp@SECURITYFOCUS.COM
Subject: SecurityFocus.com Newsletter #110 2001-9-7->2001-9-12
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Mon, 17 Sep 2001 20:08:56 -0400
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 110 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

- ---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
<URL: http://www.securityfocus.com/forums/sf-news/faq.html>
BugTraq-JP $B$K4X$9$k(B FAQ:
<URL: http://www.securityfocus.com/forums/bugtraq-jp/faq.html>
- ---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus.com $B$N5v2D$r3t<02qe$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) <URL http://www.securityfocus.com/templates/archive.pike?list=79>
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 17 Sep 2001 08:33:37 -0600 (MDT)
Message-ID: <Pine.GSO.4.30.0109170832520.19462-100000@mail>

SecurityFocus Newsletter #110
- -----------------------------

This newsletter is sponsored by: McAfee


I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. An Audit of Active Directory Security, Part Three: Understanding
        LDAP, SASL, and Kerberos in the Context of AD Security
     2. Strategies to Reduce False Positives and False Negatives
     3. Macro Virus Protection in the Microsoft Office Line, Part One
II. BUGTRAQ SUMMARY
     1. Check Point Firewall-1 Policyname Temporary File Creation...
     2. Merit AAA RADIUS Server rlmadmin Symbolic Link Vulnerability
     3. Check Point Firewall-1 GUI Client Log Viewer Symbolic Link...
     4. Power Up HTML Directory Traversal Arbitrary File Disclosure...
     5. Norton AntiVirus for Microsoft Exchange 2000 Information...
     6. Hassan Consulting Shopping Cart Arbitrary Command Execution...
     7. SeaGlass Technologies sglMerchant Directory Traversal...
     8. ProFTPD Client Hostname Resolving Vulnerability
     9. Digital Unix MSGCHK Buffer Overflow Vulnerability
     10. Taylor UUCP Argument Handling Privilege Elevation Vulnerability
     11. Microsoft Windows NT RPC Endpoint Mapper Denial of Service...
     12. Joerg Wendland LibNSS-PgSQL Remote SQL Query Manipulation...
     13. NSS NSS_PostGreSQL Remote SQL Query Manipulation Vulnerability
     14. MacOS X Client Apache Directory Contents Disclosure Vulnerability
     15. Joerg Wendland Pam-PSQL Remote SQL Query Manipulation...
     16. Leon J Breedt Pam-PSQL Remote SQL Query Manipulation...
     17. Digital Unix MSGCHK  MH_PROFILE Symbolic Link Vulnerability
     18. NetOp School Administration Authentication Vulnerability
     19. Apple Macintosh OS X  .DS_Store Directory Listing Disclosure...
     20. Apple Macintosh OS X FBCIndex File Contents Disclosure...
     21. SpeechD Privileged Command Execution Vulnerability
     22. Trend Micro InterScan eManager Buffer Overflow Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
     1. 'Mafiaboy' Gets 8 Months For DDoS Attacks
     2. New Hotmail Hack Evades Filters
IV.SECURITY FOCUS TOP 6 TOOLS
     1. Lsof v4.56
     2. cqual v0.9
     3. Windows 9x PassWord List reader v0.07
     4. MacAnalysis 2.0b
     5. Averist v1.4.0.1
     6. ViperDB v0.9.9


I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
- ---------------------------------

II. BUGTRAQ SUMMARY
- -------------------
1. Check Point Firewall-1 Policyname Temporary File Creation Vulnerability
BugTraq ID: 3300
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8x3+F|(B: 2001-09-08
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3300
$B$^$H$a(B:

Check Point Firewall-1 $B$O>.5,LO$+$i4k6H5,LO$^$G$N%M%C%H%o!<%/$KBP1~$G$-(B
$B$kMM@_7W$5$l$?>&MQ%U%!%$%d%&%)!<%k@=IJ$G$"$k!#(B

$B$3$N@=IJ$O%m!<%+%k$N%f!<%6$,=EMW$J%7%9%F%`%U%!%$%k$N%Q!<%_%C%7%g%s$NJQ(B
$B99$,2DG=$JLdBj$rJz$($F$$$k!#$3$NLdBj$O(B DoS $B$d8"8B>:3J$N2DG=@-$N860x$H(B
$B$J$jF@$k!#$3$NLdBj$O(B Check Point Firewall-1 $B$,M=B,2DG=$J0l;~%U%!%$%k$r(B
$B@8@.$9$kJ}K!$KM3Mh$7$F$$$k!#(B

$B%f!<%6$,$3$N@=IJ$N(B GUI $B$rMxMQ$7$?4IM}MQ%$%s%?%U%'!<%9$+$i%"%/%;%9$7!"%k!<(B
$B%k%;%C%H$K=$@5$r2C$($k:]!"(B/tmp $BFb$K%U%!%$%kL>$H$7$F%U%!%$%d%&%)!<%k$N%"(B
$B%/%;%9%3%s%H%m!<%k%k!<%k$NL>>N$rMQ$$$?!"(B.cpp $B$r3HD%;R$K;}$D%U%!%$%k$,:n(B
$B@.$5$l$k!#$3$N%U%!%$%k$O%U%!%$%d%&%)!<%k$N%"%/%;%9%3%s%H%m!<%k%k!<%k$,(B
$BJT=8$5$l!"E,MQ8e$K0z$-B3$-!"%3%s%Q%$%k$5$l$k:]$K@8@.$5$l$k!#(B

$B$7$+$7!"$3$N%U%!%$%k$O$$$+$J$k%f!<%6$KBP$7$F$b=q$-9~$_2DG=$J>uBV$G@8@.(B
$B$5$l!"$+$D!"(Broot $B$K=jM-8"$,M?$($i$l$F$$$k!#$3$N$?$a!"%U%!%$%d%&%)!<%k$N(B
$B%"%/%;%9%3%s%H%m!<%k%k!<%k$NL>A0$rMQ$$!"(B/tmp $B$K(B root $B$,=jM-$9$k%U%!%$%k(B
$B$r<($7$?%7%s%\%j%C%/%j%s%/$r:n@.$9$k;v$G!"<($5$l$?%U%!%$%k$O$$$+$J$k%f!<(B
$B%6$KBP$7$F$b=q$-9~$_8"8B$,M?$($i$l$F$7$^$&$N$G$"$k!#(B

$B$3$NLdBj$O%m!<%+%k$N%f!<%6$K%7%9%F%`$N@_Dj$NJQ99$r2DG=$K$7$F$7$^$$!"$^$?!"(B
$B%m!<%+%k$+$i(B root $B8"8B$NC%2. Merit AAA RADIUS Server rlmadmin Symbolic Link Vulnerability
BugTraq ID: 3302
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8x3+F|(B: 2001-09-07
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3302
$B$^$H$a(B:

Merit AAA RADIUS Server $B$KF1:-$5$l$k%f!<%64IM}$r9T$&%f!<%F%#%j%F%#(B
rlmadmin $B$O%7%s%\%j%C%/%j%s%/$rMxMQ$7$?967b$N1F6A$rl9g!"%X%k%W%U%!%$%k(B rlmadmin.html
$B$b;XDj$5$l$?%G%#%l%/%H%j$+$iFI$_9~$^$l!"%W%m%0%i%`$,@\$=$N%G%#%l%/%H%jFb$N%U%!%$%k$NFbMF$,I=<($5$l$k!#(B

$B$7$+$7!"$3$N%W%m%0%i%`$O(B setuid root $B$G$"$j$J$,$i%X%k%W%U%!%$%k$,FbMF$r(B
$B%f!<%6$KI=<($5$l$kA0$K!"%U%!%$%k$,%7%s%\%j%C%/%j%s%/$G$"$k$+$I$&$+$r3N(B
$BG'$7$F$$$J$$$?$a$KLdBj$r@8$8$k$N$G$"$k!#%m!<%+%k$N%f!<%6$G$"$l$P!"%7%9(B
$B%F%`Fb$N$$$+$J$k%U%!%$%k$G$"$C$F$b%m!<%+%k$N%f!<%68"8B$GFI$_=P$9;v$,2D(B
$BG=$J$N$G$"$k!#$3$NLdBj$OK\Mh$=$&$"$C$F$O$J$i$J$$=EMW$J%G!<%?$N3+<($d%7(B
$B%9%F%`$N%;%-%e%j%F%#$X$N6<0R$H$J$k;v$,A[Dj$5$l$k!#(B

3. Check Point Firewall-1 GUI Client Log Viewer Symbolic Link Vulnerability
BugTraq ID: 3303
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8x3+F|(B: 2001-09-08
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3303
$B$^$H$a(B:

Check Point Firewall-1 $B$O>.5,LO$+$i4k6H5,LO$^$G$N%M%C%H%o!<%/$KBP1~$G$-(B
$B$kMM@_7W$5$l$?>&MQ%U%!%$%d%&%)!<%k@=IJ$G$"$k!#(B

Firewall-1 $B$K$O%m!<%+%k$N%f!<%6$,=EMW$J%7%9%F%`%U%!%$%k$r>e=q$-2DG=$JLd(B
$BBj$rJz$($F$$$k!#$3$NLdBj$rMxMQ$9$k967b$N7k2L!"@5Ev$J%7%9%F%`$N%f!<%6$X$N(B
DoS $B$r>7$/2DG=@-$,$"$k!#%U%!%$%k$N>e=q$-$O(B Firewall-1 $B$,(B Log Viewer $B%b!<(B
$B%I$GF0:n$7$F$$$k:]$K@8$8$k!#(B

$B4IM}MQ(B GUI $B$rMxMQ$7$F$$$k(B Firewall-1 $B$N4IM}$r;XDj$9$kMMB%$5$l$k!#$7$+$7!"(BFirewall-1 $B$O%U%!%$%k$,4{$KB8:_$7$F$$(B
$B$k$+$I$&$+$r3NG'$7$F$$$J$$$?$a!"$^$?!"$3$N:]$$$+$J$k%G%#%l%/%H%j$G$"$C$F(B
$B$b;XDj2DG=$G$"$k$?$a!"%U%!%$%kL>$,(B .log $B$G=*$o$k%U%!%$%k$O>e=q$-$5$l$k7k(B
$B2L$r>7$$$F$7$^$&$N$G$"$k!#(B

$BIU$12C$($k$J$i$P!"4IM}MQ%$%s%?%U%'!<%9$K%"%/%;%92DG=$J%f!<%6$,(B Firewall-1
$B$rF0:n$5$;$F$$$k(B OS $B$=$N$b$N$N%m!<%+%k$N4D6-$K%"%/%;%92DG=$G$"$k>l9g!"$=(B
$B$N%f!<%6$O(B .log $B$r;}$A!"$+$D!"(Broot $B$,=jM-$9$k%U%!%$%k$r<($9%7%s%\%j%C%/(B
$B%j%s%/$r:n@.2DG=$G$"$k!#$3$N:](B Log Viewer $B$N(B Save As $B5!G=$rMQ$$!"%7%s%\(B
$B%j%C%/%j%s%/$NL>A0$G%U%!%$%k$rJ]B8$7$?>l9g!"%j%s%/$,<($7$F$$$k%U%!%$%k$O(B
$B>e=q$-$5$l$F$7$^$&!#4IM}MQ%$%s%?%U%'!<%9$O(B root $B8"8B$GuBV$K4Y$i$5$l$F$7$^$&$N$G$"$k!#(B

4. Power Up HTML Directory Traversal Arbitrary File Disclosure Vulnerability
BugTraq ID: 3304
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-07
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3304
$B$^$H$a(B:

Power Up HTML $B$O(B Web $B%Z!<%8Fb$KAH$_9~$_2DG=$J(B HTML $BN`;w$N%3%^%s%I72$G$"(B
$B$k!#$3$N%=%U%H%&%'%"$O%W%m%0%i%`$NC1=c2=$d(B CGI $B%W%m%0%i%`$N%+%9%?%^%$%:(B
$B$KFC2=$7$?5!G=$rDs6!$7$F$$$k!#(B

$B$7$+$7!"(BPower Up HTML $B$N4pK\%9%/%j%W%H(B (r.pl $B$"$k$$$O(B r.cgi) $B$O(B ../ $B$r(B
$BMQ$$$?%j%/%(%9%H$K$D$$$F%U%#%k%?%j%s%0$r9T$C$F$$$J$$$N$G$"$k!#$3$N$?$a!"(B
$B%f!<%6$O%U%!%$%k$NFbMF$N3+<($d%W%m%0%i%`$NH!"$"$k$$$O]$H(B
$B$J$k%U%!%$%k$X$NE,@Z$J8"8B$rJ];}$7$F$$$kI,MW$,$"$k!#(B

5. Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
BugTraq ID: 3305
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-07
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3305
$B$^$H$a(B:

Norton AntiVirus for Microsoft Exchange $B$r(B Microsoft Exchange 2000 $B>e$G(B
$BF0:n$7$F$$$k>l9g$K$OLdBj$,@8$8$k!#$3$l$i%=%U%H%&%'%"$rAH$_9g$o$;$?>l9g!"(B
$B967bl9g!"$=$N8e5qH]M}M3$r<($7$?DL9p$H6&$KE:IU%U%!%$%k(B
$B$OAw?.l9g$K4|BT$5$l$k?6$kIq$$$O!":9$7La$5$l$?EE;R%a!<%k$N%X%C%@$K$OuBV$G$"$k!#(B

$B$3$NLdBj$OBP>]$H$J$k4D6-$G5qH]$5$l$kMM$JE:IU%U%!%$%k$r4^$`%a!<%k$r!"BP(B
$B>]$N4D6-$N6. Hassan Consulting Shopping Cart Arbitrary Command Execution Vulnerability
BugTraq ID: 3308
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-08
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3308
$B$^$H$a(B:

Hassan Consulting's Shopping Cart $B$O>&MQ$N(B Web $B7PM3$N>&]$H$J$k%[%9%H>e$GpJs$,%j%b!<%H$N967b]$H$J$C$?%[%9%H$N%m!<%+%k8"8B$NC%7$/2DG=@-$,$"(B
$B$k!#$^$?!"%j%b!<%H$N967bZ5!9=$r2sHr$9(B
$B$k;v$b2DG=$G$"$j!"B>$N%"%+%&%s%H$d%"%/%;%9HO0O$,8BDj$5$l$F$$$k>pJs$X%"(B
$B%/%;%9$9$k;v$b2DG=$G$"$k!#(B

$B$J$*!"%f!<%6$,%3%^%s%I$ruBV$G$O(B ../ $BJ8;zNs$O%U%#%k%?%j(B
$B%s%0$5$l!"$3$NLdBj$rMxMQ$G$-$J$$$H8@$&;v$ON10U$5$l$k$Y$-=EMW;v9`$G$"$k!#(B

7. SeaGlass Technologies sglMerchant Directory Traversal Vulnerability
BugTraq ID: 3309
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-08
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3309
$B$^$H$a(B:

sglMerchant $B$O(B Web $B$rMxMQ$7$?>&]$H$J$C$?%[(B
$B%9%H$N%U%!%$%k%7%9%F%`$r;2>H$9$kL\E*$N(B Web $BMQ$N%I%-%e%a%s%H%k!<%H%G%#%l(B
$B%/%H%j$NHO0O30$r;X$7<($9(B HTTP $B%j%/%(%9%H$rAH$_N)$F$k;v$,2DG=$G$"$k!#(B
$B967bpJs$,4^$^$l$F$$$k>l9g!"967b]$H$J$C$?%[%9%HA4BN$X$N6<0R$N;n$_$K:]$7!"$h(B
$B$j>pJs$rDs<($9$k7k2L$r>7$$$F$7$^$&;v$,A[Dj$5$l$k!#(B

8. ProFTPD Client Hostname Resolving Vulnerability
BugTraq ID: 3310
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-07
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3310
$B$^$H$a(B:

ProFTPD $B$O(B UNIX $B4D6-$GMxMQ2DG=$J!"9-HO0O$KIa5Z$7$?(B FTP $B%5!<%P$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O%j%b!<%H$N967b$N5U0z$-$r;n$_$k!#L>>N2r7h$,9T$o(B
$B$l$?%[%9%HL>$O(B ACL $B$HHf3S$5$l!"%m%0$X%/%i%$%"%s%H$N%[%9%HL>$H$7$F5-O?$5(B
$B$l$k!#$7$+$7!"0d48$J;v$K!"$3$N%=%U%H%&%'%"$O@\B3$7$FMh$?%/%i%$%"%s%H$N(B
DNS $B%l%3!<%I$K4^$^$l$k(B IP $B%"%I%l%9$N$$$:$l$+$K4^$^$l$F$$$k$+$I$&$+$rMx(B
$BMQ$7$F%[%9%HL>$NBEEv@-$r3NG'$9$k!":FEY$NL>>N2r7h$r9T$C$F$$$J$$$N$G$"$k!#(B

$B$3$N$?$a!"L>A06u4V$r4IM}2DG=$J%j%b!<%H$N967b$r(B PTR $B%l%3!<%I$K4XO"IU$1$k;v$,A[Dj$5$l$k!#$b$7$b$3$NMM$J967b$rL>>N2r7h$7!"%[%9%HL>(B
$B$rH=CG:`NA$KMxMQ$9$k(B ACL $B$H$N4V$GBEEv@-$NI>2A$r9T$C$F$7$^$&$N$G$"$k!#(B
$B967b$N0lMw$rJ];}$7$F$$$?>l9g!"$3$NLdBj$r(B
$BMxMQ$7$F(B ACL $B$K$h$k%"%/%;%9%3%s%H%m!<%k$r2sHr$7%m%0%$%s$9$k;v$O2DG=$J$N(B
$B$G$"$k!#$J$*!"$3$N>l9g!":N(B
$B$r5-O?$7$F$$$k!#(B

9. Digital Unix MSGCHK Buffer Overflow Vulnerability
BugTraq ID: 3311
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8x3+F|(B: 2001-09-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3311
$B$^$H$a(B:

Digital Unix (4.0D $B$+$i(B 4.0G $B$^$G(B) $B$K$O%m!<%+%k$N%f!<%6$,8"8B$r>:3J2DG=(B
$B$JLdBj$,H/8+$5$l$?!#$3$NLdBj$O%7%9%F%`A4BN$N%;%-%e%j%F%#$X$N6<0R$r>7$/(B
$B2DG=@-$,$"$k!#(B

$B$3$NLdBj$O;XDj$5$l$?%f!<%6$N4{CN$NA4$F$N%a!<%k%I%m%C%WFb$N%a!<%k$NM-L5(B
$B$r3NG'$9$k$?$a$KMxMQ$5$l$k%a%C%;!<%8%O%s%I%j%s%0%7%9%F%`$N0lIt$G$"$k!"(B
msgchk $B$N%P%C%U%!%*!<%P!<%U%m!<$N$?$a$K@8$8$k!#(B

$B%j%?!<%s%"%I%l%9$r4^$`%9%?%C%/Fb$NCM$r>e=q$-2DG=$J>uBV$N%P%C%U%!%*!<%P!<(B
$B%U%m!<$,(B msgchk $B$,%3%^%s%I%i%$%s$+$iLs(B 8000 $B%P%$%H$NJ8;zNs$H6&$K10. Taylor UUCP Argument Handling Privilege Elevation Vulnerability
BugTraq ID: 3312
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8x3+F|(B: 2001-09-08
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3312
$B$^$H$a(B:

Taylor UUCP $B$O(B Ian Lance Taylor $B$K$h$j=i4|HG$,:n@.$5$l$?(B UUCP $B5!G=$r:3J2DG=$JLdBj$,H/8+(B
$B$5$l$F$$$k!#$3$NLdBj$O%3%^%s%I%i%$%s$+$i$NF~NO$NBEEv@-$N3NG'$r9T$&ItJ,(B
$B$KB8:_$7!"G$0U$NFbMF$N@_Dj%U%!%$%k$r$N(B UUCP $B5!G=$rDs(B
$B6!$7$F$$$k%[%9%H>e$G%j%b!<%H$+$io(B UUCP $B$G9=C[$5$l$?%M%C%H%o!<%/$GEE;R%a!<%k$d%M%C%H%K%e!<%9$N(B
$BG[Aw5!G=$rDs6!$9$k$?$a$KMxMQ$5$l$F$$$k!#(B

$B$7$+$7!"(Buucp $B$,(B uux $B$r8F$S=P$9:]$N@_Dj%U%!%$%k$Noe$GF0:n$7$F$$$k(B
$B%G!<%b%s$G$"$j!"$^$?!"(Buuxqt $B$O(B setuid uucp $B$G$"$k!#(B

$B$3$l$i$rAH$_9g$o$;$?7k2L!"%m!<%+%k$N%f!<%6$O(B uux $B$r:3J(B
$B$r9T$&;v$,A[Dj$5$l$k$N$G$"$k!#$5$i$K$O!"@_Dj%U%!%$%k$G;XDj$5$l$?BP>]$,(B
uuxqt $B$K$h$C$F11. Microsoft Windows NT RPC Endpoint Mapper Denial of Service Vulnerability
BugTraq ID: 3313
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3313
$B$^$H$a(B:

Remote Procedure Call (RPC) services $B$O(B SQL Server $B$d(B Exchange Server 
$B$H8@$C$?J,;6%"%W%j%1!<%7%g%s$GE57?E*$KMxMQ$5$l$F$$$k%5!<%S%9$G$"$k!#$3(B
$B$N%5!<%S%9$O(B TCP $B$H(B UDP $B$N%]!<%H72$rF0E*$K3d$jEv$F$k5!G=$r;}$C$F$$$k!#(B
RPC Endpoint Mapper service $B$O(B RPC services $B$H8=:_3d$jEv$F$F$$$k%]!<%H(B
$B$H$N4V$N%^%C%T%s%05!G=$rDs6!$9$k%5!<%S%9$G$"$k!#Nc$($P!"%/%i%$%"%s%H$,(B
RPC $B$rMxMQ$9$k%5!<%S%9$X$N%"%/%;%9$r%j%/%(%9%H$9$k:]!"(BRPC Endpoint Mapper
$B$+$i$N%]!<%H%^%C%T%s%0$r]$H$J$k%5!<%S%9$H$N4V$GD>@\DL?.$r9T$&$N$G$"$k!#(B

$BE57?E*$K%]!<%HHV9f(B 135 $BHV$G%3%M%/%7%g%s$rBT$AuBV$K4Y$i(B
$B$;$k;v$,2DG=$G$"$k!#$3$l$OBP>]$H$J$k%[%9%H>e$GDs6!$5$l$F$$$k(B RPC $B%5!<(B
$B%S%9$H$NDL?.$N%/%i%$%"%s%H$K$h$k;n$_$rA4$F<:8z$5$;$F$7$^$&7k2L$r>7$-!"(B
$B7k2L$H$7$F(B DoS $B$r0z$-5/$3$7$F$7$^$&!#(B

$B%5!<%S%9$NDL>oF0:n$X$NI|5l$O%5!<%P$N:F5/F0$K$h$j2DG=$G$"$k!#(B

12. Joerg Wendland LibNSS-PgSQL Remote SQL Query Manipulation Vulnerability
BugTraq ID: 3314
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3314
$B$^$H$a(B:

Joerg Wendland $B$,:n@.$7$?(B libnss-pgsql $B$O(B PostgreSQL $B8~$1$N(B NSS(Name
Service Switch) $B5!G=$rDs6!$9$k%b%8%e!<%k$G$"$k!#(B

$B$3$N%b%8%e!<%k$K$O(B HTTP $B%j%/%(%9%H$K$h$j(B SQL $B%/%(%j$,A`:n$5$l$F$7$^$&(B
$B$H8@$&LdBj$N5?$$$,$"$k!#(BSQL $B%/%(%jMQ$NJ8;zNs$K4^$^$l$k%G!<%?$OFbMF$N3N(B
$BG'$,9T$o$l$F$$$J$/!"BP>]$H$J$k%[%9%H$X$N%/%(%j$K4^$a$kJ}K!$G!"Cm0U?<$/(B
$BAH$_N)$F$i$l$?%a%?%-%c%i%/%?$r4^$`MM$J(B SQL $B%/%(%j$N9=J8$rAH$_N)$F$i$l$k(B
$B2DG=@-$,A[Dj$5$l$k$N$G$"$k!#(B

$B967b]$H$J$k%[%9%H(B
$BFb$KJ];}$7$F$$$kI,MW$,$"$k$H9M$($i$l$F$$$k!#967b$O%G!<%?%Y!<%9%5!<%P>e(B
$B$G%G!<%?%Y!<%9MQ$N%f!<%68"8B$G%/%(%j$r9T$&:]$Ko%"%/%;%9$,@)8B$5$l$F$$$k;q8;$X$N%f!<%6$K$h$k%"%/%;%9$r2D(B
$BG=$K$7$F$7$^$$!"BP>]$H$J$k%5!<%P>e$NB>$NLdBj$K$D$$$F$b967b$N5!2q$r967b(B
$B13. NSS NSS_PostGreSQL Remote SQL Query Manipulation Vulnerability
BugTraq ID: 3315
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3315
$B$^$H$a(B:

NSS(Name Service Switch) $B$OG'>ZMQ$N%P%C%/%(%s%I5!9=$H$7$F(B PostgreSQL
$B$rMxMQ2DG=$G$"$k!#(B

libnss-pgsql $B%b%8%e!<%k$K$O(B HTTP $B%j%/%(%9%H$K$h$j(B SQL $B%/%(%j$,A`:n$5$l(B
$B$F$7$^$&$H8@$&LdBj$N5?$$$,$"$k!#(BSQL $B%/%(%jMQ$NJ8;zNs$K4^$^$l$k%G!<%?$O(B
$BFbMF$N3NG'$,9T$o$l$F$$$J$/!"BP>]$H$J$k%[%9%H$X$N%/%(%j$K4^$a$kJ}K!$G!"(B
$BCm0U?<$/AH$_N)$F$i$l$?%a%?%-%c%i%/%?$r4^$`MM$J(B SQL $B%/%(%j$N9=J8$rAH$_N)(B
$B$F$i$l$k2DG=@-$,A[Dj$5$l$k$N$G$"$k!#(B

$B967b]$H$J$k%[%9%H(B
$BFb$KJ];}$7$F$$$kI,MW$,$"$k$H9M$($i$l$F$$$k!#967b$O%G!<%?%Y!<%9%5!<%P>e(B
$B$G%G!<%?%Y!<%9MQ$N%f!<%68"8B$G%/%(%j$r9T$&:]$Ko%"%/%;%9$,@)8B$5$l$F$$$k;q8;$X$N%f!<%6$K$h$k%"%/%;%9$r2D(B
$BG=$K$7$F$7$^$$!"BP>]$H$J$k%5!<%P>e$NB>$NLdBj$K$D$$$F$b967b$N5!2q$r967b(B
$B14. MacOS X Client Apache Directory Contents Disclosure Vulnerability
BugTraq ID: 3316
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3316
$B$^$H$a(B:

Apache $B$,(B Mac OS X $B%/%i%$%"%s%H$HAH$_9g$o$5$l$FMxMQ$5$l$k:]$KLdBj$,B8:_(B
$B$9$k!#(B

$B$"$kIT2D;k%U%!%$%k(B (.DS_Store) $B$,(B Finder $B$K$h$C$F(B Web $B7PM3$G8x3+$r9T$&(B
$B$?$a$N%G%#%l%/%H%jKh$K!"$=$l$>$l$N%G%#%l%/%H%jFb$K4^$^$l$kA4$F$N%U%!%$(B
$B%k$NFbMF$r4^$s$@>uBV$G:n@.$5$l$k!#(B

$B$7$+$7!"(BMac OS $B$N%U%!%$%k$N%Q!<%_%C%7%g%s$Nhttp://www.example.com/directoryname/.ds_store

$B$3$NLdBj$O4{$KH/8+$5$l$?LdBj(B (BID 2852) $B$HAH$_9g$o$;!"BgJ8;z>.J8;z$r4^(B
$B$`%U%!%$%k$X$N%j%/%(%9%H$rMxMQ$7$?G$0U$N%U%!%$%k$NFbMF$N3+<($r0z$-5/$3(B
$B$9$?$a$KMxMQ$9$k;v$,2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"BP>]$H$J$C$?%[%9%H$X$N$5$i$J$k96(B
$B7b$N15. Joerg Wendland Pam-PSQL Remote SQL Query Manipulation Vulnerability
BugTraq ID: 3317
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3317
$B$^$H$a(B:

Joerg Wendland $B$,:n@.$7$?(B pam-psql $B$O(B PostgreSQL $B$HAH$_9g$o$;$FMxMQ$5(B
$B$l$k(B PAM $B$r2p$9$kG'>Z5!9=$rMxMQ$9$k$?$a$N%b%8%e!<%k$G$"$k!#(B

$B$3$N%b%8%e!<%k$K$O%f!<%6$KG'>Z$r5a$a$k$$$+$J$k5!9=(B (HTTP$B!"(BSSH$B!"(Btelnet $BEy(B)
$B$r2p$7$F(B SQL $B%/%(%j$,A`:n$5$l$F$7$^$&$H8@$&LdBj$N5?$$$,$"$k!#(BSQL $B%/%(%j(B
$BMQ$NJ8;zNs$K4^$^$l$k%G!<%?$OFbMF$N3NG'$,9T$o$l$F$$$J$/!"BP>]$H$J$k%[%9(B
$B%H$X$N%/%(%j$K4^$a$kJ}K!$G!"Cm0U?<$/AH$_N)$F$i$l$?%a%?%-%c%i%/%?$r4^$`(B
$BMM$J(B SQL $B%/%(%j$N9=J8$rAH$_N)$F$i$l$k2DG=@-$,A[Dj$5$l$k$N$G$"$k!#(B

$B$3$NLdBj$ODL>o%"%/%;%9$,@)8B$5$l$F$$$k;q8;$X$N%f!<%6$K$h$k%"%/%;%9$r2D(B
$BG=$K$7$F$7$^$$!"BP>]$H$J$k%5!<%P>e$NB>$NLdBj$K$D$$$F$b967b$N5!2q$r967b(B
$B]$H$J$k%[%9%H$XIT@5%"%/%;%9$r9T$($k;v$,A[Dj$5$l$k!#(B

16. Leon J Breedt Pam-PSQL Remote SQL Query Manipulation Vulnerability
BugTraq ID: 3319
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3319
$B$^$H$a(B:

Leon J Breedt $B$,:n@.$7$?(B pam-psql $B$O(B PostgreSQL $B$HAH$_9g$o$;$FMxMQ$5(B
$B$l$k(B PAM $B$r2p$9$kG'>Z5!9=$rMxMQ$9$k$?$a$N%b%8%e!<%k$G$"$k!#(B

$B$3$N%b%8%e!<%k$K$O%f!<%6$KG'>Z$r5a$a$k$$$+$J$k5!9=(B (HTTP$B!"(BSSH$B!"(Btelnet $BEy(B)
$B$r2p$7$F(B SQL $B%/%(%j$,A`:n$5$l$F$7$^$&$H8@$&LdBj$N5?$$$,$"$k!#(BSQL $B%/%(%j(B
$BMQ$NJ8;zNs$K4^$^$l$k%G!<%?$OFbMF$N3NG'$,9T$o$l$F$$$J$/!"BP>]$H$J$k%[%9(B
$B%H$X$N%/%(%j$K4^$a$kJ}K!$G!"Cm0U?<$/AH$_N)$F$i$l$?%a%?%-%c%i%/%?$r4^$`(B
$BMM$J(B SQL $B%/%(%j$N9=J8$rAH$_N)$F$i$l$k2DG=@-$,A[Dj$5$l$k$N$G$"$k!#(B

$B$3$NLdBj$ODL>o%"%/%;%9$,@)8B$5$l$F$$$k;q8;$X$N%f!<%6$K$h$k%"%/%;%9$r2D(B
$BG=$K$7$F$7$^$$!"BP>]$H$J$k%5!<%P>e$NB>$NLdBj$K$D$$$F$b967b$N5!2q$r967b(B
$B]$H$J$k%[%9%H$XIT@5%"%/%;%9$r9T$($k;v$,A[Dj$5$l$k!#(B

17. Digital Unix MSGCHK  MH_PROFILE Symbolic Link Vulnerability
BugTraq ID: 3320
$B%j%b!<%H$+$i$N:F8=@-(B: No
$B8x3+F|(B: 2001-09-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3320
$B$^$H$a(B:

$BFCDj$N%P!<%8%g%s$N(B Digital Unix $B$KF1:-$5$l$F$$$k(B msgchk $B%f!<%F%#%j%F%#(B
$B$O(B root $B8"8B0J30$N%f!<%6$KK\Mh3+<($5$l$F$O$J$i$J$$>pJs$r3+<($7$F$7$^$&(B
$BLdBj$rJz$($F$$$k!#(B

msgchk $B$O%f!<%6$N%[!<%`%G%#%l%/%H%j$KB8:_$9$k@_Dj%U%!%$%k$r3+$/A0$N%U%!(B
$B%$%k$N%Q!<%_%C%7%g%s$N%A%'%C%/$rBU$C$F$$$k!#$3$N$?$a!"%f!<%6$O@_Dj%U%!(B
$B%$%kL>(B .mh_profile $B$+$i967bBP>]$H$J$k%U%!%$%k$r<($9%7%s%\%j%C%/%j%s%/$r(B
$B:n@.$9$k;v$,2DG=$J$N$G$"$k!#$3$N%W%m%0%i%`$K$O@_Dj%U%!%$%k$rFI$_]$N%U%!(B
$B%$%k$N:G=i$N9T$K4^$^$l$kFbMF$rFI$_l9g(B
$B$K$O!"BP>]$H$J$k%[%9%HFb$N$$$:$l$N%U%!%$%k$+$i$b8BDj$5$l$?>pJs$NFI$_=P$7(B
$B$N$_$,2DG=$H$J$k!#(B

18. NetOp School Administration Authentication Vulnerability
BugTraq ID: 3321
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8x3+F|(B: 2001-09-11
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3321
$B$^$H$a(B:

NetOp School $B$OH!"@)8f!"CZMW5a$,@8EL$K<($5$l$k!#(B

$B$7$+$7!"@8EL$,%?%9%/%^%M!<%8%c$rMxMQ$7$F@8ELMQ%3%s%]!<%M%s%H$N=hM}$rCfCG(B
$B$5$;$?>l9g!"4IM}MQ%=%U%H%&%'%"$rG'>Z$J$7$G$N$I$NC19. Apple Macintosh OS X  .DS_Store Directory Listing Disclosure Vulnerability
BugTraq ID: 3324
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-11
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3324
$B$^$H$a(B:

$BFCDj$N@_Dj>uBV$N(B Mac OS X $B$KLdBj$,H/8+$5$l$F$$$k!#(B

$B%U%!%$%k%7%9%F%`Fb$N$=$l$>$l$N%G%#%l%/%H%jFb$K$O!"$=$N%G%#%l%/%H%jFb$K(B
$B4^$^$l$k%U%!%$%k$N0lMw$r4^$`%G!<%?$r5-O?$7$?1#$7%*%V%8%'%/%H!"(B.DS_Store
$B$,B8:_$7$F$$$k!#$3$N%*%V%8%'%/%H$O%m!<%+%k$N%f!<%6$,(B Finder $B$rMxMQ$7$F(B
$B%G%#%l%/%H%j$r;XDj$7$F;2>H$9$k:]$K:n@.$5$l$k!#(B

$B$7$+$7!"%j%b!<%H$N967bpJs$r!"0J2<$K<($97A<0$N(B URL
$B$rM?$($k;v$K$h$j!"LdBj$rJz$($k%[%9%H$N(B Web $B%5!<%S%9$r2p$7$F;2>H$9$k;v$,(B
$BA[Dj$5$l$k$N$G$"$k!#(B

http://www.example.com/target_directory/.DS_store.

$B$3$NLdBj$GF@$i$l$k>pJs$O967bpJs!"%$%s%9%H!<%k:Q$_%"(B
$B%W%j%1!<%7%g%s0lMwEy$r4^$`=EMW$J>pJs$rDs6!$7$F$7$^$&;v$K7R$,$j!"E,@Z$K(B
$B$3$NLdBj$rMxMQ$9$k967b$r9T$&;v$G!"$3$l$i>pJs$O967b]$H$J$k%[(B
$B%9%H$N%;%-%e%j%F%#$KBP$9$k6<0R$r>7$/2DG=@-$,$"$k!#(B

20. Apple Macintosh OS X FBCIndex File Contents Disclosure Vulnerability
BugTraq ID: 3325
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-11
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3325
$B$^$H$a(B:

$BFCDj$N@_Dj>uBV$N(B Mac OS X $B$KLdBj$,H/8+$5$l$F$$$k!#(B

$B%j%b!<%H$N967bH$9(B
$B$k;v$,A[Dj$5$l$k$N$G$"$k!#(B

http://www.example.com/target_directory/.FBCIndex.

$BF@$i$l$k>pJs$O967bpJs$rDs6!$9$k;v$K7R$,$j!"E,@Z$K$3$NLdBj$rMxMQ$9$k967b$r9T$&;v$G!"$3$l(B
$B$i>pJs$O967b]$H$J$k%[%9%H$N%;%-%e%j%F%#$KBP$9$k6<0R$r>7$/2D(B
$BG=@-$,$"$k!#(B

21. SpeechD Privileged Command Execution Vulnerability
BugTraq ID: 3326
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8x3+F|(B: 2001-09-11
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3326
$B$^$H$a(B:

SpeechD $B$O(B Linux $B4D6-$K$*$$$F2;@<9g@.5!G=MQ$N%G%P%$%9FHN)%l%$%d$rDs6!(B
$B$9$k%G!<%b%s$G$"$j!"@<$rMxMQ$9$k%"%W%j%1!<%7%g%s$d%G%P%$%9%I%i%$%P$X$N(B
$B%$%s%?%U%'!<%9$rDs6!$7$F$$$k!#(B

$B$3$N%G!<%b%s$OFCDj$NuBV$G8!>Z$,9T$o$l$F$$$k!#$3$NLdBj$O(B festival $B$d$=$NB>(B
$B$N%"%W%j%1!<%7%g%s$K$b1F6A$rM?$($k2DG=@-$,$"$k$H?d;!$5$l$k!#(B

22. Trend Micro InterScan eManager Buffer Overflow Vulnerability
BugTraq ID: 3327
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: 2001-09-12
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3327
$B$^$H$a(B:

Trend Micro InterScan eManager $B$O(B InterScan $BMQ$N%W%i%0%$%s$G$"$j!"(BSPAM$B$d(B
$BDL2a$9$k%a%C%;!<%8$NFbMF!"%a!<%k$NG[?.$r4IM}$9$k%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B Web $B$rMxMQ$9$k%$%s%?%U%'!<%9$r2p$7$F4IM}2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$KF1:-$5$l$k$$$/$D$+$N(B CGI $B%W%m%0%i%`$K$O967be=q$-$,2DG=$G$"$k!#(B

$B0J2<$K<($9%b%8%e!<%k$,LdBj$rJz$($k%b%8%e!<%k$G$"$k!#(B

/eManager/cgi-bin/register.dll
/eManager/Content%20Management/ContentFilter.dll
/eManager/Content%20Management/SFNofitication.dll
/eManager/Email%20Management/cgi-bin/register.dll
/eManager/Email%20Management/cgi-bin/TOP10.dll
/eManager/Email%20Management/cgi-bin/SpamExcp.dll
/eManager/Email%20Management/cgi-bin/spamrule.dll

$B$J$*!"(BWeb $B$rMxMQ$9$k%$%s%?%U%'!<%9$K$OG'>Z5!9=$OHw$($i$l$F$$$J$$E@$ON1(B
$B0U$5$l$k$Y$-=EMW;v9`$G$"$k!#(B


III. SECURITYFOCUS.COM NEWS AND COMMENTARY
- ------------------------------------------
1. 'Mafiaboy' Gets 8 Months For DDoS Attacks
$BCx$J(B Web $B%5%$%H$K%/%i%C%-%s%09T0Y$rF/$/;v$G?t;~(B
$B4V$KEO$jMxMQITG=>uBV$K4Y$l$?%+%J%@$N(B10$BBe$N@DG/$K!":#F|!"@D>/G/94CV=j$X(B
$B$N(B8$B%v7n4V$NF~=j$NH=7h$,2<$5$l$?!#(B

http://www.securityfocus.com/templates/article.html?id=250

2. New Hotmail Hack Evades Filters
$BCx]$H$9$k?7$7$$967bJ}K!$,H/8+$5$l$?!#$3$l$O(B Microsoft
[NASDAQ:MSFT] $B$H(B Javascript $B$N%;%-%e%j%F%#%[!<%k$H$N:G?7$N$$$?$A$4$C$3(B
$B$G$"$k!#(B

http://www.securityfocus.com/templates/article.html?id=249


IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------
1. Lsof v4.56
$B:nhttp://www.securityfocus.com/tools/1008
$BF0:n4D6-(B: AIX, BSDI, Digital UNIX/Alpha, FreeBSD, HP-UX, IRIX, Linux,
NetBSD, OpenBSD, SCO, Solaris, SunOS and Ultrix
$B$^$H$a(B:

Lsof $B$O(B UNIX $B$KFC2=$7$??GCG%D!<%k$G$9!#$3$N%=%U%H%&%'%"$NL>>N$O(B LiSt Open
Files $B$KM3Mh$7!"$^$5$K$=$NL>$E$1DL$j$NF/$-$r$7$^$9!#$3$N%=%U%H%&%'%"$O(B
$B%7%9%F%`>e$GF0:nCf$N%W%m%;%9$K$h$C$F3+$+$l$F$$$k$I$N$h$&$J%U%!%$%k$G$"$C(B
$B$F$b$=$l$>$l$N>pJs$r0lMw$H$7$F=PNO$7$^$9!#(B

2. cqual v0.9
$B:nhttp://www.securityfocus.com/tools/2209
$BF0:n4D6-(B: UNIX
$B$^$H$a(B:

cqual $B$O(B C $B%W%m%0%i%`Fb$K%P%0$r8+$D$1=P$9!"7?$KCeL\$7$?J,@O$r9T$&%D!<%k(B
$B$G$9!#$3$N%=%U%H%&%'%"$O(B C $B8@8l$N7?$rFCJL$N%f!<%6$,Dj5A$9$k(B type qualifier
$B$G3HD%$7$^$9!#%W%m%0%i%^$O%W%m%0%i%`$KE,@Z$J(B qualifier $B$G(B annotation $B$r(B
$B9T$$!"$3$N%=%U%H%&%'%"$,BEEv@-$r3NG'$7$^$9!#8m$C$?(B annotation $B$O%P%0$G(B
$B$"$k2DG=@-$r<($7$^$9!#$3$N%=%U%H%&%'%"$O(B emacs $B$rMxMQ$9$k(B GUI$B!"(BProgram
Analysis Mode $B$rMQ$$$FJ,@O7k2L$rI=<($7$^$9!#B>$NF1uBV$N@_Dj%U%!%$%k$K$O=q<0;XDj;R$N@HC$75n$k$?(B
$B$a$N@_Dj$,4^$^$l$F$$$^$9!#(B

3. Windows 9x PassWord List reader v0.07
$B:nhttp://www.securityfocus.com/tools/2161
$BF0:n4D6-(B: UNIX $B$*$h$S(B Windows 95/98
$B$^$H$a(B:

Windows 9x PassWord List reader $B$O(B UNIX $B4D6-$GMxMQCf$N(B Windows $B$N%Q%9(B
$B%o!<%I%O%C%7%e$,5-O?$5$l$?%U%!%$%k$K5-O?$5$l$F$$$k%Q%9%o!<%I$r;2>H2DG=(B
$B$K$9$k%W%m%0%i%`$G$9!#$3$l$i$N%U%!%$%k$,$I$NDxEY0BA4$G$"$k$+$rH=CG$G$-!"(B
$BAmEv$j%b!<%I$G$O:G$b=EMW$J%Q%9%o!<%I$NI|5l$KMxMQ2DG=$G$9!#(B

4. MacAnalysis 2.0b
$B:nhttp://www.securityfocus.com/tools/1989
$BF0:n4D6-(B: MacOS
$B$^$H$a(B:

MacAnalysis is a security auditing suite for your Macintosh to perform and
help implement a security standard for your computer/network by performing
a full security check of network protocols, open services, port scans,
vulnerable CGI scripts and much more. This will scan your Macintosh, Unix,
Windows, and Hardware for any vulnerable security holes!

MacAnalysis $B$O(B Macintosh $BMQ$N%;%-%e%j%F%#4F::%D!<%k$G$"$j!"%M%C%H%o!<%/(B
$B%W%m%H%3%k!"Ds6!Cf$N%5!<%S%9!"%]!<%H%9%-%c%s!"LdBj$rJz$($k(B CGI $B%9%/%j%W(B
$B%H$N8!::Ey$rDL$8MxMQCf$N%3%s%T%e!<%?$d%M%C%H%o!<%/$KBP$9$k%;%-%e%j%F%#(B
$B%9%?%s%@!<%I$N$I$N$h$&$J%;%-%e%j%F%#%[!<%k$rJz$($k%O!<%I%&%'%"$K(B
$BBP$7$F$G$b%9%-%c%s$r9T$$$^$9!#(B

5. Averist v1.4.0.1
$B:nhttp://www.securityfocus.com/tools/1432
$BA`:n4D6-(B: Perl (perl $B$r2TF02DG=$J%7%9%F%`(B)
$B$^$H$a(B:

Averist $B$O(B Perl $B$G5-=R$5$l$?$I$N$h$&$J(B CGI $B%"%W%j%1!<%7%g%s$KBP$7$F$G$b(B
$BG'>Z5!9=$rIU$12C$($i$l$k%b%8%e!<%k$G$9!#$3$N%=%U%H%&%'%"$G$O(B CGI ($B%U%)!<(B
$B%`(B) $B$r2p$7$?=i4|CJ3,$G$NG'>Z5!9=$r%5%]!<%H$7!"(BCGI (hidden $BB0@-$r;H$C$?(B
$B%U%)!<%`(B) $B$d@_Dj2DG=$J%?%$%`%"%&%H0J8e$N:FG'>Z$N$?$a$N%/%C%-!<5!9=$r%5(B
$B%]!<%H$7$F$$$^$9!#$3$N%=%U%H%&%'%"$O%;%-%e%"$K$h$jJ]$D$?$a$K%;%C%7%g%s(B
$B%-!<$r%m!<%+%k$"$k$$$O%j%b!<%H$N(B SQL $B%G!<%?%Y!<%9$d(B DBM $B%U%!%$%k$K3JG<(B
$B$7$^$9!#=i4|CJ3,$G$NG'>Z;~$N%f!<%6L>$H%Q%9%o!<%I$N3NG'$O(B LDAP $B%G%#%l%/(B
$B%H%j!"(BSQL $B%G!<%?%Y!<%9!"(BDBM $B%U%!%$%k!"EAE}E*$J(B UNIX $B%Q%9%o!<%I7A<0$N(B
$B%U%!%$%k$N$$$:$l$+$rMxMQ$7$F9T$($^$9!#(B
$B$3$N%=%U%H%&%'%"$O(B Perl $B$G5-=R$5$l!"MF0W$K%+%9%?%^%$%:$H3HD%$,2DG=$G$9!#(B

6. ViperDB v0.9.9
$B:nhttp://www.securityfocus.com/tools/146
$BF0:n4D6-(B: AIX, BSDI, DG-UX, Digital UNIX/Alpha, FreeBSD, HP-UX, IRIX,
Linux, NetBSD, OpenBSD, SCO, Solaris, SunOS, True64 UNIX, UNIX, Ultrix
$B$*$h$S(B Unixware
$B$^$H$a(B:

ViperDB $B$O(B Tripwire $B$KBP93$9$k7ZNL!"7Z2w$J%*%W%7%g%s%=%U%H%&%'%"$H$7$F(B
$B:n@.$5$l$^$7$?!#(BTripwire $B$O$9$P$i$7$$@=IJ$G$"$k$N$G$9$,!"B.EY$KCeL\$7$?(B
$B;kE@$H8@$&$b$N$r8+2a$4$7$F$*$j!"%G%U%)%k%H$G(B Tripwire $B$O$$$D$N(B
$B$9$k$H8@$&MW5a$rK8$2$F$$$k$N$G$9!#$3$N%=%U%H%&%'%"$O$^$5$K$3$NLdBj$X$N(B
$B2r7h:v$G$9!#$3$N%=%U%H%&%'%"$O7Z2w$PJ?J8$N%G!<%?%Y!<%9$rMxMQ$7!"(BPerl
$B$G5-=R$5$l$F$$$^$9!#(B

- --
Translated by SAKAI Yoriyuki, KAGEYAMA Tetsuya
Supervised by SAKAI Yoriyuki
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Edition 5.5.5J
Comment: SAKAI Yoriyuki

iQA/AwUBO6aQZ5QwtHQKfXtrEQJmEwCfUKVNv/qYZ/urj1TgUNhBEW+F3qYAmwW/
J8gxxiG1U6nZNkIL98VSCHjh
=5xfg
-----END PGP SIGNATURE-----