Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@SECURITYFOCUS.COM
Subject: SecurityFocus.com Newsletter #122 2001-12-03->2001-12-07
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Message-Id: <200112111430.BCC86508.BBJLT@lac.co.jp>
Date: Tue, 11 Dec 2001 14:30:41 +0900
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 122 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

- ---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
- ---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://www.securityfocus.com/archive/79
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"Lu<T$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 10 Dec 2001 11:04:17 -0700 (MST)
Message-ID: <Pine.GSO.4.30.0112101103420.8557-100000@mail.securityfocus.com>

SecurityFocus Newsletter #122
- ---------------------------------

This issue is sponsored by VeriSign - The Value of Trust

- -------------------------------------------------------------------------------

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Advertising Information
     2. An Introduction to IDS
     3. Using IPSec in Windows 2000 and XP
     4. The Future of IDS
     5. 'Magic Lantern' Rubs the Wrong Way
II. BUGTRAQ SUMMARY
     1. Persits AspUpload Default Scripts Exploitable Vulnerability
     2. PHPNuke Cross-Site Scripting Vulnerability
     3. Microsoft Outlook Express for Macintosh Buffer Overflow...
     4. OpenSSH UseLogin Environment Variable Passing Vulnerability
     5. SpeedXess HA-120 Router Default Administrative Password...
     6. ValiCert Enterprise Validation Authority Code Execution...
     7. ValiCert Enterprise Validation Authority Path Disclosure...
     8. Lotus Domino SunRPC Denial of Service Vulnerability
     9. Frox FTP Cache Retrieval Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Lamo's Adventures in WorldCom
     2. Goner Worm Tops the Charts
IV.SECURITYFOCUS TOP 6 TOOLS
     1. userinfo v1.8
     2. Stealth HTTP Security Scanner v2.0b36
     3. CHX-I Universal Application Firewall and Intrusion...
     4. Mailfilter v0.3.1
     5. IP Sorcery v1.4
     6. WinARP Watch v1.0

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
- ---------------------------------

II. BUGTRAQ SUMMARY
- -------------------
1. Persits AspUpload Default Scripts Exploitable Vulnerability
BugTraq ID: 3608
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 30 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3608
$B$^$H$a(B:

AspUpload $B$O%j%b!<%H%f!<%6$K(B HTML $B%U%)!<%`$rMxMQ$7!"%U%!%$%k$r%"%C%W%m!<(B
$B%I$9$k5!G=$rDs6!$9$k(B ASP $B3HD%$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$H6&$K%$%s%9%H!<%k$5$l$k!"$"$k%5%s%W%k%9%/%j%W%H$K$h$C(B
$B$F!"%f!<%6$O(B Web $B%5!<%P$N(B c:\upload $B%G%#%l%/%H%j$X%U%!%$%k$N%"%C%W%m!<(B
$B%I$,2DG=$G$"$k!#$3$N%9%/%j%W%H$O%U%)!<%`Fb$N(B hidden $BJQ?t$NCM$H$7$F%"%C(B
$B%W%m!<%IBP>]$N%U%!%$%kL>$r<u$1IU$1$k;EMM$G$"$k!#$7$+$7!"$=$N:];XDj$5$l(B
$B$kJQ?t$O!"(B../ $BI=5-$rMxMQ$9$kAjBP%Q%9I=5-$rMQ$$$?%G%#%l%/%H%j;XDj$rMxMQ(B
$B$9$k967b$KMxMQ$5$l!"%j%b!<%H%f!<%6$O(B C $B%I%i%$%VFb$NG$0U$N%U%!%$%k$r%"%C(B
$B%W%m!<%I@h$H$7$F;XDj2DG=$J$N$G$"$k!#(B

$B$^$?!"JL$N%5%s%W%k%9%/%j%W%H$rMxMQ$7$F!"%j%b!<%H%f!<%6$O%G%#%l%/%H%j9=(B
$BB$$N;2>H$,2DG=$G$"$j!"%5!<%PFb$KB8:_$9$kG$0U$N%U%!%$%k$N%@%&%s%m!<%I$,(B
$B2DG=$G$"$k!#(B

$B%5%s%W%k%9%/%j%W%H$O(B C:\Program Files\PersitsSoftware\AspUpload\Samples
$BFb$K%$%s%9%H!<%k$5$l!"0J2<$,LdBj$rJz$($k%9%/%j%W%H$G$"$k!#(B

	UploadScript11.asp
	DirectoryListing.asp

AspUpload $B%P!<%8%g%s(B 3.0 $B$K$*$$$F$b$3$l$i%5%s%W%k%9%/%j%W%H$OF1:-$5$l$F(B
$B$$$k$H?d;!$5$l$k!#(B

2. PHPNuke Cross-Site Scripting Vulnerability
BugTraq ID: 3609
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Dec 03 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3609
$B$^$H$a(B:

PHPNuke $B$O(B Web $B%5%$%H$N9=C[!"4IM}5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$rMxMQ$9$k967b$N1F6A$r(B
$B<u$1$k5?$$$,$"$k!#(B

$B$3$N%=%U%H%&%'%"$G$O!"(Buser.php $B%9%/%j%W%H$X%j%s%/$5$l$?(B HTML $B%U%!%$%k(B
$B$r2p$7$FM?$($i$l$?(B HTML $B%?%0$K$D$$$F!"%U%#%k%?%j%s%0$,$J$5$l$F$$$J$$$N(B
$B$G$"$k!#(B

$B%f!<%6>pJs$r;2>H$9$k$?$a$KMxMQ$5$l$k%9%/%j%W%H$G$"$k(B user.php $B$O!"JQ?t(B
uname $B$r<u$1IU$1$F$$$k!#$3$NJQ?t$KM?$($i$l$kCM$O(B PHP $B$,@8@.$9$k(B HTML $BFb(B
$B$K4^$^$l!"%/%i%$%"%s%H$X0z$-EO$5$l$kA0$KITMW$JFbMF$N=|5n$,9T$o$l$F$$$J(B
$B$$$N$G$"$k!#(B

$B$3$N7k2L!"(BPHPNuke $B$rMxMQ$7$F9=C[$5$l$?%5%$%HFb$N$3$N%Z!<%8$KBP$7!"0-0U(B
$B$"$k%9%/%j%W%H$r4^$`%j%s%/$r:n@.$9$k;v$,2DG=$J$N$G$"$k!#(B
$B$3$N%j%s%/$,2?$i8=>]$rM=4|$7$F$$$J$$%f!<%6$K$h$C$F%/%j%C%/$5$l$k:]!"(B
PHPNuke $B1?MQ$7$F$$$k%5%$%H$+$iF@$i$l$?%3%s%F%s%D$H$7$F!"0-0U$"$k%3!<%I(B
$B$,<B9T$5$l$F$7$^$&$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O!"1F6A$r<u$1$k(B PHPNuke $B$rMxMQ$7$F9=C[$5$l$?%5%$(B
$B%H$KBP$7$FMxMQ$5$l$k!"%f!<%6$N%/%C%-!<$rMxMQ$7$?G'>ZMQ>pJs$rEp$_=P$9$?(B
$B$a$KMQ$$$i$l$k;v$,A[Dj$5$l$k!#(B

$B$J$*!"(BPostNuke $B$bJs9p$5$l$?=j$K$h$k$HLdBj$rJz$($F$$$k$H$N;v$G$"$k!#(B

3. Microsoft Outlook Express for Macintosh Buffer Overflow Vulnerability
BugTraq ID: 3611
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Dec 03 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3611
$B$^$H$a(B:

$B$$$/$D$+$N%P!<%8%g%s$N(B Microsoft Outlook Express for Macintosh $B$O!"%P%C(B
$B%U%!%*!<%P!<%U%m!<$r@8$8$kLdBj$rJz$($F$$$k!#(B

$B0-0U$"$k%f!<%6$,%a%C%;!<%8$NK\J8Cf$KDL>o$"$jF@$J$$D9$5$N9T$r4^$`!"FCJL(B
$B$KAH$_N)$F$i$l$?EE;R%a!<%k$r3:Ev$9$k%=%U%H%&%'%"$N%f!<%6$KAw?.$7$?:]!"(B
$BJs9p$5$l$?=j$K$h$k$H!"G$0U$N%3!<%I$N<B9T$r2DG=$K$9$k%9%?%C%/%*!<%P!<%U(B
$B%m!<$,@8$8$k$N$G$"$k!#%i%s%@%`$J%G!<%?$rAw?.$9$k;v$K$h$j!"%"%W%j%1!<%7%g(B
$B%s$r%/%i%C%7%e2DG=$G$"$k!#(B

$B967b<T$O%9%?%C%/>e$N%j%?!<%s%"%I%l%9$rCV492DG=$G$"$j!"$^$?!"%a%b%jFb$K(B
$B0-0U$"$k<B9T%3!<%I$NCmF~$r9T$&;v$,?d;!$5$l$k!#$3$N7k2L$H$7$F!"967b<T$O(B
$B967bBP>]$H$J$C$?%[%9%H$X$N%"%/%;%9$,2DG=$K$J$k;v$,A[Dj$5$l$k!#(B

$B$3$N967b$N1F6A$r<u$1$k>u67$K4Y$k>r7o$O!"32$r$b$?$i$9EE;R%a!<%k$r!"$?$@(B
$B%f!<%6$,%@%&%s%m!<%I$r9T$&$N$_$G$"$k$H9M$($i$l$k!#(B

$B%a!<%k%5!<%P>e$G0-0U$"$k%a%C%;!<%8$,=|5n2DG=$K$J$k$^$G$N4V!"%/%i%$%"%s(B
$B%H$O%/%i%C%7%e$7B3$1$F$7$^$&$?$a$K!"967b<T$K$h$k;}B3$7$?(B DoS $B$,@.N)$9$k(B
$B$H9M$($i$l$k!#4IM}<T!"$"$k$$$OB>$N1F6A$r<u$1$J$$EE;R%a!<%k%/%i%$%"%s%H(B
$B$N$$$:$l$+$,3:Ev$9$k%a!<%k$N=|5n$r9T$&$^$G$N4V!"EE;R%a!<%k$N<hF@F0:n$,(B
$B9T$o$l$kEYKh$K!"$3$N0-0U$"$k%a%C%;!<%8$O%/%i%$%"%s%H$r%/%i%C%7%e$5$;B3(B
$B$1$k$N$G$"$k!#(B

4. OpenSSH UseLogin Environment Variable Passing Vulnerability
BugTraq ID: 3614
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Dec 04 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3614
$B$^$H$a(B:

OpenSSH $B$O%U%j!<$G$"$j!"%*!<%W%s%=!<%9$G$"$k(B Secure Shell $B%W%m%H%3%k$N(B
$B<BAu$G$"$k!#$3$N%=%U%H%&%'%"$O(B OpenBSD $B%A!<%`$K$h$jJ]<i$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%m!<%+%k%f!<%6$,8"8B$r>:3J2DG=$JLdBj$,H/8+$5$l$F$$(B
$B$k!#(BOpenSSH $B$O%f!<%6$,FCDj$N%-!<$rMxMQ$7$F%m%0%$%s$9$k:]!"FCDj$N4D6-JQ(B
$B?t$rMxMQ$9$k;v$r2DG=$K$7$F$$$k!#%5!<%P$,(B UseLogin $B%U%i%0$rMxMQ$7!"L@<((B
$B$5$l$?(B login $B%3%^%s%I$rMxMQ$9$kMM$K@_Dj$5$l$F$$$k:]!"4XO"$9$k4D6-JQ?t$N(B
$BCM$,(B login $B%3%^%s%IMQ$K@_Dj$5$l$k!#(B

$B$3$N=hM}$O%m!<%+%k$N967b<T$,(B login $B%3%^%s%IMQ$K(B LD_PRELOAD $B4D6-JQ?t7PM3(B
$B$K$h$k!"G$0U$N6&M-%i%$%V%i%j$rFI$_9~$^$;$k;v$K$h$k967b$r2DG=$K$7!"$h$j(B
$B>:3J$5$l$?8"8B$G$NG$0U$N%3!<%I$N<B9T$r>7$/;v$r2DG=$K$9$k$N$G$"$k!#(B

UseLogin $B%U%i%0$,@_Dj$5$l$k:]!"%m!<%+%k%f!<%6$O(B root $B8"8B$rC%<h2DG=$G$"(B
$B$k!#$J$*!"(BUseLogin $B%U%i%0$O%G%U%)%k%H$G$OM-8z$K$J$C$F$$$J$$!#(B

5. SpeedXess HA-120 Router Default Administrative Password Vulnerability
BugTraq ID: 3617
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Dec 04 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3617
$B$^$H$a(B:

SpeedXess HA-120 $B%k!<%?$O(B DSL $B@\B3$N%k!<%F%#%s%0$KMxMQ$5$l$k2HDm8~$1$N(B
$B%k!<%F%#%s%0<jCJ$rDs6!$9$k%O!<%I%&%'%"$G$"$k!#$3$N5!4o$O(B Hyundai Networks
$B$K$h$C$FHNGd!"J]<i$,9T$o$l$F$$$k!#(B

$B$3$N5!4o$K$O!"G'>Z$r9T$C$F$$$J$$%f!<%6$,5!4o$=$N$b$N$X%"%/%;%92DG=$H$J(B
$B$kLdBj$,B8:_$9$k!#%k!<%?$,F3F~$5$l$k:]$N%Q%9%o!<%I$NJQ99$rB%$9=hM}$K!"(B
$BLdBj$,B8:_$9$k$N$G$"$k!#(B

$B5!4o$,F3F~$5$l$?8e!"%k!<%?$O%f!<%6$K%Q%9%o!<%I$rJQ99$9$k:EB%$O9T$o$J$$(B
$B$N$G$"$k!#$3$NLdBj$K2C$(!"B>$NF1<o$N%k!<%?$KBP$7$F9)>l=P2Y;~$K@_Dj$5$l(B
$B$?%Q%9%o!<%I$O!"%G%U%)%k%H>uBV$G4{CN$G$"$k$H8@$&;v<B$,$"$k!#(B

$B$3$N$?$a!"%j%b!<%H%f!<%6$O%G%U%)%k%H%Q%9%o!<%I$rJQ99$;$:$KF3F~$5$l$?!"(B
$BA4$F$N(B HA-120 $B%k!<%?$XL58"8B$N$^$^$G4IM}5!G=$X%"%/%;%9$9$k;v$,2DG=$J$N(B
$B$G$"$k!#(B

6. ValiCert Enterprise Validation Authority Code Execution Vulnerability
BugTraq ID: 3619
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Dec 04 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3619
$B$^$H$a(B:

ValiCert Validation Authority $B$OJq3gE*$G!"%9%1!<%i%V%k$G$"$j!"%G%8%?%k(B
$B>ZL@=q$NBEEv@-$r3NG'$9$k$?$a$N?.Mj$G$-$k%U%l!<%`%o!<%/$rDs6!$7!"$$$:$l(B
$B$N>ZL@5!4X$K$*$$$F$b<B:]$KH/9T$5$l$F$$$k!#(B

$BJs9p$5$l$?=j$K$h$k$H!">ZL@=q$r:n@.$9$k:]!"%G%#%9%/%j%W%7%g%s%U%#!<%k%I(B
$BFb$K%f!<%6$O(B HTML $B%3!<%I$r4^$a$k;v$,2DG=$J$N$G$"$k!#(BValiCert $B4IM}%5!<%P(B
$B$+$i$=$N>ZL@=q$r;2>H$9$k:]!"4^$^$l$F$$$k(B HTML $B$O%$%s%?%U%'!<%9$N0lIt$r(B
$B@.$9$b$N$H$7$F2r<a$5$l$F$7$^$&$N$G$"$k!#(B

$B$J$*!"0-0U$"$k>ZL@=q$N:n@.$O8"8B$rJ];}$9$k%m!<%+%k%f!<%6$N$_$,9T$($k$H(B
$B8@$&E@$OCm5-$5$l$M$P$J$i$J$$!#(B

$B967b<T$O4IM}MQ%$%s%?%U%'!<%9$NFbMF$H$7$F4^$^$l$kMM$K!"0-0U$"$k%9%/%j%W(B
$B%H$N<B9T$d56$N>pJs$NI=<($,2DG=$K$J$k;v$,?dDj$5$l$k!#(B

7. ValiCert Enterprise Validation Authority Path Disclosure Vulnerability
BugTraq ID: 3615
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Dec 04 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3615
$B$^$H$a(B:

ValiCert Validation Authority $B$OJq3gE*$G!"%9%1!<%i%V%k$G$"$j!"%G%8%?%k(B
$B>ZL@=q$NBEEv@-$r3NG'$9$k$?$a$N?.Mj$G$-$k%U%l!<%`%o!<%/$rDs6!$7!"$$$:$l(B
$B$N>ZL@5!4X$K$*$$$F$b<B:]$KH/9T$5$l$F$$$k!#(B

$B$7$+$7!"0-0U$"$k%f!<%6$,(B Valicert $B$N%$%s%9%H!<%k@h$N%Q%9$r;2>H2DG=$K$J(B
$B$kLdBj$,B8:_$7$F$$$k!#(B

$B0-0U$"$k%f!<%6$,!"B8:_$7$J$$<oN`$N%+%9%?%^%$%:$5$l$?3HD%;R$rDI2C$9$k$?(B
$B$a$N(B HTTP $B%j%/%(%9%H$r(B Enterprise VA $B$XAw?.$7$?:]!"%5!<%P$O(B Enterprise
$B%5!<%P$N%$%s%9%H!<%k@h$N%Q%9$r4^$`%(%i!<%Z!<%8$rJV$7$F$7$^$&$N$G$"$k!#(B
$B%U%!%$%k%7%9%F%`>e$N%"%W%j%1!<%7%g%s$N%$%s%9%H!<%k@h>pJs$O!"=EMW$J>pJs(B
$B$N3JG<@h>pJs$r?dB,$9$k$?$a$N>pJs$H$J$j!"967bBP>]$N%[%9%H$X9T$o$l$k!"0J(B
$B8e$N967b$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

$B0-0U$"$k%j%/%(%9%H$O%]!<%HHV9f(B 13333 $B$X(B forms.exe $B$r2p$7$F9T$o$l$kI,MW(B
$B$,$"$k!#(B

8. Lotus Domino SunRPC Denial of Service Vulnerability
BugTraq ID: 3607
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 30 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3607
$B$^$H$a(B:

Lotus Domino Server $B$O(B Web $B$rMxMQ$7$?6(6H4D6-$rDs6!$9$k$?$a$N!"%"%W%j%1!<(B
$B%7%g%s$r9=C[$9$k$?$a$N%U%l!<%`%o!<%/$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N(B
$B%=%U%H%&%'%"$OJ#?t$N4D6-$GF0:n$7!"9-$/Ia5Z$7$F$$$k(B Lotus Notes $B%/%i%$%"(B
$B%s%H%=%U%H%&%'%"8~$1$N%5%]!<%H5!G=$r4^$s$G$$$k!#(B

Lotus Domino $B$,(B SunRPC $B$N(B NULL $B%3%^%s%I$r%]!<%HHV9f(B 443 $B$G<u$1<h$k:]!"(B
nhttp $B%W%m%;%9$O%/%i%C%7%e$7$F$7$^$$!"(BDomino Server $B$X$N(B DoS $B967b$,@.N)(B
$B$7$F$7$^$&$N$G$"$k!#DL>oF0:n$X$NI|5l$O$3$N%W%m%;%9$N:F5/F0$,I,MW$G$"$k!#(B

SunRPC $B$N(B NULL $B%3%^%s%I$rMxMQ$9$k967b$O!"(B-sR $B%U%i%0IU$-$G(B nmap $B$r<B9T$9(B
$B$k;v$G4k$F$k;v$,2DG=$G$"$k$H9M$($i$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O(B http $B%?%9%/$r(B ssl $B$rM-8z$K$7$F<B9T$7$F$$$k(B Domino
Server $B$KBP$7$FM-8z$G$"$k!#(B

9. Frox FTP Cache Retrieval Buffer Overflow Vulnerability
BugTraq ID: 3606
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 30 2001 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/3606
$B$^$H$a(B:

Frox $B$O%U%j!<$G$"$j!"%*!<%W%s%=!<%9$G$"$k(B FTP $B%W%m%-%75!G=$rDs6!$9$k%=(B
$B%U%H%&%'%"%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O%Q%V%j%C%/%I%a%$%s>uBV$G(B
$BJ]<i$,$J$5$l$F$*$j!"(BSourceforge $B$N%$%s%G%C%/%9Fb$K3JG<$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$K$O!"%f!<%6$,$h$j9b0L$N8"8B$NC%<h$,2DG=$G$"$kLdBj$,H/(B
$B8+$5$l$F$$$k!#LdBj$OD9$$%Q%9L>$N<h$j07$$It$KB8:_$7$F$$$k!#(B

$B$3$NLdBj$O(B FTP $B$K$h$k%U%!%$%k<hF@;~$K!"(BFTP $B%W%m%-%7$,%-%c%C%7%s%0$r9T$&(B
$BMM$K@_Dj$5$l$F$$$k:]$K$N$_!"L@$i$+$KH/8=$9$k;v$,>ZL@$5$l$F$$$k!#$3$N%=(B
$B%U%H%&%'%"$G$O6-3&%A%'%C%/$,==J,$G$O$J$$$?$a$K!"%P%C%U%!%*!<%P!<%U%m!<(B
$B$rD9$$%Q%9L>IU$-$N%U%!%$%k$r;XDj$9$k;v$K$h$j0z$-5/$3$9;v$,2DG=$J$N$G$"(B
$B$k!#$3$N7k2L!"%j%?!<%s%"%I%l%9$r4^$`%9%?%C%/Fb$NCM$N>e=q$-$r9T$$!"(BFrox
$B$N<B9T8"8B$G$N%3!<%I$N<B9T$r>7$/;v$,2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k;v$G!"0-0U$"$k(B FTP $B%5!<%P$OLdBj$rJz$($k%=%U%H%&%'%"$r(B
$B<B9T$7$F$$$k%7%9%F%`$N!"%m!<%+%k$X$N%"%/%;%9$r9T$&$?$a$N%7%'%k$r5/F0$9(B
$B$k;v$,2DG=$K$J$k!#(BFrox $B$OE57?E*$K$O(B root $B$G$O$J$$8"8B$G<B9T$5$l$k%W%m%0(B
$B%i%`$G$"$k!#(B


III. SECURITYFOCUS NEWS AND COMMENTARY
- ------------------------------------------
1. Lamo's Adventures in WorldCom
$BCx<T(B: Kevin Poulsen

$B<~0O$X$N6571$r$b$?$i$9?MJ*$,$^$?$b$d;v7o$r5/$7$?$N$G$"$k!#:#2s$N;v7o$O(B
$B$H$"$k4k6H$NFbIt8~$1(B Web $B%5%$%H$K%"%/%;%9$9$kJ}K!$r8+$D$1=P$7!"$=$N4k6H(B
$B$N%;%-%e%j%F%#C4Ev<T$X$=$N8e$KA4$F$r8l$C$?$H8@$&$b$N$G$"$k!#(B
$B$3$N;v7o$r0z$-5/$3$7$?$N$,(B Adrian Lamo $B$G$"$k!#$J$<!"H`$O$3$N;v7o$r0z$-(B
$B5/$3$7$?$N$@$m$&$+!#$^$?!"(BKinkos $B$,H`$r2r8[$7$?$H$7$F$bH`$N@83h$O;vA0$H(B
$BJQ$o$j$J$$$N$@$m$&$+!#(B

http://www.securityfocus.com/news/296

2. Goner Worm Tops the Charts
$BCx<T(B: Steve Gold and Steven Bonisteel, Newsbytes

$B$"$k(B1$BF|$N4V$G!"?7<o$N%&%$%k%9$,:]$b:]N)$C$?6<0R$H$J$C$?$N$G$"$k!#(B

http://www.securityfocus.com/news/295


IV.SECURITYFOCUS TOP 6 TOOLS
- -----------------------------
1. userinfo v1.8
$B:n<T(B: Michael Vogt michael.vogt@clicknet.ch
$B4XO"$9$k(BURL:
http://www.clicknet.ch/chscene/chscene.php
$BF0:n4D6-(B: Windows 2000, Windows NT
$B$^$H$a(B:

$B$3$N%"%W%j%1!<%7%g%s$NL\E*$O!"(BMicrosoft $B$,<BAu$7$?(B RestrictAnonymous
$B%l%8%9%H%j@_Dj$NFbMF$K!"0l4S@-$K7g$1$?ItJ,$r<($9;v$G$9!#(B

2. Stealth HTTP Security Scanner v2.0b36
$B:n<T(B: Felipe Moniz, Security Specialist
$B4XO"$9$k(BURL:
http://www.hideaway.net/stealth
$BF0:n4D6-(B: Linux, Windows 2000, Windows 95/98, Windows NT
$B$^$H$a(B:

Stealth 1.0 $B$O(B 2883 $B<oN`$N(B HTTP $B$K4XO"$9$kLdBj$K$D$$$F!"%9%-%c%s$r9T$$(B
$B$^$9!#$3$N%D!<%k$O%7%9%F%`4IM}<T!"%;%-%e%j%F%#%3%s%5%k%?%s%H!"(BIT $B4XO"(B
$B$N@lLg2=$,A[Dj$5$l$k%;%-%e%j%F%#%[!<%k$r3N$+$a!"967b<T$,967b2DG=$J4{B8(B
$B$N$$$+$J$k%;%-%e%j%F%#>e$NLdBj$r$b8!::$G$-$kMM$K!"FC$KCeL\$7$F@_7W$5$l(B
$B$F$$$^$9!#>&6HMxMQ!"Hs>&6HMxMQ$N$$$:$l$K$*$$$F$b40A4$K%U%j!<$GMxMQ2DG=(B
$B$G$9!#(B

3. CHX-I Universal Application Firewall and Intrusion Detection Engine.
   v1.7
$B:n<T(B: IDRCI Inc.
$B4XO"$9$k(BURL:
http://www.idrci.net/default.htm?tryit=en
$BF0:n4D6-(B: Windows 2000, Windows NT
$B$^$H$a(B:

CHX-I $B$O(B TCP $B$KBP$7$F%"%W%j%1!<%7%g%sAX%l%Y%k$G<BAu$5$l$F$$$k%U%!%$%d%&%)!<(B
$B%k$G$9!#:G?7HG$O(B 1.7 $B$,Ds6!$5$l$F$$$^$9!#(B
$B!&(BSSL $B%H%i%U%#%C%/$NJ,@O$r9T$&%(%s%8%s$,Ek:\$5$l!"EAAwCf$N(B TCP $B%H%i%U%#%C(B
  $B%/Fb$K4^$^$l$kFbMF$K4X$7$F%U%#%k%?%j%s%0$,2DG=$G$9(B
$B!&(BSSL $B$rMxMQ$7$?%5!<%P%5%$%I$G9T$o$l$kF)2a7?0E9f2=5!G=$K$h$j!"(BTCP $B$G<B(B
  $BAu$5$l$?%"%W%j%1!<%7%g%sAX$N%H%i%U%#%C%/$N0E9f2=$,2DG=$G$9(B
$B!&=EMW$J!"$"$k$$$O!"L\E*30$N%G!<%?$NA`:n$K4X$7$F!"$=$l$i$rEAAwCf$N(B TCP
  $B%H%i%U%#%C%/Fb$N%G!<%?$N2~JQ$,2DG=$G$9(B
$B!&HsF14|E*$J%j%P!<%9%G!<%?%U%m!<$N8!:w!"$9$J$o$A%H%i%U%#%C%/$NJ}8~@-$r(B
  $B85$K$7$?8!:w$,2DG=$G$9(B
$B!&Nc$($P(B Drop$B!"(BLog$B!"(BReplace $B$H8@$C$?J#?t$N%"%/%7%g%s$r!"%(%s%8%s$O%H%i(B
  $B%U%#%C%/$N%U%m!<Kh$K9T$$$^$9(B

4. Mailfilter v0.3.1
$B:n<T(B: Andreas Bauer
$B4XO"$9$k(BURL:
http://mailfilter.sourceforge.net/
$BF0:n4D6-(B: POSIX
$B$^$H$a(B:

Mailfilter $B$O<u$1<h$j$?$/$J$$(B spam $B%a!<%k$r!"%m!<%+%k$K$"$k%3%s%T%e!<%?(B
$B$K%@%&%s%m!<%I$7$F$7$^$$LdBj$K4,$-9~$^$l$F$7$^$&A0$K!"=|5n$9$k$?$a$N=@(B
$BFp$KBP1~2DG=$J%f!<%F%#%j%F%#$G$9!#$3$N%=%U%H%&%'%"$O(B 1 $B8D0J>e$N(B POP3
$B%"%+%&%s%H$r%5%]!<%H$7!"$H$j$o$1%b%G%`7PM3$N%@%$%"%k%"%C%W%"%+%&%s%H4D(B
$B6-$K$*$$$FM-MQ$G$9!#%f!<%6$O$I$N%a!<%k$,G[Aw$5$l$k$Y$-$G!"$I$N%a!<%k$,(B
$BGK4~$5$l$k$Y$-$+$rH=CG$9$k8DJL$N%U%#%k%?(B ($B%k!<%k(B) $B$r@_Dj2DG=$G$9!#(B

5. IP Sorcery v1.4
$B:n<T(B: Case ajz023@motorola.com
$B4XO"$9$k(BURL:
http://www.legions.org/~phric/ipsorcery.html
$BF0:n4D6-(B: Linux, POSIX, UNIX
$B$^$H$a(B:

IP Sorcery $B$O(B TCP/IP $B%Q%1%C%H@8@.%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$O(B
TCP$B!"(BUDP$B!"(BICMP $B%Q%1%C%H$r(B GTK+ $B%$%s%?%U%'!<%9$rMxMQ$7$FAw?.2DG=$G$9!#(B

6. WinARP Watch v1.0
$B:n<T(B: Andreas Vernersson andver-8@student.luth.se
$B4XO"$9$k(BURL:
http://jota.sm.luth.se/~andver-8/warp/
$BF0:n4D6-(B: Windows 2000, Windows 95/98, Windows XP
$B$^$H$a(B:

WinARP Watch $B$O(B Windows $B$N(B ARP $B%-%c%C%7%e$N%b%K%?%j%s%0$r9T$&%W%m%0%i%`(B
$B$G$9!#(BARP $B%-%c%C%7%e$K$O(B IP $B%"%I%l%9$H(B MAC $B%"%I%l%9$NBP$,4^$^$l$F$$$k$?(B
$B$a$K!"(BIP $B%Q%1%C%H$,Aw$i$l$kEY$K%-%c%C%7%e$NFbMF$+$i(B IP $B%"%I%l%9$H(B MAC $B%"(B
$B%I%l%9$NBP1~IU$1$,!"%V%m!<%I%-%c%9%H$r2p$7$?(B MAC $B%"%I%l%9$N%j%/%(%9%H$,(B
$B9T$o$l$k;v$,$"$j$^$;$s!#(B

$B$7$+$7!"56$N(B ARP $B1~Ez$rJV$9;v$,2DG=$G$"$k$?$a!"%-%c%C%7%e$K56$NFbMF$r3J(B
$BG<$9$kLdBj$,$"$jF@$k$N$G$9!#$3$l$O(B ARP $BFbMF$N1x@w$H8F$P$l!"7h$7$F$h$$7k(B
$B2L$r$b$?$i$9;v$O$"$j$^$;$s!#(B

$B$3$N%W%m%0%i%`$O%-%c%C%7%e$NFbMF$r8+D%$j!"%W%m%0%i%`Fb$N%j%9%H$X?7$7$$(B
IP $B%"%I%l%9$H(B MAC $B%"%I%l%9$NBP$rA4$F3JG<$7$^$9!#(B
$BAH$_9g$o$;$,4{$K4{CN$G$"$k>l9g!"%W%m%0%i%`$O%-%c%C%7%eFb$NFbMF$HJQ2=$,(B
$B$"$k$+$I$&$+$r3NG'$7$^$9!#(B
- --
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki), $B1F;3E0:H(B(KAGEYAMA Tetsuya)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Edition 5.5.5J
Comment: SAKAI Yoriyuki

iQA/AwUBPBUbcZQwtHQKfXtrEQICwACfV7LiTJVsOJ3pUJ3Z5ti2v68JnIsAnj5o
sApIucIHGuiecUm9N9KlKROG
=J5dp
-----END PGP SIGNATURE-----