Return-Path: owner-bugtraq-jp@SECURITYFOCUS.COM X-Mailer: Winbiff [Version 2.20 PL4] Mime-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp Message-ID: <199911162109.DAD80767.BJTBL@lac.co.jp> Date: Tue, 16 Nov 1999 21:09:22 +0900 Reply-To: SAKAI Yoriyuki Sender: BUGTRAQ-JP List From: SAKAI Yoriyuki Subject: Security Focus Newsletter #14,#15 1999-11-02 -> 1999-11-14 (1/2) X-To: BUGTRAQ-JP@SECURITYFOCUS.COM To: BUGTRAQ-JP@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 $B:d0f(B@$B%i%C%/$G$9!#(B Security Focus Newsletter $BBh(B 14, 15 $B9gJ;9f$NOBLu$r$*FO$1$7$^(B $B$9!#Lu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B $B$J$*:#9f$O BugTraq-JP $B$K4X$9$k(B FAQ: - --------------------------------------------------------------------- - --------------------------------------------------------------------- $B0zMQ$K4X$9$kHw9M(B: $B!&$3$NOBLu$O(B Security Focus $B$N5v2D$r3t<02qe$G9T$o$l$F(B $B$$$^$9!#(B $B!&(BSecurity Focus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B $BA4J80zMQ$r$*4j$$$7$^$9!#(B $B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B $B!&$^$?!"(BSecurity Focus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k(B $B7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B 1) - --------------------------------------------------------------------- - --------------------------------------------------------------------- $B$3$NOBLu$K4X$9$kHw9M(B: $B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02qR2p(B($BF|K\8lLu$J$7(B) 2. Elias Levy $B$,(B National Public Radio $B$K=P1i$7$^$7$?(B II. $B:#=5$N(B BUGTRAQ $B$+$i(B 1. Multiple Vendor CDE dtappgather Vulnerabilities (Update) 2. Canna subsystem 'uum' Buffer Overflow Vulnerability 3. Canna subsystem 'canuum' Buffer Overflow Vulnerability 4. Microsoft IE Yamaha MidiPlug Buffer Overflow Vulnerability 5. BTD Zom-Mail Buffer Overflow Vulnerability 6. AN-HTTPd CGI Vulnerabilities 8. Hylafax 'faxalter' Buffer Overflow Vulnerability 9. Microsoft IE window.open Redirect Vulnerability 10. Real Server Administrator Port Buffer Overflow Vulnerability 11. NT Spoolss.exe Buffer Overflow Vulnerabilities 12. NT Spoolss.exe DLL Insertion Vulnerability 13. Cobalt RaQ2 cgiwrap Vulnerability 14. Alibaba Multiple CGI Vulnerabilties 15. MS ActiveX CAB File Execution Vulnerability 16. Byte Fusion BFTelnet Long Username DoS Vulnerability 17. FTGate Directory Traversal Vulnerability 18. Etype Eserv Directory Traversal Vulnerability 19. Sendmail Socket Hijack Vulnerability 20. Guestbook CGI Remote Command Execution Vulnerability 21. Artisoft XtraMail Multiple DoS Vulnerabilities 22. BigIP Config UI Vulnerabilities 23. Microsoft IE for Win98 file:// Buffer Overflow Vulnerability 24. Seyon Relative Path Vulnerability 25. IrfanView32 Image File Buffer Overflow Vulnerability 26. Linux nfsd Remote Buffer Overflow Vulnerability 27. TransSoft Broker User Name Buffer Overflow Vulnerability 28. Windows 95/98 UNC Buffer Overflow Vulnerability 29. RedHat Linux csh/tcsh Vulnerability 30. Immunix StackGuard Evasion Vulnerability 31. InterScan VirusWall Long HELO Buffer Overflow Vulnerability 32. Multiple BIND Vulnerabilities 33. IMail POP3 Buffer Overflow Denial of Service Vulnerability 34. NetCPlus SmartServer3 POP Buffer Overflow Vulnerability 35. Microsoft ActiveX Error Message Vulnerability 36. MacOS9 NDS Client Inherited Login Vulnerability III. $B%Q%C%A>pJs(B 1. WFTPD Remote Buffer Overflow Vulnerability 2. InterScan VirusWall Long HELO Buffer Overflow Vulnerability 3. Windows 95/98 UNC Buffer Overflow Vulnerability 4. Multiple BIND Vulnerabilities 5. IrfanView32 Image File Buffer Overflow Vulnerability 6. Linux nfsd Remote Buffer Overflow Vulnerability 7. Cobalt RaQ2 cgiwrap Vulnerability 8. MS ActiveX CAB File Execution Vulnerability 9. Immunix StackGuard Evasion Vulnerability 10. IMail POP3 Buffer Overflow Denial of Service Vulnerability 11. NT Spoolss.exe Buffer Overflow Vulnerabilities and NT Spoolss.exe DLL Insertion Vulnerability 12. FTGate Directory Traversal Vulnerability 13. AN-HTTPd CGI Vulnerabilities 14. IBM HomePagePrint Buffer Overflow Vulnerability IV. $B:#=5$N(B INCIDENTS $B$+$i(B 1. possible trojan/virus issue solved (Thread) 2. port 109 (Thread) 3. Re: Logging hosts (Thread) 4. Mail-relaying probing (Thread) V. $B:#=5$N(B VULN-DEV RESEARCH LIST $B$+$i(B 1. Re: FreeBSD listen() (Thread) 2. ssh-1.2.27 remote buffer overflow - exploitable (Thread) 3. Re: thttpd 2.04 stack overflow (Thread) 4. MS Outlook javascript parsing bug (Thread) 5. Re: Open Port on Win98 box (Thread) 6. minor (?) mc bug (Thread) 7. [Fwd: [Fwd: ICQ 2000 trojan/worm (VD#5)]] (Thread) VI. $B5a?M0FFb(B($BF|K\8lLu$J$7(B) VII. $B%;%-%e%j%F%#D4::(B VIII. Security Focus $B$,A*$V>e0L(B6$B0L$N%D!<%k(B 1. Security Focus Pager (NT/98) 2. Snoot 1.3.1 (UNIX) 3. BUGS 2.0.1 (NT/UNIX) 4. NSS Narr0w Security Scanner (PERL) 5. cgi-check99 v0.3 0.3 (NT/UNIX) 6. guard (UNIX) IX. $B%9%]%s%5!<>pJs(B($BF|K\8lLu$J$7(B) X. Security Focus Newsletter $B$N9XFI!&9XFI2r=|>pJs(B I. $B=i$a$K(B - ----------- NT OBJECTives, Inc. $B$NDs6!$K$h$k!"(B Security Focus $B$,$*Aw$j$9$k=54)%K%e!<%:%l%?!<$NBh(B 14, 15 $B9gJ;9f$X$h$&(B $B$3$=!#(B $B3'$5$s$O$9$G$K$4B8CN$G$7$g$&$,!"Bh(B 14 $B9f$OG[Aw$G$-$^$;$s$G$7$?!#$3$l(B $B$O2?$+$NIi2Y$,(B Listserver $B$NF0:n$rAK32$7$F$7$^$C$?2DG=@-$,$"$k$?$a$G(B $B$9!#!#(B $B$5$F!"$3$N(B2$B=54V$O(B 36 $B7o$b$NR2p(B($BF|K\8lLu$J$7(B) - --------------------------------- We would like to take this opportunity to welcome two newcomers to the SecurityFocus.com team. Joining us are Stephanie Fohn as the Chief Operating Officer at SecurityFocus.com (sfohn@securityfocus.com) and Chip Mesec as the VP of Marketing. Stephanie Fohn - COO($BF|K\8lLu$J$7(B) - ---------------------------------- Stephanie has a broad base of management and entrepreneurial experience, with particular expertise in the Internet security area. Most recently, she served as an interim senior management consultant, filling roles such as Vice President of Marketing for Tripwire Security Systems and Director of Distribution Partnerships for Infoseek. Previously, Stephanie served as director of business development and marketing for Pilot Network Services, Inc., a provider of secure Internet access for corporations. Prior to joining Pilot, Stephanie spent six years in venture capital and investment banking in the technology arena. Stephanie holds an M.S. degree in management from Massachusetts Institute of Technology and bachelor's degrees in business and psychology >from University of Washington. Chip Mesec - VP Marketing($BF|K\8lLu$J$7(B) - --------------------------------------- Chip Mesec is responsible for Product and Corporate Marketing at SecurityFocus.com. Prior to joining SecurityFocus.com, Chip was the VP of Marketing with Cyber SIGN Inc., a company that marketed electronic biometric signatures. He has over 12 years of computer security and network experience with positions as Director of Product Management for Security Products at Network Associates Inc., and five years of Product Management and Marketing manager for Network General Corporation, which merged with McAfee Associates to form Network Associates. Prior to joining Network General, Chip served as a development engineer on PC and networking hardware products at AT&T Bell Laboratories. 2. Elias Levy $B$,(B National Public Radio $B$K=P1i(B - --------------------------------------------- Aleph One$B$H$7$F3'$5$s$4B8CN$N(B Elias Levy $B$,!V%5%$%P!<%F%m%j%:%`!W$H$$$&(B $BOCBj$G(B National Public Radio $B$N%$%s%?%S%e!<$re$K$"$k$I$N$h$&$J%U%!%$%k$G$"$C$F$b%Q!<%_%C%7%g%s$K4X78$J$/>e=q$-$9(B $B$k;v$r5v$7$F$7$^$&!#(B dtappgather $B$O%m%0%$%s%;%C%7%g%sKh$K0l$N%U%!%$%k%7%9%F%`>e$N%U%!%$%k$X%f!<%6$,:n@.$7$?>l9g!"(B $B%U%!%$%k$N%Q!<%_%C%7%g%s$O(B 0666 $B$KJQ$o$C$F$7$^$&$N$@!#(B $B$^$?B>$NLdBj$,(B DTUSERSESSION $B4D6-JQ?t$r(B dtappgather $B$,$d$_$/$b$K?.MQ$9(B $B$k$?$a$KH/@8$7$F$7$^$&!#$3$NCM$r%U%!%$%k%7%9%F%`>e$N%U%!%$%k$r;X$7<($9(B $BMM$K@_Dj$9$k$3$H$G!"%U%!%$%k$N%Q!<%_%C%7%g%s$,JQ99$G$-$F$7$^$&$N$G$"$k!#(B dtappgather $B$O(B /var/dt/appconfig $B$H7k$SIU$1$i$l$F$$$k$?$a!"(B / $B%G%#%l%/(B $B%H%j$r;X$9$?$a$K$O0lO"$N(B .. $B$r4^$`J8;zNs$,I,MW$G$"$k!#$=$3$G(B .. $B$r4D6-(B $BJQ?t$X4^$^$;$k$3$H$G$I$N$h$&$J%U%!%$%k$G$"$C$F$b(B dtappgather $B$,%"%/%;%9(B $B$G$-$F$7$^$($k$N$G$"$k!#(B 2. Canna subsystem 'uum' Buffer Overflow Vulnerability BugTraq ID: 757 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 1999-11-02 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/757 $B$^$H$a(B: Canna $B$O%U%j!<%=%U%H%&%'%"$H$7$FMxMQ2DG=$JF|K\8lF~NO%7%9%F%`$G$"$k!#(B Canna $B$OF|K\8lF~NO$N$?$a$N%f!<%6%$%s%?%U%'!<%9$KMM!9$J7ABV$rDs6!$7$F(B $B$$$k!#(B Canna $B$O(B Nemacs(Mule)$B!"(Bkinput2$B!"$*$h$S(B canuum $B$r%5%]!<%H$7$F$$$k!#(B $B$3$l$i%D!<%k$OC10l$N%+%9%?%^%$%:$r9T$&%U%!%$%k$G%m!<%^;z$+$i$+$J$X$N(B $BJQ49%k!<%k$HJQ49MQ$N<-=q!"F|K\8l$N8l6g$NF~NOJ}K!$N@Z$jBX$(J}K!$rDs6!(B $B$7$F$$$k!#(B Canna $B$O!V$+$J!W$+$i!V4A;z!W$X%/%i%$%"%s%H(B-$B%5!<%P%b%G%k$K4p$E$$$?JQ49(B $B5!G=$rDs6!$7!"<+F0E*$J!V$+$J!W$+$i!V4A;z!W$X$NJQ495!G=$rDs6!$7$F$$$k!#(B $BFCDj$N(B UNIX $B$K4^$^$l$k(B Canna $B$N%5%V%7%9%F%`$G$"$k(B uum $B$K$O%P%C%U%!%*!<(B $B%P!<%U%m!<$rH/@8$9$kl9g!"%P%C%U%!%*!<%P!<%U%m!<$r@8$8(B $B$kl9g!"%P%C%U%!%*!<(B $B%P!<%U%m!<$r@8$8$kl9g$KH/@8$9$k!#%F%-%9%HCf$K4^$^$l$kCM$G<($5$l$?%W%m%0%i%`$O(B $B0-0U$"$k(B Web $B%Z!<%8$r%f!<%6$,K,$l$?:]$KA0$N%U%!%$%kL>$r;}$D%U%!%$%k$rE:IU$7$?%a!<%k$Nl9g!"(BHomePagePrint $B$,F0:n$7$F$$$k%/%i%$%"%s%H>e(B $B$G0U?^E*$J%3!<%I$,$J(B FAX $B%5!<%P%W%m%0(B $B%i%`$G$"$k!#(B $B$$$/$D$+$N%P!<%8%g%s$N(B Hylafax $B$K$O(B faxalter $B$H$$$&l9g(B UUCP $B8"8B$r$J%b%G%`Cl9g!"?7$7$$%V%i%&%6$N%&%#%s%I(B $B%&$NCf$r;X$7<($9$h$&$JCM$,@8@.$5$l$k!#?7$7$$%V%i%&%6$N%&%#%s%I%%$NCf?H(B ($B$9$J$o$A%m!<%+%k$K$"$k%U%!%$%k(B)$B$OFI$_=P$;$F$7$^$$!"A`:n2DG=$G$"$j!"$5(B $B$i$K(B Web $B%Z!<%8Fb$NB>$N%3!<%I$K$h$C$FJQ49$G$-$F$7$^$&!#(B 10. Real Server Administrator Port Buffer Overflow Vulnerability BugTraq ID: 767 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-04 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/767 $B$^$H$a(B: $B%$%s%9%H!<%k;~$K!"(BReal Server $B$O%i%s%@%`$K;H$o$l$F$$$J$$%]!<%H$r%j%b!<(B $B%H$+$i$N4IM}MQ$N%]!<%HHV9f$H$7$FA*Br$9$k!#$3$N%]!<%HHV9f$O(B Real Server $B$N%j%b!<%H$+$i$N(B Web $B4IM}5!G=$K$h$C$FMxMQ$5$l$k!#(B $B$3$N5!G=$K%"%/%;%9$9$k$?$a$K$O@5$7$/%]!<%HHV9f!"%f!<%6L>!"%Q%9%o!<%I$r(B $B%W%m%0%i%`$K<($5$M$P$J$i$J$$!#$7$+$7!"G'>Z$r5a$a$kMW5a$KBP$7$FD9$$%l%9(B $B%]%s%9$rAw$jJV$9$3$H$G!"%P%C%U%!$O>e=q$-$5$l!"0U?^E*$J%3!<%I$,%5!<%P$G(B $BZ$5$l$?$9$Y$F$N%f!<%6(B $B$,%"%/%;%9$G$-$F$7$^$&$b$N$b$"$k$N$@!#B?$/$N%*!<%P!<%U%m!<$O(B EIP $B%l%8%9%?(B $B$XD>@\=q$-9~$s$G$7$^$($k$b$N$G$"$j!"(B SYSTEM $B8"8B$G0U?^E*$J%3!<%I$re>:$r>7$$$F$7$^$($k!#(B $B$3$NLdBj$O(B AddPrintProvider() $B4X?t$NLdBj$G$"$k!#(B 13. Cobalt RaQ2 cgiwrap Vulnerability BugTraq ID: 777 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 1999-11-08 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/777 $B$^$H$a(B: Cobalt RaQ2 $B%5!<%P$K$O(B cgiwrap $B$H8F$P$l$k(B nobody $B$NBe$o$j$K%W%m%0%i%`$N(B uid $B$G(B CGI $B%W%m%0%i%`$rF0:n$5$;$k$?$a$N(B CGI $B%W%m%0%i%`$N%i%C%Q!<%W%m%0(B $B%i%`$,IUB0$9$k!#$7$+$7$3$N%W%m%0%i%`$O%5!<%P>e$K9=C[$5$l$?(B Web $B%5%$%H$K(B $BBP$9$k;HMQITG=967b$r5/$3$7$?$j!"(BWeb $B%G!<%?$r4m81$J>uBV$K;/$7$F$7$^$&!#(B cgiwrap $B$O(B CGI $B%W%m%0%i%`$,%f!<%6%G%#%l%/%H%jFb$G>N$N%5%V%G%#%l%/%H%j$rMxMQ$9$k!#$b$7$b%f!<%6$,(B CGI $B%W%m%0%i%`(B $B$,8F$S=P$5$l$k$Y$-%G%#%l%/%H%j$HF1$8L>A0$N%G%#%l%/%H%j$r:n@.$7$?>l9g!"(B cgiwrap $B$O%f!<%6$N%G%#%l%/%H%j$KB8:_$7$J$$%U%!%$%k$rl9g$rA[Dj$9$k>l9g!"(BCGI $B%W%m%0%i%`$OuBV$K;/$5$l$F$7$^$&!#(B 14. Alibaba Multiple CGI Vulnerabilties BugTraq ID: 770 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-03 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/770 $B$^$H$a(B: Alibaba webserver $B$G$O2?oDs6!$5$l$F$$$kHO0O30$N%U%!%$%k$d(B Web $B%5!<%P$r0BA4$KJ]$D$?$a$N%U%!(B $B%$%k$X$N%"%/%;%9MW5a$r5v$7$F$7$^$&!#$3$l$O967bH$7!">e=q$-$7!"@8@.$7!":o=|$G$-$F$7$^$&$H$$$&>u67$,9M$((B $B$i$l$k!#(B 15. MS ActiveX CAB File Execution Vulnerability BugTraq ID: 775 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-08 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/775 $B$^$H$a(B: Javascript $B$,M-8z$K$J$C$F$$$k(B Outlook $B$H(B Outlook Express $B$K$O%j%b!<%H$N(B $B0-0U$r;}$C$?%f!<%6$,0U?^E*$J%3!<%I$r(B Outlook / Outlook Express $B$,F0:n$7(B $B$F$$$k%3%s%T%e!<%?$GA0$rJQ99$9$k!#$=$N8e0-0U$"$k%f!<%6$O?t8D$N(B Javascript $B$N%3!<%I(B $B$H0l=o$K(B Outlook $B$rMxMQ$7$F$$$k%f!<%6$X%a!<%k$rE:IU%U%!%$%k$H$7$FAwIU$9(B $B$k!#e$G4{CN$N>l=j$X$,(B 3090 $BJ8;z$r1[$($F$$$?>l9g%/%i%C%7%e$7$F$7$^$&H$G$-$F$7$^$&$H$$$&$b$N$G$"(B $B$k!#=>$C$F!"0-0U$"$k%f!<%6$O8BDj$5$l$?NN0h30$N%U%!%$%k!"Nc$($P<+J,$KM?(B $B$($i$l$F$$$J$$8"8B$NEE;R%a!<%k$d%Q%9%o!<%I%U%!%$%k$J$I$rFI$_=P$;$F$7$^(B $B$&!#(B 18. Etype Eserv Directory Traversal Vulnerability BugTraq ID: 773 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-04 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/773 $B$^$H$a(B: Etype $BH$G$-(B $B$F$7$^$&$N$@!#=>$C$F!"967be$K$"$j!"(BWeb $B%5!<%P$,%"%/%;%92DG=$J%U%!%$%k$N$9$Y$F$N%U%!%$%k$rFI$_=P$72DG=$G$"$k!#(B 19. Sendmail Socket Hijack Vulnerability BugTraq ID: 774 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 1999-11-05 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/774 $B$^$H$a(B: $B%j%9%/$H$7$F$ODc$$o%]!<%HHV9f(B 25 $BHV$rBT$Ae=q(B $B$-!"$"$k$$$O>h$CuBV$K$"$k(B tcp $B%=%1%C%H$K$h$C$F(B tcp syn $B%Q%1%C%H$,(B $Bl9g!"(B($BNc$($P!V%9%F%k%9%9%-%c%s!W$NMM$J%O!<%U%*!<%W%s>uBV$N(B tcp $B@\B3$O9M$($i$l$k(B) accept() $B$N8F$S=P$7$O<:GT$9$k!#$=$7$F(B sendmail $B$O$9$Y$F$NBT$AuBV$N%=%1%C%H$rJD$8!"(B5$BIC4VBT5!$9$k!#(B $BBhFs$NLdBj$O%f!<%6$,(B sendmail $B$r%;%-%e%"$G$O$J$$0z?t$,M?$($i$l$?>l9g!"(B (-bD) $B%G!<%b%s>uBV$G5/F0$G$-$F$7$^$&E@$G$"$k!#(B $B$3$N(B -bD $B%U%i%0$O(B sendmail $B$K%G!<%b%s$H$7$F%U%)%"%0%i%&%s%I$G5/F0$9$k(B $BMM$K;X<($rM?$($k!#$3$N%*%W%7%g%s$rM?$($k%f!<%68"8B$O%A%'%C%/$5$l$F$$$J(B $B$$$?$a$$$+$J$k%f!<%6$G$"$C$F$b(B sendmail $B$r5/F0$G$-$k$N$G$"$k!#(B $BBh;0$NLdBj$O%O%s%0%"%C%W%7%0%J%k(B (-HUP) $B$X$N(B sendmail $B$X$NBP1~$G$"$k!#(B $B%O%s%0%"%C%W%7%0%J%k$ruBV$G$O(B) $B$=$3$G!"$$$+$J$k(B execve() $B7PM3$Ge$N;XE&$rMxMQ$7$?967b$O0J2<$NMM$JNc$,9M$($i$l$k!#(B - - $BB>$N%^%7%s$+$i!"Nc$($P(B nmap $B$rMQ$$(B"$B%O!<%U%*!<%W%s%9%-%c%s(B" $B$r%?!<%2%C(B $B%H$H$J$k%3%s%T%e!<%?$N(B 25 $BHV%]!<%H$X;E3]$1$k!#(B (sendmail $B$O(B 5 $BIC4V$NBT5!>uBV$KF~$j!"(B25 $BHV%]!<%H$O2rJ|$5$l$k(B) - - 5 $BIC4V$N(B sendmail $B$NBT5!>uBVFb$K(B sendmail $B$r(B -bD $B%*%W%7%g%s$rIU$1!"(B $B%m!<%+%k$N%f!<%6$,%?!<%2%C%H$H$J$k%3%s%T%e!<%?>e$G5/F0$9$k!#(B $B$3$N>l9g!"(Bnoexec $B$H6&$K5/F0$7!"(Bargv[0] $B$r4uK>$9$k%W%m%0%i%`$K@_Dj$9$k!#(B (noexec $B$O(B argv[0] $B$r<+:_$K@_Dj2DG=$J%W%m%0%i%`$G$"$k(B) - - $B=`Hw$,$G$-$?$J$i!"(Bnoexec $B$H6&$K0lHL%f!<%6$+$i5/F0$7$?(B sendmail $B$N%W%m(B $B%;%9$X%O%s%0%"%C%W%7%0%J%k$rAw$k!#(B (noexec $B%3%^%s%I$G(Bargv[0]$B$K$h$C$F;XDj$5$l$?%W%m%0%i%`$O(B 25 $BHV%]!<%H(B $B$GBT$A]$+$iA[Dj$G$-$k;v$O%a!<%k%5!<%P$N40A4$J:>>N$G$"$k!#(B $B967be$N%3%s%F%s%D$N0l$D!"!V%2%9%H%V%C%/!W$,(B HTML $B$N5-;v$NEj9F$r5v2D$7!"(B $B%5!<%P%5%$%I%$%s%/%k!<%I(B (Serve-side Include; SSI)$B$r(B HTML $BJ8=q$K$D$$$F$b(B $B5v2D$7$F$$$k>l9g!"967bH$5$l$?$$(B) Apache $B$O(B guestbook.pl $BCf$N@55,I=8=$r2sHr$G$-$k(B SSI $B$N0[$J$kJ8K!7A<0$r(B $B4uK>$9$k%3%^%s%I$r%?!<%2%C%H$H$7$?%3%s%T%e!<%?>e$Gl9g$K$N$_(B) 21. Artisoft XtraMail Multiple DoS Vulnerabilities BugTraq ID: 791 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-09 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/791 $B$^$H$a(B: XtraMail 1.11 $B$K$O%*!<%P!<%U%m!<$r5/$3$7$?:]%5!<%P$r%/%i%C%7%e$5$;$F$7(B $B$^$$!";HMQITG=967b$r0z$-5/$3$9L$%A%'%C%/$N%P%C%U%!$,B8:_$9$k!#(B 1: POP3 $B%5!<%P$N(B PASS $B%3%^%s%I$X$N0z?t(B 1,500$B$r1[$($kJ8;z?t$G%*!<%P!<%U%m!<$r5/$3$9!#(B 2: SMTP $B%5!<%P$N(B HELO $B%3%^%s%I$X$N0z?t(B 10,000$B$r1[$($kJ8;z?t$G%*!<%P!<%U%m!<$r5/$3$9!#(B 3: Control service Username XtraMail $B$O%m%0%$%sMQ$K(B 3200 $BHV%]!<%H$r;H$&%j%b!<%H$+$i$N4IM}%f!<%F%#%j(B $B%F%#$rDs6!$7$F$$$k!#$3$N%f!<%F%#%j%F%#$N%f!<%6L>%P%C%U%!$O(B10,000$B$r1[$((B $B$kJ8;z?t$G%*!<%P!<%U%m!<$r5/$3$9!#(B 22. BigIP Config UI Vulnerabilities BugTraq ID: 778 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 1999-11-08 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/778 $B$^$H$a(B: BigIP $B$O(B F5 $B%=%U%H%&%'%"$,Ds6!$9$kIi2YJ,;6%7%9%F%`$G$"$k!#(B $B$3$N%7%9%F%`$K$O(B Web $B$rMxMQ$7$?@_Dj%7%9%F%`$,$"$j!"I8=`E*$J(B CGI $B$X$N96(B $B7b$KBP$7$F $B$NJs9p$K$h$k$H!"(B $B%$%s%9%H!<%k$5$l$?(B BSDI $B%7%9%F%`4D6->e$G0U?^$7$?%U%!%$%k$r;2>H2DG=$G$"$C(B $B$?!#$^$?!"@_Dj%W%m%0%i%`$O(B setuid root $B$G%$%s%9%H!<%k$5$l$F$*$j!"$3$l(B $B$O@_Dj5!G=$r8F$S=P$9$?$a$N(B .htaccess $B$K$h$kG'>Z$K$h$k%m!<%+%k$KM3Mh$9$k(B $Be$N$3$NpJs$O$J$$!#(B 23. Microsoft IE for Win98 file:// Buffer Overflow Vulnerability BugTraq ID: 779 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-09 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/779 $B$^$H$a(B: Windows 98 $B>e$N(B Internet Explorer 4 $B5Z$S(B 5 $B$OHs>o$KD9$$(B file:// $B$G;O$^(B $B$k(B URL $B$K$h$C$F%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$9!#(B URL $BFb$N%G!<%?$O(B EIP $B$XEO$5$l$k$?$a!"0U?^$7$?%3!<%I$,$b$7$b;XDj$5$l$?(B $BD9$$(B URL $B$K4^$^$l$F$$$?>l9g$K$O$rI,MW$H$9$k(B 2 $B$D$NB>$N%W%m%0%i%`$X=hM}$r0z$-EO$9$?(B $B$a$KMQ$$$F$$$k!#=>$C$F!"(Bsayon $B$,F0:n$7$F$$$k8"8B$rl9g%W%m%0%i%`$O;_$^$C$F$7$^$&!#(B $BJ8;zNs$NCf$X%3!<%I$r;E9~$^$;$k$3$H$O2DG=$G$"$k!#(B 26. Linux nfsd Remote Buffer Overflow Vulnerability BugTraq ID: 782 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-09 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/782 $B$^$H$a(B: Debian Linux 2.1 $B$*$h$S(B RedHat Linux 5.2 $B$K4^$^$l$k(B Linux nfsd $B$K$O%j%b!<(B $B%H$+$i967b2DG=$J%P%C%U%!%*!<%P!<%U%m!<$,B8:_$9$k!#(B $B$7$+$7$3$l$i$N%P!<%8%g%s$d%G%#%9%H%j%S%e!<%7%g%s$KB8:_$9$kLdBj$r=$@5$7$?(B $B;v$K$D$$$F!"0l@Z%Y%s%@$+$i$N>pJs$O8x3+$5$l$F$$$J$$!#(B $B$r3JG<$9$kJ8;zNs$ND9$5$OL$%A%'%C%/$G$"$j!"MxMQ$7(B $B$F$$$k%P%C%U%!$O%*!<%P!<%U%m!<2DG=$G$"$j!"(BNFS $B%5!<%P>e$G0-0U$"$k%3!<%I(B $B$Ne$NJ8;zNs?t$r;}$D%f!<%6L>$,EO$5$l$?>l9g!"(B $B%W%m%0%i%`$ODd;_$9$k!#$b$7%5!<%S%9$H$7$F%W%m%0%i%`$,5/F0$7$F$$$k>l9g!"(B $B%5!<%S%9$O;HMQ2DG=$JA4$F$N%a%b%j$r;H$$2L$?$7!"%7%9%F%`A4BN$rDd;_$5$;$F(B $B$7$^$&!#(B 28. Windows 95/98 UNC Buffer Overflow Vulnerability BugTraq ID: 792 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-02 to 1999-11-14 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/792 $B$^$H$a(B: Windows 95/98 ($B$9$Y$F$N%P!<%8%g%s(B) $B$N%M%C%H%o!<%/%3!<%I$K$O%*!<%P!<%U(B $B%m!<2DG=$J%P%C%U%!$,$"$k!#%P%C%U%!$O%U%!%$%kL>$ro$KD9$$%U%!%$%kL>$r;XDj$9$k$3$H$G967buBV(B $B$GuBV$r0z$-5/$3$9>r(B $B7o$,B7$C$?>l9g$K@8$8$k!#(B 30. Immunix StackGuard Evasion Vulnerability BugTraq ID: 786 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-08 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/786 $B$^$H$a(B: $B0J2<$K<($9$N$O(B Immunix $B$,H/I=$7$?%"%I%P%$%6%j$+$i$N0zMQ$G$"$k!#(B Mariusz Woloszyn $B$K$h$j!"FCDj$N%;%-%e%j%F%#>e$Nl9g$K$*$$$F$G$9$,!"967be$K<($7$?967b$O%i%s%@%`$J!"$=$7$F=*C<%+%J%j!<$rMxMQ$7$?%a%+%K%:%`$K(B $BBP$7$F$bM-8z$G$9!#$J$<$J$i$3$NJ]8nJ}K!$O967b$O%j%K%"$G$"$k!"$H2>Dj$7$F(B $B$$$k$+$i$G$9!#8@$$49$($k$J$i$P!"967be$N<+F0E*$J%P%C%U%!$r(B $B0n$l$5$;$k$?$a$NJ8;zNsA`:n$KI,?\$N%j%?!<%s%"%I%l%9$r$*$+$7$/$9$k$?$a$K(B $BC5$72s$j!"%+%J%j!<%o!<%I$r1[$($FF0$-2s$j!"%j%?!<%s%"%I%l%9%(%s%H%j!<$@(B $B$1$rF@$k$N$G$9!#0J>e$K<($7$?967b$NNc$G$O!"$7$+$7!"967bl=j$X0\F0$5$;$k;v$r5v2D$5$l$F$$$^$9!#$^$?!"%j%?!<%s%"%I%l%9$X$N(B $B%]%$%s%H$rD>@\9T$C$F$*$j!"%+%J%j!<$K$h$kJ]8n$r2sHr$G$-$k$N$G$9!#(B 31. InterScan VirusWall Long HELO Buffer Overflow Vulnerability BugTraq ID: 787 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-07 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/787 $B$^$H$a(B: VirusWall $B@=IJ$K4^$^$l$k(B SMTP $B%2!<%H%&%'%$$N(B HELO $B%3%^%s%I$K$O%P%C%U%!(B $B%*!<%P!<%U%m!<$,$"$k!#$3$N%P%C%U%!%*!<%P!<%U%m!<$OZ$N7k2L!"%P%C%U%!%*!<%P!<%U%m!<>uBV$,(B $B@8$8$k$H$$$&LdBj$G$"$k!#$3$N7k2L$+$i%j%b!<%H$+$i(B root $B8"8B$,Dj$7$F$$$k(B) $BBhFs$K$O(B SIG $B%l%3!<%I$r@5$7$/8!>Z$G$-$J$+$C$?>l9g!";HMQITG=967b$,H/@8(B $B$9$k!"$H$$$&LdBj$G$"$k!#(B $BBh;0$K$O967be$N%U%!%$%k$+$i%>!<%s>pJs$,FI$_9~$^$l8!>Z$r9T$&:]$K!"FC(B $BDj$N%Q!<%_%C%7%g%s$,M?$($i$l$?>l9g$K%m!<%+%k4D6-$G;HMQITG=967b$,2DG=$K(B $B$J$C$F$7$^$&$H$$$&LdBj$G$"$k!#(B $B:G8e$O(B TCP $B%=%1%C%H$r%/%m!<%:$9$k:]$NuBV$KF~$C$F$7$^$&$N$@!#(B 33. IMail POP3 Buffer Overflow Denial of Service Vulnerability BugTraq ID: 789 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-08 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/789 $B$^$H$a(B: $B%f!<%6L>$,(B 200 $B$+$i(B 500 $BJ8;z$N4V$K$"$k;~!"%f!<%6L>%U%#!<%k%I$K%P%C%U%!(B $B%*!<%P!<%U%m!<$,@8$8$F$7$^$&!#$^$?!"u$N967bJ}K!$G$O%j%b!<%H$K$"$k%3%s%T%e!<%?$X$N;HMQIT(B $BG=967b$r0z$-5/$3$;$k!#(B 34. NetCPlus SmartServer3 POP Buffer Overflow Vulnerability BugTraq ID: 790 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-11-11 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/790 $B$^$H$a(B: NetcPlus SmartServer3 email $B%5!<%P$K4^$^$l$k(B POP $B%5!<%P$K$OL$%A%'%C%/$N(B $B%P%C%U%!$,$"$j!"%5!<%P>e$G967bl9g!"F~NO%P%C%U%!$O%*!<%P!<(B $B%U%m!<$7!"0z?t$+$iM?$($i$l$k%G!<%?$O%7%9%F%`$XM?$($i$l!"(BSmartServ $B%W%m(B $B%0%i%`$,@7$HB>$N%7%9%F%`@_DjMWAG$rH=CG$9$k(B $B$N$K$bE,MQ2DG=$G$"$k!#(B 36. MacOS9 NDS Client Inherited Login Vulnerability BugTraq ID: 794 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 1999-11-02 to 1999-11-14 $B4X78$7$?(BURL: http://www.securityfocus.com/bid/794 $B$^$H$a(B: MacOS 9 $B$KIUB0$9$k(B NDS $B%/%i%$%"%s%H$O%f!<%6$,(B NDS $B%D%j!<$+$i$N%m%0%"(B $B%&%H$K<:GT$7$F$7$^$&!#$3$l$O%f!<%6$,(B MacOS 9 $B$+$i%m%0%"%&%H$9$k>l9g$K(B $B@8$8$k!#>N$G$-$F$7(B $B$^$&!#(B Translated by SAKAI Yoriyuki / LAC http://www.lac.co.jp/ ($BB3$/(B) -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use iQA/AwUBODDK4pQwtHQKfXtrEQJssACeJmbk8Tf+eb2tejQB7VzQX7ngX0EAoJrq lEbotF/rkemg8FJ01IGMncr3 =dEgE -----END PGP SIGNATURE-----