SecurityFocus.com Newsletter #140 2002-4-8->2002-4-12

To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #140 2002-4-8->2002-4-12
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Wed, 24 Apr 2002 00:25:13 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
In-Reply-To: <Pine.LNX.4.43.0204161056010.10170-100000@mail.securityfocus.com>
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
References: <Pine.LNX.4.43.0204161056010.10170-100000@mail.securityfocus.com>
$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 140 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus.com $B$N5v2D$r3t<02qe$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://www.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Tue, 16 Apr 2002 10:56:28 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0204161056010.10170-100000@mail.securityfocus.com>

SecurityFocus Newsletter #140
--------------------------------

This Issue is Sponsored by: NetScreen

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Securing Privacy, Part One: Hardware Issues
     2. Securing Windows 2000 Communications with IP Filters: Part Two
     3. Managing Intrusion Detection Systems in Large Organizations P2
     4. My Daily Virus
     5. SecurityFocus PDP Program
     6. Event Announcement
II. BUGTRAQ SUMMARY
     1. WatchGuard SOHO Firewall Malformed TCP Packet DoS Vulnerability
     2. Microsoft Office Web Components Local File Read Vulnerability
     3. Microsoft Office Web Components Active Script Execution...
     4. Microsoft OWC Spreadsheet XMLURL Local File Existence Disclosure...
     5. Microsoft Office Web Components Chart Local File Existence...
     6. Microsoft Office Web Components Clipboard Information Disclosure...
     7. Microsoft OWC DataSourceControl ConnectionFile Local File...
     8. CSGuestbook Remote Command Execution Vulnerability
     9. CSLiveSupport Remote Command Execution Vulnerability
     10. CSNews Professional Remote Command Execution Vulnerability
     11. CSChat-R-Box Remote Command Execution Vulnerability
     12. Funk Proxy Weak Default Installation Permissions Vulnerability
     13. Funk Software Proxy Weak Password Storage Vulnerability...
     14. Funk Software Proxy Named Pipe Weak Permissions Arbitrary...
     15. Cisco Aironet Telnet Authentication Denial of Service...
     16. Microsoft Windows Terminal Server Group Policy Bypass...
     17. Powerboards Cookie Manipulation Account Compromise Vulnerability
     18. Microsoft VBScript ActiveX Word Object Denial Of Service...
     19. Abyss Web Server Plaintext Administrative Password...
     20. Abyss Web Server File Disclosure Vulnerability...
     21. Powerboards Administrative Access Vulnerability
     22. Powerboards Unauthorized Post Deletion Vulnerability
     23. Powerboards User Account Arbitrary File Creation Vulnerability
     24. Powerboards error.php Cross Site Scripting Vulnerability
     25. Microsoft IIS HTR ISAPI Extension Buffer Overflow...
     26. ASP-Nuke Image Tag User-Embedded Scripting Vulnerability
     27. ASP-Nuke Cross Site Scripting Vulnerability
     28. Microsoft IIS ISAPI Filter Access Violation Denial of...
     29. Microsoft IIS FTP Connection Status Request Denial of...
     30. ASP-Nuke Cross-Agent Scripting Vulnerability
     31. Microsoft IIS Chunked Encoding Transfer Heap Overflow...
     32. Microsoft IIS Help File Search Cross Site Scripting Vulnerability
     33. Microsoft IIS ASP Server-Side Include Buffer Overflow...
     34. ASP-Nuke Plaintext Cookie Authentication Credentials User...
     35. Microsoft IIS HTTP Error Page Cross Site Scripting Vulnerability
     36. Microsoft IIS HTTP Redirect Cross Site Scripting Vulnerability
     37. Microsoft IIS HTTP Header Field Delimiter Buffer Overflow...
     38. EMUMail HTTP Host Arbitrary Config File Loading Vulnerability
     39. ASP-Nuke Forged Cookie Information Disclosure Vulnerability
     40. Microsoft IIS Chunked Encoding Heap Overflow Variant...
     41. WatchGuard SOHO Firewall Vanishing IP Restrictions Vulnerability
     42. IBM Tivoli Storage Manager Client Acceptor Buffer Overflow...
     43. OpenBSD Default Crontab root Compromise Vulnerability
     44. SGI IRIX Mail Core Dump Vulnerability
     45. IBM Informix Web Datablade SQL Query HTML Decoding Vulnerability
     46. IBM Tivoli Storage Manager Long Username Buffer Overflow
     47. InterNetNews Multiple Local Format String Vulnerabilties
     48. IBM Informix Web Datablade Page Request SQL Injection...
     49. Caldera X11 Library -xrm Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Fears of a Security Brain Drain
     2. Cost, Mistrust Hold Back Security Outsourcing
     3. McAfee OKs Network Associates' New Offer
     4. FBI: Businesses Loath To Report Hacks
IV.SECURITYFOCUS TOP 6 TOOLS
     1. EtherApe v0.8.2
     2. Nikto v1.017
     3. Dante v1.1.12
     4. File System Saint v0.24
     5. ifmonitor v0.25
     6. Syslog-ng v1.5.16

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. WatchGuard SOHO Firewall Malformed TCP Packet DoS Vulnerability
BugTraq ID: 4447
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4447
$B$^$H$a(B:

WatchGuard SOHO Firewall $B$O2HDmMQ!"$"$k$$$O>.5,LO4k6H8~$1$KFC2=$7$?AH$_(B
$B9~$_5!4o7?%U%!%$%d%&%)!<%k$G$"$k!#$3$N5!4o$O(B VPN $B5!G=$,AH$_9~$^$l$?>e$G(B
$BDs6!$5$l$F$$$k!#(B

WatchGuard SOHO Firewall $B$K$O@5Ev$J%f!<%6$X$N%5!<%S%9$r(B DoS $B>uBV$K4Y$i(B
$B$;$k$3$H$,?dDj$5$l$kLdBj$,H/8+$5$l$F$$$k!#(B

WatchGuard SOHO Firewall $B$OFCDj$N(B
$BAw$r;n$_$k:]!"$3$N%U%!%$%d%&%)!<%k$O%/%i%C%7%e$7!":F5/F0$9$k!#$3$N8=>](B
$B$,@8$8$k:]$K$O!"$$$+$J$k(B VPN $B%;%C%7%g%s$r$b4^$`!"$=$N;~E@$G3NN)$5$l$F$$(B
$B$kA4$F$N%3%M%/%7%g%s$,@ZCG$5$l$k!#(B

$B$3$N8=>]$O!"%U%!%$%d%&%)!<%k5!4o$K$h$C$FE>Aw$5$l$k%Q%1%C%H$K4X$7$F$N$_(B
$B@8$8$kLdBj$G$"$k$3$H$r<($7$F$$$kE@$ON10U$5$l$k$Y$-$G$"$k!#$3$NLdBj$O!"(B
$B$3$N5!4o$,%Q%1%C%HE>Aw$r9T$&:]$K$N$_(B IP $B%*%W%7%g%s$N2r2. Microsoft Office Web Components Local File Read Vulnerability
BugTraq ID: 4453
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4453
$B$^$H$a(B:

Microsoft Office Web Components (OWC) $B$O(B ActiveX $B%*%V%8%'%/%H$N=89gBN$G(B
$B$"$j!"(BWeb $B%Z!<%8$KBP$7$F@)8BIU$-$G$O$"$k$,!"(BMicrosoft Office $B$N5!G=$rDs(B
$B6!$7$F$$$k!#(BOWC $B$O%G%U%)%k%H>uBV$G!"(BOffice 2000 $B$H(B Office XP $B$N$$$:$l$H(B
$B6&$K%$%s%9%H!<%k$5$l$F$$$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B QWC Spreadsheet $B%3%s%]!<%M%s%H$K$OLdBj$,H/8+$5$l(B
$B$F$$$k!#$3$N%3%s%]!<%M%s%H$rMxMQ$9$k(B Web $B%Z!<%8$r2p$7$F!"G$0U$N%m!<%+%k(B
$B4D6-$N%U%!%$%k$NFbMF$rFI$_=P$9$3$H$,2DG=$J$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O(B Range $B%*%V%8%'%/%H$N(B LoadText $B%a%=%C%I$r2p$7$F(B
$B]$N%U%!%$%k$,8=:_$NJ8=q$H$7$F$NF10lNN0hFb$KB8:_$7$J$$>l9g$K(B
$B$O!"%(%i!<$rJV$7$F$$$k!#$7$+$7!"$3$N%a%=%C%I$X$O%m!<%+%k%U%!%$%k$X$N%j(B
$B%@%$%l%/%H$r@8$8$kMM$J(B URL $B$r0z$-EO$9$3$H$,2DG=$J$N$G$"$k!#FCDj$N>u672<(B
$B$K$*$$$F!"(BURL $B$r?.Mj$7$F=hM}$r9T$&7hDj$,9T$o$l$k>l9g!"BP>]%U%!%$%k$OFI(B
$B$_9~$^$l$F$7$^$&$N$G$"$k!#(B

$B%U%!%$%k$NFbMF$X$N%"%/%;%9$,9T$o$l$?>l9g!"F~Aw$9$k$3$H$,2DG=$G$"$k!#FCDj$N>u672<$K$*$$$F!"(B
$B0-0U$"$k%9%/%j%W%H$OF~pJs$r$5$i$J$k!"$h$j5;9*$r6E$i$7$?967b$r4k(B
$B$F$k$?$a$KMxMQ$9$k$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#(B

3. Microsoft Office Web Components Active Script Execution Vulnerability
BugTraq ID: 4449
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4449
$B$^$H$a(B:

Microsoft Office Web Components (OWC) $B$O(B ActiveX $B%*%V%8%'%/%H$N=89gBN$G(B
$B$"$j!"(BWeb $B%Z!<%8$KBP$7$F@)8BIU$-$G$O$"$k$,!"(BMicrosoft Office $B$N5!G=$rDs(B
$B6!$7$F$$$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B OWC $B$N(B Spreadsheet $B%3%s%]!<%M%s%H$K$OLdBj$,H/8+(B
$B$5$l$F$$$k!#$3$N%3%s%]!<%M%s%H$rMxMQ$7$F$$$k(B Web $B%Z!<%8$r2p$7!"G$0U$N(B
Active Script $B%3!<%I$rl9g$G$b2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O(B Spreadsheet $B%3%s%]!<%M%s%HFb$GDs6!$5$l$F$$$k!"(B
HOST() $B4X?t$rMxMQ$7$F$N967b4. Microsoft OWC Spreadsheet XMLURL Local File Existence Disclosure Vulnerability
BugTraq ID: 4455
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4455
$B$^$H$a(B:

Microsoft Office Web Components (OWC) $B$O(B ActiveX $B%*%V%8%'%/%H$N=89gBN$G(B
$B$"$j!"(BWeb $B%Z!<%8$KBP$7$F@)8BIU$-$G$O$"$k$,!"(BMicrosoft Office $B$N5!G=$rDs(B
$B6!$7$F$$$k!#(BOWC $B$O%G%U%)%k%H>uBV$G!"(BOffice 2000 $B$H(B Office XP $B$N$$$:$l$H(B
$B6&$K%$%s%9%H!<%k$5$l$F$$$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B OWC Spreadsheet $B%3%s%]!<%M%s%H$KBP$9$kLdBj$,Js9p(B
$B$5$l$F$$$k!#$3$N%3%s%]!<%M%s%H$rMxMQ$7$F$$$k(B Web $B%Z!<%8$r2p$7$F!"G$0U$N(B
$B;XDj$5$l$?%m!<%+%k$N%U%!%$%k$NB8:_$NM-L5$r3NG'$9$k$3$H$,2DG=$J$N$G$"$k!#(B

Spreadsheet $B%*%V%8%'%/%H$N(B XMLURL $B%W%m%Q%F%#$O%;%-%e%j%F%#@_Dj$,7hDj$5(B
$B$l$?8e$K!"%j%@%$%l%/%H$r9T$($F$7$^$&$N$G$"$k!#$3$N7k2L!"FCDj$N%m!<%+%k(B
$B$N%U%!%$%k$KBP$7$F%j%@%$%l%/%H$9$kMM$K:n@.$5$l$?!"0-0U$"$kJ8=q$HF10l$N(B
$BNN0hFb$K;XDj$5$l$?(B URL $B$O$,M?$($i$l$?>l9g!"(B
$B%(%i!<%a%C%;!<%8$,JV$5$l$k!#=>$C$F!"%(%i!r7o$rH/8+$7!"%U%!%$%k$,(B
$BB8:_$7$F$$$J$$$3$H$r7hDj$9$k$?$a$N%Z!<%8$N8F$S=P$7$r9T$&$3$H$,2DG=$G$"(B
$B$k!#(B

$BIU$12C$($k$J$i$P!"967bBP>]$N%U%!%$%k$,@5Ev$J(B WorkSheet XML $BJ8=q$G$"$k>l(B
$B9g!"$=$N%U%!%$%k$NFbMF$O;2>H2DG=$G$"$k!#967bpJs$r!"967bBP>]$N%3%s%T%e!<%?$KBP$9$k!"$5$i$J$k!"$h$j5;9*$r6E$i$7(B
$B$?967b$r4k$F$k$?$a$KMxMQ$9$k$3$H$b2DG=$G$"$k$H?d;!$5$l$k!#(B

5. Microsoft Office Web Components Chart Local File Existence Disclosure Vulnerability
BugTraq ID: 4454
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4454
$B$^$H$a(B:

Microsoft Office Web Components (OWC) $B$O(B ActiveX $B%*%V%8%'%/%H$N=89gBN$G(B
$B$"$j!"(BWeb $B%Z!<%8$KBP$7$F@)8BIU$-$G$O$"$k$,!"(BMicrosoft Office $B$N5!G=$rDs(B
$B6!$7$F$$$k!#(BOWC $B$O%G%U%)%k%H>uBV$G!"(BOffice 2000 $B$H(B Office XP $B$N$$$:$l$H(B
$B6&$K%$%s%9%H!<%k$5$l$F$$$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B OWC Chart $B%3%s%]!<%M%s%H$K4X$9$kLdBj$,H/8+$5$l$F(B
$B$$$k!#$3$N%3%s%]!<%M%s%H$rMxMQ$7$F$$$k(B Web $B%Z!<%8$r2p$7!";XDj$5$l$?$$$+(B
$B$J$k%m!<%+%k%U%!%$%k$KBP$7$F!"$=$NB8:_$NM-L5$r3NG'$9$k$3$H$,2DG=$J$N$G(B
$B$"$k!#(B

Chart $B%*%V%8%'%/%H$N(B Load $B%a%=%C%I$O%U%!%$%k$N3JG<>l=j$K4X$9$k!"$$$+$J(B
$B$k%;%-%e%j%F%#%A%'%C%/$rHw$($F$$$J$$!#%m!<%+%k$N%U%!%$%k%7%9%F%`Fb$KB8(B
$B:_$7$F$$$J$$%U%!%$%kL>$,M?$($i$l$?>l9g!"%(%i!<%a%C%;!<%8$,JV$5$l$k!#=>$C(B
$B$F!"%(%i!r7o$rH/8+$7!"%U%!%$%k$,B8:_$7$F$$$J$$$3$H$r7hDj$9$k$?$a(B
$B$N%Z!<%8$N8F$S=P$7$r9T$&$3$H$,2DG=$G$"$k!#(B

$B;XDj$5$l$?%U%!%$%k$,%m!<%+%k$N%U%!%$%k%7%9%F%`Fb$KB8:_$9$k>l9g$K$*$$$F!"(B
$B%U%!%$%k$NFbMF$X$N%"%/%;%9$,2DG=$K$J$k$H$O!"8=;~E@$K$*$$$F$O!"9M$($i$l(B
$B$F$$$J$$!#967bpJs$rLdBj$rJz$((B
$B$k%3%s%T%e!<%?$KBP$7$F!"$5$i$J$k!"$h$j5;9*$r6E$i$7$?967b$r9T$&$?$a$KMx(B
$BMQ$9$k$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#(B

6. Microsoft Office Web Components Clipboard Information Disclosure Vulnerability
BugTraq ID: 4457
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4457
$B$^$H$a(B:

Microsoft Office Web Components (OWC) $B$O(B ActiveX $B%*%V%8%'%/%H$N=89gBN$G(B
$B$"$j!"(BWeb $B%Z!<%8$KBP$7$F@)8BIU$-$G$O$"$k$,!"(BMicrosoft Office $B$N5!G=$rDs(B
$B6!$7$F$$$k!#(BOWC $B$O%G%U%)%k%H>uBV$G!"(BOffice 2000 $B$H(B Office XP $B$N$$$:$l$H(B
$B6&$K%$%s%9%H!<%k$5$l$F$$$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B OWC Spreadsheet $B%3%s%]!<%M%s%H$K4X$9$kLdBj$,H/8+(B
$B$5$l$F$$$k!#$3$N%3%s%]!<%M%s%H$rMxMQ$9$k(B Web $B%Z!<%8$r2p$7$F!"%/%j%C%W%\!<(B
$B%IFb$NA`:n8"8B$rC%r7o2<$K$*$$$F$OFbMF$NA`:n$,4^$^$l$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$rMxMQ$9$k967b$O(B IE $B$N%;%-%e%j%F%#@_Dj$N9`L\$G$"(B
$B$k!"!V%9%/%j%W%H$K$h$kE=$jIU$1=hM}$N5v2D!W(B('Allow paste operations via
script') $B$,L58z2=$5$l$F$$$k>l9g$G$"$C$F$b]$N%3%s%T%e!<%?$KBP$9$k$5$i$J$k967b$N(B
$BJd=upJs$r3+<($9$k$3$H$,2DG=$G$"$k!#(B

7. Microsoft OWC DataSourceControl ConnectionFile Local File Existence Disclosure Vulnerability
BugTraq ID: 4456
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4456
$B$^$H$a(B:

Microsoft Office Web Components (OWC) $B$O(B ActiveX $B%*%V%8%'%/%H$N=89gBN$G(B
$B$"$j!"(BWeb $B%Z!<%8$KBP$7$F@)8BIU$-$G$O$"$k$,!"(BMicrosoft Office $B$N5!G=$rDs(B
$B6!$7$F$$$k!#(BOWC $B$O%G%U%)%k%H>uBV$G!"(BOffice 2000 $B$H(B Office XP $B$N$$$:$l$H(B
$B6&$K%$%s%9%H!<%k$5$l$F$$$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B OWC DataSourceControl $B%3%s%]!<%M%s%H$K4X$9$kLdBj(B
$B$,H/8+$5$l$F$$$k!#$3$N%3%s%]!<%M%s%H$rMxMQ$9$k(B Web $B%Z!<%8$r2p$7!"G$0U$N(B
$B;XDj$5$l$?%m!<%+%k$N%U%!%$%k%7%9%F%`Fb$N%U%!%$%k$NB8:_$r3NG'2DG=$J$N$G(B
$B$"$k!#(B

Spreadsheet $B%*%V%8%'%/%H$N(B ConnectionFile $B%W%m%Q%F%#$O%U%!%$%k$N3JG<>l(B
$B=j$K4X$9$k!"$$$+$J$k%;%-%e%j%F%#%A%'%C%/$rHw$($F$$$J$$!#%m!<%+%k$N%U%!(B
$B%$%k%7%9%F%`Fb$KB8:_$7$F$$$J$$%U%!%$%kL>$,M?$($i$l$?>l9g!"%(%i!<%a%C%;!<(B
$B%8$,JV$5$l$k!#=>$C$F!"%(%i!r7o$rH/8+$7!"%U%!%$%k$,B8:_$7$F$$$J$$(B
$B$3$H$r7hDj$9$k$?$a$N%Z!<%8$N8F$S=P$7$r9T$&$3$H$,2DG=$G$"$k!#(B

$B;XDj$5$l$?%U%!%$%k$,%m!<%+%k$N%U%!%$%k%7%9%F%`Fb$KB8:_$9$k>l9g$K$*$$$F!"(B
$B%U%!%$%k$NFbMF$X$N%"%/%;%9$,2DG=$K$J$k$H$O!"8=;~E@$K$*$$$F$O!"9M$($i$l(B
$B$F$$$J$$!#967bpJs$rLdBj$rJz$((B
$B$k%3%s%T%e!<%?$KBP$7$F!"$5$i$J$k!"$h$j5;9*$r6E$i$7$?967b$r9T$&$?$a$KMx(B
$BMQ$9$k$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#(B

8. CSGuestbook Remote Command Execution Vulnerability
BugTraq ID: 4448
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4448
$B$^$H$a(B:

csGuestbook $B$O(B Web $B%Z!<%8$K$K%"%/%;%9$7$F$-$?%f!<%6$K%2%9%H%V%C%/5!G=$r(B
$BDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$OB?$/$N(B UNIX $B$H(B Linux $B$GF0(B
$B:n$9$k!#(B

csGuestbook $B$O967bhttp://host/cgi-bin/csGuestbook.cgi?command=savesetup&setup=PERL_CODE_HERE

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b9. CSLiveSupport Remote Command Execution Vulnerability
BugTraq ID: 4450
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4450
$B$^$H$a(B:

csLiveSupport $B$O(B Web $B$rMxMQ$9$kF0E*$J@=IJ%5%]!<%H5!G=$rDs6!$9$k%9%/%j%W(B
$B%H$G$"$j!"$3$N%=%U%H%&%'%"$OB?$/$N(B UNIX $B$d(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft
Windows $B$K$*$$$F$bF0:n$9$k!#(B

csLiveSupport $B$O967bhttp://host/cgi-bin/csLiveSupport.cgi?command=savesetup&setup=PERL_CODE_HERE

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b10. CSNews Professional Remote Command Execution Vulnerability
BugTraq ID: 4451
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4451
$B$^$H$a(B:

csNews Professional $B$O(B Web $B%5%$%H$N%3%s%F%s%DFb$N%K%e!<%95-;v$r4IM}$9$k(B
$B$?$a$N%9%/%j%W%H$G$"$k!#$3$N%=%U%H%&%'%"$OB?$/$N(B UNIX $B$d(B Linux $B$GF0:n$7!"(B
$B$^$?!"(BMicrosoft Windows $B$K$*$$$F$bF0:n$7$F$$$k!#(B

csNews $B$O967bhttp://host/cgi-bin/csNews.cgi?command=savesetup&setup=PERL_CODE_HERE

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b11. CSChat-R-Box Remote Command Execution Vulnerability
BugTraq ID: 4452
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4452
$B$^$H$a(B:

csChat-R-Box $B$O(B Web $B$r2p$9$k%A%c%C%H5!G=$rDs6!$9$k%9%/%j%W%H$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$OB?$/$N(B UNIX $B$d(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows
$B$K$*$$$F$bF0:n$9$k!#(B

csChat-R-Box $B$O967bhttp://host/cgi-bin/csChatRBox.cgi?command=savesetup&setup=PERL_CODE_HERE

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b12. Funk Proxy Weak Default Installation Permissions Vulnerability
BugTraq ID: 4458
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4458
$B$^$H$a(B:

Proxy $B$O(B Funk Software $B$+$iDs6!$5$l!"J]uBV$N!"%G%#%l%/%H%j$X(B
$B$N%Q!<%_%C%7%g%s$N@_Dj$KM3Mh$7$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$N%G%U%)%k%H%$%s%9%H!<%k>uBV$G$O!"%;%-%e%"$G$O$J$$%G%#(B
$B%l%/%H%j$H%l%8%9%H%j$N%Q!<%_%C%7%g%s$,MxMQ$5$l$F$$$k!#(BWindows 2000 $B$*$h(B
$B$S(B Windows NT 4.0 $B$K$*$$$F$O!"(B'Everyone' $B%0%k!<%W$N%a%s%P!<$O$3$N%=%U%H(B
$B%&%'%"$N%$%s%9%H!<%k@h$N%G%#%l%/%H%j$X$N%U%k8"8B$G$N%"%/%;%9$,2DG=$J>u(B
$BBV$J$N$G$"$k!#IU$12C$($k$J$i$P!"(BWindows NT 4.0 $B$N%G%#%l%/%H%j%(%s%H%j$O(B
'Everyone' $B%0%k!<%W$K=jB0$9$k%a%s%P!<$G$"$l$P!"$I$N%a%s%P!<$G$"$C$F$b(B
$B!VFCJL$N%"%/%;%98"!W$rJ]M-$9$kMM$K2~JQ$5$l$F$7$^$&$N$G$"$k!#(B

$B$3$NLdBj$K$h$j%7%9%F%`Fb$N%m!<%+%k%f!<%6$O(B Proxy $B$,MxMQ$9$k%G%#%l%/%H%j(B
$B9=@.$NFbMF$r2~JQ2DG=$G$"$j!"$^$?!"LdBj$N1F6A$,5Z$V(B Windows NT 4.0 $B$rMx(B
$BMQ$9$k%3%s%T%e!<%?$G$O!"%l%8%9%H%j$N@_Dj$b2~JQ2DG=$G$"$k!#(B

13. Funk Software Proxy Weak Password Storage Vulnerability
BugTraq ID: 4459
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4459
$B$^$H$a(B:

Proxy $B$O(B Funk Software $B$+$iDs6!$5$l!"J]:3J$N8"(B
$B8B$rC%:3J$N8"8B$r(B
$BC%7$/$3$H$K$J$k!#(B

Windows 2000 $B$*$h$S(B Windows NT 4.0 $B$rMxMQ$7$F$$$k%3%s%T%e!<%?$K$*$$$F!"(B
$B%Q%9%o!<%I$O%l%8%9%H%jFb$K3JG<$5$l$F$$$k!#(BWindows 9x $B$rMxMQ$7$F$$$k%3%s(B
$B%T%e!<%?$K$*$$$F!"%Q%9%o!<%I$O(B Proxy $B$,%$%s%9%H!<%k$5$l$?%G%#%l%/%H%j(B
$B$KB8:_$9$k(B PHOST.INI $B%U%!%$%k$K3JG<$5$l$F$$$k!#$3$NLdBj$O(B Bugtraq ID 4458
$B$K3d$jEv$F$i$l$?LdBj(B "Funk Proxy Weak Default Installation Permissions
Vulnerability." $B$K$h$C$F!"$5$i$K1F6A$,Ii$NJ}8~$K5Z$V!#(B

14. Funk Software Proxy Named Pipe Weak Permissions Arbitrary Access Vulnerability
BugTraq ID: 4460
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4460
$B$^$H$a(B:

Proxy $B$O(B Funk Software $B$+$iDs6!$5$l!"J]A0IU$-%Q%$%W$N%Q!<%_%C%7%g%s(B
$B$N@_Dj$KM3Mh$7$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$OL>A0IU$-%Q%$%W$KBP$7$F!"E,@Z$J%Q!<%_%C%7%g%s$N@_Dj$r(B
$B9T$C$F$$$J$$!#$3$N%=%U%H%&%'%"$,5/F0$5$l$k:]!"(BWindows $B$NL>A0IU$-%Q%$%W(B
$B$,$3$N%=%U%H%&%'%"MQ$K@8@.$5$l$k!#$7$+$7!"$3$N;~E@$G@8@.$5$l$kL>A0IU$-(B
$B%Q%$%W$K$O(B 'Everyone' $B%0%k!<%W$KBP$7!"%U%k%3%s%H%m!<%k8"8B$,5v2D$5$l$F(B
$B$$$k$N$G$"$k!#(B

$B$3$NLdBj$K$h$j!"967b15. Cisco Aironet Telnet Authentication Denial of Service Vulnerability
BugTraq ID: 4461
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4461
$B$^$H$a(B:

Cisco Aironet $B%7%j!<%:@=IJ$O9-$$J,Ln$K$^$?$,$k!"L5@~(B LAN (WLAN) $B5!G=$r(B
$BDs6!$9$k@=IJ$G$"$k!#(B

Aironet $B@=IJ$N$$$/$D$+$KLdBj$,H/8+$5$l$F$$$k!#AuCV$X$N(B telnet $B$r2p$9$k(B
$B%"%/%;%95!9=$,M-8z$K$J$C$F$$$k>l9g!"967b7$/2DG=(B
$B@-$,$"$j!"$3$NLdBj$rMxMQ$9$k967b$,7+$jJV$5$l$k>l9g$K$O!"(BDoS $B>uBV$KAuCV(B
$B$r4Y$l$k7k2L$r>7$/$3$H$,2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$OG'>Z=hM}Fb$KB8:_$7$F$$$k!#%5!<%P$K$h$C$FG'>Z$r(B
$B5a$a$i$l$k:]!"@5Ev$JG'>ZMQ>pJs$O5a$a$i$l$J$$$N$G$"$k!#(B

$BLdBj$rJz$($k%7%9%F%`$X$ND>@\E*$J(B telnet $B$rMxMQ$9$k%3%M%/%7%g%s$,$3$NLd(B
$BBj$rMxMQ$9$k967b$r9T$&$?$a$K$OI,?\$G$"$k!#Js9p$K$h$k$H!"(BWeb $B$r2p$9$k@_(B
$BDjMQ%$%s%?%U%'!<%9$r2p$7$?!"$3$NLdBj$rMxMQ$9$k967b$OIT2DG=$G$"$k!#(B

16. Microsoft Windows Terminal Server Group Policy Bypass Vulnerability
BugTraq ID: 4464
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4464
$B$^$H$a(B:

Microsoft Windows Terminal Server $B$K$O!"$3$N%5!<%P$N%f!<%6$,%0%k!<%W%](B
$B%j%7$N@_Dj$r2sHr$7!"%"%/%;%9$,@)8B$5$l$F$$$k;q8;$X$N%"%/%;%9$,2DG=$K$J(B
$B$kLdBj$,H/8+$5$l$F$$$k!#(B

$B%0%k!<%W%]%j%7$,:n@.$5$l$k:]!"$=$l$O(B SYSVOL $B6&M-Fb$K3JG<$5$l$k!#%f!<%6(B
$BG'>Z$r9T$&:]!"E,@Z$J%]%j%7$,%f!<%6$KE,MQ$5$l$k!#(B

$B$7$+$7!"%5!<%P%i%$%;%s%9Kh$K5v2D$5$l$F$$$k%f!<%6$N?t$r1[$($k%f!<%6$,;X(B
$BDj$5$l$?:]!"D62a$7$?%f!<%6$O$I$NMM$J%f!<%6$G$"$C$?$H$7$F$b%0%k!<%W%]%j(B
$B%7$N@_Dj$r2sHr2DG=$J$N$G$"$k!#$3$N:]!"%f!<%6$O$=$l$>$l$NK\Mh$N%f!<%68"(B
$B8B$rJ];}$9$k$HJs9p$5$l$F$$$k!#$=$7$F!"$=$N8"8B0J30$N%"%W%j%1!<%7%g%s!"(B
$B%U%!%$%k!"%G%#%l%/%H%j$J$I$N;q8;$K%"%/%;%9$,2DG=$K$J$k!#$3$NLdBj$O%i%$(B
$B%;%s%9HO0O$rD62a$9$k%f!<%6$G$"$l$P$I$N%f!<%6$G$"$C$?$H$7$F$b!"(BSYSVOL $B6&(B
$BM-$X$N@\B3$K<:GT$7!"E,@Z$J%0%k!<%W%]%j%7$N@_Dj$K=>$o$J$$$?$a$K@8$8$k$N(B
$B$G$"$k!#(B

$BNc$($P!"%0%k!<%W%]%j%7$,(B 2 $B?M$N%f!<%6$KBP$7$F$N$_E,MQ$5$l$F$$$k>l9g!"$^(B
$B$?!"$$$:$l$N%f!<%6$,C10l$N%"%W%j%1!<%7%g%s$X$N%"%/%;%9$,5v2D$5$l$F$$$k(B
$B>l9g$K!"$5$i$KBh(B 3 $B$N%3%M%/%7%g%s$,LdBj$rJz$($k%3%s%T%e!<%?$H3NN)$5$l$k(B
$B$H$=$N%f!<%6$O$=$N%3%s%T%e!<%?Fb$KB8:_$9$kMM!9$J%"%W%j%1!<%7%g%s$X$N%"(B
$B%/%;%9$,2DG=$K$J$C$F$7$^$&$N$G$"$k!#$3$N:]!"%5!<%PKh$N%i%$%;%s%9$rD62a(B
$B$9$k%f!<%6$K$h$C$F%0%k!<%W%]%j%7$N@_Dj$O7Q>5$5$l$:!"7k2L$H$7$F!"$=$N%f!<(B
$B%6$N8"8B$GEv3:%3%s%T%e!<%?Fb$N;q8;$r@5$KMxMQ$G$-F@$F$7$^$&$3$H$,A[Dj$5(B
$B$l$k$N$G$"$k!#(B

$B$3$NLdBj$O(B Microsoft Terminal Server $B$N(B 90 $BF|4V;nMQHG$K$N$_B8:_$9$k$,!"(B
$B$7$+$7!"$3$l$K$D$$$F$O8!>Z$5$l$F$$$J$$!#(B

$B8=:_8!>Z:n6H$,?J9TCf$G$"$j!"$5$i$J$k>\:Y>pJs$K$D$$$F$ODI$C$F8x3+M=Dj$G(B
$B$"$k!#(B

17. Powerboards Cookie Manipulation Account Compromise Vulnerability
BugTraq ID: 4468
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4468
$B$^$H$a(B:

Powerboards $B$O(B PHP $B8@8l$G:n@.$5$l$?EE;R7G<(HD%"%W%j%1!<%7%g%s$G$"$k!#(B

Powerboards $B$O(B $BG'>Z$N$?$a$K%/%C%-!<$rMxMQ$9$k!#%f!<%6$K%/%C%-!<$,H/9T$5(B
$B$l$k:]!"%/%C%-!<$O0E9f2=$5$l$:$KJ]B8$5$l$k!#0-0U$"$k%f!<%6$O%/%C%-!<>pJs(B
$B$NCM$r2~JQ$7!"4IM}ZL@$9$k$3$H$,2DG=$H$J$k!#(B

$B4IM}MQ%"%+%&%s%H$N>h$Cl9g!"0-0U$"$k%f!<%6$,4IM}5!G=$rA`:n(B
$B2DG=$J>uBV$K$J$k$3$H$,A[Dj$5$l$k!#(B

18. Microsoft VBScript ActiveX Word Object Denial Of Service Vulnerability
BugTraq ID: 4463
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 08 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4463
$B$^$H$a(B:

$BJs9p$K$h$k$H!"(BMicrosoft Internet Explorer$B!"(BOutlook $B$d(B Word $B$K$^$?$,$C$F(B
$B1F6A$,5Z$VLdBj$,H/8+$5$l$?!#B>$N(B Office $B@=IJ$b$^$?$3$NLdBj$N1F6A$,5Z$V(B
$B2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$7!"(BVBScript ActiveX Word $B%*%V%8%'%/%H$r0-MQ$7!"1F6A$,5Z(B
$B$V%=%U%H%&%'%"$r(B DoS $B$K4Y$i$;$k$3$H$,2DG=$K$J$k$N$G$"$k!#$3$l$OHs>o$KBg(B
$BNL$N(B Word $B%*%V%8%'%/%H$r@8@.$9$k$3$H$G$l1_3j$K@8@.$9$k$?(B
$B$a$NuBV$r0z$-5/$3$9$?$a$K!"(B
$B0-0U$"$k(B ActiveX Word $B%*%V%8%'%/%H$N(B 100 $B2s!"$b$7$/$O$=$l0J>e$KEO$kFI$_(B
$B9~$_$r?^$k%k!<%W=hM}$r0z$-5/$3$92DG=@-$,$"$k!#(B

$B$3$N(B ActiveX Word $B%*%V%8%'%/%H$N0-MQ;~$K$O!"0BA4$G$J$$(B ActiveX $B%*%V%8%'(B
$B%/%H$Ne$XHs>o$KB?$/$N2s(B
$B?tFI$_9~$^$l$k!#%a%b%j;q8;$,;H$$2L$?$5$l$k7k2L!"%7%9%F%`A4BN$,IT0BDj$K(B
$B$J$k2DG=@-$,$"$k!#(B

19. Abyss Web Server Plaintext Administrative Password Vulnerability
BugTraq ID: 4467
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 07 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4467
$B$^$H$a(B:

Abyss Web $B%5!<%P(B $B$O%U%j!<$GF~l9g!"7k2L$H$7$F(B Web $B%5!<%P$N4IM}pJs$,!">e=R$NLdBj$K$h$C$F(B
$B$b!"3+<($5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B Microsoft Windows $BMQ$N(B Abyss Web Server $B$GJs9p$5$l$?!#(BLinux
$B8~$1%P!<%8%g%s$G!"$3$NLdBj$N1F6A$,5Z$V$+$I$&$+$OL$>\$G$"$k!#(B

20. Abyss Web Server File Disclosure Vulnerability
BugTraq ID: 4466
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 07 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4466
$B$^$H$a(B:

Abyss Web $B%5!<%P(B $B$O%U%j!<$GF~H2DG=$K$J$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O!"%j%b!<%H$N967b$N4{CN(B
$B$NLdBj$O!"(BBugTraq ID 4467 $B$N(B "Abyss Web Server Plaintext Administrative
Password Vulnerability" $B$K<($5$l$F$$$k!#(B

$B$3$NLdBj$O(B Microsoft Windows $B8~$1$N(B Abyss Web Server $B$GJs9p$5$l$?!#(BLinux
$B8~$1$N%P!<%8%g%s$G$O!"$3$NLdBj$N1F6A$,5Z$V$+$I$&$+$OL$>\$G$"$k!#(B
$B$J$*!"%^%k%A%f!<%6$N(B Windows $B>e$GF0:n$9$k(B Web $B%5!<%P$O!"DL>o(B SYSTEM $B8"(B
$B8B$GF0:n$7$F$$$kE@$ON10U$5$l$M$P$J$i$J$$!#(B

21. Powerboards Administrative Access Vulnerability
BugTraq ID: 4471
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4471
$B$^$H$a(B:

Powerboards $B$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$?EE;REA8@7G<(HD%"%W%j%1!<%7(B
$B%g%s$G$"$k!#(B

Powerboards $B$K$*$$$F!"%f!<%6$,4IM}@\8F(B
$B$S=P$9$3$H$Ge$K<+F0E*$KF~(B
$BNO$5$l$k$H$$$&!"62$i$/(B PHP $B$KK\MhHw$o$C$F$$$k5!G=$K$h$k$b$N$G$"$k!#(B

22. Powerboards Unauthorized Post Deletion Vulnerability
BugTraq ID: 4469
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4469
$B$^$H$a(B:

Powerboards $B$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$?EE;R7G<(HD%"%W%j%1!<%7%g%s(B
$B$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$N@_7W$G$O!"Ej9F$5$l$?%a%C%;!<%8$OEj9FZ$r9T$C$F$$$J$$%f!<%6$X$O:o(B
$B=|5!G=$N8"8B$O5v2D$5$l$F$$$J$$$O$:$J$N$G$"$k!#(B

$B$3$N7k2L!"CN<1$KIY$`967bl9g$K$3$NLdBj$N1F6A$,5Z$V$+(B
$B$I$&$+$K$D$$$F$OL$>\$G$"$k!#$7$+$7!"(BBID 4468 $B$K<($5$l$?LdBj$O$=$NMM$J(B
$B@)8B$NHO0O$r$h$j69$a$k2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"0J2<$N(B URL $B$N7A<0$rMxMQ$7!"Ej9F$5$l$?%a%C%;!<%8$N:o=|$r(B
$B>7$/$3$H$,A[Dj$5$l$k(B:
/delpost.php?cat=3&fid=4&pid=5

23. Powerboards User Account Arbitrary File Creation Vulnerability
BugTraq ID: 4473
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4473
$B$^$H$a(B:

Powerboards $B$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$?EE;R7G<(HD%"%W%j%1!<%7%g%s(B
$B$G$"$k!#(B

Powerboards $B$K$*$$$F!"%f!<%6$,%U%!%$%k$N:n@.$dG$0U$N%U%!%$%kFbMF$NC%$H$7$F9%$-$J%f!<%6!$rA*$s$G:n@.$5$l$k!#$7$+$7!"$=$N%U%!%$(B
$B%k$,(B HTTP $B%j%/%(%9%H$K$h$C$FpJs$r4^$`$?$a!"7k2L$H$7$F!"=EMW$J%G!<%?$O%j%b!<%H$N%f!<%6(B
$B$K3+<($5$l$F$7$^$&$N$G$"$k!#$3$l$O!"%5!<%S%9$N$[$H$s$I$N4{CN$N%f!<%6$N(B
$B=EMW$J%f!<%6>pJs$r3+<($9$k$3$H$,2DG=$G$"$kE@$G$"$k$3$H$ON10U$5$l$M$P$J(B
$B$i$J$$!#Js9p$K$h$k$H!"$3$N%U%!%$%kFb$K$O$5$i$K!"J?J8$G%Q%9%o!<%I%G!<%?(B
$B$r4^$s$G$$$k$H$N$3$H$G$"$k!#(B

$B$^$?!"$3$NLdBj$O%[%9%H>e$G$NG$0U$N%3!<%I$rl9g!"$=$N%3!<%I$O%[%9%H>e$G$N$r(B Web $B%5!<%P$N%9%/%j%W%H$H$7$F2rA0$K$9$k>l9g$KH/@8$9$k2DG=(B
$B@-$,$"$k!#(B

24. Powerboards error.php Cross Site Scripting Vulnerability
BugTraq ID: 4472
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4472
$B$^$H$a(B:

Powerboards $B$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$?EE;R7G<(HD%"%W%j%1!<%7%g%s(B
$B$G$"$k!#(B

Powerboards $B$N$$$/$D$+$N%P!<%8%g%s$G!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLd(B
$BBj$,Js9p$5$l$F$$$k!#%(%i!<%Z!<%8$N(B error.php $B$O(B HTML $B=PNO$r@8@.$9$k$,!"(B
$B%f!<%6$,F~NO$7$?%9%/%j%W%H$rE,@Z$K=|5n$7$J$$$N$G$"$k!#(B

$B967bl9g!"$=$N%9%/%j%W%H%3!<%I(B
$B$O(B Powerboards $B$K$h$C$F9=C[$5$l$?%5%$%H$HF13J$N%3%s%F%-%9%H$GpJs$X$N6<0R$,0z$-5/$3$5$l$k2D(B
$BG=@-$,$"$k!#(B


25. Microsoft IIS HTR ISAPI Extension Buffer Overflow Vulnerability
BugTraq ID: 4474
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4474
$B$^$H$a(B:

HTR ISAPI $B%(%/%9%F%s%7%g%s$N%P%C%U%!%*!<%P!<%U%m!<$NLdBj$,!"(BMicrosoft
IIS (Internet Information Servers) $B$GJs9p$5$l$?!#(B

HTR $B$H$O(B IIS $B$N%9%/%j%W%H5;=Q$G!"8e$K(B ASP (Active Server Pages) $B5;=Q$K(B
$Be=q$-2DG=$K$J$k>r7o$,B8:_$9$k!#(B

IIS 4.0 $B$*$h$S(B IIS 5.0$B$O!"(BHTR ISAPI $B%(%/%9%F%s%7%g%s$rL58z$K$7$F$$$F$b!"(B
$B$3$NLdBj$N1F6A$r]%[%9%H$r(B DoS $B>uBV$K4Y$i$;$?$j!"%j%b!<%H(B
$B$N967b26. ASP-Nuke Image Tag User-Embedded Scripting Vulnerability
BugTraq ID: 4475
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4475
$B$^$H$a(B:

ASP-Nuke $B$O(B Web $B$rMxMQ$9$k%]!<%?%k%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$K$h(B
$B$j!"%f!<%6$O%"%+%&%s%H$N:n@.!"$3$N%=%U%H%&%'%"$rMxMQ$7$F9=C[$5$l$?(B Web 
$B%5%$%H$X$N(B Web $B%3%s%F%s%D$NEj9F$,2DG=$G$"$k!#(B

ASP-Nuke $B$O%$%a!<%8%?%0Fb$KB8:_$9$k%9%/%j%W%H%3!<%I$rE,@Z$K%U%#%k%?$7(B
$B$J$$!#$h$C$F!"967bZMQ>pJs$rC%27. ASP-Nuke Cross Site Scripting Vulnerability
BugTraq ID: 4477
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4477
$B$^$H$a(B:

ASP-Nuke $B$O(B Web $B$rMxMQ$9$k%]!<%?%k%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$K$h(B
$B$j!"%f!<%6$O%"%+%&%s%H$N:n@.!"$3$N%=%U%H%&%'%"$rMxMQ$7$F9=C[$5$l$?(B Web 
$B%5%$%H$X$N(B Web $B%3%s%F%s%D$NEj9F$,2DG=$G$"$k!#(B

ASP-Nuke $B$G%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,Js9p$5$l$?!#(B
downloads.asp $B$H(B post.asp $B$O%f!<%6$+$iM?$($i$l$?F~NOCM$r4^$`!"(BHTML $B7A(B
$B<0$N%Z!<%8$r@8@.$9$k$,!"$7$+$7!"F~NOCM$K4^$^$l$k%9%/%j%W%H$OE,@Z$K=|5n(B
$B$5$l$J$$$N$G$"$k!#(B

$B967bH$9$k:]!"%9%/%j%W%H$O(B ASP-Nuke $B$N8"8B$Ge$N6<0R$O!"$3$NLdBj$rMxMQ$9$k967b$K$h$C$F$b$?$i$5$l$k$H(B
$B9M$($i$l$k!#(B

28. Microsoft IIS ISAPI Filter Access Violation Denial of Service Vulnerability
BugTraq ID: 4479
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4479
$B$^$H$a(B:

Microsoft Internet Information Server $B$K$*$1$k!"(BURL $B$N%(%i!<=hM}$Ne$N(B URL $B$rl9g!"(BIIS
$B%5!<%S%9$O%/%i%C%7%e$7$F$7$^$&!#$3$l$O(B ISAPI $B%U%#%k%?$,(B HTTP $B%j%/%(%9(B
$B%H$N2r$C$F(B IIS $B%5!<%S%9$,%/%i%C%7%e$7$F$7$^$&(B Access Violation
$B%(%i!<$,H/@8$9$k!#(B

IIS 4.0 $B$G$O!"(BIIS $B%5!<%S%9$NI|5l$N$?$a$K$O!"%5!<%S%9$r$N(B ISAPI $B%U%#%k%?$G$bF1MM$N1F6A$,5Z$V2DG=@-$,$"$k!#(B
$B$3$NLdBj$O(B ISAPI $B%U%#%k%?<+?H$N$b$N$G$J$/!"(BIIS $B$,%U%#%k%?$+$iJV$5$l$k!"(B
$B0z?t$,%L%k$G$"$k(B URL $B$N=hM}$Ne5-$N4D6-2<$G$O1F6A$r29. Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
BugTraq ID: 4482
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4482
$B$^$H$a(B:

Microsoft Internet Information Server $B$N(B FTP $B%5!<%S%9$KLdBj$,B8:_$9$k!#(B
FTP $B%5!<%S%9$O(B IIS 4.0 $B$G$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k$,!"(BIIS 5.0
$B$*$h$S(B 5.1 $B$G$O%*%W%7%g%s$G%$%s%9%H!<%k$5$l$k$h$&$K$J$C$F$$$k!#(B

STAT $B%3%^%s%I$rH/9T$9$k$3$H$K$h$j!"(BFTP $B$NE>Aw>uBV$No$KBgNL$N%U%!%$%k%0%m%S%s%0(B
$BJ8;zNs$rH/9T$9$k$3$H$K$h$j!"(BFTP $B%5!<%S%9$r%/%i%C%7%e$5$;$k860x$H$J$k!#(B

$B$3$NuBV$r@8@.$9$k$@$1$G$J(B
$B$/!"%f!<%6$N%j%/%(%9%H$rCf7Q$9$k%=%U%H%&%'%"%b%8%e!<%k$X$N%(%i!u67(B
$B$K$h$j!"(BIIS $B%5!<%S%9$ODd;_$7!"A4$F$N8=:_M-8z$J(B FTP $B%;%C%7%g%s$bCfCG$5$l(B
$B$F$7$^$&!#(B

IIS 4.0 $B$G$O!"(BIIS $B%5!<%S%9$NI|5l$N$?$a$K$O!"%5!<%S%9$r30. ASP-Nuke Cross-Agent Scripting Vulnerability
BugTraq ID: 4481
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4481
$B$^$H$a(B:

ASP-Nuke $B$O(B Web $B$rMxMQ$9$k%]!<%?%k%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$K$h(B
$B$j!"%f!<%6$O%"%+%&%s%H$N:n@.!"$3$N%=%U%H%&%'%"$rMxMQ$7$F9=C[$5$l$?(B Web 
$B%5%$%H$X$N(B Web $B%3%s%F%s%D$NEj9F$,2DG=$G$"$k!#(B

ASP-Nuke $B$O%f!<%6$N%W%m%U%!%$%k%Z!<%8Fb$N!"@x:_E*$JLdBj$H$J$jF@$kJ8;zNs(B
$B$NE,@Z$J=|5n$r9T$o$J$$!#967bl9g!"Kd$a9~$^$l$?%9%/%j%W%H$O31. Microsoft IIS Chunked Encoding Transfer Heap Overflow Vulnerability
BugTraq ID: 4485
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4485
$B$^$H$a(B:

Active Server Pages $B$H4XO"$7$F$$$k%A%c%s%/2=$5$l$?%;%C%7%g%s$NE>Aw5!9=(B
('chunked encoding transfer mechanism') $BFb$K%R!<%W%*!<%P%U%m!<$NLdBj$,(B
Microsoft IIS (Internet Information Services) $B$KJs9p$5$l$?!#(B

Web $B%/%i%$%"%s%H$O(B ASP (Active Server Pages) $B%9%/%j%W%H$X!"MM!9$JBg$-$5(B
$B$N%A%c%s%/$N%G!<%?$rAw?.$9$k2DG=@-$,$"$k!#$3$l$O(B HTTP $B%W%m%H%3%k$N5,Dj(B
$B$N0lIt$G$"$j!"%A%c%s%/2=$5$l$?E>Aw(B (a chunked encoding transfer) $B$H$7$F(B
$BCN$i$l$F$$$k!#%A%c%s%/2=$5$l$?E>Aw5!9=$O!"$3$NE>AwJ}<0$ruBV$rH/@8$5$;$?$j!"$"$k$$$O%j%b!<%H$N967b]$N%[%9%H>e$GG$0U(B
$B$N%3!<%I$r$N%5%s%W%k%9%/%j%W%H$b1~MQ2DG=$G$"$k!#(B

$B$3$N(B BugtraqID $B$O!"(BSecurityFocus $B$+$i8x3+$5$l$?!V(BIIS$B$K$*$1$k%j%b!<%H$+(B
$B$i967b$KMxMQ2DG=$JLdBjE@$N=89gE*7Y9p!W(B(the aggregated Multiple Remote
IIS Vulnerabilities) $B$K0z$-B3$/!"8DJL$KFHN)$7$?LdBj$G$"$kE@$K$D$$$F$O(B
$BN10U$,I,MW$G$"$k!#(B

32. Microsoft IIS Help File Search Cross Site Scripting Vulnerability
BugTraq ID: 4483 
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4483
$B$^$H$a(B:

IIS $B$N$$$/$D$+$N%P!<%8%g%s$K!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,B8:_(B
$B$9$k!#(BIIS $B$K4^$^$l$F$$$k%X%k%W%U%!%$%k$O8!:w5!G=$,$D$$$F$$$k$,!"FCDj$N(B
$B4D6-2<$G!"%f!<%6$K$h$C$FAw?.$5$l$?ITE,@Z$J5-=R$r4^$`(B HTML $B%3%s%F%s%D$r(B
$B@8@.$9$k>l9g$,$"$k!#(B

$B967bpJs$NO3$($$$r0z$-(B
$B5/$3$7$?$j!"967b33. Microsoft IIS ASP Server-Side Include Buffer Overflow Vulnerability
BugTraq ID: 4478
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4478
$B$^$H$a(B:

Microsoft IIS (Internet Information Services) $B$K$*$$$F!"(BASP $B%9%/%j%W%H(B
$B$K4^$^$l$k%U%!%$%k$H$7$F!"MW5a$5$l$?%U%!%$%kL>$rAH$_9~$`$?$a$N=hM}$K4X(B
$BO"$9$k%P%C%U%!%*!<%P!<%U%m!<$,H/8+$5$l$F$$$k!#(B

IIS $B$O%U%!%$%kL>$ND9$5$,!"6KC<$KD9$/$J$$$3$H$rJ]>Z$7$h$&$H;n$_$k!#$3$N(B
$B3NG'$r$9$jH4$1$k$3$H$,2DG=$H$J$kLdBj$,B8:_$9$k$?$a!"7k2LE*$K@x:_E*$J%P%C(B
$B%U%!%*!<%P%U%m!<$N860x$H$J$k!#(BIIS 4.0$B!"(BIIS 5.0$B!"(BIIS 5.1 $B$,$3$NLdBj$N1F(B
$B6A$rr7o2<$K$*$$$F!"%j%b!<%H$N967b$H$7$FAw?.2DG=$G$"$k$H?d;!$5$l$k!#(B
$B967b$r@.8y$5$l$k$?$a$K$O!"967b]%[%9%H$r(B DoS $B>uBV$K4Y$i$;$?$j!"%j%b!<%H(B
$B$N967b34. ASP-Nuke Plaintext Cookie Authentication Credentials User Account Compromise Vulnerability
BugTraq ID: 4484
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4484
$B$^$H$a(B:

ASP-Nuke $B$O(B Web $B$rMxMQ$9$k%]!<%?%k%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$K$h(B
$B$j!"%f!<%6$O%"%+%&%s%H$N:n@.!"$3$N%=%U%H%&%'%"$rMxMQ$7$F9=C[$5$l$?(B Web 
$B%5%$%H$X$N(B Web $B%3%s%F%s%D$NEj9F$,2DG=$G$"$k!#(B

ASP-Nuke $B$OG'>Z$K%/%C%-!<$rMxMQ$7$F$$$k!#%f!<%6$K%/%C%-!<$,H/9T$5$l$k(B
$B:]!"%/%C%-!<$O0E9f2=$5$l$F$$$J$$>uBV$G%/%i%$%"%s%H$K3JG<$5$l$k!#$3$N$?(B
$B$a!"0-0U$"$k%f!<%6$O%/%C%-!Z2DG=$G$"$k!#(B

$B4IM}35. Microsoft IIS HTTP Error Page Cross Site Scripting Vulnerability
BugTraq ID: 4486
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4486
$B$^$H$a(B:

$BFCDj$N%P!<%8%g%s$N(B IIS $B$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,B8:_$9(B
$B$k!#(B IIS $B$,(B HTTP $B%(%i!<%Z!<%8$r@8@.$7$?:]$K!"$"$k4D6-2<$G(B HTML $B%3%s%F(B
$B%s%DFb$K%f!<%6$K$h$C$FF~NO$5$l$?ITE,Ev$JJ8;zNs$,4^$^$l$k2DG=@-$,$"$k!#(B

HTTP 404 $B1~Ez$rJV$9%(%i!<%Z!<%8$,(B IIS $B$K$h$C$F@8@.$5$l$k:]!"%(%i!<%Z!<(B
$B%8$N0lIt$KB8:_$7$J$$%Z!<%8$N%H%C%W%l%Y%k%I%a%$%s$X$N%O%$%Q!<%j%s%/$,4^(B
$B$^$l$k!#%j%s%/$K4^$^$l$F$$$kJ8;zNs$K$O!"MW5a$5$l$?(B URL $B$N(B '://' $B$+$i(B '/'
$B$N4V$N%G!<%?$,4^$^$l$F$$$k!#(B

$B967b]$N(B URL $B$N(B HTTP $B4pK\G'>Z%;%/%7%g%sFb$K%9%/%j%W%H(B
$B$r4^$a$k$3$H$K$h$j!"0-0U$"$k%9%/%j%W%H$r4^$`(B URL $B$rAH$_N)$F$i$l$k2DG=@-(B
$B$,$"$k!#E,@Z$K%(%9%1!<%W=hM}$,9T$o$l$F$$$k>l9g!"(BURL $B$K4^$^$l$?%9%/%j%W(B
$B%H%3!<%I$O967bBP>]$N%[%9%H$NL>A02r7h$NK8$2$K$J$k$3$H$J$/!"(BIIS $B$N1~Ez%Z!<(B
$B%8$KE,@Z$KI=<($5$l$k!#(B

$B967bpJs$NO3$($$$r0z$-(B
$B5/$3$7$?$j!"967bZMQ>pJs$,!"(BMicrosoft $B%I%a%$%s$d(B Microsoft
$B$N%5!<%S%9(B (Hotmail $B$d(B passport) $B$NHs>o$KB?$/$N%f!<%6$K$h$C$FEp$_=P$5$l(B
$B$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k$HJs9p$5$l$F$$$k!#(B

$B$3$N(B BugtraqID $B$O!"(BSecurityFocus $B$+$i8x3+$5$l$?!V(BIIS$B$K$*$1$k%j%b!<%H$+(B
$B$i967b$KMxMQ2DG=$JLdBjE@$N=89gE*7Y9p!W(B(the aggregated Multiple Remote
IIS Vulnerabilities) $B$K0z$-B3$/!"8DJL$KFHN)$7$?LdBj$G$"$kE@$K$D$$$F$O(B
$BN10U$,I,MW$G$"$k!#(B

36. Microsoft IIS HTTP Redirect Cross Site Scripting Vulnerability
BugTraq ID: 4487
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4487
$B$^$H$a(B:

IIS $B$N$$$/$D$+$N%P!<%8%g%s$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,B8(B
$B:_$9$k!#(BHTTP $B%j%@%$%l%/%H%Z!<%8$O(B IIS $B$K$h$C$F@8@.$5$l$k$,!"FCDj$N4D6-(B
$B2<$G$O%f!<%6$K$h$kITE,@Z$JF~NO$,(B HTML $B%3%s%F%s%D$K4^$^$l$k2DG=@-$,$"$k!#(B

$B967be$K%j%s%/$r:n@.$9$k(B
$B2DG=@-$,$"$k!#%f!<%6$,$3$N%j%s%/$r;2>H$7$?:]$K!"%9%/%j%W%H$O%5!<%P$K$h$C(B
$B$F:F@8@.$5$l!"LdBj$N$"$k%5%$%H$N8"8B$GpJs$NO3$($$$r0z$-5/$3$7$?$j!"967b37. Microsoft IIS HTTP Header Field Delimiter Buffer Overflow Vulnerability
BugTraq ID: 4476
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4476
$B$^$H$a(B:

$B%X%C%@%U%#!<%k%I$N%j%/%(%9%H%W%m%;%9$H4X78$,$"$k!"%P%C%U%!%*!<%P!<%U%m!<(B
$B$,(B Microsoft IIS $B!J(BInternet Information Services$B!K$GH/8+$5$l$?!#(B

$B$3$NLdBj$O(B HTTP $B%X%C%@%U%#!<%k%I$N6h@Z$jJ8;z$N2ru(B
$BBV$r:n$j=P$9!#(BIIS 4.0 $B!"(BIIS 5.0 $B$*$h$S(B IIS 5.1 $B$,$3$NLdBj$N1F6A$,5Z$V!#(B

$B$3$NLdBj$rMxMQ$9$k$3$H$G!"BP>]%[%9%H$r(B DoS $B>uBV$K4Y$i$;$?$j!"%j%b!<%H(B
$B$N967b38. EMUMail HTTP Host Arbitrary Config File Loading Vulnerability
BugTraq ID: 4488
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4488
$B$^$H$a(B:

Emumail $B$O(B Emumail $B$+$iF~l9g!"(BEmumail $B$O(B HTTP $B%[%9%H$NCM$r%A%'(B
$B%C%/$9$k!#%/%i%$%"%s%H$+$i0lEYCM$,M?$($i$l$k$H!"%5!<%P$O$3$NCM$rMxMQ$7(B
$B$F%U%!%$%k$r3+$/$N$,;EMM$G$"$k!#(B

$B$$$/$D$+$N>u672<$G$O!"%m!<%+%k%f!<%6$,(B HTTP $B%5!<%P$N%W%m%;%9$Nl9g!"%W%m%0%i%`$K6/@)E*$KG$0U$N%U%!%$%k$r3+<($5(B
$B$;$k$3$H$,2DG=$G$"$k!#$3$l$K2C$($F!"967bBP>]$N%3%s%T%e!<%?$N%m!<%+%k$N(B
$B4D6-$K%"%/%;%9$G$-F@$?967b7$/7k2L$r>7$/$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O%m!<%+%k%f!<%6$K(B HTTP $B%W%m%;%9$N8"8B$G$N%3!<%I$N39. ASP-Nuke Forged Cookie Information Disclosure Vulnerability
BugTraq ID: 4489
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 09 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4489
$B$^$H$a(B:

ASP-Nuke $B$O(B Web $B$rMxMQ$9$k%]!<%?%k%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$K$h(B
$B$j!"%f!<%6$O%"%+%&%s%H$N:n@.!"$3$N%=%U%H%&%'%"$rMxMQ$7$F9=C[$5$l$?(B Web 
$B%5%$%H$X$N(B Web $B%3%s%F%s%D$NEj9F$,2DG=$G$"$k!#(B

ASP-Nuke $B$G%[%9%H$K=EMW$J%7%9%F%`>pJs$rJV$7$F$7$^$&2DG=@-$,$"$kLdBj$,(B
$BJs9p$5$l$F$$$k!#(B

ASP-Nuke $B$OG'>Z$K%/%C%-!<$rMxMQ$7$F$$$k!#%f!<%6$K%/%C%-!<$,H/9T$5$l$k(B
$B:]!"%/%C%-!<$O0E9f2=$5$l$F$$$J$$>uBV$G%/%i%$%"%s%H$K3JG<$5$l$k!#$3$N$?(B
$B$a!"%f!<%6$O%/%C%-!<$rJV$9:]$KG'>ZMQ%/%C%-!<>pJs$r=$@5$9$k2DG=@-$,$"$j!"(B
$B%/%C%-!<$rpJs$rF~]$N%3%s%T%e!<%?$X$N$5(B
$B$i$J$k967b$NJd=u40. Microsoft IIS Chunked Encoding Heap Overflow Variant Vulnerability
BugTraq ID: 4490
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B8xI=F|(B URL:
http://www.securityfocus.com/bid/4490
$B$^$H$a(B:

Active Server Pages $B$H4XO"$7$F$$$k%A%c%s%/2=$5$l$?%;%C%7%g%s$NE>Aw5!9=(B
('chunked encoding transfer mechanism') $BFb$K%R!<%W%*!<%P%U%m!<$NLdBj$,(B
Microsoft IIS (Internet Information Services) $B$KJs9p$5$l$?!#(B

Web $B%/%i%$%"%s%H$O(B ASP (Active Server Pages) $B%9%/%j%W%H$X!"MM!9$JBg$-$5(B
$B$N%A%c%s%/$N%G!<%?$rAw?.$9$k2DG=@-$,$"$k!#$3$l$O(B HTTP $B%W%m%H%3%k$N5,Dj(B
$B$N0lIt$G$"$j!"%A%c%s%/2=$5$l$?E>Aw(B (a chunked encoding transfer) $B$H$7$F(B
$BCN$i$l$F$$$k!#%A%c%s%/2=$5$l$?E>Aw5!9=$O!"$3$NE>AwJ}<0$ruBV$K4Y$i$;$k!"(B
$B$"$k$$$O!"%j%b!<%H$N967b]$N%3%s%T%e!<%?>e$GG$0U$N%3!<(B
$B%I$,7$/2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B BID 4485 "Microsoft IIS Chunked Encoding Transfer Heap Overflow
Vulnerability" $B$G5DO@$5$l$F$$$k$b$N$H$O0[$J$kLdBj$G$"$k!#(B

$B$3$N(B BugtraqID $B$O!"(BSecurityFocus $B$+$i8x3+$5$l$?!V(BIIS$B$K$*$1$k%j%b!<%H$+(B
$B$i967b$KMxMQ2DG=$JLdBjE@$N=89gE*7Y9p!W(B(the aggregated Multiple Remote
IIS Vulnerabilities) $B$K0z$-B3$/!"8DJL$KFHN)$7$?LdBj$G$"$kE@$K$D$$$F$O(B
$BN10U$,I,MW$G$"$k!#(B

41. WatchGuard SOHO Firewall Vanishing IP Restrictions Vulnerability
BugTraq ID: 4491
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 10 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4491
$B$^$H$a(B:

SoHo firewall $B$O(B WatchGuard $B$,HNGd$*$h$SJ]Z$r9T$&$3$H$J$/%7%9%F(B
$B%`;q8;$rC%7$$$F$7$^$&$N$G$"$k!#%f!<%6$,FCDj$N(BIP$B%"%I%l(B
$B%9$NHO0O$rBP>]$K$7$?(BIP$B%"%I%l%9$K$h$k%"%/%;%9@)8B9=@.$r@_Dj$9$k>l9g!"(B
$B%U%!%$%d%&%)!<%k$KG$0U$N%"%/%;%9@)8B@_Dj$N9`L\$rGK4~$5$;$k$3$H$,2DG=(B
$B$G$"$k!#$3$NLdBj$K$h$j!"%j%b!<%H$N967bDj$5$l$F$$$k%M%C%H%o!<%/$KBP$9$k!"0U?^$7$J$$%"%/%;%9$,2DG=$K$J(B
$B$k$N$G$"$k!#(B

$B$^$?!"$3$NLdBj$O!"Nc$($P%U%!%$%d%&%)!<%k$N4IM}MQ%3%s%=!<%k$+$i$N%m%0(B
$B$N:N42. IBM Tivoli Storage Manager Client Acceptor Buffer Overflow Vulnerability
BugTraq ID: 4492
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Apr 11 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4492
$B$^$H$a(B:

IBM Tivoli Storage Manager $B$O>.5,LO$+$iBg5,LO$^$G$NAH?%$rBP>]$K$9$k!"(B
$B%G!<%?$NJ]8n5!G=$rDs6!$9$kCf1{4IM}7?%7%9%F%`$G$"$k!#(B

TSM client acceptor $B$H>N$9$k5!G=$O!"(BWeb $B$N%P%C%/%"%C%WMQ5-O?$H%9%1%8%e(B
$B!<%i%/%i%$%"%s%H$N4IM}$r9T$C$F$$$k!#$7$+$7!"$3$N5!G=$K$O%P%C%U%!%*!<%P(B
$B!<%U%m!<$NH/@8>r7o$,H/8+$5$l$F$$$k!#(B

$B$=$N(B TSM Client Acceptor $B$O==J,$J6-3&%A%'%C%/$re=q$-$,2DG=$G(B
$B$"$j!"(BWeb $B%5!<%P$N%W%m%;%9$H$7$FG$0U$N%3!<%I$N43. OpenBSD Default Crontab root Compromise Vulnerability
BugTraq ID: 4495
$B%j%b!<%H$+$i$N:F8=@-(B: $BITL@(B
$B8xI=F|(B: Apr 11 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4495
$B$^$H$a(B:

OpenBSD $B$O%G%U%)%k%H@_Dj$GB?$/$N(B cron $B%8%g%V$rpJs$rMWLs$9$k$?$a$Kl9g!"967b]$N%U%!%$%kL>$O!"967bl=j$N>/$J$/$H$b0l2U=j$H$J$k$3$H$OL@3N(B
$B$G$"$k!#$^$?!"(Bsyslog $B$N=PNO@h$NFbMF$K!"0-0U$"$k%G!<%?$rA^F~$5$l$k2DG=(B
$B@-$b$"$jF@$k!#$b$7!"(Bsyslog $B$N=PNO@h$NFbMF$K0-0U$"$k%G!<%?$,A^F~$5$l$?(B
$B>l9g!"$3$NLdBj$rMxMQ$9$k967b$O%j%b!<%H$+$i44. SGI IRIX Mail Core Dump Vulnerability
BugTraq ID: 4499
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: Apr 11 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4499
$B$^$H$a(B:

IRIX $B$O(B SGI $B$,HNGd$*$h$SJ]:3J$K7R$,$k2DG=@-$,$"$kLdBj$,H/8+$5$l$F$$$k!#$3$N(B
$BLdBj$O(B mail $B%3%^%s%I$KM3Mh$7$F$$$k!#(B

$B$$$/$D$+$N>u672<$K$*$$$F!"%m!<%+%k%f!<%6$,(B mail $B%3%^%s%I$K6/@)E*$K%3%"(B
$B%@%s%W$r0z$-5/$3$92DG=@-$,$"$k!#$3$NLdBj$O%P%C%U%!%*!<%P!<%U%m!<$,@8$8(B
$B$k2DG=@-$,$"$kLdBj$G$"$k!#(Bmail $B%3%^%s%I$ODL>o!"(Bsetgid mail $B$N:3J$r0z$-5/(B
$B$3$9$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$K$h$j!"%m!<%+%k%f!<%6$,4IM}45. IBM Informix Web Datablade SQL Query HTML Decoding Vulnerability
BugTraq ID: 4498
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Apr 11 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4498
$B$^$H$a(B:

Informix $B$O(B IBM $B$K$h$C$FHNGd!"J]]$K$7$?%G!<%?(B
$B%Y!<%9$G$"$k!#(BInformix SQL $B$N(B Web Datablade $B%b%8%e!<%k$O%G!<%?%Y!<%9$N(B
$B%G!<%?$rMxMQ$7!"(BHTML $B$rF0E*$K@8@.$9$k!#(BWeb Datablade $B$O(B Apache$B!"(BIIS$B!"(B
Netscape $B$N%5!<%P8~$1$KDs6!$5$l$F$$$k!#$3$N%=%U%H%&%'%"$O(B Windows NT$B!"(BLinux$B!"(B
$B$^$?MM!9$J(B UNIX $B8_49$N%7%9%F%`$K$*$$$Fl9g$K4m81$J7k2L$r$b$?$i$92DG=@-$,$"$k!"(B" ($BFs=E0zMQId(B) $B$J$I$NJ8(B
$B;zNs$r(B HTML $BFb$GI=<($G$-$k$h$&$K%(%s%3!<%I$9$k$?$a$KMxMQ$5$l$F$$$k!#(B
$BJs9p$K$h$k$H!"(BWeb Datablade $B$K$h$C$Fl9g!"%;%-%e%"$G$O$J$$%3!<%I$,:n@.$5$l$k2DG=@-$,$"$k!#$3(B
$B$NLdBj$O(B Web Datablade $B$K$h$C$F3+H/$5$l$?%W%m%8%'%/%H$KBP$7!"(BSQL $B9=J8$r(B
$BA^F~2DG=$K$J$kLdBj$NH/8=2DG=@-$rA}Bg$5$;$k$3$H$,2DG=$K$J$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$N@.2L$O!"$3$N(B Web Database $B9=B$$r3+H/$7$?%W%m%8%'(B
$B%/%H$NFbMF46. IBM Tivoli Storage Manager Long Username Buffer Overflow Vulnerability
BugTraq ID: 4500
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Apr 11 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4500
$B$^$H$a(B:

IBM Tivoli Storage Manager $B$O>.5,LO$+$iBg5,LO$^$G$NAH?%$rBP>]$K$9$k!"(B
$B%G!<%?$NJ]8n5!G=$rDs6!$9$kCf1{4IM}7?%7%9%F%`$G$"$k!#(B

$B6-3&%A%'%C%/$,IT==J,$J$?$a!"%f!<%6$O%P%C%U%!%*!<%P!<%U%m!<$r5/$3$9$3$H(B
$B$,2DG=$H$J$k!#DL>o$G$O$"$jF@$J$$%f!<%6L>(B ($B$*$h$=(B 1976 $BJ8;z(B) $B$r%5!<%P$N(B
 HTTP $B%]!<%H(B ($B%]!<%H(B 1580 $BHV(B) $B$KAw$jIU$1$k$3$H$G!"%*!<%P!<%U%m!<$r0z$-(B
$B5/$3$9$3$H$,2DG=$J$N$G$"$k!#(B

$B$3$N%*!<%P!<%U%m!<$O%j%?!<%s%"%I%l%9$r4^$`!"%9%?%C%/CM$N>e=q$-$,2DG=$G(B
$B$"$j!"(BWeb $B%5!<%P$N%W%m%;%9$H$7$FG$0U$N%3!<%I$N47. InterNetNews Multiple Local Format String Vulnerabilties
BugTraq ID: 4501
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 11 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4501
$B$^$H$a(B:

The Internet Software Consortium (ISC) InterNetNews (INN) project $B$O6/(B
$BNO$G$"$j!"(BNNTP $B%5!<%P$d(B USENET $B%7%9%F%`$N5-;vG[Aw!"9XFI%5!<%P$r4^$`!"(B
USENET $B%7%9%F%`$N@h6n$1$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux $B$r4^$`(B UNIX $BM3(B
$BMh$NHs>o$KB?$/$N(B OS $B$G2TF02DG=$G$"$k!#(B

INN (inews $B$H(B rnews) $B$N(B 2 $B$D$N%W%m%0%i%`$K$*$$$F!"J#?t$NLdBj$,Js9p$5$l(B
$B$F$$$k!#Js9p$K$h$k$H!"APJ}$K$O=q<0;XDj;R$Nu672<$G$O!"$3$l$i%P%$(B
$B%J%j$O(B suid root $B$b$7$/$O(B sgid news $B$G%$%s%9%H!<%k$5$l$k2DG=@-$,$"$j!"(B
$B$3$N>l9g!"%m!<%+%k$N967b:3J$5$l$F$7$^$&$N$G$"$k!#(B

$B$^$?!"%;%-%e%"$G$O$J$$(B open() $B4X?t$N8F$S=P$7$,(B INN $B%Q%C%1!<%8$K4^$^$l$k!"(B
$B$$$/$D$+$N%P%$%J%j$K$bB8:_$9$k2DG=@-$,$"$kE@$K$D$$$F$bJs9p$5$l$F$$$k!#(B
$B8=;~E@$K$*$$$F$O!"$5$i$J$k5;=QE*$J>\:Y$K$D$$$F$O8x3+$5$l$F$$$J$$!#(B

$B$D$$:G6a$N%P!<%8%g%s$N(B INN $B$K$*$$$F$b!"$3$l$i$NLdBj$rF1MM$KJz$($F$$$k(B
$B2DG=@-$,$"$k!#$7$+$7!"$3$l$K$D$$$F$OL$8!>Z$G$"$k!#$D$$:G6a$N%P!<%8%g%s(B
$B$N(B INN $B$O$h$jDc$$8"8B$GF0:n$7$F$$$k$3$H$,Js9p$5$l!"$3$NLdBj$rMxMQ$7$FC%(B
$B48. IBM Informix Web Datablade Page Request SQL Injection Vulnerability
BugTraq ID: 4496
$B%j%b!<%H$+$i$N:F8=@-(B:
$B8xI=F|(B: Apr 11 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4496
$B$^$H$a(B:

Informix $B$O(B IBM $B$K$h$C$FHNGd!"J]]$K$7$?%G!<%?(B
$B%Y!<%9$G$"$k!#(BInformix SQL $B$N(B Web Datablade $B%b%8%e!<%k$O%G!<%?%Y!<%9$N(B
$B%G!<%?$rMxMQ$7!"(BHTML $B$rF0E*$K@8@.$9$k!#(BWeb Datablade $B$O(B Apache$B!"(BIIS$B!"(B
Netscape $B$N%5!<%P8~$1$KDs6!$5$l$F$$$k!#$3$N%=%U%H%&%'%"$O(B Windows NT$B!"(BLinux$B!"(B
$B$^$?MM!9$J(B UNIX $B8_49$N%7%9%F%`$K$*$$$Fl9g!"%G!<%?%Y!<%9Fb$N%G!<%?%Y!<%9%f!<%6$d%Q%9%o!<%I>p(B
$BJs$r4^$`!"=EMW$J>pJs$r3+<($b$7$/$O2~$6$s$5$l$k2DG=@-$,$"$k!#%G!<%?%Y!<(B
$B%9Fb$NZ%W%m%;%9Fb$KN`;w$NLd(B
$BBj$,B8:_$9$k$3$H$,Js9p$5$l$F$*$j!"%G!<%?%Y!<%9$X$N%/%(%j$b$^$?>7$/$N$G(B
$B$"$k!#$7$+$7!"$3$NLdBj$K$D$$$F$N>\:Y$JpJs$O8x3+$5$l$F$$$J$$!#(B

49. Caldera X11 Library -xrm Buffer Overflow Vulnerability
BugTraq ID: 4502
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 11 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4502
$B$^$H$a(B:

OpenUNIX $B$O(B UNIXWare $B$+$iGI@8$5$l$?$b$N$G$"$j!"APJ}$N(B UNIX $B%*%Z%l!<%F(B
$B%#%s%0%7%9%F%`$O(B Caldera $B$G(B $BHNGd$*$h$SJ]:3J$,2DG=$G$"$k!#(B
$B$3$NLdBj$O6-3&%A%'%C%/$KM3Mh$7$F$$$k!#(B

$B$$$/$D$+$N>u672<$K$*$$$F!"$h$j9b0L$N8"8B$rC%u67$K4Y$i$;$k$3$H$,2DG=$G$"$k!#(B
-xrm $B%U%i%0$,N)$C$F$$$k>l9g!"LdBj$rJz$($k%P!<%8%g%s$N(B X11 $B%i%$%V%i%j$H(B
$B%j%s%/$5$l$?%W%m%0%i%`$O!"E,@Z$J6-3&%A%'%C%/$r9T$o$J$$$N$G$"$k!#(B
$B$3$N$?$a!"%j%?!<%s%"%I%l%9$r4^$`%9%?%C%/Fb$NCM$,>e=q$-$5$l!"%3!<%I$Nu67$r>7$$$F$7$^$&!#(B

$B$3$NLdBj$O$3$N%i%$%V%i%j$K%j%s%/$5$l!"(Bsetuid $B8"8B$,M?$($i$l$F$$$k]$K$J$jF@$k!#$3$l$i>u672<$K$*$$$F$O!"967b(B
$BBP>]$N%W%m%0%i%`$O(B setuid user $B$N8"8B$G%3!<%I$r$N@x:_E*$J(B
$BLdBj$O!"LdBj$rJz$($k%i%$%V%i%j$K%j%s%/$5$l$?!"(Bsetuid $B8"8B$,@_Dj$5$l$F$$(B
$B$J$$%W%m%0%i%`$+$i!"@_Dj$5$l$F$$$k%W%m%0%i%`$K$+$1$F$NHO0O$KEO$C$F@8$8(B
$B$k2DG=@-$,$"$k!#(B


III. SECURITYFOCUS NEWS AND COMMENTARY
------------------------------------------
1. Fears of a Security Brain Drain
$BCxJ$N@/:v$,9g=09q;TL18"(B
$B$r;}$?$J$$?M!9$N8[MQ7@Ls$rM^@)$9$k$?$a$K!"$9$G$K6l6-$K4Y$C$F$$$k$H46$8(B
$B$k$h$&$K$J$C$F$$$k!#%Z%s%?%4%s$O9q2H$X$NCi@?$G$"$k$H8l$C$F$$$k!#(B
$B%t%#%6J]M-http://online.securityfocus.com/news/367

2. Cost, Mistrust Hold Back Security Outsourcing
$BCxhttp://online.securityfocus.com/news/366

3. McAfee OKs Network Associates' New Offer
$BCxhttp://online.securityfocus.com/news/365

4. FBI: Businesses Loath To Report Hacks
$BCxhttp://online.securityfocus.com/news/364


IV.SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. EtherApe v0.8.2
$B:nhttp://etherape.sourceforge.net/
$BF0:n4D6-(B: Linux, NetBSD, Solaris $B%5%$%:(B: 0 Kb
$B$^$H$a(B:

EtherApe $B$O(B etherman $B$KB3$/$b$N$H$7$F@_7W$5$l$?(B UNIX $BMQ$N%0%i%U%#%+%k%M%C(B
$B%H%o!<%/%b%K%?$G$9!#(BEther$B!"(Bip$B!"(Btcp $B%b!<%I$,$"$j!"%M%C%H%o!<%/$N>uBV$r2h(B
$BA|$GI=<($7$^$9!#%H%i%U%#%C%/NL$K1~$8$F%[%9%H$d%j%s%/$N%5%$%:$rJQ2=$5$;!"(B
Ethernet$B!"(Bfddi$B!"(Bppp$B!"(Bslip $B%G%P%$%9$r%5%]!<%H$7$^$9!#I=<($5$l$?%H%i%U%#%C(B
$B%/$r%U%#%k%?$9$k$3$H$,2DG=$G!"$^$?!"%M%C%H%o!<%/$+$i@8$N%G!<%?$r2. Nikto v1.017
$B:nhttp://www.cirt.net/code/nikto.shtml
$BF0:n4D6-(B: Perl (any system supporting perl), UNIX, Windows 2000, Windows
95/98, Windows NT, Windows XP
$B$^$H$a(B:

Nikto $B$O(B Perl $B$G3+H/$5$l(B SSL $B$r%5%]!<%H$7!"%*!<%W%s%=!<%9$H$7$F8x3+$5$l(B
$B$F$$$k!"(BWeb $B%5!<%P$rBP>]$H$9$k%9%-%c%J%W%m%0%i%`$G$9!#$3$N%=%U%H%&%'%"$O(B
LibWhisker $B$r85$K3+H/$5$l!"(BWhisker 1.4 $B$K7g$1$F$$$k5!G=!"$9$J$o$A!"%W%m%-(B
$B%7$X$NBP1~!"%[%9%HG'>Z!"(BSSL $BBP1~$rHw$($F$$$^$9!#(BNikto $B$O%j%b!<%H$+$i967b(B
$B2DG=$J(B Web $B%5!<%P$NLdBj(B ($B$=$7$F@x:_E*$J967b$KMxMQ$5$l$kDxEY(B) $B$H8m$C$?@_Dj(B
$B$K$D$$$F8!::$r9T$$$^$9!#$^$?!"4{$K8E$$%P!<%8%g%s$K$J$C$F$7$^$C$?%=%U%H%&%'(B
$B%"$d%b%8%e!<%k$rH/8+$7!"$I$N$h$&$JFCDj$NLdBj$K4X$9$kLdBj$G$"$C$F$b7Y9p$rH/(B
$B$7$^$9!#$5$i$K$O!"%W%m%-%77PM3$G$N8!::$,2DG=$G$"$j(B ($BG'>ZIU$-$G$9(B)$B!"8!::BP(B
$B>]$N%3%s%T%e!<%?$X$O4pK\G'>Z$r;O$a$H$9$kG'>Z$r9T$$$^$9!#%G!<%?$OJ]3. Dante v1.1.12
$B:nhttp://www.inet.no/dante/
$BF0:n4D6-(B: Digital UNIX/Alpha, IRIX, Linux, OpenBSD, Solaris, SunOS
$B$^$H$a(B:

Dante $B$O!"(BSocks $B%P!<%8%g%s(B 4$B!"(BSocks $B%P!<%8%g%s(B 5 (rfc1928)$B!"(BMSProxy
$B$H$$$C$?%W%m%-%7%W%m%H%3%k$r%U%j!<$KMxMQ$G$-$k$h$&$K$7$?&6HMxMQ$b2DG=$G$9!#(B

4. File System Saint v0.24
$B:nhttp://insecure.dk/
$BF0:n4D6-(B: OpenBSD, Perl (any system supporting perl)
$B$^$H$a(B:

File System Saint $B$O%9%T!<%I$H;H$$$d$9$5$K>GE@$rCV$$$?(B Tripwire $B$K$h$/(B
$B;w$?%7%9%F%`$N0l4S@-%A%'%C%/%f!<%F%#%j%F%#$G$9!#(BPerl $B$G3+H/$5$l!"0l4S@-(B
$B$N%A%'%C%/$K$O(B Digest::MD5 $B$,;HMQ$5$l$F$$$^$9!#(BFile System Saint $B$O!"(B
Perl $B$,%$%s%9%H!<%k$5$l$F$$$l$P;ve$9$Y$F$N%W%i%C%H%U%)!<%`$GF0:n$7$^(B
$B$9!#E,@Z$J>l=j$K%b%8%e!<%k$,$"$l$P(B Win32 $B>e$G$5$($bF0:n$7$^$9!#%U%!%$%k(B
$B>pJs$NJ];}$O%F%-%9%H%U%!%$%k$N%G!<%?%Y!<%9$r;HMQ$7$^$9!#(B

5. ifmonitor v0.25
$B:nhttp://ifmonitor.preteritoimperfeito.com/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

ifmonitor $B$O(B Linux $B8~$1$N%M%C%H%o!<%/%$%s%?%U%'!<%9$r7PM3$9$k%H%i%U%#%C(B
$B%/$N%m%0:N6. Syslog-ng v1.5.16
$B:nhttp://www.balabit.hu/products/syslog-ng/
$BF0:n4D6-(B: BSDI, Linux, Solaris
$B$^$H$a(B:

syslog-ng $B$O!"$=$NL>A0$,<($9$h$&$K?7;~Be$KMW@A$5$l$k5!G=$rDI2C$7$?(B 
syslogd $B$G$9!#%*%j%8%J%k$N(B syslogd $B$O%W%i%$%*%j%F%#$H%U%!%7%j%F%#$NAH(B
$B$_9g$o$;$K4p$E$$$FJB$Y$i$l$?%a%C%;!<%8$N$_;HMQ$7$^$7$?!#$7$+$7!"(B
syslog-ng $B$K$O@55,I=8=$r;HMQ$7$?%a%C%;!<%8$NFbMF$K4p$E$$$?%U%#%k%?$r;H(B
$BMQ$9$k5!G=$,DI2C$5$l$^$7$?!#?7$7$$@_Dj%9%-!<%^$OD>46E*$GJ,$+$j$d$9$/!"(B
$B$7$+$b6/NO$G$9!#(BTCP $B$r2p$7$F%m%0$rE>Aw$9$k5!G=$dE>Aw$9$k$H$-$KDL2a$7$?(B
$B7PO)$r5-21$9$k5!G=$O!"%U%!%$%d%&%)!<%k$G8n$i$l$?4D6-$K$O7g$+$;$J$$$G$7$g(B
$B$&!#(B
--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$B;{2,N<(B (TERAOKA Ryo)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/
smime.p7s