Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #141 2002-4-15->2002-4-19
From: SAKAI Yoriyuki <sakai@lac.co.jp>
References: <Pine.LNX.4.43.0204221327440.32368-100000@mail.securityfocus.com>
In-Reply-To: <Pine.LNX.4.43.0204221327440.32368-100000@mail.securityfocus.com>
Message-Id: <200204302140.IEA78289.LBBJT@lac.co.jp>
Date: Tue, 30 Apr 2002 21:40:17 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=sha1; Boundary="---------1020170414-6996390"

-----------1020170414-6996390
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 141 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus.com Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B)
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus.com $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews$B!"(BMailinglist$B!"(B
  World Wide Web$B!"=q@R!"$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://www.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (sakai@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 22 Apr 2002 13:28:18 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0204221327440.32368-100000@mail.securityfocus.com>

SecurityFocus Newsletter #141
-----------------------------

This newsletter is sponsored by SecurityFocus (www.securityfocus.com)

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. VBA Emulation: A Viable Method of Macro Virus Detection? Part One
     2. Openwall: Improving Security with the Openwall Patch
     3. Network Intrusion Detection Signatures, Part Five
     4. Closing the Spycam Sniffer Loophole
     5. Peddling Snake Oil as Security
II. BUGTRAQ SUMMARY
     1. Bradford Barrett Webalizer Reverse DNS Buffer Overflow...
     2. Microsoft Internet Explorer History List Script Injection...
     3. Microsoft BackOffice Server Web Administration Authentication...
     4. WebTrends Reporting Center GET Request Buffer Overflow...
     5. Microsoft Internet Explorer Dialog Same Origin Policy Bypass...
     6. Microsoft Windows 2000 Lanman Denial of Service Vulnerability
     7. Sambar Server Script Source Disclosure Vulnerability
     8. AOLServer Developer API Ns_PdLog() Format String Vulnerability
     9. MPE/iX Malformed IP Packet Denial of Service Vulnerability
     10. Pipermail/Mailman Insecure Archives Permissions Vulnerability
     11. PVote Unauthorized Administrative Password Change Vulnerability
     12. PVote Poll Content Manipulation Vulnerability
     13. ColdFusion DOS Device File Request System Information...
     14. FreeBSD Routing Table ICMP Echo Reply Denial Of Service...
     15. Compaq Tru64 C Library Buffer Overflow Vulnerability
     16. Microsoft IIS CodeBrws.ASP File Extension Check Out By One...
     17. MHonArc HTML Script Filter Bypass Vulnerability
     18. Symantec Norton Personal Firewall 2002 Fragmented Packet...
     19. SSH Restricted Shell Escaping Command Execution Vulnerability
     20. Oracle E-Business Suite 11i Unauthorized PL/SQL Procedure...
     21. XPilot Server Remote Buffer Overflow Vulnerability
     22. IcrediBB Script Injection Vulnerability
     23. Foundstone FScan Banner Grabbing Format String Vulnerability
     24. WorkforceROI XPede Unprotected Administrative Facilities...
     25. XPede DataSource.ASP Information Disclosure Vulnerability
     26. WorkforceROI XPede Sprc.ASP SQL Injection Vulnerability
     27. WorkforceROI XPede Weak File Protection Vulnerability
     28. WorkforceROI XPede Arbitrary Time Sheet Disclosure Vulnerabiltiy
     29. Apache Tomcat System Path Information Disclosure Vulnerability
     30. OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
     31. Snitz Forums 2000 Members.ASP SQL Injection Vulnerability
     32. PostBoard BBCode IMG Tag Script Injection Vulnerability
     33. PostBoard Topic Title Script Execution Vulnerability
     34. PostBoard BBCode Denial Of Service Vulnerability
     35. Nortel CVX 1800 Multi-Service Access Switch Default SNMP...
     37. Burning Board URL Parameter Manipulation Vulnerability
     38. Mirabilis ICQ .hpf Denial of Service Vulnerability
     39. Demarc PureSecure Authentication Check SQL Injection...
     40. HP Photosmart Mac OS X Print Driver Weak File Permissions...
     41. Microsoft Internet Explorer Unicode Character Handling DoS...
     42. Multiple Microsoft Products for MacOS File URL Buffer Overflow...
     43. Symantec Norton Personal Firewall 2002 Portscan Protection...
     44. Oracle 9i ANSI Outer Join Access Control Bypass Vulnerability
     45. Symantec Raptor / Enterprise Firewall FTP Bounce Vulnerability
     46. FreeBSD 4.5 syncache / syncookies Denial Of Service Vulnerability
     47. Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability
     48. AOL Instant Messenger Arbitrary File Creation Vulnerability
     49. TalentSoft Web+ WML Request Cookie Buffer Overflow Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
     1. GovNet Plans Moving Forward
     2. Ashcroft, Ellison, Win 'Big Brother' Awards
     3. National ID Plans Face Hurdles
     4. FTC Chairman Pushes Net Crime Vigilance, Not New Laws
     5. New Take On Klez Worm Spreading
     6. Privacy Worries, Net Activism Top Privacy Show Agenda
IV.SECURITY FOCUS TOP 6 TOOLS
     1. Logwatch v2.8.5
     2. TinyCA v0.3.0
     3. Castellan Sentry v0.01
     4. Nessus v1.2.0
     5. lcrzoex v4.08
     6. Firewall by Jim v0.28

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Bradford Barrett Webalizer Reverse DNS Buffer Overflow Vulnerability
BugTraq ID: 4504
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4504
$B$^$H$a(B:

Webalizer $B$O(B Web $B%5%$%H$N%m%0$NE}7W=hM}$r%U%!%$%k2=$9$k!"(BWeb $B%5!<%P$N%m(B
$B%0%U%!%$%k$r<h$j07$&%W%m%0%i%`$G$"$k!#%m%0%U%!%$%k$O(B Referrer $B>pJs!"%V(B
$B%i%&%6>pJs!"(BWeb $B%5%$%H$N%R%C%H?t!"%"%/%;%9$5$l$?%U%!%$%k$J$I$N>pJs$,4^(B
$B$^$l$F@8@.$5$l$F$$$k!#%m%0%U%!%$%k$N=hM}7k2L$O(B HTML $B7A<0$G@8@.$5$l$k$?(B
$B$a!"4IM}<T$O(B Web $B%V%i%&%6$G%m%0$N;2>H$,2DG=$G$"$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B Webalizer $B$K$O%j%b!<%H$+$i$N%P%C%U%!%*!<%P!<%U%m!<(B
$B$r@8$8$kLdBj$,H/8+$5$l$F$$$k!#(BDNS $B%5!<%P$r4IM}$7$F$$$k0-0U$"$k?MJ*$,!"(B
$B5U0z$-(B DNS $B;2>H$,9T$o$l$k:]$K(B Webalizer $B$K0-0U$"$k%G!<%?$rAw?.$9$k2DG=(B
$B@-$,$"$k!#$3$N$?$a!"%a%b%j%P%C%U%!$N%*!<%P!<%U%m!<$r0z$-5/$3$5$l$k2DG=(B
$B@-$,$"$k!#(B

$B$3$N%=%U%H%&%'%"$N%Y%s%@$O!"%W%m%;%9Fb$N%a%b%j$NG[CV>uBV$H!"CmF~$5$l$k(B
$B0-0U$"$k%G!<%?$KMxMQ$5$l$kJ8;z<o$K@)Ls$,$"$k$?$a!"$3$NLdBj$O%3!<%I$N<B(B
$B9T$r9T$o$;$k$?$a$N967b$K$OMxMQ$G$-$J$$$HJs9p$7$F$$$k!#$7$+$7!"(BWeb $B%5!<(B
$B%P$N%m%0$+$i4IM}<T$,%G!<%?$r<h$j=P$95!G=$K1F6A$r5Z$\$9!"$$$/$D$+$N<oN`(B
$B$N<oN`$N(B DoS $B967b$O2DG=$G$"$k$H?d;!$5$l$k!#(B

Webalizer $B$G$N(B DNS $B$N5U0z$-5!9=$O%G%U%)%k%H$G$OL58z2=$5$l$F$$$k$HJs9p(B
$B$5$l$F$$$k!#(B

2. Microsoft Internet Explorer History List Script Injection Vulnerability
BugTraq ID: 4505
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4505
$B$^$H$a(B:

$B$$$/$D$+$N%P!<%8%g%s$N(B Internet Explorer $B$K$OLdBj$,Js9p$5$l$F$$$k!#$3$N(B
$B%V%i%&%6$N!VMzNr!WFb$K(B JavaScript $B$rA^F~$9$k$3$H$,2DG=$G$"$j!"E,@Z$J%f!<(B
$B%6$NBPOCA`:n$,9T$o$l$k$H!"G$0U$N%Z!<%8$N%3%s%F%-%9%H$GA^F~$5$l$?(B JavaScript
$B$r<B9T2DG=$J$N$G$"$k!#(B

Internet Explorer $B$O%V%i%&%6Fb$N!VMzNr!WFb$K(B javascript: $B$+$i;O$^$k(B URL
$B$r3JG<$7$F$$$k!#(Bjavascript: $B$+$i;O$^$k(B URL $BFb$G<B9T$5$l$k(B JavaScript $B$O(B
$B:G8e$K;2>H$5$l$?%Z!<%8$N%;%-%e%j%F%#%>!<%s$N@_Dj$r7Q>5$7$F$$$k!#$3$N;E(B
$BMM$O!"0-0U$r$b$C$F:n@.$5$l$?(B Web $B%Z!<%8Fb$K4^$^$l$k(B javascript: $B$+$i;O(B
$B$^$k(B URL $B$+$i!"%V%i%&%6$rJ]8n$9$k7k2L$r$b$?$i$7$F$$$k!#$7$+$7!"%V%i%&%6(B
$B$N!VLa$k!W%\%?%s$rMxMQ$7$F!"%f!<%6$O(B javascipt: $B$+$i;O$^$k(B URL $B$r;2>H$9(B
$B$k>l9g$,A[Dj$5$l$k$N$G$"$k!#$3$N>l9g!"CmF~$5$l$?%9%/%j%W%H$OB>$N%Z!<%8(B
$B$HF13J$N%3%s%F%-%9%H$G<B9T$5$l$k7k2L$H$J$k2DG=@-$,$"$k!#(B

$B!VLa$k!W%\%?%s$,MxMQ$5$l$?$3$H$r8!CN$9$k(B javascript: $B$+$i;O$^$k(B URL $B$r(B
$BAH$_N)$F$k$3$H$O2DG=$G$"$j!"%f!<%6$,CV$+$l$k>u67$K1~$8$F0[$J$k5sF0$r<((B
$B$9$h$&$K;E8~$1$k$3$H$,2DG=$G$"$k!#$3$NLdBj$K$h$j!"967b<T$O$^$::G=i$K%f!<(B
$B%6$rG$0U$N>l=j$X%j%@%$%l%/%H$5$;!"B3$$$F!VLa$k!W%\%?%s$,MxMQ$5$l$?>l9g(B
$B$K$5$i$J$k9T0Y$,9T$o$l$k$h$&$K;E8~$1$k(B javascript: $B$+$i;O$^$k(B URL $B$rAH(B
$B$_N)$F$k$3$H$,2DG=$G$"$k!#$3$N7k2L!"%f!<%6$,4|BT$7$F$$$k$h$&$J?6$kIq$$(B
$B$KH?$7$F!"G$0U$N%3%s%F%-%9%H$GG$0U$N%9%/%j%W%H$r<B9T$5$;$k$3$H$,2DG=$G(B
$B$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$K$h$j!"G$0U$N(B Web $B%5%$%H$"$k$$$O%m!<%+%k%3%s%T%e!<(B
$B%?$N8"8B$G(B JavaScript $B$,<B9T$5$l$k7k2L$r>7$/$3$H$,2DG=$G$"$k!#$3$NLdBj(B
$B$K$h$j!"%/%C%-!<Fb$N>pJs$d!"%m!<%+%k$N%U%!%$%k$NFbMF$N3+<($r>7$/$3$H$,(B
$B2DG=$G$"$k!#(B

$B$3$NLdBj$O(B Internet Exolorer 5.5 $B$*$h$S(B 6.0 $B$K$*$$$FJs9p$5$l$F$$$k!#B>(B
$B$N%P!<%8%g%s$N(B Internet Explorer $B$b$3$NLdBj$rF1MM$KJz$($F$$$k$H?d;!$5$l(B
$B$k$,!"$7$+$7!"$3$l$K$D$$$F$OL$8!>Z$G$"$k!#(B

3. Microsoft BackOffice Server Web Administration Authentication Bypass Vulnerability
BugTraq ID: 4528
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 17 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4528
$B$^$H$a(B:

Microsoft BackOffice $B@=IJ%7%j!<%:$K$O(B IIS $B>e$GF0:n$9$k!"(BASP $B$rMxMQ$7$F(B
$BAH$_N)$F$i$l$?!"4IM}MQ$N(B Web $B%$%s%?%U%'!<%9$rHw$($k%"%W%j%1!<%7%g%s$,F1(B
$B:-$5$l$F$$$k!#(BBackOffice Server $B$N(B BackOffice Web Administrator $B%3%s%]!<(B
$B%M%s%H$OL$G'>Z$N%f!<%6$,G'>Z$r2sHr2DG=$H$J$k!"@_7W$N8m$j$rJz$($F$$$k!#(B

$B$3$l$O(B services.asp (Boadmin/Backoffice/Services.asp) $B$XD>@\(B HTTP $B%j%/(B
$B%(%9%H$rM?$($k$3$H$G<B9T2DG=$G$"$k!#4IM}<TMQ%Z!<%8$K%"%/%;%9$9$k$?$a$K(B
$B$O2?$iG'>ZMQ>pJs$OI,MW$J$/!"$3$N$h$&$J(B HTTP $B%j%/%(%9%H$O%m%0%$%s2hLL$r(B
$B2sHr$5$;$F$7$^$&!#(B

$B$3$NLdBj$O4pK\G'>Z$,MxMQ$5$l$F$$$k>l9g$K$N$_@8$8$kE@$ON10U$5$l$k$Y$-$G(B
$B$"$k!#$^$?!"%G%U%)%k%H>uBV$K$D$$$F$5$i$K<($9$J$i$P!"(BBackOffice Web
Administrator $B$O(B localhost (127.0.0.1) $B$+$i$N$_$N%3%M%/%7%g%s$r<u$1F~$l(B
$B$k$h$&$K@_Dj$5$l$F$$$k!#$7$+$7!"%j%b!<%H$+$i4IM}MQ%$%s%?%U%'!<%9$,MxMQ(B
$B$G$-$k$h$&$K$9$k$?$a$K!"4IM}<T$,$3$N@_Dj$rJQ99$7$F$7$^$C$F$$$k;vNc$O$h(B
$B$/8+$i$l$k;vJA$G$"$k!#(B

4. WebTrends Reporting Center GET Request Buffer Overflow Vulnerability
BugTraq ID: 4531
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 17 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4531
$B$^$H$a(B:

WebTrends Reporting Center $B$OJ#?t$N(B Web $B%5!<%P4D6-$NMxMQ>u67$rAH?%N)$C(B
$B$?9=@.$KJB$YBX$(!"I=<($9$k$?$a$KMxMQ$5$l$k%=%U%H%&%'%"$G$"$k!#(B
Reporting Center $B$O(B Windows NT $B$H(B Windows 2000$B!"(BLinux $B$H(B Solaris $B8~$1(B
$B%P!<%8%g%s$,MxMQ2DG=$G$"$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B WebTrends Reporting Center $B$K$OLdBj$,Js9p$5$l$F(B
$B$$$k!#Hs>o$KD9$$(B GET $B%j%/%(%9%H$,%5!<%P$KM?$($i$l$?:]!"%a%b%j%P%C%U%!$N(B
$B%*!<%P!<%U%m!<$,@8$8$k$N$G$"$k!#$3$NLdBj$rMxMQ$9$k967b$OG$0U$N%3!<%I$N(B
SYSTEM $B8"8B$G$N<B9T$r>7$/2DG=@-$,$"$k!#$G$?$i$a$J%G!<%?$r%5!<%P$KM?$($?(B
$B>l9g$K$O!"7k2L$H$7$F(B DoS $B>uBV$K4Y$i$;$F$7$^$&%5!<%P$N%/%i%C%7%e$r0z$-5/(B
$B$3$92DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$OG'>Z:Q$_$N%f!<%6$K$h$C$F$N$_<B9T2DG=$G$"$k!#(B
$B$7$+$7!"F?L>%"%+%&%s%H$NG'>Z$bF1MM$KM-8z$G$"$j!"(BWebTrends $B$K$h$C$F@8@.(B
$B$5$l$?$$$+$J$k8x3+%l%]!<%H$G$"$C$F$b!"967b$NBP>]$H$7$F0LCVIU$1$i$l$F$$(B
$B$k2DG=@-$,$"$k$3$H$r0UL#$7$F$$$k!#(B

$B$3$NLdBj$O(B WebTrend Reporting Center $B$N(B Windows $BHG$KB8:_$9$k$3$H$N$_$,(B
$B8!>Z$5$l$F$$$k!#(B

5. Microsoft Internet Explorer Dialog Same Origin Policy Bypass Vulnerability
BugTraq ID: 4527
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4527
$B$^$H$a(B:

Internet Explorer $B$K$h$C$F!"(BshowModalDialog $B$H(B showModelessDialog $B4X?t(B
$B$KBP$7$FE,MQ$5$l$F$$$k85!9@_Dj$5$l$F$$$k%]%j%7$r!"2sHr$9$k$3$H$,2DG=$J(B
$BLdBj$,B8:_$9$k!#$$$/$D$+$N>u67$K$*$$$F!"=EMW$J%3%s%F%-%9%H$G%9%/%j%W%H(B
$B<B9T$5$;$k$3$H$,2DG=$K$J$k$3$H$,?d;!$5$l$k!#(B

Microsoft Internet Explorer $B$K$O%@%$%"%m!<%0%&%$%s%I%&$rMxMQ2DG=$K$9$k(B
$B5!G=$,!"(BshowModalDialog $B$H(B showModelessDialog $B$N(B 2 $B$D$N4X?t$r2p$7$FDs6!(B
$B$5$l$F$$$k!#$3$l$i$N4X?t$O%@%$%"%m!<%0$NFbMF$KMxMQ$5$l$k(B URL $B$G<($5$l$k(B
$B>l=j$r<u$1F~$l!"$^$?!"4X?t$N8F$S85$N%Z!<%8$+$i%@%$%"%m!<%0$K%G!<%?$r0z(B
$B$-EO$;$k$h$&$K$9$k$?$a$N%Q%i%a!<%?0zEO$7%*%W%7%g%s$rHw$($F$$$k!#(B

$B0z$-EO$5$l$k%G!<%?$,8F$S=P$785$N%Z!<%8$HF10l$N%I%a%$%s$G$"$j!"$+$D!"$=$N(B
$B%Z!<%8$,MxMQ$7$F$$$k%]!<%HHV9f$d%W%m%H%3%k$G$"$k>uBV$G$N$_0z$-EO$5$l$k$3(B
$B$H$r3NG'$9$k$?$a$N=hM}$,@.$5$l$F$$$k!#$3$N5!G=$O0-0U$"$k?MJ*$K$h$kG$0U$N(B
$B%@%$%"%m!<%0$X$NFbMF$NCmF~$rKI;_$7$F$$$k!#$7$+$7!"%@%$%"%m!<%0$N85$K$J$k(B
$B%Z!<%8$H$7$F;XDj$5$l$?(B URL $B$,JL$NBh(B 2 $B$N>l=j$X%j%@%$%l%/%H$r9T$C$F$$$k>l(B
$B9g!":G=i$K;XDj$5$l$?(B URL $B$N$_$,%;%-%e%j%F%#$K4X$9$kBEEv@-$N3NG'$r<u$1$k(B
$B$N$G$"$k!#(B

$B$3$N7k2L!"0-0U$"$k?MJ*$OBEEv@-$N3NG'$rDL2a$7F@$k(B URL $B$r4^$`%@%$%"%m!<%0(B
$B$r3+$+$;!"G$0U$N%U%!%$%k$X%@%$%"%m!<%0$r%j%@%$%l%/%H$G$-F@$k2DG=@-$,$"(B
$B$k!#BEEv@-$N3NG'=hM}$O:G=i$K;XDj$5$l$?>l=j$KBP$7$FH=CG$r9T$&$?$a!"=hM}(B
$B$O$=$N$^$^DL2a$5$l!"967b<T$,;XDj$7$?%G!<%?$,Bh(B 2 $B$N%@%$%"%m!<%0$K0z$-EO(B
$B$5$l$k7k2L$H$J$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$N1F6AHO0O$O967bBP>]$H$J$C$?%@%$%"%m!<%0$N5!G=$K(B
$BHs>o$K0MB8$7$F$$$k!#$3$NLdBj$O>pJs$NGK2u$d%=!<%7%c%k%(%s%8%K%"%j%s%0$r(B
$BMQ$$$k967b$r>7$/2DG=@-$,$"$k<oN`$NLdBj$G$"$k!#(B

Internet Explorer 5.0$B!"(B5.5$B!"(B6.0 $B$N%G%U%)%k%H@_Dj>uBV$K$*$$$F!"%@%$%"%m!<(B
$B%0$K%9%/%j%W%H$rCmF~2DG=$G$"$k$H$N>ZL@$,4{$K<($5$l$F$$$k!#$3$NLdBj$OG$(B
$B0U$N%9%/%j%W%H$r%m!<%+%k%3%s%T%e!<%?$N8"8B$G<B9T$9$k$?$a$KMxMQ$9$k$3$H(B
$B$,2DG=$G$"$k!#(B

6. Microsoft Windows 2000 Lanman Denial of Service Vulnerability
BugTraq ID: 4532
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 17 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4532
$B$^$H$a(B:

$B%7%9%F%`Fb$N%5!<%S%9$r(B DoS $B>uBV$K4Y$i$;$k$3$H$,2DG=$JLdBj$,(B Windows 2000
$B$K$*$$$FH/8+$5$l$F$$$k!#(B

$B%]!<%HHV9f(B 445 $BHV$X0-0U$"$k%G!<%?$rM?$($k$3$H$K$h$j!"(BLanman $B%5!<%S%9$K(B
CPU $B=hM}N($H%+!<%M%k%a%b%j$NMxMQN($NKX$I$r;H$$?T$/$5$;$F$7$^$&$3$H$,2D(B
$BG=$J$N$G$"$k!#(B

$BDL>oF0:n$X$NI|5l$K$"$?$C$F$O%5!<%P$N:F5/F0$,I,MW$G$"$k!#$7$+$7!"Js9p$K(B
$B$h$k$H!"KX$I$N>u67$K$*$$$F$O4IM}<T$K(B "You do not have permissions
to shutdown or restart this computer." $B$H8@$&%(%i!<%a%C%;!<%8$,I=<($5$l(B
$B$k>l9g$,$"$k$3$H$,<($5$l$F$$$k!#(B

7. Sambar Server Script Source Disclosure Vulnerability
BugTraq ID: 4533
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 17 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4533
$B$^$H$a(B:

Sambar Server $B$K$O%f!<%6$,%9%/%j%W%H$N%=!<%9$r3+<(2DG=$G$"$kLdBj$,H/8+(B
$B$5$l$F$$$k!#(B

$B4{CN$N%9%/%j%W%H%U%!%$%k$X%9%Z!<%9$H%L%k(B (%00) $B$HH<$&$h$&$J(B HTTP $B%j%/%((B
$B%9%H$r9T$&$3$H$G!"%5!<%PB&$G$N(B URL $B$N2r<a$r2sHr$5$;$k$3$H$,@.8y$7$F$7$^(B
$B$&!#(B

$BNc(B:
http://target/cgi-bin/file.jsp_%00

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"FC8"$r;}$D%Z!<%8Fb$K4^$^$l$k=EMW(B
$B$J>pJs$,3+<($5$l$k7k2L$r>7$/$3$H$,2DG=$G$"$k!#$3$N:]F@$i$l$k>pJs$O!"$5(B
$B$i$J$k!V5;9*$r6E$i$7$?!W967b$NJd=u<jCJ$H$J$jF@$k2DG=@-$,$"$k!#$^$?!"$D(B
$B$12C$($k$J$i$P!"%5!<%PB&$G$N(B URL $B$N2r<a5!G=$,2sHr$5$l$k$3$H$K$h$j!"967b(B
$BBP>]$N%3%s%T%e!<%?$X$N$5$i$J$k967b$,2DG=$K$J$k!#(B

8. AOLServer Developer API Ns_PdLog() Format String Vulnerability
BugTraq ID: 4535
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 17 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4535
$B$^$H$a(B:

AOLServer $B$O(B AOL $B$H%*!<%W%s%=!<%9$K$h$k3+H/<T%3%_%e%K%F%#$N6&F1:n6H$K$h$C(B
$B$FJ]<i$5$l$F$$$k!"%*!<%W%s%=!<%9$G$"$j!"%U%j!<$KMxMQ2DG=$J(B HTTP $B%5!<%P(B
$B$G$"$k!#$3$N%=%U%H%&%'%"$O(B TCP $B$N2r<a$dF0E*$J(B Web $B%3%s%F%s%D$N<h$j07$$(B
$B$J$I$N5!G=$rHw$($F$$$k!#(B

AOLServer $B$GDs6!$5$l$F$$$k30It%G!<%?%Y!<%9%I%i%$%P$N%W%m%-%7%G!<%b%sMQ(B
API $B$K=q<0;XDj;R$rMxMQ$9$k967b$N1F6A$,5Z$VLdBj$,Js9p$5$l$F$$$k!#(B
$B$3$N%=%U%H%&%'%"%Q%C%1!<%8$N0lIt$K4^$^$l$k(B Ns_PdLog() $B4X?t$O30It%G!<%?(B
$B$r(B syslog() $B4X?t$X=q<0;XDj;RIU$-$G0z$-EO$9$N$G$"$k!#(B

$B$3$N7k2L!"$3$N%i%$%V%i%j$rMxMQ$7$F3+H/$5$l$?%=%U%H%&%'%"$O!"%f!<%6$K$h$C(B
$B$FM?$($i$l$?%G!<%?$,(B Ns_PdLog() $B4X?t$K0z$-EO$5$l$k$3$H$,A[Dj$5$lF@$k>l(B
$B9g!"=q<0;XDj;R$rMxMQ$9$k967b$N1F6A$,5Z$VLdBj$rJz$($k$3$H$,?d;!$5$l$k!#(B
$B$3$NLdBj$rMxMQ$9967b$K$h$j!"G$0U$N%3!<%I$N<B9T$r0z$-5/$3$9$3$H$,2DG=$G(B
$B$"$k!#(B

9. MPE/iX Malformed IP Packet Denial of Service Vulnerability
BugTraq ID: 4536
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4536
$B$^$H$a(B:

HP $B$O(B HP MPE/iX $B$K$*$$$F!"%j%b!<%H$+$i967b$KMxMQ2DG=$JLdBj$,B8:_$7$F$$(B
$B$k$3$H$rH/I=$7$?!#(B

$BJs9p$K$h$k$H!"0-0U$"$k(B IP $B%Q%1%C%H$K$h$j%7%9%F%`Dd;_$r>7$/$3$H$,2DG=$G(B
$B$"$k!#4IM}<T$K$h$C$F:F5/F0$,9T$o$l$k$^$G!"5!G=$OI|5l$7$J$$$H?d;!$5$l$k!#(B
$B0-0U$"$k%Q%1%C%H$N<oN`$K$D$$$F$OL$>\$G$"$k$,!"$$$+$J$k%j%b!<%H$N967b<T(B
$B$G$"$C$F$b$3$N<o$N%Q%1%C%H$rAH$_N)$F$i$l$k2DG=@-$,$"$j!"967bBP>]$N%3%s(B
$B%T%e!<%?$XAw?.$9$k2DG=@-$,$"$k$H?d;!$5$l$k!#(B

$B$3$N<o$N%Q%1%C%H$NE>Aw;~$K$*$$$F!"$3$NAuCV$O5!G=Dd;_$K@hN)$A!"(B'SA1457
out of i_port_timeout.fix_up_message_frame' $B$H$N%(%i!<%a%C%;!<%8$rI=<((B
$B$9$k!#(B

10. Pipermail/Mailman Insecure Archives Permissions Vulnerability
BugTraq ID: 4538
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4538
$B$^$H$a(B:

Pipermail $B$O%a!<%j%s%0%j%9%H$N%"!<%+%$%V$r:n@.$9$k%=%U%H%&%'%"$G$"$j!"(B
$B8=:_4{$KJ]<i$O9T$o$l$F$$$J$$!#?7$7$$%P!<%8%g%s$N(B Pipermail $B$O%a!<%j%s%0(B
$B%j%9%H4IM}MQ%=%U%H!"(BMailman $B$KF1:-$5$l$F$$$k!#$3$l$i$N%W%m%0%i%`$O$$$:(B
$B$l$bMM!9$J(B UNIX $B$d(B Linux $B$GF0:n$9$k!#(B

$B%a!<%j%s%0%j%9%H%"!<%+%$%V$r5-O?$9$k%U%!%$%k$O!"%G%U%)%k%H>uBV$G$$$+$J(B
$B$k%f!<%6$G$"$C$F$b<B9T2DG=$J%Q!<%_%C%7%g%s$,@_Dj$5$l$F$$$k!#$3$N$?$a!"(B
$B%m!<%+%k$N967b<T$O$3$l$i%U%!%$%k$N%;%-%e%"$G$O$J$$%Q!<%_%C%7%g%s$K$h$j!"(B
Pipermail ($B$*$h$S(B Mailman) $B$K$h$C$F%"!<%+%$%V2=$5$l$?%a!<%j%s%0%j%9%H$K(B
$BN.$l$?EE;R%a!<%k$rFI$_=P$72DG=$K$J$k$H?d;!$5$l$k!#$3$NLdBj$rMxMQ$9$k96(B
$B7b$r9T$&$?$a$K$O!"967b<T$O%m!<%+%k$N%U%!%$%k%7%9%F%`Fb$N%"!<%+%$%V%U%!(B
$B%$%k$N3JG<>l=j$rM=B,$G$-F@$kI,MW$,$"$k!#(B

$B$^$?!"$3$N%W%m%0%i%`$N@_7W$K$h$j!"@5Ev$J%f!<%6$K$h$C$F%"!<%+%$%VMQ$N%U%!(B
$B%$%k$,FI$_=P$5$l$k>l9g$K$O!"$$$+$J$k%f!<%6$G$"$C$F$b<B9T2DG=$J%Q!<%_%C(B
$B%7%g%s$,@_Dj$5$l$F$$$J$1$l$P$J$i$J$$!#(B

$B$3$N;EMM$O%"!<%+%$%V$,;dE*$KMxMQ$5$l$k%a!<%j%s%0%j%9%H$G$"$k>l9g$G$N$_!"(B
$B%;%-%e%j%F%#>e$N7|G0;v9`$H$J$k!#(B

11. PVote Unauthorized Administrative Password Change Vulnerability
BugTraq ID: 4541
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4541
$B$^$H$a(B:

PVote $B$O(B Web $B$rMxMQ$9$kEjI<%7%9%F%`$G$"$j!"(BPHP $B8@8l$rMxMQ$7$F3+H/$5$l$F(B
$B$$$k!#$3$N%=%U%H%&%'%"$OMM!9$J(B UNIX $B$H(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft
Windows $B$K$*$$$F$bF0:n$9$k!#(B

$B0-0U$"$k(B HTTP $B%j%/%(%9%H$rM?$($k$3$H$K$h$j!"4IM}MQ%Q%9%o!<%I$NJQ99$r9T(B
$B$&$3$H$,2DG=$G$"$k!#967b<T$,%Q%9%o!<%I$r?7$7$$$b$N$KJQ99$9$k$?$a$K$O!"(B
$B8E$$%Q%9%o!<%I$O5a$a$i$l$J$$!#$3$N967b$r9T$&$?$a$N0-0U$"$k(B HTTP $B%j%/%((B
$B%9%H$O0J2<$N$H$*$j$G$"$k!#(B

http://target/pvote/ch_info.php?newpass=password&confirm=password

ch_info.php $B%9%/%j%W%H$O967b<T$K$h$C$FJQ?t(B newpass $B$XM?$($i$l$?G$0U$NCM(B
$B$r<u$1IU$1!"$$$+$J$k<oN`$NG'>Z$rI,MW4s$;$:$KCM$r@_Dj$7$F$7$^$&$N$G$"$k!#(B

12. PVote Poll Content Manipulation Vulnerability
BugTraq ID: 4540
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4540
$B$^$H$a(B:

PVote $B$O(B Web $B$rMxMQ$9$kEjI<%7%9%F%`$G$"$j!"(BPHP $B8@8l$rMxMQ$7$F3+H/$5$l$F(B
$B$$$k!#$3$N%=%U%H%&%'%"$OMM!9$J(B UNIX $B$H(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft
Windows $B$K$*$$$F$bF0:n$9$k!#(B

$B%j%b!<%H$N967b<T$O(B URL $BFb$N%Q%i%a!<%?$NCM$rA`:n$9$k$3$H$K$h$j!"(BWeb $B$r2p(B
$B$9$kEjI<$rDI2C!"$"$k$$$O!":o=|$9$k$3$H$,2DG=$G$"$k!#967b<T$,$3$N<o$N9T(B
$B0Y$r4k$F$k$?$a$K$O$J$s$iG'>ZMQ>pJs$O5a$a$i$l$J$$!#$3$NLdBj$K$h$j!"%j%b!<(B
$B%H$N967b<T$OEjI<%7%9%F%`$,2TF0$7$F$$$k(B Web $B%5%$%HFb$K$"$k!"(BWeb $B%3%s%F%s(B
$B%D$N$$$/$D$+$r2~JQ$G$-$k$h$&$K$J$k2DG=@-$,$"$k!#(B

13. ColdFusion DOS Device File Request System Information Disclosure Vulnerability
BugTraq ID: 4542
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4542
$B$^$H$a(B:

Allaire Macromedia ColdFusion $B$O(B Web $B%"%W%j%1!<%7%g%s$N%5!<%P%W%m%0%i%`(B
$B$G$"$k!#:#2sH/8+$5$l$?LdBj$O!"(BMicrosoft Windows $B>e$GF0:n$9$k(B ColdFusion
$B$K1F6A$r5Z$\$9!#(B

$BFCDj$N!"B8:_$7$F$$$J$$(B .cfm $B$"$k$$$O(B .dbm $B$r3HD%;R$H$7$F;}$D%U%!%$%k$K(B
$BBP$9$k(B HTTP $B%j%/%(%9%H$r9T$&$3$H$K$h$j!"(BColdFusion $B$rMxMQ$9$k%3%s%T%e!<(B
$B%?$O(B Web $BMQ$N8x3+J8=qMQ$N%G%#%l%/%H%j$N%Q%9$r4^$`%(%i!<%a%C%;!<%8$rJV$7(B
$B$F$7$^$&$N$G$"$k!#$3$NLdBj$O(B .cfm $B$+(B .dbm $B$N3HD%;R$r$D$1$?(B MS-DOS $BM3Mh(B
$B$N%G%P%$%9L>(B (CON$B!"(BAUX$B!"(BPRN$B!"(BNUL) $B$X$N(B HTTP $B%j%/%(%9%H$r9T$&:]$K$b@8$8(B
$B$k$3$H$,CN$i$l$F$$$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b<T$K%7%9%F%`$N@_Dj>uBV$K4X$9(B
$B$k=EMW$J>pJs$r3+<($7$F$7$^$$!"$5$i$J$k$h$jCN<1$rMxMQ$9$k967b$NJd=u<jCJ(B
$B$H$J$jF@$k2DG=@-$,$"$k!#(B

14. FreeBSD Routing Table ICMP Echo Reply Denial Of Service Vulnerability
BugTraq ID: 4539
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4539
$B$^$H$a(B:

FreeBSD $B$O(B Berkeley Software Distribution $B$N:G=i$NG[I[85$KM3Mh$9$k!"%U(B
$B%j!<$G8x3+$5$l!"%*!<%W%s%=!<%9$H$7$FMxMQ2DG=$J(B OS $B$G$"$k!#(BFreeBSD $B$O(B
FreeBSD $B%W%m%8%'%/%H$K$h$C$FJ]<i!"3+H/$,9T$o$l$F$$$k!#(B

FreeBSD $B$K$O%j%b!<%H%f!<%6$,LdBj$rJz$($k%3%s%T%e!<%?$rDd;_$5$;$k$3$H$,(B
$B2DG=$JLdBj$,B8:_$9$k!#$3$NLdBj$O$$$/$D$+$N<oN`$N%M%C%H%o!<%/%H%i%U%#%C(B
$B%/$N<h$j07$$$KM3Mh$9$k!#(B

FreeBSD $B$OJL$N%[%9%H$H$N%3%M%/%7%g%s$r:G=i$K3+;O$9$k:]!"@\B3@h%[%9%H$X(B
$B$N%k!<%H%(%s%H%j$,%+!<%M%kFb$N%k!<%F%#%s%0%F!<%V%k$KDI2C$5$l$k!#%k!<%F%#(B
$B%s%0%F!<%V%kFb$G!"IU$12C$($i$l$?%k!<%H$OB8:_$9$k@\B3@h%[%9%H$X$N%3%M%/(B
$B%7%g%s$,$b$O$dB8:_$7$F$$$J$/$J$k$^$GJ];}$5$l!"$=$N;~E@$G%(%s%H%j$O%k!<(B
$B%F%#%s%0%F!<%V%k$+$i:o=|$5$l$k!#(B

$B$7$+$7!"$$$/$D$+$N>u672<$K$*$$$F!"(BFreeBSD $B$rDd;_$5$;$k$3$H$,2DG=$J$N$G(B
$B$"$k!#(BICMP echo reply $B$,LdBj$rJz$($k%3%s%T%e!<%?$KAw$i$l$k:]!"(BICMP $B$K4X(B
$B$9$k%H%i%U%#%C%/$,=*N;$7$?8e$b$J$*!"IU$12C$($i$l$?%k!<%H$r2p$9$k!"8=:_(B
$B@\B3Cf$N%3%M%/%7%g%s$rH<$&%[%9%H?t$N;2>H?t$O8:$i$5$l$J$$$^$^$J$N$G$"$k!#(B
$B$3$N:]%k!<%F%#%s%0%F!<%V%k$N%(%s%H%j$K3d$jEv$F$i$l$?%a%b%j$,2rJ|$5$l$k(B
$B$3$H$O$J$$!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H%f!<%6$OLdBj$rJz$($k%3%s%T%e!<%?Fb$N%a%b%j;q8;(B
$B$r;H$$?T$/$5$;$k$3$H$,2DG=$G$"$j!"7k2L$H$7$F(B DoS $B$K4Y$i$;$k$3$H$,2DG=$G(B
$B$"$k!#(B

15. Compaq Tru64 C Library Buffer Overflow Vulnerability
BugTraq ID: 4544
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4544
$B$^$H$a(B:

Compaq $B$O(B Tru64 $B$N(B C $B%i%$%V%i%j$K%P%C%U%!%*!<%P!<%U%m!<$r@8$8$kLdBj$,B8(B
$B:_$7$F$$$k$3$H$r8x3+$7$?!#%P%C%U%!%*!<%P!<%U%m!<$,@8$8$k>u67$O!"(BLANG
$B$*$h$S(B LOCPATH $B4D6-JQ?t$NCM$N<h$j07$$$K4X78$7$F$$$k!#%P%C%U%!%*!<%P!<%U(B
$B%m!<$OHs>o$KD9$$(B LOCPATH $B$H(B LANG $B4D6-JQ?t$NCM$K$h$C$F0z$-5/$3$5$l$k2DG=(B
$B@-$,$"$k!#(B

$B<B:]$K@8$8$?;vNc$K$D$$$F$OL$>\$G$"$k$,!"$3$NLdBj$O%9%?%C%/$KM3Mh$9$k%*!<(B
$B%P!<%U%m!<$G$"$k$H9M$($i$l$F$$$k!#(BC $B%i%$%V%i%jFb$K%*!<%P!<%U%m!<$,@8$8(B
$B$k$?$a!"F10l%7%9%F%`>e$NKX$IA4$F$N%P%$%J%j7A<0$N%W%m%0%i%`$,LdBj$N1F6A(B
$B$,5Z$V2DG=@-$,$"$k!#967b<T$K$h$j!"E57?E*$K$"$jF@$k$HA[Dj$5$l$k!"$3$NLd(B
$BBj$rMxMQ$9$k967b<jCJ$O%m!<%+%k$+$i!"(Bsetuid $B$"$k$$$O(B setgid $B%S%C%H$r@_Dj(B
$B$7$?%"%W%j%1!<%7%g%s$KBP$7$F4k$F$i$l$k$H9M$($i$l$k!#$3$NLdBj$rMxMQ$9$k(B
$B967b$,@.8y$7$?>l9g!"967b<T$O$h$j>:3J$5$l$?8"8B$rF~<j2DG=$G$"$k!#(B

$B$3$NLdBj$O(B telnet $B$r2p$7$F%j%b!<%H$+$i$b967b2DG=$G$"$k!#(Btelnet $B%W%m%H%3(B
$B%k$K$O%/%i%$%"%s%H$+$i%5!<%P$X4D6-JQ?t$NCM$rE>Aw$9$k5!9=$rHw$($F$*$j!"(B
$B$3$N5!9=$rMxMQ$9$k967b$O2DG=$G$"$k$H9M$($i$l$F$$$k!#$7$+$7!"%j%b!<%H$+(B
$B$i$3$NLdBj$rMxMQ$9$k967b$,<B9T$5$l$kDxEY$K4X$7$F$O8=;~E@$G$OL$8!>Z$G$"(B
$B$k!#$=$l$G$b$J$*!"$3$NLdBj$O(B telnet $B$r2p$7$F%j%b!<%H$+$i967b2DG=$G$"$k(B
$B$H9MN8$9$Y$-$G$"$k!#(B

16. Microsoft IIS CodeBrws.ASP File Extension Check Out By One Vulnerability
BugTraq ID: 4543
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4543
$B$^$H$a(B:

Microsoft IIS 5.0 $B$K$O%5%s%W%k%9%/%j%W%HMQ$N%G%#%l%/%H%j(B (/IISSAMPLES)
$BFb$NB>$N%9%/%j%W%H$N%=!<%9$r1\Mw$9$k$?$a$KMxMQ2DG=$J%5%s%W%k%9%/%j%W%H(B
$B$,F1:-$5$l$F$$$k!#(B

$B%5%s%W%kFb$N!"LdBj$rJz$($k%9%/%j%W%H(B (CodeBrws.asp) $B$O!"%f!<%6$+$iM?$((B
$B$i$l$?F~NOCM$K$D$$$F!";2>H@h$H$7$F;XDj$5$l$?%U%!%$%k$,(B .html$B!"(B.htm$B!"(B.asp$B!"(B
.inc $B$N$$$:$l$+$r3HD%;R$K;}$D%U%!%$%k$G$"$k$3$H$r3N$+$a$k$?$a$N3NG'=hM}(B
$B$r9T$C$F$$$k!#$3$N=hM}$O;XDj$5$l$?%U%!%$%k$N%Q%9$N:G8e$NJ8;zNs$N0lIt$r(B
$BBP>]$K$7$?3NG'$r9T$&$3$H$G<B9T$5$l$F$$$k!#(B

$B$7$+$7!"$3$N=hM}$K4X$9$k!V(B1$BJ8;z$:$l!W(B(an out by one) $B$K$h$kLdBj$,Js9p$5(B
$B$l$F$$$k!#3NG'BP>]$N%Q%9ItJ,$O;XDj$5$l$?ItJ,$h$j$bBg$-$JHO0O$,;XDj$5$l(B
$B$F$$$k$N$G$"$k!#$3$N7k2L!";XDj$5$l$?%U%!%$%k$N3HD%;R$K$O$5$i$KJ8;z$,IU(B
$B$12C$($i$l!"$J$*$bBEEv@-$N3NG'=hM}$r@5>o$KDL2a$7$F$7$^$&2DG=@-$,$"$k!#(B
$BNc$($P!"(B.NET $B%"!<%-%F%/%A%c$K$h$C$FMxMQ$5$l$k(B .aspx $B%U%!%$%k$b;2>H$G$-(B
$BF@$F$7$^$&2DG=@-$,$"$k!#$3$NLdBj$K$h$j!"967b<T$OK\Mh3+<($5$l$J$$$H9M$((B
$B$i$l$F$$$k%U%!%$%kFb$K5-O?$5$l$F$$$k=EMW$JLdBj$r3+<(2DG=$K$J$k$H?d;!$5(B
$B$l$k!#(B

BID 4525 $B$K<($5$l$F$$$kLdBj$H$3$NLdBj$,AH$_9g$o$5$l$F967b$KMxMQ$5$l$?(B
$B>l9g!"%5%s%W%k%9%/%j%W%H3JG<MQ%G%#%l%/%H%j$NHO0O30$K$"$k%U%!%$%k$NFbMF(B
$B$r3+<($9$k7k2L$r>7$/$H?d;!$5$l$k!#(B

17. MHonArc HTML Script Filter Bypass Vulnerability
BugTraq ID: 4546
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4546
$B$^$H$a(B:

MHonArc $B$O(B Perl $B8@8l$rMxMQ$7$F3+H/$5$l!"<+F0E*$KEE;R%a!<%k$r2r<a$7!"(BHTML
$B7A<0$N%"!<%+%$%V7A<0$KJQ49$9$k$h$&$K@_7W$5$l$?%W%m%0%i%`$G$"$k!#(BMHonArc
$B$K$O2r<a=hM}$NCf!"(BHTML $B7A<0$NEE;R%a!<%kFb$+$i4m81$J%?%0$r=|5n$9$k$?$a$K(B
$B@_7W$5$l$?%U%#%k%?%j%s%05!9=$rHw$(!"$^$?!"(BJavaScript $B$N:o=|5!9=$rHw$($F(B
$B$$$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B MHonArc $B$K$OLdBj$,B8:_$9$k!#0-0U$K$h$C$FAH$_N)$F(B
$B$i$l$?(B HTML $B7A<0$NEE;R%a!<%k$O!"$3$N%U%#%k%?%j%s%0=hM}$r2sHr$7!"%"!<%+(B
$B%$%VFb$K%9%/%j%W%H$H$7$F@5>o$KF0:n$9$kFbMF$rCmF~2DG=$G$"$k!#(B
$B$3$l$O0J2<$K<($9J}K!$NB>!"$$$/$D$+$NJ}K!$K$h$C$F<B9T2DG=$G$"$k!#(B

<SCR<SCRIPT></SCRIPT>IPT>alert(document.domain)</SCR<SCRIPT></SCRIPT>IPT>
<IMG SRC=javascript:alert(document.domain)> <B
foo=&{alert(document.domain)};>

$B$3$NLdBj$rMxMQ$9$k967b$K$h$j!"967b<T$K$h$C$FM?$($i$l$?%9%/%j%W%H$O(B MHonArc
$B$rMxMQ$7$F:n@.$5$l$?%"!<%+%$%V$rDs6!$9$k(B Web $B%5%$%H$HF13J$N%3%s%F%s%D$G(B
$B<B9T$5$l$k7k2L$r$b$?$i$9$H9M$($i$l$k!#(B

18. Symantec Norton Personal Firewall 2002 Fragmented Packet Vulnerability
BugTraq ID: 4545
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4545
$B$^$H$a(B:

Symantec Norton Personal Firewall 2002 (NPW) $B$O2HDmMQ!"$*$h$S>.5,LO4k6H(B
$B8~$1$K!"$$$/$D$+$N<oN`$N(B Microsoft Windows $B$GF0:n$9$k%U%!%$%d%&%)!<%k%=(B
$B%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%U%i%0%a%s%H2=$5$l$?%Q%1%C%H$K4X$9$k%U%#%k%?%j%s%0(B
$B$,==J,$K9T$o$l$J$$LdBj$,Js9p$5$l$F$$$k!#<h$jJ,$1!"%U%i%0%a%s%H2=$5$l$?(B
$B%Q%1%C%H$K$h$k(B DoS $B967b$,!"$3$N%=%U%H%&%'%"$K$h$C$FJ]8n$5$l$?%3%s%T%e!<(B
$B%?$KBP$7$FM-8z$G$"$kE@$,4{$KJs9p$5$l$F$$$k!#$3$NLdBj$O967bBP>]$N%3%s%T%e!<(B
$B%?$+$i967b85$N(B IP $B%"%I%l%9$,40A4$K%V%m%C%/$5$l$F$$$k>l9g$K$*$$$F$b@8$8(B
$B$k2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$O%U%i%0%a%s%H2=$5$l$?(B IP $B%Q%1%C%H$r%V%m%C%/$9$k(B
$B5!G=$,M-8z2=$5$l$F$$$k>l9g$K@8$8$k!#(B

$B$3$NLdBj$K$h$j!"B>$N%=%U%H%&%'%"$K$bLdBj$,B8:_$7$F$$$k>l9g$K!"J]8nBP>](B
$B$N%3%s%T%e!<%?$,967b$KGx$5$l$k7k2L$r$b$?$i$92DG=@-$,$"$k!#(B
$B8=;~E@$K$*$$$F$O!"$3$NLdBj$N>\:Y$K4X$9$k$5$i$J$k>pJs$O8x3+$5$l$F$$$J$$!#(B

$B$3$l$i$NLdBj$K4X$7$F$OL$8!>Z$G$"$k!#(B

19. SSH Restricted Shell Escaping Command Execution Vulnerability
BugTraq ID: 4547
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 18 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4547
$B$^$H$a(B:

SSH ($B$*$h$S$3$N@=IJ$+$iGI@8$7$?%=%U%H%&%'%"(B) $B$O(B Secure Shell $B%W%m%H%3%k(B
$B$N<BAu$G$"$k!#$3$N%=%U%H%&%'%"$OB?MM$J(B OS $B$GF0:n$9$k$,!"K\(B BID $B$G<($5$l(B
$B$kLdBj$O(B UNIX $B$d(B Linux $B$GF0:n$9$k%P!<%8%g%s$KBP$7$F1F6A$r5Z$\$9!#(B

$B$3$N%=%U%H%&%'%"%Q%C%1!<%8$,Jz$($kLdBj$K$h$j!"%j%b!<%H%f!<%6$OL$G'>Z$N(B
$B%W%m%0%i%`$N<B9T$,2DG=$K$J$k!#$3$NLdBj$O%3%^%s%I%i%$%s7PM3$N<B9TJ}K!$N(B
$B<h$j07$$It$KM3Mh$7$F$$$k!#(B

SSH $B$NB?$/$N%P!<%8%g%s$G$O!"0l=E0zMQId(B (') $B$G3g$C$?%3%^%s%IL>$rM?$($k$3(B
$B$H$K$h$j!"%j%b!<%H$+$i$N%3%^%s%I<B9T$,5v2D$5$l$F$7$^$&$N$G$"$k!#$3$NLd(B
$BBj$K$h$j!"%j%b!<%H%f!<%6$O967bBP>]$N%7%9%F%`>e$N%7%'%k$KD>@\%m%0%$%s$r(B
$B9T$o$J$$>l9g$G$"$C$F$b!"%3%^%s%I<B9T$,2DG=$H$J$k!#(B

$BJs9p$K$h$k$H%j%b!<%H%f!<%6$O!"$I$N$h$&$J%f!<%6$G$"$C$F$b=q$-9~$_2DG=$J(B
$B%G%#%l%/%H%j>e$K%U%!%$%k$rE>Aw$9$k$3$H$,2DG=$H$J$j!"$=$N%G%#%l%/%H%j$+(B
$B$i$N%3%^%s%I$N<B9T$,2DG=$H$J$k!#$=$N:]$K%f!<%6$K%9%/%j%W%H$rE>Aw$5$l!"(B
$BBP>]%7%9%F%`>e$NI8=`%7%'%k$X$N%"%/%;%9$,C%<h$5$l$k$?$a$K!"E>Aw$5$l$?%9(B
$B%/%j%W%H$,<B9T$5$l$k2DG=@-$,$"$k!#$3$NLdBj$K$h$j!"%f!<%6$K$h$kL5@)8B$N!"(B
$B$7$+$7$h$j9b$$8"8B$rH<$o$J$$;q8;$X$N%"%/%;%9$,0z$-5/$3$5$l$k!#(B

$B8=:_!"(BSecurityFocus $B$N%9%?%C%U$O(B OpenSSH $B$N%P!<%8%g%s(B 3.1p1 $B$G$3$NLdBj(B
$B$r:F8=$9$k$^$G$K$O;j$C$F$$$J$$!#(B

20. Oracle E-Business Suite 11i Unauthorized PL/SQL Procedure Access Vulnerability
BugTraq ID: 4551
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4551
$B$^$H$a(B:

Oracle $B$O(B Oracle E-Business $B%Q%C%1!<%8$N(B Oracle 11i $B$KLdBj$,B8:_$9$k$H(B
$BH/I=$7$?!#(B

$B$3$NLdBj$K$h$j!"%f!<%6$O(B Oracle Applications Database $BFb$GG'>Z$r9T$&$3$H(B
$B$J$/%W%m%7!<%8%c$r<B9T$G$-F@$F$7$^$&$N$G$"$k!#(BPL/SQL $B%W%m%7!<%8%c$OM=$a(B
$BDj5A:Q$_$+%f!<%6Dj5A$N$$$:$l$b<B9T$5$l$k2DG=@-$,$"$k!#$3$NLdBj$rMxMQ$9$k(B
$B967b$N7k2L$NH/8=>r7o$O!"967b$r9T$&$?$a$K$O%V%i%&%6$G$N(B URL $B$N2~JQ$N$_$r(B
$BI,MW$H$9$k$?$a$@$1$,I,MW>r7o$G$"$k$?$a!"%"%/%;%9$NBEEv@-$N3NG'$K4p$E$/%((B
$B%i!<$KM3Mh$9$k$H9M$($i$l$k!#(B

$B$3$l$O%G!<%?$NB;<:!"8"8B$N>:3J!"$=$NB>%;%-%e%j%F%#$K4X$9$kLdBj$J$I$N7k(B
$B2L$r>7$/2DG=@-$,$"$k!#$3$NLdBj$KBP$9$k=$@5$O(B Oracle $B$+$i4{$K8x3+$5$l$F(B
$B$$$k!#(B

21. XPilot Server Remote Buffer Overflow Vulnerability
BugTraq ID: 4534
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 17 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4534
$B$^$H$a(B:

XPilot $B$OJ#?tBP@o$,2DG=$J(B 2 $B<!856u4V%2!<%`$G$"$k!#$3$l$OB?$/$N(B Linux 
$B%G%#%9%H%j%S%e!<%7%g%s$GF0:n$9$k!#(B

XPilot $B%5!<%P$K$O%j%b!<%H$+$i967b$KMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$r0z(B
$B$-5/$3$9>r7o$,H/8+$5$l$?!#$3$l$O30It$+$iAw$i$l$?%G!<%?$N6-3&%A%'%C%/$,(B
$BIT==J,$J$?$a$K@8$8$k$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k%j%b!<%H$N967b<T$O!"%a%b%jFb$NNN0h$KG$0U$N%G!<%?$N>e(B
$B=q$-$r0z$-5/$3$92DG=@-$,$"$k!#$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$K(B XPilot
$B%5!<%P%W%m%;%9$N8"8B$GG$0U$NL?Na$r<B9T$5$l$F$7$^$&$3$H$,?d;!$5$l$k!#(B

22. IcrediBB Script Injection Vulnerability
BugTraq ID: 4548
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4548
$B$^$H$a(B:

IcrediBB $B$O%U%j!<$GF~<j2DG=$J!"(BWeb $B$rMxMQ$7$?EE;R7G<(HD5!G=$rDs6!$9$k%=(B
$B%U%H%&%'%"$G$"$k!#$3$N%=%U%H$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$F$*$j!"B?$/$N(B
UNIX $B$d(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows $B>e$G$bF0:n$9$k!#(B

IcrediBB $B$O%U%)!<%i%`%a%C%;!<%8$KMxMQ$5$l$k%U%)!<%`%U%#!<%k%I$X$NCM$+(B
$B$i!"(BHTML $B%?%0$r==J,$K%U%#%k%?%j%s%0$7$F$$$J$$LdBj$rJz$($F$$$k!#$3$N$?(B
$B$a!"967b<T$O0-0U$"$k%3!<%I$N%U%)!<%i%`$X$NEj9F$,2DG=$K$J$k$H?d;!$5$l$k!#(B
Web $B%V%i%&%6$rMQ$$!"%f!<%6$,967b<T$NCmF~$7$?%9%/%j%W%H$r4^$`%a%C%;!<%8(B
$B$r;2>H$7$?>l9g!"$3$NLdBj$rJz$($k%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5%$%H(B
$B$N%3%s%F%s%D$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G!"$=$N0-0U$"$k%9%/%j%W%H(B
$B$O%f!<%6$N%V%i%&%6$G<B9T$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$O(B Web $B%3%s%F%s%D$r>h$C<h$k!"$b$7$/$O%/%C%-!<(B
$B>pJs$rMxMQ$7$?G'>ZMQ>pJs$rC%<h2DG=$H$J$k$3$H$,?d;!$5$l$k!#(B

23. Foundstone FScan Banner Grabbing Format String Vulnerability
BugTraq ID: 4549
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4549
$B$^$H$a(B:

FScan $B$O(B Foundstone $B$K$h$C$FHNGd$*$h$SJ]<i$,$J$5$l$F$$$k!">&MQ@=IJ$H$7(B
$B$F;THN$5$l$F$$$k%M%C%H%o!<%/8!::%f!<%F%#%j%F%#$G$"$k!#K\(B BID $B$G<($5$l$k(B
$BLdBj$O!"(BMicrosoft Windows $B$GF0:n$9$k%P!<%8%g%s$,1F6A$r<u$1$k!#(B

$B$3$N%=%U%H%&%'%"%Q%C%1!<%8$,Jz$($kLdBj$K$h$j!"%j%b!<%H$+$iLdBj$rJz$($k(B
$B%=%U%H%&%'%"$r<B9T$5$;$F$$$k%[%9%H>e$G%3!<%I$N<B9T$,2DG=$H$J$k!#$3$NLd(B
$BBj$O%=%U%H%&%'%"$N%P%J!<<hF@$N5!G=$KM3Mh$9$k!#(B

$B$$$/$D$+$N>u672<$G$O!"%9%-%c%s85$N%[%9%H>e$GG$0U$N%3!<%I$r<B9T$5$l$k2D(B
$BG=@-$,$"$k!#$3$l$O%9%-%c%J$,:FEY8!::BP>]$r%9%-%c%s$9$k:]$K!"%9%-%c%s$5(B
$B$l$?%[%9%H$+$iAw$j$D$1$i$l$?%P%J!<$N%G!<%?$r(B FScan $B$,E,@Z$K=hM}$7$J$$(B
$B$N$G$"$k!#$3$NLdBj$O7k2L$H$7$F=q<0;XDj;R$N<h$j07$$$KM3Mh$9$kLdBj$r>7$-!"(B
$B%a%b%jFb$NG$0U$NNN0h$X$N>e=q$-$,2DG=$K$J$k7k2L$r>7$-!"967b<T$,Aw$j$D$1(B
$B$?%3!<%I$N<B9T$,2DG=$H$J$k!#(B

$B$3$NLdBj$O(B FScan $B%=%U%H%&%'%"$,%9%-%c%s$7$?%[%9%H$+$i%P%J!<$r<hF@$9$k(B
$B@_Dj$G$"$k>l9g$N$_!"$3$NLdBj$,<B9T$5$l$k2DG=@-$,$"$k!#967b<T$O(B FScan 
$B$G%9%-%c%s$5$l$k$HA[Dj$5$l$k%[%9%H$N%P%J!<%G!<%?Fb$K!"<B9T$9$kJ8;zNs$r(B
$BCmF~$7$F$*$/I,MW$,$"$k!#$3$NLdBj$rMxMQ$9$k967b$N7k2L!"(BFoundScan $B%W%m%0(B
$B%i%`$,2TF0$9$k%f!<%6$N8"8B$G%3!<%I$O<B9T$5$l$k!#(B

24. WorkforceROI XPede Unprotected Administrative Facilities Vulnerability
BugTraq ID: 4552
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4552
$B$^$H$a(B:

XPede $B$O(B Web $B$rMxMQ$7$?%W%m%8%'%/%H%"%+%&%s%F%#%s%0%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H$O(B Micfosoft Windows $B$GF0:n$9$k!#(B

$B4IM}<T8"8B$N%9%/%j%W%H$X%"%/%;%9$r;n$_$k>l9g!"(BXPede $B$O4IM}<T$G$O$J$$%f(B
$B!<%6$KBP$7$F4IM}MQ$NG'>ZMQ>pJs$r5a$a$J$$$N$G$"$k!#$3$N$?$a!"0-0U$"$k(B 
XPede $B$N%f!<%6$,!"%=%U%H%&%'%"$N4IM}5!G=$X$NG'>Z$rH<$o$J$$%"%/%;%9$r9T(B
$B$&$?$a$K!"$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#Nc$($P!"0-0U$"$k%f!<%6$,(B 
XPede $B%W%m%8%'%/%H%"%+%&%s%F%#%s%0%7%9%F%`$NB>$N%f!<%6$KBP$7$FNs5s!"DI(B
$B2C!":o=|$N$$$:$l$+$r9T$&$?$a$K!"(B/admin/adminproc.asp $B$X$N%"%/%;%9$r4k(B
$B$F$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$,@.8y$9$k$?$a$K$O!"967b<T$O4IM}<T8"8B$N%9%/%j%W(B
$B%H$N%U%!%$%kL>$d3JG<>l=j$rM=$aCN$C$F$*$/$3$H$,I,MW$H$J$k!#(B

$B$3$NLdBj$O(B XPede 4.1 $B$GH/8+$5$l$?!#$=$NB>$N%P!<%8%g%s$K$*$$$F$b1F6A$r(B
$B<u$1$k2DG=@-$,$"$k!#(B

25. XPede DataSource.ASP Information Disclosure Vulnerability
BugTraq ID: 4553
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4553
$B$^$H$a(B:

XPede $B$O(B Web $B$rMxMQ$7$?%W%m%8%'%/%H%"%+%&%s%F%#%s%0%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H$O(B Micfosoft Windows $B$GF0:n$9$k!#(B

XPede $B$O%G!<%?$r3JG<$9$k$?$a$K(B Microsoft SQL Server $B$rMxMQ$7$F$$$k!#(B

XPede $B$N(B datasource.asp $B%9%/%j%W%H$O%G!<%?%Y!<%9MQ$N%f!<%6L>$r4^$s$@(B
HTML $B%U%)!<%`$r2p$7$F%f!<%6$+$i%"%/%;%9$5$l$k!#$3$N%9%/%j%W%H$O$$$:$l(B
$B$+$NG'>Z$rI,MW$H$;$:$K!"$$$+$J$k(B Web $B%f!<%6$K$h$C$F$b%"%/%;%9$5$l$F$7(B
$B$^$&2DG=@-$,$"$k!#(B

$BIU$12C$($k$J$i$P!"$=$N%9%/%j%W%H$O%f!<%6$N%Q%9%o!<%IJQ99$N$?$a$N%$%s%?(B
$B%U%'!<%9$rDs6!$9$k!#%Q%9%o!<%I$rJQ99$9$k$K$O!"8=:_$N%Q%9%o!<%I$rM?$($i(B
$B$l$M$P$J$i$J$$!#$7$+$7!"$3$N%$%s%?%U%'!<%9$O8x3+$5$l!"$=$N$3$H$G%G!<%?(B
$B%Y!<%9$K$*$1$k%f!<%6L>$b$^$?8x3+$5$l$k$?$a!"$3$l$O967b<T$K%G!<%?%Y!<%9(B
$B%f!<%6$KBP$7$F$N%Q%9%o!<%IAmEv$j967b$N9%5!$rM?$($k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B XPede 4.1 $B$GH/8+$5$l$?!#$=$NB>$N%P!<%8%g%s$K$*$$$F$b1F6A$r(B
$B<u$1$k2DG=@-$,$"$k!#(B

26. WorkforceROI XPede Sprc.ASP SQL Injection Vulnerability
BugTraq ID: 4555
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4555
$B$^$H$a(B:

XPede $B$O(B Web $B$rMxMQ$7$?%W%m%8%'%/%H%"%+%&%s%F%#%s%0%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H$O(B Micfosoft Windows $B$GF0:n$9$k!#(B

XPede $B$O(B Microsoft SQL Server $B$r%P%C%/%(%s%I$H$7$F$$$k!#(B

XPede $B$N(B sprc.asp $B%9%/%j%W%H$KB8:_$9$kLdBj$K$h$j!"0-0U$"$k%f!<%6$O(B SQL
$B9=J8$NCmF~$r4k$F$k$3$H$,2DG=$K$J$k$N$G$"$k!#LdBj$N%9%/%j%W%H$K$O(B "Qry"
$B$HIU$1$i$l$?%*%W%7%g%s$,Hw$o$j!"$3$N%*%W%7%g%s$K$h$j967b<T$O(B SQL $B$N%/%((B
$B%j$r4^$`9=J8$rA^F~$9$k2DG=@-$,$"$j!"CmF~$5$l$?9=J8$O%P%C%/%(%s%I%G!<%?(B
$B%Y!<%9$K$h$j<B9T$5$l$k$3$H$,A[Dj$5$l$k!#$3$NLdBj$K$h$j!"%G!<%?%Y!<%9Fb(B
$B$N%F!<%V%k$X$N=q$-9~$_!"$b$7$/$O=$@5$d:o=|$,2DG=$K$J$k$H?d;!$5$l$k!#(B
$B%f!<%6$d4IM}<T$NG'>ZMQ>pJs$O%G!<%?%Y!<%9Fb$K3JG<$5$l!"2C$($F!"%W%m%8%'(B
$B%/%H%"%+%&%F%#%s%0$K4X$9$kB>$N>pJs$bF1MM$K3JG<$5$l$F$$$k!#(B

$B%P%C%/%(%s%I%G!<%?%Y!<%9$,Jz$($kLdBj$d8m@_Dj$O!"$3$NLdBj$r2p$7$F967b$K(B
$BMxMQ$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B XPede 4.1 $B$GH/8+$5$l$?!#$=$NB>$N%P!<%8%g%s$K$*$$$F$b1F6A$,(B
$B5Z$V2DG=@-$,$"$k!#(B

27. WorkforceROI XPede Weak File Protection Vulnerability
BugTraq ID: 4554
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4554
$B$^$H$a(B:

XPede $B$O(B Web $B$rMxMQ$7$?%W%m%8%'%/%H%"%+%&%s%F%#%s%0%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H$O(B Micfosoft Windows $B$GF0:n$9$k!#(B

$B%f!<%6$,HqMQ@A5aI<$rH/9T$9$k:]!"%U%!%$%k$O$I$N$h$&$J%f!<%6$G$"$C$F$b=q(B
$B$-9~$_2DG=$J(B /reports/temp $B%G%#%l%/%H%j>e$KJ]B8$5$l$k!#%G%U%)%k%H@_Dj$G(B
$B$O!"$3$N%G%#%l%/%H%j$O0lMw$N<h$j=P$7$,2DG=$G$"$k!#%j%b!<%H$N%/%i%$%"%s(B
$B%H$O$3$N%G%#%l%/%H%j$K%"%/%;%9$9$k$3$H$G!"B>$N%f!<%6$N0l;~E*$J%l%]!<%H(B
$B%U%!%$%k$X$N%"%/%;%9$,2DG=$H$J$k$H?d;!$5$l$k!#(B

$B$5$i$K!"(B/reports/temp $B%G%#%l%/%H%j$G$N0lMw:n@.$,L58z$K@_Dj$5$l$F$$$k>l(B
$B9g$G$b!"$=$N%U%!%$%k$NFbMF$O$^$@C%<h$5$l$k2DG=@-$,$"$k!#%;%-%e%j%F%#>e(B
$B$NM}M3$+$i!"%U%!%$%kL>$O==J,$K%i%s%@%`$KA*Br$5$l$k$,!"$3$NJ}K!$K$O<eE@(B
$B$,B8:_$7$F$$$k!#%U%!%$%kL>$N%i%s%@%`EY9g$$$OD9$5$,(B 5 $B%P%$%H$N$_!"$^$?!"(B
$B%"%k%U%!%Y%C%H$H?t;z$+$i@.$kJ8;zNs$K@)Ls$5$l$F$$$k!#$3$N$?$a!"B8:_$7F@(B
$B$k%U%!%$%kL>$NHO0O$rAjBPE*$K69$a!"<+F0E*$K$=$l$i$r?dB,$9$k%f!<%F%#%j%F%#(B
$B$K$h$jMF0W$K?dB,2DG=$G$"$k!#(B

$B7k2L$H$7$F!"0-0U$"$k%f!<%6$K$h$k%=!<%7%c%k%(%s%8%K%"%j%s%0$rMxMQ$9$k96(B
$B7b$NJd=u<jCJ$H$J$jF@$k!"=EMW$J>pJs$,C%<h$5$l$F$7$^$&2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B XPede 4.1 $B$GH/8+$5$l$?!#$=$NB>$N%P!<%8%g%s$K$*$$$F$b1F6A$,(B
$B5Z$V2DG=@-$,$"$k!#(B

28. WorkforceROI XPede Arbitrary Time Sheet Disclosure Vulnerabiltiy
BugTraq ID: 4556
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4556
$B$^$H$a(B:

XPede $B$O(B Web $B$rMxMQ$7$?%W%m%8%'%/%H%"%+%&%s%F%#%s%0%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H$O(B Micfosoft Windows $B$GF0:n$9$k!#(B

$BJs9p$K$h$k$H!"(BXPede $B$K$O%j%b!<%H%f!<%6$,B>$N%f!<%6$N6PL3I=$K%"%/%;%9$G$-(B
$BF@$kLdBj$,B8:_$7$F$$$k!#$3$NLdBj$O(B ets_app_process.asp $B$KM3Mh$7$F$*$j!"(B
$B==J,$JG'>Z;~$N3NG'$,9T$o$l$F$$$J$$$?$a$K@8$8$k!#%j%b!<%H$N967b<T$OB>$N(B
$B%f!<%6$N6PL3I=$r!"C1$KC1D4A}2CCM$H$7$FM?$($i$l$?(B TSN id $B%9%/%j%W%H$N%Q%i(B
$B%a!<%?$r2~JQ$9$k$@$1$GF~<j2DG=$G$"$k!#967b<T$,M?$($?(B ID $BHV9f$K9gCW$9$k6P(B
$BL3I=$,B8:_$9$k>l9g!"$=$N6PL3I=$O%/%i%$%"%s%HB&$GI=<($5$l$k!#(B

$B$=$N7k2L!"G'>Z$5$l$F$$$J$$%f!<%6$,=EMW$J%f!<%6>pJs$r3+<($9$k$3$H$,2DG=(B
$B$H$J$k$N$G$"$k!#$3$N>pJs$O%=!<%7%c%k%(%s%8%K%"%j%s%0$rMQ$$$k967b$NJd=u(B
$B<jCJ$H$J$jF@$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B XPede 4.1 $B$GH/8+$5$l$?!#$=$NB>$N%P!<%8%g%s$K$*$$$F$b1F6A$,5Z(B
$B$V2DG=@-$,$"$k!#(B

29. Apache Tomcat System Path Information Disclosure Vulnerability
BugTraq ID: 4557
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4557
$B$^$H$a(B:

Apache Tomcat $B$O0-0U$r$b$C$FAH$_N)$F$i$l$?(B jsp $B7A<0$N%U%!%$%k$X$N(B HTTP
$B%j%/%(%9%H$rE,@Z$K<h$j07$($J$$LdBj$rJz$($F$$$k!#$3$N7k2L!"967b<T$O967b(B
$BBP>]$N%5!<%P$K$H$C$F!"@x:_E*$K=EMW$G$"$k$H9M$($i$l$k>pJs$rF~<j2DG=$G$"(B
$B$k!#(B

$B0-0U$r$b$C$FAH$_N)$F$i$l$?(B HTTP $B%j%/%(%9%H$K$h$j!"(BWeb $B%3%s%F%s%DMQ$N%I(B
$B%-%e%a%s%H%k!<%H%G%#%l%/%H%j$N@dBP%Q%9$r4^$`%(%i!<%a%C%;!<%8$,3+<($5$l(B
$B$k!#(B


$BJs9p$K$h$k$H!"0J2<$N(B HTTP $B%j%/%(%9%H$K$h$j$3$NLdBj$N1F6A$,H/8=$9$k$H$N(B
$B$3$H$G$"$k!#(B

http://target/+/file.jsp
http://target/>/file.jsp
http://target/</file.jsp
http://target/%20/file.jsp


$B%Q%9$K4X$9$k>pJs$rF~<j$G$-F@$k$3$H$O!"967b<T$K$h$k967bBP>]$N%[%9%H$X$N(B
$B$5$i$J$k967b$NJd=u<jCJ$H$9$k$3$H$r2DG=$K$9$k!#(B


30. OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
BugTraq ID: 4560
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4560
$B$^$H$a(B:

OpenSSH $B%5!<%P$O%P%C%U%!%*!<%P!<%U%m!<>uBV$,@8$8$kLdBj$rJz$($F$$$k$HJs(B
$B9p$5$l$F$$$k!#Js9p$K$h$k$H!"$3$N>uBV$O@55,$NG'>ZMQ>pJs$r$b$D%f!<%6$G$"(B
$B$k967b<T$K$h$j0z$-5/$3$9$3$H$,2DG=$H$J$k!#(B

$B$3$NLdBj$O%/%i%$%"%s%H$K$h$C$F0z$-EO$5$l$k(B Kerberos 4 TGT/AFS $B%H!<%/%s(B
$B$N=hM}$K4XO"$9$k!#%G!<%?$,FbIt$NG'>ZMQ>pJsMQ$N9=B$BN$X=q$-9~$^$l$k:]!"(B
$B%*!<%P!<%U%m!<$,@8$8$k!#LdBj$NMW0x$H$J$k%W%m%0%i%`$NItJ,$O%;%-%e%"$G$O(B
$B$J$$J8;zNs$N%3%T!<A`:n$r9T$C$F$$$k$H9M$($i$l$F$$$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"@55,$NG'>ZMQ>pJs$r;}$D967b<T$K$h$C(B
$B$F!"(Broot $B8"8B$rC%<h$5$l$F$7$^$&2DG=@-$,$"$k!#(B

$BHw9M(B:
$B$3$NLdBj$O(B OpenSSH $B$N%G%U%)%k%H%$%s%9%H!<%k>uBV$K$O1F6A$r5Z$\$5$J$$!#(B
OpenSSH $B%5!<%P$,(B Kerveros 4 $B$b$7$/$O(B AFS $B$r;HMQ$9$k@_Dj$N>l9g$K$3$NLdBj(B
$B$N1F6A$,5Z$V!#(B

$BK\9`$O>\:Y>pJs$,$5$i$K8x3+$5$l$?CJ3,$G99?7$5$l$kM=Dj$G$"$k!#(B

31. Snitz Forums 2000 Members.ASP SQL Injection Vulnerability
BugTraq ID: 4558
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4558
$B$^$H$a(B:

3. Snitz Forums 2000 Members.ASP SQL Injection Vulnerability
BugTraq ID: 4558
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4558
$B$^$H$a(B:

Snitz Forums 2000 $B$O(B ASP $B$rMQ$$$F3+H/$5$l$?(B Web $B$rMxMQ$9$kEE;R7G<(HD5!(B
$BG=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows $B$G(B
$BF0:n$9$k!#$3$N%=%U%H%&%'%"$O%P%C%/%(%s%I%G!<%?%Y!<%9$rHw$(!"(BMicrosoft
Access 97/2000$B!"(BSQL Server 6.5/7.0/2000$B!"(BMySQL $B$KBP1~$7$F$$$k!#(B

Snitz Forums 2000 $B$K$O%f!<%6$,(B Web $B%U%)!<%i%`$KEPO?:Q$_$N%f!<%60lMw$rF~<j(B
$B$G$-$k5!G=$,Hw$($i$l$F$$$k!#$3$l$r9T$&$?$a$K$O!"(Bmembers.asp $B%9%/%j%W%H$,(B
$BEPO?:Q$_$N%f!<%6$N0lMw$rF@$k$?$a$N%/%(%j$r!"%P%C%/%(%s%I%G!<%?%Y!<%9$KBP(B
$B$7$F9T$C$F$$$k!#(B

$B$7$+$7!"%j%b!<%H$N967b<T$O(B members.asp $B%9%/%j%W%H$K$h$C$F:n@.$5$l$k%/%((B
$B%jFb$K!"(BSQL $B9=J8$rCmF~2DG=$J$N$G$"$k!#$3$l$O$3$N%9%/%j%W%H$K$h$C$F:n@.(B
$B$5$l$k%/%(%jFb$NO@M}9=B$$rA`:n$9$k$?$a$N967b$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

$B%G!<%?%Y!<%9$N<BAu$K0MB8$9$k$,!"$3$N;EMM$O967b<T$X%G!<%?%Y!<%9Fb$N=EMW$J(B
$B>pJs$r3+<($9$k7k2L$r>7$/$+!"$"$k$$$O!"967b<T$,%G!<%?$r2~JQ$9$k7k2L$r>7$/(B
$B2DG=@-$,$"$k!#$5$i$K$3$NLdBj$O@x:_E*$K!"%P%C%/%(%s%I%G!<%?%Y!<%9Fb$K@x:_(B
$BE*$KB8:_$9$kLdBj$X$N967b$r0z$-5/$3$9$H9M$($i$l$k!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$?967b$r9T$&$?$a$K$O!"LdBj$rJz$($k%9%/%j%W%H$K(B
$BBP$7$F!"E,@Z$JJ8K!$K1h$C$?(B SQL $B9=J8$r0z$-EO$9I,MW$,$"$k!#(B

32. PostBoard BBCode IMG Tag Script Injection Vulnerability
BugTraq ID: 4559
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4559
$B$^$H$a(B:

PostBoard $B$O%U%j!<$G$"$j!"%*!<%W%s%=!<%9$G$"$j!"(BPostNuke $B%3%s%F%s%D4IM}(B
$B%7%9%F%`8~$1$KEE;R7G<(HD5!G=$rDs6!$9$k%b%8%e!<%k$G$"$k!#$3$N%=%U%H%&%'%"(B
$B$O(B UNIX $B$d(B Linux $B$GF0:n$9$k$h$&$K@_7W$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%j%b!<%H%f!<%6$,G$0U$N%3!<%I$r!"$3$N%=%U%H%&%'%"$K(B
$B$h$C$F1?1D$5$l$F$$$k(B Web $B%5%$%H$N%3%s%F%s%D$HF13J$N8"8B$G<B9T2DG=$JLdBj(B
$B$,B8:_$9$k!#$3$NLdBj$O$$$/$D$+$NF~NOCM$N<oN`$KBP$9$k3NG'=hM}$KM3Mh$7$F(B
$B$$$k!#(B

PostBoard $B$O%5%$%H$XEj9F$5$l$k5-;vFb$N!"(BIMG $B%?%0Fb$K4^$^$l$k%3!<%I$K$D$$(B
$B$F$N=|5n$r9T$C$F$$$J$$!#$3$N$?$a!"0-0U$"$k%f!<%6$O$3$N%=%U%H%&%'%"$rMxMQ(B
$B$7$FDs6!$5$l$F$$$k(B Web $B%5%$%H$X!"(B2 $B$D$N(B IMG $B%?%04V$K%9%/%j%W%H$r4^$s$@Ej(B
$B9F$r9T$&2DG=@-$,$"$k!#Ej9F$5$l$?%3!<%I$O$3$N%=%U%H%&%'%"$rMxMQ$7$FDs6!$5(B
$B$l$F$$$k(B Web $B%5%$%H$N%3%s%F%s%D$HF13J$N8"8B$G!"%f!<%6$N(B Web $B%V%i%&%6$G<B(B
$B9T$5$l$k$H?d;!$5$l$k!#(B

33. PostBoard Topic Title Script Execution Vulnerability
BugTraq ID: 4561
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4561
$B$^$H$a(B:

PostBoard $B$O%U%j!<$G$"$j!"%*!<%W%s%=!<%9$G$"$j!"(BPostNuke $B%3%s%F%s%D4IM}(B
$B%7%9%F%`8~$1$KEE;R7G<(HD5!G=$rDs6!$9$k%b%8%e!<%k$G$"$k!#$3$N%=%U%H%&%'%"(B
$B$O(B UNIX $B$d(B Linux $B$GF0:n$9$k$h$&$K@_7W$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%j%b!<%H%f!<%6$,G$0U$N%3!<%I$r!"$3$N%=%U%H%&%'%"$K(B
$B$h$C$F1?1D$5$l$F$$$k(B Web $B%5%$%H$N%3%s%F%s%D$HF13J$N8"8B$G<B9T2DG=$JLdBj(B
$B$,B8:_$9$k!#$3$NLdBj$O$$$/$D$+$NF~NOCM$N<oN`$KBP$9$k3NG'=hM}$KM3Mh$7$F(B
$B$$$k!#(B

PostBoard $B$O%f!<%6$+$iM?$($i$l$?CM$NFbMF$KBP$9$k%U%#%k%?%j%s%0$r==J,$K(B
$B9T$C$F$$$J$$!#$3$N$?$a!"$3$N%=%U%H%&%'%"$N%f!<%6$OEj9F$5$l$?%a%C%;!<%8(B
$B$NBjL>ItJ,$K%9%/%j%W%H$rCmF~2DG=$J$N$G$"$k!#$3$l$O!"Ev3:%a%C%;!<%8$r%f!<(B
$B%6$,%/%j%C%/$9$k:]$K!"$=$N%3!<%I$,$3$N%=%U%H%&%'%"$rMxMQ$7$F9=C[$5$l$?(B
Web $B%5%$%H$N%3%s%F%s%D$HF13J$N8"8B$G<B9T$5$l$k7k2L$r>7$/2DG=@-$,$"$k!#(B

34. PostBoard BBCode Denial Of Service Vulnerability
BugTraq ID: 4562
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 19 2002 12:00A
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/4562
$B$^$H$a(B:

PostBoard $B$O%U%j!<$G$"$j!"%*!<%W%s%=!<%9$G$"$j!"(BPostNuke $B%3%s%F%s%D4IM}(B
$B%7%9%F%`8~$1$KEE;R7G<(HD5!G=$rDs6!$9$k%b%8%e!<%k$G$"$k!#$3$N%=%U%H%&%'%"(B
$B$O(B UNIX $B$d(B Linux $B$GF0:n$9$k$h$&$K@_7W$5$l$F$$$k!#(B

PostBoard $BFb$N(B BBcode $B$N<BAu$K$O967b<T$,$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B
$B%[%9%H$N;q8;$r;H$$?T$/$5$;$F$7$^$($kLdBj$,B8:_$9$k!#$H$j$o$1!"$3$N>uBV$K(B
$B4Y$i$;$k$?$a$K!"(B[code] $B%?%0$N0-MQ$,2DG=$G$"$k!#(B[code] $B%?%0$O$$$+$J$k<oN`(B
$B$NFCJL$JJ8;z<o$G$"$C$F$b2r<a$5$l$k$3$H$J$/!"%=!<%9%3!<%IFb$KNc$r0zMQ$9$k(B
$B$?$a$KMxMQ$5$l$k%?%0$G$"$k!#B>$N%?%0$b$3$NJ}K!$rMxMQ$9$k$3$H$G967b$KMQ$$(B
$B$k$3$H$,2DG=$+$I$&$+$K$D$$$F$OL$>\$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$N7k2L!"(BWeb $B%5!<%P$ODL>o$"$j$"$($J$$NL$N%7%9%F%`(B
$B;q8;$r;H$$?T$/$7$F$7$^$&$3$H$K$J$k!#$3$NLdBj$K$h$j!"(BWeb $B%5!<%P$N(B DoS $B$r(B
$B>7$/2DG=@-$,$"$j!"E,@Z$J;q8;NL$N@_Dj$,9T$o$l$F$$$J$$>l9g$K$O!"@x:_E*$K(B
Web $B%5!<%P%W%m%0%i%`$r2TF0$5$;$F$$$k(B OS $B$=$N$b$N$b(B DoS $B$K4Y$i$;$i$l$k2D(B
$BG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"DL>oF0:n$XI|5l$9$k$?$a$K$O(B Web $B%5!<(B
$B%P$N:F5/F0$,I,MW$K$J$k!#(B

35. Nortel CVX 1800 Multi-Service Access Switch Default SNMP Community Vulnerability
BugTraq ID: 4507
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4507
$B$^$H$a(B:

Nortel CVX 1800 Multi-Service Access Switch $B$OE}9g7?%b%G%`%O!<%I%&%'%"(B
$B$G$"$k!#(B

$B$3$N%G%P%$%9$K$O%G%U%)%k%H$G(B "public" $B$H$$$&L>$N(B SNMP $B%3%_%e%K%F%#$,B8(B
$B:_$9$k!#%j%b!<%H$N967b<T$O!"(B SNMP $B%/%i%$%"%s%H$G!"$3$N(B "public" $B%3%_%e(B
$B%K%F%#$r;HMQ$7$F(B SNMP $B%*%V%8%'%/%H$N%3%s%F%s%D$rF~<j$9$k2DG=@-$,$"$k!#(B
$B$3$N%G%P%$%9>e$N%m!<%+%k%"%+%&%s%H$NG'>Z>pJs$d!"%M%C%H%o!<%/9=@.Fb$K$*(B
$B$1$k$3$N%G%P%$%9$NG[CV>uBV$J$I!"=EMW$J>pJs$r3+<($7$F$7$^$&LdBj$rJz$($F(B
$B$$$k!#(B

36. IRIX XFS Filesystem Local Denial of Service Attack 
BugTraq ID: 4511
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B 
$B8xI=F|(B: Apr 15 2002 12:00A 
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4511 
$B$^$H$a(B: 

XFS $B%U%!%$%k%7%9%F%`$NFCDj$N%P!<%8%g%s$,LdBj$rJz$($F$$$k$HJs9p$5$l$F$$(B
$B$k!#(B XFS $B$OA4$F$N(B IRIX 6.5 $B%7%9%F%`$N%G%U%)%k%H$N%U%!%$%k%7%9%F%`$G$"(B
$B$k!#(B

$B$3$NLdBj$K$h$j!"%m!<%+%k%f!<%6$O0-0U$"$k%U%!%$%k$r:n@.2DG=$G$"$k$H?d;!(B
$B$5$l$k!#$$$+$J$k%W%m%;%9$b!"$3$N%U%!%$%k$X%"%/%;%9$r4k$F$k$HDd;_$7$F$7(B
$B$^$&$N$G$"$k!#(B

$BFCDj$N>r7o2<$G$O!"$3$NLdBj$O(B DoS $B>uBV$r>7$/2DG=@-$,$"$k!#Nc$($P!"0-0U(B
$B$"$k%m!<%+%k%f!<%6$,!"(B Web $B%5!<%P$d(B Ftp $B%5!<%P$K$h$C$F%"%/%;%9$5$l$?$j!"(B
$B$b$7$/$O<+F0E*$KF0:n$9$k%7%9%F%`%?%9%/$K$h$C$F=hM}$5$l$k$h$&$J>l=j$K!"(B
$B%U%!%$%k$rG[CV$9$k2DG=@-$,$"$k!#(B

37. Burning Board URL Parameter Manipulation Vulnerability
BugTraq ID: 4512
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4512
$B$^$H$a(B:

Burning Board $B$O(B Web $B%U%)!<%i%`%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H$O(B PHP $B8@(B
$B8l$rMxMQ$7$F:n@.$5$l$F$*$j!"%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F(B MySQL $B$rMxMQ(B
$B$7$F$$$k!#$3$N%=%U%H%&%'%"$OKX$I$N(B UNIX $B$HMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(B
Microsoft Windows $B4D6-$G$bF0:n$9$k!#(B

$BJs9p$K$h$k$H!"967b<T$O%j%s%/$r;2>H$7$FK,Ld$7$?@55,$N(B Burning Board $B%f!<(B
$B%6$K@.$j$9$^$9$3$H$,$G$-$k$h$&$J0-0U$"$k%j%s%/$r:n@.$9$k2DG=@-$,$"$k$H(B
$B$N$3$H$G$"$k!#$3$NLdBj$rMxMQ$7$?967b$r9T$&$K$O!"967b<T$O!"%j%s%/$r;2>H(B
$B$7$FK,Ld$7$?%f!<%6$K4uK>$N%"%/%7%g%s$r<B9T$5$;$k$h$&$JJ}K!$G!"0-0U$N$"(B
$B$k%j%s%/Fb$N(B URL $B%Q%i%a!<%?$rA`:n$7$J$1$l$P$J$i$J$$!#$^$?$3$N:]!"@55,$N(B
$B%U%)!<%i%`%f!<%6$O%/%C%-!<$rMxMQ$7$?G'>Z>pJs$r2p$7$F!"G'>Z$,9T$o$l$F$$(B
$B$kI,MW$,$"$k!#967b$KMxMQ$5$l$k%O%$%Q!<%j%s%/$K$O(B BBCode $B$r4^$s$G$$$k2D(B
$BG=@-$,$"$k!#(B

$B$b$7967b<T$,!"0-0U$N$"$k967b<T$K$h$C$F@)8f$5$l$?(B Web $B%Z!<%8$r2p$7$F$3(B
$B$N967b$r9T$C$?$J$i$P!"@55,$N%f!<%6$K$J$j$9$^$7$FIT@5$J%"%/%;%9$r9T$$!"(B
$B$=$l$r1#JC$9$k$h$&$J%9%/%j%W%H$r=q$-9~$`9T0Y$,MF0W$K<B9T$G$-$k$N$G$"$k!#(B
$B967b<T$N%9%/%j%W%H$O62$i$/!"967b$,<B9T$5$l$?8e$K!"M=4|$9$k(B Web $B%Z!<%8(B
$B$X%f!<%6$r%j%@%$%l%/%H$5$;$k$H?dB,$5$l$k!#$=$&$7$J$1$l$P!"H`$i$N$J$j$9(B
$B$^$79T0Y$,9T$o$l$h$&$H$7$?$3$H$,H/8+$5$l$k2DG=@-$,$"$k$+$i$G$"$k!#(B

$B$3$NLdBj$O!"0-0U$N$"$k(B Web $B%Z!<%8$rK,$l$k@55,$N%f!<%6$K!"G$0U$N967b<T(B
$B$,6!5k$7$?%U%)!<%i%`%a%C%;!<%8$r5-F~$5$;$k$?$a$K!"967b<T$K$h$C$FMxMQ(B
$B$5$l$k2DG=@-$,$"$k!#(B

phpBB $B$H$$$C$?B>$N(B Web $B%U%)!<%i%`%=%U%H$b$3$NLdBj$N1F6A$,5Z$V2DG=@-$,(B
$B$"$k$3$H$,Js9p$5$l$F$$$k$b$N$N!"$3$l$K$D$$$F$OL$8!>Z$G$"$k!#(B

38. Mirabilis ICQ .hpf Denial of Service Vulnerability
BugTraq ID: 4514
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4514
$B$^$H$a(B:

ICQ $B$K?75,$N%f!<%6$,EPO?$5$l$k:]!"(B.pnq (ICQ Plugin) $B!"(B.scm (ICQ Sound
Scheme$B!"(B.uin (ICQ User) $B!"(B.hpf (ICQ Home Page Factory) $B$J$I$N!"(B ICQ $BFC(B
$BM-$NMM!9$J%U%!%$%k$,:n@.$5$l$k!#$3$l$i$N3HD%;R$r;}$D%U%!%$%k$O!"(BICQ $B$K(B
$B4XO"IU$1$i$l$k!#(B

ICQ $B$,%/%i%C%7%e$9$kLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"0-0U$K$h$C$F9*(B
$BL/$KAH$_N)$F$i$l$?3HD%;R(B .hpf $B$N%U%!%$%k$KBP$7!"%f!<%6$,%"%/%;%9$r;n$_(B
$B$k$3$H$G(B ICQ $B$O%/%i%C%7%e$9$k!#(B

$B$3$NLdBj$OL$%A%'%C%/$N%P%C%U%!$KM3Mh$7$F$$$k2DG=@-$,$"$k!#FCDj$N>r7o$G!"(B
$B$3$NLdBj$rJz$($k967bBP>]$N%3%s%T%e!<%?>e$GG$0U$N%3!<%I$r<B9T$5$l$k2DG=(B
$B@-$,$"$k$H?d;!$5$l$k!#(B

39. Demarc PureSecure Authentication Check SQL Injection Vulnerability
BugTraq ID: 4520
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4520
$B$^$H$a(B:

Demarc PureSecure $B$O(B Snort $BMQ$K:n@.$5$l$?>&MQ$N%0%i%U%#%+%k%U%m%s%H%(%s(B
$B%I$G$"$j!"HFMQE*$J%M%C%H%o!<%/4F;k%=%j%e!<%7%g%s$G$"$k!#(B Snort $B$O%*!<%W(B
$B%s%=!<%9$H$7$F8x3+$5$l$F$$$k(B NIDS (Network Intrusion Detection System)
$B$G$"$k!#(B Demarc PureSecure $B$OKX$I$N(B UNIX $B$HMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(B
Microsoft Windows NT/2000/XP $B$G$bF0:n$9$k!#(B

PureSecure $B$NFCDj$N%P!<%8%g%s$K$*$$$FLdBj$,Js9p$5$l$F$$$k!#%f!<%6$,@8(B
$B@.$7$?F~NO$,(B SQL $B9=J8$r9=@.$9$k$N$K;HMQ$5$l$F$*$j!"(B SQL injection $B967b(B
$B$r2DG=$H$7$F$7$^$&$N$G$"$k!#$3$N7g4Y$rMxMQ$7$?967b$r2p$7$F!"4IM}<T8"8B(B
$B$,C%<h$5$l$k2DG=@-$,$"$k!#(B

$B%;%C%7%g%s(B ID $B$NCM$,!"%/%i%$%"%s%H$,@)8f2DG=$J>uBV$K$"$k%/%C%-!<>pJs$+(B
$B$i@8@.$5$l$F$$$k$N$G$"$k!#$3$N>pJs$O!"%f!<%6$,4IM}<T8"8B$r=jM-$7$F$$$k(B
$B$+$I$&$+$r3NG'$9$k$?$a$N(B SQL $B%/%(%j$r9=C[$9$k$N$K;HMQ$5$l$F$7$^$&!#0-(B
$B0U$"$k967b<T$O!"(B SQL $B%3%^%s%I$r4^$s$@%/%C%-!<$r9=C[$7!"%/%(%j$r2~$6$s(B
$B$9$k2DG=@-$,$"$k!#(B

$B$3$N967b$r2p$7$F!"4IM}<T8"8B$r<hF@$9$k$3$H$,2DG=$G$"$k$HJs9p$5$l$F$$$k!#(B
$B$5$i$K?<9o$J967b$,2DG=$G$"$k$3$H$,?d;!$5$l$k$,!"L$8!>Z$G$"$k!#(B

40. HP Photosmart Mac OS X Print Driver Weak File Permissions Vulnerability
BugTraq ID: 4518
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 15 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4518
$B$^$H$a(B:

HP $B$N(B Photosmart $B%W%j%s%?%7%j!<%:$N@=IJ$O!"%G%8%?%k<L??$N0u:~$rMF0W$K!"(B
$BG=N(E*$K9T$($k$h$&$K@_7W$5$l$F$$$k!#$3$l$i$N%W%j%s%?$N(B Mac OS X $B8~$1$N(B
$B%I%i%$%P$NFCDj$N%P!<%8%g%s$K$*$$$FLdBj$,Js9p$5$l$?!#(B

Photosmart $B%W%j%s%?$N(B Mac OS X $B8~$1%I%i%$%P$O!"$$$+$J$k%f!<%6$G$"$C$F(B
$B$b=q$-9~$_2DG=$J(B hp_imaging_connectivity $B$H$$$&%P%$%J%j%U%!%$%k$r4^$s(B
$B$G$*$j!"(B /Library/Priinters/hp/hp_imaging_connectivity.app/ $B%G%#%l%/(B
$B%H%j$KG[CV$5$l$F$$$k!#$3$N%U%!%$%k$O$I$N$h$&$J%f!<%6$G$"$C$F$b=q$-9~$_(B
$B2DG=$J$?$a!"%m!<%+%k%f!<%6$G$bB>$N%U%!%$%k$X$N%7%s%\%j%C%/%j%s%/$d%H%m(B
$B%$$NLZGO$N%3%T!<$HCV$-49$($k$3$H$,2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"%f!<%6$,%7%9%F%`$K%m%0%*%s$9$k:]$O!">o$K$3$N%"%W%j%1!<%7%g(B
$B%s$O8=:_$N%f!<%6$N8"8B$G<B9T$5$l$k!#$=$N7k2L!"4IM}<T$+4IM}8"8B$r=jM-$7(B
$B$?%f!<%6$,%m%0%$%s$9$k$3$H$G!"%H%m%$$NLZGO$N%U%!%$%k$r<B9T$7$?$j!"%m!<(B
$B%+%k%f!<%6$N8"8B$r>:3J$5$;$?$j$9$k$3$H$,2DG=$H$J$k!#$^$?!"%f!<%6$,%U%!(B
$B%$%k$N0u:~$r9T$&:]$K$b<B9T$5$l$k!#(B

41. Microsoft Internet Explorer Unicode Character Handling DoS Vulnerability
BugTraq ID: 4519
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4519
$B$^$H$a(B:

Microsoft Internet Explorer $B$O!"6KC<$KD9$$O"B3$7$?%f%K%3!<%IJ8;zNs$r4^(B
$B$s$@(B URL $B$G%"%/%;%9$7$?:]$K!"%/%i%C%7%e$9$kLdBj$rJz$($F$$$k$HJs9p$5$l(B
$B$F$$$k!#Js9p$K$h$l$P!"6KC<$KD9$$O"B3$7$?%f%K%3!<%IJ8;zNs$r4^$s$@0-0U$"(B
$B$k%j%s%/$r:n@.$7!"$=$N%j%s%/$r(B Web $B%f!<%6$,;2>H$7$?:]$K!"$3$N>u67$,H/(B
$B@8$9$k2DG=@-$,$"$k$H$N$3$H$G$"$k!#967b<T$O86B'$H$7$F!"LdBj$N$"$k(B Web
$B%V%i%&%6$r;HMQ$7$F$$$k%f!<%6$r!"$=$N(B URL $B$KM6$$9~$`I,MW$,$"$k!#(B

$B$3$NLdBj$,!"$J$<H/@8$9$k$N$+$OJ,$+$C$F$$$J$$!#$3$NLdBj$rF10l$N%P!<%8%g(B
$B%s$N(B Microsoft Windows $B$GF10l$N%P!<%8%g%s$N(B Internet Explorer $B$r;HMQ$7(B
$B$?$H$7$F$b!"A4$F$N4D6-$G:F8=$5$;$k$3$H$O2DG=$G$O$J$$$H?d;!$5$l$F$$$k!#(B
$B$J$<$3$NLdBj$,FCDj$N4D6-$K$*$$$FH/@8$7!"0lJ}$G$OH/@8$7$J$$$N$+$O!"8=;~(B
$BE@$G$OL@3N$K$5$l$F$$$J$$!#(B

$B$3$NLdBj$O%P%C%U%!%*!<%P!<%U%m!<$KM3Mh$7$FH/@8$9$k$N$G$O$J$$$+$H?d;!$5(B
$B$l$F$$$k!#(B

$BK\9`$O>\:Y>pJs$,$5$i$K8x3+$5$l$?CJ3,$G99?7$5$l$kM=Dj$G$"$k!#(B

42. Multiple Microsoft Products for MacOS File URL Buffer Overflow Vulnerability
BugTraq ID: 4517
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4517
$B$^$H$a(B:

Internet Explorer$B!"(BOutlook Express$B!"(BEntourage$B!"(BPowerPoint$B!"(BExcel$B!"(BWord
$B$H$$$C$?!"(BMacOS $B8~$1$NMM!9$J(B Microsoft $B@=IJ$K$*$$$FLdBj$,Js9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!">e5-$K$"$2$?@=IJ$N6&DL$N%3%s%]!<%M%s%H$O!"%P%C%U%!%*!<%P!<(B
$B%U%m!<$NLdBj$rJz$($F$$$k$H$N$3$H$G$"$k!#$3$NLdBj$O(B file:/// $B$H$$$&(B URL 
$B$N07$$$KM3Mh$7$F$$$k!#(B

$B967b<T$,G$0U$N%G!<%?(B ($B$*$h$=(B 1313 $B%P%$%H(B) $B$r4^$_!">/$J$/$H$b(B 1 $B$D$N%5(B
$B%V%G%#%l%/%H%j$r0lMwI=<($5$l$k$h$&$J(B file:/// URL $B$r:n@.$9$k$3$H$K$h$j!"(B
$B0-0U$r;}$C$F9*L/$K:n@.$5$l$?%j%s%/$K%"%/%;%9$9$k%f!<%6$KBP$7$F!"G$0U$N(B
$B%G!<%?$,<B9T$5$l!"@x:_E*$K%P%C%U%!%*!<%P!<%U%m!<$K4Y$i$;$k$3$H$K$J$k!#(B
$BNc(B:

file:///arbitrary_data
$B$"$k$$$O(B
file:///data/data/data/data/

$B$3$N%*!<%P!<%U%m!<$O%j%?!<%s%"%I%l%9$r4^$`%9%?%C%/JQ?t$r>e=q$-$7!"%f!<(B
$B%6$N8"8B$GG$0U$N%3!<%I$,<B9T$5$l$k!#$?$@$7!"$G$?$i$a$J%G!<%?$,Aw$i$l$?(B
$B>l9g$O!"%"%W%j%1!<%7%g%s$N%/%i%C%7%e$r0z$-5/$3$9!#(B

43. Symantec Norton Personal Firewall 2002 Portscan Protection Bypass Vulnerability
BugTraq ID: 4521
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4521
$B$^$H$a(B:

Symantec Norton Personal Firewall 2002 (NPW) $B$O2H$d>.$5$J4k6H$N%3%s%T%e!<(B
$B%?8~$1$N%U%!%$%d%&%)!<%k@=IJ$G$"$j!"FCDj$N%P!<%8%g%s$N(B Microsoft Windows
$B>e$GF0:n$9$k!#$3$N@=IJ$O%]!<%H%9%-%c%s$rF0E*$KKI$05!G=$rHw$($F$$$k!#(B

Personal Firewall 2002 $B$N%]!<%H%9%-%c%s$KBP$9$k07$$$KLdBj$,$"$k!#Js9p(B
$B$K$h$k$H!"(B SYN $B%9%-%c%s$N$_$,8!CN$5$l$k$H$N$3$H$G$"$k!#967b<T$O(B 
SYN/FIN $B%Q%1%C%H$d(B NPW $B$N5!G=$G$O8!CN$G$-$J$$B>$N<oN`$N%9%-%c%s$r9T$&(B
$B2DG=@-$,$"$k!#(B

$B$5$i$KDI5-;v9`$H$7$F!"%9%-%c%s$,KI$,$l$?:]$K!"%V%m%C%/$5$l$?967b%"%I%l(B
$B%9$+$i$N(B SYN $B%Q%1%C%H$N$_$,Js9p$5$l$k$N$G$"$k!#967b<T$O>e$G$"$2$?J}K!(B
$B$GBP>]$N%^%7%s$K967b$rB3$1$k2DG=@-$,$"$j!"@\B3$r3+$$$F$$$k$b$N$K4X$7$F(B
$B$O%I%m%C%W$5$l$J$$$N$G$"$k!#(B

$B%]!<%H%9%-%c%s$rKI;_$9$k$?$a$N%V%m%C%/%j%9%H$N(B 30 $BJ,4V$H$$$&;~4V$r@_Dj(B
$B$G$-$J$$$3$H$bJs9p$5$l$F$$$k!#$3$N$3$H$K$h$j!"967b<T$O(B NPW 2002 $B$,2TF0(B
$B$7$F$$$k%^%7%s$N%U%#%s%,!<%W%j%s%F%#%s%0$r9T$&$3$H$,2DG=$H$J$j!"99$J$k(B
$B!VCNE*$J!W967b$X$H5/0x$9$k2DG=@-$,$"$k!#(B

44. Oracle 9i ANSI Outer Join Access Control Bypass Vulnerability
BugTraq ID: 4523
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4523
$B$^$H$a(B:

Oracle 9i $B$O(B SQL $B%G!<%?%Y!<%9%/%(%j$K$*$$$F!"(B ANSI $B$K=`5r$7$?(B 'outer
join' $B$r%5%]!<%H$7$F$k!#(B

$B$3$N5!G=$N<BAu$K%;%-%e%j%F%#>e$NLdBj$,B8:_$9$k!#Js9p$K$h$k$H!"(B'outer join'
$B$r4^$s$@%/%(%j$O%G!<%?%Y!<%9$N%"%/%;%9%3%s%H%m!<%k$r2sHr$9$k$3$H$,2DG=$G$"(B
$B$k!#$3$NLdBj$K$h$C$F!"B>$N%G!<%?%Y!<%9%f!<%6$N%Q%9%o!<%I%O%C%7%eCM$H$$$C$?!"(B
$BK\Mh%"%/%;%9$9$k$3$H$,$G$-$J$$%G!<%?$rC%<h$5$l$k2DG=@-$,?d;!$5$l$k!#(B

$B$3$&$$$C$?<o$NLdBj$NB8:_$O!"%;%-%e%j%F%#%b%G%k$N:,K\$N4h6/@-$KBP$7$F$N(B
$B7|G0$r$b$?$i$9!#$3$NLdBj$,8!>Z$5$l$?>l9g!"%"%/%;%9%3%s%H%m!<%k$r$9$jH4(B
$B$1$kB>$NLdBj$,@x:_$7$F$$$k2DG=@-$,$"$k!#(B

45. Symantec Raptor / Enterprise Firewall FTP Bounce Vulnerability
BugTraq ID: 4522
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4522
$B$^$H$a(B:

Raptor Firewall $B$O(B Axent Technologies $B$G3+H/$5$l!":#F|(B Symantec $B$K$h$C(B
$B$FJ]<i!"HNGd$5$l$F$$$k4k6H%l%Y%k$N%U%!%$%d%&%)!<%k$G$"$k!#(B Symantec
Enterprise Firewall $B$O85$O(B Raptor firewall $B$H$7$FCN$i$l$F$$$k!#(B
Microsoft Windows $B$H(B UNIX $B$GMxMQ2DG=$G$"$k!#(B

$BFCDj$N(B FTP $B$N<BAu$O!"(B FTP PORT $B%3%^%s%I$K$h$C$F!"%5!<%P$+$i%G!<%?$r%/%i(B
$B%$%"%s%H0J30$N%[%9%H$KAw?.$9$k$3$H$,2DG=$G$"$k!#$3$l$O%I%-%e%a%s%H2=$5(B
$B$l$F$$$k%W%m%H%3%k$K$*$1$k<eE@$G$"$j!"(B FTP Bounce $B967b$H$7$FCN$i$l$F$$(B
$B$k!#:G6a$N$[$H$s$I$N(B FTP $B%5!<%P$G$O!"$3$NLdBj$O2r>C$5$l$F$$$k!#(B

$B$7$+$7!"(BRaptor Firewall $B$N(B FTP $B%W%m%H%3%k$N<BAu$O(B FTP Bounce $B967b$N1F6A(B
$B$r<u$1$k5?$$$,$"$k!#(B

Raptor Firewall $B$O!"%U%!%$%d%&%)!<%k$N30$+$iFb$X$N%Q%1%C%H$HFb$+$i30$X(B
$B$N%Q%1%C%H$NFb!"(B FTP Bounce $B967b$,2DG=$H$J$k$h$&$J%Q%1%C%H$N%X%C%@$r=q(B
$B$-49$($k!#(B FTP PORT $B%3%^%s%I$,!"$3$NLdBj$rJz$($k%U%!%$%d%&%)!<%k$K$h$C(B
$B$F2r<a$5$l$k$H!"%3%^%s%IFb$N(B IP $B%"%I%l%9$,967b<T$N$b$N$KCV$-49$($i$l!"(B
$B%]!<%HHV9f$O0l;~E*$J%]!<%HHV9f$XCV$-49$($i$l$k!#$3$N$?$a!"%U%!%$%d%&%)!<(B
$B%k$NGX8e$N(B FTP $B%5!<%P$O!"(BPORT $B%j%/%(%9%H$r@)8B$5$l$k!#(B

$B$7$+$7$J$,$i!"$3$N%U%!%$%d%&%)!<%k$O(B FTP $B%5!<%P$K$h$C$F@8@.$5$l$?%3%M%/(B
$B%7%g%sCf$N!"30ItJ}8~$X$N%Q%1%C%H$r07$&:]$K!"%3%^%s%I$N(B IP $B%"%I%l%9$H%]!<(B
$B%H$,967b<T$N@8@.$7$?85$NCM$GCV$-49$($F$7$^$&$N$G$"$k!#(B

$B$=$N7k2L!"967b<T$OG$0U$N%[%9%H$K%G!<%?$rAw?.$9$k$3$H$,2DG=$H$J$k$N$G$"(B
$B$k!#(B

$BLdBj$rJz$($k%U%!%$%d%&%)!<%k$N<BAu$,!"(B1024 $BHV0J9_$N%]!<%H$H$N(B FTP PORT
$B@\B3$rITG=$K$9$k$3$H$ON10U$5$l$k$Y$-E@$G$"$k!#(B

Symantec $B$O(B Solaris $B8~$1$N(B Entermprise Firewall V7.0 $B$b$3$NLdBj$N1F6A(B
$B$,5Z$V$HJs9p$7$F$$$k!#(B

46. FreeBSD 4.5 syncache / syncookies Denial Of Service Vulnerability
BugTraq ID: 4524
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4524
$B$^$H$a(B:

FreeBSD 4.5 $B$N:G6a$N%P!<%8%g%s$O(B SYN $B%-%c%C%7%e(B (syncache) $B$H(B SYN $B%/%C(B
$B%-!<(B (syncookies)$B$N5!G=$,Hw$o$C$F$$$k!#$3$l$O!"(BDoS $B$J$I$N%U%i%C%I$rMQ$$(B
$B$??t!9$N967b<jK!$+$i!"$"$kDxEY<+$i$rKI8n$9$k$3$H$,2DG=$G$"$k!#(B

$BMM!9$J(B DoS $BLdBj$,!"$3$N5!G=$NFCDj$N%P!<%8%g%s$K$*$$$FJs9p$5$l$F$$$k!#(B
$B0-0U$"$k967b<T$O!"LdBj$rJz$($k%7%9%F%`$r%/%i%C%7%e$5$;$k$?$a$K!"$3$l$i(B
$BLdBj$r9*L/$KMxMQ$9$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#DL>o5!G=$NI|5l$K$O%5!<(B
$B%P$N:F5/F0$,I,MW$G$"$k!#(B

$BBh(B 1 $B$NLdBj$O!"(B syncookies $B5!G=$,;HMQ2DG=$H$J$C$F$$$k>l9g$KH/@8$9$k!#(B
SYN $B%Q%1%C%H$r<u$1<h$k:]!"IT@5$J%]%$%s%?$,;2>H$5$l$k$N$G$"$k!#7k2LE*$K(B
$B$O!"$3$N%]%$%s%?$,(B NULL $B%]%$%s%?$G$"$j!"%^%7%s$,%/%i%C%7%e$9$k!#(B

$BBh(B 2 $B$NLdBj$O!"%W%m%;%9$r:F5/F0$5$;$k:]$K@8$8$k!#%W%m%;%9$,@ZCG$5$l$k0J(B
$BA0$K(B syncache $B%(%s%H%j$,@8@.$5$l!"%W%m%;%9$,F1$8%=%1%C%H>e$G:F3+$5$l$?(B
$B:]!"8e$KE~Ce$9$kE,9g$9$k(B ACK $B$dJ#<L$5$l$?(B SYN $B%Q%1%C%H$O!"%"%/%;%9$5$l(B
$B$F$$$?0JA0$N(B syncache $B%(%s%H%j$K5"Ce$9$k2DG=@-$,$"$k!#FCDj$N>r7o2<$G$O!"(B
$B$3$N8E$$%]%$%s%?$X$N%"%/%;%9$,%7%9%F%`$N%/%i%C%7%e$r0z$-5/$3$92DG=@-$,(B
$B$"$k!#(B

47. Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability
BugTraq ID: 4525
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4525
$B$^$H$a(B:

Microsoft IIS 5.0 $B$O!"%5%s%W%k%9%/%j%W%H$H6&$K=P2Y$5$l$F$*$j!"$=$N%5%s(B
$B%W%k%9%/%j%W%H$,%5%s%W%k%9%/%j%W%H%G%#%l%/%H%j(B (/IISSAMPLES) $B$N%9%/%j(B
$B%W%H$N%=!<%9%3!<%I$r;2>H$9$k$N$K;HMQ$5$l$k2DG=@-$,$"$k!#(B

$BLdBj$N$"$k%9%/%j%W%H(B (CodeBrws.asp) $B$O!"(B dot-dot-slash $B$rMxMQ$7$?J]8n(B
$B$5$l$?%G%#%l%/%H%jHO0O0J30$KBP$7$F$b%"%/%;%9$,2DG=$K$J$k967b(B 
(directory traversal attacks) $B$r;HMQ$7!"%5%s%W%k%9%/%j%W%H$N%G%#%l%/%H(B
$B%j$rEp$_=P$90lHLE*$J;n$_$r%U%#%k%?%j%s%0$9$k$h$&$K$J$C$F$$$k!#$7$+$7$J(B
$B$,$i!"$3$N%9%/%j%W%H$O%f%K%3!<%I$r;HMQ$7$?967b$KBP$7$F$O!"E,@Z$J=hM}$r(B
$B9T$o$J$$$N$G$"$k!#Nc$($P!"967b<T$O(B '..' $B$K$"$?$k(B '%c0%ae%c0%ae' $B$r;HMQ(B
$B$7$F(B dot-dot-slash $B$K$h$kJ]8n$5$l$?%G%#%l%/%H%jHO0O0J30$KBP$7$F$b%"%/(B
$B%;%9$,2DG=$K$J$k967b(B (directory traversal attacks) $B$r9T$$!"%5%s%W%k%9(B
$B%/%j%W%H$N%G%#%l%/%H%j$rEp$_=P$92DG=@-$,$"$k!#(B

$B%9%/%j%W%H%3!<%I$N%=!<%9$N3+<($O!"967b<T$K=EMW$J>pJs$rDs6!$7$F$7$^$&2D(B
$BG=@-$,$"$k!#J?J8$N%G!<%?%Y!<%9$N>pJs$K$O!"$7$P$7$P%9%/%j%W%H%=!<%9%3!<(B
$B%I$,4^$^$l$F$$$k!#$5$i$K967b<T$O!"$3$NLdBj$N$"$k%=%U%H%&%'%"$,F0:n$7$F(B
$B$$$kBP>]$N%[%9%H$KBP$7$F!"%9%/%j%W%H$KB8:_$9$k2DG=@-$N$"$kB>$N$h$j?<9o(B
$B$JLdBj$rC5$7=P$9$N$KMxMQ$9$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$,!"LdBj$rJz$($F$$$k%9%/%j%W%H$,F0:n$7$F$$$k%[%9%H>e$G!"%U%!%$%k(B
$B%7%9%F%`$N%G%#%l%/%H%j9=B$$r?^<($9$k$N$KMxMQ$G$-$k$3$H$O8!>Z$5$l$F$$$k!#(B
$B%U%!%$%k$N%=!<%9%3!<%I$N1\Mw$r4k$F$?:]$K!"$3$N%9%/%j%W%H$O%U%!%$%k$d%G%#(B
$B%l%/%H%j$,B8:_$7$F$$$k$+$I$&$+$N>pJs$r%f!<%6$KBP$7$F3+<($7$F$7$^$&$N$G(B
$B$"$k!#Nc$($P!"B8:_$7$J$$%G%#%l%/%H%j$X$N%j%/%(%9%H$KBP$7$F!"(B "Path not
found" $B$,JV$5$l$k!#B8:_$7$J$$%U%!%$%k$X$N%j%/%(%9%H$KBP$7$F$O!"(B "File
not found" $B$,JV$5$l$k!#(B

48. AOL Instant Messenger Arbitrary File Creation Vulnerability
BugTraq ID: 4526
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 17 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4526
$B$^$H$a(B:

AIM $B%f!<%6$,B>$N%f!<%6$N%7%9%F%`>e$NG$0U$N>l=j$K%U%!%$%k$rJ]B8$9$k$3$H(B
$B$,$G$-$F$7$^$&LdBj$,Js9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(B 2 $B?M$N(B AIM $B%f!<%6$N4V$KD>@\E*$J%3%M%/%7%g%s$,:n@.$5$l$?(B
$B:]$K!"$3$N8=>]$,H/@8$9$k$H$$$&!#%f!<%6$K$h$C$F(B img $B%?%0$H(B data $B%?%0$r(B
$B4^$s$@%U%!%$%k$,Aw$i$l$F$/$k$H!"DL>o!"<u?.B&$N%/%i%$%"%s%H$O!"Aw?.$5$l(B
$B$?%U%!%$%k$K4XO"IU$1$i$l$?%"%$%3%s$rI=<($9$k$3$H$G(B img $B%?%0$KBP1~$7!"(B 
AIM $B%/%i%$%"%s%H$O7k2LE*$K<+F0E*$K%U%!%$%k$r<B9T$9$k!#%/%i%$%"%s%H$,<+(B
$BF0E*$K%U%!%$%k$r<B9T$9$k:]$K!"<u?.$7$?%U%!%$%k$HF1$8L>A0$G!"(BWindows $B$N(B
$B0l;~%G%#%l%/%H%j$K%U%!%$%k$,:n@.$5$l$k!#$3$N%U%!%$%k$O0l;~%G%#%l%/%H%j(B
$B$+$iD>@\FI$_9~$^$l$k!#(B

img $B%?%0$N(B SRC $B%Q%i%a%?$,(B '..\' $B$r2p$7$F!"@dBP%Q%9$GFCDj$N%G%#%l%/%H%j(B
$B$r;XDj$7$F$$$?>l9g!"%U%!%$%k$O0l;~%G%#%l%/%H%j$G$O$J$/!"A*Br$5$l$?%G%#(B
$B%l%/%H%j$K:n@.$5$l$k$N$G$"$k!#99$K!"(B img $B%?%0$N(B HEIGHT $B$H(B WIDTH $B$NCM$,!"(B
$B<u?.$7$?%/%i%$%"%s%H$K8+$($J$$$h$&$K@_Dj$9$k$3$H$G!"%U%!%$%k$,Aw?.(B
$B$5$l$F$-$?$3$H$r5$$E$+$;$J$/$9$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B7k2L$H$7$F!"%U%!%$%k$,<u?.<T$,MB$+$jCN$i$J$$G$0U$N>l=j$KJ]B8$5$l$k2DG=(B
$B@-$,$"$k!#$3$l$O!"BP>]$N%f!<%6$KBP$9$k99$J$k967b$KMxMQ$5$l$k2DG=@-$,$"(B
$B$k!#(B

49. TalentSoft Web+ WML Request Cookie Buffer Overflow Vulnerability
BugTraq ID: 4530
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 17 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4530
$B$^$H$a(B:

TalentSoft Web+ $B$O!"(BWeb $B$rMxMQ$7$?%/%i%$%"%s%H%5!<%P%"%W%j%1!<%7%g%s$r(B
$B3+H/$9$k$?$a$N4D6-$G$"$k!#(B Microsoft Windows 9x/NT/2000 $B>e$GF0:n$9$k!#(B

Web+ $B$,(BWML $B%U%!%$%k$X$N%j%/%(%9%H$H6&$K$"$kD9$5$rD6$($?%/%C%-!<$rAw?.(B
$B$9$k$3$H$G!"967b2DG=$J%P%C%U%!%*!<%P%U%m!<$,H/@8$9$kLdBj$rJz$($F$$$k!#(B

IIS 3 $B>e$G(B Web+ $B%5!<%S%9$r(B SYSTEM $B8"8B$GF0:n$5$;$F$$$k:]$K!"%j%b!<%H%f!<(B
$B%6$K$h$C$F$3$NLdBj$rJz$($F$$$k%=%U%H%&%'%"$,F0:n$7$F$$$k%[%9%H$r40A4$K(B
$B>h$C<h$i$l$k2DG=@-$,$"$k!#(B IIS 5 $B>e$G(B IWAM_* $B8"8B$GF0:n$7$F$$$k>l9g$O!"(B
$B$h$j>/$J$$1F6A$r<u$1$k$H?dB,$5$l$k$,!";DG0$J$3$H$K!"$3$N>l9g$G$bLdBj$r(B
$BJz$($F$$$k%7%9%F%`$KBP$9$k%m!<%+%k%"%/%;%9$O2DG=$G$"$k$H?d;!$5$l$k!#(B


III. SECURITYFOCUS NEWS AND COMMENTARY
------------------------------------------
1. GovNet Plans Moving Forward
$BCx<T(B: David McGuire, Newsbytes

$B%[%o%$%H%O%&%9$N%5%$%P!<%;%-%e%j%F%#$N@lLg2H$O!"0BA4$JO"K.@/I\Fb$N%M%C(B
$B%H%o!<%/9=C[$K8~$1$F<!$J$kCJ3,$r?J$s$G$$$k!#(B

http://online.securityfocus.com/news/374

2. Ashcroft, Ellison, Win 'Big Brother' Awards
$BCx<T(B: Kevin Poulsen

$BEE;R%W%i%$%P%7!<$NMJ8nGI$OKhG/91Nc$N!":#G/$G(B 12 $B2sL\$H$J$k(B Freedom and
Privacy 2002 conference $B$N%3%s%T%e!<%?It2q$G?/32GI$r;Y;}$9$k$N$G$"$k!#(B

http://online.securityfocus.com/news/373

3. National ID Plans Face Hurdles
$BCx<T(B: Ann Harrison

$BL5?t$N%+!<%IFI$_<h$jAuCV$rHNGd$9$k$3$H$G!"IT@5$J2q0w$KBP$7$F7Y2|$7!":>(B
$B5=;U$d>h$C<h$j$rKI8f$9$k$H$$$&?($l9~$_$N!"9q2H5,LO$G$N(B ID $B%+!<%I$r:n@.(B
$B$9$k7W2h$O4m81$KK~$A$F$$$k!#(B

http://online.securityfocus.com/news/371

4. FTC Chairman Pushes Net Crime Vigilance, Not New Laws
$BCx<T(B: Robert MacMillan, Newsbytes

$B%M%C%H%o!<%/>e$N%9%Q%`$NH/?.<T$d%W%i%$%P%7!<?/32<T$X$NBP:v$K$O!"O"K.<h(B
$B0z0Q0w2q$+$i$N3N8G$?$k;\9TBP:v$rI,MW$H$9$k$,!"?7$7$$K!N'@)Dj$G$O$$$/$D(B
$B$+$NLdBj$,2r7h$5$l$J$$$H9M$($i$l$kM-:aH=7h$r!"@/I\5!4X$ND941$O:#F|$=$l(B
$B$K;Y;}$r>'$($?$N$G$"$k!#(B

http://online.securityfocus.com/news/370

5. New Take On Klez Worm Spreading
$BCx<T(B: Steven Bonisteel, Newsbytes

$B%3%s%T%e!<%?%&%$%k%9$NJ,@O<T$O(B Windows $B$r2p$7$FEAGE$9$k%o!<%`$N0!<o$O!"(B
$B4{$K%$%s%?!<%M%C%H$NJ}!9$rEAGE<jCJ$H$7$F$$$k>u67$K$"$j!":#F|$G$O@5>o$J(B
$B<B9T2DG=%W%m%0%i%`$r0-0U$"$k<B9T2DG=%W%m%0%i%`$KCV$-49$($k5!G=$rHw$($F(B
$B$$$k$H8l$C$?!#(B

http://online.securityfocus.com/news/369

6. Privacy Worries, Net Activism Top Privacy Show Agenda
$BCx<T(B: Robert MacMillan, Newsbytes

$B%$%s%?!<%M%C%H>e$G$N%W%i%$%P%7!<J]8n$NCJ3,E*$JB`9T$X$N7|G0!"G=F0E*$J9T(B
$BF0$N<jCJ$H$7$F$N%$%s%?!<%M%C%H$N3hMQ$r9T$&$?$a$NK!E*$J6-3&$K$D$$$F$N7k(B
$BO@$r5a$a$k$H8@$&OCBj$O!"%5%s%U%i%s%7%9%3$G3+:E$5$l$F$$$k(B Freedom and
Privacy 2002 conference $B$N%3%s%T%e!<%?It2q$K$*$$$F!"%$%s%?!<%M%C%H>e$N(B
$B;TL1$N<+M3$K4X$9$kCDBN$r=8$o$;$k2ACM$N$"$k!":#=5:G$b=EMW$JF$5D;v9`$H$J$C(B
$B$?!#(B

http://online.securityfocus.com/news/368

IV.SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Logwatch v2.8.5
$B:n<T(B: Kirk Bauer
$B4XO"$9$k(BURL:
http://www.logwatch.org
$BF0:n4D6-(B: MPE/iX, N/A
$B$^$H$a(B:

Logwatch $B$O%7%9%F%`%m%0$r2r@O$7Js9p$7$^$9!#%+%9%?%^%$%:$7$?$j%m%04F;k%7(B
$B%9%F%`$rEk:\$5$;$?$j!"4|4V$r;XDj$9$k$3$H$G%m%0$r8!:w$7$?$j!"%+%9%?%^%$(B
$B%:$5$l$?%l%]!<%H$r:n@.$9$k$3$H$b$G$-$^$9!#KX$I$N%7%9%F%`$G%Q%C%1!<%87P(B
$BM3$GF0:n$7$^$9!#(B

2. TinyCA v0.3.0
$B:n<T(B: Stephan Martin
$B4XO"$9$k(BURL:
http://tinyca.sm-zone.net/
$BF0:n4D6-(B: Linux, OpenNMS, POSIX
$B$^$H$a(B:

TinyCA $B$O!"(B Perl/Tk $B$G=q$+$l$?>ZL@=q$r4IM}$9$k%7%s%W%k$G>.5,LO$J(B GUI
$B$G$9!#$3$l$O(B OpenCA $B%W%m%8%'%/%H$+$iDs6!$5$l$F$$$k(B Perl $B%b%8%e!<%k$H(B
OpenSSL $B$rMxMQ$7$F$$$^$9!#(BTinyCA $B$O(B x509 $B>ZL@=q$r4IM}$9$k5!G=$rDs6!$7$^(B
$B$9!#%5!<%P$G;HMQ$9$k$?$a$N(B PEM $B$d(B DER $B$H$7$F!"$^$?%/%i%$%"%s%H$G;HMQ$9(B
$B$k$?$a$N(B PKCS#12 $B!"EE;R%a!<%k%W%m%0%i%`$G;HMQ$9$k$?$a$N(B S/MIME $B>ZL@=q$J(B
$B$I$H$7$F=PNO$9$k$3$H$,2DG=$G$9!#(B

3. Castellan Sentry v0.01
$B:n<T(B: Castellan
$B4XO"$9$k(BURL:
http://www.castellangroup.com/
$BF0:n4D6-(B: N/A
$B$^$H$a(B:

Castellan Sentry $B$O(B SSH $B$X$N%m%0%$%s$r8!CN$7!"%G%9%/%H%C%W>e$K%]%C%W%"%C(B
$B%W%&%#%s%I%&$r=P$9$3$H$GCN$i$;$^$9!#$3$N%]%C%W%"%C%W$O%j%b!<%H%^%7%s$r(B
$B%V%m%C%/$7$?$j!"%m%0%$%s$rL5;k$7$?$j!"D4::$r9T$C$?$j$9$k$3$H$r2DG=$H$7(B
$B$^$9!#D4::$O!"(B nslookup $B$d(B DNS $B$N5U0z$-!"(BARIN$B!"$^$?$O(B NMAP $B$r;HMQ$7$?%7(B
$B%s%W%k$J%]!<%H%9%-%c%s$N7k2L$rJs9p$7$^$9!#%=!<%9$,%V%m%C%/$9$Y$-$+$7$J(B
$B$$$Y$-$+$rH=CG$9$k<j=u$1$H$J$j$^$9!#(B

4. Nessus v1.2.0
$B:n<T(B: Renaud Deraison, deraison@cvs.nessus.org
$B4XO"$9$k(BURL:
http://www.nessus.org/
$BF0:n4D6-(B: FreeBSD, IRIX, Linux, NetBSD, OpenBSD, Solaris
$B$^$H$a(B:

Nessus $B$O(B Linux$B!"(BBSD$B!"(BSolaris$B!"$=$NB>$N(B Unix $B$GMxMQ$G$-$k%j%b!<%H%;%-(B
$B%e%j%F%#%9%-%c%J$G$9!#$3$l$O%^%k%A%9%l%C%I$G%W%i%0%$%s%Y!<%9$GF0:n$7!"(B
$B;H$$$d$9$$(B GTK $B%$%s%?!<%U%'!<%9$r;}$A!"8=:_(B 470 $B0J>e$N%j%b!<%H%;%-%e%j(B
$B%F%#%A%'%C%/$r9T$&$3$H$,$G$-$k$b$N$G$9!#(BHTML$B!"(BLaTex$B!"(BASCII $B%F%-%9%H$G(B
$B%l%]!<%H$r:n@.$7!"%;%-%e%j%F%#>e$NLdBj$KBP$9$k$N2r7hJ}K!$rDs<($7$^$9!#(B

5. Lcrzoex v4.08
$B:n<T(B: Laurent Constantin
$B4XO"$9$k(BURL:
http://www.laurentconstantin.com/en/lcrzoex/
$BF0:n4D6-(B: FreeBSD, Linux, OpenBSD, Solaris, Windows 2000, Windows 95/98,
Windows NT, Windows XP
$B$^$H$a(B:

Lcrzoex $B$O%M%C%H%o!<%/4IM}<T$d%M%C%H%o!<%/%O%C%+!<$N$?$a$N%D!<%k%\%C%/(B
$B%9$G$9!#(B Lcrzoex $B$O(B lcrzo $B%M%C%H%o!<%/%i%$%V%i%j$rMxMQ$7$?(B 300 $B$b$N5!(B
$BG=$r4^$s$G$$$^$9!#3F!9$rC1BN$G%3%s%Q%$%k$7!"MxMQ<T$NI,MW$K1~$8$F=$@5$9(B
$B$k$3$H$,$G$-$^$9!#(B

Lcrzoex $B$O<!$N5!G=$,MxMQ2DG=$G$9!#(B
- $B%3%s%T%e!<%?$N%$!<%5%M%C%H%"%I%l%9$NH/8+(B (2,3,134 $B$J$I(B)
- LAN $B>e$G2?$,5/$-$F$$$k$+$r8!=P$9$k$?$a$NEpD05!G=(B (7,8,9 $B$J$I(B)
- $B@5>oF0:n$7$F$$$J$$%M%C%H%o!<%/%W%m%0%i%`$K$h$C$F@8@.$5$l$?%A%'%C%/%5(B
$B%`$N8!::(B (16,17,18 $B$J$I(B)
- $B%;%C%7%g%s$rK5<u$7!"9T$$$?$$%"%W%j%1!<%7%g%s$N87L)$J%F%9%H$r2?EY$b9T(B
$B$&5!G=(B (10,11,12,22 $B$J$I(B)
- $B%3%s%T%e!<%?$,%7%c%C%H%@%&%s$5$l$F$$$?$H$7$F$b!"%k!<%?$,E,@Z$K@_Dj$5(B
$B$l$F$$$k$+$r3NG'$9$k5!G=(B (48,$B!D(B,53 $B$J$I(B)
- $B%k!<%?!"%U%!%$%d%&%)!<%k!"%3%s%T%e!<%?$,%V%m%C%/$5$l$F$$$k$+$N%F%9%H(B
- IP $B%W%m%H%3%k(B (19,$B!D(B,34 $B$J$I(B)
- IP $B%*%W%7%g%s(B (29,$B!D(B,34,73,$B!D(B,79 $B$J$I(B)
- $B%=!<%9%k!<%F%#%s%0(B (45,56,59,62 $B$J$I(B)
- IP $B%U%i%0%a%s%H(B (44,55,58,61,72 $B$J$I(B)
- TCP $B%*%W%7%g%s%:(B (48,$B!D(B,53 $B$J$I(B)
- ICMP $B%?%$%W(B (65,$B!D(B,70 $B$J$I(B)
- ARP $B$N>qMp(B (80,81,82,83 $B$J$I(B)
- $BFCJL$J%m!<%+%k%]!<%H$rMQ$$$F:n@.$5$l$?(B tcp/udp $B%/%i%$%"%s%H(B
(85,89,86,93,97 $B$J$I(B)
- $BHV9f4V$N@Z$jBX$((B (139,148 $B$J$I(B)
- $B$=$NB>(B

6. Firewall by Jim v0.28
$B:n<T(B: Jim Gifford
$B4XO"$9$k(BURL:
http://www.jg555.com/firewall
$BF0:n4D6-(B: N/A
$B$^$H$a(B:

$B$3$l$O%U%!%$%d%&%)!<%k$G!"%f!<%6$r%V%m%C%/$9$k$N$K(B tcp_wrappers $B$N>pJs(B
$B$rMxMQ$7$^$9!#@_Dj$rMF0W$K$9$k$?$a$K!"J,3d$7$?%U%!%$%k$r;HMQ$7$^$9!#(B
LAN $BFb$N(B eth1 $B$H%$%s%?!<%M%C%H$N(B eth0 $B$r2p$7$FF0:n$9$k$h$&$K@_7W$5$l$F(B
$B$$$^$9!#(B
--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$BF#K\6)<y(B(FUJIMOTO Masaki)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1020170414-6996390
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIISGgYJKoZIhvcNAQcCoIISCzCCEgcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DzwwggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggU2MIIEn6ADAgECAhBYKwlOQWIg2t9s9Ul6
I3xqMA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMjA0MDEwMDAw
MDBaFw0wMzA0MDEyMzU5NTlaMIIBIzELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTYxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEXMBUGA1UEAxMOU0FL
QUkgWW9yaXl1a2kxHjAcBgkqhkiG9w0BCQEWD3Nha2FpQGxhYy5jby5qcDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANEwVujTRrltaiSI2DFkPlw5L6WWWeOOy9z0HqaPXf2d
JYfoGHqbpq5MVCkBUSOHSY1Tpi/RdziqxhIYzXvzsb0wC1V0RNzvLf8zXtk6IjTmHttX0QDx
AvoxfmehZ1vCOgQcdBbG2FajnYo7MOewxLrmHLCv0Gitqsi2IS3Eaxv7v5Pzobu82BzUMBl6
9XypVXIEQHTG6s34ji0LbDOO/F5JqTuG5QhQmQyNnJyhNU4/BYu3e1KgK9c0gnIArQAroRqP
/0HXU7Ueu/HAUXnrt7+YqzL5CZ/6m11gCLblzFs2+6XieQsekFSjxquSQjl88C3CwgRoaNkx
01rqqYzBJ8ECAwEAAaOCAVAwggFMMAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZI
AYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMw
YgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBp
bmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMAsGA1UdDwQE
AwIFoDARBglghkgBhvhCAQEEBAMCB4AwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL29uc2l0
ZWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25KYXBhbktLVmVyaVNpZ25DbGFzczFDQUluZGl2
aWR1YWxTdWJzY3JpYmVyL0xhdGVzdENSTC5jcmwwDQYJKoZIhvcNAQEEBQADgYEALL1YFoVc
MyuHCFTkhPlz/3XIGtchllMRc+zha0qmA5wxbtgJT7hEl7IRrocWCSfweW4/KGZDQDMZM9wR
NRX19b4UTs2/opkQtX3eX4qNjUNnGdMjLTGTXzFqlph9b4ZYPvY5Xq+VQjpLBkqn2RQhdTLH
+BXc51LdzrtGw8H7s+4xggKmMIICogIBATCByjCBtTEcMBoGA1UEChMTVmVyaVNpZ24gSmFw
YW4gSy5LLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE+MDwGA1UECxM1VGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvLmpwL1JQQSAoYykgOTgxNDAy
BgNVBAMTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEFgr
CU5BYiDa32z1SXojfGowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0wMjA0MzAxMjQwMDBaMCMGCSqGSIb3DQEJBDEWBBRbxpbMc1P6
lvvFtMTFC1geTqLhoTBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQBLSUNAL4Wth0uJ1BDeS0amhZ8cykRr4cHbrSw676hV4/kGjgdL5WCwFqHF42Eq
WtSAMIArPbyWl33HNjRg/CHi/78Lsgb2g26PCsgjTCTdsexo5LU0Ivl/+XYwqct16c47Nq8Y
b1A9amWWhSsUZIX0x6HaCjfwapvrJo1NM9+mR452olSCHDe5vNcxwfviRozRQl94ne00q2X5
fRnW5oIy3d8Z4LjFtBYgomHzK84qYBSaQPkBeYKanF5vgitWAUj0y2of9pXdc6eux0iftOIk
DTYPgqe5aHsCZdBnT+SdREvL+q8P3IBpOFQ4nhnxa65FHvVIkcv61Nzg44A/zhmK

-----------1020170414-6996390--