Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #143 2002-4-29->2002-5-3
From: SAKAI Yoriyuki <sakai@lac.co.jp>
References: <Pine.LNX.4.43.0205061341180.12796-100000@mail.securityfocus.com>
In-Reply-To: <Pine.LNX.4.43.0205061341180.12796-100000@mail.securityfocus.com>
Message-Id: <200205132216.DGB97201.LBJTB@lac.co.jp>
Date: Mon, 13 May 2002 22:16:36 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=sha1; Boundary="---------1021295794-8111814"

-----------1021295794-8111814
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 143 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus.com Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B)
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus.com $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (sakai@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 6 May 2002 13:44:03 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0205061341180.12796-100000@mail.securityfocus.com>


SecurityFocus Newsletter #143
-----------------------------

This Issue is Sponsored by: Tumbleweed Communications

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. VBA Emulation: A Viable Method of Macro Virus Detection? Part Two
     2. Restricting UNIX Users
     3. No Stone Unturned, Part Three
     4. IDS Evasion Techniques and Tactics
II. BUGTRAQ SUMMARY
     1. Nullsoft Winamp Minibrowser ID3v2 Buffer Overflow Vulnerability
     2. Intel D845 Motherboard BIOS Series Arbitrary Boot Media...
     3. PHP-Survey Global.INC Information Disclosure Vulnerability
     4. Qualcomm QPopper Bulletin Name Buffer Overflow Vulnerability
     5. SAP R/3 with Oracle Unauthorized Data Access Vulnerability
     6. DNSTools Authentication Bypass Vulnerability
     7. Blahz-DNS Direct Script Call Authentication Bypass Vulnerability
     8. ATGuard Personal Firewall Outgoing Connection Restriction...
     9. PhpWebGallery Cookie Manipulation Account Compromise Vulnerability
     10. Livre Dor' Information Disclosure Vulnerability
     11. 0wn f0rum Script Injection Vulnerability
     12. Solaris admintool Local Buffer Overflow Vulnerability
     13. Solaris cachefsd Buffer Overrun Vulnerability
     14. Solaris cachefsd Denial of Service Vulnerability
     15. CIDER Shadow Analyzer Remote Command Execution Vulnerability
     16. Solaris AdminTool Media Installation Path Buffer Overflow...
     17. Solaris LBXProxy Display Name Buffer Overflow Vulnerability
     18. CDE DTPrintInfo Help Volume Search Buffer Overflow Vulnerability
     19. AutoLog IP Spoofing Vulnerability
     20. Messagerie Arbitrary User Removal DoS Vulnerability
     21. 3Com 3CDaemon Buffer Overflow Vulnerability
     22. Mozilla / Netscape 6 XMLHttpRequest File Disclosure Vulnerability
     23. Recherche Cross-Site Scripting Vulnerability
     24. Messagerie Remote File Include Vulnerability
     25. Sun Solaris RWall Daemon Syslog Format String Vulnerability
     26. Kv Guestbook Cross-Site Scripting Vulnerability
     27. Netscape/Mozilla IRC Buffer Overflow Vulnerability
     28. SGI IRIX CPR Buffer Overflow Vulnerability
     29. Netscape/Mozilla/Galeon Local File Detection Vulnerability
     30. BEA Systems WebLogic Server URL Parsing Path Disclosure...
     31. BEA Systems WebLogic Server Null Character DOS Device Denial...
     32. BEA Systems WebLogic Server URL Parsing Source Code...
     33. ISS RealSecure DHCP Signature Remote Denial Of Service...
     34. SGI Irix Insecure IPFilter Device Permissions Vulnerability
     35. Paul L Daniels alterMIME Denial of Service Vulnerability
     36. MyGuestbook Script Injection Vulnerability
     37. HP MPE/iX FTPSRVR Arbitrary Shell Command Execution Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Melissa virus author jailed for 20 months
     2. Hackers Continue 'Early Warning' Attacks On U.S. Web Sites
     3. WinAmp's 'malicious MP3' vuln
     4. New Stealth Attack Found Against Personal Firewalls
IV.SECURITYFOCUS TOP 6 TOOLS
     1. Astaro Security Linux (ASL) v3.052(beta)
     2. pam_hbci v1.0a
     3. Linux Security Auditing Tool v0.5.0
     4. Secure FTP Wrapper v2.1.1
     5. Gringotts v0.4.4
     6. Port Scan Attack Detector (psad) v0.9.8

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Nullsoft Winamp Minibrowser ID3v2 Buffer Overflow Vulnerability
BugTraq ID: 4609
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 26 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4609
$B$^$H$a(B:

Nullsoft Winamp $B$O(B MP3 $B$d$=$NB>$N%U%!%$%k$KBP1~$9$k!"(BMicrosoft Windows $B$G(B
$BF0:n$9$k%a%G%#%"%W%l%$%d!<$G$"$k!#(B

ID3v2 $B$O2;@<7A<0$N%U%!%$%kFb$K!"4XO"$9$k>pJs$r4^$^$;$i$l$k$h$&$K$G$-$k(B
$B%?%0IU$1$NBN7O$G$"$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B Winamp $B$K$O(B ID3v2 $B%?%0$N=hM}Cf$K%9%?%C%/%*!<%P!<(B
$B%U%m!<$r0z$-5/$3$5$l$kLdBj$,B8:_$9$k!#(B

$B%f!<%6$,(B ID3v2 $B%?%0$N%?%$%H%k%U%#!<%k%I$rG$0U$NJ8;zNs$G2~JQ$7$?>l9g!"$=(B
$B$l$,(B Winamp $B$G=hM}$5$l$k:]$K%*!<%P!<%U%m!<$,@8$8$k$N$G$"$k!#(B

$B$3$NLdBj$O(B minibrowser $B$,M-8z2=$5$l$F$$$k>l9g$K$N$_Js9p$5$l$F$$$k!#(B
$B$3$N%=%U%H%&%'%"$N@_7W$G$O!"Ev3:$N2;@<%U%!%$%k$K4X$9$kDI2C>pJs$rF~<j$9(B
$B$k$?$a$K!"$3$N%=%U%H%&%'%"$O(B Winamp $B$N(B Web $B%5%$%H$X$N@\B3$r=`Hw$9$k!#$3(B
$B$N:](B Winamp $B$O%U%!%$%kFb$N(B ID3v2 $B%?%0$+$i$N%G!<%?$r4^$`(B URL $B$rAH$_N)$F(B
$B$k!#$3$N(B URL $B$,0lEY:n@.$5$l$k$H!"%?%$%H%k%U%#!<%k%IFb$ND9$$%G!<%?$,LdBj(B
$B$N1F6A$r<u$1$k%P%C%U%!$r$"$U$l$5$;$k$N$G$"$k!#(B

$B$3$N%P%C%U%!%*!<%P!<%U%m!<$K$h$j!"%j%?!<%s%"%I%l%9$r4^$`%9%?%C%/Fb$NCM(B
$B$,>e=q$-2DG=$G$"$k!#$^$?!"$3$l$OG$0U$N%3!<%I$N<B9T$KMxMQ2DG=$G$"$k!#$7(B
$B$+$7!"%i%s%@%`$J%G!<%?$rM?$($k$@$1$G$O$3$N%=%U%H%&%'%"$r%/%i%C%7%e$5$;(B
$B$k$3$H$N$_$,2DG=$G$"$k!#(B

$B$3$NLdBj$O%P!<%8%g%s(B 2.79 $B$K$*$$$F8!>Z$5$l!"$3$l0JA0$N%P!<%8%g%s$bF1MM(B
$B$NLdBj$rJz$($F$$$k2DG=@-$,$"$kE@$K$D$$$F$ON10U$5$l$k$Y$-$G$"$k!#(B

2. Intel D845 Motherboard BIOS Series Arbitrary Boot Media Vulnerability
BugTraq ID: 4610
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 26 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4610
$B$^$H$a(B:

D845 $B%7%j!<%:$N%^%6!<%\!<%I$O(B Intel $B$K$h$k@=IJ$G$"$k!#(B
$B$3$l$i@=IJ$O(B Pentium 4 $B%W%m%;%C%5$r%5%]!<%H$9$k$h$&$K@_7W$5$l$F$$$k!#(B

$BFCDj$N>u672<$K$*$$$F!"%m!<%+%k%f!<%6$O%3%s%T%e!<%?$N5/F0MQ$NG^BN$rJQ99(B
$B2DG=$K$J$k$H?d;!$5$l$k!#$3$NLdBj$OFCJL$J%-!<$NAH$_9g$o$;$G@8$8$k!#(B

D845 $B%7%j!<%:$N%^%6!<%\!<%I$rMxMQ$9$k%3%s%T%e!<%?$,5/F0$9$k:]!"Nc$((B BIOS
$B$KBP$7$F%Q%9%o!<%I$,@_Dj$5$l$F$$$k>l9g$K$*$$$F$b!"5/F0=hM}$r5/F0MQG^BN(B
$B$NJQ99$r9T$&$?$a$KCfCG$9$k$3$H$,2DG=$G$"$k!#(BF8 $B%-!<$rEjF~$9$k$3$H$K$h$j!"(B
D845 $B%7%j!<%:$N%^%6!<%\!<%I$GDs6!$5$l$F$$$k(B BIOS $B$O%3%s%=!<%k$G%a%K%e!<(B
$B$rI=<($7$F$7$^$&!#$3$N%a%K%e!<$K$*$$$F!"%f!<%6$OEv3:%3%s%T%e!<%?$,K\Mh(B
$B5/F0G^BN$H$7$FA*Br$9$k$Y$-%G%U%)%k%H$NG^BN$H0[$J$kG^BN$r;XDj2DG=$J$N$G(B
$B$"$k!#(BBIOS $B$K@_Dj$5$l$F$$$k$$$+$J$k%Q%9%o!<%I$O!"$3$N=hM}$r9T$&$3$H$K$h(B
$B$j1*2s$5$l$k!#(B

$B$3$NLdBj$K$h$j%m!<%+%k$N;q8;$K%"%/%;%92DG=$J%f!<%6$O5/F0MQG^BN$N@_Dj$r(B
$B2~JQ2DG=$K$J$k!#IU$12C$($k$J$i$P$3$N<o$N%f!<%6$OEv3:%3%s%T%e!<%?$X?75,(B
$B$K(B OS $B$d%=%U%H%&%'%"$r%$%s%9%H!<%k$r9T$$!"$^$?!"$=$NB>$N9T0Y$r4k$F$k$3(B
$B$H$,2DG=$G$"$k$H?d;!$5$l$k!#Js9p$K$h$k$H!"$3$NLdBj$O7?HV(B D845HV $B$H(B D845WN
$B$N%^%6!<%\!<%I$K1F6A$r5Z$\$9!#(B

3. PHP-Survey Global.INC Information Disclosure Vulnerability
BugTraq ID: 4612
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 26 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4612
$B$^$H$a(B:

PHP-Survey $B$O(B Web $B$r2p$9$kD4::5!G=$rDs6!$9$k%(%s%8%s%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l!"MM!9$J(B UNIX $B$d(B Linux $B$G(B
$B2TF0$9$k!#$3$N%=%U%H%&%'%"$O(B MySQL $B$r%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$FMxMQ(B
$B$7$F$$$k!#(B

PHP-Survey $B$O!"%m!<%+%k%[%9%H$NL>>N!"%G!<%?%Y!<%9MQ$N8"8B!"D4:::n6H$N4I(B
$BM}<TMQ8"8B$J$I$N@_DjMQ>pJs$r4^$s$G$$$k!"(Bglobal.inc $B$H8@$&L>>N$N%9%/%j%W(B
$B%H$r4^$s$GDs6!$5$l$F$$$k!#$3$N%U%!%$%k$O(B HTTP $B7PM3$G%j%/%(%9%H$,M?$($i(B
$B$l$k:]$K$O(B PHP $B$N%9%/%j%W%H$H$7$F$O2r<a$5$l$J$$$?$a!"%j%b!<%H$N967b<T$O(B
global.inc $B$K4^$^$l$k=EMW$J>pJs$X$N%"%/%;%98"8B$rF@$i$l$k$N$G$"$k!#(B

4. Qualcomm QPopper Bulletin Name Buffer Overflow Vulnerability
BugTraq ID: 4614
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 28 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4614
$B$^$H$a(B:

qpopper $B$O(B Qualcomm $B$h$j%U%j!<$G8x3+$5$l!"%*!<%W%s%=!<%9$N%=%U%H%&%'%"(B
$B%Q%C%1!<%8$H$7$FG[I[$5$l$F$$$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$OMM!9(B
$B$J(B OS $B$GMxMQ$G$-$k$h$&$K@_7W$5$l$F$$$k$,!"$3$NLdBj$O(B UNIX $B5Z$S(B Linux $B4D(B
$B6-$GF0:n$9$k%P!<%8%g%s$K1F6A$r5Z$\$9!#(B

$B$3$N%=%U%H%&%'%"$K$O%m!<%+%k%f!<%6$,%3!<%I$r<B9T2DG=$JLdBj$,B8:_$9$k!#(B
$B$3$NLdBj$O(B bulletin $B>pJs$N<h$j07$$ItJ,$KM3Mh$9$k!#(B

qpopper $B$O$$$/$D$+$N%G!<%?<o$K4F;k!"==J,$J6-3&%A%'%C%/$r9T$C$F$$$J$$!#(B
$B%f!<%6$,D9$$L>A0$N(B bulletin (256$B%P%$%H$h$jBg$-$/(B)$B$r@_Dj$7$?>l9g!"%P%C(B
$B%U%!%*!<%P!<%U%m!<$,@8$8$k!#$3$NLdBj$N7k2L!"%9%?%C%/Fb$N%j%?!<%s%"%I%l(B
$B%9$r4^$`!"%W%m%;%9$K3d$jEv$F$i$l$?%a%b%j$N>e=q$-$r>7$-!"%3!<%I$r<B9T$9(B
$B$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$K$h$j%m!<%+%k%f!<%6$OG$0U$N%3%^%s%I$r(B qpopper $B$N<B9T8"8B$G<B9T(B
$B2DG=$G$"$k!#E57?E*$K$O!"(Bqpopper $B$N%W%m%;%9$O7k2L$H$7$F(B root $B8"8B$G$N%3!<(B
$B%I$N<B9T$,2DG=$K$J$k!"(Broot $B8"8B$G<B9T$,3+;O$5$l$F$$$k!#(B

$B3F%f!<%6$N(B .qpopper-options $B%U%!%$%k$NFbMF$r=hM}$7$J$$(B qpopper $B%G!<%b%s(B
$B$X$O!"$3$NLdBj$O1F6A$7$J$$E@$K$D$$$F$ON10U$5$l$k$Y$-$G$"$k!#(B

5. SAP R/3 with Oracle Unauthorized Data Access Vulnerability
BugTraq ID: 4613
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 27 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4613
$B$^$H$a(B:

SAP R/3 $B$N%G%U%)%k%H%$%s%9%H!<%k>uBV$K$O!"G'>Z$r9T$C$F$$$J$$%f!<%6$,(B
SAP R/3 $BFb$N%G!<%?$X$N6<0R$r>7$/$3$H$,2DG=$JLdBj$,Js9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(BSAP R/3 $B$O%f!<%6$N%Q!<%_%C%7%g%s$N3NG'=hM}$r<:GT$9$k!#$3(B
$B$N$?$a!"(BOracle $B%j%9%J!<$X@\B3$9$k$3$H$K$h$j!"$$$+$J$k%f!<%6$G$"$C$F$b(B
SAP $B%G!<%?$NFI$_=P$7!"=q$-9~$_!"2~JQ$,2DG=$G$"$k!#$3$NLdBj$rMxMQ$9$k96(B
$B7b$r9T$&$?$a$K$O!"(BSystem ID (SID) $B$K4X$9$kCN<1$,I,MW$G$"$k!#(B

$B$3$NLdBj$O$$$/$D$+$N%G!<%?%Y!<%9>e$GF0:n$9$k(B Oracle, SAP R/3 $B$K$*$$$F$N(B
$B$_8!>Z$5$l$F$$$kE@$ON10U$9$Y$-$G$"$k!#$3$N$?$a!"B>$N<BAu$K$*$$$F$b$3$N(B
$BLdBj$N1F6A$,5Z$V2DG=@-$,$"$k!#(B

6. DNSTools Authentication Bypass Vulnerability
BugTraq ID: 4617
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 28 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4617
$B$^$H$a(B:

DNSTools $B$O(B DNS $B>pJs$r(B Web $B$r2p$7$F4IM}$r9T$&$?$a$N%D!<%k$G$"$k!#$3$N(B
$B%=%U%H%&%'%"$O(B PHP $B8@8l$rMxMQ$7$F<BAu$5$l!"(BLinux $B$H(B Solaris $B$K$*$$$FMx(B
$BMQ2DG=$G$"$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B DNSTools $B$K$O%j%b!<%H$N$$$+$J$k967b<T$G$"$C$F$b(B
$B4IM}<T8"8B$rC%<h2DG=$G$"$k$H$NLdBj$,Js9p$5$l$F$$$k!#(B

$B%"%/%;%98"8B$NBEEv@-$OJQ?t(B user_logged_in $B$H(B user_dnstools_administrator
$B$NCM$rMxMQ$7$F@)8f$5$l$F$$$k!#Js9p$K$h$k$H!"$3$l$iCM$OE,@Z$K=i4|2=$5$l(B
$B$F$$$J$$$?$a!"967b<T$OG$0U$NCM$r<($9$h$&$K!"9*L/$K(B URL $B$rAH$_N)$F$k$3$H(B
$B$,2DG=$J$N$G$"$k!#$3$NLdBj$K$h$j967b<T$O%"%/%;%9%3%s%H%m!<%k5!9=$r2sHr(B
$B2DG=$G$"$j!"7k2L$H$7$F$3$N%=%U%H%&%'%"$N4IM}MQ8"8B$X%"%/%;%92DG=$G$"$k!#(B

$B4IM}MQ8"8B$X$N%"%/%;%9$,2DG=$K$J$k$3$H$K$h$j!"967b<T$O%[%9%HL>!"(BDNS $B%5!<(B
$B%P!"%I%a%$%s>pJs$r<+:_$K2~JQ$9$k$3$H$,2DG=$K$J$k!#(B

DNSTools $B$N$h$j=i4|$N%P!<%8%g%s$b$3$NLdBj$rJz$($F$$$k2DG=@-$,$"$k$,!"(B
$B$7$+$7!"$3$l$K$D$$$F$OL$8!>Z$G$"$k!#(B

7. Blahz-DNS Direct Script Call Authentication Bypass Vulnerability
BugTraq ID: 4618
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 28 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4618
$B$^$H$a(B:

Blahz-DNS $B$O(B DNS $B>pJs$r(B Web $B$r2p$7$F4IM}$r9T$&$?$a$N%D!<%k$G$"$k!#$3$N(B
$B%=%U%H%&%'%"$O(B PHP $B8@8l$rMxMQ$7$F<BAu$5$l!"(BLinux $B$K$*$$$FMxMQ2DG=$G$"$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B Blahz-DNS $B$K$O%j%b!<%H$N$$$+$J$k967b<T$G$"$C$F$b(B
$B4IM}MQ8"8B$rC%<h2DG=$G$"$kLdBj$,H/8+$5$l$F$$$k!#%m%0%$%sMQ%Z!<%8$r2p$7!"(B
$B%9%/%j%W%H$X%"%/%;%9$9$k$?$a$NG'>Z$,5a$a$i$l$F$$$k:]!"$5$i$J$kBEEv@-$N(B
$B3NG'$O9T$o$l$F$$$J$$$N$G$"$k!#$3$N$?$a967b<T$OIU?o$9$k%9%/%j%W%H$rD>@\(B
$B8F$S=P$7!"G'>ZMQ5!9=$r40A4$K2sHr$9$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$K$h$j!"$$$+$J$k967b<T$G$"$C$F$b(B Blahz-DNS $B$X$N4IM}MQ8"8BA4$F$r(B
$BF~<j2DG=$K$J$k2DG=@-$,$"$k!#(B

8. ATGuard Personal Firewall Outgoing Connection Restriction Bypass Vulnerability
BugTraq ID: 4620
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4620
$B$^$H$a(B:

ATGuard Personal Firewall $B$KLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"%f!<%6(B
$B$O(B ATGuard $B$K$h$k%;%-%e%j%F%#@)8B$r2sHr2DG=$G$"$k!#(BATGuard $B$K$OG'>Z:Q$_(B
$B$N%"%W%j%1!<%7%g%s$N$_$K(B outbound $BJ}8~$N%3%M%/%7%g%s$r@)8B2DG=$J5!G=$,(B
$BHw$o$C$F$$$k!#%f!<%6$O$3$N@)8B@_Dj$r2sHr$7!"G$0U$N%W%m%0%i%`$G%$%s%?!<(B
$B%M%C%H$X$N%"%/%;%9$,2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O!"(BWeb $B5!G=$rHw$($F$$$k@)8BBP>]$N%W%m%0%i%`L>$r(B
$BG'>Z:Q$_$N%W%m%0%i%`$NL>>N$KIU$1BX$($k$3$H$G4k$F$i$l$k!#(B

$BNc$($P!"(Bicq.exe $B$,@)8BBP>]$N%"%W%j%1!<%7%g%s$G$"$j!"(Biexplore.exe $B$,G'>Z(B
$B:Q$_$N%"%W%j%1!<%7%g%s$G$"$k>l9g!"(BATGuard $B$O(B icq.exe $B$r(B iexplor.exe $B$K(B
$BL>>N$rIU$1BX$($k$3$H$K$h$j!"(Bicq.exe $B$NMxMQ@)8B$,E1GQ$5$l$k$h$&$K;E8~$1(B
$B$k$3$H$,2DG=$J$N$G$"$k!#(B

$B$3$NLdBj$O@)8BBP>]$N%"%W%j%1!<%7%g%s$+$I$&$+$N3NG'$,==J,$G$O$J$$7k2L$G(B
$B$"$k!#(B

ATGuard Firewall $B$O(B Symantec $B$K$h$C$FGc<}$5$l$F$*$j!"$3$N@=IJ$N%5%]!<%H(B
$B$O4{$KDs6!$5$l$F$$$J$$2DG=@-$,$"$kE@$K$D$$$F$ON10U$9$Y$-$G$"$k!#(B

9. PhpWebGallery Cookie Manipulation Account Compromise Vulnerability
BugTraq ID: 4622
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 27 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4622
$B$^$H$a(B:

PhpWebGallery $B$O2hA|$N<}=8$*$h$SE8<(5!G=$NDs6!$r2DG=$K$9$k(B Web $B%"%W%j%1!<(B
$B%7%g%s$G$"$j!"(BPierrick Le Gall $B$K$h$C$FJ]<i$5$l$F$$$k!#(B

PhpWebGallery $B$O%/%C%-!<MxMQ$9$kG'>Z5!G=$rMxMQ$7$F$$$k!#%f!<%6$K%/%C%-!<(B
$B$,M?$($i$l$k:]!"%/%C%-!<$OJ?J8$G5-O?$5$l$k!#$3$N$?$a0-0U$"$k%f!<%6$O%/%C(B
$B%-!<Fb$NCM$r2~JQ2DG=$G$"$j!"4IM}MQ%"%+%&%s%H$r4^$`!"$3$N%5!<%S%9$NG$0U(B
$B$N%f!<%68"8B$GG'>Z2DG=$G$"$k!#(B

$B4IM}MQ8"8B$N>h$C<h$j$,@.8y$7$?>l9g!"0-0U$"$k%f!<%6$K$h$k4IM}MQ5!G=$X$N(B
$B%"%/%;%9$,9T$o$l$k7k2L$H$J$k!#(B

10. Livre Dor' Information Disclosure Vulnerability
BugTraq ID: 4629
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 27 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4629
$B$^$H$a(B:

Livre Dor $B$O>pJs$r3+<($7$F$7$^$$!"%j%b!<%H%f!<%6$,=EMW$J%[%9%HFb$N>pJs(B
$B$rF~<j2DG=$K$J$C$F$7$^$&LdBj$rJz$($F$$$k5?$$$,$"$k!#(B

$BJs9p$K$h$k$H!"(Bconfig.inc $B$H(B connexion.inc $B$O$$$:$l$b$I$N%f!<%68"8B$+$i(B
$B$bFI$_=P$72DG=$G$"$j!"$$$:$l$bHs>o$K=EMW$J%G!<%?$r3JG<$7$F$$$k!#$3$l$i(B
$B%U%!%$%k$KBP$7$F(B HTTP $B%j%/%(%9%H$r9T$&$3$H$K$h$j!"$$$:$l$+$N%U%!%$%kFb(B
$B$K4^$^$l$k>pJs$rC%<h$9$k$3$H$,2DG=$G$"$k!#(B

config.inc $B$K$O%G!<%?%Y!<%9L>!"4IM}<T8~$1$NG'>ZMQ>pJs$,J?J8$G3JG<$5$l$F(B
$B$$$k!#(Bconnexion.inc $B$K$O%G!<%?%Y!<%9L>!"%f!<%6G'>ZMQ>pJs$,!"$3$l$i$K$D(B
$B$$$F$bJ?J8$G3JG<$5$l$F$$$k!#(B

$B$$$:$l$+$N%U%!%$%k$K3JG<$5$l$F$$$k>pJs$rF~<j$9$k$3$H$K$h$j!"%"%+%&%s%H(B
$B$X$N%;%-%e%j%F%#>e$N6<0R$r>7$/$3$H$K$J$j!"967b<T$K$h$k967bBP>]$N%3%s%T%e!<(B
$B%?$KBP$9$k$5$i$J$k967b$NJd=u<jCJ$H$J$k2DG=@-$,$"$k!#(B

11. 0wn f0rum Script Injection Vulnerability
BugTraq ID: 4626
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 27 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4626
$B$^$H$a(B:

0wn f0rum $B$O(B ServicesWeb $B$K$h$jJ]<i$5$l$F$$$k!"(BWeb $B$rMxMQ$9$kEE;R7G<(HD(B
$B5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

0wn f0rum $B$K$O%9%/%j%W%H$rCmF~2DG=$JLdBj$,H/8+$5$l$F$$$k!#(B0wn f0rum $B$O(B
$B==J,$K%9%/%j%W%H$H$7$F2r<a$5$l$kFbMF$,=|5n$5$l$F$$$J$$!"%f!<%6$,M?$($?(B
$BCM$r4^$`(B HTML $B%3%s%F%s%D$r:n@.$9$k!#Ej9FFbMF$NBjL>$HK\J8$X%9%/%j%W%H$N(B
$BCmF~$,2DG=$G$"$k$3$H$,4{$K8xI=$5$l$F$$$k!#(B

$BCmF~$5$l$?%9%/%j%W%H$O(B 0wn f0rum $B$r2TF0$5$;$F$$$k(B Web $B%5%$%H$N%3%s%F%s(B
$B%D$HF13J$N8"8B$G<B9T$5$l!"Ej9F<T$H$7$F!"%3%s%F%s%D$NEj9F$d:o=|$r4^$`0U(B
$B?^E*$J9T0Y$r9T$&$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#G'>Z$r9T$&$?$a$K$O%/%C%-!<(B
$B$,MxMQ$5$l$F$$$k$H$N>pJs$,8xI=$5$l$F$$$k$?$a!"$3$NLdBj$rMxMQ$9$k967b$K(B
$B$h$j!"$3$NLdBj$O%"%+%&%s%H$X$N6<0R$H$J$k2DG=@-$,$"$k!#(B

12. Solaris admintool Local Buffer Overflow Vulnerability
BugTraq ID: 4624
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4624
$B$^$H$a(B:

Solaris $B$N(B admintool $B$O%f!<%6$X(B GUI $B$r2p$7$FMM!9$J%7%9%F%`4IM}MQ:n6H$r(B
$B2DG=$K$9$k%f!<%F%#%j%F%#$G$"$k!#(B

admintool $B$N<B9T%U%!%$%k$K$O%m!<%+%k%f!<%6$,$h$j>:3J$7$?8"8B$rC%<h2DG=(B
$B$K$J$k2DG=@-$,$"$k!"%P%C%U%!%*!<%P!<%U%m!<$NLdBj$,B8:_$9$k!#(Badmintool
$B$O%G%U%)%k%H%$%s%9%H!<%k>uBV$G!"$$$+$J$k%f!<%6$G$"$C$F$b<B9T2DG=$G$"$j!"(B
suid root $B$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N>uBV$O%W%m%0%i%`$XHs>o$KD9$$%3%^%s%I%i%$%s%Q%i%a!<%?(B
$B$r0z$-EO$9$+!"(Badmintool $B$K$h$C$FMxMQ$5$l$k(B .cdtoc $B@_Dj%U%!%$%kFb$N(B PRODVERS
$BJQ?t$XHs>o$KD9$$CM$r@_Dj$9$k$3$H$K$h$j967b$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

13. Solaris cachefsd Buffer Overrun Vulnerability
BugTraq ID: 4631
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4631
$B$^$H$a(B:

Cache File System $B$O(B Sun $B$K$h$C$F3+H/$5$l$?!"(BNFS $B$N%Q%U%)!<%^%s%9$H%9%1!<(B
$B%i%S%j%F%#$r2~A1$9$k$?$a$N!"%U%!%$%k%7%9%F%`$N%-%c%C%7%e5!9=$G$"$k!#$3(B
$B$N5!G=$O%G%U%)%k%H>uBV$N(B Solaris $B$KF1:-$5$l$F$$$k!#(B

cachefsd $B$K$O%m!<%+%k$N967b<T$,(B root $B8"8B$rC%<h2DG=$J%P%C%U%!%*!<%P!<%U(B
$B%m!<$,B8:_$9$k!#$3$NLdBj$O%f!<%6$,;XDj$9$k%^%&%s%H%]%$%s%H$KBP$9$k6-3&(B
$B%A%'%C%/$,==J,$K9T$o$l$F$$$J$$$?$a$K@8$8$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"(BOS $B$=$N$b$N$X$N6<0R$r>7$/7k2L$H$J(B
$B$k!#(B

$B$5$i$J$k5;=QE*$J>\:Y>pJs$K$D$$$F$O<}=8Cf$G$"$k!#(B

14. Solaris cachefsd Denial of Service Vulnerability
BugTraq ID: 4634
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4634
$B$^$H$a(B:

Cache File System $B$O(B Sun $B$K$h$C$F3+H/$5$l$?!"(BNFS $B$N%Q%U%)!<%^%s%9$H%9%1!<(B
$B%i%S%j%F%#$r2~A1$9$k$?$a$N!"%U%!%$%k%7%9%F%`$N%-%c%C%7%e5!9=$G$"$k!#$3(B
$B$N5!G=$O%G%U%)%k%H>uBV$N(B Solaris $B$KF1:-$5$l$F$$$k!#(B

Cache File System $B$N(B RPC $B%5!<%P%3%s%]!<%M%s%H$K$OLdBj$,H/8+$5$l$F$$$k!#(B
$BIT@5$J<j=g$K$h$k(B RPC $B%j%/%(%9%H$,9T$o$l$?>l9g!"Js9p$K$h$k$H(B cachefsd $B$O(B
$B%/%i%C%7%e$7$F$7$^$&!#$3$NLdBj$O%5!<%S%9$NCfCG!"$"$k$$$O!"%G!<%?$NB;<:(B
$B$N2DG=@-$r$b$?$i$97k2L$r>7$/$3$H$,?d;!$5$l$k!#(B

$B$5$i$J$k5;=QE*$J>\:Y>pJs$K$D$$$F$O<}=8Cf$G$"$k!#(B

15. CIDER Shadow Analyzer Remote Command Execution Vulnerability
BugTraq ID: 4625
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4625
$B$^$H$a(B:

CIDER (Cooperative Intrusion Detection Evaluation and Response) Shadow
Analyzer $B$O(B Shadow Intrusion Detection System $B$K4^$^$l$k!"0l%3%s%]!<%M(B
$B%s%H$G$"$k!#$3$N%=%U%H%&%'%"$OMM!9$J(B Linux $B%G%#%9%H%j%S%e!<%7%g%s$GF0:n(B
$B$9$k!#(BCIDER Shadow Analyzer $B%3%s%]!<%M%s%H$OFbIt%M%C%H%o!<%/$+$i$N$_%"(B
$B%/%;%92DG=$J>uBV$G$"$k$h$&$J0U?^$N85$G@_7W$5$l$F$$$k!#(B

CIDER Shadow Analyzer $B%3%s%]!<%M%s%H$O(B CIDER Shadow Sensor $B8~$1$N(B Web
$B$rMxMQ$9$k@_DjMQ%$%s%?%U%'!<%9$rDs6!$7$F$$$k!#FbIt%M%C%H%o!<%/$KB8:_$9(B
$B$k967b<T$O$3$N(B Web $B%$%s%?%U%'!<%9$r2p$7$F%j%b!<%H$+$i%3%^%s%I$N<B9T$r(B
$B4k$F$k$3$H$,2DG=$G$"$k!#(B

CIDER Shadow Analyzer $B$O%7%'%kMQ$N%a%?%-%c%i%/%?$K$D$$$F$N==J,$J%U%#%k(B
$B%?%j%s%0$r9T$C$F$$$J$$!#$3$N7k2L!"%j%b!<%H$N967b<T$O%3%^%s%I$r!"$3$N%=(B
$B%U%H%&%'%"$r2TF0$5$;$F$$$k%3%s%T%e!<%?>e$G!"(BWeb $B%5!<%P$N8"8B$G<B9T2DG=(B
$B$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$K$h$j!"FbIt%M%C%H%o!<%/$N%j%b!<%H$N967b<T$O!"LdBj$rJz$($k%=%U(B
$B%H%&%'%"$r2TF0$5$;$F$$$k!"%3%s%T%e!<%?$N%m!<%+%k$N;q8;$K%"%/%;%92DG=$K(B
$B$J$k2DG=@-$,$"$k!#(B

CIDER Shadow 1.7 $B$b$3$NLdBj$rJz$($F$$$k$+$I$&$+$K$D$$$F$OL$>\$G$"$k!#(B

16. Solaris AdminTool Media Installation Path Buffer Overflow Vulnerability
BugTraq ID: 4632
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4632
$B$^$H$a(B:

Solaris $B$N(B admintool $B$O%f!<%6$X(B GUI $B$r2p$7$FMM!9$J%7%9%F%`4IM}MQ:n6H$r(B
$B2DG=$K$9$k%f!<%F%#%j%F%#$G$"$k!#(B

admintool $B$O%m!<%+%k$+$i967b$KMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$NLdBj$r(B
$BJz$($F$$$k5?$$$,$"$k!#$3$l$O%$%s%9%H!<%kMQG^BN$N%Q%9;XDj$K4X$9$k!"6-3&(B
$B%A%'%C%/$,==J,$G$O$J$$$?$a$K@8$8$k!#%Q%9$H$7$FHs>o$KD9$$J8;zNs$rM?$($k(B
$B$3$H$K$h$j!"%j%?!<%s%"%I%l%9$J$I$N%9%?%C%/Fb$NCM$r>e=q$-2DG=$G$"$k!#(B
$B967b<T$O$3$N>uBV$r967b<T$,;XDj$7$?%3!<%I$,<B9T$5$l$k$h$&$K967b$KMxMQ$9(B
$B$k2DG=@-$,$"$k!#(B

admintool $B$O(B setuid root $B$G$"$k$?$a!"$3$NLdBj$rMxMQ$9$k967b$r@.8y$5$;$i(B
$B$l$k967b<T$O!"(Broot $B8"8B$rC%<h$9$k2DG=@-$,$"$k!#(B

17. Solaris LBXProxy Display Name Buffer Overflow Vulnerability
BugTraq ID: 4633
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4633
$B$^$H$a(B:

Low-Bandwidth X Proxy (lbxproxy) $B$O!"(BX $B%&%#%s%I%&$X$NDcBS0hI}$G$N@\B3$r(B
$B<h$j07$&%5!<%P$G$"$k!#B?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$9$k$h$&$K!"$3$N(B
$B%=%U%H%&%'%"$O(B Solaris $B>e$G$bF0:n$9$k!#(B

lixproxy $B$O%m!<%+%k$+$i%P%C%U%!%*!<%P!<%U%m!<>uBV$r@8$8$5$;$kLdBj$rJz$((B
$B$k5?$$$,$"$k!#$3$l$O!"%3%^%s%I%i%$%s%Q%i%a!<%?(B display $B$NCM$KBP$9$k6-3&(B
$B%A%'%C%/$,==J,$K9T$o$l$F$$$J$$$?$a$K@8$8$F$$$k!#$3$NCM$O(B lbxproxy $B$N@\(B
$BB3@h$N(B X $B%5!<%P$N@\B3%]!<%H$r;XDj$9$k$?$a$KMxMQ$5$l$F$$$k!#(B

$B$3$N%Q%i%a!<%?$H$7$F!"Hs>o$KD9$$J8;zNs$r;XDj$9$k$3$H$K$h$j!"%j%?!<%s%"(B
$B%I%l%9$r4^$`!"%9%?%C%/JQ?t$N>e=q$-$,2DG=$H$J$k!#967b<T$O!"<+$i$,M?$($?(B
$B%3!<%I$r<B9T$9$k$?$a$K!"$3$N>uBV$r@8$8$5$;$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$9$k>l9g!"967b<T$,M?$($?G$0U$NL?Na$,<B9T2D(B
$BG=$G$"$k$H?d;!$5$l!"$h$j9b0L$N8"8B$NC%<h$r>7$/7k2L$H$J$k$3$H$,A[Dj$5$l(B
$B$k!#(B

Solaris $B$GF0:n$9$k(B lbxproxy $B$O(B setgid root $B$5$l$F%$%s%9%H!<%k$5$l$k$?$a!"(B
$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b<T$O(B root $B%0%k!<%W$N8"8B$K>:(B
$B3J$,2DG=$K$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B Sun Solaris $B>e$GF0:n$9$k(B lixproxy $B$K$*$$$FJs9p$5$l$F$$$k!#(B
$B$3$NLdBj$,$=$NB>$N(B OS $B>e$GLdBj$H$J$k$+$I$&$+$OL$>\$G$"$k!#(B

18. CDE DTPrintInfo Help Volume Search Buffer Overflow Vulnerability
BugTraq ID: 4630
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4630
$B$^$H$a(B:

CDE $B$O6&DL%G%9%/%H%C%W4D6-(B (Common Desktop Environment) $B$rDs6!$9$k%=%U(B
$B%H%&%'%"$G$"$k!#$3$l$O$$$/$D$+$N%P!<%8%g%s$N(B UNIX $B$KF1:-$5$l$F$*$j!"B?(B
$B$/$N%Y%s%@$K$h$jJ]<i$5$l$F$$$k!#(B

CDE $B$O%m!<%+%k%f!<%6$K$h$j9b0L$N8"8B$NC%<h$,2DG=$H$J$kLdBj$rJz$($F$$$k!#(B
$B$3$NLdBj$O(B dtprintinfo $B%W%m%0%i%`$K$*$1$k6-3&%A%'%C%/$KM3Mh$9$k!#(B

$B$3$NLdBj$K$h$j!"(B dtprintinfo $B%W%m%0%i%`$r2p$7$F!"G$0U$N%3!<%I$N<B9T$,2D(B
$BG=$H$J$k!#(Bdtprintinfo $B%W%m%0%i%`$,<B9T$5$l$F$$$k:]!"%G%9%/%H%C%W$K%X%k(B
$B%W%a%K%e!<$,I=<($5$l$k!#$3$N%X%k%W%a%K%e!<$rMxMQ$7!"0U?^$9$kD9$5$NJ8;z(B
$BNs$K$h$j8!:w$r<B9T$9$k$3$H$G!"%9%?%C%/JQ?t$N>e=q$-$,2DG=$H$J$k%P%C%U%!(B
$B%*!<%P!<%U%m!<$r0z$-5/$3$9$3$H$,2DG=$H$J$k!#(B

$B$3$NLdBj$rMxMQ$9$k$?$a$K$O!"%G%9%/%H%C%W$X$N%"%/%;%9$rI,MW$H$9$kE@$ON1(B
$B0U$5$l$M$P$J$i$J$$!#%f!<%6$,$3$NLdBj$rMxMQ$9$k967b$r9T$&$?$a$K$O!"%7%9(B
$B%F%`$N%m!<%+%k4D6-$X%"%/%;%9$7!"@5Ev$J%f!<%6%"%+%&%s%H$r<hF@$9$k$+!"$b(B
$B$7$/$O(B CDE $B%j%b!<%H%m%0%$%s$N$h$&$J;EAH$_$rMxMQ$7$F!"%m!<%+%k$N%G%9%/(B
$B%H%C%W$+$i%j%b!<%H%[%9%H$X$N(B CDE $B%;%C%7%g%s$r4k$F$k$+$N$I$A$i$+$rI,MW$H(B
$B$9$k!#(B

19. AutoLog IP Spoofing Vulnerability
BugTraq ID: 4627
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 29 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4627
$B$^$H$a(B:

AutoLog $B$O(B Web $B%5%$%H$NMxMQN($NDI@WD4::$r9T$&%=%U%H%&%'%"$G$"$k!#(B
$B$3$l$O(B Microsoft Windows $B%*%Z%l!<%F%#%s%0%7%9%F%`$HF1MM!"KX$I$N(B UNIX $B$d(B
$BMM!9$J(B Linux $B$K$*$$$FF0:n$9$k!#(B

AutoLog $B$O8x3+Cf$N(B Web $B%5%$%H$K%"%/%;%9$9$k%f!<%6$rDI@W$9$k$?$a$K!"%/%C(B
$B%-!<$rMxMQ$7$F$$$k!#(B

$B%j%b!<%H$N967b<T$OG$0U$N(B IP $B%"%I%l%9$,A^F~$5$l$F$$$k!"FCDj$N9*L/$K:n@.(B
$B$5$l$?%/%C%-!<$rAw$j$D$1$k$3$H$G!"56Au$5$l$?(B IP $B$r$3$N%9%/%j%W%H7PM3$G(B
$B5-O?$9$k2DG=@-$,$"$k!#(B

$B967b<T$O0-0U$"$k(B Web $B$rMxMQ$9$k9T0Y$N5/86$r1#JC$9$k$?$a$K$3$NLdBj$rMxMQ(B
$B$9$k2DG=@-$,$"$k!#(B

20. Messagerie Arbitrary User Removal DoS Vulnerability
BugTraq ID: 4635
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 27 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4635
$B$^$H$a(B:

Messagerie $B$O(B La Basse $B$K$h$C$FJ]<i$5$l$F$$$kEE;R7G<(HD%"%W%j%1!<%7%g(B
$B%s$G$"$k!#(B

$B$3$N%=%U%H%&%'%"%Q%C%1!<%8$O!"%j%b!<%H$NG'>Z$r9T$C$F$$$J$$%f!<%6$,!"$$(B
$B$+$J$k%f!<%6%"%+%&%s%H$G$b:o=|$,2DG=$H$J$kLdBj$rJz$($F$$$k!#$3$NLdBj$O(B
supp_membre.php $B%9%/%j%W%H$K$*$1$k8"8B$N@_Dj$KM3Mh$9$k!#(B

$BJs9p$K$h$k$H!"4{CN$G$"$k%f!<%6L>$,CmF~$5$l$?FCDj$N9*L/$K:n@.$5$l$?(B URL 
$B$rAw$j$D$1$k$3$H$G!"$3$N%9%/%j%W%H$r2p$7$F!"4{CN$G$"$k%f!<%6%"%+%&%s%H(B
$B$N:o=|$,2DG=$H$J$k!#(B

$B$3$NLdBj$O$3$N%5!<%S%9$rMxMQ$9$k%f!<%6!"$b$7$/$O@x:_E*$J4IM}<T$r(B DoS
$B>uBV$K4Y$i$;$k7k2L$r>7$/$3$H$,2DG=$G$"$k!#(B

21. 3Com 3CDaemon Buffer Overflow Vulnerability
BugTraq ID: 4638
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4638
$B$^$H$a(B:

3CDaemon $B$O(B 3Com $B$N(B Dan Gill $B$K$h$C$F3+H/$5$l$?(B FTP $B%5!<%P$G$"$k!#(B

$BJs9p$K$h$k$H!"(B3CDaemon $B$,2TF0$9$k%[%9%H>e$G%P%C%U%!%*!<%P!<%U%m!<$r0z$-(B
$B5/$3$9$3$H$,2DG=$H$J$k!#(B

$BBgNL$N%G!<%?(B ($B>/$J$/$H$b(B 400 $BJ8;z(B) $B$r%m%0%$%s%W%m%s%W%H$KAw$j$D$1$k$3$H(B
$B$G!"%9%?%C%/$KM3Mh$9$k%*!<%P!<%U%m!<>uBV$r>7$/$3$H$,2DG=$H$J$k!#(B

$B$3$N%*!<%P!<%U%m!<$O%j%?!<%s%"%I%l%9$r4^$`%9%?%C%/JQ?t$N>e=q$-$,2DG=$H(B
$B$J$j!"G$0U$N%3!<%I$r<B9T$9$k$?$a$KMxMQ$5$l$k!#$?$@$7!"$G$?$i$a$J%G!<%?(B
$B$rAw$j$D$1$k>l9g$O!"%"%W%j%1!<%7%g%s$N%/%i%C%7%e$r0z$-5/$3$9$3$H$,2DG=(B
$B$H$J$k$N$_$G$"$k!#(B

22. Mozilla / Netscape 6 XMLHttpRequest File Disclosure Vulnerability
BugTraq ID: 4628
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4628
$B$^$H$a(B:

Mozilla $B$H(B Netscape 6 $B$,MxMQ$9$k(B XMLHttpRequest $B%*%V%8%'%/%H$K$*$1$k(B HTTP
$B%j%@%$%l%/%H$N=hM}$K$OLdBj$,B8:_$9$k!#(B

$B$3$N(B XMLHttpRequest $B%*%V%8%'%/%H$K$h$j!"%/%i%$%"%s%H%^%7%s$K(B HTTP $B%j%/(B
$B%(%9%H$r2p$7$?(B XML $B%I%-%e%a%s%H$NC%<h$,2DG=$K$J$k!#DL>o!"%j%b!<%H$N(B Web
$B%5%$%H$N$h$&$J!"?.MQ$5$l$F$$$J$$%"%/%;%985$+$i%9%/%j%W%H$,%/%i%$%"%s%H(B
$B$X0z$-EO$5$l$k:]!"%;%-%e%j%F%#%A%'%C%/5!9=$O$3$N%*%V%8%'%/%H$K$h$k%m!<(B
$B%+%k$N%U%!%$%k$X$ND>@\%"%/%;%9$rAK32$7$F$$$k!#(B

$B%5!<%P$X$N(B HTTP $B%j%/%(%9%H$,(B XMLHttpRequest.Open() $B%a%=%C%I$K$h$C$F9T$o(B
$B$l!"%j%/%(%9%H$X$N1~Ez$,%j%@%$%l%/%H$5$l$k:]$KLdBj$,B8:_$9$k!#$3$N:]!"(B
XMLHttpRequest $B%a%=%C%I$O$=$N$^$^%j%@%$%l%/%H$r<u$17Q$.!"%U%!%$%k$NFbMF(B
$B$rFI$_9~$`$N$G$"$k!#FI$_9~$^$l$?%U%!%$%k$NFbMF$O(B responceText $B$N%W%m%Q(B
$B%F%#$H$7$F!"%9%/%j%W%H$N;D$j$NItJ,$+$i%"%/%;%92DG=$K$J$j!"B>$N(B Web $B%5%$(B
$B%H$XE>Aw$5$l$k2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$O(B DOM $B%$%s%W%j%a!<%7%g%s%$%s%?%U%'!<%9J}<0$N%I%-(B
$B%e%a%s%H:n@.$G:n@.$5$l$k(B XML $B%I%-%e%a%s%H$KE,MQ$5$l$k%m!<%IJ}K!$K$bB8:_(B
$B$9$k!#$3$NLdBj$rMxMQ$9$k967b<jCJ$O(B Mozilla 1.0RC1 $B$KBP$9$k$b$N$,8x3+$5(B
$B$l$F$$$k!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$X$N=EMW$J>pJs$N3+<($r>7$/$3$H$,2DG=$H(B
$B$J$k!#(B

23. Recherche Cross-Site Scripting Vulnerability
BugTraq ID: 4636
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 27 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4636
$B$^$H$a(B:

Recherche $B$O(B Web $B%5%$%H>e$GF0:n$9$k$h$&$K@_7W$5$l$?8!:w%"%W%j%1!<%7%g(B
$B%s$G$"$k!#(B Recherche $B$O(B PHP Gratuit $B$K$*$$$FJ]<i$5$l$F$$$k!#(B

Recherche $B$O(B URL $B%Q%i%a!<%?$KA^F~$5$l$?%9%/%j%W%H$N%U%#%k%?%j%s%0$rBU$C(B
$B$F$*$j!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$rMxMQ$9$k967b$N1F6A$r<u$1$k5?$$$,(B
$B$"$k!#967b<T$+$iM?$($i$l$?%9%/%j%W%H$O!"(Badd.php $B%9%/%j%W%H$X$N0-0U$"$k(B
$B%O%$%Q!<%j%s%/Fb$K4^$^$l$k2DG=@-$,$"$k!#967b<T$+$iM?$($i$l$?%9%/%j%W%H(B
$B$O!"$3$N0-0U$"$k%O%$%Q!<%j%s%/$rK,$l$k(B Web $B%f!<%6$N%V%i%&%6Fb$G!"(BRecherche
$B$,2TF0Cf$N%[%9%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k$3$H$,A[Dj(B
$B$5$l$k!#$3$N<o$N0-0U$r;}$C$?%O%$%Q!<%j%s%/$O!"(BHTML $B7A<0$NEE;R%a!<%k!"(B
$B$b$7$/$O0-0U$"$k(B Web $B%Z!<%8$KCmF~$5$l$F$$$k2DG=@-$,$"$k!#(B

$B$3$l$NLdBj$K$h$j!"%j%b!<%H$N967b<T$K$h$C$F(B Recherche $B$,2TF0$9$k(B Web $B%5(B
$B%$%H$N!"@5Ev$J%f!<%6$N%/%C%-!<$rMxMQ$7$?G'>ZMQ>ZL@=q$rC%<h$5$l$k2DG=@-$,$"$k!#(B

24. Messagerie Remote File Include Vulnerability
BugTraq ID: 4641
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 27 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4641
$B$^$H$a(B:

Messagerie $B$O(B La Basse $B$K$h$C$FJ]<i$5$l$F$$$kEE;R7G<(HD%"%W%j%1!<%7%g(B
$B%s$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O0-0U$"$k%f!<%6$K$h$C$F!"G$0U$N(B PHP $B%3!<%I$r<B9T$5$l(B
$B$F$7$^$&LdBj$,H/8+$5$l$F$$$k!#(B

Messagerie $B$O%j%b!<%H$+$i$N%U%!%$%k$NCmF~$,2DG=$J$N$G$"$k!#$3$N7k2L!"%j(B
$B%b!<%H$N967b<T$O!"BP>]$H$J$k%j%b!<%H%[%9%H>e$KB8:_$9$k!"G$0U$N%U%!%$%k(B
$B$rCmF~$9$k2DG=@-$,$"$k!#(B

$BCmF~$5$l$k%U%!%$%k$,(B PHP $B%9%/%j%W%H$G$"$k>l9g!"LdBj$N%=%U%H%&%'%"$,2TF0(B
$B$9$k%[%9%H>e$G<B9T$5$l$k$3$H$,A[Dj$5$l$k!#(B

$B967b<T$OLdBj$N%=%U%H%&%'%"$,2TF0$9$k%[%9%H$KBP$7!"%m!<%+%k%"%/%;%9$rC%(B
$B<h$9$k$?$a$N<jCJ$H$7$F!"$3$N(B PHP $B%9%/%j%W%H$rMxMQ$9$k2DG=@-$,$"$k!#(B

25. Sun Solaris RWall Daemon Syslog Format String Vulnerability
BugTraq ID: 4639
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4639
$B$^$H$a(B:

Solaris $B$O(B Sun Microsystems $B$K$*$$$F3+H/$*$h$SG[I[$5$l$F$$$k!"%U%j!<$G(B
$BMxMQ2DG=$J(B UNIX $BM3Mh$N(B OS $B$G$"$k!#(B

Solaris $B$O%j%b!<%H$N967b<T$K%m!<%+%k%"%/%;%9$r<hF@$7!"$h$j9b0L$N8"8B$r(B
$BC%<h$5$l$k2DG=@-$,$"$kLdBj$rJz$($F$$$k!#$3$NLdBj$O(B rwall $B%G!<%b%s$KM3Mh(B
$B$9$k!#(B

rwall $B%G!<%b%s$O%j%b!<%H$+$i$N(B wall $B%3%^%s%IAjEv$N5!G=$rDs6!$9$k%G!<%b(B
$B%s$G$"$j!"%7%9%F%`A4BN$KEO$kF1Js%a%C%;!<%8$rAw?.$9$k$h$&$K@_7W$5$l$F$$(B
$B$k!#$3$N%=%U%H%&%'%"$O%7%9%F%`4V$N%j%/%(%9%H$r(B RPC $B$r2p$7$F<u$1EO$7$r9T(B
$B$$!"(Binetd $B$r2p$7$F(B rwall $B%G!<%b%s$N5/F0$r<h$j07$&$h$&$KF0:n$r9T$C$F$$$k!#(B

$B$3$NLdBj$K$h$j!"LdBj$rJz$($k%7%9%F%`>e$GG$0U$N%3!<%I$r<B9T$5$l$k2DG=@-(B
$B$,$"$k!#0-0U$r$b$C$F:n@.$5$l$?%U%)!<%^%C%HJ8;zNs$,!"$"$k%7%9%F%`$+$iB>(B
$B$N%7%9%F%`$XAw$i$l$k$H!"%;%-%e%"$G$O$J$$(B syslog() $B4X?t$N8F$S=P$7<jCJ$,(B
$B9T$o$l$F$$$k$?$a$K!"%j%b!<%H$N967b<T$OG$0U$N%3!<%I$r<B9T$9$k$?$a$N0-0U(B
$B$"$k4X?t$N8F$S=P$7$,2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B rwalld $B$HF1MM$K!"(Binetd $B$NF0:n$rI,MW$H$9$kE@$ON10U$5$l$M$P$J(B
$B$i$J$$!#(Binetd $B$N@_Dj$+$i(B rwalld $B$,L58z$K$5$l$F$$$k%7%9%F%`!"$b$7$/$O(B 
inetd $B$,L58z$K$5$l$F$$$k%7%9%F%`$K$O!"$3$NLdBj$N1F6A$O<u$1$J$$!#$5$i$K(B
$BIU$12C$($k$J$i$P!"$3$NLdBj$,<B9T$5$l$k$H!"(Broot $B$H$7$F%3!<%I$N<B9T$r>7(B
$B$/7k2L$H$J$k!#(B

26. Kv Guestbook Cross-Site Scripting Vulnerability
BugTraq ID: 4647
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 27 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4647
$B$^$H$a(B:

Kv Guestbook $B$O(B KillerVault $B$K$*$$$FJ]<i$5$l$F$$$k(B Web $B$rMxMQ$7$?K,Ld(B
$B<TL>Jm7G<(HD$G$"$k!#(B

Kv Guestbook $B$O(B URL $B%Q%i%a!<%?$KA^F~$5$l$?%9%/%j%W%H$N%U%#%k%?%j%s%0$r(B
$BBU$C$F$*$j!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$rMxMQ$9$k967b$N1F6A$r<u$1$k5?(B
$B$$$,$"$k!#967b<T$+$iM?$($i$l$?%9%/%j%W%H$O!"(Bguestbook.php $B%9%/%j%W%H$X(B
$B$N0-0U$"$k%O%$%Q!<%j%s%/Fb$K4^$^$l$k2DG=@-$,$"$k!#$=$N967b<T$+$iM?$($i(B
$B$l$?%9%/%j%W%H$O$3$N0-0U$"$k%O%$%Q!<%j%s%/$rK,$l$k(B Web $B%f!<%6$N%V%i%&%6(B
$BFb$G!"(B Kv Guestbook $B$,2TF0Cf$N%[%9%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G(B
$B<B9T$5$l$k$3$H$,?d;!$5$l$k!#$3$N<o$N0-0U$r;}$C$?%O%$%Q!<%j%s%/$O!"(B HTML
$B7A<0$NEE;R%a!<%k!"$b$7$/$O0-0U$"$k(B Web $B%Z!<%8$KCmF~$5$l$F$$$k2DG=@-$,$"(B
$B$k!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,(B Kv Guestbook $B$,2TF0$9$k(B Web $B%5%$%H$N!"(B
$B@5Ev$J%f!<%6$N%/%C%-!<$rMxMQ$7$?G'>ZMQ>ZL@=q$rC%<h$9$k2DG=@-$,$"$k!#(B

27. Netscape/Mozilla IRC Buffer Overflow Vulnerability
BugTraq ID: 4637
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4637
$B$^$H$a(B:

Mozilla $B$O%U%j!<$GMxMQ2DG=$J%*!<%W%s%=!<%9$N(B Web $B%V%i%&%6$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$OKX$I$N(B Linux $B$dMM!9$J(B UNIX $B$GF0:n$7!"$^$?!"(BMacOS $B$d(B
Microsoft Windows 9x/ME/NT/2000/XP $B$G$bF0:n$9$k!#(B Netscape $B$O(B Mozilla
$B$HF1MM$N4D6-$GF0:n$9$k!"$b$&0l$D$N(B Web $B%V%i%&%6$G$"$k!#(B

IRC $B%W%m%H%3%k$rMxMQ$9$k%A%c%s%M%k$,Hs>o$KD9$$%j%/%(%9%H(B (32KB+) $B$r<h(B
$B$j07$&>l9g!"(BNetscape $B$H(B Mozilla $B$O%/%i%C%7%e$9$k$N$G$"$k!#(B

$B967b<T$O(B Web $B%V%i%&%6$r%/%i%C%7%e$5$;$k$?$a$K$3$NLdBj$r<B9T$9$k2DG=@-$,(B
$B$"$k!#$3$l$OE57?E*$K$O0-0U$r$b$C$F:n@.$5$l$?(B Web $B%Z!<%8Fb$N%O%$%Q!<%j%s(B
$B%/$K$h$j0z$-5/$3$5$l$k!#$7$+$7!"(BHTML $B7A<0$NEE;R%a!<%k$K$h$C$F$b!"0z$-5/(B
$B$3$5$l$k2DG=@-$,$"$k!#(B

$BE57?E*$K$O!"$3$NLdBj$O%P%C%U%!%*!<%P!<%U%m!<$K$h$j@8$8$k$H9M$($i$l$k!#(B
$B$7$+$7!"$3$NLdBj$,967b<T$,;XDj$9$kG$0U$N%3!<%I$r<B9T$9$k$?$a$KMxMQ2DG=(B
$B$G$"$k$+$I$&$+$K$D$$$F$OL$>\$G$"$k!#(B

Mozilla $B$N%3!<%I$rMxMQ$7$?(B (Galeon $B$N$h$&$J(B) $BB>$N%V%i%&%6$b$^$?!"$3$NLd(B
$BBj$N1F6A$r<u$1$k2DG=@-$,$"$k!#(B

28. SGI IRIX CPR Buffer Overflow Vulnerability
BugTraq ID: 4644
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4644
$B$^$H$a(B:

IRIX $B$O(B SGI $B$K$h$C$FHNGd!"J]<i$5$l$F$$$k(B UNIX $BM3Mh$N(B OS $B$G$"$k!#(B

IRIX $B$O%m!<%+%k%f!<%6$,$h$j9b0L$N8"8B$rC%<h2DG=$G$"$kLdBj$rJz$($F$$$k!#(B
$B$3$NLdBj$O(B cpr $B%W%m%0%i%`$KM3Mh$9$k!#(B

IRIX $B$K4^$^$l$k(B cpr $B%W%m%0%i%`$,!"%P%C%U%!!<%*!<%P!<%U%m!<$rH/@8$5$;$k(B
$BLdBj$rJz$($F$$$k$3$H$,H/8+$5$l$F$$$k!#$3$NLdBj$K$h$j!"%j%?!<%s%"%I%l%9(B
$B$r4^$`!"%9%?%C%/JQ?t$r>e=q$-$9$k$?$a$K!"%*!<%P!<%U%m!<$r%m!<%+%k$+$i4k(B
$B$F$k$3$H$,2DG=$K$J$k!#$3$NLdBj$K$h$j!"$h$j>:3J$5$l$?8"8B$G$NG$0U$N%3!<(B
$B%I$N<B9T$r>7$/$3$H$,2DG=$K$J$k!#(B

cpr $B$O(B setuid root $B>uBV$N<B9T%U%!%$%k$H$7$F!"%G%U%)%k%H$G%$%s%9%H!<%k$5(B
$B$l$k!#$3$NLdBj$K$h$j!"%m!<%+%k%f!<%6$OLdBj$rJz$($k%7%9%F%`$G$N(B root $B8"(B
$B8B$G$N;q8;$X$N%"%/%;%9$r4k$F$k$?$a$K!"$3$NLdBj$rMxMQ$9$k967b$r9T$&$3$H(B
$B$,2DG=$K$J$k!#(B

29. Netscape/Mozilla/Galeon Local File Detection Vulnerability
BugTraq ID: 4640
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4640
$B$^$H$a(B:

Mozilla $B$O%U%j!<$GMxMQ2DG=$J%*!<%W%s%=!<%9$N(B Web $B%V%i%&%6$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$OKX$I$N(B Linux $B$dMM!9$J(B UNIX $B$GF0:n$7!"$^$?!"(BMacOS $B$d(B
Microsoft Windows 9x/ME/NT/2000/XP $B$G$bF0:n$9$k!#(B Netscape $B$O(B Mozilla
$B$HF1MM$N4D6-$GF0:n$9$k!"$b$&0l$D$NCxL>$J(B Web $B%V%i%&%6$G$"$k!#(B
Mozilla $B$N%=!<%9$KM3Mh$9$k(B Galeon $B%V%i%&%6$O!"MM!9$J(B Linux $B%G%#%9%H%j(B
$B%S%e!<%7%g%s$GMxMQ2DG=$G$"$k!#(B

$B30It$N(B Cascading Style-Sheets (CSS) $B$,(B HTML $B%U%!%$%kFb$KKd$a9~$_2DG=$G(B
$B$"$k!#$3$l$O!"(B <LINK> $B$r;HMQ$9$k$3$H$G<B8=$5$l$k!#(B Web $B%/%i%$%"%s%H$N%;(B
$B%-%e%j%F%#%b%G%k$O!"%j%b!<%H%Z!<%8$+$iB>$N<oN`$N%U%!%$%k$X$N%j%s%/$d!"(B
$B%/%i%$%"%s%H%7%9%F%`>e$N%m!<%+%k%U%!%$%k$X$N%j%s%/$O5qH]$9$k$h$&$K@_7W(B
$B$5$l$F$$$k!#(B

Web $B%Z!<%8$G30It%U%!%$%k$X%j%s%/$r:n@.$9$k$3$H$G!"$3$N@)8B$r2sHr$7!"(BHTTP
$B%j%@%$%l%/%H$rH/@8$5$;$k7k2L$r>7$/$3$H$,<B>Z$5$l$F$$$k!#$3$NLdBj$rMxMQ(B
$B$9$k$3$H$G!"0-0U$"$k%Z!<%8$r1\Mw$7$?(B Web $B%/%i%$%"%s%H$N%m!<%+%k%7%9%F%`(B
$B>e$K!"FCDj$N%U%!%$%k$,B8:_$9$k$+$rCN$k$3$H$,2DG=$H$J$k!#(B

$B$3$NLdBj$O!"%j%b!<%H$N967b<T$K=EMW$J>pJs$r3+<($9$k7k2L$r>7$/!#(B

30. BEA Systems WebLogic Server URL Parsing Path Disclosure Vulnerability
BugTraq ID: 4643
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4643
$B$^$H$a(B:

BEA Systems WebLogic Server $B$O4k6H%l%Y%k$N(B Web $B5Z$S%o%$%d%l%9%"%W%j%1!<(B
$B%7%g%s%5!<%P$G$"$k!#$3$l$O(B Microsoft Windows $B$dKX$I$N(B UNIX $B$d(B Linux $B$G(B
$BF0:n$9$k!#(B

$B$3$N%=%U%H%&%'%"$O!"=EMW$J%Q%9>pJs$r3+<($7$F$7$^$&LdBj$rJz$($F$$$k!#$=(B
$B$NLdBj$O!"(B%00 $B$H$$$C$?(B NULL $BJ8;z$r4^$s$@$"$kFCDj$N0U?^E*$KAH$_N)$F$i$l(B
$B$?(B HTTP $B%j%/%(%9%H$N2r@O$,:$Fq$G$"$k$?$a$KH/@8$7$F$$$k!#(B

$BMM!9$J0-0U$r$b$C$FAH$_N)$F$i$l$?(B HTTP $B%j%/%(%9%H$K$h$j!"(BWeb $BMQ$N%I%-%e(B
$B%a%s%H%k!<%H%G%#%l%/%H%j$X$N@dBP%Q%9$r4^$s$@%(%i!<%Z!<%8$,I=<($5$l$F$7(B
$B$^$&$N$G$"$k!#Nc$($P!"(B HTML $B%U%!%$%k$KBP$9$k%j%/%(%9%H$N=*C<$K!"(B'%00.jps'
$B$H$$$&J8;zNs$rIU2C$9$k$3$H$K$h$C$F@8$8$k2DG=@-$,$"$k!#$3$N>uBV$O!"(BHTML
$B%U%!%$%k$N%U%!%$%kL>$N@hF,$K(B $B%(%s%3!<%I$5$l$?%P%C%/%9%i%C%7%e(B (%5c) $B$r(B
$BA^F~$9$k$3$H$G$b@8$8$k2DG=@-$,$"$k!#B>$N<oN`$N0-0U$r$b$C$FAH$_N)$F$i$l(B
$B$?(B HTTP $B%j%/%(%9%H$G$bF1MM$N8=>]$,@8$8$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$7$FF@$i$l$?%Q%9>pJs$O!"967b<T$K$h$k%[%9%H$KBP$9$k$5$i$J(B
$B$k967b$NJd=u<jCJ$H$J$k2DG=@-$,$"$k!#(B

31. BEA Systems WebLogic Server Null Character DOS Device Denial of Service Vulnerability
BugTraq ID: 4646
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4646
$B$^$H$a(B:

BEA Systems WebLogic Server $B$O4k6H%l%Y%k$N(B Web $B5Z$S%o%$%d%l%9%"%W%j%1!<(B
$B%7%g%s%5!<%P$G$"$k!#$3$l$O(B Microsoft Windows $B$dKX$I$N(B UNIX $B$d(B Linux $B$G(B
$BF0:n$9$k!#(B

MS-DOS $BM3Mh$N%G%P%$%9L>(B (AUX $B$J$I(B) $B$KBP$9$k(B Web $B%j%/%(%9%H$K(B NULL $BJ8;z(B
$B$r4^$^$;$k$3$H$G!"(B DoS $B>uBV$K4Y$i$;$k$3$H$,2DG=$G$"$k!#$^$?!"$3$N0U?^E*(B
$B$KAH$_N)$F$i$l$?%j%/%(%9%H$O@\B3$r@ZCG$7$F$7$^!#$3$N<o$N(B HTTP $B%j%/%(%9(B
$B%H$r?t2s9T$C$?8e$O!"0lEY$KJ#?t$N%9%l%C%I$,@8@.$5$l$F$$$J$$8B$j!"%5!<%P(B
$B$O$=$l0J>e$N@\B3$r<u$1IU$1$J$/$J$k!#(B

$B$3$N>uBV$O(B NULL $BJ8;z$r4^$s$@%j%/%(%9%H$N2r@O$KM3Mh$7$F$$$k$,!"(B MS-DOS 
$BM3Mh$N%G%P%$%9$X$N(B HTTP $B%j%/%(%9%H$N07$$$rBU$C$F$$$k$3$H$K$b860x$,$"$k!#(B
$B$3$NLdBj$O(B BugTraq ID 3816 "BEA Systems WebLogic Server DOS Device
Denial of Service Vulnerability" $B<($5$l$?LdBj$H$h$/;w$F$$$k!#$?$@$7!"(B
$B$3$l$O(B WebLogicServer 6.1 SP2 $B$G=$@5$5$l$F$$$k!#$7$+$7!"(B NULL $BJ8;z$r4^(B
$B$s$@$3$N<o$N967b$O!"(B WebLogic Server 6.1 SP2 $B$,F0:n$7$F$$$k%7%9%F%`$K1F(B
$B6A$r5Z$\$9!#B>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$k!#(B

$BDL>oF0:n$X$NI|5l$K$O!"%5!<%P$N:F5/F0$,I,MW$H$J$k!#(B

32. BEA Systems WebLogic Server URL Parsing Source Code Disclosure Vulnerability
BugTraq ID: 4645
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4645
$B$^$H$a(B:

BEA Systems WebLogic Server $B$O4k6H%l%Y%k$N(B Web $B5Z$S%o%$%d%l%9%"%W%j%1!<(B
$B%7%g%s%5!<%P$G$"$k!#$3$l$O(B Microsoft Windows $B$dKX$I$N(B UNIX $B$d(B Linux $B$G(B
$BF0:n$9$k!#(B

$B$3$N%=%U%H%&%'%"$O!"(B JSP $B%9%/%j%W%H$N%=!<%9%3!<%I$r3+<($7$F$7$^$&LdBj(B
$B$rJz$($F$$$k!#$3$NLdBj$O!"(B %00 $B$H$$$C$?(B NULL $BJ8;z$r4^$`$h$&$J!"$"$kFC(B
$BDj$N0-0U$r$b$C$FAH$_N)$F$i$l$?%j%/%(%9%H$N2r@O$KM3Mh$7$F$$$k!#(B

$B%9%/%j%W%H$N%=!<%9%3!<%I$N3+<($O!"967b<T$,B>$NLdBj$rH/8+$7$?$j!"%G!<%?(B
$B%Y!<%9$NG'>Z>pJs$J$I$N=EMW$J>pJs$r3+<($5$;$k$3$H$KMxMQ$5$l$k2DG=@-$,$"(B
$B$k!#(B

$B0-0U$r$b$C$FAH$_N)$F$i$l$?(B HTTP $B%j%/%(%9%H$K$h$j!"%5!<%P$O(B JSP $B%9%/%j%W(B
$B%H$N%=!<%9%3!<%I$r3+<($7$F$7$^$&$N$G$"$k!#Nc$($P!"B8:_$9$k(B JSP $B%9%/%j%W(B
$B%H$KBP$9$k%j%/%(%9%H$K!"(B'%00x' $B$rIU2C$9$k$3$H$G$3$NLdBj$rH/@8$5$;$k$3$H(B
$B$,2DG=$G$"$k!#$^$?967b<T$O!"3+<($5$;$k%9%/%j%W%H%3!<%I$X$N%j%/%(%9%H$N(B
$B=*C<$K!"(B '+.' $B$rIU2C$5$;$k$3$H$G$bF1MM$NLdBj$r0z$-5/$3$9$3$H$,2DG=$G$"(B
$B$k!#B>$N0-0U$r$b$C$FAH$_N)$F$i$l$?(B HTTP $B%j%/%(%9%H$K$h$C$F$bF1MM$N>uBV(B
$B$,H/@8$9$k2DG=@-$,$"$k!#(B

33. ISS RealSecure DHCP Signature Remote Denial Of Service Vulnerability
BugTraq ID: 4649
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4649
$B$^$H$a(B:

RealSecure $B$O>&MQ$N(B Intrusion Detection System (IDS) $B$G$"$j!"(BISS $B$K$h$C(B
$B$FHNGd!"J]<i$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$O%j%b!<%H%f!<%6$,(B IDS $B$r%/%i%C%7%e$5$;$k$3$H$,2DG=$G(B
$B$"$kLdBj$rJz$($F$$$k!#(B

RealSecure $B$O%7%9%F%`Fb$KF1:-$5$l$F$$$k$$$/$D$+$N(B DHCP $BMQ$N%7%0%M%A%c(B
$B$r=hM}$9$k:]!"F0:nITG=>uBV$K4Y$C$F$7$^$&$N$G$"$k!#(B3$B<oN`$N(B DHCP $B$K4X$9$k(B
$B%7%0%M%A%c(B (DHCP_ACK - 7131$B!"(BDHCP_Discover - 7132$B!"(BDHCP_Request - 7133)
$B$N@_7W>e$NLdBj$K$h$j!"(BRealSecure $B$NF0:n$OIT0BDj$K$J$k$+%/%i%C%7%e$9$k2D(B
$BG=@-$,$"$k!#$3$l$O$3$N%=%U%H%&%'%"$,(B NULL $B%]%$%s%?$X$N;2>H$N2r=|$r;n$_(B
$B$k$?$a$KH/@8$9$k!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H%f!<%6$,LdBj$rJz$($F$$$k(B RealSecure $B%;%s%5!<$r(B
$B%/%i%C%7%e$5$;$k$3$H$,2DG=$H$J$k!#%5!<%P$KBP$7$F0-0U$r$b$C$?(B DHCP $B%H%i(B
$B%U%#%C%/$rAw?.$9$k$3$H$G!"0-0U$N$"$k%7%0%M%A%c$N0l$D$r%;%s%5!<$KFI$_9~(B
$B$^$;$k$3$H$,2DG=$G$"$j!"LdBj$,H/@8$9$k$N$G$"$k!#(B

$B$3$NLdBj$O!"%P!<%8%g%s(B 5.x XPU 3.4 $B$H$=$l0J9_!"(B 6.0 XPU 3.4 $B$H$=$l0J9_!"(B
$B$=$7$F(B 6.5 $B$K1F6A$r5Z$\$9!#(B

$B%;%s%5!<$,;HMQITG=$H$J$C$?>l9g!"$5$i$J$k967b$,H/8+$5$l$k4V$K9T$o$l$k2D(B
$BG=@-$,$"$k!#(B

34. SGI Irix Insecure IPFilter Device Permissions Vulnerability
BugTraq ID: 4648
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4648
$B$^$H$a(B:

IPFilter $B$O(B  NAT (Network Address Translation) $B$d%Q%1%C%H%U%#%k%?%U%!%$(B
$B%d%&%)!<%k5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

SGI IRIX $B$N(B /dev/MAKEDEV $B%9%/%j%W%H$O0BA4$G$J$$%G%U%)%k%H$N%Q!<%_%C%7%g(B
$B%s$G(B ipfilter $B$N%G%P%$%9$r:n@.$9$k!#$3$N(B ipfilter $B%G%P%$%9$O!"$$$+$J(B
$B$k%f!<%6$G$bFI$_9~$_$,2DG=$J%Q!<%_%C%7%g%s!"(B644 $B$G@8@.$5$l!"$3$N%G%P%$(B
$B%9$KBP$7$F%m!<%+%k%f!<%6$,8"8B$,$J$$$K$b4X$o$i$:!"%"%/%;%9$r9T$&$3$H$,(B
$B2DG=$H$J$k$3$H$,?d;!$5$l$k!#(B

$BK\Mh8"8B$r=jM-$7$J$$!"0-0U$"$k%m!<%+%k%f!<%6$,$3$N%G%P%$%9$X(B DoS $B$r>7$/(B
$B9T0Y$r4k$F$k2DG=@-$,$"$k!#<B:]$K$O!"%M%C%H%o!<%/%H%i%U%#%C%/$NDL2a$rK8(B
$B32$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$k!#(B

35. Paul L Daniels alterMIME Denial of Service Vulnerability
BugTraq ID: 4650
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 26 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4650
$B$^$H$a(B:

Paul L Daniels $B$K$h$k(B alterMIME $B$O!"Aw?.%a!<%k$K%F%-%9%H$rDI2C$7$?$j!"(B
$BE:IU$rJT=8$9$k5!G=$r4^$s$@!"(B MIME $B%(%s%3!<%I$NEE;R%a!<%k$rJT=8$9$k%W%m(B
$B%0%i%`$G$"$k!#(B

$BFCDj$N%P!<%8%g%s$N(B alterMIME $B$O@x:_E*$K(B DoS $B>uBV$K4Y$kLdBj$rJz$($F$$$k!#(B
$B$$$/$D$+$N>r7o2<$K$*$$$F!"(Bsprintf() $B4X?t$N0BA4$G$O$J$$8F$S=P$7J}K!$,(B
$B!V0l$D$:$l!W%(%i!<$r>7$/$N$G$"$k!#$3$NLdBj$K$h$j!"$3$N>l9g$O%U%!%$%k9=(B
$BB$BN$N9=B$$r<($9!"%9%?%C%/Fb$N%G!<%?6aK5$NNN0h$N(B null $B$K$h$k>e=q$-$,0z(B
$B$-5/$3$5$l$k!#$3$NLdBj$K$h$j!"%U%!%$%k%]%$%s%?$NGK2u$r0z$-5/$3$9$3$H$,(B
$B2DG=$G$"$k!#(B

$B$J$*!"$3$N>uBV$O%W%m%0%i%`$N=*N;;~$K%W%m%0%i%`$r%/%i%C%7%e$5$;$k$3$H$r(B
$B2DG=$K$9$kJs9p$,4s$;$i$l$F$$$k!#$^$?!"$$$/$D$+$N$N>u672<$G$O!"$3$NLdBj(B
$B$rMxMQ$9$k967b$O(B DoS $B>uBV$r0z$-5/$3$92DG=@-$,$"$k!#$5$i$KIU$12C$($k$J$i(B
$B$P!"%a%b%jFbMF$NGK2u$,@8$8$k$?$a!"FC$K>r7o$r9J$l$k>l9g!"$3$NLdBj$K$h$j(B
$B967b<T$OG$0U$N%3!<%I$r(B alterMIME $B%W%m%;%9$N<B9T8"8B$G<B9T$9$k2DG=@-$,$"(B
$B$k!#$7$+$7!"$3$N8=>]$N2DG=@-$K$D$$$F$OL$8!>Z$G$"$k!#(B

36. MyGuestbook Script Injection Vulnerability
BugTraq ID: 4651
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 30 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4651
$B$^$H$a(B:

MyGuestbook $B$O%U%j!<$G;HMQ2DG=$J%2%9%H%V%C%/%=%U%H%&%'%"$G$"$k!#KX$I$N(B
UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"(B Microsoft Windows $B$G$bF0:n$9$k!#(B

MyGuestbook $B$OA4$F$N%U%#!<%k%I$+$i(B HTML $B%?%0$rE,@Z$K%U%#%k%?%j%s%0$7$F(B
$B$$$J$$$N$G$"$k!#$h$C$F!"967b<T$O(B guestbook $B$K$h$C$F@8@.$5$l$?%Z!<%8$K(B
$BG$0U$N%9%/%j%W%H%3!<%I$rCmF~$9$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B967b<T$N%9%/%j%W%H%3!<%I$O%2%9%H%V%C%/$K$h$C$F@8@.$5$l$?%Z!<%8$r1\Mw$7(B
$B$?G$0U$N%f!<%6$K$h$C$F!"%=%U%H%&%'%"$NF0:n$7$F$$$k(B Web $B%Z!<%8$N%;%-%e(B
$B%j%F%#@_Dj$G<B9T$5$l$k!#(B

$B967b<T$O!"@x:_E*$K$3$NLdBj$rMxMQ$7!"(B Web $B%3%s%F%s%D$r%O%$%8%c%C%/$7$?(B
$B$j!"%/%C%-!<$rMxMQ$7$?G'>Z>pJs$r<hF@$9$k2DG=@-$,$"$k!#(B

37. HP MPE/iX FTPSRVR Arbitrary Shell Command Execution Vulnerability
BugTraq ID: 4652
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 01 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4652
$B$^$H$a(B:

MPE/iX $B$O(B HP e3000 $B%/%i%9$N%5!<%P8~$1$N!"%$%s%?!<%M%C%H8~$1$NB(;~MxMQ(B
$B$,2DG=$J@-G=$r;}$D(B OS $B$G$"$k!#(B

MPE/iX $B%5!<%P$O!"(B FTP $B%5!<%P$X$N%"%/%;%98"$r=jM-$7$?%f!<%6$,G$0U$N%3%^(B
$B%s%I$r<B9T$9$k$3$H$,2DG=$H$J$kLdBj$rJz$($F$$$k!#$3$l$O(B FTP $B%f!<%6$K$h$C(B
$B$F@8@.$5$l$?F~NO$N%A%'%C%/$r==J,$K9T$C$F$$$J$$$3$H$KM3Mh$7$F$*$j!"(B 
LIST $B%3%^%s%I$N0z?t$K4^$^$l$k!"G$0U$N%3%^%s%I$,DL2a$7$F$7$^$&$N$G$"$k!#(B
$B$3$l$O!"K\Mh%7%'%k$X$N%"%/%;%9$r;}$?$J$$%f!<%6$K!"DL>o$N%7%'%k$X$N%"%/(B
$B%;%98"$rM?$($k7k2L$K$D$J$,$k!#(B

$B$3$NLdBj$OF?L>$G(B FTP $B$K%"%/%;%9$9$k%f!<%6$KBP$7$F$b%7%9%F%`$X$N%m!<%+(B
$B%k%"%/%;%98"$rM?$($F$7$^$&2DG=@-$,$"$k!#(B MPE/iX $B$,F?L>(B FTP $B$r%5%]!<%H(B
$B$7$F$$$k$+!"5Z$S!"$=$l$,%G%U%)%k%H$GM-8z$K$J$C$F$$$k$+$I$&$+$O!"8=;~E@(B
$B$G$OL$>\$G$"$k!#(B

III. SECURITYFOCUS NEWS AND COMMENTARY
------------------------------------------
1. Melissa virus author jailed for 20 months
$BCx<T(B: John Leyden, The Register

$BL5L>$J(B Melissa $B%&%$%k%9$N3+H/<T$O!"(B1999 $BG/$N(B 3 $B7n$K%M%C%H>e$N(B Melissa
$B%&%$%k%9$N9-$^$j$K4XO"$7$F!"?t2/%I%k$NB;32$r$b$?$i$7$?$3$H$,860x$K$h$j!"(B
1 $BG/(B 8 $B%v7n$N6X8G7:$NH=7h$,:#F|2<$5$l$?!#(B

http://online.securityfocus.com/news/385

2. Hackers Continue 'Early Warning' Attacks On U.S. Web Sites
$BCx<T(B: Steven Bonisteel, Newsbytes

$BJF9qFbA4BN$rBP>]$K$7$?!"9-HO0O$N(B Web $B%5%$%H$N%3%s%F%s%D$N2~$6$s$r!"9q(B
$B2H$NJ]0B$X$N4X?4$N$?$a$K9T$&!"$HI8\V$9$k%/%i%C%+!<=8CD$O:#F|$N2~$6$s%j(B
$B%9%H$K(B Sandia $B9qN)8&5f=j!"JF9qCO<AD4::=j!"JF9q9qN)I8=`5;=Q8&5f=j(B (NIST)
$B$N%5!<%P$r2C$($?$N$G$"$k!#(B

http://online.securityfocus.com/news/384

3. WinAmp's 'malicious MP3' vuln
$BCx<T(B: Thomas C. Greene, The Register

$B?M5$$N$"$k%U%j!<%=%U%H$G$"$k(B WinAmp player $B$N%f!<%6$O!"(B Bugtraq $B$KEj9F(B
$B$5$l$?!"%9%&%'!<%G%s$N%;%-%e%j%F%#8&5f<T(B Andreas Sandbland $B$HH`$,=jB0$9(B
$B$k4k6H$K$h$C$F8!>Z$5$l$?LdBj$r2sHr$9$k$?$a$K!"%P!<%8%g%s(B 2.80 $B$K%"%C%W(B
$B%G!<%H$9$Y$-$G$"$k!#(B

http://online.securityfocus.com/news/383

4. New Stealth Attack Found Against Personal Firewalls
$BCx<T(B: Brian McWilliams, Newsbytes

$B%Q!<%=%J%k%U%!%$%d%&%)!<%k%=%U%H%&%'%"$KBG$A>!$D?7$7$$5;=Q$,H/8+$5$l$F(B
$B$$$k!#$7$+$7!">/$J$/$H$b$"$k%U%!%$%d%&%)!<%k$N%Y%s%@$O!"$=$NKEN,$O%3%s(B
$B%T%e!<%?%f!<%6$K$ODc%j%9%/$G$"$k$H8l$C$F$$$k!#(B

Symantec$B!"(BMcAfee$B!"$=$7$FB>$N4k6H$N%U%!%$%d%&%)!<%k$N30ItJ}8~$X$N%G!<%?(B
$B$N%U%#%k%?%j%s%0$r2sHr$9$k<B>Z%W%m%0%i%`$G$"$k!"(BBackstealth $B$,!"?M5$$N(B
$B$"$k%;%-%e%j%F%#%D!<%k%5%$%H$G$"$k%Q%1%C%H%9%H!<%`$K@h=57G:\$5$l$?!#(B

http://online.securityfocus.com/news/382


IV.SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Astaro Security Linux (ASL) v3.052(beta)
$B:n<T(B: Astaro AG, info@astaro.de
$B4XO"$9$k(BURL:
http://www.astaro.com/products/download.html
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

Astaro Securiy Linux $B$O?7$7$$%U%!%$%d%&%)!<%k%=%j%e!<%7%g%s$G$9!#%9%F!<(B
$B%H%U%k%$%s%9%Z%/%7%g%s!"%Q%1%C%H%U%#%k%?%j%s%0!"%3%s%F%s%D%U%#%k%?%j%s(B
$B%0!"%&%$%k%9%9%-%c%K%s%0!"(BIPSec $B$rMxMQ$7$?(B VPN$BEy$rDs6!$7$F$$$^$9!#(B Web 
$B$rMxMQ$7$?4IM}%D!<%k$H%$%s%?!<%M%C%H$r2p$7$?%"%C%W%G!<%H5!G=$,MxMQ2DG=(B
$B$G$"$j!"Hs>o$K4IM}$,MF0W$G$9!#$^$?!"FCJL$K6/8G$K@_Dj$5$l$?(B Linux $B%+!<(B
$B%M%k%P!<%8%g%s(B 2.4 $B$r85$K<}=8$5$l$?$3$N%G%#%9%H%j%S%e!<%7%g%s$O(B chroot
$B4D6-$N85$GB?$/$N%G!<%b%s$,F0:n$7!"$3$N%=%U%H%&%'%"72$N5!G=$rMxMQ$7$FJ](B
$B8n$5$l$F$$$^$9!#(B

2. pam_hbci v1.0a
$B:n<T(B: Stefan Palme
$B4XO"$9$k(BURL:
http://online.securityfocus.com/tools/2634
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

pam_hbci $B$O(B Linux $B8~$1$N(B PAM $B%b%8%e!<%k$G$"$j!"G'>Z$d>ZL@$r9T$&$?$a$N(B 
HBCI chip-card $B$r;HMQ2DG=$K$7$^$9!#(B HBCI $B$O(B TCP/IP $B$rMxMQ$7$?%[!<%`%P(B
$B%s%-%s%0$N%I%$%D$G$NI8=`$G$9!#$3$N%b%8%e!<%k$O!"B?$/$N%*%W%7%g%s$rHw$((B
$B$F$*$j!"$^$?!"(B CATPI $B%$%s%?!<%U%'!<%9$rMxMQ$7$?A4$F$N(B chip-card $B%?!<%_(B
$B%J%k$r%5%]!<%H$7$F$$$^$9!#(B

3. Linux Security Auditing Tool v0.5.0
$B:n<T(B: Triode
$B4XO"$9$k(BURL:
http://www.dimlight.org/~number9/lsat/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

Linux Security Auditing Tool (LSAT) $B$O%$%s%9%H!<%k0J8e$N>u67$KBP$9$k%;(B
$B%-%e%j%F%#4F::$r9T$&$?$a$N%D!<%k$G$9!#$3$N%=%U%H%&%'%"$O%b%8%e!<%k2=$5(B
$B$l$?@_7W$,9T$o$l$F$*$j!"?75!G=$N?WB.$JDI2C$,2DG=$G$9!#$3$N%=%U%H%&%'%"(B
$B$O(B inetd $BMQ$N@_Dj%U%!%$%k$NFbMF$r4F::$7!"ITI,MW$J(B RPM $B%Q%C%1!<%8$r8!::(B
$B$7$^$9!#(BRed Hat $B0J30$N%G%#%9%H%j%S%e!<%7%g%s$K$*$$$F$bF0:n$9$k5!G=$d%+!<(B
$B%M%k%P!<%8%g%s$N8!::$r9T$&5!G=$,3HD%$5$l$F$$$^$9!#(B

4. Secure FTP Wrapper v2.1.1
$B:n<T(B: Glub Tech, Inc.
$B4XO"$9$k(BURL:
https://www.glub.com/store/export.jsp?product_id=ftpswrap_2_0
$BF0:n4D6-(B: Java
$B$^$H$a(B:

Secure FTP Wrapper $B$O4{B8$N(B FTP $B%5!<%P$r%;%-%e%"$J%5!<%P$K$9$k$3$H$,2D(B
$BG=$J!"%5!<%P%Y!<%9$N%Q%C%1!<%8$G$9!#$3$N%j%j!<%9$G!"%;%-%e%"%=%1%C%H%l(B
$B%$%d!"$9$J$o$A(B SSL $B$r;HMQ$7$?(B FTP $B%5!<%P$X$N%3%M%/%7%g%s$KBP1~$7$F$$$^(B
$B$9!#(B

5. Gringotts v0.4.4
$B:n<T(B: Germano Rizzo
$B4XO"$9$k(BURL:
http://devel.pluto.linux.it/projects/Gringotts/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

Gringotts $B$O>.5,LO$J%f!<%F%#%j%F%#$G$"$j!"=EMW$J%G!<%?(B ($B%Q%9%o!<%I!"(B
$B%/%l%8%C%H%+!<%IHV9f!"0E>ZHV9f$J$I(B) $B$r4JC1$KFI$_=q$-$G$-$k!"$^$?4JC1$K(B
$B%"%/%;%9$G$-$k>uBV$G!":G$b0BA4$J7A$G=q$-N1$a$F$*$/$3$H$,$G$-$^$9!#(B
Gringotts $B$O0E9f2=$K(B MCrypt $B$H(B MHash $B%i%$%V%i%j$r;HMQ$7$F$*$j!"(B GTK+ 2 
$B$r%$%s%?!<%U%'!<%9$K;HMQ$7$F$$$^$9!#(B

6. Port Scan Attack Detector (psad) v0.9.8
$B:n<T(B: Michael Rash mbr@cipherdyne.com
$B4XO"$9$k(BURL:
http://www.cipherdyne.com/psad/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

Port Scan Attack Detector (psad) is a program written in Perl that is
designed to work with Linux firewalling code (iptables in the 2.4.x
kernels, and ipchains in the 2.2.x kernels) to detect port scans. It
features a set of highly configurable danger thresholds (with sensible
defaults provided), verbose alert messages that include the source,
destination, scanned port range, begin and end times, TCP flags and
corresponding nmap options (Linux 2.4.x kernels only), email alerting, and
automatic blocking of offending IP addresses via dynamic configuration of
ipchains/iptables firewall rulesets. In addition, for the 2.4.x kernels
psad incorporates many of the TCP signatures included in Snort to detect
highly suspect scans for various backdoor programs (e.g. EvilFTP,
GirlFriend, SubSeven), DDoS tools (mstream, shaft), and advanced port
scans (syn, fin, Xmas) which are easily leveraged against a machine via
nmap.
Port Scan Attack Detector (psad) $B$O!"%]!<%H%9%-%c%s$r8!=P$9$k$?$a$K(B 
Linux$B$N%U%!%$%d%&%)!<%k5!G=$rDs6!$9$k%W%m%0%i%`(B (Kernel 2.4.x $B7O$N(B 
iptables $B$d(B kernel 2.2.x $B7O$N(B ipchains) $B$HO"7H$9$k$h$&$K@_7W$5$l$?!"(BPerl
$B$rMxMQ$7$F3+H/$5$l$?%W%m%0%i%`$G$9!#$3$N%W%m%0%i%`$O!"4m81EY$r@_Dj$G$-(B
$B!JI8=`$G$O>\:Y!K!"Aw?.@h!"Aw?.85!"%9%-%c%s$5$l$?%]!<%H$NHO0O!"3+;O5Z$S(B
$B=*N;;~4V!"(B TCP $B%U%i%0!"(B nmap $B%*%W%7%g%s$H0lCW$7$F$$$k$+(B (Linux 2.4.x
kernel $B$N$_(B)$B!"EE;R%a!<%k$K$h$k7Y9p5!G=$J$I$,Hw$o$C$F$*$j!"$^$?!"LdBj$N(B
$B$"$k(B IP $B%"%I%l%9$+$i$N@\B3$r!"(Bipchains/iptables $B$N%U%!%$%d%&%)!<%k$N%k!<(B
$B%k$rF0E*$K@8@.$9$k$3$H$K$h$C$F<WCG$9$k5!G=$J$I$bHw$($F$$$^$9!#$5$i$K!"(B
$BMM!9$J%P%C%/%I%"%W%m%0%i%`(B ($BNc$($P(B EvilFTP$B!"(BGirlFriend $B!"(BSubSeven) $B$K(B
$BBP$9$k%9%-%c%s$H5?$o$l$k$b$N$d!"(BDDoS $B%D!<%k!"(Bnmap $B$K$h$C$F%[%9%H$KBP$7(B
$B$FMF0W$KMxMQ$5$l$k9bEy$J%]!<%H%9%-%c%s(B (syn$B!"(Bfin$B!"(BXmas $B%9%-%c%s$J$I(B) 
$B$r8!CN$9$k$?$a$K(B Snort $B$N(B TCP $B$K4X$9$k%7%0%M%A%c$rMxMQ$7$^$9!#(B
--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$BF#K\6)<y(B(FUJIMOTO Masaki)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1021295794-8111814
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIISGgYJKoZIhvcNAQcCoIISCzCCEgcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DzwwggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggU2MIIEn6ADAgECAhBYKwlOQWIg2t9s9Ul6
I3xqMA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMjA0MDEwMDAw
MDBaFw0wMzA0MDEyMzU5NTlaMIIBIzELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTYxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEXMBUGA1UEAxMOU0FL
QUkgWW9yaXl1a2kxHjAcBgkqhkiG9w0BCQEWD3Nha2FpQGxhYy5jby5qcDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANEwVujTRrltaiSI2DFkPlw5L6WWWeOOy9z0HqaPXf2d
JYfoGHqbpq5MVCkBUSOHSY1Tpi/RdziqxhIYzXvzsb0wC1V0RNzvLf8zXtk6IjTmHttX0QDx
AvoxfmehZ1vCOgQcdBbG2FajnYo7MOewxLrmHLCv0Gitqsi2IS3Eaxv7v5Pzobu82BzUMBl6
9XypVXIEQHTG6s34ji0LbDOO/F5JqTuG5QhQmQyNnJyhNU4/BYu3e1KgK9c0gnIArQAroRqP
/0HXU7Ueu/HAUXnrt7+YqzL5CZ/6m11gCLblzFs2+6XieQsekFSjxquSQjl88C3CwgRoaNkx
01rqqYzBJ8ECAwEAAaOCAVAwggFMMAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZI
AYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMw
YgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBp
bmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMAsGA1UdDwQE
AwIFoDARBglghkgBhvhCAQEEBAMCB4AwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL29uc2l0
ZWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25KYXBhbktLVmVyaVNpZ25DbGFzczFDQUluZGl2
aWR1YWxTdWJzY3JpYmVyL0xhdGVzdENSTC5jcmwwDQYJKoZIhvcNAQEEBQADgYEALL1YFoVc
MyuHCFTkhPlz/3XIGtchllMRc+zha0qmA5wxbtgJT7hEl7IRrocWCSfweW4/KGZDQDMZM9wR
NRX19b4UTs2/opkQtX3eX4qNjUNnGdMjLTGTXzFqlph9b4ZYPvY5Xq+VQjpLBkqn2RQhdTLH
+BXc51LdzrtGw8H7s+4xggKmMIICogIBATCByjCBtTEcMBoGA1UEChMTVmVyaVNpZ24gSmFw
YW4gSy5LLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE+MDwGA1UECxM1VGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvLmpwL1JQQSAoYykgOTgxNDAy
BgNVBAMTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEFgr
CU5BYiDa32z1SXojfGowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0wMjA1MTMxMzE2MDBaMCMGCSqGSIb3DQEJBDEWBBSowuD27UzK
WFseP9p53utIMTMQ+jBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQBlpL9ZwnHDFcOdVNQwXEyramOhg0nLUJscpxUxk/tHTS1FWJgKjUm8YoYEqo2J
BJtYIu9kpncrAlHiSaMpkG4FffilFFO3me4pVQrURiSX/u7Hj3xPw5q61B5LZgXzpG7dwHwA
P9PT2iXNPyhN14cKGnkBFAvgQyWJ0U8OqJd+zKA7LUYY99pUfkUxJvt3l6xaWyAAEqG2dNVi
d2oCAnZJqwARp/4N8aGkgsb2BTUX2c7sExDVOS8wAU6slWdlrm4NgffWpvpRmegynNZK7/3X
zYSHFbtvpfGrexeBkUOaTsdsKXAkgl0MIn+MAb87r+fUsXwmiWXRRQrONo8P62kJ

-----------1021295794-8111814--