Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #146 2002-5-20->2002-5-24
From: SAKAI Yoriyuki <sakai@lac.co.jp>
References: <Pine.LNX.4.43.0205281018350.29471-100000@mail.securityfocus.com>
In-Reply-To: <Pine.LNX.4.43.0205281018350.29471-100000@mail.securityfocus.com>
Message-Id: <200206041828.HIC64850.BLTJB@lac.co.jp>
Date: Tue, 4 Jun 2002 18:28:57 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=sha1; Boundary="---------1023182934-7614388"

-----------1023182934-7614388
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 146 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus.com Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B)
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus.com $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (sakai@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Tue, 28 May 2002 10:20:45 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0205281018350.29471-100000@mail.securityfocus.com>

SecurityFocus Newsletter #146
-----------------------------
This newsletter is sponsored by SecurityFocus (www.securityfocus.com)

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Securing Microsoft Services
     2. The Viral Mind: Understanding the Motives of Malicious Coders
     3. No Stone Unturned, Part Four
     4. Black Hat Briefings
     5. Security Hole Strip Tease
II. BUGTRAQ SUMMARY
     1. bzip2 Decompression File Overwrite Vulnerability
     2. bzip2 Insecure Decompressed File Permissions Vulnerability
     3. bzip2 Archive Inherited Symbolic Link Permissions Vulnerability
     4. FreeBSD k5su Wheel Group Membership Validation Vulnerability
     5. Ipswitch IMail Server LDAP Buffer Overflow Vulnerability
     6. BannerWheel Remote Buffer Overflow Vulnerability
     7. Nullsoft Winamp Plaintext Authentication Credentials...
     8. Deerfield WebSite Pro 8.3 Filename Source Disclosure...
     9. Sun AnswerBook2 Gettransbitmap Buffer Overflow Vulnerability
     10. Stronghold Secure Server Path Information Disclosure...
     11. Cisco IOS ICMP Redirect Denial Of Service Vulnerability
     12. Eric S. Raymond Fetchmail Message Count IMAP Buffer Overflow...
     13. Cisco Catalyst Unicast Traffic Broadcast Vulnerability
     14. YoungZSoft CMailServer Buffer Overflow Vulnerability
     15. Sun Solaris In.Rarpd Multiple Vulnerabilities
     16. Matu FTP Server Buffer Overflow Vulnerability
     17. Microsoft MSDE/SQL Server 2000 Desktop Engine Default...
     18. Cisco VoIP Phone Web Interface System Memory Contents...
     19. Cisco VoIP Phone Stream Request Denial Of Service Vulnerability
     20. Cisco VoIP Phone Default Administrative Password Vulnerability
     21. NewAtlanta ServletExec/ISAPI Path Disclosure Vulnerability
     22. NewAtlanta ServletExec/ISAPI File Disclosure Vulnerability
     23. NewAtlanta ServletExec/ISAPI JSPServlet Denial Of Service...
     24. Compaq ProLiant BL e-Class Enclosure Unauthorized Integrated...
     25. OpenBSD sshd BSD Authentication Implementation Error...
     26. Microsoft Active Directory Zero Page Length Query Vulnerability
     27. Ethereal DNS Dissector  Infinite Loop Denial of Service...
     28. Ethereal Server Message Block Dissector Malformed Packet...
     29. Ethereal GIOP Dissector Memory Exhaustion Vulnerability
     30. SSH Communications Secure Shell Server AllowedAuthentications...
     31. Cisco CBOS Oversized Packet DHCP Denial Of Service Vulnerability
     32. Cisco Broadband Operating System TCP/IP Stack Denial of...
     33. Cisco CBOS Telnet Denial of Service Vulnerability
     34. Debian GNU/Linux netstd Multiple Buffer Overflow Vulnerabilities
     35. IBM DB2 db2ckpw Buffer Overflow Vulnerability
     36. ViewCVS Cross-Site Scripting Vulnerability
     37. LocalWEB2000 File Disclosure Vulnerability
     38. Microsoft Excel 2002 XML Stylesheet Arbitrary Code Execution...
     39. Sendmail File Locking Denial Of Service Vulnerability
     40. OpenBB Cross-Site Scripting Vulnerability
     41. OpenBB BBCode Cross Agent HTML Injection Vulnerability
     42. OpenBB Unauthorized Moderator Access Vulnerability
     43. GNU Mailman Admin Login Cross-Site Scripting Vulnerability
     44. GNU Mailman Pipermail Index Summary HTML Injection Vulnerability
     46. MIT PGP Public Key Server Search String Remote Buffer Overflow...
III. SECURITYFOCUS NEWS ARTICLES
     1. Qwest Glitch Exposes Customer Data
     2. Biometric sensors beaten senseless in tests
     3. Navy Domain Hijacked By German Pornography Site
     4. Microsoft's Privacy Czar on the 'Trust Model'
IV.SECURITYFOCUS TOP 6 TOOLS
     1. IPWatch 1.1
     2. Sophie v1.35
     3. XORCrypt v2.0
     4. sysklogd-sql v1.4.1
     5. COMU Privacy Guard 1.0
     6. Easy Firewall Generator 1.05


I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. bzip2 Decompression File Overwrite Vulnerability
BugTraq ID: 4774
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4774
$B$^$H$a(B:

bzip2 $B$O%*!<%W%s%=!<%9$H$7$F8x3+$5$l$F$$$k!"(BUNIX $B$*$h$S(B Linux $B8~$1$N%U%!(B
$B%$%k05=L!"?-D9%f!<%F%#%j%F%#$G$"$k!#(B

bzip2 $B$O%U%!%$%k$r%;%-%e%"$K?-D9$7$F$$$J$$LdBj$rJz$($F$$$k!#%U%!%$%k$,(B
$B?-D9$5$l$k:]!"(Bbzip2 $B$O%U%!%$%k$,4{$KB8:_$7$F$$$k$+$I$&$+$K$D$$$F$N==J,(B
$B$J3NG'$rBU$C$F$$$k!#$3$N$?$a!"@x:_E*$K?-D9;~$K7Y9p$,<($5$l$k$3$H$J$/%U%!(B
$B%$%k$N>e=q$-$,2DG=$G$"$k!#(B

$B$3$NLdBj$NM3Mh$O!"?-D9;~$K%U%!%$%k$,:n@.$5$l$k:]!"(BO_EXCL $B%U%i%0$,MxMQ$5(B
$B$l$F$$$J$$$3$H$G$"$k!#967b<T$O@x:_E*$K$3$NLdBj$rMxMQ$9$k967b$r9T$&$?$a(B
$B$N0-0U$"$k%"!<%+%$%V$r:n@.$7!"$3$N<o$N%"!<%+%$%V$r?-D9$9$k%f!<%6$,=jM-(B
$B$9$k%U%!%$%k$N>e=q$-$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#(B

2. bzip2 Insecure Decompressed File Permissions Vulnerability
BugTraq ID: 4775
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4775
$B$^$H$a(B:

bzip2 $B$O%*!<%W%s%=!<%9$H$7$F8x3+$5$l$F$$$k!"(BUNIX $B$*$h$S(B Linux $B8~$1$N%U%!(B
$B%$%k05=L!"?-D9%f!<%F%#%j%F%#$G$"$k!#(B

bzip2 $B$O$I$N%f!<%6$KBP$7$F$bFI$_=P$72DG=$J%Q!<%_%C%7%g%s$,@_Dj$5$l$F$$(B
$B$k%U%!%$%k$,?-D9$5$l$k2DG=@-$,$"$k:]!";q8;$N6%9g>uBV(B (race condition)
$B$K4Y$k5?$$$,$"$k!#$3$3$G@8$8$k;q8;$N6%9g$O?-D9;~$N%U%!%$%k$N@8@.$H!"%U%!(B
$B%$%k$X$N%Q!<%_%C%7%g%s$N@_Dj$K$*$$$F@8$8!"@x:_E*$K?-D9$5$l$?%U%!%$%k$O(B
$BITE,Ev$J%Q!<%_%C%7%g%s$,@_Dj$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$K$h$j!"@x:_E*$K!"=EMW$J%U%!%$%k$,B>$N%m!<%+%k%f!<%6$X3+<($5$l(B
$B$k2DG=@-$,$"$k!#(B

3. bzip2 Archive Inherited Symbolic Link Permissions Vulnerability
BugTraq ID: 4776
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4776
$B$^$H$a(B:

bzip2 $B$O%*!<%W%s%=!<%9$H$7$F8x3+$5$l$F$$$k!"(BUNIX $B$*$h$S(B Linux $B8~$1$N%U%!(B
$B%$%k05=L!"?-D9%f!<%F%#%j%F%#$G$"$k!#(B

bzip2 $B$O%U%!%$%k$r05=L$9$k:]!"<B:]$N05=LBP>]$N%U%!%$%k$N%Q!<%_%C%7%g%s(B
$B$NBe$o$j$K!"%7%s%\%j%C%/%j%s%/$N%Q!<%_%C%7%g%s$r7Q>5$5$;$F$7$^$&$N$G$"(B
$B$k!#$3$N$?$a!"$3$N%=%U%H%&%'%"$rMxMQ$7$F05=L$5$l$k%U%!%$%k$K%7%s%\%j%C(B
$B%/%j%s%/$,;X$7<($5$l$F$$$k:]!"%7%s%\%j%C%/%j%s%/$N%Q!<%_%C%7%g%s$,%"!<(B
$B%+%$%VFb$N%U%!%$%k$N%Q!<%_%C%7%g%s$H$7$F3JG<$5$l$F$7$^$&$N$G$"$k!#(B

$B$3$NLdBj$O%"!<%+%$%V$N@8@.;~$K$*$1$k!"%7%s%\%j%C%/%j%s%/$N;2>H2r=|$rBU$C(B
$B$F$$$kE@$KM3Mh$7$F$$$k!#(B

$B$3$NLdBj$K$h$j!"%;%-%e%"$G$O$J$$%Q!<%_%C%7%g%s$G%U%!%$%k$,?-D9$5$l$k>u(B
$BBV(B ($BNc$($P$$$+$J$k%f!<%6$KBP$7$FFI$_=P$72DG=$J>uBV(B) $B$,0z$-5/$3$5$l$k2D(B
$BG=@-$,$"$j!"$3$N>l9g!"@x:_E*$K?-D9$5$l$?%U%!%$%kFb$K4^$^$l$k=EMW$J>pJs(B
$B$,B>$N%m!<%+%k%f!<%6$X3+<($5$l$k2DG=@-$,$"$k!#(B

4. FreeBSD k5su Wheel Group Membership Validation Vulnerability
BugTraq ID: 4777
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4777
$B$^$H$a(B:

k5su $B$O(B su $BN`;w$N!"(BFreeBSD $B8~$1$N%f!<%F%#%j%F%#$G$"$k!#$3$N%f!<%F%#%j%F%#(B
$B$O!"(Broot $B$H$7$F$5$i$KG'>Z$9$k$3$H$K$h$j!"%m!<%+%k%f!<%6$K$h$k(B root $B8"8B(B
$B$rMxMQ$9$k:n6H$r2DG=$K$7$F$$$k!#G'>Z$O%m!<%+%k$N%Q%9%o!<%I%U%!%$%k!"$"(B
$B$k$$$O(B Kerberos 5 $B$N$$$:$l$+$rMxMQ$7$F9T$o$l$F$$$k!#(B

$B$3$N<o$N%f!<%F%#%j%F%#$,MxMQ$5$l$k:]$K$O!"(Bsu $B$ODL>o%m!<%+%k%f!<%6$,(B wheel
$B%0%k!<%W$N%a%s%P$G$"$k>r7o$rI,?\$H$7$F$$$k!#$7$+$7!"(Bk5su $B$O$3$N%f!<%F%#(B
$B%j%F%#$rMxMQ$9$k%f!<%6$N!"(Bwheel $B%0%k!<%W$X$N%f!<%6EPO?>uBV$r==J,$K3NG'(B
$B$7$F$$$J$$$?$a!"(Broot $B$N%Q%9%o!<%I$rCN$C$F$$$k$+!"$"$k$$$O!"(Broot $BMQ$N(B
Kerberos 5 ACL $BFb$KL@<(E*$J9`L\$rJ];}$9$k%m!<%+%k%f!<%6$OC/$G$"$C$F$b(B
$B$3$N%f!<%F%#%j%F%#$rMxMQ$G$-$k>uBV$K$"$k2DG=@-$,$"$k!#(B

$B$3$N%f!<%F%#%j%F%#$K4|BT$5$l$k5sF0$G$"$k!"$3$N%f!<%F%#%j%F%#$,(B wheel $B%0(B
$B%k!<%W$N%a%s%P$G$"$k%f!<%6$K$h$C$F$N$_<B9T$5$l$k$H$$$&>uBV$K>H$i$9$J$i(B
$B$P!"$3$3$K<($5$l$k5sF0$O%;%-%e%"$G$O$J$$$H8@$($k!#(Bk5su $B$O(B root $B8"8B$rMx(B
$BMQ$9$k2DG=@-$,$"$k%"%+%&%s%HHO0O$N@)Ls$KG{$jF@$J$$$N$G$"$k!#(B

$BJs9p$K$h$k$H!"(Bk5su $B$O(B su $B$K$h$C$FDs6!$5$l$F$$$kMM!9$JB>$N%;%-%e%j%F%#5!(B
$BG=$K$D$$$F$bHw$($F$$$J$$$3$H$,<($5$l$F$$$k!#(B

$B4IM}<T$OL@<(E*$K(B k5su $B$r%$%s%9%H!<%k$9$kI,MW$,$"$j!"$3$NLdBj$O(B FreeBSD
$B$N%G%U%)%k%H%$%s%9%H!<%k>uBV$K$*$$$F$OB8:_$7$J$$E@$K$D$$$F$ON10U$5$l$k(B
$B$Y$-$G$"$k!#(B

5. Ipswitch IMail Server LDAP Buffer Overflow Vulnerability
BugTraq ID: 4780
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4780
$B$^$H$a(B:

Ipswitch IMail $B$O(B Web $B%$%s%?%U%'!<%9$r2p$7$FEE;R%a!<%k$r%/%i%$%"%s%H$X(B
$BDs6!2DG=$JEE;R%a!<%k%5!<%P$G$"$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows
$B>e$GF0:n$9$k!#(B

IMail $B$O(B IMail $BFb$N%"%I%l%9D"$NFI$_=P$7$r2DG=$K$9$k$?$a$K!"(BLDAP $B%5!<%P(B
$B$rF1:-$5$;$F$$$k!#(B

IMail $B$KF1:-$5$l$k(B LDAP $BIt$O%j%b!<%H$+$i967b$KMxMQ2DG=$J!"967b<T$K$h$C(B
$B$F;XDj$5$l$?G$0U$N<B9T=hM}<j=g$r<B9T2DG=$K$J$k!"%P%C%U%!%*!<%P!<%U%m!<(B
$B$r@8$8$kLdBj$rJz$($F$$$k5?$$$,$"$k!#(B

$BG'>Z;~$K(B bind DN $B$KBP$7$FHs>o$KD9$$J8;zNs$,M?$($i$l$k:]!"%P%C%U%!%*!<%P!<(B
$B%U%m!<$,@8$8$k$3$H$,CN$i$l$F$$$k!#Nc$($P%j%?!<%s%"%I%l%9Ey$N%9%?%C%/Fb(B
$B$NCM$rG$0U$N=hM}<j=g$G>e=q$-$9$k$?$a$K!"$3$NLdBj$rMxMQ$9$k$3$H$,2DG=$G(B
$B$"$k!#$3$N<jK!$rMxMQ$9$k$3$H$G!"%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$FG$(B
$B0U$N%3!<%I$r<B9T$9$k6<0R$r>7$/2DG=@-$,$"$k!#(B

IMail $B$ODL>o(B SYSTEM $B8"8B$G<B9T$5$l$F$$$k$?$a!"$3$NLdBj$rMxMQ$9$k967b$O!"(B
$B$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B OS $BA4BN$X$N6<0R$r>7$/7k2L$H$J$k$3$H$r(B
$B0UL#$9$k!#(B

$B$3$NLdBj$O(B DoS $B$r0z$-5/$3$9$?$a$K$b967b$KMxMQ$5$lF@$k2DG=@-$,$"$kE@$ON1(B
$B0U$5$l$k$Y$-$G$"$k!#(B

6. BannerWheel Remote Buffer Overflow Vulnerability
BugTraq ID: 4782
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4782
$B$^$H$a(B:

BannerWheel $B$O%U%j!<$KMxMQ2DG=$J%P%J!<9-9p8r49%W%m%0%i%`$G$"$k!#$3$N%=(B
$B%U%H%&%'%"$OB?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows
$B$K$*$$$F$bF0:n$9$k!#(B

BannerWheel $B$K$OG$0U$N%3!<%I$N<B9T!"$"$k$$$O!"(BDoS $B$r0z$-5/$3$92DG=@-$,(B
$B$"$k>u67$,Js9p$5$l$F$$$k!#(B

$BBgNL$K0z$-EO$5$l$k%G!<%?$K4X$9$k6-3&%A%'%C%/$,IT==J,$G$"$k$?$a!"$3$N%=(B
$B%U%H%&%'%"$O%P%C%U%!%*!<%P!<%U%m!<$r@8$8$k5?$$$,$"$k!#967b<T$O(B ($B%j%?!<(B
$B%s%"%I%l%9$r4^$`(B) $B%9%?%C%/Fb$NCM$r!"967b<T$,;XDj$7$?<B9T<j=g$K$h$C$F>e(B
$B=q$-2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$,967b$KMxMQ2DG=$G$"$k>l9g!"$3$NLdBj$K$h$j967b<T$OG$0U$N%3!<%I(B
$B$r(B Web $B%5!<%P$N<B9T8"8B$G<B9T2DG=$G$"$k$H?d;!$5$l$k!#(B

7. Nullsoft Winamp Plaintext Authentication Credentials Vulnerability
BugTraq ID: 4781
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4781
$B$^$H$a(B:

Nullsoft Winamp $B$O(B Microsoft Windows $B8~$1$N!"(BMP3 $B$*$h$SB>$N%U%!%$%k<oJL(B
$B$r%5%]!<%H$7$?%a%G%#%"%W%l%$%d!<$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$*$$$F!"%9%H%j!<%_%s%0%3%s%F%s%D8~$1$N(B HTTP $BG'>ZMQ$N(B
$B>pJs$,@x:_E*$KO31L$9$k2DG=@-$,$"$kLdBj$,Js9p$5$l$F$$$k!#(B

$B%9%H%j!<%_%s%0%3%s%F%s%DMQ$N%f!<%6G'>ZMQ>pJs$O!"(BWinamp $B$K$h$C$FJ?J8$G3J(B
$BG<$5$l$F$$$k!#G'>ZMQ>pJs$O(B winamp.ini $B%U%!%$%kFb$N(B [HTTP-AUTH] $B$H(B [winamp]
$B%X%C%@0J2<$K3JG<$5$l$F$$$k!#(B

$B%m!<%+%k$N967b<T$O$3$N>u67$r!"4{$K%f!<%6$K$h$C$F%"%/%;%9$5$l$?%9%H%j!<(B
$B%_%s%0%3%s%F%s%DMQ$NG'>ZMQ>pJs$X$N%"%/%;%98"$rC%<h$9$k$?$a$KMxMQ$9$k2D(B
$BG=@-$,$"$k!#(B

$B$3$NLdBj$O(B Nullsoft Winamp 2.80 $B$K$D$$$FJs9p$5$l$F$$$k!#B>$N%P!<%8%g%s(B
$B$bF1MM$NLdBj$rJz$($k2DG=@-$,$"$k!#(B

8. Deerfield WebSite Pro 8.3 Filename Source Disclosure Vulnerability
BugTraq ID: 4783
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4783
$B$^$H$a(B:

Deerfield WebSite Pro $B$O(B Microsoft Windows $B8~$1$N>&MQ@=IJ$N(B Web $B%5!<%P(B
$B$G$"$k!#(B

32bit $B4D6-$N(B Microsofft Windows $B$G$OD9$$%U%!%$%kL>$r%5%]!<%H$7$F$$$k!#(B
$B$7$+$7!"8eJ}8_49$N$?$a$K!"MM!9$J%P!<%8%g%s$N(B DOS $B$H(B Windows $B8~$1%=%U%H(B
$B%&%'%"$,I,MW$H$9$k!"8E$$@$Be$N(B 8.3 $B7A<0$NC;$$%U%!%$%kL>$K$D$$$F$b%5%]!<(B
$B%H$7$F$$$k!#(B

Deerfield WebSite Pro $B$O(B 8.3 $B7A<0$NC;$$%U%!%$%kL>$rMxMQ$7$?%U%!%$%k$X$N(B
$B%j%/%(%9%H$r<h$j07$&J}K!$KM3Mh$9$kLdBj$rJz$($k5?$$$,$"$k!#(B

$B$3$NLdBj$O!"FC$K!"$3$N%=%U%H%&%'%"$,>/$J$/$H$b(B 4 $BJ8;z$N3HD%;R(B ($BNc$($P(B
.shtml) $B$r;}$D%U%!%$%k$KBP$7!"(B8.3 $B7A<0$NC;$$%U%!%$%kL>$G%j%/%(%9%H$,9T(B
$B$o$l!"$=$l$KBP$9$k1~Ez$r;n$_$k:]$K@8$8$k!#(BHTTP $B%j%/%(%9%H$KBP$7$FC;$$7A(B
$B<0$N%U%!%$%kL>$,MxMQ$5$l$k:]!"$3$N%=%U%H%&%'%"$O3HD%;R$KBP$7$FE,@Z$J%O(B
$B%s%I%i$NFI$_=P$7$r<:GT$7$F$7$^$&!#$3$NLdBj$N7k2L!"%j%/%(%9%HBP>]$N%U%!(B
$B%$%k$O2r<a$5$l$J$$$N$G$"$k!#(B

$B967b<T$O%9%/%j%W%H$N%=!<%9$r3+<($9$k$?$a$K$3$NLdBj$rMxMQ$9$k967b$r9T$&(B
$B2DG=@-$,$"$k!#(B

9. Sun AnswerBook2 Gettransbitmap Buffer Overflow Vulnerability
BugTraq ID: 4784
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 21 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4784
$B$^$H$a(B:

Sun AnswerBook2 $B$O%P%C%U%!%*!<%P!<%U%m!<$r@8$8$kLdBj$rJz$($F$$$k!#(B
AnswerBook2 $B$O(B Sun Solaris $B$N%f!<%6$d4IM}<T8~$1$K!"(BSun Microsystems $B$K(B
$B$h$C$FDs6!$5$l$kJ8=q%5!<%P$G$"$k!#(B

$BLdBj$O(B gettransbitmap CGI $B$KB8:_$9$k!#(B
$B$3$N(B CGI $B$O(B /usr/lib/ab2/bin/ab2bin/gettransbitmap $B$X%$%s%9%H!<%k$5$l$F(B
$B$$$k!#(B

gettransbitmap CGI $B$O%U%!%$%kL>$r<($9%Q%i%a!<%?$X$N6-3&%A%'%C%/$r==J,$K(B
$B9T$C$F$$$J$$$HJs9p$5$l$F$$$k!#$3$N$?$a!"%j%b!<%H$N0-0U$"$k967b<T$OLdBj(B
$B$rJz$($k%3%s%T%e!<%?>e$G!"%3!<%I$N<B9T$r>7$/7k2L$r$b$?$i$9%j%/%(%9%H$r(B
$B9T$&$3$H$,2DG=$G$"$k!#(B

10. Stronghold Secure Server Path Information Disclosure Vulnerability
BugTraq ID: 4785
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 21 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4785
$B$^$H$a(B:

Redhat Stronghold Secure Web Server $B$O(B Apache $B$N%=!<%9$KM3Mh$9$k(B Web $B%5!<(B
$B%P$G$"$k!#(B

$BJs9p$K$h$k$H!"(BStronghold Server 3.0 $B$O%j%b!<%H%f!<%6$X%Q%9>pJs$r3+<($9(B
$B$k2DG=@-$,$"$k!#(B

$BLdBj$O$3$N%=%U%H%&%'%"$N%5%$%HFb$N%3%s%F%s%D$KBP$7$F%$%s%G%C%/%9$r:n@.(B
$B$9$k5!9=$G$"$k!"(BSWISH (Simple Web Indexing System for Humans) $B$KB8:_$7(B
$B$F$$$k!#(BSWITH $B$O(B Stronghold Server $B$KF1:-$5$l$F$$$k!#967b<T$O(B SWITH $B$,(B
Web $BMQ$N8x3+J8=q$N%Q%9$r3+<($7$F$7$^$&$h$&$J%j%/%(%9%H$rAw?.2DG=$G$"$k!#(B
$B$$$/$D$+$N;vNc$K$*$$$F$O!"(BSWITH $B$O967b<T$X%7%9%F%`8GM-$N>pJs$r3+<($9$k(B
$B2DG=@-$,$"$k!#(B

$B%Q%9$d%7%9%F%`>pJs$NF~<j$O!"0-0U$"$k967b<T$K$h$k!"$=$l0J8e$N@x:_E*$KLd(B
$BBj$rJz$($k%3%s%T%e!<%?$KBP$7!"$^$5$K?/32$r>7$/967b$r0z$-5/$3$9$?$a$KMx(B
$BMQ$5$l$k2DG=@-$,$"$k!#(B

11. Cisco IOS ICMP Redirect Denial Of Service Vulnerability
BugTraq ID: 4786
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 21 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4786
$B$^$H$a(B:

IOS $B$O(B Cisco $B@=%k!<%?$KMxMQ$5$l$k(B Internet Operating System $B$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B Cisco $B$K$h$C$FHNGd!"J]<i$,9T$o$l$F$$$k!#(B

$BJs9p$K$h$k$H!"Hs>o$KBgNL$N!"%9%W!<%U%#%s%0$5$l$?(B ICMP $B%j%@%$%l%/%H%a%C(B
$B%;!<%8$rAw?.$9$k$3$H$K$h$j!"$$$/$D$+$N(B Cisco $B@=%k!<%?$r(B DoS $B$K4Y$i$;$k(B
$B$3$H$,2DG=$JLdBj$,B8:_$9$k!#(B

$BDL>o!"(BICMP $B%j%@%$%l%/%H%a%C%;!<%8$OM-8z$K$J$C$F$$$J$$%k!<%F%#%s%0!"?7$7(B
$B$$%k!<%H>pJs$d%k!<%F%#%s%0$NJQ99$r<($9$?$a$KAw?.$5$l$k!#(BICMP $B%j%@%$%l%/(B
$B%H%a%C%;!<%8$r<u?.$9$k:]!"(BCisco $B@=%k!<%?$O%a%b%jFb$K<u?.$5$l$?%a%C%;!<(B
$B%8$r3JG<$7!"$=$N8e$=$l$i$r=hM}$7$F$$$k!#$7$+$7!"LdBj$rJz$($k%k!<%?$O$3(B
$B$N<o$N%a%C%;!<%8$,$I$NDxEY%a%b%j$rMxMQ$G$-$k$+$K$D$$$F$N@)8B$r@_Dj$7$F(B
$B$$$J$$$?$a!";q8;$rMxMQ$7$-$C$F$7$^$$!"7k2L$H$7$F5!4oFb$GMxMQ2DG=$J;q8;(B
$B$rMxMQ$7?T$/$5$;$F$7$^$&$3$H$,2DG=$J$N$G$"$k!#(B

$B$3$NLdBj$O!"(BIP $B%k!<%F%#%s%0$,L58z2=$5$l$F$$$k>l9g$K$O!"(BCisco IOS 12.x
$B$K$*$$$F@8$8$k!#(BCisco IOS 11.x $B$K$*$$$F$O!"$3$NLdBj$O(B IP $B%k!<%F%#%s%0(B
$B$,L58z$+M-8z$+$rLd$o$:$K@8$8$k!#$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?7k2L$O!"(B
IOS $B$H5!4o$N<oN`$K1~$8$FMM!9$G$"$k!#$$$/$D$+$N5!4o$K$*$$$F$O!"DL>o$N(BIP
$B%k!<%F%#%s%0$r7QB3$7B3$1$k$,!"B>$N=hM}$OITG=$G$"$k>uBV$K4Y$j!"$^$?!"B>(B
$B$N5!4o$K$*$$$F$3$NLdBj$rMxMQ$9$k967b$,4k$F$i$l$?>l9g$K$O%k!<%F%#%s%05!(B
$BG=$O40A4$K<:$o$l$k!#(B

$B$3$NLdBj$O(B Cisco bug ID CSCdx32056 $B$X3d$jEv$F$i$l$F$$$k!#(B

$B0J2<$K<($95!4o$,!"$3$NLdBj$N1F6A$r<u$1$k!#(B

Cisco 1005 running IOS 11.0(18)
Cisco 1603 running IOS 11.3(11b)
Cisco 1603 running IOS 12.0(3)
Cisco 2503 running IOS 11.0(22a)
Cisco 2503 running IOS 11.1(24a)

12. Eric S. Raymond Fetchmail Message Count IMAP Buffer Overflow Vulnerability
BugTraq ID: 4788
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 21 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4788
$B$^$H$a(B:

fetchmail $B$O%U%j!<$KMxMQ2DG=$G$"$j!"%*!<%W%s%=!<%9$G$"$k%a!<%k<hF@%f!<(B
$B%F%#%j%F%#$G$"$k!#$3$N%=%U%H%&%'%"$O(B Eric S. Raymond $B$K$h$C$FJ]<i$5$l$F(B
$B$$$k!#(B

$B$3$N%=%U%H%&%'%"$N(B IMAP $B$r<h$j07$&$?$a$N%3!<%I$,Jz$($kLdBj$K$h$j!"0-0U(B
$B$"$k(B IMAP $B%5!<%P$K$h$C$F%P%C%U%!%*!<%P!<%U%m!<$,0z$-5/$3$5$lF@$k!#$3$N(B
$BLdBj$O(B message index count $B$N=hM}$KM3Mh$7$F$$$k!#(B

$B0-0U$"$k(B IMAP $B%5!<%P$O(B fetchmail $B$r967b2DG=$G$"$k$H?d;!$5$l$k!#967b$N7k(B
$B2L!"(BDoS $B$d@x:_E*$K$OG$0U$N%3!<%I$N<B9T$r>7$/$3$H$,2DG=$G$"$k!#%G%U%)%k(B
$B%H>uBV$K$*$$$F!"(Bfetchmail $B%/%i%$%"%s%H$O%5!<%P$K$h$C$FAw?.$5$l$k(B message
index count $B$r?.Mj$7$F$$$k!#(BIMAP $B%5!<%P$K$h$C$FJV$5$l$k(B message index
count $B$N7k2L$K1~$8$F!"(Bfetchmail $B$OE,@Z$J%a%b%jNL$r3d$jEv$F$F$$$k$N$G$"(B
$B$k!#(B

$B$7$+$7!"0-0U$"$k(B IMAP $B%5!<%P$O5pBg$J(B message index count $B$rJV$92DG=@-$,(B
$B$"$k!#(BIMAP $B%5!<%P$,$3$N5sF0$r9T$C$?>l9g!"(Bfetchmail $B$K%9%?%C%/Fb$N%a%b%j(B
$BNN0h$r>e=q$-2DG=$J%a%b%jNL$r3d$jEv$F$5$;$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O(B DoS $B967b$r>7$/7k2L$r$b$?$i$9$H9M$($i$l$k!#$7$+$7!"$3$NLdBj(B
$B$K$h$k!"(Bfetchmail $B$N%a!<%k$N<hF@@h$G$"$k(B IMAP $B%5!<%P$r;YG[2<$KCV$/967b(B
$B<T$K$h$j0z$-5/$3$5$l$k!"@x:_E*$J%j%b!<%H$+$i$N967b$N2DG=@-$bA[Dj$5$l$k!#(B

13. Cisco Catalyst Unicast Traffic Broadcast Vulnerability
BugTraq ID: 4790
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 21 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4790
$B$^$H$a(B:

Catalyst $B$O(B Cisco $B@=$N>&MQ@=IJIJ<A$N%9%$%C%A$G$"$k!#(B

$B$3$N5!4o$K$O%[%9%H4V$NDL?.FbMF$N0lIt$r1\Mw2DG=$K$9$kLdBj$,B8:_$9$k!#(B
$B$3$NLdBj$O(B MAC $B%"%I%l%9$N3X=,$KMxMQ$5$l$F$$$k5!9=$K4XO"$7$F$$$k!#(B

$BDL>o$NF0:n>uBV$K$*$$$F!"$3$N%9%$%C%A$O%]!<%H$K@\B3$5$l$?!"C10l$N(B ARP $B%j(B
$B%W%i%$$r%9%$%C%A$XAw$j=P$7$?%7%9%F%`$N(B MAC $B%"%I%l%9$r3X=,$7$F$$$k!#%9%$%C(B
$B%A$,(B MAC $B%"%I%l%9$r3X=,$7$F$$$k4|4V!"Ev3:%[%9%H$K4XO"$9$kA4$F$N%H%i%U%#%C(B
$B%/$OA4$F$N%]!<%H$X%V%m!<%I%-%c%9%H$5$l$k!#Js9p$K$h$k$H!"$3$N%9%$%C%A$O(B
$B$^$@4{CN$G$O$J$$%[%9%H$KBP$7$F$5$i$K!"$$$/$D$+$N%Q%1%C%H$,Aw?.$5$l$k$^(B
$B$G$N4V!"%9%$%C%A$K@\B3$5$l$?5!4o$N(B MAC $B%"%I%l%9$r3X=,$7$J$$$N$G$"$k!#(B
$B$3$N;vBV$,@8$8$k:]!"$3$N%9%$%C%A$r2p$9$k(B 2 $B$D$N%7%9%F%`4V$N%f%K%-%c%9%H(B
$B$N%H%i%U%#%C%/$O!"%9%$%C%A$K@\B3$5$l$?$9$Y$F$N5!4o$X%V%m!<%I%-%c%9%H$5(B
$B$l$F$7$^$&2DG=@-$,$"$k!#(B

$B$3$NLdBj$K$h$j!"967b<T$ODL>o>uBV$G%9%$%C%A$r2p$7$FDL?.$r9T$&%7%9%F%`$K(B
$B4XO"$9$k>pJs$rC%<h$9$k$3$H$,2DG=$K$J$k!#$3$NLdBj$O>pJs:><h967b(B (information
gathering attack) $B$K1~MQ2DG=$G$"$k!#IU$12C$($k$J$i$P!"$3$NLdBj$OJ?J8$G(B
$B9T$o$l$kDL?.FbMF$NEpD0$r>7$/$3$H$,2DG=$G$"$j!"%f!<%6L>!"%Q%9%o!<%I!"$=(B
$B$NB>$N=EMW$J>pJs$NC%<h$rGI@8$5$;$k2DG=@-$,$"$k!#(B

14. YoungZSoft CMailServer Buffer Overflow Vulnerability
BugTraq ID: 4789
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 21 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4789
$B$^$H$a(B:

CMailServer $B$O(B Microsoft Windows $B8~$1$NEE;R%a!<%k%5!<%P$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B YoungZSoft $B$K$h$C$FJ]<i$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(BCMailServer $B$K$O967b$KMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$N(B
$BLdBj$,B8:_$9$k!#%P%C%U%!%*!<%P!<%U%m!<$O%/%i%$%"%s%H$+$i$NF~NOCM$r=hM}(B
$B$9$k:]$N!"==J,$J6-3&%A%'%C%/$,9T$o$l$F$$$J$$$?$a$K@8$8$F$$$k!#%P%C%U%!(B
$B%*!<%P!<%U%m!<$O%/%i%$%"%s%H$+$i%5!<%P$X!"(BUSER $B%3%^%s%I$KBP$9$kD9$$%Q%i(B
$B%a!<%?$,0z$-EO$5$l$k:]$K@8$8$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$r9T$&967b<T$O!"%j%?!<%s%"%I%l%9$r4^$`%9%?%C%/Fb(B
$B$NCM$r>e=q$-$9$k2DG=@-$,$"$j!"$=$N7k2L$H$7$FG$0U$N%3!<%I$r<B9T$9$k2DG=(B
$B@-$,$"$k!#$^$?!"967b<T$O%3!<%I$r<B9T$5$;$k$?$a$NCm0U$rJ'$C$FAH$_N)$F$i(B
$B$l$?$N$G$O$J$$!"BgNL$N%G!<%?$rAw?.$9$k$3$H$K$h$j!"%5!<%S%9$N%/%i%C%7%e(B
$B$r4k$F$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B CMailServer 3.30 $B$K$D$$$FJs9p$5$l$F$$$k!#B>$N%P!<%8%g%s$bF1(B
$BMM$NLdBj$rJz$($k2DG=@-$,$"$k!#(B


15. Sun Solaris In.Rarpd Multiple Vulnerabilities
BugTraq ID: 4791
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4791
$B$^$H$a(B:

Solaris $B>e$GF0:n$9$k(B rarpd $B$N<B9T$K$*$$$F!"%P%C%U%!%*!<%P!<%U%m!<>uBV(B
$B$K4Y$kLdBj$,B8:_$9$k!#(B

in.rarpd $B$O(B Reverse Address Resolution Protocol $B%G!<%b%s$G$"$k!#(BPARP 
$B$O%3%s%T%e!<%?$N5/F0;~$K!"%$%s%?!<%M%C%H%W%m%H%3%k(B (IP) $B%"%I%l%9$r<hF@(B
$B$9$k$?$a$KMxMQ$5$l$k!#(B
Solaris $B$G$O!"(Bin.rarpd $B$O(B /usr/sbin/ $B$KB8:_$9$k!#(B

$B%j%b!<%H$+$i%P%C%U%!%*!<%P!<%U%m!<>uBV$K4Y$i$;$k$3$H$,2DG=$H$J$kLdBj$,(B
3 $B7o!"%m!<%+%k$+$i967b$r4k$F$k$3$H$,2DG=$JLdBj$,(B 2 $B7o!"=q<0J8;zNs$N<h$j(B
$B07$$$KM3Mh$9$kLdBj$,(B 2 $B7oJs9p$5$l$F$$$k!#(B

syslog $B$X$N=q$-9~$_;~$K$*$$$F!"(Bin.rarpd $B$OE,@Z$KJ8;zNs$N@07A$rH<$C$?=h(B
$BM}$r9T$C$F$$$J$$!#(Bin.rarpd $B$N2TF0$O(B root $B8"8B$G9T$o$M$P$J$i$J$$$?$a!"%j(B
$B%b!<%H$N967b<T$O!"LdBj$rJz$($k%3%s%T%e!<%?>e$G(B root $B8"8B$G$N%3!<%I$N<B(B
$B9T$,0z$-5/$3$5$l$k7k2L$r>7$/!"0-0U$"$k%j%/%(%9%H$rAH$_N)$F$k$3$H$,2DG=(B
$B$G$"$k!#(B

Sun Microsystems $B$NJs9p$G$O!"$3$l$iLdBj$r0z$-5/$3$9>u67$O!"LdBj$r0z$-5/(B
$B$3$9%G!<%?$,30It%M%C%H%o!<%/$+$i$OM?$($i$lF@$J$$$?$a$K967b$KMxMQ$9$k$3(B
$B$H$OITG=$G$"$k$H$N$3$H$G$"$k!#$5$i$K!"(BARP $B%Q%1%C%H$O(B IP $B%X%C%@$rJ];}$;(B
$B$:$^$?7PO)A*Dj$,$G$-$J$$$?$a!"967b<T$,$3$NLdBj$rMxMQ$9$k$?$a$K$O967b<T(B
$B<+?H$HLdBj$rJz$($k%3%s%T%e!<%?$HF10l$N%m!<%+%k$N%5%V%M%C%HFb$K0LCV$7$F(B
$B$$$kI,MW$,$"$k$H$N$3$H$G$"$k!#$7$+$7!"(Bin.rarpd $B%5!<%S%9$,ITMW$G$"$k>l9g!"(B
$B%7%9%F%`4IM}<T$O%5!<%S%9$NL58z2=$d!"%5!<%S%9$X$N%"%/%;%9$NKI;_<jCJ$rHw(B
$B$($k$3$H$,?d>)$5$l$F$$$k!#(B

16. Matu FTP Server Buffer Overflow Vulnerability
BugTraq ID: 4792
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4792
$B$^$H$a(B:

Matu FTP Server $B$O(B Microsoft Windwos 95 $B$*$h$S(B Windows 98 $B>e$GF0:n$9$k!"(B
$B%U%j!<$GF~<j2DG=$J(B FTP $B%5!<%P$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O967b$KMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<(B
$B$,B8:_$9$k!#$3$N%P%C%U%!%*!<%P!<%U%m!<$O!"%f!<%6$+$i$NF~NO%G!<%?$N<h$j(B
$B07$$$KM3Mh$7$F$$$k!#(B

$BJs9p$K$h$k$H!"Hs>o$KD9$$0z?t$,%5!<%P$X0z$-EO$5$l$k:]$K!"%P%C%U%!%*!<%P!<(B
$B%U%m!<$,@8$8$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$O!"%j%?!<%s%"%I%l%9$r4^$`!"%9%?%C%/JQ?t$r>e=q(B
$B$-$7!"G$0U$N%3!<%I$,<B9T2DG=$H$J$k$3$H$,?d;!$5$l$k!#(B
$B$^$?!"967b<T$O%3!<%I$r<B9T$5$;$k$?$a$KE,@Z$K@_7W$5$l$?$N$G$O$J$$!"BgNL(B
$B$N%G!<%?$rM?$($k$3$H$K$h$j$3$N%=%U%H%&%'%"$N%/%i%C%7%e$r0z$-5/$3$92DG=(B
$B@-$,$"$k!#(B

Matu FTP Server 1.13 $B$K$*$$$F$3$NLdBj$,H/8+$5$l$F$$$k!#$3$NB>$N%P!<%8%g(B
$B%s$b$^$?1F6A$r<u$1$k2DG=@-$,$"$k!#(B

17. Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
BugTraq ID: 4797
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4797
$B$^$H$a(B:

Microsoft Data Engine (MSDE) $B$H(B Microsoft SQL Server 2000 Desktop Engine 
$B$O%G!<%?%Y!<%9%5!<%P$H$7$FMM!9$J%"%W%j%1!<%7%g%s$H6&$KAH$_9g$o$;$FMxMQ(B
$B$9$k$3$H$,2DG=$G$"$k!#$3$l$i%=%U%H%&%'%"%3%s%]!<%M%s%H$r4p$K2TF0$9$k%"(B
$B%W%j%1!<%7%g%s$,F0:n$9$k%3%s%T%e!<%?$X$N%;%-%e%j%F%#>e$N6<0R$H$J$jF@$k(B
$B@_Dj$N8m$j$,B8:_$9$k!#(B

$B$3$N%5!<%S%9$G$O!"%G%U%)%k%H>uBV$G%f!<%6L>$,(B 'sa'$B!"$=$7$F6u$N4IM}MQ%Q%9(B
$B%o!<%I$,@_Dj$5$l$F$$$k$HJs9p$5$l$F$$$k!#%j%b!<%H$N967b<T$O!"%G%U%)%k%H(B
$B$N%Q%9%o!<%I$,JQ99$5$l$J$$>l9g$K$O!"%G!<%?%Y!<%9$X$N4IM}<T8"8B$K$h$k%"(B
$B%/%;%98"8B$rC%<h$9$k$?$a$K$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#(B

$B%$%s%?!<%M%C%H$r2p$7$F8=:_EAGECf$N%o!<%`$,!"(B Microsoft SQL Server$B!"(B
MSDE $B$d(B SQL Server 2000 Desktop Engine $B$r4^$`!"(BSQL server $B$+$iGI@8$5$l(B
$B$?@=IJ$K$*$$$F!"6u$N%Q%9%o!<%I>uBV$G$"$k%G%U%)%k%H@_Dj$rMxMQ$7$F!"967b(B
$B$r4k$F$F$$$kE@$K$ON10U$5$l$M$P$J$i$J$$!#(B

18. Cisco VoIP Phone Web Interface System Memory Contents Information Leakage Vulnerability
BugTraq ID: 4798
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4798
$B$^$H$a(B:

Cisco 7900 $B%7%j!<%:(B VoIP Phones $B$O(B Cisco Systems $B$K$h$C$FHNGd$5$l$F$$$k!"(B
Voice-Over-IP (IP $B%W%m%H%3%k$rMxMQ$7$F2;@<$rEA$($k5;=Q(B) $B$rDs6!$9$k%=%j%e!<(B
$B%7%g%s$G$"$k!#(B

$B$3$N%$%s%?!<%M%C%H$r2p$9$kEEOC%7%9%F%`$K$O!"%j%b!<%H%f!<%6$,0JA0$NH/?.(B
$B@h$N>uBV$r2r@O2DG=$H$J$k>pJs$K%"%/%;%92DG=$J>uBV$H$J$kLdBj$,B8:_$9$k!#(B
$BLdBj$OFCDj$N<oN`$N(B HTTP $B%j%/%(%9%H$N<h$j07$$$KM3Mh$7$F$$$k!#(B

$B$3$N5!4o$K$O!"AH$_9~$_7?$N(B Web $B%5!<%P$,Hw$($i$l$F$*$j!"$^$?!"$3$NAH$_9~(B
$B$_7?(BWeb $B%5!<%P$O$$$+$J$k%f!<%6$G$"$C$F$b!"EEOC%7%9%F%`MQ$N(B Web $B%$%s%?%U%'!<(B
$B%9$X$N@\B3$r2DG=$H$7!"7k2L$H$7$FE}7W%G!<%?$N1\Mw$,2DG=$G$"$k!#(B
$B$3$l$iE}7W>pJs$K$OEEOC%7%9%F%`Fb$N%$!<%5%M%C%H%]!<%H$K4X$9$k>pJs$,4^$^(B
$B$l!"(B/PortInfomation $B%9%/%j%W%H$K$h$C$F=hM}$,9T$o$l$F$$$k!#(B

$BG$0U$N9b$$CM$N(B port ID ($B8@$$49$($l$P!"(Bhttp://www.example.com/PortInformati
on?<port> $B$H$J$k!#$3$N(B <port> $B$KF~$kCM$O@0?tCM$G$"$k!#(B) $B$r;XDj$7$F!"(B
/PortInfomation $B%9%/%j%W%H$X(B HTTP $B%j%/%(%9%H$rAw?.$9$k$3$H$K$h$j!"(BWeb
$B%5!<%P$,EEOCHV9f$r4^$`%a%b%jFbMF$N%@%s%W$rJV$92DG=@-$,$"$k!#(B

$B%a%b%jFbMF$OMM!9$JFbMF$,4^$^$l$F$$$k$H9M$($i$l$k$?$a!"%a%b%jFbMF$+$i>p(B
$BJs$rH4$-=P$9$?$a$KJ,@O$r9T$&$3$H$,2DG=$G$"$k!#$3$3$G<h$j=P$5$l$k>pJs$K(B
$B$O4{$KH/?.$5$l$?EEOCHV9f$,4^$^$l$F$$$k2DG=@-$,$"$k!#(B

19. Cisco VoIP Phone Stream Request Denial Of Service Vulnerability
BugTraq ID: 4794
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4794
$B$^$H$a(B:

Cisco 7900 $B%7%j!<%:(B VoIP Phones $B$O(B Cisco Systems $B$K$h$C$FHNGd$5$l$F$$$k!"(B
Voice-Over-IP (IP $B%W%m%H%3%k$rMxMQ$7$F2;@<$rEA$($k5;=Q(B) $B$rDs6!$9$k%=%j%e!<(B
$B%7%g%s$G$"$k!#(B

$B$3$N%$%s%?!<%M%C%H$r2p$9$kEEOC%7%9%F%`$K$O!"%j%b!<%H%f!<%6$,%7%9%F%`$N(B
$B@5Ev$J%f!<%6$KBP$7!"%5!<%S%9$N5qH]$r2DG=$H$9$kLdBj$,B8:_$9$k!#$3$NLdBj(B
$B$O(B HTTP $B%j%/%(%9%H$NFCDj$N7A<0$KBP$9$k<h$j07$$$KM3Mh$9$k!#(B

$B$3$N5!4o$K$O!"AH$_9~$_7?$N(B Web $B%5!<%P$,Hw$($i$l$F$*$j!"$^$?!"$3$NAH$_9~(B
$B$_7?(BWeb $B%5!<%P$O$$$+$J$k%f!<%6$G$"$C$F$b!"EEOC%7%9%F%`MQ$N(B Web $B%$%s%?%U%'!<(B
$B%9$X$N@\B3$r2DG=$H$7!"7k2L$H$7$FE}7W%G!<%?$N1\Mw$,2DG=$G$"$k!#(B
$B$3$l$iE}7W>pJs$K$O8F$S=P$7%9%H%j!<%`$K$D$$$F$N>pJs$,4^$^$l!"(B
/StreamingStatistics $B%9%/%j%W%H$K$h$j=hM}$5$l$F$$$k!#(B

$BG$0U$N9b$$CM$N(B stream ID ($B8@$$49$($l$P!"(Bhttp://www.example.com/StreamingSta
tistics?<stream> $B$H$J$k!#$3$N(B <stream> $B$KF~$kCM$O@0?tCM$G$"$k!#(B) $B$G(B 
/StreamingStatistics $B%9%/%j%W%H$X(B HTTP $B%j%/%(%9%H$rAw?.$9$k$3$H$K$h$j!"(B
$BEEOC5!$=$N$b$N$,%j%;%C%H$5$l!"EEOC5!$O(B 30 $BIC$N4V!"H/?.$b$7$/$OCe?.$,IT(B
$BG=$J>uBV$K4Y$k!#$3$l$O(B 32768 $B$rD6$((B stream ID $B$NCM$rAw?.$9$k$3$H$G:F8=(B
$B$5$l!"(Bstream ID $B$NCM$K(B 120000 $B$rM?$($k>l9g$K$O>o$K:F8=$9$k$HJs9p$5$l$F(B
$B$$$k!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H%f!<%6$O!"G$0U$N;~E@$GEEOC5!$N%j%;%C%H$,2DG=$H(B
$B$J$k!#$9$J$o$A!"Ce?.8F$S=P$7!"$b$7$/$O4{$K?J9TCf$N8F$S=P$7$rK8322DG=$G(B
$B$J$k!#(B

20. Cisco VoIP Phone Default Administrative Password Vulnerability
BugTraq ID: 4799
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4799
$B$^$H$a(B:

Cisco 7900 $B%7%j!<%:(B VoIP Phones $B$O(B Cisco Systems $B$K$h$C$FHNGd$5$l$F$$$k!"(B
Voice-Over-IP (IP $B%W%m%H%3%k$rMxMQ$7$F2;@<$rEA$($k5;=Q(B) $B$rDs6!$9$k%=%j%e!<(B
$B%7%g%s$G$"$k!#(B

$B$3$N%$%s%?!<%M%C%H$r2p$7$?EEOC%7%9%F%`$K$O!"%f!<%6$,EEOC5!@_Dj$rJQ99$9(B
$B$k$?$a$KJ*M}E*$J%"%/%;%9$,2DG=$K$J$kLdBj$rJz$($F$$$k!#$3$NLdBj$O%G%U%)(B
$B%k%H$N4IM}<TMQ%Q%9%o!<%I$N@_Dj$KM3Mh$9$k!#(B

$B%G%U%)%k%H@_Dj$G$O!"(BCisco VoIP 7900 $B%7%j!<%:$K$O!"%G%U%)%k%H$N4IM}MQ%Q(B
$B%9%o!<%I$rMxMQ$9$k!#%U%!!<%`%&%'%"$K$O!"%f!<%6$K%U%!!<%`%&%'%"Fb$NEEOC(B
$B@_Dj$N%Q%i%a%?$X$N%"%/%;%9$r2DG=$H$9$k(B '*-*#' ($B%"%9%?%j%9%/!]%"%9%?%j%9(B
$B%/!]%7%c!<%W(B) $B$NM=$a=P2Y;~$K8GDjCM$G@_Dj$5$l$?%Q%9%o!<%I$,@_Dj$5$l$F$$(B
$B$k!#(B

$B$3$NLdBj$K$h$j!"%f!<%6$O%H%m%$$NLZGO$N$h$&$J%U%!!<%`%&%'%"$N%m!<%I!"$b(B
$B$7$/$O8F$S=P$74IM}%7%9%F%`$N(B IP $B%"%I%l%9$rJQ99$9$k$h$&$JB>$N0-0U$"$k9T(B
$B0Y$H$J$k!"0-0U$"$k4k$F$r<B9T2DG=$G$"$k!#(B

21. NewAtlanta ServletExec/ISAPI Path Disclosure Vulnerability
BugTraq ID: 4793
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4793
$B$^$H$a(B:

ServletExec/ISAPI $B$O(B Microsoft IIS $BMQ$N%W%i%0%$%s7?$N(B Java Servlet/JSP
$B%(%s%8%s$G$"$k!#$3$l$O(B Microsoft Windows NT/2000/XP $B>e$N(B IIS $B$GF0:n$9$k!#(B

ServletExec/ISAPI $B$O!"8e$KB3$/%U%!%$%kL>$rH<$o$J$$!"FCJL$KAH$_N)$F$i$l(B
$B$?(B HTTP $B%j%/%(%9%H$rAw$j$D$1$i$l$k$H!"(BWeb $BMQ$N%I%-%e%a%s%H%k!<%H%G%#%l(B
$B%/%H%j$N@dBP%Q%9$r3+<($7$F$7$^$&$N$G$"$k!#(B

$B6qBNE*$K$O!"(B'com.newatlanta.servletexec.JSP10Servlet' $B%/%i%9$,8e$KB3$/(B
$B%U%!%$%kL>$rH<$o$:$K8F$S=P$5$l$k$H!"$=$N8e%(%i!<%Z!<%8$,!"(BWeb $BMQ%I%-%e(B
$B%a%s%H%k!<%H$N%Q%9$H6&$KI=<($5$l$k$N$G$"$k!#(B

$B$3$NN`$N=EMW$J>pJs$O!"BP>]%[%9%H$KBP$9$k99$J$k967b$NJd=u<jCJ$H$J$jF@$k(B
$B2DG=@-$,$"$k!#(B

22. NewAtlanta ServletExec/ISAPI File Disclosure Vulnerability
BugTraq ID: 4795
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4795
$B$^$H$a(B:

ServletExec/ISAPI $B$O(B Microsoft IIS $BMQ$N%W%i%0%$%s7?$N(B Java Servlet/JSP
$B%(%s%8%s$G$"$k!#$3$l$O(B Microsoft Windows NT/2000/XP $B>e$N(B IIS $B$GF0:n$9$k!#(B

ServletExec/ISAPI $B$K$O!"(BWeb $BMQ$N8x3+J8=qMQ$N%I%-%e%a%s%H%k!<%H%G%#%l%/(B
$B%H%jFb$NG$0U$N%U%!%$%k$N%3%s%F%s%D$r3+<($7$F$7$^$&62$l$,$"$k!#(B

$B$3$NLdBj$r0z$-5/$3$9$?$a$K$O!"(BURL $B%(%s%3!<%I$5$l$?%G%#%l%/%H%j$r$^$?$,$C(B
$B$F3+<($r0z$-5/$3$9$?$a$NJ8;zNs$H!"3+<(BP>H$N%U%!%$%kL>$KB3$1$F!"(B
'com.newatlanta.servletexec.JSP10Servlet' $B%/%i%9$,8F$S=P$5$l$F$$$J$1$l$P(B
$B$J$i$J$$!#$3$NLdBj$K$h$j!"DL>o(B Web $BMQ$N8x3+J8=qMQ$N%I%-%e%a%s%H%k!<%H%G%#(B
$B%l%/%H%jFb$G$O3+<($5$lF@$J$$%U%!%$%k$N3+<($,0z$-5/$3$5$l$k$?$a!"$3$NLdBj(B
$B$rMxMQ$9$k!"(BWeb $BMQ$N8x3+J8=qMQ$N%I%-%e%a%s%H%k!<%H%G%#%l%/%H%j$N@)8BHO0O(B
$B$r2sHr$9$k$?$a$N967b$OITG=$G$"$k$H9M$($i$l$k!#(B

$B$3$NLdBj$O!"(BJSPServlet $B$K30It$+$iM?$($i$l$k%G!<%?$K4X$9$k!"==J,$JBEEv@-(B
$B$N3NG'$rBU$C$F$$$k$?$a$K@8$8$k!#$3$NLdBj$K$h$j=EMW$J>pJs$,3+<($5$l$k7k2L(B
$B$r>7$/2DG=@-$,$"$k!#(B

23. NewAtlanta ServletExec/ISAPI JSPServlet Denial Of Service Vulnerability
BugTraq ID: 4796
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 22 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4796
$B$^$H$a(B:

ServletExec/ISAPI $B$O(B Microsoft IIS $BMQ$N%W%i%0%$%s7?$N(B Java Servlet/JSP
$B%(%s%8%s$G$"$k!#$3$l$O(B Microsoft Windows NT/2000/XP $B>e$N(B IIS $B$GF0:n$9$k!#(B

$B$3$N(B JSPServlet $B$,Hs>o$KD9$$%j%/%(%9%H$r<h$j07$&:]$KLdBj$,H/@8$9$k!#(B
JSPServlet $B$KHs>o$KD9$$%j%/%(%9%H$,D>@\Aw$i$l$k!"$b$7$/$O(B JSP $B%U%!%$%k(B
$B$KBP$9$kD9$$(B HTTP $B%j%/%(%9%H$r2p$7$F8F$S=P$5$l$k$3$H$G!"(BDoS $B>uBV$K4Y$k(B
$B$N$G$"$k!#(B

$B$3$l$O$3$N%=%U%H%&%'%"$N%P%C%/%(%s%I$H$J$k(B Web $B%5!<%P$N%/%i%C%7%e$r0z$-(B
$B5/$3$9$HJs9p$5$l$F$$$k!#(B

$B$3$NLdBj$O6-3&%A%'%C%/$,==J,$K9T$o$l$F$$$J$$7k2L$G$"$k$H9M$($i$l!"967b(B
$B<T$OG$0U$N%3!<%I$r<B9T2DG=$H$J$k$3$H$,?d;!$5$l$k!#(B
$B$7$+$7!"$3$N2DG=@-$K$D$$$F$OL$8!>Z$G$"$k!#(B

24. Compaq ProLiant BL e-Class Enclosure Unauthorized Integrated Administrator Access Vulnerability
BugTraq ID: 4802
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 21 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4802
$B$^$H$a(B:

Compaq ProLiant BL e-Class enclosure $B$O(B Integrated Administrator $B8~$1$K(B
$B%7%9%F%`4IM}5!G=$rDs6!$9$k!#(B

CLI (Command Line Interface) $B%;%C%7%g%s$rMxMQ$9$k$3$H$G!"%m!<%+%k%f!<%6(B
$B$K(B Integrated Administrator $B$r2p$7$F(B Compaq ProLiant BL e-Class enclosure
$B$N4IM}MQ%"%/%;%98"8B$rC%<h$5$l$k2DG=@-$,$"$kLdBj$,H/8+$5$l$F$$$k!#(B
$B$3$NLdBj$O%f!<%6$,(B telnet$B!"(BSSH$B!"%3%s%=!<%k7PM3$GEv3:%7%9%F%`$X%"%/%;%9(B
$B2DG=$G$"$k>l9g$K$N$_!"967b$KMxMQ2DG=$G$"$k$3$H$,4{$KCN$i$l$F$$$k!#(B

$B$3$NLdBj$N1F6A$,(B Server Blade $B$XC#$7$J$$E@$ON10U$5$l$M$P$J$i$J$$!#(B

$B$5$i$J$k5;=QE*$J>\:Y$O!"8=;~E@$G$O8x3+$5$l$F$$$J$$!#(B

25. OpenBSD sshd BSD Authentication Implementation Error Vulnerability
BugTraq ID: 4803
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4803
$B$^$H$a(B:

OpenBSD $B$O%U%j!<$GF~<j2DG=$G$"$j!"%;%-%e%j%F%#$r9M$($F@_7W$5$l$?%*!<%W(B
$B%s%=!<%9$N(B OS $B$"$k!#$3$l$O(B OpenBSD project $B$K$h$C$FJ]<i$*$h$SG[I[$,9T$o(B
$B$l$F$$$k!#(B

OpenBSD $B>e$GF0:n$9$k(B OpenSSH $B%5!<%P$K$O%;%-%e%j%F%#>e$NLdBj$,H/8+$5$l(B
$B$F$$$k!#$3$NLdBj$O(B BSD $BM3Mh$NG'>Z5!9=$N<BAu$K4XO"$7$F$$$k!#(B

sshd $B%f!<%F%#%j%F%#$K$O!"B>$N%f!<%6$N%Q%9%o!<%I$rMxMQ$7$h$&$H$9$k:]$K!"(B
auth_approval() $B4X?t$,(B libc $B%Q%9%o!<%I$NF~NO9=B$$r>e=q$-$9$k2DG=@-$,$"(B
$B$k>u67$,B8:_$9$k!#$3$l$O(B YP/NIS $B$rMxMQ$9$k:]$K@8$:$k2DG=@-$,$"$k!#(B
$B$3$NLdBj$rMxMQ$9$k$3$H$G!"%m%C%/$5$l$?%"%+%&%s%H$r=jM-$9$k%f!<%6$KG'>Z(B
$B$r@.8y$5$l$F$7$^$&2DG=@-$,$"$k!#(B

26. Microsoft Active Directory Zero Page Length Query Vulnerability
BugTraq ID: 4804
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4804
$B$^$H$a(B:

$BJs9p$K$h$k$H!"(BMicrosoft Active Directory $B$O!"$3$N5!9=$,$b$O$d1~Ez$7$J(B
$B$/$J$k7k2L$r>7$/%/%(%j$r9T$&LdBj$rJz$($F$$$k!#(B

$BLdBj$O(B GSS-API (Generic Security Standard Application Programming 
Interface) $B$K$h$j(B Kerberos V $BG'>Z$rMxMQ$9$k(B Active Directory $B%5!<%P$X(B
$B$N%/%(%j$KM3Mh$7$F$$$k$HJs9p$5$l$F$$$k!#(B

Active Directory $B%5!<%P$N%G%U%)%k%H@_Dj$G$O!"%j%/%(%9%H$X$N1~Ez$N:]$K(B
$B2DG=$G$"$k8B$jB?$/$N%(%s%H%j$KBP$7$F1~Ez$rJV$9!#(BLDAP $B%/%i%$%"%s%H$O!"(B
$B$h$j:Y$+$J?t$N%Z!<%8D9$r@_Dj$9$k$3$H$K$h$j!"<u$1<h$i$l$kB?$/$N%(%s%H(B
$B%j$r;XDj$9$k$3$H$,2DG=$H$J$k!#%Z!<%8D9$NCM$,%<%m$K@_Dj$5$l!"%/%i%$%"%s(B
$B%H$,B??t$N%j%/%(%9%H$rAw$j$D$1$k>l9g$K!"$3$NJs9p$5$l$?LdBj$,@8$:$k$N$G(B
$B$"$k!#$3$l$OLdBj$rJz$($k(B Active Directory $B%5!<%P$KBP$7!"(BDoS $B>uBV$r0z$-(B
$B5/$3$9$?$a$N<jCJ$H$J$k$3$H$,A[Dj$5$l$k!#(B

27. Ethereal DNS Dissector  Infinite Loop Denial of Service Vulnerability
BugTraq ID: 4807
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4807
$B$^$H$a(B:

Ethereal $B$O%U%j!<$GF~<j2DG=$G$"$j!"%*!<%W%s%=!<%9$J%M%C%H%o!<%/%H%i%U(B
$B%#%C%/2r@O%D!<%k$G$"$k!#$3$l$O(B Ethereal Project $B$K$*$$$FJ]<i$5$l$F$*$j!"(B
$BB?$/$N(BUNIX $B$dMM!9$J(B Linux $B$K$*$$$F!"$^$?F1MM$K!"(BMicrosoft Windows $B$K$*(B
$B$$$F$bF0:n$9$k%=%U%H%&%'%"$G$"$k!#(B

Ethereal DNS Dissector $B$O(B DNS $B%W%m%H%3%k$NI|9g2=$N$?$a$KMxMQ$5$l$k5!9=(B
$B$G$"$k!#(BDNS Dissector $B$N%k!<%A%s$K$O!"%j%/%(%9%H$N=hM}Cf$KL58B%k!<%W>u(B
$BBV$K4Y$k2DG=@-$,$"$k>u67$,B8:_$9$k!#$3$l$i>u67$O967b<T$K$h$C$F0U?^E*$K(B
$BAH$_N)$F$i$l!"%M%C%H%o!<%/Fb$rE>Aw$5$l$k(B DNS $B%/%(%j$K$h$C$F0z$-5/$3$5$l(B
$B$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"%G!<%?$NB;<:$d(B Ethereal $B$G$N8!=P(B
$B$r2sHr$9$k7k2L$r>7$/2DG=@-$,$"$k!#(B

28. Ethereal Server Message Block Dissector Malformed Packet Denial Of Service Vulnerability
BugTraq ID: 4806
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4806
$B$^$H$a(B:

Ethereal $B$O%U%j!<$GF~<j2DG=$G$"$j!"%*!<%W%s%=!<%9$J%M%C%H%o!<%/%H%i%U(B
$B%#%C%/2r@O%D!<%k$G$"$k!#$3$l$O(B Ethereal Project $B$K$*$$$FJ]<i$5$l$F$*$j!"(B
$BB?$/$N(BUNIX $B$dMM!9$J(B Linux $B$K$*$$$F!"$^$?F1MM$K!"(BMicrosoft Windows $B$K$*(B
$B$$$F$bF0:n$9$k%=%U%H%&%'%"$G$"$k!#(B

Ethereal Server Message Block (SMB) Dissector $B$O(B Microsoft SMB Protocol
$B$NI|9f2=$N$?$a$KMxMQ$5$l$k5!9=$G$"$k!#$3$N(B Ethereal $B$N0lIt$,Jz$($kLdBj(B
$B$K$h$j!"%j%b!<%H$N967b<T$,(B Ethereal $B%f!<%6$KBP$7$F(B DoS $B$r4k$F$k$3$H$,2D(B
$BG=$G$"$k!#(B

NULL $B%]%$%s%?$N;2>HCM$NFI=P$7$r$b$?$i$97k2L$r>7$/2DG=@-$,$"$k!"(B2 $B$D$N>u(B
$B67$,B8:_$9$k!#$3$l$i>u67$O967b<T$K$h$C$F0U?^E*$KAH$_N)$F$i$l!"%M%C%H%o!<(B
$B%/Fb$rE>Aw$5$l$k(B SMB $B%Q%1%C%H$K$h$C$F0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B
Ethereal $B$N%;%C%7%g%s$NF0:nCf$K$3$N$h$&$J%Q%1%C%H$rAw?.$9$k$3$H$K$h$j!"(B
Ethereal $B$G$O(B NULL $B%]%$%s%?$N;2>HCM$NFI$_=P$7$,9T$o$l$k$?$a!"%"%W%j%1!<(B
$B%7%g%s$N%/%i%C%7%e$r>7$/$3$H$,2DG=$H$J$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"%a%b%j$NJ]8n0cH?$K$h$j(B Ethereal
$B$,%/%i%C%7%e$9$k7k2L$r>7$-!"7k2L$H$7$F(B DoS $B>uBV$K4Y$k2DG=@-$,$"$k!#(B

29. Ethereal GIOP Dissector Memory Exhaustion Vulnerability
BugTraq ID: 4808
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4808
$B$^$H$a(B:

Ethereal $B$O%U%j!<$GF~<j2DG=$G$"$j!"%*!<%W%s%=!<%9$J%M%C%H%o!<%/%H%i%U(B
$B%#%C%/2r@O%D!<%k$G$"$k!#$3$l$O(B Ethereal Project $B$K$*$$$FJ]<i$5$l$F$*$j!"(B
$BB?$/$N(BUNIX $B$dMM!9$J(B Linux $B$K$*$$$F!"$^$?F1MM$K!"(BMicrosoft Windows $B$K$*(B
$B$$$F$bF0:n$9$k%=%U%H%&%'%"$G$"$k!#(B

Ethereal GIOP Dissector $B$O(B General Inter-ORB Protocol (GIOP) $B$NI|9g2=(B
$B$N$?$a$KMxMQ$5$l$k5!9=$G$"$k!#$3$N5!9=$K$OMxMQ2DG=$J%a%b%j$r;H$$?T$/$9(B
$B7k2L$r>7$/2DG=@-$,$"$k>u67$,B8:_$9$k!#FCJL$K9=@.$5$l$?%Q%1%C%H$,%a%b%j(B
$B$NBgNL$N3d$jEv$F$r0z$-5/$3$92DG=@-$,$"$k!#967b<T$OMxMQ2DG=$J%a%b%j$r>C(B
$BHq$7?T$/$5$;$k$?$a$K!"$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"(BEthereal $B$N=hM}$N<:8z!"$b$7$/$O(B
$B%/%i%C%7%e$r>7$/2DG=@-$,$"$k!#(B

30. SSH Communications Secure Shell Server AllowedAuthentications Configuration Overriding Vulnerability
BugTraq ID: 4810
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4810
$B$^$H$a(B:

Secure Shell $B$O(B SSH Communications $B$K$h$C$FJ]<i!"HNGd$5$l$F$$$k>&MQ$N(B
SSH $B$N<BAu$G$"$k!#(B UNIX$B!"(BLinux$B!"$=$7$F(B Microsoft Windows $B$rF0:n4D6-$H(B
$B$7$F$$$k!#(B

$B$$$/$D$+$N(B SSH $B%5!<%P$O%j%b!<%H%f!<%6$,G$0U$NG'>ZJ}K!$rMxMQ2DG=$K$J$k(B
$B$H?d;!$5$l$kLdBj$rJz$($F$$$k!#$3$NLdBj$O@_Dj>pJsFb$G;XDj$5$l$?G'>ZJ}K!(B
$B$N<h$j07$$It$KM3Mh$7$F$$$k!#(B

SSH $B%5!<%P$N<BAu$G$O!"4IM}<T$,%5!<%PMQ$N@_Dj%U%!%$%k$rMxMQ$7$FG'>Z$KMx(B
$BMQ$5$l$k%b!<%I$r;XDj2DG=$G$"$k!#@_Dj9`L\Fb$N!"(B"AllowedAuthentications"
$B%Q%i%a!<%?$rMxMQ$7!"4IM}<T$O%j%b!<%H%f!<%6$KMxMQ$5$l$kG'>Z5!9=$NHO0O$r(B
$B@)8B2DG=$G$"$k!#(B

$BFCDj$N>r7o2<$K$*$$$F!"%j%b!<%H%f!<%6$O%5!<%P$N@_Dj%U%!%$%kFb$G;XDj$5$l(B
$B$?!"(B"AllowedAuthentications" $B$N@_Dj$r2sHr2DG=$G$"$k$H?d;!$5$l$k!#$3$NLd(B
$BBj$K$h$j!"%f!<%6$O;XDj:Q$_$NG'>ZJ}K!$H$O0[$J$kJ}K!$d!"%Q%9%o!<%I$J$I$N(B
$BG'>Z$KMQ$$$i$l$k$K$O@H$$J}K!$rMxMQ$9$k2DG=@-$,$"$k!#$h$j6/8G$JG'>ZMQ<j(B
$B=g$rMxMQ$7!"$^$?!"%7%9%F%`Fb$N%f!<%6%"%+%&%s%H$,@H$$%Q%9%o!<%I$GJ]8n$5(B
$B$l$F$$$k>u67$K$*$$$F!"967b<T$O6/8G$JG'>ZMQ<jCJ$G$O$J$/!"@H$$%Q%9%o!<%I(B
$B$rMxMQ$7$F%7%9%F%`$X$N%"%/%;%98"$rC%<h$9$k$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$K$h$C$F!"%j%b!<%H%f!<%6$,G'>Z5!9=$r2sHr$7!"@x:_E*$K$h$j<e$$G'(B
$B>ZJ}K!$rMxMQ$9$k$3$H$,2DG=$H$J$k!#(B

31. Cisco CBOS Oversized Packet DHCP Denial Of Service Vulnerability
BugTraq ID: 4813
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4813
$B$^$H$a(B:

CBOS (Cisco Broadband Operating System) $B$O(B Cisco 600 $B%7%j!<%:%k!<%?8~$1(B
$B$N(B OS $B$G$"$k!#(B

CBOS $B$OBg$-$J%5%$%:$N%Q%1%C%H$r07$C$?:]$K(B DoS $B>uBV$r0z$-5/$3$95?$$$rJz(B
$B$($F$$$k!#(B

DHCP (Dynamic Host Configuration Protocol) $B%]!<%H$KBg$-$J%5%$%:$N%Q%1%C(B
$B%H$rAw?.$9$k$3$H$G!"(B CPE (Customer Premises Equipment) $B$rMxMQITG=>uBV$K(B
$B4Y$i$;$k$3$H$,2DG=$J$N$G$"$k!#(B
DHCP $B%]!<%H$O1F6A$r<u$1$k5!4o$G%G%U%)%k%H$GM-8z$H$J$C$F$$$k!#(B

$B0J2<$N(B Cisco 600 $B%7%j!<%:$N%k!<%?$,1F6A$r<u$1$k!#(B
605$B!"(B626$B!"(B627$B!"(B633$B!"(B673$B!"(B675$B!"(B675e$B!"(B676$B!"(B677$B!"(B677i$B!"(B678

$B$3$NLdBj$O(B Cisco Bug ID CSCdw90020 $B$K3d$jEv$F$i$l$F$$$k!#(B

32. Cisco Broadband Operating System TCP/IP Stack Denial of Service Vulnerability
BugTraq ID: 4815
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4815
$B$^$H$a(B:

Cisco Broadband Operating System (CBOS) $B$O(B Cisco 600 $B%7%j!<%:%k!<%?$GMx(B
$BMQ$5$l$F$$$k(B OS $B$G$"$k!#(B

CBOS $B$N(B TCP/IP $B$N%9%?%C%/$O!"A4$F$NMxMQ2DG=$J%a%b%j$r;H$$2L$?$7!"7k2L$H(B
$B$7$F(B DoS $B>uBV$r>7$/LdBj$rJz$($F$$$k!#%9%?%C%/$,DL>o9M$($i$l$J$$Bg$-$5$N(B
$B%Q%1%C%H$rJ#?t=hM}$9$k:]$K!":G=*E*$KA4$F$N%a%b%j$r>CLW$7$F$7$^$&$N$G$"(B
$B$k!#$3$N>u67$,H/@8$9$k$H!"%k!<%?$,Dd;_$7!"$$$+$J$k%Q%1%C%H$bE>Aw$G$-$J(B
$B$/$J$k!#(B

$B0J2<$N(B Cisco 600 $B%7%j!<%:$N%k!<%?$,1F6A$r<u$1$k!#(B
605$B!"(B626$B!"(B627$B!"(B633$B!"(B673$B!"(B675$B!"(B675e$B!"(B676$B!"(B677$B!"(B677i$B!"(B678

$B$3$NLdBj$O(B Cisco Bug ID CSCdx36121 $B$K3d$jEv$F$i$l$F$$$k!#(B

33. Cisco CBOS Telnet Denial of Service Vulnerability
BugTraq ID: 4814
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 23 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4814
$B$^$H$a(B:

CBOS (Cisco Broadband Operating System) $B$O(B Cisco 600 $B%7%j!<%:8~$1$N(B OS
$B$G$"$k!#(B

CBOS $B%=%U%H%&%'%"$N(B 2.4.4 $B$H$=$l0JA0$N%P!<%8%g%s$O(B DoS $B>uBV$K4Y$kLdBj$r(B
$BJz$($F$$$k!#(B

$B$3$NLdBj$O!"(B CPE $B$N(B telnet $B%]!<%H$KDL>o9M$($i$l$J$$$h$&$JBg$-$5$N%Q%1%C(B
$B%H$rAw?.$9$k$3$H$G@8$8$k!#%j%b!<%H$N967b<T$O!"$3$N%G%P%$%9$N@5Ev$J%f!<(B
$B%6$KBP$7$F$N%5!<%S%9$rMxMQITG=$K$9$k$?$a$K!"$3$NLdBj$r0-MQ2DG=$G$"$k!#(B

telnet $B%5!<%S%9$O%G%U%)%k%H$GM-8z$K$J$C$F$$$kE@$ON10U$5$l$k$Y$-$G$"$k!#(B

$B0J2<$N(B Cisco 600 $B%7%j!<%:%k!<%?$N%G%P%$%9$,1F6A$r<u$1$k!#(B
605$B!"(B626$B!"(B627$B!"(B633$B!"(B673$B!"(B675$B!"(B675e$B!"(B676$B!"(B677$B!"(B677i$B!"(B678

$B$3$NLdBj$O(B Cisco Bug ID CSCdv50135 $B$K3d$jEv$F$i$l$F$$$k!#(B

34. Debian GNU/Linux netstd Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 4816
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4816
$B$^$H$a(B:

Debian GNU/Linux $B$KF1:-$5$l$F$$$k(B netstd $B%Q%C%1!<%8$O!"%M%C%H%o!<%/%f!<(B
$B%F%#%j%F%#$d%G!<%b%s%W%m%0%i%`$,?tB?$/4^$^$l$F$$$k!#(B
$BJs9p$K$h$k$H!"(BDebian $B$K4^$^$l$F$$$k(B netstd $B$N%P!<%8%g%s(B 3.07-17 $B$K%P%C(B
$B%U%!%*!<%P!<%U%m!<$rMxMQ$9$k967b$,2DG=$JLdBj$,B8:_$9$k$H$N$3$H$G$"$k!#(B
$B$3$NLdBj$K$h$C$F!"(B netstd $B$K4^$^$l$F$$$kJ#?t$N%f!<%F%#%j%F%#$,1F6A$r<u(B
$B$1$k!#1F6A$r<u$1$k%f!<%F%#%j%F%#$O0J2<$N$H$*$j$G$"$k!#(B

- linux-ftpd
- pcnfsd
- tftp
- traceroute
- from/to

$B%P%C%U%!%*!<%P!<%U%m!<$O!"967b85$N(B DNS (Domain Name System ) $B%5!<%P$K$h$C(B
$B$F@8@.$5$l$?(B FQDN (Fully Qualified Domain Name) $B1~Ez$,!"$$$+$J$k%A%'%C(B
$B%/$r<u$1$k$3$H$J$/>.NN0h$N%P%C%U%!$X%3%T!<$5$l$k$?$a$K@8$8$F$$$k!#$3$N(B
$BLdBj$K$h$j!"0-0U$"$k967b<T$O%P%C%U%!$r%*!<%P!<%U%m!<$5$;!"LdBj$rJz$($k(B
$B%W%m%;%9$N=jM-<T$N8"8B$G%3!<%I$r<B9T$5$;$k$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#(B

35. IBM DB2 db2ckpw Buffer Overflow Vulnerability
BugTraq ID: 4817
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4817
$B$^$H$a(B:

IBM DB2 $B$O(B 'db2ckpw' $B%f!<%F%#%j%F%#$rG'>Z%7%9%F%`$N0lIt$H$7$FF1:-$7$F$$(B
$B$k!#%G%U%)%k%H$G$O(B db2ckpw $B$O(B setuid root $B>uBV$G%$%s%9%H!<%k$5$l$k!#(B

db2ckpw $B$K$O%P%C%U%!%*!<%P!<%U%m!<>uBV$r0z$-5/$3$9LdBj$,B8:_$9$k!#(B
8 $BJ8;z0J>e$N%f!<%6L>$rF~NO$9$k$3$H$G!"$3$N>uBV$r0z$-5/$3$9$3$H$,2DG=$G(B
$B$"$k!#(B

db2ckpw $B$OB>$N%3%s%]!<%M%s%H$K$h$C$F8F$S=P$5$l$k$h$&$K@_7W$5$l$F$$$k!#(B
$B%f!<%6L>$H%Q%9%o!<%I$KBP$9$k6-3&%A%'%C%/$O(B db2ckpw $B$,8F$S=P$5$l$kA0$KB>(B
$B$N%3%s%]!<%M%s%H$G9T$o$l$F$$$k$?$a!"(Bdb2ckpw $B<+?H$G$O9T$o$l$F$$$J$$!#(B

$B$3$N$?$a!"(Bdb2ckpw $B$,D>@\<B9T$5$l$k:]!"%m!<%+%k%f!<%6$K$h$j(B db2ckpw $BFb$N(B
$B%;%-%e%"$G$O$J$$J8;zNsJ#@==hM}$KBP$9$k967b$,4k$F$i$l$k2DG=@-$,$"$k!#(B
$B%m!<%+%k%f!<%6$O1F6A$r<u$1$k4X?t$N%j%?!<%s%"%I%l%9$r%7%'%k%3!<%I$X$N%](B
$B%$%s%?$G>e=q$-$9$kCM$N%f!<%6L>$r$3$N%W%m%0%i%`$K0z$-EO$92DG=@-$,$"$k!#(B
$B$3$N:]!"4X?t$+$i%j%?!<%s$9$k:]!"967b<T$,;XDj$9$k%7%'%k%3!<%I$O$^$5$K(B root
$B8"8B$G<B9T$5$l$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$,@.8y$7$?>l9g!"%[%9%H$r40A4$K>h$C<h$k$3$H$,2DG=(B
$B$G$"$k$H?d;!$5$l$k!#(B

36. ViewCVS Cross-Site Scripting Vulnerability
BugTraq ID: 4818
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4818
$B$^$H$a(B:

ViewCVS $B$O(B CVS $B8~$1$N!"%*!<%W%s%=!<%9$N(B Web $B%$%s%?!<%U%'!<%9$G$"$k!#(B
ViewCVS $B$OB?$/$N(B UNIX $B$d(B Linux $B$GF0:n$7!"$^$?!"F1MM$K(B Microsoft Windows
$B$K$*$$$F$bF0:n$9$k!#(B

ViewCVS $B$OFCDj$N(B URL $B%Q%i%a!<%?$+$i(B HTML $B%?%0$N=|5n$r9T$C$F$*$i$:!"%/%m(B
$B%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rJz$($k5?$$$,$"$k!#(B

$B967b<T$O(B ViewCVS $B$,F0:n$7$F$$$k%5%$%H$KBP$9$k!"0-0U$r;}$C$F:n@.$5$l$?%O(B
$B%$%Q!<%j%s%/$r:n@.$7!"$=$l$r%5%$%H$N@5Ev$J%f!<%6$KAw?.$9$k$3$H$G!"$3$N(B
$BLdBj$rMxMQ$9$k967b$r9T$&2DG=@-$,$"$k!#@5Ev$J%f!<%6$,$3$N%O%$%Q!<%j%s%/(B
$B$r;2>H$7$?>l9g!"967b<T$N%9%/%j%W%H$O%f!<%6$N(B Web $B%/%i%$%"%s%H>e$G!"(BViewCVS
$B$r2TF0$5$;$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k!#(B

$B7k2L$H$7$F967b<T$O!"%/%C%-!<$r2p$7$?G'>Z>pJs$rC%<h$7$?$j!"(BWeb $B%3%s%F%s(B
$B%D$rEpD0$7$?$j$9$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

37. LocalWEB2000 File Disclosure Vulnerability
BugTraq ID: 4820
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4820
$B$^$H$a(B:

LocalWEB2000 $B$O(B Microsoft Windows $B8~$1$N(B Web $B%5!<%P$G$"$k!#(B

LocalWEB2000 $B$O%3%s%F%s%D$KBP$9$k%Q%9%o!<%I$rMxMQ$9$kJ]8n5!G=$K4XO"$9$k(B
$BLdBj$rJz$($F$$$k!#%U%!%$%k$K(B '.' ($B%+%l%s%H%G%#%l%/%H%j(B) $B$rIU$12C$($F(B
HTTP $B%j%/%(%9%H$r9T$&$3$H$K$h$j!"$3$N%=%U%H%&%'%"$X$=$N%U%!%$%k$rJ]8n(B
$BBP>]$H$O8+$J$5$J$$$h$&$K;E8~$1$i$l$k$N$G$"$k!#Nc$($P!"(Bhttp://server/file.txt
$B$,%Q%9%o!<%I$K$h$C$FJ]8nBP>]$G$"$C$?$H$7$F$b!"(Bhttp://server/./file.txt
$B$H(B HTTP $B%j%/%(%9%H$rAH$_N)$F$k$3$H$G!"G'>Z$r2sHr2DG=$J$N$G$"$k!#(B
$B$3$NLdBj$O%U%!%$%kJ]8n5!9=$N@_7W>e$NLdBj$KM3Mh$9$k5?$$$,$"$k!#(B

$B$3$NLdBj$O(B LocalWEB2000 Standard Version 2.1.0 $B$K$*$$$FJs9p$5$l$F$$$k!#(B
$BB>$N%P!<%8%g%s(B (Professional Edtion $B$J$I(B) $B$b$3$NLdBj$N1F6A$r<u$1$k2DG=(B
$B@-$,$"$k!#(B

38. Microsoft Excel 2002 XML Stylesheet Arbitrary Code Execution Vulnerability
BugTraq ID: 4821
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4821
$B$^$H$a(B:

Microsoft Excel $B7A<0$NJ8=q$K$*$1$k(B XML $B%9%?%$%k%7!<%H$N07$$$KLdBj$,B8:_(B
$B$9$k!#$3$NLdBj$,1F6A$r5Z$\$97k2L!"(BXML $B%9%?%$%k%7!<%HFb$KKd$a9~$^$l$?%9(B
$B%/%j%W%H$,%f!<%6$N%7%9%F%`>e$G<B9T$5$l$k$N$G$"$k!#(B

Microsoft Excel 2002 $B$G$O!"(B Exel $B7A<0$NJ8=q$K(B XML $B%9%?%$%k%7!<%H$rAH$_(B
$B9~$`$3$H$,2DG=$G$"$k!#$=$N$h$&$J%I%-%e%a%s%H$,FI$_9~$^$l$?>l9g!"%f!<%6(B
$B$O4XO"IU$1$i$l$?%9%?%$%k%7!<%H$rFI$_9~$`$+$I$&$+$NA*Br$,2DG=$G$"$k!#(B
Excel $B7A<0$N%U%!%$%k$r;2>H$9$k:]!"$b$7!"(B XML $B%9%?%$%k%7!<%H$,%9%/%j%W%H(B
($BNc$($P(B Javascipt $B$d(B Vbscript $B$N%b%8%e!<%k(B) $B$r4^$s$G$*$j!"%f!<%6$,%9%?(B
$B%$%k%7!<%H$r<u$1F~$l$kA*Br$r$7$?>l9g!"%9%/%j%W%H$,<B9T$5$l$k!#$=$N:]!"(B
$B%f!<%6$K$O2?$N3NG'$b9T$o$l$:!"Kd$a9~$^$l$?%9%/%j%W%H$,<B9T$5$l$k!#(B
$B$?$@$7!"%G%U%)%k%H$G$O!"(B XML $B%9%?%$%k%7!<%H$OFI$_9~$^$l$J$$!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"%f!<%6%7%9%F%`>e$G0-0U$"$k%3!<%I(B
$B$r<B9T$9$k7k2L$r>7$/$3$H$,2DG=$G$"$k!#(B

39. Sendmail File Locking Denial Of Service Vulnerability
BugTraq ID: 4822
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4822
$B$^$H$a(B:

sendmail $B$O(B UNIX $B$d(B Linux $B8~$1$N(B MTA (Mail Transport Agent) $B$G$"$k!#(B

sendmail $B$O(B DoS $B>uBV$K4Y$kLdBj$rJz$($F$$$k!#$3$NLdBj$O!"0-0U$"$k%f!<%6(B
$B$,(B sendmail $B$,=hM}$KI,MW$H$9$k%U%!%$%k$KBP$9$kGSB>E*$J%m%C%/8"$r<hF@$7(B
$B$?:]$KH/@8$9$k!#(B

sendmail $B$O!"%(%$%j%"%9!"%^%C%W!"E}7W!"$=$7$F(B pid $B%U%!%$%k$J$I$r4^$s$@(B
$BMM!9$J%U%!%$%k$r%m%C%/BP>]$N%U%!%$%k$H$7$J$,$i;HMQ$9$k!#%f!<%6$,$3$l$i(B
$B$N%U%!%$%k$K%"%/%;%9$9$k$H!"%"%/%;%9$r9T$C$?%f!<%6$O$3$l$i$N%U%!%$%k$K(B
$BBP$9$kGSB>E*$J%m%C%/8"$,<hF@2DG=$G$"$k$H?d;!$5$l$k!#(B
sendmail $B$d$=$l$K4X$o$k%W%m%0%i%`$,!"$3$l$i$N=EMW$J%U%!%$%k$X$N%"%/%;%9(B
$B8"$,<hF@$G$-$J$+$C$?>l9g!"DL>oF0:n$NK8$2$H$J$k!#(B

$B0-0U$"$k%f!<%6$,$3$NLdBj$rMxMQ$9$k$3$H$G(B sendmail $B$r5!G=Dd;_$K4Y$i$;$k(B
$B2DG=@-$,$"$k!#(B

40. OpenBB Cross-Site Scripting Vulnerability
BugTraq ID: 4824
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4824
$B$^$H$a(B:

OpenBB $B$O(B PHP $B$G5-=R$5$l$?(B Web $B$r2p$7$?EE;R7G<(HD5!G=$rDs6!$9$k%=%U%H%&%'(B
$B%"$G$"$k!#$3$N%=%U%H%&%'%"$OMM!9$J(B Linux $B$d(B UNIX $B$GF0:n$7!"$^$?!"(BMicrosoft
Windows $B4D6-$G$bF0:n$9$k!#(B

OpenBB $B$K$*$$$F!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,Js9p$5$l$F$$$k!#(B

$BLdBj$O(B 'myhome.php' $B%9%/%j%W%H$KB8:_$9$k!#(B OpenBB $B$O%/%i%$%"%s%H$,F~NO(B
$B$7$?FCDj$N%Q%i%a!<%?$NCM$r!"=PNO$9$kA0$KE,@Z$K=|5n$7$J$$$N$G$"$k!#967b(B
$B<T$OG$0U$N(B HTML $B$N8e$K(B '<form>' $B%?%0$rMxMQ$7$F!"%/%m%9%5%$%H%9%/%j%W%F%#(B
$B%s%0967b$rKI$04{B8$NBP:v$r2sHr$9$k$3$H$,2DG=$G$"$k!#(B

$B967b<T$O0-0U$"$k%9%/%j%W%H%3!<%I$r4^$s$@4v$D$+$N%9%/%j%W%H$N0l$D$X$N%O(B
$B%$%Q!<%j%s%/$r:n@.$9$k$3$H$K$h$C$F!"$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#(B 
OpenBB $B%f!<%6$K$3$N%j%s%/$,Aw?.$5$l!"$=$l$r;2>H$7$?>l9g!"$=$N%f!<%6$N(B
OpenBB $B%;%C%7%g%s$N8"8B$G967b<T$,@8@.$7$?%9%/%j%W%H%3!<%I$,<B9T$5$l$k$N(B
$B$G$"$k!#%9%/%j%W%H%3!<%I$O%/%C%-!<$NCM$r<hF@$7$?$j!"Ho32$rHo$k%f!<%68"(B
$B8B$G$NIT@5%"%/%;%9$,9T$o$l$k2DG=@-$,$"$k!#(B

41. OpenBB BBCode Cross Agent HTML Injection Vulnerability
BugTraq ID: 4819
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4819
$B$^$H$a(B:

OpenBB $B$O(B PHP $B$G5-=R$5$l$?(B Web $B$r2p$7$?EE;R7G<(HD5!G=$rDs6!$9$k%=%U%H%&%'(B
$B%"$G$"$k!#$3$N%=%U%H%&%'%"$OMM!9$J(B Linux $B$d(B UNIX $B$GF0:n$7!"$^$?!"(BMicrosoft
Windows $B4D6-$G$bF0:n$9$k!#(B

$B$3$NLdBj$O(B BID 4171 $B$NLdBj$KN`;w$7$?$b$N$G$"$k!#(B BID 4171 $B$NLdBj$O(B OpenBB
1.0.0 RC3 $B$G=$@5$5$l$F$$$k$b$N$N!":#2s$NLdBj$O(B 1.0.0 RC3 $B$G$N=$@5$r2sHr(B
$B$9$k$b$N$G$"$k!#(B

$BJs9p$K$h$k$H!"(B OpenBB $B$N%P!<%8%g%s(B 1.0.0 RC3 $B$O(B HTML $B$rCmF~$9$k967b$,2D(B
$BG=$G$"$kLdBj$rJz$($F$$$k!#$3$NLdBj$O(B HTML $B$r(B BBCode $B$KCV$-49$($k5!G=$r(B
$B;}$C$?(B lib/codeparse.php $B%U%!%$%k$K$*$$$F@8$8$k!#(B

OpenBB $B$O2hA|$d%j%s%/$J$I$r4^$a$k$?$a$K(B HTML $B$NBe$o$j$K(B 'BBCodes' $B$rMx(B
$BMQ$7$F$$$k!#$3$l$O0-0U$"$k%f!<%6$K$h$kLdBj$r<u$1$J$$(B HTML $B5!G=$r3NLs$7(B
$B$F$$$k!#$7$+$7!"<B:]$K$O(B BBCode $B$K$h$C$F(B HTML $B%?%0$,E,@Z$KCV$-49$($i$l(B
$B$F$$$J$$$N$G$"$k!#$3$N$?$a!"%U%)!<%i%`%a%C%;!<%8$KG$0U$N(B HTML $B%3!<%I$r(B
$BCmF~2DG=$G$"$k!#$=$N7k2L!"(B OpenBB $B$O(B cross-agent $B%9%/%j%W%F%#%s%0967b$,(B
$B2DG=$G$"$k5?$$$,$"$k!#%9%/%j%W%H%3!<%I$O%f!<%6$,%V%i%&%6$G1\Mw$7$F$$$k(B
$B%U%)!<%i%`%a%C%;!<%8Fb$G<B9T$5$l!"967b<T$O%/%C%-!<$K$h$kG'>Z>pJs$rEp$_(B
$B=P$9$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

42. OpenBB Unauthorized Moderator Access Vulnerability
BugTraq ID: 4823
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4823
$B$^$H$a(B:

OpenBB $B$O(B PHP $B$G5-=R$5$l$?(B Web $B$r2p$7$?EE;R7G<(HD5!G=$rDs6!$9$k%=%U%H%&%'(B
$B%"$G$"$k!#$3$N%=%U%H%&%'%"$OMM!9$J(B Linux $B$d(B UNIX $B$GF0:n$7!"$^$?!"(BMicrosoft
Windows $B4D6-$G$bF0:n$9$k!#(B

OpenBB $B$OG'>Z$r9T$C$F$$$J$$%f!<%6$,%U%)!<%i%`$N%b%G%l!<%?!"$"$k$$$O!"(B
$B4IM}<T8"8B$rC%<h2DG=$H$J$k>u67$r@8$8$kLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k!#(B

$B967b<T$O0J2<$N%*%W%7%g%s$rJQ99$9$k$3$H$,2DG=$G$"$k!#(B

- $B%U%)!<%i%`$N3+:E!"=*N;(B
- $B%U%)!<%i%`$N(B sticky mode $B$N>uBV$NM-8z2=!"L58z2=$N@Z$jBX$((B
- $B%U%)!<%i%`$N(B significant mode $B$N>uBV$NM-8z2=!"L58z2=$N@Z$jBX$((B

$B$3$NLdBj$K$h$j!"967b<T$O!"967bBP>]$,A4$F$NHO0O$K5Z$P$J$$>l9g$G$b!"%U%)!<(B
$B%i%`$N=EMW$JItJ,$r$^$5$K=*N;$5$;$k$3$H$,2DG=$K$J$k!#(B

43. GNU Mailman Admin Login Cross-Site Scripting Vulnerability
BugTraq ID: 4825
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 20 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4825
$B$^$H$a(B:

GNU Mailman $B$O%U%j!<$G8x3+$5$l!"$^$?!"%*!<%W%s%=!<%9$G$"$k!"(BPython $B$*$h(B
$B$S(B C $B$G3+H/$5$l$?%a!<%j%s%0%j%9%H4IM}MQ%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B Linux $B$*$h$S$=$l0J30$N(B UNIX $BM3Mh$N(B OS $B$GF0:n$9$k!#(B

GNU Mailman $B$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rJz$($k5?$$$,$"$k!#(B
$B967b<T$OG$0U$N(B HTML $B$H%9%/%j%W%H$r4^$`!"4IM}<TMQ%m%0%$%s%Z!<%8$X$N0-0U(B
$B$"$k%O%$%Q!<%j%s%/$rAH$_N)$F$i$l$k2DG=@-$,$"$k!#(B

$B$3$N0-0U$"$k%O%$%Q!<%j%s%/$r%"%/%;%9$9$k%f!<%6$O!"LdBj$rJz$($k%=%U%H%&%'(B
$B%"$r<B9T$9$k(B Web $B%5%$%H$N%3%s%F%-%9%H$G!"%f!<%6$N(B Web $B%V%i%&%6Fb$G967b(B
$B<T$,Kd$a9~$s$@%9%/%j%W%H$r<B9T$9$k$3$H$K$J$k!#(B

$B967b<T$O@x:_E*$K$3$NLdBj$rMxMQ$9$k967b$r!"%/%C%-!<$K4p$E$/G'>ZMQ>pJs$r(B
$BEp$_=P$9$?$a$K4k$F$k2DG=@-$,$"$k!#(B

44. GNU Mailman Pipermail Index Summary HTML Injection Vulnerability
BugTraq ID: 4826
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4826
$B$^$H$a(B:

GNU Mailman $B$O%U%j!<$G8x3+$5$l!"$^$?!"%*!<%W%s%=!<%9$G$"$k!"(BPython $B$*$h(B
$B$S(B C $B$G3+H/$5$l$?%a!<%j%s%0%j%9%H4IM}MQ%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B Linux $B$*$h$S$=$l0J30$N(B UNIX $BM3Mh$N(B OS $B$GF0:n$9$k!#(B
Pipermail $B$O(B GNU Mailman $B$KF1:-$5$l!"%a!<%j%s%0%j%9%H$N%"!<%+%$%V:n@.(B
$B%=%U%H%&%'%"$H$7$FMxMQ$5$l$k!#(B

HTML $B%?%0$,!"(BHTML $B7A<0$N%a!<%j%s%0%j%9%H%"!<%+%$%V$N%$%s%G%C%/%9$+$i==(B
$BJ,$K=|5n$5$l$F$$$J$$!#$3$NLdBj$N$?$a!"%j%b!<%H$N967b<T$O%9%/%j%W%H$r4^(B
$B$`!"G$0U$N(B HTML $B$r(B HTML $B7A<0$N%a!<%j%s%0%j%9%H%"!<%+%$%V$N%$%s%G%C%/%9(B
$B$XCmF~2DG=$K$J$k$H?d;!$5$l$k!#(B

Web $B%/%i%$%"%s%H$rMxMQ$9$k%f!<%6$,!"967b<T$K$h$C$FCmF~$5$l$?%9%/%j%W%H(B
$B$r4^$s$@%a!<%j%s%0%j%9%H%"!<%+%$%V$N%$%s%G%C%/%9$r;2>H$9$k:]!"%9%/%j%W(B
$B%H$O(B GNU Mailman $B$r2TF0$5$;$F$$$k(B Web $B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%H(B
$B$G!"%f!<%6$N(B Web $B%/%i%$%"%s%HFb$G<B9T$5$l$k!#(B

$B$3$NLdBj$O(B GNU Mailman $B$KF1:-$5$l$k(B Pipermail $B$KB8:_$9$k!#(B

45. Microsoft MSN Messenger Malformed Invite Request Denial of Service
BugTraq ID: 4827
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4827
$B$^$H$a(B:

MSN Messanger $B$O(B Passport $B%7%9%F%`$rG'>Z5!9=$NCf3K$K?x$($k!"(BMicrosoft
Windows $B8~$1$N%$%s%9%?%s%H%a%C%;!<%8%/%i%$%"%s%H$G$"$k!#(B

$B$$$/$D$+$N%P!<%8%g%s$N(B MSN Messanger $B$K$OLdBj$,Js9p$5$l$F$$$k!#(B
$BFCDj$N>u672<$K$*$$$F!"0U?^E*$KAH$_N)$F$i$l$?%j%/%(%9%H$r<u$1F~$l$k:]!"(B
$B967bBP>]$N%/%i%$%"%s%H$r%/%i%C%7%e$5$;$k$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#(B
$BJs9p$5$l$?=j$G$O!"(BInvitation-Cookie $B%U%#!<%k%IFb$K(B HTML $B%(%s%3!<%I$5$l(B
$B$?%9%Z!<%9(B (%20) $B$rBgNL$K4^$^$;!"%j%b!<%H%f!<%6$X$=$N%X%C%@$rAw?.$5$;$k(B
$B$3$H$K$h$j!"%j%b!<%H%f!<%6$N%/%i%$%"%s%H$r%/%i%C%7%e$5$;$k$3$H$,2DG=$J(B
$B$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$rMxMQ$9$k$3$H$K$h$j!"(BMSN $B%/%i%$%"%s%H$N5!G=$r(B DoS
$B>uBV$K4Y$i$;$i$l$k2DG=@-$,$"$k!#$^$?!"A[Dj$7F@$kB>$N2DG=@-$H$7$F5s$2$i(B
$B$l$k!"Nc$($P%3!<%I$N<B9T$J$I$N8=>]$K$D$$$F$O8=;~E@$K$*$$$F$O7k2L$,F3$-(B
$B=P$5$l$F$$$J$$!#(B
$BK\(B BID $B$ODI2C>pJs$,MxMQ2DG=$J>uBV$K$J$C$?;~E@$G99?7M=Dj$G$"$k!#(B

46. MIT PGP Public Key Server Search String Remote Buffer Overflow Vulnerabilit
BugTraq ID: 4828
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: May 24 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4828
$B$^$H$a(B:

PGP Public Key Server $B$O(B MIT $B$K$h$jG[I[$5$l$F$$$k!"%U%j!<$KMxMQ2DG=$J!"(B
$B%*!<%W%s%=!<%9$N%=%U%H%&%'%"%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux
$B$H(B UNIX $B>e$GMxMQ$5$l$k$h$&$K@_7W$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$K$*$$$FH/8+$5$l$?LdBj$K$h$j!"%j%b!<%H$+$i$N%3!<%I$,<B(B
$B9T$5$l$k2DG=@-$,$"$k!#$3$NLdBj$OD9$$8!:wMQJ8;zNs$N<h$j07$$It$KM3Mh$7$F(B
$B$$$k!#(B

PGP Public Key Server $B$OD9$$8!:wMQJ8;zNs$rE,@Z$K07$($J$$LdBj$rJz$($F$$(B
$B$k!#$3$N$?$a!"FCDj$N>u672<$K$*$$$F!"%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$7(B
$BF@$k$h$&$JD9$$J8;zNs$r!"$3$N%=%U%H%&%'%"$K0z$-EO$9$3$H$,2DG=$J$N$G$"$k!#(B
$B%P%C%U%!%*!<%P!<%U%m!<$N7k2L!"%j%?!<%s%"%I%l%9$r4^$`%9%?%C%/Fb$NCM$N>e(B
$B=q$-$,0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B

512 $B8D0J>e$N8!:wMQJ8;zNs$,0z$-EO$5$l$k:]!"$3$N%=%U%H%&%'%"$O%/%i%C%7%e(B
$B$9$k!#>/$J$/$H$b!"$3$NLdBj$N7k2L$O$3$N%=%U%H%&%'%"$N%f!<%6$X$N(B DoS $B$r>7(B
$B$/$3$H$,2DG=$G$"$k!#$^$?!"%3!<%I$r<B9T$9$k$?$a$N967b$,2DG=$G$"$k>u67$K(B
$B$*$$$F$O!"%j%b!<%H%f!<%6$O(B PGP Public Key Server $B$N%W%m%;%9$N8"8B$G%3!<(B
$B%I$N<B9T$,2DG=$K$J$k$H9M$($i$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$KMxMQ$5$l$kJ8;zNs$O!"(Bisalnum() $B4X?t!"$^$?F1MM$K(B
tolower() $B4X?t!"967b$KMxMQ$5$l$kJ8;z<o$,@)8B$5$l$k(B tolower() $B4X?t$X0z$-(B
$BEO$5$l$M$P$J$i$J$$$3$H$,L@$i$+$G$"$k!#(B


III. SECURITYFOCUS NEWS AND COMMENTARY
------------------------------------------
1.  Qwest Glitch Exposes Customer Data
$BCx<T(B:  Kevin Poulsen

Web $B$rMxMQ$7$?7h:Q%7%9%F%`$,%Q%9%o!<%I$N8!>Z=hM}$rDd;_$7$F$$$?$?$a!"D9(B
$B5wN%EEOC2q<R$+$i$N2]6b3[$d2CF~<T$N%/%l%8%C%H%+!<%IHV9f$,Bg!9E*$K3+<($5(B
$B$l$F$$$?$N$G$"$k!#(B

http://online.securityfocus.com/news/431

2. Biometric sensors beaten senseless in tests
$BCx<T(B: John Leyden, The Register

$B%Q%9%o!<%I$H0E>ZHV9f$N<B9T2DG=$JBe0F$H$J$k%P%$%*%a%H%j%/%9%7%9%F%`$O!"(B
$B3+H/$5$l$F$$$k$N$@$m$&$+(B?

http://online.securityfocus.com/news/435

3. Navy Domain Hijacked By German Pornography Site
$BCx<T(B: Brian McWilliams, Newsbytes

$B%I%a%$%sEPO?$N:.Mp$N$?$a!"JF9q3$73$K$h$C$F?7J<$NJg=8$KMxMQ$5$l$F$$$?(B2$B$D(B
$B$N%I%a%$%sL>$,!"%]%k%N%5%$%H$r4^$`!"B>$N%5%$%H$K$h$C$F4{$K@j5r$5$l$F$$$?(B
$B$N$G$"$k!#(B

http://online.securityfocus.com/news/434

4. Microsoft's Privacy Czar on the 'Trust Model'
$BCx<T(B: Jane Black, Business Week

$B%W%i%$%P%7!<$N?4G[$r$9$k$N$G$"$l$P!"(BMicrosoft $B$rL[;&$9$k$3$H$O$G$-$J$$!#(B
$B$3$N(B Redmond $B$N5p?M$O%M%C%H%o!<%/>e$G$N>pJs$NMxMQ$H6&M-$K4X$9$kI8=`$r:v(B
$BDj$9$kCf3K$H8@$($k$N$G$"$k!#:rG/!"F1<R$O%W%i%$%P%7!<$K$D$$$F$N@_Dj$r9T$&!"(B
$B%V%i%&%6$,<+F0E*$K(B Web $B%5%$%H$N%W%i%$%P%7!<$K4X$9$k1?1DJ}?K$r2r<a2DG=$K(B
$B$9$kI8=`$H$J$k%W%i%C%H%[!<%`$,AH$_9~$^$l$?!"(BInternet Explorer $B$N?7$7$$%P!<(B
$B%8%g%s$r8x3+$7$?!#(B
(BW Online $B$N(B 12/14/01 $B9f(B Microsoft's Cookie Monster $B$r;2>H$5$l$?$$(B)
$BB3$$$F$3$N(B 1 $B7n!"(BBill Gates $B$OF1<R@=IJ$r$5$i$K%;%-%e%"$G!"$+$D!"%W%i%$%P(B
$B%7!<$KN10U$rJ'$($k$h$&$K$9$k$H$$$&!"F1<R$N<RFb5,LOA4BN$K$^$?$,$k!V?.Mj$K(B
$BCM$9$k%3%s%T%e!<%F%#%s%0$K4X$9$kH/5D!W$rH/I=$7$?!#(B

http://online.securityfocus.com/news/433

IV.SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. IPWatch 1.1
by Bruce Buhler and Wayne Larmon
$B4XO"$9$k(BURL:
http://www.scrounge.org/ipwatch/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

IPWatch $B$O%[%9%HL>$N:F@_Dj!"?7$7$$%[%9%HL>$rMxMQ$9$k$?$a$N%7%9%F%`%m%0(B
$B:N<h5!9=$N:F5/F0!"%U%!%$%d%&%)!<%k$N:F5/F0!"%@%$%J%_%C%/(B DNS $B$N99?7(B
(yi.org, homepc.org, justlinux.com, dhs.org, dyndns.org, dyndns.com $B$K(B
$BBP1~(B) $B$KH<$&(B IP $B%"%I%l%9$NJQ998e$K!"MxMQCf$N%3%s%T%e!<%?$r:F@_Dj$9$k%f!<(B
$B%F%#%j%F%#$G$9!#(B
$B$^$?!"MxMQCf$N%3%s%T%e!<%?$,%M%C%H%o!<%/$H$N@\B3$r<:$C$?:]$K$O%M%C%H%o!<(B
$B%/%$%s%?%U%'!<%9$r:F5/F0$7$^$9!#$I$A$i$N>l9g$b!"2?$,9T$o$l$?$+(B ( $B?7$7$$(B
IP $B%"%I%l%9$r4^$`(B) $B$rA4$F!"40A4$J%m%0$H$7$FEE;R%a!<%k$GAw?.$7$^$9!#(B

2. Sophie v1.35
$B:n<T(B: Vanja Hrustic
$B4XO"$9$k(BURL:
http://www.vanja.com/tools/
$BF0:n4D6-(B: FreeBSD, HP-UX, Linux, OpenBSD, POSIX
$B$^$H$a(B:

Sophie $B$O(B Sophos $B%"%s%A%&%$%k%9%Y%s%@(B (http://www.sophos.com) $B$+$iDs6!(B
$B$5$l$F$$$k(B 'libsavi' $B%i%$%V%i%j$rMxMQ$7$?%G!<%b%s$G$9!#5/F0;~$K(B Sophie
$B$O(B SAPI (Sophos Anti-Virus Interface) $B$r=i4|2=$7!"%a%b%jFb$K%&%$%k%9$N(B
$B%Q%?!<%s$rFI$_9~$_!"%m!<%+%k$N(B UNIX $B%I%a%$%s%=%1%C%H$r3+$-$^$9!#$=$7$F!"(B
$B@\B3$7$F$/$k<T$rBT$A<u$1!"%9%-%c%s$9$k$?$a$N%Q%9$rCN$i$;$^$9!#%G!<%?%Y!<(B
$B%9$,(B RAM $B$KFI$_9~$^$l$F$$$k$?$a!"%9%-%c%s$O$H$F$b9bB.$G$9(B ($BCm5-!'B.EY$O(B
SAVI $B$N@_Dj$d%U%!%$%k$N%5%$%:$K0MB8$7$^$9(B) $B!#(B Linux, Soaris (Sparc/x86),
HP-UX, $B$=$7$F(B FreeBSD $B$K$*$$$FF0:n$7$^$9!#$3$N%W%m%0%i%`$OEE;R%a!<%k!"(B
$BE:IU%U%!%$%k%&%$%k%9%9%-%c%s%D!<%k$G$"$k(B 'Virge' $B%W%m%8%'%/%H$N0lIt$H$7(B
$B$F:n@.$5$l$F$*$j!"(B C $B8@8l$G=q$+$l$F$$$^$9!#(B

3. XORCrypt v2.0
$B:n<T(B: Ramsey G. Brenner
$B4XO"$9$k(BURL:
http://rgbrenner.cjb.net/xorcrypt.html
$BF0:n4D6-(B: POSIX, UNIX
$B$^$H$a(B:

XORCrypt $B$O(B OTP $B0E9f$N0lO"$N%Q%C%1!<%8$G$9!#(B OTP $B$r$[$\40A4$K%5%]!<%H$7(B
$B$F$$$^$9!#80$N:n@.$d56$N80$N:n@.!"0E9f2=!"I|9f2=$r$9$k%W%m%0%i%`$,4^$^(B
$B$l$F$$$^$9!#(B

4. Sysklogd-sql v1.4.1
$B:n<T(B: ronnocol
$B4XO"$9$k(BURL:
http://www.monkeymental.com/nuke/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

syslogd-sql $B$O%m!<%+%k$N%^%7%s$d%j%b!<%H$N%G!<%?%Y!<%9%5!<%P>e$GF0:n$7(B
$B$F$$$k(B MySQL $B$K!"%m%0$r3JG<$9$k$3$H$,2DG=$J(B sysklogd $B%G!<%b%s$N0\?"HG$G(B
$B$9!#(BSQL $B$N@_Dj$OI8=`E*$J(B syslog.conf $B%U%!%$%k$GMF0W$K@_Dj!"4IM}$,9T$o$l(B
$B$^$9!#$3$N%W%m%0%i%`$O!"(B syslog $B%G!<%?%Y!<%9$+$i%G!<%?$rCj=P$9$k$?$a$N(B
PHP $B%9%/%j%W%H$N%5%s%W%k$bF1:-$5$l$F$$$^$9!#(Bsyslog $B%G!<%?$r4IM}$7$E$i$$(B
$BBg5,LO4D6-$K$*$$$F!"Cf?4$H$J$k%m%0%5!<%P$r9=C[$7$?$j!"0BA4$J(B syslog $B4D(B
$B6-$r9=C[$9$k$3$H$,2DG=$G$9!#(B

5. COMU Privacy Guard 1.0
$B:n<T(B: Faruk
$B4XO"$9$k(BURL:
http://projects.comu.edu.tr/cpg/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

OPG (COMU Privacy Guard) $B$O(B GNU Privacy Guard $B8~$1$N(B Web $B$r%Y!<%9$H$7$?(B
$B%7%'%k$G$9!#$3$N%=%U%H%&%'%"$O(B Web $B$r2p$7$?(B GnuPG $B$N<g$J5!G=$N3hMQ$r2D(B
$BG=$K$7$^$9!#(B

6. Easy Firewall Generator 1.05
$B:n<T(B: Scott Morizot
$B4XO"$9$k(BURL:
http://morizot.net/firewall/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

Easy Firewall Generator $B$O(B iptables $B$rMxMQ$7$?%U%!%$%d%&%)!<%kMQ$N%9%/(B
$B%j%W%H$r@8@.$9$k$?$a$N(B PHP $B$G=q$+$l$?(B Web $B%"%W%j%1!<%7%g%s$G$9!#@8@.$5(B
$B$l$?%9%/%j%W%H$O!"%$%s%?!<%M%C%H$K@\B3$9$kC10l$N%7%9%F%`$d!">.$5$J%M%C(B
$B%H%o!<%/8~$1$N%2!<%H%&%'%$!"%U%!%$%d%&%)!<%k$H$7$FF0:n$9$k%7%9%F%`8~$1(B
$B$K@_7W$5$l$^$9!#%W%m%0%i%`$OMM!9$J%*%W%7%g%s$r:F5/E*$K;X<($7$^$9!#A*Br(B
$B$5$l$?%*%W%7%g%s$,40A4$J@_Dj$G$"$k$J$i$P!"$=$l$i$N%*%W%7%g%s$KM3Mh$7$?(B
$B%U%!%$%d%&%)!<%k%9%/%j%W%H$H%3%a%s%H$,@8@.$5$l$^$9!#%W%m%0%i%`$K$O!"(B
iptables $B$H3F!9$N%*%W%7%g%s$K4X$9$k%I%-%e%a%s%H$,F1:-$5$l$F$$$^$9!#(B

--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$BF#K\6)<y(B(FUJIMOTO Masaki)$B!"<r0fH~5.(B(SAKAI Miki)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1023182934-7614388
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIISGgYJKoZIhvcNAQcCoIISCzCCEgcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DzwwggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggU2MIIEn6ADAgECAhBYKwlOQWIg2t9s9Ul6
I3xqMA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMjA0MDEwMDAw
MDBaFw0wMzA0MDEyMzU5NTlaMIIBIzELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTYxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEXMBUGA1UEAxMOU0FL
QUkgWW9yaXl1a2kxHjAcBgkqhkiG9w0BCQEWD3Nha2FpQGxhYy5jby5qcDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANEwVujTRrltaiSI2DFkPlw5L6WWWeOOy9z0HqaPXf2d
JYfoGHqbpq5MVCkBUSOHSY1Tpi/RdziqxhIYzXvzsb0wC1V0RNzvLf8zXtk6IjTmHttX0QDx
AvoxfmehZ1vCOgQcdBbG2FajnYo7MOewxLrmHLCv0Gitqsi2IS3Eaxv7v5Pzobu82BzUMBl6
9XypVXIEQHTG6s34ji0LbDOO/F5JqTuG5QhQmQyNnJyhNU4/BYu3e1KgK9c0gnIArQAroRqP
/0HXU7Ueu/HAUXnrt7+YqzL5CZ/6m11gCLblzFs2+6XieQsekFSjxquSQjl88C3CwgRoaNkx
01rqqYzBJ8ECAwEAAaOCAVAwggFMMAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZI
AYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMw
YgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBp
bmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMAsGA1UdDwQE
AwIFoDARBglghkgBhvhCAQEEBAMCB4AwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL29uc2l0
ZWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25KYXBhbktLVmVyaVNpZ25DbGFzczFDQUluZGl2
aWR1YWxTdWJzY3JpYmVyL0xhdGVzdENSTC5jcmwwDQYJKoZIhvcNAQEEBQADgYEALL1YFoVc
MyuHCFTkhPlz/3XIGtchllMRc+zha0qmA5wxbtgJT7hEl7IRrocWCSfweW4/KGZDQDMZM9wR
NRX19b4UTs2/opkQtX3eX4qNjUNnGdMjLTGTXzFqlph9b4ZYPvY5Xq+VQjpLBkqn2RQhdTLH
+BXc51LdzrtGw8H7s+4xggKmMIICogIBATCByjCBtTEcMBoGA1UEChMTVmVyaVNpZ24gSmFw
YW4gSy5LLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE+MDwGA1UECxM1VGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvLmpwL1JQQSAoYykgOTgxNDAy
BgNVBAMTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEFgr
CU5BYiDa32z1SXojfGowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0wMjA2MDQwOTI4MDBaMCMGCSqGSIb3DQEJBDEWBBTXOOdEzrfq
vJI02ieFjvDCX/ph/zBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQBGP2PR/3uGyBhk0XNwY2lVatTYATT+MkR8vN7VRwuaaSDWI6Ym+JLbIkJi9+cQ
kgFGB5xFknKQ7bS1Fbtrdwul3tVXj1ecrl+ov63+STo7Bhws/yLEu6g3inaEG3ykl/uM5Z7J
sXqTgiNmKRX3bRN576wsxaeQsTt9oe6r+U8dE6fGJ92CGwJ2GY6beMI7JVCStY6WuiJr/8h6
+yzX5DIw2KICIUNu4Gu+QVVpDsSHM5rBmA+gfTOuQiJfGdNE9rV5rfEBztus3535y8Ir460n
HlBu5Kt+QQG8HlejB1PMiuQlaUxNbY1tBl2vol/G2gYYgh9/0Vgl/BrrcZizCICq

-----------1023182934-7614388--