Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #149 2002-6-10->2002-6-14
From: SAKAI Yoriyuki <sakai@lac.co.jp>
References: <Pine.LNX.4.43.0206180935090.7107-100000@mail.securityfocus.com>
In-Reply-To: <Pine.LNX.4.43.0206180935090.7107-100000@mail.securityfocus.com>
Message-Id: <200206251751.GHJ17896.LTJBB@lac.co.jp>
Date: Tue, 25 Jun 2002 17:51:36 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=sha1; Boundary="---------1024995080-28580887"

-----------1024995080-28580887
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 149 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus.com Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B)
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus.com $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (sakai@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Tue, 18 Jun 2002 09:36:13 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0206180935090.7107-100000@mail.securityfocus.com>

SecurityFocus Newsletter #149
-----------------------------

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
II. BUGTRAQ SUMMARY
     1. X Window System Oversized Font Denial Of Service Vulnerability
     2. Geeklog pid CGI Variable SQL Injection Vulnerability
     3. Geeklog Multiple Cross Site Scripting Vulnerabilities
     4. MyHelpDesk HTML Injection Vulnerability
     5. MyHelpDesk Cross-Site Scripting Vulnerability
     6. MyHelpDesk SQL Injection Vulnerability
     7. ZenTrack Ticket.PHP Information Disclosure Vulnerability
     8. Geeklog Calendar Event Form Script Injection Vulnerability
     9. W-Agora Remote File Include Vulnerability
     10. Datalex Bookit! Consumer Plaintext Authentication Credentials...
     11. BizDesign ImageFolio Authorized User Web Root Disclosure...
     12. Seanox DevWex File Disclosure Vulnerability
     13. Seanox DevWex Buffer Overflow Vulnerability
     14. LPRNG Remote Print Submission Vulnerability
     15. Lokwa BB Multiple SQL Injection Vulnerabilities
     16. Belkin F5D5230-4 Router Internal Web Request Vulnerability
     17. AlienForm2 Directory Traversal Vulnerability
     18. RHMask Local File Overwrite Vulnerability
     19. Caldera OpenServer XSCO Color Database File Heap Overflow...
     20. LinkSys EtherFast Router Remote Administration Enabled...
     21. Pinboard Task List HTML Injection Vulnerability
     22. MMFTPD SysLog Format String Vulnerability
     23. BBGallery Image Tag HTML Injection Vulnerability
     24. CGIScript.net csNews Double URL Encoding Unauthorized...
     25. CGIScript.net csNews Header File Type Restriction Bypass...
     26. CGIScript.net CSNews Sensitive File Disclosure Vulnerability
     27. Apache Tomcat JSP Engine Denial of Service Vulnerability
     28. Macromedia JRun JSP Engine Denial Of Service Vulnerability
     29. SGI MediaMail Memory Corruption Vulnerability
     30. CGIForum Infinite Recursion Denial of Service Vulnerability
     31. WebCalendar Include Files Information Disclosure Vulnerability
     32. Pine Unix Username Account Information Leakage Vulnerability
     33. Multiple Bugzilla Security Vulnerabilities
III. SECURITYFOCUS NEWS ARTICLES
     1. Feds, Industry, Battle the Biggest Bug
     2. MS security hole extravaganza
     3. Hill Eyes Shifting Parts of FBI, CIA
     4. Pentagon on track to add biometrics to access card
IV.SECURITYFOCUS TOP 6 TOOLS
     1. wicap v0.4
     2. JSpamFilter v1.0
     3. Vipul's Razor v2.03
     4. Echelog v0.6
     5. Web shell v1.0
     6. PassGuard Framework v0.01a

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. X Window System Oversized Font Denial Of Service Vulnerability
BugTraq ID: 4966
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4966
$B$^$H$a(B:

X Window System $B$K$O%V%i%&%6$r$O%/%i%C%7%e$5$;!"$^$?!"%7%9%F%`A4BN$rMxMQ(B
$B$G$-$J$$>uBV$K4Y$i$;$k$?$a$N967b$KMxMQ$5$l$k2DG=@-$,$"$kLdBj$,H/8+$5$l(B
$B$F$$$k!#(B

X Window System $B$OHs>o$KBg$-$J%U%)%s%H%5%$%:(B ($B%U%)%s%H%5%$%:(B: 1666666px)
$B$N<h$j07$$$r;n$_$k:]!"(BDoS $B$K4Y$k5?$$$,$"$k!#Js9p$K$h$k$H!"(BX Window System
$B$,Hs>o$KBg$-$J%U%)%s%H%5%$%:$r<h$j07$&:]!"Nc30=hM}$K0\9T$9$k!#$7$+$7!"(B
$BE,@Z$KNc30=hM}$r<h$j07$&Be$o$j$K!"(BX Window System $B$N%3%s%]!<%M%s%H$O@x(B
$B:_E*$KDL>oF0:n$X$NI|5l$r9T$&$?$a$N:F5/F0$rI,MW$H$9$k!"M=B,ITG=$J5sF0$r(B
$B<($92DG=@-$,$"$k!#$^$?!"B>$NJs9p$G$O!"$3$NLdBj$K$h$k(B X $BA4BN$r%/%i%C%7%e(B
$B$5$;$F$7$^$&2DG=@-$,<($5$l$F$$$k!#$3$NLdBj$rMxMQ$9$k967b$N7k2L$O!"4D6-(B
$B$K0MB8$7!"MM!9$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B xfs (X Font Server) $B$*$h$S(B libXfont $B$NLdBj$G$"$k$HJs9p$5$l$F(B
$B$$$k!#(B

$B$3$NLdBj$rMxMQ$9$k%j%b!<%H$+$i$N967b$O!"%U%)%s%H%5%$%:$r(B X Window System
$B$X0z$-EO$9A0$K!"%U%)%s%H%5%$%:$,BEEv$G$"$k$+$r3NG'$7$F$$$J$$(B Web $B%/%i%$(B
$B%"%s%H!"$"$k$$$O!"B>$N%"%W%j%1!<%7%g%s$K$h$C$F<B9T2DG=$G$"$k!#(B

$B$3$NLdBj$O(B XFree86 $B$r4^$`!"MM!9$J(B X Window System $B$N<BAu$X1F6A$r5Z$\$9(B
$B$3$H$,Js9p$5$l$F$$$k!#(Bxfs (X Font Server) $B$H(B libXfont $B$NGI@8J*$rF1:-$7(B
$B$F$$$k<BAu$O!"$3$NLdBj$N1F6A$r<u$1$k5?$$$,$"$k$H9M$($i$l$F$$$k!#(B

2. Geeklog pid CGI Variable SQL Injection Vulnerability
BugTraq ID: 4968
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4968
$B$^$H$a(B:

Geeklog $B$O%U%j!<$GMxMQ2DG=$G$"$j!"%*!<%W%s%=!<%9$H$7$F8x3+$5$l$F$$$k(B Web
$B%5!<%P$N%m%0<}=8MQ%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B PHP $B8@8l$G3+H/(B
$B$5$l!"B?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows NT/2000
$B$K$*$$$F$bF0:n$9$k!#$3$N%=%U%H%&%'%"$O%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F!"(B
MySQL $B$rMxMQ$7$F$$$k!#(B
$B%P!<%8%g%s(B 1.3.5 $B0JA0$N(B Geeklog $B$O!"(BSQL $BJ8$r30It$+$iCmF~$r9T$&967b(B (SQL
injection attacks) $B$N1F6A$r<u$1$kLdBj$rJz$($F$$$k!#(B

Geeklog $B$O$"$k(B CGI $B$KBP$9$k(B HTTP $B%j%/%(%9%HFb$NJQ?t(B pid $B$NCM$K!"G$0U$N(B
$BJ8;z$dIU$12C$($i$l$?(B SQL $B9=J8$,4^$^$l$F$$$k>l9g!"30It$+$iF~NO$5$l$?CM$K(B
$B4X$7$F==J,$JBEEv@-$N3NG'$r9T$C$F$$$J$$!#$3$N$?$a!"967b<T$O$3$N%=%U%H%&%'(B
$B%"$K$h$C$F=hM}$5$l$k(B SQL $B%/%(%j$N2~JQ$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B comment.php $B%9%/%j%W%H$K$*$$$FH/8+$5$l$F$$$k!#0J2<$K<($9(B URL
$B$,$3$NLdBj$rMxMQ$9$kNc$H$7$F8x3+$5$l$F$$$k!#(B

$BNc(B:
/comment.php?mode=display&sid=foo&pid=PROBLEM_HERE&title=ALPER_Research_Labs

PHP $B$N5!G=!"(B'Magic Quotes' $B$,M-8z$G$"$k>l9g!"967b<T$K$h$k(B SQL $B%F!<%V%k(B
$BFb$+$i$N%f!<%6>pJs$NC%<h$O:$Fq$G$"$k$H9M$($i$l$F$$$kE@$K$D$$$F$ON10U$5(B
$B$l$k$Y$-$G$"$k!#$7$+$7!"$3$N5!G=$O$3$NLdBj$rMxMQ$9$kA[Dj$5$l$kA4$F$N96(B
$B7b$r2sHr$9$k$N$K$O==J,$H$O8@$($J$$$H9M$($i$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O%G!<%?$NGK2u!"=EMW$J>pJs$N3+<(!"%G!<%?%Y!<%9%5!<(B
$B%PFb$X$N?/F~$H$$$&7k2L$r>7$/2DG=@-$,$"$k!#(B

3. Geeklog Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 4969
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4969
$B$^$H$a(B:

Geeklog $B$O%U%j!<$GMxMQ2DG=$G$"$j!"%*!<%W%s%=!<%9$H$7$F8x3+$5$l$F$$$k(B Web
$B%5!<%P$N%m%0<}=8MQ%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B PHP $B8@8l$G3+H/(B
$B$5$l!"B?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows NT/2000
$B$K$*$$$F$bF0:n$9$k!#$3$N%=%U%H%&%'%"$O%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F!"(B
MySQL $B$rMxMQ$7$F$$$k!#(B

Geeklog $B$O(B URL $BFb$N%Q%i%a!<%?$+$i%9%/%j%W%H$r%U%#%k%?%j%s%0$7$F$$$J$$$?(B
$B$a!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMxMQ$9$k967b$r<u$1$k5?$$$,$"$k!#(B
$B967b<T$K$h$C$FCmF~$5$l$?%9%/%j%W%H$O(B 'index.php' $B$"$k$$$O(B 'comment.php'
$B%9%/%j%W%H$r;X$7<($9!"0-0U$"$k%O%$%Q!<%j%s%/$K4^$^$l$F$$$k2DG=@-$,$"$k!#(B
$B$3$N:]!"967b<T$K$h$C$FCmF~$5$l$?%9%/%j%W%H$O$3$N%j%s%/$K%"%/%;%9$r$7$?(B
$B%f!<%6$N(BWeb $B%V%i%&%6Fb$G!"(BGeeklog $B$r<B9T$7$F$$$k%3%s%T%e!<%?$N%;%-%e%j(B
$B%F%#%3%s%F%-%9%H$HF13J$N8"8B$G<B9T$5$l$k!#$3$N<o$N%O%$%Q!<%j%s%/$O(B HTML
$B7A<0$NEE;R%a!<%k$d!"0-0U$"$k(B Web $B%Z!<%8Fb$K4^$^$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$O(B Geeklog $B$r2TF0$9$k%3%s%T%e!<%?Fb$N!"(B
$B@5Ev$J%f!<%6$N%/%C%-!<$rMxMQ$9$kG'>ZMQ>pJs$rC%<h2DG=$G$"$k$H9M$($i$l$k!#(B

$B$3$NLdBj$O(B Geeklog 1.3.5 $B$K$*$$$FJs9p$5$l$F$*$j!"$3$l0JA0$N%P!<%8%g%s$K(B
$B$*$$$F$bF1MM$NLdBj$rJz$($k5?$$$,$"$k!#(B

4. MyHelpDesk HTML Injection Vulnerability
BugTraq ID: 4967
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4967
$B$^$H$a(B:

MyHelpDesk $B$O(B PHP $B8@8l$G3+H/$5$l$?!"(BWeb $B$r2p$9$k%X%k%W%G%9%/%7%9%F%`$G(B
$B$"$k!#$3$N%=%U%H%&%'%"$O%U%j!<$G8x3+$5$l!"B?$/$N(B UNIX $B$d(B $BMM!9$J(B Linux$B!"(B
$B$^$?!"F1MM$K(B Microsoft Windows $B$K$*$$$F$bF0:n$9$k!#(B

MyHelpDesk (20020509 $BHG$*$h$S$=$l0JA0(B) $B$K$O967b<T$,0-0U$"$k(B HTML $B$rCmF~(B
$B2DG=$G$"$kLdBj$,Js9p$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$O%U%)!<%`%U%#!<%k%IFb$+$i(B HTML $B%?%0$r==J,$K=|5n$7$F$$(B
$B$J$$!#$3$N$?$a967b<T$OG$0U$N(B HTML $B$r=|5n5!G=$,Hw$o$C$F$$$J$$%U%)!<%`%U%#!<(B
$B%k%I$r2p$7$FCmF~$9$k2DG=@-$,$"$k!#967b<T$K$h$C$FCmF~$5$l$?(B HTML $B$O$3$N(B
$B%=%U%H%&%'%"$N(B Web $B%Z!<%8Fb$N=*C<It$GI=<($5$l!"$3$N<o$N%Z!<%8$K%"%/%;%9(B
$B$7$?%f!<%6$N(B Web $B%/%i%$%"%s%H$K$h$C$F!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%H$HF13J$N8"8B$G<B9T$5$l$k!#(B

Title$B!"(BDescription$B!"(BUpdate $B%U%#!<%k%I$,0-0U$"$k(B HTML $B$NF~NO$KBP$9$k==J,(B
$B$J%U%#%k%?%j%s%0$r9T$C$F$$$J$$!#IU$12C$($k$J$i$P!"(BHTML $B$NCmF~5!2q$O?7$7(B
$B$$%A%1%C%H$,:n@.$5$l$k:]!"$"$k$$$OJT=8$5$l$k:]$K$b5/$3$jF@$k!#(B

$B$3$NLdBj$O!"@x:_E*$K(B Web $B%3%s%F%s%D$N>h$C<h$j!"$"$k$$$O@5Ev$J%f!<%6$+$i(B
$B%/%C%-!<$rMxMQ$9$kG'>ZMQ>pJs$NEp$_=P$7$r9T$&$?$a$N967b$KMxMQ$5$lF@$k$H(B
$B9M$($i$l$k!#(B

5. MyHelpDesk Cross-Site Scripting Vulnerability
BugTraq ID: 4970
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4970
$B$^$H$a(B:

MyHelpDesk $B$O(B PHP $B8@8l$G3+H/$5$l$?!"(BWeb $B$r2p$9$k%X%k%W%G%9%/%7%9%F%`$G(B
$B$"$k!#$3$N%=%U%H%&%'%"$O%U%j!<$G8x3+$5$l!"B?$/$N(B UNIX $B$d(B $BMM!9$J(B Linux$B!"(B
$B$^$?!"F1MM$K(B Microsoft Windows $B$K$*$$$F$bF0:n$9$k!#(B

MyHelpDesk (20020509 $BHG$*$h$S$=$l0JA0(B) $B$K$O967b<T$,0-0U$"$k(B HTML $B$rCmF~(B
$B2DG=$G$"$kLdBj$,Js9p$5$l$F$$$k!#(B

$BLdBj$O(B 'index.php' $B%9%/%j%W%H$KM3Mh$7$F$$$k!#(BMyHelpDesk $B$O(B CGI $B$GMxMQ$7(B
$B$F$$$kJQ?t(B id $B$X$NF~NO7k2L$r!"=PNO$9$kA0$K(B HTML $B$N==J,$J%U%#%k%?%j%s%0(B
$B$r9T$C$F$$$J$$$N$G$"$k!#(B

$B967b<T$O$3$NLdBj$rMxMQ$9$k967b$rLdBj$rJz$($k%9%/%j%W%H$KBP$7!"%U%#%k%?(B
$B%j%s%0$,9T$o$l$F$$$J$$(B CGI $B%Q%i%a!<%?$X$NCM$H$7$F!"0-0U$"$k(B HTML $B$r0z$-(B
$BEO$9$h$&$J%O%$%Q!<%j%s%/$r:n@.$9$k$3$H$G4k$F$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O@5Ev$J%f!<%6$+$i%/%C%-!<$rMxMQ$9$kG'>ZMQ>pJs$NEp$_=P$7$r9T$&(B
$B$?$a$N967b$KMxMQ$5$lF@$k$H9M$($i$l$k!#(B

6. MyHelpDesk SQL Injection Vulnerability
BugTraq ID: 4971
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4971
$B$^$H$a(B:

MyHelpDesk $B$O(B PHP $B8@8l$G3+H/$5$l$?!"(BWeb $B$r2p$9$k%X%k%W%G%9%/%7%9%F%`$G(B
$B$"$k!#$3$N%=%U%H%&%'%"$O%U%j!<$G8x3+$5$l!"B?$/$N(B UNIX $B$d(B $BMM!9$J(B Linux$B!"(B
$B$^$?!"F1MM$K(B Microsoft Windows $B$K$*$$$F$bF0:n$9$k!#(B
$B$3$N%=%U%H%&%'%"$O%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F(B MySQL $B$rMxMQ$7$F$$$k!#(B

MyHelpDesk (20020509 $BHG$*$h$S$=$l0JA0(B) $B$K$O967b<T$,0-0U$"$k(B HTML $B$rCmF~(B
$B2DG=$G$"$kLdBj$,Js9p$5$l$F$$$k!#(BSQL $BJ8$r30It$+$iCmF~$r9T$&967b(B (SQL injection
attacks) $B$N1F6A$r<u$1$kLdBj$rJz$($F$$$k!#(B

index.php $B%9%/%j%W%H$O(B SQL $BJ8$r30It$+$iCmF~$r9T$&967b(B (SQL injection
attacks) $B$N1F6A$r<u$1$kLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k!#(BCGI $B$X$N%Q%i%a!<(B
$B%?$r2p$7!"%j%b!<%H%f!<%6$+$iM?$($i$l$?%G!<%?$O(B SQL $B%9%F!<%H%a%s%H$N0lIt(B
$B$XD>@\MxMQ$5$l$F$$$k!#$3$N:]!"F~NOCM$KBP$9$k%U%#%k%?%j%s%0$,==J,$K9T$o(B
$B$l$F$$$J$$$?$a!"(BSQL $B%/%(%j$NO@M}9=B$$r2~JQ2DG=$G$"$k!#(B

$BCm0U$rJ'$C$F<B9T$5$l$?(B SQL $BJ8$r30It$+$iCmF~$r9T$&967b$O!"@x:_E*$J30It$N(B
$B?M4V$K$h$k=EMW$J>pJs$N;2>H$d2~JQ$r2DG=$K$9$k$H9M$($i$l$k!#IU$12C$($k$J(B
$B$i$P!"967b<T$O@x:_E*$K$3$NLdBj$r!"%P%C%/%(%s%I%G!<%?%Y!<%9Fb$N$$$:$l$N(B
$B4{B8$NLdBj$KBP$9$k967b$r4k$F$k$?$a$KMxMQ$9$k2DG=@-$,$"$k!#(B

7. ZenTrack Ticket.PHP Information Disclosure Vulnerability
BugTraq ID: 4973
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4973
$B$^$H$a(B:

ZenTrack $B$O%W%m%8%'%/%H4IM}!"%P%0$NDI@W!"%A%1%C%H4IM}$rE}3gE*$K9T$&$h$&(B
$B$K@_7W$5$l$?%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B PHP $B8@8l$K$h$C$F<BAu(B
$B$5$l!"MM!9$J(B UNIX $B$d(B Linux $B$d!"$^$?!"(BMicrosoft Windows $B$K$*$$$F$bF0:n2D(B
$BG=$G$"$k!#(B

ZenTrack 2.0.3 $B$*$h$S$=$l0JA0$N%P!<%8%g%s$G$O%Q%9>pJs$r3+<($9$kLdBj$,H/(B
$B8+$5$l$F$$$k!#(B

$BB8:_$7$J$$%A%1%C%H$X(B HTTP $B%j%/%(%9%H$r9T$&$3$H$K$h$j!"967b<T$O$3$N%=%U%H(B
$B%&%'%"$N%(%i!<=PNOFb$K(B Web $B$N8x3+J8=qMQ$N%I%-%e%a%s%H%k!<%H%G%#%l%/%H%j(B
$B$N@dBP%Q%9$r3+<($5$;$k$3$H$,2DG=$J$N$G$"$k!#$^$?!"$3$N%=%U%H%&%'%"$O96(B
$B7b<T$XB>$N=EMW$J>pJs$r3+<($9$k2DG=@-$,$"$k!#(B

$B$3$N967b$K$h$jF~<j$5$lF@$?>pJs$O!"967b<T$K$h$jLdBj$rJz$($k%3%s%T%e!<%?(B
$B$X$N$5$i$J$k967b$N4k$F$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

8. Geeklog Calendar Event Form Script Injection Vulnerability
BugTraq ID: 4974
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4974
$B$^$H$a(B:

MyHelpDesk $B$O(B PHP $B8@8l$G3+H/$5$l$?!"(BWeb $B$r2p$9$k%X%k%W%G%9%/%7%9%F%`$G(B
$B$"$k!#$3$N%=%U%H%&%'%"$O%U%j!<$G8x3+$5$l!"B?$/$N(B UNIX $B$d(B $BMM!9$J(B Linux$B!"(B
$B$^$?!"F1MM$K(B Microsoft Windows $B$K$*$$$F$bF0:n$9$k!#(B
$B$3$N%=%U%H%&%'%"$O%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F(B MySQL $B$rMxMQ$7$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$O%U%)!<%`%U%#!<%k%IFb$+$i(B HTML $B%?%0$r==J,$K=|5n$7$F$$(B
$B$J$$$?$a!"%9%/%j%W%H$rCmF~$9$k967b$N1F6A$r<u$1$k5?$$$,$"$k!#(B

$B?75,$K(B Calendar Event $B$rF~NO$9$k%U%)!<%`$N(B Link $B%U%#!<%k%I$K967b<T$K$h$C(B
$B$FCmF~$5$l$?%9%/%j%W%H$,F~NO$5$l$k:]!"$=$N7k2L$H$7$F(B Geeklog $B$K$h$C$F@8(B
$B@.$5$l$k(B Web $B%Z!<%8Fb$N=*C<It$KCmF~$5$l$?%9%/%j%W%H$,I=<($5$l!"$3$N%Z!<(B
$B%8$r;2>H$9$k%f!<%6$N(B Web$B%V%i%&%6Fb$G!"$3$N%=%U%H%&%'%"$r2TF0$9$k%5%$%H(B
$B$N%;%-%e%j%F%#%3%s%F%-%9%H$HF13J$N8"8B$G<B9T$5$l$k!#(B

$B?75,$N(B Calendar Event $B$X$NF~NO$O$3$N%=%U%H%&%'%"$r1?MQ$7$F$$$k(B Web $B%5%$(B
$B%H$N4IM}<T$XEPO?>5G'$N$?$a$KE>Aw$5$l$kE@$ON10U$5$l$k$Y$-$G$"$k!#(B

$B$3$NLdBj$O!"@x:_E*$K(B Web $B%3%s%F%s%D$N>h$C<h$j!"$"$k$$$O@5Ev$J%f!<%6$+$i(B
$B%/%C%-!<$rMxMQ$9$kG'>ZMQ>pJs$NEp$_=P$7$r9T$&$?$a$N967b$KMxMQ$5$lF@$k$H(B
$B9M$($i$l$k!#(B

9. W-Agora Remote File Include Vulnerability
BugTraq ID: 4977
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4977
$B$^$H$a(B:

W-Agora $B$O(B Web $B$r2p$9$k=PHG!"EE;R7G<(HD5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B PHP $B8@8l$rMxMQ$7$F<BAu$5$l!"B?$/$N(B UNIX $B$dMM!9$J(B Linux
$B$GF0:n$7!"$^$?!"(BMicrosoft Windows $B$K$*$$$F$bF0:n$9$k!#(B

W-Agora $B$O967b<T$,%j%b!<%H$N%5!<%P>e$NG$0U$N%U%!%$%k$r%$%s%/%k!<%I2DG=(B
$B$H$J$kLdBj$rJz$($k5?$$$,$"$k!#$3$N%=%U%H%&%'%"$G$O!"@_Dj%U%!%$%kMQ$N%Q(B
$B%9$r;2>H$9$k$?$a$K!"(BW-Agora $B$,MxMQ$9$k%9%/%j%W%HCf$GFC$K(B inc_dir $B$H$$$&(B
$BJQ?t$,MxMQ$5$l$F$*$j!"(B $BFCDj$N@_Dj>uBV$G$O!"967b<T$O%j%b!<%H$N%5!<%P$N%U%!(B
$B%$%k$r;X$7<($9$h$&$J@_Dj%U%!%$%k$N0LCV$r;XDj$9$k!"G$0U$NCM$rDj5A2DG=$G(B
$B$"$k!#(B

$B%$%s%/%k!<%IBP>]$N%U%!%$%k$,(B PHP $B%9%/%j%W%H$G$"$k>l9g!"$3$NLdBj$K$h$j!"(B
$B967b<T$,;XDj$9$kG$0U$N%U%!%$%k$N<B9T$,2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$N7k2L$O!"LdBj$rJz$($k%=%U%H%&%'%"$r2TF0$5$;$F$$(B
$B$k%3%s%T%e!<%?>e$G$N!"(BPHP $B$N@_Dj>uBV$K1~$8$F:81&$5$l$k!#(Ball_url_fopen
$B$,(B off $B$K@_Dj$5$l$F$$$k>l9g!"$3$NLdBj$rMxMQ$9$k967b$N1F6AHO0O$O69$a$i(B
$B$l$k!#(B

10. Datalex Bookit! Consumer Plaintext Authentication Credentials
Vulnerability
BugTraq ID: 4972
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4972
$B$^$H$a(B:

Datalex Bookit! Consumer $B$O!"(BWeb $B$rMxMQ$7$FN99TM=Ls%5!<%S%9$rDs6!$9$k(B
$B%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows $B$K2C$(!"B?$/(B
$B$N(B UNIX $B$d(B $BMM!9$J(B Linux $B$K$*$$$FF0:n$9$k!#(B

Datalex Bookit! Consumer $B$OG'>ZMQ>ZL@=q$r5-21$9$k$h$&$K@_Dj$5$l$k2DG=(B
$B@-$,$"$k!#G'>ZMQ>ZL@=q$rJ];}$9$k$?$a$K(B 'remembered' $B$rA*Br$9$k$H!"$=$N(B
$B>ZL@=q$O%/%C%-!<Fb$KJ]B8$5$l$k!#$7$+$7!"$3$l$i%/%C%-!<Fb$KJ]B8$5$l$?>Z(B
$BL@=q$O!"J?J8$H$7$FJ]B8$5$l$k!#$3$NG'>ZMQ>ZL@=q$,$5$i$K967b<T$+$i;2>H$G(B
$B$-$k$h$&$K$J$k>l9g$K!"$3$N$3$H$,LdBj$H$J$k$N$G$"$k!#(B

$BFCDj$N>u672<$K$*$$$F!"%G!<%?$,(B GET $B<jK!$rMxMQ$7$FAw$i$l$F$$$kE@$ON10U(B
$B$5$l$M$P$J$i$J$$!#$3$N$?$a!"=EMW$J>pJs(B ($BJ?J8$NG'>ZMQ>ZL@=q$r4^$`(B) $B$O!"(B
CGI $B$X$N%Q%i%a%?$N7ABV$GAw$i$l$k$N$G$"$k!#(B

$B967b<T$,J?J8$N>ZL@=q$X$N%"%/%;%9$r<hF@2DG=$H?d;!$5$l$k!"?tB?$/$N>u67$,(B
$BA[Dj$5$l$k!#Nc$($P!"G'>ZMQ>ZL@=q$O!"%W%m%-%7%5!<%P>e$K$*$$$F%-%c%C%7%e(B
$B$5$l$k!#$^$?!"$3$N$3$H$O!"FCDj$N0LCV$KB8:_$9$k967b<T$K$h$j!"%f!<%6$N(B 
Web $B%/%i%$%"%s%H$H$3$N%=%U%H%&%'%"$,2TF0$9$k%5!<%P4V$N%M%C%H%o!<%/%H%i(B
$B%U%#%C%/$rC5CN$9$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#?k$K$O!"%/%C%-!<$rMxMQ(B
$B$7$F$NG'>ZMQ>ZL@=q$O!"%/%m%9%5%$%H%9%/%j%W%H$rMxMQ$9$k967b!"$b$7$/$O(B 
HTML $B$,30It$+$iCmF~$r9T$&967b(B (HTML injection attacks) $B$K$h$j@x:_E*$K(B
$B8x3+$5$l$F$7$^$&2DG=@-$,$"$k!#(B

11. BizDesign ImageFolio Authorized User Web Root Disclosure Vulnerability
BugTraq ID: 4976
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4976
$B$^$H$a(B:

ImageFolio Pro $B$O(B Web $B%$%s%?%U%'!<%9$r2p$7$?4IM}5!G=$N%5%]!<%H$,4^$^$l$k!"(B
Web $B$rMxMQ$9$k2hA|%"!<%+%$%V%Q%C%1!<%8$G$"$k!#LdBj$O(B ImageFolio Pro $B%P!<(B
$B%8%g%s(B 2.27 $B0JA0$K$*$$$FB8:_$9$k!#(B

Web $B$r2p$9$k4IM}MQ%Z!<%8$XFC$K6lO+$;$:$K%"%/%;%9$G$-F@$k%j%b!<%H%f!<%6$O!"(B
$B?7$?$J2hA|%+%F%4%j$r:n@.$9$k2DG=@-$,$"$k!#0-0U$"$k%f!<%6$KM?$($i$l$?%U%!(B
$B%$%kL>$K(B  "../" ( 2$B$D$N%T%j%*%I$H(B 1 $B$D$N%9%i%C%7%e$+$i@.$kJ8;zNs(B) $B$NA^F~(B
$B$9$k$3$H$G!"$3$N%=%U%H%&%'%"$N=hM}$N7g4Y$rA_$$@x$k967b$r;E8~$1$k$3$H$r2D(B
$BG=$K$9$k!#$3$N967b$,<:GT$K=*$o$k>l9g!"I=<($5$l$k%(%i!<%a%C%;!<%8$K$O!":n(B
$B@.$r4k$F$i$l$?%U%!%$%k$N@dBP%Q%9$,4^$^$l$k!#(B

$BE57?E*$J@_Dj>uBV$G$O!"$3$N%Q%9$K$O(B Web $BMQ$N%I%-%e%a%s%H%k!<%H>e$N>pJs$,(B
$B4^$^$l$k!#967b<T$O%5!<%P$X$N99$J$k!VCNE*!W$J967b$r4k$F$k$?$a$K$3$N>pJs$r(B
$BMxMQ$9$k2DG=@-$,$"$k!#(B

$B%j%b!<%H%f!<%6$O4IM}%Z!<%8$X$NM-8z$J%"%/%;%9$,9T$($kI,MW$,$"$j!"?7$?$J%+%F(B
$B%4%j$r:n@.$9$k$?$a$K!"2C$($FM-8z$J8"8B$,M?$($i$l$F$$$kI,MW$,$"$k!#(B

12. Seanox DevWex File Disclosure Vulnerability
BugTraq ID: 4978
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4978
$B$^$H$a(B:

Seanox DevWex $B$O(B Web $B%5!<%P$G$"$k!#C1BN$N(B Microsoft Windows $B%P%$%J%j$b$7(B
$B$/$O(B Java $B%"%W%j%1!<%7%g%s$H$7$FF~<j2DG=$G$"$k!#(B

Seanox DevWex $B$N(B Windows $B%P%$%J%j$N%P!<%8%g%s$O!"$I$N$h$&$J%f!<%6$G$"$C(B
$B$F$bFI$_9~$_2DG=$JG$0U$N%U%!%$%k$r%j%b!<%H$N967b<T$K3+<($5$l$k$3$H$r0z(B
$B$-5/$3$92DG=@-$,$"$kLdBj$H$J$k5?$$$rJz$($F$$$k!#$3$NLdBj$O(B DevWex $B$,(B HTTP
$B%j%(%9%HFb$N(B "..\" (2 $B$D$N%I%C%H$H(B 1 $B$D$N%P%C%/%9%i%C%7%e$+$i@.$kJ8;zNs(B)
$BJ8;zNs$r==J,$K%U%#%k%?$7$F$$$J$$$?$a$K@8$8$k$N$G$"$k!#7k2L$H$7$F!"967b(B
$B<T$O(B "..\" $B%7!<%1%s%9J8;zNs$rAH$_9g$o$;$?0-0U$"$k%j%/%(%9%H$r:n@.$9$k$3(B
$B$H$K$h$j!"(BWeb $BMQ$N%I%-%e%a%s%H%k!<%H%G%#%l%/%H%j$N30It$N%U%!%$%k$X$N%j(B
$B%/%(%9%H$r9T$&2DG=@-$,$"$k!#967b<T$N967bBP>]$H$J$k%U%!%$%k$O!"$3$N<jK!(B
$B$G3+<($5$l$k2DG=@-$,$"$k!#(B
($BLuCm(B: \ $B$O86J8$G$O%P%C%/%9%i%C%7%e$r<($7$F$$$^$9(B)

13. Seanox DevWex Buffer Overflow Vulnerability
BugTraq ID: 4979
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4979
$B$^$H$a(B:

Seanox DevWex $B$O(B Web $B%5!<%P$G$"$k!#C1BN$N(B Microsoft Windows $B%P%$%J%j$b$7(B
$B$/$O(B Java $B%"%W%j%1!<%7%g%s$H$7$FF~<j2DG=$G$"$k!#(B

Seanox DevWex $B$N(B Windows $B%P%$%J%j$N%P!<%8%g%s$O!"%P%C%U%!%*!<%P!<%U%m!<(B
$B$K4Y$k5?$$$rJz$($F$$$k!#$3$N>uBV$O(B HTTP $B$N(B GET $B%a%=%C%I$N%j%/%(%9%HD9$K(B
$B4X$9$k6-3&%A%'%C%/$rBU$C$F$$$k$?$a$K@8$8$k!#Hs>o$KD9$$%j%/%(%9%H(B (258383
$B8D0J>e$ND9$5$NJ8;zNs(B) $B$K$h$j!"$3$N>uBV$,0z$-5/$3$5$l$k$N$G$"$k!#(B

$B$3$l$O(B Web $B%5!<%P$N%W%m%;%98"8B(B ($BDL>o$G$"$l$P(B SYSTEM $B8"8B(B) $B$G!"967b<T$+(B
$B$iM?$($i$l$?G$0U$NL?Na$r<B9T$9$k$?$a$K!"@x:_E*$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

14. LPRNG Remote Print Submission Vulnerability
BugTraq ID: 4980
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4980
$B$^$H$a(B:

LPRng $B%=%U%H%&%'%"$O!"(BBerkley $BM3Mh$N(B LPR $B%W%j%s%H%9%W!<%k5!G=$r$h$j6/2=(B
$B$7!"3HD%@-!"0\?"@-$r;}$?$;$?%=%U%H%&%'%"$G$"$k!#(B

LPRng $B$N%G%U%)%k%H@_Dj$O!"%W%j%s%H%-%e!<$X$N%W%j%s%HBT$A$r$$$+$J$k%j%b!<(B
$B%H$+$i$b<u$1F~$l$k!#0-0U$"$k967b<T$O%W%j%s%H%-%e!<$r%-%e!<$KC_@Q$5$;B3(B
$B$1$k$?$a$K!"B?$/$N%W%j%s%H%j%/%(%9%H$rAw$j$D$1$k2DG=@-$,$"$k!#$3$l$K$h(B
$B$j!"%3%s%T%e!<%?Fb$N;q8;$r>CHq$7?T$/$5$;$k$3$H$,2DG=$K$J$j!"(BDoS $B>uBV$r(B
$B0z$-5/$3$92DG=@-$,$"$k!#(B

15. Lokwa BB Multiple SQL Injection Vulnerabilities
BugTraq ID: 4981
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4981
$B$^$H$a(B:

Lokwa BB $B$O(B $B%U%j!<$GMxMQ2DG=$J%a%C%;!<%87G<(HD%U%)!<%i%`$G$"$k!#(B
Lokwa $B$N$$$/$D$+$N%P!<%8%g%s$O(B SQL $BJ8$r30It$+$iCmF~$r9T$&967b(B (SQL injection
attacks) $B$r<u$1F~$l$F$7$^$&!#(B

Lokwa BB $B$O(B SQL $B%/%(%jFb$KG$0U$NJ8;zNs$H$=$l$K2C$($F(B SQL $B9=J8$rA^F~$9$k$H!"(B
$B30It$+$iM?$($i$l$?F~NOCM$r==J,$K@5Ev$G$"$k$H3NG'$7$J$$!#7k2L$H$7$F967b<T(B
$B$O%"%W%j%1!<%7%g%s$K$h$j7A@.$5$l$k(B SQL $B%/%(%j$r2~JQ$9$k2DG=@-$,$"$k!#$3(B
$B$l$O!"=EMW$J>pJs$N3+<($,2DG=$G$"$k$H?d;!$5$l$k!#(B

$BJs9p$K$h$k$H!"FCDj$N>u672<$K$*$$$FG$0U$NHkF?$5$l$?%a%C%;!<%8$X%"%/%;%9(B
$B$7!"$=$l$KBP$9$k1~Ez$rJV$;$k$h$&$K$J$k2DG=@-$,$"$k$3$H$,<($5$l$F$$$k!#(B

$B$3$NLdBj$O!"(B'member.php'$B!"(B'misc.php' $B$d(B 'pm.php' $B%9%/%j%W%HFb$K$"$k$HJs(B
$B9p$5$l$F$$$k!#(B'pm.php' $B%9%/%j%W%H$OG$0U$N%W%i%$%Y!<%H%a%C%;!<%8$N3+<($H(B
$BJV$9$3$H$KMxMQ$5$l$k!#(B'misc.php' $B$H(B 'member.php' $B$O!"%f!<%6$,4IM}<T$G$"(B
$B$k$HFCDj$9$k$3$H$d!"$I$N%f!<%6$,FCDj$N%Q%9%o!<%I=jM-$9$k$N$+$rFCDj$9$k(B
$B$3$H$J$I$N!"%f!<%6>pJs$r<}=8$9$kJd=u<jCJ$H$J$jF@$k$N$G$"$k!#(B

16. Belkin F5D5230-4 Router Internal Web Request Vulnerability
BugTraq ID: 4982
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4982
$B$^$H$a(B:

The Belkin F5D5230-4 4-Port Cable/DSL Gateway Router $B$O!"2HDm$*$h$S>.5,(B
$BLO%*%U%#%98~$1$N%O!<%I%&%'%"7?$N%k!<%?$G$"$k!#(B

$B5!4o$N5!G=$H$7$F!"M?$($i$l$?%]!<%H$KBP$7$F30It$+$iF~$C$F$/$k%H%i%U%#%C(B
$B%/$r<u$1<h$kFbIt%M%C%H%o!<%/>e$N%5!<%P$rFCDj$9$k$3$H$,2DG=$G$"$k!#Nc$((B
$B$P!"FbIt(B Web $B%5!<%P$O!"(B80 $BHV%]!<%H$KBP$9$kA4%H%i%U%#%C%/$r<u$1<h$k2DG=(B
$B@-$,$"$k!#@x:_E*$JLdBj$O$3$N5!G=$K$"$k$HJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"0-0U$"$kFbIt$N967b<T$O$3$N5!G=$rMxMQ$9$k2DG=@-$,$"$k!#96(B
$B7b<T$,(B Web $B%5!<%P$X$N%j%/%(%9%H$rAw$j$D$1$k$H!"%k!<%?$N30It%$%s%?%U%'!<(B
$B%9$+$iM3Mh$9$k$h$&$K8+$($k!#(BWeb $B%5!<%P$O$3$N(B IP $B%"%I%l%9$,5/8;$G$"$k$H(B
$B$7$F%j%/%(%9%H$r5-O?$9$k!#(B

$B%m!<%+%k$N967b<T$O(B Web $B%5!<%P$X99$J$k967b$r4k$F$k$?$a$K!"$3$NLdBj$rMxMQ(B
$B$9$k2DG=@-$,$"$k!#967b$,8!=P$5$l$?$H$7$F$b!"967b<T$r$?$I$k$3$H$OIT2DG=(B
$B$G$"$k!#(B

17. AlienForm2 Directory Traversal Vulnerability
BugTraq ID: 4983
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4983
$B$^$H$a(B:

AlienForm2 $B$O(B Perl $B8@8l$rMxMQ$7$F3+H/$5$l$?EE;R%a!<%k%2!<%H%&%'%$MQ$N(B
$B%$%s%?%U%'!<%9$G$"$j!"(BJon Hedley $B$K$h$C$FJ]<i$5$l$F$$$k!#(B

$BK\Mh%"%/%;%9$G$-$J$$%G%#%l%/%H%j$X$N;2>H$,9T$($kLdBj$,Js9p$5$l$F$$$k$?(B
$B$a!"%f!<%6$O%[%9%H>e$KB8:_$9$k$$$+$J$k%U%!%$%k$X%"%/%;%9$7!"%U%!%$%kFb(B
$BMF$r@x:_E*$K2~JQ$9$k$3$H$,2DG=$H$J$k!#(B

$BJs9p$K$h$k$H!"%f!<%6$+$iM?$($i$l$?F~NOCM$K$D$$$F$N%U%#%k%?%j%s%0$r;n$_(B
$B$k:]!"F~NO$5$l$?(B HTTP $B%j%/%(%9%H$+$iFCDj$N5?$o$7$$J8;z$O=|5n$5$l$k!#(B
$B7k2L$H$7$F!"(B'.|.' ( 2 $B$D$N%T%j%*%I$N4V$K%Q%$%W$+$i@.$kJ8;zNs(B) $B$NJ8;zNs(B
$B$O!"(B'..' ( 2 $B$D$N%T%j%*%I$+$i@.$kJ8;zNs(B) $B$H$7$F2r<a$5$l$k!#(B

$B%G%#%l%/%H%j$N;2>H$K4X$9$k967b$r2p$7!"%5!<%P>e$NG$0U$N%U%!%$%k$r%"%/%;(B
$B%9$9$k$3$H$G$3$NLdBj$rMxMQ$9$k$3$H$,2DG=$G$"$k$HJs9p$5$l$F$$$k!#$3$l$O!"(B
$B7+$jJV$7$F(B '.|.%2F' $B$N$h$&$JJ8;zNs$r4^$`(B GET $B%j%/%(%9%H$K$h$j@.$7?k$2$i(B
$B$l$k$H9M$($i$l$k!#(B

$B%f!<%6$+$iF~NO$5$l$?%G!<%?$r%U%!%$%k$XE>Aw$9$k5!G=$HAH$_9g$o$;$k$3$H$G!"(B
$B$3$NLdBj$rMxMQ$9$k967b$,4k$F$i$l$k2DG=@-$,$"$k!#$3$N>l9g!"%j%b!<%H%f!<(B
$B%6$K$h$j!"%9%/%j%W%H%f!<%6$N8"8B$G$$$+$J$k%7%9%F%`%U%!%$%k$XG$0U$N%G!<(B
$B%?$r2C$($k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"BP>]%[%9%H$X$N99$J$k967b$NJd=u<jCJ$K(B
$BMxMQ$5$l$k2DG=@-$,$"$k!"=EMW$J%G!<%?$r3+<(2DG=$H$J$k!#(B


18. RHMask Local File Overwrite Vulnerability
BugTraq ID: 4984
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jun 11 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4984
$B$^$H$a(B:

rhmask $B$OB>$N%U%!%$%k$H$N%^%9%/(B ($BLuCm(B: $B:9J,(B) $BItJ,$H$J$k%U%!%$%k$rG[I[$9(B
$B$k$?$a$N(B Red Hat Linux $B$KF1:-$5$l$k%f!<%F%#%j%F%#$G$"$k!#(B

rhmask $B$O%^%9%/%U%!%$%kCf$K=PNO$5$l$?%U%!%$%kL>$NBEEv@-$N3NG'$rE,@Z$K9T$C(B
$B$F$$$J$$$N$G$"$k!#$3$N$?$a!"967b<T$O%^%9%/$,E,MQ$5$l$?:]$K!"%7%s%\%j%C(B
$B%/%j%s%/$r2p$7$F!"%7%9%F%`%U%!%$%k$r>e=q$-$9$k$h$&$J%^%9%/%U%!%$%k$r:n(B
$B@.$9$k$?$a$K!"@x:_E*$K$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#DL>o$N>uBV$G$O!"(B
$B%f!<%6$X$O%^%9%/$rE,MQ$9$kBP>]$N%U%!%$%k$,DL9p$5$l$k$,!"(Brhmask $B$OBP>]%U%!(B
$B%$%k$,%7%s%\%j%C%/%j%s%/$G$"$k>l9g$K$OE,@Z$JDL9p$r9T$o$J$$!#(B

rhmask $B$O:G6a$N(B Red Hat Linux $B$K$O%G%U%)%k%H$G%$%s%9%H!<%k$5$l$F$$$J$$!#(B

19. Caldera OpenServer XSCO Color Database File Heap Overflow Vulnerability
BugTraq ID: 4985
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jun 11 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4985
$B$^$H$a(B:

OpenServer $B$O>&MQ$N(B UNIX $B%*%Z%l!<%F%#%s%0%7%9%F%`$G$"$j!"(BSCO $B$K$h$C$F(B
$B3+H/$5$l!"(BCaldera $B$K$h$C$FHNGd$5$l$F$$$k!#(B

OpenServer $B$KF1:-$5$l$F$$$k%&%$%s%I%&%7%9%F%`%=%U%H%&%(%"%Q%C%1!<%8$O!"(B
$B%m!<%+%k%f!<%6$N8"8B$r>:3J$5$;F@$kLdBj$rJz$($F$$$k!#$3$NLdBj$O(B Xsco
$B%W%m%0%i%`$K$*$1$kFCDj$N%3%^%s%I%i%$%s$N%*%W%7%g%s$N07$$$KM3Mh$7$F$$$k!#(B

Xsco $B$O(B OpenServer $B$H6&$KDs6!$5$l$F$$$k(B X Window System $B%5!<%P$G$"$k!#(B
OpenServer $B$H6&$KDs6!$5$l$F$$$k%G%9%/%H%C%W4D6-$,!"(BXsco $B>e$GF0:n$7$F$$(B
$B$k!#(BXsco $B$O%G%U%)%k%H$G(B setuid root $B$5$l$F$$$k!#(B

Xsco $B$N(B -co $B$H$$$&%3%^%s%I%i%$%s%*%W%7%g%s$O!"?'$K4X$9$k%G!<%?%Y!<%9%U%!(B
$B%$%k$rFI$_9~$`$?$a$KMxMQ$5$l$F$$$k!#(B

Xsco $B$,Jz$($kLdBj$K$h$j!"%m!<%+%k%f!<%6$,8"8B$r>:3J$5$;F@$k2DG=@-$,$"$k!#(B
Xsco $B$,F0:n$7$F$$$k:]$K!"6KC<$KD9$$0z?t$r(B -co $B%U%i%0$H6&$KEO$9$3$H$G!"(B
$B%R!<%W%*!<%P!<%U%m!<$,H/@8$9$k$N$G$"$k!#%m!<%+%k%f!<%6$O(B -co $B%*%W%7%g%s(B
$B$H6&$K!"0U?^E*$JFCDj$NJ8;zNs$rEO$9$3$H$G!"7k2LE*$KG$0U$N%3!<%I$r<B9T$7!"(B
$B8"8B>:3J$,2DG=$H$J$k!#(B

$B$3$N%*!<%P!<%U%m!<$O(B 9000 $BJ8;z0J>e$N0z?t$,(B -co $B%*%W%7%g%s$KEO$5$l$?:]$K(B
$B:F8=$5$l$F$$$k!#$3$NLdBj$K$h$C$F!"%m!<%+%k%f!<%6$O(B root $B%0%k!<%W$N8"8B(B
$B$GG$0U$N%3!<%I$r<B9T$7!"%m!<%+%k$N4IM}<T8"8B(B (root $B8"8B(B) $B$rC%<h2DG=$G$"(B
$B$k!#(B

20. LinkSys EtherFast Router Remote Administration Enabled Vulnerability
BugTraq ID: 4987
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 11 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4987
$B$^$H$a(B:

Linksys EtherFast $B%k!<%?$O!"(B DSL $B$d(B Cabel $B@\B3$NMxMQ$KE,$9$k$h$&$K@_7W(B
$B$5$l$?!"(B4 $B%]!<%H$N>.5,LO%k!<%?$G$"$k!#(BEtherFast $B%k!<%?$O!"(BNetwork Address
Translation $B$d(B DHCP $B$H$$$C$?5!G=$rDs6!$9$k!#(B

$B$3$NLdBj$O(B 2002 $BG/(B 5 $B7n(B 1 $BF|$K%j%j!<%9$5$l$?%U%!!<%`%&%(%"$N!"8=9THG(B
(1.42.7) $B$KBP$7$FJs9p$5$l$?!#Js9p$K$h$k$H!"$3$N%U%!!<%`%&%(%"$O%k!<%?$N(B
$B%j%b!<%H$+$i$N4IM}5!G=$NMxMQ$rM^@)$9$k$?$a$N%k!<%k$NB8:_$r9MN8$7$F$$$J(B
$B$$$N$H$N$3$H$G$"$k!#3:Ev$9$k%U%!!<%`%&%(%"$N%P!<%8%g%s$O!"%j%b!<%H$+$i(B
$B$N4IM}5!G=$rDs6!$9$k$?$a$K(B TCP/5678 $B$G%3%M%/%7%g%s$rBT$A<u$1$F$$$k!#(B

$B$3$N%U%!!<%`%&%(%"$O(B "Block WAN" $B$d(B "Remote Admin" $B%*%W%7%g%s$,L58z$K$J$C(B
$B$F$$$?$H$7$F$b!"%j%b!<%H4IM}$N$?$a$N(B TCP $B%]!<%H$r3+$$$F$7$^$&!#(B

$B967b<T$OLdBj$rJz$($k5!4o$KBP$9$k%j%b!<%H$+$i$N967b$r9T$&$3$H$,2DG=$G$"(B
$B$k$H?d;!$5$l$k!#(B

$B$3$l$h$j0JA0$N%U%!!<%`%&%(%"$N%P!<%8%g%s$O!"$3$NLdBj$N1F6A$r<u$1$J$$!#(B

21. Pinboard Task List HTML Injection Vulnerability
BugTraq ID: 4988
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 10 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4988
$B$^$H$a(B:

Pinboard $B$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$?!"(BWeb $B2p$7$FMxMQ2DG=$J%?%9%/%j(B
$B%9%H4IM}%D!<%k$G$"$k!#(B

Pinboard $B$O%U%)!<%`%U%#!<%k%I$+$i(B HTML $B%?%0$N=|5n$rE,@Z$K9T$J$C$F$$$J$$!#(B
$B$3$N$?$a!"(BPinboard $B$N%f!<%6$OG$0U$N(B HTML $B$d%9%/%j%W%H%3!<%I$r%?%9%/%j%9(B
$B%H$KCmF~$9$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#$3$N$h$&$KKd$a9~$^$l$?(B HTML $B$d(B
$B%9%/%j%W%H%3!<%I$O!"%?%9%/%j%9%H$r1\Mw$7$?(B Web $B%f!<%6$N%V%i%&%6Fb$G!"%?(B
$B%9%/%j%9%H$r2TF0$5$;$F$$$k%5%$%H$N%3%s%F%-%9%H$G<B9T$5$l$k$N$G$"$k!#(B

$B0-0U$"$k%f!<%6$O!"(B Web $B%3%s%F%s%D$N>h$C<h$j!"@x:_E*$K%/%C%-!<$KM3Mh$7$?(B
$BG'>Z>pJs$N=jF@$r9T$&$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

22. MMFTPD SysLog Format String Vulnerability
BugTraq ID: 4990
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 11 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4990
$B$^$H$a(B:

mmftpd $B$O%U%j!<$GMxMQ2DG=$J%*!<%W%s%=!<%9$N(B Linux $B8~$1$N(B FTP $B%5!<%P$G$"(B
$B$k!#(B

$B$3$N%G!<%b%s$O!"%j%b!<%H$N967b<T$,G$0U$N%3!<%I$r<B9T$7F@$kLdBj$rJz$($F(B
$B$$$k!#(B

mmftpd $B$O!"ITE,@Z$J(B syslog $B$N8F$S=P$7$K$h$C$F!"G$0U$N%3!<%I$r<B9T$9$k$3(B
$B$H$,2DG=$H$J$kLdBj$rJz$($F$$$k!#%f!<%6$,:n@.$7$?>pJs$r%m%0$H$7$FJ]B8$9(B
$B$k%W%m%0%i%`Fb$K$*$1$k(B syslog $B$N8F$S=P$7$,!"@x:_E*$K4X?t$N%j%?!<%s%"%I(B
$B%l%9$r>e=q$-$7!"G$0U$N%3!<%I$r<B9T$9$k$h$&$J%a%b%j$r4^$`!"FCDj$N%a%b%j(B
$B$K%3!<%I$r>e=q$-$9$k$3$H$r2DG=$H$9$k$N$G$"$k!#(B

$B$3$NLdBj$K$h$j!"967b<T$O%W%m%0%i%`Fb$N(B syslog $B4X?t$K0-0U$r;}$C$?=q<0;X(B
$BDj;RIU$-J8;zNs$rAw?.$9$k$3$H$,2DG=$H$J$k!#0-0U$r;}$C$?=q<0;XDj;RIU$-J8(B
$B;zNs$H$=$NCf$K4^$^$l$?%3!<%I$O!"(Bmmftpd $B$N<B9T8"8B$G<B9T$5$l$k!#(B

23. BBGallery Image Tag HTML Injection Vulnerability
BugTraq ID: 4992
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 11 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4992
$B$^$H$a(B:

BBGallery $B$O!"(B jpeg $B2hA|$+$i(B HTML $B$r@8@.$9$k(B Perl $B%9%/%j%W%H$G$"$j!"%5(B
$B%`%M%$%k2hA|$rMM!9$J<oN`$N(B Web $B%V%i%&%6$G1\Mw$G$-$k%$%a!<%8%.%c%i%j!<7A(B
$B<0$G@8@.$7$F$$$k!#(BBBGallery $B$O(B Bodo Bauer $B$K$h$C$FJ]<i$5$l$F$$$k!#(B

BBGallery $B$N(B 1.1.0 $B0JA0$N%P!<%8%g%s$O(B image $B%?%0$+$i(B HTML $B$r%U%#%k%?%j(B
$B%s%0$7$J$$$N$G$"$k!#967b<T$O(B BBGallery $B$N%$%a!<%8$KG$0U$N%9%/%j%W%H%3!<(B
$B%I$rCmF~$9$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#CmF~$5$l$?%9%/%j%W%H%3!<%I$O!"(B
$B$=$N0-0U$"$k%$%a!<%8$r1\Mw$7$?(B Web $B%f!<%6$N%V%i%&%6$G!"(B BBGallery $B$,F0(B
$B:n$7$F$$$k(B Web $B%5%$%H$N%3%s%F%-%9%H$G<B9T$5$l$k$N$G$"$k!#(B

$B$3$NLdBj$K$h$C$F!"(BWeb $B%3%s%F%s%D$N>h$C<h$j!"@55,$N%f!<%6$+$i%/%C%-!<$K(B
$BM3Mh$7$?G'>Z>pJs$NC%<h$,9T$o$l$k2DG=@-$,$"$k!#(B

24. CGIScript.net csNews Double URL Encoding Unauthorized Administrative Access Vulnerability
BugTraq ID: 4993
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 11 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4993
$B$^$H$a(B:

csNews $B$O(B Web $B%5%$%H>e$G%K%e!<%9$r4IM}$9$k%9%/%j%W%H$G$"$k!#$3$N%=%U%H(B
$B%&%'%"$OB?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows$B$K(B
$B$*$$$F$bF0:n$9$k!#(B

csNews $B$O(B Web $B%$%s%?!<%U%'!<%9$r2p$7$F@_Dj2DG=$G$"$k!#$^$?!"0[$J$k%f!<(B
$B%6$KBP$7$F!"0[$J$C$?%"%/%;%9%l%Y%k$,Dj5A$5$l$k2DG=@-$,$"$k!#(B
"public" $B%"%/%;%98"$r=jM-$7$?%f!<%6$,!"4IM}<T$,%9%/%j%W%H$r@_Dj2DG=$G$"(B
$B$k4V$K!"%Z!<%8%3%s%F%s%D$rJT=8$9$k2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"(B public $B%"%/%;%98"$r=jM-$7$?%f!<%6$ODL>o4IM}<T%l%Y%k$N%f!<(B
$B%6$K$N$_8"8B$rM?$($i$l$F$$$kFCDj$N@_Dj%Z!<%8$r!"1\Mw!"JT=8$7F@$k$H$N$3(B
$B$H$G$"$k!#$3$l$O(B CGI $B%Q%i%a%?$H$7$F;XDj$5$l$?%G!<%?%Y!<%9L>$K$*$$$F!"(B
$B%a%?J8;z$r(B 2 $B2s(B URL $B%(%s%3!<%G%#%s%0$7$F$7$^$&$3$H$K$h$C$F?k9T$5$l$k2D(B
$BG=@-$,$"$k!#(B

$B%f!<%6$O(B 'Advanced Settings' $B%Z!<%8>e$G!"%*%W%7%g%s$N1\Mw!"JT=8$,2DG=$G(B
$B$"$j!"$^$?(B 'Admin Options' $B$bF1MM$K1\Mw$9$k$3$H$,2DG=$G$"$k!#(B

$BNc$($P!"(Bdefault%2edb $B$N$h$&$J%G!<%?%Y!<%9L>$r4^$`(B URL $B$rAw?.$9$k$3$H$G(B
$B$3$NLdBj$rMxMQ$9$k967b$r9T$&$3$H$,?d;!$5$l$k!#(B

25. CGIScript.net csNews Header File Type Restriction Bypass Vulnerability
BugTraq ID: 4994
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 11 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4994
$B$^$H$a(B:

csNews $B$O(B Web $B%5%$%H>e$G%K%e!<%9$r4IM}$9$k%9%/%j%W%H$G$"$k!#$3$N%=%U%H(B
$B%&%'%"$OB?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows$B$K(B
$B$*$$$F$bF0:n$9$k!#(B

$B$3$N%=%U%H%&%(%"$O!"(B csNews $B$K$h$C$FI=<($5$l$k%X%C%@$H%U%C%?$r4IM}<T$,(B
$BDj5A$9$k$3$H$,2DG=$G$"$k!#DL>o$O$3$N%X%C%@!"%U%C%?$H$7$FDj5A$G$-$k%U%!(B
$B%$%k$O!"(B.txt $B!"(B.html$B!"(B.htm $B$N3HD%;R$r;}$D%U%!%$%k$N$_$K@)8B$5$l$F$$$k!#(B
$B$7$+$7!"0-0U$r;}$C$?4IM}<T$,$3$N@)8B$r2sHr$7!"G$0U$N%U%!%$%k7A<0$r;XDj(B
$B$9$k$3$H$,2DG=$H$J$k$N$G$"$k!#(B

$BJs9p$K$h$k$H!"?7$7$$@_Dj>pJs$H6&$K@5>o$K9=C[$5$l$?(B HTTP $B%j%/%(%9%H$rAw(B
$B?.$9$k$3$H$K$h$C$F!"$3$N8=>]$rMF0W$K:F8=$G$-$F$7$^$&$H$N$3$H$G$"$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$,@.8y$7$?>l9g!"967b<T$O$$$+$J$k%7%9%F%`%U%!%$%k(B
$B$G$b%X%C%@$d%U%C%?$H$7$FI=<($5$l$k$3$H$,2DG=$H$J$k!#967b<T$O!"G'>Z>pJs(B
$B$r4^$s$@(B CGI $B%9%/%j%W%H%U%!%$%k$r;XDj$9$k2DG=@-$,$"$k!#(B

BID 4993 $B$NLdBj$HAH$_9g$o$5$l$F$3$NLdBj$rMxMQ$9$k967b$,9T$o$l$?>l9g!"(B
csNews $B$KBP$7$F$N(B "public" $B%"%/%;%98"$N$_$K$h$C$F$3$NLdBj$rMxMQ$9$k967b(B
$B$,<B9T$5$l$k2DG=@-$,$"$k!#(B

26. CGIScript.net CSNews Sensitive File Disclosure Vulnerability
BugTraq ID: 4991
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 11 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4991
$B$^$H$a(B:

csNews $B$O(B Web $B%5%$%H>e$G%K%e!<%9$r4IM}$9$k%9%/%j%W%H$G$"$k!#$3$N%=%U%H(B
$B%&%'%"$OB?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"$^$?!"(BMicrosoft Windows$B$K(B
$B$*$$$F$bF0:n$9$k!#(B

$BB?$/$N(B csNews $B$K4X$9$k=EMW$J>pJs$,5-O?$5$l$F$$$k%U%!%$%k$,!"G'>Z$r9T$C(B
$B$F$$$J$$%f!<%6$K$h$C$F%"%/%;%9$5$l$k2DG=@-$,$"$k!#$3$NJ}K!$rMQ$$$F!"(B
$B%G!<%?%Y!<%9MQ$N%U%!%$%k$,%"%/%;%9$5$l!"@x:_E*$K%G!<%?%Y!<%9MQ$NG'>ZMQ(B
$B>pJs$dB>$N=EMW$J>pJs$,C%<h$5$l$k2DG=@-$,$"$k!#(B

$B%G!<%?%Y!<%9%U%!%$%k$N%j%/%(%9%HFb$K4^$^$l$k%a%?%-%c%i%/%?$O(B URL $B%(%s(B
$B%3!<%I$rFs=E$K9T$&I,MW$,$"$k!#(B
$BNc(B:

default%2edb

27. Apache Tomcat JSP Engine Denial of Service Vulnerability
BugTraq ID: 4995
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 12 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4995
$B$^$H$a(B:

Apache Tomcat $B$O%U%j!<$G8x3+$5$l!"%*!<%W%s%=!<%9$G$"$k!"(BJava Servlet $B$*(B
$B$h$S(B JavaServer Pages (JSP) $B5;=Q$rMxMQ$9$k%Z!<%8I=<(!"2r<a$9$k$?$a$KMx(B
$BMQ$5$l$k%5!<%V%l%C%H%3%s%F%J$G$"$k!#$3$N%7%9%F%`$OB?$/$N(B UNIX $B$dMM!9$J(B
Linux$B!"$^$?!"F1MM$K(B  Microsoft Windows $B$GF0:n2DG=$G$"$k!#(B

Windows $BHG(B Apache Tomcat $B$K$O(B DoS $B>uBV$r0z$-$*$3$9$H$$$&LdBj$,Js9p$5$l(B
$B$F$$$k!#(BTomcat $B$,0-0U$K$h$C$FAH$_N)$F$i$l$?(B JSP $B$rMxMQ$9$k(B Web $B%Z!<%8$r(B
$B<h$j07$&:]!"$3$NLdBj$,0z$-5/$3$5$l$k!#(B

$B0J2<$N%3!<%IJR$,(B Tomcat JSP $B<+BN$r%/%i%C%7%e$5$;$k$3$H$,Js9p$5$l$F$$$k!#(B

new WPrinterJob().pageSetup(null,null);

$B967b<T$OLdBj$N$"$k%7%9%F%`>e$G0-0U$N$"$k%Z!<%8$r:n@.$7!"%5!<%P$+$i$=$N(B
$B%Z!<%8$r8F$S=P$9$3$H$K$h$j$3$NLdBj$r0-MQ$9$k2DG=@-$,$"$k!#$3$l$O(B Tomcat
JSP $B<+BN$K%Z!<%8$rFI$_9~$^$;$h$&$H$7!"<!$K(B DoS $B>uBV$KF3$-%/%i%C%7%e$9(B
$B$k7k2L$r>7$/$H9M$($i$l$k!#!#(B

28. Macromedia JRun JSP Engine Denial Of Service Vulnerability
BugTraq ID: 4997
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 12 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4997
$B$^$H$a(B:

Macromedia JRun $B$O(B  Microsoft Windows $B>e$N(B IIS (Internet Information
Server) 4/5 $B$GMxMQ$5$l$k(B J2EE (Java 2 Platform Enterprise Edition) $B%"%W(B
$B%j%1!<%7%g%s%5!<%P$G$"$k!#(B

Windows $BHG$N(B Macromedia JRun $B$K$O(B Dos $B>uBV$r>7$/LdBj$,B8:_$9$k$3$H$,Js(B
$B9p$5$l$F$$$k!#$3$NLdBj$O(B JRun $B$,0-0U$N$"$k(B JSP $B$N%Z!<%8$r<h$j07$&:]$K5/(B
$B$-$k!#(B

$B0J2<$N%3!<%IJR$,(B JRun JSP $B<+BN$r%/%i%C%7%e$5$;$k$3$H$,Js9p$5$l$F$$$k!#(B
new WPrinterJob().pageSetup(null,null);

$B967b<T$OLdBj$N$"$k%7%9%F%`>e$G0-0U$N$"$k%Z!<%8$r:n@.$7!"%5!<%P$+$i$=$N(B
$B%Z!<%8$r8F$S=P$9$3$H$K$h$j$3$NLdBj$r0-MQ$9$k2DG=@-$,$"$k!#$3$l$O(B JRun 
JSP $B<+BN$K%Z!<%8$rFI$_9~$^$;$h$&$H$7!"<!$K(B DoS $B>uBV$KF3$-%/%i%C%7%e$9(B
$B$k7k2L$r>7$/$H9M$($i$l$k!#(B

29. SGI MediaMail Memory Corruption Vulnerability
BugTraq ID: 4959
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jun 07 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4959
$B$^$H$a(B:

MediaMail $B$O(B SGI IRIX $B$H6&$KG[I[$7$F$$$k%a!<%k%"%W%j%1!<%7%g%s$G$"$k!#(B

MediaMail $B$KB8:_$9$kLdBj$K$h$j!"%m!<%+%k%f!<%6$,$h$j9T0Y$N8"8B$rC%<h$9(B
$B$k7k2L$r>7$/$3$H$,2DG=$K$J$k$HJs9p$5$l$F$$$k!#(B

MediaMail $B$KFCDj$N%3%^%s%I%i%$%s0z?t$r0z$-EO$9$3$H$K$h$j%3%"%@%s%W$r>7(B
$B$/2DG=@-$,$"$k$3$H$,(B SGI $B$K$h$C$FJs9p$5$l$F$$$k!#$3$l$i$N%3%"%@%s%W$O(B
$B%a%b%j$NGK2u$,860x$G$"$j!"967b$KMxMQ2DG=$G$"$k!#(B MediaMail $B$*$h$S(B 
MediaMail Pro $B%"%W%j%1!<%7%g%s$ODL>o!"(B setgid mail $B>uBV$G%$%s%9%H!<%k$5(B
$B$l$k!#967b<T$,(B MediaMail $B$X$N967b$K@.8y$7$?>l9g!"967b<T$O$3$l$i$N8"8B$r(B
$B<j$KF~$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O%P%C%U%!%*!<%P!<%U%m!<$b$7$/$O%U%)!<%^%C%H%9%H%j%s%0%P%0$N2D(B
$BG=@-$,$"$k!#>\:Y$,F~<jIT2DG=$J$N$G!"$3$l$i$NLdBj$N967b<jK!$OITL@3N$G$"(B
$B$k!#%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N>l9g!"967b<T$OHs>o$KD9$$J8;zNs$*$h$S(B
$B967b<T$K$h$C$FDs6!$5$l$?L?Na$r(B MediaMail $B$K$h$C$F=hM}$5$l$k(B 1 $B$D$b$7$/(B
$B$O$$$/$D$+$N0z?t$KEO$9$3$H$K$h$j%3!<%I$,<B9T=PMh$k2DG=@-$,$"$k!#%U%)!<(B
$B%^%C%H%9%H%j%s%0%P%0$N>l9g!"967b<T$O0-0U$N$"$k%U%)!<%^%C%H%9%H%j%s%0$*(B
$B$h$S967b<T$K$h$C$FDs6!$5$l$?L?Na$r(B MediaMail $B$K$h$C$F=hM}$5$l$k(B 1 $B$D$b(B
$B$7$/$O$$$/$D$+$N0z?t$KEO$9$3$H$,2DG=$G$"$k!#(B

MediaMail Pro $B$b$3$NLdBj$N1F6A$r<u$1$kE@$ON10U$5$l$k$Y$-$G$"$k!#M-8z$J(B
mail $B%0%k!<%W$N8"8B$rC%<h$7$?967b<T$O!"B>$N%f!<%6$N%a!<%k$NFI$_=P$7$,2D(B
$BG=$G$"$k!#(B

30. CGIForum Infinite Recursion Denial of Service Vulnerability
BugTraq ID: 4960
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 07 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4960
$B$^$H$a(B:

CGIForum $B$O(B Markus Triska $B$,Ds6!$7$F$$$k%U%j!<$GF~<j2DG=$J(B CGI $B%9%/%j(B
$B%W%H$G$"$j!"(BWeb $B$r2p$9$k%9%l%C%I7A<0$N%G%#%9%+%C%7%g%s%U%)!<%i%`5!G=$r(B
$BDs6!$9$k$h$&$K@_7W$5$l$?%=%U%H%&%'%"$G$"$k!#(B

CFIForum $B$O%f!<%6$+$iM?$($i$l$?0U?^E*$KAH$_N)$F$i$l$?%G!<%?$rE,@Z$K<h(B
$B$j07$&$3$H$,$G$-$J$$!#FCDj$N>u672<$K$*$$$F!"%7%9%F%`Fb$N;q8;$rMxMQ$7?T(B
$B$/$5$;$i$l$k!"L58B:F5"8F$S=P$7>uBV$K4Y$C$F$7$^$&$N$G$"$k!#$3$N:]!"%5!<(B
$B%P$O?7$7$/M?$($i$l$k%j%/%(%9%H$KBP$9$k1~Ez$rDd;_$7!"7k2L$H$7$F(B DoS $B$K(B
$B4Y$k2DG=@-$,$"$k!#(B

CGIForum $B$N%P!<%8%g%s(B 1.06 $B0JA0$,$3$NLdBj$N1F6A$r<u$1$k5?$$$,$"$k!#(B

$BDL>o5!G=$NI|5l$K$O%5!<%S%9$N:F5/F0$,I,MW$G$"$k$H?d;!$5$l$k!#(B

31. WebCalendar Include Files Information Disclosure Vulnerability
BugTraq ID: 4961
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 07 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4961
$B$^$H$a(B:

WebCalendar $B$O0l?M$"$k$$$OJ#?t$N%f!<%6$N%9%1%8%e!<%k$r4IM}$9$k$?$a$K;H(B
$BMQ$5$l$k(B Web $B%"%W%j%1!<%7%g%s$G$"$k!#(BWebCalender $B$O(B PHP $B8@8l$rMxMQ$7$F(B
$B<BAu$5$l!"(BWindows $B$H(B Linux $B$r4^$`!"(BPHP $B8@8l$r%5%]!<%H$9$k(B OS $B>e$G$"$l(B
$B$P$I$N(B OS $B>e$G$"$C$F$bF0:n$9$k$H9M$($i$l$F$$$k%7%9%F%`$G$"$k!#(B

WebCalender $B$O967b<T$,@x:_E*$K=EMW$J>pJs$N;2>H$,2DG=$K$J$k$H?d;!$5$l$k(B
$BLdBj$,H/8+$5$l$F$$$k!#(B

$BLdBj$O%$%s%/%k!<%I%U%!%$%k$NL?L>5,B'$KM3Mh$7$F$$$k!#$3$N%=%U%H%&%'%"$G(B
$B$OE57?E*$K%$%s%/%k!<%I%U%!%$%k$O(B '.inc' $B$N3HD%;R$G=*$o$k$h$&$KL?L>$5$l(B
$B$F$$$k!#$3$N$?$a!"%$%s%/%k!<%I%U%!%$%k$OB>$N%U%!%$%k$+$iMF0W$K<1JL2DG=(B
$B$G$"$k!#$7$+$7!"$3$l$i$N%U%!%$%k$O(B PHP $B%$%s%?%W%j%?$K$h$C$F(B PHP $B%3!<%I(B
$B$H$7$F2r@O$5$l$J$$$?$a!"967b<T$OMF0W$K%=!<%9%3!<%I$rF~<j2DG=$G$"$k!#=E(B
$BMW$J@_Dj%G!<%?(B ($BNc$($P!"%G!<%?%Y!<%9MQ$NG'>ZMQ>pJs(B) $B$,$3$l$i$N(B PHP $B%U%!(B
$B%$%kCf$K5-O?$5$l$F$$$k>l9g!"$3$l$O6K$a$FLdBj$G$"$k!#(B

$B$3$N>pJs$OLdBj$rJz$($k%7%9%F%`$KBP$9$k$5$i$J$k967b$r4k$F$k$?$a$KMxMQ$5(B
$B$l$k2DG=@-$,$"$k!#(B

32. Pine Unix Username Account Information Leakage Vulnerability
BugTraq ID: 4963
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4963
$B$^$H$a(B:

Pine $B$O%U%j!<$GF~<j2DG=$G$"$j!"%*!<%W%s%=!<%9$N(B MUA (Mail User Agent)
$B$G$"$k!#$3$N%=%U%H%&%'%"$[$H$s$I$N(B UNIX $B$H(B Linux $B$N(B OS $B$GMxMQ2DG=$G$"(B
$B$k!#(B

Pine $B$,Jz$($kLdBj$K$h$j!"%j%b!<%H%f!<%6$O967bBP>]$N%7%9%F%`Fb$N%"%+%&(B
$B%s%H$K4X$9$k>pJs$rC%<h2DG=$G$"$k$H?d;!$5$l$k!#(B

Pine $B$G$O%f!<%6$O<+J,<+?H$N(B From: $BMQ$NCM$r@_Dj2DG=$G$"$k!#$3$N5!G=$O6H(B
$BL3J,C4Kh$NEE;R%a!<%k%"%+%&%s%H$,I,MW$H$J$k>u672<$K$*$$$F!"8D!9$N%f!<%6(B
$B%"%+%&%s%H$r30It$K1#JC$9$k$?$a$KMxMQ2DG=$G$"$k!#$^$?!"$3$N5!G=$O%m!<%+(B
$B%k$N%7%9%F%`%"%+%&%s%H$K4X$9$k>pJs$r!"Bh;0<T$K<hF@$5$l$J$$$h$&$K$9$k$?(B
$B$a$K!"%f!<%6%"%+%&%s%H$rJ]8n$9$k$?$a$K$bMxMQ2DG=$G$"$k!#(B

Pine $B$O85$NH/?.<T$N(B UNIX $B4D6-$G$N%f!<%6L>$r3+<($7$F$7$^$&!#EE;R%a!<%k(B
$B$,Aw?.$5$l$k:]!"(BPine $B$OEE;R%a!<%k$K(B Sender: $B$"$k$$$O(B X-X-Sender: $B9T$N(B
$B$$$:$l$+$r<h$C$F%X%C%@$rIU2C$7$F$7$^$&$N$G$"$k!#$3$N$3$H$K$h$j!"%j%b!<(B
$B%H$N967b<T$K$h$kEE;R%a!<%k$NAw?.<T$N%f!<%6L>$N;2>H$,2DG=$K$J$j!">pJs<}(B
$B=8$rL\E*$H$9$k967b$KMxMQ2DG=$G$"$k!#(B

33. Multiple Bugzilla Security Vulnerabilities
BugTraq ID: 4964
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jun 08 2002 12:00A
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/4964
$B$^$H$a(B:

Bugzilla $B$O%U%j!<$GF~<j2DG=$G$"$j!"%*!<%W%s%=!<%9$N%P%0$NDI@WD4::$r9T(B
$B$&%=%U%H%&%'%"%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux$B!"(BUNIX$B!"$=$7$F(B 
Microsoft Windows $B$GF0:n2DG=$G$"$k!#(B

Bugzilla $B$G%j%b!<%H$N%f!<%6$,>pJsO31L$K$h$C$F>pJs$r<hF@2DG=$G$"$k$3$H(B
$B$d!"8"8B$,$J$$$N$K$b4X$o$i$:(B Bugzilla $B$K%"%/%;%92DG=$G$"$k$H$$$&$$$/$D(B
$B$+$NLdBj$,H/8+$5$l$?!#(B

Bugzilla $B$K4^$^$l$k(B queryhelp.cgi $B%9%/%j%W%H$O%j%b!<%H$N%f!<%6$,(B Bugzilla 
$B%G!<%?%Y!<%9$KHkL);v9`07$$$GJ]B8$7$?>pJs72$X$N%"%/%;%98"$rC%<h2DG=$G$"(B
$B$k$H?d;!$5$l$k!#(B

$B967b<T$,(B IP $B%"%I%l%9$r5U0z$-$9$k8"8B$r;}$C$F$$$k$J$i$P!"967b<T$,%f!<%6(B
$B%;%C%7%g%s$r>h$C<h$j2DG=$G$"$j!"%f!<%6MQ$NG'>Z$KMxMQ$5$l$k%/%C%-!<>pJs(B
$B$rEp$_=P$9$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B%G%#%l%/%H%j$,B8:_$7$J$$>l9g$O!"(BMozilla $B$O%G%#%l%/%H%j$N:n@.$r;n$_$k!#(B
$B$7$+$7!"%G%U%)%k%H$G%G%#%l%/%H%j$ODL>o=q$-9~$_2DG=$J%Q!<%_%C%7%g%s$G:n(B
$B@.$5$l$k!#(B

$BG'>Z:Q$_$N%f!<%6$G$"$l$P$I$N%f!<%6$G$"$C$F$b!"(Bedituser.cgi $B%9%/%j%W%H(B
$B$r2p$7$F%\!<%I>e$NB>$N%f!<%6$r:o=|$9$k$?$a$K!"B>$N%f!<%6$N>\:Y$rJQ99$9(B
$B$k$3$H$,2DG=$G$"$k!#(B

Real Names $B%U%#!<%k%I$O(B HTML $B$N%U%#%k%?%j%s%0$r9T$C$F$$$J$$!#$3$N$?$a!"(B
$B967b<T$O$3$N%U%#!<%k%IFb$K0-0U$N$"$k(B HTML $B$rF~NO$9$k$3$H$,2DG=$G$"$j!"(B
$B7k2L$H$7$F%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$r0z$-5/$3$9$3$H$,?d;!$5$l(B
$B$k!#(B

$BBgNL$N%=!<%9$N=$@5$rH?1G$5$;$k:]!"A4$F$N%P%0$K4X$9$k%0%k!<%W%;%C%H$O$=(B
$B$l$i$N:G=i$N%P%0$N%0%k!<%W%;%C%H$K@_Dj$5$l$F$7$^$&$N$G$"$k!#(B

Bugzilla $B$O$$$/$D$+$N%V%i%&%6$G%5%]!<%H$5$l$F$$$kId9f2=<jK!$r<h$j07$((B
$B$J$$$?$a!";dE*>pJs$d5!L)>pJs$r8x3+$5$l$F$$$kI=<(>uBV$K@_Dj$7$F$7$^$&Ey(B
$B$N0U?^$7$J$$7k2L$r>7$/2DG=@-$,$"$k!#(B

$B$^$?!"%P%C%/%(%s%I%G!<%?%Y!<%9$H$NF14|$,%;%-%e%"$G$O$J$$J}K!$G9T$o$l$F(B
$B$*$j!"FCDj$N>u672<$K$*$$$F!"(B Bugzilla $B$N%f!<%6$K=EMW$J%G!<%?$,L5:n0Y$K(B
$B=PNO$5$l$k2DG=@-$,$"$k!#(B

III. SECURITYFOCUS NEWS AND COMMENTARY
------------------------------------------
1. Feds, Industry, Battle the Biggest Bug
$BCx<T(B: Kevin Poulsen

Abstract Syntax Notation One $B$N<BAuJ*$KB8:_$9$k%;%-%e%j%F%#%[!<%k$O!"%"(B
$B%a%j%+$N6K$a$F=EMW$J%M%C%H%o!<%/$N0lIt$r6<$+$92DG=@-$,$"$k!#(B
$B0BEH$9$Y$-$3$H$K!"$3$l$O;vA0$KBgE}NN$KEA$($i$l$?!#(B

http://online.securityfocus.com/news/474

2. MS security hole extravaganza
$BCx<T(B: Thomas C. Greene, The Register

$B$3$3$K0J2<$NMM$J8+2r$r;}$D$K;j$C$?!#(B
$B!&(BMicrosoft $B$O0lEY$K2f!9$NF,>e$+$iMa$S$;$i$l$k$h$&$K7hDj$5$l$?!"MM!9$J(B
$B!!%;%-%e%j%F%#%[!<%k$rJz$($F$$$kLOMM$G$"$k(B
$B$=$3$GLd$$3]$1$?$$!#%Q%C%A$r:#F|E,MQ$7$?$$$H9M$($k$@$m$&$+(B?

http://online.securityfocus.com/news/479

3.  Hill Eyes Shifting Parts of FBI, CIA
$BCx<T(B: Dan Eggen, Washington Post

$B9g=09q5D2q$N<gN.GI$O?7@_$5$l$?9qEZ0BA4>J$K(B CIA $B$*$h$S(B FBI $B$NLr3d$rD6$((B
$B$k8"8B$rM?$($k$3$H$r@Q6KE*$K8!F$$7!"%V%C%7%eBgE}NN$,H?BP$9$k9q2H$N>pJs(B
$B5!4X$K4X$9$k5DO@$N<h$j$^$H$a$H:FJT@.$r9T$&!#(B

http://online.securityfocus.com/news/478

4. Pentagon on track to add biometrics to access card
$BCx<T(B: William Jackson, Government Computer News

$B9qKIAm>J$O(B Common Access smart card $B$G%P%$%*%a%H%j%/%9G'>Z$r9T$&7W2h$r(B
$B@Q6KE*$K8!F$$7$F$$$k!#(B

http://online.securityfocus.com/news/477

IV.SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. wicap v0.4
$B:n<T(B: Brian Caswell
$B4XO"$9$k(BURL:
http://www.snort.org/~bmc/software/wicap/
$BF0:n4D6-(B: FreeBSD, OpenBSD, POSIX, Solaris, SunOS
$B$^$H$a(B:

wicap $B$O%;%C%H%"%C%W$,4JC1$J(B captive portal $B$G(B OpenBSD $B$KBP1~$7$F$$$^(B
$B$9!#(B

2. JSpamFilter v1.0
$B:n<T(B: Daryl Banttari
$B4XO"$9$k(BURL:
http://www.darylb.net/JSpamFilter/
$BF0:n4D6-(B: Os Independent
$B$^$H$a(B:

JSpamfilter $B$O%a!<%k%5!<%P$K@\B3$7$h$&$H$9$kA0$K!"%j%b!<%H$N%$%s%?!<%M%C(B
$B%H$N%a!<%k%5!<%P$+$i$N@\B3$r<W$k%=%U%H%&%'%"$G$9!#30It$+$iE~Ce$9$kEE;R(B
$B%a!<%k$NAw?.85$N(B IP $B%"%I%l%9$O!"MM!9$JAH?%$K$h$j%$%s%?!<%M%C%H>e$G0];}(B
$B$5$l$F$$$k(B DNS-based SPAM Blackhole (DNSBL) $B%j%9%H$N0l$D$H>H9g$5$l$^$9!#(B
$B>H9g$,@.8y$7$?>l9g!"G[Aw85$O%a!<%k%5!<%P$X$N%3%M%/%7%g%s$N3NN)$,2DG=$K(B
$B$J$j$^$9!#>H9g$,<:GT$7$?>l9g!"G[Aw85$X$O%a!<%k%5!<%P$,MxMQIT2DG=$G$"$k(B
$B$HEA$($i$l!"$=$N8e!"$=$NEE;R%a!<%k$OGK4~$5$l$^$9!#(B

3. Vipul's Razor v2.03
$B:n<T(B: hackworth
$B4XO"$9$k(BURL:
http://razor.sourceforge.net
$BF0:n4D6-(B: Os Independent
$B$^$H$a(B:

Vipul's Razor $B$O!"J,;67?$G6(D4E*$J%9%Q%`8!CN$+$D%U%#%k%?%j%s%0%M%C%H%o!<(B
$B%/$G$"$j!"%9%Q%`G[?.$N%V%m!<%I%-%c%9%H$NFC@-$rMxMQ$7$F$=$NL"1d$r@)8B$7(B
$B$^$9!#%7%9%F%`$N<g$JCe4cE@$O!"%9%Q%`$NEjF~$H=hM}$,40N;$9$kA0$K!"%9%Q%`(B
$B%a!<%k$r<1JL$7$FL58z$K$9$k$3$H$K$"$j$^$9!#(B Razor $B$O!"L"1d$7$F$$$k%9%Q(B
$B%`$NJ,;67?$N@d$($:%"%C%W%G!<%H$7$F$$$k%j%9%H$rMxMQ$G$-$k$h$&$K$7$^$7$?!#(B
$B$3$N%j%9%H$O!"4{CN$N%9%Q%`$r%U%#%k%?$K$+$1$k$?$a$K%/%i%$%"%s%H$K$h$C$F(B
$B;HMQ$5$l$^$9!#(B

4. Echelog v0.6
$B:n<T(B: Kamil Toman
$B4XO"$9$k(BURL:
http://echelog.sourceforge.net/
$BF0:n4D6-(B: FreeBSD, Linux, OpenBSD, POSIX, Solaris, SunOS
$B$^$H$a(B:

Echelog $B$O0lBf!"$^$?$OJ#?t$N%(!<%8%'%s%H$H0l$D!"$^$?$OJ#?t$N%5!<%P$+$i(B
$B9=@.$5$l$kJ,;67?$N%7%9%F%`$G$9!#%M%C%H%o!<%/>e$N%3%s%T%e!<%?!<$KJ,;6G[(B
$BCV$5$l$?%(!<%8%'%s%H$O!"%M%C%H%o!<%/$*$h$S%3%s%T%e!<%?$N>uBV$r4F;k$7$F(B
$B$$$^$9!#<hF@$7$?>pJs$O!"(BSSL $B%W%m%H%3%k$r;HMQ$7$F!"%G!<%?$,%"!<%+%$%V$K(B
$BJ]4I$5$l$k0BA4$J%5!<%P!<$XAw?.$5$l$^$9!#(B

5. Web shell v1.0
$B:n<T(B: Alex Dyatlov alex@dyatlov.ru
$B4XO"$9$k(BURL:
http://dyatlov.ru
$BF0:n4D6-(B: UNIX
$B$^$H$a(B:

Webshell $B$O(B HTTP $B$r2p$7$FF0:n$9$k%j%b!<%H$N(B UNIX $B%7%'%k$G$9!#$3$N%/%i(B
$B%$%"%s%H%9%/%j%W%H$O%7%'%k$N$h$&$J%W%m%s%W%H$rDs6!$7!"(BHTTP $B$N(B POST $B%j(B
$B%/%(%9%H$NCf$K%+%W%;%k2=$7$?%f!<%6%3%^%s%I$rF~$l$F%5!<%P%9%/%j%W%H$KAw(B
$B?.$7$^$9!#%5!<%P%9%/%j%W%H$O%3%^%s%I$rE83+$7$F<B9T$7!"$=$7$F(B STDOUT $B$d(B 
STDERR $B=PNO$rJV$7$^$9!#FCD'$H$7$F%3%^%s%I%i%$%s$N%R%9%H%j!<5!G=$NBP1~!"(B
$B%U%!%$%k$N%"%C%W%m!<%I$d%@%&%s%m!<%I!"$=$7$F(B HTTP $B%W%m%-%7%5!<%P$r7PM3(B
$B$7$F$NF0:n$,5s$2$i$l$^$9!#(B

6. PassGuard Framework v0.01a
$B:n<T(B: RUAUDEL Frederic
$B4XO"$9$k(BURL:
http://passguard.sourceforge.net
$BF0:n4D6-(B: Linux, POSIX, UNIX
$B$^$H$a(B:

PassGuard Framework $B$O0E9f2=$5$l$?%U%!%$%k$NB??t$N%Q%9%o!<%I$r4IM}$9$k(B
$B$?$a$K;HMQ$5$l$k(B PassGuard $B$G;HMQ$9$k%W%m%0%i%`72$N$?$a$N%i%$%V%i%j$G(B
$B$9!#0E9f2=$O$I$s$J<oN`$N0E9f2=$5$l$?%U%!%$%k$K$G$bMF0W$KBP1~$9$k!"%W%i(B
$B%0%$%s%7%9%F%`$G4IM}$5$l$^$9!#(B
--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$BF#K\6)<y(B(FUJIMOTO Masaki)$B!"<r0fH~5.(B(SAKAI Miki)$B!"(B
$B?7D.5W9,(B(SHINMACHI Hisayuki)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1024995080-28580887
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIISGgYJKoZIhvcNAQcCoIISCzCCEgcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DzwwggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggU2MIIEn6ADAgECAhBYKwlOQWIg2t9s9Ul6
I3xqMA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMjA0MDEwMDAw
MDBaFw0wMzA0MDEyMzU5NTlaMIIBIzELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTYxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEXMBUGA1UEAxMOU0FL
QUkgWW9yaXl1a2kxHjAcBgkqhkiG9w0BCQEWD3Nha2FpQGxhYy5jby5qcDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANEwVujTRrltaiSI2DFkPlw5L6WWWeOOy9z0HqaPXf2d
JYfoGHqbpq5MVCkBUSOHSY1Tpi/RdziqxhIYzXvzsb0wC1V0RNzvLf8zXtk6IjTmHttX0QDx
AvoxfmehZ1vCOgQcdBbG2FajnYo7MOewxLrmHLCv0Gitqsi2IS3Eaxv7v5Pzobu82BzUMBl6
9XypVXIEQHTG6s34ji0LbDOO/F5JqTuG5QhQmQyNnJyhNU4/BYu3e1KgK9c0gnIArQAroRqP
/0HXU7Ueu/HAUXnrt7+YqzL5CZ/6m11gCLblzFs2+6XieQsekFSjxquSQjl88C3CwgRoaNkx
01rqqYzBJ8ECAwEAAaOCAVAwggFMMAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZI
AYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMw
YgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBp
bmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMAsGA1UdDwQE
AwIFoDARBglghkgBhvhCAQEEBAMCB4AwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL29uc2l0
ZWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25KYXBhbktLVmVyaVNpZ25DbGFzczFDQUluZGl2
aWR1YWxTdWJzY3JpYmVyL0xhdGVzdENSTC5jcmwwDQYJKoZIhvcNAQEEBQADgYEALL1YFoVc
MyuHCFTkhPlz/3XIGtchllMRc+zha0qmA5wxbtgJT7hEl7IRrocWCSfweW4/KGZDQDMZM9wR
NRX19b4UTs2/opkQtX3eX4qNjUNnGdMjLTGTXzFqlph9b4ZYPvY5Xq+VQjpLBkqn2RQhdTLH
+BXc51LdzrtGw8H7s+4xggKmMIICogIBATCByjCBtTEcMBoGA1UEChMTVmVyaVNpZ24gSmFw
YW4gSy5LLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE+MDwGA1UECxM1VGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvLmpwL1JQQSAoYykgOTgxNDAy
BgNVBAMTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEFgr
CU5BYiDa32z1SXojfGowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0wMjA2MjUwODUxMDBaMCMGCSqGSIb3DQEJBDEWBBTQoO5IFEVT
HDEQkKU+jXqyW8C16DBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQCv45DqORU4lxT6tqTozsAVKIJ5Lmh+GA+YwQU1ftwiX7cGtEKcatkoHXGGNqV0
dgKKP+XZb7ybyEP+kHkUsriZO1LPCFDyfvbALEzM4b5oEqQBoKKpUs03GLcqh+9bgPy/B+1h
gWZaOj/iSFZqW+FKgs48Cbv+bDRifKjB6tmsdg0bb2oqy5Ww2OnxNhWhKR6CSbcgDAAnlhZv
lT7Clq1dNVGp/0GKSEkOH5Xx8tAGM+Lwr39dTC4J2cLZpNW/b7XBFcsNS1rnlPGna7jXP/46
xUqbwnkq4wNYRz0XnBIeKsaug4o6bvXnjj7sOsjEiikKuld88AW1Ww6AeQo1s8eO

-----------1024995080-28580887--