Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #154 2002-7-15->2002-7-19
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Message-Id: <200207311157.FED52378.LTJBB@lac.co.jp>
Date: Wed, 31 Jul 2002 11:57:22 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=sha1; Boundary="---------1028084239-10892782"

-----------1028084239-10892782
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 154 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus.com Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B)
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus.com $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (sakai@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 22 Jul 2002 11:28:02 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0207221127270.2870-100000@mail.securityfocus.com>

SecurityFocus Newsletter #154
-----------------------------

This newsletter is sponsored by: PoliVec, Inc.

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Justifying the Expense of IDS, Part One: An Overview of ROIs...
     2. Assessing Internet Security Risk, Part Two: an Internet...
     3. The Devil And The Deep Blue Sea
     4. Crypto Controls are Spreading Internationally
     5. The Realities of Disclosure
     6. Black Hat Briefings & Training
     7. SecurityFocus DPP Program
II. BUGTRAQ SUMMARY
     1. Working Resources BadBlue Null Byte File Disclosure Vulnerability
     2. Working Resources BadBlue Plain Text Password Storage...
     3. Hosting Controller Hidden Field Password Changing Vulnerability
     4. Novell NetMail ModWeb Buffer Overflow Vulnerability
     5. Novell NetMail WebAdmin Buffer Overflow Vulnerability
     6. IBM Tivoli Management Framework ManagedNode Buffer...
     7. Novell NetMail IMAP Agent Denial Of Service Vulnerability
     8. IBM Tivoli Management Framework Endpoint Buffer Overflow...
     9. Symantec Norton Personal Firewall/Internet Security 2001...
     10. IMHO Webmail Account Hijacking Vulnerability
     11. NewsX NNTP SysLog Format String Vulnerability
     12. Mirabilis ICQ Sound Scheme Remote Configuration Modification...
     13. e-Zone FuseTalk Search Results Cross Site Scripting Vulnerability
     14. Tru64 IPCS Buffer Overflow Vulnerability
     15. Tru64 InetD Denial Of Service Vulnerability
     16. Thorsten Korner 123tkShop SQL Injection Vulnerability
     17. Thorsten Korner 123tkShop Arbitrary File Include Vulnerability
     18. AOL Instant Messenger Unauthorized Actions Vulnerability
     19. Mirabilis ICQ Sound Scheme Predictable File Location...
     20. Oddsock Song Requester WinAmp Plugin Denial Of Service...
     21. Macromedia Sitespring Default Error Page Cross Site Scripting...
     22. Caucho Technology Resin Server Device Name Path Disclosure...
     23. Microsoft IIS SMTP Service Encapsulated SMTP Address...
     24. ATPhttpd Buffer Overflow Vulnerabilities
     25. Pingtel Expressa Default Blank Administrator Password...
     26. CARE 2002 Multiple SQL Injection Vulnerabilities
     29. Pingtel Expressa Web Server Cross-Site Scripting Vulnerability
     30. Pingtel Expressa Admin Account Login Session Timeout...
     31. Pingtel Expressa Arbitrary Firmware Upgrade Vulnerability
     32. Pingtel Expressa Arbitrary Application Installation Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. H2K2 Hackers Say They Want a Revolution
     2. More EBook Hacking Tricks From Embattled Elcomsoft
     3. HP confirms 150 suspended in email porn probe
     4. Team demos 'first quantum crypto prototype machine'
     5. Alliance Sets Standards on Computer Security
IV.SECURITYFOCUS TOP 6 TOOLS
     1. SQL Server Password Auditing Tool v1.0.1
     2. Inzider 1.2
     3. SQLLHF v1.3
     4. Network Access Control System
     5. Simp (Secway's Instant Messenger Privacy) v1.1.0
     6. Tiny Honeypot v0.4.3

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Working Resources BadBlue Null Byte File Disclosure Vulnerability
BugTraq ID: 5226
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5226
$B$^$H$a(B:

BadBlue $B$O(B P2P $B7?(B(1$BBP(B1$B7?(B) $B%U%!%$%k6&M-%"%W%j%1!<%7%g%s$G$"$j!"(BWorking
Resources $B$K$h$C$FG[I[$5$l$F$$$k!#$3$N%=%U%H%&%'%"$N(B Microsoft Windows
$B8~$1%P!<%8%g%s$,MxMQ2DG=$G$"$k!#(B

Working Resources BadBlue $B$O%"%/%;%9@)8B$,3]$1$i$l$F$$$k%U%!%$%k$NFbMF(B
$B$r3+<($9$k2DG=@-$,$"$k!#(B

$BFCDj$N>u672<$K$*$$$F!"(BBadBlue $B%5!<%P$X(B null $B$r4^$`%j%/%(%9%H$rM?$($k;v(B
$B$,2DG=$K$J$k$H?d;!$5$l$k!#%U%!%$%kL>$N=*$o$j$K(B null $B$r4^$_!"%U%!%$%kL>(B
$B$NFCDj$NMWAG4V$K%9%Z!<%9$r4^$`%j%/%(%9%H$rAH$_N)$F$k$3$H$K$h$j!"%5!<%P(B
$B$K$h$C$F@)8B$,2C$($i$l$F$$$k%U%#%k%?%j%s%05!G=$r2sHr2DG=$J$N$G$"$k!#(B

$B%U%!%$%kL>$N=*$o$j$K(B null $B$r4^$`%j%/%(%9%H$,(B BadBlue $B%5!<%P$XM?$($i$l$?(B
$B:]$K$O!"967bBP>]$N%U%!%$%kL>$NFbMF$,JV$5$l$k;v$,4{$KH/8+$5$l$F$$$k!#$3(B
$B$N<o$N%j%/%(%9%H$O!"Nc$($P(B BadBlue $BMQ$N@_Dj%U%!%$%k$NMM$J=EMW$J>pJs$X(B
$B$N%"%/%;%9$r2DG=$K$9$k$?$a$KMxMQ$5$l$k$H9M$($i$l$k!#(B

$B$3$NLdBj$K$h$j!"%f!<%6$O(BBadBlue $B%5!<%PMQ$N@_Dj%U%!%$%k$NMM$J!"=EMW$J%U%!(B
$B%$%k$X$N%"%/%;%98"$rC%<h2DG=$K$J$k!#(B

2. Working Resources BadBlue Plain Text Password Storage Vulnerability
BugTraq ID: 5228
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jul 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5228
$B$^$H$a(B:

BadBlue $B$O(B P2P $B7?(B(1$BBP(B1$B7?(B) $B%U%!%$%k6&M-%"%W%j%1!<%7%g%s$G$"$j!"(BWorking
Resources $B$K$h$C$FG[I[$5$l$F$$$k!#$3$N%=%U%H%&%'%"$N(B Microsoft Windows
$B8~$1%P!<%8%g%s$,MxMQ2DG=$G$"$k!#(B

BadBlue $B$K$O%m!<%+%k%f!<%6$,=EMW$J>pJs$X%"%/%;%92DG=$K$J$k$H?d;!$5$l$k(B
$BLdBj$,B8:_$9$k!#(B

BadBlue $B$O0E9f$r$j$h$&$7$?%Q%9%o!<%I3JG<<jCJ$rHw$($F$$$J$$!#@_Dj%U%!%$(B
$B%kFb$K5-O?$5$l$F$$$k%Q%9%o!<%I$OJ?J8$G3JG<$5$l$F$$$k!#%Q%9%o!<%I$OC1$K(B
$B@_Dj%U%!%$%k$r;2>H$9$k$@$1$GFI$_=P$7$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$K$h$j!"%m!<%+%k%f!<%6$O%f!<%6MQ$HJ]8n$5$l$F$$$k;q8;MQ$N%Q%9%o!<(B
$B%I$rFI$_=P$9L\E*$G!"(BBadBlue $B%5!<%P$N@_Dj%U%!%$%k$NFI$_<h$j$,2DG=$G$"$k!#(B
$B$3$NLdBj$O(B BID 5226 $B$K<($5$l$F$$$kLdBj$HAH$_9g$o$5$l$F967b$KMxMQ$5$lF@(B
$B$k!#(B

3. Hosting Controller Hidden Field Password Changing Vulnerability
BugTraq ID: 5229
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5229
$B$^$H$a(B:

Hosting Contoller $B$O$"$k%[%9%HFb$N%?%9%/$rC10l$N%$%s%?%U%'!<%9$GA`:n$9(B
$B$k5!9=$rDs6!$9$k%"%W%j%1!<%7%g%s$G$"$k!#(BHosting Controller $B$O(B Microsoft
Windows $B>e$GF0:n$9$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%f!<%6$,G$0U$K%Q%9%o!<%I$r2~JQ2DG=$K$J$k$H?d;!$5$l(B
$B$kLdBj$,B8:_$9$k!#(B

$B@5Ev$J%"%+%&%s%H$r;}$D%f!<%6$O(B Hosting Controller $B$rMxMQ$7!"G$0U$K%Q%9(B
$B%o!<%I$r@_Dj2DG=$G$"$kLdBj$,H/8+$5$l$F$$$k!#(BHosting Controller $B$O%Q%9(B
$B%o!<%I$NJQ99=hM}$r<B9T$9$k:]!"%f!<%6L>$r;XDj$9$k$?$a$K1#$7%U%#!<%k%I$r(B
$BMxMQ$7$F$$$k!#1#$7%U%#!<%k%I$G;XDj$5$l$?%f!<%6L>$rJQ99$9$k$3$H$K$h$j!"(B
$BBP1~$9$k%f!<%6$N%Q%9%o!<%I$NJQ99$,2DG=$J$N$G$"$k!#(B
$B$3$N5!G=$O(B /accounts/updateuserdesc.asp $B%9%/%j%W%H$K$h$j<B9T$5$l$k!#(B

$B$3$NLdBj$K$h$j!"967b<T$O$I$N%f!<%6$N%Q%9%o!<%I$KBP$7$F$G$bJQ99$,2DG=$H(B
$B$J$k!#JQ99BP>]$N%f!<%6$K$O(B Administrator $B$,4^$^$l!"7k2L$H$7$F%j%b!<%H$N(B
$B%f!<%6$OLdBj$rJz$($k%P!<%8%g%s$N(B Hosting Controller $B$r2TF0$5$;$F$$$k%7(B
$B%9%F%`$X4IM}<T8"8B$G$N%"%/%;%92DG=$K$J$k!#(B

4. Novell NetMail ModWeb Buffer Overflow Vulnerability
BugTraq ID: 5230
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5230
$B$^$H$a(B:

Novell NetMail $B$O(B Microsoft Windows$B!"(BLinux$B!"MM!9$J(B UNIX $B$GMxMQ2DG=$JEE;R(B
$B%a!<%k5!G=$HNq4IM}5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

Novell Netmail Version 3.1 $B$*$h$S(B 3.0.3 $B$K$OLdBj$,B8:_$9$k!#(B
$B$3$l$i%P!<%8%g%s$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967b<T$,(B root $B8"8B$rC%<h(B
$B2DG=$G$"$k$H?d;!$5$l$k%P%C%U%!%*!<%P!<%U%m!<$r@8$8$kLdBj$,B8:_$9$k!#(B

Netmail $B$N(B NodWeb $B%b%8%e!<%k$KLdBj$OM3Mh$7!"(BModWeb $B%b%8%e!<%k$K$h$C$F0U(B
$B?^$r$b$C$FAH$_N)$F$i$l$?%G!<%?$,<u?.$5$l$k:]$K%P%C%U%!%*!<%P!<%U%m!<$,(B
$B0z$-5/$3$5$l$k!#FCDj$N>u672<$K$*$$$F$O!"967b<T$OLdBj$rJz$($k%=%U%H%&%'(B
$B%"$N%W%m%;%9$HF13J$N8"8B$G<B9T$5$l$k0-0U$"$k%3!<%I$rCmF~2DG=$K$J$k$H?d(B
$B;!$5$l$k!#(B

$B$3$N<o$N>u67$K$*$$$F$O!"%j%b!<%H$N967b<T$O(B root $B8"8B$rC%<h2DG=$G$"$k!#(B

5. Novell NetMail WebAdmin Buffer Overflow Vulnerability
BugTraq ID: 5231
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5231
$B$^$H$a(B:

Novell NetMail $B$O(B Microsoft Windows$B!"(BLinux$B!"MM!9$J(B UNIX $B$GMxMQ2DG=$JEE(B
$B;R%a!<%k5!G=$HNq4IM}5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

Novell Netmail Version 3.1 $B$*$h$S(B 3.0.3 $B$K$OLdBj$,B8:_$9$k!#(B
$B$3$l$i%P!<%8%g%s$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967b<T$,(B root $B8"8B$rC%<h(B
$B2DG=$G$"$k$H?d;!$5$l$k%P%C%U%!%*!<%P!<%U%m!<$r@8$8$kLdBj$,B8:_$9$k!#(B

Netmail $B$N(B WebAdmin $B%b%8%e!<%k$KLdBj$OM3Mh$7$F$$$k!#(BWebAdmin $B%b%8%e!<%k(B
$B$O$3$N%=%U%H%&%'%"$N4IM}<T$K$h$C$F!"A`:n$KI,MW$J%Q%i%a!<%?$N@_Dj$dJQ99(B
$B$r9T$&$?$a$KMxMQ$5$l$k%b%8%e!<%k$G$"$k!#0U?^$r$b$C$FAH$_N)$F$i$l$?%G!<(B
$B%?$,(B WebAdmin $B$XM?$($i$l$?>l9g!"%P%C%U%!%*!<%P!<%U%m!<$,0z$-5/$3$5$l$k!#(B
$BFCDj$N>u672<$K$*$$$F$O!"967b<T$OLdBj$rJz$($k%=%U%H%&%'%"$N%W%m%;%9$HF1(B
$B3J$N8"8B$G<B9T$5$l$k0-0U$"$k%3!<%I$rCmF~2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$N<o$N>u67$K$*$$$F$O!"%j%b!<%H$N967b<T$O(B root $B8"8B$rC%<h2DG=$G$"$k!#(B

6. IBM Tivoli Management Framework ManagedNode Buffer Overrun Vulnerability
BugTraq ID: 5233
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5233
$B$^$H$a(B:

ManagedNode $B$NBP>]$H8+$J$5$l$F$$$k%[%9%H72$K%$%s%9%H!<%k$5$l$F$$$k(B Tivoli
Management Framework $B$K$O!"%G%U%)%k%H>uBV$G(B HTTP $B%5!<%P$,%$%s%9%H!<%k$5(B
$B$l$F$$$k!#(B

$BJs9p$K$h$k$H!"%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k(B HTTP $B%5!<%P$O(B Web $B%/%i%$%"(B
$B%s%H$+$iHs>o$KD9$$(B GET $B%a%=%C%I$,M?$($i$l$?>l9g!"%P%C%U%!%*!<%P!<%U%m!<(B
$B$r@8$8$k5?$$$,$"$k!#$3$N%P%C%U%!%*!<%P!<%U%m!<$O%9%?%C%/$KM3Mh$7$F$*$j!"(B
$B%9%?%C%/%U%l!<%`$NGK2u$r>7$/2DG=@-$,$"$k$H9M$($i$l$F$$$k!#$3$N>u67$OG$(B
$B0U$N%3!<%I$r(B HTTP $B%5!<%P$N%W%m%;%9$HF13J$N8"8B$G<B9T$9$k$?$a$N967b$KMx(B
$BMQ2DG=$G$"$k!#$3$N(B HTTP $B%5!<%P$O(B UNIX $B$K$*$$$F$O(B root $B8"8B$G!"(BWindowsNT
$B$K$*$$$F$O(B SYSTEM $B8"8B$G2TF0$7$F$$$k!#(B

$B%j%b!<%H$N967b<T$O967bBP>]$N%3%s%T%e!<%?$N%;%-%e%j%F%#$X$N6<0R$r>7$/$?(B
$B$a$K$3$NLdBj$rMxMQ$9$k$H?d;!$5$l$k!#$^$?!"$3$NLdBj$rMxMQ$9$k967b$O$3$N(B
$B%=%U%H%&%'%"$r%/%i%C%7%e$5$;$i$l$kMM$J!"0-0U$"$k%/%i%$%"%s%H$K$h$C$F$b(B
$B$5$i$K4k$F$i$l!"(BHTTP $B%5!<%P5!G=$N(B DoS $B$r>7$/7k2L$H$J$k!#(B

$B%P!<%8%g%s(B 3.6.x $B$+$i(B 3.7.1 $B$^$G$N%P!<%8%g%s$,$3$NLdBj$N1F6A$r<u$1$k!#(B

7. Novell NetMail IMAP Agent Denial Of Service Vulnerability
BugTraq ID: 5232
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5232
$B$^$H$a(B:

Novell NetMail $B$O(B Microsoft Windows$B!"(BLinux$B!"MM!9$J(B UNIX $B$GMxMQ2DG=$JEE(B
$B;R%a!<%k5!G=$HNq4IM}5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

Novell Netmail Version 3.1 $B$*$h$S(B 3.0.3 $B$K$OLdBj$,B8:_$9$k!#(B
$B$3$N%=%U%H%&%'%"$KAH$_9~$^$l$F$$$k(B IMAP (Internet Message Access Protocol)
$B%(!<%8%'%s%H$O0U?^E*$KAH$_N)$F$i$l$?%G!<%?$r<u$1<h$C$?:]!"(BDoS $B$K4Y$k5?(B
$B$$$,$"$k!#(B

IMAP $B%(!<%8%'%s%H$,FCDj$N%G!<%?$r<u?.$9$k:]!"%(!<%8%'%s%H$O%/%i%C%7%e$9(B
$B$k!#$3$NLdBj$K$h$j!"(BDoS $B$,0z$-5/$3$5$l$k!#$3$NLdBj$rMxMQ$9$k967b$,7+$j(B
$BJV$79T$o$l$?>l9g!"(BNovell NetWare $B4D6-Fb$K$*$$$F!"1F6A$r<u$1$k%5!<%P$N(B
$B:F5/F0$,0z$-5/$3$5$l$k!#(B

$B%5!<%S%9$NI|5l$r9T$&$?$a$K$O(B IMAP $B%(!<%8%'%s%H$N<jF0A`:n$K$h$k:F5/F0$,(B
$BI,MW$G$"$k!#(B

$B$3$NLdBj$O%P%C%U%!%*!<%P!<%U%m!<$K$h$j$b$?$i$5$l$?7k2L$G$"$k$HJs9p$5$l(B
$B$F$$$k!#$3$l$K3:Ev$7$F$$$k>l9g!"(BIMAP $B%(!<%8%'%s%H$N%W%m%;%9$HF13J$N8"8B(B
$B$K$h$kG$0U$N%3!<%I$r<B9T$5$;$k$?$a$K!"$3$NLdBj$rMxMQ$9$k967b$,4k$F$i$l(B
$B$k@x:_E*$J5?$$$,$"$k!#$7$+$7!"$3$l$K$D$$$F$OL$8!>Z$G$"$k!#(B

8. IBM Tivoli Management Framework Endpoint Buffer Overflow Vulnerability
BugTraq ID: 5235
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5235
$B$^$H$a(B:

endpoint $BBP>]$H8+$J$5$l$F$$$k%[%9%H72$K%$%s%9%H!<%k$5$l$F$$$k(B Tivoli
Management Framework $B$K$O!"%G%U%)%k%H>uBV$G(B HTTP $B%5!<%P$,%$%s%9%H!<%k$5(B
$B$l$F$$$k!#(B

$BJs9p$K$h$k$H!"%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k(B HTTP $B%5!<%P$O(B Web $B%/%i%$%"(B
$B%s%H$+$iHs>o$KD9$$(B GET $B%a%=%C%I$,M?$($i$l$?>l9g!"%P%C%U%!%*!<%P!<%U%m!<(B
$B$r@8$8$k5?$$$,$"$k!#$3$N%P%C%U%!%*!<%P!<%U%m!<$O%9%?%C%/$KM3Mh$7$F$*$j!"(B
$B%9%?%C%/%U%l!<%`$NGK2u$r>7$/2DG=@-$,$"$k$H9M$($i$l$F$$$k!#$3$N>u67$OG$(B
$B0U$N%3!<%I$r(B HTTP $B%5!<%P$N%W%m%;%9$HF13J$N8"8B$G<B9T$9$k$?$a$N967b$KMx(B
$BMQ2DG=$G$"$k!#$3$N(B HTTP $B%5!<%P$O(B UNIX $B$K$*$$$F$O(B root $B8"8B$G!"(BWindowsNT
$B$K$*$$$F$O(B SYSTEM $B8"8B$G2TF0$7$F$$$k!#(B

$B%j%b!<%H$N967b<T$O967bBP>]$N%3%s%T%e!<%?$N%;%-%e%j%F%#$X$N6<0R$r>7$/$?(B
$B$a$K$3$NLdBj$rMxMQ$9$k$H?d;!$5$l$k!#$^$?!"$3$NLdBj$rMxMQ$9$k967b$O$3$N(B
$B%=%U%H%&%'%"$r%/%i%C%7%e$5$;$i$l$kMM$J!"0-0U$"$k%/%i%$%"%s%H$K$h$C$F$b(B
$B$5$i$K4k$F$i$l!"(BHTTP $B%5!<%P5!G=$N(B DoS $B$r>7$/7k2L$H$J$k!#(B

$B%P!<%8%g%s(B 3.6.x $B$+$i(B 3.7.1 $B$^$G$N%P!<%8%g%s$,$3$NLdBj$N1F6A$r<u$1$k!#(B

9. Symantec Norton Personal Firewall/Internet Security 2001 Buffer
Overflow Vulnerability
BugTraq ID: 5237
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5237
$B$^$H$a(B:

Symantec Norton Personal Firewall 2001 $B$O(B Windows $B$NFCDj$N%P!<%8%g%s$K(B
$BFC2=$7$?2HDmMQ!"$"$k$$$O>.5,LO4k6H8~$1$N%U%!%$%d%&%)!<%k$G$"$k!#(BNorton
Internet Security 2001 $B$O(B Norton Personal Firewall $B$*$h$S(B Norton 
Antivirus $B$r4^$`!"(BNorton $B%V%i%s%I$N%;%-%e%j%F%#%f!<%F%#%j%F%#%Q%C%1!<%8(B
$B$G$"$k!#(B

Norton Personal Firewall $B$*$h$S(B Norton Internet Security $B$O(B HTTP $B%W%m(B
$B%-%75!G=$K$*$$$F!"%P%C%U%!%*!<%P!<%U%m!<>uBV$K4Y$kLdBj$rJz$($F$$$k!#Js(B
$B9p$K$h$k$H!"$3$N>uBV$O!"D9$$%j%/%(%9%H$N<h$j07$$$,ITG=$G$"$k$?$a$K@8$8(B
$B$k!#$3$N$h$&$J%j%/%(%9%H$,=hM}$5$l$k$H!"(BEDI $B%l%8%9%?Fb$KC_$($i$l$?(B 32 $B%S%C(B
$B%HD9(B ( 3 $B%P%$%HD9(B) $B$N%G!<%?$,%/%i%$%"%s%H$+$iM?$($i$l$?%G!<%?$K>e=q$-$5(B
$B$l$k!#$3$NCM$N%3%s%H%m!<%k$K$h$j!"%+!<%M%kFb$G$N%3!<%I$N<B9T$r>7$/7k2L(B
$B$H$J$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O!"%W%m%-%7%5!<%P$r0-MQ$9$k%f!<%6$K$h$C$F4k$F$i(B
$B$l$k2DG=@-$,$"$k!#%W%m%-%7%5!<%P$N30It$N967b<T$b!"$^$?!"(BWeb $B%5%$%H>e$K(B
$B8x3+$5$l$?!"0-0U$K$h$C$FAH$_N)$F$i$l$?%O%$%Q!<%j%s%/$rMxMQ$9$k$3$H$G$3(B
$B$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#967bBP>]$N%W%m%-%7$rMxMQ$9$k%f!<%6$O!"$3(B
$B$N<o$N0-0U$"$k%O%$%Q!<%j%s%/$rC)$k$h$&$K;E8~$1$i$l!"7k2L$H$7$F%P%C%U%!(B
$B%*!<%P!<%U%m!<$r0z$-5/$3$5$l$F$7$^$&!#(B

$B%*!<%P!<%U%m!<$O%+!<%M%k%a%b%jFb$G@8$8$k$?$a!"LdBj$rJz$($k%=%U%H%&%'%"(B
$B$r2TF0$9$k(B OS $B$N8"8B$G!"G$0U$N%3!<%I$r<B9T$5$l$F$7$^$&2DG=@-$,$"$k!#(B

10. IMHO Webmail Account Hijacking Vulnerability
BugTraq ID: 5238
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5238
$B$^$H$a(B:

IMHO $B$O(B Roxen webserver $B$KAH$_9~$^$l$k(B Web $B%a!<%k%5!<%S%9$rDs6!$9$k$?(B
$B$a$N%b%8%e!<%k$G$"$k!#$3$N%b%8%e!<%k$O(B Roxen $B$N2TF0$,J]>Z$5$l$F$$$k(B OS
$B$G$"$l$P!"Nc$($P(B Linux $B$dMM!9$J(B UNIX$B!"$^$?!"(BMicrosoft Windows $B$K$*$$$F(B
$BF0:n$9$k!#(B

Roxen $B8~$1$N(B Web $B%a!<%k%b%8%e!<%k$G$"$k(B IMHO $B$O!"(BWeb $B%a!<%k$N0-0U$"$k%f!<(B
$B%6$K$h$j!"B>$N%f!<%6%"%+%&%s%H$G$N%"%/%;%98"8B$rC%<h$5$l$F$7$^$&2DG=@-(B
$B$,$"$kLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k!#$3$l$O%(%i!<%Z!<%8Fb$K@x:_E*$K(B
$B=EMW$J>pJs$r$r3+<($9$k2DG=@-$,$"$k!"(BRoxen $B$N8m$C$?@_Dj$K0lIt$OM3Mh$7$F(B
$B$$$k$H9M$($i$l$F$$$k!#$b$7!"$3$l$,@5$7$$>l9g!"967b<T$,B>$N(B Web $B%a!<%k%"(B
$B%+%&%s%H$rMxMQ$9$k<jN)$F$H$J$jF@$k(B REFERER $B>pJs$,3+<($5$l$F$$$k2DG=@-$,(B
$B$"$k!#(B

11. NewsX NNTP SysLog Format String Vulnerability
BugTraq ID: 5240
$B%j%b!<%H$+$i$N:F8=@-(B: $BL$>\(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5240
$B$^$H$a(B:

newsx $B$O(B UNIX $BM3Mh$N(B OS $B$GF0:n$9$k(B NNTP $B%/%i%$%"%s%H$G$"$k!#(B

newsx $B$O=q<0;XDj;R$N<h$j07$$$KM3Mh$9$kLdBj$rJz$($k5?$$$,$"$k!#(B
$B$3$l$O%(%i!<%a%C%;!<%8$r%m%0$X:N<h$9$k$?$a$KMxMQ$5$l$F$$$k!"(Bsyslog() $B4X(B
$B?t$NITE,@Z$JMxMQJ}K!$KM3Mh$7$F$$$k!#$3$N$?$a!"LdBj$rJz$($k%m%0:N<hMQ4X(B
$B?t$r2p$7$F=q<0;XDj;RIU$-$NJ8;zNs$r0zEO$7!"%a%b%jFbMF$rGK2u$9$k$3$H$,2D(B
$BG=$G$"$k!#$3$NLdBj$K$h$j!"@x:_E*$K!"967b<T$,;XDj$7$?CM$G%a%b%jFb$NG$0U(B
$B$N>l=j$r>e=q$-$9$k$?$a$N967b$,2DG=$K$J$k!#(B

$B$3$NLdBj$O!"8=<BE*$K9M$($F%m!<%+%k$+$i<B9T$5$l$k$b$N$G$"$k$H9M$($i$l$F(B
$B$$$k!#$7$+$7!"$3$NLdBj$O%j%b!<%H$+$i$K$*$$$F$b<B9T$5$l$k2DG=@-$O$"$k!#(B
$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$9$k>l9g!"967b<T$K(B NNTP $B%/%i%$%"%s%H$N<B9T(B
$B8"8B$G$NG$0U$N%3!<%I$r<B9T$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$,!"%m!<%+%k$+$i$N967b$G$"$k$3$H$,N)>Z$5$l$?>l9g$K$O!"(BNNTP $B%/(B
$B%i%$%"%s%H$,(B setuid/setgid $B$5$l$F%$%s%9%H!<%k$5$l$k>l9g$K8BDj$5$l$k$b(B
$B$N$N!"$3$NLdBj$O%;%-%e%j%F%#%j%9%/$H$J$jF@$k$N$G$"$k!#$^$?!"$3$NLdBj$,(B
$B%j%b!<%H$+$i<B9T$5$l$k$3$H$,8=<BE*$J$b$N$K$J$jF@$k>l9g$K$O!"0-0U$"$k(B
NNTP $B%5!<%P$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$,9T$o$l$k2DG=@-$,$"$k!#(B

12. Mirabilis ICQ Sound Scheme Remote Configuration Modification Vulnerability
BugTraq ID: 5239
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5239
$B$^$H$a(B:

ICQ $B$O(B Windows $B$GF0:n$9$k%$%s%9%?%s%H%a%C%;%s%8%c!<%/%i%$%"%s%H$G$"$k!#(B
ICQ $B$K$O!"%5%&%s%I%9%-!<%`$N%5%]!<%H$,@9$j9~$^$l$F$$$k!#(BICQ $B%5%&%s%I%9(B
$B%-!<%`%U%!%$%k$K$ODL>o!"(B.scm $B3HD%;R$,M?$($i$l$F$$$k!#(B

$B%j%b!<%H%f!<%6$O$3$N(B ICQ $B%/%i%$%"%s%H$NFCDj$N%P!<%8%g%s$KBP$7!"@_DjJQ99(B
$B$r9T$&;v$,2DG=$G$"$k!#Js9p$K$h$k$H!"6/@)E*$K(B .scm $B%U%!%$%k$K%"%/%;%9$5(B
$B$;$k$3$H$G!"2;@<%G!<%?$K4X$9$k@_Dj$r2~JQ2DG=$G$"$k!#$J$*!"$3$NLdBj$rMx(B
$BMQ$9$k967b$O(B HTML $B7A<0$NEE;R%a!<%k!"$"$k$$$O!"0-0U$"$k(B Web $B%Z!<%8$N1\Mw(B
$B$r6/@)E*$K9T$o$;$k$3$H$G<B9T$5$l$k2DG=@-$,$"$k!#(B

$B967b$KMxMQ$5$l$k(B HTML $B%3%s%F%s%D$G$O!"(BIFRAME $B%?%0Fb$GMxMQ2DG=$J(B .scm
$B7A<0$N%U%!%$%k$r;2>H$7$F$*$/I,MW$,$"$k!#$3$N<o$N(B HTML $B$,1\Mw$5$l$?:]!"(B
$B2;@<%G!<%?MQ%9%-!<%`$O<+F0E*$KFI$_9~$^$l!"(BICQ $B%/%i%$%"%s%H$N@_Dj$O2~JQ(B
$B$5$l$F$7$^$&$N$G$"$k!#(B

$B8=;~E@$K$*$$$F!"B>$+$iG[I[$5$l$F$$$k(B ICQ $B%/%i%$%"%s%H$N@_Dj$r!"$3$N<jK!(B
$B$GJQ992DG=$+$I$&$+$OL$>\$G$"$k!#(B

13. e-Zone FuseTalk Search Results Cross Site Scripting Vulnerability
BugTraq ID: 5236
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 15 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5236
$B$^$H$a(B:

e-Zone Media FuseTalk $B$O!"%f!<%6$K%$%s%?%i%/%F%#%V$J%3%_%e%K%F%#$N3+@_(B
$B$,2DG=$J!"(BWeb $B%Y!<%9$NEE;R7G<(HD5!G=$rDs6!$9$k%=%U%H%&%'%"%Q%C%1!<%8$G(B
$B$"$k!#(BFuseTalk $B$O(B ColdFusion $B%5!<%P$r85$K$7$F3+H/$5$l$F$$$k!#(B

FuseTalk $B$NFCDj$N%P!<%8%g%s$K$*$$$F%/%m%9%5%$%H%9%/%j%W%H%9%/%j%W%F%#%s(B
$B%0$NLdBj$,Js9p$5$l$F$$$k!#%f!<%6$+$iM?$($i$l$?%G!<%?$,8!:w7k2L$N%Z!<%8(B
$BFb$KCmF~$5$l$k0JA0$K!"==J,$J%U%#%k%?%j%s%0$,9T$o$l$F$$$J$$$N$G$"$k!#(B

$B0-0U$"$k?MJ*$O(B JavaScript $B$,4^$^$l$k$h$&$J8!:w7k2L%Z!<%8$X$N%O%$%Q!<%j(B
$B%s%/$rAH$_N)$F$k2DG=@-$,$"$k!#$3$N<o$N%O%$%Q!<%j%s%/$r%f!<%6$,C)$C$?>l(B
$B9g!"4^$^$l$F$$$k(B JavaScript $B$r2r<a$7!"LdBj$rJz$($k%5%$%H$HF13J$N%3%s%F(B
$B%-%9%H$G<B9T$9$k$H9M$($i$l$k!#$3$N>l9g!"G'>ZMQ>pJsEy$N=EMW$J>pJs$X$N%"(B
$B%/%;%9$d!"$3$N%=%U%H%&%'%"$rMxMQ$7$F9=C[$5$l$F$$$kEE;R7G<(HD$NG'>Z:Q$_(B
$B$N%f!<%6$H$7$F$NF0:n$,2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$N%=%U%H%&%'%"$N%G%U%)%k%H@_Dj$G$O!"8!:wMQ%U%)!<%`$O(B HTTP $B$N(B POST $B%j(B
$B%/%(%9%H$K$h$C$F=hM}$r<u$1EO$5$l$k!#Nc$((B Web $B%5!<%P$,(B GET $B%j%/%(%9%H$r(B
$B<h$j07$o$J$$$h$&$K@_Dj$5$l$F$$$?$H$7$F$b!"$3$N@_Dj$O967b<T$K;F:Y$J@)Ls(B
$B$rM?$($k$b$N$G$7$+$J$$!#0-0U$"$k8!:w%U%)!<%`$r<B9T$9$k$K$O!"%U%)!<%`>e(B
$B$N%5%V%_%C%7%g%s%\%?%s$r2!$5$;$k!"$b$7$/$O(B JavaScript $B$r<B9T$5$;$k$+$N(B
$B$I$A$i$+0lJ}$rMxMQ$9$k$3$H$G==J,$G$"$k!#(B

14. Tru64 IPCS Buffer Overflow Vulnerability
BugTraq ID: 5241
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jul 16 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5241
$B$^$H$a(B:

Tru64 $B$O(B UNIX $BM3Mh$N(B OS $B$G$"$k!#(B

Tru64 UNIX $B$GF0:n$9$k(B ipcs $B%f!<%F%#%j%F%#$O!"%P%C%U%!%*!<%P!<%U%m!<$r@8(B
$B$8$k5?$$$,$"$k!#(Bipcs $B$O%W%m%;%94VDL?.$N>u67$r5-O?$9$k$N$KMxMQ$5$l$k!#(B
ipcs $B$O(B setuid $B%S%C%H$,N)$F$i$l$?8"8B$G%$%s%9%H!<%k$5$l$k!#(B

$B$3$N>uBV$O30It$+$iM?$($i$l$?%G!<%?$KBP$9$k6-3&%A%'%C%/$,IT==J,$G$"$k$?(B
$B$a$K@8$8$k!#(B
$B%m!<%+%k$N967b<T$O%a%b%jNN0h$r2~JQ$7!"967b<T$,M?$($?%3!<%I$r>e=q$-$9$k(B
$B$?$a$K$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b<T$O(B root $B8"8B$G%3!<%I$r<B9T(B
$B2DG=$K$J$k!#(B

15. Tru64 InetD Denial Of Service Vulnerability
BugTraq ID: 5242
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 16 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5242
$B$^$H$a(B:

Tru64 $B$O(B UNIX $BM3Mh$N(B OS $B$G$"$k!#(B

Tru64 UNIX $B$KF1:-$5$l$F$$$k(B inetd $B$O%j%b!<%H$+$i$N(B DoS $B$K4Y$k5?$$$,$"$k!#(B
$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"%j%b!<%H$N967b<T$O(B inetd $B$K$h$j4I(B
$BM}$5$l$F$$$k%G!<%b%s$,Ds6!$9$k;q8;$X$N%"%/%;%9$rK8322DG=$G$"$k!#(B

$B$3$NLdBj$N5;=QE*$J>\:Y$O!"$3$l0J>e8x3+$5$l$F$$$J$$!#(B

16. Thorsten Korner 123tkShop SQL Injection Vulnerability
BugTraq ID: 5244
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 16 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5244
$B$^$H$a(B:

123tkShop $B$O!"%U%j!<$GMxMQ2DG=$G$"$k!"(BPHP $B$rMxMQ$7$F3+H/$5$l$?%*!<%W%s(B
$B%=!<%9$N(B e-$B%S%8%M%9%"%W%j%1!<%7%g%s%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$OMM!9$J(B Linux $B$dB?$/$N(B UNIX $BM3Mh$N(B OS $B$GF0:n$7!"$^$?!"(B
$BF1MM$K(B Microsoft Windows $B$K$*$$$F$bF0:n$9$k!#(B

123tkShop $B$K$OLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O(B SQL
$B%3!<%I$rCmF~$5$l$kLdBj$rJz$($k5?$$$,$"$k!#%f!<%6$K$h$C$FM?$($i$l$?%G!<(B
$B%?$O(B SQL $B9=J8$rAH$_N)$F$k$?$a$KMxMQ$5$l$F$$$k$,!"$3$N:](B ' $B$d(B " $B$H8@$C$?(B
$BFC<l$J0UL#$r;}$DJ8;z$OE,@Z$K%(%9%1!<%W$5$l$F$$$J$$$N$G$"$k!#$3$N$?$a96(B
$B7b<T$O(B SQL $B%/%(%j$r2~JQ$9$k0U?^$r$b$C$?!"0-0U$"$k%G!<%?$r$3$N%=%U%H%&%'(B
$B%"$K0z$-EO$9$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

PHP $B$N@_Dj%U%!%$%k(B php.ini $B$K$*$$$F!"(B'magic_quotes_gcp' $B$,L58z2=$5$l$F(B
$B$$$k>l9g!"967b<T$O0-0U$"$k(B SQL $B9=J8$r(B 123tkshop $B$X$N%/%(%jFb$KCmF~2DG=(B
$B$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k$3$H$G!"967b<T$O!"=EMW$J%G!<%?%Y!<%9%U%!%$%k$NFbMF$r(B
$B1\Mw!"$b$7$/$O!"JQ99$9$k$3$H$,2DG=$G$"$k!#(B

17. Thorsten Korner 123tkShop Arbitrary File Include Vulnerability
BugTraq ID: 5243
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 16 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5243
$B$^$H$a(B:

123tkShop $B$O!"%U%j!<$GMxMQ2DG=$G$"$k!"(BPHP $B$rMxMQ$7$F3+H/$5$l$?%*!<%W%s(B
$B%=!<%9$N(B e-$B%S%8%M%9%"%W%j%1!<%7%g%s%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$OMM!9$J(B Linux $B$dB?$/$N(B UNIX $BM3Mh$N(B OS $B$GF0:n$7!"$^$?!"(B
$BF1MM$K(B Microsoft Windows $B$K$*$$$F$bF0:n$9$k!#(B

$B%P!<%8%g%s(B 0.3.1 $B$^$G$N(B 123tkshop $B$K$OLdBj$,H/8+$5$l$F$$$k!#(B
$BJs9p$K$h$k$H!"967b<T$O$3$N%=%U%H%&%'%"$N<B9T8"8B$G!"LdBj$rJz$($k%7%9%F(B
$B%`>e$NG$0U$N%U%!%$%k$r1\Mw2DG=$G$"$k!#(B

123tkshop $B$KF1:-$5$l$F$$$kKX$IA4$F$N(B PHP $B%U%!%$%k$G$O!"B>$N%U%!%$%k$,(B
$BF0E*$K%$%s%/%k!<%I$5$l$F$$$k!#(B
$B$3$l$i$NB?$/$K$O0J2<$K<($99=J8$,4^$^$l$F$$$k!#(B
include("path/$var/file.inc.php");

$B$b$7!"%m!<%+%k$N(B PHP $B@_Dj%U%!%$%k$K5-=R$5$l$F$$$k(B 'register_globals' 
$B$,M-8z2=$5$l$F$$$k>l9g!"%j%b!<%H$N967b<T$O%$%s%/%k!<%I9=J8$XA^F~$5$l$k(B
$BFbMF$r=q$-49$($i$l$k2DG=@-$,$"$k!#$^$?!"$3$N:](B '../' $BJ8;zNs$r;HMQ$9$k(B
$B$3$H$G!"G$0U$N%U%!%$%k$N>l=j$rFCDj$9$k$3$H$,2DG=$G$"$k!#(B

$B$b$7!"%m!<%+%k$N(B PHP $B@_Dj%U%!%$%k$K5-=R$5$l$F$$$k(B 'register_globals' 
$B$,L58z$K@_Dj$5$l$F$$$k>l9g!"967b<T$O$3$NCM$X$5$i$K(B null $B$rA^F~$9$k$3$H(B
$B$GJ8;zNs$r=*C<$7!"G$0U$N%7%9%F%`%U%!%$%k$r;XDj$9$k2DG=@-$,$"$k!#(B
$B0J8e!";XDj$5$l$?%U%!%$%k$O%j%b!<%H$N%f!<%6$KBP$7$F3+<($5$l$k$H9M$($i$l(B
$B$k!#(B

18. AOL Instant Messenger Unauthorized Actions Vulnerability
BugTraq ID: 5246
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 16 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5246
$B$^$H$a(B:

AIM (AOL Instant Messenger) $B$O!"(BMicrosoft Windows $B$d(B MacOS $B$d$=$NB>$N(B
$B%W%i%C%H%U%)!<%`$GMxMQ2DG=$J%$%s%9%?%s%H%a%C%;!<%8%/%i%$%"%s%H$N%"%W%j(B
$B%1!<%7%g%s$G$"$k!#(B

AIM $B$O!"LdBj$N$"$k%/%i%$%"%s%H$N%f!<%6$KBe$o$C$F8"8B$NL5$$%"%/%7%g%s$r(B
$B9T$&$h$&$J!"0-0U$"$k(B HTML $B$N2r<a$r2DG=$K$7$F$7$^$&LdBj$rJz$($F$$$k!#(B

AIM $B$O!"(B"aim:" $B$+$i;O$^$k(B URI $B$r=hM}$9$k%W%m%0%i%`$r%$%s%9%H!<%k$9$k!#(B
$B$3$N(B "aim:" URI $B$O!"@_Dj$rJQ99$7$?$j!"FCDj$N(B AIM $B%/%i%$%"%s%H$X$N$=$NB>(B
$B$N%"%/%7%g%s$r$9$k$?$a$K;HMQ$5$l$k!#$3$3$G$$$&%"%/%7%g%s$H$O!"?FM'%j%9(B
$B%H$X$N%(%s%H%j$r2C$($?$j!"?7$7$$%0%k!<%W$r2C$($?$j$9$k$3$HEy$b4^$s$G$$(B
$B$k!#0lEY!"$3$N=hM}$r8F$S=P$;$P!"FCDj$N%"%/%7%g%s$O!"%f!<%6$X$NDLCN$dDL(B
$B9p$r9T$&$3$H$J$/<B9T$5$l$F$7$^$&!#(B

$B967b<T$O(B "aim:" $B$+$i;O$^$k(B URI $B$X$N%O%$%Q!<%j%s%/$r1#JC$7$?>e$G!"$3$N(B
$B<o$X$N%O%$%Q!<%j%s%/$r5>@7<T$,%/%j%C%/$9$k$h$&$K;E8~$1$k$3$H$G$3$NLdBj(B
$B$rMxMQ$9$k967b$r4k$F$k2DG=@-$,$"$k!#$5$i$K4m81$J$3$H$K!"967b<T$,(B "aim"
$B$+$i;O$^$k(B URI $B$r4^$`%Z!<%8$r:FFI$_9~$_$9$k$?$a$K!"(BHTML $BCf$N%a%?%?%0Fb(B
$B$N(B REFRESH $B9=J8$rMxMQ$7$?>l9g!"0lEY5>@7<T$,0-0U$"$k(B Web $B%5%$%H$K%"%/%;(B
$B%9$7$?$@$1$G!"$3$NLdBj$rMxMQ$9$k967b$,<+F0E*$K2DG=$K$J$k$HJs9p$5$l$F$$(B
$B$k!#(B

$B$3$NLdBj$O!"(BMicrosoft Windows $B$H(B MacOS $B>e$G<B9T$7$F$$$k(B AIM $B$N%P!<%8%g(B
$B%s$GH/@8$9$k$HJs9p$5$l$F$$$?!#(BLinux $B%P!<%8%g%s$G$O!"%/%i%$%"%s%H$O$3$N(B
$BLdBj$N1F6A$r<u$1$k$3$H$OL5$$!#(B

19. Mirabilis ICQ Sound Scheme Predictable File Location Vulnerability
BugTraq ID: 5247
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 16 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5247
$B$^$H$a(B:

ICQ $B$O(B Windows $B$GF0:n$9$k%$%s%9%?%s%H%a%C%;%s%8%c!<%/%i%$%"%s%H$G$"$k!#(B
ICQ $B$K$O!"%5%&%s%I%9%-!<%`$N%5%]!<%H$,@9$j9~$^$l$F$$$k!#(BICQ $B%5%&%s%I%9(B
$B%-!<%`%U%!%$%k$K$ODL>o!"(B.scm $B3HD%;R$,M?$($i$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$?;~!"%5%&%s%I%9%-!<%`$O%$%s%9%H!<%k(B
$B@h%G%#%l%/%H%j$NCf$N!"M=B,2DG=$J>l=j$K?tB?$/$N(B wav $B%5%&%s%I%U%!%$%k$r3J(B
$BG<$9$k!#(B
$B967b<T$O!"4{CN$N>l=j$K0-0U$N$"$k%3%s%F%s%D$rCV$/$3$H$G!"$3$NLdBj$rMxMQ(B
$B$9$k967b$r4k$F$k2DG=@-$,$"$k!#$3$N<o$N%U%!%$%k$r;X$7<($9(B URL $B$r2p$7$F!"(B
$B0-0U$"$k%3%s%F%s%D$d%3!<%I$,%m!<%+%k%3%s%F%-%9%HFb$G<B9T$5$l$k!#(B

.mht $B%U%!%$%k$,(B .wav $B%U%!%$%k$HL>>N$rJQ$($F!"$3$NJ}K!$rMxMQ$9$k$?$a$KJ](B
$BB8$5$l$kNc$,4{$K<($5$l$F$$$k!#$$$/$D$+$N%V%i%&%6$K$*$$$F!"(Bmhtml $B$r;X$7(B
$B<($9J}K!$G;2>H$5$l$k:]!"E:IU$5$l$?<B9T7A<0$N%3%s%F%s%D$O<+F0E*$K%m!<%+(B
$B%k%7%9%F%`Fb$N;XDj$5$l$?%G%#%l%/%H%j$XE>Aw$5$l!"$=$l$,;2>H$5$l$k$N$G$"(B
$B$k!#(B

$B967bBP>]$N%U%!%$%k%7%9%F%`$X%U%!%$%k$r3JG<$9$k2DG=@-$O!"Nc$($P(B BID 3867
$B$K<($5$l$F$$$kB>$NLdBj$HAH$_9g$o$5$l$k$3$H$G!"$h$jA}Bg$9$k$H9M$($i$l$k!#(B

20. Oddsock Song Requester WinAmp Plugin Denial Of Service Vulnerability
BugTraq ID: 5248
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 16 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5248
$B$^$H$a(B:

Oddsock Song Requester $B$O!"%j%9%J!<$K2N$r%j%/%(%9%H$9$k5!G=$rDs6!$9$k!"(B
WinAmp $BMQ%W%i%0%$%s$G$"$k!#(B

Oddsock Song Requester 2.1 $B$OLdBj$,H/8+$5$l$F$$$k!#(B
$BJs9p$K$h$k$H!"(BSong Requester $B$K$O!"0U?^E*$J%j%/%(%9%H$rAw$i$l$?>l9g$K(B
DoS $B>uBV$K4Y$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"967b<T$,(B 'listpos' $B%Q%i%a!<%?$KD9$$CM$rBeF~$9$k(B 'request.cgi'
$B$X$N%j%/%(%9%H$r:n@.$7$?>l9g$KH/@8$9$k!#$3$l$,9T$o$l$?>l9g!"(BSong Request
$B$H(B WinAmp $B$O!"6&$K%/%i%C%7%e$9$k!#(B

$B$3$NLdBj$rMxMQ$9$k$3$H$G!"@5Ev$J%f!<%6$,(B Song Requester $B%5!<%S%9$r;HMQ(B
$B$G$-$J$/$9$k$3$H$,2DG=$G$"$k!#$3$N>uBV$O!"%P%C%U%!%*!<%P!<%U%m!<$K$h$k(B
$B$b$N$J$N$G!"%3!<%I$N<B9T$,2DG=$H9M$($i$l$k!#$3$NLdBj$O!"(BSong Requester
2.1 $B$H(B WinAmp 2.80 $B$G%F%9%H$5$l$?!#(B Song Requester $B$NB>$N%P!<%8%g%s$G(B
$B$3$NLdBj$,5/$3$k$+$I$&$+$OITL@$G$"$k!#(B

$BDI5-(B:
'psearch' $B%Q%i%a!<%?$NCM$NBeF~$G$bF1MM$N%/%i%C%7%e$,5/$3$k$HJs9p$5$l$F(B
$B$$$k!#$7$+$7!"$3$l$K$D$$$F$O(B SecurityFocus $B$G$O:F8=$G$-$F$$$J$$!#(B

21. Macromedia Sitespring Default Error Page Cross Site Scripting Vulnerability
BugTraq ID: 5249
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 17 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5249
$B$^$H$a(B:

Macromedia Sitespring $B$O(B J2EE $BBP1~$N(B Web $B%5%$%H9=C[MQ$N%^%M!<%8%a%s%H%=(B
$B%j%e!<%7%g%s$G$"$k!#(BMacromedia Sitespring $B%5!<%P$O(B Microsoft Windows $B>e(B
$B$GF0:n$9$k!#(B

Sitespring $B$N;HMQ$9$k%G%U%)%k%H$N%(%i!<%Z!<%8$K$O%/%m%9%5%$%H%9%/%j%W(B
$B%F%#%s%0$NLdBj$,B8:_$9$k$3$H$,Js9p$5$l$F$$$k!#(B HTTP 500 $B%(%i!<$,JV$5$l(B
$B$?:]!"FCDj$N%f!<%6$KDs6!$5$l$k%G!<%?$O@8@.$5$l$?(B HTML $B%?%0$NCf$K4^$^$l(B
$B$k!#$3$N%G!<%?$OE,@Z$K:o=|$5$l$J$$$?$a!"(BJavaScript $B$r4^$`G$0U$N(B HTML
$B%?%0$r4^$s$@>e$G%(%i!<%Z!<%8$rJV$9$3$H$,2DG=$G$"$k!#(B

$B967b<T$OG$0U$N(B JavaScript $B%3%^%s%I$r4^$`!"LdBj$rJz$($k%5%$%H$X$N0-0U$"(B
$B$k%O%$%Q!<%j%s%/$r:n@.$9$k2DG=@-$,$"$k!#%5%$%H$N%f!<%6$,$3$N%O%$%Q!<%j(B
$B%s%/$KF3$+$l$?:]!"0-0U$N$"$k%9%/%j%W%H$,(B Sitespring $B$rMxMQ$7$F$$$k%5%$(B
$B%H$N%3%s%F%-%9%H$G<B9T$5$l$k2DG=@-$,$"$k!#%9%/%j%W%H$OG'>Z$5$l$?%f!<%6(B
$B$H$7$FF0:n$9$k!"$b$7$/$O!"%/%C%-!<Fb$N>pJs$K4^$^$l$F$$$k=EMW$J>pJs$r96(B
$B7b<T$K3+<($9$k2DG=@-$,$"$k!#(B

22. Caucho Technology Resin Server Device Name Path Disclosure Vulnerability
BugTraq ID: 5252
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 17 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5252
$B$^$H$a(B:

Resin $B$O(B XML $B$K4p$E$/%"%W%j%1!<%7%g%s%5!<%P$G$"$k!#$3$N%=%U%H%&%'%"$O(B
Microsoft Windows $B$K2C$((B Linux $B$dB?$/$N(B UNIX $B$GF0:n2DG=$G$"$k!#(B

$B0-0U$N$"$k%&%'%V%j%/%(%9%H$r<h$j07$&:]!"(BResin $B$O=EMW$J>pJs$r3+<($7$F$7(B
$B$^$&!#0lIt$N(B MS-DOS $B$N%G%P%$%9L>$N%j%/%(%9%H$,:n@.$5$l$?:]!"%5!<%P$O(B
Web $BMQ$N%I%-%e%a%s%H%k!<%H%G%#%l%/%H%j$X$N@dBP%Q%9$r4^$`%(%i!<%Z!<%8$r(B
$BJV$92DG=@-$,$"$k!#(B

$B$3$N<o$N=EMW$J>pJs$O967bBP>]$N%3%s%T%e!<%?$X$N$5$i$J$k967b$KMxMQ$5$l$k(B
$B2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B Resin $B$r2TF0$5$;$F$$$k(B Microsoft Windows $B>e$GJs9p$5$l$F$$$k!#(B

23. Microsoft IIS SMTP Service Encapsulated SMTP Address Vulnerability
BugTraq ID: 5213
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5213
$B$^$H$a(B:

Microsoft Exchange 5.5 $B$*$h$S(B IIS (Internet Information Services) 4.0 
$B$*$h$S(B 5.0 $B$r4^$`(B SMTP (Simple Mail Transfer Protocol) $B%5!<%S%9$O%+%W%;(B
$B%j%s%0$5$l$?EE;R%a!<%k$NG[Aw@h$N<h$j07$$$KM3Mh$9$kLdBj$rJz$($F$$$k!#(B

$B$3$NLdBj$O(B Microsoft Security Bulletin MS99-027 $B$H$7$F8x3+$5$l$F$*$j!"(B
Exchange Server 5.5 $B$X$N1F6A$,5Z$V$3$H$,Js9p$5$l$F$$$k!#(BMicrosoft $B$O(B
Exchange Server 5.5 $B$KBP$7$F$N$_!"$3$NLdBj$r=$@5$9$k%Q%C%A$rDs6!$7$F$$(B
$B$k!#$3$NLdBj$O(B Microsoft IIS 4.0 $B$*$h$S(B 5.0 $B$r4^$`(B SMTP $B%5!<%P$X1F6A$,(B
$B5Z$V$3$H$,Js9p$5$l$F$$$k!#(B
IIS SMTP $B%5!<%S%98~$1$N%Q%C%A$ODs6!$5$l$F$$$J$$!#(B

$B%j%b!<%H$N967b<T$O!"(BInternet Messaging Service $B$rMxMQ$7!"B>$N(B Exchange
$B%5%$%H$KBP$9$k%2!<%H%&%'%$$K$J$j$9$^$9$h$&$K@_Dj$5$l$?(B Exchange server
$B$r7PM3$7!"EE;R%a!<%k$NCf7Q$,2DG=$G$"$k!#EE;R%a!<%k$NCf7Q$O!"%j%b!<%H$N(B
$B967b<T$,!"$"$?$+$bCf7Q$KMxMQ$5$l$F$$$k%5!<%P$+$iH/Aw$5$l$?$h$&$K!"EE;R(B
$B%a!<%k$rG[Aw$7$F$7$^$&EE;R%a!<%k%5!<%P$r;EN)$F>e$2$?>e$G4k$F$i$l$k!#(B
$B%*!<%W%s%a!<%kCf7Q$OK>$^$l$J$$%a!<%k$NH/?.8;$r1#JC$9$k$?$a$N<jCJ$H$7$F!"(B
$B%9%Q%^!<$K$h$C$F$^$:Bh0l$KMxMQ$5$l$kJ}K!$G$"$k!#(B

Microsoft Exchange Server $B$O%a!<%kCf7Q$rL58z$K$9$k$h$&@_7W$5$l$?!"%;%-%e(B
$B%j%F%#5!G=$r<BAu$7$F$$$k!#$7$+$7!"0d48$K$b!"$3$N5!G=$K$O(B Exchange Server
$B$NCf7QKI;_5!G=$r967b<T$,2sHr2DG=$JLdBj$rJz$($F$$$k$N$G$"$k!#(B

$B$3$NLdBj$O%5%$%H4V$NEE;R%a!<%k$NG[Aw$,(B SMTP $B$rDL$8$F9T$o$l$F$$$k$?$a$K(B
$B@8$8$k!#%+%W%;%j%s%0$5$l$?EE;R%a!<%k%"%I%l%9$O!";XDj$5$l$?$I$NEE;R%a!<(B
$B%k%"%I%l%9$XEE;R%a!<%k$rG[Aw$9$k$?$a$KMxMQ2DG=$G$"$k!#(B

24. ATPhttpd Buffer Overflow Vulnerabilities
BugTraq ID: 5215
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5215
$B$^$H$a(B:

ATPhttpd $B$O9b@-G=$K@_7W$5$l$?7ZNL7?$N(B Web $B%5!<%P$G$"$k!#$3$N(B Web $B%5!<%P(B
$B$O(B Yann Ramin $B$K$h$C$F3+H/$5$l$?!#(B

ATPhttpd $B$K$O$$$/$D$+$N%P%C%U%!%*!<%P!<%U%m!<>uBV$K4Y$kLdBj$,B8:_$9$k!#(B
$B%j%b!<%H$N967b<T$O1F6A$r<u$1$?%5!<%P$N8"8B$rC%<h$9$k$?$a$K$3$l$i$NLdBj(B
$B$rMxMQ$9$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O8BEY$rDj$a$F$$$J$$$^$^$NJ8;zNs%3%T!<=hM}!"$*$h$S!V(B1$B$D$:$l(B
(off-by-one)$B!W%(%i!<$KM3Mh$7$F$$$k!#$3$N<o$NLdBj$r@8$8$k>u67$O!"%/%i%$(B
$B%"%s%H$+$iIT@5$J%G!<%?$,M?$($i$l$k$?$a$K!"%(%i!<%a%C%;!<%8$,@8@.$5$l$k(B
$B>l9g$G$"$k!#(B
(void) sprintf(buffer, "The following error occurred while trying to
examine the garbage that you sent this poor webserver:
<br><b>%s</b><br><br>\n", text );

$B30It$+$iM?$($i$l$?%G!<%?$rMxMQ$7!"%;%-%e%"$G$J$$J}K!$GJ8;zNs$rAH$_N)$F(B
$B$kJ}K!$O%P%C%U%!$N6-3&$r1[$($F%G!<%?$r>e=q$-$9$k$?$a$N967b$KMxMQ$5$l$k(B
$B2DG=@-$,$"$k!#(B

25. Pingtel Expressa Default Blank Administrator Password Vulnerability
BugTraq ID: 5214
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5214
$B$^$H$a(B:

Expressa $B$O(B Pingtel $B$K$h$j3+H/$*$h$SG[I[$5$l$?(B Java-Based Voice-Over-IP 
$BEEOC$G$"$k!#(B

Expressa phones $B$K$O%f!<%6$,LdBj$N$"$kEEOC$N4IM}<T8"8B$rC%<h$9$kLdBj$,(B
$BB8:_$9$k2DG=@-$,$"$k!#(B

Pingtel Expressa phones $B$O%G%U%)%k%H$G$O4IM}<T$N%Q%9%o!<%I$N@_Dj$rI,MW(B
$B$H$7$J$$$3$H$,H/8+$5$l$?!#(B Expressa phones $B$K@_Dj$5$l$F$$$k%G%U%)%k%H$N(B
$B%Q%9%o!<%I$O(B NULL $BCM$G$"$j!"$$$+$J$kG'>Z$b$J$7$K!"4IM}<T8~$15!G=$X$N%"(B
$B%/%;%9$r5v2D$9$k!#4IM}<T%Q%9%o!<%I@_Dj$N$J$$EEOC$O(B Web $B%$%s%?%U%'!<%9$r(B
$BDL$8$F967b<T$K$h$j%j%b!<%H$+$i%"%/%;%9$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$K$h$j%M%C%H%o!<%/$r2p$7$F!"LdBj$N$"$k5!4o$N4IM}<T8"8B$rC%<h$9(B
$B$k%m!<%+%k%f!<%6!"%"%/%;%92DG=$J%f!<%6!"$^$?$OEEOC$K%"%/%;%9$9$k%f!<%6(B
$B$r$b$?$i$92DG=@-$,$"$k!#(B

26. CARE 2002 Multiple SQL Injection Vulnerabilities
BugTraq ID: 5219
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5219
$B$^$H$a(B:

CARE 2002 $B$O0eNE6H3&$GB?$/$N%7%9%F%`$rE}9g$9$k$?$a$K@_7W$5$l$?%=%U%H%&%'(B
$B%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B Web $B%$%s%?%U%'!<%9$rDs6!$7!"(BPHP $B$G:n$i$l$F(B
$B$$$k!#(B

$BJs9p$K$h$k$H!"(BCARE 2002 $B$OB?$/$N(B SQL $B%$%s%8%'%/%7%g%s$NLdBj$,B8:_$9$k!#(B
$B%f!<%6$K$h$C$FM?$($i$l$?%G!<%?$O(B SQL $B9=J8$rAH$_N)$F$k$N$KMxMQ$5$l$F$*(B
$B$j!"(B' $B$d(B " $B$J$I$H$$$C$?FC<l$J0UL#$r;}$DJ8;z$OE,@Z$K%(%9%1!<%W$5$l$F$$(B
$B$J$$!#$3$N$?$a967b<T$O(B SQL $B%/%(%j$r2~JQ$9$k0U?^$r$b$C$?!"0-0U$"$k%G!<(B
$B%?$r$3$N%=%U%H%&%'%"$K0z$-EO$9$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$O=EMW$J>pJs$N3+<(!"=EMW$J>pJs$N2~cb!"$b$7$/$O8"(B
$B8B$N>:3J$N7k2L$r>7$/2DG=@-$,$"$k!#$3$l$i$NLdBj$N>\:Y$O!"8=:_$N$H$3$m$o(B
$B$+$C$F$$$J$$!#(B

27. CARE 2002 Unsafe File Include Input Validation Error
BugTraq ID: 5218
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5218
$B$^$H$a(B:

CARE 2002 $B$O0eNE6H3&$GB?$/$N%7%9%F%`$rE}9g$9$k$?$a$K@_7W$5$l$?%=%U%H%&%'(B
$B%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B Web $B%$%s%?%U%'!<%9$rDs6!$7!"(BPHP $B$G:n$i$l$F(B
$B$$$k!#(B

CARE 2002 $B$K$OF~NO$5$l$?FbMF$K$D$$$F$NBEEv@-$N3NG'$rBU$C$F$$$kLdBj$,Js(B
$B9p$5$l$F$*$j!"=EMW$J%m!<%+%k%U%!%$%k$,3+<($5$l$k7k2L$r>7$/2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"FCDj$N>u672<$K$*$$$F%f!<%6$,F~NO$7$?CM$O(B include() $B4X?t(B
$B$N8F$S=P$7It$K$*$$$F!"%;%-%e%"$G$O$J$$J}K!$G;HMQ$5$l$F$$$k!#$3$N$?$a!"(B
$B0-0U$"$k?MJ*$O(B Web $B%3%s%F%s%DMQ$N%k!<%H%G%#%l%/%H%j$NHO0O30$N;q8;$X%"%/(B
$B%;%9$9$k$?$a$KO"B3$7$?(B '/../' $BJ8;z$r;HMQ$7!"%Q%i%a!<%?$KG$0U$N%U%!%$%k(B
$B$r4^$`MM$K;XDj$5$l$k$h$&$J1F6A$r5Z$\$9$3$H$,2DG=$G$"$k!#$3$N:]!"$$$/$D(B
$B$+$N%9%/%j%W%H$K$*$$$F$O!";XDj$5$l$?%U%!%$%k$O%j%b!<%H%f!<%6$X3+<($5$l(B
$B$k!#(B

$BIU$12C$($k$J$i$P!"(BNULL (0x00) $B$,(B include() $B4X?t$K0z$-EO$5$l$kJ8;zNs$N=*(B
$BC<It$H$7$FMxMQ$5$l$F$$$k$?$a!"$$$+$J$k<oN`$N%U%!%$%k$N3HD%;R$K$h$k%"%/(B
$B%;%9@)8B$,9T$o$l$F$$$?$H$7$F$b!"$=$N@)8B$O2sHr$5$l$F$7$^$$!"FbMF$,;2>H(B
$B$5$l$F$7$^$&2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$r9T$&$K$O(B PHP $B%Q%i%a!<%?$G$"$k(B 'register_globals'
$B$,(B 'on' $B$K@_Dj$5$l$F$$$kI,MW$,$"$k!#(B

28. Real Networks RealJukebox/RealOne Player Gold Skinfile Buffer Overflow
BugTraq ID: 5217
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5217
$B$^$H$a(B:

RealJukebox $B$H(B RealOne Player Gold $B$O(B Microsoft Windows $BMQ$N%^%k%A%a%G%#(B
$B%"%"%W%j%1!<%7%g%s$G$"$k!#(B

Real Software $B$O!"(BRealJukebox2 $B$H(B Real Player Gold $B$K$OLdBj$,B8:_$9$k$H(B
$BH/I=$7$?!#(B

$B%9%-%s%U%!%$%k$N%U%#!<%k%I$N6-3&%A%'%C%/$rBU$C$F$$$k$?$a$K%P%C%U%!%*!<(B
$B%P!<%U%m!<$,@8$8$k!#%9%-%s%U%!%$%k$O$$$/$D$+$N%9%-%s%G!<%?$r4^$`%U%!%$(B
$B%k$+$i@.$k%"!<%+%$%V$G$"$k!#$3$l$i%U%!%$%k$NFb!"(B"skin.ini" $B%U%!%$%k$O%9(B
$B%-%s$,$I$N$h$&$KI=<($5$l$k$+$K4X$9$k>pJs$r3JG<$7$F$$$k%U%!%$%k$G$"$k!#(B
$B$3$N%U%!%$%k$N(B "CONTROLnImage" $B%U%#!<%k%I$KL$%A%'%C%/$N%P%C%U%!$,B8:_$9(B
$B$k!#$3$N%U%#!<%k%I$KBP$9$kCM$H$7$FHs>o$KD9$$%U%!%$%kL>$r;XDj$9$k$3$H$K(B
$B$h$j!"%9%?%C%/Fb$NCM$,>e=q$-$5$l$k2DG=@-$,$"$k!#$3$NLdBj$rMxMQ$9$k967b(B
$B<T$OKd$a9~$_:Q$_$N967b<T$,M?$($?%3!<%I$X$N%]%$%s%?$G!"%j%?!<%s%"%I%l%9(B
$B$r>e=q$-$9$k$H?d;!$5$l$k!#(B

$B967b<T$O$3$NLdBj$rMxMQ$9$k$?$a$K0-0U$r;}$C$FAH$_N)$F$?%9%-%s%U%!%$%k$r(B
$B967b$NBP>]$KAw?.$7$J$1$l$P$J$i$J$$!#$3$l$O(B Web $B%Z!<%8$d(B HTML $B7A<0$NEE;R(B
$B%a!<%k$K$h$C$F9T$o$l$k$H?d;!$5$l$k!#$3$NLdBj$rMxMQ$9$k967b$O!"0-0U$"$k(B
$B%9%-%s%U%!%$%k$r3+$$$?%f!<%6$N8"8B$K$h$j967b<T$,;XDj$7$?%3!<%I$,<B9T$5(B
$B$l$k7k2L$r>7$/2DG=@-$,$"$k!#(B

29. Pingtel Expressa Web Server Cross-Site Scripting Vulnerability
BugTraq ID: 5220
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5220
$B$^$H$a(B:

Expressa $B$O(B Java $B$rMQ$$$F3+H/$5$l$?(B Voice-Over-IP (IP $B%W%m%H%3%k$rMxMQ(B
$B$7$F2;@<$rEA$($k5;=Q(B) $BEEOC$G$"$j!"(BPingtel $B$K$h$C$F3+H/!"HNGd$,9T$o$l$F(B
$B$$$k!#(B

$B$3$N@=IJ$N%U%!!<%`%&%'%"$K$h$C$F!"%f!<%6$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0(B
$B$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B

Expressa phone $B$K4^$^$l$k@_DjMQ(B Web $B%5!<%P$OFCDj$N%U%#!<%k%I(B (SIP $B$r%@(B
$B%$%d%k$9$k5!G=$N(B MESSAGE $B%Q%i%a!<%?$J$I(B) $B$KF~NO$5$l$?(B HTML $B$r%U%#%k%?%j(B
$B%s%0$7$J$$LdBj$rJz$($F$$$k!#(B

$B$3$NLdBj$K$h$j!"4{$K(B Web $B%$%s%?!<%U%'!<%9$KBP$7$FG'>Z$,9T$o$l$F$$$kEEOC(B
$B%7%9%F%`$N%f!<%6$KBP$7!"0-0U$"$k(B URL $B$rAw?.2DG=$G$"$k!#$3$N<o$N(B URL $B$,(B
Expressa phone $B$N%f!<%6$K$h$C$F%"%/%;%9$5$l$k:]!"(BURL $B$K4^$^$l$kG$0U$N%9(B
$B%/%j%W%H!"$"$k$$$OG$0U$N(B HTML $B$,(B Expressa Web $B%5!<%P$HF13J$N%;%-%e%j%F%#(B
$B%3%s%F%-%9%H$G<B9T$5$l$k!#(B

30. Pingtel Expressa Admin Account Login Session Timeout Vulnerability
BugTraq ID: 5221
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5221
$B$^$H$a(B:

Expressa $B$O(B Java $B$rMQ$$$F3+H/$5$l$?(B Voice-Over-IP (IP $B%W%m%H%3%k$rMxMQ(B
$B$7$F2;@<$rEA$($k5;=Q(B) $BEEOC$G$"$j!"(BPingtel $B$K$h$C$F3+H/!"HNGd$,9T$o$l$F(B
$B$$$k!#(B

Expressa phone $B$O%f!<%6$,LdBj$rJz$($k5!4o$KBP$7!"0U?^$7$J$$4IM}<T8"8B$G(B
$B$N%"%/%;%9$,2DG=$G$"$k$H$$$&LdBj$rJz$($F$$$k!#(B

Expressa phone $B$N4IM}<T8"8B$G$N%m%0%$%s$O%;%C%7%g%s$N%?%$%`%"%&%H$r9T(B
$B$o$J$$!#4IM}<T$,%-!<%Q%C%I$K$h$C$F(B Expressa phone $B$K%m%0%$%s$9$k>l9g!"(B
$B4IM}<T$O(B "ok" $B$"$k$$$O(B "cancel" $B$rA*Br$9$k$^$GEEOC$K%m%0%$%s$7B3$1$k!#(B
$B7k2L$H$7$F!"4IM}<T$,(B Expressa phone $B$K%m%0%$%s$7$F%m%0%"%&%H$rK:$l$F(B
Expressa phone $B$+$iN%$l$F$7$^$&$H!"(B Expressa phone $B$X$NJ*M}E*$J%"%/%;(B
$B%9$,2DG=$JG$0U$N%f!<%6$O4IM}<T8"8B$G%"%/%;%92DG=$G$"$k!#(B

$B$3$N7k2L$H$7$F!"0U?^$7$J$$%f!<%6$,(B Expressa phone $B$X$N4IM}<T8"8B$G$N%"(B
$B%/%;%9$,2DG=$G$"$k!#(B

31. Pingtel Expressa Arbitrary Firmware Upgrade Vulnerability
BugTraq ID: 5223
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5223
$B$^$H$a(B:

Expressa $B$O(B Java $B$rMQ$$$F3+H/$5$l$?(B Voice-Over-IP (IP $B%W%m%H%3%k$rMxMQ(B
$B$7$F2;@<$rEA$($k5;=Q(B) $BEEOC$G$"$j!"(BPingtel $B$K$h$C$F3+H/!"HNGd$,9T$o$l$F(B
$B$$$k!#(B

Expressa phone $B$O%f!<%6$,LdBj$N$"$k5!4o$N%U%!!<%`%&%'%"99?7$rJQ99$9$k(B
$B$3$H$,2DG=$G$"$k$H$$$&LdBj$rJz$($F$$$k!#(B

Expressa phone $B$O%f!<%6$,>!<j$K5!4o$N%U%!!<%`%&%'%"$N%"%C%W%0%l!<%I$,(B
$B2DG=$G$"$k$H$$$&LdBj$,H/8+$5$l$?!#(BExpressa phone $B$O%f!<%6$,:G=i$K4IM}(B
$B<T$H$7$FG'>Z$r9T$o$:$K!"%U%!!<%`%&%'%"$r%"%C%W%0%l!<%I$9$k$3$H$,2DG=$G(B
$B$"$k!#$3$NLdBj$K$h$j!"%f!<%6$,(B Expressa phone $B$N%U%!!<%`%&%'%"$N0-0U$N(B
$B$"$k%P!<%8%g%s$r%m!<%I$9$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O967b<T$,(B Expressa phone $B$N%U%!!<%`%&%'%"$r%"%C%W%0%l!<%I$7!"(B
$B@x:_E*$K0-0U$N$"$k%U%!!<%`%&%'%"$r%m!<%I$9$k2DG=@-$,$"$k!#(B

32. Pingtel Expressa Arbitrary Application Installation Vulnerability
BugTraq ID: 5224
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5224
$B$^$H$a(B:

Expressa $B$O(B Java $B$rMQ$$$F3+H/$5$l$?(B Voice-Over-IP (IP $B%W%m%H%3%k$rMxMQ(B
$B$7$F2;@<$rEA$($k5;=Q(B) $BEEOC$G$"$j!"(BPingtel $B$K$h$C$F3+H/!"HNGd$,9T$o$l$F(B
$B$$$k!#(B

Expressa phone $B$N%"%W%j%1!<%7%g%s%=%U%H%&%'%"$r%@%&%s%m!<%I$9$k5!G=$O!"(B
$B%j%b!<%H%f!<%6$,G$0U$N%Q%C%1!<%8$r%$%s%9%H!<%k$9$k$3$H$,2DG=$G$"$k$H$$(B
$B$&LdBj$rJz$($F$$$k!#(B

Expressa phone $B$K$*$$$F!"967b<T$,LdBj$N$"$k%7%9%F%`$K0-0U$N$"$k%=%U%H(B
$B%&%'%"$r%$%s%9%H!<%k$9$k$?$a$K!"%"%W%j%1!<%7%g%s%$%s%9%H!<%k=hM}$KB8:_(B
$B$9$k7gE@$rMxMQ$9$kLdBj$,Js9p$5$l$?!#(BExpressa $B$N%"%W%j%1!<%7%g%s%$%s%9%H!<(B
$B%k5!G=$O%"%W%j%1!<%7%g%s$r%@%&%s%m!<%I$9$k$?$a$K!"G'>Z$NI,MW$,$J$$(B HTTP
$B%W%m%H%3%k$r;HMQ$9$k!#$$$/$D$+$N99?7%Q%C%1!<%8$O(B Expressa phone $B$N%f!<(B
$B%6$N8"8B$K$h$C$F%7%9%F%`$K%$%s%9%H!<%k$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$r9T$&L\E*$G!"967b<T$OLdBj$rJz$($k%/%i%$%"%s%H$N(B
$B%@%&%s%m!<%IBP>]$r9MN8$7!"%"%W%j%1!<%7%g%s$N%@%&%s%m!<%I$r9T$&%5!<%P$H(B
$B$7$F@_Dj$5$l$?%3%s%T%e!<%?$r;YG[$7$F$$$J$1$l$P$J$i$J$$!#(BDNS $B%-%c%C%7%e(B
$B1x@w967b$*$h$S(B DNS $B%9%W!<%U%#%s%0$r4^$`!"$$$/$D$+$N4{CN$N5;K!$K$h$C$F$3(B
$B$N>u67$r:n$j=P$9$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O%G%8%?%k=pL>$r;HMQ$9$k$3$H$K$h$j2r>C$5$l$k$3$H$KN10U$9$Y$-$G(B
$B$"$k!#(B

III. SECURITYFOCUS NEWS AND COMMENTARY
------------------------------------------
1. H2K2 Hackers Say They Want a Revolution
$BCx<T(B: Kevin Poulsen

$B%I%C%H%3%`M_$H$O!":2$r%3%s%T%e!<%?%"%s%@!<%0%i%&%s%I$KC%$o$l$k$3$H$r8@$&!#(B
http://online.securityfocus.com/news/533

2. More EBook Hacking Tricks From Embattled Elcomsoft
$BCx<T(B: Brian McWilliams

$B%m%7%"$N%=%U%H%&%'%"2q<R$O!"(BAdobe $B$N%3%T!<KI;_%7%9%F%`$OG4EZ$HON$GAH$_(B
$BN)$F$i$l$?J*$G$"$k$H8l$C$?!#(B
http://online.securityfocus.com/news/530

3. HP confirms 150 suspended in email porn probe
$BCx<T(B: John Leyden, The Register

HP $B$OITE,@Z$JI=8=$NG[?.$H$$$&!"2q<R$N%a!<%k%7%9%F%`$N0-MQ$rD4::$9$k0l4D(B
$B$H$7$F!"(B150 $B?M$N%9%?%C%U$rDd?&=hJ,$K$9$k$3$H$r8x<0$K>5G'$7$?!#$*$h$=(B 60
$B?M$N=*?H8[MQ<T!"$*$h$S(B 90 $B?M$N0QBw6H<T$,?3::$N2<$K$"$k!#(B

http://online.securityfocus.com/news/540

4. Team demos 'first quantum crypto prototype machine'
$BCx<T(B: John Leyden, The Register

67 km $B$N8w%U%!%$%P!<%M%C%H%o!<%/$r2p$7$?80$N8r49$,9T$o$l$?$3$H$K$h$j!"(B
$B0E9f2=(B - $BNL;R0E9f(B - $B$N@;GU$N<BMQE*$J<BAu$K6a$E$/CJ3,$,0l$D?J$s$@$N$G$"(B
$B$k!#(B

http://online.securityfocus.com/news/539

5. Alliance Sets Standards on Computer Security
$BCx<T(B: Shannon Henry, Washington Post

$B<+7YCD$N9b@-G=HG$G$"$k$+$N$h$&$K8+$J$;$k%O%$%F%/$K?M!9$,<h$j0O$^$l$F$$(B
$B$kCf!":#F|!"@/I\Fb$NIt6I$HL14V4k6H$+$i$J$k%0%k!<%W$O%3%s%T%e!<%?$X$N%/(B
$B%i%C%-%s%0$X$NBP:v$r9V$8$k$?$a$N!"6&DL$H$J$k0lO"$N4p=`$H%=%U%H%&%'%"$N(B
$B8x3+$rN)0F$7$?!#(B

http://online.securityfocus.com/news/538

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. SQL Server Password Auditing Tool v1.0.1
$B:n<T(B: Patrik Karlsson
$B4XO"$9$k(BURL:
http://www.cqure.net/tools10.html
$BF0:n4D6-(B: Linux, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows
XP
$B$^$H$a(B:

$B$3$N%D!<%k$O(B Microsoft SQL Server $B$N%Q%9%o!<%ID9$N!"%*%U%i%$%s4F::$r9T(B
$B:]$KMxMQ$,?d>)$5$l$k$b$N$G$9!#$3$N%=%U%H%&%'%"$OAmEv$j%b!<%I$H<-=q967b(B
$B%b!<%I$N$$$:$l$+$rMxMQ$G$-$^$9!#(B GHz (256mb) $B$N(B Pentium $B%W%m%;%C%5$rMx(B
$BMQ$7$F$$$k%3%s%T%e!<%?$G$O!"(B1 $BIC4V$KLs(B 750,000 $B8D$r8!::$9$k$3$H$,2DG=$G(B
$B$9!#(B

$B4F::$r<B9T$9$k$?$a$K$O%^%9%?!<%G!<%?%Y!<%9Fb$N(B sysxlogins $B%F!<%V%kFb(B
$B$K3JG<$5$l$F$$$k%Q%9%o!<%I%O%C%7%e$,I,MW$G$9!#$3$N$?$a!"$3$N%=%U%H%&%'(B
$B%"$r<B9T$9$k$?$a$K$O%F%-%9%H%U%!%$%k7A<0$XJQ49:Q$_$N%O%C%7%e$,I,MW$G(B
$B$9(B($BFI$_9~$_BP>]$N%U%!%$%k$H$7$F!"(Bhashes.txt $B$H8@$&L>>N$N%U%!%$%k$r;2(B
$B>H$7$^$9(B)$B!#(B

2. Inzider 1.2
$B:n<T(B: Arne Vidstrom
$B4XO"$9$k(BURL:
http://ntsecurity.nu/toolbox/inzider/
$BF0:n4D6-(B: Windows 95/98, Windows NT
$B$^$H$a(B:

$B$3$l$O!"(BWindows $B%7%9%F%`$N8=:_$N%W%m%;%9$d3+$$$F$$$k%]!<%H$r%j%9%HI=<((B
$B$9$k!"Hs>o$K;H$$$d$9$$%D!<%k$G$9!#$3$l$O!"(BWindows NT $B$H(B Windows 9x $B>e(B
$B$GF0:n2DG=$G$9!#(BWindows 9x $B$G$O!"0BDj@-$,LdBj$H$J$C$F$$$^$7$?$,!"8=:_!"(B
$B$3$NLdBj$O4{$K2r7h$7$F$$$^$9!#(B
$B$J$*!"(BWindows NT $B>e$G$O%5!<%S%9$H$7$F5/F0$5$l$?%W%m%;%9$r%A%'%C%/$9$k$3(B
$B$H$O$G$-$^$;$s!#(B

3. SQLLHF v1.3
$B:n<T(B: Matt Wagenknecht
$B4XO"$9$k(BURL:
http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=4&tabid=7
$BF0:n4D6-(B: N/A
$B$^$H$a(B:

SQL Server Brute Forcing tool $B$O%9%/%j%W%H$+$i8F$S=P$72DG=$J%3%^%s%I%i(B
$B%$%s%$%s%?%U%'!<%9$rHw$(!"%/%i%9(B C $B0J>e$NHO0O$N%M%C%H%o!<%/$r%9%-%c%s$7!"(B
IP $B%j%9%H$K$h$k%9%-%c%s5!G=$rHw$($?%=%U%H%&%'%"$G$9!#(B
$B$3$N%=%U%H%&%'%"$O(B Matthew Wagenknecht $B$K$h$C$FJ]<i$5$l$F$$$^$9!#(B

4. Network Access Control System
$B:n<T(B: Marc Schochlin
$B4XO"$9$k(BURL:
http://www.256bit.org/nacs.html
$BF0:n4D6-(B: Java
$B$^$H$a(B:

NACS $B$O?.Mj$5$l$F$$$J$$%3%s%T%e!<%?$X(B TCP/IP (v4) $B$K4p$E$/(B LAN/WAN $B$N(B
$B%"%/%;%9$r2wE,$G0BA4$JJ}K!$rDs6!$7$^$9!#%7%9%F%`$OEPO?$5$l$?%f!<%6$N$_(B
$B$,%M%C%H%o!<%/;q8;$r;HMQ2DG=$G$"$k$3$H$rJ]>Z$7$^$9!#B>$N%=%j%e!<%7%g%s(B
$B$H$O0[$J$j!"(BPPTP $B$"$k$$$O(B IPsec $B$N$h$&$K!"(BNACS $B$O%W%m%0%i%`$KFCDj$N%/(B
$B%i%$%"%s%H%=%U%H%&%'%"$r%$%s%9%H!<%k$9$kI,MW$O$"$j$^$;$s!#%/%i%$%"%s%H(B
$B%^%7%s$O(B DHCP $B%/%i%$%"%s%H(B ($B<+F02=$7$?%M%C%H%o!<%/@_Dj(B) $B$*$h$S(B SSL $B$N(B
$B5!G=$,$"$k(B Web $B%V%i%&%6$N$_$rI,MW$H$7$^$9!#%5!<%P$O(B kernel 2.4$B!"(B
Jakarta-Tomcat Servlet Engine$B!"(BJDK 1.3/JDK 1.4$B!"(BApache$B!"(BMySQL$B!"$=$7$F(B
$B0lHL$K%M%C%H%o!<%/$rJ]8n$9$k%U%!%$%d%&%)!<%k$rI,MW$H$7$^$9!#(BNACS $B$OI8(B
$B=`$N(B Linux $B7A<0$N%Q%9%o!<%I%U%!%$%k$+$i%Q%9%o!<%I%G!<%?$rF~<j$7!"%m%0(B
$B%$%s$7$^$9!#$3$N<BAu$OB>$NG'>Z%a%+%K%:%`(B (LDAP $B$N$h$&$J(B) $B$NE}9g$r;Y1g(B
$B$7$^$9!#(B

5. Simp (Secway's Instant Messenger Privacy) v1.1.0
$B:n<T(B: Secway
$B4XO"$9$k(BURL:
http://www.secway.com/lab/simp.php?PARAM=us,ie#download
$BF0:n4D6-(B: Windows 2000, Windows 95/98, Windows NT, Windows XP
$B$^$H$a(B:

Simp (Secway's Instant Messenger Privacy) $B$O%M%C%H%o!<%/>e$N(B MSN Messenger
$B$G$N2qOC$r0BA4$K$9$k$?$a$K(B Secway $B$K$h$j3+H/$5$l$?%D!<%k$G$9!#(BSimp $B$O(B
$B%$%s%?!<%M%C%H$rDL$8$FAw$i$l$kA0$K%a%C%;!<%8$r0E9f2=$7!"%3%s%?%/%H$,FO(B
$B$/:]$KJ#9g2=$9$k$h$&$KF0:n$7$^$9!#0lEY$"$J$?$H$"$J$?$NM'?M$N%3%s%T%e!<(B
$B%?$K%$%s%9%H!<%k$9$l$P!"(BSimp $B$OC/$b$"$J$?$N$d$j$H$j$rFI$`$3$H$,$G$-$J$$(B
$B$h$&$K$7$^$9!#(B

6. Tiny Honeypot v0.4.3
$B:n<T(B: George Bakos
$B4XO"$9$k(BURL:
http://alpinista.dyndns.org/files/thp/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

Tiny Honeypot (thp) $B$O(B iptables $B$N%j%@%$%l%/%H5!G=$H(B xinetd $B$K$h$k%3%M(B
$B%/%7%g%s$NBT$A<u$1$rMxMQ$9$k4J0W7?%O%K!<%]%C%H$G$9!#(BTiny Honeypot $B$O8=(B
$B:_;HMQ$7$F$$$J$$$9$Y$F$N(B TCP $B%]!<%H$G@\B3$rBT$A<u$1!"3hF0$r$9$Y$F5-O?$7!"(B
$B967b<T$KFCDj$N1~Ez$rJV$7$^$9!#1~Ez%7%9%F%`$O$9$Y$F(B Perl $B$r;HMQ$7$F5-=R(B
$B$5$l$F$*$j!"AjEv?t$N?M4V$HF1MM$K!"$[$H$s$I$N<+F0967b%D!<%k$r>/$J$/$H$b(B
$B>/$7$N;~4V5=$/$?$a$KI,MW$J!"==J,$J$d$j$H$j$rDs6!$7$^$9!#E,@Z$J@_Dj9`L\(B
$BHO0O(B ($B%G%U%)%k%H(B) $B$G!"(Bthp $B$O%Q%U%)!<%^%s%9$K$o$:$+$J1F6A$G2TF0Cf$N%[%9(B
$B%H>e$G<B9T2DG=$G$9!#(B

--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$B@PED6G5W(B(ISHIDA Akihisa)$B!"<r0fH~5.(B(SAKAI Miki)$B!"(B
$B?7D.5W9,(B(SHINMACHI Hisayuki)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1028084239-10892782
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIISGgYJKoZIhvcNAQcCoIISCzCCEgcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DzwwggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggU2MIIEn6ADAgECAhBYKwlOQWIg2t9s9Ul6
I3xqMA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMjA0MDEwMDAw
MDBaFw0wMzA0MDEyMzU5NTlaMIIBIzELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTYxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEXMBUGA1UEAxMOU0FL
QUkgWW9yaXl1a2kxHjAcBgkqhkiG9w0BCQEWD3Nha2FpQGxhYy5jby5qcDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANEwVujTRrltaiSI2DFkPlw5L6WWWeOOy9z0HqaPXf2d
JYfoGHqbpq5MVCkBUSOHSY1Tpi/RdziqxhIYzXvzsb0wC1V0RNzvLf8zXtk6IjTmHttX0QDx
AvoxfmehZ1vCOgQcdBbG2FajnYo7MOewxLrmHLCv0Gitqsi2IS3Eaxv7v5Pzobu82BzUMBl6
9XypVXIEQHTG6s34ji0LbDOO/F5JqTuG5QhQmQyNnJyhNU4/BYu3e1KgK9c0gnIArQAroRqP
/0HXU7Ueu/HAUXnrt7+YqzL5CZ/6m11gCLblzFs2+6XieQsekFSjxquSQjl88C3CwgRoaNkx
01rqqYzBJ8ECAwEAAaOCAVAwggFMMAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZI
AYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMw
YgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBp
bmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMAsGA1UdDwQE
AwIFoDARBglghkgBhvhCAQEEBAMCB4AwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL29uc2l0
ZWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25KYXBhbktLVmVyaVNpZ25DbGFzczFDQUluZGl2
aWR1YWxTdWJzY3JpYmVyL0xhdGVzdENSTC5jcmwwDQYJKoZIhvcNAQEEBQADgYEALL1YFoVc
MyuHCFTkhPlz/3XIGtchllMRc+zha0qmA5wxbtgJT7hEl7IRrocWCSfweW4/KGZDQDMZM9wR
NRX19b4UTs2/opkQtX3eX4qNjUNnGdMjLTGTXzFqlph9b4ZYPvY5Xq+VQjpLBkqn2RQhdTLH
+BXc51LdzrtGw8H7s+4xggKmMIICogIBATCByjCBtTEcMBoGA1UEChMTVmVyaVNpZ24gSmFw
YW4gSy5LLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE+MDwGA1UECxM1VGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvLmpwL1JQQSAoYykgOTgxNDAy
BgNVBAMTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEFgr
CU5BYiDa32z1SXojfGowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0wMjA3MzEwMjU3MDBaMCMGCSqGSIb3DQEJBDEWBBRQeD5epy0h
ynHLcrTCDC3PfiAGkjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQBP39Ej7n9RD0ldy+g3nsfA0rwWfKJt1AYEV97Nproixab13fLuxLbc6jppM9e7
Nqenkj0tjtdyJcUeC3sBJqdhX0ppUEouhcLUUADcbNQPG6R5Ozqyughl1PDG6fDuBjI2mmsF
iAdTvEKZ2Rzjd7bSlxb7rP/PViarBHIkL/IQtdTuRFSpPVOVx4ihzxsT/w6zC6NMR3/G2QoK
6ZlJNgQxL4A0vxvEjJi4Nd25RXnmOkBO3XhCCpnYJtfehFrvAjMO1kNYrNCKdXs9vtuwiffX
0Z8h3L3HbRde3cIMay9H1wqHZVhVjxwUNV9lNMM7lQ3aF7IaS3u/ytwKnpeNC89o

-----------1028084239-10892782--