SecurityFocus.com Newsletter #155 2002-7-22->2002-7-26

To: BUGTRAQ-JP@SECURITYFOCUS.COM
Subject: SecurityFocus.com Newsletter #155 2002-7-22->2002-7-26
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Tue, 6 Aug 2002 17:47:54 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
In-Reply-To: <Pine.LNX.4.43.0207291014260.18321-100000@mail.securityfocus.com>
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
References: <Pine.LNX.4.43.0207291014260.18321-100000@mail.securityfocus.com>
$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 155 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus.com Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0le$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 29 Jul 2002 10:15:13 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0207291014260.18321-100000@mail.securityfocus.com>

SecurityFocus Newsletter #155
-----------------------------

This Issue is sponsored by: Stratum8 Networks, Inc.

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Filtering E-Mail with Postfix and Procmail, Part Four
     2. Detecting and Removing Malicious Code
     3. High-Flying Schmidt
     4. Black Hat Briefings & Training
     5. Secure i-World
     6. SecurityFocus DPP Program
II. BUGTRAQ SUMMARY
     1. Geeklog HTML Attribute Cross Site Scripting Vulnerability
     2. Geeklog Email Composition CRLF Injection Vulnerability
     3. Tru64 SU Command Line Buffer Overflow Vulnerability
     4. Adobe eBook Reader File Restoration Privilege Escalation...
     5. Microsoft Outlook Express SMTP Over TLS Information Disclosure...
     6. Working Resources BadBlue HTTP 302 Message Cross-Site Scrpting...
     7. Working Resources BadBlue Administrative Interface Arbitrary...
     8. Microsoft Outlook Express Spoofable File Extensions Vulnerability
     9. PHP HTTP POST Incorrect MIME Header Parsing Vulnerability
     11. PHP Interpreter Direct Invocation Denial Of Service Vulnerability
     12. Sun PC NetLink Backup Restoration ACL Permissions Vulnerability
     13. Pablo Software Solutions FTP Server File/Directory Disclosure...
     15. SmartMax MailMax Popmax Buffer Overflow Vulnerability
     16. Sun Fire Unauthorized Environmental Monitoring Subsystem...
     17. SecureCRT SSH1 Identifier String Buffer Overflow Vulnerability
     18. Multiple Vendor Web Browser JavaScript Modifier Keypress Event...
     19. DansGuardian Hex Encoding URL Content Filter Bypass Vulnerability
     20. Zyxel Prestige 642R Router Malformed TCP Packet Denial Of...
     21. Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Access...
     22. VMWare GSX Server Authentication Server Buffer Overflow...
III. SECURITYFOCUS NEWS ARTICLES
     1. Find a Bug? Don't E-Mail Microsoft
     2. GAO: U.S. Cyber Security Efforts are Uncoordinated
     3. Big software pushes hard for national Gestapo
     4. Congress blasts Feds on cyber-terror FOIA games
IV.SECURITYFOCUS TOP 6 TOOLS
     1. Pachyderm-fw v0.91
     2. Mixmaster v2.9b33
     3. Maillog View v1.02.6
     4. echolot-pinger v 2.0beta18
     5. Linux Firewall v2.0rc2
     6. Mailcrypt v3.5.7

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Geeklog HTML Attribute Cross Site Scripting Vulnerability
BugTraq ID: 5270
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
Date Published: Jul 19 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5270
$B$^$H$a(B:

Geeklog $B$O%U%j!<$G8x3+$5$l$F$$$k!"%*!<%W%s%=!<%9$N(B Web $B$rMxMQ$9$kEE;R7G(B
$B<(HD5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B PHP $B8@8l$rMxMQ(B
$B$7$F3+H/$5$l!"B?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"(BMicrosoft Windows NT/2000
$B$K$*$$$F$bF0:n$9$k!#(BGeeklog $B$O(B MySQL $B$r%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F(B
$BMxMQ$7$F$$$k!#(B

Geeklog 1.3.5sr1 $B$K4X$9$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,H/8+$5$l$F(B
$B$$$k!#Js9p$K$h$k$H!"(BGeeklog $B$O%3%a%s%H$NEj9F$dOCBj$N5-=R$r=hM}$9$k:]!"(B
$B%f!<%6$+$iM?$($i$l$?CM$r$=$l$i$K4^$a$kA0$KE,@Z$J%U%#%k%?%j%s%0$r9T$C$F(B
$B$$$J$$!#(B

Geeklog $B$O%f!<%6$+$iM?$($i$l$?$"$kl9g!"0-0U$"$k%3!<%I$OE,@Z$K=|5n$5$l$J$$!#(B

$B967b]$N%f!<%6$KAw$j$D$1$k2DG=@-$,$"$k!#$3$N%=%U%H%&%'%"$rMxMQ$7$F$$$k(B
Web $B%5%$%H$N%f!<%6$,$3$Nl9g!"%9%/%j%W%H$O2r(B
$BZMQ>pJs$N$h$&$J=EMW$J%G!<%?$X$N%"%/%;%9$,2D(B
$BG=$G$"$j!"$^$?!"$3$N%=%U%H%&%'%"$rMxMQ$7$F1?1D$5$l$F$$$kEE;R7G<(HDFb$N(B
$BG'>Z:Q$_%f!<%6$H$7$FF0:n$r9T$&$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O@x:_E*$K!"(BWeb $B%3%s%F%s%D$N>h$CZMQ>pJs$NEp$_=P$7$r9T$&$?$a$K967b$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

2. Geeklog Email Composition CRLF Injection Vulnerability
BugTraq ID: 5271
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
Date Published: Jul 19 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5271
$B$^$H$a(B:

Geeklog $B$O%U%j!<$G8x3+$5$l$F$$$k!"%*!<%W%s%=!<%9$N(B Web $B$rMxMQ$9$kEE;R7G(B
$B<(HD5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B PHP $B8@8l$rMxMQ(B
$B$7$F3+H/$5$l!"B?$/$N(B UNIX $B$dMM!9$J(B Linux $B$GF0:n$7!"(BMicrosoft Windows NT/2000
$B$K$*$$$F$bF0:n$9$k!#(BGeeklog $B$O(B MySQL $B$r%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F(B
$BMxMQ$7$F$$$k!#(B

Geeklog $B$K$OB>$N(B Geeklog $B$N%f!<%6$KBP$7$FEE;R%a!<%k$r:n@.Cf$K!"967b3. Tru64 SU Command Line Buffer Overflow Vulnerability
BugTraq ID: 5272
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
Date Published: Jul 19 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5272
$B$^$H$a(B:

Tru64 $B$O(B UNIX $BM3Mh$N(B OS $B$G$"$k!#(Bsu $B$O%m%0%$%sCf$K%f!<%6$,%f!<%68"8B$r@Z(B
$B$jBX$($k$?$a$KMxMQ2DG=$J%3%^%s%I$G$"$k!#(B

Tru64 $B$KF1:-$5$l$F$$$k(B su $B%3%^%s%I$O%m!<%+%k$+$i967b$KMxMQ2DG=$J%P%C%U%!(B
$B%*!<%P!<%U%m!<$r0z$-5/$3$5$l$k5?$$$,$"$k!#$3$l$O%3%^%s%I%i%$%s%$%s%?%U%'!<(B
$B%9$r2p$7$?F~NO$KBP$9$k6-3&%A%'%C%/$,==J,$G$O$J$$$?$a$K@8$8$k!#$3$l$O!"(B
su $B%3%^%s%I$re=q$-$9$k$J(B
$B$I$N!"%a%b%jFbMF$NGK2u$,2DG=$G$"$k!#(B

su $B%3%^%s%I$O(B setuid root $B$H$7$F%$%s%9%H!<%k$5$l$F$$$k$?$a!"967b4. Adobe eBook Reader File Restoration Privilege Escalation Vulnerability
BugTraq ID: 5273
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
Date Published: Jul 19 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5273
$B$^$H$a(B:

Adobe eBook Reader $B$O(B Adobe eBooks $B$r1\Mw2DG=$J%/%i%$%"%s%HB&$GF0:n$9$k(B
$B%"%W%j%1!<%7%g%s$G$"$j!"(BMicrosoft Windows $B$H(B Mac OS 9 $BHG$,MxMQ2DG=$G$"(B
$B$k!#(BeBooks $B$H$OFbMF$X$NJ]8n5!G=$rHw$($?EE;R=q@R$G$"$k!#(B
$B%f!<%6$O$3$NEE;R=q@R$r1\Mw2DG=$G$O$"$k$,!"FbMF$NJ#@=$K$"$?$C$F$O=PHGpJs$r4IM}$7$F$$$k!#$3$N:]!">pJs4IM}$KMQ$$$i$l$k%U%!%$%k$O%3(B
$B%T!<$5$l!"$=$N8e%3%T!<$+$iFbMF$,=q$-La$5$l$F$$$k$H9M$($i$l$k!#FbMF$N=q(B
$B$-La$7=hM}$O!"$J$s$i5!G=$r<:$&$3$H$J$/!"0JA0$N85!9$"$C$?>uBV$K(B eBook $BFb(B
$B$N%G!<%?$r=q$-La$7$F$$$k!#(B

$B$7$+$7!"%f!<%6$OFCDj$N%m!<%+%k%U%!%$%k$N%P%C%/%"%C%W$r:n@.$G$-$k$?$a!"(B
$BJ]8n$5$l$F$$$k=q@RFbMF$N0u:~$"$k$$$OJ#pJs4IM}$r9T$&$?(B
$B$a$N%U%!%$%k$r=q$-La$92DG=@-$,$"$k!#$3$N:]!"0u:~!"$"$k$$$OJ#@=$N:n@.$H(B
$B$$$&9T0Y$K4X$9$k5-O?$O9T$o$l$:!"4{$K@_Dj$5$l$F$$$k@)8B;v9`$OI,MW==J,$J(B
$B$@$12sHr$5$l$k$H9M$($i$l$k!#(B

$B$3$NLdBj$O(B Microsoft Windows $B8~$1$N(B eBook Reader $B$K$*$$$F4{$KJs9p$5$l(B
$B$F$$$k!#$7$+$7!"B>$N4D6-8~$1$N%P!<%8%g%s$K$*$$$F$bF1MM$NLdBj$rJz$($F$$(B
$B$k2DG=@-$,$"$k!#(B

5. Microsoft Outlook Express SMTP Over TLS Information Disclosure Vulnerability
BugTraq ID: 5274
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
Date Published: Jul 19 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5274
$B$^$H$a(B:

Microsoft Outlook Express $B$O(B Microsoft Windows $B8~$1$NEE;R%a!<%k%/%i%$%"(B
$B%s%H$G$"$k!#(BOutlook Express $B$K$O(B RFC 2487 $B$K<($5$l$F$$$k!"(BTLS $B$rMxMQ$7(B
$B$?%;%-%e%"$J(B SMTP $B$rMxMQ$9$kDL?.5!G=$,Hw$o$C$F$$$k!#(B

TLS $B4D6-$K$*$$$F$O!"EE;R%a!<%k%/%i%$%"%s%H$H%5!<%P$OG'>Z$r9T$&$3$H$J$/(B
$B0E9f2=$5$l$?DL?.$r407k2DG=$G$"$k!#$^$?!"$3$N4D6-$G$OE>Aw$5$l$k%G!<%?$O(B
$B==J,$K0E9f2=$5$l$k$K$b4X$o$i$:!"EE;R%a!<%k%/%i%$%"%s%H$H%5!<%P$N<1JL>p(B
$BJs$O%;%-%e%"$K$ODj5A$5$l$F$$$J$$$N$G$"$k!#(B

$BJs9p$K$h$k$H!"(BTLS $B4D6-$K$*$$$F!"(BOutlook Express $B$r%(%s%I%f!<%6$KBP$7!"(B
$B0J9_$N7Y9p$r=P$5$J$/$5$;$k$3$H$,2DG=$J$N$G$"$k!#$3$NLdBj$K$h$j!"(BTLS $B4D(B
$B6-$G$NG'>Z$,5a$a$i$l$k>l9g!"0-0U$"$kEE;R%a!<%k%5!<%P$N8!CN$,AK32$5$l$k(B
$B2DG=@-$,$"$k!#$3$N>u67$K4Y$C$?>l9g!"EE;R%a!<%k%/%i%$%"%s%H$O(B SMTP $B$r2p(B
$B$7$F0-0U$"$kEE;R%a!<%k%5!<%P$X$5$i$K=EMW$J>pJs$rAw?.$9$k2DG=@-$,$"$k!#(B
$BFC$K!"(BSMTP AUTH $B$K$*$$$FMxMQ$5$l$kG'>ZMQ>pJs$,ITL@$JEE;R%a!<%k%5!<%P$X(B
$BE>Aw$5$l$k$H9M$($i$l$k!#(B

$B0-0U$"$kEE;R%a!<%k%5!<%P$O$3$N>pJs$rMxMQ$7!"@5Ev$JEE;R%a!<%k%5!<%P$KBP(B
$B$9$k(B SMTP $B$rMxMQ$9$k$d$j$H$j$NEpD0$dFbMF$NJ#@=$H8@$C$?!"K\Mh$N$d$jpJs$r@`$N(B SMTP
$B%/%i%$%"%s%H$bF1MM$NLdBj$r6&M-$7$F$$$k$H$N?d;!$,2DG=$G$"$k!#(B

6. Working Resources BadBlue HTTP 302 Message Cross-Site Scrpting
Vulnerability
BugTraq ID: 5275
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 19 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5275
$B$^$H$a(B:

BadBlue $B$O(B Working Resources $B$K$h$C$FG[I[$5$l$k(B P2P $B%U%!%$%k6&M-%"%W%j(B
$B%1!<%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows $B$GF0:n$9$k!#(B

Badblue $B$,Jz$($kLdBj$K$h$j!"%f!<%6$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj(B
$B$rMxMQ$9$k967b$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#(B

$B%U%!%$%k%Q%9$,B8:_$7$J$$$+!"$b$7$/$O%G%#%l%/%H%j$,B8:_$7$J$$$+$N$I$A$i(B
$B$+0lJ}$N%j%/%(%9%H$rLdBj$N(B BadBlue $B%5!<%P$,2r@O$9$k:]!"APJ}$K$O%9%i%C%7%e(B
(/) $B$,DI2C$5$l$:!"(BBadBlue $B$O(B HTTP $B$N(B 302 (found) $B>uBV%3!<%I$r1~Ez$9$k!#(B

HTTP $B$N(B 302 $B>uBV$N1~Ez$rJV$9:]!"(BBadBlue $B$OF~NO$5$l$?FbMF$N%U%#%k%?%j%s(B
$B%0$r==J,$K9T$C$F$$$J$$!#%f!<%6$,%j%/%(%9%H$r0U?^E*$J(B 302 $B$N>uBV%3!<%I$r(B
$BJV$9%5!<%P$KAw?.$7$?:]!"$=$l$KBP$9$k1~Ez$K4^$^$l$k(B HTML $B$OA4$F%f!<%6$K(B
$BJV$5$l$k!#$3$N$?$a!"LdBj$rJz$($k%P!<%8%g%s$N(B BadBlue $B$r2TF0$5$;$F$$$k%5!<(B
$B%P$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%3!<%I$N7. Working Resources BadBlue Administrative Interface Arbitrary File Access Vulnerability
BugTraq ID: 5276
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 20 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5276
$B$^$H$a(B:

BadBlue $B$O(B Working Resources $B$K$h$C$FG[I[$5$l$k(B P2P $B%U%!%$%k6&M-%"%W%j(B
$B%1!<%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows $B$GF0:n$9$k!#(B

BadBlue $B$,Jz$($kLdBj$K$h$j!"%j%b!<%H%f!<%6$O=EMW$J%U%!%$%k$X$N%"%/%;%9(B
$B8"8B$re$G%3%M%/%7%g%s$rBT$Ae$K!"(B
$B%U%)!<%`$NAw?.J}K!(B POST $B$rM^@)$9$k0-0U$r;}$C$F:n@.$5$l$?(B Web $B%Z!<%8$r(B
$B2p$9$3$H$G!"%"%/%;%9@h$rAH$_9~$`$3$H$,2DG=$G$"$k!#$3$l$O!"%j%b!<%H%f!<%6(B
$B$K$h$k%5!<%P$HF10l%I%i%$%V>e$N%3%s%F%s%D$r2p$7$?!"(BBadBlue $B%5!<%P$N8"8B(B
$B$N3MF@$r2DG=$K$7$F$7$^$&$N$G$"$k!#(B

8. Microsoft Outlook Express Spoofable File Extensions Vulnerability
BugTraq ID: 5277
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 20 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5277
$B$^$H$a(B:

Microsoft Outlook Express $B$K$O!"$3$NLdBj$rMxMQ$9$k$3$H$,@.8y$7$?>l9g!"(B
$B5?$$$r;}$?$J$$(B Web $B%f!<%6$,!"7$/2DG=@-$,B8:_$9$kLdBj$rJz$($k5?$$$,$"$k!#(B

$B0-0U$"$k%f!<%6$O!"(BMIME $B%X%C%@$r9*L/$KA`$k$3$H$,2DG=$J%a!<%k%(!<%8%'%s(B
$B%H$+$iEE;R%a!<%k$rAw$j$D$1$k$3$H$G!"(BOutlook Express $B%f!<%6$K%U%!%$%k3H(B
$BD%;R$r56$C$FH=CG$5$;$k$3$H$,2DG=$G$"$k!#Nc$($P!"E:IU%U%!%$%k%j%9%HFb$G!"(B
.exe $B%U%!%$%k$r(B .txt $B%U%!%$%k(B ($B$b$7$/$O!"B>$N4m32$r$HpJs$,5-(B
$B$5$l$F$$$k(B Header Content-Type $B$r?.Mj$;$:!"(BMIME $B%X%C%@Fb$N%U%!%$%kL>$r(B
$BEv$F$K$7$F$$$k$+$i$G$"$k!#(B

$B:G=*E*$K967be$KG$0U$N7A<0$G%U%!%$%k$rJ]B8$5$;$k9T0Y$rM6F3$5$;$k$3$H$,2DG=$G$"(B
$B$k!#$3$NLdBj$O%U%!%$%k7A<0$K$h$k%U%#%k%?%j%s%0$N2sHr!"%G%U%)%k%H$G@_Dj(B
$B$5$l$kE:IU%U%!%$%k$N%"%$%3%s$NJQ99!"E:IU%U%!%$%k$N%5%$%:$N56Au!"$b$7$/(B
$B$OE:IU%U%!%$%k$r3+$/:]$N%U%!%$%k3HD%;R$N56Au$KMxMQ$5$l$k$3$H$K$ON10U$9(B
$B$Y$-E@$G$"$k!#(B

$B$3$NLdBj$O!"(BBugtraq ID 3579 $B$*$h$S(B Bugtraq ID 4087 $B$NAPJ}$NLdBj$KN`;w(B
$B$7$F$$$k$H9M$($k2ACM$,$"$j!"$3$l$iLdBj$HF10l$N860x$K4XO"$7$F$$$k2DG=@-(B
$B$,$"$k!#(B

9. PHP HTTP POST Incorrect MIME Header Parsing Vulnerability
BugTraq ID: 5278
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 22 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5278
$B$^$H$a(B:

PHP $B$O(B Web $B>e$GF0:n$9$k$h$&$K3+H/$5$l$?0lHLE*$KMxMQ$5$l$k%9%/%j%W%H8@(B
$B8l$G$"$k!#(BMicrosoft Windows $B%W%i%C%H%[!<%`$GF0:n$7!"F1MM$K(B Linux $B$*$h$S(B
$BMM!9$J(B UNIX $B$K$*$$$F$bF0:n$9$k!#(B

PHP $B$N%P!<%8%g%s(B 4.2.0 $B$*$h$S(B 4.2.1 $B$K$*$$$FLdBj$,Js9p$5$l$F$$$k!#%j%b(B
$B!<%H$N967be$G(B
$B2TF0$9$k(B Web $B%5!<%P$N%/%i%C%7%e!"$*$h$S0-0U$r;}$C$?9T0Y$r0z$-5/$3$9$3(B
$B$H$,2DG=$G$"$k!#(B

HTTP POST $B%3%^%s%I$ruBV$r0z(B
$B$-5/$3$9$N$G$"$k!#(B

HTTP POST $B%3%^%s%I$re$G$O!"%a%b%j9=B$BN$N3+J|$r4k$F$k$H$-$K$O(B PHP $B$O%/%i%C%7%e(B
$B$9$k$3$H$,Js9p$5$l$F$$$k!#(BIA32 $B%"!<%-%F%/%A%c$G$O!"G$0U$N%3!<%I$rZ$5$l$F$$$k!#$7$+$7!"LdBj$rJz$($k%7(B
$B%9%F%`>e$G2TF0$9$k(B Web $B%5!<%P$HF1;~$K!"(BPHP $B$N%/%i%C%7%e$r0z$-5/$3$9$3$H(B
$B$,2DG=$G$"$k!#(B

$B$^$?!"(BSparc $B%"!<%-%F%/%A%c>e$G$O!"967be$G$O!"G$0U$N%3!<%I$NuBV$K4Y$i$;$k%/%i%C%7%e!"$b$7$/$OLdBj(B
$B$N(B Web $B%5!<%P$K967b10. Pyramid BenHur Default Firewall Weakness
BugTraq ID: 5279
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 22 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5279
$B$^$H$a(B:

Pyramid BenHur $B$OAH$_9~$_7?%U%!%$%"%&%)!<%kAuCV$G$"$k!#(B
$B$3$N5!4o$O(B Linux Kerne$B#l(B 2.2.x $B$*$h$S(B ipchains $B%U%!%$%"%&%)!<%k$rHw$($F(B
$B$$$k(B Debian Linux $B>e$GF0:n$7$F$$$k!#(B

$B$3$N5!4o$K$OLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"$3$N5!4o$O!"%G%U%)%k%H(B
$B$N%U%!%$%"%&%)!<%k@_Dj$N%k!<%k%;%C%H$,IT==J,$K@_Dj$5$l$F$$$k!#967be$N%]!<%H(B 1024 $BHV(B $B$+(B
$B$i(B 65096 $BHV$^$G$NFCDj$N%]!<%H$K@\B3$9$k$3$H$,2DG=$G$"$k!#$3$l$O!"(BFTP $B%G!<(B
$B%?@\B3$r%5%]!<%H$9$k$?$a$K@_CV$5$l$kIT==J,$K@_7W$5$l$?%k!<%k$KM3Mh$9$k!#(B

$B967be$N@x:_E*$J=EMW$G3n$DLdBj$H$J$k%]!<%H$K@\B3$9$k$?(B
$B$a!"$3$NLdBj$rMxMQ$9$k2DG=@-$,$"$k!#(B

11. PHP Interpreter Direct Invocation Denial Of Service Vulnerability
BugTraq ID: 5280
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 22 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5280
$B$^$H$a(B:

$B%j%b!<%H$N967bA[%[%9%H$N%Q%9$,:n@.$5$l$k!#(B CGI $B$N%Q%9$,@_Dj$5$l$F$$$l$P!"$3$N%(%$(B
$B%j%"%9$OFbIt$G;HMQ$5$l$k!#0-0U$"$k0U?^$r;}$C$?967bA0$r;HMQ$9$k$3$H$G!"(BWeb $B$+$i$3$N%$%s%?%W%j%?$r8F$S=P$9(B
$B$3$H$,2DG=$G$"$k!#(B

$B$3$N%$%s%?%W%j%?$,%3%^%s%I%i%$%s0z?t$J$7$G8F$S=P$5$l$k$H%O%s%0%"%C%W(B
$B$,H/@8$9$k!#$3$NLdBj$rMxMQ$9$k967buBV$r0z(B
$B$-5/$3$5$;$k!#(B

$B$3$l$O!"(BMicrosoft Windows $B%W%i%C%H%U%)!<%`>e$GF0:n$9$k(B PHP $B$H(B Apache
$B$NLdBj$G$"$k$H;XE&$5$l$F$$$k!#B>$N4D6-$G$"$C$F$bF1MM$N>uBV$,:F8=$5$l(B
$B$k2DG=@-$,B8:_$9$k!#(B

12. Sun PC NetLink Backup Restoration ACL Permissions Vulnerability
BugTraq ID: 5281
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jul 22 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5281
$B$^$H$a(B:

Sun Microsystems $B$,3+H/$7$?(B PC NetLink $B$O!"(BMicrosoft Windows $B7O$N%^%7(B
$B%s$GF0:n$9$kB?$/$N%5!<%S%9$r(B Solaris $B>e$G$bMxMQ$G$-$k$h$&$K@_7W$5$l$?(B
$B%5!<%P%=%U%H%&%'%"$N%Q%C%1!<%8@=IJ$G$"$k!#(BPC NetLink $B$O!"%M%C%H%o!<%/(B
$B$r2p$9$k%P%C%/%"%C%W:n6H$,l9g!"$b$7$/$O!"%U%!%$%k$,%7%s%\%j%C%/%j%s%/$,D%(B
$B$i$l$?%G%#%l%/%H%jFb$KB8:_$9$k>l9g!"$b$7$/$O!"%U%!%$%k$,%7%s%\%j%C%/(B
$B%j%s%/$,D%$i$l$?6&M-%G%#%l%/%H%jFb$KB8:_$9$k>l9g$K!"$3$NLdBj$,H/@8$9(B
$B$k2DG=@-$,B8:_$9$k!#(B

$B$3$NLdBj$rMxMQ$9$k0-0U$"$k%m!<%+%k$N967b13. Pablo Software Solutions FTP Server File/Directory Disclosure Vulnerability
BugTraq ID: 5283
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 22 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5283
$B$^$H$a(B:

Pablo Software Solutions $B$,3+H/$7$?(B FTP $B%5!<%P$O!"(BMicrosoft Windows
OS $B>e$GF0:n$9$k!"%U%j!<$GMxMQ2DG=$J%=%U%H%&%'%"$G$"$k!#(B

$B$3$N(B FTP $B%5!<%P$K$O!"%G%#%l%/%H%j$r$?$I$k967b$N1F6A$re$N%G%#%l%/%H%j$d%U%!%$%k$NFbMF(B
$B$,1\Mw$5$l$F$7$^$&4m81$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967bo(B FTP $B%3%^%s%I$r;HMQ$7$F$$$k>l9g$N(B FTP 
$BMQ$N(B / $B%G%#%l%/%H%j0J30$G!"G$0U$N%G%#%l%/%H%j$d%U%!%$%k$NFbMF(B ($B$=$N%G%#(B
$B%l%/%H%j$d%U%!%$%k$,(B FTP $B%5!<%P$G1\Mw2DG=$G$"$k>l9g$K(B) $B$rI=<(2DG=$G$"(B
$B$k!#%j%b!<%H$N967bo!"(BSYSTEM $B8"8B(B ($B$b$7$/$O!"(BMicrosoft Windows 9x 
$B%W%i%C%H%U%)!<%`$G$O!"(BSYSTEM $B8"8B$HF1Ey$N8"8B(B)$B$G14. Multiple SSH Client Protocol Change Default Warning Weakness
BugTraq ID: 5284
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 22 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5284
$B$^$H$a(B:

$B$$$/$D$+$N(B SSH $B%/%i%$%"%s%H$KK\Mh$N$d$jpJs$r@`o%5%]!<%H$7$F$$$k!#$3$N%b!<(B
$B%I$N$?$a$K!"(BSSH $B%W%m%H%3%k$rMxMQ$9$k%3%M%/%7%g%s$,3+;O$5$l$k:]$K!"%/%i(B
$B%$%"%s%H$H$N4V$G(B SSH1 $B%W%m%H%3%k$H(B SSH2 $B%W%m%H%3%k$N4V$N$$$:$l$rMxMQ$9(B
$B$k$N$+$N%M%4%7%(!<%7%g%s$,2DG=$G$"$k!#(B

$BDL?.@h$H$7$F;XDj$5$l$?%5!<%P$H$N(B SSH $B%W%m%H%3%k$rMxMQ$9$kDL?.$O!"DL>o!"(B
SSH2 $B%W%m%H%3%k$NMM$K;XDj$5$l$?%W%m%H%3%k$rMxMQ$7$F9T$o$l$k!#DL?.@h$N(B
SSH $B%/%i%$%"%s%H$O%5!<%P$N8x3+80$rJ]B8$9$k!#(B
$B?7$7$$80$,%5!<%P$+$iAw$i$l$?:]!"%/%i%$%"%s%HB&$N%=%U%H%&%'%"$O%(%s%I%f!<(B
$B%6$X!"?7$7$$80$,Aw$i$l$FMh$?$3$H$rHs>o$K5?$,$o$7$$$b$N$H$7$F;2>H$5$l$k(B
$B$Y$/!"DLCN$9$k!#(B

$B$7$+$7!"DL?.@h%/%i%$%"%s%H$G4{$KMxMQ$5$l$F$$$J$$!"(BSSH1 $B%W%m%H%3%k$KBP(B
$B$7$F(B SSH $B%3%M%/%7%g%s$r3NN)$9$k$?$a$N%M%4%7%(!<%7%g%s$r9T$&:]!"?7$7$$(B
$B80$,FO$$$?$H$N%a%C%;!<%8$,I=<($5$l$k$@$1$G$"$k!#$=$N%[%9%H$,0[$J$k%W%m(B
$B%H%3%k$NFCDj$N80$H$9$G$K4XO"$7$F$$$k$H$$$&$3$H$O!"%(%s%I%f!<%6$X$OCN$i(B
$B$5$l$J$$$N$G$"$k!#(B
$B%(%s%I%f!<%6$O!"$3$N%$%Y%s%H$,5/$3$k>l9g$N%;%-%e%j%F%#$N1F6A$rM}2r$9$k(B
$B$3$H$O$G$-$J$$$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k$3$H$G!"%/%i%$%"%s%H%f!<%6$K5$IU$+$l$k;vL5$/!"K\Mh$N(B
$B$d$jpJs$r@`l9g!"DL>o;HMQ$5$l$J$$%"%k%4%j%:%`$,A*Br(B
$B$5$l$?>l9g$G$b!"%/%i%$%"%s%H$X$O:FEY7Y9p$rB%$9$3$H$J$/!"K\Mh$N$d$jpJs$r@`15. SmartMax MailMax Popmax Buffer Overflow Vulnerability
BugTraq ID: 5285
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5285
$B$^$H$a(B:

Smartmax MailMax $B$O(B Microsoft Windows $B8~$1$N%a!<%k%5!<%P$G$"$k!#(B

$BJs9p$K$h$k$H!"(BMailMax 4.8 $B$K$O(B POP3 (Post Office Protocol 3) $B%G!<%b%s!"(B
popmax $B$rBP>]$H$7$?%P%C%U%!%*!<%P!<%U%m!<967b$NLdBj$,B8:_$9$k!#$3$NLdBj(B
$B$O(B 'USER' $B%Q%i%a!<%?$NIT==J,$J6-3&%A%'%C%/$K$h$j0z$-5/$3$5$l$k!#(B

$B967b16. Sun Fire Unauthorized Environmental Monitoring Subsystem Modification Vulnerability
BugTraq ID: 5288
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jul 22 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5288
$B$^$H$a(B:

Sun Fire $B@=IJ%7%j!<%:$OMM!9$JL\E*$KE,MQ2DG=$J!"B?L\E*%5!<%P4D6-$rDs6!$9(B
$B$k%O!<%I%&%'%"4D6-$G$"$k!#$3$N@=IJ72$NCf$N$$$/$D$+$K$O!"5!4o<+?H$KBP$9(B
$B$k%U%#!<%I%P%C%/5!G=$rDs6!$9$k!"%M%C%H%o!<%/4D6-$r4F;k$9$k%5%V%7%9%F%`(B
$B$rHw$($F$$$k@=IJ$,$"$k!#(B

$B$$$/$D$+$N(B Sun Fire $B@=IJ$K$OLdBj$,H/8+$5$l$F$$$k!#0-0U$"$k%m!<%+%k%f!<(B
$B%6$O%M%C%H%o!<%/4D6-$NLg%?%j%s%0%7%9%F%`$KBP$7!"%3%^%s%I$Nu67$K$^$G4Y$i$;$i$l$k(B DoS $B>uBV$r>7$/$3$H$,2DG=$K$J$k$H9M$($i$l$k!#(B
$BJs9p$K$h$k$H!"$3$NLdBj$O$h$jDc$$8"8B$N%m!<%+%k%f!<%68"8B$K$h$C$F967b$K(B
$BMxMQ$5$l$k!#(B

$B$3$NLdBj$O(B Solaris 8 $B$r;HMQ$7$F$$$k(B Sun Fire 280R, V880, $B$*$h$S(B V480
$B%7%9%F%`$GJs9p$5$l$F$$$k!#Js9p$K$h$k$H!"(BSolaris 9 $B$O$3$NLdBj$N1F6A$r17. SecureCRT SSH1 Identifier String Buffer Overflow Vulnerability
BugTraq ID: 5287
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5287
$B$^$H$a(B:

SecureCRT $B$O(B Microsoft Windows $B8~$1$N>&MQ$N(B SSH $B%/%i%$%"%s%H$G$"$k!#(B

SecureCRT $B%/%i%$%"%s%H$OHs>o$KD9$$(B SSH1 $B%W%m%H%3%k$G5,Dj$5$l$F$$$k<1JL(B
$B;RMQJ8;zNs(B (identifier string) $B$Ne=q$-2DG=$K$J$k$H9M$($i$l$F$$$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"967b18. Multiple Vendor Web Browser JavaScript Modifier Keypress Event Subversion Vulnerability
BugTraq ID: 5290
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5290
$B$^$H$a(B:

Internet Explorer $B$*$h$S(B Opera $B$r4^$`!"B?$/$N(B Web $B%V%i%&%6$N(B JavaScript
$B$Nu672<$K$*$$$F!"0-0U$"$k%9%/%j%W%H$O4{$KF~NO$5$l$?%W%i%$%^%j%-!<$,(B
$B<($9%$%Y%s%H%W%m%Q%F%#$r2~JQ2DG=$G$"$k!#%W%i%$%^%j%-!<$r(B 'V' $B$KJQ99$9$k(B
$B$3$H$K$h$j!"DL>o%/%j%C%W%\!<%I$+$i$NE=$jIU$1F0:n$K3d$jEv$F$i$l$F$$$k(B Ctrl
$B%-!<$H(B V $B%-!<$NAH$_9g$o$;$KBP1~$9$k%$%Y%s%H%O%s%I%i$r@8@.2DG=$G$"$k!#(B

$B$3$N$,%U%!%$%k%"%C%W%m!<%IMQ$N%U%)!<%`%U%#!<%k%I$X%/%j%C%W%\!<%I$+$iE=(B
$B$jIU$1$5$l$k2DG=@-$,$"$k!#(B

JavaScript $B$r2p$7$F%U%)!<%`$XCM$,M?$($i$l$k:]!"967bpJs$,3+<($5$l$F(B
$B$7$^$&7k2L$r>7$/2DG=@-$,$"$k!#(B

'..\LOCALS~1\TEMPOR~1\CONTENT.IE5\index.dat' $B$r%@%&%s%m!<%I$9$k$3$H$G!"(B
Internet Explorer $B$K$h$C$FMxMQ$5$l$F$$$k0l;~%U%!%$%kMQ%G%#%l%/%H%j$N%U(B
$B%k%Q%9$r3+<($5$;$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#$3$N>l9g!"F@$i$l$?>pJs(B
$B$O967bBP>]$N%f!<%68"8B$GG$0U$N%3!<%I$r$N967b$bF1MM$KA[Dj$7F@$k6<0R$G(B
$B$"$k$H9M$($i$l$k!#(B

'Shift' $B%-!<$rH<$&%-!o$KNI$/CN$i$l$F$$$k%/(B
$B%j%C%W%\!<%I$+$i$NE=$jIU$1=hM}$N$?$a$N%7%g!<%H%+%C%HF~NOK!$G$"$k!#(B
$B$h$jB?$/$N9-$/MxMQ$5$l$F$$$k%-!<$NAH$_9g$o$;$KBP$9$k967b$r9T$&$3$H$K$h(B
$B$j!"$3$NLdBj$rMxMQ$9$k967b$r3hMQ$7$?%=!<%7%c%k%(%s%8%K%"%j%s%0967b$rMF(B
$B0W$K$9$k2DG=@-$,$"$k!#B>$NJ#9gF0:nMQ%-!$N%P!<%8%g%s$K$b$3$NLdBj$,B8:_$9$k2DG=@-$,$"$k$,!"$=$l$OL$8!(B
$B>Z$G$"$k!#(B

19. DansGuardian Hex Encoding URL Content Filter Bypass Vulnerability
BugTraq ID: 5291
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5291
$B$^$H$a(B:

DansGuardian $B$O(B Squid HTTP $B%W%m%-%7%5!<%P$K4p$E$/!"(BWeb $B%3%s%F%s%D%U%#(B
$B%k%?%j%s%0$r9T$&%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux $B$r4^$`!"(B
$BMM!9$J(B UNIX $BM3Mh$N(B OS $BHG$,MxMQ2DG=$G$"$k!#(B

DansGuardian $B$K$O0-0U$"$k%f!<%6$,%U%#%k%?%j%s%0%k!<%k$r2sHr2DG=$G$"$k(B
$BLdBj$,B8:_$9$k!#(B16 $B?J?t$G%3!<%I2=$5$l$?J8;z$r4^$`(B URL $B$O%U%#%k%?%j%s%0(B
$B%Q%?!<%s$H>H9g$5$l$kA0$KI|9f$5$l$J$$!#%f!<%6$O(B DansGuardian $B$K$h$C$F@_(B
$BDj$5$l$?@)8B$r2sHr$7$h$&$H$7$F!"$$$/$D$+$NId9f2=$5$l$?J8;z$r4^$`(B URL $B$r(B
$B;XDj$9$k2DG=@-$,$"$k!#(B

$BFCDj$N@_Dj$K$*$$$F!"$3$l$O%;%-%e%j%F%#%]%j%7$rGK$k$+!"$"$k$$$O%f!<%6$,(B
$B0U?^$;$:$K0-0U$N$"$k(B Web $B%Z!<%8$K%"%/%;%9$9$k$3$H$r2DG=$H$7$F$7$^$&!#(B

20. Zyxel Prestige 642R Router Malformed TCP Packet Denial Of Service Vulnerability
BugTraq ID: 5292
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 24 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5292
$B$^$H$a(B:

ZyXEL $B@=(B 642R $B$*$h$S(B Prestige 310 $B%k!<%?$O!"0U?^E*$KAH$_N)$F$i$l$?(B TCP 
$B%Q%1%C%H$N$N(B ZyNOS $B%Y!<%9$N%k!<%?!<$b$3$NLdBj$K$h$j1F6A$r21. Mozilla JavaScript URL Host Spoofing Arbitrary Cookie Access Vulnerability
BugTraq ID: 5293
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 24 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5293
$B$^$H$a(B:

Mozilla $B$O(B Microsoft Windows $B$*$h$S(B Linux $B$r4^$`MM!9$JF0:n4D6-$GF~pJs$K%"%/%;%9$9$k$?$a$K%9%/%j%W%H$r(B
$BMxMQ2DG=$G$"$k$H$$$&LdBj$,Js9p$5$l$F$$$k!#(B

Mozilla $B$O(B JavaScript $B$r<($9(B URL (javascript:) $B$KBP1~$7$F$*$j!"$3$N(B URL
$B$O(B JavaScript $B4X?t$rD>@\o!"$=$N$h$&$J(B
$B5!G=$O;HMQ$G$-$kHO0O$r@)8B$5$l$F$*$j!"B>$N%5%$%H$K4XO"$7$?%/%C%-!pJs$K$O%"%/%;%9$5$l$J$$!#(B

$B@5Ev$J%I%a%$%s$G;O$^$k$h$&$K8+$($k!"(BJavaScript: $B$r<($9(B URL $B$r;XDj2DG=(B
$B$G$"$k$HJs9p$5$l$?!#0-0U$N$"$k%9%/%j%W%H$OG$0U$N%I%a%$%s$r@5Ev$J%I%a%$(B
$B%s$H$7$F;XDj2DG=$G$"$j!"$=$N%I%a%$%s$K4XO"$7$?%/%C%-!pJs$K%"%/%;(B
$B%92DG=$G$"$k!#(B

$BG$0U$N%9%/%j%W%H$K0z$-B3$-!"(B'//host\n' $B7A<0$N(B JavaScript $B%3%a%s%H$G;O(B
$B$^$k(B JavaScript $B$r<($9(B URL $B$r:n@.$9$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k96(B
$B7b$,2DG=$G$"$k!#$^$?0lJ}!"B>$N967bZMQ>pJs$r4^$`!"=EMW$J%/%C(B
$B%-!pJs$X$N%"%/%;%98"$rC%7$/2DG=@-$,$"$k!#(B

22. VMWare GSX Server Authentication Server Buffer Overflow Vulnerability
BugTraq ID: 5294
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jul 24 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5294
$B$^$H$a(B:

VMWare GSX Server $B$OC10l%[%9%H>e$GJ#?t$N2>A[%5!<%P$r2TF0$9$k$3$H$r2DG=(B
$B$H$9$k!"2>A[2=%=%U%H%&%'%"$G$"$k!#(B

GSX Server $B$K$OG'>Z%5!<%P$,F1:-$5$l$F$$$k!#$3$N%5!<%P$NZ$9$k$?(B
$B$a$K%A%'%C%/$r9T$C$F$$$k!#EA$($i$l$k$H$3$m$K$h$k$H!":Y?4$NCm0U$rJ'$&$Y(B
$B$-A`:n$GJ8;zNs$r;HMQ$9$kA0$K!"FbIt$KM=$a@_Dj$5$l$?:GBgD9$NCM$HM?$($i$l(B
$B$?J8;zNs$ND9$5$r>H9g$7$F$$$k!#(B

"GLOBAL" $B%3%^%s%I$KM?$($k0z?t$N$?$a$N%a%+%K%:%`$NZ8e$KZ$r9T$o$:$K!"$3$NLdBj$rMxMQ$9$k967b$r9T$&$N$rKI$02D(B
$BG=@-$,$"$k$,!"$3$l$OL$3NG'$G$"$k!#2?$i$+$N%G%U%)%k%H%f!<%6$"$k$$$O%2%9(B
$B%H%"%+%&%s%H$,B8:_$9$k>l9g!"$3$NLdBj$N1F6A$,5Z$V$+$I$&$+$K$D$$$F$OL$>\(B
$B$G$"$k!#(B

$B$3$N%P%C%U%!%*!<%P!<%U%m!<$O(B GSX $B$,2TF0$9$k%5!<%P>e$GG$0U$N%3!<%I$rA[%^%7%s$r2TF0$5$;$F(B
$B$$$k%M%$%F%#%V4D6-$GF0:n$9$k$H9M$($i$l!"967bBP>]$N%3%s%T%e!<%?(B ($B2>A[%7(B
$B%9%F%`$rA4$F4^$`(B) $BA4BN$X$N6<0R$r>7$/2DG=@-$,$"$k!#(B


III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Find a Bug? Don't E-Mail Microsoft
$BCxhttp://online.securityfocus.com/news/545

2. GAO: U.S. Cyber Security Efforts are Uncoordinated
$BCxuBV$K$"$k!"9q2H5,LO$N%5%$%P!<%;%-%e%j(B
$B%F%#$r4F;k$9$k(B 50 $B$NO"K.5!4X$NK\5rCO$rL@$i$+$K$7$?!#(B

http://online.securityfocus.com/news/542

3. Big software pushes hard for national Gestapo
$BCxe$K;WA[F.Ah$OLr$KN)$?$J$+$C$?LOMM$G$"$k!#(B
$BEE;RE*$J0UL#$G!"A49q5,LO$K$^$?$,$kBg;4;v$H$$$&LQA[2<$G3hF0$5$l$?!"!V(BIT
$B$K4X$9$k@lLg2H!W$H8F$P$l$k?M!9$N9M$($K4X$9$k>P;_$GL50UL#$JD4::$,$A$g$&(B
$B$ICfES$K:9$73]$+$C$?=j$G$"$k!#(B

http://online.securityfocus.com/news/551

4. Congress blasts Feds on cyber-terror FOIA games
$BCx/?tGIB&$N0Q0wD9(B) $B$G$"$k(B Jan
Schakowsky ($B%$%j%N%$=#A*=P$NL1l=j$G3+$+$l$?E57?E*$J%5%$%P!<%F%m$KBP$9$kIJI>2q$N4V!"ES(B
$BJ}$b$J$$5DO@$,@o$o$5$l$?!#(B

http://online.securityfocus.com/news/550

IV.SECURITYFOCUS TOP 6 TOOLS
----------------------------
1. Pachyderm-fw v0.91
$B:nhttp://pachyderm-fw.sourceforge.net
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

Pachyderm $B$O(B ipchains $B$KBP1~$7$?!"(BGUI $B$rHw$($?%U%!%$%d%&%)!<%k$N4IM}$r(B
$B9T$&$?$a$N%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$O(B MySQL $B$H(B PHP $B$rMQ$$$F3+(B
$BH/$5$l$F$*$j!"A`:n$,MF0W$G!"MM!9$J@_Dj9`L\$rHw$($F$$$^$9!#(B

2. Mixmaster v2.9b33
$B:nhttp://freshmeat.net/projects/mixmaster/?topic_id=28%2C87%2C44
$BF0:n4D6-(B: UNIX
$B$^$H$a(B:

Mixmaster $B$OF?L>%j%a!<%i$G$9!#$3$N%j%a!<%i$rMxMQ$9$k$3$H$K$h$j!"%H%i%U%#%C(B
$B%/J,@O$KBP$9$kBP93!"$"$k$$$O2>$NL>A0$GEE;R(B
$B%a!<%k$rAw?.2DG=$K$J$j$^$9!#(BMixmaster $B%Q%C%1!<%8$O%/%i%$%"%s%H$H%5!<%P(B
$B$N%$%s%9%H!<%kMQ%Q%C%1!<%8$+$i9=@.$5$l$F$$$^$9!#(B

3. Maillog View v1.02.6
$B:nhttp://cdrecwebmin.sf.net/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

Maillog View $B$O(B /var/log/maillog.* $B$NA4$F$N%U%!%$%k$r4JC1$K1\Mw$G$-$k$h(B
$B$&$K$9$k!"(BWebmin $B8~$1%b%8%e!<%k$G$9!#$3$N%=%U%H%&%'%"$K$O<+F099?7!"%a%C(B
$B%;!<%8%5%$%:$NI=<(!"Aw?.$"$k$$$O4. echolot-pinger v 2.0beta18
$B:nhttp://www.palfrader.org/echolot/
$BF0:n4D6-(B: Os Independent
$B$^$H$a(B:

Echolot-pinger $B$OF?L>%j%a%$%i!<8~$1$N(B ping $B$roE*$KDL?.$r9T$&$3$H$G3NG'$9$k$h$&$KF0:n$7$^$9!#(B
$B$=$N8e!"0lO"$NMxMQBP>]$N%j%a%$%i!<$r%j%a%$%i!<%/%i%$%"%s%H$,A*Br$9$k$?(B
$B$a$KMxMQ$9$k!"?.Mj@-$NE}7W$r7W;;$7$^$9!#(B
$BIU$12C$($k$J$i$P!"A4$F$N%j%a%$%i!<$N@_DjMQ%Q%i%a!<%?$d%-!<$r0l3g4IM}$7!"(B
$B%j%a%$%i!<%/%i%$%"%s%H$K$h$C$FFI$_9~$_2DG=$J%U%)!<%^%C%H$GDs6!$7$^$9!#(B

5. Linux Firewall v2.0rc2
$B:nhttp://projectfiles.com/firewall/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

Projectfiles.com $B$,3+H/$7$?(B Linux Firewall $B$O!"7xO4@-$H%G%6%$%s$KM%$l(B
$B$?%U%!%$%"!<%&%)!<%k$G$9!#$3$N%=%U%H%&%'%"$O!"(Bnetfilter/iptables $B$,AH(B
$B$_9~$^$l$?(B Linux 2.4 $B7O$N%+!<%M%k$G;HMQ2DG=$G$9!#%]!<%H%U%)%o!<%G%#%s(B
$B%0!"@\B3;~$N%m%05-O?$N$h$&$J%5!<%P$d%k!<%?$N5!G=$r%5%]!<%H$7$F$$$k!#(B
$B>iD9$J@\B3$N@.8y!"<:GT$N%a%C%;!<%85!G=$,Hw$o$C$F$*$j!"%$%s%9%H!<%k!"@_(B
$BDj$NMF0W$5$bFCD'$G$9!#(B

6. Mailcrypt v3.5.7
$B:nhttp://mailcrypt.sourceforge.net/
$BF0:n4D6-(B: N/A
$B$^$H$a(B:

Mailcrypt $B$O(B PGP/GPG $B$rMxMQ$7$?8x3+800E9f$X$NC1=c$J%$%s%?%U%'!<%9$rDs6!(B
$B$9$k!"(BEmacs Lisp $B$G5-=R$5$l$?%Q%C%1!<%8$G$9!#(BMailcrypt $B$OMxMQCf$NEE;R%a!<(B
$B%k$d%M%C%H%K%e!<%9$NMxMQ4D6-$NA4$F$XAH$_9~$_2DG=$J!"6/NO$J0E9f5;=Q$N1~(B
$BMQ4D6-$rDs6!$7$^$9!#(B
--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$B@PED6G5W(B(ISHIDA Akihisa)$B!"http://www.lac.co.jp/security/
smime.p7s