Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@SECURITYFOCUS.COM
Subject: SecurityFocus.com Newsletter #157 2002-8-5->2002-8-9
From: SAKAI Yoriyuki <sakai@lac.co.jp>
References: <Pine.LNX.4.43.0208121241200.28314-100000@mail.securityfocus.com>
In-Reply-To: <Pine.LNX.4.43.0208121241200.28314-100000@mail.securityfocus.com>
Message-Id: <200208222017.DJB60657.JBTLB@lac.co.jp>
Date: Thu, 22 Aug 2002 20:23:13 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=sha1; Boundary="---------1030015075-10578190"

-----------1030015075-10578190
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 157 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus.com Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B)
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus.com $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (sakai@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 12 Aug 2002 12:42:08 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0208121241200.28314-100000@mail.securityfocus.com>

SecurityFocus Newsletter #157
-----------------------------

This Issue is Sponsored by: John Wiley and Sons, Inc.

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Malware Infection Vectors: Past, Present, and Future
     2. Time for Open-Source to Grow Up
     3. Post to Bugtraq -- Go to Jail
     4. InforwarCon 2002
     5. SecurityFocus DPP Program
II. BUGTRAQ SUMMARY
     1. ArGoSoft Mail Server Pro Mail Loop Denial of Service Vulnerability
     2. Avaya Cajun Firmware Default Community String Vulnerability
     3. Qualcomm Eudora MIME Multipart Boundary Buffer Overflow...
     4. Multiple Vendor calloc() Implementation Integer Overflow...
     5. FreeBSD Arbitrary FFS Filesystem Data Block Access Vulnerability
     6. Opera FTP View Cross-Site Scripting Vulnerability
     7. Mozilla FTP View Cross-Site Scripting Vulnerability
     8. FreeBSD NFS Zero-Length RPC Message Denial Of Service...
     9. qmailadmin Local Buffer Overflow Vulnerability
     10. Nullsoft WinAmp HTML Playlist Script Injection Vulnerability
     11. FreeBSD kqueue Kernel Panic Denial Of Service Vulnerability
     12. Gaim Jabber Plug-In Buffer Overflow Vulnerability
     13. Microsoft Windows Window Message Subsystem Design Error...
     14. Microsoft Internet Explorer Invalid SSL Certificate Chain...
     15. Microsoft Exchange 2000 Post Authorization License Exhaustion...
     16. Microsoft SQL Server Remote Buffer Overflow Vulnerability
     17. Microsoft Exchange 2000 Multiple MSRPC Denial Of Service...
     18. LibPNG Wide Image Processing Memory Corruption Vulnerability
     19. Nullsoft SHOUTCast Insecure Permissions Information Disclosure...
     20. Microsoft Windows 2000 Insecure Default File Permissions...
     22. Ensim Webppliance Unauthorized Email Access Vulnerability
     23. Multiple Microsoft Content Management Server 2001 Vulnerabilities
     24. Microsoft Content Management Server 2001 User Authentication...
     25. Microsoft Content Management Server 2001 SQL Injection...
     26. Microsoft Content Management Server 2001 Arbitrary Upload...
     27. iSCSI Insecure Configuration File Permissions Information...
     28. Google Toolbar Unauthorized JavaScript Configuration...
     29. Ipswitch WS_FTP Server CPWD Remote Buffer Overflow Vulnerability
     30. Google Toolbar Keypress Monitoring Information Disclosure...
     31. HP EMANATE 14.2 Predictable SNMP Community String Vulnerability
     32. HP-UX PTrace Page Data Fault Denial Of Service Vulnerability
     33. Macromedia Flash Player Arbitrary Local File Access Vulnerability
     34. Macromedia Flash Malformed Header Buffer Overflow Vulnerability
     35. Qualcomm Eudora File Attachment Spoofing Vulnerability
     36. Sun ONE/iPlanet Web Server Chunked Encoding Vulnerability
     37. Apache 2.0 Information Disclosure Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. 'Creative Attacks' Beat Crypto -- Expert
     2. Researcher: Biometrics Unproven, Hard To Test
     3. 'Safe' web still wide open - Windows sleuth
     4. Dangers of the Google tool bar exposed
IV.SECURITYFOCUS TOP 6 TOOLS
     1. ZorbIPtraffic v0.01
     2. single-honeypot v0.1
     3. myNetMon v1.0.3
     4. Gspoof v1.0b
     5. nefu v0.7.0
     6. Secure Cryptographic Instant Messaging v1.04

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. ArGoSoft Mail Server Pro Mail Loop Denial of Service Vulnerability
BugTraq ID: 5395
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5395
$B$^$H$a(B:

ArGoSoft Mail Server $B$O(B Microsoft Windows $B4D6-8~$1$N(B SMTP$B!"(BPOP3$B!"(BFinger
$B%5!<%P$G$"$k!#(BArGoSoft $B$O%j%b!<%H$+$iEE;R%a!<%k$rMxMQ$G$-$k$h$&$K$9$k$?(B
$B$a$N!"AH$_9~$_7?(B Web $B%5!<%P$rHw$($F$$$k!#(B

ArGoSoft Mail Server Pro $B$K$O%j%b!<%H$+$i(B DoS $B$K4Y$i$;$k$3$H$,2DG=$JLd(B
$BBj$,H/8+$5$l$F$$$k!#%j%b!<%H$N967b<T$ODL>o$N%f!<%68"8B$GEE;R%a!<%k$NG[(B
$BAw=hM}$r%k!<%W$5$;!"MxMQ2DG=$JA4$F$N%7%9%F%`;q8;$r;H$$$7?T$/$5$;$F$7$^(B
$B$&>u67$K4Y$i$;$k$3$H$,2DG=$G$"$k!#(B

ArGoSoft Mail Server Pro $B$O%f!<%6%"%+%&%s%HFb$N@_Dj$G!"<+J,<+?H$XEE;R%a!<(B
$B%k$rE>Aw$r;n$_$k:]$K@8$8$kEE;R%a!<%k$N%k!<%W$rKI;_$9$k<BAu$K$J$C$F$$$k!#(B
$B$7$+$7!"<+F01~Ez$,M-8z2=$5$l$F$$$k>l9g!"$3$NJ]8n5!9=$O5!G=$rK~$?$5$J$$(B
$B$N$G$"$k!#$3$N$?$a!"<+F01~Ez$,M-8z2=$5$l$F$$$k>l9g$KEE;R%a!<%k$N<+J,<+(B
$B?H$X$NE>Aw$K$h$C$F!"=|5n$J$$$7Dd;_$5$l$J$$EE;R%a!<%k$N%k!<%W$r5/$3$9$3(B
$B$H$,2DG=$J$N$G$"$k!#(B

$B967b<T$OJ#?t$N%"%+%&%s%H$rMxMQ$7$FEE;R%a!<%k$N%k!<%W$r0z$-5/$3$9$3$H$K(B
$B$h$j!"%3%s%T%e!<%?Fb$N;q8;$r>CHq$7?T$/$5$;$k2DG=@-$,$"$k!#(B

$BEE;R%a!<%k5!G=$X$N(B DoS $B$K2C$(!"%7%9%F%`A4BN$N%Q%U%)!<%^%s%9$NDc2<$,0z$-(B
$B5/$3$5$l$k2DG=@-$,$"$k!#$5$i$KIU$12C$($k$J$i$P!"$3$N<o$NEE;R%a!<%k$,J](B
$BB8$5$l$k:]!"%G%#%9%/NN0h$b>CHq$7?T$/$5$l$k2DG=@-$,$"$k!#(B

2. Avaya Cajun Firmware Default Community String Vulnerability
BugTraq ID: 5396
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5396
$B$^$H$a(B:

Avaya Cajun $B%7%j!<%:$N%9%$%C%A$NLdBj$rJz$($k%P!<%8%g%s$N%U%!!<%`%&%'%"(B
$B$K$O%G%U%)%k%H$GFI$_=q$-2DG=$J%3%_%e%K%F%#$,Hw$o$C$F$$$k!#$3$N$?$a!"%j(B
$B%b!<%H$N967b<T$O$3$N%3%_%e%K%F%#$r5!4o$K$H$C$F@x:_E*$K=EMW$JCM$r;2>H!"(B
$B@_Dj$9$k$?$a$KMxMQ$9$k2DG=@-$,$"$k!#$3$N:](B DoS$B!"%M%C%H%o!<%/$X$N6<0R$r(B
$B>7$/$3$H$,2DG=$G$"$k$H9M$($i$l$k!#(B

$B%3%_%e%K%F%#J8;zNs!"(B'NoGaH$@!' $B$O$3$N%U%!!<%`%&%'%"$KAH$_9~$^$l!"(BMIB $B$r(B
$B2p$7$FFI$_=P$7!"=q$-9~$_$,9T$o$l$k!#$3$N$?$a!"K\Mh8"8B$r;}$?$J$$%3%s%T%e!<(B
$B%?$,$3$N5!4o$X$N%"%/%;%98"8B$r<hF@$9$k$?$a$K!"$3$N%3%_%e%K%F%#J8;zNs$r(B
$BMxMQ$9$k2DG=@-$,$"$k!#(B

$BI8=`E*$J(B SNMP $B$N<BAu$rMxMQ$7!"967b<T$O(B MIB $B$NFbMF$rD4::$7!"@x:_E*$K=E(B
$BMW$H$_$J$5$l$k>pJs(B ($B%$%s%?%U%'!<%9!"%M%C%H%o!<%/@_Dj$J$I(B) $B$r1\Mw$9$k2D(B
$BG=@-$,$"$k!#$^$?!"967b<T$O(B MIB $BFb$N@_DjCM$d$=$NB>$N%W%m%Q%F%#$r@_Dj$9$k(B
$B2DG=@-$,$"$k!#$3$N5!4o$OFCDj$N%W%m%Q%F%#$r@_Dj$9$k$3$H$G:F5/F0$r5/$3$5(B
$B$;$i$;$k$3$H$,>ZL@$5$l$F$*$j!"4{$K8!>Z:Q$_$N5!4o$X$N(B DoS $B$K2C$($F!"967b(B
$B<T$O%H%i%U%#%C%/$N%j%@%$%l%/%H$r>7$/967b$r4k$F$i$l$k2DG=@-$,$"$k!#(B
$B$7$+$7!"$3$l$K$D$$$F$OL$8!>Z$G$"$k!#(B

Avaya $B$O4{$K%U%!!<%`%&%'%"$N$h$j?7$7$$%P!<%8%g%s$K$*$$$F$O!"%G%U%)%k%H(B
$B%3%_%e%K%F%#J8;zNs$r:o=|$7$F$$$k!#(B

3. Qualcomm Eudora MIME Multipart Boundary Buffer Overflow Vulnerability
BugTraq ID: 5397
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5397
$B$^$H$a(B:

Eudora $B$O9-$/MxMQ$5$l$F$$$k(B GUI $B$rMxMQ$7$?(B Microsoft Windows $B8~$1$NEE;R(B
$B%a!<%k%/%i%$%"%s%H$G$"$j!"(BQualcomm $B$h$jL5=~$GG[I[$5$l$F$$$k!#$3$N%=%U%H(B
$B%&%'%"$K$O%P%C%U%!%*!<%P!<%U%m!<$r@8$8$kLdBj$,H/8+$5$l$F$$$k!#(B

$B%P%C%U%!%*!<%P!<%U%m!<$O(B MIME $B$N%^%k%A%Q!<%H6h@Z$j9T$,Hs>o$KD9$$>l9g$K(B
$B@8$8$k!#$3$l$O%9%?%C%/Fb$G@8$8$k%*!<%P!<%U%m!<$G$"$k$H9M$($i$l$F$$$k!#(B
$B$3$NLdBj$NH/8+<T$O967bBP>]$N%3%s%T%e!<%?>e$G%3!<%I$N<B9T$r4k$F$k$?$a$K(B
$B$3$NLdBj$rMxMQ2DG=$G$"$k$3$H$r4{$K8!>Z:Q$_$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O0-0U$"$kEE;R%a!<%k$rAH$_N)$F!"$=$l$r967bBP>]$X(B
$BAw?.$9$k$3$H$K$h$C$F4k$F$i$l$k$HA[Dj$5$l$k!#0-0U$"$kEE;R%a!<%k$O(B MIME
$B$GId9f2=$5$l!"$+$D!"6h@Z$j9T$O(B 139 $B8D0J>e$ND9$5$r;}$DJ8;zNs$G$"$kI,MW$,(B
$B$"$k!#$3$N<o$NEE;R%a!<%k$N<u?.<T$O%P%C%U%!%*!<%P!<%U%m!<$,0z$-5/$3$5$l(B
$B$kA0$K!"$3$N<o$NEE;R%a!<%k$r3+$$$F$$$kI,MW$,$"$k$H9M$($i$l$k$,!"$7$+$7!"(B
$B$3$l$K$D$$$F$OL$8!>Z$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$K$h$j!"967b<T$O%j%b!<%H$N;q8;$X$N%"%/%;%9$,9T$J(B
$B$($k2DG=@-$,$"$k!#$3$NLdBj$O(B Service Pack 2 $BE,MQ:Q$_(B $B$N(B Microsoft Windows
2000 Professional $BF|K\8lHG$K$b1F6A$r5Z$\$9;v$,H/8+$5$l$F$$$k!#(B

4. Multiple Vendor calloc() Implementation Integer Overflow Vulnerability
BugTraq ID: 5398
$B%j%b!<%H$+$i$N:F8=@-(B: $BL$>\(B
$B8xI=F|(B: Aug 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5398
$B$^$H$a(B:

libc $B$GDs6!$5$l$k4X?t(B calloc() $B$OF0E*$K%a%b%j$r3d$jEv$F$k$?$a$KMxMQ$5$l(B
$B$F$$$k!#$3$N4X?t$O(B malloc() $B$H0[$J$j!"0lEY$N4X?t8F$S=P$7Cf$G$N!";XDj$5$l(B
$B$?Bg$-$5$G$NMF0W$J%(%l%a%s%H3d$jEv$F$r2DG=$K$7$F$$$k!#0[$J$kMM!9$J%W%m(B
$B%0%i%_%s%08@8l$K$*$$$F!"N`;w$N8@8lKh$K8GM-$N=hM}$,B8:_$9$k!#(B
$BNc$($P!"(BC++ $B$K$*$$$F$O%*%V%8%'%/%H$NG[Ns$N@8@.$,$=$l$G$"$k!#(B

pointer = new SomeClass[n];

$B3d$jEv$F$r9T$&$?$a$NAm%a%b%jNL$r;;=P$9$k:]!"F0E*%a%b%j3d$jEv$F$r9T$&4X(B
$B?t72$N0lIt$K$O@0?t7e$"$U$l$N>uBV$r3NG'$7$F$$$J$$$b$N$,$"$k!#967bBP>]$N(B
$B%3%s%T%e!<%?$GMxMQ$5$l$F$$$k(B CPU $B$N%o!<%IC10L$H$7$F<h$jF@$k@0?tHO0O$NCf(B
$B$N:GBg$r1[$($k%a%b%j3d$jEv$FMW5a$,9T$o$l$?>l9g!"Hs>o$K>.$5$J%P%C%U%!$,(B
$B3d$jEv$F$i$l$k$O$:$G$"$k!#$3$N8=>]$,@8$8$J$$>l9g!"4X?t$+$i$NLa$j$O@5>o(B
$B$K9T$o$l!"MW5a$5$l$?%P%C%U%!$,3d$jEv$F$i$l$F$$$k8B$j!"<B9TCf$N%"%W%j%1!<(B
$B%7%g%s$O5!G=$7B3$1$k!#(B

$B$3$NLdBj$O%;%-%e%j%F%#$X$N6<0R$r>7$/62$l$,$"$k$H?d;!$5$l$k!#(B
$B<B:]$K3d$jEv$F$i$l$F$$$kNN0h$N6-3&$r1[$($?>l=j$X<B9TCf$N%"%W%j%1!<%7%g(B
$B%s$,=q$-9~$_$r;n$_$k>l9g!"7k2L$H$7$F%R!<%W%*!<%P!<%U%m!<$,@8$8$k>u67$,(B
$B0z$-5/$3$5$l$k2DG=@-$,$"$k!#$3$NLdBj$O<h$jJ,$1!"967b<T$,LdBj$rJz$($k4X(B
$B?t$X0z$-EO$5$l$k%Q%i%a!<%?$NA4BN!"$"$k$$$O0lIt$rA`:n$G$-F@$k>l9g!"FC$K(B
$B=EMW;k$5$l$kLdBj$G$"$k!#(B

5. FreeBSD Arbitrary FFS Filesystem Data Block Access Vulnerability
BugTraq ID: 5399
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5399
$B$^$H$a(B:

FreeBSD $B$N%G%U%)%k%H>uBV$GMxMQ$5$l$F$$$k%U%!%$%k%7%9%F%`$O!"(BBerkeley Fast
File System (FFS) $B$G$"$k!#(BFFS $B$K$*$$$F!"%U%!%$%k$NBg$-$5$r3d$jEv$F$k:]$K(B
$BLdBj$,H/@8$9$k$3$H$,H/8+$5$l$F$$$k!#(B

$B$3$NLdBj$O(B FFS $B>e$G$N%U%!%$%k$NBg$-$5$r;;=P$9$k=hM}$rITE,@Z$JJ}K!$G9T$C(B
$B$F$$$k$?$a$K@8$8$k!#$3$NLdBj$K$h$j!"%f!<%6$O(B FreeBSD $B$N2>A[%a%b%j%7%9%F(B
$B%`$,<h$j07$($k$HA[Dj$5$l$kNL$rD6$($??t$N%U%!%$%k$r@8@.$G$-F@$k$H?d;!$5$l(B
$B$k!#(B

$B$3$NLdBj$O(B i386 $B4D6-$K$*$$$F$O%V%m%C%/%5%$%:$,(B 16K byte $B0J>e$N(B FFS$B!"(B
$B$^$?!"(BAlpha $B4D6-$K$*$$$F$O%V%m%C%/%5%$%:$,(B 32K byte $B0J>e$N(B FFS $B$G@8$8$k!#(B
$B$3$NLdBj$N1F6A$O!"%U%!%$%k%7%9%F%`$,>/$J$/$H$b(B 6 $B%V%m%C%/$N6u$-NN0h$r;}(B
$B$A!"967b<T$OBP>]$N%U%!%$%k%7%9%F%`>e$N>/$J$/$H$b(B 1 $B$D$N%U%!%$%k$X=q$-9~(B
$B$_8"8B$r;}$AF@$kI,MW$,$"$k!#(B

6. Opera FTP View Cross-Site Scripting Vulnerability
BugTraq ID: 5401
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5401
$B$^$H$a(B:

Opera $B$K$*$$$F%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,H/8+$5$l$?!#(B

ftp:// $B$+$i;O$^$k(B URL $BI=5-$rMQ$$!"(BWeb $B%3%s%F%s%D$N7ABV$G(B FTP $B%5%$%H$NFb(B
$BMF$r1\Mw$9$k:]!"(BHTML $B7A<0$NI=<(7k2LFb$K$O%f!<%6L>$H$7$FF~NO$5$l$?CM$,4^(B
$B$^$l$F$$$k!#$7$+$7!"I=<($K@hN)$A==J,$J%U%#%k%?%j%s%0$,9T$o$l$F$$$J$$Ld(B
$BBj$,B8:_$7$F$$$k!#(B
$B$3$N$?$a!"(BFTP $B%5%$%H$KBP$9$k(B URL $B$NI=<(ItFb$N(B <title> $B%?%0$G;O$a$i$l$F(B
$BJD$8$i$l$F$$$kHO0O$K!"967b<T$O(BJavaScript $B$rKd$a9~$s$@%f!<%6L>$rF~NO2DG=(B
$B$G$"$k!#$3$3$GI=<($5$l$k(B URL $B$,%/%j%C%/$5$l!"(BFTP $B%5%$%H$NI=<(2hLL$,2r<a(B
$B$5$l$k:]!"Kd$a9~$^$l$?%9%/%j%W%H$,967bBP>]$N(B Web $B%/%i%$%"%s%HFb$G!";2>H(B
$B@h$N(B FTP $B%5!<%P$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k!#(B

$B$$$/$D$+$N>u672<$K$*$$$F$O!"%9%/%j%W%H$O=EMW$J>pJs$K%"%/%;%92DG=$G$"$k(B
$B$H?d;!$5$l$k!#(B
($BNc(B: FTP $B%5!<%P$,=jB0$9$k%I%a%$%s$K4XO"IU$1$i$l$F$$$k%/%C%-!<(B)

$B$3$NLdBj$O(B Windows 2000 $B4D6-$GF0:n$9$k(B Opera 6.03$B!"(B6.04 $B$K$*$$$F8!>Z$5(B
$B$l$F$$$k!#(B

7. Mozilla FTP View Cross-Site Scripting Vulnerability
BugTraq ID: 5403
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5403
$B$^$H$a(B:

Mozilla $B$K$*$$$F%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,H/8+$5$l$?!#(B

ftp:// $B$+$i;O$^$k(B URL $BI=5-$rMQ$$!"(BWeb $B%3%s%F%s%D$N7ABV$G(B FTP $B%5%$%H$NFb(B
$BMF$r1\Mw$9$k:]!"(BHTML $B7A<0$NI=<(7k2LFb$K$O%G%#%l%/%H%jL>$,4^$^$l$F$$$k!#(B
$B$7$+$7!"I=<($K@hN)$A==J,$J%U%#%k%?%j%s%0$,9T$o$l$F$$$J$$LdBj$,B8:_$7$F(B
$B$$$k!#$3$N$?$a!"(BFTP $B%5%$%H$KBP$9$k(B URL $B$NI=<(ItFb$N(B <title> $B%?%0$G;O$a(B
$B$i$l$FJD$8$i$l$F$$$kHO0O$K!"967b<T$O(BJavaScript $B$rKd$a9~$s$@%f!<%6L>$rF~(B
$BNO2DG=$G$"$k!#$3$3$GI=<($5$l$k(B URL $B$,%/%j%C%/$5$l!"(BFTP $B%5%$%H$NI=<(2hLL(B
$B$,2r<a$5$l$k:]!"Kd$a9~$^$l$?%9%/%j%W%H$,967bBP>]$N(B Web $B%/%i%$%"%s%HFb$G!"(B
$B;2>H@h$N(B FTP $B%5!<%P$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k!#(B

$B$$$/$D$+$N>u672<$K$*$$$F$O!"%9%/%j%W%H$O=EMW$J>pJs$K%"%/%;%92DG=$G$"$k(B
$B$H?d;!$5$l$k!#(B
($BNc(B: FTP $B%5!<%P$,=jB0$9$k%I%a%$%s$K4XO"IU$1$i$l$F$$$k%/%C%-!<(B)

$B$3$NLdBj$O(B Windows 2000 SP2 $B4D6-$GF0:n$9$k(B Mozzilla 1.0 $B$K$*$$$F8!>Z$5(B
$B$l$F$$$k!#(B

8. FreeBSD NFS Zero-Length RPC Message Denial Of Service Vulnerability
BugTraq ID: 5402
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5402
$B$^$H$a(B:

FreeBSD $B$N(B NFS ($B%M%C%H%o!<%/%U%!%$%k%7%9%F%`(B) $B$N<BAu$KLdBj$,H/8+$5$l$?!#(B

$B$3$NLdBj$O<u?.$5$l$?(B RPC (Remote Procedure Call) $B%a%C%;!<%8$N<h$j07$$$,(B
$BITE,@Z$G$"$k$?$a$K@8$8$k!#(BNFS $B%5!<%P$,%Z%$%m!<%ID9$5$,(B 0 $B$N%a%C%;!<%8$r(B
$B<u?.$9$k:]!"%5!<%P$O4{$K<u?.$7$?%a%C%;!<%8$+$i%Z%$%m!<%I$N;2>H$r9T$&!#(B
$B$3$N$?$a!"%a%C%;!<%8%A%'%$%sFb$G$N%k!<%W$,@8$8!"0J8e!"(BNFS $B%5!<%PFb$N$=(B
$B$l$H$O0[$J$kNN0h$GL58B%k!<%W$,@8$8$F$7$^$&!#(B

$B967b<T$OLdBj$rJz$($k(B NFS $B%5!<%P$KBP$7$FO"B3$9$k0-0U$"$k%j%/%(%9%H$rAH$_(B
$BN)$F$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B
$B$3$N7k2L!"(BNFS $B%5!<%P$O5!G=Dd;_>uBV$K$J$j!"(BDoS $B>uBV$K4Y$k!#(B

9. qmailadmin Local Buffer Overflow Vulnerability
BugTraq ID: 5404
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5404
$B$^$H$a(B:

Inter7 $B$K$h$C$F3+H/$5$l$?(B qmailadmin $B$O!"(BWeb $B$rMxMQ$9$k(B qmail $B4IM}%D!<(B
$B%k$G$"$k!#(Bqmailadmin $B$O!"%P%C%U%!%*!<%P!<%U%m!<$rMxMQ$9$k967b$r4k$F$k$3(B
$B$H$,2DG=$G$"$k!#%m!<%+%k;q8;$K%"%/%;%9$7F@$k967b<T$,(B qmailadmin $B$r<B9T(B
$B2DG=$G$"$k>l9g!"%P%C%U%!%*!<%P!<%U%m!<$rMxMQ$9$k967b$r0z$-5/$3$5$l$k2D(B
$BG=@-$,$"$k!#(B

qmailadmin $B$N<B9T%U%!%$%k$O!"DL>o(B setuid ($B$$$/$D$+$N%7%9%F%`$G$O(B setuid
root$B!"$=$l0J30$G$O0lHL%f!<%6$KBP$7$F(B setuid $B$5$l$F$$$k(B) $B>uBV$G%$%s%9%H!<(B
$B%k$5$l!"MxMQ$5$l$F$$$k!#(Bqmailadmin $B$K$O4D6-JQ?t(B 'QMAILADMIN_TEMPLATEDIR'
$B$r<h$j07$&:]$K!"6-3&%A%'%C%/$,==J,$K<B9T$5$l$F$$$J$$LdBj$,B8:_$9$k!#(B
$B%m!<%+%k$N967b<T$,$3$NJQ?t$KHs>o$KD9$$J8;zNs$r@_Dj$7$F(B qmailadmin $B$r<B(B
$B9T$9$k>l9g!"%P%C%U%!%*!<%P!<%U%m!<$,@8$8$k$N$G$"$k!#(B

$B0-0U$"$k%m!<%+%k%f!<%6$O!"$3$NLdBj$r8"8B$N>:3J$KMxMQ$9$k2DG=@-$,$"$k!#(B

10. Nullsoft WinAmp HTML Playlist Script Injection Vulnerability
BugTraq ID: 5407
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5407
$B$^$H$a(B:

Nullsoft Winamp $B$O(B MP3 $B$*$h$SB>$N%U%!%$%k7A<0$r%5%]!<%H$7!"(BMicrosoft
Windows $B$GF0:n$9$k!"%9%-%s$rMxMQ$7$F304Q$NJQ99$,2DG=$J%a%G%#%"%W%l!<%d!<(B
$B$G$"$k!#(B

WinAmp $B$K$*$$$F%9%/%j%W%H$rCmF~$9$k$3$H$,2DG=$JLdBj$,Js9p$5$l$F$$$k!#(B
$BJs9p$K$h$k$H!"(BWinAmp $B$O(B HTML $B7A<0$N:F@8%j%9%H$r@8@.$9$k:]$K!"$=$l$KA^F~(B
$B$7$FI=<($5$l$k%f!<%6$+$i$NF~NOCM$KBP$7!"==J,$J%U%#%k%?%j%s%0$r9T$C$F$$(B
$B$J$$$N$G$"$k!#967b<T$O!"(BID3v2 $B%U%!%$%k%?%0$NFCDj$N9`L\$rMxMQ$7$F!"0-0U(B
$B$"$k(B HTML $B%3!<%I$rA^F~$9$k$3$H$,2DG=$G$"$k!#(B

$B0-0U$"$k(B HTML $B%3!<%I$,(B 'Title ($B%?%$%H%kL>(B)' $B$*$h$S(B 'Artist ($B%"!<%F%#%9%H(B
$BL>(B)' $B$N0lIt$H$7$FCmF~$5$l$F$$$k>l9g$K!"LdBj$,@8$8$k$N$G$"$k!#(B

$B967b<T$O!"4m81$J(B HTML $B%3!<%I$,A^F~$5$l$F$$$k0-0U$"$k(B ID3v2 $B%?%0$r:n@.(B
$B$7!"967bBP>]$N%f!<%6$r%a%G%#%"%U%!%$%k$N%@%&%s%m!<%I$XM6F3$9$k2DG=@-$,(B
$B$"$k!#Ho32$r<u$1$k%f!<%6$,%a%G%#%"%U%!%$%k$r%@%&%s%m!<%I$7!"$=$N%a%G%#(B
$B%"%U%!%$%k$r(B HTML $B:F@8%j%9%H$r:n@.$N$?$a$KA*Br$9$k$H!"%9%/%j%W%H$,(B WinAmp
$B$X$HEO$5$l$F!"LdBj$rJz$($k%7%9%F%`$N%3%s%F%-%9%HFb$G<B9T$5$l$k$N$G$"$k!#(B

$B%9%/%j%W%H$O!"%m!<%+%k%7%9%F%`$N%3%s%F%-%9%HFb$G<B9T$5$l$k$H?d;!$5$l$k!#(B
$B$3$N>l9g!"0-0U$"$k%9%/%j%W%H$O!"(BWeb $B%V%i%&%6%=%U%H%&%'%"$K$h$C$FG'2D$5(B
$B$l$F$$$k8"8B$G!"%m!<%+%k$N;q8;$KBP$7$F0-0U$"$k9T0Y$rF/$/2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B Windows 98 $B>e$GF0:n$9$k(B Nullsoft WinAmp 2.76 $B$*$h$S(B 2.79 $B$K(B
$B$*$$$FJs9p$5$l$F$$$k!#(B

WinAmp 2.80 $B$O$3$NLdBj$N1F6A$r<u$1$J$$$3$H$,Js9p$5$l$F$$$k$,!"$3$N>pJs(B
$B$O!"%Y%s%@$N8!>Z7k2L$K4p$E$/$b$N$G$O$J$$!#(B

11. FreeBSD kqueue Kernel Panic Denial Of Service Vulnerability
BugTraq ID: 5405
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5405
$B$^$H$a(B:

FreeBSD $B$K$*$1$k(B kqueue $B%a%+%K%:%`$N<BAu$K$*$$$FLdBj$,Js9p$5$l$F$$$k!#(B
kqueue $B$O%f!<%6%"%W%j%1!<%7%g%s$KBP$7!";XDj$5$l$?%U%!%$%k%G%#%9%/%j%W%?(B
$B$r4XO"$9$kFCDj$N%$%Y%s%H$X4XO"IU$1$k<jCJ$rDs6!$7!"$3$l$i%$%Y%s%H$,@8$8(B
$B$k:]$KHsF14|DLCN$r<u$1<h$k!#(B

$BFCDj$N%$%Y%s%H$N0lNc$K5s$2$i$l$k$N$,!"4XO"$9$k%U%!%$%k%G%#%9%/%j%W%?$X(B
$B$$$D$G$b=q$-9~$_2DG=$J>uBV$rJV$9(B EVFILT_WRITE $B$G$"$k!#(Bpipe() $B4X?t$r8F$S(B
$B=P$9$3$H$G%Q%$%W$,@8@.$5$l!"$=$N8e%Q%$%W$N0lC<$,%/%m!<%:$5$l$k$H!"3+$+(B
$B$l$?$^$^$N%Q%$%W$H4XO"IU$1$i$l$?(B EVFILT_WRITE $B%$%Y%s%H$O%+!<%M%k%Q%K%C(B
$B%/>uBV$r0z$-5/$3$9$3$H$,2DG=$H$J$k!#(B

$B%m!<%+%k%f!<%6$O0-0U$"$k%W%m%0%i%`$rMxMQ$7$F$3$N>u67$rMF0W$K4k$F$i$l$k(B
$B2DG=@-$,$"$k!#$3$NLdBj$rMxMQ$9$k967b$K$h$j!"%m!<%+%k%f!<%6$O%7%9%F%`$r(B
DoS $B>uBV$K4Y$l$k2DG=@-$,$"$j!"DL>oF0:n$X$NI|5l$K$O!"LdBj$rJz$($k%7%9%F(B
$B%`$N:F5/F0$rI,MW$H$9$k!#(B

12. Gaim Jabber Plug-In Buffer Overflow Vulnerability
BugTraq ID: 5406
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5406
$B$^$H$a(B:

Gaim $B$OB?$/$N%W%m%H%3%k$r%5%]!<%H$9$k4J0W%a%C%;!<%8%/%i%$%"%s%H$G$"$k!#(B
UNIX $B$*$h$S(B $BMM!9$J(B Linux $B$GF0:n$9$k!#(B

Gaim client Jabber messaging $B%W%i%0%$%s$O!"%P%C%U%!%*!<%P!<%U%m!<$r@8$8(B
$B$k5?$$$,$"$k!#$3$NLdBj$KBP$9$k@53N$J>\:Y$O!"L$>\$G$"$k!#$7$+$7!"967b<T(B
$B$K$h$C$FM?$($i$l$?CM$K$h$j!"%a%b%jFbMF$N2~JQ$r0z$-5/$3$9$?$a$K$3$N>uBV(B
$B$rMxMQ$9$k2DG=@-$,$"$j!"LdBj$rJz$($k%/%i%$%"%s%H$rF0:n$5$;$k%f!<%68"8B(B
$B$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$k!#(B

13. Microsoft Windows Window Message Subsystem Design Error Vulnerability
BugTraq ID: 5408
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5408
$B$^$H$a(B:

Win32 API $B$K=EBg$J@_7W%_%9$,Js9p$5$l$F$$$k!#$3$NLdBj$O(B inter-window
message passing ($B%&%#%s%I%&4V%a%C%;!<%8EAC#(B) $B%7%9%F%`$K4XO"$9$k!#(B

Win32 $B$N35G0$G$O!"%G%9%/%H%C%W>e$NA4%&%#%s%I%&$OBP$H$7$F8+$J$5$l$k!#(B
$B$3$N$?$a!"3F%&%#%s%I%&$O@)8f%W%m%;%9$N%"%/%;%9%l%Y%k$rN10U$;$:!"8_$$$K(B
$B%a%C%;!<%8$r8r49$9$k$H?d;!$5$l$k!#(B

$BFCDj$N%a%C%;!<%8$O<u?.%W%m%;%9$N1?MQ$K0-1F6A$r5Z$\$92DG=@-$,B8:_$9$k$?(B
$B$a!"$3$l$O:,K\E*$J@_7W$K$*$1$k7g4Y$G$"$k!#(BWin32 $B%a%C%;!<%8$OAjEv$K6/NO(B
$B$G$"$k!#Nc$($P!"%a%C%;!<%8$O%&%#%s%I%&%3%s%]!<%M%s%H$NB0@-(B ($B%F%-%9%HF~(B
$BNO%U%#!<%k%ICM$N@)8B$N$h$&$J$b$N(B) $B$r9*$_$KA`$k2DG=@-$,$"$k!#$3$l$iB0@-(B
$B$r2~$6$s$9$k$3$H$O!"<B9T2DG=>uBV$r@8@.$9$k2DG=@-$,$"$k!#L@Gr$J$3$NLdBj(B
$B$NMxMQJ}K!$H$7$F$O!"F~NO%U%#!<%k%ICM$N@)8B$rJQ99$9$k$3$H$G%P%C%U%!%*!<(B
$B%P!<%U%m!<$r>7$/$3$H$,5s$2$i$l$k!#(B

$B$5$i$K!"1F6A$r<u$1$k%W%m%;%9$N<B9T2DG=$J%a%b%jNN0hFb$K3JG<$5$l$F$$$k$h(B
$B$&$J>l9g!"%a%C%;!<%8(B 'WM_TIMER' $B$O!"G$0U$N%3!<%I$N<B9T$KMxMQ$9$k$3$H$,(B
$B2DG=$G$"$k!#(B 'WM_TIMER' $B%a%C%;!<%8$K$O!"%W%m%;%9%a%b%jFb$N%3!<%k%P%C%/(B
$B4X?t$N%"%I%l%9$rA^F~$9$k$3$H$,2DG=$G$"$k!#%"%I%l%9%Q%i%a!<%?$,I8E*%W%m(B
$B%;%9$N%a%b%jFb$K3JG<$5$l$kL?Na$N3JG<@h$KM?$($i$l$k$H(B ($BF~NO%U%#!<%k%I!"(B
$B$b$7$/$OFCDj$NB><jK!$r2p$9%3!<%I(B)$B!"%3!<%I$OI8E*%W%m%;%9$K$h$j<B9T$5$l$k!#(B
$B%a%C%;!<%8(B 'EM_GETLINE' $B$O%W%m%;%9%a%b%jFb$NA43JG<@h$KL?Na$r=q$-9~$`$3(B
$B$H$K$bMxMQ$5$l$k2DG=@-$,$"$k!#(B

$B$3$N7g4Y$O9-HO0O$K5Z$S!"(BWin32 $B%&%#%s%I%&$K4p$E$$$?%"%W%j%1!<%7%g%s$NKX(B
$B$I$,1F6A$r<u$1$k$h$&$G$"$k!#%m!<%+%k$N967b<T$O$h$j9b0L$N8"8B$NB>$N%W%m(B
$B%;%9$KB0$9$k%&%#%s%I%&$,8=$l$k:]$K!"$3$NLdBj$r8"8B$N>:3J$KMxMQ$9$k2DG=(B
$B@-$,$"$k!#$3$N$h$&$J%W%m%;%9$N0lNc$H$7$F$O!"B?$/$N>l9g(B SYSTEM $B8"8B$G2T(B
$BF0$9$kI,MW$,$"$k%"%s%A%&%$%k%9%=%U%H%&%'%"$,5s$2$i$l$k!#(B

14. Microsoft Internet Explorer Invalid SSL Certificate Chain
Vulnerability
BugTraq ID: 5410
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5410
$B$^$H$a(B:

Microsoft $B$N(B Internet Explorer Web $B%V%i%&%6$K$*$$$F(B SSL $B>ZL@=q$N07$$$K(B
$BM3Mh$9$kLdBj$,Js9p$5$l$F$$$k!#$3$NLdBj$K$h$j!"0-0U$"$kG'>Z5!4X$,LdBj$r(B
$BJz$($k%V%i%&%6$K$h$C$F?.Mj$5$l$F$$$kG$0U$N%I%a%$%s8~$1$N(B SSL $B>ZL@=q$r(B
$B:n@.$9$k$3$H$,2DG=$H$J$k!#(B

SSL $B>ZL@=q$ODL>o!"9-$/;HMQ$5$l$F$$$k(B Web $B%V%i%&%6$N%G%U%)%k%H@_Dj$GDj5A(B
$B$5$l$F$$$k?.Mj$5$l$?%k!<%H5!4X$K$h$C$F=pL>$5$lG'2D$5$l$F$$$k!#$7$+$7$J(B
$B$,$i!"G'>Z5!4X$r3,AX2=$9$k$3$H$,2DG=$G$"$k!#$3$N>l9g!"%k!<%H(B CA ($BG'>Z(B
$B6I(B) $B$O?.Mj$5$l$F$$$kI,MW$,$"$j!"Cf4V(B CA $B$O>ZL@=q$,=pL>$r9T$C$?5!4X$K$h$C(B
$B$FMxMQ$G$-F@$k$h$&$K8x<($9$k(B Basic Constraints $B%U%#!<%k%I$r@_$1$F$*$/$Y(B
$B$-$G$"$k!#(B

$BJs9p$K$h$k$H!"(B Microsoft Internet Explorer $B$O(B Basic Constraints $B%U%#!<(B
$B%k%I$N$,E,@Z$KDj5A$5$l$F$$$k$+$I$&$+$N3NG'$r9T$C$F$$$J$$!#G'>Z6I$N3,AX(B
$BFb$K0LCV$9$kCf4V(B CA $B$H$7$FG$0U$NG'>Z5!4X$,MxMQ$5$l$k2DG=@-$,$"$k!#$"$k(B
$BM-8z$JG'>Z5!4X$r=jM-$7$F$$$k0-0U$r;}$C$?CDBN$,0U?^$9$k%I%a%$%s8~$1$N?7(B
$B$7$$>ZL@=q$K=pL>$9$k2DG=@-$,$"$k!#(B

$B967b<T$O%I%a%$%s$r:>>N$9$k$?$a$K$3$N?7$?$J>ZL@=q$r;HMQ$9$k2DG=@-$,$"$k!#(B
$B$b$7967b<T$,967bBP>]$N%I%a%$%s$r56$m$&$H$7$F$$$?$j!"$b$7$/$ODL?.FbMF$N(B
$B2~$6$s$dC%<h$r4k$F$h$&$H$7$?:]$K!"967b<T$O0-0U$"$k>ZL@=q$rMxMQ$7$F5$IU(B
$B$+$l$k$3$HL5$/967b$r9T$&2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"(B Internet Explorer 6.0 $B$O(B False $B$K@_Dj$5$l$?(B Basic
Constraints$B%U%#!<%k%I$rL@<(E*$K<uM}$7$F$7$^$&$H$N$3$H$G$"$k!#(B
$B$3$N:]!"$=$N>ZL@=q$O!"$3$N%U%#!<%k%I$KBP$9$kL@<(E*$KDj5A$5$l$?CM$J$7$G!"(B
$BM-8z$JCf4V(B CA $B$H$7$F<u$1F~$l$i$l$F$7$^$&$N$G$"$k!#(B

15. Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
BugTraq ID: 5413
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5413
$B$^$H$a(B:

Microsoft Exchange 2000 $B$K$*$$$FLdBj$,Js9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(BExchange 2000 $B$OG'>Z$5$l$?%f!<%6$KB?$/$N%j%/%(%9%H$rAw?.(B
$B$5$l$k>l9g!"(BDoS $B>uBV$K4Y$k$N$G$"$k!#$3$NLdBj$O(B Exchange $B$X(B IIS $B$,%i%$%;(B
$B%s%9$N3d$jEv$F$r@5$7$/$J$$J}K!$G9T$&$?$a$K@8$8$k!#BgNL!"$+$D?WB.$K%j%/(B
$B%(%9%H$r9T$&$3$H$G!"(BIIS $B$K$h$C$F(B Exchange $BMQ$K3d$jEv$F$i$l$?MxMQ2DG=$J(B
$B%i%$%;%s%9$r>CHq$7?T$/$7$F$7$^$&$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"(BExchange $B$O0J8e$N%5!<%S%9$X$N@5Ev(B
$B$J%j%/%(%9%H$KBP$7$F1~Ez$7F@$J$$>uBV$K4Y$k!#(B

$B$3$NLdBj$O(B Microsoft Exchange 2000 $B$K$*$$$FH/8+$5$l$F$$$k!#B>$N%P!<%8(B
$B%g%s$,$3$NLdBj$N1F6A$r<u$1$k$+$I$&$+$OL$>\$G$"$k!#99$J$k>pJs$,8x3+$5$l(B
$B<!Bh!"$3$N(B BID $B$O99?7M=Dj$G$"$k!#(B

16. Microsoft SQL Server Remote Buffer Overflow Vulnerability
BugTraq ID: 5411
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5411
$B$^$H$a(B:

$B%j%b!<%H$N967b<T$KBP>]%[%9%H$X$N%"%/%;%98"8B$N<hF@$r2DG=$K$9$kLdBj$,!"(B
Microsoft SQL Server $B$K$*$$$FH/8+$5$l$F$$$k!#(B

$B967b<T$O!"LdBj$rJz$($k(B SQL $B%5!<%P>e$G%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3(B
$B$9$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O!"G'>Z<jB3$-0JA0$G$b@8$8$k;v$,Js9p$5$l$F$$$k!#Js9p$K$h$k$H!"(B
$B$3$NLdBj$O%G%U%)%k%H$N%7%9%F%`@_Dj$KM3Mh$9$k!#(BMicrosoft SQL Server $B$O(B
1443/TCP $B%]!<%H>e$X$N@\B3$r<u$1F~$l$k!#(B

$B967b<T$O(B SQL Server $B$K%/%i%C%7%e$r>7$-!"$*$h$S967b<T$K$h$C$FM?$($i$l$?(B
$B%3!<%I$r<B9T$7F@$k$h$&$KFCJL$K9*L/$K:n@.$5$l$?%Q%1%C%H$r(B 1433/TCP $B%]!<(B
$B%H$KAw?.$9$k$3$H$G!"$3$NLdBj$rMxMQ$9$k$3$H$,2DG=$G$"$k!#(B

$BLdBj$rJz$($k(B SQL Server $B$N%P!<%8%g%s$O!"L$>\$G$"$k!#99$J$k>pJs$,8x3+$5(B
$B$l<!Bh!"$3$N(B BID $B$O99?7M=Dj$G$"$k!#(B

$B$3$NLdBj$O!"%7%9%F%`%W%m%;%9$HF13J$N8"8B$GG$0U$N%3!<%I$r<B9T$9$k$?$a$K(B
$B%j%b!<%H$+$iMxMQ$5$l$k2DG=@-$,$"$k!"$"$k$$$OLdBj$rJz$($k%7%9%F%`$X$N%m!<(B
$B%+%k%"%/%;%9$r>7$/2DG=@-$,$"$k!#(B

17. Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
BugTraq ID: 5412
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5412
$B$^$H$a(B:

Microsoft Exchange $B$O!"(BMSRPC (Microsoft Remote Procedure Call) $B%U%l!<(B
$B%`%o!<%/$r;HMQ$9$k!#(BMicrosoft Exchange $B$X$N@\B3$KMxMQ$5$l$k4v$D$+$N@x(B
$B:_E*$JLdBj$,(B MSRPC $B$K$*$$$FJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(BExchange $B%W%m%;%9$K%a%b%jJ]8n0cH?$rH<$&%/%i%C%7%e$r0z$-5/(B
$B$3$9$3$H$,2DG=$G$"$k!#0-0U$"$k(B MSRPC $B%a%C%;!<%8$rM?$($k$3$H$G!"%/%i%C%7%e(B
$B$,@8$8$k2DG=@-$,$"$k!#$3$N:]!"G'>Z$OMW5a$5$l$J$$$3$H$,Js9p$5$l$F$$$k!#(B
$B%/%i%C%7%e$,0z$-5/$3$5$l$?>l9g!"DL>oF0:n$XI|5l$9$k$?$a$K$O!"(BExchange $B%5!<(B
$B%S%9$N:F5/F0$,I,MW$K$J$k$H?d;!$5$l$k!#(B

$B$5$i$KIU$12C$($k$J$i$P!"0-0U$"$k(B MSPRC $B8F$S=P$7$r2p$9$3$H$GA4%7%9%F%`(B
$B%a%b%j$r;H$$?T$/$92DG=@-$,$"$k!#$3$l$O!"%V%k!<%9%/%j!<%s%(%i!<$K$h$k%7(B
$B%9%F%`$NDd;_$r>7$/$3$H$,2DG=$G$"$k!#$I$A$i$N>l9g$G$b!"DL>oF0:n$XI|5l$9(B
$B$k$?$a$K$O!"%7%9%F%`$N:F5/F0$,I,MW$K$J$k!#(B

$B$3$l$iLdBj$N:,8;$O!"%a%b%j2~JQ$,@8$8$k2DG=@-$,$"$k$3$H$KM3Mh$9$k!#$3$N(B
$B$h$&$J>l9g!"$3$l$iLdBj$O!"%7%9%F%`%W%m%;%9$H$7$F%j%b!<%H$+$iG$0U$N%3!<(B
$B%I$N<B9T$,2DG=$G$"$k$H9M$($i$l!"LdBj$rJz$($k%7%9%F%`$X$N%m!<%+%k%"%/%;(B
$B%9$r>7$/$3$H$,2DG=$G$"$k!#$7$+$7!":F8=@-$K4X$7$F$OL$8!>Z$G$"$k!#(B

18. LibPNG Wide Image Processing Memory Corruption Vulnerability
BugTraq ID: 5409
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5409
$B$^$H$a(B:

libpng $B%0%i%U%#%C%/%i%$%V%i%j$K$OHs>o$KBg$-$J2hA|$N<h$j07$$$K4X$9$k!"%;(B
$B%-%e%j%F%#$K4XO"$9$kLdBj$rJz$($k5?$$$,$"$k$3$H$,H/8+$5$l$F$$$k!#Bg$-$J(B
PNG $B7A<0$N2hA|$r;HMQ$9$k$3$H$G!"%a%b%jFbMF$NGK2u$,2DG=$G$"$k$H?d;!$5$l(B
$B$k!#$3$NLdBj$rMxMQ$9$k$3$H$G!"967b<T$OBg$-$J2hA|$r=hM}$9$k%"%W%j%1!<%7%g(B
$B%s$b$7$/$O!"%/%i%$%"%s%H$N<B9T8"8B$GG$0U$N%3!<%I$r<B9T2DG=$G$"$k$H9M$((B
$B$i$l$k!#$7$+$7!"$I$NDxEY:F8=$,2DG=$G$"$k$+$I$&$+$K$D$$$F$OL$8!>Z$G$"$k!#(B

PNG $B7A<0$N2hA|$r<+F0E*$K%m!<%I$9$k$h$&$K@_Dj$7$F$"$k(B Web $B%/%i%$%"%s%H(B
$B$r2p$7$F$3$NLdBj$rMxMQ$9$k967b$,2DG=$K$J$k$H?d;!$5$l$k!#(B

libpng $B$,Hs>o$KBg$-$J2hA|$N=hM}$rM^@)$9$k$3$H$G!"$3$N>u67$r2sHr$9$kL\(B
$BE*$N%Q%C%A$,8x3+$5$l$F$$$k!#(B

19. Nullsoft SHOUTCast Insecure Permissions Information Disclosure VulnerabilityBugTraq ID: 5414
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5414
$B$^$H$a(B:

Nullsoft $B$,3+H/$7$?(B SHOUTCast $B%5!<%P$O!"(BShoutcast $B7A<0$N2;@<$r%$%s%?!<(B
$B%M%C%H>e$GJ|Aw$9$k$?$a$K;HMQ$5$l$k%=%U%H%&%'%"$G$"$k!#$3$N%"%W%j%1!<%7%g(B
$B%s$O!"(BUNIX $B$d(B Linux $B>e$GF0:n$7!"F1MM$K(B Microsoft Windows $B>e$G$bF0:n$9$k!#(B

$BFCDj$N4D6-2<$K$*$$$F!"(BNullsoft SHOUTCast $B$O!"C/$b$,FI$_=P$72DG=$J%m%0(B
$B%U%!%$%k$K4IM}<T$NG'>ZMQ>pJs$r5-O?$7$?$^$^$N>uBV$K$J$k2DG=@-$,$"$k!#(B

$BG'>Z$K<:GT$7$F$7$^$&N`$N(B HTTP $B%j%/%(%9%H(B ($BFC$K(B HTTP $B$N(B GET / )$B$,(B SHOUTCase
$B%5!<%P$N(B TCP $B%]!<%HHV9f(B 8001 $BHV08$KM?$($i$l$k:]!"K\Mh$NG'>ZMQ>pJs$,!"(B
$B$3$N%=%U%H%&%'%"MQ$N%G%#%l%/%H%jFb$KCV$+$l$F$$$k%m%0%U%!%$%k(B (sc_serv.log)
$B$X5-O?$5$l$F$7$^$&!#%m!<%+%k$N967b<T$O%m%0%U%!%$%k$,A4$F$N%f!<%6$KBP$7(B
$B$FFI$_=P$72DG=$J%Q!<%_%C%7%g%s$,@_Dj$5$l$F$$$k$?$a!"7k2L$H$7$FMF0W$KFb(B
$BMF$rFI$_=P$72DG=$G$"$k!#(B

$B$3$NLdBj$O!"(BUNIX $B$H(B Linux $B>e$GF0:n$9$kFCDj$N%P!<%8%g%s$N%=%U%H%&%'%"(B
$B$K1F6A$,$"$k$HJs9p$5$l$F$$$k!#B>$N%P!<%8%g%s$G$b$3$NLdBj$N1F6A$r<u$1(B
$B$k2DG=@-$,B8:_$9$k!#(B

20. Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
BugTraq ID: 5415
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5415
$B$^$H$a(B:

Microsoft Windows 2000 $B$O!"8"8B$NL5$$%f!<%6$K$h$k2~JQ$rKI;_$9$k$?$a$K(B
$BB?$/$N=EMW$J%7%9%F%`%U%!%$%k$K$O%G%U%)%k%H$G%"%/%;%9%3%s%H%m!<%k%j%9%H(B
$B$r@_Dj$7$F$$$k!#(Bboot.ini$B!"(Bautoexec.bat$B!"(Bntldr $B$N$h$&$J%U%!%$%k$O!"8"8B(B
$B$NL5$$%f!<%6$K$O!"FI$_=P$7$7$+$G$-$J$$@_Dj$K$J$C$F$$$k!#(BAdministrators
$B$b$7$/$O!"(BPower Users $B$K=jB0$9$k%f!<%6$O!"$3$l$i%U%!%$%k$KBP$9$k=q$-9~(B
$B$_8"8B$rM?$($i$l$F$$$k!#(B

$B$7$+$7!"%G%U%)%k%H$G$O!"$3$l$i$N%U%!%$%k$,CV$+$l$F$$$k(B OS $B$NCf3K$H$J$k(B
$B%G%#%l%/%H%j(B ($BLuCm(B: $B%k!<%H%G%#%l%/%H%j(B) $B$O!"C/$G$bFI$_=P$7$d=q$-9~$_$,(B
$B2DG=$G$"$k!#7k2L$H$7$F!"$h$jDc$$8"8B$N%f!<%6$,$3$l$i$N=EMW$J%U%!%$%k$r(B
$B:o=|2DG=$G$"$k!#0lEY:o=|$9$k$H!"$=$N%U%!%$%k$O!"8"8B$NL5$$%f!<%6$,=jM-(B
$B$9$k0-0U$"$k%U%!%$%k$KCV$-49$o$C$F$7$^$&!#$b$7!"5/F0;~$N$h$&$K<+F0E*$K(B
$B%7%9%F%`$N%W%m%;%9$K$h$C$F%"%/%;%9$5$l$k>l9g!"$h$j9b0L$N8"8B$rMF0W$KC%(B
$B<h2DG=$G$"$k!#(B

21. Cisco VPN 5000 Concentrator Plaintext Password
BugTraq ID: 5417
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5417
$B$^$H$a(B:

VPN 5000 Concentrator $B%7%j!<%:$N@=IJ$O!"%/%i%$%"%s%H$+$i$N%3%M%/%7%g%s(B
$B$rG'>Z$9$k$?$a$K(B RADIUS $B%5!<%P$rMxMQ$9$k$?$a$N5!G=$rHw$($F$$$k!#(B
PAP $B$b$7$/$O!"%A%c%l%s%8%l%9%]%s%9G'>Z$r;HMQ$7$?>l9g!"G'>Z;~$K%(%i!<$,(B
$BH/@8$9$k$H$NJs9p$,$"$k!#(B

RADIUS $B%W%m%H%3%k$rMxMQ$9$k%"%/%;%9%j%/%(%9%H$,9T$o$l$k:]!"(BVPN 5000 $B%7(B
$B%j!<%:$O%f!<%6MQ$N%Q%9%o!<%I$r0E9f2=$7$F$$$k!#$7$+$7!":G=i$N(B RADIUS $B%j(B
$B%/%(%9%H$KBP1~$9$k%l%9%]%s%9$,<u?.$5$l$J$+$C$?:]!"$3$N5!4o$O(B 2 $B2sL\$N%j(B
$B%/%(%9%H$r:FAw$9$k!#$3$N>l9g!"%/%i%$%"%s%HB&%Q%9%o!<%I$,$b$O$d0E9f2=$5(B
$B$l$J$$$N$G$"$k!#(B
$B967b<T$,%M%C%H%o!<%/$rEpD02DG=$G$"$k>l9g!"%Q%9%o!<%I$O3+<(2DG=$J>uBV$G(B
$B$"$k!#(B

$B%j%/%(%9%H$,%P%C%/%"%C%W(B RADIUS $B%5!<%P$H$7$F;XDj$5$l$?@h$XAw?.$5$l$?>l(B
$B9g$K$b!"F1MM$K$3$NLdBj$,H/@8$9$k!#(B

Cisco $B<R$O!"(BCHAP $BG'>Z$r;HMQ$7$?>l9g$O$3$NLdBj$N1F6A$r<u$1$k$3$H$O$J$$$H(B
$BJs9p$7$F$$$k!#(B

22. Ensim Webppliance Unauthorized Email Access Vulnerability
BugTraq ID: 5418
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5418
$B$^$H$a(B:

Webppliance $B$O!"(BEnsim $B$K$h$C$FDs6!$5$l$F$$$k(B Web $B%Z!<%8$N%[%9%F%#%s%04D(B
$B6-$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O!"(BLinux $B$d(B UNIX $BM3Mh(B
$B$N(B OS $B$GF0:n2DG=$G$"$j!"F1MM$K(B Microsoft Windows $B4D6-$G$bF0:n2DG=$G$"$k!#(B

Ensim Webppliance $B$KLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"0-0U$"$k%f!<%6(B
$B$O!"B>$N%f!<%6$N%a!<%k$r<u$1<h$k$3$H$,2DG=$G$"$k!#(B

$B$3$l$O(B Webppliance $B$,4{B8%f!<%6$NEE;R%a!<%kMQ$N%(%$%j%"%9$N=hM}$,@5$7$/(B
$B9T$o$l$J$$$?$a$G$"$k!#Js9p$K$h$k$H!"EE;R%a!<%k5!G=$r3d$jEv$F$i$l$?%f!<(B
$B%6$d%f!<%6%"%+%&%s%H$OB>$N%f!<%6$NEE;R%a!<%k$r2#<h$j2DG=$G$"$k!#(B

$B967b<T$O!"%(%$%j%"%9$H$7$F@5Ev$J%a!<%k%"%+%&%s%H$rDI2C$9$k$h$&$KA*Br$9(B
$B$k$3$H$G$3$NLdBj$rMxMQ$9$k967b$,2DG=$G$"$k!#0lEY!"$3$N<o$N%(%$%j%"%9$,(B
$B@_Dj$5$l$l$P!"BP>]$H$9$k%f!<%6$KFO$/A4$F$N%a!<%k$r2#<h$j$9$k$3$H$,$G$-!"(B
$B967b<T$N(B inbox $B$K%a!<%k$,FO$/$3$H$K$J$k!#(B

$B$3$NLdBj$O!"(BEnsim Webppliance 3.0 $B$H(B 3.1 $B$K1F6A$r5Z$\$9$HJs9p$5$l$F$$$k!#(B
$B$=$NB>$N%P!<%8%g%s$,1F6A$r<u$1$k$+$I$&$+$O3NG'$,<h$l$F$$$J$$!#(B

23. Multiple Microsoft Content Management Server 2001 Vulnerabilities
BugTraq ID: 5419
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5419
$B$^$H$a(B:

Microsoft $B$O!"(BMicrosoft Content Management Server (MCMS) 2001 $B$K4XO"(B
$B$9$k(B 3 $B$D$NLdBj$r8xI=$7$?!#(BMicrosoft Content Management Server (MCMS)
2001 $B$O!"(Be-$B%S%8%M%9$GMxMQ$5$l$k(B Web $B%5%$%H3+H/$d4IM}$N$?$a$N(B .NET Enterprise
$B%5!<%P@=IJ$G$"$k!#(B

$BBh(B 1 $B$NLdBj$H$7$F!"%f!<%6G'>Z$rDs6!$9$k5!9=$N0lIt$G$"$kDc%l%Y%k4X?t$K(B
$B%P%C%U%!%*!<%P!<%U%m!<$,@8$8$k$3$H$,8xI=$5$l$F$$$k!#>/$J$/$H$b!"$3$N@=(B
$BIJ$KF1:-$5$l$F$$$k(B Web $B%Z!<%8$OLdBj$rJz$($k4X?t$rMxMQ$7$F$*$j!"967b<T$O(B
$B$3$NLdBj$rMxMQ$9$k967b$r4k$F$i$l$k2DG=@-$,$"$k!#$3$NLdBj$O!"%j%b!<%H$N(B
$B967b<T$K$h$kG$0U$N%3!<%I$N(B Local System $B8"8B$G$N<B9T$d!"@x:_E*$J(B DoS $B$N(B
$B7ABV$r<h$C$F967b$KMxMQ$5$l$k$H?d;!$5$l$k!#0U?^E*$KAH$_N)$F$i$l$?G'>ZMQ(B
$B>pJs$,G'>Z5!G=$rDs6!$7!"LdBj$rJz$($k4X?t$r8F$S=P$7$F$$$k(B Web $B%Z!<%8$KM?(B
$B$($i$l$k$3$H$,!"%P%C%U%!%*!<%P!<%U%m!<$N0z$-6b$H$J$jF@$k$H?d;!$5$l$k!#(B

$BBh(B 2 $B$NLdBj$H$7$F!"FCDj$N4X?t(B (MCMS $B%*!<%5%j%s%0(B) $B$K(B 2 $B$D$NLdBj$,B8:_$7!"(B
$B@x:_E*$K%j%b!<%H$N967b<T$,LdBj$rJz$($k%7%9%F%`>e$NG$0U$N>l=j$X!"%U%!%$(B
$B%k$N%"%C%W%m!<%I$r4k$F$k2DG=@-$,$"$k$3$H$,8xI=$5$l$F$$$k!#(B2 $B$D$NLdBj$N(B
$B$&$A!":G=i$NLdBj$OLdBj$rJz$($k4X?t$K$h$k%f!<%6G'>Z$N7k2L$G$"$j!"0U?^$r(B
$B;}$D%f!<%6$O%5!<%P$X%"%C%W%m!<%I%j%/%(%9%H$rAw?.2DG=$G$"$k$H?d;!$5$l$k!#(B
$B0z$-B3$/LdBj$H$7$F$O!"G$0U$N%"%C%W%m!<%I@h$X%U%!%$%k$,%"%C%W%m!<%I2DG=(B
$B$JE@$G$"$k!#DL>o!"%"%C%W%m!<%I:Q$_$N%U%!%$%k$O<B9T8"8B$r@_Dj$5$l$F$$$J(B
$B$$%G%#%l%/%H%j$X3JG<$5$l$F$$$k!#$7$+$7!"LdBj$rJz$($k4X?t$G$N0z$-B3$/Ld(B
$BBj$,$"$k$?$a!"%"%C%W%m!<%IBP>]$N%U%!%$%k$O%U%!%$%k$,C;$$4|4VB8:_$7F@$k(B
$B>l=j$G$"$k!"967b<T$N;XDj@h$X%"%C%W%m!<%I2DG=$G$"$k$H?d;!$5$l$k!#$3$N7k(B
$B2L!"967b<T$K$h$C$FM?$($i$l$?G$0U$N%U%!%$%k$,<B9T2DG=$K$J$k$H?d;!$5$l$k!#(B
$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"(BWeb Application Manager $B$HF13J$N(B
$B8"8B$G%U%!%$%k$,<B9T$5$l$k!#(B

$BBh(B 3 $B$NLdBj$H$7$F!"(BSQL $B9=J8$r(B MCMS $B;q8;$X$N%j%/%(%9%H$r9T$&4X?t$XCmF~(B
$B2DG=$JLdBj$,8xI=$5$l$F$$$k!#$3$N4X?t$O%5!<%P>e$N2hA|$d$=$NB>$N;q8;$X$N(B
$B%j%/%(%9%H$r<h$j07$&$?$a$KMxMQ$5$l$F$$$k!#$3$NLdBj$K$h$j!"(BDomain $B$N%f!<(B
$B%68"8B$rJz$($F$$$k!"(BSQL Server 2000 $B%5!<%S%9$N<B9T8"8B$G%3%^%s%I$r<B9T(B
$B$9$k$?$a$NM-8z$J967b$KMxMQ$5$lF@$k!#(B

$BCm5-(B:
$B$3$l$i$NLdBj$O8DJL$N@H<e@-$H$7$FJ,3dM=Dj$G$"$k!#(B

24. Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
BugTraq ID: 5420
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5420
$B$^$H$a(B:

Microsoft Content Management Server (MCMS) 2001 $B$O!"(Be-$B%S%8%M%9$GMxMQ$5(B
$B$l$k(B Web $B%5%$%H3+H/$d4IM}$N$?$a$N(B .NET Enterprise $B%5!<%P@=IJ$G$"$k!#(B
$B%j%b!<%H$+$i967b$KMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$,Dc%l%Y%k$G$N(B MCMS
$BG'>ZA`:n4X?t$GH/@8$9$kLdBj$,H/8+$5$l$F$$$k!#(B

$B>/$J$/$H$b!"$3$N@=IJ$KF1:-$5$l$F$$$k(B Web $B%Z!<%8$OLdBj$rJz$($k4X?t$rMxMQ(B
$B$7$F$*$j!"967b<T$O$3$NLdBj$rMxMQ$9$k967b$r4k$F$i$l$k2DG=@-$,$"$k!#(B
$BG'>Z5!9=$rDs6!$7!"LdBj$rJz$($k4X?t$r8F$S=P$7$F$$$k(B Web $B%Z!<%8$G$"$l$P(B
$B$$$:$l$N%Z!<%8$G$"$C$F$bF1MM$NLdBj$rJz$($k5?$$$,$"$k!#(B

$B967b<T$O!"1F6A$r<u$1$k4X?t$r8F$S=P$9(B Web $B%Z!<%8$K0U?^E*$K:n@.$7$?G'>Z(B
$B>pJs$rM?$($k$3$H$G!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k2DG=@-$,$"$k!#E,@Z$K(B
$B0U?^$rH?1G$9$k$h$&$K:n@.$7$?G'>Z>pJs$rM?$($k$3$H$K$h$C$F!"967b<T$,M?$((B
$B$?CM$K$h$j%a%b%jFbMF$rGK2u2DG=$G$"$j$&$k!#$3$NLdBj$O%j%b!<%H$N967b<T$K(B
$B$h$jG$0U$N%3!<%I$r(B Local System $B8"8B$G<B9T$9$k$?$a$N967b$KMxMQ$5$l!"@x(B
$B:_E*$K(B DoS $B>uBV$r0z$-5/$3$9$H9M$($i$l$k!#(B

$BCm5-(B:
$B$3$NLdBj$O(B BID 4519 "Multiple Microsoft Content Management Server 2001
Vulnerabilities" $B$K4{$K<($5$l$?$b$N$G$"$k$,!"8DJL$N(B BID $B$KJ,N%$5$l$?$b(B
$B$N$G$"$k!#(B

25. Microsoft Content Management Server 2001 SQL Injection Vulnerability
BugTraq ID: 5422
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5422
$B$^$H$a(B:

Microsoft Content Management Server (MCMS) 2001 $B$O!"(Be-$B%S%8%M%9$GMxMQ$5(B
$B$l$k(B Web $B%5%$%H3+H/$d4IM}$N$?$a$N(B .NET Enterprise $B%5!<%P@=IJ$G$"$k!#(B

MCMS $B$O%f!<%6$*$h$S(B Web $B%Z!<%8$KBP$7!"%P%C%/%(%s%I$GF0:n$9$k(B Microsoft
SQL 2000 Server $BFb$N%G!<%?%Y!<%9$K5-O?$5$l$F$$$k!"2hA|$J$I$N%U%!%$%k$X(B
$B$N%j%/%(%9%H$r9T$&5!G=$rDs6!$7$F$$$k!#(B

$B%U%!%$%k$X$N%j%/%(%9%H$r<u$1F~$l$k4X?t$O%$%s%?%U%'!<%9$+$i<u$1<h$C$?%G!<(B
$B%?$NFbMF$N%U%#%k%?%j%s%0$rE,@Z$K9T$C$F$$$J$$!#$3$N$?$a!"(BSQL $B9=J8$,%j%/(B
$B%(%9%HFb$KKd$a9~$^$l!"%P%C%/%(%s%I%G!<%?%Y!<%9>e$G<B9T$5$l$k2DG=@-$,$"(B
$B$k!#%U%!%$%k$X$N%j%/%(%9%H$K$O%G!<%?$NDI2C!":o=|!"2~JQ$r4^$a$k$3$H$,2D(B
$BG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k$3$H$G%f!<%6$O(B OS $B$N%3%^%s%I$r<B9T2DG=$G$"$k!#(BOS $B$N%3(B
$B%^%s%I$O(B SQL Server $B%5!<%S%9$N<B9T8"8B$G<B9T$5$l$k!#(B

$B%G%U%)%k%H>uBV$G$O!"(BSQL Server $B$O%G!<%?%Y!<%9$KBP$7$F$O%U%k%"%/%;%98"8B(B
$B$r9T$&$@$1$N8"8B$rJ];}$7$F$$$k$,!"(BOS $B>e$K$*$$$F$O(B Domain $B%f!<%68"8B$N$_(B
$B$,J];}$7$F$$$k!#(B

$BCm5-(B:
$B$3$NLdBj$O(B BID 4519 "Multiple Microsoft Content Management Server 2001
Vulnerabilities" $B$K4{$K<($5$l$?$b$N$G$"$k$,!"8DJL$N(B BID $B$KJ,N%$5$l$?$b(B
$B$N$G$"$k!#(B

26. Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
BugTraq ID: 5421
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5421
$B$^$H$a(B:

Microsoft Content Management Server (MCMS) 2001 $B$O!"(Be-$B%S%8%M%9$GMxMQ$5(B
$B$l$k(B Web $B%5%$%H3+H/$d4IM}$N$?$a$N(B .NET Enterprise $B%5!<%P@=IJ$G$"$k!#(B
$BFCDj$N%P!<%8%g%s$N(B MCMS $B$K$O%j%b!<%H$+$iG$0U$N%3!<%I$,<B9T2DG=$JLdBj$,(B
$BH/8+$5$l$F$$$k!#(B

MCMS $B$OG'>Z:Q$_%f!<%6$,%3%s%F%s%D$r%5!<%P$X%"%C%W%m!<%I$9$k$?$a$N5!9=$r(B
$BDs6!$7$F$$$k!#DL>o!"%"%C%W%m!<%I$5$l$k%3%s%F%s%D$O6/@)E*$K!"0BA4$H8+$J(B
$B$5$l$k>l=j$XCV$+$l!"%j%b!<%H$+$i<B9T2DG=$K$J$k$3$H$O$J$$!#$7$+$7!"$3$N(B
$B%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"%j%b!<%H%f!<%6$O%"%C%W%m!<%I@h$H$7$F!"(B
$B%5!<%PFb$NG$0U$N>l=j$r;X$7<($9$3$H$,2DG=$J$N$G$"$k!#(B

$B0-0U$"$k%f!<%6$O!"(BASP $B7A<0$N%U%!%$%k$N$h$&$J<B9T2DG=%3%s%F%s%D$r8x3+%G%#(B
$B%l%/%H%j$KG[CV$9$k2DG=@-$,$"$k!#$b$7!"$3$N$h$&$J%j%/%(%9%H$,9T$o$l$?>l(B
$B9g!"G[CV$5$l$?%3!<%I$O!"%m!<%+%k%^%7%s>e$G<B9T$5$l$k!#%G%U%)%k%H>uBV$G(B
$B$OG[CV$5$l$?%3!<%I$O$h$jDc$$8"8B$G$"$k(B IWAM_machinename $B$G<B9T$5$l$k!#(B
$B$7$+$7!"967b$K$h$jLdBj$rJz$($k%3%s%T%e!<%?$N%m!<%+%k;q8;$X$N%"%/%;%9$,(B
$B9T$o$l$k2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"%"%C%W%m!<%I$5$l$?%U%!%$%k$O!":o=|$5$l$k$^$G$NC;$$;~4V!"(B
$B;XDj$5$l$?%"%C%W%m!<%I@h$KB8:_$9$k!#967b$r@.8y$5$;$k$?$a$K$O!"%"%C%W%m!<(B
$B%I$r$"$k8B$i$l$?HO0O$N;~4V$NCf$G9T$&$3$H$,I,MW$H$J$k$H9M$($i$l$k!#(B

$B$5$i$K!"FCDj$N(B MCMS $B$N%P!<%8%g%s$K$O!"G$0U$N%j%b!<%H%f!<%6$,G'>Z$r9T$&(B
$B$3$H$J$/%3%s%F%s%D$r%"%C%W%m!<%I2DG=$JLdBj$,B8:_$9$k!#$3$NLdBj$N7k2L!"(B
$B$3$NLdBj$rMxMQ$9$k967b$r9T$&$?$a$K!"$$$+$J$k967b<T$G$"$C$?$H$7$F$bLdBj(B
$B$rJz$($k%5!<%S%9$X@\B32DG=$H$J$k$H?d;!$5$l$k!#(B

$BCm5-(B:
$B$3$NLdBj$O(B BID 4519 "Multiple Microsoft Content Management Server 2001
Vulnerabilities" $B$K4{$K<($5$l$?$b$N$G$"$k$,!"8DJL$N(B BID $B$KJ,N%$5$l$?$b(B
$B$N$G$"$k!#(B

27. iSCSI Insecure Configuration File Permissions Information Disclosure Vulnerability
BugTraq ID: 5423
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5423
$B$^$H$a(B:

iSCSI (Internet Small Computer System Interface) $B%W%m%H%3%k$O%G!<%?5-O?(B
$BG^BN$rAj8_@\B3$9$k$?$a$KMxMQ$5$l$k!"(BInternet Protocol(IP) $B$K4p$E$/%9%H(B
$B%l!<%8%M%C%H%o!<%/MQ$NI8=`5,3J$G$"$k!#(B

iSCSI $B$N<BAu$OC/$G$bFI$_9~$_2DG=$J@_Dj%U%!%$%k$K4IM}<TMQ$NG'>Z>pJs$r5-(B
$BO?$7$?$^$^$K$9$kLdBj$rJz$($F$$$k!#(B

iSCSI $B$N<BAuJ*$,;HMQ$7$F$$$k@_Dj%U%!%$%k$O(B /etc/iscsi.conf $B$G$"$k!#(B
$BJs9p$K$h$k$H!"$3$N%U%!%$%k$O%G%U%)%k%H$GC/$G$bFI$_9~$_2DG=$G$"$j!"$3$H(B
$B$K$h$k$HC/$G$b=q$-9~$_2DG=$J8"8B$,M-8z$K$J$C$?>uBV$G%$%s%9%H!<%k$5$l$k(B
$B2DG=@-$,$"$k!#@_Dj%U%!%$%k$,%Q%9%o!<%I>pJs$rJ?J8$GJ]B8$7$F$$$k$?$a!"@x(B
$B:_E*$K?<9o$J7k2L$r>7$/2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"(BRedHat Linux Limbo Beta $B$*$h$S(B SuSE $B$O(B iSCSI $B$N<BAuJ*$rF1(B
$B:-$7$F=P2Y$5$l$F$$$k!#(BSuSE $B$O(B iSCSI $B$N<BAu$KBP$7$FE,@Z$J%Q!<%_%C%7%g%s(B
$B$,@_Dj$5$l$?>e$G=P2Y$5$l$F$$$k$HJs9p$5$l$F$$$k!#(BRedHat $B$O3+H/%3!<%I(B Limbo
$B$N(B Beta $BHG$G$OITE,@Z$J%U%!%$%k$X$N%Q!<%_%C%7%g%s$,@_Dj$5$l$?>e$GM-8z2=$5(B
$B$l$F$*$j!";~4|%j%j!<%9$N3+H/%3!<%I(B Limbo $B$G$O=$@5$5$l$k$3$H$rG'$a$F$$$k!#(B

28. Google Toolbar Unauthorized JavaScript Configuration Modification Vulnerability
BugTraq ID: 5424
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5424
$B$^$H$a(B:

Google Toolbar $B$O(B Google $B%5!<%A%(%s%8%s$K4XO"$9$k5!G=$rDs6!$9$k!"(BMicrosoft
Internet Explorer $B8~$1$N(B ActiveX $B%3%s%H%m!<%k$G$"$k!#(BGoogle Toolbar $B$,(B
$B@_DjMQ%*%W%7%g%s$r99?7$9$kJ}K!$K4X$9$kLdBj$,H/8+$5$l$F$$$k!#(B

$B$3$N(B ActiveX $B$rFCDj$N(B URL $B$X%"%/%;%9$5$;!"(BCGI $B$X$N%Q%i%a!<%?$H$7$F%3%^(B
$B%s%I$r<u$1F~$l$5$;$k$3$H$K$h$j!"@_DjCM$r2~JQ2DG=$G$"$k!#(B
$B$3$NFCDj$N(B URL $B$r;2>H$9$k%Z!<%8$,A[Dj$7F@$k8B$j!"(Bgoogle.com $B%I%a%$%sFb!"(B
$B$b$7$/$O%m!<%+%k$r;X$7<($9(B res:// $BI=5-$N(B URL $B$+$i%Q%i%a!<%?$r<u$1<h$C$?(B
$B>l9g$K$N$_!"(BHTTP $B%j%/%(%9%H$OBEEv$J$b$N$H8+$J$5$l$k!#(B

$B$7$+$7!"0-0U$"$k%9%/%j%W%H$OBEEv$H8+$J$;$k%I%a%$%sFb$G?7$7$$%Z!<%8$r3+$-!"(B
$B%D!<%k%P!<$N@_Dj$r2~JQ$9$k$h$&$J(B URL $B$r;X$7<($9MM$K:FDj5A$r9T$&$3$H$,2D(B
$BG=$J$N$G$"$k!#%D!<%k%P!<@_Dj$NKX$I$N%*%W%7%g%s$,JQ992DG=$G$"$k!#(B

$B$^$?!"G$0U$N(B JavaScript $B$,@_DjMQ$N(B URL $B$K0z$-EO$5$l$k2DG=@-$,$"$k!#(B
$B0z$-EO$5$l$?%9%/%j%W%H$O$=$l$r;2>H$9$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%H(B
$B$G<B9T$5$l$k2DG=@-$,$"$k!#(B
res:// $BI=5-$N(B URL $B$rMQ$$$F%m!<%+%k%U%!%$%k$,;2>H$5$l$?>l9g!"967b<T$K$h$C(B
$B$FM?$($i$l$?%9%/%j%W%H$O%m!<%+%k%3%s%T%e!<%?$N%;%-%e%j%F%#%>!<%sFb$G<B(B
$B9T$5$l$k2DG=@-$,$"$k!#(B

29. Ipswitch WS_FTP Server CPWD Remote Buffer Overflow Vulnerability
BugTraq ID: 5427
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5427
$B$^$H$a(B:

Ipswitch WS_FTP Server $B$O(B Microsoft Windows $B8~$1$N(B FTP $B%5!<%P$G$"$k!#(B
WS_FTP $B$O!"%f!<%6$,0U?^E*$K:n@.$5$l$?(B FTP $B%3%^%s%I$rAw?.$9$k:]!"%P%C(B
$B%U%!%*!<%P!<%U%m!<$r0z$-5/$3$92DG=@-$,$"$k!#(B

$B%P%C%U%!%*!<%P!<%U%m!<$OG'>Z:Q$_$N%f!<%6$N%Q%9%o!<%I$rJQ99$9$k$?$a$KMx(B
$BMQ$5$l$k!"(BCPWD $B%3%^%s%I$N<h$j07$$$K4XO"$7$F@8$8$k!#(B
$BJs9p$K$h$k$H!"$3$N%3%^%s%I$XD9$$%Q%i%a!<%?$,M?$($i$l$k:]!"967b<T$O%9%?%C(B
$B%/%U%l!<%`>pJs$r4^$`!"=EMW$J%W%m%;%9$K3d$jEv$F$i$l$?%a%b%jFbMF$rGK2u2D(B
$BG=$K$J$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$OG$0U$N%3!<%I$N<B9T$r!"%j%b!<%H$+$iA[Dj$G$-$k8B(B
$B$j$G$O(B SYSTEM $B8"8B$G2DG=$K$7$F$7$^$&$H9M$($i$l$k!#$^$?!"967b<T$,G$0U$N(B
$BBg$-$J%G!<%?$rAw$k$3$H$K$h$j!"%5!<%P%W%m%;%9$r%/%i%C%7%e$5$;$i$l!"7k2L(B
$B$H$7$F(B DoS $B>uBV$K4Y$i$;$i$l$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B WS_FTP Server 3.1.1 $B$GJs9p$5$l$F$$$k!#0JA0$N%P!<%8%g%s$b$3(B
$B$NLdBj$rJz$($F$$$k2DG=@-$,$"$k$,!"$3$N$3$H$OL$8!>Z$G$"$k!#(B

30. Google Toolbar Keypress Monitoring Information Disclosure Vulnerability
BugTraq ID: 5426
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5426
$B$^$H$a(B:

Google Toolbar $B$O(B Google $B%5!<%A%(%s%8%s$K4XO"$9$k5!G=$rDs6!$9$k!"(BMicrosoft
Internet Explorer $B8~$1$N(B ActiveX $B%3%s%H%m!<%k$G$"$k!#(BGoogle Toolbar $B$,@_DjMQ(B
$B%*%W%7%g%s$r99?7$9$kJ}K!$K4X$9$kLdBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(BGoogle Toolbar $B$N$$$/$D$+$N%P!<%8%g%s$G$O!"%D!<%k%P!<$X$N(B
$B%-!<F~NO%$%Y%s%H$r$=$NGX8e$GF0:n$9$k%V%i%&%6$X$bAw?.$7$F$7$^$&!#(B
$B8=:_3+$+$l$F$$$k%V%i%&%6%&%$%s%I%&$G<B9T$5$l$F$$$k0-0U$"$k%9%/%j%W%H$O(B
$B%-!<F~NO%$%Y%s%H$r4F;k$7!"%D!<%k%P!<$XF~NO$5$l$?FbMF$X%"%/%;%9$9$k2DG=(B
$B@-$,$"$k!#(B

$BFCDj$N>u672<$G!"$3$NLdBj$O@x:_E*$K=EMW$J>pJs$r3+<($5$;$k2DG=@-$,$"$k!#(B

31. HP EMANATE 14.2 Predictable SNMP Community String Vulnerability
BugTraq ID: 5428
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5428
$B$^$H$a(B:

EMANATE (Enhanced MANagement Agent Through Extensions) $B$O!"%b%8%e!<%k2=(B
$B$5$l!"3HD%2DG=$J%^%M%8%a%s%H%(!<%8%'%s%H$rMxMQ$7!"(BSNMP $B$rMxMQ$7$F$$$k5!(B
$B4o$N4IM}$r9T$($kMM$K$9$k%=%U%H%&%'%"$G$"$k!#(B

HP EMANATE 14.2 $B%7%9%F%`$O%G%U%)%k%H$GM=B,2DG=$J%3%_%e%K%F%#J8;zNs$rMx(B
$BMQ$7$F$$$k!#$3$N$?$a!"(BSNMP $B%3%_%e%K%F%#J8;zNs$r?dB,2DG=$J967b<T$OG'>Z$r(B
$B9T$&$3$H$J$/(B SNMP $B$r2p$7$F%7%9%F%`$K%"%/%;%9$7!"=EMW$J>pJs$,3+<($5$l$k(B
$B7k2L$r>7$/2DG=@-$,$"$k!#(B

$B%3%_%e%K%F%#J8;zNs$O!"5!4o>e$G;2>H!"JQ992DG=$J(B object $B72(B($BCM(B)$B$+$i$J$k!"(B
$B%0%k!<%W$rL@<($9$k$?$a$K(B SNMP $B$K$h$C$FMxMQ$5$l$k%i%Y%k$G$"$k!#$3$N$?$a!"(B
$B%3%_%e%K%F%#J8;zNs$rCN$jF@$k967b<T$O5!4o$XG'>Z$r9T$&$3$H$J$/%"%/%;%92D(B
$BG=$K$J$k2DG=@-$,$"$k!#$3$NLdBj$K$h$j!"%M%C%H%o!<%/9=B$$J$I$N=EMW$J>pJs(B
$B$N3+<($,0z$-5/$3$5$l!"$"$k$$$O!"(BDoS $B$r4k$F$k$?$a$K967b$KMxMQ$5$l$k@x:_(B
$BE*$J2DG=@-$,$"$k!#(B

32. HP-UX PTrace Page Data Fault Denial Of Service Vulnerability
BugTraq ID: 5425
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5425
$B$^$H$a(B:

HP-UX $B$K$O$"$k%W%m%;%9$,B>$N%W%m%;%9$N<B9T$r@)8f2DG=$K$9$k!"%W%m%;%9%H(B
$B%l!<%9(B (ptrace) $BMQ$N%7%9%F%`%3!<%k$N<BAu$,Hw$($i$l$F$$$k!#(Bptrace $B$O%G%P%C(B
$B%0L\E*$GMxMQ$5$l$k!#(B

ptrace $B$N(B HP-UX $B$G$N<BAu$O%m!<%+%k$N967b<T$,%+!<%M%k%Q%K%C%/$r0z$-5/$7!"(B
$B7k2L$H$7$F%7%9%F%`$r(B DoS $B$K4Y$i$;$i$l$kLdBj$rJz$($k5?$$$,$"$k!#Js9p$K$h(B
$B$k$H!"%9%l%C%IEPO?>uBV$X$NITE,@Z$J;2>H$,9T$o$l$k:]$K$3$NLdBj$,@8$8!"7k(B
$B2L$H$7$F%G!<%?%Z!<%8%U%)%k%H$,0z$-5/$3$5$l$k!#(B

33. Macromedia Flash Player Arbitrary Local File Access Vulnerability
BugTraq ID: 5429
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5429
$B$^$H$a(B:

Macromedia Flash $B$O(B Web $B%V%i%&%6$r3HD%$7!"%f!<%6$,%^%k%A%a%G%#%"(B Web $B%3(B
$B%s%F%s%D$r1\Mw$9$k$3$H$,2DG=$H$J$k$h$&$K@_7W$5$l$?%b%8%e!<%k%Q%C%1!<%8(B
$B$G$"$k!#LdBj$,(B Flash player $B$N$$$D$/$+$N%P!<%8%g%s$GH/8+$5$l$F$$$k!#(B
$B0-0U$"$k(B Flash $B%"%K%a!<%7%g%s$,G$0U$N%U%!%$%k$rFI$_=P$72DG=$K$J$k$H?d;!(B
$B$5$l$k!#(B

Flash $B%"%K%a!<%7%g%s$O(B HTTP $B$r2p$7$FJL$N%U%!%$%k$NFI$_9~$_$,2DG=$G$"$k!#(B
$BDL>o$O!"$3$N5!G=$O%"%K%a!<%7%g%s$K;HMQ$9$k%G!<%?$rFI$_9~$`$?$a$K;HMQ$5(B
$B$l$k!#(BFlash Player $B$O%"%K%a!<%7%g%s$,=jB0$9$k%I%a%$%s$N30$KB8:_$9$k!"G$(B
$B0U$N%U%!%$%k$NFI$_9~$_$rM^@)$7$F$$$k!#(B

$B$7$+$7!"(BHTTP $B%j%@%$%l%/%H$,@5Ev$J%j%/%(%9%H$X$N1~Ez$H$7$F!"$3$N%=%U%H%&%'(B
$B%"$KAw?.$5$l$k:]!"$5$i$J$k%;%-%e%j%F%#%A%'%C%/$O9T$o$l$F$$$J$$!#(B
$B$3$N$?$a!"0-0U$"$k%5!<%P$O(B Macromedia Flash $B%"%K%a!<%7%g%s$K$h$C$F0J8e(B
$BFI$_9~$^$l$k$h$&$K!"4{CN$N%m!<%+%k%U%!%$%k$X$N(B HTTP $B%j%@%$%l%/%H$rAw?.(B
$B$9$k2DG=@-$,$"$k!#0J8e!"(BMacromedia Flash $B%"%K%a!<%7%g%s%U%!%$%k$O=EMW$J(B
$B>pJs$r85$K9T0Y$r4k$F$k$+!"=EMW$J%G!<%?$r0-0U$"$k%5!<%P$XAw$jJV$92DG=@-(B
$B$,$"$k!#(B

$BJs9p$K$h$k$H!"(B"file:///c:/" $B$NMM$K%m!<%+%k%7%9%F%`Fb$N;q8;$r;X$7<($95/(B
$BE@$H$J$k$h$&$J(B A $B%?%0$N(B HREF $BB0@-CM$r@_Dj$7!"0J8e(B Macromedia Flash $B%"%K(B
$B%a!<%7%g%s$+$iAjBPE*$J(B URL $B$rMxMQ$9$k;2>H$r9T$&$3$H$K$h$j!"$3$NLdBj$rMx(B
$BMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B
$B$3$NLdBj$rMxMQ$9$k967b$KMQ$$$i$l$kAjBPE*$J(B URL $B$O!"@x:_E*$K(B IE $B$N%"!<%+(B
$B%$%V7A<0$G$"$k(B MHT $B7A<0$N%U%!%$%k$KKd$a9~$^$l$?FbMF$HAH$_9g$o$5$l$FMxMQ(B
$B$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$OG'>ZMQ>pJs$r4^$`!"=EMW$J>pJs$,3+<($5$l$k7k2L$r(B
$B>7$/2DG=@-$,$"$k!#$3$NLdBj$rMxMQ$9$k967b$N1F6AHO0O$O!"LdBj$rJz$($k%/%i(B
$B%$%"%s%H%7%9%F%`$NFbIt9=B$$K0MB8$9$k!#(B

34. Macromedia Flash Malformed Header Buffer Overflow Vulnerability
BugTraq ID: 5430
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5430
$B$^$H$a(B:

Macromedia Flash $B$O(B Web $B%V%i%&%6$r3HD%$7!"%f!<%6$,%^%k%A%a%G%#%"(B Web $B%3(B
$B%s%F%s%D$r1\Mw$9$k$3$H$,2DG=$H$J$k$h$&$K@_7W$5$l$?%b%8%e!<%k%Q%C%1!<%8(B
$B$G$"$k!#(B

Macromedia Flash $B$K$O%P%C%U%!%*!<%P!<%U%m!<$r@8$8$k5?$$$,$"$k!#$3$NLdBj(B
$B$O(B Flash Shockwave $B%`!<%S!<%U%!%$%k(B (.SWF) $B$K4^$^$l$k%X%C%@$KBP$9$k6-3&(B
$B%A%'%C%/$,==J,$G$O$J$$$?$a$K@8$8$k!#Js9p$K$h$k$H!"%P%$%J%j%(%G%#%?$G%`!<(B
$B%S!<%U%!%$%k$N%X%C%@>pJs$r=q$-49$($k$3$H$G!"$3$NLdBj$rMxMQ$9$k967b$,2D(B
$BG=$G$"$k!#0U?^E*$KAH$_N)$F$i$l$?%X%C%@$r4^$`%`!<%S!<%U%!%$%k$,(B Flash $B$K(B
$B$h$j=hM}$5$l$k:]$K!"%P%C%U%!%*!<%P!<%U%m!<$r@8$8!"%a%b%jFbMF$rGK2u$9$k(B
$B7k2L$,>7$+$l$k!#FC$K!"%X%C%@$N%U%l!<%`>pJs$O%a%b%jGK2u$rH/@8$5$;$k$?$a(B
$B$KCm0U$rJ'$C$FAH$_N)$F$kI,MW$,$"$k!#967b<T$O;XDj$7$?CM$G4X?t%]%$%s%?$r(B
$B>e=q$-$9$k$3$H$G!"$3$NLdBj$rMxMQ$9$k967b$,2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b<T$O(B Macromedia Flash $B$,2TF0(B
$B$9$k%/%i%$%"%s%H%7%9%F%`>e$GG$0U$N%3!<%I$r<B9T2DG=$K$J$k!#967b<T$OLdBj(B
$B$rJz$($k%=%U%H%&%'%"$rMxMQ$9$k%f!<%6$,0U?^E*$KAH$_N)$F$i$l$?%`!<%S!<%U%!(B
$B%$%k$rFI$_9~$`$h$&$KM6F3$9$kI,MW$,$"$k!#$3$l$O!"0-0U$"$k(B Web $B%Z!<%8!"(B
$BEE;R%a!<%k!"%K%e!<%9%0%k!<%W$"$k$$$OB>$N<jCJ$K$h$C$F<B8=$5$l!"0-0U$"$k(B
$B%`!<%S!<%U%!%$%k$,%f!<%6$KAw?.$5$l$k2DG=@-$,$"$k!#%3!<%I$N<B9T$O$3$N%=(B
$B%U%H%&%'%"$r2TF0$5$;$F$$$k%f!<%6$N8"8B$G9T$o$l$k!#(B

Macromedia Flash plug-in $B$OMM!9$J(B Web $B%V%i%&%6$K4^$^$l$F$*$j!"$3$NLdBj(B
$B$OA4$F$N%W%i%C%H%U%)!<%`$N(B Macromedia Flash $B$K1F6A$r5Z$\$9$3$H$,CN$i$l(B
$B$F$$$k!#(B

35. Qualcomm Eudora File Attachment Spoofing Vulnerability
BugTraq ID: 5432
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5432
$B$^$H$a(B:

Eudora $B$O9-$/MxMQ$5$l$F$$$k(B GUI $B$rMxMQ$7$?(B Microsoft Windows $B8~$1$NEE;R(B
$B%a!<%k%/%i%$%"%s%H$G$"$j!"(BQualcomm $B$h$jL5=~$GG[I[$5$l$F$$$k!#(B

Eudora $B$K$O967b<T$,E:IU%U%!%$%k$N3HD%;R$r56$k$3$H$,2DG=$G$"$k$H$$$&LdBj(B
$B$rJz$($k5?$$$,$"$k!#967b<T$,EE;R%a!<%k%/%i%$%"%s%H$N%f!<%6$K!"0-0U$"$k(B
$B%3%s%F%s%D$N<B9T$r6/@)E*$K9T$o$;$k$3$H$G!"7Y9p%a%C%;!<%8$NH/@8$r2sHr$9(B
$B$k$N$r=uD9$9$k2DG=@-$,$"$k!#(B

$BFCJL$KAH$_N)$F$i$l$?%$%s%i%$%s%F%-%9%H$r4^$`EE;R%a!<%k$K$h$j!"B>$N%U%!(B
$B%$%k$dE:IU%U%!%$%k$r;2>H$9$k2DG=@-$,$"$k!#$3$NJ}K!$G;2>H$5$l$?%U%!%$%k(B
$B$N%"%$%3%s>pJs$N$$$/$D$+$O8m$C$FI=<($5$l$k2DG=@-$,$"$k$3$H$,8!>Z$5$l$F(B
$B$$$k!#$3$NLdBj$K$h$j!"%(%s%I%f!<%6$KE:IU%U%!%$%k$N<oN`$K4X$9$k8m$C$?H=(B
$BCG$r2<$5$;$k2DG=@-$,$"$k!#$=$7$F!"0-0U$"$kE:IU%U%!%$%k$O!"<B9T2DG=$JFb(B
$BMF$,2r<a!"<B9T$5$l$k:]$KDL>oI=<($5$l$k$O$:$N!"7Y9p%@%$%"%m!<%0$r2sHr$9(B
$B$k2DG=@-$,$"$k!#(B

$B$3$3$K<($5$l$F$$$kLdBj$O%*%Z%l!<%F%#%s%0%7%9%F%`$HM?$($i$l$?E:IU%U%!%$(B
$B%k$N%Q%9$*$h$S%U%!%$%kL>!"$=$7$F%(%s%I%f!<%6$KI=<($5$l$kJL$N%U%!%$%kL>(B
$B$N4V$NAj8_:nMQ$H4X78$,$"$k$H9M$($i$l$k!#(B

$B<B9T2DG=$J%U%!%$%k$X$N%Q%9I=5-$N=*C<$,C10l$N(B '.' $BJ8;z$G=*$o$C$F$$$k>l9g!"(B
$B7Y9p%a%C%;!<%8$OI=<($5$l$J$$!#$5$i$J$kBPOC=hM}$rI,MW$H$9$k$3$H$J$/%U%!(B
$B%$%k$,FI$_9~$^$l$?>l9g!"Nc$($P(B calc.exe $B$NMM$JE:IU%U%!%$%k$,<B9T$5$l$k(B
$B2DG=@-$,$"$k!#$5$i$K!"%(%s%I%f!<%6$K8~$1$FI=<($5$l$kBP>]$H$7$F!"967b<T(B
$B$K$h$C$F0U?^E*$J%U%!%$%kL>$,;XDj$5$l$k2DG=@-$,$"$k!#$b$7(B readme.txt $B$H(B
$B$$$C$?%U%!%$%kL>$,0-0U$"$k!"<B9T2DG=$JE:IU%U%!%$%k$K4XO"IU$1$i$l$F$$$k(B
$B>l9g!"%f!<%6$OE:IU%U%!%$%k$r3+$/$3$H$K4X$9$k%j%9%/$K4X$7!"IT@53N$JH=CG(B
$B$r2<$92DG=@-$,$"$k!#;XDj$5$l$?%U%!%$%k$,%m!<%+%k$N%7%9%F%`$KB8:_$7$J$$(B
$B>l9g!"M?$($i$l$?%U%k%Q%9$O!"%U%!%$%k$rC5$7=P$7$F3+;O$9$k$?$a$K!"99$J$k(B
$B7Y9p$,I=<($5$l$k$3$H$J$/;HMQ$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$r@.8y$5$;$k$?$a$K!"967b<T$OE:IU%U%!%$%k$,3JG<$5(B
$B$l$k%G%#%l%/%H%j$X$N%U%k%Q%9$rCN$kI,MW$,$"$k$H?d;!$5$l$k!#(B

36. Sun ONE/iPlanet Web Server Chunked Encoding Vulnerability
BugTraq ID: 5433
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5433
$B$^$H$a(B:

Sun ONE Web Server ($B0JA0(B iPlanet Web Server $B$H$7$FCN$i$l$?(B) $B$N(B
Chunked Encoding $B$N<BAu$K$OLdBj$,H/8+$5$l$F$$$k!#(BChunked Encoding $B$O!"(B
$B%G!<%?E>AwCf$K(B HTTP $B%j%/%(%9%H$N%U%i%0%a%s%F!<%7%g%s$rMF0W$K9T$($k$h$&(B
$B$K@_7W$5$l$F$$$k!#(B'Chunked Encoding' $B5!9=$rMQ$$$FId9f2=$5$l$?%j%/%(%9%H(B
$B$r<h$j07$&:]!"(BSun ONE $B$OI,MW$H$9$k%P%C%U%!NN0h$K4X$9$k@53N$J;;=P$r<:GT$7(B
$B$F$7$^$&!#(B

$B$3$NLdBj$rMxMQ$7$?967b$,@.8y$7$?>l9g!"%A%c%s%/2=$5$l$?%;%C%7%g%s$r0U?^(B
$BE*$KAH$_N)$F$k$3$H$K$h$j%R!<%WNN0h$r>e=q$-$9$k2DG=@-$,$"$k!#=>$C$F!"%G!<(B
$B%?9=B$$O967b<T$,;XDj$7$?%a%b%j%"%I%l%9$K0-0U$"$k%3!<%I$rCmF~$9$k$?$a$K(B
$BA`:n$5$l$k2DG=@-$,$"$k!#7k2L$H$7$F!"G$0U$N%3!<%I$N<B9T$d(B DoS $B$r@8$8$k2D(B
$BG=@-$,$"$k!#(B

37. Apache 2.0 Information Disclosure Vulnerability
BugTraq ID: 5434
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5434
$B$^$H$a(B:

$BHs(B UNIX $B%W%i%C%H%U%)!<%`>e$G2TF0$9$k(B Apache 2.0.39 $B$*$h$S$=$l0JA0$N%P!<(B
$B%8%g%s$K$OLdBj$,H/8+$5$l$F$$$k(B($B$J$*!"(Bcygwin $B4D6-$G%S%k%I$5$l$?(B Apache$B$b(B
$B$3$NLdBj$r@x:_E*$KJz$($F$$$k$H9M$($i$l$k(B)$B!#(B
$B$3$NLdBj$K$h$j1F6A$r<u$1$k2DG=@-$,$"$k%W%i%C%H%U%)!<%`$O(B Windows$B!"(BOS/2
$B$*$h$S(B Netware $B$,4^$^$l$k!#$3$NLdBj$O!"%j%b!<%H$N967b<T$K$h$k=EMW$J>pJs(B
$B$X$N%"%/%;%9$r2DG=$H$7$F$7$^$&$,!"EA$($i$l$k$H$3$m$K$h$k$H!"$5$i$KB>$N(B
$BJ}K!$G%5!<%P$X$N0-1F6A$r5Z$\$9$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$N>\:Y$O8=:_$N$H$3$mL@$i$+$G$O$J$$$,!"Js9p$K$h$k$H!"%5!<%P$N@_(B
$BDj$rJQ99$9$k$3$H$G$3$NLdBj$N1F6A$r4KOB2DG=$G$"$k!#(B
$B99$J$k>pJs$,Ds6!$5$l<!Bh!"$3$N>pJs$O99?7M=Dj$G$"$k!#(B

$B8x3+$5$l$?GX7J$rF'$^$($k$H!"$3$NLdBj$O(B Apache $B$,%"%/%;%9@)8B$D$-;q8;$X(B
$B$N%j%/%(%9%H$r<h$j07$&J}K!$H4XO"$7$F$$$k$h$&$G$"$k$H?d;!$5$l$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$O(B Apache 2.0.40 $B$,Jz$($F$$$kLdBj$H$N$3$H$G$"$k!#(B


III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. 'Creative Attacks' Beat Crypto -- Expert
$BCx<T(B: Ann Harrison

$B0E9f2rFI$N@lLg2H$O!"%A%C%W$N=8@QL)EY$,A}$9$N$HF1$8B.EY$G!"!V%`!<%"$NK!(B
$BB'!W$O0E9f2rFI$N%;%-%e%j%F%#%j%9%/$,A}Bg$5$;$F$$$k$H8l$C$?!#(B

http://online.securityfocus.com/news/572

2. Researcher: Biometrics Unproven, Hard To Test
$BCx<T(B: Ann Harrison

$BJF9qFb$K$I$NDxEY$N?t$G4iLLG'<1%7%9%F%`$,=P2Y$5$l$D$E$1$F$$$k$H8+@Q$b$l(B
$B$k$@$m$&$+!#$7$+$7N"J"$K$b!"$3$l$i%7%9%F%`$NF0:n;n83$OK5L\$G46$8$k$h$j(B
$B$b:$Fq$J$N$@!#(B

http://online.securityfocus.com/news/566

3. 'Safe' web still wide open - Windows sleuth
$BCx<T(B: Andrew Orlowski, The Register

$B@h$N(B Windows $BFbIt2r@O$GCN$i$l$F$$$k(B Professor David Martin $B$*$h$S(B Andrew
Schulman $B$O(B SafeWeb $B<R$N%W%i%$%P%7!<1\Mw%7%9%F%`$NJ,@O$r99?7$7$?!#(B
$B$3$NH/I=$K$*$$$F!";a$O%f!<%6$N!V3J9%$NI8E*!W$,J|CV$5$l$?$^$^$G$"$k$H=R(B
$B$Y$F$$$k!#(B

http://online.securityfocus.com/news/571

4. Dangers of the Google tool bar exposed
$BCx<T(B: Thomas C. Greene, The Register

Google Toolbar $B$,(B URL $B$rMxMQ$7$F%V%i%&%6$N@_Dj$rJQ99$9$kJ}K!$N7g4Y$rMx(B
$BMQ$9$k0lO"$N967bJ}K!$,!"%$%9%i%(%k$N%;%-%e%j%F%#4k6H(B GreyMagic Software
$B$K$h$C$FO@$8$i$l$F$$$k!#(B

http://online.securityfocus.com/news/570


IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. ZorbIPtraffic v0.01
$B:n<T(B: Zorbat
$B4XO"$9$k(BURL:
http://www.atout.be/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

ZorbIPtraffic $B$O!"%M%C%H%o!<%/%$%s%?!<%U%'%$%9>e$N(B IP $B%H%i%U%#%C%/$r%j%"(B
$B%k%?%$%`$GI=<($9$k%D!<%k$G$9!#$3$N%D!<%k$O!"FbIt%M%C%H%o!<%/>e$N3F(B IP $B$N(B
$B%H%i%U%#%C%/$rE}7WCM$H$7$FI=<(2DG=$G$"$j!"0lG/Kh!"0l%v7nKh!"0lF|Kh$N3F(B 
IP $B$N%H%i%U%#%C%/$N9g7W$r=87W$9$k$3$H$b2DG=$G$9!#A4$F$N>pJs$O!"(BMySQL $B%G!<(B
$B%?%Y!<%9$K5-O?$5$l!"FCDj$NF|$N%H%i%U%#%C%/NL$rMF0W$K8!:w$9$k$3$H$,2DG=$G(B
$B$9!#(BZorbIPtraffic $B$O!"(Biptables $B$r;HMQ$7$F$$$k>l9g$K$N$_MxMQ$9$k$3$H$,$G(B
$B$-$^$9!#(B

2. single-honeypot v0.1
$B:n<T(B: Luis Wong lwong@mpsnet.net.mx
$B4XO"$9$k(BURL:
http://sourceforge.net/projects/single-honeypot/
$BF0:n4D6-(B: POSIX
$B$^$H$a(B:

single-honeypot $B$OB?$/$N%G!<%b%s!"Nc$($P(B SMTP$B!"(BHTTP$B!"(Bshell$B!"(BFTP $B$J$I$N(B
$B5sF0$r%7%_%e%l!<%H$7$^$9!#$3$N%D!<%k$O(B Windows $B>e$GF0:n$9$k(B FTP $B%=%U%H(B
$B%&%'%"!"(BWindows $B>e$GF0:n$9$k(B SMTP $B%5!<%S%9!"MM!9$J(B Linux $B%G%#%9%H%j%S%e!<(B
$B%7%g%s!"$$$/$D$+$N(B POSIX $B$N<BAu$H8@$C$?B?$/$N0[$J$k1~Ez$r<($9$3$H$,2DG=(B
$B$G$9!#(B

3. myNetMon v1.0.3
$B:n<T(B: Ekrem ORAL
$B4XO"$9$k(BURL:
http://www.trsecurity.net/mynetmon/
$BF0:n4D6-(B: Windows 2000, Windows 95/98, Windows NT, Windows XP
$B$^$H$a(B:

myNetMon $B$O!"(BWindows $B>e$GF0:n$9$k%M%C%H%o!<%/%b%K%?%j%s%0$d%Q%1%C%H2r@O(B 
$B$,2DG=$J%D!<%k(B ($B%9%K%U%!(B) $B$G$9!#(BmyNetMon $B$O!"(BWinPcap ($B%Q%1%C%H$r<h$j9~(B
$B$`$?$a$N%i%$%V%i%j$G$"$k(B libpcap $B$N(B Windows $BHG(B) $B$r;HMQ$7$^$9!#(B

4. Gspoof v1.0b
$B:n<T(B: embyte
$B4XO"$9$k(BURL:
http://sourceforge.net/projects/gspoof/
$BF0:n4D6-(B: FreeBSD, Linux, NetBSD, OpenBSD
$B$^$H$a(B:

Gspoof $B$O%G!<%?$N%Z%$%m!<%I$NM-L5$K4X$o$i$:(B TCP $B%Q%1%C%H$N9=C[$*$h$SAw(B
$B?.$rMF0W$+$D@53N$K9T$($k!"(BC $B8@8l$G5-=R$5$l$?(B GTK+ $B%W%m%0%i%`$G$9!#(B
TCP/IP $B%U%#!<%k%I!"$*$h$S$5$i$K%j%s%/AX$G5!G=$9$k(B ethernet $B%X%C%@$rJQ(B
$B992DG=$G$9!#J#?t$N%Q%1%C%H$rF1;~$KAw?.$9$k$3$H$,2DG=$G$9!#(B

5. nefu v0.7.0
$B:n<T(B: Ed Colone
$B4XO"$9$k(BURL:
http://rsug.itd.umich.edu/software/nefu/
$BF0:n4D6-(B: FreeBSD, Linux, MacOS, OpenBSD, Solaris, SunOS, UNIX
$B$^$H$a(B:

nefu (network fidelity utility) $B$O%M%C%H%o!<%/1[$7$K4F;k%5!<%S%9$r9T$&(B
UNIX $B%G!<%b%s$G$9!#$3$N%=%U%H%&%'%"$O(B "no false alarms" $B>c328!CN%"%k%4(B
$B%j%:%`$r;HMQ$7$F!"%M%C%H%o!<%/$N0MB84X78$r2r@O$7$^$9!#(B
$BAH$_9~$_:Q$_$N4F;kBP>]$N%W%m%H%3%k$O$K$O(B ICMP echo (ping)$B!"(BDNS$B!"(BHTTP$B!"(B
POP$B!"(BNTP$B!"(BIMAP$B!"(BSMTP $B$*$h$S(B LDAP $B$,4^$^$l!"$3$NB>$K$b30It%W%m%0%i%`$r<B(B
$B9T$9$k5!G=$rHw$($F$$$^$9!#%9%F!<%?%9%Z!<%8$O(B finger $B%3%^%s%I$d(B Web $B$r2p(B
$B$7$FMxMQ2DG=$G$9!#(B

6. Secure Cryptographic Instant Messaging v1.04
$B:n<T(B: The Project SCIM team
$B4XO"$9$k(BURL:
http://www.projectscim.com/
$BF0:n4D6-(B: AIX, AS/400, BeOS, BSDI, DG-UX, Digital UNIX/Alpha, FreeBSD,
HP-UX, IRIX, Java, Linux, MacOS, NetBSD, OpenBSD, OpenVMS, Os Independent,
SCO, SecureBSD, Solaris, SunOS, True64 UNIX, UNIX, Unixware, VMS, Windows
2000, Windows 3.x, Windows 95/98, Windows CE, Windows NT, Windows XP
$B$^$H$a(B:

The Project SCIM application $B$O0E9f2=$7$?%$%s%9%?%s%H%a%C%;!<%8$G$NAw?.(B
$B$r2DG=$K$9$k%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$OHs1DMx$N%f!<%6$O%U%j!<(B
$B$GMxMQ2DG=$G$"$j!"B?$/$N$9$P$i$7$$5!G=$rHw$($F$$$^$9!#(B
--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$B@PED6G5W(B(ISHIDA Akihisa)$B!"<r0fH~5.(B(SAKAI Miki)$B!"(B
$B?7D.5W9,(B(SHINMACHI Hisayuki)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1030015075-10578190
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIISGgYJKoZIhvcNAQcCoIISCzCCEgcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DzwwggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggU2MIIEn6ADAgECAhBYKwlOQWIg2t9s9Ul6
I3xqMA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMjA0MDEwMDAw
MDBaFw0wMzA0MDEyMzU5NTlaMIIBIzELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTYxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEXMBUGA1UEAxMOU0FL
QUkgWW9yaXl1a2kxHjAcBgkqhkiG9w0BCQEWD3Nha2FpQGxhYy5jby5qcDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANEwVujTRrltaiSI2DFkPlw5L6WWWeOOy9z0HqaPXf2d
JYfoGHqbpq5MVCkBUSOHSY1Tpi/RdziqxhIYzXvzsb0wC1V0RNzvLf8zXtk6IjTmHttX0QDx
AvoxfmehZ1vCOgQcdBbG2FajnYo7MOewxLrmHLCv0Gitqsi2IS3Eaxv7v5Pzobu82BzUMBl6
9XypVXIEQHTG6s34ji0LbDOO/F5JqTuG5QhQmQyNnJyhNU4/BYu3e1KgK9c0gnIArQAroRqP
/0HXU7Ueu/HAUXnrt7+YqzL5CZ/6m11gCLblzFs2+6XieQsekFSjxquSQjl88C3CwgRoaNkx
01rqqYzBJ8ECAwEAAaOCAVAwggFMMAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZI
AYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMw
YgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBp
bmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMAsGA1UdDwQE
AwIFoDARBglghkgBhvhCAQEEBAMCB4AwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL29uc2l0
ZWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25KYXBhbktLVmVyaVNpZ25DbGFzczFDQUluZGl2
aWR1YWxTdWJzY3JpYmVyL0xhdGVzdENSTC5jcmwwDQYJKoZIhvcNAQEEBQADgYEALL1YFoVc
MyuHCFTkhPlz/3XIGtchllMRc+zha0qmA5wxbtgJT7hEl7IRrocWCSfweW4/KGZDQDMZM9wR
NRX19b4UTs2/opkQtX3eX4qNjUNnGdMjLTGTXzFqlph9b4ZYPvY5Xq+VQjpLBkqn2RQhdTLH
+BXc51LdzrtGw8H7s+4xggKmMIICogIBATCByjCBtTEcMBoGA1UEChMTVmVyaVNpZ24gSmFw
YW4gSy5LLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE+MDwGA1UECxM1VGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvLmpwL1JQQSAoYykgOTgxNDAy
BgNVBAMTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEFgr
CU5BYiDa32z1SXojfGowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0wMjA4MjIxMTE3MDBaMCMGCSqGSIb3DQEJBDEWBBR20FHqGvQM
n58GRMZWivLeV5GKzjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQBXXfy4WQQ2Br/RdRKrH5HdpYHYreoQNh97xNjQRLqF4Zp3qFhqS9da3kUS6bal
LEcozgOCS72cUzgSnMcqadvFsZR7rVCcdOqizyxd7AtR9AnBNl9u56USeX1lcnLVpsnhQeZ4
Qy/iyDqyZhwS/udYCMjR2nMhgoJemUHun2oRAqlOQH3e9j7asPZy/wpHK6YXeayuzU4WzITE
BjUjqBR4QUqZBKrvgNbnqsnz1QQ6eNtawbAlKEZKL99am0NSn/zsV8fBmP51yAXIVP6laMvN
TtWyS8g6UiW3ahLE8msxkrZpBVtXmAIpxLo04e9k6N8yUuFe4jH32TDISEOdGhNx

-----------1030015075-10578190--