SecurityFocus.com Newsletter #158 2002-8-12->2002-8-16

To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #158 2002-8-12->2002-8-16
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Wed, 28 Aug 2002 18:49:44 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
In-Reply-To: <Pine.LNX.4.43.0208191236300.23181-100000@mail.securityfocus.com>
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
References: <Pine.LNX.4.43.0208191236300.23181-100000@mail.securityfocus.com>
$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 158 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0le$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
$B86HG(B:
Date: Mon, 19 Aug 2002 12:36:57 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0208191236300.23181-100000@mail.securityfocus.com>

SecurityFocus Newsletter #158
-----------------------------

This Issue is Sponsored By: Qualys

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Configuring IPsec/IKE on Solaris
     2. No Stone Unturned, Part Six
     3. Unlocking the Secrets of Crypto: Cryptography, Encryption...
     4. The Original Anti-Piracy Hack
     5. SecurityFocus DPP Program
     6. InforwarCon 2002
     7. SpiDynamics ALERT
II. BUGTRAQ SUMMARY
     1. Orinoco OEM Residential Gateway SNMP Community String Remote...
     2. BlueFace Falcon Web Server Error Message Cross-Site Scripting...
     3. SGI IRIX ftpd PASV Mode Data Channel Hijacking Vulnerability
     4. ISDN4Linux IPPPD Device String SysLog Format String Vulnerability
     5. Midicart ASP Remote Customer Information Retrieval Vulnerability
     6. Citrix Metaframe Java ICA Environment Denial Of Service...
     7. Cisco VPN Client IKE Packet Excessive Payloads Vulnerability
     8. Cisco VPN Client IKE Security Parameter Index Payload Buffer...
     9. Cisco VPN Client Zero Length IKE Packet Denial Of Service...
     10. OpenBSD select() Buffer Overflow Vulnerability
     11. Multiple Vendor CDE ToolTalk Database Server Heap Corruption...
     12. Macromedia Flash Malformed SWF Denial Of Service Vulnerability
     13. PGP / GnuPG Chosen Ciphertext Message Disclosure Vulnerability
     14. W3C CERN httpd Proxy Cross-Site Scripting Vulnerability
     15. SGI Irix Bulk Data Services Arbitrary File Disclosure...
     16. PGPFreeware Malformed IKE Response Packet Buffer Overflow...
     17. Microsoft Internet Explorer File Attachment Script Execution...
     18. L2TPD Weak Random Number Generator Seeding Vulnerability
     19. Red Hat Interchange Arbitrary File Read Vulnerability
     20. HP-UX VVOS Unspecified Local Passwd Vulnerability
     21. Oracle 9iAS OJSP Demo Scripts Cross-Site Scripting Vulnerability
     22. CafeLog b2 WebLog Tool Cross Site Scripting Vulnerability
     23. CafeLog b2 WebLog Tool SQL Injection Vulnerability
     24. Oracle Listener Malformed Debugging Command Denial Of Service...
     25. Xinetd Open File Descriptor Denial Of Service Vulnerability
     26. HP-UX VVOS TGAD Unspecified Stack Corruption Vulnerability
     27. Oracle Net Listener Format String Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Audit Shows More PCs At the IRS Are Missing
     2. MS soft-pedals SSL hole
     3. Sleuths Invade Military PCs With Ease
     4. U.S. Aiding Asia-Pacific Anti-Cybercrime Efforts
IV. SECURITYFOCUS TOP 6 TOOLS
     1. Advisor v1.2.6-3
     2. Netfilter2html v0.6b
     3. spasm anti-spam milter v0.22
     4. radiusContext v1.81
     5. fauxident.py v1.0
     6. HTun v0.9.3b

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Orinoco OEM Residential Gateway SNMP Community String Remote Configuration Vulnerability
BugTraq ID: 5436
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5436
$B$^$H$a(B:

Orinoco $B$OMM!9$J4pCO6I$dL5@~(B LAN $BMQ%M%C%H%o!<%/%$%s%?%U%'!<%9%+!<%I$r4^(B
$B$`!"L5@~(B LAN $B8~$1@=IJ$NHNGd85$G$"$k!#(B

Oricono $B@=$NFCDj$N@=IJ$O!"%j%b!<%H%f!<%6$,=EMW$J>pJs$K%"%/%;%9$G$-!"@x(B
$B:_E*$K4pCO6I$N@_Dj$rJQ992DG=$K$J$k$H?d;!$5$l$kLdBj$rJz$($F$$$k!#(B

Orinoco $B@=$N(B OEM $B@=IJ$O4IM}MQ%$%s%?%U%'!<%9$X$N%"%/%;%9%3%s%H%m!<%k5!G=(B
$B$rDs6!$9$k$?$a$K!"E57?E*$K!"8D!9$K$=$l$>$l5!BNH=JLMQ$NJ8;zNs$rMxMQ$7$F(B
$B$$$k!#$3$N5!BNH=JLMQJ8;zNs$O8D!9$K0[$J$k$b$N$G$"$j!"8GDjJ8;zNs$G$"$k!#(B
$B$^$?!"$3$NJ8;zNs$O4pCO6I$N@_Dj$r9T$&$?$a$NG'>ZMQJ8;zNs$H$7$FMxMQ$5$l$F(B
$B$$$k!#(B

SNMP $B$r2p$9$k$3$H$G!"(BOricono $B@=$N(B OEM $B4pCO6I@=IJ$N@_Dj$KMxMQ$5$l$k!"5!(B
$BBNH=JLMQ$NJ8;zNs$r%j%b!<%H$+$iF~ZMQ>pJs$rJV$7$F$7$^$&$N$G$"$k!#G'>ZMQ>pJs$O4IM}MQ%3%_%e%K%F%#(B
$BJ8;zNs$H$7$FMxMQ2DG=$G$"$k!#(B

$B5!BNH=JLMQJ8;zNs$r(B SNMP $B%3%_%e%K%F%#J8;zNs$H$7$FMxMQ$9$k$3$H$G!"%j%b!<(B
$B%H%f!<%6$O4pCO6I$N@_Dj$r2~JQ$9$k2DG=@-$,$"$k!#JQ99HO0O$K$O(B DNS $B%5!<%P$N(B
$B:F@_Dj!"(Bwired equivalent privacy key$B$,4^$^$l$k$H?d;!$5$l$k!#(B

2. BlueFace Falcon Web Server Error Message Cross-Site Scripting Vulnerability
BugTraq ID: 5435
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5435
$B$^$H$a(B:

Falcon Web Server $B$O$$$/$D$+$N(B Microsoft Windows $B4D6-$GF0:n$9$k>.5,LO$J(B
Web $B%5!<%P%W%m%0%i%`$G$"$k!#$3$N%=%U%H%&%'%"$O.$+$iCf5,LO$N>&3. SGI IRIX ftpd PASV Mode Data Channel Hijacking Vulnerability
BugTraq ID: 5461
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 14 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5461
$B$^$H$a(B:

SGI IRIX $B$KF1:-$5$l$F$$$k(B FTP $B%5!<%P$O(B PASV $B%b!<%I$G1?MQCf$N:]!"%G!<%?(B
$BE>AwMQ$N%3%M%/%7%g%s$,>h$CAw$,9T$o$l$k:]$K$"$k%]!<(B
$B%H$G%3%M%/%7%g%s$rBT$AAw$5$l$k!#(BSGI $B$O(B PASV $B%b!<%I$GMxMQ$5$l$k%]!<%HHV9f$H$7$F(B
$BM=B,2DG=$JHO0O$N%]!<%HHV9f$r(B FTP $B%5!<%P$,A*Br$7$F$7$^$&$3$H$r8xI=$7$?!#(B
$B$3$N7k2L!"%j%b!<%H$N967bAwMQ$N%3%M%/%7%g%s$r>h$CAwMQ%]!<%H$X%3%M%/%7%g%s$r3NN)$9$k%/%i%$%"%s%H0J30$N(B IP $B%"%I%l(B
$B%9$G$N%"%/%;%9$r5qH]$9$k$3$H$O!"(BRFC $B=`5r$+$i$N0oC&$K$D$J$,$j!"%/%i%$%"(B
$B%s%H$,MxMQ$9$k(B IP $B%"%I%l%96u4V$+$i$N967b$rKI;_$9$k$H$$$&@-3J$N$b$N$G$O(B
$B$J$$(B(NAT $B$,MxMQ$5$l$F$$$k>l9g$KB>$NFbIt%M%C%H%o!<%/$N%[%9%H$,MxMQ$9$k(B IP
$B%"%I%l%9$r9MN8$KF~$l$FM_$7$$(B)$B!#%G!<%?E>AwMQ$KMxMQ$5$l$k%]!<%H$NA*Br$O%5!<(B
$B%P$N8=9THG$G$O%i%s%@%`$K9T$o$l!"%/%i%$%"%s%H$,%5!<%P$K@\B3$9$kA0$K?dB,(B
$B$,@.8y$9$k$3$H$O$h$j:$Fq$K$J$C$F$$$k!#(B
$B$3$N;v9`$O%Q%C%A$rE,MQ$9$k:]$KN10U$9$Y$-$G$"$k!#(B

4. ISDN4Linux IPPPD Device String SysLog Format String Vulnerability
BugTraq ID: 5437
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 10 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5437
$B$^$H$a(B:

isdn4linux $B$O%U%j!<$G8x3+$5$l!"$^$?%*!<%W%s%=!<%9$G$"$k(B ISDN $BBP1~%D!<%k(B
$B72$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux $B8~$1HG$,MxMQ2DG=$G$"$k!#(B

isdn4linux $B$O%m!<%+%k$+$i$N%3!<%I$N:3J$,2DG=$K$J$k$H?d;!$5$l(B
$B$kLdBj$rJz$($F$$$k!#(B

isdn4linux $B$N(B ippd $B%f!<%F%#%j%F%#$K$O=q<0;XDj;R$NuBV$K$*$$$F$O!"$3$N%f!<%F%#%j%F%#$O(B
setuid root $B>uBV$G%$%s%9%H!<%k$5$l$F$$$k!#$3$NLdBj$rMxMQ$9$k967b$K$h$j!"(B
$B%m!<%+%k$N967b7$/$3$H$,2D(B
$BG=$G$"$k!#(B

$B$3$NLdBj$O%G%P%$%9L>$No$KD9$$%G%P%$%9(B
$BL>(B (256 $B%P%$%H0J>e(B) $B$H6&$KZ:Q$_$G$"$k!#$7$+$7!"$3$l$O%Y%s%@$K$h$C$F8!>Z$5$l(B
$B$F$$$k;v9`$G$O$J$$!#(B

5. Midicart ASP Remote Customer Information Retrieval Vulnerability
BugTraq ID: 5438
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 10 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5438
$B$^$H$a(B:

Midicart ASP $B$O(B Coxco Support $B$K$h$C$F>&MQ@=IJ$H$7$FDs6!$5$l$F$$$k!"EE(B
$B;R>&uBV$G$O%j%b!<%H%f!<%6$,=EMW$J(B
$B>pJs$rF~pJs$r(B
$B3JG<$9$k$?$a$KMxMQ$7$F$$$k!#$7$+$7!"%G!<%?%Y!<%9%U%!%$%k$O(B Web $BMQ$K8x3+(B
$B$5$l$?%G%#%l%/%H%j$K3JG<$5$l$F$$$k$?$a!"(BWeb $B$r2p$9$k%f!<%6$+$i$N>pJsuBV$G$O!"(Bmidicart.mdb $B%U%!(B
$B%$%k$KBP$7$F$J$s$iE,@Z$J%"%/%;%9%3%s%H%m!<%k$,9T$o$l$F$$$J$$!#$3$N$?$a!"(B
$B%j%b!<%H%f!<%6$O$3$N%U%!%$%k$X%"%/%;%92DG=$G$"$k!#(B
$B$3$N%U%!%$%k$K$O8\5R;aL>!"=;=j!"%/%l%8%C%H%+!<%I>pJs$H$$$C$?=EMW$J8\5R(B
$B>pJs$,3JG<$5$l$F$$$k$H9M$($i$l$k!#(B

6. Citrix Metaframe Java ICA Environment Denial Of Service Vulnerability
BugTraq ID: 5439
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 11 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5439
$B$^$H$a(B:

Citrix Metaframe $B$O%j%b!<%H$+$i$N%G%9%/%H%C%W@)8f$r2DG=$K$9$k>&MQ@=IJ$G(B
$B$"$k!#$3$N(B BID $B$K<($5$l$kLdBj$O(B Microsoft Windows $B$GF0:n$9$k(B Metaframe
$B@=IJ72$K1F6A$r5Z$\$9!#(B

Citrix Metaframe $B$O%j%b!<%H%f!<%6$,967bBP>]$N%7%9%F%`$r%/%i%C%7%e2DG=$K(B
$B$J$kLdBj$rJz$($F$$$k!#(B

Metaframe $B$r=hM}$NB39T$,ITG=$J>uBV$K4Y$i$;$k$3$H$,2DG=$G$"$kLdBj$,H/8+(B
$B$5$l$F$$$k!#(BMetaframe $B%5!<%P$X0U?^E*$KAH$_N)$F$i$l$?(B Java ICA $B%U%!%$%k(B
$B$rMxMQ$7$F%3%M%/%7%g%s$r3NN)$9$k$3$H$G!"%j%b!<%H%f!<%6$O(B Metaframe $B%5!<(B
$B%P$r=hM}$NB39T$,ITG=$J>uBV$K4Y$i$;$i$l$k$H?d;!$5$l$k!#(BMetaframe $B%5!<%P(B
$B$O$3$NLdBj$,@8$8$?:]!"E57?E*$K$O!"A4$F$N%f!<%6$+$i$N%;%C%7%g%s$r\$G$"$k$,!"967buBV$K$7!"%U%!%$%k$N:FFI$_9~$_$r9T$&$3$H$K$h$jLdBj$rJz$($k%3%s%T%e!<(B
$B%?$N(B Citrix Metaframe $B%5!<%P$O%/%i%C%7%e$9$k!#(B

7. Cisco VPN Client IKE Packet Excessive Payloads Vulnerability
BugTraq ID: 5443
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5443
$B$^$H$a(B:

Cisco VPN Client $B$O!"2>A[%M%C%H%o!<%/$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B
UNIX $B$*$h$S(B $BB?$/$N(B Linux$B!"$=$7$F(B Microsoft Windows $B$r4^$s$@B?$/$N%W%i%C(B
$B%H%[!<%`>e$K$*$$$FF0:n$9$k!#(B

Cisco VPN Client $B$O%P%C%U%!%*!<%P!<%U%m!<$r%j%b!<%H$+$iH/@8$5$;$k$3$H$,(B
$B2DG=$G$"$k5?$$$rJz$($F$$$k!#%/%i%$%"%s%H$K0U?^E*$KAH$_N)$F$i$l$?(B IKE $B%Q(B
$B%1%C%H$rAw?.$9$k$3$H$K$h$j!"$3$N>uBV$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#%*!<(B
$B%P!<%U%m!<$O!"%/%i%$%"%s%H$,5vMFNL$G$"$k(B 57 $B%P%$%H0J>e$N(B IKE $B%Q%1%C%H$r(B
$B]$N%M%C%H%o!<%/$K6a@\$7$F$$$kDxEYl(B
$B9g$K$O!"(BVPN $B@\B3$,MxMQ$5$l$k!#(B

$B967buBV$rMx(B
$BMQ$9$k2DG=@-$,$"$k!#$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g$O!"%/%i%$%"%s(B
$B%H$NF0:n$K1F6A$rM?$(!"(BDoS $B>uBV$r>7$/2DG=@-$,$"$k!#(B

$B$3$NLdBj$O%/%i%$%"%s%H%=%U%H%&%'%"$,(B IKE $B%M%4%7%(!<%7%g%s$NBh(B 1 $B%U%'!<(B
$B%:(B (Phase 1) $B$N4V$K(B Aggressive Mode $B$GF0:n$7$F$$$k:]$Ke$GF0:n$9$k%/%i%$%"%s%H$X(B
$B5Z$\$5$l$k!#(B

8. Cisco VPN Client IKE Security Parameter Index Payload Buffer Overflow Vulnerability
BugTraq ID: 5441
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5441
$B$^$H$a(B:

Cisco VPN Client $B$O!"2>A[%M%C%H%o!<%/$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B
UNIX $B$*$h$S(B $BB?$/$N(B Linux$B!"$=$7$F(B Microsoft Windows $B$r4^$s$@B?$/$N%W%i%C(B
$B%H%[!<%`>e$K$*$$$FF0:n$9$k!#(B

Cisco VPN Client $B$O%P%C%U%!%*!<%P!<%U%m!<$r%j%b!<%H$+$iH/@8$5$;$k$3$H$,(B
$B2DG=$G$"$k5?$$$rJz$($F$$$k!#%/%i%$%"%s%H$K0U?^E*$KAH$_N)$F$i$l$?(B IKE $B%Q(B
$B%1%C%H$rAw?.$9$k$3$H$K$h$j!"$3$N>uBV$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#%*!<(B
$B%P!<%U%m!<$O!"%/%i%$%"%s%H$,5vMFNL$G$"$k(B 57 $B%P%$%H0J>e$N(B IKE $B%Q%1%C%H$r(B
$B]$N%M%C%H%o!<%/$K6a@\$7$F$$$kDxEYl(B
$B9g$K$O!"(BVPN $B@\B3$,MxMQ$5$l$k!#(B

$B967buBV$rMx(B
$BMQ$9$k2DG=@-$,$"$k!#$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g$O!"%/%i%$%"%s(B
$B%H$NF0:n$K1F6A$rM?$(!"(BDoS $B>uBV$r>7$/2DG=@-$,$"$k!#(B

$B$3$NLdBj$O%/%i%$%"%s%H%=%U%H%&%'%"$,(B IKE $B%M%4%7%(!<%7%g%s$NBh(B 1$B%U%'!<(B
$B%:(B (Phase 1) $B$N4V$K(B Aggressive Mode $B$GF0:n$7$F$$$k:]$Ke$GF0:n$9$k%/%i%$%"%s%H$X(B
$B5Z$\$5$l$k!#(B

9. Cisco VPN Client Zero Length IKE Packet Denial Of Service Vulnerability
BugTraq ID: 5440
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5440
$B$^$H$a(B:

Cisco VPN Client $B$O!"2>A[%M%C%H%o!<%/$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B
UNIX $B$*$h$S(B $BB?$/$N(B Linux $B$=$7$F(B Microsoft Windows $B$r4^$s$@B?$/$N%W%i%C(B
$B%H%[!<%`>e$K$*$$$FF0:n$9$k!#(B

VPN $B%/%i%$%"%s%H$NFCDj$N%P!<%8%g%s$O!"(BDoS $B967b$ruBV$r>7$/2DG=@-$,$"$j!"DL>oF0:n$KI|5l$9$k(B
$B$?$a$K$O!"(BVPN $B%/%i%$%"%s%H$N%W%m%;%9$r]$N%M%C%H%o!<%/$K6a@\$7$F$$$kDxEYl(B
$B9g$K$O!"(BVPN $B@\B3$,MxMQ$5$l$k!#(B

10. OpenBSD select() Buffer Overflow Vulnerability
BugTraq ID: 5442
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5442
$B$^$H$a(B:

OpenBSD $B$O%U%j!<$GG[I[$5$l$F$*$j!"%;%-%e%j%F%#$r9MN8$7$F@_7W$5$l$?%*!<(B
$B%W%s%=!<%9$J(B OS $B$G$"$k!#$3$N(B OS $B$O(B OpenBSD $B%W%m%8%'%/%H$K$h$C$FJ]uBV$rD4$Y$k5!G=$rDs6!$9$k4X?t$G$"$k!#(B

select () $B$N(B size $B%Q%i%a!<%?$OId9fIU@0?t$G$"$k!#Js9p$K$h$k$H!"(Bselect()
$B$OId9fIU$NCM$K4X$7$F!"%Q%i%a!<%?$,e=q(B
$B$-$5$;$k$3$H$,2DG=$G$"$k!#(B

$B967be=q$-$5(B
$B$;$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B
$B$3$NLdBj$rMxMQ$9$k967b$K$h$j!"967b11. Multiple Vendor CDE ToolTalk Database Server Heap Corruption Vulnerability
BugTraq ID: 5444
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5444
$B$^$H$a(B:

ToolTalk $B%G!<%?%Y!<%9%5!<%P(B (rpc.ttdbserverd) $B$O(B ONC RPC $B%5!<%S%9$N(B1$B$D(B
$B$G$"$j!"(BToolTalk $B%5!<%S%9$NF0:n$KI,MW$J%*%V%8%'%/%H$r4IM}$9$k%=%U%H%&%'(B
$B%"$G$"$k!#(BToolTalk $B$,M-8z2=$5$l$F$$$k%W%m%;%9$O8_$$$K$3$N%W%m%0%i%`$KBP(B
$B$9$k(B RPC $B8F$S=P$7$rMxMQ$7$F!"(BToolTalk $B$,M-8z2=$5$l$F$$$k%[%9%H4V$GDL?.(B
$B$r9T$&!#$3$N%W%m%0%i%`$O(B ToolTalk $B%7%9%F%`$NI8=`%3%s%]!<%M%s%H$G$"$j!"(B
$BB?$/$N>&MQHG(B UNIX $B$G$NI8=`%3%s%]!<%M%s%H$KF1:-$5$l$FDs6!$5$l$F$$$k!#(B
ToolTalk $B%G!<%?%Y!<%9%5!<%P$OE57?E*$K(B root $B8"8B$GF0:n$9$k!#(B

ToolTalk RPC $B%G!<%?%Y!<%9%5!<%P$K$*$$$F!"%P%C%U%!%*!<%P!<%U%m!<$,H/8+(B
$B$5$l$F$$$k!#(B_TT_CREATE_FILE $B%W%m%7!<%8%c$,8F$S=P$5$l$k:]$KLdBj$OH/@8$9(B
$B$k!#(B

$B967b12. Macromedia Flash Malformed SWF Denial Of Service Vulnerability
BugTraq ID: 5445
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5445
$B$^$H$a(B:

Maromedia Flash $B$O$h$j=<uBV$K4Y$k5?(B
$B$$$,$"$k!#LdBj$r:F8=$9$k$?$a$K$O!"(B.SWF $B7A<0$N%U%!%$%kFb$N%X%C%@%G!<%?$,(B
$BB;$J$o$l$F$$$J$$>uBV$G$"$kI,MW$,$"$k!#(B

$BEv=i!"$3$NLdBj$O%U%!%$%kFb$NK\J8ItJ,Fb$K(B ROT13 $B$GId9f2=$5$l$?$G$?$i$a$J(B
$B%G!<%?$r4^$a$F$*$/$3$H$G:F8=$5$l$F$$$k!#$7$+$7!":F8=$OK\J8ItJ,$N%G!<%?$r(B
16 $B?J%(%G%#%?$rMxMQ$7$F$G$?$i$a$J%G!<%?$KCV$-49$($k$3$H$K$h$C$F$b9T$$F@(B
$B$k$3$H$,H/8+$5$l$F$$$k!#(B

Macromedia Flash $B%W%i%0%$%s$O!"?tB?$/$N(B Web $B%V%i%&%6$KF1:-$5$l$F$$$k!#(B
$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"%V%i%&%6$O%/%i%C%7%e$9$k!#(B
$B967bB?$/$NuBV$r:F8=2DG=$G$"$k!#(B

Macromedia Flash Player $B$K$h$j0U?^E*$KAH$_N)$F$i$l$?%U%!%$%k$,FI$_9~$^(B
$B$l$?:]$K%a%b%jFbMF$NGK2u$,@8$8$k$+$I$&$+$OL$>\$G$"$k!#(B

13. PGP / GnuPG Chosen Ciphertext Message Disclosure Vulnerability
BugTraq ID: 5446
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5446
$B$^$H$a(B:

PGP $B$H(B GnuPG $B$O(B OpenPGP $B0E9f5,3J$NCxL>$J(B 2 $BBgl9g!"$3$NLdBj$rMxMQ$9$k967b$O5;=QE*(B
$B$JCN<1$KK3$7$$%(%s%I%f!<%6$X$N$b$N$H$7$F!"Hs>o$KA[Dj$7F@$&$k$b$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$r9T$&$?$a$K$O!"967bl9g$KCV(B
$B$-F@$k;v9`$G$"$k!#I|9f2=$N7k2L$O$4$A$c$4$A$c$7$FFbMF$r@.$5$J$$$b$N$G$"(B
$B$j!"(BA $B$,2?$,$*$+$7$/$J$C$F$$$k$N$+$rH=CG$9$k$?$a$K85$N%a%C%;!<%8$r0zMQ(B
$B$7$?$b$N$r4^$s$G1~Ez$r$9$k$3$H$,A[A|$G$-$k!#(B

$B0-0U$"$k%a%C%;!<%8$,(B A $B$K$h$C$F0U?^E*$KI|9f$5$l$?HG$HK\Mh$N%a%C%;!<%8$N(B
$B0E9f2=:Q$_HG$r85$K$7$F!"967bJ,$r2rFI$9$k$3$H$,2DG=$G$"$k$H?d;!$5(B
$B$l!"%3%s%F%s%D$rCmF~$9$k$K$b!"F1Ey$N:n6HNL$,I,MW$H$5$l$k!#B?$/$N%"%W%j(B
$B%1!<%7%g%s$O$3$NDxEY$G<}$^$k$H9M$($i$l$k$,!"$7$+$7!"967b$r7+$jJV$9$3$H(B
$B$K$h$jJ?J8FbMF$NA4BN$,2rFI$5$l$k7k2L$,0z$-5/$3$5$l$k$H?d;!$5$l$k!#(B

OpenPGP $B$N0E9f2==hM}Cf$K05=L$5$l$?%a%C%;!<%8$KBP$7$F!"$3$NLdBj$rMxMQ$9(B
$B$k967b$,2DG=$G$"$k$H$O9M$($i$l$F$$$J$$!#967buBV$G3+<($5$l$F$7$^$&E@$O=EMW$G$"$k!#(B
$B$3$NLdBj$O85!9$NDL?.FbMFFb$N0E9f2=7k2L$KAH$_9~$^$l$F$$$kHkL)80$K4X$9$k(B
$BHkF?@-$X$N6<0R$H$O$J$i$J$$!#$^$?!"$3$NLdBj$rMxMQ$9$k9-HO0O$J967b$O!"KX(B
$B$I$N>l9g!"%(%s%I%f!<%6$K$h$C$FFC$KDLJs$5$l$kN`$N$b$N$G$"$k$H9M$($i$l$k!#(B

14. W3C CERN httpd Proxy Cross-Site Scripting Vulnerability
BugTraq ID: 5447
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5447
$B$^$H$a(B:

CERN httpd $B$O(B W3C $B$+$iG[I[$5$l$F$$$k!"%U%j!<$GMxMQ2DG=$J(B HTTP $B%W%m%-%7(B
$B%5!<%P5!G=IU$-$N(B HTTP $B%5!<%P$G$"$k!#(B

CERN httpd $B$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMxMQ$9$k967b$N1F6A$rl9g!"(BCERN httpd $B$O%(%i!<$r(B Web $B%Z!<%8$r(B
$B2p$7$F=PNO$9$k!#$=$N:]!"%"%/%;%9@h$H$7$F@\B3$,;n$_$i$l$?(B URL $B$O%U%#%k%?(B
$B%j%s%0$,9T$o$l$k$3$H$J$/%(%i!<%Z!<%8$X=PNO$5$l$k!#$3$N$?$a!"967bpJs$N@`$N967b$r(B
$B4k$F$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

15. SGI Irix Bulk Data Services Arbitrary File Disclosure Vulnerability
BugTraq ID: 5448
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5448
$B$^$H$a(B:

SGI Bulk Data Service (BDS) $B$O(B Irix OS $B$GF0:n$9$k(B NFS $B$N3HD%5!G=$G$"$k!#(B
$B%j%b!<%H$N%U%!%$%k%7%9%F%`$r;HMQ$7$F$$$k%"%W%j%1!<%7%g%s$N%Q%U%)!<%^%s(B
$B%9$r2~A1$9$k$?$a!"9bB.$J%M%C%H%o!<%/$r2p$9$kBg$-$$%U%!%$%k$NE>Aw$rMF0W(B
$B$K$9$k$h$&@_7W$5$l$F$$$k!#(B

Bulk Data Service $B$N$$$/$D$+$N%P!<%8%g%s$KLdBj$,B8:_$9$k$3$H$,Js9p$5$l(B
$B$F$$$k!#%/%i%$%"%s%H%"%W%j%1!<%7%g%s$,!"LdBj$rJz$($F$$$k%7%9%F%`>e$NG$(B
$B0U$N%U%!%$%k$NFI$_9~$_8"8B$rC%pJs(B
$B$X%"%/%;%9$9$k8"8B$NC%pJs$O!"LdBj$rJz(B
$B$($F$$$k%7%9%F%`$rBP>]$H$9$k!"$5$i$J$k967b$r=uD9$9$k2DG=@-$,$"$k!#(B

16. PGPFreeware Malformed IKE Response Packet Buffer Overflow Vulnerability
BugTraq ID: 5449
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 12 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5449
$B$^$H$a(B:

PGPFreeware VPN $B$K;HMQ$5$l$F$$$k(B Internet Key Exchange (IKE) $B$Ne$G967bu67$r0-MQ$9$k$3$H$,2DG=$G$"$j!"$3$l$K$h$jG$0U$N%3!<%I$,$N%Y%s%@$N@=IJ$bF1MM$KLdBj$rJz$($F$$$k$3$H$,Js9p$5$l$F$$$k!#(B
$B0U?^E*$KAH$_N)$F$i$l$?(B IKE $B1~Ez%Q%1%C%H$N\:Y$K$D$$$F$O!"8=:_$N$H$3$mL@$i$+$K$J$C(B
$B$F$$$J$$!#(B

$B$3$NLdBj$O(B Windows NT 4.0 SP6 $B>e$G2TF0$9$k(B PGPFreeware 7.03 $B$KB8:_$9$k(B
$B$HJs9p$5$l$F$$$k!#B>$N%P!<%8%g%s$*$h$S%W%i%C%H%U%)!<%`$b1F6A$r17. Microsoft Internet Explorer File Attachment Script Execution Vulnerability
BugTraq ID: 5450
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5450
$B$^$H$a(B:

Microsoft Internet Explorer 6 $B$K$O%m!<%+%k%7%9%F%`$N%3%s%F%-%9%HFb$GG$(B
$B0U$N%3!<%I$rl9g!"(BHTM $B$r3HD%;R$K;}$D%U%!%$%k$O(B Internet Explorer $B$K4XO"IU$1$i$l(B
$B$F$*$j!"967b]$N%f!<%6$N%7%9%F%`$Gl=j$r7hDj2DG=$G$"$j!"7k2L$H(B
$B$7$F$=$l$,J]B8$5$l$k(B Temporary Internet Files (TIF) $B%G%#%l%/%H%j$N>l=j(B
$B$r7hDj2DG=$G$"$k!#(B

$B%@%&%s%m!<%I$5$l$?%U%!%$%k$NK\J8ItJ,Fb$KKd$a9~$^$l!"$^$?!"%m!<%+%k$N%U%!(B
$B%$%k%7%9%F%`>e$GH$9$k$?$a$K!"(BTemporary Internet Files $B%G%#%l%/%H%j$N>l=j$K4X$9$k(B
$B>pJs$,MxMQ2DG=$G$"$k!#$3$NLdBj$K$h$j!"7k2L$H$7$F%m!<%+%k%7%9%F%`$N%;%-%e(B
$B%j%F%#%>!<%sFb$GG$0U$N%3!<%I$N7$/2DG=@-$,$"$k!#(B

$B$3$N?6$kIq$$$O(B Internet Explorer 6 $B>e$GJs9p$5$l$F$$$k!#(BInternet Explorer
$B$NB>$N%P!<%8%g%s$b$3$NLdBj$rJz$($F$$$k2DG=@-$,$"$k$,!"$3$l$K$D$$$F$OL$(B
$B8!>Z$G$"$k!#(B

18. L2TPD Weak Random Number Generator Seeding Vulnerability
BugTraq ID: 5451
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5451
$B$^$H$a(B:

l2tpd $B$O(B Layer 2 Tunneling Protocol $B%G!<%b%s$G$"$j!"(BRFC 2661 $B$GDj5A$5(B
$B$l$F$$$k%W%m%H%3%k$N7$/(B
$B2DG=@-$,$"$k!#Mp?t$O(B l2tpd $BFb$GMM!9$JL\E*$KMxMQ$5$l$k!#Nc$($P%H%s%M%k(B
ID $B$d%;%C%7%g%s(B ID$B!"%A%c%l%s%8(B/$B%l%9%]%s%95!9=$,5s$2$i$l$k!#(B

$B967bpJs$r2~$6(B
$B$s$7$?$j@`l9g$G$b!"(Bl2tpd $B$rMQ$$$?DL?.$N0l4S@-$X$N6<0R$H$J$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$N7k2L$O!"(Bl2tpd $B$,1?MQ$5$l$F$$$k4D6-$K6/$/0MB8$9(B
$B$k$H9M$($i$l$k!#(B

19. Red Hat Interchange Arbitrary File Read Vulnerability
BugTraq ID: 5453
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5453
$B$^$H$a(B:

Interchange $B$OEE;R>&GE@$rEv$F$?!"(BWeb $B%"%W(B
$B%j%1!<%7%g%s$r3+H/$9$k$?$a$N4D6-$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux $B$*$h$S(B
$BMM!9$J(B UNIX $B>e$GMxMQ2DG=$G$"$k!#(B

Interchange 4.8.5 $B$*$h$S$3$l0JA0$N%P!<%8%g%s$KLdBj$,H/8+$5$l$F$$$k!#(B
Interchange $B$O967bl=j$KM3Mh$7$F@8$8$F$$$k!#(B
$BJs9p$K$h$k$H!"$3$N%U%)%k%@$O0J2<$NMQ$K%$%s%9%H!<%k$5$l$k!#(B
<INTERCHANGE_ROOT>/doc
$B$3$N%U%)%k%@$O%G%U%)%k%H>uBV$G(B Interchange $BMQ$N%^%K%e%"%k$,4^$^$l$F$$$k!#(B
$B$3$NLdBj$O(B Interchange $B%5!<%S%9$,(B INET (Internet service) $B%b!<%I$G2TF0(B
$B$7$F$$$k:]$K$N$_967b$KMxMQ2DG=$G$"$k!#(B

$B967bpJs$,C%A[(B / $B%G%#(B
$B%l%/%H%j$N@)8B$O$3$Ne$N%U%!%$%k$X$N%j%/%(%9%H$,9T$o(B
$B$l$k2DG=@-$,$"$k!#(B

20. HP-UX VVOS Unspecified Local Passwd Vulnerability
BugTraq ID: 5454
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5454
$B$^$H$a(B:

Virtual Vault Operating System (VVOS) $B$O(B HP $B$+$iHNGd$5$l$F$$$k!">&MQ@=(B
$BIJ$H$7$FDs6!$5$l$F$$$k(B OS $B$G$"$j!"6/2=$5$l$?%;%-%e%j%F%#5!G=$rDs6!$G$-(B
$B$kMM$K@_7W$5$l$F$$$k!#(B

VVOS $B$K$OITL@3N$G$O$"$k$,!"LdBj$,8xI=$5$l$F$$$k!#(Bpasswd $B%W%m%0%i%`$KLd(B
$BBj$,H/8+$5$l!"(BHP $B$h$j=$@5HG$,F~pJs$O:#$N$H$3$m8x3+$5$l$F$$$J$$!#(B
$B$7$+$7!"LdBj$rJz$($k%7%9%F%`$N%m!<%+%k$+$i$N8"8B>:3J$,2DG=$G$"$k$H9M$((B
$B$i$l$k!#(Bpasswd $B$OE57?E*$K$O!"%7%9%F%`$N%7%'%k$rMxMQ2DG=$J%f!<%6$K$h$C$F(B
$B$N$_%"%/%;%9$5$l$k(B setuid root $B>uBV$N21. Oracle 9iAS OJSP Demo Scripts Cross-Site Scripting Vulnerability
BugTraq ID: 5452
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5452
$B$^$H$a(B:

Oracle 9iAS $B$OMM!9$J(B JSP $B%9%/%j%W%H$N%5%s%W%k$rF1:-$7$F$$$k!#$3$l$i$N(B
$B%9%/%j%W%H$O(B Oracle 9iAS $B$N(B JSP $B$N;HMQK!$N;vNc$r4^$s$G$$$k!#(B

$B%5%s%W%k%9%/%j%W%H$N$$$/$D$+$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMxMQ(B
$B$9$k967b$N1F6A$r22. CafeLog b2 WebLog Tool Cross Site Scripting Vulnerability
BugTraq ID: 5455
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5455
$B$^$H$a(B:

Cafelog b2 WebLog Tool $B$O%K%e!<%9%Z!<%8$H(B Web $B%Z!<%8$NF0E*@8@.5!G=$rDs(B
$B6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O!"F0E*$K(B Web $B%Z!<%8$r@8@.$9(B
$B$k$?$a$K(B PHP $B$*$h$S(B MySQL $B%G!<%?%Y!<%9$r;HMQ$9$k!#(B

b2 WebLog Tool $B$O%G!<%?$r%V%i%&%6$KAw$jJV$7$F$$$k!#$=$N:]!"JQ?tCM$,%j%b!<(B
$B%H%f!<%6$K$h$C$F@_Dj2DG=$G$"$k:]!"$$$/$D$+$NJQ?tCM$O$3$N%9%/%j%W%H$K$h$C(B
$B$F4{$KFbItMQ%G!<%?$H$7$F@_Dj:Q$_$G$"$k$H8+$J$5$l$F$$$k!#$7$+$7!"$3$l$i(B
$BJQ?tCM$KBP$9$k(B HTML $B%?%0$N==J,$J%U%#%k%?%j%s%0$,9T$o$l$F$$$J$$$?$a!"(Bb2
WebLog Tool $B$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMxMQ$9$k967b$N1F6A$r(B
$BpJs$N:q$N(B Web $B$r85$K$7$?967b(B
$B$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

23. CafeLog b2 WebLog Tool SQL Injection Vulnerability
BugTraq ID: 5456
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5456
$B$^$H$a(B:

Cafelog b2 WebLog Tool $B$O%K%e!<%9%Z!<%8$HF0E*@8@.$5$l$?(B Web $B%Z!<%8$r:n(B
$B@.$9$k5!G=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O!"F0E*$K(B Web
$B%Z!<%8$r@8@.$9$k$?$a$K(B PHP $B$*$h$S(B MySQL $B%G!<%?%Y!<%9$r;HMQ$9$k!#(B

b2 WebLog Tool $B$O(B tableposts $BJQ?t$KM?$($i$l$?%f!<%6$+$iF~NO$5$l$?FbMF$K(B
$B4X$9$k%U%#%k%?%j%s%0$r==J,$K9T$C$F$$$J$$!#(Btablesposts $BJQ?t$X$NCM$O(B SQL
$B%/%(%j$XBeF~$5$l!"MxMQ$5$l$k!#$3$N$?$a!"(BSQL $B9=J8$,%j%/%(%9%HFb$KA^F~$5(B
$B$l!"%P%C%/%(%s%I%G!<%?%Y!<%9$K$h$C$F2r24. Oracle Listener Malformed Debugging Command Denial Of Service Vulnerability
BugTraq ID: 5457
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5457
$B$^$H$a(B:

Oracle Listener $B$K$OB??t$N%G%P%C%0%3%^%s%I$,Ds6!$5$l$F$$$k!#$3$l$i$O%G!<(B
$B%?%Y!<%9$K4X$9$k>pJs$r8!:w$9$k$?$a$K!"%j%b!<%H$N4IM}uBV$K4Y$kLdBj$rJz$($F$$$k!#(B
$B%j%b!<%H$N967buBV$K4Y$C$F$7$^$&!#DL>o5!G=$NI|5l$K$O%5!<%P$N:F5/F0$,I,MW(B
$B$G$"$k!#(B

$B%G%P%C%05!G=$,%G%U%)%k%H$GM-8z$G$"$j!"@_Dj$K$h$C$FL58z2=$G$-$J$$2DG=@-(B
$B$,Js9p$5$l$F$$$k!#(B

25. Xinetd Open File Descriptor Denial Of Service Vulnerability
BugTraq ID: 5458
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 13 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5458
$B$^$H$a(B:

xinetd $B$O(B inetd $B$N%;%-%e%"$JCV$-49$(HG$r0U?^$H$7$F3+H/$5$l$?%=%U%H%&%'(B
$B%"$G$"$j!"(BLinux $B$*$h$SMM!9$J(B UNIX $B$GMxMQ2DG=$J$h$&$K@_7W$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(Bxinetd $B$O(B DoS $B$K4Y$kLdBj$rJz$($F$$$k!#$3$l$O(B xinetd $B$+$i(B
$B3+;O$5$l$?;R%W%m%;%9$K$h$C$F7Q>5$5$l$?!"%7%0%J%k%Q%$%WMQ$N%U%!%$%k%G%#(B
$B%9%/%j%W%?$K$h$C$F@8$8$k!#$3$NLdBj$K$h$j!"0-0U$r;}$D?MJ*$O(B xinetd $B$HDL(B
$B?.$9$kG=NO$rHw$($k!"(Bxinetd $B$H4XO"IU$1$i$l$?%Q%$%W72$X%"%/%;%9$9$k7k2L$r(B
$B>7$/2DG=@-$,$"$k!#(B

$B%m!<%+%k$N967bo$KBg$-$J%G!<%?!"$"$k$$$O%5!<%S%9$N%/%i%C%7%e$r>7(B
$B$/$H?d;!$5$l$k0-0U$"$k%G!<%?$r(B xinetd$B$KAw?.$9$k$3$H$G!"%*!<%W%s>uBV$N%U%!(B
$B%$%k%G%#%9%/%j%W%?$N8mMQ$r>7$/$H9M$($i$l$k!#$3$NLdBj$rMxMQ$9$k967b$K$h(B
$B$j!"(Bxinetd $B$X$N@5Ev$J%j%/%(%9%H$X$N1~Ez$,<:GT$9$k7k2L$,@8$8$k!#(B

$B%7%0%J%k%Q%$%W$O(B Xinetd $B%P!<%8%g%s(B 2.3.4 $B$GF3F~$5$l$F$*$j!"$=$l0JA0$N%P!<(B
$B%8%g%s$O$3$NLdBj$rJz$($k5?$$$O$J$$$H?d;!$5$l$k!#(B

26. HP-UX VVOS TGAD Unspecified Stack Corruption Vulnerability
BugTraq ID: 5459
$B%j%b!<%H$+$i$N:F8=@-(B: $BL$>\(B
$B8xI=F|(B: Aug 14 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5459
$B$^$H$a(B:

Virtual Vault Operating System (VVOS) $B$O(B HP $B$+$iHNGd$5$l$F$$$k!">&MQ@=(B
$BIJ$H$7$FDs6!$5$l$F$$$k(B OS $B$G$"$j!"6/2=$5$l$?%;%-%e%j%F%#5!G=$rDs6!$G$-(B
$B$kMM$K@_7W$5$l$F$$$k!#(B

VVOS $B$N(B TGA (Trusted Gateway Agent) $B%G!<%b%s$OITFCDj$N%9%?%C%/FbMF$NGK(B
$B2u$,0z$-5/$3$5$l$k$H$$$&LdBj$rJz$($F$$$k!#$3$NLdBj$rMxMQ$9$k967b$,@.8y(B
$B$7$?>l9g!"%7%9%F%`%U%!%$%k$XG'>Z$r9T$&$3$H$J$/%"%/%;%9$5$l$k2DG=@-$,$"(B
$B$k!#(B

$B$3$NLdBj$K4XO"$9$k>pJs$O8x3+$5$l$F$$$J$$$,!"LdBj$rJz$($k%7%9%F%`$N%m!<(B
$B%+%k$+$i$N8"8B>:3J$,2DG=$G$"$k$H9M$($i$l$k!#$3$N7k2L!"%m!<%+%k%f!<%6$O(B
$B$h$j9b0L$N8"8B$NC%27. Oracle Net Listener Format String Vulnerability
BugTraq ID: 5460
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 14 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5460
$B$^$H$a(B:

Oracle Net Listener $B$O!"%G!<%?%Y!<%9%5!<%S%9$KBP$9$k%/%i%$%"%s%H$+$i$N(B
$B%j%/%(%9%H$r=hM}$9$k$?$a$K(B Oracle DBA $B$K$h$j;HMQ$5$l$k%D!<%k$G$"$k!#(B
$B$^$?!"(BOracle $B$O(B Oracle DBA $B$,%j%b!<%H$+$i(B Net Listener $B$r4IM}2DG=$K$9(B
$B$k5!9=$rDs6!$7$F$$$k!#(B

Listener Control utility (LSNRCTL) $B$KLdBj$,H/8+$5$l$F$$$k!#(B
$BJs9p$K$h$k$H!"(BListener Control utility $B$O=q<0;XDj;R$rMxMQ$9$k967b$N1F6A(B
$B$rZ$r9T$&$3$H$J$/(B
$B@_Dj%U%!%$%k$NJQ99$,2DG=$G$"$k!#967b1. Audit Shows More PCs At the IRS Are Missing
$BCx$N@/I\7O5!4X$N$=$l$HF1MM!"?tB?$/$N4{$KHo$C$?B;<:$K2C$($F9g=09q:bL3>J(B
$BFb9q:PF~D#(B (IRS; Internal Revenue Service) $B$OJ*IJ$NEpFq$KAx$$!"$^$?!"%3(B
$B%s%T%e!<%?72$N@_CV>l=j$r8m$jB3$1$F$$$k!#(B

http://online.securityfocus.com/news/583

2. MS soft-pedals SSL hole
$BCxZL@=q$K(B
$B$*$1$k%;%-%e%j%F%#>e$NLdBj$KBP1~$9$k(B Microsoft Security PR Bulletin$B$O!"(B
$B$=$l$K4X$7$F$"$^$j4X?4$rJz$+$J$$B?$/$N(B Windows $B%f!<%6$KJ]>Z$rM?$($kJ}K!(B
$B$+$iH?$l$F$$$k>u67$G$"$k!#%;%-%e%j%F%#>e$NLdBj$K4X$9$k@h$NH]DjE*$JJs9p(B
$B$O!"L@$i$+$K!"==J,$J!V6Q9U!W$,u67$G$O$J$$$H8@$($k!#(B
($BNc(B: $BHNGdItLg$K$h$C$F>5G'$5$l$F$$$k$J$I(B)

http://online.securityfocus.com/news/582

3. Sleuths Invade Military PCs With Ease
$BCxuBV$G$"$k$H$NLdBjE@$rL@$i$+$K$7$?!#(B

http://online.securityfocus.com/news/581

4. U.S. Aiding Asia-Pacific Anti-Cybercrime Efforts
$BCxe9q$N%3%s%T%e!<%?HH:a$*$h$S%5%$%P!<%F%m$H$N@o$$$r=u$1$k$?$a$N9q(B
$B:]E*M\@.%W%m%0%i%`$N0l4D$H$7$F!"%"%a%j%+$NA\::Ev6I$O:#=5Kv%"%8%"B@J?MN(B
$BCO0h$Nhttp://online.securityfocus.com/news/580

IV. SECURITYFOCUS TOP 6 TOOLS
----------------------------
1. Advisor v1.2.6-3
$B:nhttp://www.niftybox.com/download.php
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

Advisor $B$O%;%-%e%j%F%#%"%I%P%$%6%j$N%G!<%?%Y!<%9$r%b%K%?$7!"$=$N%"%I%P(B
$B%$%6%j$,%$%s%9%H!<%k$5$l$?%=%U%H%&%'%"%Q%C%1!<%8$K4X78$9$k$b$N$G$"$C$?(B
$B>l9g!"%"%i!<%H$rAw?.$7$^$9!#Nc$($P!"(BApache $B$K4X$7$F$N%;%-%e%j%F%#%"%I%P(B
$B%$%6%j$,$"$j!"%7%9%F%`$K(B Apache $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O!"DLCN$,(B
$BAw$i$l$^$9!#8=:_$N$H$3$m!"(BRedHat $B$H(B Mandrake $B$KBP1~$7$F$$$^$9!#(B

2. Netfilter2html v0.6b
$B:nhttp://webtools.linuxsecurity.com.br/
$BF0:n4D6-(B: UNIX
$B$^$H$a(B:

Netfilter2html $B$O(B netfilter $B$d(B iptables $B$N%m%0$r%U%#%k%?%j%s%0$9$k$?$a(B
$B$K(B awk $B$G3+H/$5$l$?%9%/%j%W%H$G$"$j!"(BHTML $B7A<0$G%l%]!<%H$r@8@.$7$^$9!#(B

3. spasm anti-spam milter v0.22
$B:nhttp://www.theasylum.org/spasm/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

spasm anti-spam milter $B$O(B libmilter $B$KBP1~$7$?!"(Bsendmail $B%P!<%8%g%s(B 8.12
$B0J9_$G;HMQ2DG=$J%9%Q%`%U%#%k%?$G$9!#8=:_$N5!G=$O!"5qH]$7$?%9%Q%`$N%m%0(B
$B:NA[2=$7$?%I%a%$%s@_Dj!"8DJL$N%[%o%$%H%j%9%H!"$=$7$F(B 2 $B%@!<(B
$B%90J>e$N%V%i%C%/%j%9%H%U%#%k%?$O%I%a%$%s$^$?$OEE;R%a!<%kKh$N%"%I%l%9$r(B
$B4p=`$K8DJL$K@_Dj$9$k$3$H$,2DG=$G$9!#%m!<%+%k$N%V%i%C%/%j%9%H!"(BDNS $B$N5U(B
$B0z$-!"(BHELO/EHLO $BG'>Z!"%(%s%Y%m!<%W$NAw?.85%"%I%l%9$K$h$kG'>Z!"B??t$N(B DNS
$B$KM3Mh$9$k%j%9%H!"%[%o%$%H%j%9%H$N$_$N%b!<%I!"%?%0IU$-$N$_$N%b!<%I!"$=(B
$B$7$F<+F0E*$K%V%i%C%/%j%9%H$K:\$;$k5!G=$,4^$^$l$F$$$^$9!#(B

4. radiusContext v1.81
$B:nhttp://www.tummy.com/radiusContext/
$BF0:n4D6-(B: Os Independent
$B$^$H$a(B:

radiusContext $B$O(B RADIUS (Remote Authentication Dial In User Services)
$B$N%"%+%&%s%F%#%s%0%m%0$r2r@O$9$k%=%U%H%&%'%"72$G$9!#(BradiusContext $B$O(B
Livingston$B!"(BMERIT $B$*$h$S(B Ascend RADIUS $B$N%m%07A<0$KBP1~$7$F$$$^$9!#(B
$B$3$N%=%U%H%&%'%"$O(B python $B$G5-=R$5$l$F$*$j!"?t%.%,%P%$%H$^$G$N%m%0%U%!(B
$B%$%k$r2r@O2DG=$G$9!#(B

5. fauxident.py v1.0
$B:nhttp://www.alcyone.com/pyos/fauxident/
$BF0:n4D6-(B: POSIX, UNIX
$B$^$H$a(B:

fauxident $B$OHs>o$KC15!G=$J(B ident $B%5!<%P$NLr3d$r2L$?$9!">.5,LO$N(B Python
$B%9%/%j%W%H$G$"$j!"A4$F$N(B ident $B%j%/%(%9%H$KBP$7$F(B ERROR $B$^$?$O(B USERID
$B$N$$$:$l$+$N0l4S$7$?1~Ez$r9T$$$^$9!#(Bfauxident $B$O!"K\J*$N(B identd $B$,MxMQ(B
$B$G$-$J$$>l9g!"Nc$($P%;%-%e%j%F%#%j%9%/$r9MN8$9$k>l9g!"%^%9%+%l!<%I%?%$(B
$B%W$N%U%!%$%d%&%)!<%k$,MxMQ$5$l$F$$$k>l9g!"%U%!%$%d%&%)!<%k$NFbIt$GJ#?t(B
$B$N%3%s%T%e!<%?$,l9g(B
$B$KM-1W$H$J$jF@$^$9!#(B

6. HTun v0.9.3b
$B:nhttp://htun.runslinux.net/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

HTun $B$O(B HTTP $B%W%m%-%7$^$?$OC1$K(B 80 $BHV%]!<%H>e$GF0:n$9$k!"APJ}8~DL?.$KBP(B
$B1~$7$?(B IP $BAX$G$N(B VPN $B@\B3$r2DG=$K$9$k(B VPN (Virtual Private Network) $B%$(B
$B%s%?%U%'!<%9$G$9!#$3$N%=%U%H%&%'%"$O!"DL2a@)8B$,2C$($i$l$F$$$k%U%!%$%d(B
$B%&%)!<%k$r2sHr$7!"MxMQe$N%M%C%H%o!<%/%5!<%S%9(B
$B$rMxMQ2DG=$K$7$^$9!#(B
--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$B@PED6G5W(B(ISHIDA Akihisa)$B!"http://www.lac.co.jp/security/
smime.p7s