SecurityFocus Newsletter #160 2002-8-26->2002-8-30

To: BUGTRAQ-JP@SECURITYFOCUS.COM
Subject: SecurityFocus Newsletter #160 2002-8-26->2002-8-30
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Wed, 11 Sep 2002 21:45:53 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
In-Reply-To: <Pine.LNX.4.43.0209040854280.6937-100000@mail.securityfocus.com>
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
References: <Pine.LNX.4.43.0209040854280.6937-100000@mail.securityfocus.com>
$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 160 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
SecurityFocus Newsletter $B$K4X$9$k(BFAQ:
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq-JP $B$K4X$9$k(B FAQ:
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
(SecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0le$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
This translation is encoded in ISO-2022-JP.

$B86HG(B:
Date: Wed, 4 Sep 2002 08:55:04 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0209040854280.6937-100000@mail.securityfocus.com>

SecurityFocus Newsletter #160
-----------------------------

This Issue Is Sponsored By: SpiDynamics

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Configuring IPSec and Ike on Solaris, Part Two
     2. Justifying the Expense of IDS, Part Two: Calculating ROI for IDS
     3. Lobbying for Insecurity
     4. When Feds are the Crackers
     5. SecurityFocus DPP Program
     6. InforwarCon 2002
II. BUGTRAQ SUMMARY
     1. Microsoft Internet Explorer Download Dialogue File Source...
     2. Microsoft Internet Explorer XML Redirect File Disclosure...
     3. PHP Mail Function ASCII Control Character Header Spoofing...
     4. Mantis Unauthorized Bug Viewing Vulnerability
     5. UTStarcom BAS-1000 Default User Accounts Vulnerability
     6. Mantis Unauthorized Project Bug List Viewing Vulnerability
     7. Blazix Special Character Handling Server Side Script...
     8. Blazix Password Protected Directory Information Disclosure...
     9. OmniHTTPD Sample Scripts Cross Site Scripting Vulnerabilities
     10. PHPReactor Style Attribute HTML Injection Vulnerability
     11. Kerio Personal Firewall Multiple SYN Packet Denial Of Service...
     12. Belkin F5D6130 Wireless Network Access Point SNMP Request...
     13. OmniHTTPD Sample Application URL Encoded Newline HTML...
     14. Gaim Manual Browser Command Arbitrary Command Execution...
     15. mIRC Scripting ASCTime Buffer Overflow Vulnerability
     17. Caldera X Server Unspecified Buffer Overflow Vulnerability
     18. GDAM123 Filename Buffer Overflow Vulnerability
     20. Ultimate PHP Board Second 'admin' Account Vulnerability
     21. Python os.py Predictable Temporary Filename Command Execution...
III. SECURITYFOCUS NEWS ARTICLES
     1. Lamo Bumped from NBC After Hacking Them
     2. Ziff pays $125K to settle security breach
     3. Spyware Trojan sends Hotmail to your boss
     4. MS in fresh digital cert flaw
IV. SECURITYFOCUS TOP 6 TOOLS
     1. checkpassword-ldap v0.1
     2. Prelude Log Monitoring Lackey v 0.8.1
     3. batemail v0.8.6
     4. GPGME 0.3.9 v0.3.9
     5. iptables-control v1.0.3
     6. l0stat v1.1

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Internet Explorer Download Dialogue File Source Obfuscation Vulnerability
BugTraq ID: 5559
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5559
$B$^$H$a(B:

Microsoft Internet Explorer $B$K$h$k%@%&%s%m!<%I%@%$%"%m!<%0$N%f!<%6$X$N(B
$BDs<(J}K!$KLdBj$,H/8+$5$l$?!#$3$NLdBj$O(B Internet Explorer 5.0.1 $B$+$i(B 6.0
$B$^$G$K1F6A$r5Z$\$9!#(B

$BJs9p$K$h$k$H!"(BInternet Explorer $B$O!V%U%!%$%k$N%@%&%s%m!<%I!W%@%$%"%m!<(B
$B%0%\%C%/%9Fb$G%U%!%$%k$N%@%&%s%m!<%I85$r8mI=<($7$F$7$^$&2DG=@-$,$"$k!#(B
$B967bpJs$rI=<($9$k:]!"0U?^E*$KAH$_N)$F$i$l$?(B URL $B$X$N%O%$%Q!<%j(B
$B%s%/$N=hM}$K<:GT$9$k$?$a$K@8$8$F$$$k!#$3$N%@%$%"%m!<%0%\%C%/%9$,FCDj$N(B
$BFCl=j$rI=<(ITG=$J$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$r4k$F$k967b]$H$J$C$?%f!<%6$,%U%!(B
$B%$%k$r?.Mj$KCM$7$J$$F~7$-!"%f!<%6$X56$N?.Mj$r;}$?$;$k2DG=@-$,$"$k!#(B
$B$J$*!"%f!<%6$O8mI=<($5$l$?%U%!%$%k$rBPOCE*$K%@%&%s%m!<%I$7!"2. Microsoft Internet Explorer XML Redirect File Disclosure Vulnerability
BugTraq ID: 5560
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5560
$B$^$H$a(B:

Microsoft Internet Explorer $B$O967b$N%U%!%$%k$K$D$$$F$O0lIt$,3+<($5$lF@$kLdBj$rJz$($F$$$k!#(B
$B$3$NLdBj$O(B Internet Explorer 5.0.1 $B$+$i(B 6.0 $B$^$G$K1F6A$r5Z$\$9!#(B

$B$3$NLdBj$K$h$j!"967b]$N%7%9%F%`Fb$N4{CN$N>l=j$K3JG<$5$l$F$$(B
$B$k(B XML $B%U%!%$%k$NFbMFA4BN$rFI$_=P$;!"B>$N%U%!%$%k$K$D$$$F$O0lIt$rFI$_=P(B
$B$72DG=$G$"$k!#(B

$B$3$NLdBj$O(B Internet Explorer $B$,(B XML $B%G!<%?$rI=<($9$k:]$N(B HTML $B%G%#%l%/(B
$B%F%#%V$NITE,@Z$JH$5$l$?(B
XML $B%G!<%?%=!<%9$,0[$J$k%I%a%$%sFb$N%G!<%?%=!<%9$X%j%@%$%l%/%H$5$l$F$$(B
$B$J$$$3$H$NN"$E$1$H$J$k3NG':n6H$r@5$7$/9T$C$F$$$J$$!#(B
$B$3$N$?$a!"%m!<%+%k$"$k$$$O%j%b!<%H$X$N(B HTTP $B%j%/%(%9%H$X%j%@%$%l%/%H$5(B
$B$;$k$?$a$K(B <script> $B%?%0$H(B src $BB0@-$K(B URL $B$r3d$jEv$F$k$3$H$G!"(BXML $B%(%s(B
$B%8%s$O;XDj$5$l$?;q8;$NFbMF$r=hM}$7!"FbMF$rI=<($7$F$7$^$&$N$G$"$k!#(B

$B$3$NLdBj$O0-0U$"$k(B Web $B%Z!<%8!"$"$k$$$O0-0U$"$k(B HTML $B7A<0$NEE;R%a!<%k$r(B
$B2p$7$F967b$KMxMQ2DG=$G$"$k!#(BInternet Explorer $B%(%s%8%s$rMxMQ$7$F$$$kB>(B
$B$N%"%W%j%1!<%7%g%s(B (Outlook$B!"(BMSN Explorer $B$J$I(B) $B$X$b1F6A$O5Z$V!#(B

$B$3$NLdBj$O(B BID 5557 Multiple Microsoft Internet Explorer Vulnerabilities
$B$H$7$F(B BID $B$,3d$jEv$F$i$l$F$$$?$,!"8=;~E@$G$O8DJL$N(B BID $B$,3d$jEv$F$i$l(B
$B$F$$$k!#(B

3. PHP Mail Function ASCII Control Character Header Spoofing Vulnerability
BugTraq ID: 5562
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5562
$B$^$H$a(B:

PHP $B$O(B Personal HomePage development toolkit $B$H8F$P$l!"(BPHP.net $B$h$jG[I[(B
$B$5$l$F$$$k!#$3$N%=%U%H%&%'%"$O%Q%V%j%C%/%I%a%$%s>uBV$G(B PHP Development
$B%A!<%`$K$h$C$FJ]uBV$GEE;R%a!<%k$rAw?.$9$k$?$a(B
$B$KMxMQ2DG=$G$"$k!#(B

4. Mantis Unauthorized Bug Viewing Vulnerability
BugTraq ID: 5563
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5563
$B$^$H$a(B:

Mantis $B$O(B Web $B%$%s%?%U%'!<%9$rHw$($k%P%0DI@W%7%9%F%`$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B PHP $B$rMxMQ$7$F3+H/$5$l!"%P%C%/%(%s%I%G!<%?%Y!<%9$H(B
$B$7$F(B MySQL $B$rMxMQ$7$F$$$k!#(B

Mantis $B$O0-0U$"$k%f!<%6$,0U?^$9$k%P%0$r;2>H2DG=$K$J$k$H9M$($i$l$k%;%-%e(B
$B%j%F%#>e$NLdBj$rJz$($F$$$k!#DL>o!"%f!<%6$OE,@Z$J%"%/%;%9%3%s%H%m!<%k$,(B
$B9T$o$l$F$$$k%P%0$N$_$r1\Mw2DG=$J>uBV$G$"$k!#(B

$B%P%0$r;2>H$9$k$?$a$KMxMQ$5$l$F$$$kMM!9$J%9%/%j%W%H$O%f!<%6MQ$N%Q!<%_%C(B
$B%7%g%s$r3NG'$7$F$$$J$$!#$3$N$?$a!"$3$l$i%9%/%j%W%H$rD>@\%f!<%6$O8F$S=P(B
$B$7!"0U?^$9$k(B Bug ID $B$r(B CGI $BMQ$N%Q%i%a!<%?$H$7$F;XDj$9$k2DG=@-$,$"$k!#(B

$BLdBj$rJz$($F$$$k$H$NJs9p$,4s$;$i$l$F$$$k%9%/%j%W%H$O0J9_$,3:Ev$9$k!#(B
view_bug_page.php
view_bug_advanced_page.php
bug_update_page.php
bug_update_advanced_page.php

$B$3$NLdBj$rMxMQ$9$k967b$K$h$j=EMW$J>pJs$N3+<($,0z$-5/$3$5$l$k2DG=@-$,$"(B
$B$k!#(B

5. UTStarcom BAS-1000 Default User Accounts Vulnerability
BugTraq ID: 5564
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5564
$B$^$H$a(B:

BAS-1000 $B$O(B UTStarcom $B$K$h$C$F@_7W!"HNGd$5$l$F$$$kB?L\E*$N9XFIZ$r9T$&$3$H$J$/5!4o$N;q8;$K%"(B
$B%/%;%9$,2DG=$G$"$k$H9M$($i$l$k!#(B

BAS-1000 $BMQ$N%U%!!<%`%&%'%"$O%G%U%)%k%H%Q%9%o!<%I$rH<$&(B 4 $B$D$N%"%+%&%s(B
$B%H$rHw$($F$$$k$3$H$,H/8+$5$l$F$$$k!#$3$l$i$N$&$A(B 2 $B$D!"(Bguru $B$H(Bfield $B$O(B
$B%7%9%F%`4IM}e$N8"8B$rDs6!$7$F$$$k!#(B

$B0J2<$K<($9%"%+%&%s%HL>$H%Q%9%o!<%I$NAH$_$,MxMQ$5$l$F$$$k!#(B

User	Password
field    *field
guru    *3noguru
snmp     snmp
dbase     dbase

$B$3$l$i%"%+%&%s%H$rMxMQ$7!"%j%b!<%H%f!<%6$OLdBj$rJz$($k5!4o$X4IM}6. Mantis Unauthorized Project Bug List Viewing Vulnerability
BugTraq ID: 5565
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 23 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5565
$B$^$H$a(B:

Mantis $B$O(B Web $B%$%s%?%U%'!<%9$rHw$($k%P%0DI@W%7%9%F%`$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B PHP $B$rMxMQ$7$F3+H/$5$l!"%P%C%/%(%s%I%G!<%?%Y!<%9$H$7(B
$B$F(B MySQL $B$rMxMQ$7$F$$$k!#(B

Mantis $B$O0-0U$"$k%P%0DI@W%7%9%F%`$N%f!<%6$,%"%/%;%9@)8B$,3]$1$i$l$F$$$k(B
$B%W%m%8%'%/%H$KBP$7$F!"G'>Z$r9T$&$3$H$J$/%"%/%;%92DG=$K$J$k$H?d;!$5$l$k(B
$BLdBj$rJz$($k5?$$$,$"$k!#$3$NLdBj$OFCDj$N%f!<%6$X%P%0$N@5Ev@-$r@)8BIU$-(B
$B$G1\Mw$5$;$k$?$a!"$3$N%=%U%H%&%'%"$rMxMQ$7$F$$$kAH?%$KBP$7$F$O%;%-%e%j(B
$B%F%#$K4X$o$kN10U;v9`$G$"$k$H9M$($i$l$k!#(B

$B$I$N%W%m%8%'%/%H$K4X$7$F$b1\Mw8"$r;}$?$J$$%f!<%6$,!"A4$F$N8x3+:Q$_$HHs(B
$B8x3+$N%W%m%8%'%/%H$K4X$9$k%P%0(B View Bugs $B%Z!<%8$+$i1\Mw2DG=$G$"$k!#(B

$B%"%/%;%9$9$k$?$a$N%Q!<%_%C%7%g%s$r;}$?$J$$$O$:$N0-0U$"$k%f!<%6$,!"$3$N(B
$BLdBj$r%7%9%F%`Fb$N0U?^$9$k%P%0$K4X$9$k%5%^%j>pJs$r1\Mw$9$k$?$a$KMxMQ2D(B
$BG=$G$"$k!#$7$+$7!"$3$NLdBj$rMxMQ$9$k967b$rMxMQ$7$F%P%0$N>\:Y>pJs$NA4BN(B
$B$r1\Mw$9$k$3$H$OIT2DG=$G$"$k!#(B

7. Blazix Special Character Handling Server Side Script Information Disclosure Vulnerability
BugTraq ID: 5566
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 24 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5566
$B$^$H$a(B:

Blazix $B$O%U%j!<$GMxMQ2DG=$J!"(BJava $B$G3+H/$5$l$?%*!<%W%s%=!<%9$N(B Web $B%5!<(B
$B%P$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux $B$*$h$S(B Microsoft Windows $B$GMxMQ2DG=(B
$B$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"%j%b!<%H%f!<%6$O=EMW$J>pJs$X$N%"%/(B
$B%;%98"$rpJs$N3+<($r>7$/$H6&$K!"%7%9%F%`$KBP$7$F$5$i$J$k(B
$B967b$r4k$F$k:]$N>pJs$rF~l9g$K$O!"%5!<%P$OM=B,ITG=$J5s(B
$BF0$r<($92DG=@-$,$"$k!#Js9p$K$h$k$H!"$3$N$N8e$m$KIU$12C$($i$l$F$$$k>l9g!"%U%!%$%k$NFbMF$O3+<($5$l$k$H$N$3(B
$B$H$G$"$k!#(B

8. Blazix Password Protected Directory Information Disclosure
Vulnerability
BugTraq ID: 5567
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 25 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5567
$B$^$H$a(B:

Blazix $B$O%U%j!<$GMxMQ2DG=$J!"(BJava $B$G3+H/$5$l$?%*!<%W%s%=!<%9$N(B Web $B%5!<(B
$B%P$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux $B$*$h$S(B Microsoft Windows $B$GMxMQ2DG=(B
$B$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"%j%b!<%H%f!<%6$O=EMW$J>pJs$X$N%"%/(B
$B%;%98"$rpJs$N3+<($r>7$/(B
$B$H6&$K!"%7%9%F%`$KBP$7$F$5$i$J$k967b$r4k$F$k:]$N>pJs$rF~l9g$K$O!"%5!<%P$OM=B,ITG=$J5s(B
$BF0$r<($92DG=@-$,$"$k!#Js9p$K$h$k$H!"$3$N$N8e$m$KIU$12C$($i$l$F$$$k>l9g!"%G%#%l%/%H%j$NFbMF$O3+(B
$B<($5$l$k$H$N$3$H$G$"$k!#(B

9. OmniHTTPD Sample Scripts Cross Site Scripting Vulnerabilities
BugTraq ID: 5568
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 26 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5568
$B$^$H$a(B:

OmniHTTPD $B$O(B Microsoft Windows $B4D6-$GF0:n$9$k(B Web $B%5!<%P$G$"$k!#(B
OmniHTTPD $B$O(B Server Side Includes (SSI) $B$*$h$S(B PHP $B8@8l$G:n@.$5$l$?(B CGI
$B%9%/%j%W%H$r4^$`F0E*$J(B Web $B%3%s%F%s%D@8@.$rL\E*$H$9$kMM!9$J3HD%5!G=$r(B
$BHw$($F$$$k!#(B

OmniHTTPD $B$KF1:-$5$l$F$$$kJ#?t$N%5%s%W%k%9%/%j%W%H$K$O%/%m%9%5%$%H%9%/(B
$B%j%W%F%#%s%0$NLdBj$,H/8+$5$l$F$$$k!#LdBj$rJz$($k%9%/%j%W%H$O(B test.shtml$B!"(B
test.php $B$,5s$2$i$l$k!#(B

$B967bBP>]$N%f!<%6$rLdBj$rJz$($k%9%/%j%W%H$N$$$:$l$+(B 1 $B$D$X0-0U$"$k%O%$%Q!<(B
$B%j%s%/$rMxMQ$7$FC)$i$;$k$3$H$G!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k2DG=@-$,(B
$B$"$k!#0-0U$"$k%O%$%Q!<%j%s%/$,C)$i$l$k:]!"967bpJs$NC%$N(B Web $B$r2p$7$?967b$r4k$F(B
$B$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

10. PHPReactor Style Attribute HTML Injection Vulnerability
BugTraq ID: 5569
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 24 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5569
$B$^$H$a(B:

php(Reactor) $B$O!"(BWeb $B%5%$%H$NJ]e$Gu67$rMxMQ$9$k967b$r4k$F$k62$l$,$"$k!#967b11. Kerio Personal Firewall Multiple SYN Packet Denial Of Service Vulnerability
BugTraq ID: 5570
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 26 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5570
$B$^$H$a(B:

Kerio Personal Firewall (KPF) $B$O(B Microsoft Windows $B>e$GF0:n$9$k%Q!<%=(B
$B%J%k%U%!%$%"%&%)!<%k@=IJ$G$"$k!#(B

KPF $B$NFCDj$N%P!<%8%g%s$K$*$$$F!"(BDoS $B>uBV$r>7$/LdBj$,Js9p$5$l$F$$$k!#(B
$BBgNL$N(B SYN $B%Q%1%C%H$rC10l$NAw?.85$+$iCHq$7?T$/$7!"LdBj$rJz$($k%7%9%F%`$O40(B
$BA4$K5!G=$rDd;_$9$k!#DL>oF0:n$X$NI|5l$N$?$a$K$O!":F5/F0$,I,MW$G$"$k$H?d;!(B
$B$5$l$k!#(B

$BJs9p$K$h$k$H!"$3$N967bZ4D6-$G$O!"(B300 $B8D$+$i(B 500 $B8D$N(B SYN $B%Q%1%C%H$rAw(B
$B?.$9$l$P!"$3$N>uBV$r0z$-5/$3$9$K$O==J,$G$"$k$3$H$,Js9p$5$l$F$$$k!#(B

12. Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability
BugTraq ID: 5571
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 26 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5571
$B$^$H$a(B:

Belkin F5D6130 $BL5@~%M%C%H%o!<%/%"%/%;%9%]%$%s%H$K$O!"(BDoS $B$r0z$-5/$3$9Ld(B
$BBj$,Js9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"O"B3$7$?(B SNMP $B%j%/%(%9%H$rAH$_N)$F$k$3$H$K$h$j!"$3$NLdBj(B
$B$rMxMQ$9$k967b$r9T$&$3$H$,2DG=$G$"$k!#$J$*!"$3$N:]$K@5Ev$J%3%_%e%K%F%#(B
$BL>$OMW5a$5$l$J$$!#>/$J$/$H$b(B 1 $B$D$N(B SNMP $B%H%i%C%W$r%V%m!<%I%-%c%9%H$9$k(B
$B$3$H$K$h$j!"$3$N5!4o$O$=$l$>$l$N%j%/%(%9%H$KBP$7$F1~Ez$9$k!#(B

SNMP $B%j%/%(%9%H$,Aw?.$5$l$?:]!"$3$N5!4o$O$5$i$J$k%j%/%(%9%H$KBP$7$F1~Ez(B
$BITG=$J>uBV$K4Y$k!#$^$?!"A4$F$NL5@~$r2p$9$k%3%M%/%7%g%s$b@ZCG$5$l!"?75,(B
$B$N%3%M%/%7%g%s$N3NN)$bITG=$K$J$j!"7k2L$H$7$FL5@~(B LAN $B5!4o$N@5Ev$J%f!<%6(B
$B$X$N%5!<%S%9$rAK32$9$k$3$H$K$J$k!#(B

$BFCDj$N>u672<$K$*$$$F!"5!4o$O%$!<%5%M%C%H$H$N%$%s%?%U%'!<%9$X$N1~Ez$b9T(B
$B$($J$/$J$k$H?d;!$5$l!"$$$+$J$k5!4o$N4IM}l9g!"DL>oF0:n$X$NI|5l$K$"$?$C$F$O!"13. OmniHTTPD Sample Application URL Encoded Newline HTML Injection Vulnerability
BugTraq ID: 5572
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 26 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5572
$B$^$H$a(B:

OmniHTTPD $B$O(B Microsoft Windows $B4D6-$GF0:n$9$k(B Web $B%5!<%P$G$"$k!#(B
OmniHTTPD $B$O(B Server Side Includes (SSI) $B$*$h$S(B PHP $B8@8l$G:n@.$5$l$?(B
CGI $B%9%/%j%W%H$r4^$`F0E*$J(B Web $B%3%s%F%s%D@8@.$rL\E*$H$9$kMM!9$J3HD%5!G=(B
$B$rHw$($F$$$k!#(B

OmniHTTPD $B$KF1:-$5$l$F$$$k%5%s%W%k%9%/%j%W%H(B /cgi-bin/redir.exe $B$K$O%/(B
$B%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"967bl9g!"967buBV$G(B HTTP $B$N(B 302 $B%9%F!<%?%9%3!<(B
$B%I1~Ez$,JV$5$l$F$7$^$&$N$G$"$k!#(B

$B967bBP>]$N%f!<%6$rLdBj$rJz$($k(B CGI $B$X$N0-0U$"$k%O%$%Q!<%j%s%/$rMxMQ$7$F(B
$BC)$i$;$k$3$H$G!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k2DG=@-$,$"$k!#0-0U$"$k%O(B
$B%$%Q!<%j%s%/$,C)$i$l$k:]!"967bpJs$NC%$N(B Web $B$r2p$7$?967b$r4k$F(B
$B$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

14. Gaim Manual Browser Command Arbitrary Command Execution Vulnerability
BugTraq ID: 5574
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 27 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5574
$B$^$H$a(B:

Gaim $B$O!"B?$/$N%W%m%H%3%k$r%5%]!<%H$7$?%$%s%9%?%s%H%a%C%;%s%8%c!<%/%i%$(B
$B%"%s%H$G$"$k!#$3$N%"%W%j%1!<%7%g%s$O!"(BUNIX $B$d(B Linux $B$GF0:n2DG=$G$"$k!#(B

Gaim $B$N%f!<%6$O(B Manual $B%V%i%&%6%*%W%7%g%s$r@_Dj2DG=$G$"$k!#(BURL $B$X$N%O%$(B
$B%Q!<%j%s%/$r%$%s%9%?%s%H%a%C%;!<%8$r2p$7$F15. mIRC Scripting ASCTime Buffer Overflow Vulnerability
BugTraq ID: 5576
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B:Aug 27 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5576
$B$^$H$a(B:

mIRC $B$O(B Microsoft Windows $B8~$1$K:n$i$l$?(B IRC $B%W%m%H%3%k$rMxMQ$9$k%A%c%C(B
$B%H%/%i%$%"%s%H$G$"$k!#(BmIRC $B$G$O%9%/%j%W%H8@8l$,Ds6!$5$l$F$$$k!#(B

mIRC $B%9%/%j%W%H8@8l$NCf$N4X?t!"<1JL;R(B $asctim $B$G%P%C%U%!%*!<%P!<%U%m!<(B
$B$,@8$8$k$3$H$,Js9p$5$l$F$$$k!#$3$N4X?t$KBg$-$$%5%$%:$N=q<0;XDj;R$r0z$-(B
$BEO$7$?>l9g!"%W%m%;%9$K3d$jEv$F$i$l$?%a%b%jFbMF$OGK2u$5$l$k!#Js9p$K$h$k(B
$B$H!"$3$NLdBj$O(B mIRC $B$r2TF0$5$;$F$$$k%f!<%6$N8"8B$GG$0U$N%3!<%I$r16. Caldera X Server External Program Privileged Invocation Weakness
BugTraq ID: 5575
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B:Aug 27 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5575
$B$^$H$a(B:

Caldera $B$N(B X $B%5!<%P$N:3J$rH<(B
$B$&%W%m%0%i%`$r8F$S=P$9$N$KMxMQ$9$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B XKEYBOARD $B3HD%$rM-8z2=$7$?!"(BX11R6.3 $B$KM3Mh$9$k(B X $B%5!<%P$KB8(B
$B:_$7$F$$$k$3$H$,Js9p$5$l$F$$$k!#(BXKEYBOARD (XKB) $B3HD%$OB>$Nl9g!"$=$l$i$O(B xkbcomp $B%f!<%F%#%j%F%#$N8"8B$G2rl9g$G$"$C$?$H$7$F$b!"(Bxkbcomp $B$O(B X $B%5!<%P$N(B
$B%W%m%;%9$,8"8B$r9_3J$5$;$kA0$K:3J$rH<$&G$0U$N%3%^%s%I$rl9g!"$3$NLdBj$O(B X $B%5!<%P$K$h$j$N%f!<%F%#%j%F%#$r2p$7$?%3!<(B
$B%I$N17. Caldera X Server Unspecified Buffer Overflow Vulnerability
BugTraq ID: 5577
$B%j%b!<%H$+$i$N:F8=@-(B: $BL$>\(B
$B8xI=F|(B:Aug 27 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5577
$B$^$H$a(B:

Caldera $B$N(B X $B%5!<%P$NpJs$O8x3+$5$l$F(B
$B$$$J$$!#(B

$BJs9p$K$h$k$H$3$NLdBj$,%P%C%U%!%*!<%P!<%U%m!<$KM3Mh$7$F$$$k8B$j!"967b18. GDAM123 Filename Buffer Overflow Vulnerability
BugTraq ID: 5578
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B:Aug 24 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5578
$B$^$H$a(B:

GDAM123 $B$O(B GDAM real-time digital DJ mixing software $B%Q%C%1!<%8$KF1:-$5(B
$B$l$F$$$k%3%^%s%I%i%$%s$+$i$r07$C$?:]!"(BGDAM123 $B%W%l!<%d!<$O%P%C%U%!%*!<%P!<%U%m!<$r(B
$B@8$8$k5?$$$,$"$k!#%U%!%$%kL>$O%3%^%s%I%i%$%s$r2p$7$F%=%U%H%&%'%"$K0z$-(B
$BEO$5$l!"%=%U%H%&%'%"FbIt$G$O(B strcpy() $BMQ$$$k=hM}$GMxMQ$5$l$F$$$k!#(B1024
$B%P%$%H$rD6$($kD9$5$N%U%!%$%kL>$rM?$($i$l$k$3$H$K$h$j!"7k2L$H$7$F%9%?%C(B
$B%/Fb$NCM$NGK2u$r>7$/%P%C%U%!%*!<%P!<%U%m!<$r@8$8$k2DG=@-$,$"$k!#(B
$B%9%?%C%/Fb$NCM!J%j%?!<%s%"%I%l%9$J$I!K$O967bl9g!"0U?^$9$k%3!<%I$,u672<$G!"0lIt$N%G%P%$%9$X$N%"%/%;%9$,I,MW$G$"$k>l9g!"$3$N%=%U%H(B
$B%&%'%"$O$h$jDc$$8"8B$N%f!<%6$G$"$C$F$bu67$G$O!"%P%C%U%!%*!<(B
$B%P!<%U%m!<$OG$0U$N%3!<%I$N19. Yahoo Instant Messenger Signed Content Weakness
BugTraq ID: 5579
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 27 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5579
$B$^$H$a(B:

Yahoo Instant Messenger $B$O(B Yahoo $B$+$iG[I[$5$l$F$$$k(B Windows $B$GMxMQ2DG=(B
$B$J%$%s%9%?%s%H%a%C%;%s%8%c!<%/%i%$%"%s%H$G$"$k!#(B

Yahoo Instant Messenger $B$N%$%s%9%H!<%i$K$O!"967b:Q$_$NFbMF$rMxMQ$9$k$h$&$K$O(B
$B$J$C$F$$$k$b$N$N!"(BYahoo $B$+$i%@%&%s%m!<%I$5$l$?%Q%C%1!<%8$N=pL>$r8!>Z$7(B
$B$F$$$J$$$N$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$r9T$&$?$a$K$O!"967b]$N%3%s%T%e!<%?$+(B
$B$i;2>H2DG=$JHO0O$K0LCV$9$k(B a19.g.a.yimg.com $B$H$$$&%[%9%HL>$N%3%s%T%e!<(B
$B%?$r;YG[2<$KCV$+$M$P$J$i$J$$!#$3$N>u67$O(B DNS $B%-%c%C%7%e>pJs1x@w$d(B DNS
$B>pJs$N>h$C20. Ultimate PHP Board Second 'admin' Account Vulnerability
BugTraq ID: 5580
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Aug 27 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5580
$B$^$H$a(B:

Ultimate PHP Board $B$O%U%j!<$GMxMQ2DG=$J!"(BPHP $B$G:n@.$5$l$?%*!<%W%s%=!<%9(B
$B$NEE;R7G<(HD$G$"$k!#$3$N%=%U%H%&%'%"$O(B UNIX$B!"(BLinux$B!"$=$7$F(B Microsoft Windows
$B$GF0:n2DG=$G$"$k!#(B

Ultimate PHP Board $B$O%f!<%6$r:.F1$5$;$k2DG=@-$,$"$kL>A0$NEPO?$rKI;_$7$J(B
$B$$!#(B

$BFCDj$N>u672<$K$*$$$F!"EE;R7G<(HD$X(B 'Admin' $B%f!<%6$H:.F1$5$l$k2DG=@-$N$"(B
$B$k%"%+%&%s%H$rEPO?2DG=$G$"$k$H?d;!$5$l$k!#(BUltimate PHP Board $B$O(B 'admin'
$B%"%+%&%s%H$NEPO?$rKI;_$7$J$$!#(B'admin' $B%"%+%&%s%H$O7G<(HD$NDL>o$N%a%s%P!<(B
$B%"%+%&%s%H$G$"$k>e$K!"(B'Admin' $B%"%+%&%s%H$OEE;R7G<(HD$N4IM}21. Python os.py Predictable Temporary Filename Command Execution Vulnerability
BugTraq ID: 5581
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Aug 28 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5581
$B$^$H$a(B:

python $B$O%*!<%W%s%=!<%9$N%*%V%8%'%/%H;X8~$N%W%m%0%i%_%s%08@8l$G$"$k!#(B

$BJs9p$K$h$k$H!"(Bpython $B$N$$$/$D$+$N%P!<%8%g%s$O%;%-%e%"$G$O$J$$J}K!$G0l;~(B
$BE*$KMxMQ$5$l$k%U%!%$%k$r@8@.$7$F$$$k!#LdBj$O(B os.py $B%i%$%V%i%j$K4^$^$l$F(B
$B$$$k(B os._execvpe $B4X?t$NCf$G@8$8$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"G$0U$N%3!<%I$r7$/2DG=@-$,$"$k!#(B

$B$3$NLdBj$N:,Dl$r$J$9;vJA$O8=:_$N$H$3$mL@$i$+$G$O$J$/!"$5$i$J$k>\:Y$K$D(B
$B$$$F$b8=;~E@$G$O8x3+$5$l$F$$$J$$!#(B

$BJs9p$K$h$k$H!"(BPython 2.3 $B$O$3$NLdBj$N1F6A$r1. Lamo Bumped from NBC After Hacking Them
$BCxhttp://online.securityfocus.com/news/595

2. Ziff pays $125K to settle security breach
$BCxpJs$N>\:Y$rO31L$7$?(B
$B=PHG6Hhttp://online.securityfocus.com/news/601

3. Spyware Trojan sends Hotmail to your boss
$BCx$&?M!9$,EG$-5$$r46$8$k%=%U%H%&%'%"$N0lJR$,$"$k!#(B
$B%9%Q%$%&%'%"$N:n$jl$K=P$5$l$F$$$k(B
$B$3$N%=%U%H%&%'%"$O(B eBlaster $B$H>N$9$kH\Nt$J%H%m%$$NLZGO$G$"$k!#(B
Windows $B$rL5KIHw$KMxMQ$7$F$$$k@$3&Cf$N?M!9$NC/$KBP$7$F$b$3$N%=%U%H%&%'(B
$B%"$r4^$`EE;R%a!<%k$r:9=P2DG=$G$"$j!"$3$N%=%U%H%&%'%"$rMxMQ$9$k$3$H$GH`(B
$BEy$NBG80FbMF$r%m%0$K:Nhttp://online.securityfocus.com/news/600

4. MS in fresh digital cert flaw
$BCx$Nhttp://online.securityfocus.com/news/599

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. checkpassword-ldap v0.1
$B:nhttp://foobarco.net/checkpwd.html
$BF0:n4D6-(B: FreeBSD, Linux, NetBSD, OpenBSD, UNIX
$B$^$H$a(B:

checkpassword-ldap $B$O@\F,<-!"%f!<%6L>!"@\Hx<-$rMxMQ$7$F:n@.$5$l$?(B LDAP
$BMQ%U%#%k%?$rMxMQ$7$F;XDj$5$l$?(B LDAP $B%G%#%l%/%H%jFb$r8!:w$7!"$^$?!"%(%s(B
$B%H%j$rJ}$N%Q%9%o!<%I$,0lCW$9$k:]$K;XDj$5$l$?FbMF(B
$B$K=>$C$F$3$N%W%m%0%i%`$O2. Prelude Log Monitoring Lackey v 0.8.1
$B:nhttp://www.prelude-ids.org/
$BF0:n4D6-(B: POSIX
$B$^$H$a(B:

Prelude Log Monitoring Lackey (LML) $B$O!"(BPrelude Hybrid IDS $B%Q%C%1!<%8$K(B
$BF1:-$5$l$?%[%9%H%Y!<%9$N4F;k%W%m%0%i%`$G$9!#$3$N%"%W%j%1!<%7%g%s$O!"%m!<(B
$B%+%k$d%j%b!<%H$N%7%9%F%`$K$*$$$F!"%m%0$NA`:n$r=8Cf4IM}$9$k!"$b$7$/$O!"(B
$BC1$J$k%m%0%"%J%i%$%6(B (swatch $B$N$h$&$K(B) $B$H$7$F3hMQ$9$k$3$H$,2DG=$G$9!#(B
$B$3$N%=%U%H%&%'%"$O%M%C%H%o!<%/>e$N%5!<%P$H$7$F(B syslog $B%G!<%b%sMQ$N%]!<(B
$B%H$G%3%M%/%7%g%s$rBT$A3. batemail v0.8.6
$B:nhttp://batemail.sourceforge.net/
$BF0:n4D6-(B: POSIX
$B$^$H$a(B:

batemail $B$O!"(BMTA ($BNc(B sendmail) $B$H%m!<%+%k%a!<%i(B ($BNc$($P(B procmail) $B$N4V(B
$B$GF0:n$7!"@x:_E*$K4m81$JEE;R%a!<%k$NE:IU%U%!%$%k$r=|5n$9$k$?$a$N(B Perl
$B%9%/%j%W%H$G$9!#$3$N%=%U%H%&%'%"$OI8=`F~NO$+$iF~NO$re$G%m!<%+%k%a%$%i!<$X7k2L$rG[Aw$7(B
$B$^$9!#DL2a$,M^@)$5$l$kE:IU%U%!%$%k$NH=CG4p=`$O%U%!%$%kL>$N8e$m$K!V%V%i%C(B
$B%/%j%9%H!W$K:\$;$i$l$?$$$/$D$+$N3HD%;R$,4^$^$l$F$$$k$+$I$&$+$G$9(B(EXE$B!"(B
VBS $B$J$I(B)$B!#(B

4. GPGME 0.3.9 v0.3.9
$B:nhttp://www.gnupg.org/gpgme.html
$BF0:n4D6-(B: UNIX
$B$^$H$a(B:

GnuPG Made Easy (GPGME) $B$O%"%W%j%1!<%7%g%s$,MF0W$K(B GnuPG $B$N5!G=$rMxMQ$G(B
$B$-$k$h$&$K@_7W$5$l$?%i%$%V%i%j$G$9!#$3$N%i%$%V%i%j$O0E9f2=!"J#9g2=!"=p(B
$BL>!"=pL>>H9g!"$=$7$F0E9f80$N4IM}$N$?$a$N9b?e=`$N0E9f2=(B API $B$rDs6!$7$^$9!#(B
$B8=:_$O%P%C%/%(%s%I$K(B GnuPG $B$r;HMQ$7$^$9$,!"(BAPI $B$O$3$N%(%s%8%s$K8BDj$5$l(B
$B$^$;$s!#$N%P%C%/%(%s%I$X$NBP1~$,M=Dj$5$l$F$$$^$9!#(B

5. iptables-control v1.0.3
$B:nhttp://devzone.stealthp.org/iptables-control
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

Iptables-Control $B$O9bB.$GMxMQ$7$d$9$$(B iptables $BMQ$N%U%#%k%?%j%s%0%k!<%k(B
$B$r@_Dj$9$k%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$NFCD'$OCJ3,E*$GBPOC<0$K@_(B
$BDj$9$k%9%/%j%W%H!"(BTCP/UDP $B%]!<%H$N@_Dj!"%k!<%F%#%s%0$d%^%9%+%l!<%I$N$?(B
$B$a$N(B LAN $B$N@_Dj!"$=$7$F(B ICMP $B$N%U%#%k%?%j%s%0$G$9!#(B

6. l0stat v1.1
$B:nhttp://www.dlcsistemas.com/html/l0stat.html
$BF0:n4D6-(B: Windows 2000, Windows 95/98, Windows NT
$B$^$H$a(B:

L0stat $B$O(B NT $B%"%+%&%s%H$*$h$S%Q%9%o!<%I$N6/EY$K4X$9$kE}7W%l%]!<%H$r@8@.(B
$B$7$^$9!#(B

$B$3$N%f!<%F%#%j%F%#$O(B L0phtCrack $B$rMxMQ$7$FD4::$r9T$C$?7k2L$r5-O?$7$?%U%!(B
$B%$%k!"$"$k$$$O(B LC3 $B$rMxMQ$7$FD4::$r9T$C$?7k2L$N%F%-%9%H%U%!%$%k$r85$K!"(B
Windows NT $B$N4IM}]$N%3%s%T%e!<%?$N(B SAM
$B%G!<%?%Y!<%9$N%;%-%e%j%F%#$K4X$9$kI}9-$$;kLn$rM?$($k$?$a$N=hM}$r9T$$$^(B
$B$9!#(B

NT $B%Q%9%o!<%I$rH/8+$9$kJ}K!$H$7$F!"(BL0phtCrack $B$d(B LC3 $B$OAG@2$i$7$$%D!<%k(B
$B$G$9!#(B

$B<+J,C#<+?H$N%Q%9%o!<%I$rCN$j$?$$$H$O9M$($J$$>l9g$G$b!"%Q%9%o!<%I$NDxEY(B
$B$K4X$9$kI}9-$$;kLn$r5a$a$?$$>l9g$K$O!"$5$i$K0lJb@h$X?J$`$Y$-$G$9!#(B
$BNc$($P!"4k6HFb$N(B 1000 $B$D$N%"%+%&%s%H$rJz$($k(B Windows NT $B$N%"%+%&%s%H%G!<(B
$B%?%Y!<%9$KBP$9$k%;%-%e%j%F%#%l%Y%k$NI>2A$O$I$N$h$&$K2DG=$K$J$k$G$7$g$&(B
$B$+!#(B

$B$=$3$,(B L0stat $B$N$?$a$N4D6-$J$N$G$9!#(BL0stat $B$O(B L0phtCrack $B$rCV$-49$($k(B
$B%=%U%H%&%'%"$G$O$"$j$^$;$s!#(BL0stat $B$O(B L0phtCrack $B$d(B LC3 $B$,.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$B@PED6G5W(B(ISHIDA Akihisa)$B!"http://www.lac.co.jp/security/
smime.p7s