SecurityFocus Newsletter #162 2002-9-9->2002-9-13

To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus Newsletter #162 2002-9-9->2002-9-13
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Sat, 5 Oct 2002 00:34:22 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
In-Reply-To: <Pine.LNX.4.43.0209161129110.31170-100000@mail.securityfocus.com>
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
References: <Pine.LNX.4.43.0209161129110.31170-100000@mail.securityfocus.com>
$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 162 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0lH$/$@$5$$(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SecurityFocus Newsletter $B$K4X$9$k(BFAQ ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02qe$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Mon, 16 Sep 2002 11:29:45 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0209161129110.31170-100000@mail.securityfocus.com>

SecurityFocus Newsletter #162
-----------------------------

This Issue Sponsored by: Wiley and Sons

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Evaluating Network Intrusion Detection Signatures, Part 1
     2. SecurityFocus DPP Program
     3. IIR's 3G Fraud & Security Forum
II. BUGTRAQ SUMMARY
     1. Multiple Browser Zero Width GIF Image Memory Corruption...
     2. Ultimate PHP Board Unauthorized Administrative Access...
     3. NetGear FM114P Prosafe URL Filter Bypassing Vulnerability
     4. Netscreen-Remote VPN Client IKE Packet Excessive Payloads...
     5. PHP Header Function Script Injection Vulnerability
     6. Multiple Microsoft JVM Vulnerabilities
     7. Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script...
     8. Wordtrans-web Remote Command Execution Vulnerability
     9. Wordtrans-web Script Injection Vulnerability
     10. WoltLab Burning Board Board.PHP SQL Injection Vulnerability
     12. Netris Remote Memory Corruption Vulnerability
     13. phpGB SQL Injection Vulnerability
     14. phpGB HTML Injection Vulnerability
     15. PHP Function CRLF Injection Vulnerability
     16. phpGB PHP Code Injection Vulnerability
     17. Alleged Outlook Express Link Denial of Service Vulnerability
     18. HP Tru64 Initial Random TCP Sequence Number DoS Vulnerability
     19. Apple Quicktime ActiveX Component Buffer Overrun Vulnerability
     20. Savant Webserver Buffer Overflow Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Sprint Cleared of Negligence in Vice Hacks
     2. Insecurity Plagues Emergency Alert System
     3. Word 97 feature spawns no-brainer pilfering exploit
     4. Outlook Express becomes attack platform, of sorts
IV. SECURITYFOCUS TOP 6 TOOLS
     1. gateProtect v3.1
     2. Throughput Monitor v2.0
     3. PsycologIcal Security System v1.0
     4. video-entropyd v0.1
     5. herbix v1.0-36
     6. Palm::Zetetic::Strip v1.01

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Multiple Browser Zero Width GIF Image Memory Corruption Vulnerability
BugTraq ID: 5665
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5665
$B$^$H$a(B:

$B$$$/$D$+$N(B Web $B%V%i%&%6$O(B width $B%U%#!<%k%ID9$,(B 0 $B$N(B GIF $B7A<0$N%U%!%$%k(B
$B$r2re$GF0:n$9$k(B Netscape$B!"(BMozilla$B!"(BOpera
$B$G$"$k!#(B
$BB>$N4D6-$GF0:n$9$k(B Web $B%V%i%&%6$bF1MM$KLdBj$rJz$($k$H?d;!$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$K$h$j(B DoS$B!"$"$k$$$O@x:_E*$K0U?^E*$J%3!<%I$NZ$G$"$k!#(B

2. Ultimate PHP Board Unauthorized Administrative Access Vulnerability
BugTraq ID: 5666
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5666
$B$^$H$a(B:

Ultimate PHP Board $B$O%U%j!<$K8x3+$5$l!"%*!<%W%s%=!<%9$G$"$k(B PHP $B$rMxMQ(B
$B$7$F3+H/$5$l$?EE;R7G<(HD%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$O(B UNIX$B!"(BLinux$B!"(B
Microsoft Windows $B$GF0:n2DG=$G$"$k!#(B

Ultimate PHP Board $B$OG'>Z:Q$_$N%f!<%6$KBP$7$F!"$$$/$D$+$N%7%9%F%`4IM}MQ(B
$B5!G=$rMxMQ$G$-$k$h$&$K$J$kA0$K4IM}Z:Q$_$N%f!<%6$O4IM}3. NetGear FM114P Prosafe URL Filter Bypassing Vulnerability
BugTraq ID: 5667
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5667
$B$^$H$a(B:

FM114P Prosafe $B%U%!%$%"%&%)!<%k%7%j!<%:$O(B Netgear $B$K$h$C$F@=B$!"HNGd$5(B
$B$l$F$$$k%O!<%I%&%'%"5!4o$G$"$k!#(B

$B$3$N5!4o$K$O%f!<%6$,(B URL $B$G<($5$l$?%"%/%;%9@)8B$r2sHr2DG=$K$J$kLdBj$,B8(B
$B:_$9$k!#(B

$BJs9p$K$h$k$H!"$3$N5!4o$O(B HTTP $B%j%/%(%9%H$,9T$o$l$?:]!"==J,$J(B IP $B%"%I%l(B
$B%9$N3NG'$r9T$C$F$$$J$$!#$3$N$?$a!"$3$N5!4o$NGX8e$N%M%C%H%o!<%/Fb$N%f!<(B
$B%6$O(B IP $B%"%I%l%9I=5-$K$h$k(B HTTP $B%j%/%(%9%H$r9T$&$3$H$K$h$j(B $B@)8BBP>]$N%5(B
$B%$%H$X%"%/%;%92DG=$G$"$k!#(B

$B$3$NLdBj$O@x:_E*$K@_Dj$KM3Mh$9$kLdBj$G$"$k$H9M$($i$l$kE@$ON10U$5$l$k$Y(B
$B$-$G$"$k!#(BURL $B%U%#%k%?%j%s%0%=%U%H%&%'%"$N@_7W$OE57?E*$K5v2D$5$l$?%5%$(B
$B%H$N0lMw$r;XDj$9$k$H6&$K!"%G%U%)%k%H$GA4$F$N%5%$%H$r%"%/%;%95qH]BP>]$K(B
$B4^$a$k$h$&$K9T$o$l$F$$$k!#(B

4. Netscreen-Remote VPN Client IKE Packet Excessive Payloads Vulnerability
BugTraq ID: 5668
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5668
$B$^$H$a(B:

Netscreen-Remote VPN Client $B$O2>A[DL?.LV(B (VPN; Virtual Private Network)
$B$r9=C[$9$k$?$a$N%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows
$B4D6-HG$,MxMQ2DG=$G$"$k!#(BNetscreen-Remote VPN Client $B$O%j%b!<%H$+$i967b(B
$B$KMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$r@8$8$k5?$$$,$"$k!#(B
$B2~$6$s$5$l$?(B IKE $B%Q%1%C%H$r%/%i%$%"%s%H$KAw?.$9$k$3$H$K$h$j!"%P%C%U%!%*!<(B
$B%P!<%U%m!<$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#$3$N%=%U%H%&%'%"$,FCDj$N@5$7$$(B
$B%Z%$%m!<%I$r;}$D(B IKE $B%Q%1%C%H$N=hM}$r;n$_$k:]$K%P%C%U%!%*!<%P!<%U%m!<$,(B
$B@8$8$k$3$H$,H=L@$7$F$$$k!#2~$6$s$5$l$?%Q%1%C%H$,%/%i%$%"%s%H$K$h$C$F=h(B
$BM}$5$l$?:]!"%a%b%jFbMF$O967bl9g!"(BVPN $B%3%M%/%7%g%s$ODL>oMxMQ$5$l$F$$$k$O$:$G(B
$B$"$k!#(B

$B%/%i%$%"%s%H$NZ$G$"$k!#$3$NLdBj$OMxMQ2DG=$J;q8;$r>CHq$7$D$/$5$;$k7k2L!"%/%i%$%"(B
$B%s%H$X$N(B DoS $B$r>7$-!"%/%i%$%"%s%HB&%7%9%F%`$rMxMQITG=$J>uBV$K4Y$i$;$k$3(B
$B$H$,2DG=$G$"$k$3$H$,8!>Z$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$rMxMQ$9$k967b$O%/%i%$%"%s%H$,%U%'!<%:(B 1 $B$K$*$1$k(B
IKE $B808r49$N(B Aggressive Mode $B$N=hM}$r9T$C$F$$$k:]$K4k$F$k$3$H$,2DG=$G$"(B
$B$k!#(B

5. PHP Header Function Script Injection Vulnerability
BugTraq ID: 5669
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5669
$B$^$H$a(B:

PHP $B$O%U%j!<$+$D%*!<%W%s%=!<%9$G8x3+$5$l$F$$$k!"%9%/%j%W%H$rMxMQ$7$F(B
Web $B%3%s%F%s%D$r:n@.$9$k4D6-$rDs6!$9$k8@8l%Q%C%1!<%8$G$"$k!#$3$N%=%U%H(B
$B%&%'%"$O(B Microsoft Windows$B!"(BLinux$B!"(BUNIX $B$K$*$$$FMxMQ2DG=$G$"$k!#(B

PHP $B$,Jz$($kLdBj$K$h$j!"0U?^$9$k%9%/%j%W%H$ru67$K$*$$$F!"0J2<$NNc$K<($5$l$k$h$&$K4X?t(B header() $B$rMxMQ$7$F$$$k(B
$B%3!<%I$OLdBj$rJz$($F$$$k$H9M$($i$l$k!#(B

<?php header("Location: $_GET['$url']"); ?>

$B$3$NLdBj$K$h$j!"0U?^$5$l$k%3!<%I$r%j%@%$%l%/%H@h%5%$%H$HF13J$N%;%-%e%j(B
$B%F%#%3%s%F%-%9%H$G6. Multiple Microsoft JVM Vulnerabilities
BugTraq ID: 5670
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5670
$B$^$H$a(B:

$B?.Mj$G$-$k>pJsDs6!85$K$h$k$H!"(BMicrosoft $B$N(B Java Virtual Machine (JVM)
$B$Ne$K%"%W%l%C%H$r@_CV$9$k$+!"(BHTML $B7A(B
$B<0$NEE;R%a!<%kFb$KKd$a9~$`2DG=@-$,$"$k!#%"%W%l%C%H$,]$N%3%s%T%e!<(B
$B%?Fb$N%U%!%$%k%7%9%F%`>e$N;q8;$X%"%/%;%9$9$k$?$a$K!"$"$k$$$O0-0U$"$k%3!<(B
$B%I$rZ$7$?$,LdBj$OH/8+$5(B
$B$l$J$+$C$?$HJs9p$7$F$$$k!#(B

7. Microsoft Internet Explorer IFrame/Frame Cross-Site/Zone Script Execution Vulnerability
BugTraq ID: 5672
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5672
$B$^$H$a(B:

Microsoft Internet Explorer (MSIE) $B$N%&%#%s%I%&$,JL%&%#%s%I%&$G3+$+$l$k(B
$B:]$K!"$=$l$,JL$N%I%a%$%s$"$k$$$O%;%-%e%j%F%#%>!<%s$G$"$k>l9g!"%;%-%e%j(B
$B%F%#%A%'%C%/$O?F%&%#%s%I%&$,;R%&%#%s%I%&$K%"%/%;%9$9$k$N$rKI;_$9$k$Y$-(B
$B$G$"$k!#$3$N=hM}$H4X78$N$"$k$$$/$D$+$NLdBj$,4{$KJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!";R%&%#%s%I%&$NJ8=q$N(B Frames $B%*%V%8%'%/%H$K%"%/%;%9$7$h$&(B
$B$H$9$k;n$_$KBP$7$F$=$N$h$&$J%A%'%C%/$O9T$o$l$J$$!#?F%&%#%s%I%&$O%I%a%$(B
$B%s$d%;%-%e%j%F%#%>!<%s$K4X$o$i$:;R%&%#%s%I%&Fb$N(B FRAME $B$d(B IFRAME $B%?%0$N(B
URL $B$r;XDj2DG=$G$"$k!#?F%&%#%s%I%&$O(B "javascript" $B%W%m%H%3%k$K0z$-B3$-(B
$B0U?^E*$KAH$_N)$F$i$l$?%3!<%I$r(B URL $B$H$7$F;XDj$9$k$3$H$K$h$j!";R%&%#%s%I(B
$B%&$N%I%a%$%s$N%3%s%F%-%9%HFb$G%9%/%j%W%H%3!<%I$N7$/62$l$,$"$k!#(B

$B967b$N%I%a%$%s$d(B Web $B%5%$%H$N%/%C%-!<$NCM$r$NF1MM$N967b$r9T$&$?$a$K$3$NLdBj$rMxMQ$9$k967b(B
$B$r9T$&2DG=@-$,$"$k!#967b!<%sFb$G$N%9%/%j%W%H(B
$B%3!<%I$N7$/2DG=@-$,$"$k!#(B
$B$3$l$O!"%/%i%$%"%s%H$N%U%!%$%k%7%9%F%`>e$KB8:_$9$k(B HTML $B%U%!%$%k$,(B Frames
$B%*%V%8%'%/%H$r4^$`>l9g$K2DG=$G$"$k!#(BMSIE6 $B$N%f!<%6$N8~$1$K!"(B
"res://shdoclc.dll/privacypolicy.dlg" $B%U%!%$%k$,;HMQ$5$l$k2DG=@-$,$"$k!#(B
$B$^$?!"(BMSIE $B$N0JA0$N%f!<%6$N$?$a$KF1MM$N%U%!%$%k$,B8:_$9$k2DG=@-$,$"$k!#(B

8. Wordtrans-web Remote Command Execution Vulnerability
BugTraq ID: 5671
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5671
$B$^$H$a(B:

Wordtrans-web $B$O(B Web $B%V%i%&%6$r2p$7$FB?8@8l$KBP1~$7$?<-=q$KLd$$9g$o$;$r(B
$B9T$&$?$a$N%$%s%?%U%'!<%9$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

Wordtrans-web $B$OF~NO%Q%i%a!<%?$K4X$7$FBEEv@-$N3NG'$rBU$C$F$$$k$?$a$K!"(B
OS $B%3%^%s%I$rKd$a9~$`$3$H$r2DG=$K$7$F$7$^$&!#(Bwordtrans.php $B%9%/%j%W%H$O(B
$B=hM}$r?k9T$9$k$?$a$K%Q%i%a!<%?$r(B Wordtrans $B$N9. Wordtrans-web Script Injection Vulnerability
BugTraq ID: 5674
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5674
$B$^$H$a(B:

Wordtrans-web $B$O(B Web $B%V%i%&%6$r2p$7$FB?8@8l$KBP1~$7$?<-=q$KLd$$9g$o$;$r(B
$B9T$&$?$a$N%$%s%?%U%'!<%9$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

Wordtrans-web $B%$%s%?%U%'!<%9$OF~NO%Q%i%a!<%?$K4X$7$FBEEv@-$N3NG'$r==J,(B
$B$K9T$C$F$$$J$$!#$3$l$i$NF~NO%Q%i%a!<%?$O!"%=%U%H%&%'%"$K$h$j@8@.$5$l$?(B
$B=PNO$NCf$G=g$K;HMQ$5$l$k!#F~NO%Q%i%a!<%?$K$O0U?^E*$KAH$_N)$F$i$l$?(B HTML
$B$d%9%/%j%W%H$NCmF~$,2DG=$G$"$j!"$=$l$i$O(B Wordstrans-web $B%$%s%?%U%'!<%9(B
$B$N%3%s%F%-%9%H$G(B Web $B%/%i%$%"%s%H$K$h$j15. PHP Function CRLF Injection Vulnerability
BugTraq ID: 5681
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5681
$B$^$H$a(B:

PHP $B$O%U%j!<$+$D%*!<%W%s%=!<%9$G8x3+$5$l$F$$$k!"%9%/%j%W%H$rMxMQ$7$F(B
Web $B%3%s%F%s%D$r:n@.$9$k4D6-$rDs6!$9$k8@8l%Q%C%1!<%8$G$"$k!#$3$N%=%U%H(B
$B%&%'%"$O(B Microsoft Windows$B!"(BLinux$B!"(BUNIX $B$K$*$$$FMxMQ2DG=$G$"$k!#(B

PHP $B$G$O(B fopen() $B$d(B file() $B$J$I$N$h$&$J!"B>$N(B PHP $B%9%/%j%W%H$N%U%!%$%k(B
$B$J$I$N30It$N;q8;$r;2>H$9$k$?$a$KMxMQ$5$l$kMM!9$J4X?t$,Ds6!$5$l$F$$$k!#(B
PHP $B%$%s%?%W%j%?$N@_Dj$N(B allow_url_fopen() $B%G%#%l%/%F%#%V$,M-8z2=$5$l$F(B
$B$$$k>l9g!"$3$l$i4X?t$O4X?t$X$N0z?t$K(B URL $B$r0z$-EO$9$3$H$K$h$j%j%b!<%H%[(B
$B%9%HFb$KB8:_$9$k;q8;$K%"%/%;%9$9$k$?$a$KMxMQ$5$l$k$H9M$($i$l$k!#(B
$B$3$l$i4X?t$,%j%b!<%H$N;q8;$r;2>H$9$k$?$a$KMxMQ$5$l$k:]!"(BPHP $B%$%s%?%W%j(B
$B%?$OE,@Z$J%W%m%H%3%k$rMxMQ$7!";XDj$5$l$?;q8;$X$N%j%/%(%9%H$rAH$_N)$F$F(B
$B$$$k!#(B

$B%j%b!<%H$N;q8;$,$3$l$i4X?t$rMxMQ$7$FF~l9g$K967b$KMxMQ$5$lF@$k!#(B
$BNc$($P!"(Bfopen() $B$,%j%b!<%H$N(B Web $B%5!<%P$r;X$7<($9(B include_path $B$NCM$rH<$C(B
$B$F8F$S=P$5$l$?$k:]!"0J8e(B HTTP  GET $B%j%/%(%9%H$,;XDj$5$l$?%j%b!<%H$N;q8;(B
$B$K%"%/%;%9$9$k$?$a$KAH$_N)$F$i$l$k!#$3$N:]!"LdBj$rJz$($k%9%/%j%W%H$X$N(B
$B%Q%i%a!<%?$X2~9T$HI|5"$rCmF~$9$k$3$H$K$h$j!"0U?^E*$J%X%C%@>pJs(B ($BNc$($P(B
Host: $B%U%#!<%k%I!"(BCookie: $B%U%#!<%k%I$J$I(B) $B$r(B PHP $B$K$h$C$FAH$_N)$F$i$l$k(B
HTTP $B%j%/%(%9%H$XA^F~2DG=$G$"$k!#(B

$B$3$NZ$7$?7k2L$+$i!"MM!9$J967b$,2DG=$K$J$k$H?d;!$5$l$k!#(B
$BNc$($P!"967bu672<$K$*$$$F$O!"(BPHP $B%$%s%?%W%j%?$r0U?^$9$k%]!<%H$X@\B3$5(B
$B$;!"%3%^%s%I$rE>Aw$5$;$k$h$&$K;E8~$1$k$3$H$,2DG=$G$"$k!#$3$l$O$3$NLdBj(B
$B$NJs9p16. phpGB PHP Code Injection Vulnerability
BugTraq ID: 5679
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5679
$B$^$H$a(B:

phpGB $B$O(B PHP $B$H(B MySQL $B$rMxMQ$9$k%2%9%H%V%C%/%"%W%j%1!<%7%g%s$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$O(B UNIX$B!"(BLinux$B!"(BMicrosoft Windows $B$r4^$`(B PHP $B$,%5%]!<%H(B
$B$5$l$F$$$kA4$F$N4D6-$GMxMQ2DG=$G$"$k!#(B

phpGB $B$O(B PHP $B%3!<%I$,A^F~$5$l$kLdBj$rJz$($F$$$k!#(B

$B0-0U$"$k%Q%i%a!<%?$r(B savesettings.php $B%9%/%j%W%H$X0z$-EO$9$3$H$K$h$j!"(B
$B%2%9%H%V%C%/$N@_Dj%U%!%$%k(B (config.php) $B$X%3!<%I$rCmF~2DG=$G$"$k!#(B
$B$3$N@_Dj%U%!%$%k$O$3$N%=%U%H%&%'%"$GMxMQ$5$l$F$$$kB>$NKX$I$N%9%/%j%W%H(B
$B$+$i;2>H$5$l$F$$$k$?$a!"%9%/%j%W%H$N$$$:$l$+$K%"%/%;%9$5$l$kEYKh$K!"96(B
$B7bo$NG'>Z9T0Y$,(B savesettings.php $B$K%"%/%;%9$9$k$?$a$K5a$a$i$l$F$O$$$k(B
$B$,!"$7$+$7!"$3$N%9%/%j%W%H$O(B HTTP $B$N(B POST $B$K$h$k%j%/%(%9%H$r2p$7$FG'>Z(B
$B7k2L$NBEEv@-$rH=CG$7$F$*$j!"%f!<%6$KBP$9$k$5$i$J$kG'>Z$O5a$a$i$l$F$O$$(B
$B$J$$$H$$$&E@$K$D$$$F$ON10U$5$l$k$Y$-$G$"$k!#(B

$B8m$C$?J8K!$N%9%/%j%W%H$rA^F~$9$k$3$H$K$h$j!"$3$N%=%U%H%&%'%"A4BN$X$N(B DoS
$B$r0z$-5/$3$9$3$H$K$J$k!#$3$l$O@_Dj%U%!%$%k$,2r17. Alleged Outlook Express Link Denial of Service Vulnerability
BugTraq ID: 5682
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5682
$B$^$H$a(B:

Microsoft Outlook Express $B$K(B DoS $B$NLdBj$,Js9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(BHTML $B7A<0$NEE;R%a!<%k$rI|9f2=$9$k:]!"(BOutlook Express $B$O(B 
4095 $BJ8;z0J>e$ND9$5$N(B <A HREF> $B%j%s%/$ro$K:F8=$5$l$k$3$H$O$G$-$J$$$,!"(BMicrosoft $B$O$3$NB8:_$r3NG'$7$F$$$k!#(B
$B0lIt$N8BDj$5$l$?%P!<%8%g%s$N$_$,$3$NLdBj$N1F6A$r18. HP Tru64 Initial Random TCP Sequence Number DoS Vulnerability
BugTraq ID: 5683
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 10 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5683
$B$^$H$a(B:

HP $B$O!"?dB,2DG=$J(B TCP $B=i4|%7!<%1%s%9HV9f(B (ISNs) $B$N@8@.$KM3Mh$9$k@x:_E*(B
$B$J(B DoS $B>uBV$K4Y$kLdBj$,(B TRU64 UNIX $B$K$*$$$FB8:_$9$k$HJs9p$7$F$$$k!#uBV$K4Y$k$3$H$,Js9p$5$l$F$$$k$,!"4IM}pJs$r2~$6(B
$B$s$7$?$j@`19. Apple Quicktime ActiveX Component Buffer Overrun Vulnerability
BugTraq ID: 5685
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 10 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5685
$B$^$H$a(B:

Quicktime $B$O(B Apple $B$K$h$C$F3+H/$5$l$?9-HO0O$KMxMQ$5$l$F$$$k%^%k%A%a%G%#(B
$B%"7A<0$N%U%!%$%k%U%)!<%^%C%H$G$"$j!"B?$/$N>l9g!"%M%C%H%o!<%/1[$7$KDs6!(B
$B$5$l$k%3%s%F%s%D$GMxMQ$5$l$F$$$k!#(BInternet Explorer $B8~$1$N(B Quicktime
ActiveX $B%3%s%]!<%M%s%H$KLdBj$,H/8+$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$OM?$($i$l$?0z?t$X$N6-3&%A%'%C%/$,IT==J,$G$"$k$?$a$K@8(B
$B$8$k%P%C%U%!%*!<%P!<%U%m!<$NLdBj$rJz$($F$$$k!#$3$N%b%8%e!<%k$,Hs>o$KD9(B
$B$$J8;zNs$,@_Dj$5$l$?(B pluginspage $B0z?t$rH<$C$F8F$S=P$5$l$k:]$K%P%C%U%!%*!<(B
$B%P!<%U%m!<$,@8$8$k!#$3$N>uBV$O967b$KMxMQ2DG=$G$"$k$H$NJs9p$,8x3+$5$l$F(B
$B$*$j!"LdBj$N1F6A$re$G967b7$/2DG=@-$,$"$k!#(B

$B%j%b!<%H$N967b]$N%[%9%H$X$N%"%/%;%98"$r20. Savant Webserver Buffer Overflow Vulnerability
BugTraq ID: 5686
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Sep 10 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5686
$B$^$H$a(B:

Savant webserver $B$O(B Windows $B%W%i%C%H%U%)!<%`>e$GF0:n$9$k%U%j!<$N(B Web $B%5!<(B
$B%P$G$"$k!#(B

$B%P%C%U%!(B $B%*!<%P!<%U%m!<$NLdBj$,(B Savant webserver $B$K$*$$$FJs9p$5$l$F$$$k!#(B
GET $B%j%/%(%9%H$N0z?t$,(B 291 $B%P%$%H$r1[$($FM?$($i$l$?>l9g!"%9%?%C%/%*!<%P!<(B
$B%U%m!<$,@8$8$k!#$3$NLdBj$O1F6A$re$G0U?^E*$J%3!<%I$r1. Sprint Cleared of Negligence in Vice Hacks
$BCx$NEEOC2qhttp://online.securityfocus.com/news/628

2. Insecurity Plagues Emergency Alert System
$BCxD$N1F6A$rhttp://online.securityfocus.com/news/613

3. Word 97 feature spawns no-brainer pilfering exploit
$BCx](B
$B$N(B PC $BFb$+$iJ8=q$rEp$_=P$9$3$H$,2DG=$K$J$k$H$$$&LdBj$G$"$k!#(B

http://online.securityfocus.com/news/630

4. Outlook Express becomes attack platform, of sorts
$BCxe$NLdBj$K4X$7$F$O!"BP>HE*$K(B
$B6=L#$r0z$/;kE@$,8+$i$l$k!#(B
$B$3$3(B 2 $BG/4V$KH/8+$5$l$?(B Outlook ($B$"$k$$$O(B lookout) Express $B$,Jz$($kLdBj(B
$B$,%f!<%6$X1F6A$r5Z$\$9$?$a$KMxMQ$5$l$F$$$k!#$7$+$7!"%&%$%k%9BP:v%=%U%H(B
$B$d%3%s%F%s%DFbMF$N%U%#%k%?%j%s%0%=%U%H%&%'%"$rqY$9$h$&$JJ}K!$r:NMQ$7!"(B
$B$=$l$r%&%$%k%9$rEAGE$9$k$?$a$Nhttp://online.securityfocus.com/news/629

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. gateProtect v3.1
$B:nhttp://www.gateprotect.com/
$BF0:n4D6-(B: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
$B$^$H$a(B:

gateProtect $B$,Ds6!$9$k9b%;%-%e%j%F%#$r8X$k0lO"$N%U%!%$%"%&%)!<%k@=IJ$K(B
$B$h$j!"4k6H$GMxMQ$5$l$F$$$k%M%C%H%o!<%/$X$NFbIt$*$h$S30It$+$i$N967b$KBP(B
$B$7!"40A4$K%;%-%e%"$K%M%C%H%o!<%/$rJ]8n2DG=$K$J$j$^$9!#$3$N@=IJ$K$O%$%s(B
$B%?!<%M%C%H$KM3Mh$9$k%;%-%e%j%F%#%j%9%/!"%9%Q%$9T0Y!"%&%$%k%9$KM3Mh$9$k(B
$B967b$+$i%G!<%?$rJ]8n$9$kFCD'$,Hw$($i$l$F$$$^$9!#$3$N@=IJ$O?/F~8!CN%7%9(B
$B%F%`$r;HMQ$7$F!"967b$N8!CN!"KI8f!"FCDj$r9T$$$^$9!#(BgateProtect $B$,Ds6!$9(B
$B$k0lBN2=7?%U%!%$%"%&%)!<%k@=IJ$O:G9b$NG=NO!"B.EY!"$=$7$F%;%-%e%j%F%#$r(B
$B7s$MHw$(!";HMQK!$,Hs>o$KMF0W$G$"$k$H$$$&FCD'$,$"$j$^$9!#%U%!%$%"%&%)!<(B
$B%kA4BN$,%I%i%C%0%"%s%I%I%m%C%W$KBP1~$7$?(B GUI $B$r;HMQ$7$FMF0W$K@_Dj$9$k$3(B
$B$H$,2DG=$G$9!#$^$?$3$N%U%!%$%"%&%)!<%k%=%U%H%&%'%"$O@lMQ$N%3%s%T%e!<%?(B
$B$GF0:n$5$;$kI,MW$,$"$j$^$9!#(B

2. Throughput Monitor v2.0
$B:nhttp://home.uninet.ee/~ragnar/throughput_monitor/
$BF0:n4D6-(B: UNIX
$B$^$H$a(B:

Throughput Monitor $B$O%m%0%U%!%$%kCf$N%$%Y%s%HIQEY$r4F;k$7!"2r@O$r9T$$$^(B
$B$9!#$3$N%=%U%H%&%'%"$N3. PsycologIcal Security System v1.0
$B:nhttp://piss.olea.org/
$BF0:n4D6-(B: N/A
$B$^$H$a(B:

PsychologIcal Security System (P.I.S.S.) $B$OBUBF$+$D?.Mj$5$l$?%7%9%F%`4I(B
$BM}4. video-entropyd v0.1
$B:nhttp://www.vanheusden.com/ved/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

video-entropyd $B$O(B video4linux $B%G%P%$%9$+$i%+!<%M%kFb$NMp?t%I%i%$%P$X%((B
$B%s%H%m%T!<%G!<%?$rIU2C$9$k%W%m%0%i%`$G$9!#(B

5. herbix v1.0-36
$B:nhttp://cuodan.net/~sina
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

Herbix $B$O%U%m%C%T!<%G%#%9%/$GF0:n$9$k$h$&$K9=@.$5$l$?(B Linux $B%5!<%P$G$9!#(B
$B$3$N%=%U%H%&%'%"$O!"(Bipchains $B$r%5%]!<%H$7!"(BFTP$B!"(BHTTP$B!"(BIRC$B!"(BDHCP$B!"(BSMTP$B!"(B
IDENT $B%W%m%H%3!<%k$N%5!<%S%9$rDs6!$9$k$3$H$,2DG=$G$9!#(B

6. Palm::Zetetic::Strip v1.01
$B:nhttp://www.dribin.org/dave/software/perl-strip/
$BF0:n4D6-(B: Os Independent
$B$^$H$a(B:

Palm::Zetetic::Strip $B$O(B Perl 5 $B8~$1$N0lO"$N%b%8%e!<%k$G$"$j!"(BPalm Computing
$B@=IJ8~$1$K(B zetetic.net $B$+$iDs6!$5$l$F$$$k%Q%9%o!<%I$*$h$S%"%+%&%s%H%^%M!<(B
$B%8%c$G$"$k(B Strip $B8~$1$K!"(BPalm $B%G!<%?%Y!<%97A<0$N%U%!%$%k(B (PDB) $B$H$N%$%s(B
$B%?%U%'!<%9$rDs6!$7$^$9!#(BPDB $B7A<0$N%U%!%$%k$+$i%G!<%?$rFI$_=P$7!"I|9f$9$k(B
$B$?$a$K$O(B IDEA $B$*$h$S(B AES $B%"%k%4%j%:%`$rMxMQ$7$F$$$^$9!#(B

--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$B@PED6G5W(B(ISHIDA Akihisa)$B!"http://www.lac.co.jp/security/
smime.p7s