Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@SECURITYFOCUS.COM
References: <Pine.LNX.4.43.0210150854490.20958-100000@mail.securityfocus.com> <200210251526.AGJ24565.BLBJT@lac.co.jp>
Subject: SecurityFocus Newsletter #166 2002-10-7->2002-10-11(Re-post)
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Message-Id: <200210281756.AGI68733.BLTJB@lac.co.jp>
Date: Mon, 28 Oct 2002 17:57:03 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/pkcs7-signature";
    micalg=sha1; Boundary="---------1035795421-23382221"

-----------1035795421-23382221
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 166 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
BugTraq-JP $B$K4X$9$k(B FAQ($BF|K\8l(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$A$i$r$4;2>H$/$@$5$$(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SecurityFocus Newsletter $B$K4X$9$k(BFAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (sakai@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Tue, 15 Oct 2002 08:55:15 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0210150854490.20958-100000@mail.securityfocus.com>

SecurityFocus Newsletter #166
-----------------------------

This Issue Sponsored by: Wiley and Sons

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Footprints in the Sand, Part One
     2. Assessing Internet Security Risk, Part Five: Custom Web Applications
     3. Mozilla's 'Code of Silence' Isn't
     4. Shutting Down Spyware Loopholes
     5. SecurityFocus DPP Program
     6. InfoSec World Conference and Expo/2003
II. BUGTRAQ SUMMARY
     1. Microsoft Content Management Server 2001 Cross-Site Scripting...
     2. VBZoom Arbitrary File Upload Vulnerability
     3. phpLinkat Multiple Cross Site Scripting Vulnerabilities
     4. BearShare File Disclosure Variant Vulnerability
     6. IRIX 'mv' Insecure Directory Permissions Vulnerability
     7. IRIX rpcbind Symlink Vulnerability
     8. IRIX Insecure Desktop File Permissions Vulnerability
     9. IRIX uux Buffer Overflow Vulnerability
     10. Cisco Unity Default Restrictions International Operator Call...
     11. IRIX fsr_efs Symlink Vulnerability
     12. Logsurfer Off-By-One Buffer Overflow Vulnerability
     13. Cooolsoft PowerFTP Server Remote Denial Of Service Vulnerability
     14. Microsoft IIS IDC Extension Cross Site Scripting Vulnerability
     15. Oracle E-Business Suite Authentication Bypassing Vulnerability
     16. Oracle 9i Application Server Web Cache Administration Tool...
     17. Zope Failed Login Information Disclosure Vulnerability
     18. Macromedia Flash Player File Access Vulnerability
     19. Killer Protection Information Disclosure Vulnerability.
     20. ArGoSoft Mail Server Pro E-Mail HTML Injection Vulnerability
     21. Microsoft IIS Malformed HTTP HOST Header Field Denial Of...
     22. Symantec VelociRaptor Denial of Service Vulnerability
     23. NetBSD talkd Buffer Overflow Vulnerability
     24. HP Tru64 Unspecifed Remote Route Daemon Vulnerability
     25. TkMail Insecure Temporary Files Vulnerability
     26. Multiple Platforms ypserv Remote File Disclosure Vulnerability
     27. Multiple Platforms ypxfrd Remote File Disclosure Vulnerability
     28. SSGBook Image Tag HTML Injection Vulnerabilities
     30. VBZoom Remote SQL Injection Vulnerability
     31. Check Point VPN-1 IKE Aggressive Mode Forcing Vulnerability
     32. Sendmail Trojan Horse Vulnerability
     33. Citrix Published Applications Information Disclosure...
     34. PHPBB2 Avatar Images Information Disclosure Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Clues, Vandalism, Litter Sendmail Trojan Trail
     2. Outlook Express in crypto processing flaw
     3. Scottish ISP in repeat DDoS attack
     4. FBI Misused Secret Wiretaps, According to Memo
IV.SECURITYFOCUS TOP 6 TOOLS
     1. Modular Access Control System v0.6pre3 alpha
     2. libGringotts v1.0.0
     3. SEPPL v200210082244
     4. Network-Accounting Daemon for Netfilter v0.2.1
     5. MudPit v1.0
     6. SASL Library v0.0.0

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
BugTraq ID: 5922
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5922
$B$^$H$a(B:

Microsoft Content Management Server (MCMS) 2001 $B$OEE;R>&<h0zMQ(B Web $B%5%$(B
$B%H$N3+H/$*$h$S4IM}$r9T$&$?$a$N(B .NET Enterprise Server $B%7%j!<%:$N@=IJ$G(B
$B$"$k!#(B

$BJs9p$K$h$k$H!"(BMicrosoft Content Management Server 2001 $B$O%/%m%9%5%$%H%9(B
$B%/%j%W%F%#%s%0$NLdBj$rJz$($k5?$$$,$"$k!#(B

$B967b<T$OLdBj$rJz$($k%=%U%H%&%'%"$,2TF0$9$k(B Web $B%5%$%H$r;X$7<($9!"0U?^E*(B
$B$J(B HTML $B$H%9%/%j%W%H$r4^$`0-0U$"$k%O%$%Q!<%j%s%/$r:n@.2DG=$G$"$k!#$3$N(B
$B<o$N%O%$%Q!<%j%s%/$,(B Web $B%5%$%H$N%f!<%6$K$h$C$F%"%/%;%9$5$l$?>l9g!"967b(B
$B<T$K$h$C$FM?$($i$l$?%3!<%I$OLdBj$rJz$($k%=%U%H%&%'%"$,2TF0$9$k(B Web $B%5%$(B
$B%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G(B Web $B%V%i%&%6Fb$G<B9T$5$l$k!#(B

$B$3$NLdBj$O(B 'ManualLogin.asp' $B%9%/%j%W%H$KM3Mh$7$F$$$k!#967b<T$O0-0U$"$k(B
$B%9%/%j%W%H$r$3$N%9%/%j%W%H$N(B URI $B%Q%i%a!<%?(B 'REASONTXT' $B$r2p$7$FCmF~2D(B
$BG=$G$"$k!#(B

$B$3$NLdBj$OG'>Z:Q$N%f!<%6$+$i(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$rEp$_=P$9$?$a(B
$B$N967b$KMxMQ2DG=$G$"$k!#B>$N967b$K$D$$$F$b0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B

2. VBZoom Arbitrary File Upload Vulnerability
BugTraq ID: 5926
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5926
$B$^$H$a(B:

VBZoom $B$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$?EE;R7G<(HD%7%9%F%`$G$"$k!#(B

VBZoom 1.01 $B$K$O967b<T$,LdBj$rJz$($k%=%U%H%&%'%"$r2TF0$7$F$$$k%7%9%F%`(B
$B$XG$0U$N%U%!%$%k$r%"%C%W%m!<%I2DG=$K$J$k$H?d;!$5$l$kLdBj$,H/8+$5$l$F$$(B
$B$k!#(B

$B$3$NLdBj$O(B VBZoom $B$,<u$1F~$l$?%U%!%$%k$N<oN`$K4X$9$kBEEv@-$N3NG'$rE,@Z(B
$B$K9T$C$F$$$J$$$?$a$K@8$8$F$$$k!#BEEv@-$N3NG'$O%/%i%$%"%s%HB&$G2r<a$5$l(B
$B$k(B JavaScript $B$rMxMQ$7$F9T$o$l$F$$$k!#$3$NLdBj$O(B 'add-subject.php' $B%9%/(B
$B%j%W%HFb$KB8:_$9$k!#967b<T$O%"%C%W%m!<%IBP>]$H$J$k0U?^E*$J%U%!%$%k$r;X(B
$BDj$9$k$3$H$K$h$j$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B

$B$3$NJ}K!$rMxMQ$7$F%"%C%W%m!<%I$5$l$?%U%!%$%k$O!"%"%C%W%m!<%I@h$N%U%!%$(B
$B%k%7%9%F%`Fb$N(B 'download/' $B%G%#%l%/%H%j$X3JG<$5$l$k!#0U?^E*$J%U%!%$%k$r(B
$B967bBP>]$N%3%s%T%e!<%?$X%"%C%W%m!<%I$9$k5!2q$rM?$($k$3$H$G!"967b<T$O0-(B
$B0U$"$k(B PHP $B%U%!%$%k$rLdBj$rJz$($k%7%9%F%`$X%"%C%W%m!<%I$9$k$?$a$K$3$NLd(B
$BBj$rMxMQ2DG=$G$"$k!#;2>H$5$l$?$$$:$l$N0-0U$"$k(B PHP $B%U%!%$%k$b(B VBZoom $B$r(B
$BMxMQ$7$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k!#(B

$B$3$NLdBj$O(B VBZoom 1.01 $B$GH/8+$5$l$F$$$k!#B>$N%P!<%8%g%s$K$*$$$F$bF1MM$N(B
$BLdBj$,B8:_$9$k$+$I$&$+$OL$>\$G$"$k!#(B

3. phpLinkat Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 5890
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5890
$B$^$H$a(B:

phpLinkat $B$O(B Web $B%$%s%?%U%'!<%9$rHw$($k%O%$%Q!<%j%s%/$N%$%s%G%C%/%9$r:n(B
$B@.$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B PHP $B$rMxMQ$7$F<BAu$5$l$F$*(B
$B$j!"(BMicrosoft Windows$B!"(BLinux$B!"$=$NB>(B UNIX $BM3Mh$N(B OS $B$GMxMQ2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMx(B
$BMQ$9$k967b$N1F6A$r<u$1$k5?$$$,$"$k!#(B
$BLdBj$O(B showcat.php $B$*$h$S(B addyoursite.php $B$KB8:_$9$k!#(B

$B967b<T$O967b$rA[Dj$7$F$$$J$$%f!<%6$r(B HTML $B$d(B $B%9%/%j%W%H$r4^$`0-0U$"$k%O(B
$B%$%Q!<%j%s%/$KM6F3$9$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k2DG=@-(B
$B$,$"$k!#967b<T$K$h$C$FM?$($i$l$?(B HTML $B$d%9%/%j%W%H$O(B Web $B%/%i%$%"%s%H>e(B
$B$G!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s(B
$B%F%-%9%H$G<B9T$5$l$k$H?d;!$5$l$k!#(B

$B967b<T$O@x:_E*$K(B Web $B%3%s%F%s%D$N2~$6$s$d(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$r(B
$B@`<h$9$k$?$a$K$3$NLdBj$rMxMQ$9$k967b$r9T$&2DG=@-$,$"$k!#967bBP>]$N%f!<(B
$B%6$H$7$F0U?^E*$J9T0Y$r9T$&$3$H$b2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B phpLinkat 0.1.0 $B$K$*$$$FH/8+$5$l$F$$$k!#(B

4. BearShare File Disclosure Variant Vulnerability
BugTraq ID: 5888
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5888
$B$^$H$a(B:

BearShare $B$O(B Microsoft Windows $B4D6-8~$1$N%U%!%$%k6&M-MQ%f!<%F%#%j%F%#$G(B
$B$"$k!#(B

BearSgare $B$,(B Website $B%b!<%I$G2TF02DG=$J4V!"%f!<%6$O$3$N%=%U%H%&%'%"$KE:(B
$BIU$5$l$F$$$k(B Web $B%5!<%P$rMxMQ$7$F%U%!%$%k$r8x3+2DG=$G$"$k!#(B

BearShare $B$KIUB0$9$k(B Web $B%5!<%P%W%m%0%i%`$OK\MhJ]8n$5$l$?HO0O30$N%G%#%l(B
$B%/%H%j$XAjBPE*$K%"%/%;%9$7F@$k967b$N1F6A$,5Z$V5?$$$,$"$k!#$3$NLdBj$K$h(B
$B$j!"967b<T$O(B Web $BMQ$N2>A[%k!<%H%G%#%l%/%H%j$NHO0O30$N%G%#%l%/%H%j$K%"%/(B
$B%;%9$7!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k%3%s%T%e!<%?$N%U%!%$%k%7%9%F%`(B
$B>e$r;2>H2DG=$K$J$k$H?d;!$5$l$k!#967b<T$O0J2<$K<($9$h$&$J%(%s%3!<%I$5$l(B
$B$?CM$r4^$`(B URL $B$rMQ$$$k!"0-0U$"$k(B HTTP $B%j%/%(%9%H$rMQ$$$F$3$NLdBj$rMxMQ(B
$B$9$k967b$r4k$F$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B BID 2672 $B$K<($5$l$F$$$kLdBj$NJQ<o$G$"$k!#(B
$B$3$NJQ<o$rMxMQ$9$k967b$O%P!<%8%g%s(B 4.0.6 $B$KBP$7$F$O1F6A$r5Z$\$5$J$$!#(B
$B$7$+$7!"(BWeb $B%5!<%P$KBP$7$F(B URL $B%(%s%3!<%I$5$l$?FbMF$r4^$`(B HTTP $B%j%/%(%9(B
$B%H$rMQ$$$k$3$H$rMxMQ$9$k%U%!%$%k$N3+<($r0z$-5/$3$9$3$H$O2DG=$G$"$k!#(B
$B0J2<$NNc$O(B BearShare 4.0.6 $B$KBP$7$F$bM-8z$J967b$NJQ<o$G$"$k!#(B

http://target:6346/%5c..%5c..%5c..%5cwindows%5cwin%2eini

5. Microsoft Windows XP System Restore Folder Permissions Weakness
BugTraq ID: 5894
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5894
$B$^$H$a(B:

Microsoft Windows XP $B$K$O(B System Restore $B$H>N$9$k!"%f!<%6$,%=%U%H%&%'%"(B
$B$N%$%s%9%H!<%k$d%O!<%I%&%'%"MQ$N%I%i%$%P$N%$%s%9%H!<%k$K:]$7$FLdBj$rJz(B
$B$($k:]$KFCDj$N%A%'%C%/%]%$%s%H$G%7%9%F%`$N>uBV$r%m!<%k%P%C%/2DG=$K$J$k(B
$B5!G=$rHw$($F$$$k!#$3$N5!G=$O(B System Volume Information $B$H>N$9$k%U%)%k%@(B
$B$X>pJs$r5-O?$7$F$$$k!#$3$N%U%)%k%@$K$O$=$l$>$l$N%l%9%H%"MQ$N%A%'%C%/%](B
$B%$%s%HKh$KDL>o9b0L$N8"8B$r;}$?$J$$%f!<%6$G$"$l$P%"%/%;%9ITG=$J$O$:$N%l(B
$B%8%9%H%j>pJs$r4^$`%U%)%k%@$,:n@.$5$l$F$$$k!#(B

System Volume Information $B%U%)%k%@$O4IM}<T8"8B$r;}$D%f!<%6$K$h$C$F$N$_(B
$B%"%/%;%92DG=$G$"$k!#$7$+$7!"$3$N%U%)%k%@Fb$N%U%)%k%@$O$$$+$J$k%"%/%;%9(B
$B%3%s%H%m!<%k$b@_Dj$5$l$F$$$J$$$?$a!"9b0L$N8"8B$r;}$?$J$$%f!<%6$K$h$C$F(B
$B%"%/%;%9$,2DG=$J>uBV$J$N$G$"$k!#(B

$B9b0L$N8"8B$r;}$?$J$$%f!<%6$O>pJs$,3JG<$5$l$F$$$k%U%)%k%@$X$N%Q%9$r0J2<(B
$B$K<($9J}K!$rMQ$$$F%l%8%9%H%j>pJs$X$N%/%(%j$r9T$&$3$H$GF~<j2DG=$G$"$k!#(B

reg query "HKLM\System\CurrentControlSet\Control\BackupRestore\FilesNotToBackup" /v "System Restore"

$B%f!<%6$,%Q%9>pJs$rF~<j$7F@$?>l9g!"%f!<%6$O>e0L%G%#%l%/%H%j$N%"%/%;%9%3(B
$B%s%H%m!<%k$r2sHr$7!"D>@\%G%#%l%/%H%j$r;2>H2DG=$G$"$k!#$=$N8e!"9b0L$N8"(B
$B8B$r;}$?$J$$%f!<%6$OEv3:%U%)%k%@Fb$K4^$^$l$kA4$F$N%U%!%$%k$H%U%)%k%@A4(B
$BBN$X%"%/%;%9$r9T$&$H?d;!$5$l$k!#(B

6. IRIX 'mv' Insecure Directory Permissions Vulnerability
BugTraq ID: 5893
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5893
$B$^$H$a(B:

mv $B%3%^%s%I$O%U%!%$%k$d%G%#%l%/%H%j$NL>A0$NJQ99$KMQ$$$i$l$k%W%m%0%i%`$G(B
$B$"$k!#$3$N%3%^%s%I$OB?$/$N(B UNIX $B$K$*$$$F%G%U%)%k%H$G%$%s%9%H!<%k$5$l$k(B
$BI8=`E*$J%D!<%k$G$"$k!#(B

IRIX $B$KF1:-$5$l$F$$$k(B mv $B%3%^%s%I$K$OLdBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"%G%#%l%/%H%j$NL>>N$rJQ99$9$k:]!"(Bmv $B%3%^%s%I$O?7$7$$%G%#%l(B
$B%/%H%j$N%Q!<%_%C%7%g%s$K8E$$%G%#%l%/%H%j$N%Q!<%_%C%7%g%s$r7Q>5$5$;$F$$(B
$B$J$$!#?7$7$$%G%#%l%/%H%j$O$$$+$J$k%f!<%6$G$"$C$F$b=q$-9~$_2DG=$J%Q!<%_%C(B
$B%7%g%s$G:n@.$5$l$F$7$^$&$N$G$"$k!#(B

$B$3$NLdBj$K$h$j!"K\Mh%"%/%;%98"8B$r;}$AF@$J$$%f!<%6$,=EMW$J%U%!%$%k$d;q(B
$B8;$rFI$_=P$;!"$^$?!"2~JQ2DG=$K$J$k!#(B

7. IRIX rpcbind Symlink Vulnerability
BugTraq ID: 5889
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5889
$B$^$H$a(B:

rpcbind $B$O(B RPC $B%W%m%0%i%`HV9f$r%f%K%P!<%5%k%"%I%l%9$XJQ49$9$k%5!<%P$G$"(B
$B$k!#$3$N%=%U%H%&%'%"$O!"%3%s%T%e!<%?>e$G%G!<%b%s$H$7$F(B RPC $B8F$S=P$7$rM-(B
$B8z2=$7$F$"$k4D6-$G$OI,$:<B9T$5$;$F$*$+$M$P$J$i$J$$!#(B
$B$3$N%G!<%b%s$O(B IRIX $B$G$O(B eoe.sw.svr4net $B%Q%C%1!<%8$K4^$^$l$F$$$k!#(B

rpcbind $B$N(B -w $B%9%$%C%A$rMxMQ$9$k:]$KLdBj$,H/8+$5$l$F$$$k!#(B
rpcbind $B$OITE,@Z$K%7%s%\%j%C%/%j%s%/$rC)$k$?$a!"@x:_E*$K0U?^$9$k%U%!%$(B
$B%k$,GK2u$J$$$7>e=q$-$5$l$k7k2L$r>7$/$H?d;!$5$l$k!#(B

-w $B%9%$%C%A$O%&%)!<%`%V!<%H$r2DG=$K$9$k$?$a$KMxMQ$5$l$k%*%W%7%g%s$G!"(B
$B=hM}$,CfCG8e$N(B rpcbind $B$N5!G=I|5l$rMF0W$K9T$($k$h$&$K$9$k$b$N$G$"$k!#(B

rpcbind $B$,(B -w $B%9%$%C%A$rH<$C$F5/F0$5$l$?>l9g!"$3$N%W%m%0%i%`$O(B /tmp $B%G%#(B
$B%l%/%H%jFb$N%U%!%$%k$rMxMQ$7$FEPO?:Q$N%5!<%S%90lMw$N5-O?$r;n$_$k!#0l;~(B
$B%G%#%l%/%H%jFb$N%U%!%$%k$O(B rpcbind $B$N%W%m%;%9$,(B SIGINT $B$J$$$7(B SIGTERM
$B%7%0%J%k$r<u$1<h$C$?:]$K=q$-9~$^$l$k!#(B
rpcbind $B$OITE,@Z$K%7%s%\%j%C%/%j%s%/$rC)$k$?$a!"(Brpcbind $B$,$3$l$i%7%0%J(B
$B%k$r<u$1<h$k:]!"@x:_E*$K0U?^$9$k%U%!%$%k$,GK2u$J$$$7>e=q$-$5$lF@$k$H?d(B
$B;!$5$l$k!#(B

rpcbind $B$N%W%m%;%9$K$h$C$F=q$-9~$_2DG=$J=EMW$J%U%!%$%k$OGK2u$5$l!"7k2L(B
$B$H$7$F(B DoS $B$K4Y$k$H?d;!$5$l$k!#967b<T$,0U?^E*$KAH$_N)$F$i$l$?%G!<%?$G%U%!(B
$B%$%k$rGK2u2DG=$G$"$k>l9g!"8"8B>:3J$,2DG=$K$J$k$H9M$($i$l$k!#(B

eoe.sw.svr4net $B%Q%C%1!<%8$K4^$^$l$k(B rpcbind $B$O%G%U%)%k%H$G$O%$%s%9%H!<%k(B
$B$5$l$J$$E@$ON10U$5$l$k$Y$-$G$"$k!#(B

8. IRIX Insecure Desktop File Permissions Vulnerability
BugTraq ID: 5895
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5895
$B$^$H$a(B:

SGI IRIX $B$OFCDj$N0l;~%U%!%$%k$N%Q!<%_%C%7%g%s$r%;%-%e%"$G$O$J$$>uBV$K@_(B
$BDj$7$F$$$k!#(B

SGI $B$O(B IRIX $B$,0l;~E*$KMxMQ$9$k%G%9%/%H%C%W4D6-MQ$N%U%!%$%k$O$$$+$J$k%f!<(B
$B%6$G$"$C$F$b=q$-9~$_2DG=$J%Q!<%_%C%7%g%s$G$"$k$3$H$r8xI=$7$F$$$k!#(B
$B$3$N$?$a!"%m!<%+%k$N967b<T$O@x:_E*$K$3$l$i%U%!%$%k$r0U?^E*$KAH$_N)$F$i(B
$B$l$?%G!<%?$G2~JQ$7$?$j!"%H%m%$$NLZGO$r;E9~$`2DG=@-$,$"$k!#(B

$B$3$NLdBj$N1F6AHO0O$O0l;~E*$K:n@.$5$l$k!"FCDj$N%G%9%/%H%C%W4D6-MQ$N%U%!(B
$B%$%k$NFbMF$K?<$/0MB8$7$F$$$k!#Js9p$K$h$k$H!"LdBj$r<u$1$k0l;~E*$K:n@.$5(B
$B$l$k%U%!%$%k$O3F%f!<%6$N%[!<%`%G%#%l%/%H%jFb$KB8:_$7$F$$$k!#(B

9. IRIX uux Buffer Overflow Vulnerability
BugTraq ID: 5892
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5892
$B$^$H$a(B:

uux $B$O(B UUCP $B4D6-$G%3%^%s%I$r<B9T$9$k$?$a$KMxMQ$5$l$k%W%m%0%i%`$G$"$j!"(BIRIX
$B$K$*$$$F$bF1:-$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$K%P%C%U%!%*!<%P!<%U%m!<$NLdBj$,H/8+$5$l$F$$$k!#(B

uux $B%f!<%F%#%j%F%#$O%G%U%)%k%H$G(B setgid $B%S%C%H$,N)$F$i$l$?>uBV$G%$%s%9%H!<(B
$B%k$5$l!"$3$NLdBj$rMxMQ$9$k967b$r9T$&$3$H$G!"7k2L$H$7$F8"8B$N>:3J$rH<$&96(B
$B7b<T$N0U?^$9$k%3!<%I$N<B9T$,2DG=$G$"$k!#%P%C%U%!%*!<%P!<%U%m!<$N860x$K4X(B
$B$9$k>\:Y$J5;=QE*GX7J$O$^$@8x3+$5$l$F$$$J$$!#(B

uux $B$O(B eoe.sw.uucp $B%Q%C%1!<%8$N0lIt$G$"$j!"%G%U%)%k%H$G$O%$%s%9%H!<%k$5(B
$B$l$J$$$3$H$KN10U$9$Y$-$G$"$k!#(B

$B$3$NLdBj$O!"(BBID 2947 $B$K5-=R$5$l$F$$$kLdBj$HF1<o$NLdBj$G$"$k$H9M$($i$l$k!#(B

10. Cisco Unity Default Restrictions International Operator Call Forwarding Vulnerability
BugTraq ID: 5896
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5896
$B$^$H$a(B:

Unity $B$O!"%f!<%6$N<u?.%H%l%$$KF~$k2;@<%a%C%;!<%8$d!"(BFAX $B!"%a!<%k$r0l854I(B
$BM}$9$k$?$a$K@_7W$5$l$?(B Cisco $B<R$N%=%U%H%&%'%"@=IJ$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O%f!<%6$,G'>Z$r9T$o$:$K%"%/%;%92DG=$G$"$k$H$$$&LdBj$rJz(B
$B$($F$$$k!#(B

$BFCDj$N4D6-2<$K$*$$$F!"%f!<%6$O!"5v2D$5$l$F$$$J$$08@h$KEEOC$rE>Aw2DG=$G(B
$B$"$k$H?d;!$5$l$k!#(BUnity $B%=%U%H%&%'%"$K$h$C$F<B9T$5$l$k%G%U%)%k%H$N@)8B(B
$B@_Dj$G$O!"%f!<%6$,(B 9 011 $B$+$i;O$^$kEEOC2q<R(B ($B%@%$%"%kD>DL9q:]EEOC(B) $B$XEE(B
$BOC$rE>Aw$9$k$3$H$rKI;_$7$F$$$k!#(B
$B$7$+$79q:]EEOC$N%*%Z%l!<%?7PM3$G$NDLOC$rKI;_$9$k<jCJ$O<h$i$l$F$$$J$$!#(B

$B9q:]EEOC$r<h$j07$&%*%Z%l!<%?$H$OE57?E*$K(B 9 00 $B$r2p$7$FO"Mm2DG=$G$"$k!#(B
$B$3$NHV9f$XEEOC$rE>Aw$9$k$3$H$G!"9q:]EEOC$r<h$j07$&%*%Z%l!<%?7PM3$G$NDL(B
$BOC$r$I$N$h$&$J>l=j$X$b9T$$!"(BUnity $B%=%U%H%&%'%"$rMxMQ$7$F$$$k%5%$%H$KEE(B
$BOCNA6b$r@A5a$5$;$k$3$H$,2DG=$G$"$k!#967b<T$O$3$NLdBj$rMxMQ$9$k967b$r9T(B
$B$&$?$a$K!"LdBj$rJz$($k(B Unity $B%7%9%F%`>e$N%"%+%&%s%H$X$N%"%/%;%98"$rJ];}(B
$B$7$F$$$J$1$l$P$J$i$J$$$3$H$KN10U$9$Y$-$G$"$k!#(B

11. IRIX fsr_efs Symlink Vulnerability
BugTraq ID: 5897
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5897
$B$^$H$a(B:

fsr_efs $B$O(B EFS $B%U%!%$%k%7%9%F%`$r%^%&%s%H$7$F$$$k4D6-$r2~A1$9$k%f!<%F%#(B
$B%j%F%#$G$"$k!#$3$N%f!<%F%#%j%F%#$O(B IRIX $B$K%G%U%)%k%H$G%$%s%9%H!<%k$5$l(B
$B$k(B eoe.sw.base $B%Q%C%1!<%8$KF1:-$5$l$F$$$k!#(B

fsr_efs $B%f!<%F%#%j%F%#$K$OLdBj$,H/8+$5$l$F$$$k!#(B

fsr_efs $B$O%U%!%$%k%7%9%F%`$N:FJT@.$,=*N;$7$?$N$r3NG'$9$k$?$a$K!"(B
/var/tmp/.fsrlast 
$B$K%U%!%$%k%7%9%F%`$K4X$9$k>pJs$r5-O?$7!":F$S<B9T$9$k:]$K$=$l$r;2>H$9$k!#(B

SGI $B$K$h$k$H!"(Bfsr_efs $B$O(B /var/tmp/.fsrlast $B%U%!%$%k$K%"%/%;%9$9$k(B
$B:]$K!"%7%s%\%j%C%/%j%s%/$rITE,@Z$K$bC)$C$F$7$^$&$N$G$"$k!#(B

$B0-0U$"$k%f!<%6$K$h$j$3$NLdBj$rMxMQ$9$k967b$,2DG=$G$"$j!"(Bfsr_efs $B$N%W%m(B
$B%;%9$K$h$C$F=q$-9~$_2DG=$J=EMW$J%U%!%$%k$OGK2u$5$l!"7k2L$H$7$F(B DoS $B$K4Y(B
$B$k2DG=@-$,$"$k!#(B

12. Logsurfer Off-By-One Buffer Overflow Vulnerability
BugTraq ID: 5898
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5898
$B$^$H$a(B:

Logsurfer $B$O!"(BUNIX $B$d(B Linux $B$GMxMQ2DG=$G$"$j!"(Bswatch $B$HF1MM$J%m%02r@O%W(B
$B%m%0%i%`$G$"$k!#(B

Logsurfer $B$K$OLdBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"FCDj$N4D6-2<$K$*$$$F0U?^E*$K:n@.$7$?%m%0%(%s%H%j$K$h$j0l(B
$B$D$:$l(B (off-by-one) $B$KM3Mh$9$k%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$9$3$H$,(B
$B2DG=$G$"$k!#$3$NLdBj$O!"8!:wJ8;zNs$K9gCW$7$?J8;zNs$ND9$5$r7W;;$9$k;~$K(B
$BH/@8$7!"(Bcontext.c $BFb$N(B context_action() $B4X?t$KM3Mh$7$F$$$k!#%*!<%P!<%U(B
$B%m!<$r0z$-5/$3$9$3$H$K$h$C$F!"%R!<%WNN0h$N%a%b%j$,GK2u$5$l$k$H?d;!$5$l(B
$B$k!#FCDj$N4D6-2<$G$O(B logsurfer $B$N%W%m%;%9$,=*N;$9$k2DG=@-$,$"$k!#(B

$BL$3NG'$G$"$k$,!"967b<T$OG$0U$N%3!<%I$r<B9T2DG=$G$"$k$3$H$b?d;!$5$l$k!#(B

13. Cooolsoft PowerFTP Server Remote Denial Of Service Vulnerability
BugTraq ID: 5899
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5899
$B$^$H$a(B:

PowerFTP $B%5!<%P$O!"(BMicrosoft Windows $B%W%i%C%H%U%)!<%`$GMxMQ2DG=$J%7%'%"(B
$B%&%'%"$N(B FTP $B%5!<%P$G$"$k!#$3$N%"%W%j%1!<%7%g%s$O!"(BCoolsoft $B$K$h$jHNGd!"(B
$BJ]<i$,9T$o$l$F$$$k!#(B

PowerFTP $B$,Jz$($kLdBj$K$h$j!"%j%b!<%H$N%f!<%6$O%5!<%P$N@5Ev$J%f!<%6$X$N(B
$B%5!<%S%9$rAK32$9$k$h$&$K;E8~$1$k$3$H$,2DG=$G$"$k!#(B

PowerFTP $B%5!<%P$OD9$$%f!<%6L>$rE,@Z$K=hM}$7$J$$LdBj$,Js9p$5$l$F$$$k!#(B
3000 $BJ8;z0J>e$N%f!<%6L>$,F~NO$5$l$k;~$K%5!<%P$OIT0BDj$K$J$k!#$3$NLdBj$r(B
$BMxMQ$9$k967b$K$h$jE57?E*$K$O%5!<%P$O%/%i%C%7%e$9$k!#(BFTP $B%5!<%S%9$r2sI|(B
$B$9$k$?$a$K$O<jF0$K$h$k:F5/F0$,I,MW$G$"$k!#(B

$B$3$NLdBj$O967b$KMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$G$"$k$H8+$J$5$l$k!#(B
$B$b$7!"$3$NLdBj$rMxMQ$9$k967b$,2DG=$J>l9g!"967b<T$O(B PowerFTP $B%5!<%P$N<B(B
$B9T8"8B$G0U?^$9$k%3!<%I$r<B9T2DG=$G$"$k!#$3$N%5!<%S%9$ODL>o(B SYSTEM $B8"8B(B
$B$G<B9T$5$l$k$H?d;!$5$l$k!#(B

14. Microsoft IIS IDC Extension Cross Site Scripting Vulnerability
BugTraq ID: 5900
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5900
$B$^$H$a(B:

Microsoft Internet Information Server (IIS) $B$,Jz$($kLdBj$K$h$j!"%/%m%9(B
$B%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rMxMQ$9$k967b$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$BJs9p$K$h$k$H!"LdBj$O(B Microsoft IIS Internet Database Connector (.idc)
$B7A<0$N%U%!%$%k$N<h$j07$$ItJ,$KB8:_$9$k!#(Bidc $B7A<0$N%U%!%$%k$O(B Microsoft
Frontpage $B4D6-$r@.$9(B 1 $B%3%s%]!<%M%s%H$G$"$k!#(Bidc $B7A<0$N%U%!%$%k$O(B Microsoft
$B@=$N%G!<%?%Y!<%9@=IJ$H$NDL?.$rMF0W$K$7!"(BWeb $B%5!<%P$K>pJs$rDs6!$9$k!#(B

IIS $B$,(B .idc $B7A<0$N%U%!%$%k$KBP$9$k(B HTTP $B%j%/%(%9%H$r<u$1<h$k:]!"$=$N%Z!<(B
$B%8$,B8:_$7$J$$>l9g$O!"DL>o%5!<%P$O(B 404 $B%(%i!<$r<($9%Z!<%8$rJV$9!#$7$+$7!"(B
$BD9$$(B URL $B!"$+$DKvHx$K(B .idc $B$N3HD%;R$,IU$/(B HTTP $B%j%/%(%9%H$,(B IIS $B$KM?$((B
$B$i$l$k:]$K$O!"(BHTTP $B%j%/%(%9%H$K4^$^$l$k(B URL $B$NA4$F$,F~NOCM$KBP$9$k%U%#(B
$B%k%?%j%s%0$,9T$o$l$J$$$^$^$G%(%i!<%Z!<%8$H$7$FJV$5$l$F$7$^$&$N$G$"$k!#(B
$B$3$N7k2L!"0U?^$9$k%3!<%I$,<B9T2DG=$K$J$k!#(B

$B$3$NLdBj$K$h$j!"967b<T$OLdBj$rJz$($k%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-(B
$B%9%H$G%9%/%j%W%H$r<B9T2DG=$G$"$k$H?d;!$5$l$k!#$3$NLdBj$rMxMQ$9$k967b$r(B
$B9T$&$?$a$K$O!"(B334 $B%P%$%H$N(B URL $B$K0z$-B3$-%9%/%j%W%H$rCmF~$9$kI,MW$,$"$k!#(B
$B$3$NLdBj$,0JA0$N(B IIS $B$N%P!<%8%g%s$K1F6A$9$k$+$I$&$+$OITL@$G$"$k!#(B

15. Oracle E-Business Suite Authentication Bypassing Vulnerability
BugTraq ID: 5901
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5901
$B$^$H$a(B:

E-Business Suite $B$O(B Oracle $B$K$h$jG[I[!"J]<i$5$l$F$$$k!"%*%s%i%$%s%S%8%M(B
$B%9$r;Y1g$9$k%=%U%H%&%'%"72$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"G'>Z$rH<$o$:$K%j%b!<%H$N%f!<%6$O%"(B
$B%/%;%98"$rC%<h2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$$$/$D$+$N%Q%C%A%l%Y%k$N$3$N%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"%f!<%6G'>Z(B
$B$,2sHr2DG=$K$J$k$3$H$,Js9p$5$l$F$$$k!#LdBj$O(B AolSecurityPrivate.class
$B%U%!%$%k$K4^$^$l$F$*$j!"$3$N%=%U%H%&%'%"$N<BAu$K4X$9$kCN<1$rM-$9$k%f!<(B
$B%6$OG'>Z$r2sHr$9$k$3$H$,2DG=$G$"$k!#(B

$B%P!<%8%g%s(B 115.7 $B$+$i(B 115.18 $B$^$G$N(B AolSecurityPrivate.class $B%U%!%$%k$,(B
$BB8:_$9$k%7%9%F%`$K$N$_LdBj$,@8$8$k$3$H$KN10U$9$k$Y$-$G$"$k!#$3$N%U%!%$(B
$B%k$ODL>o(B apps.zip $B%U%!%$%kCf$N(B $JAVA_TOP $B%G%#%l%/%H%jFb$K%"!<%+%$%V$5$l(B
$B$F$$$k!#(B

16. Oracle 9i Application Server Web Cache Administration Tool Denial Of Service Vulnerability
BugTraq ID: 5902
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5902
$B$^$H$a(B:

Oracle 9i Application Server (9iAS) $B$G$O(B Web $B4IM}%b%8%e!<%k$r2p$7!"%j%b!<(B
$B%H$+$i$N4IM}$,2DG=$G$"$k!#$3$N%=%U%H%&%'%"$,Jz$($kLdBj$O(B Microsoft Windows
$B>e$G2TF0$9$k(B Oracle 9iAS $B$K1F6A$r5Z$\$9!#(B

Oracle 9iAS $B$KF1:-$5$l$F$$$k(B Web $B4IM}%b%8%e!<%k$,Jz$($kLdBj$K$h$j!"(BDoS
$B$K4Y$k2DG=@-$,Js9p$5$l$F$$$k!#(B

$B0U?^E*$KAH$_N)$F$i$l$?%j%/%(%9%H$,(B Web $B4IM}%b%8%e!<%k$KAw?.$5$l$k:]$K!"(B
$B$3$N%b%8%e!<%k$OM=B,ITG=$J5sF0$r<($92DG=@-$,$"$k!#$3$N%b%8%e!<%k$K0-0U(B
$B$r;}$C$FAH$_N)$F$i$l$?%j%/%(%9%H$rAw?.$9$k$3$H$K$h$j!"4IM}%5!<%P$r%/%i%C(B
$B%7%e$5$;$k$3$H$,2DG=$G$"$k!#%5!<%S%9$NI|5l$r9T$&$?$a$K$O%5!<%P$N<jF0A`(B
$B:n$K$h$k:F5/F0$,I,MW$G$"$k!#(B

$B$3$NLdBj$O(B Web $B4IM}%b%8%e!<%k$N$_$K1F6A$r5Z$\$9$3$H$KN10U$9$Y$-$G$"$k!#(B
Web $B4IM}%b%8%e!<%k$O%5!<%P$N@lMQ$N%]!<%HHV9f%3%M%/%7%g%s$rBT$A<u$1$F$$(B
$B$k!#(B

17. Zope Failed Login Information Disclosure Vulnerability
BugTraq ID: 5903
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5903
$B$^$H$a(B:

Zope $B$O%*!<%W%s%=!<%9$N(B Web $B%"%W%j%1!<%7%g%s%5!<%P$G$"$j!"(BZope Project
$B$K$h$C$FJ]<i$5$l$F$$$k!#$3$N%=%U%H%&%'%"$O(B Linux$B!"(BUNIX $B$*$h$S(B Microsoft
Windows $B$GMxMQ2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"4IM}%$%s%?%U%'!<%9$X$N%m%0%$%s$,<:GT$7$?8e$K%f!<%6$,(B 'Cancel'
$B$rA*Br$7$?>l9g$K!"$3$N%=%U%H%&%'%"$O%Q%9>pJs$r3+<($7$F$7$^$&!#$3$N>pJs(B
$B$O%(%i!<%Z!<%8I=<(8e$K=PNO$5$l$k%9%?%C%/%H%l!<%9Cf$GO31L$5$l$k!#(B

$B967b<T$,%U%!%$%k%7%9%F%`$N>\:Y$K4X$9$k>pJs$r<hF@2DG=$G$"$k>l9g!"$3$N>p(B
$BJs$O7k2L$H$7$F!"967bBP>]$N%3%s%T%e!<%?$KBP$9$k99$J$k967b$r9T$&$K$"$?$j(B
$BM-1W$J>pJs$H$J$k$H?d;!$5$l$k!#(B

18. Macromedia Flash Player File Access Vulnerability
BugTraq ID: 5904
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5904
$B$^$H$a(B:

Maromedia Flash $B$O$h$j=<<B$7$?(B Web $B%3%s%F%s%D$,1\Mw$G$-$k$h$&$K@_7W$5$l(B
$B$?%b%8%e%i!<%Q%C%1!<%8$G$"$j!"%f!<%6$OMM!9$J%^%k%A%a%G%#%"(B Web $B%3%s%F%s(B
$B%D$N1\Mw2DG=$G$"$k!#(BFlash player $B$N$$$/$D$+$N%P!<%8%g%s$K%(%i!<$,Js9p$5(B
$B$l$F$$$k!#0-0U$"$k(B Flash $B%"%K%a!<%7%g%s$O0U?^$9$k%m!<%+%k%U%!%$%k$rFI$_(B
$B=P$72DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B Flash Player $B$,%j%b!<%H$N(B SMB $B%M%C%H%o!<%/6&M-;q8;$+$i%"%K%a!<(B
$B%7%g%s%U%!%$%k$rFI$_9~$`:]$N=hM}$N8m$j$KM3Mh$7$F$$$k!#(B
$B$3$N%=%U%H%&%'%"$,(B SMB $B%M%C%H%o!<%/6&M-;q8;$+$i%"%K%a!<%7%g%s%U%!%$%k$r(B
$BFI$_9~$`:]!"$=$l$O%f!<%6$,%m!<%+%k%G%#%9%/$+$i%U%!%$%kFI$_=P$9$N$HF1MM(B
$B$K<h$j07$o$l$k$N$G$"$k!#(B

$B$3$NLdBj$K$h$j!"967b<T$O$3$N%=%U%H%&%'%"$N(B XML $B%3%s%H%m!<%k$r2p$7$F%m!<(B
$B%+%k%U%!%$%k$NFbMF$r1\Mw2DG=$K$J$k$H?d;!$5$l$k!#(B

$B967b<T$O967bBP>]$N%f!<%6$r0-0U$"$k(B flash $B%"%K%a!<%7%g%s$r%@%&%s%m!<%I$7!"(B
$B1\Mw$9$k$h$&M6F3$9$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$r9T$&$3$H$,2DG=(B
$B$G$"$k!#%U%!%$%k$,FI$_9~$^$l$?:]$K!"0-0U$"$k(B flash $B%"%K%a!<%7%g%s$O(B
Flash Player $B$K4{CN$N%m!<%+%k%U%!%$%k$NFbMF$rFI$_=P$5$;$k!#$3$NJ}K!$G<h(B
$BF@$5$l$?>pJs$O!"967b<T$,LdBj$rJz$($k%7%9%F%`$KBP$9$k$5$i$J$k967b!"$^$?(B
$B@x:_E*$KGK2uE*$J967b$r2DG=$K$9$k$H?d;!$5$l$k!#(B

19. Killer Protection Information Disclosure Vulnerability.
BugTraq ID: 5905
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: Oct 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5905
$B$^$H$a(B:

Killer Protection $B$O!"(BWeb $B%Z!<%8>e$N=EMW$J>pJs$rJ]8n$9$k$3$H$rL\E*$H$9$k(B
$B%9%/%j%W%H$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$OLdBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"K\Mh%"%/%;%98"8B$r;}$?$J$$%f!<%6$,(B Killer Protection $B$N%f!<(B
$B%6G'>Z$K;HMQ$5$l$k(B 'vars.inc' $B%U%!%$%k$X%"%/%;%9$9$k$3$H$,2DG=$G$"$k!#(B
$B$3$N%U%!%$%k$+$iF@$?>pJs$rMxMQ$9$k$3$H$G967b<T$OG$0U$N%f!<%6$H$7$F=EMW$J(B
$B%Z!<%8$K%m%0%$%s$9$k$3$H$,2DG=$G$"$k!#(B

'vars.inc' $B%U%!%$%k$X%"%/%;%9$9$k$?$a$K$O!"0U?^E*$K:n@.$7$?0-0U$"$k(B HTTP
$B%j%/%(%9%HFb$GFCDj$N@dBP%Q%95Z$S%U%!%$%kL>$r;XDj$9$kI,MW$,$"$k!#(B

$B967b<T$O$3$NLdBj$rMxMQ$9$k967b$rMxMQ$7$F<}=8$7$?>pJs$rMQ$$!"$5$i$J$k96(B
$B7b$,2DG=$G$"$k!#(B

20. ArGoSoft Mail Server Pro E-Mail HTML Injection Vulnerability
BugTraq ID: 5906
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: Oct 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5906
$B$^$H$a(B:

ArGoSoft $B%a!<%k%5!<%P(B $B$O!"(B Microsoft Windows $B4D6-$GF0:n$9$k!"(BSMTP$B!"(BPOP3 
$B$*$h$S(B Finger $B%5!<%P$G$"$k!#(B $B$^$?%j%b!<%H$+$i$N%a!<%kA`:n$,2DG=$JAH$_9~(B
$B$_7?%&%'%V%5!<%P$rHw$($F$$$k!#(B

ArGoSoft Mail Server Pro $B$N(B Web $B%a!<%k%7%9%F%`$K$O!"EE;R%a!<%k%a%C%;!<%8(B
$BFb$N(B HTML $B%j%/%(%9%H$r==J,$K%U%#%k%?%j%s%0$7$J$$!#$3$l$O%j%b!<%H$N967b<T(B
$B$,G$0U$N(B HTML $B%j%/%(%9%H5Z$S%9%/%j%W%H%3!<%I$rEE;R%a!<%k%a%C%;!<%8Fb$KCm(B
$BF~$9$k$3$H$r2DG=$K$9$k!#$3$N967b$O0-0U$"$k%a%C%;!<%8$,I=<($5$l$?%f!<%6$N(B 
Web $B%/%i%$%"%s%H>e$G<B9T$5$l$k$H?d;!$5$l$k!#967b<T$h$jAw$j$D$1$i$l$?%9%/(B
$B%j%W%H%3!<%I$O(B Web $B%a!<%k%7%9%F%`$r1?MQ$7$F$$$k%5%$%H$HF13J$N%3%s%F%-%9(B
$B%H$G<B9T$5$l$k!#(B

$B%j%b!<%H$N967b<T$O@x:_E*$K$3$N>u67$r(B Web $B%a!<%k%7%9%F%`$N@5Ev$J%f!<%6$+(B
$B$i(B Cookie $B$KM3Mh$9$kG'>Z>pJs$rC%<h$9$k$N$KMxMQ2DG=$G$"$k!#$5$i$K!"(BCookie
$B$K4^$^$l$F$$$kJ?J8$N%f!<%6$NG'>Z>pJs$,C%<h2DG=$G$"$k$HJs9p$5$l$F$$$k!#(B
$B967b<T$OC%<h$7$?G'>Z>pJs$rK\Mh%"%/%;%98"8B$r;}$AF@$J$$%f!<%6$,(B Web $B%a!<(B
$B%k%"%+%&%s%H$K%"%/%;%9$r9T$&$N$KMxMQ2DG=$G$"$k!#(B

21. Microsoft IIS Malformed HTTP HOST Header Field Denial Of Service
Vulnerability
BugTraq ID: 5907
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: Oct 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5907
$B$^$H$a(B:

Microsoft Internet Information Server (IIS) $B$O!"%j%b!<%H$+$i(B DoS $B>uBV$K(B
$B4Y$k2DG=@-$,$"$kLdBj$rJz$($k$HJs9p$5$l$F$$$k!#(B

IIS $B$KF1:-$5$l$F$$$k(B 'shtml.dll' $B$,0-0U$"$k(B HOST $B%U%#!<%k%I$r4^$`(B HTTP 
$B%j%/%(%9%H$r<u$1<h$k$3$H$K$h$j$3$NLdBj$,@8$8$k!#BgNL$N%9%i%C%7%e$+$i9=(B
$B@.$5$l$?(B HOST $B%X%C%@!<%U%#!<%k%I$r4^$`(B HTTP POST $B%j%/%(%9%H$r:n@.$7!"(B
$BLdBj$rJz$($k%[%9%H$KAw?.$9$k$3$H$K$h$j!"$3$NLdBj$O:F8=2DG=$G$"$k!#$3$N(B
$B%5!<%P$O$"$kC;;~4VFb$KM?$($i$l$?(B HTTP $B%j%/%(%9%H$KBP$7$F1~Ez$G$-$J$$$H(B
$BJs9p$5$l$F$$$k!#$3$NLdBj$rMxMQ$9$k$3$H$G!"$5$i$J$k%5!<%S%9K832$b0z$-5/(B
$B$3$9$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B 'shtml.dll' $BFb$KB8:_$7!"$^$?B>$N<oN`$N0-0U$"$k%j%/%(%9%H$K$h$C(B
$B$F$bF1MM$N>uBV$,:F8=$G$-$k$H?d;!$5$l$k!#(B

$B8=;~E@$K$*$$$F!"$3$NLdBj$K4X$9$k>\:Y>pJs$O8x3+$5$l$F$$$J$$!#$3$NLdBj$K(B
$B4X$9$k>\:Y>pJs$,8xI=$5$l<!Bh!"K\(B BID $B$O99?7M=Dj$G$"$k!#(B

22. Symantec VelociRaptor Denial of Service Vulnerability
BugTraq ID: 5909
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8x3+F|(B: Oct 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5909
$B$^$H$a(B:

VelociRaptor Firewall $B$O(B Axent Technologies $B$,85!93+H/$7$?4k6H8~$1%U%!(B
$B%$%"%&%)!<%k@=IJ$G$"$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows $B$*$h$S(B UNIX
$B4D6-$K$*$$$FMxMQ2DG=$G$"$k!#(B

Symantec $B$O(B VelociRaptor Firewall $B$,%a%b%j%j!<%/$KM3Mh$9$k%P%0$rJz$(!"(B
$B@x:_E*$K(B DoS $B$K4Y$i$;$i$l$k$3$H$r8xI=$7$?!#B>$N%;%-%e%j%F%#$K4X$o$kLdBj(B
$B$bB8:_$7!"K\(B BID $B$G<($5$l$F$$$kLdBj$KBP1~$9$k%Q%C%A$K$h$C$F=$@5$5$l$F$$(B
$B$k!#(B

$B8=;~E@$K$*$$$F!"$3$NLdBj$K4X$9$k>\:Y>pJs$O8x3+$5$l$F$$$J$$!#$3$NLdBj$K(B
$B4X$9$k>\:Y>pJs$,8xI=$5$l<!Bh!"K\(B BID $B$O99?7M=Dj$G$"$k!#(B

23. NetBSD talkd Buffer Overflow Vulnerability
BugTraq ID: 5910
$B%j%b!<%H$+$i$N:F8=@-(B: No
$B8x3+F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5910
$B$^$H$a(B:

talkd $B$O!"B?$/$N(B UNIX $B$dMM!9$J(B Linux $B$KF1:-$5$l$F$$$k%m!<%+%k$b$7$/$O%j(B
$B%b!<%H%f!<%6!<4V$NDL?.$K;HMQ$5$l$k%/%i%$%"%s%H%5!<%P7?%"%W%j%1!<%7%g%s$G(B
$B$"$k!#(B

NetBSD $B$KF1:-$5$l$F$$$k(B talkd $B%5!<%S%9$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9(B
$B$k$H$NJs9p$,$5$l$F$$$k!#Js9p$K$h$k$H!"%j%b!<%H$H$NDL?.;~$K(B talkd $B$OE~Ce(B
$B%a%C%;!<%8$r%3%T!<@h%P%C%U%!$X%3%T!<$9$kA0$KE,@Z$J6-3&%A%'%C%/$r9T$C$F(B
$B$$$J$$!#<h$jJ,$1!"LdBj$O(B libexec/talkd/process.c $BFb$N(B find_user() $B4X?t(B
$B$G@8$8$F$$$k!#(B

$B967b<T$OLdBj$rJz$($k%7%9%F%`$G9b0L$N8"8B$rC%<h$9$k$?$a$K$3$NLdBj$rMxMQ(B
$B$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O%P%C%U%!%*!<%P!<%U%m!<$KM3Mh$9$kLdBj$G$"$k$?$a!"0-0U$"$k?MJ*(B
$B$O(B talkd $B$N<B9T8"8B$G%3!<%I$r<B9T2DG=$G$"$k!#$7$+$7!"$3$l$K$D$$$F$OL$8!(B
$B>Z$G$"$k!#(B

talkd $B%5!<%S%9$O!"%3%"%3%s%]!<%M%s%H$H$7$FB?$/$N(B Linux $B$*$h$SMM!9$J(B
UNIX $B$KF1:-$5$l$F$*$j!"MM!9$J%G%#%9%H%j%S%e!<%7%g%s$GJ]<i$5$l$F$$$k!#(B

24. HP Tru64 Unspecifed Remote Route Daemon Vulnerability
BugTraq ID: 5913
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5913
$B$^$H$a(B:

True64 $B$O85!9(B DEC $B$K$h$C$F3+H/$5$l$?(B UNIX $B$G$"$j!"8=:_$O(B HP $B$K$h$jHNGd(B
$B$*$h$SJ]<i$,9T$o$l$F$$$k!#(B

Tru64 $B$K$O%j%b!<%H$N%f!<%6$,G'>Z$;$:$K;q8;$X%"%/%;%9$9$k2DG=@-$N$"$kLd(B
$BBj$,B8:_$9$k!#(B

route daemon (routed) $B$K$O%f!<%6$,G'>Z$rH<$o$:$K%U%!%$%k$K%"%/%;%92DG=(B
$B$K$J$k$H?d;!$5$l$kLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"$3$NLdBj$O%j%b!<(B
$B%H$+$i967b$KMxMQ2DG=$G$"$k$H$N$3$H$G$"$k!#$3$NLdBj$K4X$9$k>\:Y>pJs$K$D(B
$B$$$F$OB?$/$O8x3+$5$l$F$$$J$$!#(B

routed $B$ODL>oFC8"(B (root $B8"8B(B) $B$G<B9T$5$l$k%W%m%;%9$G$"$k$?$a!"$3$NLdBj(B
$B$rMxMQ$9$k967b$O%7%9%F%`Fb$N=EMW$J%U%!%$%k$KBP$9$k%"%/%;%98"$rC%<h$9$k(B
$B:]$KM-MQ$J<jN)$F$H$J$jF@$k!#%U%!%$%k$NFbMF$rFI$_=P$9$?$a$K4k$F$i$l$k$3(B
$B$NLdBj$rMxMQ$9$k967b$K$h$j!"967b<T$O%Q%9%o!<%I$N%7%c%I%&%U%!%$%k$d$=$N(B
$BB>$N(B root $B$K=jM-8"$,@_Dj$5$l$F$$$k=EMW$J>pJs$r4^$`%U%!%$%k$X$N%"%/%;%9(B
$B8"$NC%<h$,2DG=$G$"$k!#(B

25. TkMail Insecure Temporary Files Vulnerability
BugTraq ID: 5911
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5911
$B$^$H$a(B:

TkMail $B$O(B X Window $B4D6-$GF0:n$9$kEE;R%a!<%k%/%i%$%"%s%H$G$"$j!"(BPerl $B$H(B
Tcl/Tk $B$K$h$C$F<BAu$5$l$F$$$k!#(B

TkMail $B$O%;%-%e%"$G$J$$J}K!$G0l;~%U%!%$%k$r:n@.$9$k!#%/%i%$%"%s%H$,0l(B
$B;~%U%!%$%k$N:n@.$r;n$_$?:]!"%U%!%$%k$,4{$KB8:_$9$k$+$r%A%'%C%/$7$J$$!#(B
$B2C$($F!"$3$N%=%U%H%&%'%"$O%7%s%\%j%C%/%j%s%/$rC)$k!#(B

$B%m!<%+%k$N967b<T$O0U?^$9$k%U%!%$%k$r<($90-0U$"$k%7%s%\%j%C%/%j%s%/$r(B
TkMail $B$K$h$C$F:n@.$5$l$k0l;~%U%!%$%k$N$$$:$l$+$NL>A0$G:n@.2DG=$G$"$k!#(B

$B967b<T$O$3$N%=%U%H%&%'%"$r<B9T$9$k%f!<%6$,=jM-$9$k%U%!%$%k$r>e=q$-$9$k(B
$B$?$a$K!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B

26. Multiple Platforms ypserv Remote File Disclosure Vulnerability
BugTraq ID: 5914
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5914
$B$^$H$a(B:

ypserv $B$O(B Network Information Service (NIS) $B%5!<%P$G$"$j!"(BUNIX $B>e$GMxMQ(B
$B2DG=$G$"$k!#(B

HP $B$O(B ypserv $B%5!<%P$,%U%!%$%k$r3+<($9$kLdBj$rJz$($F$$$k$3$H$r8xI=$7$?!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$r0-MQ$9$k$3$H$K$h$j!"%m!<%+%k$b$7$/$O%j%b!<%H$N(B
$B967b<T$O(B YP $B%5!<%PFb$K$"$k=EMW$J%U%!%$%k$KBP$7$F!"G'>Z$r9T$o$:$KFbMF$r(B
$BFI$_9~$_2DG=$K$J$k$H9M$($i$l$k!#(B

$B8=;~E@$K$*$$$F!"$3$NLdBj$K4X$9$k>\:Y>pJs$O8x3+$5$l$F$$$J$$!#$3$NLdBj$K(B
$B4X$9$k>\:Y>pJs$,8xI=$5$l<!Bh!"K\(B BID $B$O99?7M=Dj$G$"$k!#(B

27. Multiple Platforms ypxfrd Remote File Disclosure Vulnerability
BugTraq ID: 5912
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5912
$B$^$H$a(B:

ypxfrd $B$O(B NIS $B%^%C%WE>Aw%G!<%b%s$G$"$j!"(BUNIX $B>e$GMxMQ2DG=$G$"$k!#(B

HP $B$O(B ypxfrd $B%G!<%b%s$,%U%!%$%k$r3+<($9$kLdBj$rJz$($F$$$k$3$H$r8xI=$7$?!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$r0-MQ$9$k$3$H$K$h$j!"%m!<%+%k$b$7$/$O%j%b!<%H$N(B
$B967b<T$O(B YP $B%5!<%PFb$K$"$k=EMW$J%U%!%$%k$KBP$7$F!"G'>Z$r9T$o$:$KFbMF$r(B
$BFI$_9~$_2DG=$K$J$k$H9M$($i$l$k!#(B

$B8=;~E@$K$*$$$F!"$3$NLdBj$K4X$9$k>\:Y>pJs$O8x3+$5$l$F$$$J$$!#$3$NLdBj$K(B
$B4X$9$k>\:Y>pJs$,8xI=$5$l<!Bh!"K\(B BID $B$O99?7M=Dj$G$"$k!#(B

28. SSGBook Image Tag HTML Injection Vulnerabilities
BugTraq ID: 5915
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5915
$B$^$H$a(B:

SSGbook $B$O(B ASP $B$G3+H/$5$l$?%2%9%H%V%C%/%=%U%H%&%'%"$G$"$k!#(B

SSGbook $B$O(B HTML $B$rMxMQ$7$F@07A$7!"%2%9%H%V%C%/Fb$N9`L\$NFbMF$NG[CV$r@_(B
$BDj$9$k5!G=$r<BAu$9$k%3!<%I$rF1:-$7$F$$$k!#Nc$($P!"%f!<%6$O(B[image] $B%?%0(B
$B$b$7$/$O(B [img] $B%?%0$G2hA|$r;XDj$9$k$3$H$K$h$j2hA|$r%2%9%H%V%C%/Fb$KG[CV(B
$B2DG=$G$"$k!#$7$+$7!"0U?^E*$J(B HTML $B$d%9%/%j%W%H$,$3$l$i%?%0Fb$G$O==J,$K(B
$B%U%#%k%?%j%s%0$5$l$F$$$J$$$N$G$"$k!#(B

$B7k2L$H$7$F!"%f!<%6$O0-0U$"$k(B HTML $B$d%9%/%j%W%H$r%2%9%H%V%C%/Fb$N9`L\$X(B
$BCmF~$9$k2DG=@-$,$"$k!#967b<T$K$h$C$FCmF~$5$l$?967b<T$O0-0U$"$k%2%9%H%V%C(B
$B%/$N9`L\$K%"%/%;%9$7$?%f!<%6$N(B Web $B%/%i%$%"%s%H$G2r<a$5$l!"$3$N%=%U%H%&%'(B
$B%"$r2TF0$5$;$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l(B
$B$k!#(B

$B$3$N%=%U%H%&%(%"$N4IM}<T8"8B$G$N%"%/%;%95!G=$,M-8z2=$5$l$F$$$k>l9g!"$3(B
$B$NLdBj$rMxMQ$9$k967b$K$h$j$3$N%=%U%H%&%'%"$N4IM}<T$+$i$N(B Cookie $B$KM3Mh(B
$B$9$kG'>ZMQ>pJs$N@`<h$,2DG=$K$J$k$H?d;!$5$l$k!#(B
$B$^$?!"B>$N967b$b2DG=$K$J$k$H?d;!$5$l$k!#(B

29. Multiple Vendor PC Firewall Auto Block Denial Of Service Weakness
BugTraq ID: 5917
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5917
$B$^$H$a(B:

$B%j%b!<%H$+$i(B DoS $B>uBV$K4Y$i$;$k$3$H$,2DG=$JLdBj$,!"FCDj$N8D?M8~$1$N(B PC
$B>e$GF0:n$9$k%U%!%$%"%&%)!<%k@=IJ$GJs9p$5$l$F$$$k!#$3$NLdBj$O!"%9%W!<%U%#(B
$B%s%0$5$l$?DL?.$N<h$j07$$$KM3Mh$9$k!#(B

$B3F<o$N(B PC $B>e$GF0:n$9$k%U%!%$%"%&%)!<%k%=%U%H%&%'%"%Q%C%1!<%8$K$O!"<+F0(B
$BE*$KDL?.$r<WCG$9$k%*%W%7%g%s5!G=$,<BAu$5$l$F$$$k!#$3$N%*%W%7%g%s$O!"<u(B
$B$1F~$l$kDL?.$,@=IJFbIt$N%G!<%?%Y!<%9$KC_$($i$l$?%7%0%M%A%c$K$h$jIT@5%"(B
$B%/%;%9$N4p=`$rK~$?$7$?:]$K!"FCDj$N%[%9%H$+$i$NDL?.$r<WCG$9$k$?$a$N%k!<(B
$B%k$r<+F0E*$KDI2C$9$k$h$&$K@_7W$5$l$?$b$N$G$"$k!#(B1$BEYFCDj$N%[%9%H$+$i$NDL(B
$B?.$,IT@5%"%/%;%9$G$"$k$H$_$J$5$l$k$H<WCG%k!<%k$O<+F0E*$KDI2C$5$l$k$N$G!"(B
$BFCDj$N%[%9%H$+$i<u$1<h$k$=$l0J9_$NDL?.$O<+F0E*$K<WCG$5$l$k$N$G$"$k!#(B

$BFCDj$N>u672<$K$*$$$F%j%b!<%H%f!<%6$O!"(BPC $B>e$GF0:n$9$k%U%!%$%"%&%)!<%k%=(B
$B%U%H%&%'%"$r;HMQ$9$k%f!<%6$,MM!9$J%5%$%H$N%5!<%S%9$rMxMQ=PMh$J$$>uBV$K(B
$B4Y$i$;$k$h$&$K;E8~$1$k$3$H$,2DG=$G$"$k!#%U%!%$%"%&%)!<%k%=%U%H%&%'%"%Q%C(B
$B%1!<%8$K$h$jIT@5%"%/%;%9$G$"$k$H8+$J$5$l$k$h$&$K56Au$7$?%H%i%U%#%C%/$r(B
$BAw?.$9$k$3$H$G!"967b<T$O967bBP>]$N%7%9%F%`$,%"%/%;%92DG=$J%5%$%H$NHO0O(B
$B$r8zN($h$/@)Ls$9$k$3$H$,2DG=$G$"$k!#$3$NLdBj$N$?$a$K!"%U%!%$%"%&%)!<%k(B
$B$N%k!<%k$,<jF0$G2r=|$5$l$k:]$K$N$_2r7h2DG=$J(B DoS $B>uBV$K4Y$i$;$k$3$H$,2D(B
$BG=$G$"$k!#(B

30. VBZoom Remote SQL Injection Vulnerability
BugTraq ID: 5919
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5919
$B$^$H$a(B:

VBZoom $B$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$?EE;R7G<(HD%7%9%F%`$G$"$k!#(B

SQL $B9=J8$rCmF~2DG=$JLdBj$,!"(BVBZoom v1.01 $B$K$*$$$FH/8+$5$l$F$$$k!#(B

register.php $B%U%!%$%kFb$G$N(B SQL $B%/%(%j$N9=@.$KMxMQ$5$l$kJQ?t$KBP$9$k%U%#(B
$B%k%?%j%s%0$,IT==J,$G$"$k$?$a!"967b<T$O$I$N%f!<%6$N%Q%9%o!<%I$G$"$C$F$b(B
$B%j%;%C%H2DG=$G$"$k!#(B

$ChangeProfile $BJQ?t$NCM$,(B '1' $B$K@_Dj$5$l$F$$$k!"0-0U$K$h$C$FAH$_N)$F$i(B
$B$l$?%U%)!<%`$KBP$9$k%G!<%?$r(B register.php $B$KAw?.$9$k$3$H$G!"967b<T$O(B
SQL $B%/%(%j$NFbMF$K%"%/%;%92DG=$G$"$k!#$3$N$3$H$+$i!"967b<T$,%/%(%jFb$K(B
$B4^$^$l$F$$$k%G!<%?$rA`:n2DG=$G$"$k!#(B

$B$3$NLdBj$NK\<A$r9MN8$9$k$J$i$P!"967b<T$O%P%C%/%(%s%I%G!<%?%Y!<%9$NFbMF(B
$B$rGK2u2DG=$G$"$k$H?d;!$5$l$k!#(B

31. Check Point VPN-1 IKE Aggressive Mode Forcing Vulnerability
BugTraq ID: 5920
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5920
$B$^$H$a(B:

VPN-1 $B$O(B Check Point Software Technologies $B$K$h$jHNGd$5$l$F$$$k%U%!%$(B
$B%"%&%)!<%k$*$h$S2>A[%W%i%$%Y!<%H%M%C%H%o!<%/%=%U%H%&%'%"%Q%C%1!<%8$G$"(B
$B$k!#(B

VPN-1 $B$,Jz$($kLdBj$K$h$j!"%f!<%6$O0U?^$9$k=EMW$J>pJs$r3+<(2DG=$K$J$k!#(B

VPN-1 $B$G$O%;%C%7%g%s$,3NN)$5$l$F$$$k:]$K!"(BIKE $BI8=`$N%"%0%l%C%7%V%b!<%I(B
$B$r%5%]!<%H$9$k!#$3$N%b!<%I$rDL>o$N%;%C%7%g%s%b!<%I!"$b$7$/$O(B Check Point 
$B$,3+H/$7$?%O%$%V%j%C%I%b!<%I$KJQ99$5$l$k$3$H$b?d;!$5$l$k!#%"%0%l%C%7%V(B
$B%b!<%I$O@x:_E*$K=EMW$J%G!<%?$rITCm0U$K3+<($7$F$$$k%[%9%H$rH/Ce$9$k%3%M(B
$B%/%7%g%s$rKI;_$9$k!#(B

$B$7$+$7!"FCDj$N>u672<$K$*$$$F!"(BVPN-1 $B$G$O6/@)E*$K%"%0%l%C%7%V%b!<%I$G$N(B
$B%;%C%7%g%s3NN)$r4k$F$i$l$F$7$^$&$G$"$k!#%7%9%F%`$,%"%0%l%C%7%V%b!<%I0J(B
$B30$NB>$N%b!<%I$K@_Dj$5$l$F$*$j!"%f!<%6$,%"%0%l%C%7%V%b!<%I$rMxMQ$7$F%;%C(B
$B%7%g%s3NN)$r;n$_$k>l9g!"(BVPN-1 $B$O%;%C%7%g%s$r3NN)$7$F$7$^$&$N$G$"$k!#$3(B
$B$l$O=EMW$J>pJs$r3+<($9$k7k2L$r>7$/2DG=@-$,$"$k!#(B

32. Sendmail Trojan Horse Vulnerability
BugTraq ID: 5921
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 08 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5921
$B$^$H$a(B:

sendmail $B$O%U%j!<$GMxMQ2DG=$J(B MTA $B$G$"$k!#$3$N%=%U%H%&%'%"$O(B Sendmail
Consortium $B$K$h$jG[I[$*$h$SJ]<i$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!":G6a(B sendmail $B$rDs6!$9$k%5!<%P(B ftp.sendmail.org $B$,4m81$K(B
$B$5$i$5$l$?$N$G$"$k!#?/F~<T$O(B sendmail $B$N%=!<%9%3!<%I$K%H%m%$$NLZGO$rA^(B
$BF~$7$F2~NI$7$?$3$H$,Js9p$5$l$F$$$k!#(B2002$BG/(B 9$B7n(B 28$BF|(B $B$+$i(B 2002 $BG/(B 10$B7n(B 
6$BF|(B $B$^$G$N4V$K%@%&%s%m!<%I$7$?(B sendmail $B%=!<%9%3!<%I$K$O!"%H%m%$$NLZGO(B
$B$,A^F~$5$l$F$$$k$H?d;!$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!":G6a(B sendmail $B$rDs6!$9$k%5!<%P(B ftp.sendmail.org $B$,%;%-%e(B
$B%j%F%#>e$N6<0R$KGx$5$l$F$$$k!#?/F~<T$O(B sendmail $B$N%=!<%9%3!<%I$K%H%m%$(B
$B$NLZGO$r:.F~$7$F2~JQ$7$?$3$H$,Js9p$5$l$F$$$k!#(B
2002$BG/(B 9$B7n(B 28$BF|(B $B$+$i(B 2002 $BG/(B 10$B7n(B 6$BF|(B $B$^$G$N4V$K%@%&%s%m!<%I$5$l$?(B sendmail
$B$N%=!<%9%3!<%I$K$O!"%H%m%$$NLZGO$,:.F~$5$l$F$$$k$H?d;!$5$l$F$$$k!#(B

$B$J$*!"$3$l$OL$3NG'$G$O$"$k$,!"Ev3:%[%9%H>e$G%]!<%HHV9f(B 6667 $B$G%3%M%/%7%g(B
$B%s$rBT$A<u$1$k%5!<%S%9$O4{$KL58z2=$5$l$F$$$k$H$N$3$H$G$"$k!#(B

Sendmail $B%3%s%=!<%7%"%`$N%5%$%H$+$i(B HTTP $B$r2p$7$FF~<j$7$?(B sendmail $B$N(B
$B3F%P!<%8%g%s$O!"1F6A$r<u$1$J$$$h$&$G$"$k!#(B

ftp.sendmail.org $B0J30$N%5%$%H$,1F6A$r<u$1$k$+$I$&$+$OL$>\$G$"$k!#(B

Sendmail $B%3%s%=!<%7%"%`$O@5Ev$J(B sendmail $B$NG[I[%Q%C%1!<%8$KBP$7!"0J2<$N(B
PGP $B$K$h$k=pL>$r9T$C$F$$$k(B

pub 1024R/678C0A03 2001-12-18 Sendmail Signing Key/2002
<sendmail@Sendmail.ORG> Key fingerprint = 7B 02 F4 AA FC C0 22 DA 47 3E 2A
9A 9B 35 22 45

$B$5$i$KIU$12C$($k$J$i$P!"0J2<$N%A%'%C%/%5%`$rMQ$$$F%Q%C%1!<%8$NBEEv@-$r(B
$BN)>Z2DG=$G$"$k!#(B

73e18ea78b2386b774963c8472cbd309 sendmail.8.12.6.tar.gz
cebe3fa43731b315908f44889d9d2137 sendmail.8.12.6.tar.Z
8b9c78122044f4e4744fc447eeafef34 sendmail.8.12.6.tar.sig	

33. Citrix Published Applications Information Disclosure Vulnerability
BugTraq ID: 5908
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5908
$B$^$H$a(B:

Citrix $B$O9-HO0O$GMxMQ$5$l$F$$$k!"%j%b!<%H$+$i$N%G%9%/%H%C%W4D6-$X$N%"%/(B
$B%;%95!G=$rDs6!$9$k%"%W%j%1!<%7%g%s$G$"$k!#%/%i%$%"%s%H$+$i%5!<%P$X$N%"(B
$B%/%;%94D6-$O!"%U%j!<$GMxMQ2DG=$J(B Citrix ICA $B%/%i%$%"%s%H$K$h$jDs6!$5$l(B
$B$k!#(B

Citrix $B$K$OLdBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"967b<T$O%5!<%P$KBP$7$FFCJL$K9*L/$K:n@.$7$?%j%/%(%9%H$rAw(B
$B?.$9$k$3$H$G!"8x3+$7$F$$$k%"%W%j%1!<%7%g%s$NB8:_$r7hDjIU$1$k$3$H$,2DG=(B
$B$G$"$k!#(B

$BL58z$J>uBV$N%"%W%j%1!<%7%g%s$rBP>]$K$9$k%j%/%(%9%H$r9T$&$3$H$G(B Citrix
$B%5!<%P$O(B 32 $B%P%$%H$N%Q%1%C%H$rJV$7!"M-8z$J>uBV$N%"%W%j%1!<%7%g%s$rBP>](B
$B$K$9$k%j%/%(%9%H$r9T$&$3$H$G(B Citrix $B%5!<%P$O(B 64 $B%P%$%H$N%Q%1%C%H$rJV$9!#(B

Citrix $B%5!<%P>e$N8x3+$5$l$F$$$k%"%W%j%1!<%7%g%s$X$NAmEv$j967b$r9T$&$?$a(B
$B$K!"$3$N>pJs$rMxMQ$9$k$3$H$,2DG=$G$"$k!#$3$N>pJs$rF@$k$3$H$G!"967b<T$O(B
$B%5!<%P$KBP$7$F99$J$k967b$r4k$F$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

34. PHPBB2 Avatar Images Information Disclosure Vulnerability
BugTraq ID: 5923
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 09 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/5923
$B$^$H$a(B:

phpBB2 $B$O(B PHP $B8@8l$rMxMQ$7$F3+H/$5$l$*$j!"?tB?$/$N%G!<%?%Y!<%9@=IJ$r(B
$B%P%C%/%(%s%I%G!<%?%Y!<%9$H$7$F$k%*!<%W%s%=!<%9$J(B Web $B%U%)!<%i%`%"%W%j(B
$B%1!<%7%g%s$G$"$k!#(B

phpBB2 $B$O%f!<%6$N(B IP $B%"%I%l%9$rO31L$9$k$3$H$,Js9p$5$l$F$$$k!#$3$NLdBj(B
$B$O%"%P%?!<%U%!%$%k$KBP$9$k(B phpBB2 $B$N%U%!%$%kL>$NL?L>5,B'$KM3Mh$9$k!#(B
$B%"%P%?!<%U%!%$%k$OEj9F%a%C%;!<%8$rFH<+$K$9$k$?$a$K!"%f!<%6$K$h$jDL>o(B
GIF $B7A<0$N2hA|%U%!%$%k$H$7$F%"%C%W%m!<%I$5$l$F$$$k!#(B

$B%f!<%6$,(B phpBB2 $B$,2TF0$9$k%7%9%F%`$K%"%P%?!<%U%!%$%k$N%"%C%W%m!<%I$r;n(B
$B$_$k:]!"%7%9%F%`$G$O%i%s%@%`$JL>A0$G%U%!%$%k$rJ]B8$5$l$k$3$H$K$J$k!#%i(B
$B%s%@%`$J%U%!%$%kL>$O!"B>$NJ8;zNs$KB3$-(B 16 $B?J?tI=5-$K%(%s%3!<%I$7$?%f!<(B
$B%6$N(B IP $B%"%I%l%9$G9=@.$5$l$k!#(B

$B0-0U$"$k?MJ*$O(B phpBB2 $B$,2TF0$9$k%7%9%F%`$N%f!<%6$N(B IP $B%"%I%l%9$r8+$D$1(B
$B=P$9$?$a$K!"$3$NLdBj$rMxMQ$9$k$3$H$,2DG=$G$"$k!#967b<T$O(B phpBB2 $B%U%)!<(B
$B%i%`$r2TF0$5$;$F$$$k%7%9%F%`$N%f!<%6$KBP$7$F967b$r0z$-5/$3$9$?$a$K!"$3(B
$B$N>pJs$rMxMQ$9$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B phpBB2 2.0.0 $B$+$i(B 2.0.3 $B$K$*$$$FJs9p$5$l$F$$$k!#$=$NB>$N%P(B
$B!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$k!#(B

III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Clues, Vandalism, Litter Sendmail Trojan Trail
$BCx<T(B: Kevin Poulsen

$BM-L>$JEE;R%a!<%k%5!<%P$KL)$+$K;E9~$^$l$?%P%C%/%I%"$O$=$l0JA0$N967b$H4X(B
$BO"$7$F$$$k!#$7$+$7!"7Y9pDLCN$N<j=g$K$*$$$FLdBj$,1#JC$5$l$F$$$?$?$a$KHH(B
$B?M$OLdBjDI@W$r2sHr$9$k2DG=@-$,$"$k!#(B

http://online.securityfocus.com/news/1113

2. Outlook Express in crypto processing flaw
$BCx<T(B: John Leyden, The Register

Outlook Exoress $B$K$*$$$F%a%C%;!<%8$NBEEv@-$rH=CG$9$k$?$a$KMxMQ$5$l$k%3!<(B
$B%I$O!"967bBP>]$N%3%s%T%e!<%?>e$G0-0U$"$k%3!<%I$r<B9T$9$k$?$a$K967b<T$K(B
$B$h$C$FMxMQ$5$lF@$k$H9M$($i$l$k!#(B

http://online.securityfocus.com/news/1127

3. Scottish ISP in repeat DDoS attack
$BCx<T(B: John Lettice, The Register

$B%(%G%#%s%P%i$K1D6H5rE@$r;}$D%$%s%?!<%M%C%H%5!<%S%9%W%m%P%$%@!"(BedNET $B$O(B
$B:F$S(B DDoS $B967b$NBG7b$rHo$C$?$N$G$"$k!#(B

http://online.securityfocus.com/news/1126

4. FBI Misused Secret Wiretaps, According to Memo
$BCx<T(B: Dan Eggen, Washington Post

$B5D0w$,F~<j$7$?FbIt5-O?$K$h$k$H!"(BFBI $B$O2?K|7o$b$N%F%m$d%5%$%P!<HH:a$KBP(B
$B$9$k6KHkD4::$K:]$7!"K!Dn$N5v2D$J$/ITK!$KMF5?<T$r%S%G%*$G;#1F$7!"ITEv$K(B
$BEEOC$NDLOC5-O?$rO?2;$7!"EE;R%a!<%k$NFbMF$rEpD0$7$F$$$?$N$G$"$k!#(B

http://online.securityfocus.com/news/1105

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Modular Access Control System v0.6pre3 alpha
$B:n<T(B: Mario D. Santana
$B4XO"$9$k(BURL:
http://macs.sf.net/
$BF0:n4D6-(B: OS $B$K0MB8$7$J$$(B
$B$^$H$a(B:

Modular Access Control System (MACS) $B$O!"%0%m!<%P%k$JG'>Z!">5G'!"%f!<(B
$B%6$d%0%k!<%W!"$"$k$$$O;q8;$N1?MQ!"%"%W%j%1!<%7%g%s%5!<%S%9$rDs6!$9$k%7(B
$B%9%F%`$G$9!#(B

2. libGringotts v1.0.0
$B:n<T(B: Germano Rizzo
$B4XO"$9$k(BURL:
http://prosa.com/people/grizzo/libgringotts/index.php?page=home
$BF0:n4D6-(B: POSIX, UNIX
$B$^$H$a(B:

libGringotts $B$O!"Ev=i(B Gringotts $B$N$?$a$K3+H/$5$l$?>.$5$/!";H$$0W$$!"%9(B
$B%l%C%I%;!<%U$J(B C $B%i%$%V%i%j$G$9!#$=$NL\E*$O!"0E9f2=$5$l!"05=L$5$l$?%U%!(B
$B%$%k$X%G!<%?$r%+%W%;%k2=$9$k$3$H$G$9!#2DG=$J8B$j0BA4$K%G!<%?$rJ]8n$9$k(B
$B$?$a$K!"(BRIJNDAEL$B!"(B128/256$B!"(BSERPENT$B!"(BTWOFISH$B!"(BCAST256$B!"(BSAFER+$B!"(BLOKI97$B!"(B
3DES $B$N$h$&$J6/NO$N0E9f%"%k%4%j%:%`$r;HMQ$7$F$$$^$9!#$^$?!"0E9f2==hM}Cf(B
$B$K$O%f!<%6$O40A4$K0E9f2=!"%O%C%7%e4X?t!"05=L$N%"%k%4%j%:%`$r@)8f2DG=$K(B
$B$J$j$^!#(BlibGringotts $B$O0l;~%U%!%$%k$r0E9f2=$9$k5!G=!"$*$h$S!"0BA4$K%a%b(B
$B%j$r4IM}$9$k$?$a$N5!G=$bDs6!$7$^$9!#(B

3. SEPPL v200210082244
$B:n<T(B: Mezcalero
$B4XO"$9$k(BURL:
http://www.ring2.org/seppl/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

SEPPL $B$O(B IPv4 $B8~$1$N?7$7$$0E9f2=AX$N%W%m%H%3%kDj5A!"$*$h$S$=$N<BAu%=%U(B
$B%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$OHs>o$KIi2Y$,>/$J$/!"A`:n$,MF0W$G$9!#$^(B
$B$?!"$3$N%=%U%H%&%'%"$O(B Linux $B%+!<%M%kMQ$K<BAu$5$l$F$*$j!"(Bnetfiler $B$*$h(B
$B$S(B Linux CryptoAPI $B$rMxMQ$7$^$9!#$3$N%=%U%H%&%'%"$O(B WEP $B$NBeBX%=%U%H%&%'(B
$B%"$H$7$F0U?^$5$l$F$$$^$9$,!"L5@~0J30$N(B LAN $B>e$GF1MM$K;HMQ$9$k$3$H$b2DG=(B
$B$G$9!#$^$5$K!"(BVPN $B$N%=%j%e!<%7%g%s$KE,$7$F$$$^$9!#(B

4. Network-Accounting Daemon for Netfilter v0.2.1
$B:n<T(B: Hilko Bengen
$B4XO"$9$k(BURL:
https://savannah.nongnu.org/projects/ulog-acctd/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

ulog-acctd $B$O%f!<%6NN0h$GF0:n$9$k!"%M%C%H%o!<%/%H%i%U%#%C%/>uBV$rD4::$9(B
$B$kL\E*$G<}=8$5$l$k%m%0$r@8@.$9$k%M%C%H%o!<%/4IM}%G!<%b%s$G$9!#(B
$B$3$N%=%U%H%&%'%"$O(B Linux 2.4 $B0J>e$N(B netfilter $B$r2p$9$k%H%i%U%#%C%/Fb$N(B
IP $B%Q%1%C%H$N%X%C%@>pJs$r<}=8$7$^$9!#$3$N%=%U%H%&%'%"$O!"%W%m%H%3%k$N<o(B
$BN`!"Aw?.85$*$h$SAw?.@h%"%I%l%9!"%]!<%HHV9f!"%P%$%H?t!"%Q%1%C%H?t!"$=$7(B
$B$FF~=PNO$N$"$C$?%$%s%?%U%'!<%9$r4^$`E}7W>pJs$r%m%0%U%!%$%k$K5-O?$7$^$9!#(B
$B$3$N%D!<%k$r;HMQ$7$F(B Cisco $B<R$N(B "IP accounting output packets" $B7A<0$N%m(B
$B%0$rMF0W$K@8@.2DG=$G$9!#(B

5. MudPit v1.0
$B:n<T(B Gene Savchuk savchuk@fidelissec.com
$B4XO"$9$k(BURL:
http://www.fidelissec.com/mudpit/
$BF0:n4D6-(B: Linux, POSIX
$B$^$H$a(B:

MudPit $B$O?/F~8!CN%7%9%F%`(B Snort $B$GMxMQ$5$l$k%9%W!<%k%W%m%;%C%5$G$9!#(B
Barnyard project $B$,3+H/Cf$N%=%U%H%&%'%"$KN`;w$7$F$$$^$9$,!"$3$N%=%U%H%&%'(B
$B%"$O8!CNCf$K@8@.$5$l$k%m%0$*$h$S%"%i!<%HAPJ}$r=hM}$9$k$3$H$,2DG=$G$9!#(B
$BMF0W$J%b%8%e!<%kJ}<0$G?.Mj@-$,$"$j$^$9!#(B

6. SASL Library v0.0.0
$B:n<T(B Simon Josefsson
$B4XO"$9$k(BURL:
http://josefsson.org/libgsasl/
Platforms: POSIX
$B$^$H$a(B:

Libgsasl $B$O(B IETF $B$G5,3J2=$5$l$kMF0W$JG'>Z$*$h$S%;%-%e%j%F%#AX(B (SASL)
$B$N%U%l!<%`%o!<%/$GFCDj$N(B SASL $B%a%+%K%:%`$r<B8=$9$k%i%$%V%i%j$G$9!#(BSASL
$B$O%/%i%$%"%s%H$+$iG'>Z$r%j%/%(%9%H$9$k$?$a!"%5!<%P(B (IMAP $B$d(B SMTP $BEy(B)
$B$d%5!<%P$KBP$7$FG'>Z$r9T$&%/%i%$%"%s%H>e$GMxMQ$5$l$F$$$^$9!#(B

--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!">.3^8691M:(B(OGASAWARA Tsuneo)$B!"(B
$B@PED6G5W(B(ISHIDA Akihisa)$B!"<r0fH~5.(B(SAKAI Miki)$B!"(B
$B?7D.5W9,(B(SHINMACHI Hisayuki)$B!"?9:L9a(B(MORI Ayaka)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1035795421-23382221
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIISGgYJKoZIhvcNAQcCoIISCzCCEgcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DzwwggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggU2MIIEn6ADAgECAhBYKwlOQWIg2t9s9Ul6
I3xqMA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMjA0MDEwMDAw
MDBaFw0wMzA0MDEyMzU5NTlaMIIBIzELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTYxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEXMBUGA1UEAxMOU0FL
QUkgWW9yaXl1a2kxHjAcBgkqhkiG9w0BCQEWD3Nha2FpQGxhYy5jby5qcDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANEwVujTRrltaiSI2DFkPlw5L6WWWeOOy9z0HqaPXf2d
JYfoGHqbpq5MVCkBUSOHSY1Tpi/RdziqxhIYzXvzsb0wC1V0RNzvLf8zXtk6IjTmHttX0QDx
AvoxfmehZ1vCOgQcdBbG2FajnYo7MOewxLrmHLCv0Gitqsi2IS3Eaxv7v5Pzobu82BzUMBl6
9XypVXIEQHTG6s34ji0LbDOO/F5JqTuG5QhQmQyNnJyhNU4/BYu3e1KgK9c0gnIArQAroRqP
/0HXU7Ueu/HAUXnrt7+YqzL5CZ/6m11gCLblzFs2+6XieQsekFSjxquSQjl88C3CwgRoaNkx
01rqqYzBJ8ECAwEAAaOCAVAwggFMMAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZI
AYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMw
YgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBp
bmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMAsGA1UdDwQE
AwIFoDARBglghkgBhvhCAQEEBAMCB4AwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL29uc2l0
ZWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25KYXBhbktLVmVyaVNpZ25DbGFzczFDQUluZGl2
aWR1YWxTdWJzY3JpYmVyL0xhdGVzdENSTC5jcmwwDQYJKoZIhvcNAQEEBQADgYEALL1YFoVc
MyuHCFTkhPlz/3XIGtchllMRc+zha0qmA5wxbtgJT7hEl7IRrocWCSfweW4/KGZDQDMZM9wR
NRX19b4UTs2/opkQtX3eX4qNjUNnGdMjLTGTXzFqlph9b4ZYPvY5Xq+VQjpLBkqn2RQhdTLH
+BXc51LdzrtGw8H7s+4xggKmMIICogIBATCByjCBtTEcMBoGA1UEChMTVmVyaVNpZ24gSmFw
YW4gSy5LLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE+MDwGA1UECxM1VGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvLmpwL1JQQSAoYykgOTgxNDAy
BgNVBAMTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEFgr
CU5BYiDa32z1SXojfGowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0wMjEwMjgwODU3MDBaMCMGCSqGSIb3DQEJBDEWBBR5wc64u6E/
aEXEQM1sFk//JW9zujBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQB6GY9FcRJZJdxbfmdbhhlDKrEDR1psCjuIbH1ZyA+b7lwHWaUhO0E6LYoT6YWG
vs5Mv77DZdrl86xRdyommstn8mNiXj8ex5BkKSb5VDwsecrl7c7T3wjCN4UGfrmNjyAS58N3
X6s0jKrtXn1MXIHCBr7igG/JOpjGVRFM70gzH6mSyIIPGvtLhbJXy8SHNG9Actbwyt6crtWf
Sonmipx2YyC/peU0+JIWs4nMFhQefwGKBet8+os8NjxNHsvGjGm1cfwmQCezr0xzmX75XRy3
lm6Jbc+1kuADcv1hKHZ6pXCwhKRwTrj97kgj+kN5iR3Z9UnZjSsNB4c01R3FaP+y

-----------1035795421-23382221--