SecurityFocus Newsletter #170 2002-11-4->2002-11-8

To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus Newsletter #170 2002-11-4->2002-11-8
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Tue, 19 Nov 2002 17:42:02 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
References: <Pine.LNX.4.43.0211111207070.9776-100000@mail.securityfocus.com>
$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 170 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
BugTraq-JP $B$K4X$9$k(B FAQ($BF|K\8l(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0lH$/$@$5$$(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SecurityFocus Newsletter $B$K4X$9$k(BFAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq $B$K4X$9$k(B FAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02qe$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Mon, 11 Nov 2002 12:14:45 -0700 (MST)
Message-ID: <Pine.LNX.4.43.0211111207070.9776-100000@mail.securityfocus.com>

SecurityFocus Newsletter #170
--------------------------------

This issue sponsored by: John Wiley & Sons, Inc.

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Complete Snort-based IDS Architecture, Part One
     2. Polymorphic Macro Viruses, Part Two
     3. SecurityFocus DPP Program
     4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)
II. BUGTRAQ SUMMARY
     1. Monkey HTTP Server Invalid POST Request Denial Of Service Vuln
     2. [No Subject]
     3. Northern Solutions Xeneo Web Server Denial Of Service Vulnerability
     4. Pablo Software Solutions FTP Server Format String Vulnerability
     5. GlobalSunTech Access Point Information Disclosure Vulnerability
     6. HP TruCluster Server Cluster Interconnect  Denial of Service Vuln
     7. Multiple Vendor Sun RPC LibC TCP Time-Out Denial Of Service Vuln
     8. PERL-MailTools Remote Command Execution Vulnerability
     9. The Magic Notebook Invalid Username Denial Of Service Vuln
     10. Networking_Utils Remote Command Execution Vulnerability
     11. Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of Service Vuln
     12. SnortCenter Insecure Temporary Filename Vulnerability
     13. SnortCenter Insecure Sensor Configuration File Permissions Vuln
     14. RhinoSoft Serv-U FTP Server Denial Of Service Vulnerability
     15. Safe.PM Unsafe Code Execution Vulnerability
     16. QNX TimeCreate Local Denial of Service Vulnerability
     17. Frank McIngvale LuxMan Memory File Descriptor Leakage Vulnerability
     18. Apache mod_php File Descriptor Leakage Vulnerability
     19. Linux Kernel 2.4 System Call TF Flag Denial Of Service Vulnerability
     20. Linuxconf mailconf Module Mail Relay Vulnerability
     21. WindowMaker Image Handling Buffer Overflow Vulnerability
     22. Pine From: Field Heap Corruption Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Heckencamp Free Again
     2. Verisign moves DNS root servers in defensive ploy
     3. Symantec undeletes mail deletion bug
     4. Network Signals Just Scream to Be Exploited
     5. How to Keep The Wireless Snoops Away
     6. Experts make defensive change to key U.S. Internet computers
     7. Microsoft Earns a Security Merit Badge
     8. $B!W(B40m software piracy ring smashed in Italy
     9. Mozilla riddled with security holes
IV.SECURITY FOCUS TOP 6 TOOLS
     1. MAILMILL v0.1
     2. Annoyance Filter v1.0-RC1
     3. Tnefclean v1.0
     4. IP Blocker v1.0.20021107
     5. MailStripper v0.62
     6. GNU Anubis v3.6.0

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------

1. Monkey HTTP Server Invalid POST Request Denial Of Service Vulnerability
BugTraq ID: 6096
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 02 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6096
$B$^$H$a(B:

Monkey $B$O%*!<%W%s%=!<%9$N(B Web $B%5!<%P$G$"$j!"(BC $B$rMxMQ$7$F3+H/$5$l$F$*$j!"(B
HTTP 1.1 $B$r%5%]!<%H$7$F$$$k!#$3$N%=%U%H%&%'%"$O(B Linux $B$GMxMQ2DG=$G$"$k!#(B

Monkey HTTP Server $B$K$O(B DoS $B$K4Y$kLdBj$,H/8+$5$l$F$$$k!#$3$NLdBj$O(B POST
$B%a%=%C%I$NFbMF$r%G%3!<%I$9$k:]$K==J,$JFbMF$N3NG'$rBU$C$F$$$k$?$a$K@8$8(B
$B$F$$$k!#(B

$BIT@5$J(B Content-Length $B%X%C%@!"$"$k$$$O(B Content-Length $B$NCM$,Dj5A$5$l$F(B
$B$$$J$$>uBV$N(B HTTP $B$N(B POST $B%a%=%C%I$r$3$N%5!<%P$KAw?.$9$k$3$H$K$h$j!"96(B
$B7buBV$K4Y$C$F$7$^$&!#(B

$B$3$NLdBj$O(B Monkey HTTP Server 0.50 $B$K$*$$$FH/8+$5$l$F$$$k!#(B
$B$3$l0JA0$N%P!<%8%g%s$b$3$NLdBj$N1F6A$r2. Microsoft SQL Server Login Weak Authentication Mechanism
BugTraq ID: 6097
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 02 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6097
$B$^$H$a(B:

Microsoft SQL Server $B$N%m%0%$%s5!9=$O@HZJ}K!$NFb$GA*Br$5$l$kCf$N(B 1$B$D$NJ}K!$H$7(B
$B$F!"(BWindows $BG'>Z$NMxMQ$,5s$2$i$l!"B>$NJ}K!$H$7$F(B SQL Server $B$KHw$o$C$F(B
$B$$$k%m%0%$%s5!9=$,5s$2$i$l$k!#Js9p$K$h$k$H!"(BSQL Server $B$N%m%0%$%s5!9=$O(B
$B%M%C%H%o!<%/1[$7$K%Q%9%o!<%I$N$d$jZ$GMxMQ$5$l$k>pJs$rF~pJs$r(B UNICODE $B7A<0$KJQ49$7$F(B
$B$$$k$@$1$G$"$k$?$a$K!"$3$l$OLdBj$H$_$J$7F@$k!#(B

$B$3$NLdBj$K$h$j%f!<%6$KBP$7$F%;%-%e%j%F%#$X$N6<0R$H$J$jF@$k1F6AZ$NZJ}K!$rMQ$$$k$Y$-$G$O$J$$$H9M$($i$l$k!#(B

3. Northern Solutions Xeneo Web Server Denial Of Service Vulnerability
BugTraq ID: 6098
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6098
$B$^$H$a(B:

Northern Solutions Xeneo $B$O(B Microsoft Windows $B4D6-$G2TF0$5$;$k$?$a$K@_(B
$B7W$5$l$?(B Web $B%5!<%P$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O(B DoS $B$K4Y$kLdBj$,H/8+$5$l$F$$$k!#$3$NLdBj$O0U?^E*$K(B
$BAH$_N)$F$i$l$?(B HTTP $B%j%/%(%9%H$N=hM}$r;n$_$k:]$K1F6A$r5Z$\$9!#(B

% $B$+$i;O$^$k(B HTTP $B%j%/%(%9%H$r$3$N%=%U%H%&%'%"$KAw?.$9$k$3$H$K$h$j!"96(B
$B7b4. Pablo Software Solutions FTP Server Format String Vulnerability
BugTraq ID: 6099
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6099
$B$^$H$a(B:

Pablo Software Solutions FTP Server $B$O(B Microsoft Windows $B4D6-8~$1$N%U%j!<(B
$B$KMxMQ2DG=$J%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$G$O=q<0;XDj;R$NpJs$H$7(B
$B$F%f!<%6$+$iF~NO$5$l$?CM$K4X$9$kBEEv@-$N3NG'$,IT==J,$G$"$k$?$a$K@8$8$F(B
$B$$$k!#(B

$B967b$r4^$`(B
$B%f!<%6L>$G%m%0%$%s$r9T$&$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H(B
$B$,2DG=$G$"$k!#7k2L$H$7$F!"%j%b!<%H$N967be=q$-$5$l(B
$B%k2DG=@-$,$"$j!"0U?^E*$J%3!<%I$N5. GlobalSunTech Access Point Information Disclosure Vulnerability
BugTraq ID: 6100
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6100
$B$^$H$a(B:

Global Sun Technology Inc. $B$O(B OEM $B@h$XDs6!$5$l$kL5@~4pCO6I@=IJ$N3+H/85(B
$B$G$"$k!#(B

$BFCDj$NF1pJs$r3+<($7$F$7$^$&LdBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"%j%b!<%H$N967bpJs$rF~pJs$OJ8;zNs(B "gstsearch" $B$r4^$`FCJL$KAH$_N)$F$i$l$?%V%m!<%I%-%c%9(B
$B%H%a%C%;!<%8$r(B UDP $B%]!<%HHV9f(B 27155 $B08$KAw?.$9$k$3$H$K$h$jF~pJs$K$h$j!"967b]$N%M%C%H%o!<%/(B
$B$KBP$9$k$5$i$J$k967b$r4k$F$k$3$H$,2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B WISECOM GL2422AP-0T $B$K$*$$$FH/8+$5$l$F$$$kE@$ON10U$5$l$k$Y$-(B
$B$G$"$k!#$3$N5!4o$r4p$K$7$F$$$k5!4o$O$3$NLdBj$N1F6A$,5Z$V2DG=@-$,$"$k!#(B

D-Link DI-614+ $B$*$h$S(B SMC Barricade 7004AWBR $B$O$3$NLdBj$N1F6A$,5Z$P$J$$(B
$B$3$H$,8!>Z$5$l$F$$$k!#(B

Linksys WAP11-V2.2 $B$O$3$NLdBj$rJz$($k5?$$$,$"$k$3$H$,Js9p$5$l$F$$$k$,!"(B
$B$7$+$7!"1F6AHO0O$O69$$$H9M$($i$l$F$$$k!#$3$N5!4o$N%U%!!<%`%&%'%"%P!<%8%g(B
$B%s$NF~$N=EMW$J>pJs$K$O%"%/%;%9ITG=$G$"$k!#(B

6. HP TruCluster Server Cluster Interconnect  Denial of Service Vulnerability
BugTraq ID: 6102
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6102
$B$^$H$a(B:

HP TruCluster Server Cluster Interconnect $B%=%U%H%&%'%"$K$O(B DoS $B$K4Y$kLd(B
$BBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"%m!<%+%k$J$$$7%j%b!<%H$N967b\:Y>pJs$O:#$N=j8x3+$5$l$F$$$J$$!#(B
$BK\(B BID $B$O$3$NLdBj$K4X$9$k>pJs$,MxMQ2DG=$K$J$C$?CJ3,$G99?7M=Dj$G$"$k!#(B

7. Multiple Vendor Sun RPC LibC TCP Time-Out Denial Of Service Vulnerability
BugTraq ID: 6103
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6103
$B$^$H$a(B:

Sun RPC $B$r\:Y$J>pJs$K$D$$$F$O8=;~E@$G$OL$>\$G$"$k!#(B
$BK\LdBj$K4X$9$k$5$i$J$k>\:Y>pJs$,F~8. PERL-MailTools Remote Command Execution Vulnerability
BugTraq ID: 6104
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6104
$B$^$H$a(B:

perl-MailTools $B%Q%C%1!<%8$OEE;R%a!<%k%"%W%j%1!<%7%g%s$K4XO"$9$k5!G=$re$GG$0U$N%3%^%s%I$r@\$J$$$74V@\E*$K8F$S=P$7$F$$$k%"%W(B
$B%j%1!<%7%g%s$O$$$:$l$b$3$NLdBj$rMxMQ$9$k967b$N1F6A$r9. The Magic Notebook Invalid Username Denial Of Service Vulnerability
BugTraq ID: 6106
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 04 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6106
$B$^$H$a(B:

Magic Notebook $B$O!"%a%b$r:n@.!"@0M}$9$k5!G=$rDs6!$9$k(B Web $B%$%s%?!<%U%'(B
$B%$%9$rHw$($k%"%W%j%1!<%7%g%s$G$"$k!#$3$N%"%W%j%1!<%7%g%s$O(B UNIX $B$*$h$S(B
Linux $BM3Mh$N(B OS $B$GF0:n2DG=$G$"$k!#(B

Magic Notebook $B$O!"(BDoS $B>uBV$K4Y$kLdBj$rJz$($F$$$k5?$$$,$"$k!#Js9p$K$h$k(B
$B$H!"$3$N%"%W%j%1!<%7%g%s$O!"L58z$J%f!<%6L>$r=hM}$7$h$&$H;n$_$k:]$K%/%i%C(B
$B%7%e$7$F$7$^$&!#(B

$B%j%b!<%H$N967b10. Networking_Utils Remote Command Execution Vulnerability
BugTraq ID: 6107
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6107
$B$^$H$a(B:

Networking_Utils $B$O!"(Bping $B$d(B traceroute $B!"(Bnslookup $B$N$h$&$J%M%C%H%o!<%/(B
$B%D!<%k$r(B Web $B%$%s%?!<%U%'%$%9$+$iMxMQ$G$-$k5!G=$rDs6!$7$F$$$k%"%W%j%1!<(B
$B%7%g%s$G$"$k!#$3$N%"%W%j%1!<%7%g%s$O!"(BPHP $B$G3+H/$5$l!"(BUNIX $B$*$h$S!"(BLinux 
$BM3Mh$N(B OS $B$G2TF0$9$k$h$&$K@_7W$5$l$F$$$k!#(B

Networking_Utils $B$O!"%j%b!<%H$+$i%3%^%s%I$r!"$b$7$/$O!"(BIP $B%"%I%l%9MQ$NF~NO%U%#!<%k%I$KF~NO$5$l$F(B
$B$$$F$bE,@Z$K%U%#%k%?%j%s%0$r9T$o$J$$!#$5$i$K$O!"$3$NF~NOCM$OD>@\%7%'%k(B
$B$K0z$-EO$5$l$F$$$k2DG=@-$,$"$k!#$3$N$?$a!"967b$N%3%^%s%I$N11. Cisco PIX Firewall Telnet/SSH Subnet Handling Denial Of Service Vulnerability
BugTraq ID: 6110
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6110
$B$^$H$a(B:

Cisco PIX Firewall $B$K$O!"(BDoS $B>uBV$K4Y$kLdBj$,B8:_$9$k5?$$$,$"$k!#(B

telnet $B$"$k$$$O(B ssh $B$rMxMQ$9$k%3%M%/%7%g%s$,$3$N%U%!%$%"%&%)!<%k$GJ]8n(B
$B$5$l$F$$$k%M%C%H%o!<%/Fb$N%3%s%T%e!<%?$KBP$7$FM-8z2=$5$l$F$$$k>l9g$KLd(B
$BBj$,@8$8$k!#%5%V%M%C%H%"%I%l%908$F$K7+$jJV$7(B TCP SYN $B%Q%1%C%H$,Aw?.$5$l(B
$B$k:]!"(BPIX Firewall $B$,%5%V%M%C%H%"%I%l%908$F$KAw?.$5$l$?%j%/%(%9%H$KBP$7(B
$B$F1~Ez$r;n$_$k:]$K(B DoS $B>uBV$K4Y$k$N$G$"$k!#$3$No$KBg(B
$BNL$KAw?.$5$l$?>l9g!"5!4oFb$N%a%b%j$NCGJR2=$r@8$8$k$H9M$($i$l$F$$$k!#(B
$B$3$N>uBV$X4Y$C$?>l9g!"DL>o5!G=$X$NI|5l$K$"$?$C$F$O$3$N5!4o$N:F5/F0$,I,(B
$BMW$G$"$k$H?d;!$5$l$k!#(B

$B%5%V%M%C%H%"%I%l%9$X$N%j%/%(%9%H$,!"(BPIX firewall $B$KEk:\$5$l$F$$$k(B OS $B$N(B 
TCP/IP $B%9%?%C%/$K$h$jE,@Z$K=hM}$5$l$J$$$?$a$K!"$3$NLdBj$,@8$8$k$H$NJs9p(B
$B$,$"$k!#(B

Cisco PIX Firewall 6.2.2 $B$,$3$NLdBj$N1F6A$r$N%P!<%8%g%s$N(B OS $B$b$3$NLdBj$N1F6A$r12. SnortCenter Insecure Temporary Filename Vulnerability
BugTraq ID: 6108
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Nov 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6108
$B$^$H$a(B:

SnortCenter $B$O(B PHP $B$*$h$S(B Perl $B$rMQ$$$F3+H/$5$l$?!"(BWeb $B%$%s%?%U%'!<%9$r(B
$BHw$($?%/%i%$%"%s%H%5!<%P4IM}%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$O(B Snort $B$N(B
$B@_Dj%U%!%$%k$*$h$S%7%0%M%A%c%U%!%$%k$N@_Dj$r;Y1g$9$k!#(B

SnortCenter v0.9.5 $B$K$OLdBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$OM=B,2DG=$J%U%!%$%kL>$r;HMQ$7$F0l;~%U%!(B
$B%$%k$r:n@.$9$k!#$3$N%=%U%H%&%'%"$OFCDj$N%;%s%5$K(B Snort $B$N%"%i!<%H8!CN5,(B
$BB'$rE,MQ$9$k>l9g!"0l;~%U%!%$%k$O%;%s%5$HF10l$NL>A0$G(B /tmp $B%G%#%l%/%H%j(B
$BFb$K:n@.$5$l$k!#(B

$B0l;~%U%!%$%kL>$r?dB,$9$k$3$H$G!"%m!<%+%k$N967b\$G$"$k!#(B

13. SnortCenter Insecure Sensor Configuration File Permissions Vulnerability
BugTraq ID: 6109
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Nov 05 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6109
$B$^$H$a(B:

SnortCenter $B$O(B PHP $B$*$h$S(B Perl $B$rMQ$$$F3+H/$5$l$?(B Web $B%$%s%?%U%'!<%9$r(B
$BHw$($?%/%i%$%"%s%H%5!<%P4IM}%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$O(B Snort $B$N(B
$B@_Dj%U%!%$%k$*$h$S%7%0%M%A%c%U%!%$%k$N@_Dj$r;Y1g$9$k!#(B

SnortCenter v0.9.5 $B$K$OLdBj$,H/8+$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$,FCDj$N%;%s%5$K(B Snort $B$N%"%i!<%H8!CN5,B'$r;HMQ$9$k>l9g!"(B
$B%U%!%$%k$O$I$N%[%9%H$+$i$N%"%/%;%9$,2DG=$J(B /tmp $B%G%#%l%/%H%jFb$K:n@.$5(B
$B$l$k!#:n@.$5$l$?0l;~E*$J%;%s%5@_Dj%U%!%$%k$O!"=EMW$J%"%i!<%H%G!<%?%Y!<(B
$B%9%5!<%P$X$N%"%/%;%9MQ$KMxMQ$5$l$kG'>ZMQ>pJs$r4^$`2DG=@-$,$"$k!#(B

$B$3$N%U%!%$%k$K%"%/%;%9$9$k$3$H$K$h$j3+<($5$l$?>pJs$O!"0-0U$"$k%f!<%6$,(B
$B%"%i!<%H%G!<%?%Y!<%9%5!<%P$KBP$9$k967b$r4k$F$k$N$r=uD9$9$k2DG=@-$,$"$k!#(B
$B$3$l$i$N%U%!%$%kFb$K4^$^$l$k=EMW$J>pJs$rJQ99$9$k5!G=$,7k2L$H$7$F!"BeI=(B
$BE*$J$3$N%=%U%H%&%'%"$N5!G=$NGK2u$r0z$-5/$3$92DG=@-$,$"$k!#(B

14. RhinoSoft Serv-U FTP Server Denial Of Service Vulnerability
BugTraq ID: 6112
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6112
$B$^$H$a(B:

RhinoSoft Serv-U FTP Server $B$O(B Microsoft Windows $BMQ$K@_7W$5$l$?%=%U%H%&%'(B
$B%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K(B DoS $B$K4Y$kLdBj$,Js9p$5$l$F$$$k!#LdBj$O$3$N%=%U%H%&%'(B
$B%"$NFCDj$N%3%^%s%I=hM}$KM3Mh$9$k$b$N$G$"$k!#$3$N%=%U%H%&%'%"$O(B MKD $B%3%^(B
$B%s%I$rl9g!"$3$N%=%U%H%&%'%"$O$=$l0J(B
$B>e$N@\B3$r7$/!#(B

$B$3$NLdBj$O(B Serv-U FTP Server 4.0.0.4 $B0JA0$N%P!<%8%g%s$GJs9p$5$l$F$$$k!#(B

15. Safe.PM Unsafe Code Execution Vulnerability
BugTraq ID: 6111
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Nov 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6111
$B$^$H$a(B:

Safe.pm $B$O(B Perl $B$N%G%#%9%H%j%S%e!<%7%g%s$KF1:-$5$l$F$$$k(B Perl $B%b%8%e!<(B
$B%k$G$"$k!#$3$N%b%8%e!<%k$O@)8B$5$l$?%3%s%Q!<%H%a%s%HFb$G%3!<%I$N%3%s%Q(B
$B%$%k$*$h$Sl9g!"%3%s%Q!<%H%a%s%H$N%;%-%e%j%F%#@_Dj$r2sHr2DG=$G$"$k$H(B
$B?d;!$5$l$k!#(B

16. QNX TimeCreate Local Denial of Service Vulnerability
BugTraq ID: 6114
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Nov 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6114
$B$^$H$a(B:

QNX RTOS $B$OAH$_9~$_%7%9%F%`$H$7$F@_7W$5$l$?%j%"%k%?%$%`(B OS $B$G$"$k!#$3$N(B
$B%=%U%H%&%'%"$O(B QNX $B$K$h$C$FG[I[$5$l$F$$$k!#(B

QNX version 6.1 $B$K$O(B DoS $B>uBV$K4Y$kLdBj$,H/8+$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(BTimeCreate() $B4X?t$r;HMQ$7$FFs$D0J>e$N%?%$%^!<$r:n@.$7!"(B1 
$B%_%jICC10L$N@_Dj$r9T$&$3$H$GK\Mh8"8B$r;}$?$J$$%f!<%6$,I8E*%[%9%H$rDd;_$5(B
$B$;$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O(B QNX version 6.1 $B$K$*$$$FJs9p$5$l$F$$$kE@$KN10U$9$Y$-$G$"$k!#(B
$BB>$N%P!<%8%g%s$K$*$$$F$b$3$NLdBj$N1F6A$,5Z$V$+$OL$>\$G$"$k!#(B

$B$3$NLdBj$K4X$9$k@53N$J5;=QE*>\:Y$O8=;~E@$G$O8x3+$5$l$F$$$J$$!#$5$i$J$k>\(B
$B:Y>pJs$,8x3+$5$l17. Frank McIngvale LuxMan Memory File Descriptor Leakage Vulnerability
BugTraq ID: 6113
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Nov 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6113
$B$^$H$a(B:

Frank McIngvale LuxMan $B$O(B Linux $B4D6-$GF0:n$9$k!"%Q%C%/%^%s$Nl9g!"K\Mh8F$S=P$5$l$k$Y$-(B gzip $B$G$O$J$/!"0-0U$"$k(B gzip
$B$,8F$S=P$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k$3$H$G967bpJs$b$7$/$O$=$NB>$N=EMW$J>pJs$rC%l9g!"967bBP>]$N%3(B
$B%s%T%e!<%?A4BN$N%;%-%e%j%F%#$X$N6<0R$,0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B

18. Apache mod_php File Descriptor Leakage Vulnerability
BugTraq ID: 6117
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6117
$B$^$H$a(B:

Apache $B$O%U%j!<$KMxMQ2DG=$J!"%*!<%W%s%=!<%9$N(B Web $B%5!<%P%=%U%H%&%'%"%Q%C(B
$B%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Apache Group $B$K$h$C$FJ]u672<$K$*(B
$B$$$F!"%U%!%$%k%G%#%9%/%j%W%?>pJs$rO31L$9$kLdBj$,H/8+$5$l$F$$$k!#$3$NLd(B
$BBj$rMxMQ$9$k967b$r4k$F$k$3$H$K$h$j!"%j%b!<%H$N967bpJs$rG[I[2DG=$G$"$k!#$^$?!"$3$NLd(B
$BBj$rMxMQ$9$k967b$r9T$&$3$H$K$h$j!"%f!<%6G'>ZMQ$N>pJs$dB>$N=EMW$J>pJs$N(B
$BC%l9g$K$N$_$3$NLdBj(B
$B$rMxMQ$9$k967b$,2DG=$G$"$kE@$K$D$$$F$ON10U$9$Y$-$G$"$k!#(B

19. Linux Kernel 2.4 System Call TF Flag Denial Of Service Vulnerability
BugTraq ID: 6115
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Nov 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6115
$B$^$H$a(B:

Linux Kernel $B$,(B DoS $B$K4Y$kLdBj$,H/8+$5$l$F$$$k!#Js9p$K$h$k$H!"(BTF $B%U%i%0(B
$B$rM-8z$K$7$?>uBV$N%7%9%F%`%3!<%k$KBP$9$k1~Ez$r9T$o$;$k$3$H$K$h$j!"%+!<(B
$B%M%k$r(B DoS $B$K4Y$i$;$k$3$H$,2DG=$G$"$k!#(B

$B%M%$%F%#%V$N(B Linux $Bl9g!"%+!<%M%k$O%O%s%0%"%C%W$7$F$7(B
$B$^$&$N$G$"$k!#(B

$B967bo5!G=$X$NI|5l$N$?$a$K$O:F5/F0$,I,MW$G$"$k!#(B

$B$3$NLdBj$O(B Linux Kernel 2.4.19 $B$G$O=$@5$5$l$F$$$k!#(B

20. Linuxconf mailconf Module Mail Relay Vulnerability
BugTraq ID: 6118
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 06 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6118
$B$^$H$a(B:

Linuxconf $B$O$$$/$D$+$N%b%8%e!<%k$KIt3h$5$l$F$$$k%7%9%F%`4IM}MQ%f!<%F%#(B
$B%j%F%#$G$"$k!#$3$NCf$N(B mailconf $B%b%8%e!<%k$O(B sendmail $B$N@_Dj$rC4Ev$7$F(B
$B$$$k!#(B

Linuxconf $B$N%b%8%e!<%k$G$"$k(B mailconf $B$K$OLdBj$,H/8+$5$l$F$$$k!#(B

mailconf $B$K$h$j:n@.$5$l$k@_Dj%U%!%$%k(B sendmail.cf $B$G$OEE;R%a!<%k$NE>Aw(B
$B$,2DG=$J>uBV$G$"$k%P%0$rJz$($F$$$k$3$H$,H/8+$5$l$?!#(Buser%domain@ $B7A<0$G(B
$B21. WindowMaker Image Handling Buffer Overflow Vulnerability
BugTraq ID: 6119
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6119
$B$^$H$a(B:

WindowMaker $B$O(B X11 $B4D6-8~$1$N9-HO0O$GMxMQ$5$l$F$$$k%&%$%s%I%&%^%M!<%8%c(B
$B$G$"$k!#$3$N%=%U%H%&%'%"$K$O%P%C%U%!%*!<%P!<%U%m!<$,@8$8$kLdBj$,H/8+$5(B
$B$l$F$$$k!#(B

$B0U?^E*$KAH$_N)$F$i$l$?2hA|%U%!%$%k$r=hM}$7$?:]!"$3$N>u67$,0z$-5/$3$5$l(B
$B$k!#Js9p$K$h$k$H!"2hA|%G!<%?$N%P%C%U%!$O2hA|%U%!%$%k$N(B length field $B$*(B
$B$h$S(B width field $B$K4p$E$$$F3d$jEv$F$i$l$F$$$k!#$^$?!"%U%!%$%k$+$i]$d(B HTTP $B$J$$$7(B FTP $B%5!<%P$J$I$NG[I[(B
$B85$KCV$/$3$H$K$h$j4k$F$i$l$k2DG=@-$,$"$k(B(HTTP $B$J$$$7(B FTP $B%5!<%P$+$i$O!"(B
$B967bBP>]$N%f!<%6$,0-0U$"$k(B thema $B$r%@%&%s%m!<%I$N>e$GMxMQ$9$k$+%W%l%S%e!<(B
$B$9$k$3$H$rA[Dj$7$F$$$k(B)$B!#(B

22. Pine From: Field Heap Corruption Vulnerability
BugTraq ID: 6120
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Nov 07 2002 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6120
$B$^$H$a(B:

Pine $B$O(B Washington $BBg3X$K$h$jG[I[$5$l$F$$$k%*!<%W%s%=!<%9$N(B MUA (Mail
User Agent) $B$G$"$k!#$3$N%=%U%H%&%'%"$O%U%j!<$KMxMQ2DG=$G$"$j!"(BUNIX$B!"(BLinux$B!"(B
$B$*$h$S(B Microsoft Windows $B$GMxMQ2DG=$G$"$k!#(B

$BFCJL$KAH$_N)$F$i$l$?(B From: $B$rH<$&EE;R%a!<%k$rAw?.$9$k$3$H$K$h$j!"(BPine
$B$O(B DoS $B$K4Y$k2DG=@-$,$"$k!#Js9p$K$h$k$H!"(BFrom: $B$K0J2<$N$h$&$JCM$rM?$($k(B
$B$H%/%i%C%7%e$9$k2DG=@-$,$"$k!#(B

"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\""@host.tld

$B%9%?%C%/%H%l!<%9$r9T$C$?7k2L$K$h$k$H!"$3$N5sF0$O%R!<%WCf$N%G!<%?$rGK2u(B
$B$7$F$$$k2DG=@-$,$"$k$3$H$r0E<($7$F$$$k!#$3$N%1!<%9$N>l9g!"0U?^E*$J%3!<(B
$B%I$N$N(B MUA $B$r;HMQ$9$k$3$H$K$h$j1. Heckencamp Free Again

$BO"K.:[H==j$ONd@E$5$rhttp://online.securityfocus.com/news/1582

2. Verisign moves DNS root servers in defensive ploy

$B:G6a$N?<9o$J(B DDoS $B967b$r$-$C$+$1$K(B Key Internet Domain Name System (DNS) 
$B%5!<%P$O%$%s%?!<%M%C%H$N%;%-%e%j%F%#$H0BDj@-$r8~>e$9$k$?$a$K0\E>$5$l$?!#(B

http://online.securityfocus.com/news/1600

3. Symantec undeletes mail deletion bug

Symantec $B$O(B Norton Internet Security 2003 $BFb$NFCDj$N%f!<%64D6-$G0U?^$5(B
$B$l$J$$EE;R%a!<%k$N:o=|$r0z$-5/$3$9=EBg$J%P%0$r=$@5$9$k%Q%C%A$r8xI=$7$F(B
$B$$$k!#(B

http://online.securityfocus.com/news/1599

4. Network Signals Just Scream to Be Exploited

$BMM!9$JAH?%$O$^$5$K:9$7Gw$C$F$$$kL5@~%M%C%H%o!<%/$K4X$9$k%;%-%e%j%F%#%j(B
$B%9%/$H$$$&4mFq$rL5;k$7$F$$$k!#(B

http://online.securityfocus.com/news/1593

5. How to Keep The Wireless Snoops Away

$BL5@~(B LAN $B$O$J$i$:http://online.securityfocus.com/news/1592

6. Experts make defensive change to key U.S. Internet computers

$B@lLg2H$O!"A4@$3&$N%$%s%?!<%M%C%H$r2p$9$kDL?.$r;J$k(B 13 $B4p$N%3%s%T%e!<%?(B
$B$K=EMW$JJQ99$r2C$($?!#(B13 $B4p$N$&$A(B 2 $B4p$r@h=5$N7nMKF|$K5/$-$?$h$&$J967b(B
$B$+$i$h$j6/8G$K$9$k$?$a$K3VN%$7$?$N$G$"$k!#(B

http://online.securityfocus.com/news/1588

7. Microsoft Earns a Security Merit Badge

$BJ}K!$,$J$$$H8@$($k$@$m$&$+!#$=$l$O@5$7$$!#$=$N%3!<%I$O4pHW$+$i1s$/N%$l(B
$B$F$*$j!"(BRedmond $B$N5pA|$O1F6A$rG'<1$7$D$D$"$k$+$i$G$"$k!#(B

http://online.securityfocus.com/news/1577

8. $B!r(B40m software piracy ring smashed in Italy

$B%$%?%j%"$K$*$$$F!"%h!<%m%C%QFb$G$N3$B1HG%=%U%H%&%'%"$K4X$9$kHH:a$NCf$G(B
$B:G$b5pBg$+$DAH?%2=$5$l$?$b$N$H$5$l$k!"Ls(B 400,000,000 $B1Q%]%s%IAjEv3[$N56(B
$BB$%=%U%H%&%'%"AH?%$,7Y;!$KE&H/$5$l$?!#(B

http://online.securityfocus.com/news/1576

9. Mozilla riddled with security holes

$B%*!<%W%s%=!<%9%V%i%&%6(B Mozilla $B$GH/8+$5$l$?(B 6 $B$D$NLdBj$,$3$N=5Kv$K(B BugTraq
$B$G8x3+$5$l$?!#(B

http://online.securityfocus.com/news/1575

IV.SECURITYFOCUS TOP 6 TOOLS
----------------------------

1. MAILMILL v0.1
$B:nhttp://www.metamagix.net/mailmill.html
$BF0:n4D6-(B: UNIX

MAILMILL $B$O(B Java $B$G3+H/$5$l$?7ZNL$J%a!<%kAw!"(BSMS$B!"(BSMTP/HTTP $BJQ495!G=(B ($BNc$($P!"%a!<(B
$B%k$K$h$j(B google $B$N%j%/%(%9%H$rAw?.$9$k$h$&$J(B) $BEy$rHw$($F$$$^$9!#(B

2. Annoyance Filter v1.0-RC1
$B:nhttp://www.fourmilab.ch/annoyance-filter/
$BF0:n4D6-(B: OS $B$K0MB8$7$J$$(B

Annoyance Filter $B$O!"6=L#$N$"$k%a!<%k$KM%@h=g0L$rIU$1!"$=$l$KBP1~$9$k=h(B
$BM}$K$h$C$F!"%a!<%k%\%C%/%9$K$G$?$i$a$KE~C#$9$k%a!<%k$+$iFI$_$?$$%a!<%k(B
$B$r?6$jJ,$1$k$3$H$,2DG=$J%=%U%H%&%'%"$G$9!#$^$?!"56Au$5$l$F$$$kITMW$J%a!<(B
$B%k$r40A4$KKI$0$h$&$K2~NI$5$l$F$$$^$9!#(B

3. Tnefclean v1.0
$B:nhttp://www.dread.net/~striker/tnefclean/
$BF0:n4D6-(B: UNIX

tnefclean $B$O!"(BMicrosoft Outlook $B$+$i$NE:IU%U%!%$%k$rFI$_=P$72DG=$J%U%)!<(B
$B%^%C%H$KJQ49$9$k(B Perl $B%9%/%j%W%H$G$9!#(BOutlook $B%f!<%6$+$iAw$i$l$?(B 
winmail.dat $BE:IU%U%!%$%k$r2rFI$9$k$?$a$NJ}K!$rA0$b$C$F8+$D$1$F$*$/I,MW(B
$B$,$"$j$^$9!#$3$N%D!<%k$O!"(Bwinmail.dat $B$,L5$$>l9g$O!"$=$NE:IU%U%!%$%k$r(B
$B:o=|$7!"(Bwinmail.dat $B$,l9g$O!"E,@Z$JE:IU%U%!%$%k$H$7$FG'(B
$B<1$5$l$k$h$&$KJQ49$7$^$9!#(B

4. IP Blocker v1.0.20021107
$B:nhttp://www.ipblocker.org/
$BF0:n4D6-(B: UNIX

IP Blocker $B$O(B Cisco $B%k!<%?$*$h$SB>$N%G%P%$%9>e$G<+F0E*$K%"%/%;%9%3%s%H(B
$B%m!<%k%j%9%H(B (ACL) $B$r99?7$9$k!"%M%C%H%o!<%/4IM}(B
$BJ}$KBP1~$7$F$$$^$9!#$^$?!"%m%0:N5. MailStripper v0.62
$B:nhttp://www.eridani.co.uk/MailStripper/ >
$BF0:n4D6-(B: Linux, OS $B$K0MB8$7$J$$(B, POSIX

MailStripper $B$O6. GNU Anubis v3.6.0
$B:nhttp://www.gnu.org/software/anubis/
$BF0:n4D6-(B: Linux, POSIX

GNU Anubis $B$OAw?.$9$kEE;R%a!<%k$N=hM}$r9T$&%=%U%H%&%'%"$G$9!#$3$N%=%U%H(B
$B%&%'%"$O(B MUA (Mail User Agent) $B$H(B MTA (Mail Transport Agent) $B$N4V$KF~$j!"(B
$B9bEY$J@_Dj$,2DG=$J@55,I=8=%7%9%F%`$K4p$E$-!"Aw?.$$(B
$BMM!9$JpJs$NJT=8!"(BGnuPG $B$K$h(B
$B$k%a!<%k$N0E9f2=$*$h$S=pL>$,2DG=$G$9!#$^$?!";HMQ$9$k(B MUA $B$,BP1~$7$F$$$J(B
$B$/$F$b(B TLS/SSL $B0E9f2=$r;HMQ$9$k0BA4$J(B SMTP $B%H%s%M%k$N9=C[!"(BSOCKS $B%W%m%-(B
$B%7%5!<%P$r7PM3$7$F@\B3$r%H%s%M%j%s%0$9$k$3$H$b2DG=$G$9!#(B

--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!"@PED6G5W(B(ISHIDA Akihisa)$B!"(B
$Bhttp://www.lac.co.jp/security/
smime.p7s