Return-Path: owner-bugtraq-jp@SECURITYFOCUS.COM X-Mailer: Winbiff [Version 2.20 PL4] Mime-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp Message-ID: <199908312204.EIB18931.BLJTB@lac.co.jp> Date: Tue, 31 Aug 1999 22:04:42 +0900 Reply-To: SAKAI Yoriyuki Sender: BUGTRAQ-JP List From: SAKAI Yoriyuki Subject: Security Focus Newsletter #4 1999-08-23 -> 1999-08-28 X-To: BUGTRAQ-JP@Securityfocus.com To: BUGTRAQ-JP@SECURITYFOCUS.COM $B:d0f(B@$B%i%C%/$G$9!#(B Security Focus Newsletter $BBh(B 4 $B9f$NOBLu$r$*FO$1$7$^$9!#(B $BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B $B$3$N9f$+$i!V0zMQ$K4X$9$kHw9M!W!"!V$3$NK]Lu$K4X$9$kHw9M!W$rDI2C$7$^$7(B $B$?!#A09f$^$G$NOBLu$KAL$jE,MQ$5$l$k$b$N$H$7$^$9!#(B Security Focus News $B$C$F$J$K(B: http://www.securityfocus.com/forums/sf-news/faq.html BugTraq-JP $B$K4X$9$k(B FAQ: http://www.securityfocus.com/forums/bugtraq-jp/faq.html --------------------------------------------------------------------- --------------------------------------------------------------------- $B0zMQ$K4X$9$kHw9M(B: $B!&$3$NOBLu$O(B Security Focus $B$N5v2D$r3t<02qe$G9T$o$l$F(B $B$$$^$9!#(B $B!&(BSecurity Focus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B $BA4J80zMQ$r$*4j$$$7$^$9!#(B $B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B $B!&$^$?!"(BSecurity Focus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k(B $B7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B 1) --------------------------------------------------------------------- --------------------------------------------------------------------- $B$3$NK]Lu$K4X$9$kHw9M(B: $B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02qA[%^%7%s$N%5%s%I%\%C%/%9$N 2. Security Focus $B%X%C%I%i%$%s$,(B Slashdot $B$G$b9XFI2DG=$K(B VIII. Security Focus $B$,A*$V>e0L(B6$B0L$N%D!<%k(B 1. Desktop Sentry 2. Forensic Toolkit v1.4 3. NTLast v1.5 4. HardEncrypt 5. Intact Open Use 6. LOMAC IX. $B%9%]%s%5!<>pJs(B ($BF|K\8lLu$J$7(B) I. $B=i$a$K(B Security Focus $B$+$i$N=54V%K%e!<%9%l%?!<$NBh(B 4 $B9f$X$h$&$3$=!#(B $B$^$::G=i$KA09f$,CY$l$?$3$H$r$*OM$S?=$7>e$2$^$9!#(BLISTSERV ($B%a%$%j%s%0%j(B $B%9%H$N%j%9%H%5!<%P(B) $B$XE,MQ$7$?%Q%C%A$GLdBj$r@8$8$5$;$?$?$a!"%a!<%k$NAw(B $B$j=P$7:n6H$r@h9T$5$;$M$P$J$i$:!"(BBugTraq $B%j%9%H$NG[?.$rM%@h$5$;$M$P$J$j(B $B$^$;$s$G$7$?!#%K%e!<%9%l%?!<$O:#8e!"7nMKF|$N8a8e$KG[?.$5$l$kM=Dj$G$9!#(B ($BLuuBV$r1[$((B $B$?@.8y$r<}$a$i$l$^$7$?!#$3$N@.8y$O;22Cu67$+$i4v$D$+$NFC=P$7$?E@$rH4$-=P$9$H0J2<$NMM$K$J$j$^$9!#O"F|!"(B $B;d$?$A$,Ds6!$9$k$9$Y$F$N%U%)!<%i%`(B ( BugTraq $B$r4^$_$^$9(B) $B$+$i$O!"J?6Q(B 500,000 $B7o$N%a%$%k$rAw$j=P$7$F$$$^$9!#:#7n!":G$b(B 24 $B;~4VCf$G:G$b9b$$N.NL(B $B$,@8$8$?;~$K$O(B 1,000,000 $B7o$K6a$E$$$?Dx$G$9!#F1MM$K(B Web $B%5%$%H$b@.D9$r?k(B $B$2$D$D$"$j!"(B1$BF|Ev$?$j(B 550,000 $B7o$+$i(B 850,000 $B7o$N%R%C%H?t$r?t$($F$$$^$9!#(B $B:G8e$K%j%9%H$K;22C$7$F$$$k3'MM$+$i$N$h$/$"$k-Mh!"(B HTML $B7A<0$G$bDs6!$5$l$kMM$K$J$j$^$9$+(B? $B!!B?J,$J$i$J$$$H;W$$$^$9!#(BUNIX $B$d(B Microsoft$B@=$N(B OS $B$N$I$A$i$NMxMQe$N%a%$%i!<$GK\Ev$K$_$C$H$b$J$/46$8$kBeJ*$G$9!#(B 2.$B$3$N9f$K8B$i$:!"%K%e!<%9%l%?!<$r;d$N=jB0$9$kAH?%$GA4It!"$"$k$$$OItJ,$r(B $B:FEj9F$7$F9=$o$J$$$N$G$9$+(B? $B!!$b$A$m$s$G$9!#$7$+$7!"0zMQ85$N%/%l%8%C%H$rF~$l$k$3$H$rK:$l$J$$$G2<$5$$!#(B ($BLu$C$F$/$@$5$$(B) 3. BugTraq $B$J$I$N%a%$%j%s%0%j%9%H$G$O%a%$%j%s%0%j%9%H$N;22Cl$N?M4V$KBP$7$F$b:FHN$5$l$k$3$H$O$"$j$^$;(B $B$s!#$3$NE@$K$*$$$F!";d$?$A$N%W%i%$%P%7!<$K4X$9$k>r9`$OL@3N$G$9!#(B ($BLu$K1~$8$?$I$N$h$&$J;22C7ABV$G$"$C$F$b4?7^$$$?$7$^$9!#(B II. $B:#=5$N(B BugTraq $B$+$i(B 1999-08-23 $B$+$i(B 1999-08-28 $B$^$G(B -------------------------------------------- 1. WindowMaker $B$,%P%C%U%!%*!<%P!<%U%m!<$9$ke=q$-2DG=$G$"$k!#(B $B$3$l$O%F%-%9%H%U%!%$%k!"Nc$($P(B .hta $B$H$$$C$?3HD%;R$,4^$^$l$F$$$k(B ftp $B%"%/(B $B%;%9$r=q$-9~$_2DG=$J%G%#%l%/%H%j9=@.$r4^$s$G1?MQ$7$F$$$k>l9g(B($BNc$($P(B incoming $B%G%#%l%/%H%j(B) $B$OCf$G$bA[%^%7%s%5%s%I%\%C%/%9$NA[%^%7%s$K$OWs0UE*$K:n@.$5$l$?(B JAVA $B%"%W%l%C%H$,!V%5%s%I%\%C%/%9!W(B $B$N6-3&$r1[$(!"0-0U$"$k?6$kIq$$$rBP>]$H$J$C$?%[%9%H$G9T$($F$7$^$&o$KB?$/$N%G!<%?$,M?$($i$l$?>l9g!"%?!<%2%C%H$H$J$C$?%3%s%T%e!<%?>e(B $B$N$9$Y$F$N%I%_%N%5!<%S%9$rDd;_2DG=$J%I%_%N%5!<%PK\BN$N(B PANIC $B%(%i!<$r0z(B $B$-5/$3$9!#(B 7. Vixie Cron $B$N%P%C%U%!%*!<%P!<%U%m!<(B BUGTRAQ ID: 602 $B1s3V$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 1999-08-25 $B4X78$7$?(B URL: http://www.securityfocus.com/level2/?go=vulnerabilities&id=602 $B$^$H$a(B: RedHat 4.2, 5.2 $B$*$h$S(B 6.0 $B$KIUB0$9$k(B Vixsie cron $B$K$O%m!<%+%k$+$i$N(B $B%P%C%U%!%*!<%P!<%U%m!<967b$KBP$9$k.$5$J%o!<%/%0%k!<%W!"(B $B4k6H$N@lLg2H$KDs6!$7$F$$$k!#967bo$KD9$$(B HTTP $B$N(B GET $B%j%/%((B $B%9%H$r%5!<%P$XAw$jIU$1!"(BNetscape$Be=q$-2DG=$G$"$k!#(B 9. Windows NT $B?dB,2DG=$J(B TCP $B%7!<%1%s%9HV9f$N$N(B WindowsNT $B$,F0:n$7$F$$$k%3%s%T%e!<%?$r%=!<%9%"%I%l%9$r;}(B $B$D56$j$N%3%M%/%7%g%s$rJL$NAuCV$HD%$k;v$r2DG=$K$5$;$F$7$^$&!#(B 10. IrcII "Epic" $B;HMQITG=967b(B BUGTRAQ ID: 605 $B1s3V$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 1999-08-26 $B4X78$7$?(B URL: http://www.securityfocus.com/level2/?go=vulnerabilities&id=605 $B$^$H$a(B: Debian Linux $B$K4^$^$l$k(B pre1.034 $B$+$i(B pre2.004-19990718 $BL$K~$N%P!<%8%g(B $B%s$N(B IRCII $B$N(B Epic $B$K$OH$7$h$&$H$7$?>l9g!"%"%W%j%1!<%7%g%s$r%O%s%0%"%C%W$5$;!"(B $B%"%W%j%1!<%7%g%s$,%/%m!<%:$5$l$k$^$G(B 100% $B$N(B CPU $B;q8;$r?)$$$D$V$7$F$7$^(B $B$&!#(B 12. aVirt Gateway Suite RAS $B%Q%9%o!<%I$N$N(B aVirt $B@=IJ$r4{CN$N(B RAS $B@\B3$X%@%$%"%k$7@\B3$G$-$kMM$K@_Dj$9$k!#(B aVirt interface $B$G$O(B RAS $B$KMQ$$$k%f!<%6L>$H%Q%9%o!<%I$NF~NO$OI,?\$G$"$k!#(B ($B%Q%9%o!<%I$O@10u$G1#$5$l$k(B) $B$7$+$7!"%/%j%"%F%-%9%H$N%Q%9%o!<%I$,(B aVirt $B@=IJ$K%m!<%+%k$+$i%"%/%;%9$G$-$k%f!<%6$K$h$C$FF~Z$G$-$k$h$&$K(BGINA for Windows NT $B$rDs6!$7$F$$$?!#2~JQ$5$l$?(B GINA $B$,F0:n$7$F$$$k%3%s%T%e!<(B $B%?$G$O!"(B HKLM\System\CurrentControlSet\Services\IBMNeTNT $B0J2<$K$"$kFCDj(B $B$N%l%8%9%H%j%-!<$N@8@.$,!"%f!<%6$r$I$N$h$&$J%0%k!<%W$+$i!V%m!<%+%k$N(B Administrators$B!W%0%k!<%W$X$NDI2C$N5v2D$r:F5/F08e$Kl(B $B9g!"JQ@-$9$kC{8u$,$"$k!#JQ@-;~$K$O!V:o=|:Q$_$N%U%!%$%k$NB8:_!W!"!VL$:o=|(B $B$N%U%!%$%k$,I=<(ITG=!W$H$J$j!"JQ@-$r7Y9p$7!"(B CHKDSK $B$r)(B $B$9$k%a%C%;!<%8$,8=$l$k!#(B1 $B$D$N%3%s%T%e!<%?$K(B 400 $BK|8D0J>e$N%U%!%$%k$,B8:_(B $B$7$?:]$K%^%9%?!<%U%!%$%k%F!<%V%k$O(B 4 $B%.%,%P%$%H0J>e$K$J$k!#(B 15. NT IE5 FTP $B%Q%9%o!<%I3JG<$N$H%Q%9%o!<%I$O(B $B%/%j%"%F%-%9%H$G(B \Winnt\Profiles\[Username]\History\History.IE5\index.dat $B$H(B \Winnt\Profiles\[Username]\History\History.IE5\MSHist..\index.dat. $B$K5-O?$5$l$k!#4{DjCM$G$O!"(B\Winnt\Profiles\[Username]\History $B%G%#%l%/%H(B $B%j$O(B ACL $B$G(B Administrators $B%0%k!<%W$N!V%7%9%F%`$N$_$,%U%k%3%s%H%m!<%k>u(B $BBV!W!"$*$h$S%f!<%6L>$K$h$C$FJ]8n$5$l$F$$$k!#(B $B$7$+$7!"(Bindex.dat $B%U%!%$%k$O(B everyone $B%0%k!<%W$,%U%k%3%s%H%m!<%k8"8B$r(B $B;}$DMM$K:n@.$5$l$F$7$^$&$N$G$"$k!#(B III. $B%Q%C%A$H99?7(B ------------------ 1. $B%Y%s%@(B: Sun $B@=IJ(B: Solaris(tm) 7, 2.6, 2.5.1, 2.5, 2.4, 2.3 (SunOS(tm) 5.7, 5.6, 5.5.1, 5.5, 5.4, 5.3), SunOS 4.1.4, and 4.1.3_U1 $B%Q%C%A$NF~$N4k6H$K$O4F::$OG$$;$J$$(B: 70% / 77 votes $B4F::$H$O$J$K$+(B? 3% / 4 $BI<(B VII. Security Focus $B$N%$%Y%s%H(B1999-08-23 $B$+$i(B 1999-08-28 $B$^$G(B ------------------------------------------------------- 1. $B?7$7$$%2%9%H$N5-;v(B: $B??$K%;%-%e%j%F%#$K4X$9$kM=;;$rF@$k$K$O(B $BCx $B4X78$7$?(B URL: http://www.securityfocus.com/level2/bottom.html?go=announcements&id=28 $B<+J,$NAH?%$KBP$9$k%;%-%e%j%F%#$K4X$9$kM=;;$rF@$k$?$a$KLdBj$,5/$-$?;v$O(B $B$J$$$G$7$g$&$+!#>e;J$O7W>e<}1W$K4sM?$7$J$$$G$"$m$&;vJA$X6bA,$r$l$KD4@0$7$?%[!<%`%Z!<%8$G(B Security Focus $B$N%X%C%I%i%$%s$,9XFI2DG=$G$9!#(B VIII. Security Focus $B$,A*$V>e0L(B6$B0L$N%D!<%k(B 1999-08-23 $B$+$i(B 1999-08-28 $B$^$G(B ------------------------------------------------------------- 1. Desktop Sentry by NT Objectives $B4X78$7$?(B URL: http://www.ntobjectives.com/desktop.htm $B!!(BDesktop Sentry $B$O(B Microsoft Windows Nt 4.0 $B>e$GMQ$$$k%;%-%e%j%F%#7Y9p(B $B%7%9%F%`$G$9!#$4<+?H$N%7%9%F%`$r4F;k$7!"$b$7!"(BLAN $B$d%$%s%?!<%M%C%H$K@\(B $BB3$5$l$F$$$k;~!"C/$+$,$4<+?H$N%3%s%T%e!<%?$X6&M-$r3+;O$7$?>l9g!"7Y9p$r(B $BH/$7$F$/$l$^$9!#(B 2. Forensic Toolkit v1.4 by NT Objectives $B4X78$7$?(B URL: http://www.ntobjectives.com/prod03.htm $B!!(BForensic ToolKit $B$O(B Win32 $B4D6-$N%3%^%s%I%i%$%s$+$iF0:n$9$k%D!<%k$G!"(B $B3hF0>uBV$,IT@5$J(B NTFS $B$N%G%#%9%/>e$N%U%!%$%k$rD4::$9$k;Y1g$r9T$($^$9!#(B $B:G?7$N%"%/%;%9;~4V$K$h$k%U%!%$%k$N0lMwpJs$rO31L$7$F$7$^$&E@$bH/8+(B $B$7$^$9!#(B 3. NTLast v1.5 by NT Objectives $B4X78$7$?(B URL: http://www.ntobjectives.com/prod01.htm $B!!(BNTLast $B$O(B Windows NT $B$rBP>]$H$7$?%;%-%e%j%F%#4F::%D!<%k$G$9!#(B Win32 $B4D6-$N%3%^%s%I%i%$%s$+$i4v$D$+$N%9%$%C%A$r85$KMQ$$$k%f!<%F%#%j(B $B%F%#$G!"IT3hF0!"%j%b!<%H!"<:GT$7$?%m%0%*%s%f!<%6$N%m%0%*%s5-O?$NE}7W$r(B $B%$%Y%s%H%m%0$+$i=87W$7$^$9!#C1=c$J=q<0$G!":G?7$N(B 10 $B2s$N@.8y$7$?%m%0%*(B $B%s5-O?$rJs9p$7$^$9!#(B NTLast $B$O%$%Y%s%H%m%0$,:NHE*$K!"%o%s%?%$%`%Q%C%Ie$G8x3+$5$l$F$$$k0E9f2=%Q%C%1!<(B $B%8$KNt$j$^$7$?!#$J$<$J$i!"$=$l$i$O8x3+800E9f2=!?M$,%a%C%;!<%8$K3d$j9~$_!"FI$a$F$7$^$&$3(B $B$H$rK\Ev$KKI$.$?$$$J$i$P!";H$$>!&6HMxMQ$KBP$7$F$OL5NA$N%D!<%k$G$9!#(B Intact Open Use $B$O(B NT $B%U%!%$%k%7%9%F%`Fb$d(B NT $B%l%8%9%H%j$NJQ2=$rH/8+$G(B $B$-$^$9!#B>$N(B Intact $B@=IJ$K$O(B Intact Intelligence $B$H(B Intact Enterprise $B$,$"$j$^$9!#(BIntact Open Use$B$H$O0[$J$j!"$3$l$i$O%7%9%F%`$NJQ2=$r%b%K%?(B $B$7!"DL>oJQ99$5$l$J$$>uBV$N%*%V%8%'%/%H$r4^$s$@:GE,$J%3%s%U%#%0%l!<%7%g(B $B%s%U%!%$%k$r:n@.$7$^$9!#(B 6. LOMAC by Tim Fraser $B4X78$7$?(B URL: ftp://ftp.tislabs.com/pub/lomac/ $B!!(BLOMAC $B%m!<%@%V%k%+!<%M%k%b%8%e!<%k$O(B Linux $B$N%;%-%e%j%F%#2=3HD%ItIJ$G!"(B $B:GDc?e0L$rMxMQ$7$?%"%/%;%9%3%s%H%m!<%k$rMQ$$$F%&%#%k%9!"%H%m%$$NLZGO%W(B $B%m%0%i%`!"0-me$J1s3V%f!<%6!"(Broot $B$rC%u$NpJs(B ($BF|K\8lLu$J$7(B) ----------------------- Trabslated by SAKAI Yoriyuki / LAC -- /-------------------------------------->> SAKAI Yoriyuki / LAC Co., Ltd. +81-3-5531-0202 sakai@lac.co.jp / Unauthorized Access Countermeasures << $B%;%-%e%j%F%#%[!<%k%F%9%H(B http://www.lac.co.jp/security/test/ >>