Return-Path: owner-bugtraq-jp@SECURITYFOCUS.COM
X-Mailer: Winbiff [Version 2.20 PL4]
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
Message-ID:  <200006020959.JFI92185.BBTJL@lac.co.jp>
Date:         Fri, 2 Jun 2000 09:59:38 +0900
Reply-To: SAKAI Yoriyuki <sakai@LAC.CO.JP>
Sender: BUGTRAQ-JP List <BUGTRAQ-JP@SECURITYFOCUS.COM>
From: SAKAI Yoriyuki <sakai@LAC.CO.JP>
Subject:      SecurityFocus.com Newsletter #43 2000-05-18->2000-05-25
X-To:         bugtraq-jp@securityfocus.com
To: BUGTRAQ-JP@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 43 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
<URL: http://www.securityfocus.com/forums/sf-news/faq.html>
BugTraq-JP $B$K4X$9$k(B FAQ:
<URL: http://www.securityfocus.com/forums/bugtraq-jp/faq.html>

- - -----------------------------------------------------------------------
- - -----------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) <URL http://www.securityfocus.com/templates/archive.pike?list=79>
- - -----------------------------------------------------------------------
- - -----------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
- - -----------------------------------------------------------------------
- - -----------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&OBLu$K$D$$$F$O@53N$5$r5,$9$k$h$&$K$7$F$$$^$9$,!"?WB.$J>pJs$NDs6!$r(B
  $BM%@h$9$k$?$a!"(Btypo $B$d8mLu$,:.$8$k$3$H$,$"$j$^$9!#(B
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"Lu<T$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
- - -----------------------------------------------------------------------
- - -----------------------------------------------------------------------

SecurityFocus.com Newsletter #43
- --------------------------------

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
	1. Intrusion Detection on Linux
	2. Interview with Rain Forest Puppy
II. BUGTRAQ SUMMARY
	1. BeOS TCP Fragmentation Remote DoS Vulnerability
	2. MS IE ActiveX Combined Component Attributes Vulnerability
	3. Microsoft IE DocumentComplete() Cross Frame Access Vulnerability
	4. Axent NetProwler Malformed IP Packets DoS Vulnerability
	5. Fortech Proxy+ 2.30 Remote Administration Vulnerability
	6. ArGoSoft FTP Server 1.0 Multiple Buffer Overflow Vulnerabilities
	7. Intel Express 8100 ISDN Router Fragmented ICMP Vulnerability
	8. Lotus Domino Server ESMTP Buffer Overflow Vulnerability
	9. Nite Server FTPd Multiple DoS Vulnerabilities
	10. MetaProducts Offline Explorer Directory Traversal Vulnerability
	11. OpenLDAP /usr/tmp/ Symlink Vulnerability
	12. GNOME gdm XDMCP Buffer Overflow Vulnerability
	13. Gauntlet Firewall Remote Buffer Overflow Vulnerability
	14. XFree86 Xserver Denial of Service Vulnerability
	15. Microsoft Windows ... Fragmented IP Packets DoS Vulnerability
	16. Multiple Vendor Web Shopping Cart Hidden Form Field Vulnerability
	17. Cobalt RaQ2/RaQ3 Web Server Appliance cgiwrap bypass Vulnerability
	18. Multiple Linux Vendor fdmount Buffer Overflow Vulnerability
	19. Cayman 3220H DSL Router "ping of death" Vulnerability
	20. AIX  Filesystem Vulnerability
	21. Qualcomm Qpopper 'EUIDL' Format String Input Vulnerability
	22. HP Web JetAdmin Directory Traversal Vulnerability
	23. Rockliffe MailSite 4.2.1.0 Buffer Overflow Vulnerability
	24. Pacific Software Carello File Duplication ... Vulnerability
	25. HP Web JetAdmin 6.0 Printing DoS Vulnerability
	26. Pine 4.x Remote Command Execution Vulnerability
	27. thttpd tdate_parse() Stack Overflow Vulnerability
	28. Inter Net News server (inn) Buffer Overflow Vulnerability
	29. Deerfield MDaemon Mail Server DoS Vulnerability
	30. PGP5i Automatic Key Generation Routine Vulnerability
	31. MDBMS Buffer Overflow Vulnerability
	32. Network Associates WebShield SMTP 4.5.44 Config Vulnerability
	33. Network Associates WebShield SMTP 4.5.44 Overflow Vulnerability
	34. Omnis Studio 2.4  Weak Database Field Encryption Vulnerability
	35. PDGSoft Shopping Cart Multiple Buffer Overflow Vulnerabilities
	36. Big Brother bbd.c Buffer Overflow Vulnerability
	37. TopLayer AppSwitch 2500 Multiple DoS Vulnerabilities
III. SECURITYFOCUS.COM NEWS ARTICLES
	1. Lights Out (May 25, 2000)
	2. Security Hole found in NAI Firewall (May 22, 2000)
	3. Love Letter's last Victim  (May 22, 2000)
IV.SECURITY FOCUS TOP 6 TOOLS
	1. The Java SSH/Telnet Application/Applet 2.0 RC4 (Java)
	2. tsocks 1.5 (Linux and Solaris)
	3. Bastille Linux 1.1.0.pre6 (Linux)
	4. Dsniff 2.1 (FreeBSD, Linux, NetBSD, OpenBSD and Solaris)
	5. beecrypt 0.9.5 (Linux, Solaris and Unix)
	6. ShadowSecurityScanner 1.00.005 (Windows)
V. SECURITYJOBS LIST SUMMARY($BF|K\8lLu$J$7(B)
	1. Advisory/Senior Engineer #88 - Austin, TX   (Thread)
	2. Software Engineer #88 - Austin, TX   (Thread)
	3. CISSP Seeking Employment in the NVA,DC,MD Area   (Thread)
	4. Principal/Senior Software Deve... Boston or Portland   (Thread)
	5. Systems Engineer #490 - Seattle or San Francisco   (Thread)
	6. PKI Solutions Consultant #21 - Maryland   (Thread)
	7. Seeking position in System/Network Security   (Thread)
	8. Network Security Engineers   (Thread)
	9. High Level Internetworking Security #313 - Iselin, NJ   (Thread)
	10. High Level Network Security #313 - Hartford, CT   (Thread)
VI. INCIDENTS LIST SUMMARY
	1. IIS4 Logs   (Thread)
	2. Spoofed ICMP "destination unreachable" - DOS?   (Thread)
	3. incident input re: FBI   (Thread)
	4. CRACK   (Thread)
	5. Single packet per IP# port 137 scan   (Thread)
	6. Slow scan   (Thread)
	7. PORTSCAN virus?   (Thread)
	8. Slow scan, the rest of the story   (Thread)
	9. Word Virus?   (Thread)
	10. Port Scans   (Thread)
	11. 216.65.124.73 / sexwebsites.com admin   (Thread)
	12. tcp port 8000 from ss06.live365.com   (Thread)
	13. VRFY 000.000@my.domain   (Thread)
	14. Fw: Critical data found in log files.   (Thread)
	15. Two scans (Klogin and a trojan?)   (Thread)
	16. hiding attachment extensions   (Thread)
	17. Hmmm... named again.   (Thread)
	18. price.doc.exe   (Thread)
	19. Unusual UDP access attempts.   (Thread)
	20. price.doc.exe "What it Is"   (Thread)
	21. udp traffic to port 137   (Thread)
	22. Unidentified Trojan? -- Hope this helps   (Thread)
	23. Know Your Enemy: A Forensics Analysis   (Thread)
	24. Portscan X.Y.Z.100 - X.Y.Z.254, various ports   (Thread)
	25. network.exe -- was -- Re: udp traffic to port 137   (Thread)
	26. unapproved update from [166.93.60.5].61946   (Thread)
	27. While we're on viruses...   (Thread)
	28. Another odd UDP scan - new trojan?   (Thread)
	29. LJK2 rootkit?   (Thread)
VII. VULN-DEV RESEARCH LIST SUMMARY
	1. String checking with PHP   (Thread)
	2. reverse engineer c or java   (Thread)
	3. Why not a changeling?   (Thread)
	4. Local DoS : RedHat 6.0   (Thread)
	5. Windows IP Fragment Reassembly Vulnerability   (Thread)
	6. Audio interview with Rain Forest Puppy  (Thread)
	7. Conserver Overflow   (Thread)
	8. netscape 4.61 recognizes file.changed-doc/xls   (Thread)
	9. Outlook HTML VBS (demo)   (Thread)
	10. krb5 1.1.1   (Thread)
	11. Vs: Re: Outlook HTML VBS (demo)   (Thread)
	12. A possible VBS transport?   (Thread)
	13. fdmount 0.8 exploit   (Thread)
	14. Netscape forms using standard windows controls   (Thread)
	15. Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER   (Thread)
	16. Outlook, HTML & VBS   (Thread)
	17. UPDATE on possible new "e-mail virus" concept ?   (Thread)
	18. possible new "e-mail virus" concept ?   (Thread)
	19. chsh Segfault on FreeBSD 3.3   (Thread)
	20. TopLayer layer 7 switch Advisory   (Thread)
VIII. MICROSOFT FOCUS LIST SUMMARY
	1. windows 2000, port 1025   (Thread)
	2. R: Ports 6667,6668   (Thread)
	3. MS vs. Unix Remote Access   (Thread)
	4. interesting file in NT server   (Thread)
	5. NTLM 2 Authentication for Windows 95/98 Clients   (Thread)
	6. Microsoft's UNIX services for NT   (Thread)
	7. Audio interview with Rain Forest Puppy now available.   (Thread)
	8. Ports 6667,6668   (Thread)
	9. Ports 6667,6668 (ports and procs)   (Thread)
IX. SUN FOCUS LIST SUMMARY
	1. Solaris Security Patches - notification formats/methods -   (Thread)	
	2. Solaris Security Patches - notification..latest matrix (Thread)
	3. wget ? [was Re: Solaris Security Patches ...]   (Thread)
	4. Solaris Security Patches - notification formats/methods  (Thread)
	5. wget ?   (Thread)
	6. wget ? Was Re: Solaris Security Patches - notific...   (Thread)
	7. Solaris Security Patches - notification formats (Thread)
	8. Solaris Security Patches - notification formats/methods (Thread)
	9. wget ? Was Re: Solaris Security Patches - notific... (Thread)
	10. "OLD-BROADCAST" traffic   (Thread)
X. LINUX FOCUS LIST SUMMARY
	1. passwd: Critical error - immediate abort   (Thread)


I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
- - ---------------------------------

II. BUGTRAQ SUMMARY
- - -------------------

1. BeOS TCP Fragmentation Remote DoS Vulnerability
BugTraq ID: 1222
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-18
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1222
$B$^$H$a(B:

BeOS$B$O%j%b!<%H$K$h$k(BTCP$B%U%i%0%a%s%H967b$KBP$9$k<eE@$,$"$j!"%?!<%2%C%H$N(B
$B%7%9%F%`$,%/%i%C%7%e$5$l$?$j!":F5/F0$rI,MW$H$9$k62$l$,$"$k!#(B

2. MS IE ActiveX Combined Component Attributes Vulnerability
BugTraq ID: 1223
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-17
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1223
$B$^$H$a(B:

$BFCDj$NB0@-$,AH$_9g$o$5$C$?>l9g!"0-0U$"$k%&%'%V%5%$%H$G!"(BIE $B$r;HMQ$7$F(B
ActiveX $B%3%s%]!<%M%s%H$r5/F0$5$;$k%W%m%0%i%`Cf$K$"$kL$%A%'%C%/$N%P%C%U%!(B
$B$r%*!<%P!<%U%m!<$5$;!"K,Ld$7$?%f!<%6!<$N%3%s%T%e!<%?>e$G0-<A$J%W%m%0%i%`(B
$B$r<B9T$5$;$k$3$H$,$G$-$^$9!#(B

3. Microsoft IE DocumentComplete() Cross Frame Access Vulnerability
BugTraq ID: 1224
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-17
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1224
$B$^$H$a(B:

IE$B$N(BDocumentComplete() $B4X?t$O!"@5<0$J%I%a%$%s85$rE,@Z$KG'>Z$7$J$$!#(B

$B$=$N7k2L!"%j%b!<%H$N%&%'%V%5!<%P!<$+$i!"%m!<%+%k$NFbMF$r4^$`%U%l!<%`$N(B
$B%V%i%&%6%*%V%8%'%/%H$K%"%/%;%9$7$F!"%&%'%V%5%$%H$NK,Ld<T$d%a!<%k<u?.<T(B
$B$N%^%7%s>e$K$"$k%m!<%+%k$N%U%!%$%k$rFI$`8"8B$r<hF@$9$k$3$H$,$G$-$k!#%V(B
$B%i%&%6$N%&%#%s%I%&$G3+$/$3$H$N$G$-$k%U%!%$%k(B(*.htm, *.js, *.txt$B$J$I(B)$B$N(B
$B$_$r8+$k$3$H$,2DG=$@$,!"967b<T$O$=$N%U%!%$%k$N%Q%9$HL>A0$rCN$C$F$$$k$3(B
$B$H$,A0Ds$G$"$k!#(B

4. Axent NetProwler Malformed IP Packets DoS Vulnerability
BugTraq ID: 1225
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-18
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1225
$B$^$H$a(B:

Axent NetProwler 3.0 IDS$B$OIT@5$J%Q%1%C%H$G$N967b$KBP$7$F<eE@$,$"$k!#(B
$BCg2p<T$N=pL>$,0J2<$N4^$^$l%Q%1%C%H$HAx6x$9$k$H!"%/%i%C%7%e$9$k!#(B
(IP_HEADER_LENGTH+TCP_HEADER_LENGTH) > IP_TOTAL_LENGTH

Axent Security$B%A!<%`$K$h$k$H!"$3$l$O(BRain Forest Puppy$B$K$h$k(BRFP2K05$B$G(B
$BJs9p$5$l$?%U%i%0%a%s%H2=$5$l$?%Q%1%C%H$K4X$9$kLdBj$H$OJL$N$b$N$G$"$k!#(B

$B2C$($F!"(BNetProwler$B$OH/@8$9$k7Y9p>pJs$rJ]B8$9$k$?$a$K(BMicrosodt JET
engine 3.5 $B$r;HMQ$7$F$$$k!#(BMicrosoft JET engine 3.5$B$K4X$9$k$h$j>\$7$$(B
$B>pJs$O0J2<$N%5%$%H$G8x3+$5$l$F$$$k!#(B

http://www.securityfocus.com/bid/286

5. Fortech Proxy+ 2.30 Remote Administration Vulnerability
BugTraq ID: 1226
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 1999-12-26
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1226
$B$^$H$a(B:

$B%G%U%)%k%H$G(BFortech Proxy+$B$O!"$I$N%f!<%6!<$G$b(B http://target:4400/admin
$B$K@\B3$7!"8"8B$,$J$/$F$b%j%b!<%H$+$i4IM}$9$k$3$H$,$G$-$k!#(B

$B2C$($F!"(Btelnet$B$N%2!<%H%&%'%$$,%G%U%)%k%H$G3+$$$F$$$F!"F?L>$N%Q%1%C%H(B
$B$rE>Aw$9$k$3$H$,$G$-$k!#(B

6. ArGoSoft FTP Server 1.0 Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 1227
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-02-14
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1227
$B$^$H$a(B:

ArGoSoft FTP Server$B$K$OB??t$NL$%A%'%C%/$N%P%C%U%!$,B8:_$7!"G$0U$N%3%^(B
$B%s%I$r%j%b!<%H$G<B9T$9$k$3$H$,$G$-$F$7$^$&!#(B2050$B8D0J>e$NJ8;z$r4^$`%3(B
$B%^%s%I$r<B9T$9$k$3$H$K$h$j!"(BFTP Server$B$O%/%i%C%7%e$7!"G$0U$N%W%m%0%i%`(B
$B$r<B9T$9$k$3$H$,$G$-$k!#(B

7. Intel Express 8100 ISDN Router Fragmented ICMP Vulnerability
BugTraq ID: 1228
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 1990-05-19
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1228
$B$^$H$a(B:

Intel Express 8100$B$N%k!<%?5Z$S(B8200 ISDN$B$N%k!<%?$b$*$=$i$/%U%i%0%a%s%H2=(B
$B$5$l$?$b$7$/$O5pBg$J(BICMP$B%Q%1%C%H$rAw?.$9$k$3$H$K$h$C$F%/%i%C%7%e$9$k2DG=@-(B
$B$,$"$k!#(B

8. Lotus Domino Server ESMTP Buffer Overflow Vulnerability
BugTraq ID: 1229
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-18
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1229
$B$^$H$a(B:

Lotus Domino Server 5.0.1. $B$N(BESMTP $B%5!<%S%9$K$*$$$F!"(B'from'$B%3%^%s%I$r(B
$B=hM}$9$k%W%m%0%i%`$O!"L$%A%'%C%/$N%P%C%U%!$r4^$s$G$$$k!#(BLotus Domino
Server$B$,(B4 KB$B$r$3$($k0z?t$r4^$s$@(B'from'$B%3%^%s%I$r<u$1<h$C$?>l9g!"%7%9(B
$B%F%`$N%/%i%C%7%e$b$7$/$O@5>o$J5!G=$N2sI|$N$?$a$K!":F5/F0$rMW5a$5$l$k!#(B


9. Nite Server FTPd Multiple DoS Vulnerabilities
BugTraq ID: 1230
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-19
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1230
$B$^$H$a(B:

Nite Server FTP $B%G!<%b%s$K$O!"B??t$N(B DoS $B$KBP$9$kLdBj$,$"$k!#(B

1) $B%f!<%6!<%3%^%s%I$G!"Hs>o$KD9$$J8;zNs$rMW5a$9$k$H!"%G!<%b%s$,;HMQ2D(B
$BG=$JA4$F$N%a%b%j$r>CHq$7$F$7$^$$!"%5!<%P!<$,Dd;_$9$k860x$H$J$k!#(B

2) $B%j%b!<%H%f!<%6!<$,%j%/%(%9%H$r=*N;$5$;$J$$$^$^$G!"%Q%9%o!<%I%U%#!<(B
$B%k%I$KL58B$NJ8;z$rF~NO$7$?>l9g!"%G!<%b%s$O;HMQ2DG=$J%a%b%j$r$9$Y$F3d$j(B
$BEv$F!"?7$7$$@\B3$r$9$Y$F5qH]$9$k!#(B

3) $B%m%0%*%s$7$FIT@5$J%G!<%?$+$i$J$kMW5a$r$7!"$?$@$A$K%m%0%*%U$9$k$H!"(B
ftp$B%5!<%P!<$O?7$7$$@\B3$r$9$Y$F5qH]$9$k!#(B

4) $B%U%!%$%kL>$rJQ99$9$k$H$-!"?7$7$$%U%!%$%kL>$,D9$9$.$k$H%5!<%P!<(B
$B$O?7$7$$@\B3$N<u$1IU$1$rDd;_$9$k!#(B

10. MetaProducts Offline Explorer Directory Traversal Vulnerability
BugTraq ID: 1231
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-19
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1231
$B$^$H$a(B:

$B%G%U%)%k%H$G$O!"(BOffline Explorer$B$O!"%]!<%H(B800$B$GMW5a$rBT$A<u$1!"%j%b!<%H(B
$B%f!<%6!<$,%j%b!<%H%[%9%H$N%-%c%C%7%e$rFI$_<h$k8"8B$r<hF@$7$F$+$i!"(B
$B%G%#%l%/%H%j$r0\F0$9$k!#(B

"../..\"$B$r4^$`(BGET $BMW5a$N<B9T$K$h$j!"%j%b!<%H%f!<%6!<$,%-%c%C%7%e$d>e0L(B
$B$N%G%#%l%/%H%j9=B$$N;2>H$,2DG=$H$J$k!#(B

$B%Y%s%@!<$h$j(B:
$B%@%&%s%m!<%I%G%#%l%/%H%j$OFbIt$N%&%'%V%5!<%P!<$r7PM3$7$F%"%/%;%9$9$k(B
$B$3$H$,$G$-$k!#$3$l$,M#0l$N%"%/%;%9$G$-$k%(%j%"$G$"$k!#$7$+$7$J$,$i!"(B
$B%P!<%8%g%s(B1.0$B$+$i(B1.2$B$G$O!"(Bhttp://127.0.0.1:800/./../../$B$H$$$&(BURL$B$,F~(B
$BNO$5$l$?>l9g!"%@%&%s%m!<%I%G%#%l%/%H%j0J30$N$N%G%#%l%/%H%j$X$N%"%/(B
$B%;%9$,2DG=$G$"$k!#$3$NLdBj$O(BOE 1.3 Beta 1 version$B$G=$@5$7!"0J9_$N%P!<(B
$B%8%g%s$K$bLdBj$OB8:_$7$J$$!#8=:_$O%@%&%s%m!<%I%G%#%l%/%H%j0J30$+$i$O(B
$B$$$+$J$k%(%j%"$K$b%"%/%;%9$OIT2DG=$H$J$C$F$$$k!#(B

11. OpenLDAP /usr/tmp/ Symlink Vulnerability
BugTraq ID: 1232
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2000-04-21
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1232
$B$^$H$a(B:

RedHat 6.1$B5Z$S(B6.2$B!"(BTurboLinux6.0.2$B$*$h$S$=$l0JA0$N%P!<%8%g%s$r4^$`(B
Linux$B$N$$$/$D$+$N%P!<%8%g%s$H$H$b$K=P2Y$5$l$?(BOpenLDAP$B$G!"<eE@$,B8:_$9(B
$B$k!#(BOpenLDAP$B$O!"C/$G$b=q$-9~$_2DG=$J(B/tmp$B%G%#%l%/%H%j$N%7%s%\%j%C%/%j%s%/(B
$B$G$"$k(B/usr/tmp$B$N2<$K%U%!%$%k$r:n$k!#(BOpenLDAP$B$O(B/usr/tmp$BFb$N%U%!%$%k$r(B
$B3+$/A0$KB8:_$7$F$$$?%U%!%$%k$N%A%'%C%/$r9T$o$J$$$?$a!"967b<T$,%U%!%$(B
$B%k%7%9%F%`>e$N$$$+$J$k%U%!%$%k$K$bE,Ev$JL>A0$N%7%s%\%j%C%/%j%s%/$r:n(B
$B@.$9$k$3$H$,2DG=$H$J$j!"%U%!%$%k$rGK2u$9$k$3$H$,$G$-$k!#(B

$B$3$NLdBj$O0J2<$N>r7o$r;}$D(BOpenLDAP$B$,B8:_$9$k(BUNIX$B%7%9%F%`$K1F6A$,$"$k!#(B

1) slapd.conf $B$O!"(B/usr/tmp $B$NJQ?t$H$J$k!V(Bdirectory$B!W$r@_Dj$9$k(B
2) /usr/tmp$B$,(Bworld writable$B$G$"$k$H$-(B
3) DEFAULT_SLURPD_REPLICA_DIR$B$,(B/usr/tmp$B$K@_Dj$5$l$F$$$k(Bslurpd

12. GNOME gdm XDMCP Buffer Overflow Vulnerability
BugTraq ID: 1233
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-22
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1233
$B$^$H$a(B:

GNOME$B$N0lIt$H$7$F=P2Y$5$l$?!"(Bxdm$B$NBeMQ$G$"$k(B'gdm'$B$G;H$o$l$F$$$k%W%m%0%i%`(B
$B$r=hM}$9$k(BXDMCP$B$K%P%C%U%!%*!<%P!<%i%s$,B8:_$9$k!#56Au$7$?(BXDMCP$B%a%C%;!<(B
$B%8$rAw?.$9$k$3$H$G!"%j%b!<%H$N967b<T$OG$0U$N%3%^%s%I$r4IM}<T$H$7$F<eE@$N(B
$B$"$k%^%7%s>e$G<B9T$9$k$3$H$,2DG=$H$J$k!#LdBj$O!"(BXDMCP$B$N0lIt$H$7$F(B
'FORWARD_QUERY'$BMW5a$,Aw$i$l$k%G%#%9%W%l%$>pJs$N=hM}$K$"$k!#(B

$B%G%U%)%k%H$G$O!"(Bgdm$B$O(BXDMCP$B$rDL$7$FMW5a$rBT$A<u$1$k$h$&$J@_Dj$K$O$5$l$F(B
$B$$$J$$!#(BRedHat 6.0$B$+$i(B6.2$B$H$H$b$K=P2Y$5$l$?(Bgdm$B$N%P!<%8%g%s$H(BHelix GNOME
$B5Z$S%=!<%9%3!<%I$G:n@.$5$l$?(Bgdm$B$G$O!"(BXDMCP$BMW5a$r<u$1IU$1$k$h$&@_Dj$7$J$$(B
$B8B$j!"$3$NLdBj$OB8:_$7$J$$!#$3$N%U%!%$%k$OJQ99$5$l$k2DG=@-$,$"$k$,!"(B
$B$$$/$D$+$N%7%9%F%`$N(B/etc/X11/gdm/gdm.conf$B$G@_Dj$5$l$F$$$k!#(B"Enable"$BJQ(B
$B?t$r(B0$B$K@_Dj$7$F$$$k>l9g!"1F6A$O$J$$!#(B

13. Gauntlet Firewall Remote Buffer Overflow Vulnerability
BugTraq ID: 1234
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-18
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1234
$B$^$H$a(B:

Network Associates Gauntlet$B$N%U%!%$%"%&%)!<%k$N%P!<%8%g%s(B4.1$B!"(B4.2$B!"(B
5.0$B!"(B5.5$B$KE}9g$5$l$?(BMattel's Cyber Patrol$B$N%P!<%8%g%s$K$O%P%C%U%!%*!<(B
$B%P!<%U%m!<$,B8:_$9$k!#(BCyber Patrol$B$,E}9g$5$l$F$?J}K!$K$h$j!"%j%b!<%H(B
$B$N967b<T$,%U%!%$%"%&%)!<%k$N4IM}<T8"8B$rC%<h$7$?$j!"G$0U$N%3%^%s%I$r(B
$B%U%!%$%"%&%)!<%k>e$G<B9T$G$-$k$h$&$K$J$k2DG=@-$,$"$k!#(B

$B%G%U%)%k%H$G$O!"(BCyber Patrol$B$O(BGauntlet$B$N%$%s%9%H!<%k;~$K%$%s%9%H!<%k(B
$B$5$l!"(B30$BF|4V<B9T$5$l$k!#4|4V$,=*N;$9$k$H!"<B9T$rCf;_$9$k!#(B30$BF|$N4|4V(B
$B$N4V!"%U%!%$%"%&%)!<%k$O967b$K$h$C$F1F6A$r<u$1$k!#%U%#%k%?%j%s%0$9$k(B
$B%=%U%H%&%'%"$,30It$+$i$N%"%/%;%9$r5v2D$9$k$?$a!"FbIt%M%C%H%o!<%/$N%f!<(B
$B%6!<$G$J$/$H$b$3$N<eE@$rFM$/$3$H$,2DG=$K$J$k>l9g$,$"$k!#(B

14. BugTraq ID: XFree86 Xserver Denial of Service Vulnerability
BugTraq ID: 1235
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-18
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1235
$B$^$H$a(B:

XFree86 3.3.5$B!"(B3.3.6 $B$*$h$S(B 4.0$B$K%5!<%S%9ITG=967b$KBP$9$k<eE@$,B8:_$9$k!#(B
$B%j%b!<%H%f!<%6!<$,IT@5$J%Q%1%C%H$r(BTCP$B$N%j%C%9%K%s%0%]!<%H$G$"$k(B6000$BHV$K(B
$BAw?.$G$-!"0lDj4|4V(BX$B%5!<%P!<$,1~Ez$7$J$/$J$k!#$3$N4V!"%-!<%\!<%I$O%f!<%6(B
$B!<$NF~NO$K1~Ez$;$:!"%^%&%9$bH?1~$7$J$/$J$k>l9g$b$"$k!#$3$N4V!"(BX$B%5!<%P!<(B
$B$O(BCPU$B$r(B100$B!s;H$$!"%7%0%J%k$r<u$1$?>l9g$@$1=$I|$,2DG=$H$J$k!#$3$N<eE@$O!"(B
XSECURITY$B$N(B#define $B@_Dj$7$F%3%s%Q%$%k$5$l$?%5!<%P!<$G$N$_$KB8:_$9$k!#$3(B
$B$l$O!"0J2<$r<B9T$9$k$3$H$G3NG'$G$-$k!'(B
strings/path/to/XF86_SVGA | grep "XC-QUERY-SECURITY-1"

Bugtraq $B$K(BChris Evans <chris@ferret.lmh.ox.ac.uk>$B$,%]%9%H$7$?ItJ,$r0zMQ(B
$B$9$k$H!"(B
"Observe xc/programs/Xserver/os/secauth.c, AuthCheckSitePolicy():

// dataP is user supplied data from the network
char        *policy = *dataP;
int         nPolicies;
..
// Oh dear, we can set nPolicies to -1
nPolicies = *policy++;
while (nPolicies) {
// Do some stuff in a loop
..
  nPolicies--;
}

$B!V(BnPolicies$B!W(B $B$N%+%&%s%?$K(B -1 $B$r2C$($k$H!"Ls%^%$%J%9(B20$B2/6a$/8:>/$9$k!#(B
$B$=$l$+$i!"%]%8%F%#%V(B20$B2/$K%i%C%W$7!"$=$3$+$i:G8e$N(B0$B$K$J$k!#(B

15. Microsoft Windows 9x / NT 4.0 / 2000 Fragmented IP Packets DoS
Vulnerability
BugTraq ID: 1236
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-19
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1236
$B$^$H$a(B:

Windows 9x, NT 4.0, NT Terminal Server$B$b$7$/$O(B2000$B$K!"%U%i%0%a%s%H2=$5(B
$B$l$?F10l$N(BIP$B%Q%1%C%H$r0lIC4V$K$*$h$=(B150$B8D$N3d9g$GAw?.$9$k$3$H$K$h$j!"%?!<%2%C(B
$B%H$N(BCPU$B$N;HMQN($,(B100$B!s6a$/$J$k!#967b$,;_$`$H!"(BCPU$B$N;HMQN($ODL>o$KLa$k!#(B
$B$$$/$D$+$N>l9g!"$3$N967b$K$h$j!V%V%k!<%9%/%j!<%s!W>uBV$,H/@8$9$k!#(B

16. Multiple Vendor Web Shopping Cart Hidden Form Field Vulnerability
BugTraq ID: 1237
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-02-01
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1237
$B$^$H$a(B:

$BB?$/$N%7%g%C%T%s%0%+!<%H%=%U%H%&%'%"$G$O!"(Bhtml$B$N%=!<%9%3!<%IFb$G$O!"8+(B
$B$($J$$%U%)!<%`%U%#!<%k%I$r@=IJ>pJs$r4^$s$@;vA0$K@_Dj$5$l$?%Q%i%a!<%?$H(B
$BAH$_9g$o$;$F;HMQ$7$F$$$k!#Nc$H$7$F!"CMCJ!"=ENL!"?tNL$J$I$,$"$2$i$l$k!#(B
$B%j%b!<%H%f!<%6!<$,!"%^%7%s$KFCDj$N@=IJ$N%&%'%V%Z!<%8$rJ]B8$9$k$H!"$=$N(B
html$B$N%=!<%9$rJT=8$9$k$3$H$,2DG=$H$J$j!"7k2L$H$7$F@=IJ$N%Q%i%a!<%?$rJQ(B
$B99$9$k$3$H$,2DG=$H$J$k!#JQ99$5$l$?%&%'%V%Z!<%8$O!"$=$N$H$-%7%g%C%T%s%0(B
$B%+!<%H%=%U%H%&%'%"$K1F6A$r5Z$\$9!#$"$k>u672<$G$O!"%V%i%&%6$N%"%I%l%9%P!<(B
$B$rMQ$$$F$3$N<eE@$rMxMQ$9$k$3$H$b2DG=$G$"$k!#(B

$B$$$/$D$+$N%Y%s%@!<$G$OAw?.J}K!$^$?$O;2>HCM$N%A%'%C%/$rMW5a$9$k$h$&$J(B
$B%A%'%C%/$rAH$_9~$s$@$,!"$3$N(B2$B$D$NMW5a$O%+%9%?%`$G:n@.$7$?(Bhttp$B%j%/%(%9(B
$B%H$K$h$C$FGK$i$l$k2DG=@-$,$"$k!#(B

17. Cobalt RaQ2/RaQ3 Web Server Appliance cgiwrap bypass Vulnerability
BugTraq ID: 1238
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-23
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1238
$B$^$H$a(B:
>From BugTraq post:

Cobalt RaQ2$B$H(BRaQ3 $B$N%&%'%C%V%[%9%F%#%s%0AuCV$N(BFrontPage $B3HD%$K$O!"%;%-(B
$B%e%j%F%#>e$NLdBj$,$"$k!#%7%9%F%`>e$NA4$F$N%f!<%6!<$,!"(BFrontpage$B$N%5%$%H(B
$B$NJQ99!":o=|$^$?$O>e=q$-$9$k$3$H$,2DG=$H$J$k!#(B

RaQ2/3$B$,(BFrontPage$B$K$h$C$F%5%$%H$,99?7$5$l$k$H!"FC8"%f!<%6!<$G$O$J$/(B
"httpd"$B$H$$$&L>$N%f!<%6!<$,A4$F$N%U%!%$%k$r=jM-$9$k$3$H$K$J$k!#(B
Apache$B$K$h$k%&%'%V%5!<%P!<$b!"(B"httpd"$B$H$$$&L>$N%f!<%6!<$K$h$C$F<B9T$5(B
$B$l$k$3$H$K$J$k!#(BCabalt$B$O(Bcgiwrap$B$r;H$C$F(B"httpd"$B$G$O$J$/(BCGI$B$r=jM-$7$F$$(B
$B$k%f!<%6!<$,(BCGI$B$r5/F0$9$k$h$&$K$7$F$$$k$,!"(Bcgiwrap$B$rHr$1$F%9%/%j%W%H(B
$B$r(B"httpd"$B$H$$$&L>$N%f!<%6!<$H$7$F5/F0$9$k$3$H$OMF0W$G$"$k!#(B

Apache$B$N@_Dj%U%!%$%k$K$O(B"AllowOverride All"$B$H$$$&9T$,$"$k$N$G!"(B
cgiwrap$B$r2sHr$9$k$3$H$,$-$k!#BP:v$O!"(B.htaccess$B$H$$$&%U%!%$%k$r:n@.$7!"(B
$B0J2<$r5-=R$9$k$3$H$G$"$k!#(B

Options +ExecCGI
AddHandler cgi-script .cgi

$B$3$l$K$h$C$F!"%G%#%l%/%H%jFb$N(BCGI$B$O(B"httpd"$B$H$$$&L>$N%f!<%6!<$H$7$F%&%'(B
$B%V%5!<%P!<$K%"%/%;%9$7$?$3$H$K$h$C$F5/F0$9$k!#(B

Apache$B$N@_Dj$K$*$1$k(BAllowOverride$B$N9T$K$D$$$F!"0BA4$G$"$k$H8@$($k$N$O!"(B
AuthConfig$B!"(BIndexes$B5Z$S(BLimit$B$N$_$G$"$k(B($B$3$l$i$O%5!<%P!<$,@_Dj$7$F$$$k(B
$B%7%9%F%`$N%;%-%e%j%F%#$N@)8B$rHr$1$F%Z!<%8$r@)8f$9$k$3$H$OIT2DG=$G$"(B
$B$k(B)$B!#(B

$B$3$N(BAllowOverride$B$N@_Dj$K$h$j!"%&%'%V%5%$%H$N$?$a$N%5%$%H4IM}<T$N@_(B
$BDj$N%*%W%7%g%s$G$"$k(B"Enable CGI Script"$B5Z$S(B"Enable Server Side
Include"$B$,$[$\L58z$K$J$k!#$J$<$J$i!"$?$H$(4IM}<T$,$=$l$i$r;HMQIT2D$K(B
$B$7$F$b!"(BCGI$B$H(BSSI$B$O(B.htaccess$B%U%!%$%k$rDL$7$F<B9T2DG=$H$J$k$+$i$G$"$k!#(B

18. Multiple Linux Vendor fdmount Buffer Overflow Vulnerability
BugTraq ID: 1239
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2000-05-22
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1239
$B$^$H$a(B:

$B$$$/$D$+$N%P!<%8%g%s$N(BLinux$B$H$H$b$KG[I[$5$l$?(Bfdmount$B%W%m%0%i%`$N%P!<(B
$B%8%g%s(B0.8$B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,B8:_$9$k!#%^%&%s%H%]%$%s%H$NBe(B
$B$o$j$K<B9T2DG=$J%3!<%I$r4^$s$@56Au$5$l$?5pBg$J%P%C%U%!$rAw?.$9$k$3$H(B
$B$K$h$j!"(B'floppy'$B%0%k!<%WFb$N%f!<%6!<$,4IM}<T$H$7$FG$0U$N%3%^%s%I$r<B(B
$B9T$9$k$3$H$,2DG=$H$J$k!#(B

$B$3$N<eE@$O(BS.u.S.E.,4.0$B$*$h$S$=$l0J9_$N%P!<%8%g%s$@$1$G$J$/(BMandrake
Linux 7.0$B$K$bB8:_$9$k!#(BTurbo Linux 6.0$B5Z$S$=$l0JA0$N%P!<%8%g%s$G$O(B
fdmount suid root$B$,4^$^$l$F$$$k$,!"%f!<%6!<$,(B'floppy'$B%0%k!<%W$K<+F0E*(B
$B$K2C$($i$l$k$3$H$O$J$$!#$3$N%j%9%H$O40A4$J$b$N$G$O$J$/!"B>$NG[I[$5$l(B
$B$?(BLinux$B$G$b1F6A$,9M$($i$l$k!#1F6A$,$"$k$+$I$&$+%A%'%C%/$9$k>l9g!"%P%$(B
$B%J%j$N(Bsetuid$B%S%C%H$NB8:_$r%A%'%C%/$9$k!#$=$l$,B8:_$9$k>l9g!"$*$h$S$=(B
$B$N%P%$%J%j$,$I$A$i$b<B9T2DG=$G$"$k>l9g!"$b$7$/$O(B'floppy'$B%0%k!<%W$,<B(B
$B9T2DG=$G$"$k>l9g!"1F6A$,$"$k$N$GB.$d$+$K9TF0$r5/$3$9$Y$-$G$"$k!#(B

19. Cayman 3220H DSL Router "ping of death" Vulnerability
BugTraq ID: 1240
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-23
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1240
$B$^$H$a(B:

$B%k!<%?$KBP$7!"5pBg$J%5%$%:$N(BICMP$B$N%(%3!<$rMW5a$9$k$H!"%5!<%S%9ITG=$H$J(B
$B$k2DG=@-$,$"$k!#Js9p$5$l$?7k2L$O!"(Btelnet$B5Z$S(Bhttp$B$N(Badmin$B%5!<%S%9$,Dd;_$9$k(B
$B$J$IMM!9$"$k!#$^$?%k!<%F%#%s%0$J$7$G%k!<%?$,:F5/F0$7$?$,!"(Badmin$B%5!<%S%9$O(B
$B5/F0$7$?$^$^$@$C$?!#(B

20. AIX  Filesystem Vulnerability
BugTraq ID: 1241
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1241
$B$^$H$a(B:

2000$BG/(B5$B7n(B24$BF|!"(BIBM$B$K$h$j(BAIX$B$NB??t$N%P!<%8%g%s$K$*$1$k%U%!%$%k%7%9%F%`(B
$B$N<eE@$K$D$$$F%"%I%P%$%6%j$,!"ITL@NF$JI=8=$G8x3+$5$l$?!#$3$N%"%I%P%$%6(B
$B%j$,$3$NLdBj$NK\<A$r8N0U$K[#Kf$K@bL@$7$F$$$k$[$+$K!"$3$NLdBj$OIT@5$J%U%!(B
$B%$%k%"%/%;%9$G$"$k$H5-=R$7$F$$$k!#(BNFS$B$N%^%&%s%H$7$?%j%b!<%H%f!<%6!<$*$h(B
$B$S!";~$K$O%m!<%+%k%f!<%6!<$G$b!"=jM-$7$F$$$J$$%U%!%$%k$b$7$/$O%"%/%;%9(B
$B$5$l$k$O$:$N$J$$%U%!%$%k$X$NFI$_<h$j5Z$S=q$-9~$_8"8B$r<hF@$G$-$k$H=R$Y(B
$B$F$$$k!#(B

21. Qualcomm Qpopper 'EUIDL' Format String Input Vulnerability
BugTraq ID: 1242
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1242
$B$^$H$a(B:

Qualcomm$B$K$h$k(Bqpopper$B%P!<%8%g%s(B2.53$B5Z$S$=$l0JA0$N%P!<%8%g%s!"<g$J(BPOP$B%5(B
$B!<%P!<$G(BQualcomm$B$+$i<eE@$,B8:_$9$k!#(BX-UIDL$B$N%X%C%@%U%#!<%k%I$K<B9T2DG=(B
$B$J%W%m%0%i%`$,4^$^$l$?$b$N$r%^%7%s$KCV$/$H!"%a!<%k$N!V(BFrom:$B!W%U%#!<%k%I$K(B
$B%U%)!<%^%C%H$9$kNs$r=P$7!"%a!<%k$NAw?.@h%f!<%6$H$7$F(B 'euidl' $B%3%^%s%I$r(B
$BH/9T$9$k!#$3$3$G!"G$0U$N%3%^%s%I$,<B9T2DG=$H$J$k!#$7$+$7!"$3$l$O(B qpopper
$B$,2TF0$9$k%[%9%H>e$N(B'mail'$B%0%k!<%W$N%Q!<%_%C%7%g%s$K$J$k!#$3$l$O!"%a!<%k(B
$B%9%W!<%k$N%Q!<%_%C%7%g%s$,860x$G$"$k$3$H$,B?$$!#(B

$B$3$N<eE@$O%P!<%8%g%s(B2.53$B0J9_$G$OB8:_$7$J$$!#%P!<%8%g%s(B2.53$B0J9_$G$O%^(B
$B%7%s$KBP$7$F%"%+%&%s%H$bI,MW$G$"$k!#(B

22. HP Web JetAdmin Directory Traversal Vulnerability
BugTraq ID: 1243
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1243
$B$^$H$a(B:

$B%G%U%)%k%H$G$O!"(BJetAdmin Web Interface Server$B$O%]!<%H(B8000$B$G(B"../"$B$r4^(B
$B$`FC<l$J9=@.$N(BURL$B$rMW5a$9$k$3$H$G!"%j%b!<%H%f!<%6!<$,%&%'%V>e$K8x3+$7(B
$B$F$$$k%G%#%l%/%H%j0J30$N$$$+$J$k%U%!%$%k$KBP$7$F$bFI$_<h$j$r$9$k8"8B(B
$B$r<hF@$9$k$3$H$,2DG=$H$J$k!#(B

23. Rockliffe MailSite 4.2.1.0 Buffer Overflow Vulnerability
BugTraq ID: 1244
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1244
$B$^$H$a(B:

$B%j%b!<%H%f!<%6!<$O!"(BRockliffw MailSite 4.2.1.0$B$N(BGET $BMW5a$r=hM}$9$k%W%m(B
$B%0%i%`$KB8:_$9$k%P%C%U%!%*!<%P!<%U%m!<$N<eE@$r$D$/$3$H$G!"%7%9%F%`8"8B(B
$B$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,2DG=$H$J$k!#(B240KB$B0J>e$NJ8;zNs$+$i$J$k%/%((B
$B%j$r(BGET $BMW5a$K4^$s$G<B9T$9$k$3$H$K$h$j!"G$0U$N%3!<%I$r<B9T$9$k$3$H$,2D(B
$BG=$H$J$k!#(B

24. Pacific Software Carello File Duplication and Source Disclosure Vulnerability
BugTraq ID: 1245
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1245
$B$^$H$a(B:

$B%j%b!<%H$N%f!<%6$O!"(BCarello $B%7%g%C%T%s%0%+!<%I%=%U%H%&%'%"$r;HMQ$7$F$$(B
$B$k%?!<%2%C%H%^%7%s>e$G!"FI$_<h$j!"=q$-9~$_8"8B$r<hF@$G$-$k!#(B

$B$^$:!"%f!<%6$O!"(B/scripts/Carello $B$K$"$k(B add.exe $B$r<B9T$7$F%?!<%2%C%H%[(B
$B%9%H>e$KDL>o;HMQ$N%G%#%l%/%H%jFb$KDL>o;HMQ$N%U%!%$%k$r:n@.$9$k!#(B
http://target/scripts/Carello/add.exe?C:\directory\filename.ext $B$X(B
$B%"%/%;%9$9$k$H!"(B"1" $B$,%U%!%$%kL>$KDI2C$5$l$FJ#@=%U%!%$%k$r@8@.$9$k!#(B
$B!JNc(B filename.ext1$B!K$3$3$+$i$O!"%j%b!<%H%f!<%6$O?7$?$K:n@.$5$l$?J#@=(B
$B%U%!%$%k$X$N(Bhttp $BMW5a$r<B9T$7!"$=$NFbMF$r8+$k$3$H$,$G$-$k!#(B

$B$3$N<eE@$O!"%$%s%?!<%M%C%H$NF?L>%"%+%&%s%H$K=q$-9~$_%"%/%;%98"8B$,4X78$9$k(B
$B%G%#%l%/%H%j$K$"$k$+$I$&$+$K0MB8$9$k!#(B

25. HP Web JetAdmin 6.0 Printing DoS Vulnerability
BugTraq ID: 1246
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1246
$B$^$H$a(B:

$B%G%U%)%k%H$G$O(BJetAdmin Web$B%$%s%?!<%U%'%$%9%5!<%P$O%]!<%H(B8000$B$r3+$$$F$$(B
$B$k!#$b$7IT@5$J(BURL$BMW5a$,%]!<%H(B8000$B$KAw$i$l$k$H!"%5!<%P$N%5!<%S%9$O1~Ez(B
$B$rDd;_$9$k!#$3$N%5!<%S%9$ODd;_$5$l!"DL>o$N5!G=$r2sI|$9$k$K$O:F5/F0$NI,(B
$BMW$,$"$k!#(B

26. Pine 4.x Remote Command Execution Vulnerability
BugTraq ID: 1247
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 1999-06-28
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1247
$B$^$H$a(B:

pine$B$r;H$C$F(Bemail$B$rFI$`$H!"E:IU$7$?(Bindex.html$BCf$N(B'lynx -source' $B$r;O$a(B
uudecode$B$7$F$+$i<B9T$5$l$k!#(B

index.html$B$O%m!<%+%k%G%#%l%/%H%j$+$i<B9T$5$l$k$?$a!"$$$+$J$k%9%/%j%W%H(B
$B$G$b4^$a$k$3$H$,$G$-$k!#!J%9%/%j%W%H$O!":G9b$N%;%-%e%j%F%#8"8B$G<B9T$9$k!K(B
$B$3$l$O%f!<%6!<$r967b$K$5$i$9!#(B

$B$3$N<eE@$O%k!<%H8"8B!"$^$?%k!<%H8"8B0J30$r=jM-$9$k%f!<%6!<$K$H$C$F6<0R(B
$B$G$"$k!#B??t$NBg5,LO%7%9%F%`$G$O(Bpine$B$,2TF0$7$F$*$j!"(Bfingerd $B$,<B9T$5$l(B
$B$F$$$k!#$3$l$G$O!"967b<T$K%7%9%F%`>e$N%f!<%6!<L>$N%j%9%H$X$N%"%/%;%9$r(B
$B40`z$K5v$7$F$7$^$&!#$3$N%j%9%H$r<j$KF~$l$?8e$O!"%7%9%F%`>e$NB>$N%f!<%6(B
$B$X46@w$7$?%a%$%k$rAw$k%W%m%0%i%`$,=q$/$3$H$,$G$-$F$7$^$&!#(B

S.u.S.E. $B%"%I%P%$%6%j$O(BPine 4.x$B$K$O<eE@$,$"$k$H7Y9p$7$?!#%o%7%s%H%sBg3X(B
$B$+$i$3$N<eE@$KBP$9$k=$@5$5$l$?$N$+!"(BS.u.S.E $B$NG[I[$NCf$G$3$N<eE@$,=$@5$5(B
$B$l$F$$$k$+$I$&$+$OITL@$G$"$k!#(B

27. thttpd tdate_parse() Stack Overflow Vulnerability
BugTraq ID: 1248
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 1999-11-10
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1248
$B$^$H$a(B:

thttpd web$B%5!<%P(B(1.90a$B$+$i(B2.04$B$N%P!<%8%g%s(B)$B$K$O!"%G!<%?$r2r@O$9$k4X?t(B
tdate_parse()$B$K$O!"6-3&$r87L)$K%A%'%C%/$7$J$$!#(B

tdate_parse() $B$N%9%?%F%#%C%/%P%C%U%!$r$"$U$l$5$;$k$3$H$K$h$C$F!"967b<T(B
$B$O%j%b!<%H$G(Bthttpd$B$N8"8B$G(Bthttpd$B%[%9%H$N%3%^%s%I$r<B9T$G$-$k!#(B

28. Inter Net News server (inn) Buffer Overflow Vulnerability
BugTraq ID: 1249
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 1999-11-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1249
$B$^$H$a(B:

Inter Net News (INN)$B%5!<%P$O6-3&$N%A%'%C%/$r87L)$K$7$J$$!#%G!<%b%s$O%9(B
$B%?%F%#%C%/%P%C%U%!!<$N%*!<%P!<%U%m!<$N$h$C$F%j%b!<%H$GGK2u$5$l$&$k!#(B

29. Deerfield MDaemon Mail Server DoS Vulnerability
BugTraq ID: 1250
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1250
$B$^$H$a(B:

$BD9$$0z?t(B(256$B%P%$%H0J>e(B)$B$r%f!<%6!<%3%^%s%I$KF~NO$9$k$3$H$G%f!<%6!<%P%C(B
$B%U%!$r$"$U$l$5$;!"%Q%9%3%^%s%I$,<B9T$5$l$?8e!"(BMdaemon mail$B%5!<%P$,1~Ez(B
$B$9$k$3$H$rDd;_$9$k860x$H$J$k!#DL>o$N5!G=$r2sI|$9$k$?$a$K$O:F5/F0$,I,MW(B
$B$G$"$k!#(B

30. PGP5i Automatic Key Generation Routine Vulnerability
BugTraq ID: 1251
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1251
$B$^$H$a(B:

PGP5i$B$,%i%s%@%`$K80$N<o$r@8@.$9$k2aDx$K!"%f!<%6!<$NF~NO$K$O4X78$J$/!"<e(B
$BE@$,B8:_$9$k!#80$NBP$O0J2<$N$h$&$K@8@.$5$l$k(B:

 pgpk -g <DSS or RSA> <key-length> <user-id> <timeout> <pass-phrase>

pgp$B$O%f!<%6!<$N2pF~$J$7$K<+F0E*$K80$r@8@.$9$k!#(B/dev/random$B$r%5%]!<%H$7(B
$B$F$$$k%7%9%F%`$K$*$$$F$O!"$3$N%G%P%$%9$r(B1$B%P%$%H$:$DA}2C$5$;$k$3$H$G80$N(B
$B<o$r@8@.$9$k!#(B

 RandBuf = read(fd,&RandBuf, count);

 $B%i%s%@%`%W!<%k$KF~NO$9$k!#$"$$$K$/!">e$N%m%8%C%/$OL58z$K$5$l$k!#(Bread()
$B$OFI$_9~$s$@J8;z$NCM$rJV$9!#$3$N>l9g!"%+%&%s%H$O$D$M$K(B1$B$K=i4|2=$5$l$k$?(B
$B$a!"(BRandBuf$B$O$$$D$b(B1$B$NCM$r3d$jEv$F$i$l$k!#$3$l$,80$rM=B,$7$d$9$/$9$k!#(B
RSA$B80$OM=A[2DG=$JJ}K!$G@8@.$5$l$k!#0E9f2=80(B(ElGamal)$B$OMM!9$G$b(B
DSA/ElGamal$B=pL>(B(DSA)$B80$OM=A[2DG=$G$"$k!#(B

$B0J2<$N0l$D$,??$J$i!"(Bpgp$B$r<B9T$7$F$$$k%f!<%6$K$O<eE@$O$J$$!#(B

1) $BAj8_$K80$r@8@.$9$k!#%-!<%\!<%I$GB??t$N%i%s%@%`$JJ8;z$rF~NO$9$kI,MW$,(B
   $B$"$k$@$m$&!#(B
2) PGP5$B$rMxMQ$9$kA0$K%$%s%9%H!<%k$r$7!"%i%s%@%`<o%U%!%$%k$r;vA0$KMQ0U$9(B
   $B$k!#(B
3) 2.x, 2.xi, 6.x or 6.xi distribution$B$G<B9T$9$k!#Hs9q:]%P!<%8%g%s$K$O(B
   $B<eE@$O$J$$$H9M$($i$l$F$$$k!#(B

31. MDBMS Buffer Overflow Vulnerability
BugTraq ID: 1252
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1252
$B$^$H$a(B:

Marty Bochane$B$K$h$C$F=q$+$l$?(BMDBMS database$B$K<eE@$,B8:_$9$k!#(BMDBMS
server$B$K==J,$JD9$5$N(Bline$B$rF~NO$7!"%^%7%s8l$N<B9T%3!<%I$r$=$NCf$KKd$a9~(B
$B$`$3$H$G!"%G!<%?%Y!<%9$r<B9T$7$F$$$k%f!<%6$H$7$FG$0U$N%3%^%s%I$r967b<T(B
$B$,<B9T$9$k$3$H$,2DG=$G$"$k!#(B

MDBMS$B$N$9$Y$F$N%P!<%8%g%s!":G?7$N%j%j!<%9(B.99b6$B$r4^$a$F!"1F6A$r$&$1$k$H(B
$B9M$($i$l$F$$$k!#(B

32. Network Associates WebShield SMTP 4.5.44 Configuration Modification
Vulnerability
BugTraq ID: 1253
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-25
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1253
$B$^$H$a(B:

$B%G%U%)%k%H$G$O(BNetwork Associates WebShield SMTP$B$O%]!<%H(B9999$B>e$N4IM}%(!<(B
$B%8%'%s%H$G<B9T$9$k!#C1$K$3$NFCDj$N%]!<%H$K@\B3$9$k$3$H$K$h$C$F%j%b!<%H(B
$B%f!<%6!<$O$3$N%(!<%8%'%s%H$N%"%/%;%9$r3MF@$7$F(BWebShield SMTP$B$N%3%s%U%#(B
$B%0%l!<%7%g%s$9$k$+$b$7$l$J$$!#(B"GET_CONFIG<CR>"$B%3%^%s%I$r<B9T$9$k$H!"8=(B
$B:_$N%3%s%U%#%0%l!<%7%g%s$,La$C$F$/$k!#4IM}%(!<%8%'%s%H$O5v2D$5$l$?%[%9(B
$B%H%M!<%`$N%j%9%H$r$b$H$K%"%/%;%98"8B$rM?$($k!#$7$+$7!"%[%9%H%M!<%`$r2r(B
$B7h$G$-$J$$$I$s$J(BIP$B%"%I%l%9$KBP$7$F$b8"8B!"Nc$($P%m!<%+%k%[%9%H$+$i$7$+(B
$B5v$5$l$F$$$J$$(B 'MailCfg'$B$r@_Dj$9$k$3$H$,2DG=$G$"$k!#(B

33. Network Associates WebShield SMTP 4.5.44 Buffer Overflow Vulnerability
BugTraq ID: 1254
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-25
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1254
$B$^$H$a(B:

Network Associates WebShield SMTP$B$O!"%3%s%U%#%0%l!<%7%g%s%Q%i%a!<%?$KIU(B
$B?o$9$k(B208$B%P%$%H0J>e$N%G!<%?$,%]!<%H(B9999$B$r3+$$$F$$$k%j%b!<%H4IM}%5!<%S%9(B
$B$KAw$i$l$k$H!"%P%C%U%!!<%*!<%P!<%U%m!<967b$K1F6A$5$l$d$9$$!#%5!<%S%9%"(B
$B%+%&%s%H(B($B%G%U%)%k%H$O(BSYSTEM)$B$N8"8B%l%Y%k$GG$0U$N%3!<%I$r<B9T$9$k$?$a$N(B
$B%W%m%0%i%`$r6/@)$9$k$3$H$,2DG=$G$"$k!#(B

34. Omnis Studio 2.4  Weak Database Field Encryption Vulnerability
BugTraq ID: 1255
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2000-05-25
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1255
$B$^$H$a(B:
Omnis Studio 2.4$B$O%G!<%?%Y!<%9F~NO$r0E9f2=$9$k%*%W%7%g%s$r;}$D%G!<%?%Y(B
$B!<%9%"%W%j%1!<%7%g%s3+H/%D!<%k$G$"$k!#$7$+$7$J$,$i;H$o$l$F$$$k0E9f2=J}<0(B
$B$,<e$/!"$I$s$J2J3X7W;;5!$rMQ$$$F$b!"$^$?%Z%s$H;f$G$5$($b!"967b<T$,(B16$B?J?t(B
$B$H(Bascii$B$NCN<1$,$"$l$P4JC1$K2rFI$5$l$F$7$^$&!#0E9f2=$5$l$F$$$J$$$=$l$>$l$N(B
$B%P%$%H$O!"C1$K$=$N85$H$J$kCM$H%9%H%j%s%0$N$"$k>l=j$r(B4$B$G3d$C$?M>$j$K$h$C$F(B
$B7h$^$k!#(B

35. PDGSoft Shopping Cart Multiple Buffer Overflow Vulnerabilities
BugTraq ID: 1256
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-25
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1256
$B$^$H$a(B:

redirect.exe$B!"(Bchangepw.exe$B$N(B2$B$D$N<B9T%U%!%$%k$O(BWeb$B$rDL$7$F%"%/%;%92DG=(B
$B$J<eE@$,$"$k!#6KC<$KD9$$%/%(%jNs$rF~NO$5$l$k$H!"FbIt%P%C%U%!$r$3$($FJ](B
$BB8$5$l$F$$$kLa$jHVCO$r=q$-49$($k!#(B

36. Big Brother bbd.c Buffer Overflow Vulnerability
BugTraq ID: 1257
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-18
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1257
$B$^$H$a(B:

1.4g$B0JA0$N(BBig Brother $B%P!<%8%g%s(B (BBDisplay and BBPager bbd.c)$B$K$O%P%C(B
$B%U%!%*!<%P!<%U%m!<$N<eE@$,B8:_$9$k!#$3$l$O(Bbbd.c$B$r<B9T$7$F$$$k%f!<%6!<$N(B
$B8"8B$GG$0U$N%W%m%0%i%`$N<B9T$r5v$9!#(B

37. TopLayer AppSwitch 2500 Multiple DoS Vulnerabilities
BugTraq ID: 1258
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-05-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1258
$B$^$H$a(B:

TopLayer AppSwitch 2500$B$K$OB??t$N(BDoS$B967b$KBP$7$F<eE@$,$"$k$HJs9p$5$l$F(B
$B$$$k!#%U%i%0%a%s%H2=$5$l$?%Q%1%C%H!"0-$$(BICMP$B%A%'%C%/%5%`!"$=$NB>$NJQB'(B
$BE*$J%Q%1%C%H$,%9%$%C%A$rGK2u$9$k$HJs9p$5$l$F$$$k!#(B


III. SECURITYFOCUS.COM NEWS AND COMMENTARY
- ------------------------------------------

1. Lights Out (May 25, 2000)

$BH/E8$NG/(B  NIPC$B$N(B Michael Vatis$B$O!"EENO%M%C%H%o!<%/$KBP$9$k%5%$%P!<967b(B
$B$N4F;k7W2h$r8xI=$7$?!#$3$l$ODdEE$rKI$0$K$O==J,$G$"$k$N$@$m$&$+!)(B

http://www.securityfocus.com/news/41

2. Security Hole found in NAI Firewall (May 22, 2000)

$B%=%U%H%&%'%"$N8!>ZITB-$,!V@$3&$G$b$C$H$b6/8G(B($B$H$$$o$l$k(B)$B%U%!%$%"%&%)!<%k!W$r(B
$B4m$&$/$5$;$k!#(B

http://www.securityfocus.com/news/40


3. Love Letter's last Victim  (May 22, 2000)

Love Letter$B%o!<%`$O(B $B?7$7$$@$3&Ca=x$r0z$-5/$3$962$l$"$j!#%;%-%e%j%F%#(B
$B%D!<%k$NMxMQ$O6X;_$5$l!"8D?M$N0E9f80$O@/I\$K43>D$5$l$k(B

http://www.securityfocus.com/commentary/39


IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------

1. The Java SSH/Telnet Application/Applet 2.0 RC4 (Java)
By Matthias L. Jugel, leo@mud.de
URL:
	http://www.securityfocus.com/data/tools/jta20.jar

Java(tm) Telnet Applet$B$O$9$Y$F$N5!G=$rHw$($?(B telnet/SSH $B%W%m%0%i%`$G$9!#(B
$B$3$l$O(BWWW$B%V%i%&%6$N$_$G%$%s%?!<%M%C%H$d%$%s%H%i%M%C%H$rDL$7$F%j%b!<%H%[(B
$B%9%H$K@\B3!"%m%0%$%s$G$-$^$9!#(Btelnet$B$K$h$k@\B3%5!<%S%9$@$1$G$J$/!"F0E*(B
$B$K(BTerminal Emulations $B$d%W%i%0%$%s$rFI$_9~$`$3$H$,$G$-$^$9!#MxMQ$G$-$k(B
$B%W%i%0%$%s$K$O!"(B Socket$B!"(B Telnet$B!"(B Terminal$B!"(B Script$B!"(B SSH $B$,$"$j$^$9!#(B
ssh$B$d(Bterminal$B%W%i%0%$%s$G$NB??t$N%P%0$,=$@5$5$l$F$$$^$9!#0u:~$OGr9u$@$1(B
$B$G$9!#<!$N%j%j!<%9$G:G=*HG$K$J$j$^$9!#(B

2. tsocks 1.5 (Linux and Solaris)
By Shaun Clowes, delius@progsoc.org
URL:
	http://www.securityfocus.com/data/tools/tsocks-1.5.tar.gz

SOCKS V4 proxy ($BDL>o%U%!%$%"%&%)!<%k>e$K$"$k(B) tsocks $B$O(BTCP$B%3%M%/%7%g%s(B
$B$r3+;O$9$k$?$a$K%"%W%j%1!<%7%g%s$N8F$S=P$7$rK5<u$7$F!"D>@\%"%/%;%9$,2D(B
$BG=$+!"$b$7$/$O(BSOCKS$B%5!<%P$,I,MW$+$I$&$+$rH=CG$7$^$9!#(BSOCKS$B%5!<%P$,I,MW(B
$B$G$"$l$P!"@\B3$O(BSOCKS$B%5!<%P$H=hM}$r9T$$!"%"%W%j%1!<%7%g%s$XF)2aE*$K@\B3(B
$B$7$^$9!#$3$N$?$a!"(BSOCKS$B$r;H$&4{B8$N%"%W%j%1!<%7%g%s$O:F%3%s%Q%$%k$r$7$?(B
$B$j!"=$@5$9$kI,MW$O$"$j$^$;$s!#(Btsocks$B$O(Blibc$B$N(Bconnect $B$N8F$S=P$7$KBP$9$k(B
$B%i%C%Q!<%i%$%V%i%j$G$9!#JQ99E@(B: Solaris 2.6$B!"(B2.7$B!"(B 2.8$B$K$*$1$k%3%s%Q%$%k(B
$B$N=$@5!"(Bmakefile$B$NLdBj$N=$@5!#%=%1%C%H%*%W%7%g%s$N@_Dj$K4X$9$k%P%0$H(B
unsolved symbols$B$NLdBj$,=$@5$5$l$^$7$?!#$9$Y$F$N%"%W%j%1!<%7%g%s$,(BTCP DNS
$B$r6/@)E*$K;HMQ$9$k%5%]!<%H$,DI2C$5$l$?$N$G!"F)2aE*$K%W%m%-%7!<@\B3$,9T(B
$B$o$l$^$9!#(B

3. Bastille Linux 1.1.0.pre6 (Linux)
By Jay Beale, jay@nova.umuc.edu
URL:
	http://www.securityfocus.com/data/tools/Bastille-1.1.0.pre6.tgz

Bastille Linux$B$O(B Red Hat Linux 6.0/6.1$B$KBP$9$k$b$C$H$bJq3gE*$G=@Fp$G$"(B
$B$j!"650iE*$J%;%-%e%j%F%#6/2=%W%m%0%i%`$rL\I8$H$7$F$$$^$9!#$3$N%W%m%0%i(B
$B%`$,<B9T$9$k$[$H$s$I$9$Y$F$N%?%9%/$OA*Br$9$k$3$H$,$G$-!"9b$$=@Fp@-$rDs(B
$B6!$7$^$9!#%$%s%9%H!<%k$9$k4IM}<T$O!"J,$+$i$J$$$3$H$,B?$/$F$b!"L\A0$K$"(B
$B$kLdBjE@$K$D$$$FCN$k$3$H$,$G$-$^$9!#$3$NBPOCE*$JFCD'$N$*$+$2$G!"$3$N%W(B
$B%m%0%i%`$,0BA42=$N:]$N40@.EY$N6a$$$b$N$H$J$j!"$^$?!"650iFbMF%W%m%0%i%`(B
$B$r;H$C$F9bEY$J%;%-%e%j%F%#$rB;$M$J$$$h$&$J4IM}<T$K0i$F$^$9!#(B

4. Dsniff 2.1 (FreeBSD, Linux, NetBSD, OpenBSD and Solaris)
By Dug Song, dugsong@monkey.org
URL:
	http://www.securityfocus.com/data/tools/dsniff-2.1.tar.gz

dsniff$B$O%7%s%W%k$J%Q%9%o!<%I%9%K%C%U%!$K2C$(!"?/F~8!::$KMxMQ$G$-$k%9%K(B
$B%C%U%!%j%s%0%f!<%F%#%j%F%#$G$9!#(BRPC$B$N0lO"=hM}$r?7$7$/=q$-D>$7$F!"%G%3!<%I(B
$B%H%j%,!<$r@_Dj2DG=$K$7$^$7$?!#?7$7$$%W%m%H%3%k$O(B RIP$B!"(BOSPF$B!"(Bpoppass$B!"(B
Meeting$B!"(BMaker$B!"(B PostgreSQL$B!"(Byppasswd $B$KBP1~$7$F$$$^$9!#(B

5. beecrypt 0.9.5 (Linux, Solaris and Unix)
By Bob Deblier, bob@virtualunlimited.com
URL:
	http://www.securityfocus.com/data/tools/beecrypt_0.9.5.tar.gz

BeeCrypt $B$O(BC$B$d%"%;%s%V%i8@8l$G=q$+$l$?%*!<%W%s%=!<%9$N0E9f2=%i%$%V%i%j(B
$B!<$G$9!#$3$l$O(BBlowfish$B!"(B SHA-1$B!"(B Diffie-Hellman$B!"(BElGamal$B$J$I$N$h$/CN$i(B
$B$l$?%"%k%4%j%:%`$N<BAu$+$i$J$C$F$$$^$9!#$3$l$O%U%!%$%k$N0E9f2=$N$h$&$J(B
$B0l$D$NFCDj$NLdBj$r2r7h$9$k$h$&$K:n$i$l$F$$$k$N$G$O$J$/!"MM!9$J%"%W%j%1(B
$B!<%7%g%s$G;HMQ$9$k$3$H$,$G$-$kB?L\E*$N%D!<%k%-%C%H$H$7$F:n$i$l$F$$$^$9!#(B
BeeCrypt$B$O(BGNU$B$N(B Lesser General Public License (LGPL)$B$N$b$H$GG[I[$5$l$F(B
$B$$$k$N$G%*!<%W%s%=!<%9$G$b>&6HL\E*$G$b$I$A$i$G$bMxMQ$G$-$^$9!#(BBeeCripto
$B$N;HMQ$K:]$7$F!"FC5v$d%m%$%d%j%F%#$NLdBj$O$"$j$^$;$s!#$3$N%i%$%V%i%j$N(B
$B9=B$$O(BJava$B$H$=$N%;%-%e%j%F%#%/%i%9!"0E9f2=%/%i%9$KCV$-49$($i$l$k$h$&D4(B
$B@0$5$l$F$$$^$9!#(B

6. ShadowSecurityScanner 1.00.005 (Windows 2000, Windows NT and Windows 95/98)
by RedShadow
URL:
	http://www.securityfocus.com/data/tools/SSS.zip

ShadowScan$B$N?7$7$$%P!<%8%g%s$NFbMF$O0J2<$,4^$^$l$F$$$^$9!#(B

Shadow Advantis Administator Tools - Ping (SSPing), Port Scaner, IP
Scaner, Site Info ($B%[%9%H$,<B9T$7$F$$$k%5!<%S%9$r?WB.$KFCDj$9$k$?$a(B),
Network Port Scaner, Tracert, Telnet, Nslookup, Finger, Echo, Time,
UPD test, File Info, Compare File, Netstat, SysInfo, Crypr, Crc File,
 DBF view/edit, DiskInfo, NTprocess, Keyboard test, DNS info.

Shadow Hack and Crack - WinNuke, Mail Bomber, POP3 and FTP Crack (brute
force), Unix password Crack, Finger over SendMail, Buffer Overlow , Smb
Password Check , CRK Files, Http crack, Socks crack.

ShadowPortGuard - $B$"$k%]!<%H$N@\B3$r8!CN$9$k%W%m%0%i%`(B
Shadow Novell NetWare Crack - Novell NetWare 4.x.$B$r?/F~$9$k%W%m%0%i%`(B


V. SECURITY JOBS SUMMARY($BF|K\8lLu$J$7(B)
- ---------------------------------------


VI. INCIDENTS LIST SUMMARY
- -------------------------

1. IIS4 Logs   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000525145510.4433.qmail@securityfocus.com

2. Spoofed ICMP "destination unreachable" - DOS?   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=93EA7653F0D@aussie.mine.nu

3. incident input re: FBI   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=000e01bfc65b$f516d0e0$2702020a@tech.com

4. CRACK   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=Pine.BSF.4.10.10005250937200.73266-100000@hydrant.intranova.net

5. Single packet per IP# port 137 scan   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=392D2E2D.5749044C@visi.com

6. Slow scan   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000525013422.A7694@hydra.entire-systems.com

7. PORTSCAN virus?   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=002801bfc63b$e45af6c0$6baa70d8@default

8. Slow scan, the rest of the story   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000524160354.28939.qmail@securityfocus.com

9. Word Virus?   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=25E9275BCAC1D211AEBB00A0C9EAF910B90673@mail.suburbanhospital.org

10. Port Scans   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=200005242048.QAA02966@ll.mit.edu

11. 216.65.124.73 / sexwebsites.com admin   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=s92c025a.088@co.pinellas.fl.us

12. tcp port 8000 from ss06.live365.com   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000524161048.A1729@eclipsed.net

13. VRFY 000.000@my.domain   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=392A4F78.4557F839@dds.nl

14. Fw: Critical data found in log files.   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=Pine.LNX.4.21.0005231655530.26987-100000@shell.dhp.com

15. Two scans (Klogin and a trojan?)   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=D129BBE1730AD2118A0300805FC1C2FE04C7991D@209-76-212-10.trendmicro.com

16. hiding attachment extensions   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=D129BBE1730AD2118A0300805FC1C2FE04C79919@209-76-212-10.trendmicro.com

17. Hmmm... named again.   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=Pine.LNX.4.10.10005221216030.10829-100000@hit.inetcomm.net

18. price.doc.exe   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=004401bfc3da$52fc0c40$292cfc3e@hppavilion

19. Unusual UDP access attempts.   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000522120950.10434.qmail@securityfocus.com

20. price.doc.exe "What it Is"   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=D364824F4D7FD311B9B30090277C0EB333A614@WAS-EXCH-HQ2

21. udp traffic to port 137   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=200005221310.JAA04552@ll.mit.edu

22. Unidentified Trojan? -- Hope this helps   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=Pine.LNX.4.10.10005220845460.694-100000@blackhole.nmrc.org

23. Know Your Enemy: A Forensics Analysis   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=Pine.LNX.4.10.10005211825100.22994-100000@otto.spitzner.net

24. Portscan X.Y.Z.100 - X.Y.Z.254, various ports   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000520134626.620.qmail@securityfocus.com

25. network.exe -- was -- Re: udp traffic to port 137   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000520211630.75285.qmail@hotmail.com

26. unapproved update from [166.93.60.5].61946   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=392666AD.60769DC0@sover.net

27. While we're on viruses...   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=39571A5B@operamail.com

28. Another odd UDP scan - new trojan?   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000519180741.24624.qmail@securityfocus.com

29. LJK2 rootkit?   (Thread)
$B4XO"$9$k(BURL:
        http://www.securityfocus.com/templates/archive.pike?list=75&date=2000-05-26
&thread=20000519125555.39280.qmail@hotmail.com


$B-;!%(BVULN-DEV RESEARCH LIST SUMMARY
- -----------------------------------

1$B!%(BString checking with PHP$B!!!!!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=Pine.LNX.3.96.1000524151613.776B-200000@intra.net

2$B!%(Breverse engineer c or java    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=20000524091353.2874.qmail@web1004.mail.yahoo.com

3$B!%(BWhy not a changeling?    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=20000524144513.C1837@alcove.wittsend.com

4$B!%(BLocal DoS$B!'(BRedHat 6.0    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=20000523214556.A4977@quebix.dyndns.org

5$B!%(BWindows IP Fragment Reassembly Vulnerability    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=392A5B56.A465D2C@s3.integralis.co.uk

6$B!%(BAudio interview with Rain Forest Puppy on full disclosure and Microsoft now available.    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=Pine.GSO.4.21.0005231328210.2654-100000@mail

7$B!%(BConserver Overflow    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=Pine.NEB.4.10.10005230953250.19489-100000@vex.net

8$B!%(Bnetscape 4.61 recognizes file.changed-doc/xls    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=005801bfc4e8$558883d0$8200000a@atvideo.com

9$B!%(BOutlook HTML VBS$B!J(Bdemo$B!K!!!!!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=5823BD992D67D3119F630008C7CF50FC09363F@skylark.mail.ukans.edu

10$B!%(Bkrd5 1.1.1    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=Pine.LNX.4.04.10005222333410.323-100000@dzyngiel.ipartners.pl

11$B!%(BVs: Re: Outlook HTML VBS (demo)    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=003701bfc419$82c77740$582fc5c3@rocket

12$B!%(BA possibile VBS transport?$B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=C1EC3AA970F8D311BA4D0050BAB07BA80350F4@NHEX1101

13$B!%(Bfdmount 0.8 exploit    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=3929CCD6.2A210A2B@nitnet.com.br

14$B!%(BNetscape forms using standard windows controls    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=20000522111408.5F6F.0@argo.troja.mff.cuni.cz

15$B!%(BInfinite loop in LOTUS NOTE 5.0.3. SMTP SERVER    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=20000522103152.B75287@naiad.eclipse.net.uk

16$B!%(BOutlook$B!$(BHTML & VBS    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=Pine.LNX.4.10.10005211823470.14360-100000@gg15c1.phil.uni-sb.de

17$B!%(BUPDATE on possible new "e-mail virus" concept ?    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=Pine.LNX.4.10.10005210034511.13660-100000@blue.localdomain

18$B!%(Bpossible new "e-mail virus" concept ? + bypassing IE settings $B!!!!!J(BThread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=Pine.LNX.4.10.10005210010510.13660-100000@blue.localdomain

19$B!%(Bchsh Segfault on freeBSD 3.3    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=20000520154009.A17231@hq.alert.sk

20$B!%(BTopLayer layer 7 switch Advisory    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=82&date=2000-05-26
&thread=021101bfc257$2c708c60$0a01a8c0@nj.realsecure.com


$B-<!%(BMICROSOFT FOCUS LIST SUMMARY
- ---------------------------------

1$B!%(Bwindows 2000$B!$(Bport 1025    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=NDBBIGJJCJAKGNIAKFLNCEDMCPAA.ryagatich@csn1.com

2$B!%(BR$B!'(BPorts 6667,6668    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=s92d02bf.060@gwmail

3$B!%(BMS vs. Unix Remote Access    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=006c01bfc64d$766c3e50$d3010a0a@wscmiller

4$B!%(Binteresting file in NT server    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=006c01bfc64d$766c3e50$d3010a0a@wscmiller

5$B!%(BNTLM 2 Authentication for Windows 95/98 Clients    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=007701bfc584$c340c4e0$0100a8c0@twilight

6$B!%(BMicrosoft's UNIX services for NT    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=991708270E97D211998300A0C99B2376012B6F2B@whmsx19.is.bear.com

7$B!%(BAudio interview with Rain Forest Puppy on full disclosure and Microsoft now available.    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=Pine.GSO.4.21.0005231328210.2654-100000@mail

8$B!%(BPorts 6667,6668    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=4.3.1.0.20000522085115.00e3c6f0@10.10.10.3

9$B!%(BPorts 6667,6668$B!J(Bports and procs$B!K!!!!!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=88&date=2000-05-26
&thread=3928D490.E534578B@nonline.net


$B-=!%(BSUN FOCUS LIST SUMMARY
- ----------------------------

1$B!%(BSolaris security patches - notification formats/methods -
    $B!!!!!!!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=Pine.GSO.4.05.10005250712380.11862-100000@supernova

2$B!%(BSolaris Security Patches - notification formats/methods - latest
matrix    $B!J(BThread$B!K(B
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=392C020F.545E398C@di.unito.it

3$B!%(Bwget ?$B!N(Bwas Re: Solaris Securty Patches ...]    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=20000524122703.I690@rahul.net

4$B!%(BSolaris Security Patches - notification formats/methods - lat
est matrix    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=0D96629D8C57D2118B460008C71E719408B6D32E@USKIHMPOP2

5$B!%(Bwget ?    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=C665F1CDCD08D311B93C00805FA6B5A6CC629D@skar.grid.net

6$B!%(Bwget ? Was Re: Solaris Security Patches - notification
formats/methods - latest matrix    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=Pine.GSO.4.10.10005241157020.17815-100000@calvin

7$B!%(BSolaris Security Patches - notification formats/methods -
latest matrix    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=Pine.GSO.4.05.10005241107090.10462-100000@supernova

8$B!%(BSolaris Security Patches - notification formats/methods -
latest matrix    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=0D96629D8C57D2118B460008C71E719408B6D32D@USKIHMPOP2

9$B!%(Bwget ? Was Re: Solaris Security Patches - notifivation
formats/methods - latest matrix    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=OF60ECC4BE.07114DE4-ON052568E9.005A361F@d51.lilly.com

10$B!%(B"OLD-BROADCAST" traffic    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=92&date=2000-05-26
&thread=Pine.OSF.3.96.1000524110213.15771D-100000@odin.cair.du.edu


X. LINUX FOCUS LIST SUMMARY
- -------------------------------

1. passwd: Critical error - immediate abort    (Thread)
$B4XO"$9$k(BURL$B!'(B
        http://www.securityfocus.com/templates/archive.pike?list=91&date=2000-05-26
&thread=949AD83001BD5400@noerrors.com

Translated by	SAKAI Yoriyuki <sakai@lac.co.jp> / SNS Team
		YANAOKA Hiromi <yanaoka@lac.co.jp> / SNS Team
		KAGEYAMA Tetsuya <t.kageym@lac.co.jp> / SNS Team
		ICHINOSE Sayo <ichinose@lac.co.jp> / SNS Team
		SUZUKI Hidefumi <h.suzuki@lac.co.jp> / SNS Team
LAC Co., Ltd. <URL: http://www.lac.co.jp/security/>

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.5.3i for non-commercial use <http://www.pgpi.com>
Comment: SAKAI Yoriyuki

iQA/AwUBOTaIaZQwtHQKfXtrEQKsswCeP78RovMEEAfXKUcTzEHvz8lBdB4Anis/
dd06hpDiEoUlkaOKh2WfW7Y+
=k28E
-----END PGP SIGNATURE-----