Return-Path: owner-bugtraq-jp@SECURITYFOCUS.COM X-Mailer: Winbiff [Version 2.20 PL4] Mime-Version: 1.0 Content-Type: text/plain; charset=iso-2022-jp Message-ID: <200006271433.GGC31181.BJTLB@lac.co.jp> Date: Tue, 27 Jun 2000 14:33:24 +0900 Reply-To: SAKAI Yoriyuki Sender: BUGTRAQ-JP List From: SAKAI Yoriyuki Subject: SecurityFocus.com Newsletter #47 2000-06-16->2000-06-22 To: BUGTRAQ-JP@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 $B:d0f(B@$B%i%C%/$G$9!#(B SecurityFocus.com Newsletter $BBh(B 47 $B9f$NOBLu$r$*FO$1$7$^$9!#(B $BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ: BugTraq-JP $B$K4X$9$k(B FAQ: - --------------------------------------------------------------------------- - --------------------------------------------------------------------------- $B0zMQ$K4X$9$kHw9M(B: $B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02qe$G9T$o(B $B$l$F$$$^$9!#(B $B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B $BA4J80zMQ$r$*4j$$$7$^$9!#(B $B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B $B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B 1) - --------------------------------------------------------------------------- - --------------------------------------------------------------------------- $B$3$NOBLu$K4X$9$kHw9M(B: $B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B - --------------------------------------------------------------------------- - --------------------------------------------------------------------------- SecurityFocus.com Newsletter #47 - -------------------------------- I. FRONT AND CENTER($BF|K\8lLu$J$7(B) 1. Audio Interview with Jennifer Granick 2. Audio Interview with Max Vision 3. Intrusion Detection: Analyzing IDS Data 4. Incident Handling: Intelligence Preparation of The Battlefield 5. The Motives and Psychology of the Black-hat Community 6. Focus-Sun: Solaris Default Processes and init.d Part 3 7. Info.sec.radio is on the air! 8. Request for Writers - Antivirus II. BUGTRAQ SUMMARY 1. SuSE Linux aaabase User Account with /tmp Home Vulnerability 2. Cart32 "expdate" Administrative Information Disclosure Vulnerability 3. Panda Antivirus for NetWare Unauthenticated Admin Vulnerability 4. IMP/MSWordView /tmp File Permission Vulnerability 5. IMP/MSWordView /tmp File Deletion Denial of Service Vulnerability 6. Tripwire 1.2 Long Filename Request DoS Vulnerability 7. Network Associates Net Tools PKI Server 1.0 Buffer Overflow 8. Network Associates Net Tools PKI Server 1.0 Unauthenticated Access 9. WebBBS Web Server Buffer Overflow Vulnerability 10. Alt-N MDaemon 2.8.5.0 UIDL DoS Vulnerability 11. RedHat Piranha Virtual Server Package Plaintext Password 12. HM Software S to Infinity Multiple Vulnerabilities 13. libICE Denial of Service Vulnerability 14. xdm/kdm/wdm Buffer Overflow Vulnerability 15. Linux KON (Kanji On Console) Buffer Overflow Vulnerability 16. Linux rpc.lockd Remote Denial Of Service Vulnerability 17. CUPS (Common UNIX Printing System) Denial of Service Vulnerability 18. GSSFTP Daemon Input Validation Vulnerability 19. Netscape Professional Services FTP Server Vulnerability 20. Netwin DMailWeb & CWMail Multiple DoS Vulnerabilities 21. Linux gpm Denial of Service Vulnerability 22. BEA Systems WebLogic Server and Express Source Code Disclosure 23. SGI IRIX cvconnect File Overwrite Vulnerability 24. KDE KMail Long Attachment Filename Denial of Service Vulnerability 25. xinetd Connection Filtering Via Hostname Vulnerability 26. gkermit setgid uucp Vulnerability 27. AIX cdmount Insecure External Program Call Vulnerability 28. Secure Locate LOCATE_PATH Validation Vulnerability 29. Allaire JRun 2.3.x Sample Files Vulnerability III. SECURITYFOCUS.COM NEWS ARTICLES 1. Online Snafu exposes CIA names (June 22, 2000) 2. Signing-off on Crime? (June 21, 2000) 3. Ripping the Net (June 25, 2000) IV.SECURITY FOCUS TOP 6 TOOLS 1. packet2sql 2.0.1 (Linux) 2. OutGuess 1.0 (Linux, Solaris, Unix) 3. tcpd 0.2 (Linux, Solaris) 4. Advanced NT Security Explorer 1.0 (Windows NT) 5. dumpevt2.pl (Windows NT) 6. Guardbot (Linux, Solaris, Windows 95/98, Windows NT) I. FRONT AND CENTER($BF|K\8lLu$J$7(B) - --------------------------------- II. BUGTRAQ SUMMARY - ------------------- 1. SuSE Linux aaabase User Account with /tmp Home Vulnerability BugTraq ID: 1357 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 2000-05-02 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1357 $B$^$H$a(B: $B$9$Y$F$N%P!<%8%g%s$N(B SuSE Linux $B$K$*$$$F!"%G%U%)%k%H$G:n@.$5$l$k%"%+%&(B $B%s%H$O%[!<%`%G%#%l%/%H%j$,(B /tmp $B$H$J$C$F$$$k!#$=$3$G!"(B/tmp $B$O$$$+$J$k%f!<(B $B%6$KBP$7$F$b=q$-9~$_2DG=$G$"$k$?$a!"%7%9%F%`>e$KB8:_$9$k$$$+$J$k%f!<%6$O(B $B%7%'%k$,5/F0$5$l$?:]$KFI$_9~$^$l$k(B . $B$G;O$^$k!"%G%U%)%k%H%"%+%&%s%H$G%m%0(B $B%$%s$9$k:]$d(B su $B%3%^%s%I$K(B - $B%*%W%7%g%s$rIU$1$Fe>:$rH<$&%"%/%;%9$KMQ$$$i$l$k2DG=@-$,$"$k!#(B SuSE 6.4 $B$K$*$$$F$O3:Ev$9$k%"%+%&%s%H$O(B games$B!"(Bfirewall$B!"(Bwwwrun$B!"(Bnobody $B$G$"$k!#(B 2. Cart32 "expdate" Administrative Information Disclosure Vulnerability BugTraq ID: 1358 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-05-03 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1358 $B$^$H$a(B: $B$N4D6-$KBP$7$F$OL$>\$G$"$k(B) $B$O%]!<%HHV9f(B 2001 $B$r3+$-!"%j%b!<%H%f!<%6$,G$0U$N(B NetWare $B%3%^%s%I$r(B CMD $B%*%W%7%g%s$r(B $B;H$C$FpJs$r8x3+$7$F$7$^$&LdBj$,$"$k!#(B umask $B$K$h$k%"%/%;%9@)8B@_Dj$,8m$^$C$F$$$k$?$a!"(BIMP $B$K$h$C$F(B HTML $B$XJQ(B $B49$5$l$?(B MS-Word $BJ8=q$O%7%9%F%`Fb$N$$$+$J$k%f!<%6$K$h$C$FFI$_=P$72DG=(B $B$G$"$k!#$3$N=hM}$O(B MSWordView $B$H$$$&%f!<%F%#%j%F%#$G9T$o$l!"(BHTML $B$KJQ(B $B49$5$l$?%U%!%$%k$O(B /tmp $B$K3JG<$5$l!"L?L>5,B'$O(B imp.word._.html $B$G$"$k!#(B $B$3$NLdBj$O%7%9%F%`$X%m!<%+%k$+$i%"%/%;%9$G$-$k$3$H$,A0Ds$H$J$k!#(B $BB?$/$N%7%9%F%`$X$N%$%s%9%H!<%k;~$K$*$$$F$O%f!<%68D!9$N%m!<%+%k$+$i$N(B $B%"%/%;%9$O5v2D$5$l$F$$$J$$$?$a!"$3$NLdBj$O(B IMP $B$rMxMQ$9$k$9$Y$F$N%7%9(B $B%F%`$KM-$jF@$kLdBj$G$O$J$$!#(B 5. IMP/MSWordView /tmp File Deletion Denial of Service Vulnerability BugTraq ID: 1361 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-04-22 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1361 $B$^$H$a(B: IMP web mail $B%Q%C%1!<%8$N$9$Y$F$N%P!<%8%g%s$K$O(B DoS $B$rl=j$KMxMQ$9$k!#$b$7!"(BMSWordView $B$,=hM}(B $B=*N;0JA0$K=hM}$rCfCG$7$F$7$^$C$?>l9g!"(B /tmp $B$K@8@.$5$l$?%U%!%$%k$O:o=|(B $B$5$l$J$$$^$^$J$N$G$"$k!#%j%b!<%H%f!<%6$O$3$NLdBj$rFM$$$?967b$,2DG=$G$"(B $B$j!"(B/tmp $B$r%U%!%$%k$G0n$l$5$;$k$3$H$,2DG=$G$"$k!#$3$NLdBj$O%7%9%F%`%/%i%C(B $B%7%e$r4^$`MM!9$JLdBj$r0z$-5/$3$72DG=$G$"$k!#$J$*!"$3$NLdBj$O(B OS $B$N$,(B 128 $B$+$i(B 255 $BJ8;zDxEY$ND9$5$G:n@.$5$l$?>l9g!"%=%U%H%&%'%"$O%/%i%C%7%e$7$F$7$^$&!#(B $BDL>o$N5!G=$KI|5l$5$;$k$?$a$K$O%=%U%H%&%'%"$N:F5/F0$,I,MW$G$"$k!#(B 7. Network Associates Net Tools PKI Server 1.0 Buffer Overflow Vulnerability BugTraq ID: 1363 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-19 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1363 $B$^$H$a(B: $BFCDj$N>u672<$K$*$$$F!"(BNetwork Associates Net Tools PKI Server ($B$3$l$O!"(B PGP VPN $B@=IJ%Q%C%1!<%8$N0lIt$G$"$k(B) $B$O(B $BDL>oM-$jF@$J$$D9$$(B HTTP $B%j%/%(%9(B $B%H$,4^$^$l$?>l9g!"%/%i%C%7%e$7$F$7$^$&!#(B $BDL>oF0:n$XI|5l$5$;$k$?$a$K$O%"%W%j%1!<%7%g%s$N:F5/F0$,I,MW$G$"$k!#(B 8. Network Associates Net Tools PKI Server 1.0 Unauthenticated Access Vulnerability BugTraq ID: 1364 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-19 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1364 $B$^$H$a(B: Network Associates Net Tools PKI Server $B$K4^$^$l$k(B Xcert Universal Database API (XUDA) $B%F%s%W%l!<%H$OB>$N%U%!%$%k$X$N@dBP(B $B%Q%9$r;2>H$7$J$$LdBj$,$"$k!#$=$N$?$a!"FCDj$N>u672<$K$*$$$F!"IT@5%"%/%;(B $B%9$r9T$C$?%f!<%6$,%5!<%P$X$N%"%/%;%98"8B$rF@$F$7$^$($k2DG=@-$,$"$k!#(B 9. WebBBS Web Server Buffer Overflow Vulnerability BugTraq ID: 1365 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-19 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1365 $B$^$H$a(B: WebBBS 1.15 $B$K4^$^$l$k(B Web $B%5!<%P$K$O%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k(B $BLdBj$,$"$k!#DL>oM-$jF@$J$$D9$$%U%!%$%kL>!"$"$k$$$OD9$$(B GET $B%j%/%(%9%H$,(B Web $B%5!<%P$KAw$i$l$?>l9g!"$3$NLdBj$r967b2DG=$G$"$k!#$3$N967b$N7k2L!"(B $B%5!<%S%9$ODd;_$7!"967boF0:n$X$NI|5l$O%"%W%j%1!<%7%g(B $B%s$N:F5/F0$,I,MW$G$"$k!#(B 11. RedHat Piranha Virtual Server Package Plaintext Password Vulnerability BugTraq ID: 1367 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 2000-06-09 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1367 $B$^$H$a(B: HTTP $B$r;H$C$?(B Red Hat Piranha $B$KBP$9$k%Q%9%o!<%IJQ99=hM}$O(B GET $B%j%/%(%9%H(B $B$NJQ?t$r;H$C$FCM$r0z$-EO$9$H$$$&!"%;%-%e%"$G$O$J$$J}K!$rMQ$$$F9T$o$l$k!#(B $BIT@5%"%/%;%9$r4k$F$k%f!<%6$O(B httpd $B$N%"%/%;%9%m%0$N;2>H!"$"$k$$$OEpD0$K(B $B$h$j%Q%9%o!<%I$rF~$d(B $B%G%#%l%/%H%jL>$rJQ99$G$-$k$?$a!"MM!9$J967b$rA0$rJQ99$7!"%W%m%0%i%`$,5!G=$7$J$$MM$K(B $B$7$F$7$^$&(B $B!&(BS to Infinity $B$O%7%9%F%`Fb$K4{B8$N%W%m%0%i%`$r$"$k$,$^$^?.Mj$7$F$7$^(B $B$&!#$7$+$b!"$3$N%=%U%H%&%'%"$O(B Windows $B$NA0$rJQ$(!"$=$N8e!V?.Mj$G$-$k!WA0$rJQ$($F%3%T!<$9$k$3$H$GG$0U$N%W%m%0%i%`$r$N(B S to Infinity $B$K8=$l$kLdBj$r0J2<$K<($9!#(B $B!&%I%i%$%V$N1#JC5!G=$O(B Explorer $B$N8!:w5!G=!"(BInterlet Explorer$B!"%U%!%$%k(B $B$r!V3+$/!W$"$k$$$O!VJD$8$k!W%@%$%"%m!<%0$r;H$&$3$H$G%P%$%Q%92DG=$G$"$k!#(B $B1#JC$5$l$?%I%i%$%VJ8;z$H4{CN$N%U%!%$%k$r(B Explorer $B$N8!:w5!G=$GC5$9$3$H(B $B$G!"1#JC$5$l$?%I%i%$%V$N%U%!%$%k$X$N%"%/%;%9$,2DG=$K$J$C$F$7$^$&$N$G$"(B $B$k!#%f!<%6$OFCDj$N%I%i%$%V$r;2>H$9$k%j%s%/$r%/%j%C%/$9$k$3$H$G!"(B Internet Explorer $B$+$i1#JC$5$l$?%I%i%$%V$r3+$/$3$H$,2DG=$G$"$k!#(B ($BNc$($P(B: Link) $B!&%U%!%$%k$H%G%#%l%/%H%j$K4X$9$kB0@-$O(B DOS $B%W%m%s%W%H$GMxMQ2DG=$J(B attrib $B%3%^%s%I$rMxMQ$9$k$3$H$GJQ992DG=$G$"$k$,!"(BS to Infinity $B$N%U%!%$%k%l%Y(B $B%k$G$NJ]8n5!G=$O(B MS-DOS $B8_49$N%U%!%$%kB0@-$K4XO"$7$J$$$?$a!"(BS to Infinity $B$N@_Dj$K(B attrib $B%3%^%s%I$G@_Dj$5$l$?8"8B$NJQ99$OH?1G$5$l$J$$$N$G$"$k!#(B 13. libICE Denial of Service Vulnerability BugTraq ID: 1369 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-19 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1369 $B$^$H$a(B: X11 $B$K4^$^$l$k(B libICE $B$K$O(B DoS $B$,H/@8$9$k!#(BlibICE $B$rMxMQ$9$k%"%W%j%1!<(B $B%7%g%s$G!"(Binet listening $B>uBV$N%=%1%C%H$r:n@.$9$k%"%W%j%1!<%7%g%s$O%j(B $B%b!<%H$+$i%/%i%C%7%e2DG=$G$"$k!#$3$l$O(B SKIP_STRING $B%^%/%m$NH$9$k$h$&$K$J$C$F$7$^$&$N$G$"$k!#(B $B7k2L$H$7$F!"%;%0%a%s%F!<%7%g%s%U%)%k%H$rH/@8$9$k!#(B $B$3$NLdBj$O(B libICE $B$r;H$$!"(BTCP $B$N%3%M%/%7%g%s$rBT$A$C$F!"$"$k(B X $B%;%C%7%g%s$rMxMQ$7$F$$$k%f!<%6$,JL$N(B GNOME $B$rMxMQ$7$F$$(B $B$kB>?M$N(B X $B%;%C%7%g%s$r$3$N(B DoS $B$rMxMQ$7$F=*$o$i$;$F$7$^$($k$3$H$,2DG=(B $B$G$"$k!#(B 14. xdm/kdm/wdm Buffer Overflow Vulnerability BugTraq ID: 1370 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-19 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1370 $B$^$H$a(B: xdm $B$H$=$N(B kdm $B$H(B wdm $B$r4^$`GI@8%W%m%0%i%`$K$O%P%C%U%!%*!<%P!<%U%m!<$,(B $BH/@8$9$k!#(Bxdmcp.c $BCf$N(B send_failed() $B4X?t$G%(%i!<%O%s%I%j%s%0$r9T$&%3!<(B $B%I$G$O%[%9%HL>$r%P%C%U%!$KE,Ev$J%9%Z!<%9$,4^$^$l$F$$$k$+$I$&$+$N3NG'$r(B $B$;$:$K$=$N$^$^%3%T!<$7$F$$$k!#(BDNS $B$r;H$C$?L>>N2r7h$r9T$&$?$a$N%l%>%k%P(B $B%i%$%V%i%j$N$NCM$O%P%C%U%!%5%$%:(B 256 $B$N%P%C%U%!$X$=$N$^$^%3%T!<$5$l$F$$$k!#(B $B$"$k(B IP $B$KBP$9$k%[%9%HL>$N5U0z$-$r;2>H;~$N%l%9%]%s%9$H$7$Fe$G4A;z$rI=<($G$-$k$h$&$K$9$k$?$a$N%W%m%0%i%`(B KON (Kanji On Console) $B$NFCDj$N%P!<%8%g%s$K$O(B root $B8"8B$rF@$i$l$F$7$^$&$+(B $B$b$7$l$J$$%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k!#(B (exploit $B%3!<%I$,Z$G$"$k(B) $B$"$k%"%W%j%1!<%7%g%s$H6&$KDs6!$5$l$k(B 2$B 16. Linux rpc.lockd Remote Denial Of Service Vulnerability BugTraq ID: 1372 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-08 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1372 $B$^$H$a(B: Linux $B$N(B NFS lock $B%G!<%b%s$K(B DoS $B967bpJs$K$D$$$F$O!":#$N$H$3$m$^$@L@3N$J7kO@$O=P$F$$$J$$!#(B UPS1.0.5 $B$N(B Denial of Service Patch Set #1-06/16/2000 $B$K$h$k$H!"0J2<$N(B $BMM$JLdBj$,3NG'$5$l$F$$$k!#(B $B!&2~$6$s$5$l$?(B IPP $B%j%/%(%9%H$,(B cupsd $B$r%/%i%C%7%e$9$k2DG=@-$,$"$k(B $B!&(BCGI $B$NI8=`E*$J%U%)!<%`$G$"$k(B POST $B$,(B upsd $B$r%/%i%C%7%e$9$k2DG=@-$,$"$k(B $B!&(Bcupsd $B$O!"I,MW$J>l9g$G$"$C$F$b%j%/%(%9%H%U%!%$%k$r:o=|$7$J$$(B $B!&B8:_$7$J$$%f!<%6!<$d%7%c%I%&%Q%9%o!<%I$r;}$?$J$$%f!<%6!<$NG'>Z$r9T$&$H(B cupsd $B$,%/%i%C%7%e$9$k2DG=@-$,$"$k(B 18. GSSFTP Daemon Input Validation Vulnerability BugTraq ID: 1374 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-14 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1374 $B$^$H$a(B: DoS $B967b!"%j%b!<%H$K$h$k(B root $B8"8B$,C%$N%"%+%&%s%H$K%"%/%;%9$G$-!"%U%!%$%k$N>e=q$-$,$G$-$k$H$$$&(B $B$3$H$r0UL#$7!"%&%'%V%5!<%P$K$3$N(B FTP $B%5!<%P$rMxMQ$7$F$$$k>l9g!"9-HO0O$K(B $B%P!<%A%c%k%&%'%V%5!<%P$K$^$G1F6A$,$"$k$3$H$r0UL#$9$k!#(B 20. Netwin DMailWeb & CWMail Multiple DoS Vulnerabilities BugTraq ID: 1376 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-21 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1376 $B$^$H$a(B: Dmail $B5Z$S(B CWMail $B$O%5!<%P%5%$%I$N%"%W%j%1!<%7%g%s$G$"$j!"%f!<%6$K!"$$(B $B$+$J$k(B Web $B%V%i%&%6$r;HMQ$7$F$$$F$b%"%/%;%9$G$-$k(B Web $B$rMxMQ$7$?EE;R%a!<(B $B%k$NAw/$J$/$H$b$3$l$O(B DoS $B$N(B $BB8:_$r$"$i$o$7$F$$$k!#(B 21. Linux gpm Denial of Service Vulnerability BugTraq ID: 1377 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 1999-11-23 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1377 $B$^$H$a(B: gpm $B$O(B Linux $B%f!<%6$,%P!<%A%c%k%3%s%=!<%k$G%^%&%9$r;HMQ$G$-$k$h$&$K$9$k(B $B%W%m%0%i%`$G$"$k!#$3$l$O(B /dev/gpmctl $B$H$$$&%G%P%$%9$H!"(BUNIX $B%I%a%$%s(B STREAM $B%=%1%C%H$H8r?.$7$F$*$j!"%m!<%+%k$J(B DoS $B$KBP$7$FL5KIHw$G$"$k!#0-0U$"$k%f!<(B $B%6!<$,%G%P%$%9$K2?EY$b@\B3$9$k$H!"%O%s%0$7$F(B gpm $B$,;HMQ$G$-$J$/$J$k!#(B RedHat 6.1 $B$G$3$NLdBj$,3NG'$5$l$?!#B>$N(B Linux $B$G$3$NLdBj$,B8:_$9$k$+$I$&(B $B$+$O3NG'$5$l$F$$$J$$!#(B 22. BEA Systems WebLogic Server and Express Source Code Disclosure Vulnerability BugTraq ID: 1378 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-21 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1378 $B$^$H$a(B: WebLogic Server $B5Z$S(B WebLogic Express $B$K$O!"0[$J$kl9g!"%G%U%)%k%H$N%5%V%l%C%H$,;HMQ$5$l$k!#(B http $B%j%/%(%9%H$,(B "/file/" $B$r4^$s$@$b$N$H$7$F%j%/%(%9%H$5$l$?>l9g!"%5!<(B $B%P$O%G%U%)%k%H$N%5!<%V%l%C%H$r8F$S=P$9!#$=$N$?$a!"(BWeb $B%V%i%&%6>e$K!"%5!<(B $B%P$GDs6!$5$l$k(B HTML $B$N%=!<%9%3!<%I$,I=<($5$l$F$7$^$&!#(B 23. SGI IRIX cvconnect File Overwrite Vulnerability BugTraq ID: 1379 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 2000-06-20 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1379 $B$^$H$a(B: SGI $B$,Ds6!$9$k(B WorkShop Debugger and Performance tools $B$O!"%W%m%0%i%`$r(B $B%G%P%C%0$9$k$?$a$N%D!<%k$rDs6!$9$k(B IRIX $B$N%*%W%7%g%s%Q%C%1!<%8$G$"$k!#(B $B%Q%C%1!<%8Fb$N0lIt$N5!G=$O(B cvconnect $B$r8F$S=P$9(B ($B$3$l$ODL>o$N%f!<%6$,e$N%U%!%$%kL>$NIU$1$i$l$?E:IU%U%!%$%k$rAwIU$9$k(B $B$H!"$,L@5-$5$l$F$$(B $B$k>l9g(B ($BNc$($P!"(B127.0.0.1$B$NBe$o$j$K(B localhost)$B!"5U%l%3!<%I$r;}$C$F$$$J$$(B $B%5!<%S%9$K@\B3$r;n$_$k$9$Y$F$N%[%9%H$O!"K\Mh$O5qH]$5$l$J$1$l$P$J$i$J$$$K(B $B$b$+$+$o$i$:!"@\B3$G$-$F$7$^$&!#(B 26. gkermit setgid uucp Vulnerability BugTraq ID: 1383 $B%j%b!<%H$+$i$N:F8=@-(B: $BL$>\(B $B8xI=F|(B: 2000-06-21 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1383 $B$^$H$a(B: 2000$BG/(B2$B7n(B27$BF|0J9_$K%j%j!<%9$5$l$?(B Redhat Linux $B$KIUB0$7$?(B gkermit $B$NH$G$-$k%U%!%$%k$r4^$a$?%U%!%$%k%7%9%F(B $B%`A4BN$N:w0z$r4IM}$r$9$k!#(BSecure Locate $B$,9*$/MxMQ$5$l$k$H!"8"8B$N$J$$(B $B%m!<%+%k%f!<%6$,5!L)07$$$N%U%!%$%k$N>l=j$rCN$k$3$H$,=PMh$k$@$m$&!#(B 29. Allaire JRun 2.3.x Sample Files Vulnerability BugTraq ID: 1386 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2000-06-22 $B4XO"$9$k(BURL: http://www.securityfocus.com/bid/1386 $B$^$H$a(B: Allaire JRun 2.3.x $B$K$O!"%I%-%e%a%s%H!"%5%s%W%k%W%m%0%i%`!"6qBNNc!"%"%W(B $B%j%1!<%7%g%s!"%A%e!<%H%j%"%k$,%[%9%H%5!<%P>e$K$"$k>l9g!"B??t$NpJs$r8+$k$?$a$K!"$b$7$/$O!"%5!<%P>e$GMM!9$J5!G=$re$N$9$Y$F$N%U%!%$%k$r;2>H$9$k$3$H$rIT2DG=$K$9$k!#(B III. SECURITYFOCUS.COM NEWS AND COMMENTARY - ------------------------------------------ 1. Online Snafu exposes CIA names (June 22, 2000) $BEE;R%I%-%e%a%s%H$N%F%-%9%H$,!"@N$NHkL)$rK=O*$9$k!#(B http://www.securityfocus.com/news/51 2. Signing-off on Crime? (June 21, 2000) $B?7$7$$K!0F$O!"EE;R=pL>$r5AL32=$9$k$,!"%;%-%e%j%F%#4p=`$,$J$$!#(B $B$3$l$O!"56B$pJs$r6&(B $BM-$7!"%m%0$K5-O?$5$l$?967b0J30$K$b!"I8=`F~NO$rl9g$K@8$8$k(B SQL $B$N%(%i!<$O=$@5$5$l$^$7$?!#(B 2. OutGuess 1.0 (Linux, Solaris, Unix) $B:npJs$rA^F~$9$k$3$H$,$G$-$^$9!#%G!<%?%=!<%9$N@-(B $B$C$?%S%C%H$rCj=P$7$F!"$=$NItJ,$rJQ99$7$F$+$i%G!<(B $B%?<+BN$r=q$-D>$7$^$9!#$3$N%P!<%8%g%s$O!"(BPNM $B$H(BJPEG $B7A<0$r%5%]!<%H$7$F$$(B $B$^$9!#(B 3. tcpd 0.2 (Linux, Solaris) $B:ne$K$"$k$[$+$N%3%s%T%e!<%?$+$i%O!<%I%G%#%9%/$K%"(B $B%/%;%9$7$F!"%O%C%7%e2=$5$l$?%Q%9%o!<%I$,J]B8$5$l$F$$$k(B SAM $B%l%8%9%H%j(B $B%-!<$r%3%T!<$9$k$3$H$,$G$-$F$7$^$$$^$9!#$^$?!"%f!<%6$O!"%M%C%H%o!<%/$r(B $BEpD0$7$F!"%Q%9%o!<%I$N%O%C%7%eCM$rI|85$9$k$3$H$b2DG=$G$9!#(BAdvanced NT Security Explorer (ANTExp) $B$O!"<+J,$G%7%9%F%`$N%;%-%e%j%F%#$r40`z$K$9(B $B$k$?$a$N;Y1g%D!<%k$K$J$j$^$9!#(B $B$5$i$K!"(BANTExp $B$O!"%f!<%6$,%Q%9%o!<%I$rK:$l$F$7$^$C$?>l9g$K$bMxMQ$9$k(B $B$3$H$,$G$-$^$9!#(B 5. dumpevt2.pl (Windows NT) $B:n$XJT=8$7$F$/$@$5$$(B) Win32::Lanman $B$H(B Win32::Perms $B$N%b%8%e!<%k$O(B http://jenda.krynicky.cz/perl $B$+$i@\8+$k$3$H$,$G$-$^$9!#(BGuardbot $B$GJ]8n$5$l$?%Z!<%8$O(B $B%Q%9%o!<%IF~NO$rBT$A!"@5$7$/F~NO$5$l$k$H!"$=$N%Z!<%8$K4^$^$l$k(B Java $B%"%W%l%C%H$rMxMQ$7$J$,$i!"I|9f$5$l$^$9!#(BGuardbot $B$O!"%Q%9%o!<%IJ]8nIU$-(B Web $B%5%$%H8~$1!"(Bhtml $B%I%-%e%a%s%H$r0BA4$KAw?.$9$k>l9g$J$I$KMxMQ$9$k$3(B $B$H$,$G$-$^$9!#(B Translated by SAKAI Yoriyuki YANAOKA Hiromi KAGEYAMA Tetsuya SUZUKI Hidefumi LAC Co., Ltd. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.5.3i for non-commercial use Comment: SAKAI Yoriyuki iQA/AwUBOVe+FJQwtHQKfXtrEQKyZACgwVSqdOq+kEjxlKd87MDM8z5l5JsAn0oA NIhlJVsAlheUAC1O6zvGaiiY =y7iG -----END PGP SIGNATURE-----