SecurityFocus.com Newsletter #52 2000-07-21 -> 2000-07-27

To: BUGTRAQ-JP@SECURITYFOCUS.COM
Subject: SecurityFocus.com Newsletter #52 2000-07-21 -> 2000-07-27
From: SAKAI Yoriyuki <sakai@LAC.CO.JP>
Date: Thu, 3 Aug 2000 17:57:56 +0900
Reply-To: SAKAI Yoriyuki <sakai@LAC.CO.JP>
Sender: BUGTRAQ-JP List <BUGTRAQ-JP@SECURITYFOCUS.COM>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 52 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

- ----------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
<URL: http://www.securityfocus.com/forums/sf-news/faq.html>
BugTraq-JP $B$K4X$9$k(B FAQ:
<URL: http://www.securityfocus.com/forums/bugtraq-jp/faq.html>
- ----------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02qe$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) <URL http://www.securityfocus.com/templates/archive.pike?list=79>
- ----------------------------------------------------------------------
- ----------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
- ----------------------------------------------------------------------
- ----------------------------------------------------------------------


SecurityFocus.com Newsletter #52
- --------------------------------

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
	1. Network Intrusion Detection for the E-Commerce Environment
	2. Linux: Snort Installation and Basic Usage Part II
	3. New Security Book authored by SecurityFocus.com Staff!
	4. Call for writers: Small Office and Home Office Security
II. BUGTRAQ SUMMARY
	1. IBM WebSphere Showcode Vulnerability
	2. Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
	3. Microsoft Outlook Express Persistent Mail-Browser Link
	4. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
	5. AnalogX Proxy DoS Vulnerability
	6. HP-UX 11.0 ftpd SITE EXEC Format String Vulnerability
	7. WFTPD 2.4.1RC11 Multiple Vulnerabilities
	8. Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path
	9. SimpleServer WWW Directory Traversal Vulnerability
	10. Adobe Acrobat / Reader / Business Tools Buffer Overflow
	11. Roxen WebServer %00 Request File/Directory Disclosure
	12. OpenLDAP 'ud' Group Writable Vulnerability
	13. Linux gpm File Removal Vulnerability
	14. Multiple Linux Vendor pam Remote User Vulnerability
	15. Microsoft Windows NT/2000 NetBIOS Name Conflict Vulnerability
	16. Microsoft Windows NT/2000 NetBIOS Release Vulnerability
	17. GNU userv Service Program Environment Corruption Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
	1. Hackers take 'Notes' at DefCon (July 29, 2000)
	2. U.S. to Hackers: 'Join Us' (July 28, 2000)
	3. Overheard at DefCon (July 31, 2000)
IV.SECURITY FOCUS TOP 6 TOOLS
	1. NetView (Windows NT and Windows 2000)
	2. IP Personality 20000727 (Linux)
	3. Sol-Crypt 1.1 (UNIX)
	4. Scan Detect 0.1 (Linux)
	5. ArpWorks 1.0 (Windows 95/98, Windows NT, Windows 2000)
	6. BUGS 3.2.0 (Windows 2000, Windows NT, Unix)

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
- ---------------------------------

II. BUGTRAQ SUMMARY
- -------------------

1. IBM WebSphere Showcode Vulnerability
BugTraq ID: 1500
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-24
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1500
$B$^$H$a(B:

IBM WebSphere $B%"%W%j%1!<%7%g%s%5!<%P$NFCDj$N%P!<%8%g%s$K$O0-0U$"$k%f!<(B
$B%6$,(B Web $B%I%-%e%a%s%H$N(B / $B%G%#%l%/%H%j0J2<$N%U%!%$%k$N%=!<%9$r;2>H$G$-(B
$B$F$7$^$($k$H$$$&LdBj$,$"$k!#(B

$B$3$NLdBj$O%G%U%)%k%H$N%5!<%V%l%C%H$,$3$N=hM}$r5v$7$F$7$^$&%_%9$K$h$C$F(B
$B0z$-5/$3$5$lF@$k$N$G$"$k!#(B($B0[$J$k%5!<%V%l%C%H$,$=$l$>$l0[$J$kH(B
$B$G$-$F$7$^$($k$N$G$"$k!#(B

2. Microsoft Outlook / Outlook Express Cache Bypass Vulnerability
BugTraq ID: 1501
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1501
$B$^$H$a(B:

Internet Explorer $B$N%;%-%e%j%F%#%"!<%-%F%/%A%c$O(B Outlook/Outlook Express
$B$N%-%c%C%7%e$N%3%s%H%m!<%k$r9T$C$F$$$k!#(B($B$3$N%"!<%-%F%/%A%c$OM?$($i$l$k(B
$B$Y$F$N(B HTML $BF~NO$N=hM}$rEE;R%a!<%k!"$"$k$$$O(B Web $BJ8=q$N;2>H$KFCDj$;$:$K(B
$B9T$C$F$$$k(B)
$BDL>o$N>u672<$K$*$$$F!"E~Ce$9$k$9$Y$F$N(B HTML $B7A<0$NEE;R%a!<%k$O%-%c%C%7%e(B
$B$KI,$:J]B8$5$l!"$=$7$F!V%$%s%?!<%M%C%H%>!<%s!W$N@_Dj$K=>$C$F%U%!%$%k$,3+(B
$B$+$l$k!#$7$+$7FCDj$N!<%s$G$"$j!"%$%s%?!<%M%C%H%>!<%s$h$j$b9b$$8"8B$,$"$k$H$N(B
$BA0Ds$,$"$k!#(B

$B%a!<%k$Nl9g!"%j%b!<%H$N%f!<%6$O%?!<%2%C(B
$B%H$H$J$C$?%7%9%F%`$+$i$NFI$_=P$7$,2DG=$K$J$k!#$3$NLdBj$OB>$N967b$HAH$_9g(B
$B$o$5$l$?>l9g!"%a!<%k$N3. Microsoft Outlook Express Persistent Mail-Browser Link Vulnerability
BugTraq ID: 1502
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-20
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1502
$B$^$H$a(B:

$B0J9_$NFbMF$O(B Microsoft Advisory (MS00-045) $B$+$i$K0M$k(B:
HTML $B7A<0$N%a!<%k$K$O85Mh$N;EMM$K$h$j!"%9%/%j%W%H$r4^$a$k;v$,2DG=$G$"(B
$B$k!#$=$7$F4^$a$i$l$?%9%/%j%W%H$O%V%i%&%6$N%&%#%s%I%&$r(B Outlook Express
$B$N%&%#%s%I%&$r;X$7<($9%j%s%/$rC)$k$h$&$K3+$/=hM}$r9T$o$;$i$l$k!#(B
$B$5$i$K85Mh$N;EMM$K$h$j!"%V%i%&%6%&%#%s%I%&Fb$N%9%/%j%W%H$O(B Outlook Express
$B$GI=<($5$l$F$$$k(B HTML $B7A<0$N%a!<%k$rFI$_=P$72DG=$G$"$k!#$7$+$7!"%j%s%/(B
$B$OHs>o$K6[L)$J$b$N$G$"$k$?$a!"$3$l$rMxMQ$7$?LdBj$r$b$?$i$9$3$H$,2DG=$G(B
$B$"$k!#$3$l$K$h$j%V%i%&%6%&%#%s%I%&$,%W%l%S%e!<2hLL$KI=<($5$l$F$$$k%a!<(B
$B%k$NJ8=qFbMF$rAw$G$-$F$7$^$($k$N$G$"$k!#(B
$B$3$NLdBj$r@8$8$5$;$k$?$a$K$OM=$a2?E@$+$N8BDj$5$l$?>r7o$,I,MW$G$"$k!#(B
1) $Bl9g!"0-0U$"$k%f!<%6$O%a!<%k$r(B
   $B$$$+$J$k>u67$K$*$$$F$bFI$_=P$7$G$-$J$$!#(B

4. Netscape Communicator JPEG-Comment Heap Overwrite Vulnerability
BugTraq ID: 1503
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-25
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1503
$B$^$H$a(B:

Netscape $B$C$F!"$3$N;EMM$rMxMQ$7$?(B length $B%U%#!<%k%I$,(B 1 $B$r4^$`$h$&$J2hA|%U%!%$(B
$B%k$,:n@.2DG=$G$"$k;v$,9M$($i$l$k!#$3$N>l9g$N(B 0 $B%P%$%H$KBP$9$k%a%b%j3d$j(B
$BEv$F$O@.8y$7$F$7$^$&$N$G$"$k!#(B(1 - 2 (length $B%U%#!<%k%I(B) + 1 (NULL $B=*C<(B))
$B1i;;$5$l$?%3%a%s%H%5%$%:CM$O(B unsigned $B$H$7$Fo$K5pBg$JCM$,3d$jEv$F$i$l$F$7$^$&$3$H$K$J$C$F$7$^$&!#(B
$B%3%a%s%H$ro$K5pBg$G$"$k$,$?$a(B
$B$K!"4X?t$O(B JPEG $B%9%H%j!<%`$r%R!<%W$r1[$($F$9$Y$FFI$_9~$s$G$7$^$&$N$G$"$k!#(B
$B$3$l$rMxMQ$7$?0U?^E*$J%3!<%I$N5. AnalogX Proxy DoS Vulnerability
BugTraq ID: 1504
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-25
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1504
$B$^$H$a(B:

AnalogX Proxy $B$OC1=c$J%W%m%-%7$G$"$j!"%f!<%6$,%M%C%H%o!<%/Fb$N%3%s%T%e!<(B
$B%?$r%W%m%-%7$rMxMQ$7$F%$%s%?!<%M%C%H$X@\B3$5$;$k$3$H$r2DG=$K$9$k!#(B
$B$3$N%W%m%-%7$N%5!<%S%9$K$O%P%C%U%!%*!<%P!<%U%m!<$r@8$8$k4m81@-$,$"$j!"(B
$B967bo$KBg$-(B
$B$$0z?t$rM?$($k$3$H$K$h$k(B DoS $B$K4Y$C$F$7$^$&4m81@-$,$"$k!#(B

6. HP-UX 11.0 ftpd SITE EXEC Format String Vulnerability
BugTraq ID: 1505
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-11
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1505
$B$^$H$a(B:

$B%G%U%)%k%H%$%s%9%H!<%k>uBV$N(B HP-UX 11.0 $B$KIUB0$9$k(B ftpd $B$O(B SITE EXEC $B%3(B
$B%^%s%I$KM?$($k0z?t$X$NJ8;zNs$rMxMQ$7$?967b$re$GC%7. WFTPD 2.4.1RC11 Multiple Vulnerabilities
BugTraq ID: 1506
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-21
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1506
$B$^$H$a(B:

$B%P!<%8%g%s(B 2.4.1RC11 $B0JA0$N(B WFTPD $B$G$O0J2<$K<($9l9g!"$"$k$$$OB8:_$7$J$$%U%!%$%k$N=q$-9~$_$KMxMQ$5$l$?>l9g!"(Bftp $B%5!<(B
   $B%P$O%/%i%C%7%e$5$l$k(B (STOU, STOR, $B$"$k$$$O(B APPE $B$HAH$_9g$o$;$i$l$?(B
   $B>l9g$G$"$k(B)
3) $B%U%!%$%kE>Aw$,=hM}Cf$K(B STAT $B%3%^%s%I$,M?$($i$l$?>l9g!"%5!<%PFb$N%U%!(B
   $B%$%k$X$N%U%k%Q%9$H%U%!%$%kL>$,I=<($5$l$F$7$^$&(B
4) MLST $B%3%^%s%I$,(B USER $B%3%^%s%I$H(B PASS $B%3%^%s%I$K$h$k%m%0%$%s=hM}$J$7$K(B
   $BMxMQ$5$l$?>l9g!"(Bftp $B%5!<%P$O%/%i%C%7%e$7$F$7$^$&(B

8. Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
BugTraq ID: 1507
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-25
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1507
$B$^$H$a(B:

$Bl9g(B
($BNc$($P(B explorer.exe $B$O8GDj$5$l$?%Q%9$r;}$?$J$$(B)$B!"(BWindows NT 4.0 $B$*$h$S(B
2000 $B$O0J2<$K<($9=g=x$G;XDj$5$l$?l9g!"$7$+$b$=$l$,L>A0$rJQ$($i$l$?l9g!"(B
$B%H%m%$$NLZGO7?%W%m%0%i%`$N<+F0E*$Jl9g!"$3$NL>A0$N%H%m%$$NLZGO7?%W%m%0%i%`$,(B
\ $B%G%#%l%/%H%j$K=q$-9~$^$l$F$7$^$&967b$N2DG=@-$,$"$k!#(B
$BNc$(%f!<%6$,%7%9%F%`$K%m%0%*%s$7$F$$$k>l9g$K$O!"%H%m%$$NLZGO7?%W%m%0%i%`(B
$B$O<+F0E*$K5/F0$5$l$F$7$^$&$@$m$&!#(B

$B%j%b!<%H$+$i$N967b$,!"$b$7(B \ $B%G%#%l%/%H%j$,6&M-$5$l$F$$$k$+!"$"$k$$$O$b$7(B
$B$b0-0U$"$k%f!<%6$,B>$Nl9g$K9M$($i$l$k!#(B

9. SimpleServer WWW Directory Traversal Vulnerability
BugTraq ID: 1508
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-26
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1508
$B$^$H$a(B:

$B$=$l0JA0$N%P!<%8%g%s$G$b2DG=@-$,$"$k$,!"(BSimpleServer 1.06 $B$XFCJL$J(B %2E
$B$r4^$`(B URL $B$r;XDj$7$?>l9g!"(BSimpleServer $B$,MxMQ$9$k%G%#%l%/%H%j0J30$N4{(B
$BCN$N%U%!%$%k$KBP$7$F%j%b!<%H$N%f!<%6$,%U%!%$%k$rFI$_=P$;$F$7$^$($k2DG=(B
$B@-$,$"$k!#(B

10. Adobe Acrobat / Reader / Business Tools Buffer Overflow Vulnerability
BugTraq ID: 1509
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-26
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1509
$B$^$H$a(B:

Adobe Acrobat/Reader/Business Tools for Windows $B$G$O(B (Macintosh $BHG$H(B
UNIX $BHG$G$O$3$N1F6A$rpJs$K$"$k(B /Registry $B$"$k$$$O(B /Ordering $B$X$N$H$j$o$1D9$$0z?t$,4^$^$l$?(B
PDF $B%U%!%$%k$KBP$7$FE,@Z$J11. Roxen WebServer %00 Request File/Directory Disclosure Vulnerability
BugTraq ID: 1510
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-21
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1510
$B$^$H$a(B:

NULL $B%-%c%i%/%?(B (%00) $B$r4^$`%j%/%(%9%H$,(B Roxen Web Server $B$KM?$($i$l$?(B
$B>l9g!"%5!<%P$O%G%#%l%/%H%j9=B$!"L$2rhttp://www.server.com/%00

$B%5!<%P$N%I%-%e%a%s%H%k!<%H%G%#%l%/%H%j$NFbMF$rJV$9!#(B

2.0.69 $BL$K~$N(B Roxen WebServer 2.0 $B$K$O$3$N1F6A$r12. OpenLDAP 'ud' Group Writable Vulnerability
BugTraq ID: 1511
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2000-07-27
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1511
$B$^$H$a(B:

OpenLDAP $B$GDs6!$5$l$k(B Interactive LDAP Directory Server query program
$B$G$"$k(B ud $B$O%G%U%)%k%H$G(B 775 $B$N%Q!<%_%C%7%g%s$G%$%s%9%H!<%k$5$l$k!#(B
$B$I$N%0%k!<%W$K;22C$7$F$$$k$+$K$b0MB8$9$k$,!"$3$NMM$K%$%s%9%H!<%k$5$l$?(B
$B>l9g!"%;%-%e%j%F%#>e$NLdBj$rUT$_!"8"8B>e>:$KMQ$$$i$l$k2DG=@-$,$"$k!#(B

13. Linux gpm File Removal Vulnerability
BugTraq ID: 1512
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2000-07-27
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1512
$B$^$H$a(B:

GPM $B$O(B Linux $B$N%3%s%=!<%k$GMxMQ$5$l$k%^%&%9%I%i%$%P$G$"$k!#(B
$B4v$D$+$N%P!<%8%g%s$N(B Conectiva Linux $B$H6&$KDs6!$5$l$k(B gpm $B%Q%C%1!<%8$K(B
$B$O967b14. Multiple Linux Vendor pam Remote User Vulnerability
BugTraq ID: 1513
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-27
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1513
$B$^$H$a(B:

Linux $B$N(B pam_console module $B$K$O967bl9g$K$N$_B8:_$9$k!#(B

15. Microsoft Windows NT/2000 NetBIOS Name Conflict Vulnerability
BugTraq ID: 1514
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-27
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1514
$B$^$H$a(B:

$B967b$N>WFM%a%C%;!<%8$r!"(B
$BNc$(Aw$i$l$?Aj$NEPO?=hM}$r=hM}$7$F$$$J$$>l(B
$B9g$G$"$C$F$bAw$k;v$,2DG=$G$"$k!#(B
$B$3$l$O(B NetBIOS $BL>$N>WFM$,@8$8$F$+$i$OF1$8(B NetBIOS $BL>$,FsEY$H;H$($J$$;v(B
$B$KM3Mh$7$F$$$k!#(B Microsoft $B$,Ds6!$7$?(B fix $B$G$OEPO?%U%'!<%:$K$*$$$F(B NetBIOS
$BL>$N>WFM%a%C%;!<%8$K$D$$$F$N$_=$@5$,2C$($i$l$F$$$k!#(B
$B$7$+$7!"8=:_$N=j%3%s%T%e!<%?$NLdBj<+BN$O$^$@2r7h$5$l$F$O$$$J$$!#(B
$B$3$l$O(B NetBIOS $B$N%;%-%e%"$G$O$J$$@_7W$N0lNc$G$"$k!#(B

16. Microsoft Windows NT/2000 NetBIOS Release Vulnerability
BugTraq ID: 1515
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2000-07-27
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1515
$B$^$H$a(B:

$B967bA0$N>WFM$K$h$k$=$NL>A0$NMxMQIT2D$H$$$&>uBV$r5/$3$5$;$F$7$^$&$N(B
$B$G$"$k!#(BMicrosoft $B$N(B fix $B$O$3$N%a%C%;!<%8$KBP$7$FCeL\$7!"(BNetBIOS $B%M!<%`(B
$B%5!<%S%9$rMxMQ$G$-$J$$$h$&$K$9$k$?$a$N%l%8%9%H%j%-!<$r@_Dj$9$k$b$N$G$"(B
$B$k!#(B

17. GNU userv Service Program Environment Corruption Vulnerability
BugTraq ID: 1516
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2000-07-27
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/1516
$B$^$H$a(B:

userv $B$O$"$k0l$D$N%W%m%0%i%`(B (caller)$B$,B>$N%W%m%0%i%`(B (service program)
$B$rFs$D$N%W%m%0%i%`$N4V$K8BDj$5$l$??.Mj4X78$,$"$k>l9g$K$N$_?.Mj$9$k5!G=(B
$B$r;}$C$F$$$k!#(B

$B$7$+$7FCDj$N>u67$K$*$$$F!"0-0U$"$k%f!<%6$O(B service program $B$KBP$7$F4D6-(B
$BJQ?t$rM?$($k;v$G$3$N?.Mj4X78$r1x@w$9$k;v$,2DG=$G$"$k!#(B
$B$3$l$K4X78$9$k4D6-JQ?t$O!"Nc<($7$?$b$N$K$H$I$^$i$J$$$,!"(BUSERV_GIDS $B$H(B
USERV_GROUPS $B$NCM$G$"$k!#(B

USERV_GIDS $B$H(B USERV_GROUPS $B$O(B service program $B$K$h$C$F%"%/%;%9%3%s%H%m!<(B
$B%k$r9T$&$?$a$KMQ$$$i$l$F$$$k!#$b$7$3$l$i$NCM$,1x@w$5$l$F$7$^$C$?>l9g!"(B
service program $B>e$G$NB>$NIT@5$JF0:n$r$b$?$i$97k2L$K$J$jF@$k!#(B

III. SECURITYFOCUS.COM NEWS AND COMMENTARY
- ------------------------------------------

1. Hackers take 'Notes' at DefCon (July 29, 2000)

$B%*%i%s%@$+$iMh$?(B White Hat hackers $B$,(B Lotus Notes $B$N1#$5$l$?%;%-%e%j%F%#(B
$BLdBj$rL@$i$+$K$9$k$3$H$r7W2h$7$F$$$k!#(BDefCon $B$G$NCN$i$l$6$kEZMK$NLk$r4|(B
$BBT$7$h$&!#(B

http://www.securityfocus.com/news/66

2. U.S. to Hackers: 'Join Us' (July 28, 2000)

$BBh(B 8 $B2s(B DEFCON $B$G%O%C%+!<$H9g=09q@/I\5!4X$N?&0w$,%i%9%Y%,%9$GF1@J$7$?!#(B

http://www.securityfocus.com/news/65


3. Overheard at DefCon (July 31, 2000)

3 $BF|4V$KEO$C$F!"(B5000 $B?M$b$N?M!9$,%i%9%Y%,%9$G3+:E$5$l$?(B DEFCON $B$K=8$$(B
$B6aNY$N%+%8%N$d%9%H%j%C%W%/%i%V$K0n$l=P$?!#$3$N5-;v$G$O(B DEFCON $B2q>l$G(B
$B$7$P$7$PJ9$+$l$?%3%a%s%H$r>R2p$9$k!#(B

http://www.securityfocus.com/commentary/67


IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------

1. NetView (Windows NT and Windows 2000)
$B:nhttp://www.securityfocus.com/data/tools/nview10.zip

NetView Scanner $B$O%7%9%F%`4IM}Z$GJ]8n$5$l$F$$$k(B web $B%G%#%l%/%H%j$r%9%-%c%s$7$^$9!#(B
$B$3$N%Q%C%1!<%8$O!"(BWindows $B%o!<%/%9%F!<%7%g%s>e$G2TF0$9$k%U%j!<$N?/F~8!(B
$B::%=%U%H%&%'%"$G$9!#(B

2. IP Personality 20000727 (Linux)
$B:nhttp://www.securityfocus.com/data/tools/ippersonality-20000727-2.4.0-test4.tar.gz

IP Personality $B%W%m%8%'%/%H$NL\E*$O!":G?7$N(B Linux $B%+!<%M%k$K%M%C%H%o!<(B
$B%/%U%#%k%?$N5!G=$rIU2C$9$k%Q%C%A$rDs6!$9$k$3$H$G$9!#$3$l$K$h$C$F!"%M%C(B
$B%H%o!<%/%l%Y%k$GB>$N(B OS $B$N%(%_%e%l!<%7%g%s$,2DG=$H$J$j!"=>$C$F!"%M%C%H(B
$B%o!<%/%U%#%s%,!<%W%j%s%F%#%s%0$N3. Sol-Crypt 1.1 (UNIX)
$B:nhttp://www.securityfocus.com/data/tools/sol11.tgz

Sol-crypt $B$O!"(BCryptonomicon $B$H$$$&K\$K5-$5$l$F$$$k(B Solitaire $B0E9f%9%-!<(B
$B%`$N(B 1 $BNc$G$9!#%f!<%6$,;XDj$7$?80$G$I$s$JJ8;zNs$b0E9f2=$9$k$3$H$,$G$-$^(B
$B$9!#(B

4. Scan Detect 0.1 (Linux)
$B:nhttp://www.securityfocus.com/data/tools/scandetect.tar.gz

Scan Detect $B$O!";XDj$5$l$?(B TCP $B%]!<%H$GBT$A5. ArpWorks 1.0 (Windows 95/98, Windows NT, Windows 2000)
$B:nhttp://www.securityfocus.com/data/tools/ArpWorks10.EXE

ArpWorks v1.0 $B$O%M%C%H%o!<%/$r1[$($F!"%+%9%?%^%$%:$5$l$?(B Arp Announce
$B%Q%1%C%H$rAw$k(B Windows $B$N%f!<%F%#%j%F%#$G$9!#(BEthernet Source MAC $B%"%I%l(B
$B%9$r4^$a$?$9$Y$F$N(B ARP $B%Q%i%a!<%?$rJQ992DG=$G$9!#$^$?!"(BIP $B$+$i(B MAC $B$X$N(B
$B%j%>%k%P!"%5%V%M%C%H(B MAC $B%G%#%l%/%H%j!"%[%9%H%"%$%=%l!<%7%g%s!"%Q%1%C%H(B
$B%j%@%$%l%/%7%g%s!"(BIP $B%3%s%U%j%/%H%Q%1%C%H$N5!G=$,$"$j$^$9!#(B

6. BUGS 3.2.0 (Windows 2000, Windows NT, Unix)
by Sylvain Martinez, martinez@encryptsolutions.com
URL:
	http://www.securityfocus.com/data/tools/bugs-3.2.0.tgz

BUGS $B$O6/NO$JHkL)800E9f%"%k%4%j%:%`$H$=$N%"%W%j%1!<%7%g%s$G$9!#;HMQ$9$k(B
$B$3$H$OFq$7$/$J$/!"%5%s%W%k%"%W%j%1!<%7%g%s$H%I%-%e%a%s%H$,$"$j$^$9!#$3(B
$B$N0E9f$N%i%$%V%i%j$O%U%j!<$GMxMQ$9$k$3$H$,$G$-$^$9!#(B

- --
Translated by SAKAI Yoriyuki, KAGEYAMA Tetsuya
Little eArth Corporation - LAC Co., Ltd.
http://www.lac.co.jp/security/

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Edition 5.5.5J
Comment: SAKAI Yoriyuki

iQA/AwUBOYi1hZQwtHQKfXtrEQKN3QCfQKTAjpuYPgTEJzsfh/qXj5ptYBkAoNKr
cDQsLwi7tGIY9ztH9t2tlpCG
=37sY
-----END PGP SIGNATURE-----