Return-Path: owner-bugtraq-jp@SECURITYFOCUS.COM MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-2022-JP" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.00.03 Message-ID: <20010222132003.D9DE.T.KAGEYM@lac.co.jp> Date: Thu, 22 Feb 2001 13:25:18 +0900 Reply-To: KAGEYAMA Tetsuya Sender: BUGTRAQ-JP List From: KAGEYAMA Tetsuya Subject: SecurityFocus.com Newsletter #80 2001-2-8->2001-2-16 To: BUGTRAQ-JP@SECURITYFOCUS.COM -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 $B1F;3(B@$B%i%C%/$G$9!#(B SecurityFocus.com Newsletter $BBh(B 80 $B9f$NOBLu$r$*FO$1$7$^$9!#(B $BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B - --------------------------------------------------------------------------- SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ: BugTraq-JP $B$K4X$9$k(B FAQ: - --------------------------------------------------------------------------- $B0zMQ$K4X$9$kHw9M(B: $B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02qe$G9T$o(B $B$l$F$$$^$9!#(B $B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B $BA4J80zMQ$r$*4j$$$7$^$9!#(B $B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B $B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B 1) - --------------------------------------------------------------------------- - --------------------------------------------------------------------------- $B$3$NOBLu$K4X$9$kHw9M(B: $B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B - --------------------------------------------------------------------------- - --------------------------------------------------------------------------- $B86HG(B: Message-ID: Date: Mon, 19 Feb 2001 10:36:12 -0700 SecurityFocus.com Newsletter #80 - -------------------------------- I. FRONT AND CENTER($BF|K\8lLu$J$7(B) 1. Password Crackers - Enhancing the Security of Your Passwords 2. Secure Remote Log Servers Using SCP II. BUGTRAQ SUMMARY 1. Micro Focus Cobol Arbitrary Command Execution Vulnerability 2. Carey Internets Services Commerce.cgi Directory Traversal Vulnerability 3. SilverPlatter WebSPIRS File Disclosure Vulnerability 4. HIS Software Auktion 1.62 Directory Traversal Vulnerability 5. Microsoft Windows NT PPTP DoS Vulnerability 6. Watchguard Firebox ll PPTP DoS Vulnerability 7. Way-Board File Disclosure Vulnerability 8. Martin Hamilton ROADS File Disclosure Vulnerability 9. MnSCU/PALS WebPALS Remote Command Execution Vulnerability 10. Brightstation Muscat Root Path Disclosure Vulnerability 11. Analog ALIAS Buffer Overflow Vulnerability 12. John Roy Pi3Web Buffer Overflow Vulnerability 13. LICQ Denial of Service Vulnerability 14. Caucho Technology Resin Directory Traversal Vulnerability 15. Thinking Arts ES.One Directory Traversal Vulnerability 16. ITAfrica WEBactive Directory Traversal Vulnerability 17. Bajie Webserver Remote Command Execution Vulnerability III. SECURITYFOCUS.COM NEWS ARTICLES 1. Microsoft does security 2. New York Times hacked 3. Dutch police arrest virus suspect 4. Mitnick movie on DVD 5. Kournikova virus strikes net IV.SECURITY FOCUS TOP 6 TOOLS 1. Snort 1.7 Win32 Source Cod 2. Gateway Access Utilities 3. Ridentd 0.9 4. YASSP B15 5. PortMap 4 6. Cygwin 1.1.8-1 I. FRONT AND CENTER($BF|K\8lLu$J$7(B) - --------------------------------- II. BUGTRAQ SUMMARY - ------------------- 1. Micro Focus Cobol Arbitrary Command Execution Vulnerability BugTraq ID: 2359 $B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B $B8xI=F|(B: 2001-02-12 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2359 $B$^$H$a(B: Micro Focus Cobol $B$O(B Merant $B$C$FDs6!$5$l$F$$$k!#(B Micro Focus Cobol $B$r%$%s%9%H!<%k$9$k:]$K$O!"%i%$%;%s%9?t$N4IM}$N$?$a$K(B 'Apptrack' $B5!G=$rM-8z$K$9$k!#M-8z$K$5$l$?8e!"%G%U%)%k%H$G$O(B'nolicense' $B$H$$$&L>A0$N%7%'%k%9%/%j%W%H$,%$%s%9%H!<%k$5$l$k!#(B $B$3$N(B 'nolicense' $B%9%/%j%W%H$O!"(B application server $B$N%i%$%;%s%9?t$N>e8B(B $B$^$GMxMQ$5$l$F$$$k>l9g$KuBV$K@_Dj$5$l$k!#=>$C$F!"0lHL%f!<%6$,$3$N%U%!%$%k$r>e(B $B=q$-5Z$S=$@5$r$9$k$3$H$O2DG=$K$J$C$F$7$^$&!#(B $B967buBV$K;E8~$1$k$3$H$O:$Fq(B $B$G$"$k!#(B 2. Carey Internets Services Commerce.cgi Directory Traversal Vulnerability BugTraq ID: 2361 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-12 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2361 $B$^$H$a(B: Carey Internet Services $B$,Ds6!$9$k(B Commerce.cgi $B$O!"EE;R>&e$KB8:_$9$k$"$i$f(B $B$k%U%!%$%k$X$N1\Mw$r5v$7$F$7$^$&!#(B $B$3$N$K(B "NULL" $B$b(B $B$7$/$O(B "zero" $B%P%$%H$NCM$r;HMQ$7$F$$$J$1$l$P@.N)$7$J$$!#(B C $B8@8l$N4X?t$N(B $BJ8;zNs$r07$&$b$N$NB?$/$O!"(BNULL $B%P%$%H$rJ8;zNs$N=*N;$rI=$9=*C(B $B$,(B C $B8@8l$G=q$+$l$F$$$k4pK\E*$J%7%9%F%`4X?t$rDL2a$9$k$H$-!"%f!<%6$K$h$C(B $B$F(B NULL $B%P%$%H$,F~NO$5$l$F$$$k>l9g$O!"(BNULL $B%P%$%H$N$^$^DL$7$F$7$^$&!#$3(B $B$l$K$h$j!"5!3#8l$K6a$$(B C $B8@8l$N4X?t$K$h$C$F$3$NJ8;zNs$,2rl9g!"(B $B8m$C$F@Z$jN%$5$l$F$7$^$&!#%U%!%$%k$r3+$$$F$$$k;~$d!"%f!<%6$K$h$k%G!<%?(B $BF~NO$,I,MW$J%3%^%s%I$,l9g!"%;%-%e%j%F%#>e$N6<0R$H$J$k!#(B $B$3$N$3$H$,!"$3$NLdBj$N0z$-6b$G$"$k!#%f!<%6$,F~NO$7$?%G!<%?$O%U%!%$%kL>(B $B$r@8@.$9$k:]!"%9%/%j%W%H%$%s%?%W%j%?$,8F$S=P$9(B open() $B%7%9%F%`%3!<%k$X(B $B$HEO$5$l$k!#$3$N(B open()$B4X?t$O%f!<%6$NF~NO$7$?%G!<%?$r(B C $B8@8lIw$K2rl9g!"5!L)>pJs$X$NIT@5$J%"%/%;%9(B $BEy$N!"%?!<%2%C%H$KBP$9$k$5$i$J$k967b$re$N4{CN$N%U%!%$%k$N(B $B1\Mw8"8B$rF@$k$3$H$,$G$-$k$H$$$&LdBj$,$"$k!#$3$l$O!"(B'../' $B$G7R$,$l$?4{(B $BCN$N%U%!%$%k$X$N%Q%9$r4^$`$h$&$J!"9*L/$JMW5a$rAw?.$9$k$3$H$G!"$3$N4{CN(B $B$N%U%!%$%k$r1\Mw$9$k$3$H$,$G$-$k!#(B $B$3$NLdBj$,967bl9g!"5!L)>pJs$X$NIT@5$J%"%/%;%9Ey$N!"%?!<(B $B%2%C%H%[%9%H$KBP$9$k$5$i$J$k967b$r$K(B "NULL" $B$b(B $B$7$/$O(B "zero" $B%P%$%H$NCM$r;HMQ$7$F$$$J$1$l$P@.N)$7$J$$!#(B C $B8@8l$N4X?t$N(B $BJ8;zNs$r07$&$b$N$NB?$/$O!"(BNULL $B%P%$%H$rJ8;zNs$N=*N;$rI=$9=*C(B $B$,(B C $B8@8l$G=q$+$l$F$$$k4pK\E*$J%7%9%F%`4X?t$rDL2a$9$k$H$-!"%f!<%6$K$h$C(B $B$F(B NULL $B%P%$%H$,F~NO$5$l$F$$$k>l9g$O!"(BNULL $B%P%$%H$N$^$^DL$7$F$7$^$&!#$3(B $B$l$K$h$j!"5!3#8l$K6a$$(B C $B8@8l$N4X?t$K$h$C$F$3$NJ8;zNs$,2rl9g!"(B $B8m$C$F@Z$jN%$5$l$F$7$^$&!#%U%!%$%k$r3+$$$F$$$k;~$d!"%f!<%6$K$h$k%G!<%?(B $BF~NO$,I,MW$J%3%^%s%I$,l9g!"%;%-%e%j%F%#$r6<$+$9$3$H$K$J$k!#(B 4. HIS Software Auktion 1.62 Directory Traversal Vulnerability BugTraq ID: 2367 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-12 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2367 $B$^$H$a(B: Auktion $B$O(B HIS Software $B$K$h$C$F3+H/$5$l$?(B CGI $B%9%/%j%W%H$G$"$k!#(B HIS Software Auktion 1.62 $B$K$O!"<+?H$,e$N4{CN$N%U%!%$(B $B%k$N1\Mw8"8B$r%j%b!<%H$N%f!<%6$,F@$k$3$H$,$G$-$F$7$^$&$H$$$&LdBj$,$"$k!#(B '../' $B$G7R$,$l$?4{CN$N%U%!%$%k$X$N%Q%9$r4^$`$h$&$J9*L/$JMW5a$rAw?.$9$k(B $B$3$H$G!"$3$N4{CN$N%U%!%$%k$N1\Mw8"8B$rF@$k$3$H$,$G$-!"$5$i$K$OG$0U$N%3(B $B%^%s%I$rl9g!"5!L)>pJs$X$NIT@5$J%"%/%;%9Ey$N!"%?!<(B $B%2%C%H%[%9%H$KBP$9$k$5$i$J$k967b$r$K(B "NULL" $B$b(B $B$7$/$O(B "zero" $B%P%$%H$NCM$r;HMQ$7$F$$$J$1$l$P@.N)$7$J$$!#(B C $B8@8l$N4X?t$N(B $BJ8;zNs$r07$&$b$N$NB?$/$O!"(BNULL $B%P%$%H$rJ8;zNs$N=*N;$rI=$9=*C(B $B$,(B C $B8@8l$G=q$+$l$F$$$k4pK\E*$J%7%9%F%`4X?t$rDL2a$9$k$H$-!"%f!<%6$K$h$C(B $B$F(B NULL $B%P%$%H$,F~NO$5$l$F$$$k>l9g$O!"(BNULL $B%P%$%H$N$^$^DL$7$F$7$^$&!#$3(B $B$l$K$h$j!"5!3#8l$K6a$$(B C $B8@8l$N4X?t$K$h$C$F$3$NJ8;zNs$,2rl9g!"(B $B8m$C$F@Z$jN%$5$l$F$7$^$&!#%U%!%$%k$r3+$$$F$$$k;~$d!"%f!<%6$K$h$k%G!<%?(B $BF~NO$,I,MW$J%3%^%s%I$,l9g!"%;%-%e%j%F%#$r6<$+$9$3$H$K$J$k!#(B 5. Microsoft Windows NT PPTP DoS Vulnerability BugTraq ID: 2368 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-13 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2368 $B$^$H$a(B: Point to Point Tunneling Protocol (PPTP) $B$O!"%j%b!<%H$N%f!<%6$K%M%C%H(B $B%o!<%/$X$N0BA4$J@\B3$r2DG=$K$9$k%W%m%H%3%k$G$"$k!#(B PPTP $B$Ne$G2TF0$7$F$$$k(B PPTP $B%5!<%S%9$X$H0-0U$"$k%Q%1(B $B%C%H$rAw?.$9$k$3$H$G$3$NLdBj$rMxMQ$9$k$3$H$O2DG=$G$"$k!#$3$l$i$N0-0U$"(B $B$k%Q%1%C%H$O!"%7%9%F%`;q8;$r8O3i$5$;$k$^$G%a%b%j$r>CHq$5$;$k$3$H$,$G$-(B $B$k$N$G$"$k!#(B $B967b$ro$N>uBV$XI|5l$5$;$k$K$O:F5/F0$,I,MW$G$"$k!#(B $B$3$NLdBj$rMxMQ$9$k$3$H$O%?!<%2%C%H%[%9%H$X$N$5$i$J$k967b$re$G2TF0$7$F$$$k(B PPTP $B%5!<%S%9$KBP$7$F0-0U$"$k%Q(B $B%1%C%H$rAw?.$9$k$3$H$G!"%7%9%F%`%j%=!<%9$r>CHq$5$;$k$3$H$,$G$-$kLdBj$,(B $B$"$k!#(B $BDL>o5!G=$NI|5l$K$O:F5/F0$,I,MW$K$J$k!#(B $B$3$NLdBj$rMxMQ$9$k$3$H$O%?!<%2%C%H%[%9%H$X$N$5$i$J$k967b$re$N4{CN$N%U%!%$%k$N1\(B $BMw8"8B$rF@$k$3$H$,$G$-$k$H$$$&LdBj$,$"$k!#$3$l$O!"(B '%00' $B$G7R$,$l$?4{CN(B $B$N%U%!%$%k$X$N%Q%9$r(B URL $B$K0U?^E*$K4^$`MW5a$rAw?.$9$k$3$H$G!"$3$N%U%!%$(B $B%k$r1\Mw$9$k$3$H$,2DG=$K$J$k!#(B $B$3$NLdBj$,%j%b!<%H$N967bl9g!"5!L)>pJs$X$NIT@5$J%"%/%;%9(B $BEy$N!"%?!<%2%C%H$KBP$9$k$5$i$J$k967b$r$K(B "NULL" $B$b(B $B$7$/$O(B "zero" $B%P%$%H$NCM$r;HMQ$7$F$$$J$1$l$P@.N)$7$J$$!#(B C $B8@8l$N4X?t$N(B $BJ8;zNs$r07$&$b$N$NB?$/$O!"(BNULL $B%P%$%H$rJ8;zNs$N=*N;$rI=$9=*C(B $B$,(B C $B8@8l$G=q$+$l$F$$$k4pK\E*$J%7%9%F%`4X?t$rDL2a$9$k$H$-!"%f!<%6$K$h$C(B $B$F(B NULL $B%P%$%H$,F~NO$5$l$F$$$k>l9g$O!"(BNULL $B%P%$%H$N$^$^DL$7$F$7$^$&!#$3(B $B$l$K$h$j!"5!3#8l$K6a$$(B C $B8@8l$N4X?t$K$h$C$F$3$NJ8;zNs$,2rl9g!"(B $B8m$C$F@Z$jN%$5$l$F$7$^$&!#%U%!%$%k$r3+$$$F$$$k;~$d!"%f!<%6$K$h$k%G!<%?(B $BF~NO$,I,MW$J%3%^%s%I$,l9g!"%;%-%e%j%F%#$r6<$+$9$3$H$K$J$k!#(B 8. Martin Hamilton ROADS File Disclosure Vulnerability BugTraq ID: 2371 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-12 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2371 $B$^$H$a(B: ROADS $B$O(B Martin Hamilton $B;a$,:n@.$7$?8!:w%(%s%8%s%?%$%W$N%"%W%j%1!<%7%g(B $B%s$G$"$k!#(B Martin Hamilton $B;a$K$h$k(B ROADS $B$,2TF0$7$F$$$k%^%7%s>e$K$*$$$F!"%j%b!<%H(B $B%f!<%6$O4{CN$N%U%!%$%k$NFI$_$K2C$($F(B '%00' $B$G9=@.$5$l(B $B$?(B URL $B$rMW5a$9$k$3$H$G!"%j%/%(%9%H$7$?%U%!%$%k$O3+<($5$l$k!#(B $B$3$Nl9g!"5!L)$K$7$J$1$l$P$J$i$J$$>pJs$r3+<($7(B $B$F$7$^$$!"%?!<%2%C%H$X$N99$J$k967b$KMxMQ$5$l$F$7$^$&2DG=@-$,$"$k!#(B $B$3$N$K(B "NULL" $B$b(B $B$7$/$O(B "zero" $B%P%$%H$NCM$r;HMQ$7$F$$$J$1$l$P@.N)$7$J$$!#(B C $B8@8l$N4X?t$N(B $BJ8;zNs$r07$&$b$N$NB?$/$O!"(BNULL $B%P%$%H$rJ8;zNs$N=*N;$rI=$9=*C(B $B$,(B C $B8@8l$G=q$+$l$F$$$k4pK\E*$J%7%9%F%`4X?t$rDL2a$9$k$H$-!"%f!<%6$K$h$C(B $B$F(B NULL $B%P%$%H$,F~NO$5$l$F$$$k>l9g$O!"(BNULL $B%P%$%H$N$^$^DL$7$F$7$^$&!#$3(B $B$l$K$h$j!"5!3#8l$K6a$$(B C $B8@8l$N4X?t$K$h$C$F$3$NJ8;zNs$,2rl9g!"(B $B8m$C$F@Z$jN%$5$l$F$7$^$&!#%U%!%$%k$r3+$$$F$$$k;~$d!"%f!<%6$K$h$k%G!<%?(B $BF~NO$,I,MW$J%3%^%s%I$,l9g!"%;%-%e%j%F%#$r6<$+$9$3$H$K$J$k!#(B 9. MnSCU/PALS WebPALS Remote Command Execution Vulnerability BugTraq ID: 2372 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-12 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2372 $B$^$H$a(B: MnSCU/PALS WebPALS $B$O<+F02=$5$l$?MM!9$J%i%$%V%i%j%7%9%F%`$KBP$9$k%$%s%?(B $B!<%M%C%H7PM3$N%"%/%;%9$rDs6!$9$k$b$N$G$"$k!#(B WebPALS $B$,2TF0$7$F$$$k%^%7%s>e$G!"967b5Z$S0-0U$"$k(B $B%3!<%I$K$h$C$F9=@.$5$l$?$b$N$H$J$k!#(B $B$3$NLdBj$,MxMQ$5$l$?>l9g!"%j%b!<%H%f!<%6$O%Q%9%o!<%I%U%!%$%k$d$=$NB>$N(B $B%7%9%F%`%U%!%$%k$K%"%/%;%9$9$k8"8B$rC%$K(B "NULL" $B$b(B $B$7$/$O(B "zero" $B%P%$%H$NCM$r;HMQ$7$F$$$J$1$l$P@.N)$7$J$$!#(B C $B8@8l$N4X?t$N(B $BJ8;zNs$r07$&$b$N$NB?$/$O!"(BNULL $B%P%$%H$rJ8;zNs$N=*N;$rI=$9=*C(B $B$,(B C $B8@8l$G=q$+$l$F$$$k4pK\E*$J%7%9%F%`4X?t$rDL2a$9$k$H$-!"%f!<%6$K$h$C(B $B$F(B NULL $B%P%$%H$,F~NO$5$l$F$$$k>l9g$O!"(BNULL $B%P%$%H$N$^$^DL$7$F$7$^$&!#$3(B $B$l$K$h$j!"5!3#8l$K6a$$(B C $B8@8l$N4X?t$K$h$C$F$3$NJ8;zNs$,2rl9g!"(B $B8m$C$F@Z$jN%$5$l$F$7$^$&!#%U%!%$%k$r3+$$$F$$$k;~$d!"%f!<%6$K$h$k%G!<%?(B $BF~NO$,I,MW$J%3%^%s%I$,l9g!"%;%-%e%j%F%#$r6<$+$9$3$H$K$J$k!#(B 10. Brightstation Muscat Root Path Disclosure Vulnerability BugTraq ID: 2374 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-12 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2374 $B$^$H$a(B: Muscat $B$O8!:w%(%s%8%s%"%W%j%1!<%7%g%s$G$"$k!#(B Muscat $B$,2TF0$7$F$$$k%^%7%s>e$G!"%j%b!<%H$+$i$N967bl9g!"5!L)$K$7$J$1$l$P$J$i$J$$>p(B $BJs$r3+<($7$F$7$^$$!"%?!<%2%C%H$N%[%9%H$KBP$9$k$5$i$J$k967b$re5-$N(B "$B4XO"$9$k(B URL" $B$K5-=R$5$l$F$$$k(B discussion $B$NJ8>O$rLu$7$F$*FO$1$7$^$9!#(B Analog $B$O%U%j!<$GF~l9g!"%[%9%H$O99$J$k967b$KGx$5$l$k2DG=@-(B $B$,$"$k!#(B 13. LICQ Denial of Service Vulnerability BugTraq ID: 2382 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-12 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2382 $B$^$H$a(B: LICQ $B$O(B ICQ $B$H8_49@-$N$"$kBPOC7?$N(B Linux $B%a%C%;!<%8%s%0%D!<%k$G$"$k!#(B $B$3$N%W%m%0%i%`$N$9$Y$F$N%P!<%8%g%s$K!"(BDoS $B967b$,@.N)$9$k$H$$$&e$KB8:_$9$kMM!9$J%U%!%$%k$KBP$9$k$NFI$_l9g!"5!L)$K$7$J$1$l$P$J$i$J$$>pJs$r3+<($7(B $B$F$7$^$$!"%?!<%2%C%H$X$N99$J$k967b$KMxMQ$5$l$F$7$^$&2DG=@-$,$"$k!#(B 15. Thinking Arts ES.One Directory Traversal Vulnerability BugTraq ID: 2385 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-16 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2385 $B$^$H$a(B: ES.One $B$O(B Thinking Arts $B$K$h$kEE;R>&e$KB8:_$9$kMM!9$J%U%!%$%k$KBP$9$kFI$_l9g!"5!L)$K$7$J$1$l$P$J$i$J$$>pJs$r3+<($7(B $B$F$7$^$$!"%?!<%2%C%H$X$N99$J$k967b$KMxMQ$5$l$F$7$^$&2DG=@-$,$"$k!#(B $B$3$N$K(B "NULL" $B$b(B $B$7$/$O(B "zero" $B%P%$%H$NCM$r;HMQ$7$F$$$J$1$l$P@.N)$7$J$$!#(B C $B8@8l$N4X?t$N(B $BJ8;zNs$r07$&$b$N$NB?$/$O!"(BNULL $B%P%$%H$rJ8;zNs$N=*N;$rI=$9=*C(B $B$,(B C $B8@8l$G=q$+$l$F$$$k4pK\E*$J%7%9%F%`4X?t$rDL2a$9$k$H$-!"%f!<%6$K$h$C(B $B$F(B NULL $B%P%$%H$,F~NO$5$l$F$$$k>l9g$O!"(BNULL $B%P%$%H$N$^$^DL$7$F$7$^$&!#$3(B $B$l$K$h$j!"5!3#8l$K6a$$(B C $B8@8l$N4X?t$K$h$C$F$3$NJ8;zNs$,2rl9g!"(B $B8m$C$F@Z$jN%$5$l$F$7$^$&!#%U%!%$%k$r3+$$$F$$$k;~$d!"%f!<%6$K$h$k%G!<%?(B $BF~NO$,I,MW$J%3%^%s%I$,l9g!"%;%-%e%j%F%#$r6<$+$9$3$H$K$J$k!#(B 16. ITAfrica WEBactive Directory Traversal Vulnerability BugTraq ID: 2386 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-16 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2386 $B$^$H$a(B: WEBactive $B$O(B ITAfrica $B$+$iDs6!$5$l$k(B HTTP $B%5!<%P$G$"$k!#(B $B%j%b!<%H%f!<%6$O!"(BWeb $B%3%s%F%s%D$N(B root $B%G%#%l%/%H%j$N30It$K$"$k%G%#%l(B $B%/%H%j$rFI$_=P$98"8B$rC%e$KB8:_$9$kMM!9$J%U%!%$%k$rFI$_=P$9$3$H$,2DG=$H$J$k!#(B $B$3$Nl9g!"5!L)>pJs$N3+<($d!"5>@7$H$J$k%[%9%H$X(B $B$N99$J$k967b$KMxMQ$5$l$k2DG=@-$,$"$k!#(B $B$3$N$K(B"NULL" $B$"$k$$$O(B "$B%<%m(B" $B$NCM$G$"$k%P%$%H$r;HMQ$9(B $B$k$H$$$&(B CGI $B$N$rEO$7$?>l9g!"%f!<%6$+$i$NF~NO$K$+$+$o$i$:(B NULL $B%P%$%H$r4X?t$KEO$7$F$7$^$&!#Dc5i$J(B C $B8@8l$N4X?t$K$h$j2rl(B $B9g!"J8;zNs$O40A4$KEO$5$l$:!"C;$/@Z$ju67$G$O!"%;%-%e%j%F(B $B%#>e$N6<0R$K7R$,$k2DG=@-$,$"$k!#(B 17. Bajie Webserver Remote Command Execution Vulnerability BugTraq ID: 2388 $B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B $B8xI=F|(B: 2001-02-15 $B4XO"$9$k(B URL: http://www.securityfocus.com/bid/2388 $B$^$H$a(B: Bajie HTTP $B%5!<%P$O(B Java $B8@8l$G5-=R$5$l$?%U%j!<$N(B Web $B%5!<%P$G$"$k!#(B Bajie $B$K$O!"(B'uploadservlet' $B$H$$$&L>A0$N%5!<%V%l%C%H$,4^$^$l$k!#$3$N%5(B $B!<%V%l%C%H$O!"%G%U%)%k%H$G%$%s%9%H!<%k$5$l!"%f!<%6$,%U%!%$%k$r%[%9%H$N(B $B%G%#%l%/%H%j$K%"%C%W%m!<%I$9$k:]$KMxMQ$5$l$k!#(B Bajie $B$K$O0JA0!"%j%b!<%H$+$i$N967be$K$"$k(B Web $B%3%s%F%s%D$N(B root $B%G%#%l%/%H%j$X$N%"%/%;%98"8B$rC%e$NG$0U$N%G%#%l%/%H%j$K0-0U$r;}$C$F:n@.$5$l$?%U%!%$%k$N%"%C%W%m!<(B $B%I$9$k$3$H$,2DG=$G$"$k!#%U%!%$%k$N%"%C%W%m!<%I$K0lEY@.8y$9$l$P!"FCJL$K(B $BAH$_N)$F$i$l$?(B URL $B$rMxMQ$7$F%U%!%$%k$rl9g!"G$0U$N%7%'%k%3%^%s%I$rl9g!"%[%9%H$O99$J$k967b$KGx$5$l$k2DG=@-$,(B $B$"$k!#(B III. SECURITYFOCUS.COM NEWS AND COMMENTARY - ------------------------------------------ 1. Microsoft does security $BCxl$X(B $B$N(B Internet Security and Acceleration (ISA) $B%5!<%P$H$$$&@=IJ$NF3F~$r9T(B $B$C$?!#$3$N(B ISA $B%5!<%P$O!"(BCheck Point $BpJs$N(B Web $B%5%$%H$N0lIt$,!"6K$a$FB?:M$J%5%$%P!<%0%i%U%#%F%#$N%.%c%s%0=8CD$G$"$k(B Sm0ked Crew $B$K$h$C$F6bMKF|$ND+J}967b$r$&$1$?!#:G6a$NH`EyC#$N@.8yNc$H$7(B $B$F!"(BHewlett-Packard $BpJs%5!<%S%9$rDs6!$7$F$$$k!#$=$N(B Web $B%5%$%H$N%S%8%M%9%;%/%7%g%s$G$O!"(B $B3F%f!<%6$NM-2A>Z7t$K4^$^$l$k3t!"@hJ*!"Ej;q?.Bw$J$I$NF08~$r8+$k$3$H$,2D(B $BG=$G$"$k!#(B http://www.securityfocus.com/templates/article.html?id=154 3. Dutch police arrest virus suspect $BCxe$KJ|$C$?$3$H$K$h(B $B$j%3%s%T%e!<%?$rGKB;$7$?Rk$H$7$F$N(B 4 $BG/4V$N$C$FL>A0(B $B$O8x3+$5$l$F$$$J$$$=$NCK@-$O!"N>?F$N@bF@$K$h$C$F:#D+$K$J$C$F<+N$5$l$k>l9g$,$"$k(B Kevin Mitnick $B;a$rf+$K$+$1$kEE;RDL?.$K4X$9(B $B$kHH:aA\::$K$D$$$F$NOCBj$N1G2hHG$,!"(BAmazon.fr $B$dB>$N%U%i%s%99qFb$N>.Gd(B $BE9$N%5%$%H$+$i(B DVD $B$H$7$F(B 241.52 $B%U%i%s(B ($BLs(B 27 $BJF%I%k(B) $B$G9XF~2DG=$G$"$k!#(B $B$J$*!"(BDVD $B$N%j!<%8%g%s%3!<%I$r%/%i%C%-%s%0$G$-$k>l9g$K$O!"1Q8l$G;kD02D(B $BG=$G$"$j!"%O%j%&%C%I$,(B Mitnick $B;a$r1Q8l8xMQ8l9q$+$iK4L?$5$;$?$N$O!"@5$7(B $B$$A*Br$H8@$($k$@$m$&!#(B http://www.securityfocus.com/templates/article.html?id=152 5. Kournikova virus strikes net $BCxA*e5i%"%s%A%&%#%k%95;=Qe$N%"%+%&%s%H$rMW5a$5$l(B $B$k$3$H$J$/!"%M%C%H%o!<%/FbIt$+$i%$%s%?!<%M%C%H>e$N%"!<%+%$%V$d%5!<%S%9(B $B$K%"%/%;%9$G$-$^$9!#(B 3. Ridentd 0.9 $B4XO"$9$k(B URL: Linux and Unix $B:n$N%f!<%6$K$I$s$J>pJs$r$b(B $BM?$($?$/$J$$$H$$$&40A4$JJP<9%"!<%-%F%/%A%c(B) $B$,2TF0$9$k%[%9%H$N%;%-%e%j%F(B $B%#$r3N$+$K$9$k$?$a$N(B"Howto" $B$rCHq$9$k$3$H$J$/!"<+F0E*$Kl$G)$7$F$$$/$@$m$&!#!W$H=R$Y$i$l$F$$$^$9!#(B 5. PortMap 4 $B%W%i%C%H%U%)!<%`(B: Unix $B:ne$G%F%9%H(B $B$5$l$F$$$^$9!#$^$?!"(BHP-UX 9.0$B!"(BAIX 3.x ( -D_SUN $B%*%W%7%g%s$r;XDj$7$?(B bsdcc $B%3%s%Q%$%i$G%3%s%Q%$%k$5$l$?$b$N(B)$B!"(BAIX 4.x$B!"(BDigital UNIX(OSF/1) $B$r%5%]!<%H$7$F$$$^$9!#(BSunOS 4 $B>e$Gl9g!"(Bsecurelib $B%i%$%V%i%j$r(B $B;HMQ$9$k$3$H$,K>$^$l$^$9!#$3$l$O!"(BRPC $B%G!<%b%s$X$ND>@\967b(B ($BNc(B: portmap $B$r2p$5$J$$967b(B) $B$K$bBP=h$G$-$k$?$a$G$9!#(B 6. Cygwin 1.1.8-1 $B%W%i%C%H%U%)!<%`(B: Windows 95/98$B!"(BWindows NT $B:n$lC1FH$G!"$^$?!"AH(B $B$_9g$o$;$F3+H/$9$k$3$H$,2DG=$G$9!#$=$N$?$a!"=EMW$JB??t$N(B Unix $B%W%m%0%i(B $B%`$r%=!<%9%3!<%I$rI,MW0J>e$KJQ99$9$k$3$H$J$/0\?"$9$k$3$H$,$G$-$^$9!#$^(B $B$?!"(BCygwin $BMQ$K@_Dj$5$l%S%k%I$5$l$?(B GNU $B%=%U%H%&%'%"$,MxMQ$G$-$^$9(B (Cygwin $B3+H/%D!<%k$,4^$^$l$k%Q%C%1!<%8$K$"$j$^$9(B)$B!#3+H/%D!<%k$r;HMQ$9$k(B $B$3$H$O$J$$>l9g$F$b!"%Q%C%1!<%8$GDs6!$5$l$kB??t$NI8=`(B Unix $B%f!<%F%#%j%F(B $B%#$K4X?4$r;}$D$+$b$7$l$^$;$s!#$3$l$i$O!"(BBash $B%7%'%k(B ($BI8=`$GDs6!$5$l$^$9(B) $B$+$i$G$b(B Windows $BI8=`$N%3%^%s%I%7%'%k$+$i$G$b