SecurityFocus.com Newsletter #91 2001-4-25->2001-5-1

To: BUGTRAQ-JP@SECURITYFOCUS.COM
Subject: SecurityFocus.com Newsletter #91 2001-4-25->2001-5-1
From: KAGEYAMA Tetsuya <t.kageym@LAC.CO.JP>
Date: Wed, 9 May 2001 11:17:03 +0900
Reply-To: KAGEYAMA Tetsuya <t.kageym@LAC.CO.JP>
Sender: BUGTRAQ-JP List <BUGTRAQ-JP@SECURITYFOCUS.COM>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$B1F;3(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 91 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

- ---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
<URL: http://www.securityfocus.com/forums/sf-news/faq.html>
BugTraq-JP $B$K4X$9$k(B FAQ:
<URL: http://www.securityfocus.com/forums/bugtraq-jp/faq.html>
- ---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02qe$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) <URL http://www.securityfocus.com/templates/archive.pike?list=79>
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B86HG(B:
Message-ID:  <Pine.GSO.4.30.0105071308440.15536-100000@mail>
Date:         Mon, 7 May 2001 13:09:00 -0600

SecurityFocus.com Newsletter #91
- --------------------------------

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Diseas'd Ventures: A Critique of Media Reportage of Viruses
     2. Chasing the Wind, Episode Six: The Gathering Storm
     3. New guest feature: Securing Wireless Networks
II. BUGTRAQ SUMMARY
     1. DataWizard WebXQ Directory Traversal Vulnerability
     2. SAP Web Application Server for Linux Arbitrary Command ...
     3. PerlCal Directory Traversal Vulnerability
     4. Mirabilis ICQ Web Front Plug-In DoS Vulnerability
     5. NEdit Incremental Backup File Symbolic Link Vulnerability
     6. Alex Linde Alex's Ftp Server Directory Traversal Vulnerability
     7. Bugzilla Remote Arbitrary Command Execution Vulnerability
     8. Bugzilla Sensitive Information Disclosure Vulnerability
     9. Free Peers BearShare Directory Traversal Vulnerability.
     10. Microsoft Windows 2000 IIS 5.0 IPP ISAPI 'Host:' Buffer ...
     11. BRS WebWeaver Directory Traversal Vulnerability
     12. BRS WebWeaver FTP Root Path Disclosure Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
     1. Record 'National Security' surveillance in 2000
     2. Microsoft IIS hole gives System-level access
     3. My first RSA Conference
IV.SECURITY FOCUS TOP 6 TOOLS
     1. FileManager v0.93
     2. Shoki v0.9.2
     3. tcpspy v1.6
     4. Tech Tracker v.85000
     5. TCFS v3.0b2
     6. Prelude v0.3

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
- ---------------------------------

II. BUGTRAQ SUMMARY
- -------------------

1. DataWizard WebXQ Directory Traversal Vulnerability
BugTraq ID: 2660
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-27
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2660
$B$^$H$a(B:

WebXQ $B%5!<%P$O(B DataWizard Technologies $B$,0];}5Z$S4IM}$7$F$$$k(B Web $B%5!<(B
$B%P$G$"$k!#(BWebXQ $B$,2TF0$7$F$$$k%[%9%H$G$O!"(BWeb $B%I%-%e%a%s%H$N(B / $B%G%#%l%/(B
$B%H%j$N30It$K$"$kDL>o$N%G%#%l%/%H%j9=B$$d!"%U%!%$%k$r3+<($7$F$7$^$&LdBj(B
$B$,B8:_$9$k!#(B

$B4{CN$N%U%!%$%k$d%G%#%l%/%H%j$H$H$b$KO"B3$7$?(B '/../' $B$H$$$&J8;zNs$r4^$s(B
$B$G(B URL $B$rMW5a$9$k$3$H$K$h$C$F!"%j%b!<%H$+$i$N%f!<%6$O!"(BWeb $B%I%-%e%a%s%H(B
$B$N(B / $B%G%#%l%/%H%j$N30It$K$"$kMW5a$7$?%G%#%l%/%H%j$d%U%!%$%k$KBP$9$kFI$_(B
$BpJs$d!"%[%9%H$N(B
$B%;%-%e%j%F%#$r$5$i$K6<$+$9$h$&$J>pJs$rC%l9g!"%[%9%H$KBP$9$k99$J$k967b$rpJs$rC%2. SAP Web Application Server for Linux Arbitrary Command Execution
Vulnerability
BugTraq ID: 2662
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-04-29
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2662
$B$^$H$a(B:

SAP TestDrive Web Application Server for Linux $B$O!"(BSAP LinuxLab $B$NI>2A(B
$BHG(B CD $B$N0lIt$H$7$FG[I[$5$l$F$$$k!#(B

$B$3$N(B CD $B$K4^$^$l$F$$$k(B SAP Operating System Collector (saposcol) $B$K$OF~(B
$BNO$NBEEv@-$N8!::$K4X$9$kLdBj$,B8:_$7!"%m!<%+%k%f!<%6$,8"8B>:3J$7$?>e!"(B
$BG$0U$N%W%m%0%i%`$re(B
$B$G\:Y$JJs9p$O!"(BSAP Web Application
Server for Linux $B$NI>2AHG$N2r@O$K4p$E$$$F$$$k!#@=IJHG$K$b$3$N3. PerlCal Directory Traversal Vulnerability
BugTraq ID: 2663
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-27
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2663
$B$^$H$a(B:

PerlCal $B$O(B Acme Software $B$K$h$C$F:n@.$5$l$?(B CGI $B%9%/%j%W%H$G$"$j!"(BWeb
$B%V%i%&%6$G;HMQ2DG=$J%+%l%s%@!<$N5!G=$,$"$k!#(B

PerlCal $B$N%3%s%]!<%M%s%H$G$"$k(B cal_make.pl $B$O!"F~NO$NBEEv@-$N8!::$K4X$9(B
$B$k7g4Y$,$"$j!"967b$r@8@.$7$F$$$k!#$3$N%9%/%j%W%H$O!"(BHTML $BJQ?t$K4^$^$l$kO"B3$7$?(B
'/../' $B$H$$$&J8;zNs$N%A%'%C%/$r@5$7$/9T$o$J$$!#$=$N7k2L!"(B

http://www.example.com/cgi-bin/cal_make.pl?
p0=../../../../../../../../../../../../etc/passwd%00

$B$H$$$&$h$&$JJ8;zNs$,%9%/%j%W%H$KM?$($i$l$k$H!"%5!<%P$O(B /etc/passwd $B%U%!(B
$B%$%k$NFbMF$rI=<($7$F$7$^$&!#$3$N$H$-!"%U%!%$%k$N1\Mw$O(B Web $B%5!<%P$N8"8B(B
$B$G9T$o$l!"DL>o(B 'nobody' $B$N8"8B$G$"$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$O5!L)>pJs$N3+<($K7R$,$j!"$5$i$J$k967b$KMxMQ$5$l(B
$B$F$7$^$&$G$"$m$&!#(B

4. Mirabilis ICQ Web Front Plug-In DoS Vulnerability
BugTraq ID: 2664
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-28
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2664
$B$^$H$a(B:

ICQ $B$O!"(BMirabilis $B$,Ds6!$7$F$$$k%$%s%?!<%M%C%H%$%s%9%?%s%H%a%C%;!<%8%s(B
$B%0%"%W%j%1!<%7%g%s$G$"$k!#(BICQ Web Front $B%W%i%0%$%s$K$h$j!"%f!<%6$,8D?M(B
$B$N(B Web $B%5%$%H$N@_7W!":n@.!"%[%9%F%#%s%0$r;Y1g$7$F$$$k!#(BWeb Front $B%W%i%0(B
$B%$%s$O!"%f!<%6$N%m!<%+%k%^%7%s>e$KB8:_$9$k(B Web $B%Z!<%8$rMW5a$K1~$8$F%j%b(B
$B!<%H%f!<%6$K6!5k$9$k!#(B

GET $B%j%/%(%9%H$K0[>o$JF~NO$,4^$^$l$F$$$k>l9g!"$=$N=hM}$N$?$a$K(B ICQ Web
Front $B%W%i%0%$%s$O(B DoS $B>uBV$K4Y$C$F$7$^$&!#(B

86 $B%P%$%HDxEY$N%a%?J8;z(B(%$B!"(B..$B!"(B\ $B$J$I$N(B ASCII $B%(%s%3!<%I$5$l$?J8;z(B)$B$G9=(B
$B@.$5$l$?(B GET $B%j%/%(%9%H$rF~NO$9$k$H!"%5!<%P$,;HMQ2DG=$J%7%9%F%`%a%b%jA4(B
$B$F$r>CHq$9$k!#;HMQ2DG=$J%j%=!<%9$r>CHq$9$k$3$H$K$h$C$F!"%5!<%S%9$d$=$l(B
$B$K0MB8$7$?%"%W%j%1!<%7%g%s$,%/%i%C%7%e$9$k2DG=@-$,$"$k!#(B

$BDL>o5!G=$NI|5l$K$O%5!<%P$N:F5/F0$,I,MW$G$"$k!#(B

5. NEdit Incremental Backup File Symbolic Link Vulnerability
BugTraq ID: 2667
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-04-28
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2667
$B$^$H$a(B:

NEdit $B$O(B Nirvana editor $B$N$3$H$G$"$j!"B?$/$N(B UNIX $B%*%Z%l!<%F%#%s%0%7%9(B
$B%F%`$KA0$NA0$K%A%k%@$rIU$1$?%U%!%$%k$KDj4|E*$K%P%C%/%"%C%W$5$l$k!#$3(B
$B$N5!G=$,l9g!"%m!<%+%k%f!<%6$O(B
$B%(%G%#%?$N%f!<%6$r4Q;!$7$F!"%(%G%#%?$K$h$C$F:G=i$N:9J,%P%C%/%"%C%W$,9T(B
$B$o$l$kA0$K%7%s%\%j%C%/%j%s%/$r:n@.$7!"(BNEedit $B$N%f!<%6$,=jM-$7$F$$$k%U%!(B
$B%$%k$r:9J,%P%C%/%"%C%W$NFbMF$K>e=q$-$9$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O!"F1$8$/%U%!%$%k$N%P%C%/%"%C%W$H$7$F(B .bck $B$H$$$&%U%!%$%kL>$r(B
$B;HMQ$7$F$$$k%(%G%#%?$K$h$C$F:n@.$5$l$k%U%!%$%k$K$b1F6A$,$"$k!#(B

6. Alex Linde Alex's Ftp Server Directory Traversal Vulnerability
BugTraq ID: 2668
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-28
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2668
$B$^$H$a(B:

Alex's Ftp Server $B$O!"(BAlex Linde $B$,Ds6!$7$F$$$k%U%j!<%&%'%"$N(B FTP $B%5!<(B
$B%P$G$"$k!#(B

FTP $B$N(B GET $B%3%^%s%I$K(B '/../' $B$N$h$&$J!"AjBP%Q%9$r;2>H$9$kJ8;zNs$r4^$^$;(B
$B$k$3$H$K$h$C$F!"967be0L$N%G%#%l%/%H%j$rL5@)8B$K3+<($7!"(B
$BFCDj$N%U%!%$%k$rpJs!"%Q%9%o!<%I%U%!%$%k!"$=$NB>%7%9%F(B
$B%`$N%;%-%e%j%F%#$r$5$i$K6<$+$9$h$&$J=EMW$J%7%9%F%`$N%G!<%?$r7. Bugzilla Remote Arbitrary Command Execution Vulnerability
BugTraq ID: 2670
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-30
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2670
$B$^$H$a(B:

Bugzilla $B$O(B Perl $B$H(B MySQL $B$rMxMQ$7$?!"(B Web $B%Y!<%9$N%P%0DI@W%7%9%F%`$G(B
$B$"$k!#(B

Bugzilla $B$O%j%b!<%H$N%f!<%6$K%?!<%2%C%H$N(B Web $B%5!<%P>e$GG$0U$N%3%^%s%I(B
$B$Nl9g!"(BWeb $B%5!<%P(B
$B>e$GG$0U$N%3%^%s%I$rl9g!"%;%_%3%m%s(B
$B$O%3%^%s%I$N6h@Z$j$rI=$9$?$a!"%7%'%k$K$h$jJL!9$N%3%^%s%I$H$7$FEE;R%a!<(B
$B%k%"%I%l%9$N;D$j$NItJ,$,e$GG$0U$N%3%^%s%I$r8. Bugzilla Sensitive Information Disclosure Vulnerability
BugTraq ID: 2671
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-30
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2671
$B$^$H$a(B:

Bugzilla $B$O(B Perl $B$H(B MySQL $B$rMxMQ$7$?!"(B Web $B%Y!<%9$N%P%0DI@W%7%9%F%`$G$"(B
$B$k!#(B

Bugzilla $B$O(B $BMM!9$J(B Bugzilla $B$N%3%s%]!<%M%s%H$KMxMQ$5$l$kBg0hJQ?t$d>pJs(B
$B$r4^$s$G$$$k(B'globals.pl' $B$H$$$&L>A0$N%U%!%$%k$rF1:-$7$F$$$k!#$3$N%U%!%$(B
$B%k$K$O$3$&$7$?>pJs$K:.$8$C$F!"5!L)$K$7$F$*$/$Y$-JQ?t$H$7$F!"%G!<%?%Y!<(B
$B%9$N%f!<%6L>$H%Q%9%o!<%I$,4^$^$l$F$$$k!#(B

$BB?$/$N(B Web $B%5!<%P$K$*$$$F$O!"%G%U%)%k%H$N@_Dj$G$O(B .pl $B3HD%;R$r(B CGI $B$Nl9g!"$3$l$rJ?J8$N$^$^3+<($7(B
$B$F$7$^$&!#$3$l$O967bpJs$r3+<($7$F$7$^$&$3$H$K$J$k!#(B

$B%G!<%?%Y!<%9$N%f!<%6L>$H%Q%9%o!<%I$rMxMQ$9$k$3$H$G!"$5$i$J$k%7%9%F%`$X(B
$B$N?/F~$r9T$&$3$H$,$G$-$k2DG=@-$,$"$k!#(B

9. Free Peers BearShare Directory Traversal Vulnerability.
BugTraq ID: 2672
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-30
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2672
$B$^$H$a(B:

Free Peers Inc. $B$N(B BearShare $B$O(B Windows $B>e$N%U%!%$%k6&M-%f!<%F%#%j%F%#(B
$B$G$"$k!#(B

$BFCDj$N@_Dj$K$*$$$F!"(BBearShare $B$N0lO"$N%P!<%8%g%s$O$O%G%#%l%/%H%j$N3+<((B
$B$r5v$7$F$7$^$&!#(B

$B$3$N@=IJ$N(B Web $B%5%$%H5!G=$O!"(B '/../' $B$N$h$&$JJ8;zNs$r%U%#%k%?$7$F$$$k$,(B
($B$3$NJ8;zNs$O3+<($5$;$k967bl9g!"%j%b!<%H$N967be$N%G%#%l%/%H%j9=B$$N3+<($H!"(B Web $B%I%-%e%a%s%H$N(B / $B%G%#%l%/(B
$B%H%j30$N%U%!%$%k$r%j%/%(%9%H$9$k$3$H$r5v$7$F$7$^$&!#(B

$B$3$N$N%U%!%$%k$N\:Y$K(B
$B$D$$$F$OLdBj$r:G=i$KJs9p$7$?%"%I%P%$%6%j$K5-=R$5$l$F$$$J$$!#(B

$B$5$i$K$O!"(B Windows 2000 $B$K%$%s%9%H!<%k$7$?(B BearShare $B$G$O$3$NLdBj$OH/8=(B
$B$7$J$$!#(B

10. Microsoft Windows 2000 IIS 5.0 IPP ISAPI 'Host:' Buffer Overflow Vulnerability
BugTraq ID: 2674
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-01
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2674
$B$^$H$a(B:

Internet Printing Protocol (IPP) $B$O%j%b!<%H$N%f!<%6$,MM!9$J0u:~$K4X$9$k(B
$B%8%g%V$r%$%s%?!<%M%C%H1[$7$KAw?.$9$k$3$H$r(B HTTP $B%W%m%H%3%k7PM3$G2DG=$K(B
$B$9$k$b$N$G$"$k(B($B3HD%;R$O(B .print)$B!#(B

Windows 2000 $B$K$*$1$k(B ISAPI $B%(%/%9%F%s%7%g%s$O%f!<%6$N%j%/%(%9%H$r=hM}(B
$B$9$kItJ,(B (C:\WINNT\System32\msw3prt.dll) $B$K%A%'%C%/$,==J,$G$O$J$$%P%C%U(B
$B%!$,B8:_$9$k!#(B

Internet Printing Protocol (IPP) $B$O!"5!G=@-$N$?$a$K(B msw3prt.dll $B$K0MB8(B
$B$7$F$$$k!#(B

IIS 5.0 $B$r2TF0$7$F$$$k(B Windows 2000 $B$rl9g!"(B IIS $B$O%P%C%U(B
$B%!%*!<%P!<%U%m!<$rH/@8$5$;!"G$0U$N%3!<%I$No!"(BWeb $B%5!<%P$O%P%C%U%!%*!<%P!<%U%m!<$,H/@8$7$F$7$^$&$H!"1~Ez$rDd;_(B
$B$9$k$,!"(BWindows 2000 $B$O(B Web $B%5!<%P$,1~Ez$7$J$/$J$k$N$r$9$0$K8!=P$7!"<+(B
$BF0E*$K:F5/F0$r9T$&!#$=$s$?$a!"4IM}11. BRS WebWeaver Directory Traversal Vulnerability
BugTraq ID: 2675
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-28
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2675
$B$^$H$a(B:

BRS WebWeaver $B$O(B Blaine Southam $B$K$h$k(B FTPD $B$+$D(B Web $B%5!<%P$G$"$k!#(B

WebWeaver $B$O%G%#%l%/%H%j3+<($r$9$k967b$KBP$9$ko$N(B Web $B%I%-%e%a%s%H$N(B / $B%G%#%l%/%H%j30$N%U%!%$%k$r%j(B
$B%/%(%9%H$7!"F~l9g!"967bpJs$H$$$C$?!"$5$i$J$k%7%9%F%`$N%;%-%e%j%F%#$r6<$+(B
$B$9$h$&$JMQES$KMQ$$$k$3$H$N$G$-$k>pJs$r12. BRS WebWeaver FTP Root Path Disclosure Vulnerability
BugTraq ID: 2676
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-04-28
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2676
$B$^$H$a(B:

BRS WebWeaver $B$O(B Blaine Southam $B$K$h$k(B FTPD $B$+$D(B Web $B%5!<%P$G$"$k!#(B

WebWeaver $B$N(B FTP $B%3%s%]!<%M%s%H$O%j%b!<%H$N%f!<%6$,(B FTP $B%5!<%P$K;HMQ$7(B
$B$F$$$k(B / $B%G%#%l%/%H%j$NJ*M}%Q%9$rCN$k$3$H$r5v$7$F$7$^$&LdBj$,B8:_$9$k!#(B

FTP $B%3%^%s%I$N(B CD $B$N0z?t$K%"%9%?%j%9%/J8;z(B('*')$B$r4^$a$k$3$H$G!"967bl9g!"$3$N>pJs$OB>$N967b1. Record 'National Security' surveillance in 2000
$BCxJ$,?eMKF|$KH/I=$7$?$H$3$m$K$h$k$H!"O"K.A\::41$O!":rG/%F%mMF5?$d%9(B
$B%Q%$MF5?$NA\::$GFf$KJq$^$l$?$^$^$N@`EpHH$rEE;RE*$KD4::$9$k$?$a!"2a5n:G(B
$B9b$N(B 1,005 $B$b$N=P4j=q$rDs=P$7!"$9$Y$F$,5v2D$5$l$?!#(B

$B>pJs8x3+K!$N$b$H$KJF9qO"K.2J3XpJs$K$=$C(B
$B$F;JK!>J$,@h=5!"9q2q$GH/I=$7$?$3$H$K$h$k$H!"(B2000 $BG/$K(B FBI $B$,9T$C$?9q2H(B
$B%;%-%e%j%F%#$NEpD0$N$?$a!"0JA0$N5-O?$G$"$C$?(B 1999 $BG/$N(B 886 $B$N=P4j?t$r>e(B
$B2s$j!"F1;~4|$K9T$o$l$?=>MhDL$j$NHH:aA\::$NDe;!$NA4BNE*$J8:>/$r==J,Jd$&(B
$B$b$N$G$"$C$?!#(B

http://www.securityfocus.com/templates/article.html?id=201

2. Microsoft IIS hole gives System-level access
$BCxe$G(B IIS 5.0 $B$r2TF0$7$F$$$k%5!<%P$N4IM}O$O!"(BMicrosoft $B$,(B
$BDO$s$G$$$k%;%-%e%j%F%#LdBj$,G!2?$K?<9o$G$"$k$+$rJ*8l$C$F$$$k!#(B

$B$"$k4k6H$N(B Security Bulletin $B$G$O!"!V(BMicrosoft $B$O(B IIS 5.0 Server $B$N4IM}(B
$B$0$KE,MQ$9$k$3$H$r6/$/B%$7$F$$$k!#!W$H!"EA$($F$$$k!#(B

http://www.securityfocus.com/templates/article.html?id=200

3. My first RSA Conference
$BCxl$H$J$C$?!#$=$l$G$b;d<+?H$O$^$@=$J%;%-%e%j%F%#%Y%s%@$G$"$k(B Authentify,
Inc. $B$N%2%9%H$H$7$F;22C$7$?!#;d$N$3$N%+%s%U%!%l%s%9$X$NBh0l0u>]$O!"%m%C(B
$B%/2Nhttp://www.securityfocus.com/templates/article.html?id=199

IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------
1. FileManager v0.93
$B:nhttp://www.securityfocus.com/tools/2034
$B$^$H$a(B:

FileManager $B$O!"%U%!%$%k$d%G%#%l%/%H%j!"%j%b!<%H$+$i$N%3%^%s%I$NpJs$r$9$Y$FI=<($7!"%U%!%$%k$NI=(B
$B<(!":o=|!"L>A0$NJQ99!"%"%C%W%m!<%I!"%@%&%s%m!<%I$J$I$r9T$&$3$H$,$G$-$^(B
$B$9!#%G%#%l%/%H%j$NA`:n$r4JC1$K$7$F$/$l$^$9!#G$0U$N%3%^%s%I$r%f!<%6%"%+(B
$B%&%s%H$N8"8B$G2. Shoki v0.9.2
$B:nhttp://www.securityfocus.com/tools/1793
$B$^$H$a(B:

Shoki $B$O(B IDS $B%D!<%k!"%9%/%j%W%H$J$I$r=8$a$?$b$N$G$9!#$9$Y$F$r$^$H$a$k$3(B
$B$H$G!"%;%s%5$+$i%G!<%?$r<}=8$7!"%9%H%l!<%8$K0\F0$5$;!"%7%0%M%A%c$K4p$E(B
$B$/2r@O$dE}7W$K$h$k2r@O$r9T$$!"(BSQL $B%G!<%?%Y!<%9$K%G!<%?$r%m!<%I$9$k$3$H(B
$B$,2DG=$G$9!#(B

3. tcpspy v1.6
$B:nhttp://www.securityfocus.com/tools/1819
$B$^$H$a(B:

tcpspy $B$O!"%m!<%+%k%"%I%l%9!"%j%b!<%H%"%I%l%9!"@\B3$K;HMQ$9$k%f!<%6L>$J(B
$B$I!"(BTCP/IP $B@\B3$N:]$NF~=PNO$5$l$k>pJs$r%m%0$K5-O?$9$k4IM}4. Tech Tracker v.85000
$B:nhttp://www.securityfocus.com/tools/2031
$B$^$H$a(B:

Tech Tracker $B$O!"%7%s%W%k$J4IM}$H;HMQJ}K!$G$"$k$K$b$+$+$o$i$:%Q%o%U%k$J(B
Web $B5;=Q$r6n;H$7$?(B IT $BDI@W%7%9%F%`$G$9!#LdBjDI@W!"%O!<%I%&%'%"$N;q;:DI(B
$B@W!"%+%9%?%^%$%:2DG=$J8!::%j%9%H!"%"%/%;%9$NMM!9$J%l%Y%k!"(BWeb $B%V%i%&%6(B
$B$r;HMQ$7$F$N%f!<%64IM}%G!<%?$N%$%s%]!<%H$J$IB??t$N5!G=$,$"$j$^$9!#(B

5. TCFS v3.0b2
$B:nhttp://www.securityfocus.com/tools/291
$B$^$H$a(B:

TCFS $B$O(B Transparent Cryptographic File System $B$NN,$G!"J,;6%U%!%$%k%7%9(B
$B%F%`$G5/$-$k%W%i%$%P%7!e$G9T$o$l$k$?$a!"0E9f2=I|9f2=$K;HMQ$5$l$k80$O%M%C%H%o!<%/(B
$B>e$rN.$l$k$3$H$O$"$j$^$;$s!#(B

6. Prelude v0.3
$B:nhttp://www.securityfocus.com/tools/2035
$B$^$H$a(B:

Prelude $B$O%M%C%H%o!<%/?/F~8!CN%7%9%F%`$G$9!#(BPrelude $B%W%m%0%i%`$H(B Prelude
Report $B%W%m%0%i%`$+$i9=@.$5$l$^$9!#A0http://www.lac.co.jp/security/

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Edition 5.5.5J
Comment: KAGEYAMA Tetsuya

iQA/AwUBOvgptM32EXDdoEFfEQLVmgCgnFJO7LC0zwxHkVYrs2FQ90hU+P8AoMZS
NbbGAj5Z8LAsTt2Wa51JLEvw
=7O1W
-----END PGP SIGNATURE-----