SecurityFocus.com Newsletter #92 2001-5-2->2001-5-8

To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus.com Newsletter #92 2001-5-2->2001-5-8
From: KAGEYAMA Tetsuya <t.kageym@lac.co.jp>
Date: Mon, 21 May 2001 20:01:26 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

$B1F;3(B@$B%i%C%/$G$9!#(B

SecurityFocus.com Newsletter $BBh(B 92 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

- ---------------------------------------------------------------------------
SecurityFocus.com Newsletter $B$K4X$9$k(BFAQ:
<URL: http://www.securityfocus.com/forums/sf-news/faq.html>
BugTraq-JP $B$K4X$9$k(B FAQ:
<URL: http://www.securityfocus.com/forums/bugtraq-jp/faq.html>
- ---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B Security-Focus.com $B$N5v2D$r3t<02qe$G9T$o(B
  $B$l$F$$$^$9!#(B
$B!&(BSecurityFocus.com Newsletter $B$NOBLu$r(B Netnews, Mailinglist,
  World Wide Web, $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$N(B
  $BA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;(B
  $B$s$,=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurity-Focus.com $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+(B
  $B$J$k7A<0$N%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) <URL http://www.securityfocus.com/templates/archive.pike?list=79>
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBUGTRAQ-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"Lul9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
- ---------------------------------------------------------------------------
- ---------------------------------------------------------------------------
$B86HG(B:
Message-ID: <Pine.GSO.4.30.0105141111250.7678-100000@mail>
Date: Mon, 14 May 2001 11:18:19 -0600 (MDT)

SecurityFocus.com Newsletter #92
- --------------------------------

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Studying Normal Traffic, Part Three: TCP Headers
     2. Securing Linux with AIDE
     3. Network Security: What are you waiting for?
II. BUGTRAQ SUMMARY
     1. Matt Welsh sgmltool Symlink Vulnerability
     2. Windows Media Player .ASX 'Version' Buffer Overflow Vulnerability
     3. Vixie Cron crontab Privilege Lowering Failure Vulnerability
     4. Oracle ADI Plain Text Password Storage Vulnerability
     5. Jason Rahaim MP3Mystic Server Directory Traversal Vulnerability
     6. Hughes Technologies DSL_Vdns Denial of Service Vulnerability
     7. SpyNet Chat Server Multiple Connection Denial Of Service Vulnerability
     8. PHPProjekt Directory Escaping Vulnerability
     9. T. Hauck Jana Server Hex Encoded Directory Traversal Vulnerability
     10. T. Hauck Jana Server MS-DOS Device Name DoS Vulnerability
     11. Drummon Miles A1Stats Directory Traversal Vulnerability
     12. ElectroSoft ElectroComm Denial of Service Vulnerability
     13. Windows 2000 Kerberos LSA Memory Leak/DoS Vulnerability
III. SECURITYFOCUS.COM NEWS ARTICLES
     1. Nevada probes Vegas phone hacks
     2. Solaris/IIS worm takes off
     3. Max Vision: FBI pawn?
     4. Diablo2 maker hacked
IV.SECURITY FOCUS TOP 6 TOOLS
     1. Prelude v0.3
     2. Securepoint Firewall Server SB v1.166
     3. Tech Tracker v.85001
     4. cvs admin v1.0
     5. Astaro Security Linux 1.811
     6. xautolock v2.x / 2.0

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
- ---------------------------------

II. BUGTRAQ SUMMARY
- -------------------

1. Matt Welsh sgmltool Symlink Vulnerability
BugTraq ID: 2683
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-04
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2683
$B$^$H$a(B:

sgmltool $B$O(B SGML $B%U%!%$%k$rB>$N7A<0$KJQ49$9$k$?$a$N%W%m%0%i%`%Q%C%1!<%8(B
$B$G$"$k!#(B

sgmltool $B$N$"$k%3%s%]!<%M%s%H$O0l;~%U%!%$%k$r0BA4$G$J$$J}K!$G;HMQ$9$k!#(B

$B967bA0$r:n@.$5$l$kA0$K3d$j=P$9$3$H$,2DG=$G$"$j!"(B
sgmltool $B%W%m%;%9$N8"8B$G=q$-9~$_2DG=$J%?!<%2%C%H%U%!%$%k$X$N%7%s%\%j%C(B
$B%/%j%s%/$r:n@.$9$k$3$H$,2DG=$G$"$k!#(B

$B$3$N$H$-!"(Bsgmltool $B$Oe=q$-$7$F$7$^$&!#(B

2. Windows Media Player .ASX 'Version' Buffer Overflow Vulnerability
BugTraq ID: 2686
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-06
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2686
$B$^$H$a(B:

Windows Media Player $B$O%G%8%?%k%*!<%G%#%*$d%S%G%*$r4U>^$9$k$?$a$N%"%W%j(B
$B%1!<%7%g%s$G$"$k!#(BWindows Media Player $B$N(B ASX(Active Stream Redirector) 
$B%3%s%]!<%M%s%H$K$O!"%j%b!<%H$+$ie$KB8:_$9$k%9%H%j!<%`7?$N%a%G%#%"$r:F(B
$B@8$9$k$?$a$N$b$N$G$"$k!#(B.ASX $B%U%!%$%k$O%V%i%&%6$+$i!"(B Windows Media 
Player $B$X%9%H%j!<%`7?$N%a%G%#%"%3%s%F%s%D$rE>Aw$9$k$?$a$K;H$o$l$k%a%?%U(B
$B%!%$%k$G$"$k!#(B

.ASX $B%U%!%$%k$N%?%0$N(B1$B$D$K(B '<VERSION>' $B$,$"$k!#(BWindows Media Player $B$,(B 
ASX $B%U%!%$%k$r2rZ$,L5$$!#$3$N7k2L!"2a(B
$BEY$N%G!<%?$O%W%m%0%i%`$N%9%?%C%/>e$N<~JU$N%a%b%j$K%3%T!<$9$k!#967bl9g!"$3$Ne$GG$0U$N%3%^%s%I$rH(B
$B$5$l$?$$(B (Reference $B%;%/%7%g%s$K%j%s%/$,$"$k(B)$B!#(B

3. Vixie Cron crontab Privilege Lowering Failure Vulnerability
BugTraq ID: 2687
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2687
$B$^$H$a(B:

Vixie cron $B$O0lHLE*$J(B UNIX $B%W%m%0%i%`$NH$5$l$?$$(B)$B!#(B

crontab $B%U%!%$%k$r=$@5$7$?8e$K2r@O$9$k:]$K%(%i!<$,H/@8$7!"$=$N7k2L(B 
crontab $B$O8"8B$r9_3J$9$k$3$H$,$G$-$J$$!#$3$N%W%m%0%i%`$O(B setuid root $B$5(B
$B$l$F$$$k$?$a!"%m!<%+%k%f!<%6$K(B root $B8"8B$rC%4. Oracle ADI Plain Text Password Storage Vulnerability
BugTraq ID: 2694
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2694
$B$^$H$a(B:

ADI(Oracle Application Desktop Integrator) $B$O(B Oracle Financial 
Applications $B$N0lIt$G$"$k!#(BADI $B$O%G%9%/%H%C%W%f!<%6$,%Q!<%=%J%k%3%s%T%e(B
$B!<%?$+$i%G!<%?%Y!<%9$rA`:n$9$k$?$a$N%=%U%H%&%'%"%Q%C%1!<%8$G$"$k!#(B

$B$3$N%=%U%H%&%'%"%Q%C%1!<%8$KB8:_$9$kLdBj$K$h$C$F!"%Q%9%o!<%I$rI|85$5$l(B
$B$k2DG=@-$,$"$k!#$3$NLdBj$O!"$3$N%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$F$$$k%7(B
$B%9%F%`>e$GH/@8$9$k!#DL>o$3$N%7%9%F%`$N%G%9%/%H%C%W%7%9%F%`$O(B Microsoft 
Windows $B%*%Z%l!<%F%#%s%0%7%9%F%`$G$"$k!#(B

$BDL>o$N=hM}$G$O!"$3$N%=%U%H%&%'%"$O%j%b!<%H$+$i%G!<%?%Y!<%9$K4{CN$N%f!<(B
$B%6L>$H%Q%9%o!<%I$r;HMQ$7$F%"%/%;%9$7!"(BAPPS $B%9%-!<%^5Z$S(B APPS $B%9%-!<%^$N(B
$B$?$a$N0E9f2=$5$l$?%Q%9%o!<%I$r8!:w$9$k!#$3$N%Q%9%o!<%I$O$3$N$H$-%7%9%F(B
$B%`>e$GJ#9g2=$5$l!"$3$N%=%U%H%&%'%"%Q%C%1!<%8$r;HMQ$7$F$$$k%f!<%6$,%G!<(B
$B%?%Y!<%9$K%"%/%;%9$9$k$?$a$NG'>Z$N:]$K;HMQ$5$l$k!#(B

$B$3$N%Q%9%o!<%I$ODL>o!"8!:w$5$l$k:]$K$O%7%9%F%`%a%b%jFb$KJ]B8$5$l$F$*$j!"(B
$BJ?J8$N%U%!%$%k$[$I8!:w$OMF0W$G$O$J$$!#(Bfndpublli.dll $B%i%$%V%i%j$KB8:_$9(B
$B$k%3!<%I$O$3$N%Q%9%o!<%I$rI|9f2=$7!"(Bdbg.txt $B$H$$$&L>A0$NJ?J8$N%U%!%$%k(B
$B$KJ]B8$9$k!#(B

$B$3$N5. Jason Rahaim MP3Mystic Server Directory Traversal Vulnerability
BugTraq ID: 2699
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2699
$B$^$H$a(B:

MP3Mystic $B$O%V%i%&%6$r2p$7$F(B MP3 $B%U%!%$%k$r$d$jpJs$,6<$+$5$l!"%[%9%H$N%;(B
$B%-%e%j%F%#$r$5$i$K4m81$KGx$9$h$&$J>pJs$rC%l9g!"%[%9%H$KBP$9$k99$J$k967b$rpJs$rC%6. Hughes Technologies DSL_Vdns Denial of Service Vulnerability
BugTraq ID: 2700
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2700
$B$^$H$a(B:

DSL_Vdns $B$O(B ADSL$B!"(BDSL$B!"(BISDN$B!"%1!<%V%k%b%G%`$N%f!<%6$,<+?H$N(B Web $B%5%$%H(B
$B$r1?1D$9$k$?$a$N%=%U%H%&%'%"$G$"$k!#(BDSL_Vdns $B$OF0E*$J(B IP $B%"%I%l%9$,$$$D(B
$BJQ99$5$l$?$+!"(BIP $B%"%I%l%9$N99?7$r9T$&(B Vdnshost System $B$K$$$D@\B3$7$?$+(B
$B$r8!CN$9$k!#(B

$B%G%U%)%k%H$G$O(B DSL_Vdns $B$O(B 6070 $B5Z$S(B 80 $BHV%]!<%H$G@\B3$rBT$AuBV$K4Y$l$k$3$H$,2DG=$G$"$k!#(B

$BG$0U$N%G!<%?$G9=@.$5$l$?(B URL $B$r(B 6070 $BHV%]!<%H$XMW5a$7!"$=$NMW5a$,=hM}$5(B
$B$l$kA0$K@\B3$r@ZCG$9$k$H!"(BDSL_Vdns $B$O(B 'Default.Closed' $B>uBV$K$J$k!#$3$N(B
$B7k2L!"?7$7$$@\B3$ro5!G=$NI|5l$K$O%5!<%P$N:F5/F0$,I,MW$G$"$k!#(B

7. SpyNet Chat Server Multiple Connection Denial Of Service Vulnerability
BugTraq ID: 2701
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2701
$B$^$H$a(B:

Spynet Chat Server $B$O(B Spytech Software $B$,Ds6!$7$F$$$k%U%j!<$GF~J}$r4^$`(B 1
$B$D$N%Q%C%1!<%8$H$7$F%@%&%s%m!<%I$9$k$3$H$,2DG=$G$"$k!#(BSpynet Chat $B%5!<(B
$B%P$O!"%a%C%;!<%8$NCf7Q$r$9$k$H$$$&$N$,DL>o$NF0:n$G$"$k!#%a%C%;!<%8$N8r(B
$B49$K$*$$$F!"%5!<%P$,2TF0$7$F$$$k%[%9%H$N(B IP $B%"%I%l%9$N$_$,I,MW$G$"$k!#(B

$B$3$N%A%c%C%H%5!<%P$NuBV$K4Y$C$F$7$^$&2D(B
$BG=@-$,$"$k!#$3$NoF0:n$X$NI|5l$K$O(B Spynet Chat 
$B%5!<%P$Ne$N@\B3$r9T$$!"%5!<%P$X@\B3$7$F$$$k%[%9%H$+$i(B Spynet Chat $B%a%C%;!<%8(B
$B$rAw?.$9$k$3$H$G!"(BSpynet Chat $B%5!<%P$O=hM}$rDd;_$7!"%5!<%P$N@55,%f!<%6(B
$B$KBP$9$k%5!<%S%9$r0[>o=*N;$7!"(BDoS $B>uBV$K4Y$k!#(B

8. PHPProjekt Directory Escaping Vulnerability
BugTraq ID: 2702
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-08
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2702
$B$^$H$a(B:

PHPProjekt $B$O%U%j!<$GF~pJs$K%"%/%;%9$7$?$j!"(BPHPProject $B%=%U%H%&%'%"$r1?1D(B
$B$7$F$$$k%7%9%F%`$X$N%m!<%+%k%"%/%;%98"8B$rC%e0L$N%G%#%l%/%H%j%D%j!<(B
$B$r1\Mw$9$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$K$h$C$F%f!<%6$O!"%7%9%F%`>e$K$"$k(BWeb $B%5!<%P%W%m%;%9$,FI$_9. T. Hauck Jana Server Hex Encoded Directory Traversal Vulnerability
BugTraq ID: 2703
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2703
$B$^$H$a(B:

Jana Server $B$K$Oe$KB8:_$9$k(B
$BG$0U$N%G%#%l%/%H%j$d%U%!%$%k$KBP$9$k%"%/%;%98"8B$rC%e$KB8:_$9$kG$0U$N%G%#%l%/%H%j(B
$B$d%U%!%$%k$r3+<($9$k$3$H$,2DG=$G$"$k!#Nc$($P!"0J2<$N$h$&$J(B

www.example.com/%2e%2e/%2e%2e/%2e%2e/

$BG$0U$N%G%#%l%/%H%j$N3+<($K2C$(!"$3$NLdBj$K$h$C$F967bpJs$,6<$+$5$l!"%[%9%H$N%;%-%e%j%F%#$r$5$i$K4m81$KGx$9$h$&$J>p(B
$BJs$rC%l9g!"%[%9%H$KBP$9$k99$J$k967b$rpJs$r3+<($5$l$k2DG=@-$,$"$k!#(B

10. T. Hauck Jana Server MS-DOS Device Name DoS Vulnerability
BugTraq ID: 2704
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2704
$B$^$H$a(B:

Jana Server $B$N0lO"$N%P!<%8%g%s$K$O(B DoS $B967b$KGx$5$l$F$7$^$&$r%j%/%(%9%H$7$?(B URL $B$rAw?.$9$k$3$H$K$h$j!"(B
$B%j%b!<%H$+$i(B Jana Server $B$r2TF0$9$k%7%9%F%`$r%/%i%C%7%e$9$k$3$H$,2DG=$G(B
$B$"$k!#(B

www.example.com/aux

$BJs9p$K$h$k$H!"$3$NLdBj$KMxMQ$G$-$k%G%P%$%9L>$O(B 'aux' $B$N$_$G$"$k!#(B

Web $B%5!<%S%9$N5!G=$rI|5l$9$k$?$a$K$O!"967b$5$l$?%5!<%P$NEE8;$rF~$l$J$*(B
$B$9I,MW$,$"$k!#(B

11. Drummon Miles A1Stats Directory Traversal Vulnerability
BugTraq ID: 2705
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2705
$B$^$H$a(B:

A1Stats $B$O!"(BWeb $B%5%$%H$NK,Ldo$O%f!<%6$K(B
$B$N$_;2>H2DG=$J%G%#%l%/%H%j%D%j!<$N30It$K$"$k%U%!%$%k$r!"967b$r0z?t$K;XDj$7!"E,@Z$K(B
$B@07A$5$l$?(B echo $B%3%^%s%I$rIU2C$9$k$3$H$K$h$j!"967be=q$-$5$l$F$7$^$&2DG=@-$,$"$k!#(B

12. ElectroSoft ElectroComm Denial of Service Vulnerability
BugTraq ID: 2706
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-07
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2706
$B$^$H$a(B:

ElectroComm $B$O!"(BPC $B$N(B Comm $B%]!<%H$r(B TCP/IP $B%M%C%H%o!<%/$K@\B3$7!"(BTelnet
$B$r;HMQ$7$F%j%b!<%H$+$i%m%0%$%s$G$-$k$h$&$K$9$k$?$a$N(B Windows 9x/NT $BMQ$N(B
Telnet-Comm $B%]!<%H%5!<%P$G$"$k!#(B

ElectroComm Telnet $B%5!<%S%9$O!"(BTCP $B$N(B 23 $BHV%]!<%H$r;HMQ$7$F%3%M%/%7%g%s(B
$B$rBT$A13. Windows 2000 Kerberos LSA Memory Leak/DoS Vulnerability
BugTraq ID: 2707
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2001-05-08
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/2707
$B$^$H$a(B:

Kerberos $B$O!"%f!<%6$,FCDj$N%5!<%P$K%m%0%*%s$9$k:]!"%A%1%C%H$rH/9T$9$kG'(B
$B>Z%5!<%S%9$G$9!#$=$N:]!"%A%1%C%H$rB>$N%5!<%P$KEO$9$?$a!"%f!<%6$O3F%I%a(B
$B%$%s$GJL!9$K%m%0%*%s$9$kI,MW$O$J$$!#(B

Kerberos $B$N(B Microsoft Windows 2000 $B$G$Ne$N%m!<%+%k%;%-%e%j%F%#$K$D$$$F$N>pJs$r(B
$B4IM}$7!"L>A0$H%;%-%e%j%F%#(B ID $B$H$NJQ49$N$?$a$N%5!<%S%9$rDs6!$9$k!#Ls(B 
4000 $B$N%3%M%/%7%g%s$,3NN)$7$?8e!"%5!<%S%9$O(B TCP $B$N(B 88 $BHV%]!<%H(B (Kerberos)
$B$*$h$S(B 464 $BHV%]!<%H(B (kpassword) $B$X$N@\B3$N1~Ez$rDd;_$9$k!#%?!<%2%C%H$,(B
$B%I%a%$%s%3%s%H%m!<%i$G$"$k>l9g!"$9$Y$F$N%I%a%$%s$X$NG'>Z$,Dd;_$7$F$7$^(B
$B$&860x$H$J$k!#$3$N>uBV$O:F5/F0$K$h$j2sHr$5$l$k!#(B

$B$3$l$O%m%0%*%s$7!";vA0$KH/9T$5$l$?(B Kerberos $B$N%A%1%C%H$r;HMQ$7$F$$$k%f(B
$B!<%6$K$O1F6A$7$J$$!#(B

III. SECURITYFOCUS.COM NEWS AND COMMENTARY
- ------------------------------------------
1. Nevada probes Vegas phone hacks
$BCxZ?M!">^6bL\Ev$F$KHH?MC5$7$r$9$k?M$J$I3'$,8@$&$N(B
$B$K$O!"5?$o$7$$%5%$%P!<%Q%s%/$NHH:aAH?%$K:$$i$5$l$?$H46$8$?$H8@$&$3$H$G(B
$B$"$k!#=#$G$OD4::$r3+;O$7$?$,!"%*%s%i%$%s>e$G$=$NMM$K46$8$??M!9$OL5?t$K(B
$B$$$k$G$"$m$&$H;W$o$l$F$k!#(B

http://www.securityfocus.com/templates/article.html?id=205

2. Solaris/IIS worm takes off
$BCxe!":G$b8z2LE*$G>.$5$J%9(B
$B%/%j%W%H$N(B 1 $B$D$G$"$k!#(B

attrition $B$O967b$5$l$?A4$F$N%5!<%P$N(B IP $B$r:\$;!"%5%$%H$,$I$N$h$&$K2~$6$s(B
$B$5$l$?$+$r7G:\$7$F$$$k!#(B

http://www.securityfocus.com/templates/article.html?id=204

3. Max Vision: FBI pawn?
$BCxhttp://www.securityfocus.com/templates/article.html?id=203

4. Diablo2 maker hacked
$BCxe$7$F%5(B
$B!<%S%9$N>r7o$r:G6aJQ99$7$F0JMh$N6=L#?<$$9TF0$G$"$k!#(B

http://www.securityfocus.com/templates/article.html?id=202


IV.SECURITY FOCUS TOP 6 TOOLS
- -----------------------------
1. Prelude v0.3
$B%W%i%C%H%U%)!<%`(B: Linux$B!"(BOpenBSD$B!"(BSolaris$B!"(BSunOS
$B:nhttp://www.securityfocus.com/tools/2035

Prelude $B$O%M%C%H%o!<%/?/F~8!CN%7%9%F%`$G$9!#(BPrelude $B%W%m%0%i%`$H(B Prelude
Report $B%W%m%0%i%`$+$i9=@.$5$l$^$9!#A02. Securepoint Firewall Server SB v1.166
$B:nhttp://www.securityfocus.com/tools/1824
$B%W%i%C%H%U%)!<%`(B: Linux$B!"(BWindows 2000$B!"(BWindows 95/98$B!"(BWindows NT

Securepoint Firewall Server $B$O!"%M%C%H%o!<%/>e$K$"$k:b;:$r40A4$KJ]8n$9(B
$B$k9b@-G=!">&6HMxMQ$K$bBQ$($&$k%"%W%j%1!<%7%g%s$G$9!#(BSecurepoint $B$O%;%-(B
$B%e%"$J(B Linux $B$r%Y!<%9$K$7$?%*%Z%l!<%F%#%s%0%7%9%F%`>e$GF0:n$9$k40A4$J%=(B
$B%U%H%&%'%"%7%9%F%`$G$9!#(B2 $BKg!"$"$k$$$O(B 3 $BKg%M%C%H%o!<%/%+!<%I$,:9$79~$^(B
$B$l$?I8=`E*$J(B PC $B>e$G%U%!%$%d%&%)!<%k$r;HMQ$G$-!"%$%s%9%H!<%k$d4IM}$OMF(B
$B0W$K9T$($^$9!#(B

3. Tech Tracker v.85001
$B%W%i%C%H%U%)!<%`(B: Linux
$B:nhttp://www.securityfocus.com/tools/2031

Tech Tracker $B$O!"%7%s%W%k$J4IM}$H;HMQJ}K!$G$"$k$K$b$+$+$o$i$:%Q%o%U%k$J(B
Web $B5;=Q$r6n;H$7$?(B IT $BDI@W%7%9%F%`$G$9!#LdBjDI@W!"%O!<%I%&%'%"$N;q;:DI(B
$B@W!"%+%9%?%^%$%:2DG=$J8!::%j%9%H!"%"%/%;%9$NMM!9$J%l%Y%k!"(BWeb $B%V%i%&%6(B
$B$r;HMQ$7$F$N%f!<%64IM}%G!<%?$N%$%s%]!<%H$J$IB??t$N5!G=$,$"$j$^$9!#(B

4. cvs admin v1.0
$B%W%i%C%H%U%)!<%`(B: OpenBSD
$B:nhttp://www.securityfocus.com/tools/2037

cvsadmin $B$O!"(BCVS $B%j%]%8%H%j$r4IM}$9$k%f!<%6$N$?$a$NJXMx$J%D!<%k$G$9!#(B
$B%f!<%6$NDI2C!":o=|!"L>A0$NJQ99!"%Q%9%o!<%I$NJQ99$J$I$r$N%"%W%j%1!<%7%g%s$N%P%C%/%(%s%I$H$7$F$b;HMQ$G$-$^$9!#(B

5. Astaro Security Linux 1.811
$B%W%i%C%H%U%)!<%`(B: Linux
$B:nhttp://www.securityfocus.com/tools/1831

Astaro Security Linux $B$O?7$?$J%U%!%$%d%&%)!<%k%=%j%e!<%7%g%s$G$9!#%9%F(B
$B!<%H%U%k%$%s%9%Z%/%7%g%s!"%Q%1%C%H%U%#%k%?%j%s%0!"%3%s%F%s%D%U%#%k%?%j(B
$B%s%0!"%&%$%k%9%9%9%-%c%K%s%0!"(BIPSec $B$rMxMQ$7$?(B VPN $B$J$I$N5!G=$rHw$($F$$(B
$B$^$9!#(BWeb $B%V%i%&%6$GMxMQ$G$-$k4IM}%D!<%k$H%$%s%?!<%M%C%H7PM3$G%"%C%W%0(B
$B%l!<%I$G$-$k$?$a!"MF0W$K4IM}$G$-$^$9!#$^$?!"$[$H$s$I$9$Y$F$N%G!<%b%s$,(B
$B%A%'%s%8%k!<%H$5$l!"MM!9$J8"8B$+$iJ]8n$5$l$k$3$H$K$h$C$FFCJL$K6/2=$5(B
$B$l$?!"(BLinux 2.4 $B%G%#%9%H%j%S%e!<%7%g%s$,%Y!<%9$H$J$C$F$$$^$9!#(B

6. xautolock v2.x / 2.0
$B%W%i%C%H%U%)!<%`(B: FreeBSD$B!"(BLinux$B!"(BOpenBSD$B!"(BSolaris$B!"(BSunOS$B!"(BUNIX
$B:nhttp://www.securityfocus.com/tools/2038

Xautolock $B$O(B X $B%&%$%s%I%&%7%9%F%`>e$K$"$k%3%s%=!<%k$N;HMQ>u67$r4F;k$7!"(B
$B%f!<%6$,@_Dj$7$?4|4V2?$NF0:n$b5/$-$J$+$C$?>l9g!"A*Br$5$l$?%W%m%0%i%`$r(B
$Bl9g$J$I!"<+F0E*$Khttp://www.lac.co.jp/security/
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Edition 5.5.5J
Comment: KAGEYAMA Tetsuya

iQA/AwUBOwh2mM32EXDdoEFfEQKwxQCgiLayz5N4eD/wQ5LKsEVW9u3wwd8AoLhn
Uki20PJ6/SgA6pVtCzne3Llt
=NcxB
-----END PGP SIGNATURE-----