Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@securityfocus.com
References: <Pine.LNX.4.43.0302031313030.1312-100000@mail.securityfocus.com>
Subject: SecurityFocus Newsletter #182 2003-1-27->2003-1-31
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Message-Id: <200302132149.IGF55095.BLJTB@lac.co.jp>
Date: Thu, 13 Feb 2003 21:49:37 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/pkcs7-signature";
    micalg=sha1; Boundary="---------1045140574-45161218"

-----------1045140574-45161218
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 182 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
BugTraq-JP $B$K4X$9$k(B FAQ($BF|K\8l(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SecurityFocus Newsletter $B$K4X$9$k(BFAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq $B$K4X$9$k(B FAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (sakai@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Mon, 3 Feb 2003 13:15:09 -0700 (MST)
Message-ID: <Pine.LNX.4.43.0302031313030.1312-100000@mail.securityfocus.com>

SecurityFocus Newsletter #182
-----------------------------

This Issue is Sponsored by: GuardedNet - Transforming Security Data into
Knowledge

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
	1. Forensics on the Windows Platform, Part 1
	2. The Busy Life of a Welsh Virus-Writer
	3. New Book: Hacker's Challenge 2 Test Your Network Security...
	4. SecurityFocus DPP Program
	5. InfoSec World Conference and Expo/2003 (March10-12,2003,Orlando,FL)
II. BUGTRAQ SUMMARY
	1. GNU Mailman 'email' Cross Site Scripting Vulnerability
	2. GNU Mailman Error Page Cross Site Scripting Vulnerability
	3. SpamAssassin BSMTP Mode Buffer Overflow Vulnerability
	4. Sun Java Virtual Machine Illegal Access To Object Methods...
	5. SyGate Insecure UDP Source Port Firewall Bypass Weak Default...
	6. FTLS GuestBook Script Injection Vulnerability
	7. Blackboard Learning System search.pl SQL Injection Variant...
	9. List Site Pro User Database Delimiter Injection Vulnerability
	10. Hypermail Message Attachment Buffer Overflow Vulnerability
	11. Hypermail CGI Mail Reverse DNS Lookup Buffer Overflow...
	12. PlatinumFTPServer File Disclosure Vulnerability
	13. Sun Solaris AT Command Arbitrary File Deletion Vulnerability
	14. Sun Solaris AT Command Race Condition Vulnerability
	15. Noffle Remote Memory Corruption Vulnerability
	16. Nuked-Klan Guestbook HTML Injection Vulnerability
	17. Nuked-Klan Forum Module HTML Injection Vulnerability
	18. Nuked-Klan Shoutbox HTML Injection Vulnerability
	21. Finjan SurfinGate Active Content Filter Bypass Vulnerability
	22. Finjan SurfinGate Java Applet Analyzer Bypass Vulnerability
	23. Finjan SurfinGate File Extension File Filter Circumvention...
	24. Finjan SurfinGate Compressed Archive File Filter Circumvention...
	25. Finjan SurfinGate Unknown File Extension File Filter...
	26. Replicom ProxyView Default Password Vulnerability
	27. Solaris in.ftpd Remote Denial of Service Vulnerability
	28. MIT Kerberos Remote Heap Corruption Vulnerability
	29. MIT Kerberos Key Distribution Center Remote Format String...
	30. MIT Kerberos / Key Distribution Center Shared Key User...
	31. DotProject Remote File Include Vulnerability
	32. PLP Tools plpnfsd Syslog Format String Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
	1. E-Voting security debate comes home
	2. 'Secure by design', claims MS op-ed ad
	3. Canada's biggest Identity theft?
	4. $1m hacking challenge' product is flawed
IV. SECURITYFOCUS TOP 6 TOOLS
	1. coridoras v0.0.17
	2. fwtrends v0.1
	3. TinyMonitor v0.9b
	4. GNU SASL v0.0.5
	5. J2SSH v0.0.4
	6. Darik's Boot and Nuke v2003013000

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. GNU Mailman 'email' Cross Site Scripting Vulnerability
BugTraq ID: 6677
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 24 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6677
$B$^$H$a(B:

Mailman $B$O(B Majordomo $B$d(B SmartList $B$HF1MM$K!"%a!<%j%s%0%j%9%H$r4IM}$9$k(B
$B$?$a$N<jCJ$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B GNU $B%W%m%8%'(B
$B%/%H$K$h$C$F3+H/!"J]<i$,9T$o$l!"(BLinux $B%G%#%9%H%j%S%e!<%7%g%s$d(B Unix $B$G(B
$BMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,H/8+$5$l$F$$$k!#(B
$B$3$NLdBj$O(B URI $B$r2p$7$FM?$($i$l$k%Q%i%a!<%?$KBP$9$k%U%#%k%?%j%s%0$,IT==(B
$BJ,$G$"$k$?$a$K@8$8$F$$$k!#FC$K!"(BURI $BFb$NJQ?t(B email $B$XBeF~$5$l$kCM$O(B HTML
$B$+%9%/%j%W%H$r4^$s$G$$$k$+$I$&$+$K$D$$$F@5$7$/%U%#%k%?%j%s%0$,9T$o$l$F(B
$B$$$J$$$N$G$"$k!#(B

$B$3$N7k2L!"967b<T$O0-0U$"$k%9%/%j%W%H$J$$$7(B HTML $B$r$3$N%=%U%H%&%'%"$r2T(B
$BF0$5$;$F$$$k(B Web $B%5%$%H$X$N%O%$%Q!<%j%s%/Fb$KKd$a9~$`2DG=@-$,$"$k!#$3$N(B
$B<o$N%O%$%Q!<%j%s%/$,(B Web $B%5%$%H$N%f!<%6$K$h$C$F%"%/%;%9$5$l$?>l9g!"Kd$a(B
$B9~$^$l$?%3!<%I$O%"%/%;%985$N%f!<%6$N(B Web $B%V%i%&%6Fb$G!"$3$N%=%U%H%&%'%"(B
$B$r2TF0$5$;$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k(B
$B$H9M$($i$l$k!#(B

$B967b$rM=4|$7$F$$$J$$%f!<%6$N(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$d$=$NB>$N=EMW(B
$B$J>pJs$rC%<h2DG=$G$"$k$H9M$($i$l$k!#$5$i$K$OB>$N967b$b<B9T2DG=$G$"$k!#(B

2. GNU Mailman Error Page Cross Site Scripting Vulnerability
BugTraq ID: 6678
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 24 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6678
$B$^$H$a(B:

Mailman $B$O(B Majordomo $B$d(B SmartList $B$HF1MM$K!"%a!<%j%s%0%j%9%H$r4IM}$9$k(B
$B$?$a$N<jCJ$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B GNU $B%W%m%8%'(B
$B%/%H$K$h$C$F3+H/!"J]<i$,9T$o$l!"(BLinux $B%G%#%9%H%j%S%e!<%7%g%s$d(B Unix $B$G(B
$BMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,H/8+$5$l$F$$$k!#(B
$B$3$NLdBj$O(B URI $B$r2p$7$FM?$($i$l$k%Q%i%a!<%?$KBP$9$k%U%#%k%?%j%s%0$,IT==(B
$BJ,$G$"$k$?$a$K@8$8$F$$$k!#FC$K!"(BURI $BFb$NJQ?t(B language $B$XBeF~$5$l$kCM$O(B
HTML $B$+%9%/%j%W%H$r4^$s$G$$$k$+$I$&$+$K$D$$$F@5$7$/%U%#%k%?%j%s%0$,9T$o(B
$B$l$F$$$J$$$N$G$"$k!#(B

$B$3$N7k2L!"967b<T$O0-0U$"$k%9%/%j%W%H$J$$$7(B HTML $B$r$3$N%=%U%H%&%'%"$r2T(B
$BF0$5$;$F$$$k(B Web $B%5%$%H$X$N%O%$%Q!<%j%s%/Fb$KKd$a9~$`2DG=@-$,$"$k!#$3$N(B
$B<o$N%O%$%Q!<%j%s%/$,(B Web $B%5%$%H$N%f!<%6$K$h$C$F%"%/%;%9$5$l$?>l9g!"Kd$a(B
$B9~$^$l$?%3!<%I$O%"%/%;%985$N%f!<%6$N(B Web $B%V%i%&%6Fb$G!"$3$N%=%U%H%&%'%"(B
$B$r2TF0$5$;$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k(B
$B$H9M$($i$l$k!#(B

$B967b$rM=4|$7$F$$$J$$%f!<%6$N(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$d$=$NB>$N=EMW(B
$B$J>pJs$rC%<h2DG=$G$"$k$H9M$($i$l$k!#$5$i$K$OB>$N967b$b<B9T2DG=$G$"$k!#(B

GNU Mailman 2.0.11 $B$O$3$NLdBj$N1F6A$O5Z$P$J$$$3$H$,H/8+$5$l$F$$$k!#(B

3. SpamAssassin BSMTP Mode Buffer Overflow Vulnerability
BugTraq ID: 6679
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 24 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6679
$B$^$H$a(B:

SpamAssassin $B$O(B spam $B$rH=CG$7!"=hM}$r9T$&$?$a$N%a!<%k%U%#%k%?%j%s%0%=%U(B
$B%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O(B Linux $B%G%#%9%H%j%S%e!<%7%g%s$d(B Unix
$B$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%P%C%U%!%*!<%P!<%U%m!<$r@8$8$kLdBj$,H/8+$5$l$F$$$k!#(B
$B$3$N%=%U%H%&%'%"$,(B BSMTP (Batch Simple Mail Transfer Protocol) $B$r=hM}$9(B
$B$k$h$&$K@_Dj$5$l$F$$$k>l9g$K$3$NLdBj$O@8$8$k!#(B

$B$3$N%=%U%H%&%'%"$O<B:]$KEE;R%a!<%k$r=hM}$9$k$?$a$K(B spamc $B$H>N$9$k%W%m%0(B
$B%i%`$rMxMQ$7$F$$$k!#$3$N%W%m%0%i%`$O%G!<%?$rEE;R%a!<%k$N=hM}$r9T$&(B spamd
$B%5!<%S%9$XE>Aw$9$k%/%i%$%"%s%H%W%m%0%i%`$G$"$k!#(BBSMTP $B$N=hM}$O(B spamc $B$r(B
-B $B%*%W%7%g%s$rMxMQ$7$F5/F0$9$k$3$H$GM-8z2=$5$l$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$,EE;R%a!<%kFb$N%X%C%@$r=hM}$9$k:]$K!"(B. ($B%T%j%*%I(B) $B$r%((B
$B%9%1!<%W$9$k=hM}$KLdBj$,B8:_$7$F$$$k!#$3$N%=%U%H%&%'%"$K$h$k%U%#%k%?%j(B
$B%s%0=hM}Fb$KIT==J,$J6-3&%A%'%C%/$,B8:_$7$F$$$k$?$a!"%j%b!<%H$N967b<T$O(B
$B%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#(B

$B967b<T$OFCDj$N%X%C%@$r;}$D!"0-0U$"$kEE;R%a!<%k$rAH$_N)$F$k$3$H$K$h$j$3(B
$B$NLdBj$rMxMQ$9$k967b$r9T$&$3$H$,2DG=$G$"$k!#$3$NLdBj$rMxMQ$9$k967b$K$h(B
$B$j!"(Bspamc $B%W%m%0%i%`Fb$G%P%C%U%!%*!<%P!<%U%m!<$,@8$8$k!#$3$l$K$h$j!"$3(B
$B$N%W%m%0%i%`$N%W%m%;%9$N<B9T8"8B$G$N967b<T$K$h$C$FM?$($i$l$?%3!<%I$N<B(B
$B9T$,0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$K$h$j!"967b<T$OLdBj$rJz$($k%P%C%U%!$N>e0LIt$K3JG<$5$l$F$$$kCM(B
$B$N(B LSB $B$H$J$k(B . $B$KAj1~$9$kCM$r=q$-9~$`$3$H$,2DG=$K$J$kE@$K$D$$$F$ON10U(B
$B$5$l$k$Y$-$G$"$k!#FCDj$N>u672<$K$*$$$F!"$3$l$OEv3:4X?t$NJ]B8$5$l$?%U%l!<(B
$B%`%]%$%s%?$KAj1~$9$kCM$G$"$k$H9M$($i$l$k$,!"$3$NLdBj$rMxMQ$9$k967b$NMF(B
$B0WEY$K$D$$$F$OHs>o$K6vA3@-$K;YG[$5$l$k$H9M$($i$l$k!#(B

$B$3$NLdBj$rJz$($k%P!<%8%g%s$O(B SpamAssassin 2.40 $B$+$i(B 2.43 $B$^$G$G$"$k$H$N(B
$BJs9p$,4s$;$i$l$F$$$k!#(B

4. Sun Java Virtual Machine Illegal Access To Object Methods Vulnerability
BugTraq ID: 6681
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 24 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6681
$B$^$H$a(B:

Sun Java Virtual Machine $B$K$O%*%V%8%'%/%H$NJ]8n$5$l$?%U%#!<%k%I$d%a%=%C(B
$B%I$XIT@5$K%"%/%;%92DG=$K$J$k$H?d;!$5$l$kLdBj$,H/8+$5$l$F$$$k!#(B

$BK\LdBj$K4X$9$k@53N$J5;=QE*$J>\:Y>pJs$OL@$i$+$G$O$J$$$,!"$3$NLdBj$O%;%-%e(B
$B%j%F%#$H4XO"$9$k;v9`$G$"$k$H9M$($i$l$k!#%"%W%l%C%H%5%s%I%\%C%/%9>e$G@_(B
$BDj$5$l$F$$$k%;%-%e%j%F%#$K4X$9$k6/@);v9`$KH?$7$F!"%7%9%F%`Fb$N%U%!%$%k(B
$B$XFI$_=P$7!"=q$-9~$_$r9T$&$?$a$K$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2D(B
$BG=$K$J$k$H?d;!$5$l$k!#J]8n$5$l$?;q8;$X$N%"%/%;%9$G$-F@$k$3$H$K$h$j!"B>(B
$B$N967b$b0z$-B3$$$F0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B

$BB>$NLdBj$HAH$_9g$o$5$l$F$3$NLdBj$rMxMQ$9$k967b$,9T$o$l$?>l9g!"967bBP>](B
$B$N%3%s%T%e!<%?>e$G$N%3%^%s%I<B9T$,2DG=$K$J$k$H?d;!$5$l$k!#(B

5. SyGate Insecure UDP Source Port Firewall Bypass Weak Default Configuration Vulnerability
BugTraq ID: 6684
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 24 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6684
$B$^$H$a(B:

Sygate Pro $B$O(B Microsoft Windows $B4D6-8~$1$N%Q!<%=%J%k%U%!%$%"%&%)!<%k@=(B
$BIJ$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O%G%U%)%k%H$G(B UDP 137 $BHV!"(B138 $BHV$r%=!<%9(B
$B%]!<%H$K;}$D%H%i%U%#%C%/$NDL2a$r5v2D$7$F$$$k!#$3$N$?$a!"$3$l$i%]!<%H$+(B
$B$i$N%H%i%U%#%C%/$O%U%!%$%"%&%)!<%k$N%U%#%k%?%j%s%0$r2sHr$7!"%j%b!<%H$N(B
$B967b<T$O$3$N@=IJ$r1*2s$7!"0-0U$"$k%M%C%H%o!<%/%H%i%U%#%C%/$r3NN)$9$k$?(B
$B$a$K@x:_E*$K$3$NLdBj$rMxMQ$9$k967b$r4k$F$k2DG=@-$,$"$k!#(B

6. FTLS GuestBook Script Injection Vulnerability
BugTraq ID: 6686
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 25 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6686
$B$^$H$a(B:

FTLS Guestbook $B$O%U%j!<$GMxMQ2DG=$J%2%9%H%V%C%/%=%U%H%&%'%"$G$"$k!#(B
$B$3$N%=%U%H%&%'%"$OMM!9$J(B Unix $B$d(B Linux $B%G%#%9%H%j%S%e!<%7%g%s$G2TF0$9$k(B
$BB>!"(BMicrosoft Windows $B4D6-$G$bF0:n$9$k!#(B

$B$3$N%=%U%H%&%'%"$OMM!9$J%U%#!<%k%I$XM?$($i$l$?CM$+$i(B HTML $B%?%0$rE,@Z$K(B
$B%U%#%k%?%j%s%0$7$F$$$J$$!#$3$NLdBj$K$h$j!"967b<T$O0U?^E*$J%9%/%j%W%H$r(B
$B$3$N%=%U%H%&%'%"$K$h$C$F@8@.$5$l$?(B Web $B%Z!<%8Fb$KCmF~2DG=$K$J$k$H?d;!(B
$B$5$l$k!#(B

$B967b<T$K$h$C$FCmF~$5$l$?%9%/%j%W%H$O!"$3$N%=%U%H%&%'%"$K$h$C$F@8@.$5$l(B
$B$k(B Web $B%Z!<%8$r1\Mw$9$k0U?^$r;}$D%f!<%6$,MxMQ$9$k(B Web $B%/%i%$%"%s%H>e$G(B
$B<B9T$5$l$k2DG=@-$,$"$j!"$3$l$O$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5%$(B
$B%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k!#(B

$B967b<T$O@x:_E*$K(B Web $B%3%s%F%s%D$N>h$C<h$j!"$"$k$$$O(B Cookie $B$KM3Mh$9$kG'(B
$B>ZMQ>pJs$rC%<h$9$k$?$a$K$3$NLdBj$rMxMQ$9$k967b$r4k$F$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B FTLS Guestbook 1.1 $B$GH/8+$5$l$F$$$k!#(B

7. Blackboard Learning System search.pl SQL Injection Variant Vulnerability
BugTraq ID: 6687
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 25 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6687
$B$^$H$a(B:

Blackboard Learning system $B$O65;U8~$1$K!V%3%s%T%e!<%?%7%9%F%`$rMxMQ$9$k(B
$B650i4D6-$rDs6!$9$k$?$a$N4pHW!W$NDs6!<jCJ$H$J$k!"(BMicrosoft Windows$B!"(BLinux$B!"(B
Solaris $B%5!<%P$GF0:n2DG=$J0lO"$N%=%U%H%&%'%"@=IJ72$G$"$k!#(B

$B$$$/$D$+$N>l9g$K$*$$$F!"$3$N%=%U%H%&%'%"$O(B SQL $B%/%(%j$rAH$_N)$F$k:]$K;H(B
$BMQ$5$l$k!"%f!<%6$,M?$($?F~NOCM$KBP$9$k%U%#%k%?%j%s%0$r==J,$K9T$C$F$$$J(B
$B$$!#$=$N7k2L!"967b<T$O%7%9%F%`$*$h$S(B SQL $B%/%(%j$NO@M}9=@.$r0U?^E*$KA`:n(B
$B$9$k$?$a$K!"0-0U$"$k%Q%i%a!<%?$rM?$($k2DG=@-$,$"$k!#$3$l$K$h$j!"%P%C%/(B
$B%(%s%I$G2TF0$9$k%G!<%?%Y!<%9$KL5G'>Z$G%"%/%;%92DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B search.pl $B%9%/%j%W%H$KB8:_$9$k$H$NJs9p$,4s$;$i$l$F$$$k!#%j%b!<(B
$B%H$N967b<T$OB>$N%f!<%6$N%Q%9%o!<%I$rH/8+$9$k$?$a$K$3$NLdBj$rMxMQ$9$k96(B
$B7b$r<B9T2DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O(B BID 6655 $B$K<($5$l$F$$$kLdBj$+$iGI@8$9$kLdBj$G$"$k!#(B

$BJs9p$K$h$k$H!"(BBlackboard Learning System 5.5.1$B!"(Blevel 1 $B$*$h$S(B 2 $B$K$3$N(B
$BLdBj$,H/8+$5$l$F$$$k!#$J$*!"$3$l0JA0$N%P!<%8%g%s$bF1MM$NLdBj$rJz$($k2D(B
$BG=@-$,$"$k!#(B

8. Qualcomm Eudora Email Message Deletion Weakness
BugTraq ID: 6688
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 25 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6688
$B$^$H$a(B:

Eudora $B$O(B Microsoft Windows $B4D6-8~$1$N(B GUI $B$rHw$($?EE;R%a!<%k%/%i%$%"%s(B
$B%H$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$OLdBj$,H/8+$5$l$F$$$k!#LdBj$O$3$N%=%U%H%&%'%"$,(B Trash
($BF|K\8lHG$G$O!V$4$_H"!W(B) $B%U%)%k%@$+$iEE;R%a!<%k$r:o=|$9$k=hM}$KB8:_$7$F(B
$B$$$k!#EE;R%a!<%k$,$3$N%U%)%k%@$+$i:o=|$5$l$k:]!":o=|BP>]$NEE;R%a!<%k$K(B
$B$O(B deleted $B$H$N%^!<%/$,$D$1$i$l$k$N$_$G$"$j!"(BTrash.mbx $B%U%!%$%kFb$K$O;D$C(B
$B$?$^$^$J$N$G$"$k!#(B

$BEE;R%a!<%k$O%f!<%6$,%a!<%k%\%C%/%9$N@0M}$rA*Br$7$?>l9g$K$N$_:o=|$5$l$k(B
$B$?$a!"<B:]$H$O0[$J$k%;%-%e%j%F%#$K4X$9$k8z2L$G%f!<%6$r5=$/7k2L$r>7$/2D(B
$BG=@-$,$"$k!#(B

$B$3$NLdBj$O(B Eudora 5.2.0.9 $B$K$*$$$FH/8+$5$l$F$$$k!#B>$N%P!<%8%g%s$bF1MM(B
$B$NLdBj$rJz$($k2DG=@-$,$"$k!#(B

9. List Site Pro User Database Delimiter Injection Vulnerability
BugTraq ID: 6685
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 24 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6685
$B$^$H$a(B:

List Site PRO $B$O%a%s%PFb$N%5%$%H$N%"%/%;%9?t$r7WB,$7!"%"%/%;%9?t$K1~$8(B
$B$?%i%s%/J,$1$r9T$&%"%/%;%9?t$K1~$8$?%i%s%-%s%0$r9T$&%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O967b<T$O(B HTML $B$rMxMQ$9$k%U%)!<%`Fb$NF~NO%U%#!<%k%I(B
$B$r2p$7$F!"$3$N%=%U%H%&%'%"$,MxMQ$7$F$$$k%P%C%/%(%s%I%G!<%?%Y!<%9$X0U?^(B
$B$9$kCM$rCmF~2DG=$G$"$k$3$H$,H/8+$5$l$F$$$k!#(B

$B0U?^$9$kCM$NCmF~$O2<5-$NLdBj$NN>J}$rAH$_9g$o$;$k$3$H$K$h$j<B9T$5$l$k!#(B

$BLdBj(B:
bannerurl $B%U%#!<%k%I$X$NF~NOCM$KBP$9$k%U%#%k%?%j%s%0$,IT==J,$G$"$j!"$3(B
$B$N%U%#!<%k%I$O(B List Site Pro $B$,MxMQ$7$F$$$k%G!<%?%Y!<%9FbIt$G%G%j%_%?$H(B
$B$7$F2r<a$5$l$k%Q%$%WJ8;z(B ('|') $B$r<u$1IU$1$F$7$^$&!#(B

$BLdBj(B:
$B$3$N%=%U%H%&%'%"$r2TF0$7$F$$$k(B Web $B%5%$%HFb$NAjBPE*$J%O%$%Q!<%j%s%/Fb$G!"(B
$B%f!<%6(B ID $B$rO31L$7$F$7$^$C$F$$$k!#(B

$B967b<T$O$3$l$i$NLdBj$rAH$_9g$o$;!"$3$N%=%U%H%&%'%"$,%P%C%/%(%s%I%G!<%?(B
$B%Y!<%9$H$7$FMxMQ$7$F$$$kC10l$N%U%!%$%k$rMxMQ$9$k%G!<%?%Y!<%9Fb$N%f!<%6(B
$BG'>ZMQ>pJs$r2~JQ!"$"$k$$$O%j%;%C%H$9$k2DG=@-$,$"$k!#(B

10. Hypermail Message Attachment Buffer Overflow Vulnerability
BugTraq ID: 6689
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6689
$B$^$H$a(B:

Hypermail $B$OEE;R%a!<%k$r(B HTML $B7A<0$KJQ49$9$k!"%U%j!<$GMxMQ2DG=$J%=%U%H(B
$B%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%P%C%U%!%*!<%P!<%U%m!<$,@8$8$kLdBj$,H/8+$5$l$F$$$k!#(B
$B$3$N%=%U%H%&%'%"$,Hs>o$KD9$$E:IU%U%!%$%kL>$r;}$DEE;R%a!<%k$r2r<a$9$k:](B
$B$K$3$NLdBj$,H/@8$9$k!#<h$jJ,$1!"%=!<%9%U%!%$%k$N(B parse.c $B$GEE;R%a!<%k$r(B
$B=hM}$9$k:]$K$3$l$O@8$8$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$O$3$N%=%U%H%&%'%"$,%*%W%7%g%s$N@_Dj$G(B progress=2
$B$H8@$&!">iD9$K>pJs$r=PNO$9$k$h$&$K@_Dj$5$l$F$$$k>l9g$K$N$_<B9T2DG=$G$"(B
$B$k!#967b<T$OHs>o$KD9$$!"(B252 $B8D0J>e$NJ8;zNs$+$i@.$kE:IU%U%!%$%kL>$r;}$D(B
$BEE;R%a!<%k$rAw?.$9$k$3$H$G$3$NLdBj$rMxMQ$9$k967b$r<B9T2DG=$G$"$k!#%P%C(B
$B%U%!%*!<%P!<%U%m!<$O$3$N%=%U%H%&%'%"$,EE;R%a!<%k$r2r<a$9$k;~E@$G0z$-5/(B
$B$3$5$l!"7k2L$H$7$F967b<T$K$h$C$FM?$($i$l$?0-0U$"$k%3!<%I$O$3$N%=%U%H%&%'(B
$B%"$N%W%m%;%9$HF13J$N8"8B$G<B9T$5$l$k!#(B

$B$3$NLdBj$O(B Hypermail 2.1.3 $B$+$i(B 2.1.5 $B$^$G$N%P!<%8%g%s$GH/8+$5$l$F$$$k!#(B

11. Hypermail CGI Mail Reverse DNS Lookup Buffer Overflow Vulnerability
BugTraq ID: 6690
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6690
$B$^$H$a(B:

Hypermail $B$OEE;R%a!<%k$+$i(B HTML $B7A<0$X$NJQ49$r9T$&%U%j!<$GMxMQ2DG=$J%=(B
$B%U%H%&%'%"$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$N(B CGI $B%a!<%k%W%m%0%i%`$K%P%C%U%!%*!<%P!<(B
$B%U%m!<$NLdBj$,B8:_$9$k!#(B

$B$3$NLdBj$O%[%9%HL>$r2r7h$9$k$?$a$N(B DNS $B1~Ez$r=hM}$9$k:]$K!"(BCGI $B%a!<%k%W(B
$B%m%0%i%`$K$h$j9T$o$l$k6-3&%A%'%C%/$,IT==J,$G$"$k$?$a$K@8$8$F$$$k!#>\$7(B
$B$/<($9$J$i$P!"$3$N%W%m%0%i%`$O;XDj$5$l$?(B IP $B%"%I%l%9$KBP1~$9$k%[%9%HL>(B
$B$rF@$k$?$a$K(B gethostbyaddr() $B4X?t$rMxMQ$7$F$*$j!"(BDNS $B%5!<%P$+$i$N1~Ez$,(B
80 $BJ8;z0J>e$G$"$k>l9g!"7k2L$H$7$F%P%C%U%!%*!<%P!<%U%m!<$r@8$8$k!#(B

$B0-0U$"$k(B DNS $B%5!<%P$N4IM}<T$O!"967bBP>]$N%3%s%T%e!<%?>e$G0U?^$9$k%3!<%I(B
$B$r<B9T$9$k$?$a$K$3$NLdBj$rMxMQ$9$k967b$r9T$&2DG=@-$,$"$k!#$^$?!"(BDNS $B%5!<(B
$B%P$r;YG[2<$KCV$$$F$$$J$$967b<T$,0-0U$"$k1~Ez$rJV$9$h$&$K!"$=$NB>$N(B DNS
$B%5!<%P$+$i$N1~Ez$G$"$k$+$N$h$&$J56$N1~Ez$rJV$9$3$H$b2DG=$G$"$k$H?d;!$5(B
$B$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"7k2L$H$7$F967b<T$OLdBj$rJz$($k%W(B
$B%m%0%i%`<B9T$N@)8f$rC%<h$9$k2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$O(B Hypermail 2.1.3 $B$+$i(B 2.1.5 $B$^$G$N%P!<%8%g%s$K(B
$BB8:_$9$k!#(B

12. PlatinumFTPServer File Disclosure Vulnerability
BugTraq ID: 6691
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6691
$B$^$H$a(B:

PlatinumFTPserver $B$O(B BYTE/400 $B$+$iHNGd$5$l$F$$$k!"(BMicrosoft Windows $B4D(B
$B6-$GMxMQ2DG=$J>&MQ$N(B FTP $B%5!<%P$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$KK\MhJ]8n$5$l$F$$$k%G%#%l%/%H%j$NHO0O30$K%"%/%;%92DG=(B
$B$G$"$kLdBj$,H/8+$5$l$?!#$3$N%=%U%H%&%'%"$O(B /.. $B$H$$$&J8;zNs$NF~NOCM$N<h(B
$B$j07$$$rE,@Z$K9T$C$F$$$J$$$?$a!"7k2L$H$7$F967b<T$O5v2D$5$l$F$$$J$$;q8;(B
$B$X$N%"%/%;%98"$rC%<h2DG=$G$"$k!#(B

$B$3$NLdBj$K$h$j!"967b<T$O(B FTP $B%5!<%PMQ$N%U%!%$%kG[I[$KMQ$$$i$l$k2>A[%k!<(B
$B%H%G%#%l%/%H%j$NHO0O30$N;q8;$K%"%/%;%92DG=$K$J$j!"LdBj$rJz$($k%=%U%H%&%'(B
$B%"$r2TF0$7$F$$$k%3%s%T%e!<%?Fb$N%U%!%$%k%7%9%F%`A4BN$K%"%/%;%92DG=$G$"(B
$B$k!#Js9p$K$h$k$H!"967b<T$O%U%!%$%k$N%U%k%Q%9$r;XDj$9$k$3$H$K$h$j%7%9%F(B
$B%`>e$N0U?^$9$k%U%!%$%k$d%G%#%l%/%H%j$N:n@.$*$h$S:o=|$b2DG=$G$"$k!#$3$N(B
$BLdBj$rMxMQ$9$k967b$r9T$&$?$a$K$O967b<T$,(B '\..' ($BLuCm(B: $B86J8$G$O%P%C%/%9(B
$B%i%C%7%e$H(B 2 $B8D$N%T%j%*%I(B) $BI=5-$r;HMQ$9$k$3$H$,I,MW$G$"$k!#(B

$B$3$NLdBj$O(B PlatinumFTPServer 1.0.7 $B$GH/8+$5$l$F$$$k!#$^$?!"$3$NLdBj$O$3(B
$B$l0JA0$N%P!<%8%g%s$K$b1F6A$9$k$H9M$($i$l$k!#(B

13. Sun Solaris AT Command Arbitrary File Deletion Vulnerability
BugTraq ID: 6692
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6692
$B$^$H$a(B:

/usr/bin/at $B$O0J8e<B9T$5$l$k%8%g%V$N%9%1%8%e!<%j%s%0$r9T$&$?$a$KMxMQ$5(B
$B$l$k%f!<%F%#%j%F%#$G$"$k!#(BSun Solaris $B$KF1:-$5$l$F$$$k(B at $B%f!<%F%#%j%F%#(B
$B$O!"967b<T$,%7%9%F%`>e$N0U?^$9$k%U%!%$%k$r:o=|2DG=$G$"$k$H?d;!$5$l$kLd(B
$BBj$rJz$($k5?$$$,$"$k!#(B

$BLdBj$O$3$N%=%U%H%&%'%"$r(B '-r' $B%*%W%7%g%s$H6&$K;HMQ$9$k:]$KH/@8$9$k!#$3(B
$B$N%*%W%7%g%s$O0JA0$KM=Ls$7$?%8%g%V$r:o=|$9$k$?$a$K;HMQ$5$l$k!#LdBj$O$3(B
$B$N%=%U%H%&%'%"$,(B -r $B%3%^%s%I%i%$%s%*%W%7%g%s$N0lIt$H$7$FM?$($i$l$?%Q%i(B
$B%a!<%?$N%U%#%k%?%j%s%0$r==J,$K9T$o$J$$$?$a$KH/@8$9$k!#FC$K!"$3$N%=%U%H(B
$B%&%'%"$O(B -r $B%*%W%7%g%s$N%Q%i%a!<%?$KBP$7$F!"O"B3$7$?(B 2 $B8D$N%T%j%*%I$H(B
1 $B8D$N%9%i%C%7%e(B (../) $B$r4^$`J8;zNs$N%U%#%k%?%j%s%0$r==J,$K9T$o$J$$$N(B
$B$G$"$k!#(B

$B%m!<%+%k$N967b<T$O(B 2 $B8D$N%T%j%*%I$H(B 1 $B8D$N%9%i%C%7%e(B (../) $B$r4^$`!"K\Mh(B
$BJ]8n$5$l$?HO0O30$N%G%#%l%/%H%j$XAjBPE*$K%"%/%;%9$7F@$kJ8;zNs$r4^$`0-0U(B
$B$"$k%Q%i%a!<%?$H6&$K(B 'at -r' $B$r8F$S=P$9$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k96(B
$B7b$r9T$&$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O$3$N%=%U%H%&%'%"$,(B setuid root $B>uBV$N%f!<%F%#%j%F%#$G$"$k$H$$(B
$B$&;v<B$K$h$j!"$5$i$K1F6AHO0O$,9-$,$k$H9M$($i$l$k!#(B

14. Sun Solaris AT Command Race Condition Vulnerability
BugTraq ID: 6693
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6693
$B$^$H$a(B:

/usr/bin/at $B$O0J8e<B9T$5$l$k%8%g%V$N%9%1%8%e!<%j%s%0$r9T$&$?$a$KMxMQ$5(B
$B$l$k%f!<%F%#%j%F%#$G$"$k!#(BSun Solaris $B$KF1:-$5$l$F$$$k(B at $B%f!<%F%#%j%F%#(B
$B$O!"967b<T$,%7%9%F%`>e$N0U?^$9$k%U%!%$%k$r:o=|2DG=$G$"$k$H?d;!$5$l$kLd(B
$BBj$rJz$($k5?$$$,$"$k!#(B

$B$3$NLdBj$O(B BID 6692 $B$K5-:\$5$l$F$$$kLdBj$N7k2L$H$7$F@8$8$k$b$N$G$"$j!"(B
$B$3$N%=%U%H%&%'%"$,(B -r $B%3%^%s%I%i%$%s%*%W%7%g%s$H6&$K;HMQ$5$l$k>l9g$KH/(B
$B@8$9$k!#(B

$B$3$N%=%U%H%&%'%"$O;q8;$N6%9g>uBV$K4Y$kLdBj(B (race condition vulnerability)
$B$rJz$($k5?$$$,$"$j!"7k2L$H$7$F;XDj$5$l$?%U%!%$%k0J30$N%U%!%$%k$r:o=|$9(B
$B$k2DG=@-$,$"$k!#LdBj$O$3$N%=%U%H%&%'%"$,=i$a$K(B stat() $B4X?t$r2p$7$F%U%!(B
$B%$%k$N=jM-8"$r3NG'$7!"$=$N8e(B unlink() $B4X?t$G%U%!%$%k$N%j%s%/$r2r=|$9$k(B
$BJ}K!$KB8:_$9$k!#$3$N$o$:$+$J8F$S=P$7$N4V$K%U%!%$%k%7%9%F%`$,JQ992DG=$G(B
$B$"$k>l9g!"$3$N%=%U%H%&%'%"$K0U?^$9$k%U%!%$%k$r:o=|$5$;$k$3$H$,2DG=$G$"(B
$B$k!#(B

$B$3$NLdBj$O$3$N%=%U%H%&%'%"$,(B setuid root $B>uBV$N%f!<%F%#%j%F%#$G$"$k$H$$(B
$B$&;v<B$K$h$j!"$5$i$K1F6AHO0O$,9-$,$k$H9M$($i$l$k!#(B

15. Noffle Remote Memory Corruption Vulnerability
BugTraq ID: 6695
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6695
$B$^$H$a(B:

Noffle $B$O>/?t$N%f!<%6!"$*$h$SDcB.$N%@%$%"%k%"%C%W@\B3$G$N%$%s%?!<%M%C%H(B
$B2s@~4D6-8~$1$K@_7W$5$l$?%M%C%H%K%e!<%9(B (NNTP) $B%5!<%P$G$"$k!#$3$N%=%U%H(B
$B%&%'%"$O(B UNIX $B$*$h$S(B Linux $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%a%b%jFbMF$,GK2u$5$l$kLdBj$,H/8+$5$l$?!#$3$NLdBj$O(B
$B%j%b!<%H$+$iH/@8$5$;$k$3$H$,2DG=$G$"$j!"LdBj$rJz$($k%5!<%P$N%;%0%a%s%F!<(B
$B%7%g%s0cH?$r0z$-5/$3$92DG=@-$,$"$k!#$3$NLdBj$O$3$N%=%U%H%&%'%"$K0-0U$"(B
$B$k%K%e!<%9%0%k!<%W$r=hM}$5$;$h$&$H$9$k:]!"$^$?$OEPO?$5$;$k:]$KH/@8$9$k(B
$B$H9M$($i$l$k!#(B

$BL$3NG'$G$O$"$k$,!"$3$NLdBj$O%j%b!<%H$N967b<T$K$h$j(B DoS $B$r0z$-5/$3$9$+!"(B
$B$"$k$$$O0U?^$9$k%3!<%I$r<B9T$9$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#967b<T$K(B
$B$h$C$FM?$($i$l$?%3!<%I$O$3$N%=%U%H%&%'%"$N<B9T<T!"$*$=$i$/(B 'news' $B%f!<(B
$B%6$HF13J$N8"8B$K$h$j<B9T$5$l$k!#(B

$B$3$NLdBj$K4X$9$k5;=QE*>\:Y$O8=;~E@$G$O8x3+$5$l$F$$$J$$!#99$J$k>pJs$,F@(B
$B$i$l<!Bh!"K\(B BID $B$O99?7M=Dj$G$"$k!#(B

16. Nuked-Klan Guestbook HTML Injection Vulnerability
BugTraq ID: 6697
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6697
$B$^$H$a(B:

Nuked-Klan $B$N%2%9%H%V%C%/%b%8%e!<%k$KLdBj$,H/8+$5$l$?!#Js9p$K$h$k$H!"$3(B
$B$N%=%U%H%&%'%"$OFCDj$NJQ?tFb$G!"%f!<%6$+$iM?$($i$l$?CM$KKd$a9~$^$l$?(B
HTML $B$d%9%/%j%W%H$N%U%#%k%?%j%s%0$r<:GT$7$F$$$k$N$G$"$k!#FC$K!"(B'Author'
$BJQ?t$X0-0U$"$kCM$,F~NO$5$l$?:]$N%U%#%k%?%j%s%0$K<:GT$7$F$$$k!#(B

$B7k2L$H$7$F!"967b<T$OEE;R7G<(HD$X$NEj9FFbMF$K0-0U$"$k%9%/%j%W%H$d(B HTML
$B$rA^F~$9$k2DG=@-$,$"$k!#0-0U$"$kEj9FFbMF$,B>$N%f!<%6$K$h$j1\Mw$5$l$k:](B
$B$K!"967b<T$K$h$C$FM?$($i$l$?%3!<%I$O$3$N%=%U%H%&%'%"$r<B9T$9$k%5%$%H$H(B
$BF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G!"%f!<%6$N(B Web $B%V%i%&%6Fb$G2r<a$5$l$k!#(B

$B$3$NLdBj$K$h$j!"967b$rM=4|$7$F$$$J$$%f!<%6$N(B Cookie $B$KM3Mh$9$kG'>ZMQ>p(B
$BJs$dB>$N=EMW$J>pJs$rC%<h2DG=$G$"$k$H?d;!$5$l$k!#$^$?!"B>$N967b$b2DG=$G(B
$B$"$k$H?d;!$5$l$k!#(B

17. Nuked-Klan Forum Module HTML Injection Vulnerability
BugTraq ID: 6699
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6699
$B$^$H$a(B:

Nuked-Klan $B$N(B 'Forum' $B%b%8%e!<%k$KLdBj$,H/8+$5$l$?!#Js9p$K$h$k$H!"$3$N(B
$B%=%U%H%&%'%"$OFCDj$NJQ?tFb$G!"%f!<%6$+$iM?$($i$l$?CM$KKd$a9~$^$l$?(B HTML
$B$d%9%/%j%W%H$N%U%#%k%?%j%s%0$r<:GT$7$F$$$k$N$G$"$k!#FC$K!"(B'Author' $BJQ?t(B
$B$X0-0U$"$kCM$,F~NO$5$l$?:]$N%U%#%k%?%j%s%0$K<:GT$7$F$$$k!#(B

$B7k2L$H$7$F!"967b<T$OEE;R7G<(HD$X$NEj9FFbMF$K0-0U$"$k%9%/%j%W%H$d(B HTML
$B$rA^F~$9$k2DG=@-$,$"$k!#0-0U$"$kEj9FFbMF$,B>$N%f!<%6$K$h$j1\Mw$5$l$k:](B
$B$K!"967b<T$K$h$C$FM?$($i$l$?%3!<%I$O$3$N%=%U%H%&%'%"$r<B9T$9$k%5%$%H$H(B
$BF13J$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"%f!<%6$N(B Web $B%V%i%&%6Fb$G2r<a$5$l$k!#(B

$B$3$NLdBj$K$h$j!"967b$rM=4|$7$F$$$J$$%f!<%6$N(B Cookie $B$KM3Mh$9$kG'>ZMQ>p(B
$BJs$dB>$N=EMW$J>pJs$rC%<h2DG=$G$"$k$H?d;!$5$l$k!#$^$?!"B>$N967b$b2DG=$G(B
$B$"$k$H?d;!$5$l$k!#(B

18. Nuked-Klan Shoutbox HTML Injection Vulnerability
BugTraq ID: 6700
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6700
$B$^$H$a(B:

Nuked-Klan $B$N(B 'Shoutbox' $B%b%8%e!<%k$KLdBj$,H/8+$5$l$?!#Js9p$K$h$k$H!"$3(B
$B$N%=%U%H%&%'%"$OFCDj$NJQ?tFb$G!"%f!<%6$+$iM?$($i$l$?CM$KKd$a9~$^$l$?(B HTML
$B$d%9%/%j%W%H$N%U%#%k%?%j%s%0$r<:GT$7$F$$$k$N$G$"$k!#FC$K!"(B"The Opinion
column" $B$*$h$S(B "La Tribune Libre" $BJQ?t$X0-0U$"$kCM$,F~NO$5$l$?:]$N%U%#(B
$B%k%?%j%s%0$K<:GT$7$F$$$k!#(B

$B7k2L$H$7$F!"967b<T$O(B Shoutbox $B%a%C%;!<%8Fb$K0-0U$"$k%9%/%j%W%H$d(B HTML
$B$rA^F~$9$k2DG=@-$,$"$k!#0-0U$"$k%a%C%;!<%8$,B>$N%f!<%6$K$h$j1\Mw$5$l$k(B
$B:]$K!"967b<T$K$h$C$FM?$($i$l$?%3!<%I$O$3$N%=%U%H%&%'%"$r<B9T$9$k%5%$%H(B
$B$HF13J$N$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"%f!<%6$N(B Web $B%V%i%&%6Fb$G2r<a$5(B
$B$l$k!#(B

$B$3$NLdBj$K$h$j!"967b$rM=4|$7$F$$$J$$%f!<%6$N(B Cookie $B$KM3Mh$9$kG'>ZMQ>p(B
$BJs$dB>$N=EMW$J>pJs$rC%<h2DG=$G$"$k$H?d;!$5$l$k!#$^$?!"B>$N967b$b2DG=$G(B
$B$"$k$H?d;!$5$l$k!#(B

19. Finjan SurfinGate Password Ciphering Weaknesses
BugTraq ID: 6705
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6705
$B$^$H$a(B:

SurfinGate $B$O>&MQ@=IJ$H$7$FDs6!$5$l$F$$$k!"%3%s%F%s%D%U%#%k%?%j%s%05!G=!"(B
$B%"%W%j%1!<%7%g%sAX$G<BAu$5$l$?%U%!%$%"%&%)!<%k5!G=$rHw$($?%=%U%H%&%'%"(B
$B%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Finjan $B$K$h$C$FHNGd$5$l$F$*$j!"(BSun
Solaris$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O!"0E9f2=%"%k%4%j%:%`$N<BAu$KLdBj$,H/8+$5$l$F$$$k!#(B
$B$3$N%=%U%H%&%'%"$O%W%m%Q%F%#%F!<%V%k$r2p$7$F%3%s%=!<%k%Q%9%o!<%I$r1\Mw(B
$B2DG=$G$"$j!"$^$?$3$N%Q%9%o!<%I$O967b<T$,MF0W$KI|9f2DG=$J%"%k%4%j%:%`$r(B
$B;HMQ$7$F1#JC$5$l$F$$$k!#$3$N%=%U%H%&%'%"$O!"%Q%9%o!<%I$r1#JC$9$k$?$a$K!"(B
$B0J2<$N%"%k%4%j%:%`$r;HMQ$7$F$$$k!#(B

CHAR encrypted(n) = CHAR( ACSCII(CHAR cleartext(n)) + n )

$B>e5-$N(B n $B$O!"%Q%9%o!<%I$NJ8;z0LCV(B ($B@hF,$r(B 0 $B$H$9$k(B) $B$G$"$k!#(B

SurfinGate $B%3%s%=!<%k$,(B Solaris $B$X%$%s%9%H!<%k$5$l$?$3$N%=%U%H%&%'%"$X(B
$B%"%/%;%9$r9T$&:]!"(BOracle $B%W%m%H%3%k$,MxMQ$5$l$F$$$k!#$3$N$?$a!"(BSurfinGate
$B$rMxMQ$9$k$?$a$K$O@5Ev$J(B Oracle $B$G$N%f!<%6%"%+%&%s%H$,B8:_$7$F$$$kI,MW(B
$B$,$"$k!#(BOracle $BFb$N%f!<%6G'>ZMQ>pJs$O%m!<%+%k$+$i%"%/%;%92DG=$J@_Dj%U%!(B
$B%$%k$K3JG<$5$l$F$$$k!#Js9p$K$h$k$H!"(BOracle $BFb$N%f!<%6G'>ZMQ%Q%9%o!<%I$O(B
$B$"$kDxEY$OJ#;($J%"%k%4%j%:%`$rMxMQ$7$F1#JC2=$5$l$F$O$$$k$b$N$N!"967b<T(B
$B$OMF0W$KI|9f2DG=$G$"$k$H9M$($i$l$F$$$k!#(B

$B%Q%9%o!<%I$,O31L$7$?>l9g!"967bBP>]$N%3%s%T%e!<%?$d$3$N%=%U%H%&%'%"$KBP(B
$B$9$k$5$i$J$k967b$,4k$F$i$l$k2DG=@-$,$"$k!#(B

Oracle $B%Q%9%o!<%I$O!"0J2<$N%"%k%4%j%:%`$r;HMQ$7!"1#JC$5$l$F$$$k!#(B

CHAR encrypted(n) = HEX( ASCII( CHAR cleartext(n) ) + 1 )

$B>e5-$N(B n $B$O!"%Q%9%o!<%IFb$NJ8;z0LCV$G$"$k!#(B

20. Finjan SurfinGate HTML Filtering Weakness
BugTraq ID: 6702
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6702
$B$^$H$a(B:

SurfinGate $B$O>&MQ@=IJ$H$7$FDs6!$5$l$F$$$k!"%3%s%F%s%D%U%#%k%?%j%s%05!G=!"(B
$B%"%W%j%1!<%7%g%sAX$G<BAu$5$l$?%U%!%$%"%&%)!<%k5!G=$rHw$($?%=%U%H%&%'%"(B
$B%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Finjan $B$K$h$C$FHNGd$5$l$F$*$j!"(BSun
Solaris$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$KF1:-$5$l$F$$$k(B HTML $B%U%#%k%?5!G=$OFCDj$N%?%$%W$N0-0U(B
$B$"$k(B HTML $B$rG'<1$7$J$$!#$3$NLdBj$O%(%s%I%f!<%6$X$N6<0R$H$J$k2DG=@-$,$"(B
$B$k!#(B

$B7k2L$H$7$F!"%(%s%I%f!<%6$O0-0U$"$k(B HTML $B$rMxMQ$7$?$9$k(B DoS $B967b$d!"$=(B
$B$NB>$NB?Bg$J1F6A$r5Z$\$9967b$K;/$5$l$k2DG=@-$,$"$k!#(B

$B%U%#%k%?5!G=$,Jz$($kLdBj$K$h$j!"0-0U$"$k(B HTML $B$,D>@\%f!<%6$K1F6A$r5Z$\(B
$B$92DG=@-$,$"$k!#FC$K!"%j%U%l%C%7%eCM$,(B 0 $B$K@_Dj$5$l$?(B HTML $B%a%?%?%0$OL5(B
$B4|8B$K:F5"E*$K%U%l!<%`$r8F$S=P$7!"$^$?L54|8B$K:F5"E*$K8F$S=P$5$l$k(B IFRAME
$B%?%0$O$3$NLdBj$rJz$($k%"%W%j%1!<%7%g%s$G$O8!=PIT2DG=$G$"$k!#(B
$B$3$N$?$a!"%f!<%6$N(B Web $B%V%i%&%6$N<BAu$K0MB8$9$k$b$N$N!"0-0U$"$k(B HTML $B$K(B
$B$h$j(B Web $B%/%i%$%"%s%H$N(B DoS $B$,0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B

21. Finjan SurfinGate Active Content Filter Bypass Vulnerability
BugTraq ID: 6701
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6701
$B$^$H$a(B:

SurfinGate $B$O>&MQ@=IJ$H$7$FDs6!$5$l$F$$$k!"%3%s%F%s%D%U%#%k%?%j%s%05!G=!"(B
$B%"%W%j%1!<%7%g%sAX$G<BAu$5$l$?%U%!%$%"%&%)!<%k5!G=$rHw$($?%=%U%H%&%'%"(B
$B%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Finjan $B$K$h$C$FHNGd$5$l$F$*$j!"(BSun
Solaris$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$OF0E*%3%s%F%s%D$N%U%#%k%?5!G=$KLdBj$,Js9p$5$l$F$$$k!#(B
$B$3$N%=%U%H%&%'%"$N%U%#%k%?5!G=$G$O!"(BJavaScript$B!"(BActiveX$B!"(BVBScript $BEy!"(B
$BMM!9$JF0E*%3%s%F%s%D$X$N%U%#%k%?%j%s%0=hM}$,Ds6!$5$l$F$$$k!#$3$N5!G=$O(B
$BFCDj$N%3!<%I$r4m81$H$_$J$7$F=|5n$7!"0BA4$J%3!<%I$N$_$N%/%i%$%"%s%HB&$X(B
$B$N0zEO$7$r2DG=$K$9$k!#$7$+$7!"$3$N5!G=$K4^$^$l$k(B JavaScript $B9=J82r@OIt(B
$BJ,$O==J,$K%9%/%j%W%H%3!<%I$N%U%#%k%?%j%s%0$r9T$o$J$$!#(B

$B0-0U$"$k(B JavaScript $B$r1#JC$9$k$3$H$G!"$3$N%=%U%H%&%'%"$N%U%#%k%?5!G=$r(B
$B2sHr2DG=$G$"$k!#$3$NLdBj$K$h$j!"0-0U$"$k%3!<%I$r(B HEX $B%(%s%3!<%G%#%s%0(B
$B$9$k!"$"$k$$$O(B eval() $B4X?t$N$h$&$J!"J8;z%G%3!<%I4X?t$K0-0U$"$k%3!<%I$r(B
$B0z$-EO$9$3$H$G%U%#%k%?5!G=$r2sHr$9$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"G$0U$N(B JavaScript $B$,%U%#%k%?5!G=(B
$B$r2sHr$5$l!"%(%s%I%f!<%6$K$=$N$^$^0z$-EO$5$l$k$H?d;!$5$l$k!#(B

22. Finjan SurfinGate Java Applet Analyzer Bypass Vulnerability
BugTraq ID: 6704
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6704
$B$^$H$a(B:

SurfinGate $B$O>&MQ@=IJ$H$7$FDs6!$5$l$F$$$k!"%3%s%F%s%D%U%#%k%?%j%s%05!G=!"(B
$B%"%W%j%1!<%7%g%sAX$G<BAu$5$l$?%U%!%$%"%&%)!<%k5!G=$rHw$($?%=%U%H%&%'%"(B
$B%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Finjan $B$K$h$C$FHNGd$5$l$F$*$j!"(BSun
Solaris$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$KF1:-$5$l$F$$$k(B Java $B%"%W%l%C%HJ,@O5!G=$K$O!"LdBj$,Js(B
$B9p$5$l$F$$$k!#J,@O5!G=$OFCDj$N%3!<%I$r4m81$H$_$J$7$F=|5n$7!"0BA4$J%3!<(B
$B%I$N$_$N%/%i%$%"%s%HB&$X$N0zEO$7$r2DG=$K$9$k!#$^$?!"$3$NJ,@O5!G=$O(B JAR
$B%"!<%+%$%V$NFbMF$r%9%-%c%s$7!"%V%i%C%/%j%9%H$K$"$k%/%i%9$N=|5n$r9T$&!#(B

$B$7$+$7!"$3$N%=%U%H%&%'%"$N(B Java $B%"%W%l%C%HJ,@O5!G=$G$O(B Java Reflection
API $B$NMxMQ>uBV$KBP$7$F==J,$J8!>Z$r9T$C$F$$$J$$!#7k2L$H$7$F!"$3$N(B API
$B$,B>$N@)8B$5$l$?%a%=%C%I$d%/%i%9$N8F$S=P$7$K;HMQ$5$l$k$H?d;!$5$l$k!#(B

$B0-0U$"$k(B Java $B%"%W%l%C%H$,!"$3$N%=%U%H%&%'%"$N%U%#%k%?5!G=$r2sHr$9$k$?(B
$B$a$K!"$3$l$i$NJ}K!$,;HMQ$5$l$k$H?d;!$5$l$k!#%(%s%I%f!<%6$O7k2L$H$7$F0-(B
$B0U$"$k(B Java $B%"%W%l%C%H$+$iJ]8n$5$l$J$$2DG=@-$,$"$k!#(B

23. Finjan SurfinGate File Extension File Filter Circumvention Vulnerability
BugTraq ID: 6703
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 27 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6703
$B$^$H$a(B:

SurfinGate $B$O>&MQ@=IJ$H$7$FDs6!$5$l$F$$$k!"%3%s%F%s%D%U%#%k%?%j%s%05!G=!"(B
$B%"%W%j%1!<%7%g%sAX$G<BAu$5$l$?%U%!%$%"%&%)!<%k5!G=$rHw$($?%=%U%H%&%'%"(B
$B%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Finjan $B$K$h$C$FHNGd$5$l$F$*$j!"(BSun
Solaris$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O967b<T$,E,@Z$K@_Dj$5$l$?%U%!%$%k%U%#%k%?5!G=$r2sHr(B
$B2DG=$H$J$kLdBj$,B8:_$7$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$O!"%V%i%C%/%j%9%H$K$"$k%U%!%$%k$G$"$k$+$rH=CG$9$k$?$a(B
$B$K%U%!%$%k$N3HD%;R$r;HMQ$9$k!#Js9p$K$h$k$H!"967b<T$O%V%i%C%/%j%9%H$K$O(B
$B$J$$%U%!%$%k3HD%;R$r%U%!%$%kL>$KM>J,$KIU2C$9$k$3$H$G!"$3$N%=%U%H%&%'%"(B
$B$N%U%!%$%k%U%#%k%?5!G=$r2sHr2DG=$G$"$k$H?d;!$5$l$k!#(B

$BNc$($P!"967b<T$O%U%!%$%k%U%#%k%?5!G=$r2sHr$9$k$?$a$K!"<B9T2DG=%U%!%$%k(B
$B$r(B 'filename.com.txt' $B$H2~L>$9$k$H?d;!$5$l$k!#(B

$B>0!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$?$a$K$O!"%(%s%I%f!<%6$,BPOCE*$K0-(B
$B0U$"$k%U%!%$%k$r3+$/!"$"$k$$$O<B9T$9$kI,MW$,$"$kE@$KN10U$9$Y$-$G$"$k!#(B

24. Finjan SurfinGate Compressed Archive File Filter Circumvention Vulnerability
BugTraq ID: 6706
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6706
$B$^$H$a(B:

SurfinGate $B$O>&MQ@=IJ$H$7$FDs6!$5$l$F$$$k!"%3%s%F%s%D%U%#%k%?%j%s%05!G=!"(B
$B%"%W%j%1!<%7%g%sAX$G<BAu$5$l$?%U%!%$%"%&%)!<%k5!G=$rHw$($?%=%U%H%&%'%"(B
$B%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Finjan $B$K$h$C$FHNGd$5$l$F$*$j!"(BSun
Solaris$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O967b<T$,E,@Z$K@_Dj$5$l$?%U%!%$%k%U%#%k%?5!G=$r2sHr(B
$B2DG=$H$J$kLdBj$,B8:_$7$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O%"!<%+%$%V%U%!%$%k$r==J,$KJ,@O$7$J$$!#(B
$B$3$NLdBj$K$h$j!"(BZIP$B!"(BRAR $BEy$N%"!<%+%$%VFb$K0-0U$"$k%U%!%$%k$r4^$^$;$k(B
$B$3$H$G!"967b<T$O$3$N%=%U%H%&%'%"$N%U%!%$%k%U%#%k%?5!G=$r2sHr2DG=$G$"$k!#(B

$B>0!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$?$a$K$O!"%(%s%I%f!<%6$,BPOCE*$K0-0U(B
$B$"$k%U%!%$%k$r3+$/!"$"$k$$$O<B9T$9$kI,MW$,$"$kE@$KN10U$9$Y$-$G$"$k!#(B

25. Finjan SurfinGate Unknown File Extension File Filter Circumvention Vulnerability
BugTraq ID: 6707
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6707
$B$^$H$a(B:

SurfinGate $B$O>&MQ@=IJ$H$7$FDs6!$5$l$F$$$k!"%3%s%F%s%D%U%#%k%?%j%s%05!G=!"(B
$B%"%W%j%1!<%7%g%sAX$G<BAu$5$l$?%U%!%$%"%&%)!<%k5!G=$rHw$($?%=%U%H%&%'%"(B
$B%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O(B Finjan $B$K$h$C$FHNGd$5$l$F$*$j!"(BSun
Solaris$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O967b<T$,E,@Z$K@_Dj$5$l$?%U%!%$%k%U%#%k%?5!G=$r2sHr(B
$B2DG=$H$J$kLdBj$,B8:_$7$F$$$k!#(B

$B$3$N%=%U%H%&%'%"$O!"%V%i%C%/%j%9%H$K$"$k%U%!%$%k$G$"$k$+$rH=CG$9$k$?$a(B
$B$K%U%!%$%k3HD%;R$r;HMQ$9$k!#Js9p$K$h$k$H!"967b<T$O%V%i%C%/%j%9%H$K5-O?(B
$B$5$l$F$$$J$$%U%!%$%k3HD%;R$r%U%!%$%kL>$KM>J,$KIU2C$9$k$3$H$G!"$3$N%=%U(B
$B%H%&%'%"$N%U%!%$%k%U%#%k%?5!G=$r2sHr2DG=$G$"$k$H?d;!$5$l$k!#(B

$B%(%s%I%f!<%6$,BPOCE*$K!"0-0U$"$k%U%!%$%k$r3+$/!"$"$k$$$O<B9T$9$kI,MW$,(B
$B$"$kE@$KN10U$9$Y$-$G$"$k!#%m!<%+%k%7%9%F%`>e$GL$CN$N%U%!%$%k3HD%;R$r<h(B
$B$j07$($k$+$O5?$o$7$$$H9M$($i$l$k!#(B

26. Replicom ProxyView Default Password Vulnerability
BugTraq ID: 6708
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6708
$B$^$H$a(B:

Replicom ProxyView $B$O%j%b!<%H$+$i%3%s%T%e!<%?$X$N%"%/%;%9<jCJ$rDs6!$9$k(B
$B%D!<%k$G$"$k!#$3$N%=%U%H%&%'%"$O%M%C%H%o!<%/4IM}<T$X%j%b!<%H$N%5!<%P72(B
$B$KBP$9$k2>A[%3%s%=!<%k5!G=$rDs6!$9$k$h$&$K@_7W$5$l$F$$$k!#$3$N5!4o$NF0(B
$B:n4D6-$O5!4oAH$_9~$_MQ(B Windows NT $B$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N5!4o$OAH$_9~$^$l$F$$$k(B OS $BFb$G!"J8=q2=$5$l$F$$$J$$(B
Administrator $B%"%+%&%s%HMQ$N%G%U%)%k%H%Q%9%o!<%I$,@_Dj$5$l$F$$$k!#(B

$B$3$NLdBj$rMxMQ$7!"967b<T$O$3$N5!4o$N%]!<%HHV9f(B 139 $BHV$X@\B3$7!"(BAdministrator
$B%"%+%&%s%H$X(B "Administrator" $B$H$$$&%Q%9%o!<%I$rMQ$$$F%m%0%*%s$9$k$3$H$,(B
$B2DG=$G$"$k!#967b<T$O$3$NLdBj$K$h$j!"5!4o$r2TF0$5$;$F$$$k(B OS $B$K(B Administrator
$B8"8B$G%"%/%;%92DG=$G$"$k!#(B

$B$3$N5!4o$X@\B3$5$l$F$$$k%5!<%PFb$N;q8;$X$N%"%/%;%98"8B$rC%<h$9$k$?$a$K!"(B
$B$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B

27. Solaris in.ftpd Remote Denial of Service Vulnerability
BugTraq ID: 6709
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6709
$B$^$H$a(B:

in.ftpd $B$O(B Solaris $B$G;HMQ$5$l$F$$$k%G%U%)%k%H$N(B File Transfer Protocol 
(FTP) $B%G!<%b%s$G$"$k!#(B

Solaris in.ftpd $B%G!<%b%sFb$KLdBj$,H/8+$5$l$F$$$k!#8"8B$N$J$$%j%b!<%H$N(B
$B967b<T$O$3$N>u67$r0z$-5/$3$92DG=@-$,$"$k$3$H$,Js9p$5$l$F$$$k!#$3$NLdBj(B
$B$r967b$9$k$?$a$KG'>Z$,MW5a$5$l$k$+$I$&$+$OL$8!>Z$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$OB>$N@5Ev$J%f!<%6$X$N%5!<%S%9Ds6!$rCGB3E*$KIT(B
$BG=$J>uBV$K4Y$i$;$F$7$^$&2DG=@-$,$"$k!#$3$N>uBV$O967b<TB&$N(B FTP $B%/%i%$%"(B
$B%s%H$,%3%^%s%I$rH/9T$9$k:]$KCGB3E*$K@8$8!"Ls(B 60 $BIC$KEO$C$F%5!<%S%9$OIT(B
$BG=>uBV$K4Y$k!#$3$N4V!"@5Ev$J%f!<%6$N(B FTP $B%5!<%P$X$N%3%M%/%7%g%s$O%?%$%`(B
$B%"%&%H$9$k$H9M$($i$l$F$$$k!#(B

$BK\LdBj$K4X$9$k5;=QE*$J>\:Y$K$D$$$F$O8=;~E@$G$OL$>\$G$"$k!#K\(B BID $B$O$5(B
$B$i$J$k>pJs$,8x3+$5$l<!Bh99?7M=Dj$G$"$k!#(B

28. MIT Kerberos Remote Heap Corruption Vulnerability
BugTraq ID: 6713
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6713
$B$^$H$a(B:

Kerberos $B$O%M%C%H%o!<%/$r2p$7$FG'>Z$r9T$&$?$a$N%W%m%H%3%k$G$"$k!#HkL)80(B
$B0E9f$r;HMQ$9$k$3$H$K$h$j%/%i%$%"%s%H$b$7$/$O%5!<%P%"%W%j%1!<%7%g%s$K6/(B
$BEY$NG'>Z5!G=$rDs6!$9$k$h$&@_7W$5$l$F$$$k!#$3$N%W%m%H%3%k$N<BAuJ*$O(B MIT
$B$K$h$j3+H/!"J]<i$5$l$F$*$j!"(BMicrosoft Windows$B!"(BUNIX $B$*$h$S(B Linux $B$r4^$`(B
$BMM!9$J4D6-$GF0:n2DG=$G$"$k!#(B

MIT Kerberos $B$KLdBj$,B8:_$9$k$3$H$,Js9p$5$l$F$$$k!#Js9p$K$h$k$H!"$3$NLd(B
$BBj$O6-3&%A%'%C%/$H%f!<%6$+$iM?$($i$l$?%G!<%?$KBP$9$k%U%#%k%?%j%s%0$,IT(B
$B==J,$J$3$H$KM3Mh$7!"%a%b%jFbMF$NGK2u$r@8$8$F$$$k5?$$$,$"$k!#(B

$B%j%b!<%H$N967b<T$O967bBP>]$N%3%s%T%e!<%?$XAw?.$5$l$k0-0U$"$k%Q%1%C%HFb(B
$B$KIi$NCM$r4^$^$;$k$3$H$K$h$j!"$3$N>uBV$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#(B
$B$3$NLdBj$OIT==J,$J%a%b%j3dEv$F!"$b$7$/$OL58z$J%a%b%j;2>H$r0z$-5/$3$97k(B
$B2L$r$b$?$i$92DG=@-$,$"$k!#$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"7k2L$H(B
$B$7$F(B DoS $B$K4Y$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$NK\<A$+$i9M;!$9$k$J$i$P!"967b<T$O%a%b%j>e$N=EMW$JNN0h$r>e=q$-(B
$B$9$k>u67$r>7$/$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#$3$NLdBj$rMxMQ$9$k967b$,@.(B
$B8y$7$?>l9g!"(BKerberos $B$N<B9T8"8B$G0U?^E*$J%3!<%I$,<B9T$5$l$k2DG=@-$,$"$k!#(B
$B$7$+$7!"0U?^E*$J%3!<%I$r<B9T$9$k$?$a$K$3$NLdBj$rMxMQ$G$-$kDxEY$K$D$$$F(B
$B$OL$8!>Z$G$"$k!#(B

$B$3$NLdBj$,$h$j8E$$%P!<%8%g%s$N(B Kerberos $B$K$b1F6A$r5Z$\$9>l9g!"(BBID $B$O4{(B
$B$K3d$jEv$F:Q$_$G$"$k2DG=@-$,$"$k!#4{B8$N(B BID $B$K4^$^$l$kLdBj$G$"$k>l9g!"(B
$BK\(B BID $B$OGK4~$5$l!"3:Ev$9$k4{B8$N(B BID $B$,99?7M=Dj$G$"$k!#(B

29. MIT Kerberos Key Distribution Center Remote Format String Vulnerabilities
BugTraq ID: 6712
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6712
$B$^$H$a(B:

Kerberos $B$O%M%C%H%o!<%/$r2p$7$FG'>Z$r9T$&$?$a$N%W%m%H%3%k$G$"$k!#HkL)80(B
$B0E9f$r;HMQ$9$k$3$H$K$h$j%/%i%$%"%s%H$b$7$/$O%5!<%P%"%W%j%1!<%7%g%s$K6/(B
$BEY$NG'>Z5!G=$rDs6!$9$k$h$&@_7W$5$l$F$$$k!#$3$N%W%m%H%3%k$N<BAuJ*$O(B MIT
$B$K$h$j3+H/!"J]<i$5$l$F$*$j!"(BMicrosoft Windows$B!"(BUNIX $B$*$h$S(B Linux $B$r4^$`(B
$BMM!9$J4D6-$GF0:n2DG=$G$"$k!#(B

MIT Kerberos Key Distribution Center (KDC) $B$K$OJ#?t$NLdBj$,H/8+$5$l$F$$(B
$B$k!#Js9p$K$h$k$H!"(BKDC $B$O%f!<%6$+$iM?$($i$l$?%G!<%?$r<h$j07$&:]!"=q<0;X(B
$BDj;R$N==J,$JJd4V$K<:GT$7$F$$$k!#FC$K!"(Bprincipal name $B$,%j%b!<%H%f!<%6$+(B
$B$iM?$($i$l$k:]!"=q<0;XDj;R$rJd$o$l$k$3$H$J$/(B printf() $B4X?t$dF1<o$N4X?t(B
$B$G<h$j07$o$l$F$7$^$C$F$$$k$N$G$"$k!#FCDj$N>u672<$K$*$$$F!"G'>Z$5$l$F$$(B
$B$J$$%j%b!<%H%f!<%6$,LdBj$rJz$($k%=%U%H%&%'%"$r2TF0$5$;$F$$$k%3%s%T%e!<(B
$B%?$K(B principal name $B$r0z$-EO$9$3$H$,2DG=$G$"$k$3$H$,4{$KH=L@$7$F$$$k!#(B

$B=q<0;XDj;R$r4^$`!"0-0U$r$b$C$FAH$_N)$F$i$l$?(B principal name $B$r0z$-EO$9(B
$B$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B%n $B=q<0;XDj(B
$B;R$rMxMQ$7$F%a%b%jFb$X967b<T$K$h$k0U?^E*$JCM$r=q$-9~$`$3$H$K$h$j!"%j%b!<(B
$B%H$N967b<T$O0U?^E*$J%3!<%I$r<B9T2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$,$h$j8E$$%P!<%8%g%s$N(B Kerberos $B$K$b1F6A$r5Z$\$9>l9g!"(BBID $B$O4{(B
$B$K3d$jEv$F:Q$_$G$"$k2DG=@-$,$"$k!#4{B8$N(B BID $B$K4^$^$l$kLdBj$G$"$k>l9g!"(B
$BK\(B BID $B$OGK4~$5$l!"3:Ev$9$k4{B8$N(B BID $B$,99?7M=Dj$G$"$k!#(B

30. MIT Kerberos / Key Distribution Center Shared Key User Spoofing Vulnerability
BugTraq ID: 6714
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B Jan 29 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6714
$B$^$H$a(B:

Kerberos $B$O%M%C%H%o!<%/$r2p$7$FG'>Z$r9T$&$?$a$N%W%m%H%3%k$G$"$k!#HkL)80(B
$B0E9f$r;HMQ$9$k$3$H$K$h$j%/%i%$%"%s%H$b$7$/$O%5!<%P%"%W%j%1!<%7%g%s$K6/(B
$BEY$NG'>Z5!G=$rDs6!$9$k$h$&@_7W$5$l$F$$$k!#$3$N%W%m%H%3%k$N<BAuJ*$O(B MIT
$B$K$h$j3+H/!"J]<i$5$l$F$*$j!"(BMicrosoft Windows$B!"(BUNIX $B$*$h$S(B Linux $B$r4^$`(B
$BMM!9$J4D6-$GF0:n2DG=$G$"$k!#(B

MIT Kerberos $B$*$h$S(B Key Distribution Center (KDC) $B$K$OLdBj$,H/8+$5$l$F(B
$B$$$k!#Js9p$K$h$k$H!"6&M-80$r@_Dj$7$?(B realm $BFb$N%f!<%6$OB>$N%m!<%+%k$N(B
$B4D6-$G$O$J$$@5Ev$J%f!<%6$N?H85$K@.$j$9$^$9$3$H$,2DG=$G$"$k!#(B

$B1F6A$r<u$1$k%=%U%H%&%'%"$K$OIT==J,$J(B realm $B$N0\9T%Q%9$N8!>ZJ}K!$,B8:_$7(B
$B$F$$$k$?$a!"$3$NLdBj$rMxMQ$9$k967b$,2DG=$G$"$k!#(B

$B$3$NLdBj$O%m!<%+%k$N4D6-Fb$KB8:_$7$J$$(B principal name $B$,(B KDC $B$N%"%/%;%9(B
$B%3%s%H%m!<%k%j%9%HFb$K0LCV$7$F$$$k:]$K@8$8$k!#B>$N@5Ev$J%f!<%6$K?H85$r(B
$B@.$j$9$^$9$3$H$,2DG=$K$J$k$?$a!"967b<T$K$h$k=EMW$J>pJs$NC%<h$,0z$-5/$3(B
$B$5$l$k2DG=@-$,$"$k!#FCDj$N>u672<$K$*$$$F!"0-0U$"$k967b<T$OB>$N%f!<%6$N(B
$B4IM}2<$K$"$k;q8;$KBP$7!"$5$i$K9b$$%"%/%;%98"8B$rH<$&%f!<%6$H$7$F?H85$r(B
$B@.$j$9$^$7$?>e$G%"%/%;%92DG=$K$J$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$,$h$j8E$$%P!<%8%g%s$N(B Kerberos $B$K$b1F6A$r5Z$\$9>l9g!"(BBID $B$O4{(B
$B$K3d$jEv$F:Q$_$G$"$k2DG=@-$,$"$k!#4{B8$N(B BID $B$K4^$^$l$kLdBj$G$"$k>l9g!"(B
$BK\(B BID $B$OGK4~$5$l!"3:Ev$9$k4{B8$N(B BID $B$,99?7M=Dj$G$"$k!#(B

31. DotProject Remote File Include Vulnerability
BugTraq ID: 6710
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B Jan 28 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6710
$B$^$H$a(B:

dotproject $B$O(B Web $B%$%s%?!<%U%'%$%9$rHw$($k%W%m%8%'%/%H4IM}MQ$N%=%U%H%&%'(B
$B%"$G$"$j!"(BPHP $B$rMxMQ$7$F3+H/$5$l$F$$$k!#$3$N%=%U%H%&%'%"$O(B UNIX $B$*$h$S(B 
Linux $B>e$G2TF0$9$k$h$&@_7W$5$l$F$$$k!#(B

dotproject $B$O%j%b!<%H$N967b<T$,%j%b!<%H$N%5!<%P>e$KB8:_$9$k0U?^E*$J%U%!(B
$B%$%k$r%$%s%/%k!<%I2DG=$K$J$k5?$$$rJz$($F$$$k!#$3$NLdBj$O(B classdefs/date.php
$B%U%!%$%k$N%$%s%/%k!<%I$r;n$_$kBP>]$H$7$F!"(Bmodules $B%G%#%l%/%H%jFb$G(B dotproject
$B$H6&$K;XDj$5$l$k(B PHP $B%9%/%j%W%H%U%!%$%k$KB8:_$9$k!#(B

$B0J2<$,$3$NLdBj$N1F6A$r<u$1$k%9%/%j%W%H$N0lMw$G$"$k!#(B

modules/projects/addedit.php
modules/projects/view.php
modules/projects/vw_files.php
modules/tasks/addedit.php
modules/tasks/viewgantt.php

$BFCDj$N>u672<$K$*$$$F!"%j%b!<%H$N967b<T$O(B URI $B$N%Q%i%a!<%?$H$7$F0z$-EO$5(B
$B$l$k!"(B$root_dir $BJQ?t$NCM$r2~JQ$9$k$3$H$K$h$j!"%j%b!<%H$N%5!<%PFb$KB8:_(B
$B$9$k30It$N%U%!%$%k$r;X$7<($9MM$K!"(B'date.php' $B$KBP$7$F%$%s%/%k!<%I@h$N%U%!(B
$B%$%k$X$N%Q%9$r;XDj$9$k$3$H$,2DG=$K$J$k!#(B

$B%j%b!<%H$N%U%!%$%k$,0-0U$N$"$k(B PHP $B%9%/%j%W%H$G$"$C$?>l9g!"(BWeb $B%5!<%P$N(B
$B<B9T8"8B$G0U?^E*$J%3%^%s%I$N<B9T$r9T$&$?$a$N967b$,9T$o$l$k2DG=@-$,$"$k!#(B

32. PLP Tools plpnfsd Syslog Format String Vulnerability
BugTraq ID: 6715
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B Jan 29 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6715
$B$^$H$a(B:

PLP Tools $B$O%7%j%"%k@\B3$r2p$7$F(B Psion palmtop $B$H@\B3$9$k$?$a$KMxMQ$5$l(B
$B$k!"(B UNIX $B$*$h$S(B Linux $B$GMxMQ2DG=$J0lO"$N%i%$%V%i%j$*$h$S%f!<%F%#%j%F%#(B
$B$G$"$k!#(Bplpnfsd $B$O%f!<%6$,%o!<%/%9%F!<%7%g%s>e$N(B Psion $B%U%!%$%k%7%9%F%`(B
$B$r%^%&%s%H2DG=$K$9$k%5!<%P%"%W%j%1!<%7%g%s$G$"$k!#(B

plpfsd $B$K$O967b<T$,LdBj$rJz$($k%3%s%T%e!<%?>e$G8"8B>:3J$r9T$&7k2L$r>7$/(B
$B2DG=@-$,$"$kLdBj$,H/8+$5$l$F$$$k!#(B

$B$3$N%5!<%P%"%W%j%1!<%7%g%s$N%W%m%0%i%`>e$N8m$j$K$h$j!"=q<0;XDj;R$N<h$j(B
$B07$$$KM3Mh$9$kLdBj$rMxMQ$9$k967b$,2DG=$K$J$k$H?d;!$5$l$k!#$3$N%=%U%H%&%'(B
$B%"$GDs6!$5$l$F$$$k%m%0:N<h5!G=$O%;%-%e%"$G$O$J$$J}K!$G(B syslog() $B4X?t$r(B
$B8F$S=P$7$F$$$k!#$3$N$?$a!"967b<T$K$h$C$FM?$($i$l$?%3!<%I$N<B9T$r>7$/$3(B
$B$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O0-0U$"$k=q<0;XDj;RIU$-$NJ8;zNs$r4^$`$h$&$K!"0U?^E*$KAH$_N)$F(B
$B$i$l$?%G%#%l%/%H%jL>$r$3$N%5!<%P%"%W%j%1!<%7%g%s$,<u$1<h$k:]$K@8$8$k!#(B
$B$3$NLdBj$rMxMQ$9$k967b$,9T$o$l$k:]!"967b<T$O%a%b%jFb$N0U?^$9$kNN0h$r96(B
$B7b<T$K$h$C$F;X<($5$l$?CM$GGK2u$7!"7k2L$H$7$F$h$j>:3J$5$l$?8"8B$G%3!<%I(B
$B$r<B9T$9$k$3$H$,2DG=$G$"$k!#(B

$B$^$?$3$NLdBj$O(B plpnfsd $B$,(B setuid root $B$H$7$F%$%s%9%H!<%k$5$l$F$$$k$?$a(B
$B$K!"$5$i$K1F6AHO0O$r9-$2$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B plptools 0.6 $B$K$*$$$FH/8+$5$l$F$$$k!#(B

III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. E-Voting security debate comes home
$BCx<T(B: Kevin Poulsen

$B$J$<4v?M$+$N6/$$8"NO$r;}$D5;=Q<TC#$O%7%j%3%s%P%l!<$NEjI<=j0J30$N>l=j$G(B
$B40A4$KEE;R2=$5$l$?EjI<$r9T$$B3$1$h$&$H$7$F$$$k$N$@$m$&$+!#$?$V$s!"H`Ey(B
$B$O%O%C%+!<$,<!2s$NEjI<7k2L$r7hDj$7$F$7$^$&$3$H$r62$l$F$$$k$N$G$"$k!#(B

http://online.securityfocus.com/news/2197

2. 'Secure by design', claims MS op-ed ad
$BCx<T(B: Andrew Orlowski, The Register

$B:rF|I.<T$,(B New York Times $B$rGc$C$?@^!"$=$l$O40A4$J8m$j$G$"$C$?!#I.<T$O(B
Paul Krugman $B$,=pL>5-;v$rC4Ev$9$kF|$G$"$k$H;W$$9~$s$G$$$?$N$G$"$k$,!"(B
$B;fLL$K$O$J$+$C$?$N$G$"$k!#H`$N5-;v$OLZMK$K$OFI$a$J$$$N$@!#(B

http://online.securityfocus.com/news/2202

3. Canada's biggest Identity theft?
$BCx<T(B: Drew Cullen, The Register

IBM $B$OJ]812q<R$N(B 180,000 $B?M$N8\5R5-O?$,4^$^$l$F$$$k%O!<%I%G%#%9%/$rJ6<:(B
$B$7$?!#DL?.<R$+$iG[?.$5$l$?5-;v$K$h$k$H!"$=$NCf$K$O!V;aL>!"=;=j!"J]816b(B
$B<uNN?M!"<R2qJ]81HV9f!"G/6b<u5k3[!">5G'A0$ND4::>pJs!"Jl?F$N5l@+!W$,4^$^(B
$B$l$F$$$?!#(B

http://online.securityfocus.com/news/2190

4. $1m hacking challenge' product is flawed
$BCx<T(B: John Leyden, The Register

AlphaShield $B<R$,!V96N,$5$l$J$$!W$H>N$9$k!"0lHL>CHq<T8~$1%;%-%e%j%F%#5!(B
$B4o$OF1<R$N<gD%DL$j$G$O$J$$$H%9%Z%$%s$N%[%o%$%H%O%C%+!<$,<gD%$7$F$$$k!#(B

http://online.securityfocus.com/news/2189

IV. SECURITY FOCUS TOP 6 TOOLS
------------------------------
1. coridoras v0.0.17
$B:n<T(B: Christian Leber
$B4XO"$9$k(BURL:
http://ijuz.uugrn.org/dev/coridoras.html
$BF0:n4D6-(B: $BIT>\(B
$B$^$H$a(B:

coridoras $B$O%/%i%$%"%s%H$d%5!<%P$NJQ99$r9T$&$3$H$J$/(B IRC $B%/%(%j$r0E9f2=(B
$B$9$k$?$a$K!"B>$HHf3S$7$F$5$i$K4JC1$J<jCJ$rDs6!$9$k%=%U%H%&%'%"$G$9!#(B

2. fwtrends v0.1
$B:n<T(B: George Hedfors
$B4XO"$9$k(BURL:
http://www.sr-71.nu/fwtrends/
$BF0:n4D6-(B: OS $B$K0MB8$7$J$$(B
$B$^$H$a(B:

fwtrends $B$O(B Web $B%$%s%?%U%'!<%9$r2p$7$F%U%!%$%"%&%)!<%k$N%m%04F;k$rMF0W(B
$B$K$9$k$?$a$N%W%m%8%'%/%H$G$9!#$3$N%=%U%H%&%'%"$OMM!9$J%U%!%$%"%&%)!<%k(B
$B%=%U%H%&%'%"$+$i$N%m%0%U%!%$%k$r%$%s%]!<%H$7!"%"%i!<%H%$%Y%s%H$+$iE}7W(B
$B%0%i%U$rMF0W$K@8@.2DG=$G$9!#$3$N%=%U%H%&%'%"$O%f!<%6$,C10l$N%j%b!<%H%=!<(B
$B%9%"%I%l%9$rD4::$7!"$I$N$h$&$J%"%i!<%H$,H/@8$7$?$+$rD4::2DG=$K$7$^$9!#(B

3. TinyMonitor v0.9b
$B:n<T(B: Brian Shellabarger
$B4XO"$9$k(BURL:
http://www.glug.com/projects/
$BF0:n4D6-(B: FreeBSD, Linux, POSIX, Solaris, SunOS, UNIX
$B$^$H$a(B:

TinyMonitor $B$O(B Perl $B$rMxMQ$7$F3+H/$5$l!"(Bhttpd $B$,2TF0$7$F$$$k>l9g!"C1$K(B
$B2TF0>uBV$r3NG'$9$k$N$G$O$J$/!"JV$5$l$k%Z!<%8$N<B:]$NFbMF$r4Q;!$9$k$?$a(B
$B$N!"C1=c$J%b%K%?%j%s%0%W%m%0%i%`$,I,MW$G$"$k$H$NMWK>$+$i:n@.$5$l$^$7$?!#(B
$B$3$N%=%U%H%&%'%"$O4JC1$J(B Web $B%5!<%P$N4F;k(B ($B$9$J$o$A!"<B:]$K%3%s%F%s%D$r(B
$BAw?.$7$?$+(B) $B$"$k$$$O!"%Z!<%8$,M=4|$9$k$b$N$rJV$7$F$$$k$+(B ($B$9$J$o$A!"(BHTTP
$B$N%9%F!<%?%9%3!<%I$,(B 404 $B$G$O$J$/(B 200) $B$r3NG'$9$k$?$a$KMxMQ2DG=$G$9!#$3(B
$B$N%=%U%H%&%'%"$OHs>o$K>.5,LO$G$"$j!"(Bcron $B$K$h$C$FF0:n$9$k$h$&$K@_7W$5$l(B
$B$F$$$^$9!#%"%i!<%H$OEE;R%a!<%k$r2p$7$F!"$"$k$$$O%]%1%C%H%Y%k$d(B SMS $BEEOC(B
$B$XAw?.$5$l$^$9!#(B

4. GNU SASL v0.0.5
$B:n<T(B: Simon Josefsson
$B4XO"$9$k(BURL:
http://www.gnu.org/software/gsasl/
$BF0:n4D6-(B: POSIX
$B$^$H$a(B:

GNU SASL $B$O(B IETF $B$G5,3J2=$5$l$F$$$k(B Simple Authentication and Security
Layer (SASL) $B$N%U%l!<%`%o!<%/$H$=$NB>$$$/$D$+$N(B SASL $B5!9=$r<BAu$7$?%i%$(B
$B%V%i%j$G$9!#(BSASL $B$O%5!<%PFb$G%/%i%$%"%s%H$+$i$NG'>Z%j%/%(%9%H$r<u$1IU$1(B
$B$k$?$a$KMxMQ$5$l(B ($BNc(B: IMAP$B!"(BSMTP $B$J$I(B)$B!"%/%i%$%"%s%H$G$OBP8~$9$k%5!<%P(B
$B$NBEEv@-$rH=CG$9$k$?$a$KMxMQ$5$l$F$$$^$9!#(B

5. J2SSH v0.0.4
$B:n<T(B: Richard Pernavas
$B4XO"$9$k(BURL:
http://www.sshtools.com
$BF0:n4D6-(B: Os $B$K0MB8$7$J$$(B
$B$^$H$a(B:

J2SSH $B$O(B SSH2 $B%W%m%H%3%k$N%*%V%8%'%/%H;X8~8@8l(B Java $B$K$h$k<BAu$G$9!#(B
$B%5!<%P$X$N%"%/%;%9!"5Z$S(B SSH $B%5!<%P(B/$B%/%i%$%"%s%H$N%U%l!<%`%o!<%/3+H/(B
$B$KMxMQ2DG=$G$9!#$3$N(B API $B%i%$%V%i%j$O==J,$J5!G=$rM-$9$k(B SSH2 $B<BAu$rDs(B
$B6!$7!"<h$jJ,$1%/%m%9%W%i%C%H%U%)!<%`3+H/MQ$K@_7W$5$l$F$$$^$9!#9b%l%Y%k(B
$B$J%3%s%]!<%M%s%H!"BeI=E*$JI8=`(B SSH $B%/%i%$%"%s%H!"5Z$SI8=`(B SSH $B%5!<%P$O(B
$B%f!<%6%;%C%7%g%s!"%]!<%H%U%)%o!<%G%#%s%0$N%W%m%H%3%k;EMM$N<BAu$rDs6!$7(B
$B$F$$$^$9!#8=:_%5%]!<%H$5$l$F$$$k<BAu$O8x3+80!"%Q%9%o!<%IG'>Z!"(BX11 $B%W%m(B
$B%H%3%k$NE>Aw$G$"$j!"0z$-B3$-(B SFTP $B$N<BAu$,9T$o$l$kM=Dj$G$9!#(B

6. Darik's Boot and Nuke v2003013000
$B:n<T(B: Darik Horn
$B4XO"$9$k(BURL:
http://dban.sourceforge.net/download/changelog.txt
$BF0:n4D6-(B: OS $B$K0MB8$7$J$$(B
$B$^$H$a(B:

Darik's Boot and Nuke (DBAN) $B$OMM!9$J%3%s%T%e!<%?$N%O!<%I%G%#%9%/$r0B(B
$BA4$K>C5n$9$kA4$F$N5!G=$r0lKg$N5/F0%G%#%9%/$K<}$a$?%D!<%k$G$9!#$3$N%D!<(B
$B%k$OH/8+2DG=$J$I$N%O!<%I%G%#%9%/$G$b!"FbMF$r<+F0E*$K40A4$K>C5n$9$k$?$a!"(B
$B%G!<%?$N0l3g>C5n!"$"$k$$$O6[5^$J>C5n$r;n$_$k:]$NE,@Z$J%f!<%F%#%j%F%#$G(B
$B$"$k$H8@$($^$9!#(B
--
$BLu(B: $B:d0f=g9T(B(SAKAI Yoriyuki)$B!"?9:L9a(B(MORI Ayaka)$B!"(B
$B<r0fH~5.(B(SAKAI Miki)$B!"?7D.5W9,(B(SHINMACHI Hisayuki)
$B4F=$(B: $B:d0f=g9T(B(SAKAI Yoriyuki)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1045140574-45161218
Content-Type: application/pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIISGgYJKoZIhvcNAQcCoIISCzCCEgcCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
DzwwggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggU2MIIEn6ADAgECAhBYKwlOQWIg2t9s9Ul6
I3xqMA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMjA0MDEwMDAw
MDBaFw0wMzA0MDEyMzU5NTlaMIIBIzELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTYxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEXMBUGA1UEAxMOU0FL
QUkgWW9yaXl1a2kxHjAcBgkqhkiG9w0BCQEWD3Nha2FpQGxhYy5jby5qcDCCASIwDQYJKoZI
hvcNAQEBBQADggEPADCCAQoCggEBANEwVujTRrltaiSI2DFkPlw5L6WWWeOOy9z0HqaPXf2d
JYfoGHqbpq5MVCkBUSOHSY1Tpi/RdziqxhIYzXvzsb0wC1V0RNzvLf8zXtk6IjTmHttX0QDx
AvoxfmehZ1vCOgQcdBbG2FajnYo7MOewxLrmHLCv0Gitqsi2IS3Eaxv7v5Pzobu82BzUMBl6
9XypVXIEQHTG6s34ji0LbDOO/F5JqTuG5QhQmQyNnJyhNU4/BYu3e1KgK9c0gnIArQAroRqP
/0HXU7Ueu/HAUXnrt7+YqzL5CZ/6m11gCLblzFs2+6XieQsekFSjxquSQjl88C3CwgRoaNkx
01rqqYzBJ8ECAwEAAaOCAVAwggFMMAkGA1UdEwQCMAAwgawGA1UdIASBpDCBoTCBngYLYIZI
AYb4RQEHAQEwgY4wKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFMw
YgYIKwYBBQUHAgIwVjAVFg5WZXJpU2lnbiwgSW5jLjADAgEBGj1WZXJpU2lnbidzIENQUyBp
bmNvcnAuIGJ5IHJlZmVyZW5jZSBsaWFiLiBsdGQuIChjKTk3IFZlcmlTaWduMAsGA1UdDwQE
AwIFoDARBglghkgBhvhCAQEEBAMCB4AwcAYDVR0fBGkwZzBloGOgYYZfaHR0cDovL29uc2l0
ZWNybC52ZXJpc2lnbi5jb20vVmVyaVNpZ25KYXBhbktLVmVyaVNpZ25DbGFzczFDQUluZGl2
aWR1YWxTdWJzY3JpYmVyL0xhdGVzdENSTC5jcmwwDQYJKoZIhvcNAQEEBQADgYEALL1YFoVc
MyuHCFTkhPlz/3XIGtchllMRc+zha0qmA5wxbtgJT7hEl7IRrocWCSfweW4/KGZDQDMZM9wR
NRX19b4UTs2/opkQtX3eX4qNjUNnGdMjLTGTXzFqlph9b4ZYPvY5Xq+VQjpLBkqn2RQhdTLH
+BXc51LdzrtGw8H7s+4xggKmMIICogIBATCByjCBtTEcMBoGA1UEChMTVmVyaVNpZ24gSmFw
YW4gSy5LLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazE+MDwGA1UECxM1VGVy
bXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvLmpwL1JQQSAoYykgOTgxNDAy
BgNVBAMTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXICEFgr
CU5BYiDa32z1SXojfGowCQYFKw4DAhoFAKCBsTAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcB
MBwGCSqGSIb3DQEJBTEPFw0wMzAyMTMxMjQ5MDBaMCMGCSqGSIb3DQEJBDEWBBS+ou8t7Bwr
pGW75ISLBUXNesqkkzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMC
AgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG9w0DAgIBKDANBgkqhkiG9w0B
AQEFAASCAQChQlnnOhvMpCluG+wqvTCPZbs8Z0r+3UEzP+DvaaQS22QHTxQ1dwD5L+Ww2Ey3
kkjXkwsiKL9fBWaNpg0GUkuVa/48X4spcUzhEptOPPGHeRa7TfD4cO1W4rBxRbmcrgLUoaeO
YwCZA3kXAlNDIlWxwgbOClFYXFgSka2PTJXkswu8HGt43huhD/CHEVWZK0Fz/BXdynFcPGfy
hWIcm37/OmiksHjiYYsExaVvuU2Xu03AxhTXDHS9nC9HP5m5hEiQwzWpq1x7vzNlVwp6xyjd
CqWcFBcTppXYrvTz0I6Db/3pByVhUTLVREuOAv6ryIWcXuyZc4CPfdnRYHK4hA11

-----------1045140574-45161218--