$B%;%-%e%j%F%#%[!<%k(B memo - 2001.09

Last modified: Tue Apr 15 13:02:37 2003 +0900 (JST)

2001.09.28

SecurityFocus.com Newsletter #111 2001-9-14->2001-9-18
(BUGTRAQ-JP, Tue, 25 Sep 2001 10:04:05 +0900)

$B!!(BSecurityFocus.com Newsletter $BBh(B 111 $B9fF|K\8lHG(B ($B%F%-%9%H(B, $B1Q8lHG(B)$B!#(B

SecurityFocus.com Newsletter #110 2001-9-7->2001-9-12
(BUGTRAQ-JP, Mon, 17 Sep 2001 20:08:56 -0400)

$B!!(BSecurityFocus.com Newsletter $BBh(B 110 $B9fF|K\8lHG(B ($B%F%-%9%H(B, $B1Q8lHG(B)$B!#(B ProFTPD $B$NOCBj(B$B$O(B ftpd ML $B$K(B patch $B$,N.$l$F$$$?!#(B

CISCO $B$b$N(B
(arious)

Making NT Bleed
(pen-test ML, Wed, 26 Sep 2001 14:36:32 +0900)

$B!!(BIO Wargames $B$G$NH/I=;qNA$N$h$&$G$9!#(B

U.S. $B%F%m4XO"(B
(various)

Nimda $B4XO"(B
(various)

2001.09.27

2001.09.26

BUGSLAYER: Optimize and Trim Your Code with New Switches in Visual C++ .NET
(MSDN Magazine, August 2001)

$B!!(BVisualStudio.NET $B$K$O!"(Bbuffer overflow $BBP:v$N%3%s%Q%$%k%*%W%7%g%s(B /GS $B$,DI2C$5$l$k$N$@$=$&$@!#(B $B@bL@$9$k$h$jFI$s$G$$$?$@$$$?J}$,Aa$$$@$m$&(B:

The Buffer Security Check Switch
The runtime checks are very cool, but another switch that you should always turn on is /GS, the Buffer Security Check switch. The purpose of /GS is to monitor the return address for a function to see if it is overwritten, which is a common technique used by viruses and Trojan horse programs to take over your application. /GS works by reserving space on the stack before the return address. At the function entry, the function prolog fills in that spot with a security cookie XOR'd with the return address. That security cookie is computed as part of the module load so it's unique to each module. When the function exits, a special function, _security_check_cookie, checks to see if the value stored at the special spot is the same as it was when entering the function. If they are different, the code pops up a message box and terminates the program. If you want to see the security code in action, read the source files SECCINIT.C, SECCOOK.C, and SECFAIL.C in the C runtime source code.
As if the security-checking capability of the /GS switch wasn't enough, the switch is also a wonderful debugging aid. While the /RTCx switches will track numerous errors, a random write to the return address will still sneak through. With the /GS, you get that checking in your debug builds as well. Of course, the Redmondtonians were thinking of us when they wrote the /GS switch, so you can replace the default message box function with your own handler by calling _set_security_error_handler. If you do whack the stack, your handler should call ExitProcess after logging the error.

$B!!%Q%U%)!<%^%s%9$,$I$NDxEYDc2<$9$k$N$+!"$H$+$O5-=R$5$l$F$$$J$$!#(B $B9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B$3$NJ8=q$NF|K\8lHG$,(B MSDN Magazine $BF|K\8lHG(B No.18 $B$K$"$k$=$&$G$9!#(B

2001.09.25

UNIX $BJ}LL(B
(various)

Debian GNU/Linux
RedHat
FreeBSD

  • FreeBSD Security Advisory FreeBSD-SA-01:60.procmail

  • Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)

    FreeBSD 4.4-RC $B0JA0$KIUB0$9$k(B OpenSSH $B$O!"(Broot $B8"8B$rJ];}$7$?$^$^(B login class capability database $B$N=hM}$r9T$C$F$7$^$&$?$a!"(B ~/.login_conf $B$K(B

    default:\
    $B!!(B:copyright=/etc/master.passwd:

    $B$H$+(B

    default:\
    $B!!(B:welcome=/etc/master.passwd:

    $B$H$+=q$$$F$*$/$H!"$3$l$,$G$-$F$7$^$&!"$H$$$&;XE&!#(B $B$D$^$j!"$J$s$G$bFI$a$k!#(B $Bhttp://www.jp.freebsd.org/cgi/cvsweb.cgi/src/lib/libutil/login_cap.c $B$G$O!"6[5^BP1~$H$7$F(B ~/.login_conf $B5!G=$rDd;_$7$F$$$k$h$&$K8+$($k!#(B 4.3-RELEASE $BMQ(B patch$B!#(B 4.4-RELEASE $B$G$O!"$"$i$+$8$a(B ~/.login_conf $B5!G=$,Dd;_$5$l$F$$$k!#(B RELENG_3 $B$d(B RELENG_2_2 $B$G$b(B fix $B$,F~$C$F$$$k!#(B

    ports $B$N(B security/openssh-portable $B$r;H$C$F$$$k?M$O(B ok$B!#(B security/openssh $B$O;H$C$F$J$$$+$i$o$+$s$J$$$J$"!D!D!#(B

$BEpD0AuCV!"L1
([social-memo:3], Sat, 22 Sep 2001 01:13:32 +0900)

$B!!4IM}B&$O!"EvA3$J$,$i;}$F$kNO$O2DG=$J8B$j;}$H$&$H$7$^$9!#(B $B$7$+$b!"HkL)$K$G$-$kItJ,$O2DG=$J8B$jHkL)$K$7$^$9!#(B $B$3$l$r7rA4$K4F;k$9$k$N$O%a%G%#%"$N;HL?$J$N$G$9$,!"(B $BF|K\$N%a%G%#%"$O$"$^$j4|BT$G$-$J$+$C$?$j$9$k$N$,%"%l%2!#(B $BI,MW$J;v$O<+J,C#$G$J$s$H$+$7$h$&!#(B $B$=$l$O$^$?!"L1

Check Point FireWall-1 GUI Buffer Overflow
(Win2ksecadvice, Sat, 22 Sep 2001 01:06:01 +0900)

$B!!(BWindows NT/2000 $BMQ$N(B VPN-1/FireWall-1 4.0, 4.1 $B$N(B Management Server $B$KZ%3!<%I$K(B buffer overflow $B$9$kZ$5$l$?(B GUI $B%/%i%$%"%s%H$N(B IP address $B$+$i$7$+

ICMP$B$r;H$C$FBP>]%5%$%H$N(BOS$B$rFCDj$9$k!V(BXprobe$B!W(B
($BF|7P(B IT Pro, 2001$BG/(B9$B7n(B24$BF|(B)

$B!!(BXprobe $B<+BN$O$^$@$^$@40@.EY$,Dc$$$h$&$J$N$G$9$,!"(B brush up $B$5$l$k$H$1$C$3$&%"%l%2$=$&!#(B $B$"$H!"(BPath MTU Discovery $B$K$D$$$F$A$c$s$H=q$+$l$F$$$k$N$O(B good $B$G$9$,!"(B ICMP $B$r;H$C$?JI$L$1%D!<%k$H$+!"(B $B!V$3$l$O;_$a$h$&4m81$J(B ICMP$B!W$K?($l$F$$$J$$$N$O$A$g$$;DG0!#(B $BB3JT$r4|BT!#(B

$B8D?M>pJsJ]8nK!4XO"(B
(MAINICHI Interactive)

Nimda $B4XO"(B
(various)

U.S. $B%F%m4XO"(B
(various)

2001.09.20

$B!!:#Lk(B $B%;%-%e%j%F%#%9%?%8%"%`(B 2001 $B$X8~$1$F=PH/$7$^$9$N$G!"$3$N%Z!<%8$N99?7$O;_$^$j$^$9!#(B

2001.09.19

$B!!$0$O$C(B ($BEG7l(B)$B!#(Breimy $B$5$s$"$j$,$H$&$4$6$$$^$9!#(B

Nimda Worm
(various)

$B%^%$%/%m%=%U%H(B
$B8xE*5!4X(B
$B%"%s%A%&%#%k%9%Y%s%@(B
$B%;%-%e%j%F%#4XO"%5%$%H(B
$B%K%e!<%9%5%$%H(B
$B$=$NB>(B

2001.09.18

SNS Spiffy Reviews No.2 $B8D?M>pJsO31L$N2DG=@-$N$"$k@H
(BUGTRAQ-JP, Tue, 18 Sep 2001 17:58:51 +0900)

$B!!@H

SNS Spiffy Reviews No.1 Microsoft IIS SSI Buffer Overrun Privilege Elevation Vulnerability
(BUGTRAQ-JP, Tue, 18 Sep 2001 17:58:22 +0900)

$B!!(BMS01-044 $BLdBj(B ($B?75,J,(B) $B$N$&$A!"(BCAN-2001-0506 $B$N8!>Z%W%m%0%i%`!#(B $B$3$l$^$G(B LAC $B$O(B exploit $B$r0l@Z8x3+$7$F$$$J$+$C$?$HM}2r$7$F$$$k$,!"(B $B2?$,JQ2=$r$b$?$i$7$?$N$@$m$&!#(B $B8D?ME*$K$O4?7^$9$kJQ2=$J$N$@$1$I!#(B

$B!!$5$C$=$/%"%s%F%J$KDI2C$7$F$*$-$^$7$?!#(B

$B%F%m$,$i$_5,@)4XO"JsF;(B
(various)

$B!!5,@)!&8"NO%i%V%i%VGI$,$$$C$;$$$K9TF0$7$F$$$k$C$F46$8!#(B $B2?$,I,MW(B($B0-(B)$B$G!"2?$O$=$&$G$J$$$N$+$r$-$A$s$H8+6K$a$J$$$H!"(B $B$I$5$/$5$^$.$l$K$H$j$+$($7$N$D$+$J$$>u67$K$J$k62$l$"$j!#(B CODE $B%$%s%?!<%M%C%H$N9gK!!&0cK!!&%W%i%$%P%7!<(B $B$,M=8@$9$k$h$&$JL$Mh$O5^7c$K@\6a$7$F$$$k$N$+$b$7$l$J$$!#(B

ZDNet
WIRED NEWS

2001.09.17

UNIX fixes
(various)

TurboLinux

2001.09.14

SecurityFocus.com Newsletter #109 2001-8-31->2001-9-4
(BUGTRAQ-JP, Tue, 11 Sep 2001 08:01:54 +0900)

$B!!(BSecurityFocus.com Newsletter $BBh(B 109 $B9fF|K\8lHG(B ($B%F%-%9%H(B, $B1Q8lHG(B)$B!#(B

FREAK SHOW: Outlook Express 6.00
(BUGTRAQ, Thu, 13 Sep 2001 02:39:29 +0900)

$B!!(BOutlook Express 6.00 $B$K(B 2 $B$D$Nhtml.dropper $BLdBj(B $B$,2r7h$5$l$F$$$J$$$H$$$&!#(B

$B%;%-%e%j%F%#7P:Q3X(B $BBh0lOC!!2q
($B%W%i%9%;%C%/(B, 2001/9/7)

$B!!@N$J$i?&6H%9%Q%$$+(B 007 $B$7$+;}$C$F$$$J$+$C$?$h$&$J%b%N$,!":#$G$O$=$N$X$s$KGd$C$F$^$9$7$M$(!#(B $B>-MhE*$K?J$`J}8~$H$7$F$O!"=>6H0w4F;kMQ$NG>Fb%J%N%=%U%H$H$+$+$J$"!#$$$d$@$J$"!#(B

Windows XP $B4XO"(B KB
($B?7Ce%5%]!<%H5;=Q>pJs(B , 2001.09.14)

A week in the life of Fred, a corporate IT security administrator
(whalecommunications.com, Thu, 09 Aug 2001 18:07:12 GMT)

$B!!

$BDI5-(B

$B!!(B2001.09.12 $B$N(B Multiple vendor 'Taylor UUCP' problems. $B$K(B$BDI5-(B$B$7$?!#(B OpenBSD $B$NBP1~$rDI5-!#(B

MS fixes
(Microsoft Product Security Notification Service)

MS01-047: OWA $B5!G=$K$h$j!"G'>Z$5$l$F$$$J$$%f!<%6!<$,%0%m!<%P%k%"%I%l%90lMw$rNs5s$9$k$3$H$,$G$-$k(B

Exchange 5.5 $B$G(B Outlook Web Access $B$rMxMQ$7$F$$$k>l9g$K@\%"%/%;%9$G$-$F$7$^$&$?$a!"(B Exchange $B$N%f!<%6>pJs$rF@$k$3$H$,$G$-$F$7$^$&!#(B Outlook Web Access $B$rMxMQ$7$F$$$J$$>l9g!"(BExchange 2000 $B$rMxMQ$7$F$$$k>l9g$K$O$3$Npatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B>\:Y(B: Exchange Public Folders Information Leakage$B!#(B CVE: CAN-2001-0660

MS01-048: RPC Endpoint Mapper $B$X$NIT@5$J%j%/%(%9%H$K$h$j!"(BRPC $B%5!<%S%9$,0[>o=*N;$9$k(B

Windows NT 4.0 $B$N(B RPC Endpoint Mapper (port 135) $B$K0[>o$J%Q%1%C%H$rEj$2$k$H!"(BRPC $B%5!<%S%9$,%@%&%s$7$F$7$^$&!#(B Windows 2000/XP $B$K$O$3$NLdBj$O$J$$!#(B patch $B$,=P$F$$$k$N$GE,MQ$9$l$P$h$$!#(B $B$?$@$7!"(BTSE $BMQ(B patch $B$O$^$@=P$F$$$J$$!#(B

CVE: CAN-2001-0662

URLScan Security Tool
(win2ksecadvice, Thu, 13 Sep 2001 02:28:24 +0900)

$B!!(BMicrosoft $B$+$i!"(BIIS $BMQ$N?7$7$$%;%-%e%j%F%#%D!<%k(B URLScan $B$,EP>l!#(B B-) $B$5$s$A(B (2001/9/13) $B$KF|K\8l2r@b$,$"$k!#(B $B$^$?(Bhsj $B$5$s$A(B (01.09.13) $B$K$b%l%]!<%H$,=P$F$^$9!#$3$N(B Server: $B%?%0$O!D!D(B(^^;;;)$B!#(B

$B!!(B $BIT@5$J%j%/%(%9%H$r ($BF|7P(B IT Pro) $B$K$h$k$H!V(B$B%^%$%/%m%=%U%H$K$h$k$HF|K\8lHG$G$NF0:n$OJ]>Z$7$J$$$H$$$&!#F|K\8lHGBP1~$K$D$$$F$O8=:_7W2hCf!$8x3+;~4|$OL$Dj$G$"$k(B$B!W$=$&$G!#(B MS $BK\

UNIX fixes
(various)

Vine Linux

2001.09.13

2001.09.12

$BDI5-(B

$B!!(B2001.09.06 $B$N(B ASSESSMENT 01-019: Buffer Overflow Vulnerability in Telnet Daemon (x.c worm) $B$K(B$BDI5-(B$B$7$?!#(B $B$3$,$5$s$N5?Ld$NOC$rDI5-!#(B

WindowsXP$B$N(B $B%U%!%$%"%&%)!<%k5!G=$r(B $B8!>Z$9$k(B
(ZDNet, 2001/09/12)

$B!!(BWindows 2000 Pro. $B$HHf$Y$k$H!"$:$$$V$s$o$+$j$d$9$/$J$C$?!"$H$O8@$($^$9$h$M!#(B

JPCERT/CC REPORT 2001-09-12
(JPCERT/CC, Wed, 12 Sep 2001 11:03:59 +0900)

$B!!(BRUS-CERT Advisory 2001-08:01 Vulnerabilities in several Apache authentication modules $B$N7o$O!"$R$-$D$E$$$F(B PostgreSQL $BJ}LL$N(B PAM/NSS $B%b%8%e!<%k$K$D$$$F$bLdBj$,H/8+$5$l$F$$$k(B: RUS-CERT Advisory 2001-09:01 Vulnerabilities in PAM and NSS modules using a PostgreSQL database

ISS Alert: Code Blue Worm
(focus-ms ML, Tue, 11 Sep 2001 03:37:46 +0900)

$B!!M=A[$I$*$j2~NI$,B3$1$i$l$F$$$k!"$H$$$&$3$H$J$s$@$m$&$J$"!#(B Code$B@V@DNP!" (/.) $B$K$b$"$k$h$&$KBP93%o!<%`$bEP>l$7$F$$$k$C$]$$$,!"(B $B;_$a$k$K$O$H$K$+$/Kd$a$k$7$+$J$$$o$1$G!#(B $B$G$b(B Survey Shows 12% of IIS SSL Sites Have Backdoor $B$K$"$k$h$&$K7j$D$-$,$?$/$5$s;D$C$F$^$9$+$i!"(B root.exe $BFM$-%o!<%`$,$D$/$i$l$?$i$^$?$b$d!D!D!#(B

$B!!4XO"(B: $B6K0-%o!<%`$N!V@D!W%P!<%8%g%s!$46@w3HBg(B (ZDNet)

Multiple vendor 'Taylor UUCP' problems.
(BUGTRAQ, Sat, 08 Sep 2001 19:58:39 +0900)

$B!!(BGNU $B$N(B uucp $B%Q%C%1!<%8(B 'Taylor UUCP' $B$K@\E*$K$O(B local user $B$,(B uucp $B8"8B$rF@$i$l$k$N$@$,!"(B $B$3$3$+$i$5$i$K(B daily $B%9%/%j%W%H7PM3$G(B root $B$,l9g$,$"$k$H$5$l$F$$$k!#(B Caldera fix: Security Update [CSSA-033.0]Linux - uucp argument handling problems

2001.09.14 $BDI5-(B:

$B!!(BOpenBSD-current $B$G$O!"(Buucp $B$r:o=|$7!"I,MW$J$i(B packages/ports $B$+$iF~$l$k$h$&$K$7$?$=$&$@!#(B $B;2>H(B: vulnerability in UUCP$B!"(BRe: vulnerability in UUCP (security-announce@openbsd.org)

UNIX fixes
(various)

RedHat
AIX

$BJF9q%F%m4XO"(B
(various)

InterScan eManager for Windows NT ver. 3.51J CGI$B%W%m%0%i%`$N%P%C%U%!%*!<%P!<%U%m!<$K$D$$$F(B
($B%H%l%s%I%^%$%/%m(B, Sep 12, 2001)

$B!!(B SNS Advisory No.42: Trend Micro InterScan eManager for NT Multiple Program Buffer Overflow Vulnerability $B$NOC!#(B InterScan eManager for Windows NT Ver. 3.51J $B$rMxMQ$7$F$$$k?M$OE,MQ$7$^$7$g$&!#(B

Survey Shows 12% of IIS SSL Sites Have Backdoor
(incidents.org, September 10, 2001)

$B!!!V(Bpatch $B$OE,MQ$G$-$F$b$=$l0J>e$N$3$H$O$G$-$J$$!W$H$$$&?M$,(B 10% $B$$$k$C$F$3$H$J$s$G$7$g$&$M$(!#(B

$B!V%5!<%+%`!W%&%$%k%9$,$^$s1d(B $B!H$@$^$9!I
($BF|7P(B IT Pro, 2001.09.10)

$B!!(B%u encoding IDS bypass vulnerability $B$b$=$&$@$,!"!VKI1R%7%9%F%`$O$9$jH4$1$k$,BP>]J*$O

2001.09.11

2001.09.10

2001.09.07

$BDI5-(B

$B!!(B2001.09.06 $B$N(B Title: Gauntlet Firewall for Unix and WebShield CSMAP and smap/smapd Buffer Overflow $B$K(B$BDI5-(B$B$7$?!#(B CERT Advisory $BEP>l!#(B

UNIX fixes
(various)

FreeBSD
NetBSD
VineLinux

$BDI5-(B

$B!!(B2001.09.06 $B$N(B %u encoding IDS bypass vulnerability $B$K(B$BDI5-(B$B$7$?!#(B ISS Alert: Multiple Vendor IDS Unicode Bypass Vulnerability$B!#(B

2001.09.06

FreeBSD Security Advisory FreeBSD-SA-01:59.rmuser
(freebsd-security ML, Wed, 05 Sep 2001 04:49:19 +0900)

$B!!(Brmuser $B%9%/%j%W%H$K

SecurityFocus.com Newsletter #108 2001-8-24->2001-8-27
(BUGTRAQ-JP, Wed, 05 Sep 2001 11:42:49 +0900)

$B!!(BSecurityFocus.com Newsletter $BBh(B 108 $B9fF|K\8lHG(B ($B%F%-%9%H(B, $B1Q8lHG(B)$B!#(B

Linux Administrators Security Guide
(BUGTRAQ, Tue, 04 Sep 2001 14:23:47 +0900)

$B!!$R$5$S$5$K(B update $B$5$l$?$N$@$=$&$G$9!#(B Preface, Introduction to Security, Installation, Physical and console security, Administration, Filesystem and files, Authentication, Limiting and monitoring users $B$,A}$(!"$=$NB>$b$m$b$m$b2~D{$5$l$F$$$k$=$&$G$9!#(B

Various problems in Baltimore WebSweeper URL filtering
(BUGTRAQ, Wed, 05 Sep 2001 17:57:27 +0900)

$B!!(BWebSweeper $B$K$h$k(B URL $B%"%/%;%9@)8B$r$+$$$/$0$kJ}K!!#(B $B%Y%s%@!<$O(B It is not practical to use WEBsweeper to manage blacklists $B$H=R$Y$F$$$i$C$7$c$k$=$&$G$9!#(B

%u encoding IDS bypass vulnerability
(FOCUS-MS ML, Thu, 06 Sep 2001 06:45:13 +0900)

$B!!(BRealSecure, Dragon, Snort, NFR $B$J$I@$$NCf$N(B IDS $B$NB?$/$K$K$J$C$?(B UNICODE (UTF) encoding $B$@$,!"(B $B$h$/CN$i$l$k(B %01%23 $B$H$$$C$?7A<0$NB>$K!"(B%u0123 $B$H$$$&7A<0$b;H$($k$N$@$=$&$G!#(B $B$7$+$7@$$N(B IDS $B$NB?$/$O(B %u $B$rMxMQ$7$?7A<0$KBP1~$7$F$$$J$$$?$a!"(B %u $B7A<0$r;H$&$3$H$G!"(BIDS $B$N7Y2|$r$9$jH4$1$k$3$H$,2DG=$@$=$&$G!#(B

Credit:
This technique first came to our attention by an exploit written by HSJ. The %u encoding technique was used in HSJ's .ida buffer overflow exploit however it was not used to mask the attack to bypass Intrusion Detection Systems when performing attacks against IIS systems.

$B$@$=$&$G!#(B

$B!!BP:v$H$7$F$O!"(BIDS $B3FH(B)$B!#(B snort $B$G$O(B 1.8.1 $B$G(B fix $B$5$l$F$$$k$=$&$@!#(B

2001.09.07 $BDI5-(B:

$B!!(BISS Alert: Multiple Vendor IDS Unicode Bypass Vulnerability

ASSESSMENT 01-019: Buffer Overflow Vulnerability in Telnet Daemon
(incidents ML, Tue, 04 Sep 2001 13:06:22 +0900)

$B!!(Btelnetd $B7j(B $B$rFM$/%o!<%`(B x.c $B$,EP>l$H$$$&OCBj!#7j$O:I$.$^$7$g$&!#(B

2001.09.12 $BDI5-(B: $B!VBh(B2$B$N(BCode Red$B!W$H$J$k2DG=@-$b!=!=(BUNIX$B%o!<%`!V(BX.C$B!W$K7Y9p(B (ZDNet) $B$K$O(B $B!V(BX.C$B%o!<%`$K46@w$9$k2DG=@-$,$"$k$N$O!$(BSolaris$B!$(BSGI IRIX$B!$(BOpen BSD$B!W(B $B$H$"$k$,!"(B x.c worm analysis $B$G$O!V(Bthe worm affects BSDI 4.1, NetBSD 1.5, and FreeBSD 3.1 through 4.3$B!W$G!"(B Solaris $B$d(B IRIX $B$O$I$3$+$i=P$F$-$?$N$+(B? $B$H$$$&5?Ld$r(B $B$3$,$5$s$,(B$BEj$2$+$1$F$$$k(B$B!#(B $BF1MM$N

$B!!%j%+%P%j!<%D!<%k=P$F$^$9(B: X.C. Worm Detection and Removal Tool (from LWN)

Title: Gauntlet Firewall for Unix and WebShield CSMAP and smap/smapd Buffer Overflow
(IPA ISEC $B@HpJs(B, 2001.09.05)

$B!!(BGauntlet for UNIX 5.x/6.0 $B$d(B WebShield for Solaris v4.1 $B$J$I$K4^$^$l$k(B smap/smapd $B$*$h$S(B CSMAP $B%G!<%b%s$K(B buffer overflow $B$9$k

2001.09.07 $BDI5-(B:

$B!!(BCERT Advisory $BEP>l(B: CERT Advisory CA-2001-25 Buffer Overflow in Gauntlet Firewall allows intruders to execute arbitrary code (LAC $B$K$h$kK.LuHG(B$B!"(B reasoning.org $B$K$h$kK.LuHG(B)$B!#(B

2001.09.05

$BDI5-(B

$B!!(B2001.08.22 $B$N(B Code Red $B$K$h$k?<9o$JLdBj$KBP$9$kKI8n:v$HBP=hJ}K!$K$D$$$F$N@bL@(B: $B$h$/$"$k $B$K(B$BDI5-(B$B$7$?!#(B $B!V(B2001/8/24 $B8=:_!"(BWindows NT Server 4.0 $B$G$b46@w$9$k$3$H$,3NG'$5$l$F(B$B!W(B $B$$$k$=$&$@!#(BIHA $B$5$s46

$BMW%A%'%C%/!$(BMS$B%5%$%H$K!H=\!I$N!V(BSecurity PickUp$B!W%3!<%J!<(B $B%j%s%/$5$l$F$$$k%I%-%e%a%s%H$K$O2~A1$NM>CO$"$j(B
($BF|7P(B IT Pro, 2001$BG/(B9$B7n(B5$BF|(B)

$B!!(BCode Red $BJ}LL!"(BWindows 2000 Pro. $B$G!V(B$B%F%9%H$H$7$F(B IIS $B$r0l;~E*$KAH$_9~$s$G$$$?$?$a$K!$46@w$7$?%f!<%6!<$OB?$+$C$?(B$B!W!"$H$J$C$F$$$^$9$,!"

$B!!$=$N?M$O(B Windows 2000 Pro. $B$J(B note PC (DELL) $B$r;HMQ$7$F$$$?$N$G$9$,!"(B $B$I$&$d$i!V%W%l%$%s%9%H!<%k!W$NCJ3,$G$9$G$K(B IIS 5.0 $B$,%$%s%9%H!<%k$5$l2TF/$7$F$$$?$i$7$$$N$G$9!#(B $B$3$N$?$a!";HMQ

$B!!(BFAT/NTFS $B$H$+$$$&$+$i$_$b$"$j$^$9$7!"(B $B%W%l%$%s%9%H!<%k(B OS $B$O$d$C$Q$j0lC6>C$9$N$,5H$J$s$G$7$g$&$+$M$(!#(B

2001.09.18 $BDI5-(B:

$B!!(BIIS$B%G%U%)%k%HF0:n$N(BW2K$B5!(B (slashdot.jp)

2001.09.04

Timing Analysis of Keystrokes and Timing Attacks on SSH
(secureshell@securityfocus.com, Wed, 22 Aug 2001 23:53:30 +0900)

$B!!(Bssh $B$G$NDL?.$O$b$A$m$s0E9f2=$5$l$F$$$k!#(B $B$7$+$7!"$=$N0E9f2=$5$l$?%Q%1%C%H$r$J$,$a$k$H!"$$$m$$$m$J$3$H$,$o$+$k$H$$$&!#(B

  • ssh $B$O(B 8 $B%P%$%H6-3&$G$7$+%Q%G%#%s%0$7$J$$(B ($B%V%m%C%/0E9f$rMxMQ$9$k>l9g(B)$B!#(B $B:G=i$N(B login $B;~$NF~NO$O%P%C%AE*$KAw$i$l$k$?$a!"(B $B$=$N%Q%1%C%H%5%$%:$rD/$a$k$3$H$G!"%Q%9%o!<%I$N$@$$$?$$$ND9$5(B (ex. 7 $BJ8;z0J>e$J$N$+H]$+(B) $B$rH=JL$9$k$3$H$,$G$-$F$7$^$&!#(B

  • $BBPOC%b!<%I$K$*$$$F$O!"(Bssh $B$O%f!<%6F~NO0lJ8;z$:$D$r(B 1 $B%Q%1%C%H$K$7$FAw$k!#(B $B$h$C$F!"Aw$i$l$k%Q%1%C%H$N;~:9$O$9$J$o$A%-!e0L(B 5% $BDxEY$G(B hit $B$9$k>l9g$,B?$$$h$&$@!#(B

    $BBP93:v$H$7$F$O!"(B $B%Q%1%C%HAw=P;~$K(B random delay $B$rF~$l$k$H$+!"(B $BDj4|E*$K(B dummy packet $B$rAw$k$H$+$,<($5$l$F$$$k!#(B $BA0CHq$7$F$7$^$&$N$@!#$3$l$O$b$A$m$s(B ssh $B$N(B 1 $B%3%M%/%7%g%sKh$K!"$H$$$&$3$H$@$m$&!#(B $B==J,$JBS0h$,$"$l$P5$$K$J$i$J$$$+$b$7$l$J$$$,!D!D!#(B

$B!!$/$%!"?t<0$H$+$o$+$s$J$$$7!D!D(B(T_T)$B!#(B

$B!!4XO"(B: $B8&5f%A!<%`$,(BSSH$B$r0-MQ$7$?%O%C%-%s%0%D!<%k$r3+H/!J%+%j%U%)%k%K%"Bg3X%P!<%/%l!<9;!K(B (Vagabond / NetSecurity.ne.jp)$B!#(B $BM=B,$8$c$J$/$F?dB,$G$9$h$M!#(B $BCfLn$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2001.10.25 $BDI5-(B:

$B!!$3$l$KBP93$9$k$?$a$N(B openssh 2.9.9p2 $BMQ$N(B patch $B$,(B$BEP>l(B$B$7$F$$$k!#(B http://www.silicondefense.com/software/ssh/index.htm $B$G$O!"(B2.9p2 / 2.9.9p2 $BMQ$N(B patch $B$H!"(Bpatch $B$,E,MQ$5$l$?(B openssh $B%"!<%+%$%V$,8x3+$5$l$F$$$k!#(B 50ms $B4V3V$G(B dummy packet $B$rAwIU$9$k(B patch $B$@$=$&$@!#(B

Multiple Xinetd Vulnerabilities
(IPA ISEC, 2001$BG/(B9$B7n(B4$BF|(B)

$B!!(Bxinetd 2.3.0 $B$KJ#?t$N xinetd 2.3.0 audit status $B$K4p$E$/$b$N$@$=$&$G$9!#(B 2.3.0 $B$G$O(B xinetd 2.3.0 bug $B$N7o$,40A4$K$O(B fix $B$5$l$F$$$J$$$N$@$=$&$G$9!#(B

2001.09.05 $BDI5-(B: xinetd 2.3.3 $B=P$F$^$9$M!#(B

2001.09.03

SNS Advisory No.41 iPlanet Messaging Server 5.1(evaluation copy) Buffer Overflow Vulnerability
(BUGTRAQ-JP, Mon, 03 Sep 2001 11:53:22 +0900)

$B!!(BWindows NT/2000 $BMQ$N(B iPlanet Messaging Server 5.1 evaluation copy $B$KpJs$r(B web $B%V%i%&%6$GJT=8$9$k$H$-$K!"D9Bg$J%f!<%6L>$rF~NO$9$k$H(B buffer overflow $B$,H/@8$7$F$7$^$&!#$3$N$?$a!"(Bremote $B$+$iG$0U$N%3%^%s%I$r(B local SYSTEM $B8"8B$G

$B!!$J$s$@$+(B http://www.lac.co.jp/security/snsadv/ $B$K%"%/%;%9$G$-$J$/$J$C$F$$$k$h$&$J!#(B $B!D!D(B URL $B$,(B http://www.lac.co.jp/security/intelligence/SNSAdvisory/ $B$KJQ99$K$J$C$?LOMM$G$9!#(B sugim $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

UNIX fixes
(various)

FreeBSD
Solaris
VineLinux

$B%m%7%"?M%O%C%+!<;Y1g
(CNet News, Thu 30 Aug 2001 11:20 PT)

$B!!(BAdobe $B$O$=$&$$$&$3$H$O$7$J$$$@$m$&$J$"!#(B $B$=$&$9$k$D$b$j$J$i!"$O$8$a$+$i(B FBI $B$H$*$O$J$7$J$s$+$7$F$$$J$$$@$m$&$+$i!#(B $B4XO"(B: $B%"%I%S!&%U%!%$%k$N0E9f2rFIMF5?e;J$H$H$b$KL5:a$r (WIRED NEWS)

CERT(R) Incident Note IN-2001-11: Cache Corruption on Microsoft DNS Servers
(CERT/CC, August 31, 2001)

$B!!(BWindows NT/2000 $B$KIUB0$N(B DNS $B%5!<%P$O!"%G%U%)%k%H$G$O!"(B $B0QG$$5$l$F$$$J$$%5!<%P$+$i$NJQ$J(B glue $B%l%3!<%I$rQ241352 $B$KBP1~J}K!$,=q$$$F$"$k$N$GE,MQ$9$k!#(B $BF|K\8lHG$G$"$k(B JP241352: DNS $B%-%c%C%7%eGK2u$NKI;_:v(B $B$G$O(B NT 4.0 $B$K$7$+?($l$F$J$$$J!D!D!#(B $B$^$"!"(BNT/2000 $B6&$KF1$8$J$s$@$1$I$M!#(B

$B!!$3$l$O!"(B2000.06.13 $B$N(B Windows 2000 server $B$N(B DNS $B$HF1$8OC$G$9$M!#(B

2002.03.08 $BDI5-(B:

$B!!(B$BFC=8(B $B%$%s%?!<%M%C%H!V>o;~!W@\B37W2h(B $BBh(B6$B2s(B DNS$B%5!<%P$N@_Dj$H3NG'(B (@IT)$B!#(BWindows 2000 DNS $B%5!<%P$G$NBP:v$NJ}K!$,(B 1 $B%Z!<%8L\$K$o$+$j$d$9$/=q$+$l$F$$$k!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B