$B%;%-%e%j%F%#%[!<%k(B memo - 2001.11

Last modified: Tue Apr 15 13:02:36 2003 +0900 (JST)

2001.11.30

$B%G%8%?%kCx:n8"K!H?BPGI$KDKNu$J(B2$BH=7h(B
(WIRED NEWS, 2001$BG/(B11$B7n(B29$BF|(B 9:00am PST)

$B!!6H3&MJ8n$G(B go $B$H$$$&$3$H$G$9$+$M$(!#7J5$$O2<8~$-$@$7%F%m%F%m$@$7!#(B $BJ<4o%a!<%+$O%&%O%&%O$@$m$&$1$I!#(B

CERT Incident Note IN-2001-14: W32/BadTrans $B%o!<%`(B
(reasoning.org, 2001$BG/(B11$B7n(B28$BF|(B)

$B!!$"$$$+$o$i$:Mh$F$^$9$7$M$(!#(B.ne.jp $B$J%"%I%l%9$,B?$$$J$"!#(B

$BDI5-(B

$B!!(B2001.11.29 $B$N(B *ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability $B$KDI5-$7$?!#(BCERT Advisory $BEP>l!#%*%U%#%7%c%k(B fix $B$X$N(B link $B$b5-:\$5$l$F$$$^$9!#(B

2001.11.29

HFNetChk $BMQF|K\8l(B OS $BBP1~(B XML $B%U%!%$%k(B (stksecure.xml)
(3rd JWNTUG Open Talk in MSC $BBg:e(B, 2001.11.28)

$B!!$^$@@5<0$K$O2?$b=q$+$l$F$$$^$;$s$,!"$I$&$d$i(B -nosum $B$r$D$1$J$/$F$b(B ok $B$JLOMM$G$9!#(BWindows 2000 SP2 / Windows NT 4.0 SP6a + SRP $BF|K\8lHG$G3NG'$7$^$7$?!#(B stksecure.exe $B$N99?7>u67$K$D$$$F$O!"$3$l$^$?%"%s%F%J$G8+$l$k$h$&$K$7$F$*$-$^$7$?!#(B

2001.11.30 $BDI5-(B:

$B!!$A$J$_$K!":#(B get $B$G$-$k(B stksecure.exe $B$KF~$C$F$$$k(B stksecure.xml $B$K$O(B

<?xml version="1.0" encoding="Shift_JIS"?>
<BulletinDatastore DataVersion="1.0.1.165" LastDataUpdate="11/14/2001" SchemaVersion="1.0.0.11" LastSchemaUpdate="6/6/2001" ToolVersion="3.2" RevisionHistory=".164 includes data for 01-055 for IE6. .161 includes 01-054. .159 includes Mac IE bulletin and has been revved for toolversion 3.2 .156 includes Win2K patch for 01-052. .155 includes 01-052 for NT4 TS only. Win2K patch not released yet. .153 added Windows XP products .152 added 01-051 and shell32.dll removed from 01-041 due to conflicts with active desktop on NT4">

$B$H$+=q$$$F$"$j$^$9!#(Bmssecure.xml ($B1Q8lHG(B) $B$NJ}$O$3$&$G$9(B:

<?xml version="1.0"?>
<BulletinDatastore DataVersion="1.0.1.167" LastDataUpdate="11/20/2001" SchemaVersion="1.0.0.11" LastSchemaUpdate="6/6/2001" ToolVersion="3.2" RevisionHistory="167 includes data for 01-056 .165 includes data for 01-055 for all IE versions. .164 includes data for 01-055 for IE6. .161 includes 01-054. .159 includes Mac IE bulletin and has been revved for toolversion 3.2 .156 includes Win2K patch for 01-052. .155 includes 01-052 for NT4 TS only. Win2K patch not released yet. .153 added Windows XP products .152 added 01-051 and shell32.dll removed from 01-041 due to conflicts with active desktop on NT4">

$B%$%s%?!<%M%C%H!&%(%/%9%W%m!<%i!<$N%P%0$rMxMQ$7$?%m!<%+%k%U%!%$%k$NEpMQ(B
(netsecurity, 2001.11.29)

$B!!(BInternet Explorer allows reading of local files by remote webpages $B$NOC!#:#EY$O(B BASE64 encode $B$G$9$+!#BP:v$O(B ActiveX $B$NDd;_$@$=$&$@!#(B

Cisco Security Advisory: A Vulnerability in IOS Firewall Feature Set
(CISCO, 2001 November 28 08:00 (UTC -0800))

$B!!(BIOS version 11.2P $B0J9_$GMxMQ$G$-$k(B Cisco IOS Firewall Feature Set $B$Kl9g$K!"(Bpacket $B$N(B src/dest IP address/port $B$O(B check $B$9$k$N$@$1$I!"(BIP protocol type $B$r(B check $B$7$F$$$J$$!#(B $BLdBj$H$J$k(B IOS version $B$H(B fix $B$K$D$$$F$O>e5-(B link $B;2>H!#(B

$B!!(BVulnerability Note VU#362483: Cisco IOS Firewall Feature Set fails to check IP protocol type thereby allowing packets to bypass dynamic access control lists (CERT/CC)

*ALERT* BID 3581: Wu-Ftpd File Globbing Heap Corruption Vulnerability
(bugtraq, Thu, 29 Nov 2001 02:05:28 +0900)

$B!!(B[RHSA-2001:157-06] Updated wu-ftpd packages are available $B$NOC!">\:Y>pJs$,3+<($5$l$^$7$?!#$H$$$&$+!"(B Linux$B%5!<%P$K!V?<9o$J!W%;%-%e%j%F%#%[!<%k!=!=Aa4|$N>pJs8x3+$G3F (ZDNet) $B$J$I$+$i$9$k$H!"(BRedHat $B$,@hAv$C$?$?$a$K$7$+$?$J$/3+<($5$l$?LOMM!#(B

2001.11.30 $BDI5-(B:

$B!!(BCERT Advisory CA-2001-33 Multiple Vulnerabilities in WU-FTPD (CERT/CC)$B!#(B CA-2001-33 reasoning.org $BK.LuHG(B$B!#(B $B%*%U%#%7%c%k(B fix $B$X$N(B link $B$b5-:\$5$l$F$$$^$9!#(B (reasoning.org $B$5$s(B link $B%_%9$C$F$^$9!"(B2001-32 $B$K8~$$$F$^$9(B)

$B!!$^$?!"(Bwu-ftpd-2.6.[01] $B$K4X$9$k%a%b(B$B$G$O(B wu-ftpd-2.6.1.fix3.patch $B$,EP>l$7$F$$$k!#(B

Microsoft SQL Server $B$rA@$C$?%o!<%`$K4X$9$k>pJs(B
(PASSJ, Wed, 28 Nov 2001 20:31:03 +0900)

$B!!(BMicrosoft $B%*%U%#%7%c%k>pJsEP>l!#B>$N$b$^$H$a$F$*$-$^$9(B:

$B%;%-%e%j%F%#!<@=IJ$K@/I\MQ$N!VN"8}!W!)(B($B>e(B)
(WIRED NEWS, 2001$BG/(B11$B7n(B27$BF|(B 8:25am PST)

$B!!(BFBI$B!$%H%m%$$NLZGO$r;H$C$?EE;RK5 (ZDNet) $B$NOC!#$d$O$j!"$3$&$$$&OC$,=P$F$/$k$o$1$G$9$M!#(B FBI$B%&%#%k%9$O%"%s%A%&%#%k%9$K$R$C$+$+$i$J$$(B?! (slashdot.jp) $B$+$i;2>H$5$l$F$$$k%b%N$G$O(B NAI $B$G$O$J$/(B Symantec $B$,!"$H$$$&$3$H$K$J$C$F$$$k!#(B $B$^$"!VJF9q@=(B anti-virus $B%a!<%+!W$H$$$&$3$H$J$N$G$7$g$&!#(B US soft $B$N(B backdoor $B$K$D$$$F$O(B EU $B$O?@7P$H$,$i$;$F$$$k$O$:$G$9$,!"(B $B0lJ}$N(B EU $B$@$C$F$=$N%F$N$3$H$r$d$C$F$$$k$+$b$7$l$:!#(B

$B!!$H$$$&$o$1$G!"%m%7%"@=$d4Z9q@=$J$I$b$*$j$^$<$F(B cross check $B$9$k$N$,$h$m$7$$$+$H!#$C$F!"$=$s$J$K$?$/$5$s$OF~$l$i$l$J$$$7$M$(!#(B anti-virus software $B$=$N$b$N$K(B backdoor $B$,AuHw$5$l$F$$$k2DG=@-$@$C$F$"$k$o$1$G!#(B

solution 3359: E-MAIL$B!'(BWORM_BADTRANS.B$B$,H/8+$5$l$J$$(B
([memo:2033], Thu, 29 Nov 2001 13:45:36 +0900)

$B!!(BBadtrans.B $B$b(B MIME $BE*$K2u$l$?>uBV$GFO$/$3$H$,$"$k$i$7$$!#(B $B$=$l$O(B InterScan VirusWall $B$rDL2a$7$F$7$^$&!#(B $B!V(B$B$3$NE:IU%U%!%$%k$N%(%s%3!<%I>pJs$O(BMUA$B!J%a!<%i!o$K%G%3!<%I$5$l$J$$(B$B!W(B $B$C$F=q$$$F$"$k$1$I!"$I$N$h$&$J(B MUA $B$G3NG'$7$?$s$@$m$&!#(B

$B%&%$%k%9%P%9%?!<(B2001$B$r$*;H$$$N$*5R$5$^$X(B $B!V(BWORM_ALIZ.A$B!J$^$?$O(BTROJ_WORM_ALIZ.A$B!W!K$,E:IU$5$l$F$$$k(B $B%a!<%k$r
($B%H%l%s%I%^%$%/%m(B, 2001.11.28)

$B!!%&%$%k%9%P%9%?!<(B 2001 $B$N!V%a!<%k8!:w5!G=!W$rM-8z$K$7$F$$$k$H!"(B Aliz.A $B$B%5%]!<%H4|4VFb$G$"$l$P%"%C%W%0%l!<%I$OL5=~(B$B!W$@$=$&$@!#(B 2002 $B$K$G$-$J$$>l9g$O!"(B $B0lC6%a!<%k8!:w5!G=$rL58z$H$7$F

$B!!(BAliz $B$5$s$O$A$g$C$H2u$l5$L#$J$h$&$G!"(B $B$$$m$$$m$H%H%i%V%k$rM6H/$7$F$/$l$F$$$k$h$&$G$9!#(B robust $B$J%W%m%0%i%`$O$A$c$s$HBQ$($i$l$F$$$k$h$&$J$N$G$9$,!#(B

qmail-scanner $B$,(B Aliz $B$r8+Mn$H$9(B
(memo ML, Wed, 28 Nov 2001 19:25:04 +0900)

$B!!(Bqmail-scanner $B$G(B Aliz.A $B%&%#%k%9$r8+Mn$H$9$3$H$,$"$C$?LOMM!#(B Sophos/sweep $B$K$O:a$O$J$/(B [memo:2031]$B!"(B maildrop-1.3.6 $B$G(B fix $B$5$l$F$$$k(B [memo:2032] $B$=$&$G$9!#(B

$B!!(Bmemo ML web archive $B$N(B thread $B2hLL!"$J$s$+$A$g$C$HJQ$@$J!#(B

$B8=:_!"0J2<$N@=IJ$G(BW32.Aliz.Worm$B5Z$S(BW32.Badtrans.B@mm$B$N8!CN(B/$B6n=|$K$*$$$FLdBj$,3NG'$5$l$F$*$j$^$9(B
(Scan Daily Express, Vol.101 01/11/28)

$B!!BP>]$O(B Norton AntiVirus for Gateways 2.[125].x NT/Solaris $B$H(B Norton AntiVirus for Firewalls 1.x$B!#>\:YITL@!#(B $B

$B!!!D!D(BAliz.A / Badtrans.B $B6&$K(B$B!"(BNorton AntiVirus for Gateways 2.5.1.16 / for Firewalls 1.5.0.69 $B$GBP1~(B$B$5$l$?$=$&$G$9(B ([memo:2034])$B!#(B $B$=$l$K$7$F$b!"$3$&$$$&=EMW$J>pJs$,(B top page $B$K7G:\$5$l$J$$$H$$$&$N$O$I$&$$$&?@7P$J$N$@$m$&!#(B

$B!!(B$B!V(BBadtrans.B$B!W%&%$%k%9$,LT0R!$@8$+$5$l$J$$(BNimda$B$N6571(B ($BF|7P(B IT Pro) $B$J$s$F5-;v$b=P$F$^$9$M!#(B

2001.12.04 $BDI5-(B:

$B!!B3Js(B: [memo:2112]$B!#(B 2$B=E%(%s%3!<%I$@$=$&$G$9!#(B [memo:2096]$B!"(BSymantec $B$O%;%-%e%j%F%#(B update $B$K6b$r

$B!!$=$&$$$($P!"(BSymantec $B$@$1$8$c$J$/(B NAI Webshield SMTP for WinNT MIME header vuln that allows BadTrans to pass ($B$H(B $B%U%)%m!<(B1$B!"(B$B%U%)%m!<(B2) $B$J$s$F5-;v$b=P$F$^$9$M!#(B

2001.11.28

[RHSA-2001:157-06] Updated wu-ftpd packages are available
(bugtraq, Wed, 28 Nov 2001 08:37:00 +0900)

$B!!(BVendors For WU-FTPD Please Read $B$N7o$+(B? An overflowable buffer exists in earlier versions of wu-ftpd. An attacker could gain access to the machine by sending malicious commands $B$@$=$&$@!#(B

$B!!(Bfreebsd-security ML $B$K$3$,$5$s$,(B RedHat patch $B$rEj9F$5$l$F$$$i$C$7$c$$$^$9!#(B wu-ftpd 2.6.1 $B$KE,MQ$9$k$H(B for (pe = ++p; *pe; pe++) $B$r(B for (pe = ++p; *pe; pe++) { $B$K$9$k$H$3$m$@$1(B reject $B$5$l$^$9$,!"(B $B$3$l$O(B execbrc() $B$X$NJQ99$G$9!#$3$s$J$+$s$8(B: 

--- glob.c.orig Fri Jan 19 14:06:31 2001
+++ glob.c      Wed Nov 28 12:57:38 2001
@@ -298,7 +298,7 @@
 
     for (lm = restbuf; *p != '{'; *lm++ = *p++)
        continue;
-    for (pe = ++p; *pe; pe++)
+    for (pe = ++p; *pe; pe++) {
        switch (*pe) {
 
        case '{':

$B!!(Bftpd ML $B$K$O(B wu-ftpd 2.6.1 $B$K$=$N$^$^E,MQ$G$-$k(B patch $B$b(B ($B$3$l$^$?$3$,$5$s$+$i(B) $BEj9F$5$l$F$$$^$9!#(B wu-ftpd-2.6.[01] $B$K4X$9$k%a%b(B $B$K$O$^$@7G:\$5$l$F$$$J$$$_$?$$!#(B

2001.11.27

$B!VF|7P(BWindows$B%W%m!W?7Au4)5-G0FI
(+SEC, 2001.11.27)

$B!!%]%j%7!<=EMW$J$s$G$9$1$I!"!D!D!D

$B%;%_%J!<%l%]!<%H(B: Web$B%"%W%j%1!<%7%g%s3+H/
(+SEC, 2001.11.27)

$B!!9bLZ$5$s$N%;%_%J!<;qNA$O(B$B$3$A$i(B$B!#(B

$B!!$?$H$($P4X@>J}LL$K9bLZ$5$s$r$*8F$S$7$F%;%_%J!<3+$$$F$$$?$@$1$?$i!"?M=8$^$j$^$9$+$M$(!#9bLZ$5$s$K8B$i$:!"M-L>?M$r$*8F$S$9$k$3$H<+BN$O$=$l$[$IFq$7$/$J$$$H;W$&$N$G$9$1$I!"LdBj$O!"?M$,=8$^$i$J$$$C$F$3$H$J$s$G$9$h$M$(!#(B $B$H$$$&OC$r@hF|$b(B office $B$5$s(B / $B$?$j$-$5$s$H$7$F$$$?$N$G$7$?!#(B

$BDI5-(B

$B!!(B2001.10.12 $B$N(B $B%7%^%s%F%C%/$N%D!<%k$K%;%-%e%j%F%#!<%[!<%k(B $B$KDI5-$7$?!#F|K\8lHG$N(B LiveUpdate 1.63.12 $B$,(B$BG[I[(B$B$5$l$F$$$^$9!#(B

IW2001 $B%K%e!<%9(B: $B%a!<%kAw?.$K$D$$$F$*OM$S$H$*4j$$!!!J(B2001.11.26$B!K(B
(IW2001$BEPO?;vL36I(B, Mon, 26 Nov 2001 18:27:50 +0900)

$B!!$J$s$+!"B3$-$^$9$M$(!#$@$$$8$g$&$V$J$N$+(B > JPNIC$B!#(B ($B$"$^$j?M$N$3$H$,8@$($J$$%b!<%I(B)

IRIX 3 $BBj(B
(SGI)

$B!!$^$"!"$=!<$f!<(B OS $B$H$$$&$3$H$G!#(B

TurboLinux security center: sh-utils: su $B%3%^%s%I$K(BPAM$B$r;HMQ$9$k$h$&$K=$@5(B
(TurboLinux, 2001.11.26)

$B!!$*$)!#(B FreeBSD $B$N(B su $B$O(B PAM $B8+$F$J$5$=$&$C$]$$$N$G!"$3$lM_$7$$$+$b!#(B $B$C$FB>$N(B Linux distrib. $B$G$O4{$K

30 states sign the Convention on Cybercrime at the opening ceremony
(INTERNET Watch, 2001.11.27)

$B!!(BAlbania, Armenia, Austria, Belgium, Bulgaria, Croatia, Cyprus, Estonia, Finland, France, Germany, Greece, Hungary, Italy, Moldova, the Netherlands, Norway, Poland, Portugal, Romania, Spain, Sweden, Switzerland, "the Former Yugoslav Republic of Macedonia", Ukraine and the United Kingdom. Canada, Japan, South Africa and the United States $B$,=pL>$7$?LOMM!#(B

$B!!$"!"(BIIS 4.0 $B$G$9$+(B > press.coe.int$B!#(B

2001.11.26

JWNTUG Newsletter Vol.6/No.035 - 2001.11.22: Outlook Express $B%O%s%0%"%C%W(B: $B$h$/$"$k
($B26(B, 2001.11.26)

$B!!(B[memo:1912] $B$N(B Outlook Express $B%O%s%0%"%C%WLdBj$r(B JWNTUG Newsletter $B$K$=$N$^$^:\$;$F$7$^$C$?$?$a$K(B DoS $B967b$K$J$C$F$7$^$C$?7o(B (T_T) $B$N(B FAQ$B!#(B ($B$*OM$S$HD{@5(B _o_)$B!#(B $B%^%:$$(B mail $B$N:o=|J}K!$H$+$b$"$j$^$9!#(B

$B!!$I$&$d$i!"(BOutlook Express $B$N%P!<%8%g%s$G$O$J$/(B Internet Explorer $B$N%P!<%8%g%s(B (5.5 / 6) $B$,LdBj$JLOMM!#(B

SQL Server Security Checklist
(NTBUGTRAQ, Sat, 24 Nov 2001 03:49:35 +0900)

$B!!(BSQL Worm $B%M%?!#(B $B$d$i$l$kA0$K(B check $B$7$^$7$g$&!#(B $B4XO"(B: SQL Server$B$rA@$&%O%$%V%j%C%H7?(BDDoS$B%o!<%`(B (ZDNet)

$BFCDj$N2hA|%U%!%$%k$G(B Netscape $B$,%/%i%C%7%e(B
(NetSecurity, 2001.11.22)

$B!!(B[memo:1955] $BFCDj$N(BPNG$B$G(BNetscape6.2$B$,%/%i%C%7%e(B $B$NOC!#(BQuickTime plug-in $B$r;H$C$F(B png $B$r=hM}$9$k>uBV(B $B$@$H2sHr$G$-$k$h$&$G$9!#(B $B$C$F(B UNIX $BHG$@$HL5M}$N$h$&$J!#(B

$B%&%'%V%"%W%j%1!<%7%g%sMQ%;%C%7%g%s(BID$B$NAmEv$?$j967b(B
(NetSecurity, 2001.11.22)

$B!!(Bbrute-force attack $B$G%;%C%7%g%s(B ID $B$r(B get $B$G$-$k$H$$$&OC!#(B $B

$B!!(BiDEFENCE.co.jp $B$5$s!"F|K\8lHG=P$7$F$/$l$J$$$+$J$"!#(B

2002.03.26 $BDI5-(B:

$B!!K]LuHG$,=P$?$N$O$$$$$1$I!"$J$s$HGd$j$b$N(B: $B!V%;%C%7%g%s(BID$B$N@H (netsecurity.ne.jp)$B!#(B

Overview of security vulnerabilities in Apache httpd 1.3
([memo:2010], Sat, 24 Nov 2001 00:36:21 +0900)

$B!!(Bapache 1.3.x $B$G$N%;%-%e%j%F%#LdBj$N35MW!#(B SecurityFocus vuln. database (+ $B$3$l(B) $B$H8+Hf$Y$F$_$k$N$b0l6=$+$H!#(B

2001.11.22

SecurityFocus.com Newsletter #119 2001-11-12->2001-11-16
(BUGTRAQ-JP, Tue, 20 Nov 2001 23:28:47 +0900)

$B!!(BSecurityFocus.com Newsletter $BBh(B 119 $B9fF|K\8lHG(B ($B%F%-%9%H(B, $B1Q8lHG(B)$B!#(B

$B%^%$%/%m%=%U%H(BSQL$B%5!<%P!<$rA@$C$?%o!<%`$,L"1dCf(B(2001.11.22)
(NetSecurity, 2001.11.22)

$B!!!V(B$B%7%9%F%`4IM}$B!W$C$F!D!D!#$$$d$O$d!#(B

[memo:1912] Re: MS01-055: Cookie Data in IE Can Be Exposed or Altered Through Script Injection
(memo ML, Tue, 20 Nov 2001 21:40:12 +0900)

$B!!(BOutlook Express 5.x/6 $B$K(B <" http://www.testtest.co.jp/ "@www.testtest.co.jp> $B$H=q$$$?%a!<%k$rAw$k$H!"$3$l$r%W%l%S%e!<$7$?$H$-$K%O%s%0$7$F$7$^$&!#(B $B$5$i$K%O%s%0$C$?$^$^%a%b%j%j!<%/$9$k$h$&$G!"$[$C$F$*$/$H$I$s$I$s%a%b%j$r?)$$$D$E$1$k!#(B 3 $B7n$K(B MS $B$KCN$i$;$?$,$J$7$N$D$V$F$NLOMM!#(B http: $B$NB>!"(Bfile: $B$d(B ftp: $B$J$I$G$bF1MM$NLOMM(B [memo:1921]$B!#(B

$BDI5-(B

$B!!(B2001.11.09 $B$N(B MS01-055: Cookie Data in IE Can Be Exposed or Altered Through Script Injection $B$KDI5-$7$?!#(B Microsoft $B$OEv=i$N8+2r$rE12s$7!"%*%j%8%J%kLdBjH/8+

[ALERT] Remote File Execution By Web or Mail: Internet Explorer
(vuln-dev, Thu, 22 Nov 2001 04:12:00 +0900)

$B!!(B$B%U%)%m!<(B$B$K$b$"$k$,!"$3$s$JFbMF$G2?$rH=CG!&8!>Z$;$'$H8@$&$N$@!#(B $B$I$&$7$h$&$b$J$$$>!#(B

$B!!Ff$H8@$($P!"(BVendors For WU-FTPD Please Read $B$bFf$G$9$M!#$I$&$;(B ProFTPD $B$K0\9T$7$h$&$H;W$C$F$?$N$G:n6H3+;O$7$F$^$9$,!#(B

CERT Summary CS-2001-04
(CERT/CC, 2001.11.20)

$B!!(BNimda, SSH1 CRC-32, MS DNS $B$N(B cache $B1x@w(B, DoS $B967b$NF08~(B, UNIX Security Checklist v 2.0 ($B$+$o$0$A$5$s$NK.LuHG(B)$B!#(B $B$+$o$0$A$5$s$K$O$2$^$7$N(B feedback $B$r$*$/$m$&!#(B

CERT Advisory 2001-32: HP-UX$B$N%i%$%s%W%j%s%?%G!<%b%s$K%G%#%l%/%H%j%H%i%P!<%5%k$N@H
(CERT $B4+9p(B $B>!

$B!!(BHP-UX 10.x, 11.x $B$N(B rlpdaemon ($B$U$D$&$N(B UNIX $B$G8@$&(B lpd) $B$K

$B!!BP1~$H$7$F$O!"(Bpatch $B$rE,MQ$9$k!#(B rlpdaemon $B$rMxMQ$7$F$$$J$$$J$i!";_$a$F$7$^$C$F$h$$!#(B

$B!!(BCERT $B%*%j%8%J%k(B$B!"(BLAC $BK.LuHG(B$B!"(BCIAC M-021

2001.12.18 $BDI5-(B:

$B!!>\:Y(B: HP-UX setuid rlpdaemon induced to make illicit file writes$B!#(B $B$J$<$+!V%P%C%U%!%*!<%P!<%U%m!R2p$7$F$$$?$N$G5-=R$r=$@5!#(B

2001.11.21

2001.11.20

Q311444: Creator/Owner Rights Are Removed by Policy Editor
(bugtraq, Thu, 15 Nov 2001 03:34:11 +0900)

$B!!>u670MB8$G(B Policy Editor $B$"$k$$$O(B Security Template Editor snap-in $B$rMxMQ$7$?8"8B@_Dj$,%j%;%C%H$5$l$F$7$^$&$=$&$G$9!#(B

Q302662: Password Rest Success or Failure Is Not Audited
(bugtraq, Thu, 15 Nov 2001 03:34:11 +0900)

$B!!%Q%9%o!<%I%j%;%C%H;~!"4F::$r@_Dj$7$F$$$F$b@.8y(B/$B<:GT$K$+$+$o$i$:4F::%$%Y%s%H$,H/@8$7$J$$!"$H$$$&OC$NLOMM!#(BSP3 $B$G(B fix $B$G$9$C$F!#(B

Cross Site Scripting Vulnerabilities
(bugtraq, Sat, 17 Nov 2001 11:05:53 +0900)

$B!!(B""><script>alert(document.cookie)</script>" $B$H$$$&$A$g$C$H%R%M$C$?J}K!$r;H$&$H$"$i$^$"IT;W5D!"(BCross Site Scripting $B$,%>%m%>%m$H$$$&OC(B ($B$+$J(B)$B!#(B $B2r7h:v$H$7$F$O(B ", >, <, ' $B$r%U%#%k%?(B / quote $B$9$k$Y$7$H$5$l$F$$$k!#(B $B9bLZ$5$s$ND4::$G(B green $B$@$C$?$H$3$m$G$b!"$3$A$i$G$O(B red $B$+$b!#(B

[connect24h:1071] Re: $B%5%$%P!rLsDy7k$X!!!!2$=#I>5D2q!"F|K\$b=pL>M=Dj(B
(connect24h ML, Fri, 16 Nov 2001 06:35:40 +0900)

$B!!(B$B%5%$%P!rLs(B ($B2F0f;a$K$h$k(B $B2>Lu(B ) $B$K4X$9$k:j;3$5$s$N%3%a%s%H!#(B

Windows XP Home$B$K%Q%9%o!<%I$J$7$N1#$l$?4IM}
($BF|7P(B IT Pro, 2001.11.19)

$B!!$3$l$,!V(Bsecure by default$B!W$J$I$H6+$V2q

Vulnerability Note VU#279763: RhinoSoft Serv-U remote administration client transmits password in plaintext
(CERT/CC, 19-Nov-2001)

$B!!(BFTP Serv-U 3.0 $B$Kl9g$K!"4IM}%/%i%$%"%s%H$,(B FTP Serv-U $B$+$i$N(B S/Key challenge $B$rL5;k$7$F%Q%9%U%l!<%:$r$=$N$^$^J?J8$G%M%C%H%o!<%/$KN.$7$F$7$^$&$N$@$=$&$G!#(B fix $B$O$^$@$J$$$=$&$G!#(B

$B2r@b!|$[$H$s$I$N(BEC$B%5%$%H$K(B $B%;%-%e%j%F%#>e$NLdBj$"$j!J>e!K(B
($BF|7P(B IT Pro, 2001.11.16)

$B!!(B($B2<(B) $B$O$3$A$i(B$B!#(B $B$=$&$$$($P!"%;%-%e%j%F%#!&%3%s%U%!%l%s%9(B 2001 $B$G$N9bLZ$5$s$N(B $B%;%C%7%g%s;qNA(B ($B$?$@$76uGr%Z!<%8B??t(B) $B$b8x3+$5$l$F$^$9!#(B $B$"$H!"(B[memo:1904] $B%a!<%k%^%,%8%s$N%;%-%e%j%F%#(B (Re: $B5u56$N8D?M>pJsJ]8nJ}?K(B) $B$b%@%a%@%a(B web $B%"%W%j$H$$$&0UL#$G$OF1$8$G$9$M!#(B

$B!!$=$3$i$8$e$&$G%"%l%2$G$"$k$3$H$O4V0c$$$J$$$h$&$G$9!#(B

Security How-To $BBh(B7$B2s!'%Q%9%o!<%I%/%i%C%-%s%0$N8=
(ZDNet Security How-To, 2001.11.16)

$B!!%Q%9%o!<%I4IM}%D!<%k$r;H$&$N$O$$$$$1$I!"(B $B%Q%9%o!<%I4IM}%D!<%k<+BN$N0BA4@-$OC/$,J]>Z$7$F$/$l$k$N$@$m$&!#(B $B>\:YITL@$J!V%Q%9%o!<%I4IM}%D!<%k!W$r;H$&$/$i$$$J$i!"(B plain text $B$K=q$$$?>e$G!"(B GnuPG $B$N$h$&$J(B open $B$+$D9-$/MxMQ$5$l$F$$$k0E9f2=%D!<%k$G0E9f2=$7$?J}$,$$$$$h$&$J5$$,!#(B $B1?MQ$O$A$g$C$H

$B!!$"!"(BProject Ägypten $B$J$s$F$G$-$F$k$7!#(B

$B8x3+%;%-%e%j%F%#6%5;$G%f!<%6!<$N?~Ln$r9-$2$?$$(B
($BF|7P(B IT Pro, 2001/11/20)

$B!!%;%-%e%j%F%#!&%9%?%8%"%`(B 2001 $B$J5-;v!#(B $BFI$_FI$_!D!D!#$U$`$s!#(B $B$=$&$$$&0UL#$G$O!V(B3 $BJ,$G$G$-$k(B IE / Outlook Express $B$N%;%-%e%"$J@_Dj9V:B!W$_$?$$$J%W%l%<%s$,$"$C$F$b$h$+$C$?$N$+$J!#(B

$B!!%;%-%e%j%F%#!&%9%?%8%"%`$O3Z$7$$%$%Y%s%H$G$7$?$7!"MhG/$b$"$k$H$$$$$M!#(B ($B$H!"$"$?$j$5$o$j$N$J$$8@$$J}$r$7$F$*$/%F%9%H(B)

2001.11.19

$B5u56$N8D?M>pJsJ]8nJ}?K(B
(memo ML)

$B!!%M%?(B box $B$KF~$j$C$Q$J$7$K$J$C$F$$$?!D!D!#$b$&(B 1 $B$+7n0J>eA0$J$s$G$9$,!#(B $B$&$@$&$@@bL@$9$k$h$j$bFI$s$GD:$$$?J}$,Aa$$$N$G(B:

$B!!(BSun $B$N$d$D$@$1:#8+$F$_$^$7$?$,!"JQ$C$F$^$;$s$M!D!D!#(B $B%5%s$N%*%s%i%$%s%W%i%$%P%7!<$K4X$9$k%]%j%7!<(B $B$K$"$k!V(B$B$?$@$7!"K!E*$KI,MW$J>l9g$r=|$-$^$9(B$B!W$K3:Ev$9$k$H$O9M$($i$l$J$$$7$J$"!#(Bprivacy@sun.co.jp $B$K(B mail $B$9$k$H!"2?$+H?1~$"$k$s$@$m$&$+!#(B

from kawa's memo: Linux $B4XO"(B
(kawa's memo)

$B!!$"!<$i$/$i$/!#(B

$B!!$3$N%Z!<%8$b(B$B$O$$$Q!AF|5-%7%9%F%`(B$B$K0\9T$7$h$&$+$J$"!#(B $B$3$&$$$&$N(B $B$H$+6/NO$=$&$G$9$7$M$(!#(B $B$$$^$$$A8+$(J}$,5$$KF~$i$J$$$s$@$1$I!D!D!#(B CSS $B$H$+$G%+%9%?%^%$%:$G$-$k$N$+$J$"!#(B

tool 3 $BK\(B
(pen-test ML)

$B!!%D!<%k(B 3 $BK\!#(B

$B!XA4JF%$%s%U%i%9%H%i%/%A%c!
([memo:1903], Mon, 19 Nov 2001 19:30:20 +0900)

$B!!$$$d$"!"$3$s$J$*$b$7$m$$OC$,$"$C$?$H$O!#A4$/8+F($7$F$^$7$?!#(B

$B!!$=$7$FF|K\$K$O!"$^$@(B NIPC $B$KN`$9$kAH?%$9$i$J$$$H$$$&;ve$2$O$8$a$k$^$G$K2?G/$+$+$k$d$i!#(B $BLr=j$,$I$3$bIzKbEB$G$"$k$3$H$OF|JF$rLd$o$J$$$@$m$&$7!#(B

RunAs $B%M%?(B
(bugtraq)

$B!!(BRunAs $B%M%?(B 3 $BK\$G$9!#(B

$B!!(BMS $B%5%s$O(B RE:Radix Research Reports RADIX1112200101, RADIX1112200102, and RADIX1112200103 $B$G(B

  1. RADIX1112200101 $B$r

  2. RADIX1112200102 $B$b!"(BMS $B$5$s$O(B Administrator $B8"8B$G$7$+:F8=$G$-$J$+$C$?LOMM!#LdBjH/8+

  3. RADIX1112200103 $B$O(B RunAs $B%5!<%S%9$=$l<+?H$N$_$X$N(B local machine $B$+$i$N(B DoS $B967b$r<($7$F$$$k$@$1$G!"$=$l0J30$X$N1F6A$O$J$$$+$i6K$a$F8BDj$5$l$?8z2L$7$+$J$$!"$H$7$F$$$k!#(B

$B!!$J$N$G!"3N$+$KD>$5$J$/$A$c$$$1$J$$$N$@$1$I$=$l$O4JC1$G$O$J$$$7!"(B Windows 2000 SP3 $B$G$N(B fix $B$H$"$$$J$C$?$=$&$J!#(B

Cisco Security Advisory: Cisco IOS ARP Table Overwrite Vulnerability
(CERT/CC VN #399355, 15-Nov-2001)

$B!!%k!<%?<+?H$N(B local broadcast interface $B08!"$"$k$$$O%0%m!<%P%k(B NAT $B%(%s%H%j!<08$N(B ARP $B%j%/%(%9%H(B/$B%j%W%i%$$rAw$k!#(B $B$9$k$H!"(BCisco IOS $B$O$=$N(B ARP $B%j%/%(%9%H$K=q$+$l$?56$N(B MAC $B%"%I%l%9$r!"(B $B$=$N$^$^%k!<%?<+?H$N(B ARP $B%F!<%V%k$K=q$-9~$s$G$7$^$&!#(B $B$3$N$?$a!"$3$N(B ARP $B%(%s%H%j$,GK4~$5$l$k$^$G%k!<%?$O(B DoS $B>uBV$K4Y$k!#(B $BBP>]$H$J$k5!4o!&(BIOS/CatOS $B%P!<%8%g%s$OB?4t$K$o$?$k$N$G>e5-(B URL $B$r;2>H$N$3$H!#(B

Secure BIND Template Version 3.1
(CIAC, 11/14/2001)

$B!!(Bacl "bogon" $B$,$A$g$C$H$U$D$&$G$J$$$"$?$jCmL\(B? class A $B$C$F$[$s$H$K$3$&$$$&$U$&$J$N(B? $B$[$s$H$J$i!V%*%i%*%i%!%C(B! $B%"%I%l%9$$$C$Q$$6u$$$F$s$8$c!A$s!#$H$C$H$H8GDj%"%I%l%9$h$3$7$J$C(B!$B!W$C$F46$8$9$k$s$@$1$I!#(B

$BDI5-(B

$B!!(B2001.11.09 $B$N(B MS01-055: Cookie Data in IE Can Be Exposed or Altered Through Script Injection $B$KDI5-$7$?!#(B $B$b$&$R$H$D$N(B cookie $BLdBj$N8x3+!"(B $B%*%j%8%J%kLdBj$NH/8+u678x3+!#(B

[Apache-Users 701] apache$B$N
(Apache-Users ML, Thu Nov 15 15:43:00 2001)

$B!!(BUNIX $B$G$OM=Ls:Q$_%]!<%H(B (reserved ports; 0$B!A(B1023) $B$H$$$&35G0$,$"$j!"(B $B$3$l$i$O(B root $B8"8B$,$J$$$H07$($J$$$,!"(B NT 4.0 TSE $B4D6-$G$OC/$G$b2?$NLdBj$b$J$/07$($F$7$^$&$M$H$$$&OC!#(B TSE $B4D6-$N$h$&$K!V$U$D$&%^%k%A%f!<%6!W$@$H!"$3$N;EMM$O:$$j$^$9$M!#(B

$BDI5-(B

$B!!(B2001.11.13 $B$N(B CERT Advisory CA-2001-31 CDE$B%5%V%W%m%;%9%3%s%H%m!<%k%5!<%S%9$K%P%C%U%!%*!<%P%U%m!<$,B8:_$9$k(B $B$KDI5-$7$?!#(B $B4XO"5-;v(B: UNIX$B$N(BGUI$B4D6-!V(BCDE$B!W$GH/8+$5$l$?%;%-%e%j%F%#%[!<%k$r2r@b$9$k(B$B!#(B

$BDI5-(B

$B!!(B2001.11.09 $B$N(B MS01-054: $BL58z$J%f%K%P!<%5%k%W%i%0%"%s%I%W%l%$$N%j%/%(%9%H$,%7%9%F%`$N%*%Z%l!<%7%g%s$rK832$9$k(B $B$KDI5-$7$?!#(B Me $BMQ?7(B patch $BEP>l(B ($BNoH~$5$s46

[memo:1890] Re: MS01-055$B$N%Q%C%A(B
(memo ML, Fri, 16 Nov 2001 10:50:25 +0900)

$B!!(BMS01-055 patch $B$rE,MQ$9$k$H!"(BHTTP_USER_AGENT $B$K(B Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Q312461) $B$J$s$F46$8$G(B patch $B>pJs$,N.=P$7$F$7$^$&$H$$$&OC!#(B IE 5.5 SP2 $B$@$H(B Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461) $B$H$J$k(B [memo:1891]$B!#(B

$B!!$3$l$O(B HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform $B$K$"$k%l%8%9%H%jCM$,H?1G$5$l$?$b$N(B [memo:1892] $B$G!"(BPost Platform $B$N$+$o$j$K(B Pre Platform $B$KCM$rF~$l$k$H(B Mozilla/4.0 (compatible; MSIE 6.0; FooBarBaz; Windows NT 5.0) $B$J$s$F$3$H$b$G$-$k$=$&$@(B [memo:1894]$B!#(B

NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability
(bugtraq, Thu, 15 Nov 2001 12:39:43 +0900)

$B!!(BActiveState ActivePerl 5.6.1 build 629 $B0JA0$K$K$h$C$F(B buffer overflow $B$7$F$7$^$&$?$a!"$3$l$rMxMQ$7$F$$$k(B web $B%"%W%j$J$I$r7PM3$7$F!"(Bremote $B$+$iG$0U$N%W%m%0%i%`$re$J$i(B SYSTEM$B!"(BIIS 5.0 $B>e$J$i(B IWAM_machinename$B!#(B Apache $B$d(B Sambar $B$J$I$G$b(B SYSTEM $B$8$c$J$$$+$J!#(B

$B!!(Bbuild 630 $B$G(B fix $B$5$l$F$$$k$N$G!"MxMQ$7$F$$$k>l9g$O$*$*$$$=$.$GF~$l$+$($k!#(B $B$7$+$7!"(B Build 630 ChangeLog $B$K$O2?$b=q$+$l$F$J$$$h$&$J5$$,!#(B $B$^$?BP1~:v$H$7$F!"(BperlIS.dll ISAPI $B%(%/%9%F%s%7%g%s$N@_Dj$G!V(BCheck that file exists$B!W$rM-8z$K$9$k!"$,5s$2$i$l$F$$$k(B ($B$I$&$7$F%G%U%)%k%H$G(B on $B$8$c$J$$$N(B?)$B!#(B

$B!!(BCVE: CAN-2001-0815

Advisory: Outlook Express 5.5 $B$,(B Content-Type: text/plain; $B$N%a!<%k$K=q$+$l$F$$$k(B Script $B$r
(penetration technique research site, 2001.11.18)

$B!!(BFREAK SHOW: Outlook Express 6.00 $B$HF1MM!"(BOE 5.5 $B$G$b(B text/plain $B$J(B mail $B$G%9%/%j%W%H$,$BK\J8$,(B60$BJ8;z!J@53N$K$O(B60$B%P%$%H!K$^$G$@$H%9%/%j%W%H$re$@$H%9%/%j%W%H$r$B!W$H$$$&Ff$J>u67!#(B $B%a!<%k$r3+$$$?;~E@$G967b$,@.8y$7$F$7$^$&$N$G;OKv$K0-$$!#(B

$B!!2sHr:v$H$7$F!"(BYoshida $B$5$s$O!V(B$B%$%s%?!<%M%C%H(B $B%>!<%s$N%"%/%F%#%V(B $B%9%/%j%W%H$r(B [$BL58z(B] $B$K(B$B!W$H$*$C$7$c$C$F$$$k$,!"$3$3$O$d$C$Q$j(B

$B$7$?$&$($G!"@)8BIU$-%5%$%H%>!<%s$N%"%/%F%#%V(B $B%9%/%j%W%H$r(B [$BL58z(B] $B$K$9$k$N$,5H$N$h$&$J!#(BIE 5.01 SP2 / 5.5 SP2 / IE 6 $B0J9_$O!"@)8BIU$-%5%$%H%>!<%s$N%"%/%F%#%V(B $B%9%/%j%W%H$O%G%U%)%k%H$GL58z$@$C$?$s$8$c$J$+$C$?$+$J!#(B

$B!!(BYoshida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B$"$A$i$NJ}$b4|BT$7$F$^$9!#(B(^^)

$BATBg$J%;%-%e%j%F%#%W%i%s$rN)$F$k%^%$%/%m%=%U%H(B
(ZDNet $B%(%s%?!<%W%i%$%:(B, 2001.11.14)

$B!!4XO"(B: Full Disclosure (crypt-gram 2001.11)$B!#(B ZDNet News $BHG(B ($BF|K\8lHG=P$k$H$$$$$M(B)$B!#(B

$B!!$J$s$+!"%?%$%H%k!VATBg$J%;%-%e%j%F%#%W%i%s$rN)$F$k%^%$%/%m%=%U%H!W$HCf?H$,0lCW$7$J$$$h$&$J5$$,$9$k$s$@$,!"$b$H$b$H$3$&$$$&%?%$%H%k$@$C$?$N$+$J$"!#(B $B86J8(B link $B$[$7$$$>!#C5$9$NHh$l$k$7!#(B

2001.11.16

2001.11.15

$BDI5-(B

$B!!(B2001.11.09 $B$N(B MS01-055: Cookie Data in IE Can Be Exposed or Altered Through Script Injection $B$KDI5-$7$?!#(B patch $BEP>l!#(BMS01-055 $B$NB>!"(BMS01-051 $B$N@Q$_$N$3$7$b$"$o$;$F(B fix $B$5$l$F$$$k!#(B $B$N$@$,!"$7$+$7!D!D!#(B ($B$?$/$5$s$NJ}$+$i>pJs$$$?$@$-$^$7$?!#$"$j$,$H$&$4$6$$$^$9(B)

$B$*$.$d$s%3%i%`#1#2!'(B $B0E9u$NHs%U%k%G%#%9%/%m!<%8%c!<@$3&!)(B
(+SEC, 2001.11.14)

$B!!(B$B2$=#I>5D2q!V%5%$%P!rLs(B $B0F!J3NDjHG!K!W(B [$B2>(B $BLu(B] $B$"$k$s$@!#$9$P$i$7$$!#=u$+$k$J$"!#(B

$B!!!V(B$BK\>r$O!$K\>rBh(B1$B9`$K<($9(B$B!D!DCfN,!D!D(B$B9T0Y$,!$%3%s%T%e!<%?!&%7%9%F%`$N8"8B$K4p$E$/;n83Kt$OJ]8n$N$?$a$K$J$5$l$k>l9g$N$h$&$K!$K\>rLs(B $BBh(B2$B>r$J$$$7Bh(B5$B>r$K$h$j@_$1$i$l$kHH:a$rl9g$K$O!$7:;v@UG$$r2]$9$b$N$H$7$F2r$B!W(B $B$@$=$&$J$N$G!"$D$/$kB&$H$7$F$O$=$&$$$&(B banner $B$G$b=P$7$H$1$P$$$$$s$G$9$+$M!#(B $B$=$N(B banner $B$r(B office $B$5$s$N!V%i%$%;%s%9%O%C%-%s%0!WE*$K=hM}$5$l$?>l9g$I$&$J$k$+$OCN$j$^$;$s$,!#(B

$B%;%-%e%"(BWeb$B%7%9%F%`9=C[=Q(B $BBh0l2s!'%;%-%e%j%F%#%]%j%7!<$GJ]8nBP>]$J$I$H5,Dj(B
(+SEC, 2001.11.12)

$B!!9=C[$KF~$kA0$K!"4JC1$J$b$N$G$b$$$$$+$i$^$:%]%j%7!<$r$D$/$m$&!"$H$$$&OC!#(B

2001.11.14

UNIX fixes
(various)

Debian GNU/Linux
RedHat Linux
OpenBSD

$B$^$@8+$L(B OpenBSD 3.0 $B$N(B security fix$B!"(B A security issue exists in the vi.recover script that may allow an attacker to remove arbitrary zero-length files, regardless of ownership $B$J$I$,7G:\$5$l$F$$$^$9!#(B

Sun
HP

SecurityFocus.com Newsletter #118 2001-11-05->2001-11-09
(BUGTRAQ-JP, Tue, 13 Nov 2001 22:26:43 +0900)

$B!!(BSecurityFocus.com Newsletter $BBh(B 118 $B9fF|K\8lHG(B ($B%F%-%9%H(B, $B1Q8lHG(B)$B!#(B

CLIENT OPERATING SYSTEMS LIFECYCLE ANNOUNCEMENT
($BCfB<@5;0O:$N%[%C%H%3!<%J!<(B, 2001/11/14)

$B!!(BIE 5.01 $B$C$F!"(BOctober 28, 2001 $B$G(B hotfix $B3+H/=*N;$7$F$?$s$G$9$M!#(B $B$$$d$O$d!#(BWindows 2000 SP3 $B$K$O(B IE 6 $B$,E:IU$5$l$?$j$9$k$s$@$m$&$+!#(B $B$=$l$H$b!"(BExtended $B$,(B N/A $B$@$+$i!"$^$@$^$@B3$/$H$$$&$3$H$J$s$@$m$&$+!#$h$/$o$+$i$s!#(B

$B!!(BWindows 98 $B$d(B NT 4.0 $B$b!"$=$m$=$m$J$s$@$J$"!#(B

2001.11.13

SSH CRC32 Compensation Attack Detector Exploit Code Analyzed
(incidents.org, 2001.11.12)

$B!!N.9T$C$F$$$k(B ssh1 CRC32 overflow bug $B967b$N2r@O7k2L!#(B

FireHole: How to bypass your personal firewall outbound detection or Game Over: An exercise in futility
(CNET, Fri 9 Nov 2001 15:15 PT)

$B!!(Btooleaky $BF1MM!"(BPersonal Firewall $B$r1[$($i$l$k%W%m%0%i%`$N$B%U%!%$%"!<%&%)!<%k$rF3F~$7$F$b8D?M>pJsN.=P(B (CNET)$B!#(B

CERT Advisory CA-2001-31 CDE$B%5%V%W%m%;%9%3%s%H%m!<%k%5!<%S%9$K%P%C%U%!%*!<%P%U%m!<$,B8:_$9$k(B
(CERT $B4+9p(B $B>!

$B!!(BCDE $B$N(B dtspcd $B$K%P%C%U%!%*!<%P!<%U%m!<$9$kMulti-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service $B!#(B CVE: CAN-2001-0803$B!#(B

$B!!(Bdtspcd $B$H$$$&$H!"(B CA-1999-11 Four Vulnerabilities in the Common Desktop Environment (LAC $BK.LuHG(B) $B$H$$$&$N$b$"$j$^$7$?$M!#(B CDE $BA4BN$G$O$b$C$H$$$m$$$m=P$F$^$9$7!"(B $B$J$K$7$m:#2s$N

2001.11.14 $BDI5-(B:

$B!!(BHP: HPSBUX0111-175 Sec. Vulnerability in dtspcd

2001.11.19 $BDI5-(B:

$B!!4XO"5-;v(B: UNIX$B$N(BGUI$B4D6-!V(BCDE$B!W$GH/8+$5$l$?%;%-%e%j%F%#%[!<%k$r2r@b$9$k(B ($BF|7P(B IT Pro)

2001.12.26 $BDI5-(B:

$B!!(BSun fix: Buffer Overflow in CDE Subprocess Control Service (dtspcd)$B!#(B $B9SLZ$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B%;%-%e%j%F%#$N$D$\!J(B1$B!K(B
(@IT, 2001/11/10)

$B!!!V(B$BKhG/$N$h$&$K%P!<%8%g%s%"%C%W$r7+$jJV$9%7%9%F%`$O4m81(B$B!W!"M-L>%a!<%+(B $B%"%s%A%&%#%k%9$b$N$d(B Linux, *BSD $B$OA4LG!"$H!#(B $B!V(B$B%i%$%P%k@=IJ$HF1;~4|$KH/Gd$7$F$$$k@=IJ$O4m81(B$B!W!"(B $B$3$l$^$?F1MM!"$H!#(B $B!V(B$B%;%-%e%j%F%#%[!<%k$,7+$jJV$7Js9p$5$l$k%7%9%F%`$r3+H/$7$F$$$k4k6H$O4m81(B$B!W!"(BMicrosoft$B!"(BApple$B!"(BLinux $B%G%#%9%H%j!"(B*BSD $B$OA4LG!"$H!#(B $B!V(B$B?7$7$$%7%9%F%`$OL$CN$N4m81$,$"$k2DG=@-$,$"$k!#$7$P$i$/MM;R$r8+$k$Y$-$@(B$B!W!"8E$$%7%9%F%`$O%a%s%F$5$l$J$/$J$k2DG=@-$,$"$k$+$i%@%a$@$7$J$"!#(B $B!V(B$B?M:`$N0[F0$,7c$7$9$.$k4k6H$N@=IJ$O4m81(B$B!W!"(BTurboLinux $BJ}LL$O$BITMW$J5!G=$rB??tHw$($?%7%9%F%`$OHr$1$?J}$,L5Fq(B$B!W!"(B $B$d$C$Q$j(B Microsoft$B!"(BApple$B!"(BLinux $B%G%#%9%H%j!"(B*BSD $B$OA4LG!"$H!#(B $B!V(B$BD9$/;H$o$l$F$$$F2~JQ$N$J$$%7%9%F%`$OHf3SE*0BA4(B$B!W!"(B $B$=$s$J$b$N$I$3$K$"$k$N(B?

$B!!7kO@$O$J$s$@$m$&!#!V(BAS/400 $B$r;H$(!W$+(B?

Microsoft$B!$%;%-%e%j%F%#%[!<%k$N!V@UG$$"$k3+<(!W$rL\;X$9CDBN$r@_N)(B
(ZDNet NEWS, 2001.11.12)

$B!!(BMicrosoft, Guardent, @Stake, Bindview, Foundstone, ISS $B$G$9$+!#(B $B!V2:7rGI!W(B:-) $B$G$9$+$M$(!#(B eEye $B$H$+(B SecurityFocus $B$H$$$C$?!V2a7cGI!W(B:-) $B$,4^$^$l$F$J$$$G$O!"(B $Be!"8=>u$H2?$bJQ$o$i$J$$$h$&$J5$$,!#(B $B$A$J$_$K!"(BRuss $B;a$N$O(B Proposal - The Responsible Disclosure Forum $B$G$9!#(B

$B!!$$$A$P$s%"%l%2$JE@$O!"H/8+Z$J$s$F$I$3$K$b$J$$!"$H$$$&ItJ,$N$h$&$J5$$,!#(B $B!V$=$l$O;EMM$G$9!W$G=*$j$K$J$C$?$i$I!<$9$s$N(B?

$B!!$^$"$=$l$G$b(B Microsoft $B$O

$B6d9T$N(BATM$B$K=EBg$J%;%-%e%j%F%#!<%[!<%k!"Bg3X@8$,H/8+(B
(WIRED NEWS, 2001$BG/(B11$B7n(B9$BF|(B 8:30am PST)

$B!!!V(BIBM$Bl9g$O!"M}O@$N>e$@$1$G@.N)$9$k$B!W!"F|K\8l$KLu$9$H!V(BIBM$Bl9g$O!"1#$=$&$H;W$($P1#$9$3$H$,$G$-$k

$B%9%/%j%W%H6/MW$9$k4k6H%5%$%H0lMw!!4m81$J%5%$%H$K!V(BR-MS$B%^!<%/!W$r(B
(NetSecurity, 2001.11.12)

$B!!A0$K$O%"%l%2$5$r46$8$F$7$^$&$1$I!"$BCQ(B$B$@$H;W$&!#(B

$B!!4XO"(B:

$B!!$7$+$7!"$I$&$7$F(B microsoft.com $B$H$+(B symantec.com $B$H$+!"(B OS / $B%;%-%e%j%F%#J}LL4k6H$NL>$,I.F,$K>e$2$i$l$F$$$J$$$s$@$m$&!#(B $B$=$&$$$&0UL#$G$O!"$d$C$Q$j(B R-MS $B$G$$$$$N$+$J!#(B

2001.11.09

$B%^%k%A%W%k(B VLAN
(port139 ML, Wed, 07 Nov 2001 20:27:01 +0900)

$B!!(Barp spoof $BBP:v$JOCBj$+$i!#;~Be$O$d$C$Q$j(B VLAN $B$J$N$M!#(B $B$*$M$@$s$b:#$G$O$a$A$c$/$A$c9b$$$H$$$&$o$1$G$O$J$5$=$&!#(B

$B!V%9%/%j%W%H$K$h$kE=$jIU$1=hM}$N5v2D!W$,I,MW$J%5%$%H(B
(memo ML, Mon, 05 Nov 2001 07:41:13 +0900)

$B!!3N$+$K!"(Bgoogle $B$G(B $B%9%/%j%W%H$K$h$kE=$jIU$1(B $B$r8!:w(B $B$9$k$H!"$$$m$$$m=P$F$-$^$9$M!#(B $B$[$s$H$K$3$N5!G=$r;H$C$F$$$k$J$i!"(BNetscape $B$d(B Mac $BHG(B IE $B$G$O@5>o$K5!G=$7$J$$$O$:$J$N$G$9$,!"$=$&$$$&%5%$%H$r$D$/$C$F$$$i$C$7$c$k$N$G$7$g$&$+$M$(!#(B

$B!!(BNHK $B$N(B FAQ $B$d(B mycom.co.jp $B$N(B QandA $B$+$i$O!"(B"$B!V%9%/%j%W%H$K$h$kE=$jIU$1=hM}$N5v2D!W$rM-8z$K(B" $B$,>C$($F$^$9$M!#!V(BJava$B%"%W%l%C%H$N%9%/%j%W%H!W$b$$$i$J$$$H;W$&$s$@$1$I!#(B $B#T#A#B!!#C#O!]#O#P(B $B$N5-=R$O$3$j$c$^$?$P$C$5$j>C$($F$$$k$J$"!#(B

Microsoft ISA Server Fragmented Udp Flood Vulnerability
(BUGTRAQ, Sat, 03 Nov 2001 02:51:40 +0900)

$B!!(BMS ISA Server $B$,(B DoS $B967b$r

MS01-054: $BL58z$J%f%K%P!<%5%k%W%i%0%"%s%I%W%l%$$N%j%/%(%9%H$,%7%9%F%`$N%*%Z%l!<%7%g%s$rK832$9$k(B
(Microsoft Product Security Notification Service, Fri, 02 Nov 2001 09:21:06 +0900)

$B!!(BWindows Me, XP $B$*$h$S!V%$%s%?!<%M%C%H@\B36&M-(B (ICS) $B%/%i%$%"%s%H!W$r(B $BJLES(B Windows 98/98SE $B$K%$%s%9%H!<%k$7$F$$$k>l9g$Ko$J%j%/%(%9%H$rH/9T$9$k$H!"(BOS $B$N%Q%U%)!<%^%s%9Dc2<$d0[>o=*N;$r$-$?$9$H$$$&!#(B

$B!!(Bpatch $B$,=P$F$$$k$N$GE,MQ$9$l$P$h$$!#(B $B$?$@$7(B Windows Me $BMQ$N(B patch $B$O!"(B$BJF9q$G$O(B$BLdBj$,H/@8$7:#F|$E$1$G0l;~:o=|$5$l$F$$$k!#(B MSKK $B$N%Z!<%8(B $B$K$O(B Me $BMQ(B patch $B$b7G:\$5$l$F$$$k$,!"E,MQ$9$k>l9g$O(B$B$"$k$B$,I,MW$@$m$&!#(B 98 / XP $BMQ(B patch $B$OLdBj$J$$$h$&$@!#(B

$B!!(BCVE: CAN-2001-0721$B!#(B

2001.11.19 $BDI5-(B:

$B!!(BMe $BMQ?7(B patch $B$,EP>l$7$F$$$k!#(B MS01-054 $B;2>H!#(B

SecurityFocus.com Newsletter #116 2001-10-20->2001-10-24
(BUGTRAQ-JP, Mon, 05 Nov 2001 13:06:45 +0900)

$B!!(BSecurityFocus.com Newsletter $BBh(B 116 $B9fF|K\8lHG(B ($B%F%-%9%H(B, $B1Q8lHG(B)$B!#(B

MS01-055: Cookie Data in IE Can Be Exposed or Altered Through Script Injection
($B%;%-%e%j%F%#%"%s%F%J(B, 2001.11.09)

$B!!(BIE 5.5 / 6 for Windows $B$KMinor IE vulnerability: about: URLs $B$*$h$S(B Microsoft IE cookies readable via about: URLS $B$NOC$G$O$J$$$+$H9M$($i$l$k(B ($B4m81$J$N$O8e$B8e $B$N(B$B%G%b(B (URL $B$8$c$J$/$F%I%a%$%sL>$rF~NO$9$k(B) $B$r;n$7$?$H$3$m!"8+;v$K(B cookie $B$,I=<($5$l$F$7$^$$$^$7$?$H$5!#$"$i$i$s!#(B $B$"!"(B$B%G%b(B$B$G!"(Bcookie $B!#(B

$B!!(BCVE: CAN-2001-0722$B!#(B $B9bLZ$5$s$K$h$k(B [memo:1863] $B$b;2>H$5$l$?$$!#(B

$B!!8=>u$G$NBP1~$H$7$F$O!"%"%/%F%#%V%9%/%j%W%H$r6X;_$9$k!#(B patch $B$,$G$-$k$^$G$O!"(BIE $BMxMQ$B$3$s$J$3$H$b$"$m$&$+$H!A(B$B!W(B $B%$%s%9%H!<%k$7$F$$$k$G$"$m$&(B Netscape 6.2 $B$r;H$$$^$7$g$&!#(B $B!VBeBX

$B!!!D!D(B[memo:1865] [memo:1866] $B$G2sHrJ}K!$,3NG'$5$l$F$^$9!#about.reg (NT4 $B$J?MMQ(B NT4_about.reg: $B:4F#$5$s$4Ds6!$"$j$,$H$&$4$6$$$^$9(B) $B$H$7$FCV$$$F$*$-$^$9!#(B

$B!!%"%/%F%#%V%9%/%j%W%H$KBP$7$F!V%W%m%s%W%H$rI=<(!W$K$7$F$*$/$H(B$B$3$s$J%@%$%"%m%0(B$B$,=P$k$N$@$1$I!"(B $B$?$^$K%a%A%c4m81$GCWL?=}$K$J$j$+$M$J$$$N$,LdBj$J$N$@$h$J$"!#(B

2001.11.13 $BDI5-(B:

$B!!F|K\8l(B Advisory: Internet Explorer $B$N(B Cookie $B%G!<%?$,!"%9%/%j%W%H$r2p$7O3$($$$^$?$OJQ99$5$l$k(B (MS01-055)

2001.11.15 $BDI5-(B:

$B!!(Bpatch $BEP>l(B$B!#$b$H$b$H$N(B MS01-055 $BLdBj$NB>!"(B $B$3$l$H$O0[$J$k(B cookie $BO31HLdBj$H!"(B MS01-051: $BIT@5$J%I%C%H$J$7(B IP $B%"%I%l%9$K$h$j(B Web $B%Z!<%8$,%$%s%H%i%M%C%H(B $B%>!<%s$G=hM}$5$l$F$7$^$&(B $B$K$*$$$F!V(Bpatch $B$rE,MQ$7$F$b;D$kLdBj!W$,$"$o$;$F(B fix $B$5$l$F$$$k!#(B $B$^$?!"(Bpatch $B$O%"%s%$%s%9%H!<%k$G$-$J$$!#(B

$B!!(BOutlook Express $B$d(B Outlook $B$K4X$9$k>pJs$,DI2C$5$l$F$$$k(B ($B1Q8lHG(B)$B!#(B Outlook E-mail Security Update $B$rE,MQ$7$F$$$k>l9g!"$*$h$S(B Outlook Express $B$G!V@)8BIU$-%5%$%H%>!<%s!W$rMxMQ$9$k$h$&@_Dj$7$F$$$k>l9g$K$O!"(B $B:#2s$N

$B!!(BCVE $B$b(B 2 $B$DDI2C$5$l$?(B: CAN-2001-0723, CAN-2001-0724$B!#(B

$B!!$?$@$7!"(B[memo:1881] $B$r$_$k8B$j!"(Babout: $B%W%m%H%3%k$X$NF~NO$rJQ49$9$k$J$I$N:,K\E*<#NE$G$O$J$$$h$&$@!#(Babout: $B%W%m%H%3%k$r@)8BIU$-%5%$%H%>!<%s$GF0:n$9$k$h$&$K$7$??M$O!"G0$N$?$a$=$N$^$^B3$1$F$*$$J}$,$$$$$@$m$&!#(B $B;d$b85$KLa$9$D$b$j$O$J$$!#(B

$B!!$^$?(B [memo:1881] $B$G$O!"Ev=i(B high $B$@$C$?(B max risk $B$,(B moderate $B$KJQ99$5$l$F$$$k$H;XE&$5$l$F$$$k!#(B $B3N$+$K!"(Bversion 1.0 $B$G$O(B high $B$@$C$?$N$K!"(Bversion 2.0 $B$G$O(B moderate $B$K$J$C$F$$$k!#(B $B$=$b$=$b(B high $B$H$$$&$N$,JQ$H$$$&0U8+$b$"$k(B [memo:1883]$B!#3N$+$K!"(BMicrosoft Security Response Center Security Bulletin Severity Rating System $B$K$O(B high $B$H$$$&%i%s%-%s%0$O$J$$!#(B

$B!!$A$g$C$H5$$K$J$C$F(B gpg --verify $B$G(B signature $B$r3NG'$7$F$_$?$N$@$,!"(B version 1.0 $B$NJ}$O!VIT@5$J=pL>!W$H8@$o$l$F$7$^$&(B [memo:1882]$B!#(B $B$I$&$b$h$/$o$+$i$J$$!#(Bpgp 7 $B$r;H$($P$_$s$J(B ok $B$K$J$k$s$@$m$&$+!#(B

2001.11.19 $BDI5-(B:

$B!!$b$&$R$H$D$N(B cookie $BLdBj$,8x3+$5$l$F$$$k(B: the other IE cookie stealing bug (MS01-055)$B!#(B

$B!!%*%j%8%J%kLdBj$NH/8+u67$r8x3+$7$F$$$k(B (from [memo:1898]):

2001.11.22 $BDI5-(B:

$B!!(BMicrosoft $B$OEv=i$N8+2r$rE12s$7!"%*%j%8%J%kLdBjH/8+$B%^%$%/%m%=%U%H!"!V%&%=$G$7$?!W(B (CNET)$B!"(B $B!V@UG$$"$k3+<(!W$H$O!)!!(BIE$B$N%;%-%e%j%F%#%[!<%k$a$0$j!HCY$l!I$rG'$a$?(BMicrosoft (ZDNet)$B!#(B

2002.02.17 $BDI5-(B:

$B!!(BBUGTRAQ bugid 3513: Microsoft Internet Explorer Cookie Disclosure/Modification Vulnerability.

$BDI5-(B

$B!!(B2001.10.19 $B$N(B MS01-052: Invalid RDP Data can Cause Terminal Service Failure $B$K(B$BDI5-(B$B$7$?!#(B $BF|K\8lHG(B NT 4.0 TSE patch $BEP>l!#(B

Netcraft Web Server Survey - Oct. 2001
(NTBUGTRAQ, Thu, 08 Nov 2001 23:40:17 +0900)

$B!!(BRuss $B;a$N(B$BH?1~(B$B$H!"$=$l$X$N(B$B%U%)%m!<5-;v(B$B$b;2>H!#(B SSL $B$J(B IIS $B%5%$%H$K$D$$$F$7$+8l$C$F$J$$!"$H$+8@$C$F$b!"(BSSL $B$J(B IIS $B%5%$%H(B (= $B$=$l$J$j$K%;%-%e%j%F%#$K5$$r$D$+$C$F$$$k$O$:(B) $B$,$$$m$$$m$H%"%l%2$J;vThe Netcraft Secure Server Survey: Jan. 2001 $B8+$k$H!"(BSSL $B$J%5%$%H$C$F!"Am7W$G$b9b!9(B 10 $BK|Bf$/$i$$$7$+$J$$$_$?$$$@$7!#(B SSL $B$J(B IIS $B$O(B top share $B$J$o$1$G$9$7!#(B

Portable and Powerful Unix ELF Infection Techniques
(incidents.org, 11/06/2001)

$B!!$$$h$$$h!V(BUNIX $BMQ$N(B anti-virus soft$B!W$bI,?\$J;~Be$,$d$C$F$/$k$N$G$7$g$&$+!#(B $B$$$d$@$J$"!#(B

2001.11.08

Windows XP$B$N@5BN(B $B6/2=$5$l$?%3%^%s%I%i%$%s!&%D!<%k!JCfJT!K(B
(@IT, 2001/11/08)

$B!!(Bopenfiles.exe $B$d(B fsutil.exe $B$$$$$G$9$M$(!#(B

$BDI5-(B

$B!!(B2001.11.07 $B$N(B $BK!L3>J%"%I%l%9$NIT?3%a!<%k!!IT@5Cf7Q(BDB$B$KEPO?$5$l$F$$$?K!L3>J%5!<%P(B $B$K(B$BDI5-(B$B$7$?!#(B NetSecurity $B$NB3Js!"(B $B4XO"JsF;$HK!L3>J$+$i$N$*$o$S!#(B

2001.11.07

Acrobat 4.0$B!J(BWin$B!K!'(BMicrosoft Office 2000 $B$N%"%W%j%1!<%7%g%s$r5/F0$9$k:]$K%(%i!ZL@!J=pL>$^$?$OH/9T85!K$OM-8z4|8B$,@Z$l$^$7$?!#!W(B
(adobe.co.jp, 2001/01/12)

$B!!(BAcrobat 4.0 Windows $BHG$K4^$^$l$k(B Office $B%^%/%m%F%s%W%l!<%H$K;\$5$l$?=pL>$NM-8z4|4V$,@Z$l$F$$$k$H$$$&OC!#(B $B!V(BSolutions ($B2r7hJ}K!(B)$B!W$H$7$F!"(BAdobe $B$O(B Office $B$N%;%-%e%j%F%#%l%Y%k$r2<$2$m$H8@$C$F$$$k!#(B $B$=$l$O2r7hJ}K!$8$c$J$/$FBP1~J}K!(B (Workaround) $B$G$7$g$&$,!#(B

$B!!$R$3$5$+$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B Acrobat 5.0 $B$G$O$^$@M-8z$_$?$$$G$7$?!#(B

$B!!(BURL $BD4$Y$k$N$K6lO+$5$;$F$$$?$@$-$^$7$?(B > adobe$B!#(B $B$J$<$o$6$o$61#$9!D!D!#1#$7BN$BCx:n8"J]8n$N!H@;@o!I$KG3$($k(BAdobe$B!$(BDEF CON$BBaJa7`$b$=$N0l4D(B (ZDNet) $B$H$+$$$&$N$,=P$F$/$k$N$bBN

2001.12.12 $BDI5-(B:

$B!!$R$3$5$+$5$s$+$i$O!V(B4.0 $B$+$i(B upgrade $B$7$?(B 5.0 $B$@$H%@%a%@%a!W$H$N>pJs$r$$$?$@$$$F$$$^$7$?!#$=$3$X$d$C$F$-$?(B Acrobat 5.0.5 $B%"%C%W%G!<%H(B$B!#(B $B!V(BAcrobat 5.0.5$B$r%$%s%9%H!<%k$9$k$3$H$G!"%P!<%8%g%s(B5.0$B$NEE;R=pL>$K4X$9$kLdBj$r=$@5$G$-$^$9(B$B!W(B $B$H$"$k!#$3$l$rE,MQ$9$k$H(B ok $B$N$h$&$G$9(B [memo:2290]$B!#(B

NTT $BJ}LL$N(B spam $BBP:v?7BN@)(B
(various)

$B!!$h$&$d$/=E$$9x$r>e$2$?LOMM!#(B

Minor IE System Info Disclosure
(BUGTRAQ, Mon, 05 Nov 2001 07:11:22 +0900)

$B!!(BJavaScript $B$+$i(B file:// $B%W%m%H%3%k7PM3$G(B local computer $BFbIt$N2hA|%U%!%$%k$K%"%/%;%9$9$k$3$H$K$h$j!"(Bremote computer $B$O%W%m%0%i%`$N%$%s%9%H!<%k>u67$r3NG'$G$-$k!"$H$$$&OC!#(B sys_snoop2.html $B$NJ}$O!"

TUX HTTPD Denial of Service Condition
(BUGTRAQ, Mon, 05 Nov 2001 21:57:15 +0900)

$B!!(Bkawa $B$5$s$A$N(B #5 [Security] TUX HTTPD Denial of Service Condition (Large Host)(SecuriTeam$B$h$j(B) $B$r$_$F$/$@$5$$!#(B

$BK!L3>J%"%I%l%9$NIT?3%a!<%k!!IT@5Cf7Q(BDB$B$KEPO?$5$l$F$$$?K!L3>J%5!<%P(B
(netsecurity.ne.jp, 2001.11.7)

$B!!F?L>4uK>$5$s(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$+$i!V$"$d$7$$%a!<%k!W$=$N$b$N$r$$$?$@$$$F$$$k$N$G$9$,!"(B $B!VK\J8$,$J$$!W!V(BTo: $B$@$i$@$i!W$H$$$&FCD'!"$*$h$S(B Received: $B9T$NFbMF$+$i9M$($k$H!"(B $B!VK!L3>J$N(BSMTP$B%5!<%P$rIT@5Cf7Q$7$?:>>N%a!<%k!W$d(B $B!VC1=c$JK!L3>J%"%I%l%9$N:>>N%a!<%k!W$H$$$&@~$O!";d$K$O9M$($K$/$$$G$9!#(B $B!V;v8N!W$J$s$G$7$g$&!"B?J,!#(B

$B!!$7$+$7!"(B$BK!L3>J%[!<%`%Z!<%8(B $B$K$O$$$^$@$K2?$N>pJs$b$"$j$^$;$s$J$"!#(B $BEv3:%a!<%k$,(B gate.moj.go.jp (= moj.go.jp) $B$+$iMh$?$N$O4V0c$$$J$$$N$G$9$1$I$M$(!#(B ($BK!L3>J%[!<%`%Z!<%8$O(B http://www.moj.go.jp/ $B$@$C$?$N$G!"(BURL $B=$@5(B)

$B!!4XO"(B: $BK!L3>J$+$i%a!<%k%"%I%l%9N.=P(B (slashdot.jp)$B!"(B [memo:1811] $BK!L3>J$,(B open relay? $B0J2<$N%9%l%C%I!#(B

2001.11.08 $BDI5-(B:

$B!!(BNetSecurity $B$NB3Js(B: web $B$G$O9pCN$J$7K!L3>J!!IT?3%a!<%k$OFbIt$N;v8N$N2DG=@-Bg(B$B!#(B $B4XO"JsF;(B: $BK!L3>J$,#5#0#0#0?M$K%a!<%k$r8mAw?.!!%"%I%l%9O3$l$k(B (asahi.com)$B!#(B

$B!!F?L>4uK>$5$s(B ($B$^$?$^$?>pJs$"$j$,$H$&$4$6$$$^$9(B) $B$K$h$k$H!"K!L3>J$+$i 

X-Lotus-FromDomain: MOJ@EXT
Date: Thu, 8 Nov 2001 03:12:38 +0900
From: "MOJ WEBMASTER" <webmaster@moj.go.jp>
Subject: $BK!L3>J$+$i$N%a!<%kAw?.$K$D$$$F!J$*OM$S!K(B

$B:rF|$O!$J#?t$N%a!<%k%"%I%l%9$,I=<($5$l$?%a!<%k$,Ev>J$+$iAw?.$5$l$k$H$$$&(B
$B;vBV$r0z$-5/$3$7!$BgJQ$4LBOG$r$*$+$1$7$^$7$?!#@?$K?=$7Lu$4$6$$$^$;$s!#(B
$B!!Ev>J$G$O!$:rF|0J9_!$860x$rD4::$7$F$-$^$7$?$H$3$m!$8=;~E@$^$G$ND4::7k2L$O(B
$B0J2<$N$H$*$j$G$9!#(B
$B!!Ev>J$G$O!$8=:_!$%3%s%T%e!<%?!&%7%9%F%`$N30It4F::!J30It$+$i$N?/F~$KBP$9$k(B
$B%7%9%F%`$N@Hl$K$"$k4F::6Ho$N(B
$BN10U$r$7$F!$J#?t$N%U%!%$%k$K%"%/%;%9$7$?$H$3$m!$$=$l$i$N%U%!%$%k$,M=4|$;$L(B
$B:nF0$r$7$?$?$a!$%a!<%j%s%0%j%9%H$KEP:\$5$l$F$$$kJ#?t$N%a!<%k%"%I%l%9$KBP$7(B
$B!$F1;~$K%a!<%k$,Aw?.$5$l!$J#?t$N%a!<%k%"%I%l%9$,F1$8%a!<%k$NCf$KI=<($5$l$k(B
$B$H$$$&;vBV$,@8$8$?$b$N$H$_$i$l$^$9!#(B
$B!!$J$*!$0J8e$N%;%-%e%j%F%#3NJ]$N$?$a$b$"$C$F!$D4::7k2L$N$4Js9p$O$3$N8BEY$K(B
$B$J$i$6$k$rF@$J$$$3$H$r$*5v$72<$5$$!#(B
$B!!Ev>J$G$O!$:#2s$N;vBV$K;j$C$?MW0x$K$D$$$F$O4{$KBP:v$r9V$8$F$*$j$^$9!#$^$?(B
$B!$:#8e!$FsEY$H$3$N$h$&$J$3$H$,5/$3$i$J$$$h$&!$%;%-%e%j%F%#BP:v$KK|A4$r9V$8(B
$B$F$^$$$j$?$$$H;W$C$F$*$j$^$9!#(B
                                         $BK!L3>J(B

$B!!$3$l$O$D$^$j!"30It$+$i?/F~$"$k$$$O5/F02DG=$J7j$,$"$C$?!"(B $B$3$H$r0UL#$7$F$$$k$h$&$J5$$,!#(B $B$=$&$J$k$H!"$b$C$H$&$^$/N)$A$^$o$C$F$$$?%d%D$,$$$?$i!"(B $B$b$C$H%"%l%2$J$3$H$b$G$-$F$$$?2DG=@-$b!D!D!#(B

$B!!$3$NJ8>O$r$=$N$^$^(B web $B$K$b>e$2$l$P$$$$$N$K!#$J$<$7$J$$$+$J$"!#(B

Gartner Column$B!'Bh(B21$B2s(B $B%^%$%/%m%=%U%H$N%;%-%e%j%F%#BP1~$K$D$$$F$5$i$K8l$m$&(B
(ZDNet $B%(%s%?!<%W%i%$%:(B, 2001.11.06)

$B!!!V(B$B$"$i$f$k%=%U%H%&%'%"$NLdBj$O86M}E*$K$O=$@52DG=$G$"$k$?$a$@(B$B!W!"(B $BC1$K%3!<%G%#%s%0$,(B bug $B$C$F$$$k$J$i4JC1$K(B (?!) $BD>$;$k$N$G$9$,!"(B $B9-$/Ia5Z$7$F$$$k%W%m%H%3%k$d5!G=(B ($B;EMM(B) $B$,(B bug $B$C$F$$$k>l9g$O$J$+$J$+$KFq$7$$$b$N$,$"$j$^$9$h$M!#(B syn flood $B$_$?$$$K!"86M}E*$K40A4$K$OKI$2$J$$967b$H$+$"$k$o$1$G!#(B $B$^$"!"@$$NCf$K$O(B [memo:1753] JScript$B$G%/%j%C%W%\!<%IEpD0$N%;%-%e%j%F%#(B$B%[!<%k(B$B;EMM(B $B$J$s$F$$$&!V;EMM!W$b$"$C$?$j$9$k$o$1$G$9$,!#(B

$B!!;d<+?H$O8x3+GI$J$s$G$9$1$I$M!#(B $B$@$C$F!"8x3+$7$J$+$C$?$iH`$i$O$B%^%$%/%m%=%U%H$N%;%-%e%j%F%#! (CNET) $B$H$+FI$s$G$b!"$M$(!#(B

TooLeaky or "Why Your Firewall Sucks"
(incidents.org, 2001.11.05)

$B!!!V?.Mj$5$l$k%W%m%0%i%`!W(B(= MSIE) $B$r%G!<%?$NAwl9g$8$c$J$$$s$G$9$,!D!D!#(B

Vulnerability Note VU#986843: WS-FTP Server vulnerable to buffer overflow via long string sent as argument to ftp command
(CERT/CC, 11/06/2001)

$B!!(BWindows $BMQ$NCxL>$J(B ftp $B%5!<%P$G$"$k(B WS_FTP Server 2.03 $B0JA0$KSTAT $B%3%^%s%I$,(B buffer overflow $B$7$F$7$^$&(B$B$?$a!"(Bremote $B$+$i(B local SYSTEM $B8"8B$rF@$i$l$k!#(B 2.04 $B$G(B fix $B$5$l$F$$$k(B$B$N$GF~$l$+$($k!#(B

2001.11.06

citibank.co.jp $B$N>ZL@=q(B
($BD>@\(B mail, Tue, 06 Nov 2001 18:45:17 +0900)

$B!!(BCITIBANK $B$N:8>e$K$"$k!V(BCitiWorld $BEPO?!&JQ99!&MxMQ!W$r%/%j%C%/$7$F$_$^$7$g$&(B ($B;vA0$K(B JavaScript $B$rM-8z$K$9$kI,MW$,$"$j$^$9(B)$B!#(B $BM-8z4|8B@Z$l$F$^$9!#(B

$B!!@$$NCf$N6d9T$C$F$3$&$$$&$b$N$J$N$G$7$g$&$+!#(B $BF?L>4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$BO":\(B PKI $B4pAC9V:B(B: $B:G=*2s!!%-!<%o!<%I$G3X$VEE;R@/I\(B $B!AEE;R@/I\$H(BPKI$B$N4X78$r@0M}$7$h$&(B
(@IT, 2001/10/26)

$B!!!V967b$7$F$/$l!W$H8@$o$s$P$+$j$NL\I8$@$h$M$(!#(B $B%V%j%C%8G'>Z6I(BCP/CPS$B!"(B $B%m%0$O(B 3 $BG/!"%"!<%+%$%V$O(B 30 $BG/J]4I$+$"!D!D!#(B $B!V(B5.1.9 $B%*%U%5%$%H%P%C%/%"%C%W!!5,Dj$7$J$$(B$B!W!"$[$[$&!#(B $B$-$C$H!V5,Dj$7$J$$!W$H!V

$B
(@IT, 2001.10.27)

$B!!8eJT=P$^$7$?!#11$B!%(BCookie$B$N%^%K%e%"%k4IM}!J(B2$B!K!'(BCookie$B$N<+F0%U%#%k%?%j%s%0$r$d$a!"6/@)E*$K;XDj$N=hM}$r9T$o$;$k(B $B$K$"$k!V%@%$%"%m%0$rI=<($9$k!W$G$d$C$F$^$9!#(B $B0J30$J$[$I

CERT Incident Note IN-2001-12
(CERT/CC, November 5, 2001)

$B!!(BVulnerability Note VU#945216: SSH CRC32 attack detection code contains remote integer overflow $B$NOC!#$I$&$bN.9T$C$F$k$i$7$$$G$9!#(B

CERT Advisory CA-2001-30 lpd$B$KB8:_$9$kJ#?t$N@H
(CERT $B4+9p(B $B>!

$B!!3FCERT Advisory CA-2001-30 Multiple Vulnerabilities in lpd $B!#(B LAC $BK.LuHG(B$B!#(B patch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$BDI5-(B

$B!!(B2001.11.05 $B$N(B $B7Y9p!'(BiTunes 2 Mac OS X $BHG%$%s%9%H!<%i$,%O!<%I%G%#%9%/$r=i4|2=(B $B$K(B$BDI5-(B$B$7$?!#(B $B$J$s$H$J$5$1$J$$<:GT$N860x!#(B

2001.11.05

[memo:1792] Internet Explorer$B$N!V%9%/%j%W%H$K$h$kE=$jIU$1=hM}!W5!G=$NG=NO$r8!>Z$9$k(B
(memo ML, Mon, 05 Nov 2001 05:43:00 +0900)

$B!!%F%9%H$O$3$A$i(B: Internet Explorer$B$N!V%9%/%j%W%H$K$h$kE=$jIU$1=hM}!W5!G=$NG=NO$r8!>Z$9$k(B$B!#(B

$B!!(BIE 5.1 for MacOS X $B$N4D6-@_Dj8+$F$_$^$7$?$,!"$=$b$=$b!V%9%/%j%W%H$K$h$kE=$jIU$1=hM}$N5v2D!W$,$"$j$^$;$s$M!#(B $B$G!"%F%9%H$7$F$b$J$s$b=P$F$-$^$;$s!#(B $B$-$C$H!"$3$NE@$K$D$$$F$O$^$H$b$J$B@P@n$5$s(B$B!#(B $B$b$A$m$s(B JavaScript ($B$D!<$+(B JScript $B$+(B?) $B$O(B IE for Mac $B$G$b$A$c$s$HF0$-$^$9!#(B $BF0$+$J$$$H(B Microsoft $B<+?H$,(B (!) $B:$$j$^$9!#(B

$B!!0lJ}!"(BMSIE 6 for Windows $B$G!V%9%/%j%W%H$K$h$kE=$jIU$1=hM}$N5v2D!W$r!V%@%$%"%m%0$rI=<($9$k!W$H$7$F$*$/$H!"(B$B$3$s$J%@%$%"%m%0(B$B$,=P$F$-$F3Z$7$$$G$9!#(B $B$^$?!"%@%$%"%m%0$N%G%U%)%k%HCM$O!V$$$$$(!W$N$h$&$J$N$G$9$,!"(B IntelliPoint $B$N%W%m%Q%F%#$G!V%]%$%s%?$r<+F0E*$K5,Dj$N%\%?%s>e$K0\F0$9$k!W$rM-8z$K$7$F$$$k$H!"$J$<$+!V$O$$!W$K%]%$%s%?$,0\F0$7$^$9!#(B $B3Z$7$$$G$9$M!#(B

Microsoft Passport to Trouble
(ZDNet, 2001$BG/(B11$B7n(B5$BF|!!(B02:50 PM)

$B!!(BCSS $B$K$D$$$F$O!"9bLZ$5$s$N(B $B%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$KBP$9$kEE;R>& $B$r;2>H!#(B $B$3$N(B Passport $B$N7o$b!"4pK\E*$K$O!V(B2. $B%/%m%9%5%$%H%9%/%j%W%F%#%s%0@HZ%7%9%F%`$r;H$&$H$J$k$H!"(B $BA4BN$N%;%-%e%j%F%#%l%Y%k$O:G0-$N%5%$%H$N%;%-%e%j%F%#%l%Y%k$K0MB8$9$k$h$&$J5$$,$9$k$N$,%"%l%2$J$h$&$J5$$,$9$k$N$O5$$N$;$$$G$7$g$&$+!#(B $B$;$a$F%"%/%F%#%V%9%/%j%W%H@Z$l$l$P$$$$$H;W$&$N$G$9$,!"$=$&$O$$$+$J$$$N$,$^$?%"%l%2!#(B

$B!!$A$g$C$H;n$7$F$_$?$H$3$m!"(B<_img $B$OBP:v$5$l$?$h$&$K8+$($^$9!#(B

$B!!4XO"5-;v(B:

$B!!!V(B$B$3$l$i$OHs>o$K@vN}$5$l$?$B!W!"(B $B$@$+$i2?(B? $BF,$N$$$$%d%D$O%^%U%#%"$d%d%/%6$K$b$$$k$@$m$&$7$5!#(B

$B%F%m$KMI$l$kJF9q$G9b$^$k(BNational ID$BO@Ah(B
($BF|7P(B IT Pro, 2001/11/05)

$B!!3N$+$K!"%G!<%?%Y!<%920$OLY$+$k$@$m$&$J$"!#(B $BF|K\$O!V4k6H$,>CHqpJs$r4JC1$K=8$a$?$j!$;H$C$?$j!W(B$B$G$-$k(B$B9q$G$9$,!"$K$b$+$+$o$i$:(B National ID $B$bF3F~$5$l$^$9!#(B $B$G!"(B$BLr=j$X$NFO$1=P!"BgH>$O%M%C%H$G!!AmL3>J$,7W2h(B $B$HBg7j$"$1$kM=Dj$G$9!#$h$+$C$?$M!#(B

$B%^%$%/%m%=%U%H$N(BIIS$B!'$H$I$^$k$Y$-$+!$>h$j49$($k$Y$-$+(B
(ZDNet $B%(%s%?!<%W%i%$%:(B, 2001.11.02)

$B!!$J$+$J$+6=L#?<$$FbMF$G$9!#(B Cold Fusion$B!"(BSolaris $BHG$OF|K\8lHG$b$"$k$N$+!#(B Linux $BHG$K$O$J$$$N$M!#(B

Cross-site Scripting Flaw in webalizer
(BUGTRAQ, Wed, 24 Oct 2001 22:18:14 +0900)

$B!!(Blog $B%"%J%i%$%6(B webalizer $B$K(B cross-site scripting $B$9$kfix $B$5$l$F$$$k(B$B!#(B RedHat fix$B!#(B FreeBSD ports $B$b(B fix $BF~$C$F$^$9!#(B

$B!!$=$&$+!"9-$/;H$o$l$F$$$k%=%U%H$J$s$@!#$U$%$s!#(B

RedHat Linux $BJ}LL(B fix
(redhat-watch-list $B$J$I(B)

$B!!$J$s$+!"$d$?$i=P$F$k$7!#(B

  • RHSA-2001:142-15] kernel 2.2 and 2.4: syncookie vulnerability

    syncookie $B$^$o$j$G(B DoS $B967b$rsyn cache $B$b;2>H!#(B

  • [RHSA-2001:112-10] Printing exposes system files to reading.

    (link fixed: $BCf;3$5$s46

    ghostscript $B$r(B lpd $B%U%#%k%?$H$7$FMxMQ$9$k>l9g(B -dSAFER $B%b!<%I$r;H$C$?$j$9$k$H;W$&$,!"(B -dSAFER $B%b!<%I$O(B 

    -dSAFER
        Disables the "deletefile" and  "renamefile"  opera-
        tors  and  the  ability  to  open files in any mode
        other than read-only.  This may  be  desirable  for
        spoolers  or  other  sensitive environments where a
        badly written or malicious PostScript program  must
        be prevented from changing important files.

    $B$H$$$&$b$N$J$N$G!"0-0U$"$k!V(Bread$B!W%j%/%(%9%H$K$OL5NO$@$H$$$&OC!#(B $B$3$l$KBP93$9$k$?$a!"(B print spooling context $B$G$O(B read $B$b$G$-$J$$$h$&$K$9$k=$@5$,$5$l$?$=$&$@!#(B $B$A$g$C$HA0$K$b(B fix $B=P$F$?$1$I!"(B

    [UPDATE] : previous versions of this errata used packages:
    rhs-printfilters-1.46-6,
    rhs-printfilters-1.63-2.rh6.2,
    rhs-printfilters-1.63-2.rh6.2j,
    rhs-printfilters-1.81-2.rh7.0, and
    rhs-printfilters-1.81-2.rh7.0j.

    These caused spools to break upon upgrade, though they could easily be fixed
    by editing the spools with printtool. The updated versions of the errata
    packages address this bug.

    $B$@$=$&$G!#(B $B;2>H(B: kawa $B$5$s$A(B

  • [RHSA-2001:101-07] New ucd-snmp package to fix several security vulnerabilities

    - /tmp race and setgroups() privilege problem
    - Various buffer overflow and format string issues
    - One signedness problem in ASN handling

    $B$H$$$&$o$1$G(B remote $B$+$i(B root $B

  • [RHSA-2001:102-10] New teTeX packages available

    fixing a temporary file handling vulnerability and an insecure invocation of dvips in a print filter $B$@$=$&$G$9!#(B

  • [RHSA-2001:147-07] remote exploit possible in lpd

    The lpd printing daemon possess a flaw in the displayq code which makes a remote buffer overflow attack possible $B$@$=$&$G$9!#(B

$B%G%U%)%k%H!&%$%s%9%H!<%k$H$<$$
($BF|7P(B IT Pro, 2001.11.02)

$B!!(BWizard $B$J$s$F$4N)GI$JL>A0$r$D$1$k$N$,$h$/$J$$$G$9$h$M$(!#(B Novice $B$H$+(B Bogus $B$H$+$@$C$?$i$_$s$J!V$3$j$c$!<+J,$GLLE]8+$K$c$+$s$o(B (Nagoya dialect)$B!W$H;W$&$@$m$&$K!#(B

$B7Y9p!'(BiTunes 2 Mac OS X $BHG%$%s%9%H!<%i$,%O!<%I%G%#%9%/$r=i4|2=(B
(Macintosh $B%H%i%V%k%K%e!<%9(B, 01/11/5)

$B!!(BiTunes $B$N%Z!<%8(B $B$K$O$3$s$J$U$&$K=q$$$F$"$j$^$9$M(B:

Apple has identified an installer issue with iTunes 2.0 for Mac OS X that affects a limited number of systems running Mac OS X with multiple volumes (drives or partitions) mounted. For those systems, running the iTunes 2.0 installer can result in loss of user data. While this error is highly unlikely to affect most users, Apple strongly advises that anyone who has downloaded the 2.0 version of iTunes for Mac OS X, as well as anyone who has a beta version of iTunes 2.0 for Mac OS X, immediately remove the iTunes.pkg installer file from their system. A new version that corrects this issue, iTunes 2.0.1 for Mac OS X, is now available from this page. Users who have already installed iTunes 2.0 without incident do not need to reinstall iTunes 2.0.1, but they should still immediately remove the 2.0 installer file from their system. This issue does not affect users of iTunes 2.0 for Mac OS 9.

$B!!(BWhile this error is highly unlikely to affect most users $B$C$F%"%s%?!"$=$s$J$N8@$$$o$1$K$J$i$s$C$7$g!#(B $B$3$&$$$&CWL?E*$J%P%0$r3+H/85<+$i=P$7$F$$$k$h$&$G$O!"(B $B$^$@$^$@(B MacOS X $B$O4+$a$i$l$J$$$h$J$"!#(B

$B!!(B$B@P@n$5$s$A(B$B$K$b$C$H>\$7$$5-;v$"$j$^$9!#(B

2001.11.06 $BDI5-(B:

$B!!(BiTunes 2.0 for Mac OS X$B%$%s%9%H!<%k%Q%C%1!<%8;HMQ$K$h$k%G!<%?>C<:$N2DG=@-(B $B$K$h$k$H!"860x$O$J$s$H%7%'%kJQ?t$N$>$s$6$$$J;2>H$G$"$k$H$$$&!#(B $B$U$D$&(B "" $B$G0O$`$G$7$g$&$,!D!D!#$@$a$9$.!#(B

$B6[5^;vBV$KBP$9$k7W2h$HBP=h(B
($B%,!<%H%J!<(B, 2001.10.26)

$B!!(BUnix $B%P%C%/%"%C%W(B & $B%j%+%P%j(B (2 $B>O$9$2$'$$$$$C$9(B) $B$K$b=P$F$^$7$?$1$I!"(Boff-site backup $B=EMW$G$9$h$M$(!#(B $B$$$D!V$J$i$:

$B!!(BUNIX $BK\(B $B$d(B $B%7%9%F%`(B & $B%M%C%H%o!<%/4IM}K\(B$B!"(B $B%;%-%e%j%F%#K\(B $B$NMs$K(B Unix $B%P%C%/%"%C%W(B & $B%j%+%P%j(B$B$,JB$s$G$J$$$N$OITE,@Z$@$H;W$$$^$9(B > O'Reilly$B!#(B

2001.11.02

[XCCC] Exchange $B4D6-$G$N(B IIS Lockdown $B$H(B URLscan $B$N@_Dj(B
($B?7Ce%5%]!<%H5;=Q>pJs(B, 2001.11.02)

$B!!(BExchange 5.5 $B$H(B Exchange 2000 $B$KBP1~$7$F$^$9!#(B

$B%&%#%k%9%P%9%?!<(B 2002 $B4XO"(B
($B:G?7$N%=%j%e!<%7%g%s(B-$BA4@=IJ(B, 2001.11.01)

$B!!%&%#%k%9%P%9%?!<(B 2002 $B$N%Q!<%=%J%k%U%!%$%"%&%)!<%k5!G=$O!"%G%U%)%k%HCM$,%-%D$a$K$J$C$F$$$k$N$+$7$i$s(B? $B!V(B$BF1Iu$5$l$F$$$^$9!V=i$a$F$N%Q!<%=%J%k%U%!%$%"%&%)!<%k!W$K4JC1$J@_DjEy$,:\$C$F$$$^$9$N$G0lEY$*FI$_$/$@$5$j$^$9$h$&$*4j$$$$$?$7$^$9(B$B!W(B $B$@$=$&$G$9!#(B

$B!!!D!D$&$o!"(B$B:G?7$N%=%j%e!<%7%g%s(B-$BA4@=IJ(B $B$K;3$N$h$&$J(B 2002 $B4XO"%I%-%e%a%s%H$,!#(B $B$H$F$b>R2p$7$-$l$s!#(B

$B%W%i%$%P%7!
(CNET, Wed 31 Oct 2001 18:00 PT)

$B!!!VE($K$G$-$J$$$J$iL#J}$K$7$F$7$^$(!W(B? $B$J$<$+(B link $B$,$"$j$^$;$s$,!"!V%W%i%$%P%7!<:bCD!W$O(B http://www.privacyfoundation.org/ $B$G$9!#(B Richard Smith's Tipsheet $B$H$$$&%Z!<%8$b$"$j$^$9!#(B

2001.11.01

IIS$B$N%;%-%e%j%F%#$r6/2=$9$k%"%I%*%s%D!<%k(B
(ZDNet $B%(%s%?!<%W%i%$%:(B, 2001.10.31)

$B!!

$B%9%Q%`$r>rNc$G5,@)!!El5~ET?35D2q$,Ds8@(B
(ZDNet, 2001.10.31)

$B!!(BNo $B$H8@$($kEl5~(B? $B$7$+$7$h$/$h$/FI$`$H!"!V>CHqr7o$G!V;v6H]$+$i30$9;]$,L@5-$5$l$F$^$9$M!#(B

$B!!(B2001.11.15 $B$^$G$40U8+Jg=8$7$F$$$k$h$&$J$N$G!"(Bfeedback $B$O$*Aa$a$K!#(B

$B!!$=$&$$$($P!"(B$B9-9p20$5$s$,(B $B5vBzIU$-%@%$%l%/%H%a!<%k$O8z2LBg(B$B$J$s$F8@$C$F$k$i$7$$$G$9$M!#(B $BH}$K%D%P$r(B 50t?

$B!V@aLs$9$k$J$i(BLinux$B!W$r(BAmazon$B$,Z(B(1)
(ZDNet, 2001$BG/(B10$B7n(B31$BF|!!(B09:55 PM)

$B!!$J$s$8$c$3$j$c!#$3$&$$$&$3$H$r8@$C$F$$$k$+$iJr$l$i$l$k$N$K!D!D!#(B

$B!!$7$+$7!$(BLinux$B$K$OL\$K8+$($J$$%3%9%H$,$"$k$H!$(BMicrosoft$B$O
$B!!(BLinux$B$rF3F~$9$k$H!$8\5R$O%=%U%H%"%C%W%G!<%H$d%;%-%e%j%F%#$r4IM}$7$?$j!$J#?t$N%=%U%H$,6%9g$7$J$$$h$&$K$9$k$J$I!$!V<+J,$G(BOS$B$NLLE]$r8+$J$1$l$P$J$i$J$/$J$k!W$H(BMiller$B;a!#!V$=$&$$$C$?;E;v$O!$(BMicrosoft$B$N$h$&$J%=%U%H%Y%s%@!<$,$d$k$3$H$@!W(B

$B!!$3$N%F$N%8%g!<%/$O%8%g!<%/$K$J$i$J$$$C$F$3$H$,$o$+$i$J$$$N$+!#(B

  • $B8\5R$,!V(B$B%=%U%H%"%C%W%G!<%H$d%;%-%e%j%F%#$r4IM}(B$B!W$9$kI,MW$,$"$k$N$O(B Microsoft $B@=IJ$@$C$FF1$8$@!#(B $B$=$l$rBU$C$?AH?%(B (Microsoft $B<+?H$r4^$`(B!) $B$,(B CodeRed $B$d(B Nimda $B$d$=$NB>Bg@*$N(B worm/virus $B$K%d%i%l$F$$$k$N$r2?$@$H;W$C$F$$$k$N$+!#(B

  • $B$U$D$&$N(B UNIX / Linux $B$G$O(B $B!V(B$BJ#?t$N%=%U%H$,6%9g$7$J$$$h$&$K$9$k(B$B!WI,MW$J$s$F$J$$!#(B $B$=!<$f!<$3$H$K(B$B$b$N$9$4$/(B$B5$$r$D$+$&I,MW$,$"$k$N$O!"(B Doug Miller $B$5$s!"$"$J$?$N2qDLL HELL $B$J$s$F$3$H$O5/$3$i$J$$$N!#:G=i$+$i!#(B

$B!!$J$<(B IIS$B$O $B$H$+(B Gartner Column$B!'Bh(B20$B2s(B $B%^%$%/%m%=%U%H$N%;%-%e%j%F%#$KBP$9$k9M$(J}$O:,K\E*$K4V0c$C$F$$$J$$$+!)(B $B$J$s$F0U8+$,H/@8$7$F$$$k$N$+$r$-$A$s$HG'<1$G$-$F$$$l$P!"$3$&$$$&H/8@$O$5$l$J$$$O$:$J$N$@$,!#$=$l$H$b$3$l$O!"(B 3rd JWNTUG Open Talk $BMQ$N%M%?Ds6!$N$D$b$j$J$N$+(B? ($B$=$l$O$J$$$@$m$&$,!D!D(B)

$B!!$H$3$m$G!"(BDLL Hell $B$N=*_a(B $B$N(B $B>-Mh$NJ}8~@-(B $B$G1d$Y$i$l$F$$$k;v9`$C$F!"(BWindows XP $B$G$O

$B7P:Q;:6H>J!$(BWeb$B%"%W%j$N%;%-%e%j%F%#LdBj$X$NBP1~$r4X78CDBN$KMW@A(B
($BF|7P(B IT Pro, 2001/10/31)

$B!!(BIPA $B$N(B Web$B%5%$%H$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0@HpJs(B $B$C$F!"(B10/29 $B$K!V(BWeb $B%5!<%P!<%7%9%F%`%$%s%F%0%l!<%?!<8~$1$N5;=Q>pJs!W$,BgI}DI5-$5$l$F$$$?$s$G$9$M!#CN$j$^$;$s$G$7$?!#(B

$B!!$3$l$G@$$NCf$b$h$&$d$/>/$7$OF0$-$^$9$+$M$(!#(B

$B9T@/$N8D?M>pJsJ]8nK!2~@5!!!!41$K4E$/L1$K87$7$$FbMF$K(B
($BKhF|(B, 2001-10-31)

$B!!!V(B$B2f$,9q$N7{K!$G$O!"9T@/5!4X$,E,@5$J$B!W(B $B$H$$$&:BD9$O(B $B!VLP6z=S!&85Fb3UK!@)6ID941!W!#(B $BH?O@$K$J$C$F$J$$$h!#(B $B$7$g$;$s!V%d%/?M$NO@M}!W$K$9$.$J$$$3$H$K5$$,$D$$$F$$$k$N$+$$$J$$$N$+!#(B

$B!!OC$NN.$l$+$i$9$k$H!"!V=;L14pK\BfD"%M%C%H%o!<%/%7%9%F%`!W$O!"(B $B$d$C$Q$j%/%i%C%/!&0-MQ$5$l$k$3$H$,A0Ds$J$N$G$7$g$&$M!#(B

HEADS UP: a bunch of ipfw MFC in the next 1-2 days
(freebsd-ipfw ML, Thu, 01 Nov 2001 10:37:55 +0900)

$B!!(BFreeBSD $B$N(B ipfw $BJQ99M=9p!#(B

Netscape 6.2 Release Notes
(Netscape, 30 October, 2001 17:04 PST)

$B!!$U$HFI$s$G$_$F5$$,$D$$$?E@(B:

  • Digest authentication is not supported in this release$B!#(B $B$^$@$_$?$$!#(B

  • File URLs will not be read if they are inside a network based (HTTP) document. To disable this feature, add the following pref (instructions here):

    user_pref("security.checkloadURI", false);

    non-local (Internet $B$K$"$k(B) $B$H$7$F07$&%*%W%7%g%s$,$[$7$$$h$&$J5$$,!#4{$K$"$k$N$+$J$"!#(B

  • Netscape may not be able to connect to some secure (https) IBM Web servers. This is a problem with the servers' software, not with Netscape .

    $B!V(BIBM Web servers' software$B!W$N(B fix $B$C$F$"$k$s$@$m$&$+!#(B

  • Port restrictions. For security reasons, Netscape does not allow connections to certain ports. To override this on a per-port basis, add a comma-separated list of ports to default/all.js (in your Netscape installation directory). For example, to unblock ports 1, 3, and 7, use the following line: pref("network.security.ports.banned.override", "1,3,7"); Note that this cannot be done on a per profile basis - it must be done for the entire Netscape installation.

    $B

$B!!%@%&%s%m!<%IEy$O(B Netscape 6.2 $B$N35MW(B $B$+$i!#35MW%Z!<%8$+$i%j%j!<%9%N!<%H$X$?$I$j$D$1$J$$$N$O$J$s$H$+$7$F$[$7$$$J$"!#(B

$B!!$J$*(B Sun Microsystems, Inc. Security Bulletin 00208: Swing $B$N7o$@$,!"(BNetscape 6.2 for Windows $B$r(B Windows 2000 $B$K%$%s%9%H!<%k$7$F$_$?$H$3$m!"(Bjava -version $B$N=PNO$O(B $B$3$&$J$C$?(B: 

java version "1.3.1"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.1-b24)
Java HotSpot(TM) Client VM (build 1.3.1-b24, mixed mode)
[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B