�$B%;%-%e%j%F%#%[!<%k�(B memo - 2002.06
Last modified: Wed Feb 26 18:52:09 2003
+0900 (JST)
�$B!!�(B2002.06.27
�$B$N�(B
Pine Internet Security Advisory PINE-CERT-20020601:
Remote buffer overflow in resolver code of libc
�$B$K$^$?DI5-$7$?!#�(B
bind 9 �$B$rMxMQ$7$?2sHrJ}K!!#�(B
JPCERT/CC �$BCm0U4-5/!#�(B
�$B!!�(BCISCO IOS�$B!"�(BPIX Firewall�$B!"�(BCatOS �$B$,F0:n$9$k�(B Catalyst 6000�$B!"�(BCisco 11000 Content Service Switch �$B$KCisco Security Advisory: Multiple SSH Vulnerabilities
�$B$rE,MQ$7$?>l9g$K!"967bSSH CRC32 attack
�$B$r9T$&$H!"�(BSSH �$B%b%8%e!<%k$,�(B CPU �$B$r?)$$$^$/$C$F�(B DoS �$B>uBV$K$J$C$F$7$^$C$?$j!"$"$k$$$O�(B reboot �$B$7$F$7$^$C$?$j$9$k!#�(B
�$B!!�(Bpatch �$B$,$"$C$?$j$J$+$C$?$j$9$k$h$&$J$N$G!"$4MxMQ$N�(B IOS �$BEy$N%P!<%8%g%s$r$*3N$+$a$N>e$4BP1~$r!#�(B
�$B!!%U%!%$%k$N$D$/$jJ}$K$$$m$$$m$HLdBj$,$"$k$h$&$G!#�(B
�$B!!�(B2002.06.27
�$B$N�(B
Pine Internet Security Advisory PINE-CERT-20020601:
Remote buffer overflow in resolver code of libc
�$B$KDI5-$7$?!#�(BNetBSD Advisory�$B!"�(Bbind 4.9.9/8.2.6/8.3.3 �$BEP>l!#�(B
�$B!!�(B2002.06.27
�$B$N�(B
CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Handling
�$B$KDI5-$7$?!#�(BNetBSD, Kondara, RedHat �$B$+$i$N�(B Advisory�$B!#�(B
�$B!!�(BFreeBSD, OpenBSD, NetBSD �$B$K4^$^$l$k�(B DNS
resolver �$B%3!<%I$K�(B buffer overflow �$B$9$k
�$B!!�(Blibc �$B$rF~$l$+$($?$"$H$G!"�(Bstatic link �$B$5$l$F$$$k%3%^%s%I$O:n$j$J$*$9I,MW$,$"$k!#�(B
�$B!!�(BNetBSD�$B$N�(Blibc�$B$K%j%b!<%H$+$i$N%P%C%U%!%*!<%P!<%i%s$N4m81@-�(B (�$BB>�(BUNIX�$B$b�(B)
(slashdot.jp) �$B$N�(B �$B$3$N5-;v�(B �$B$K$h$k$H!"�(Bglibc �$B$K$bF1$8LdBj$,$"$k$i$7$$!#�(B
2002.06.28 �$BDI5-�(B:
2002.06.28 �$BDI5-�(B part 2:
�$B!!$^$@$^$@>u67$O3HBg$7$=$&$G$9!#�(B
2002.07.01 �$BDI5-�(B:
�$B!!�(Bsendmail �$BOC$O0c$&OC$G$"$k$3$H$,L@3N$K$J$C$?$N$G5-=R$r%3%a%s%H%"%&%H$7$?!#�(B
2002.07.02 �$BDI5-�(B:
2002.07.12 �$BDI5-�(B:
�$B!!�(BCA-2002-19
�$B$,99?7$5$l$F$$$^$9!#�(B
IBM AIX �$B$O%/%m!#�(B
GNU glibc �$B$b
�$B%[%9%HL>2r7h�(B (/etc/nsswitch.conf �$B$N�(B host: �$B%(%s%H%j�(B)
�$B$K$*$$$F$O!"�(Bglibc 2.1.2 �$B0JA0$GLdBj$,H/@8!#�(B
�$B$$$^$I$-$NB?$/$N�(B Linux �$B$KEc:\$5$l$F$$$k�(B glibc 2.1.3
�$B$G$OLdBj$K$O$J$i$J$$!#�(B
�$B%M%C%H%o!<%/L>2r7h�(B (/etc/nsswitch.conf �$B$N�(B networks: �$B%(%s%H%j�(B)
�$B$K$*$$$F$O!"�(Bglibc 2.2.5 �$B0JA0$GLdBj$,H/@8!#�(B
�$B$$$^$I$-$NB?$/$N�(B Linux �$B$KEc:\$5$l$F$$$k�(B glibc 2.1.3
�$B$G$bLdBj$K$J$k$,!"�(Bnetworks: �$B$G�(B DNS �$B$rMxMQ$7$F$$$kNc$O$^$:$J$$$H;W$o$l$k!#�(B
glibc 2.1.3 �$B0J9_$K�(B upgrade �$B$7$?>e$G�(B patch
�$B$rE,MQ$7!"�(Bstatic link �$B$5$l$F$$$k%W%m%0%i%`$r:F%3%s%Q%$%k$9$k$3$H$,?d>)$5$l$F$$$k!#�(B
info from: [memo:4540]�$B!"�(B[memo:4542]�$B!#�(B
djb �$B;a$K$h$k�(B DNS client (resolver) �$B%i%$%V%i%j$,�(B
public domain �$B@k8@$5$l$?�(B:
Re: Remote buffer overflow in resolver code of libc�$B!#�(B
2002.07.23 �$BDI5-�(B:
2002.08.01 �$BDI5-�(B:
2002.08.29 �$BDI5-�(B:
�$B!!�(BDNS resolver�$B$N@H�$B!#�(B
resolver �$BF~$l$+$($,I,MW!#�(B
2002.10.02 �$BDI5-�(B:
�$B!!�(BGNU glibc Information for VU#738331�$B!#�(B
2002-09-04 Roland McGrath <roland@redhat.com>
* resolv/nss_dns/dns-network.c (MAXPACKET): Increase minimum value
from 1024 to 65536, to avoid buffer overrun.
�$B$H$$$&$N$,2C$o$C$F$k$s$G$9$M!#�(B
2002.12.26 �$BDI5-�(B:
�$B!!�(BJP1/Agent for Process Management�$B$K4X$9$k%;%-%e%j%F%#LdBj$X$NBP1~�(B�$B!#�(B
�$B!!�(B2002.06.19
�$B$N�(B
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
�$B$KDI5-$7$?!#�(BOracle�$B!"�(BIBM �$B$N�(B patch �$B=P$^$7$?!#�(B
�$B!!�(BCommerce Server 2000/2002 �$B$K�(B 4 �$B$D$N
�$B!!�(Bpatch �$B$,$"$k$N$GE,MQ$9$l$P$h$$!#�(B
�$B!!�(BWindows Media Player 6.4/7.1, Media Player for Windows XP �$B$N!VN_@QE*$J=$@5%W%m%0%i%`!W!#4{CN$N!"0J2<$N�(B 3 �$B$D$NLdBj$,=$@5$5$l$k�(B:
Windows Media Player �$B$K$h$k%-%c%C%7%e$N%Q%9$N8x3+�(B (CAN-2002-0372)
Media Player �$B$,�(B
�$BFCDj$N7A<0$N%;%-%e%"%a%G%#%"%U%!%$%k$r07$&;~$K!"%5!<%P$KBP$7$F!"�(BIE cache �$BCf$N%U%!%$%k$N0LCV$rK=O*$7$F$7$^$&!#$3$l$K$h$j�(B IE cache �$B$N>l=j$,$o$+$k$N$G!"0-0U$"$k�(B web �$B%5!<%P4IM}
Windows �$B%a%G%#%"%G%P%$%9%^%M!<%8%c%5!<%S%9$K$h$k8"8B$N>:3J�(B (CAN-2002-0373)
Windows Media Device Manager
Service �$B$,�(B local storage device �$B$r07$&:]$K�(B local SYSTEM �$B8"8B$G9T$C$F$7$^$&$?$a!"$3$l$r0-MQ$9$k$H0lHL%f!<%6$,�(B local SYSTEM �$B8"8B$r
Windows 2000 �$B>e$N�(B Windows Media Player 7.1 �$B$N$_$NLdBj!#$^$?!"%?!<%_%J%k%;%C%7%g%s$N>l9g$K$bLdBj$,2sHr$5$l$k!#�(B
�$B%a%G%#%":F@8%9%/%j%W%H$N8F$S=P$7�(B (CAN-2002-0615)
�$B%9%/%j%W%H$r%^%$%3%s%T%e!<%?%>!<%s8"8B$G
�$B!!�(Bpatch �$B$,$"$k$N$GE,MQ$9$l$P$h$$!#�(B
2002.07.26 �$BDI5-�(B:
�$B!!�(Bpatch �$B$,:F%j%j!<%9$5$l$F$$$k!#�(B
�$BN_@QE*=$@5%W%m%0%i%`$J$O$:$@$C$?$N$K!"�(BMS01-056 �$B$G=$@5$7$?%U%!%$%k$,7g$1$F$$$?LOMM!#@N�(B MS01-056 �$B$rE,MQ$7$?$3$H$,$"$C$??M$K$O4X78$J$$$,!"�(B
�$B:G6a�(B Windows �$B$r?75,%$%s%9%H!<%k$7$?>l9g$J$I!"2a5n$K�(B MS01-056 �$B$rE,MQ$7$F$$$J$$?M$O!":F%Q%C%1!<%8$5$l$??7�(B MS02-032 �$B=$@5%W%m%0%i%`$r:FE,MQ$7$h$&!#�(B
�$B!!�(BExcel 2000/XP�$B!"�(BWord XP �$BMQ$N!VN_@QE*$J=$@5%W%m%0%i%`!W!#4{CN$NLdBj$NB>$K�(B
4 �$B$D$NLdBj$,=$@5$5$l$F$$$k!#!V�(BHTML �$B%9%/%j%W%HExcel XP xml stylesheet problems (Georgi Guninski security advisory #55, 2002) �$B$NOC�(B (CAN-2002-0618)�$B!#�(B
�$B!V!V�(BWord �$B$N:9$79~$_0u:~5!G=!W$N@HA variant of "Word Mail Merge" vulnerability �$B$NOC�(B (CAN-2002-0619)�$B!#�(B
�$B!!�(Bpatch �$B$,=P$F$$$k$N$GE,MQ$9$l$P$h$$!#�(B
�$B!!�(BRe: Upcoming OpenSSH vulnerability
�$B$NOC$G$9$,!"$"$i$?$a$F!#�(B
�$B!!�(BOpenSSH 2.3.1p1 �$B!A�(B 3.3 �$B$^$G$K�(B 2 �$B$D$N
�$B%A%c%l%s%8%l%9%]%s%9G'>ZMxMQ;~$K�(B integer �$B$,%*!<%P!<%U%m!<$7$F$7$^$&$?$a!"$3$l$rMxMQ$7$F�(B remote �$B$+$iG$0U$N%3!<%I$r�(B sshd �$BZ$,M-8z$J>l9g$K3:Ev!#�(B
�$B$3$NLdBj$rMxMQ$7$?�(B exploit �$B$O4{$KB8:_$9$k$H$$$&!#�(B
�$B>\:Y�(B: Internet Security Systems �$B%;%-%e%j%F%#�(B �$B%"%I%P%$%6%j�(B
�$B!V�(BOpenSSH �$B$G$N%j%b!<%H�(B �$B%A%c%l%s%8$N@H
�$B%A%c%l%s%8%l%9%]%s%9G'>ZMxMQ;~$K%P%C%U%!%*!<%P!<%U%m!<$7$F$7$^$&$?$a!"$3$l$rMxMQ$7$F�(B remote �$B$+$iG$0U$N%3!<%I$r�(B sshd �$BZ$rMxMQ$9$k�(B PAM �$B%b%8%e!<%k�(B (PAMAuthenticationViaKbdInt) �$B$r;HMQ$7$F$$$k>l9g$K3:Ev!#�(B
�$B$3$NLdBj$,�(B exploit �$B2DG=$+H]$+$O8=;~E@$G$OITL@!#�(B
�$B!!BP1~$9$k$K$O!"�(BOpenSSH 3.4 �$B0J>e$K0\9T$9$k$+!"$"$k$$$O�(B Revised OpenSSH Security Advisory (adv.iss)
�$B$K<($5$l$F$$$k�(B patch �$B$rE,MQ$9$k!#�(BOpenSSH 3.3 �$B0J9_$G%G%U%)%k%HM-8z$H$J$C$F$$$k�(B
privilege separation �$B5!G=$rMxMQ$9$k$H!">-MhH/@8$9$k$+$b$7$l$J$$LdBj$KBP$7$F$b:G>.8B$NHo32$G:Q$`2DG=@-$,9b$$$N$G!"�(Bpatch �$BE,MQ$G$O$J$/�(B OpenSSH 3.4 �$B0J9_$G$N0\9T$,K>$^$7$$!#$?$@$7!"�(Bprivilege separation �$B5!G=$,MxMQ$G$-$J$$�(B OS �$B$b$"$k$h$&$@!#�(B
�$B!!0\9T$"$k$$$O�(B patch �$B$rE,MQ$9$k$^$G$N2sHr:v$,$$$/$D$+B8:_$9$k!#�(B
SSH protocol version 2 �$B$rL58z$K$9$k!#�(B
sshd_config �$B$G�(B
Protocol 1
�$B$H$9$k!#�(B
�$B%A%c%l%s%8%l%9%]%s%9G'>Z$rL58z$K$9$k!#�(BOpenSSH 2.9 �$B$h$j8e$N%P!<%8%g%s$GMxMQ$G$-$k!#�(B
sshd_config �$B$G�(B
ChallengeResponseAuthentication no
�$B$H$9$k!#�(B
PAM �$B$K$*$1$kBPOCE*%-!<%\!<%IG'>Z$rL58z$K$9$k!#�(BOpenSSH 2.9 �$B$h$j8e$N%P!<%8%g%s$GMxMQ$G$-$k!#�(B
sshd_config �$B$G�(B
PAMAuthenticationViaKbdInt no
�$B$H$9$k!#�(B
OpenSSH 2.3.1p1 �$B!A�(B 2.9 �$B$K$*$$$F$O!"�(B
KbdInteractiveAuthentication no �$B$H�(B
ChallengeResponseAuthentication no �$B$NN>J}$r;XDj$9$l$P2sHr$G$-$k!#�(B
(�$B5-=R=$@5�(B: �$B8M@n$5$s46
�$B!!�(Bpatch, fix package �$BEy�(B:
�$B!!4XO">pJs�(B:
OpenSSH �$B%5!<%P%W%m%0%i%`$N@H
(JPCERT/CC)
installer ML �$B$N�(B
[installer 7352]
�$B$K$*$$$F!"�(BFreeBSD 4.6-RELEASE / STABLE �$B$K$*$$$F$O!"�(BOpenSSH 3.4p1 �$B$N�(B configure �$B$N�(B 6544 �$B9TL\�(B (#include <sys/mman.h>) �$B$NA0$K�(B #include <sys/types.h> �$B$rA^F~$7$J$$$H�(B #define HAVE_MMAP_ANON_SHARED 1 �$B$,Dj5A$5$l$J$+$C$?!"$H;XE&$5$l$F$$$k!#�(B
�$BF1MM$N%l%]!<%H�(B: Re: new sshd 3.4p1 (freebsd-security ML)
2002.06.28 �$BDI5-�(B:
�$B!!�(BVulnerability Note VU#369347:
OpenSSH vulnerabilities in challenge response handling
�$B$b;2>H!#�(B
2002.07.01 �$BDI5-�(B:
2002.07.05 �$BDI5-�(B:
�$B"#�(B
sendmail 8.12.5
(installer ML, Wed, 26 Jun 2002 14:25:06 +0900)
�$B!!�(Bsendmail 8.12.5 �$B=P$F$$$^$9!#�(B
SECURITY: The DNS map can cause a buffer overflow if the user
specifies a dns map using TXT records in the configuration
file and a rogue DNS server is queried. None of the
sendmail supplied configuration files use this option hence
they are not vulnerable. Problem noted independently by
Joost Pol of PINE Internet and Anton Rang of Sun Microsystems.
�$B$@$=$&$G$9!#�(B
2003.02.26 �$BDI5-�(B:
�$B!!�(BCVE: CAN-2002-0906�$B!#�(B
�$B!!�(BJPCERT/CC �$B$K$h$kO":\$NBh�(B 1 �$B2s!#�(B
�$B!!�(B2002.06.25
�$B$N�(B
Re: Upcoming OpenSSH vulnerability
�$B$KDI5-$7$?!#�(BDebian �$B>pJs99?7!"�(BOpenSSH 3.4 �$BEP>lM=9p!#�(B
�$B%I%$%D7h>!?J=P!A!A�(B!
SSH�$B%3%_%e%K%1!<%7%g%s%:!!650i5!4X$KH>3[$G0E9f2=%=%U%H�(B (�$BKhF|�(B)�$B!#�(B
�$B!o�(B6,900- �$B$J$iGc$C$F$_$h$&$+$J!"$H;W$&$h$M!#8D?ME*$K$O�(B PuTTY �$B$G$8$e$&$V$s$J$s$@$1$I!#�(B
Press Release�$B!#�(B
�$BJ82J>J!"=jF@1#$7$a$0$jDk5~BgAmD9$+$i;v (asahi.com)�$B!#$D$$$KMh$?!"$C$F46$8�(B?
�$BH?@jNN!&J?OB%l%]!<%H�(B NO.19 (2002/06/18) �$B%8%'%K%sBg5T;&$rD>@\?k9T$7$?J<;N$N>Z8@�(B�$B!#�(B
[aml 28612] �$BKI1RD#%j%9%HLdBjJs9p=q�(B�$B!#$J$k$[$I!"!VM}A[$N8xL30w!W$G$9$+�(B (�$B>P�(B)�$B!#�(B
�$B%Y%M%:%(%i:F%/!<%G%?$N4m81�(B
(�$B%k!&%b%s%I!&%G%#%W%m%^%F%#!<%/F|K\8lHG�(B)�$B!#�(BU.S.A.!! U.S.A.!!
N+I TOKYO 2002 Samba BOF
Samba�$BF|K\8lHG$d$a$A$c$C$F$b$$$$$+$J!)!AK\Ev$KI,MW!)�(B�$B!#�(B
2002.07.04 18:30-20:00�$B!#$&$%!"6=L#?<$$$1$l$I@hLs$,$"$k$N$G;22C$G$-$J$$$J$"!D!D!#�(B
�$B%V%m!<%I%P%s%I;~Be$N%;%-%e%j%F%#$r9M$($k�(B 2002 �$B$+�(B
BSD�$B$J$R$H$H$-$+!"$I$C$A$K$7$h$&$+$^$@LB$C$F$kE[�(B > �$B26!#�(B
�$B!Z%l%]!<%H![%^%$%/%m%=%U%H$N%P%k%^!<�(BCEO�$B!"3X@8$H8l$k�(B - �$BEl5~Bg3X%7%s%]%8%&%`$K$F�(B (MYCOM PCWEB)�$B!#!V�(B�$B%*!<%W%s%=!<%9$O$$$^$^$G$K$"$k5!G=$r�$B!W!#==J,$J@-G=$r;}$D�(B OS �$B$,$^$k$4$H�(B free/open source �$B$C$F$N$O!"3W?7$8$c$J$$$s$G$9$M!#$$$^$@$K�(B Windows NT 4.0 �$B$r;H$$$D$E$1$F$$$k?M$,B?$$$C$F$N$O!"�(BMicrosoft �$BN.$N!V3W?7!W$KBP$9$k%$%(%m!<%+!<%I$@!"$H$$$&5$$b$9$k$s$G$9$1$I$M!#�(B
�$B%W%m%8%'%/%H$N>eo$O3+H/$KHf$Y$F%F%9%H$d8!>Z$K$OM=;;$,3d$+$l$J$$$,!"8!>Z$N;~4V$K$O!"I,MW$@$H;W$o$l$k�(B2�$BG\$N;~4V$r$+$1$k$3$H!W$H$$$&%"%I%P%$%9$r$7$?!#�(B
Internet Explorer �$B$b$=$N$h$&$K:n$C$F$[$7$+$C$?$G$9$M!#�(B
Microsoft CEO�$B%9%F%#!<%V!&%P%k%^!<;a!"ElBg$G4pD49V1i�(B
�$B!A%7%s%]%8%&%`$G3X@8$K�(BIT�$B$NL$Mh%S%8%g%s$r8l$k�(B
(PC Watch) �$B$@$H!"$^$?%K%e%"%s%9$,0c$C$F$k$_$?$$$G$9$1$I$M!#�(B
AL-Mail32 1.13 �$B$,=P$F$$$^$9!#H>7B�(B 50m �$B0JFbE*$K$O!X�(B�$B!VE:IU%U%!%$%k$N@_Dj!W%@%$%d%m%0$G!"!VJ,3d$7$FAw?.$9$k!W$N=i4|CM$r%*%U$KJQ99$7$?�(B
�$B!Y$,=EMW$+$J!#�(B
IPA ISEC �$B$+$i�(B
�$BJ?@.�(B13�$BG/EY�(B �$B5;=Q3+H/;v6H�(B �$BAm3gJs9p=q�(B
�$B$,8x3+$5$l$F$$$^$9!#�(B
P2P�$B5;=Q$rMQ$$$?!V�(BOutlook�$B!WMQ$N%9%Q%`GS=|%D!<%k!V�(BSpamNet�$B!W�(B (INTERNET Watch)�$B!#$J$<�(B Outlook Express �$B$8$c$J$/$F�(B Outlook �$B$J$s$@$m$&!#�(B
�$B!VBeI=$r1~1g$7$=$&$@$+$i!WBaJa>u5Q2 (�$B%U%l%C%7%e%"%$�(B)�$B!#�(B
�$B$b$&$J$s$G$b%"%j$@$J$3$N9q$O!#�(B
�$BK5 (zakzak) �$B$J$s$F$N$b!"$A$g$C$H$M$(!#�(B
(info from EVERYDAY PEOPLE)
�$B!!�(B1 �$BG/$r7P$F$h$&$d$/8x3+!"$@$=$&$G$9!#�(B
�$B!!�(B2002.02.20
�$B$N�(B
[memo:2996] �$B!V�(BVAIO�$B!W$N=P2Y;~@_Dj$G?.Mj:Q$_%5%$%H$KFCDj%5%$%H$,EPO?$5$l$F$$$kLdBj�(B �$BD{@5�(B
�$B$KDI5-$7$?!#9bLZ$5$s$K$h$k%U%)%m!<5-;v$rDI5-!#?7%b%8%e!<%k3+H/$K$h$j!"LdBj$N%5%$%H$O?.Mj:Q$_%5%$%H%>!<%s$+$i30$;$k$h$&$K$J$C$?LOMM!#�(B
�$B!!�(B[memo:3933]
�$B$*$h$S�(B
[memo:4255]
�$B$K$h$k$H!"�(B�$BAmL3>J!'EE;R?=@A!&FO=P%7%9%F%`�(B
�$B$N%;%-%e%j%F%#E*$J$G$9!#�(B
�$B!!�(BISS Security Alert Summary AS02-25 �$B$G$9!#�(B
�$B!!�(B2002.06.19
�$B$N�(B
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
�$B$KDI5-$7$?!#�(BApache 1.3.x �$BMQ$N�(B official �$B$J8DJL�(B patch �$BEP>l!"B>!#�(B
�$B!!Ho323[$C$F!"9b$/$7$h$&$H;W$C$?$i$$$/$i$G$b9b$/$J$k$7$J$"!#$*$^$1$K!"?t;z$@$1FH$jJb$-$9$k$7!#%_%H%K%C%/;a$N$H$-$J$s$F!"!D!D!#�(B
�$B!!LdBj$,H/@8$9$k$N$O�(B Warez �$B$b$N!"$i$7$$!#$3$l$,K\Ev$J$i!"JQ$@$H8@$C$F$$$??M$O$_$J�(B Warez �$B;H$$$J$o$1$G!"$J$+$J$+%"%l%2!#�(B
�$B!!$1$C$-$g$/:#$@$K%$%s%9%H!<%k$G$-$F$J$$$7!D!D�(B > XP�$B!#F~
2002.09.19 �$BDI5-�(B:
�$B!!�(BFAQ �$B$,99?7$5$l!"!V�(BQ.�$B$$$h$$$h�(BWindowsXP�$B$N�(BSP1�$B$,EP>l$7$^$7$?$,!"$3$N�(BSP1�$B$K$O%;%-%e%j%F%#%+%?%m%0$,L58z$K$J$i$J$$�(BNT5INF.CA_�$B$,F~$C$F$$$k$h$&$G$9!#�(B
�$B$b$7$+$7$F$3$N%U%!%$%k$r;H$($P#57n�(B30�$BF|LdBj$O2sHr$G$-$k$N$G$O!)�(B
�$B!W�(B
�$B$,DI2C$5$l$F$$$k!#$&!<$`!D!D!#�(B
�$B!!F?L>4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#�(B
�$B!!�(B[memo:4304]
�$B$NOC$N�(B fix �$B$,F~$C$F$$$k$H;W$$$^$9!#�(B
2002.07.10 �$BDI5-�(B:
- SGI IRIX
-
- TurboLinux
-
- Kondara MNU/Linux
-
- Sun Cobalt RaQ 4
-
�$B!!�(BSUS �$B$K$D$$$F$O�(B
SQL Server �$B%f!<%6!<%0%k!<%W�(B (PASSJ)
�$B$N�(B
�$B%;%-%e%j%F%#J,2J2q�(B
ML �$B$KM-MQ$J>pJs$,$"$k$h$&$G$9!#�(B
�$B!!:G?7�(B 3.3 �$B$r4^$`�(B OpenSSH �$B$K\:YITL@�(B: �$B8xI=$OMh=5�(B) �$B$KLdBj$,$"$j!"�(Bremote �$B$+$i�(B exploit �$B2DG=$JLOMM!#$?$@$7!"�(BOpenSSH 3.3 �$B$G�(B UsePrivilegeSeparation yes �$B$7$F$$$k>l9g!"
2002.06.26 �$BDI5-�(B:
[SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability
�$B2~D{$5$l$F$$$^$9!#�(Bpotato �$BMQ%Q%C%1!<%8EP>l!#�(B
�$B$G!"�(BOpenSSH 3.3 �$B$K$O$3$s$JLdBj$,$"$k$s$@$=$&$G�(B:
- compression does not work on all operating systems since the code
relies on specific mmap features,
- the PAM support has not been completed and may break a few PAM
modules,
- keyboard interactive authentication does not work with privilege
seperation. Most noticable for Debian users this breaks PAM modules
which need a PAM conversation function (like the OPIE module).
�$B$G!"�(Bprivilege separation �$B$rM-8z$K$9$k$H!"�(Broot �$B$r
The new privilege separation support from Niels Provos changes ssh
to use a separate non-privileged process to handle most of the
work. This means any vulnerability in this part of OpenSSH can
never lead to a root compromise but only to access to a separate
account restricted to a chroot.
�$BF|K\8lK]LuHG�(B: [debian-users:33475]�$B!#�(B
�$B$+$M$3$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#�(B
�$B$H$+=q$$$F$k4V$K�(B DSA-134-3 �$B$,=P$F$k$>�(B (^^;;)
potato �$B$N�(B (�$B%G%U%)%k%H�(B) �$B@_DjJQ994XO"$NCm0UE@$,DI2C$5$l$?!"$N$+$J!#�(B
openssh.com
�$B$K$3$s$J5-=R$,�(B:
�$B8=:_�(B OpenSSH �$B$K$O$^$@8xI=$5$l$F$$$J$$@HUsePrivilegeSeparation (�$BFC8"J,N%�(B)
�$B%*%W%7%g%s$r;HMQ$9$k$h$&6/$/$*$9$9$a$7$^$9!#�(B
�$BFC8"J,N%�(B
�$B5!G=$O$3$NLdBj$r%V%m%C%/$7$^$9!#Mh=5$N7nMKF|$K$O$3$N@H
�$BQiL\$7$FBT$F!#�(B
2002.06.27 �$BDI5-�(B:
�$B!!$D$E$-$O�(B
CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response Handling
�$B$G!#�(B
�$B!V%*!<%W%s%=!<%9$K$O5;=Q3W?7$,$J$$!W!=!=%^%$%/%m%=%U%H!&%P%k%^!<�(BCEO (CNET)�$B!#$$$d$!$=$N$H$*$j!#$?$H$($P�(B Active X �$B$O!"C/$G$b4JC1$KBg7j$r$D$/$l$k$H$$$&0UL#$G$^$5$K!V3W?7!W$G$7$?$M!#�(BCode Red �$B$d�(B Nimda �$B$K$*$1$k%d%i$l$6$^$b$^$5$K!V3W?7!W$G$7$?$M!#�(B
�$B!D!D$H$+H?
LAC�$B�$B!"�(B2002.07.08 (�$B7n�(B) 13:30�$B!A�(B16:30�$B!"ET;T%;%s%?!<%[%F%k!!%*%j%*%s�(B (�$BEl5~ET@iBeED6h�(B)�$B!"�(B150�$BL>!"L5NA!#�(B
�$BF|>F$1;_$a%/%j!<%`$NE,@5NL$O!V8|EI$j!W�(B (�$BF|7P�(B BizTech)�$B!#�(B
�$B%.%c%0$C$]$/$F$$$$$G$9!#�(B
OpenSSH 3.3
�$B=P$F$$$^$9!#�(Bprivilege separation is now enabled by default
�$B$O%O%^$j$d$9$$$N$GCm0U$7$^$7$g$&!#�(B
�$B;29M�(B: [memo:4287]�$B!#�(B
Privilege Separated OpenSSH
�$B$b;2>H!#�(B
�$B%H%m%a!<%k%a%s%F%J%s%9$N$*CN$i$;�(B�$B!"$J$s$+7j$,$"$C$?$i$7$$$G$9!#�(B(info from �$B%]%1%C%H%K%e!<%9�(B)
�$BEl5~ETN)Bg5WJ]IB1!$5$s!"IB1!$,�(B Klez �$B$P$i$^$$$F$F$$$$$N�(B?
�$B8m?3$,2w5s$rH=Dj>!$A$K$7$?�(B (nikkansports.com�$B!"@$3&$r8+$k%8!<%3�(B!!)�$B!#�(B
�$B!V�(B�$B#P#K@o$G%9%Z%$%s$N%-%C%/$,;_$a$i$l$?>lLL$b!"#G#K$OL@$i$+$KA0$K=P$F$$$?!#$d$jD>$9$Y$-$@!#�(B
�$B!D!D�(B(�$BCfN,�(B)�$B!D!D�(B�$B4Z9q@o$K8B$C$FIT2D2r$JH=Dj$,B?$$!#�(B
�$B!D!D�(B(�$BCfN,�(B)�$B!D!D�(B�$B$3$l$O$b$&!"6vA3$H$O8@$($J$$!#8@$C$F$$$$$O$:$,$J$$�(B
�$B!W!#�(B
�$B$3$3$^$G8@$o$l$A$c$&>u67$C$F!"$J$s$@$+$J$"!#�(BFIFA �$B$b�(B
�$B?3H=0w$K%_%9$"$C$?!&#F#I#F#A9-JsItD9�(B (�$BF|7P�(B)
�$B$H$+8@$C$F$k%R%^$,$"$C$?$i!"2DG=$J8B$j%_%9$r2sHr$9$k
�$B$^$"!"�(BFIFA �$B<+?H$,5?OG$@$i$1$NCDBN$J$o$1$G!"$=$s$J$H$3$m$K2~A1$rMW5a$9$kJ}$,$*$^$L$1$J$N$+$b$G$9$,!#�(B
Jun 23 21:14:28 �$B$N�(B KUWcd-02p179.ppp.odn.ad.jp �$B$5$s$O�(B /etc/master.passwd �$B$r�(B get �$B$7$F$I$&$7$?$$$H;W$C$?$s$G$7$g$&$M$(!#�(B
thkw89@jp-t.ne.jp �$B$C$FC/�(B?
�$B!VAw?.@h%(%i!<$K$h$j!"G[?.$5$l$^$;$s$G$7$?!W$H$@$1=q$+$l$?$*$^$L$1%a%C%;!<%8$,�(B MAILER-DAEMON@jp-t.ne.jp �$B$+$i$o$s$5$+FO$/$s$G$9$1$I!#�(B
�$B$^$"!"�(BJ-PHONE �$B$,$*$^$L$1$G$"$k!"$H$b8@$($k$N$@$,!#�(B
�$B!!�(B2002.06.19
�$B$N�(B
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
�$B$KDI5-$7$?!#�(BTurboLinux, Kondara, Debian �$B$+$i�(B fix package �$BEP>l!#�(B
IBM, Oracle �$B$N>pJs!#�(B
eEye �$BEy$N
�$B!!�(B[memo:3953] Windows�$BHG�(BPostPet�$B$K!"E:IU%U%!%$%k$,6/@)5/F0$5$l$k%;%-%e%j%F%#%[!<%k�(B
�$B$HF1MM$K!"�(BBecky!2 2.00.08 �$B0JA0!"�(BBecky! 1.26.08 �$B0JA0$K$*$$$F$b!"E:IU%U%!%$%k$,E83+$5$l$k0LCV$,40A48GDj!"$"$k$$$OMF0W$K?dB,$G$-$k$?$a$K!"F1MM$N967b$rl9g$O967b$r2sHr$G$-$k!#�(B
1.26.09 �$B0J9_!"�(B2.00.09 �$B0J9_$G$O=$@5$5$l$F$$$k$N$G�(B upgrade �$B$9$l$P$h$$!#�(B
�$B!!�(BBecky! �$B$K$D$$$F$O!"�(B�$B%a!<%kK\J8$HE:IU%U%!%$%k$rJ,N%2DG=$K$7$?!V�(BBecky! Internet Mail�$B!W$N:G?7HG�(B (�$BAk$NEN�(B) �$B$H$$$&OC$b=P$F$$$k!#�(B
�$B!!�(BMAIL Direct�$B!"�(BHyperEdit�$B!"�(BKenm3 for Windows�$B!"�(BNet/PAD�$B!"�(BWinbiff V2.30�$B0J9_�(B
�$B$J$I$KEc:\$5$l$F$$$k�(B ActiveX �$B%3%s%H%m!<%k!"�(BEditX
�$B$N�(B 1.22 �$B0JA0$K\:Y$OITL@$@$,!"!V�(B�$B0-0U$N$"$k�(BWeb�$B%5%$%H$K%"%/%;%9$9$k$H!"�(BInternet Explorer�$B$N%G%U%)%k%H$N@_Dj$G$O!"%f!<%6!<$,5$$,IU$+$J$$$&$A$K�(BPC�$B$N%U%!%$%k$,=q$-49$($i$l$F$7$^$&2DG=@-$,$"�(B
�$B!W$C$?$N$@$=$&$@!#�(BActiveX �$B%3%s%H%m!<%k$J$N$G!"�(Bscript �$B7PM3$G%"%l%2$K$J$k!"$H$$$&O)@~$@$m$&$+!#�(B
�$B!!�(BEditX 1.23 �$B$G=$@5$5$l$F$$$k$N$GF~$l$+$($k!#>e5-�(B EditX �$BMxMQ%"%W%j$N�(B web page
�$B$K$O�(B EditX �$B$K4X$9$k7Y9p$OB8:_$7$J$$$h$&$@!#�(BWinBiff 2.3.4.8 �$B$K$O�(B
EditX 1.2.1.0 �$B$,4^$^$l$F$$$k$h$&$@!#�(B
�$B!!F?L>4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#�(B
2002.06.26 �$BDI5-�(B:
�$B!!�(BWinbiff �$B$NBP:vHGEP>l�(B: Winbiff�$B%f!<%6!<$N3'MM$X=EMW$J$*CN$i$;�(B�$B!#�(BWinbiff V2.30 �$B0J9_$N�(B EditX �$B$"$jHG$rMxMQ$7$F$$$k>l9g$KLdBj$K$J$k!"$H$5$l$F$$$k!#!V=$@5$7$?�(B EditX �$B$r:-Jq$7$?�(B Winbiff �$B%$%s%9%H!<%i!l$7$?$N$G!"$3$l$rMxMQ$7$F:F%$%s%9%H!<%k$9$l$P$h$$!#�(B
Winbiff V2.41 beta
�$B$K$D$$$F$b!"�(Bbeta6 �$B$G=$@5HG�(B EditX �$B$,F1:-$5$l$F$$$k!#�(BIKEGAMI �$B$5$s!"K'2l$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#�(B
�$B!!�(BSnortSnarf�$B!"�(BRazorBack �$B$N%$%s%9%H!<%k$H%k!<%k%;%C%H$N%A%e!<%K%s%0!#�(B
�$B!!=P$^$7$?!#$_$s$J$G;n$7$^$7$g$&!#$C$F2K$,!D!D!#�(B
�$B!!�(BISS Security Alert Summary AS02-24 �$B$G$9!#�(B
�$B!!3N$+$KJXMx$=$&$G$9!#�(B
�$B!!�(BWindows 2000 �$B>e$N�(B Apache Tomcat 4.0.3 �$B$K�(B 2 �$B$D$NLdBj!#�(B
�$BJ*M}%Q%9L>$,O*8+$7$F$7$^$&B>!"�(BDoS �$B967b$re$N�(B 4.1.3 beta �$B$G$O=$@5$5$l$F$$$k$H$$$&!#�(B
�$B!!$$$h$$$h2TF/$+$=$l$H$b1d4|$+!#$I$&$9$k$I$&$J$k=;4p%M%C%H!#�(B
�$B!!�(B2002.06.19
�$B$N�(B
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
�$B$KDI5-$7$?!#�(B
Vine Linux 2.1�$B!"�(BMiracle Linux �$BMQ�(B fix package�$B!"�(Bapache-ssl �$B$N�(B 1.3.26 �$BBP1~HGEP>l!#�(B
�$B!!�(B2002.06.19
�$B$N�(B
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability
�$B$KDI5-$7$?!#�(Bexploit �$B$5$C$=$/EP>l!#�(BApache 1.x �$B$KBP$7$F!"�(B32bit UNIX �$B$G$b!"30It$+$iG$0U$N%3!<%I$rZ$5$l$?!#$($i$$$3$C$A$c!#�(B
fix patch/package �$B$bB3!9$HEP>lCf!#�(B
�$B!!�(BZope
2.4.0�$B!A�(B2.5.1 �$B$K%f!<%6$,�(B catalog index �$B$NG$0U$N%a%=%C%I$r�(B call �$B$G$-$F$7$^$&!#�(B
�$B!!�(BHotfix 2002-06-14 �$B$G=$@5$5$l$k$N$GE,MQ$9$l$P$h$$!#�(B
�$B!!�(BApache 1.2.2 �$B0J9_$N�(B 1.2.x�$B!"�(B1.3.24 �$B0JA0$N�(B 1.3.x�$B!"�(B2.0.36 �$B0JA0$N�(B 2.0.x �$B$K
1.2.x, 1.3.x �$B$N>l9g$O%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k!#$3$N7k2L!"�(B32bit UNIX
�$B$G$O�(B segmentation violation �$B$K$h$j;R%W%m%;%9$,=*N;$5$;$i$l$k$H9M$($i$l$k$,!"�(BWindows �$BHG$d�(B
64bit UNIX �$BHG$G$O!"30It$+$iG$0U$N%3!<%I$r
2.0.x �$B$G$O;R%W%m%;%9$,=*N;$7$F$7$^$&!#�(B
�$B!!�(Bapache 1.3.26�$B!"�(B2.0.39 �$B$G=$@5$5$l$F$$$k$N$GF~$l$+$($k!#�(B1.2.x �$BMQ$N�(B fix �$B$O$J$$$N$G!"�(B1.3.26 �$B$+�(B 2.0.39 �$B$X0\9T$9$k!#�(B
�$B!!$"$o$;$F�(B mod_ssl �$B$d�(B PHP �$B$b99?7$9$kI,MW$,$"$k�(B (�$B$+$b$7$l$J$$�(B) �$B$N$GCm0U$9$k�(B [memo:4211]�$B!#�(B1.3.26 �$BMQ$N�(B mod_ssl �$B$O!D!D�(Bmod_ssl 2.8.9-1.3.26 �$B$,EP>l$7$?$=$&$G$9�(B [memo:4225]�$B!#$J$s$+:.$s$G$k$C$]$$$N$G!";CDjE*$K�(B
http://www.st.ryukoku.ac.jp/~kjm/mod_ssl-2.8.9-1.3.26.tar.gz
�$B$K$bCV$$$F$*$-$^$9!#�(B
�$B!!4XO"�(B:
2002.06.20 �$BDI5-�(B:
�$B!!�(BOpenBSD/i386 �$BMQ$N�(B exploit �$BEP>l�(B: Remote Apache 1.3.x Exploit�$B!#�(B
�$B%3!<%I$N%3%a%s%H$K$O!"�(BSolaris 6-8 (sparc/x86)�$B!"�(BFreeBSD 4.3-4.5 (x86)�$B!"�(BLinux (GNU) 2.4 (x86) �$B$G$b�(B exploit �$B$K@.8y$7$?!"$H$$$&!#!V�(B32 bit UNIX �$B$G$O�(B exploit �$B$G$-$J$$!W$H$$$&$N$OBg4V0c$$$@$C$?LOMM�(B (�$B%/%i!<%/$NBh0lK!B'�(B�$B$+�(B?!)�$B!#�(BCERT Advisory CA-2002-17 Apache Web Server Chunk Handling
Vulnerability
�$B$b2~D{$5$l!"�(B
For Apache versions 1.3 through 1.3.24 inclusive, this vulnerability
may allow the execution of arbitrary code by remote attackers. Several
sources have reported that this vulnerability can be used by intruders
to execute arbitrary code on Windows platforms. Additionally, the
Apache Software Foundation has reported that a similar attack may
allow the execution of arbitrary code on 64-bit UNIX systems.
�$B$,�(B
For Apache versions 1.2.2 through 1.3.24 inclusive, this vulnerability may
allow the execution of arbitrary code by remote attackers. Exploits are
publicly available that claim to allow the execution of arbitrary code.
�$B$K$J$C$F$$$k!#$($i$$$3$C$A$c!#�(B
�$B!!�(Bfix patch/package �$B$bB3!9$HEP>lCf�(B:
�$B!!7Y9p�(B:
2002.06.21 �$BDI5-�(B:
�$B!!$h$7$`$i$5$s!"�(BFujii �$B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#�(B
2002.06.24 �$BDI5-�(B:
�$B!!�(Bpatch/package �$B>pJs�(B:
�$B!!�(Bfix package/patch �$B$N$&$A!"�(BRedHat�$B!"�(BDebian�$B!"�(BVine 2.1.x�$B!"�(BOpenBSD �$B$O�(B 1.3.26 �$B$G$O$J$$$G$9!#�(B
�$B0lJ}!"�(BVine 2.5�$B!"�(BTurbo�$B!"�(BMiracle�$B!"�(BKondara�$B!"�(BFreeBSD ports �$B$O�(B 1.3.26 �$B$K$J$C$F$$$^$9!#�(B
�$B!!�(BExploit:
apache-nosejob.c (packetstorm)
OpenBSD �$B$NB>!"�(BFreeBSD �$B$d�(B NetBSD �$B$,?)$($k�(B exloit�$B!#�(B
hsj �$B$5$s$A�(B
�$B$K$b�(B FreeBSD �$BMQ$N�(B exloit �$B$,=P$F$$$^$9!#�(B
�$B!!2r@b�(B:
�$B!!
�$B!!�(BApache �$BJ]8n%D!<%k�(B:
�$B!!$=$NB>�(B:
2002.06.25 �$BDI5-�(B:
�$B!!�(Bpatch/package �$B>pJs�(B:
�$B!!$=$NB>�(B:
2002.06.27 �$BDI5-�(B:
�$B!!�(BOracle�$B!"�(BIBM �$B$N�(B patch �$B=P$^$7$?�(B:
2002.07.01 �$BDI5-�(B:
2002.07.10 �$BDI5-�(B:
�$B!V@H (ZDNet)
�$B=P8=$rCY$i$;$k$3$H$O2DG=$@$C$?$+$b$7$l$J$$$,!"KI$0$3$H$OL5M}$G$7$g$&!#�(B
�$B!V�(B�$BF1.EgCm�(B: Gobbles Security) �$B$O�(BBugTraq�$B$X$NEj9F$G!"�(B4�$B�$B!W$H8@$C$?$H$3$m$G!"$?$H$($P�(B hsj �$B$5$s�(B�$B$O�(B 2002.06.23 �$BIU$1$GFH<+$K3+H/$5$l$?�(B exploit �$B$r8x3+$5$l$F$$$k$o$1$G!"F,$N$$$$?M$K$H$C$F$O!VLs�(B2�$B%+7n!W$J$s$F%l%Y%k$G$O$J$$$H9M$($i$l$^$9$7!#�(B
�$B%o!<%`$NH/@8$O;_$a$i$l$J$$�(B (slashdot.jp)
�$B$b;2>H!#�(B
2002.07.11 �$BDI5-�(B:
�$B!!�(BNEC �$B$N�(B .Gate �$B%5!<%S%9�(B
�$B$N�(B fix �$BOC$r:\$;$o$9$l$F$$$?$h$&$J$N$GDI5-!#�(B
�$B!!�(BTechStyle Newsletter:2002-06-18 �$B$G$b!V�(BSamba 2.2.4�$B$K%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$5$l$k%P%0!W$H$7$FJs$8$i$l$F$$$?LdBj$G$9$,!"�(B[memo:4210] �$B$rFI$`8B$j!"FCr7o$G$7$+H/@8$7$J$$$h$&$G$9!#�(B
[sugj-tech:4724] Security Advisory for Samba 2.2.4<
�$B0J2<$N%9%l%C%I$b;2>H!#�(B
�$B!!%"%W%j%1!<%7%g%sKh$K!"�(Bsystem call �$B$N%"%/%;%9%]%j%7!<$r@_Dj$G$-$k5!9=!"$+$J!#�(B
OpenBSD �$B$H�(B NetBSD �$B$GF0:n$7!"�(BNetBSD-current �$B$K$OAH$_$3$^$l$F$$$k$=$&$G$9!#�(B
GNU/Linux �$B$X$N0\?":n6H$,3+;O$5$l$F$$$k$=$&$G$9!#�(B
�$BL@F|$O�(B �$BBh�(B 1 �$B2s�(B STPP �$B%;%-%e%j%F%#BP:v%;%_%J!<�(B
�$B$G$"$d$7$/C}$i$J$/$F$O$J$i$J$$$N$G!"$3$N%Z!<%8$N99?7$O$"$j$^$;$s!#�(B
�$B$7$+$7$^$"!"$I$&$7$F$3$&!"9g$o$;$?$h$&$K�(B Nimda �$BKd$a$3$s$@$j$9$k$+$J$"!#�(B
�$B#I#T%;%-%e%j%F%#I>2A5Z$SG'>Z%;%_%J!<3+:E$K$D$$$F�(B (IPA ISEC)�$B!#�(B
7�$B7n�(B12�$BF|!J6b!K�(B �$BJ85~%0%j!<%s%3!<%H�(B �$B%$!<%9%H%&%$%s%0�(B 3F�$B2q5D<<�(B ( �$BEl5~ETJ85~6h�(B)�$B!"L5NA!#�(B100 �$BL>!#�(B
FreeBSD 4.6-RELEASE�$B!"=P$?$h$&$G$9!#�(B
�$B!V=;4p%M%C%H$OM=DjDL$j2TF/!W!!Kc@8<+L1@/D42qD9$,8@L@�(B (�$BKhF|�(B)�$B!#�(B
�$B!V�(B�$B%3%s%T%e!<%?!<$,J,$+$i$J$$%H%C%W$,$$$?$iB?$/$N9qL1$,LBOG$9$k�(B
�$B!W!#�(B
�$B$o$+$i$J$5$NGz?4CO!V<+L1E^!W$K8@$o$l$?$/$J$$$h$M!#�(B
�$B0lJ}$G!"�(B�$B=;4p%M%C%HE`7k$GLnE^�(B4�$BE^$,9g0U!!2~@5K!0FDs=P$X�(B (�$BKhF|�(B)�$B!"�(B
�$BEl5~!&9qN);T$b=;4p%M%C%H1d4|$r5a$a$k0U8+=q�(B (�$BKhF|�(B)�$B!"�(B
�$BEl5~!&>.6b0f;TD9$b=;4p%M%C%H2TF/1d4|$rMWK>$X�(B (�$BKhF|�(B)
�$B$H$$$C$?F0$-$,$"$k$h$&$G!#�(B
�$B%W%m%0%i%^$N$?$a$N%;%-%e%j%F%#BP:v%F%/%K%C%/�(B�$B!"$^$@�(B 1 �$B>O$7$+FI$a$F$^$;$s$,!"$J$+$J$+6=L#?<$$$G$9!#�(Bbulletin 1 �$B$D$G�(B $100,000- �$B$G$9$+!#�(B
IE�$B$N$^$@3+$$$?$^$^$N7j$O�(B14�$B8D�(B (slashdot.jp)
�$B$G>R2p$5$l$F$$$k�(B
Unpatched IE security holes
�$B$r%"%s%F%J$K2C$($F$*$-$^$7$?!#�(B
MS�$B!"?7$?$J@H (ZDNet)�$B!#�(B
Microsoft �$B$O�(B bulletin �$B$,�(B 30 �$B7o$@$,!"�(BRedHat �$B$J$i!D!D!#$?$H$($P�(B
Red Hat Linux 7.2 �$B%(%i!<%?�(B
�$B$G�(B S �$B%^!<%/$,$D$$$F$$$k%b%N$r?t$($F$_$h$&!#�(B
�$B!!�(B2002.05.24
�$B$N�(B
[memo:3953] Windows�$BHG�(BPostPet�$B$K!"E:IU%U%!%$%k$,6/@)5/F0$5$l$k%;%-%e%j%F%#%[!<%k�(B
�$B$KDI5-$7$?!#�(BPostPet�$B$N%;%-%e%j%F%#$K4X$9$k=EMW$J$*CN$i$;�(B
�$B$,99?7$5$l$F$$$k!#?7$?$K�(B PostPet DX 1.2 �$B0JA0$d!V$*;n$7HG!W$K4X$7$F$bBP1~J}K!$,5-:\$5$l$F$$$k!#�(B
�$B!!�(B2002.06.06
�$B$N�(B
Buffer overflow in MSIE gopher code
�$B$KDI5-$7$?!#�(BProxy Server 2.0�$B!"�(BISA Server 2000 �$BMQ�(B patch �$BEP>l!#$7$+$7!"�(BIE �$BMQ$O$^$@!#�(B
�$B$NOC!#�(B
- TurboLinux
-
- VineLinux
-
- Miracle Linux
-
�$B!!>pJs=hM}3X2qO@J8;o�(B Vol.43 No.6 �$B$K=P$F$$$k$N$O!V%7%9%F%`!&%3!<%k$KBP$9$k%i%C%Q�(B/�$B%j%U%!%l%s%9!&%b%K%?�(B SysGuard �$B$N@_7W$He$N�(B link �$B$OCx
�$B!!�(B2002.06.03
�$B$N�(B
SRT Security Advisory (SRT2002-04-31-1159): Mnews
�$B$KDI5-$7$?!#�(Bports/security/libparanoia �$B$r%j%s%/$7$F$*Cc$rBy$7$F$_$k%F%9%H!#�(B
�$B!!$$$m$$$m$H%4%?%/$rJB$Y$F$$$k$h$&$@$,!"%7%c%l$K$J$i$s$@$m$&!#:G?7$N�(B virus �$B$KKA$5$l$F$$$?$J$i$H$b$+$/!"�(BNimda �$B$H$O!#!V4Z9q$NB&$KH4$17j$,$"$C$?$?$a!W�(B? �$B%@%V%k%A%'%C%/$H$$$&35G0$O$J$$$N$+�(B?!
�$B!V�(BMicrosoft�$B$ODL>o�(B (�$BCfN,�(B) �$B%^%9%?!<%W%m%0%i%`$KE}9g$9$k$9$Y$F$N%U%!%$%k$r%9%-%c%s$7$F$$$k$H$$$&!#$@$,:#2s$N>l9g!"%9%-%c%s$5$l$?$N$O:G=i$+$iE}9g$9$kM=Dj$@$C$?%U%!%$%k$N$_!#!W�(B
�$B86B'$r6J$2$k$H$3$&$J$k$H$$$&8+K\!"$+!#9b!9?t;~4V$N%A%'%C%/$rBU$C$?$?$a$K@8$8$?B;32$O$$$/$i$@$m$&!#�(B
�$B!!�(BMicrosoft official: PRB: Inert Virus Found in Korean Language Version of Visual Studio .NET
(Q323302)
�$B!!F|K\$N�(B MSDN �$B;vL36I$+$i$b!"�(BMSDN subscriber �$B$KBP$7$F%a!<%k$GO"Mm$,9T$C$F$$$kLOMM!#4X$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#�(B
�$B!!�(BSensitive IM
Security - MSN Message Sniffing
�$B$G!V@bL@!W$5$l$F$$$k�(B msn666 �$B%9%K%C%U%!$O%P%C%/%I%"$@!"$H$$$&;XE&!#�(B
�$B!!�(BOracle Developer R6i Patch9 �$B0JA0!"�(BOracle9iAS Enterprise Edition �$B$N�(B
Reports Services �$B$,�(B Developer R6i Patch9 �$B0JA0$N>l9g$KR6i Patch10 �$B$G=$@5�(B�$B$5$l$?$H$$$&!#�(B
�$B!!4XO"�(B: Oracle Reports Server Buffer Overflow (#NISR12062002B) (NGSSoftware)�$B!#�(B
�$B!!!X%;%-%e%j%F%#!<$H$$$&H/A[$r>o$K;}$F!Y!#$*$C$7$c$kDL$j$J$N$G$9$,!"4JC1$K$G$-$l$P6lO+$O$J$$$o$1$G!D!D!#MW$O%]%j%7!<$@$+$i!"$d$C$Q$jAH?%%H%C%W$N0U<1$,LdBj$K$J$k$h$&$J5$$,!#�(BMicrosoft �$B$,6lO+$7$F$$$k$h$&$K!"%]%j%7!<$rDj$a$?$H$7$F$b!"$=$NJ}8~$KBI$,8~$/$^$G$O;~4V$,$+$+$j$^$9$7!#�(B
�$B!!8D?M>pJsJ]8nK!0FJ}LL!"8=pJs$NN.=P$,8e$rCG$?$J$$8=>u$G!"!V:#2sBP>]$H$7$J$1$l$P$J$i$J$$$N$O!"2?==K|7o$b$N8D?M>pJs$rJ]M-$9$kLr=j$dBg4k6H$G$"$k$Y$-$@!W$H$$$&$N$O@bF@NO$"$k$N$+$J!#�(B
�$B$A$J$_$K�(B memo ML �$B$N�(B subscriber �$B$b�(B 5000 �$B?M1[$($A$c$C$F$k$s$G!"!D!D!#�(B
2002.06.25 �$BDI5-�(B:
�$B!!9V1i;qNA$,�(B�$B9bLZ$5$s$N�(B web �$B%Z!<%8�(B�$B$G8x3+$5$l$F$$$^$9!#$^$?!"�(B[memo:4175]
�$B$K�(B INTERNET Watch �$B5-;v$X$N%U%)%m!<$,$"$j$^$9!#�(B
�$B!!�(BActive! mail
1.422, 2.0 �$B$K
�$B!!�(BActive! mail 2.0.1.1 �$B$G=$@5$5$l$F$$$k$=$&$@!#�(B
�$B!!$^$??7$7$$�(B API �$B$D$/$C$?$C$F$3$H�(B?
Microsoft �$BE*$K$O!V$H$/$$$o$6!W$J$s$@$m$1$I!"�(B3rd party
�$B$O$=$l$G$O$d$C$H$l$s$@$m$&!#:G=i$+$i%^%H%b$J�(B API �$B$rMQ0U$7%J%$%H!#�(B
�$B!!�(Bloader �$B$H�(B data �$B$KJ,N%$5$l$F$$$k!"$C$F%3%H$G$7$g$&$+!#�(B
�$B!!�(BSQL Server 2000 �$B$K4^$^$l$k!"$"$k$$$OJLES
SQLXML ISAPI �$B%U%#%k%?�(B (ISAPI �$B%(%/%9%F%s%7%g%s�(B) �$B$K�(B buffer overflow �$B$9$kLdBj$,$"$k!#�(B
�$B$3$l$r0-MQ$9$k$H!"967be$G�(B local SYSTEM �$B8"8B$GG$0U$N%3!<%I$r
XML �$B%?%0$rMxMQ$7$F�(B query �$B$K%9%/%j%W%H$rA^F~$9$k$3$H$,2DG=$H$J$j!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0@H!<%s8"8B�(B (�$B%$%s%H%i%M%C%H%>!<%s$G$"$m$&$3$H$,A[Dj$5$l$F$$$k$,!">u67$K0MB8$9$k�(B) �$B$G%9%/%j%W%H$r
�$B!!>\:Y�(B: wp-02-0007: Microsoft
SQLXML ISAPI Overflow and Cross Site Scripting (westpoint)
�$B!!�(Bpatch �$B$,$"$k$N$GE,MQ$9$l$P$h$$!#$?$@$7!"MxMQ$7$F$$$k�(B SQLXML �$B$KBP1~$7$?�(B
patch �$B$rE,MQ$9$k$3$H!#�(B
�$B!!�(BWindows NT 4.0, 2000, XP �$B$K
�$B!!�(Bpatch �$B$,$"$k$N$GE,MQ$9$l$P$h$$!#�(B
2002.06.14 �$BDI5-�(B:
�$B!!>\:Y�(B: Microsoft RASAPI32.DLL (NGSSoftware)�$B!#�(B
2002.06.27 �$BDI5-�(B:
�$B!!�(BMS02-029 patch �$B$rE,MQ$9$k$H!"�(BVPN �$BMxMQ;~$K�(B administrator �$B8"8B$,I,MW$K$J$k>l9g$,$"$k$H$$$&I{:nMQ$,$"$k$=$&$@�(B: VPN Connections May Require Administrator Permissions After You Apply MS02-029 (Q318138)
(Q324908)�$B!#�(BMS02-029 �$B$K$b$3$N7o$K4X$9$kCm5-$,DI2C$5$l$F$$$k!#�(B
2002.07.10 �$BDI5-�(B:
�$B!!�(B2002.07.04 �$BIU$1$G!"�(BVPN �$BMxMQ;~$G$bLdBj$,H/@8$7$J$$=$@5%W%m%0%i%`$,EP>l$7$F$$$k!#�(B
�$B!!�(BIIS 4.0, 5.0 �$B$KMS02-018
�$B$G=$@5$5$l$?!V�(BActive Server Page �$B$K$h$k%A%c%s%/$5$l$?%(%s%3!<%I%j%/%(%9%H$G$N�(B heap overflow�$B!WLdBj$NN`;wIJ$,�(B .HTR �$B$r=hM}$9$k�(B ISAPI �$B%(%/%9%F%s%7%g%s$K$bB8:_$7$?!#$3$l$r0-MQ$9$k$H!"967b
[*] advisory �$B$K$OL@5-$5$l$F$$$J$$$N$@$,!"�(BIIS 4.0 �$B$G$b�(B local SYSTEM �$B$G$J$$�(B�$B8"8B$G
�$B!!2sHrJ}K!$H$7$F$O!"�(B.HTR �$B$rL58z$K$9$k!#$"$k$$$O�(B URLScan �$B$K$h$C$F%A%c%s%/$5$l$?%(%s%3!<%I%j%/%(%9%H$rGS=|$9$k!#BP1~$9$k$K$O�(B patch �$B$rE,MQ$9$k!#�(B
�$B!!:#2s$N�(B patch �$B$O!VN_@QE*�(B patch�$B!W�(B�$B$G$O$J$$�(B�$B$N$G!":G?7$NN_@QE*�(B patch (MS02-018) �$B$rE,MQ$7$?>e$G�(B MS02-028 patch �$B$rE,MQ$9$k$3$H!#�(B
�$B!!>\:Y�(B: ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] (eEye)�$B!#�(BeEye �$B$N�(B SecureIIS �$B$K$h$C$F$b$3$NLdBj$r2sHr$G$-$k!#�(B
�$B!!�(B2002.06.06
�$B$N�(B
Buffer overflow in MSIE gopher code
�$B$KDI5-$7$?!#�(B
MS02-027 �$BEP>l!#�(BIE 5.01 / 5.5 / 6 �$B$NB>$K!"�(BProxy Server 2.0�$B!"�(BISA Server 2000 �$B$K$b
�$B!!�(BUNIX �$BHG�(B Mozilla 1.0 �$B0JA0$K$*$$$F!"%9%?%$%k%7!<%H$K�(B body { font-size: 1666666px; } �$B$H$+=q$$$F$*$/$H%"%l%2$J>u67$K$J$k!"$H$$$&OC!#�(B
�$BMW$O%V%i%&%6%/%i%C%7%c!<$M$?$J$N$@$1$I!"�(BX �$B$rF;O"$l$K$7$F$/$l$k!"$H!#�(B
�$BJT=8Cf$N%U%!%$%k$rJ]B8$7$F$+$i%F%9%H$7$^$7$g$&!#�(B
�$B!!�(Bbugzilla 2.14.1 �$B0JA0!"�(B2.15�$B!"�(B2.16rc1 �$B$K$5$^$6$^$J
�$B!!�(BReferer: �$B$d�(B User-Agent: �$B$J$I$,1x@w$5$l$F$$$k$3$H$b$"$k$+$i!"$A$c$s$H=|@w$7$^$7$g$&!"$H$$$&OC!"$+$J!#�(B
�$B!!�(BFreeBSD �$B$N%Q%9%o!<%IG'>Z$G$O!"�(B/etc/passwd �$B$d�(B /etc/master.passwd �$B$,D>@\MxMQ$5$l$k$o$1$G$O$J$/!"�(B/etc/passwd �$B$d�(B /etc/master.passwd �$B$+$i@8@.$5$l$?%G!<%?%Y!<%9�(B (/etc/pwd.db, /etc/spwd.db)
�$B$,MxMQ$5$l$k!#�(B
�$B$3$N$?$a!"?75,$K%f!<%6$r:n@.$7%G!<%?%Y!<%9$r99?7$7$?8e$K�(B /etc/passwd �$B$d�(B /etc/master.passwd �$B$+$i3:Ev%f!<%6$r:o=|$7$F$*$/$H!"0l8+B8:_$7$J$$$,MxMQ2DG=$J%f!<%6$r:n@.$9$k$3$H$,$G$-$k!#�(B
�$B$3$N$h$&$J%f!<%6$rH/8+$9$k$K$O$I$&$9$l$P$$$$$@$m$&$+!"$H$$$&OC!#�(B
�$B!!$3$l$KBP$7$F!"�(B
�$B$,<($5$l$F$$$k�(B (�$B$d$C$F$k;v$O$I$A$i$bF1$8�(B)�$B!#�(B
�$B!!%9%l%C%I<+BN$O$5$i$K�(B toor �$B$d�(B WHEEL_SU �$B$NOC$KH/E8$7$F$$$k!#�(B
�$B!!�(BMacromedia Flash �$B$,%5%]!<%H$9$k�(B ActionScript �$B$N�(B getURL() �$B$rMxMQ$7$F�(B
getURL(�$B!H�(Bjavascript:alert(document.cookie)�$B!I�(B); �$B$J$I$H@_Dj$7$F$*$-$D$D!"�(B
form �$B$J$I$NF~NO$H$7$F$3$l$r�(B embed �$B$7$F$"$2$k$H�(B
cookie �$B$,http://eyeonsecurity.net/advisories/flash-demo/
�$B$K$"$k$=$&$@!#�(B
�$B!!$^$@�(B Flash �$B$X$N�(B patch �$B$O40@.$7$F$$$J$$LOMM!#�(B
�$B!!�(BActionScript �$B$J$s$F8@$o$l$k$H!"$I$&$b%"%/%7%g%s2>LL$rA[5/$7$F$7$^$C$F$$$1$J$$�(B (^^;;)�$B!#�(B
�$B!!�(BWindows NT4.0/2000 �$BHG$N�(B Oracle9i Database Release 9.0.1.x �$B$KCHq$5$l!W!"�(BDoS �$B>uBV$K$J$C$F$7$^$&!#�(B
UNIX �$BHG$J$I$NHs�(B Windows �$BHG$K$O$3$N
�$B!!�(B9.0.1.3.1 Patch3 �$B$GBP1~�(B�$B$7$F$$$k!#�(B
- TurboLinux
-
- Miracle Linux
-
- Kondara MNU/Linux
-
- RedHat
-
- SGI IRIX
-
�$B!!Tea Room for Conference
No.881�$B!"$G$9$+$M$(!#�(B
�$B!!$$$h$$$h�(B Windows �$B$H$D$J$2$kOC!#�(BWindows 2000 �$B0J9_$N�(B IPSec �$B5!G=$H�(B
PGPnet
(PGP 6.5.1 �$B0J9_$K4^$^$l$F$$$k�(B) �$B$r
�$B!!�(BPGP 6.5.8ckt �$BF|K\8lHG$O�(B
http://www.hizlab.net/pgp/
�$B$+$iF~Mac�$B>e$G$N�(BIPSec�$B$K$h$k%;%-%e%"$JDL?.$N�$B!W$K>pJs$,$"$k!#�(B
�$B!!�(B2002.06.07
�$B$N�(B
ASP.NET �$B%o!<%+!<%W%m%;%9$KL$%A%'%C%/$N%P%C%U%!$,4^$^$l$k�(B (Q322289) (MS02-026)
�$B$KDI5-$7$?!#�(Badvisory �$B$,2~D{$5$l!"�(BVisual Studio .NET �$B$r=*N;$7$F$+$i�(B patch �$B$rE,MQ$;$h!"$H$5$l$F$$$k!#�(B
�$B!!�(BSecurityFocus.com Newsletter
�$BBh�(B 147 �$B9fF|K\8lHG�(B
(�$B%F%-%9%H�(B)�$B!#�(B
�$B!!�(BISS Security Alert Summary AS02-23 �$B$G$9!#�(B
�$B!!�(BMS02-020 �$B$r4^$`�(B patch �$BA4ItF~$j$N�(B
Microsoft SQL Server 2000�$B!"�(BMSDE 2000 �$B$K
[aml 28279] CPSR�$B$N2q0w$K$J$j$^$;$s$+�(B�$B!#�(B
�$B%U!<%j%,%s4F;k%+%a%i$N@_CV7QB3$rMWK>!!BgJ,>&5D=j�(B (�$BKhF|�(B)�$B!#�(B
�$BJ8;zDL$j$N!VL\E*30MxMQ!W$J5$$,!#$H$$$&$+!":G=i$+$i$=$&$9$k$D$b$j$@$C$?$s$8$c$J$$$N�(B?
�$BKI1RD#%j%9%H!!H/3PD>8e$K=$@5%j%9%H:n@.$7:F7G<(�(B (�$BKhF|�(B)�$B!#�(B
�$BEXNO$7$?$1$I!"$J$+$C$?$3$H$K$7$-$l$J$+$C$?LOMM!#�(B
�$B<+L1E^E*$K$O!V$7$-$l$J$+$C$?E[$,0-$$!W$C$F%3%H$K$J$k$s$@$m$&$+!#�(B
�$BG$E7F2$N�(BFF�$BHcH=$KH?O@!!OBED!&%9%/%&%'%" (�$BKhF|�(B)�$B!#�(B
�$B!V�(B�$B:#!"�(BFF11�$B$rM7$s$G$$$k?M$K$OK~B-$7$F$b$i$C$F$$$k�(B
�$B!W$s$@$=$&$G!#�(B
�$B%H%i%V%k%U%j!<$K$J$C$?$s$G$9$+$M!#�(B
�$BJa$^$($K$/$$!V�(BSimile.D�$B!W%&%$%k%9�(B
(ZDNet)�$B!#F|?J7nJb$G$9$M$(!#�(B
�$B;` (WIRED NEWS)�$B!#�(B
�$B$*;E;vE*$K$O%-!<%j%+%P%j!<5!G=$O$[$7$+$C$?$j$7$^$9$h$M!#�(B
�$B%$%s%F%k�(B �$B%H%i%9%F%C%I!&%3%s%T%e!<%F%#%s%0�(B (�$B%$%s%F%k�(B) �$B$C$F$N$,$"$k$s$@$=$&$G!#�(B
�$B=;4p%M%C%HMxMQ$NHO0O3HBg!!%*%s%i%$%s2=�(B3�$BK!0F!"3U5D7hDj$X�(B
(�$BKhF|�(B)�$B!#$^$@$O$8$^$C$F$b$$$J$$$N$K;HES3HBgM=Dj$@$=$&$G!#�(B
�$B!Z2r@b![!V9qL1AmGXHV9f@)!W$X$N$J$7Jx$7E*$J3HBg$K5?G0$b�(B (�$BKhF|�(B)�$B!#�(B
�$B$U$D$&7|G0$7$^$9!#�(B
�$BEl5~!&?yJB6h!!=;4p%M%C%H$GAmL3Aj$K�$B!"�(B
�$B<+<#O+!!=;4p%M%C%H$N2TF/1d4|5a$a$k�(B
(�$BKhF|�(B)�$B!#�(B
�$B!V%*!<%W%s%=!<%9!&%=%U%H$O4m81!W$H$$$&Js9p=q!"N"$G�(BMS�$B$,4X78!)�(B (WIRED NEWS)�$B!#�(B
�$B!VK\Z$7$F$/$l$?H&$J$s$@$,!#�(B
host3.c-hosp-jsdf.go.jp [210.232.74.251]
�$B$C$F$H$3$+$i�(B Klez �$B$,Mh$k$s$G$9$1$I!"<+1RBbCf1{IB1!$5$s!#�(B
�$BIB1!$,%&%#%k%9$P$i$^$$$A$c$$$+$s$N$G$O!#�(B
[aml 28315] �$B;yF8O+F/$K;Y$($i$l$k%o!<%k%I%+%C%W�(B (Oneworld.net)�$B!#�(B
�$B$=$&$$$&8=
JP435000: �$B%I%a%$%s%3%s%H%m!<%i$N%;%-%e%"%A%c%M%k=$I|J}K!�(B
�$B$@$=$&$G$9!#�(B
JP240797: Internet Explorer �$B$G�(B ActiveX �$B%3%s%H%m!<%k$NF0:n$rDd;_$9$kJ}K!�(B
�$B$@$=$&$G$9!#�(B
�$BO"K.@/I\!"%;%-%e%j%F%#BP:v$K$h$&$d$/K\9x�(B (ZDNet)�$B!#�(B
�$B9x$r>e$2$?$@$10N$$$N$G$O!#�(B
e-gov �$BJ}LL$O$I$&$J$C$F$k$s$G$7$g$&$M!#�(B
Linux Column�$B!'!V�(BLinux�$B%G%#%9%H%j%S%e!<%7%g%s$K5a$a$i$l$k$b$N$H$O!)!W�(B (ZDNet)�$B!#�(B
�$B3N$+$K!"$=$&$$$&LL$G$N!V$+$C$A$j!W46$K$O$^$@$^$@1s$$$G$9$h$M!#�(B
�$BBhFs$N�(B2000�$BG/LdBj$+!=!=6bM;6H3&$r=1$&!V�(BT�$B!\�(B1�$B!WLdBj�(B
(�$BF|7P�(B IT Pro)�$B!#$3$3$G$bI,MW$J$N$O!V9=B$2~3W!W$G$9$+!#�(B
IP Filter
3.4.28 �$B$,=P$?$=$&$G$9!#�(B(info from [installer 7321])
- Kondara MNU/Linux
-
- TurboLinux
-
- VineLinux
2.1 �$BMQ�(B:
2.5 �$BMQ�(B:
- SCO
-
- SGI
-
- �$BIY;NDL�(B PortalWorks
-
- MIME::Tools
-
- squid
-
- slurp
-
- SHOUTcast
-
- BlackICE
-
�$B!!�(BCERT Advisory CA-2002-16 Multiple Vulnerabilities in Yahoo! Messenger
�$B$NOC!#�(B
�$B:G?7$NF|K\8lHG�(B Yahoo! Messenger �$B$K$O$3$NLdBj$O$J$$$=$&$@!#�(B
�$B!!�(BMicrosoft .NET Framework 1.0 �$B$K4^$^$l$k�(B ASP.NET �$B$Kl9g!"$3$l$r�(B remote �$B$+$i967b$9$k$3$H$G!"F0:nCf$N�(B web �$B%Y!<%9%"%W%j%1!<%7%g%sA4$F$r:F5/F0$5$;$k$3$H$,$G$-$k$H$$$&!#�(B
�$B$J$*�(B StateServer �$B%b!<%I$O%G%U%)%k%H$G$O$J$$!#$^$?�(B StateServer �$B%b!<%I$G$"$C$F$b�(B cookie �$B$rMxMQ$7$F$$$J$$>l9g$K$OLdBj$,$J$$!#�(B
�$B!!�(Bpatch �$B$,$"$k$N$GE,MQ$9$l$P$h$$!#�(B
�$B!!$7$+$7!"$5$C$=$/!"$G$9$+!#$$$d$O$d!#�(B
2002.06.11 �$BDI5-�(B:
�$B!!�(Badvisory �$B$,2~D{$5$l!"�(BVisual Studio .NET �$B$r=*N;$7$F$+$i�(B patch �$B$rE,MQ$;$h!"$H$5$l$F$$$k!#>\:Y$O�(B INFO: Installation Issues with Silent Install of Security Bulletin MS02-026 (Q324292)
�$B;2>H!"$@$=$&$@!#�(B
�$B!!�(Bmod_encoding-20011026a, mod_encoding-20011211a �$B$Kl9g!"$9$Y$F$N%U%!%$%k$O�(B Apache �$B]$H$J$k!#�(B
�$B!!�(Bmod_encoding-20011211a-hotfix �$B$G=$@5$5$l$F$$$k$N$GF~$l$+$($k!#�(B
�$B$^$?�(B mod_encoding-20011211a �$B$X$N�(B patch �$B$,<($5$l$F$$$k!#�(B
�$B!!F|K\8lHG$,�(B
penetration technique research site
�$B$K$"$k$N$G$=$A$i$b;2>H!#�(B
�$B!!�(BMSIE 5.5/6 �$B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0@H
�$B$NN>J}$,M-8z$N>l9g�(B (�$B%G%U%)%k%H$GN>J}M-8z�(B)�$B!"�(BIE �$B$N�(B URL �$B$H$7$F�(B
ftp://"><script>alert("Exploit")%3b</script>%20
�$B$rF~NO$9$k$H!"$3$N%9%/%j%W%H$,%^%$%3%s%T%e!<%?%>!<%s8"8B$Ge$G0-$N8B$j$r$D$/$9$3$H$,$G$-$k!#�(B
�$B!!2sHr:v$H$7$F$O!">e5-$N$I$A$i$+$,L58z$G$"$l$P$h$$!#Mh$N�(B Windows �$B%U%!%k%@$r;H$&!W$H$9$k�(B) �$B$r@_Dj$7$F$$$k$N$G2sHr$G$-$F$$$?!#�(B
�$B!!H/8+G/$bA0$K$3$NLdBj$rH/8+$7�(B MS �$B$KJs9p$7$?$K$b$+$+$o$i$:!":#$@$K�(B fix �$B$5$l$F$$$J$$$N$@$=$&$@!#$@$a$8$c$s�(B > MS�$B!#�(B
2002.08.04 �$BDI5-�(B:
�$B!!�(BWindows 2000 SP3 �$B$G=$@5$5$l$F$$$k$=$&$G$9�(B: Q316890: Embedded Java Scripting in FTP Sites May Run After Java Scripting Is Disabled�$B!#�(B
(info from bugtraq)
2002.08.05 �$BDI5-�(B:
�$B!!�(BMozilla, Opera �$B$G$bF1MM;vNc$,H/8+$5$l$?!#�(B
2002.08.28 �$BDI5-�(B:
�$B!!�(BOpera 6.05 �$B$G=$@5$5$l$F$$$k$=$&$G$9!#�(B
penetration technique research site 2002.08.28 01:18 �$B;2>H!#�(B
�$B$3$l$^$?O"Mm%J%7$@$=$&$G!#�(B
�$B!J�(B1�$B!K8D?M>pJs$NHO0O$J$I!$$"$$$^$$$JE@$,B?$/
(2) �$B$K$O$?$H$($P!"K\?MG'>ZpJs$NHO0O$d�(B (3) �$B$N3+<(HO0O$C$F$=$s$J$KITL@3N$@$m$&$+!#�(B
�$BITL@3N$G$"$k$h$&$J%7%9%F%`$r1?MQ$7$F$$$kJ}$bLdBj$@$H;W$&$s$@$,!#�(B
�$B!!$C$F!"B>?M;v%b!<%I$G$O:Q$^$5$l$J$$$s$@$1$I!D!D!#�(B
�$B!!�(BUNIX �$B>e$G!"$H$j$"$($:%$%s%9%H!<%k$7$FF0$+$9$H$3$m$^$G!#�(B
�$B!!!V�(B�$B�$B!W�(B
�$B$$$k5-;v$J$N$G$4Cm0U!#�(B
�$B!!!V�(B�$B%W%m%0%i%^$N$?$a$N%;%-%e%j%F%#BP:v%F%/%K%C%/�(B�$B!W�(B
�$BK.LuHG$bEP>l$7$?$=$&$G$9!#�(B
STPP �$B%;%-%e%j%F%#BP:v%;%_%J!<�(B
�$B2q>l$GGd$j=P$7$?$j$9$k$N$+$J$"!#�(B
�$B!!�(BCourier
0.38.1 �$B$K(^^;)):
if (year < 1970) return (0);
if (year > 9999) return (0);
�$B!!$^$?!"�(Bimap-uw �$B$K%G%6%$%s>e$NLdBj$,$"$j!"$3$l$rKI$4$&$H�(B
FAQ �$B$K$"$k�(B restrictBox �$B$r@_Dj$7$?$H$7$F$bKI$.$-$l$:!"�(B
imaptools.tgz
�$B$r;H$&$H�(B
imapget imap.host.name /etc/passwd > passwd
�$B$N$h$&$K$7$F%U%!%$%k$r�(B get �$B$7$F$7$^$($k!"$H$$$&!#�(B
�$B:G?7$N�(B imap-2001a �$B$G$b$3$N>u67$OH/@8$9$k$H$$$&!#�(B
2002.07.18 �$BDI5-�(B:
�$B!!�(Bimap-uw 2002.RC2 �$B$N�(B docs/RELNOTES �$B$K$O�(B
The restrictBox option in env_unix.c sets "restricted box" functionality,
which disables access to the root (leading "/"), access to other user's
directories (leading "~"), and access to superior directories via "..".
�$B$H$$$&5-=R$,$"$k$N$G!"$I$&$d$i=$@5$5$l$?LOMM!#�(B
2002.08.01 �$BDI5-�(B:
�$B!!=P$F$^$9!#�(BWindows �$B7O$H�(B Linux �$B$O$[$\F1?t$G$9$M!#�(B
�$B!!�(B2002.05 �$BJ,=P$F$^$9!#�(B
�$B!!�(BAMaViS �$B$+$i$N=PNO$r�(B
IPA �$B%&%#%k%9FO=PMM<0�(B
�$B$KJQ49$7$F<+F0$GAw$C$F$"$2$k$H4n$P$l$k$s$@$m$&$+!#�(B
�$B$H=q$$$F$$$k4V$K$b�(B
[FreeBSD-net-jp 3728]
�$B$K�(B Klez.H �$B$,!D!D!#�(B
�$B!!$$$D$G$-$?$N$+$h$/$o$+$i$J$$$1$I!"$=$&$$$&%5%$%H$,$G$-$F$^$9!#�(B
�$B%j%9%/%^%M%8%a%s%H:GA0@~�(B �$BBh�(B 1 �$B2s$NKAF,$NOC$O$D$^$j!"�(BDoS �$B>u67!"$J$o$1$G!#�(B
�$B!!99?7$$$/$D$+!#�(B
�$B!!$U$H;W$C$F;n$7$F$_$?$N$G$9$,!"�(Bhttps://www.jpcert.or.jp/ �$B$H$$$&$N$O$J$$$_$?$$$G$9$M!#�(B
�$B!!�(B�$BN9$NAk8}�(B
�$B$K$^$?$b$dLdBj!#$"$kDxEY$N8D?M>pJs�(B (�$B2q0wEEOCHV9f!&;aL>!&@8G/7nF|!&<+Bp=;=j�(B)
�$B$rGD0.$7$F$$$l$P!"2q0wHV9f$r[memo:3863]
�$B$HK\
�$B!!$3$NLdBj$O$9$G$K=$@5$5$l$F$$$k$=$&$@$,!"B>;3$N@P$H$7$F<+%5%$%H$N8+D>$7$r$7$F$/$l$k$H$3$m$,$I$l$@$1$"$k$3$H$d$i!#$C$F!"B>?M;v%b!<%I$G$$$$$N$+�(B? > �$B26!#�(B
�$B!!�(B9.2.1 �$B$h$jA0$N�(B bind 9 �$B$K
�$B!!�(Bbind 9.2.1 �$B$G=$@5$5$l$F$$$k$N$G�(B bind 9 �$BMxMQ
�$B!!4XO"�(B:
�$B!!$J$s$J$s$@$m$&$3$N5-;v$O!D!D!#�(B
�$B$7$+$7!"@h$[$I$NAmL3>J$N%;%-%e%j%F%#LdBj$r;XE&$7$?5-;v$rFI$s$G$_$k$H!"$=$b$=$b@/I\$O=EBg$J7g4Y$rJz$($F$$$kEE;R?=@A$N;v
�$B!!�$B$G$O$J$$�(B�$B$H8@$$$?$$$N$@$m$&$+!#�(B
�$B??56$NH=JL$K$D$$$F$$$&$J$i$P!"$+$D$FK\Ev$K$"$C$?Lk4V6b8K$N$J$j$9$^$7;v7o�(B(�$BCm�(B1)�$B$J$I%j%"%k$N@$3&$G$b;v7o$NNc$O$"$k!#F1MM$KLk4V6b8K$O4m$J$$$H$$$&5-;v$r=q$/$N$@$m$&$+!)�(B
�$B!!!VLk4V6b8K!W$N??Z$G$-$J$$>l9g!"$=$l$O4m$J$$$HH=CG$9$Y$-$@$H;W$&$s$@$1$I!"0c$&$s$@$m$&$+!#�(B
�$BH`$i$O!"$I$s$J5-;v$r=q$1$P$$$$$H8@$&$N$@$m$&$+!#�(B
�$B!!�(Bcookie �$B$r4JC1$KI=<(!&:o=|$9$kJ}K!!#$?$@$78B3&$b$"$k$N$GCm0U;v9`$r$h$/$*FI$_$N>e$GMxMQ$7$h$&!#�(B
�$BD9Bg$J$b$N$K$D$$$F$O!"%"%I%l%9%P!<$KD>@\BG$A9~$`$h$j$b!"E,Ev$J!V$*5$$KF~$j!W�(B(.url) �$B%U%!%$%k$r$D$/$C$F$*$$$F!"$=$N%U%!%$%k$r%F%-%9%H%(%G%#%?$GJT=8$9$kJ}$,3N
�$B!!�(BSecurityFocus.com Newsletter
�$BBh�(B 146 �$B9fF|K\8lHG�(B
(�$B%F%-%9%H�(B)�$B!#�(B
�$B!!�(BMSDE �$B$N�(B 'sa' �$B%"%+%&%s%H$K%Q%9%o!<%I$r@_Dj$9$kJ}K!!#�(B
�$B%d%i%l$kA0$K!"$D$1$F$*$-$^$7$g$&!#�(B
�$B!!�(BISS AS02-22 �$B$G$9!#�(B
�$B!!�(B1.0.6 �$B$+$i�(B 1.0.7 �$B$K�(B upgrade �$B$9$k$H!"<+J,<+?H$N�(B key �$B$,�(B
trust: -/- �$B$K$J$C$F$7$^$&$N$GCm0U$7$h$&!"$H$$$&OC!#�(B
�$B$=$&$$$($P
�$B!!!V�(BMSIE �$B$,�(B Content-Type: �$B$r@5$7$/I>2A$7$J$$!WOC$,%/%m%9%5%$%H%9%/%j%W%F%#%s%0@HMS01-058
�$B$d�(B fusianasan �$B%H%i%C%W�(B
�$B$b�(B Content-Type: �$B$r@5$7$/I>2A$7$J$$$+$i$3$=H/@8$7$?;vNc$J$o$1$G!":,K\860x$O$d$O$j�(B MSIE �$B$N%@%a%@%a$5$K$"$k$o$1$G!#�(B
�$B!!$3$N�(B MSIE �$B$HF1$8LdBj$,%G%U%)%k%H>uBV$N�(B Opera �$B$K$b$"$k$H%U%)%m!<$5$l$F$$$k�(B
[memo:4017]�$B!#$3$A$i$O!"@_Dj$9$l$P$^$H$b$JF0:n$K$J$k$h$&$@!#�(B
MSIE �$B$b$;$a$F!"!V@_Dj$9$l$P$^$H$b$JF0:n$K$J$k!W$h$&$K$O$G$-$J$$$N$@$m$&$+!#�(B
�$B%G%U%)%k%H$G$=$&$J$C$F$/$l$l$P$b$C$H$&$l$7$$$1$I!#�(B
MSIE �$B$K4E$($FJQ$J�(B Content-Type: �$B$rAw$C$F$/$k%5%$%H$,B?$9$.$k$s$G$9$h$M!#�(B
�$B!!�(Bmonkey.org �$B$,%/%i%C%/$5$l$?$?$a$K!"$=$3$GG[I[$5$l$F$$$?�(B dsniff-2.3, fragroute-1.2, fragrouter-1.6
�$B$,LZGOF~$jHG$K$J$C$F$$$?!"$H$$$&OC!#�(B
Dug Song �$B;a$N%U%)%m!<�(B�$B$b;2>H!#�(B
�$B!!�(Bsprintf() �$B$H$+�(B strcpy() �$B$H$+%P%7%P%7$G$9$7$M$(!#�(B
(�$BI=8=$r$9$3$7=$@5�(B: �$B1n4]$5$s46
2002.06.17 �$BDI5-�(B:
�$B!!�(Bofficial fix �$B$O$$$^$@EP>l$7$F$$$J$$$,!"ports/security/libparanoia �$B$r%j%s%/$7$F$*Cc$rBy$7$F$_$?!#�(B
�$B$H$j$"$($:�(B bugtraq �$B$KN.$l$?�(B exploit �$B$G;n$7$?$H$3$m!"�(B
mnews[51250]: Stack violation - exiting
�$B$H$$$C$F=*N;$9$k$h$&$K$O$J$k$3$H$r3NG'!#�(B
�$B!!�(BLinux �$B$G�(B PPTP �$B%5!<%P$rN)$A$"$2!"�(BWindows XP �$B$+$i@\B3$9$k!"$H$$$&5-;v!#�(B
�$B;d$K$D$$$F�(B
