$B%;%-%e%j%F%#%[!<%k(B memo - 2002.11

Last modified: Fri Feb 14 12:51:48 2003 +0900 (JST)

$B"#(B 2002.11.29

$B"#(B Symantec $B$b$N(B
(Symantec)

$B"#(B $B!Z(BSecurity Solution Expo 2002$BB.Js![(B10$BG/@h$r8+?x$($??.Mj$G$-$k%3%s%T%e!<%F%#%s%0L\;X$9(B--MS$B!&9bBt;a(B
($BF|7P(B IT Pro, 2002.11.28)

Microsoft$B$OA4BN$G!H(BTrustworthy Computing$B!I!J?.Mj$G$-$k%3%s%T%e!<%F%#%s%0!K$K

$B!!(Bport 135, 137$B!A(B139, 445 $B$,%G%U%)%k%H$G:I$,$l$k$N$O(B 10 $BG/8e!"$H$$$&0UL#$@$m$&$+!#(B

$BC;4|E*$K$O!"@=IJ$N%G%6%$%s!"%W%m%0%i%_%s%0!"@=IJ$N=P2Y;~$N>uBV!=!=$J$I$r8+D>$9$N$@$H$$$&!#6qBNE*$K$O!"%W%m%0%i%`$,;}$DuBV$GITMW$J%5!<%S%9$,N)$A>e$,$C$F$$$J$$$J$I$NBP:v$r;\$9$3$H$r;X$9!#$3$NBh0lCF$,(B2003$BG/$K=P2YM=Dj$N(BWindows .NET Server 2003$B$J$N$@$H$$$&!#(B

$B!!(Bport 135, 137$B!A(B139, 445 $B$O!"(BMicrosoft $BE*$K$O!VITMW$J%5!<%S%9!W$G$O$J$$$7!V%;%-%e%j%F%#!&%[!<%k$N$J$$%W%m%0%i%`!W$H$$$&$3$H$J$s$@$m$&$J!#(B $B$=$37PM3$G(B crack $B$5$l$?5!3#$O(B 1 $BBf$b$J$$$s$G$7$g$&!"$-$C$H!#(B

$B"#(B 2002.11.28

$B"#(B Internet Explorer $BMQ$NN_@QE*$J=$@5%W%m%0%i%`(B (Q328970) (MS02-066)
(Microsoft, 2002.11.21)

$B!!(BIE 5.01, 5.5, 6.0 $B$N(B 6 $B$D$N?7$?$Jl!#(B FAQ $B$K(B

$B967b
$B$O$$!"$G$-$^$9!#$7$+$7!"%^%$%/%m%=%U%H$O%5%]!<%H5;=Q>pJs(B 810687 $B$r8x3+$7!"(BHTML $B%X%k%W$N%7%g!<%H%+%C%H$r@)8B$9$k%l%8%9%H%j(B $B%-!<@_Dj$K$D$$$F@bL@$7$F$$$^$9!#$3$N%l%8%9%H%j(B $B%-!<$r@_Dj$9$k$H!"967b

$B$H$"$k$h$&$K!"AH$_$"$o$;$k$3$H$GG$0U$N%3%^%s%I$r

$B!!(B$B!X%P%0%H%i%C%/!Y$K(BIE$B0-MQ967b%3!<%I$r$=$N$^$^7G:\!";?H]$ON>O@(B $B$NOC$b4XO"$J$N$+$b$7$l$J$$$,!"$$$^$$$A$h$/$o$+$i$J$$!#(B

$B!!$H$j$"$($:E,MQ$7$F$*$1$P(B? ($B%/%l%h%s$7$s$A$c$sIw(B)

2002.12.02 $BDI5-(B:

$B!!(BUnpatched IE security holes$B!"8=:_$O(B 18 $B8D$K$J$C$F$$$^$9!#$+$J$j8:$j$^$7$?!#$=$l$G$b(B 18 $B8D$"$k$s$G$9$,!#(B

$B"#(B Microsoft Data Access Components $B$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,
(Microsoft, 2002.11.21)

$B!!(BMDAC 2.6 $B0JA0$K

$B!!BP:v$H$7$F$O!"

$B!!=>$C$F!"?d>)$5$l$kBP1~$O(B MDAC 2.7 $B$N%$%s%9%H!<%k$H$J$k!#$7$+$7$3$l$K$bLdBj$,$"$k!#(BMDAC 2.7 $B$K4^$^$l$k(B msxml3.dll $B$O!"(BMS02-008 $BLdBj$r=$@5:Q$NHG$h$j$b8E$/!"(BMS02-008 $BLdBj$,4^$^$l$F$7$^$C$F$$$k$N$@!#(B $B$3$N$?$a!"(BMDAC 2.7 $B$r%$%s%9%H!<%k$7$?8e$K!"(BMS02-008 $B=$@5%W%m%0%i%`$rE,MQ$7$F$*$/I,MW$,$"$k!#$?$@$7!"(BIE 6.0 SP1 $B$G$O(B MS02-008 $BLdBj$,=$@5:Q$_$J$N$G!"(BMS02-008 $B=$@5%W%m%0%i%`$rE,MQ$9$kI,MW$O$J$$!#$d$d$3$7$$$M!#(B

$B!!>\:Y$O!";32<$5$s$N(B $B%Q%C%A$rL58z$K$5$l$k62$l$"$j!$(BWindows$B$N?<9o$J%;%-%e%j%F%#!&%[!<%k$r2r@b$9$k(B ($BF|7P(B IT Pro) $B$rFI$s$G$/$@$5$$(B (^^;)$B!#(B $B3XFb8~$1$N%Z!<%8(B $B$K$b>pJs$,$"$j$^$9(B ($B$,!"3XFb8~$1$J$N$G0lHL$K$OE,MQ$G$-$J$$$+$b$7$l$^$;$s(B)$B!#(B

$B!!(BMS02-065 $B$G$b(B

$BK\LdBj$KBP$9$k40A4$JBP:v$O!"(BMDAC $B%P!<%8%g%s(B 2.7 $B0J9_$rE,MQ$9$k$3$H$G$9!#(BMDAC $B%P!<%8%g%s(B 2.7 $B0J9_$O$3$N@He=R$N(B Kill Bit $BL$@_Dj$K$h$k%3%s%]!<%M%s%H$N:FEPO?$NLdBj$bH/@8$7$^$;$s!#2DG=$J8B$j(B MDAC 2.7 $B0J9_$N%P!<%8%g%s$X$N%"%C%W%0%l!<%I$r$*4j$$$$$?$7$^$9!#(B

$B$H$$$&5-=R$,EP>l$7$F$$$^$9$M!#$?$@$7!"(B

$BCm0U(B : MDAC 2.7 $B$rE,MQ$9$k;v$K$h$j!"$3$N5!G=$r;HMQ$9$k%"%W%j%1!<%7%g%s$,@5$7$/F0:n$7$J$/$J$k2DG=@-$,$"$j$^$9!#8=:_$*;H$$$N%"%W%j%1!<%7%g%s$KM?$($k1F6A$K4X$7$F$O!"@=IJ$N3+H/85MM$^$G$43NG'$/$@$5$$!#(B $B8=:_(B MDAC 2.7 $B$K4X$7$FJ@

$B$H$b$"$j$^$9$N$G$4Cm0U$r!#(BJP418820: [MDAC] $B%$%s%9%H!<%k$7$F$b0lIt$N%U%!%$%k$,(B DLLCACHE $B$KEPO?$5$l$J$$(B $B$O!":G0-$N>l9g(B OS $B$N:F%$%s%9%H!<%k$,I,MW$H$5$l$F$$$k$N$GMWCm0U!#(B

2002.12.04 $BDI5-(B:

$B!!(Bhsj $B$5$s$A(B $B$K(B IIS 5.0 $BMQ$N(B exploit $B$,=P$F$$$^$7$?!#(B

$B!!(B$B:#EY$O!H40A4$JBP:v!I$K$H$s$G$b$J$$I{:nMQ!=!=!V(BWindows$B$N?<9o$J%[!<%k!WB3JT(B ($BF|7P(B IT Pro)$B!#(B MDAC 2.7 $B$r%$%s%9%H!<%k$7$?8e$G$O!"(BMS02-008 $B$NB>!"(BSQL Server $B$rF0:n$5$;$F$$$k>l9g$O(B MS02-030, MS02-040 $B$rE,MQ$9$kI,MW$,$"$kLOMM!#(B

$B!!(BIE$B!"(BOE $B$N0BA4$JMxMQ$K$O9bEY$JCN<1$H>pJs<}=8G=NO$,I,MW!*!)(B (NetSecurity)$B!#(B MS02-066 $B$O(B MS02-065 $B$N4V0c$$$@$H;W$o$l!#(B $B3N$+$K:#2s$N;vNc$O$*AFKv$9$.$k$,!"$@$+$i$C$F!"B>$N%V%i%&%6$N>pJs<}=8$,4JC1$C$F%3%H$K$O$J$i$J$$$H;W$&$>!#(B

2002.12.12 $BDI5-(B:

$B!!(B$B!V(BWindows$B$N?<9o$J%[!<%k!WBP:v$GH/@8$9$k%H%i%V%k$r2r7h$9$k(B ($BF|7P(B IT Pro)$B!#(B MDAC 2.7 $B%$%s%9%H!<%k$N>\:Y!#$o$+$j$d$9$$!#(B

2003.01.21 $BDI5-(B:

$B!!(BMDAC 2.7 SP1 $B$,=P$F$$$^$9!#(BMS02-008 (MSXML 3.0 $BMQ$N$_(B), MS02-030, MS02-040 $B$O=$@5$5$l$F$$$k$=$&$G$9!#(B $B$7$+$7!"(BMDAC 2.7 $B$KB8:_$7$?!"%$%s%9%H!<%k;~$NLdBj$K$D$$$F$O!"(BMDAC 2.7 SP1 $B$G2r>C$5$l$F$$$k$+$I$&$+$h$/$o$+$j$^$;$s!#G0$N$?$a!"(BMDAC 2.7 $B%@%&%s%m!<%I%Z!<%8(B $B$N5-=R$r$h$/FI$_!"F1MM$NLdBj$,(B MDAC 2.7 SP1 $B$K$b$"$k$b$N$H$7$F%$%s%9%H!<%k$7$?J}$,$h$$$G$7$g$&!#(B$B3XFb8~$1$N%Z!<%8(B$B$b=$@5$+$1$^$7$?!#(B

$B"#(B $BDI5-(B

$B!!(B2002.11.26 $B$N(B SSH Secure Shell Unix server setsid() function call vulnerability (VU#740619) $B$KDI5-$7$?!#(BF-Secure SSH $B%5!<%P(B UNIX $BHG$N>pJs$rDI2C!#(B

$B"#(B UNIX fixes
(various)

$B!!8E$$>pJs$,B?$/$F%"%l$G$9$,!D!D(B

FreeBSD
NetBSD
Mac OS X

$B$I$&$d$i(B Mac OS X 10.1.x $B0JA0$X$N(B fix $B$OMQ0U$5$l$J$$$h$&$@!#(B $B$9$5$^$8$$%Y%s%@!<$@$M!#(B

Debian GNU/Linux
Red Hat Linux
Turbolinux
Vine Linux

2.5:

2.1.x:

$B"#(B w3m 0.3.2.1 released
(security@vinelinux.org, Wed, 27 Nov 2002 04:29:46 +0900)

$B!!(Bw3m 0.3.2 $B0JA0(B ($B5-=R=$@5(B: $B:4F#$5$s46

$B!!(Bw3m 0.3.2.1 $B$G=$@5$5$l$F$$$k!#(Bw3m-m17n $B$b(B 0.3.2.1 base $B$K$J$C$F$$$k!#(B FreeBSD $B$N(B ports/www/w3m $B$O$^$@(B 0.3.2 $B$N$^$^$@!#(B

$B"#(B $BDI5-(B

$B!!(B2002.11.27 $B$N(B Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002) $B$KDI5-$7$?!#$C$F$J$+$C$?$h$&$G$9!#(B

$B"#(B $B4F;k5;=Q?JE8$N@h$K$"$k$b$N$O!)%9%F!<%H%&%)%C%A$N%X%$%:$5$s$KJ9$/(B
($BKhF|(B, 2002.11.27)

$B!!(BGREATEST HIT $B$G$9$+!D!D!#(B $B$7$g$;$s!"7Y;!41$K$h$k8D?ME*$J!V$N$>$-!W$K$7$+;H$o$l$J$$$o$1$M!#$$$d$O$d!#(B

$B"#(B $BJF9-9pCDBN!"9-9pB,Dj%?%0(B $B!H(BWeb$B%S!<%3%s!I$K$D$$$F$N%,%$%I%i%$%s:n@.(B
(INTERNET Watch, 2002.11.27)

$B!!(Bweb $B%P%0$b(B $B%&%$%k%9$G$O$J$$!)!!!H46@w!I$9$k%0%j!<%F%#%s%0%+!<%I(B $B$HF1MM$N?J2=$r?k$2$kLOMM!#(B ZDNet $BHG(B: $B!H(BWeb$B%P%0!I;H$&$J$i9pCN$r!=!=6H3&;X?K(B (ZDNet)$B!#(B

$B"#(B MS$B!"!V%;%-%e%j%F%#!<$N$?$a!W$N6/@)%"%C%W%0%l!<%IJ}?K$r<(:6(B
(WIRED NEWS, 2002.11.25)

$B!!!V6/@)%"%C%W%0%l!<%I!W$H8@$($PJ9$3$($,$$$$$,!"MW$O(B Windows $B$K(B root backdoor $B$r$D$1$h$&$H$$$&OC$K$7$+J9$3$($J$$!#(B $B$I$&9M$($F$b%7%c%l$K$J$C$F$J$$!#(B $B$?$@$G$5$(!V

$B!!$3$s$J$3$H$r9M$($kA0$K!"$^$:$O(B .NET Server 2003 $B$G!V(Bsecure by default$B!W$rE0Dl$7$F$[$7$$!#%G%U%)%k%H$G(B port 135, 137$B!A(B139, 445 $B$,3+$-$C$Q$J$7!"$N$I$3$,!V(Bsecure by default$B!W$J$N$@(B? $B:#$d$i$:$K$$$D$d$k$N$@!#(B

$B"#(B SNS Spiffy Reviews No.4: $B8D?M>pJsO31L$N2DG=@-$N$"$k@H
(LAC, 2002.11.27)

$B!!L5@~(B LAN $B$r0B0W$J@_Dj$N$^$^6HL3$GMxMQ$7$F$7$^$C$F$$$k$H$3$m$OB?$$$s$@$m$&$J$"!D!D!#(B

$B"#(B 2002.11.27

$B"#(B Vulnerability Note VU#457875: Various DNS service implementations generate multiple simultaneous queries for the same resource record
(CERT/CC, 11/19/2002)

$B!!J#?t$N(B DNS $B%5!<%P

$B!!$3$NOC$N85$K$J$C$?$H;W$o$l$k(B Vulnerability in the sending requests control of BIND versions 4 and 8 allows DNS spoofing (CAIS/RNP) $B$K$h$k$H!"(B bind 4.9.11 $B0JA0(B (4.9.x), bind 8.2.7 $B0JA0(B (8.2.x), bind 8.3.4 $B0JA0(B (8.3.x) $B$K$O$3$NVulnerable $B$@$H$5$l$F$$$k!#(B bind $B3+H/85$N(B ISC $B<+?H$O(B dnssec $B$r;H$((B $B$H8@$C$F$$$k$h$&$@!#(B

$B"#(B Microsoft KB $B$$$m$$$m(B
($B?7Ce%5%]!<%H5;=Q>pJs(B)

$B"#(B Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)
(NTBUGTRAQ, Sat, 23 Nov 2002 02:48:39 +0900)

$B!!(Bofficial: RealPlayer Buffer Overrun Vulnerability$B!#(B RealOne / RealPlayer $B$K!"30It$+$i967b2DG=$J(B buffer overflow $B7j$,(B 3 $B$D$"$k$H$$$&OC!#(BRealOne / RealPlayer $B

$B!!(BRealOne Player for Windows $BMQ(B patch $B$,G[I[$5$l$F$$$k!#(B

2002.11.28 $BDI5-(B:

$B!!$C$F$J$+$C$?$h$&$G$9(B: $B%j%"%k!"%a%G%#%"%W%l!<%d!<$N=$@5%Q%C%A$r (CNET)$B!#(B

$B"#(B 2002.11.26

$B"#(B Solaris fs.auto $B$K$*$1$k%j%b!<%H$+$i$N%;%-%e%j%F%#?/32$N@H
(ISS, 2002.11.26)

$B!!(BSolaris 2.5.1$B!A(B9 $B$N(B xfs $B%5!<%P(B (fs.auto) $B$K

$B!!4XO"(B: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service (CERT/CC)$B!#(B

2002.11.27 $BDI5-(B:

$B!!(B Sun(sm) Alert Notification 48879: X Font Server May Allow Denial of Service (Sun)$B!#(B DoS?

2002.12.23 $BDI5-(B:

$B!!(B Sun(sm) Alert Notification 48879: X Font Server May Allow Denial of Service $B$,2~D{$5$l$F$$$k!#(Bpatch $B$,EP>l$7$?$h$&$@!#(B

$B"#(B SSH Secure Shell Unix server setsid() function call vulnerability (VU#740619)
(installer ML [installer 7507], Tue, 26 Nov 2002 11:29:15 +0900)

$B!!(Bssh.com $B$N(B SSH Secure Shell for Servers / Workstations 2.0.13 $B!A(B 3.2.1 $B$N(B UNIX $BHG(B ($B6qBNE*$K$O(B AIX, Linux, HP-UX, Solaris, BSD) $B$Kl9g$K(B local $B967b

$B!!BP1~$9$k$K$O!"(BSSH Secure Shell 3.1.5 $B$"$k$$$O(B 3.2.2 $B$K(B upgrade $B$9$k!#(B $B$3$l$i$K$*$$$F$O>o$K(B setsid() $B$9$k$h$&$KJQ99$5$l$F$$$k!#(B

$B!!;2>H(B: VU#740619

2002.11.28 $BDI5-(B:

$B!!(BF-Secure SSH$B%5!<%P(B UNIX$BHG$K$*$1$k%m%0%$%sL>56Au$N@H (f-secure.co.jp)

$B"#(B 2002.11.25

$B"#(B @Random/1st
(self)

$B!!(B@Random/1st $B$,(B 2003.02.08 $B$K(B ($B$h$&$d$/(B (^^;;;)) $B3+:E$5$l$^$9!#(B $B>\:Y$K$D$$$F$O$*$$$*$$8x3+$5$l$F$$$/$H;W$$$^$9$N$G!"$b$&$7$P$i$/$*BT$A$/$@$5$$$^$7!#(B @Random/ZERO $B$K;22C$5$l$?J}$K$O!"6a!9$K@h9TM=Ls$N0FFb%a!<%k$,FO$/$H;W$$$^$9!#(B

$B"#(B 2002.11.22

$B"#(B Sun Security Bulletin #00220: Double Free bug in zlib compression library
(Sun, 2002.11.19)

$B!!(BSun Java JDK/SDK/JRE 1.1.8, 1.2.2, 1.3.0, 1.3.1, 1.4.0 $B$K(B Zlib Advisory 2002-03-11: zlib Compression Library Corrupts malloc Data Structures via Double Free $B7j$,$"$C$?$H$$$&OC!#(B1.4.1 $B7ONs$K$O$3$N7j$O$J$$$=$&$@!#(B $B2?$r$$$^$4$m!D!D$H$$$&$N$,@5D>$J46A[!#$3$l$@$+$i!V(BSun $B$OJ5!W$H$+8@$o$l$k$o$1$G!D!D!#(B

$B!!(Bfix $BHG$,=P$F$$$k$N$G!"$3$l$rE,MQ$9$k$+!"(B1.4.1 $B7ONs$K0\9T$9$l$P$h$$!#(B $B7j$N$"$k$b$N$H(B fix $B$5$l$?$b$N$N%P!<%8%g%sHV9f$N>\:Y$O(B Bulletin #00220 $B$r;2>H!#4XO"(B:

$B"#(B $BDI5-(B

$B!!(B2002.11.20 $B$N(B [INFO] $B%3!<%I$N:GE,2=$K$*$1$kCm0UE@(B $B$KDI5-$7$?!#(B $B$=$&$$$&5!G=$O(B gcc $B$K$O$^$@$J$$$h$&$G$9!#(B($B1|B<$5$s46

$B"#(B $B6bM;5!4X$r6<$+$9%/%i%C%+!&%7%s%8%1!<%H$,5^A}Cf(B
($BF|7P(B IT Pro, 2002.11.21)

$B!!7Y;!8"NO$r6/$/$7$?$H$3$m$G!"$=$b$=$bHo32FO$,=P$J$$$N$G$O!D!D!#(B $BHH?M$rJa$^$($?$H$3$m$G!"$b$H$b$H$N%;%-%e%j%F%#$,$5$s$+$$%4%i%!!W$H05NO$r$+$1$k$7$+$J$$$H;W$&$N$@$,!D!D!#$G!"$=$l$r8@$($k$N$O!"$d$C$Q6bM;Ev6I$J$N$@$m$&$H;W$&$N$@$,!D!D!#L5M}$+$J$"!#L5M}$J$s$@$m$&$J$"!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B!!$$$m$$$m!#(B

$B"#(B $B%;%-%e%j%F%#$OFs$N
(ZDNet, 2002.11.22)

$B!!(Bbind $B$O$d$C$Q$j$B3+H/$B!#(B

$B"#(B 2002.11.21

$B"#(B $B!X%P%0%H%i%C%/!Y$K(BIE$B0-MQ967b%3!<%I$r$=$N$^$^7G:\!";?H]$ON>O@(B
(WIRED NEWS, 2002.11.21)

$B!!4XO"(B:

$B!!(BWIRED $B5-;v$K%j%s%/$5$l$F$$$k(B Serious Internet Explorer Defect (jmu.edu) $B$K$h$l$P!"$5$-$4$mEP>l$7$?(B Internet Explorer $BMQ$NN_@QE*$J=$@5%W%m%0%i%`(B (Q328970) (MS02-066) $B$rE,MQ$9$k$H!"<($5$l$?(B exploit $B$OF0:n$7$J$/$J$k!"$H$$$&!#$,!"(B

However, it is not entirely clear yet whether the patch specifically and entirely addresses the Sandblad discovery.

$B!!$=$b$=$b(B MS02-066 $B$G2?$,=$@5$5$l$F$$$k$N$+(B ($B$5$l$F$$$J$$$N$+(B) $B$b$$$^$$$A$h$/$o$+$i$J$$!#(B .png $BLdBj$O(B eEye $B$,H/8+$7$?$b$N$N$h$&$J$N$G!"6a!935MW$,(B eEye $B$+$i<($5$l$k$N$@$m$&!#$^$?!V%U%l!<%`$NITE,@Z$J%/%m%9(B $B%I%a%$%s$N%;%-%e%j%F%#8!>Z!W(B (CAN-2002-1217) $B$O(B GreyMagic Security Advisory GM#011-IE: Internet Explorer : The D-Day $B$J$N$@$=$&$@!#(B

$B!!$A$J$_$K!"(BUnpatched IE security holes $B$K$O8=:_(B 32 $B8D$NLdBjE@$,Ns5-$5$l$F$$$k!#(B

$B"#(B 2002.11.20

$B"#(B FullDisclosure: Fun with mod_php/Apache 1.3, yet Apache much better than II$
($B%?%l%3%_(B, Tue, 19 Nov 2002 20:23:14 +0900)

$B!!(Bguninski $B;a$K$h$k(B 2 $B$D$N;XE&!#(B

  1. $B%f!<%6$,!"(Bmod_php $B$D$-(B Apache 1.3 $B$+$i30It%W%m%0%i%`$rl9g!">/$J$/$H$b(B 50% $B$N3d9g$G(B http port $B$r>h$C$H$k$3$H$,$G$-$k!"$H$$$&;XE&!#(B

    $B2sHr$9$k$K$O(B safe_mode $B$r(B on $B$K$9$l$P$h$$!#(B unofficial $B$JBP1~(B patch $B$bE:IU$5$l$F$$$k!#(B

  2. 2.4.19 $B$h$jA0$N(B Linux $B%+!<%M%k$r%U%j!<%:$5$;$k$3$H$,$G$-$k!"$H$$$&;XE&!#(B kernel 2.4.19 $B$GD>$C$F$$$k$N$G!"(Bkernel 2.4.19 $B$rF~$l$l$P$h$$!#(B

$B!!9gC+$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B Full-Disclosure ML $B$H$$$&$N$,$G$-$F$$$?$s$G$9$M!#$5$C$=$/(B subscribe $B$7$^$7$?!#(B

$B"#(B [INFO] $B%3!<%I$N:GE,2=$K$*$1$kCm0UE@(B
($B%P!<%A%c%k%M%C%H%O%C%+!<$CL<(B $B:;Lm(B16$B:P(B, 2002.11.19)

$B!!(B$BNI$$%K%e!<%9$H0-$$%K%e!<%9(B $B$NA0H>(B ($B0-$$%K%e!<%9(B) $B$b;2>H!#$A$J$_$K!"(B GCC $B$N>l9g(B $B$O$3$s$J46$8$K$J$k$N$@$=$&$@!#(B 

#pragma optimize("-no-dead-code-removal")
memset(Password, 0, sizeof(Password));
#pragma optimize("-dead-code-removal")

2002.11.22 $BDI5-(B:

$B!!1|B<$5$s$+$i(B ($B$I$&$b$G$9(B):

$B$3$l$O!V$3$s$J$U$&$K$G$-$k$h$&$K$J$C$?$i$$$$$J!W$H$$$&OC$G$O$J$+$C$?$G$7$g$&$+!#(B

$B!!$"$C!"(BHowever, to the best of my knowledge, GCC does not support altering optimization options on-the-fly though preprocessor statements $B$C$F=q$$$F$"$k$7!#FI$_$,B-$j$J$$(B ($B$D!<$+$=$l0JA0(B > $B26(B)$B!#(B $B$3$&$$$&5!G=$O(B gcc $B$K$O$^$@$J$$$h$&$G$9!#(B $B$9$s$^$;$s(B > all$B!#(B

$B"#(B Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow
(eEye, 2002.11.12)

$B!!(BMacromedia ColdFusion MX 6.0, JRun 3.0 / 3.1 / 4.0 $B$N(B IIS ISAPI $B%O%s%I%i$K

$B!!(Bfix (ColdFusion MX, JRun) $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B $BF|K\8lHG$O!"(BColdFusion MX $B%"%C%W%G!<%?(B $B%j%j!<%9(B 1 ($B%j%j!<%9%N!<%H(B) $B$H(B JRun $B$+$iF~

$B"#(B SME$B!"?7$7$$(BCD$B%3%T!
(slashdot.jp, 2002.11.20)

$B!!%$%s%9%H!<%k$O$*$m$+!"MxMQ$K$*$$$F$9$i(B administrator / Power Users $B8"8BI,MW(B$B$H$$$&$"$?$j$,!"$$$+$K$b!V%;%-%e%j%F%#$,$o$+$C$F$J$$!W$C$F46$8$G!"$5$9$,(B SONY$B!#F,0-$9$.!#(B

$B"#(B Microsoft Security Response Center $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N?<9oEYI>2A%7%9%F%`(B ($B2~D{HG(B 2002 $BG/(B 11 $B7n(B)
(Microsoft, 2002.11.19)

$B!!?<9oEYI>2A$,(B 4 $BCJ3,(B ($B6[5^(B, $B=EMW(B, $B7Y9p(B, $BCm0U(B / Critical, Important, Moderate, Low) $B$KJQ99$5$l$?!#(B

$B%^%$%/%m%=%U%H$G$O!"1F6A$r2A$5$l$F$$$k@Ho$KE,MQ$9$kI,MW$,$"$k$H9M$($F$$$^$9!#!V6[5^!W$HI>2A$5$l$F$$$k=$@5%W%m%0%i%`$O!"D>$A$KE,MQ$9$kI,MW$,$"$j$^$9!#!V7Y9p!W$^$?$O!VCm0U!W$HI>2A$5$l$F$$$k@HpJs$rFI$_!"$=$N@H2A$5$l$F$$$k@H

$B!!$h$jE,@Z$JI>2AJ}K!$K$J$C$?$H;W$&$1$l$I!"$b$A$m$s!"8D!9$NAH?%$K$*$$$F(B Microsoft $B$K$h$kI>2A$,$=$N$^$^$"$F$O$^$k!"$o$1$G$OI,$:$7$b$J$$$o$1$G!"(BMicrosoft $B<+?H$b(B

$B$3$N?<9oEYI>2A%7%9%F%`$O!"$=$l$>$l$NLdBj$r9-$/5R4QE*$KI>2A$G$-$k$h$&$K$9$k$3$H$rL\E*$H$7$F$$$^$9$,!"%^%$%/%m%=%U%H$O!"$*5RMM$K$=$l$>$l$N4D6-$r3NG'$7!"%7%9%F%`$rJ]8n$9$k$?$a$KI,MW$J=$@5%W%m%0%i%`$r7hDj$9$k$3$H$r6/$/?d>)$7$^$9!#(B

$B$H=q$$$F$$$k!#(B Microsoft $B$K$h$kI>2A$O;29M$K;_$a!"<+J,<+?H$G9T$&$3$H$r?4$,$1$?$$!#(B $B2a>.I>2A$O6XJ*$@$1$I!#(B $B$^$!!"!V6[5^!W!V=EMW!W$O$?$$$F$$!V6[5^!W!V=EMW!W$G$7$g$&$1$I$M!#(B

$B6H3&$N7P83>e!"$*5RMM$N%7%9%F%`$K1F6A$r5Z$\$9967b$O!"967bl9g$O$a$C$?$K$"$j$^$;$s!#(BCode Red $B$*$h$S(B Nimda $B%o!<%`(B $B%&%$%k%9$N$h$&$K!"967b$O$`$7$m!"=$@5%W%m%0%i%`$,$9$G$KDs6!$5$l$F$$$F$b!"$=$l$,E,MQ$5$l$F$$$J$$@Hl9g$,B?$$$N$G$9!#(B

$B!!(BNimda $B$N>l9g!"!V4{CN$@$1$I(B Microsoft $B$,(B patch $B$r=P$7$F$$$J$+$C$?@H

$B"#(B 2002.11.19

$B"#(B 2002.11.18

$B"#(B $B?7$7$$!X(BWi-Fi$B!Y$N%;%-%e%j%F%#!<5;=Q$b967b$K$O
(WIRED NEWS, 2002.11.18)

$B!!;EMM>e$NLdBj$K$h$j(B DoS $B967b$K

$B"#(B i386 Linux kernel DoS
(stalk ML, Sat, 16 Nov 2002 01:06:26 +0900)

$B!!(Bx86 Linux $B$KBP$9$k(B local DoS $B%3!<%I!#(B

$B"#(B $BDI5-(B

$B!!(B2002.11.15 $B$N(B $B%&%$%k%9$G$O$J$$!)!!!H46@w!I$9$k%0%j!<%F%#%s%0%+!<%I(B $B$KDI5-$7$?!#3F%Y%s%@$NBP1~>u67$rDI5-!#$?$$$F$$$OBP1~$7$F$$$k$_$?$$!#(B

$B"#(B 2002.11.15

$B"#(B Multiple vulnerabilities in Tiny HTTPd
(bugtraq, Mon, 11 Nov 2002 19:48:55 +0900)

$B!!(Btinyhttpd 0.1.0 $B$K(B ../ $B%P%0$,$"$k$H$$$&OC!#%U%!%$%kFI$_

$B"#(B KDE $B%M%?(B 2 $B$D(B
(various)

$B!!$I$A$i$b(B KDE 3.0.5 $B$G=$@5$5$l$F$$$k!#$^$?!"(B ftp://ftp.kde.org/pub/kde/security_patches/ $B$K(B 3.0.4 $BMQ(B patch $B$,MQ0U$5$l$F$$$k!#(B

2002.12.23 $BDI5-(B:

$B"#(B $B>pJs=hM}3X2q4X@>;YIt(B $B%A%e!<%H%j%"%k9V1i2q!V>pJs%;%-%e%j%F%#$N
($B%?%l%3%_(B, Wed, 13 Nov 2002 21:33:10 +0900)

$B!!(B$B9bLZ$5$s$A(B $B$K(B 2002.10.17 $B$K8x3+$5$l$?$b$N!#KAF,$K>pJs=hM}3X2q%M%?$"$j!#(B $B$3$l$b!">pJs=hM}3X2q$+$i$O2?$N%"%J%&%s%9$b$5$l$F$$$J$$$h$&$J5$$,!#(B

$B!!F?L>4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B SecurityFocus Newsletter #168, 169
(bugtraq-jp)

$B!!(BHTML $BHG(B:

$B!!%F%-%9%HHG(B:

$B"#(B UNIX fixes
(various)

Vine Linux 2.5
Turbolinux
Debian GNU/Linux
Red Hat Linux
OpenBSD

  • November 14, 2002: A buffer overflow exists in named(8) that could lead to a remote crash or code execution as user named in a chroot jail.
    patch: 3.2, 3.1, 3.0

FreeBSD

$B"#(B $B%&%$%k%9$G$O$J$$!)!!!H46@w!I$9$k%0%j!<%F%#%s%0%+!<%I(B
(ZDNet, 2002.11.14)

$B!!A4$F$N%&%#%k%9(B / $B%o!<%`(B / $B%H%m%$$K;HMQ5vBz7@Ls=q$r(B! ($B0c(B)

$B!!(BTea Room for Conference No.1123 $B$b;2>H!#(B $B$I$3$+$GJ9$$$?$h$&$JOC$@$J$"$H$O;W$C$F$$$?$N$@$1$I!"(Boffice $B$5$s$@$C$?$N$M!D!D!#(B

2002.11.18 $BDI5-(B:

$B!!3F%Y%s%@$NBP1~>u67!#(BIkegami $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2002.11.28 $BDI5-(B:

$B!!(B$B!HNi57@5$7$$32Cn!I$,$O$d$j$=$&$@(B (ZDNet)$B!#(B

$B"#(B $B!V@GL39T@/$X$N$40U8+!&$4MWK>$r$*4s$;$/$@$5$$!W%3!<%J!<$+$i$N$*OM$S(B
($BL>8E209q@G6I(B, 2002.11.12)

$B!!(B$BL>8E20$O$($'!A$h!A(B$B!"O31H$9$k$,$M!A!#4XO"(B:

$B"#(B $B#U#F#J$D$P$5>Z7t!"8\5R%G!<%?N.=P;v
($BFIGd(B, 2002.11.12)

$B!!(B3 $B7n$KN.=P$r3NG'$7$?$,2?$NBP1~$b$7$J$+$C$?!"$N$@$=$&$G!#(B $BAGE($G$9$M!#4XO"(B:

$B"#(B $B%-!<%9%j!<%a%G%#%"(I%$B%$%Y%s%H3t<02q
($B%?%l%3%_(B, Fri, 15 Nov 2002 11:30:12 +0900)

$B!!Nc$K$h$C$F$N(B virus mail $B$P$i$^$-;v7o!#(B $B%"%J%&%s%9$b$N$d%a!<%k%^%,%8%sE*$J$b$N$O!"$U$D$&$O(B moderate $B$J1?MQ$r$9$k$H;W$&$s$@$1$I!"!V$7$F$^$;$s$G$7$?!W$C$F$3$H$J$s$G$9$+$M$(!#(B $BJ!8w$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2002.11.14

$B"#(B $BDI5-(B

$B!!(B2002.11.13 $B$N(B BIND4 $B$*$h$S(B BIND8 $B$G$N%j%b!<%H$GMxMQ2DG=$JJ#?t$N@H $B$KDI5-$7$?!#(Bbind 4.9.10, 8.2.6, 8.3.3 $BMQ$N(B patch $B$,=P$F$$$^$9!#(B CERT Advisory CA-2002-31 Multiple Vulnerabilities in BIND $B$bEP>l!#(B

$B"#(B $B0lB@O:%S%e!<%"(B
($B0lB@O:DL?.(B, Thu, 14 Nov 2002 15:48:06 +0900)

$B!!%@%&%s%m!<%I$9$k:]$K$O(B e-mail address $B$NF~NO$,I,MW!#(B $B$G!"!V(B$B8D?M>pJs$N$B$3$A$i(B$B$r$4Mw$/$@$5$$(B$B!W(B $B$J$s$F=q$$$F$"$k$o$1$@$,!"$=$N!V(B$B$3$A$i(B$B!W$NFbMF$N$J$52C8:$O4($9$.!#(B $B!V%W%i%$%P%7!<%^!<%/@)EY!W$C$F!"$I$&$7$F$3$&$J$s$G$9$+$M!#(B $B5U8z2L$@$H$7$+;W$($J$$$N$@$1$I!D!D!#(B

$B!!%8%c%9%H%7%9%F%`$O!":#$+$i$G$bCY$/$O$J$$$+$i!"(B $B!VF|7P%3%s%T%e!<%?!W(B2002.11.18 $B$NFC=8(B 2 $B!X8\5R>pJs$O!VN>?O$N7u!W!Y(B $B$"$?$j$rFI$s$G!"2?$r$9$Y$-$+(B / $B$9$Y$-$G$J$$$+:F8!F$$7$?$[$&$,$$$$$s$8$c$J$$$N(B? $B$C$F5$$b!#(B

$B!!!D!DEPO?$9$k$H!"!V%@%&%s%m!<%I%\%?%s$r%/%j%C%/$9$k$H!"%@%&%s%m!<%I$r3+;O$7$^$9!W$H$f!<%Z!<%8$,=P$F$-$^$9$,!"$3$3$K<($5$l$k(B URL $B$rD>@\C!$1$P!"EPO?:n6H$J$s$+$7$J$/$C$F$b$=$N$^$^(B get $B$G$-$A$c$$$^$9$M$(!#$J$s$@$+$J$"!#(B

$B"#(B 2002.11.13

$B"#(B Windows 2000$B$,
($BF|7P(B IT Pro, 2002.11.11)

$B!!FC$B@_Dj(B$B$OI,MW$J$o$1$G!#!V%G%U%)%k%H>uBV$G(B EAL4$B!W$J$o$1$G$O7h$7$F$J$$!#(B

$B"#(B $B!X$+$s$J!Y(BVersion 3.6 $B$K$*$1$kJQ99E@(B
(installer ML, Tue, 12 Nov 2002 23:20:55 +0900)

$B!!M-;V$K$h$C$F%j%j!<%9$5$l$?(B $B$+$s$J(B 3.6 $B$G$O!V(B$B%/%i%$%"%s%H$+$iHs>o$KD9$$%f!<%6L>$rAw$i$l$k$H!"%P%C%U%!%*!<%P!<%U%m!<$r5/$3$9$H$$$&LdBj(B$B!W$,=$@5$5$l$F$$$k$=$&$G$9!#(B $B$3$NB>$K$b!"%G%U%)%k%H$G$O(B TCP $B@\B3$Ojapanese/Canna $B$O$9$G$K(B 3.6 $B$K$J$C$F$^$9!#(B

$B"#(B BIND4 $B$*$h$S(B BIND8 $B$G$N%j%b!<%H$GMxMQ2DG=$JJ#?t$N@H
(freebsd-security ML, Wed, 13 Nov 2002 02:28:20 +0900)

$B!!(Bbind 4.9.10 $B0JA0$N(B bind 4 $B$K(B 1 $B$D!"(Bbind 8.3.3 $B0JA0$N(B bind 8 $B$K(B 3 $B$D$N7j$,$"$kLOMM!#FC$K(B bind 4 / 8 $BN>J}$,1F6A$r

$B!!BP1~$9$k$K$O!"(Bbind 4.9.11, 8.2.7, 8.3.4 ($B$^$@8x3+$5$l$F$$$J$$$_$?$$(B) $B$K(B upgrade $B$9$k$+!"(Bbind 9 $B$K0\9T$9$k!#$$$:$l$NLdBj$K$D$$$F$b!"2sHr$9$k$K$O(B recursion $B$rDd;_$9$l$P$h$$$=$&$@!#(B $B$C$F!"!V%-%c%C%7%e%5!<%P$H%>!<%s%5!<%P$OJ,N%$7$F1?MQ$9$k!W$r!<%s%5!<%P$N(B recursion $B$ODd;_$G$-$k(B ($BDd;_$7$F$$$k(B) $B$O$:$@$1$I!"%-%c%C%7%e%5!<%P$N(B recursion $B$O!D!D!#(B

$B!!(Bconnect24h ML $B$N(B [connect24h:5103] Bind 4&8 serious vulnerabilities $B$+$i$O$8$^$k%9%l%C%I$G$O!"(Bbind 8 $B$G$OF0$/$1$I(B bind 9 $B$G$OF0$+$J$$(B ($B$N$G(B bind 9 $B$K0\9T$G$-$J$$(B!) $BOC$KH/E8$7$F$$$^$9!#(B Internet Week 2002 $B$N(B DNS DAY $B$N8a8e$K$O!"$=$&$$$&OC$b=P$k$N$+$J$"!#(B ($B$*$b$$$C$-$j(B JPCERT/CC Seminar 2002 $B$H%+%A$"$C$F$k$7!D!D(B)

2002.11.14 $BDI5-(B:

$B!!(Bbind 4.9.10, 8.2.6, 8.3.3 $BMQ$N(B patch $B$,=P$F$$$^$9!#(B

$B!!$i$`$8$#$5$s$,(B Vine Linux $BMQ;d2HHG(B rpm $B$r:n$C$F$$$i$C$7$c$$$^$9(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B)$B!#(B

$B!!(BCERT Advisory CA-2002-31 Multiple Vulnerabilities in BIND $B$bEP>l$7$^$7$?!#(B

2002.11.15 $BDI5-(B:

2002.11.20 $BDI5-(B:

$B!!?75,(B: NetBSD, Turbolinux$B!#99?7(B: FreeBSD$B!#(B 2002.11.15 $B$N$H$3$m$KDI5-!&99?7$7$F$*$$$?!#(B

$B!!$"$H!"(Bbind 4.9.11, 8.2.7, 8.3.4 $B$b(B$B=P$F$^$9(B$B$M!#(B

$B"#(B 2002.11.12

$B"#(B 2002.11.11

$B"#(B $B4IM}
($B?7Ce%5%]!<%H5;=Q>pJs(B, 2002.11.08)

$B!!$$$D$>$d$N(B$B$,$s$P$l(B!! $B%2%$%D7/(B$B$GOCBj$K$J$C$F$$$?7o$+$J$"!#F,$NDK$$!V;EMM!W$G$9$M!#$3$&$$$&$3$H$,$"$k$N$G!"!V(BWindows $B;H$&$H$-$O%G%U%)%k%H$G4IM}

$B"#(B GPKI$B$*$h$S(BLGPKI$B$K$*$1$k%k!<%H>ZL@=qG[I[J}<0$N@H
(SecurIT, 2002.10.30)

$B!!$d$C$HFI$s$@!#$$$-$J$j!V%;%-%e%j%F%#%[!<%k(B memo $B%a!<%j%s%0%j%9%H!W$H$+=P$F$-$F$S$C$/$j$7$?(B (^^;)$B!#(B $B8D?ME*$K$O!"(B

  1. 5.4 $B9`$K<($5$l$F$$$k$h$&$K!"L14V>ZL@=q$G%3!<%I=pL>$5$l$?!"(BGPKI/LGPKI $B%k!<%H>ZL@=q%$%s%9%H!<%i$rMQ0U$9$k!#(B

  2. $B$5$i$K(B GPKI/LGPKI $B%k!<%H>ZL@=q$NFbMF$r3NG'$7$?$$?M$N$?$a$K!"%U%#%s%,!<%W%j%s%H$r5-:\$7$?%U%!%$%k$KL14V>ZL@=q$GEE;R=pL>$r;\$7$F(B web $B$K7G:\$9$k!#(B $B$3$N(B web page $B$O!"L14V>ZL@=q$rMxMQ$7$?(B SSL page $B$GMQ0U$9$k$3$H$,K>$^$7$$(B ($B$,I,?\$G$O$J$$(B)$B!#(B

$B$,$$$$$h$&$J5$$,!#!V(BCD-ROM $B$rM9AwEy$K$FG[I[!W$O!"HsEE;RE*967b$KBP$9$kBQ@-$O$"$^$j9b$/$J$$$H;W$&$7!#(B($B$b$7$+$7$F!"=qN1$H$+$GAw$C$F$/$l$F$k$N$+$J$"!D!D(B)

$B!!4XO"(B:

$B"#(B Tea Room for Conference #1114
(Tea Room for Conference, 2002.11.08)

$B!!(BViva! $B=;4p%M%C%H!#$9$P$i$7$9$.$F!"N^$,=P$^$9!#(B

$B"#(B 2002.11.08

$B"#(B Oracle $B$M$?(B
(various)

$B"#(B UNIX fixes
(various)

Debian GNU/Linux
Red Hat Linux
Vine Linux
OpenBSD
NetBSD
Sun

Solaris 2.5.1 $B$O$b$&(B fix $B=P$J$$$s$G$9$M!D!D!#(B

$B"#(B 2002.11.07

$B"#(B $B!V(B246.ne.jp$B!W%I%a%$%s$N%a!<%k$,BgNL$N%9%Q%`%a!<%kJV?.$K$h$jCY1d(B
(INTERNET Watch, 2002.11.07)

$B!!(BDoS $B967b$G$9$M$(!D!D!#(B $B:G6a$N(B mail server $B$K$O(B anti-virus $B5!G=$,F~$C$F$$$?$j$9$k$H;W$&$N$G$9$,!"(Banti-virus $B%=%U%H7/$O$1$C$3$&(B CPU $B$r?)$&$N$G!"BgNL(B mail $B$K$h$k(B DoS $B967b$r

$B"#(B $BDI5-(B

$B!!(B2002.11.02 $B$N(B $B%(%i!<(B:"$B%7%^%s%F%C%/ $B$KDI5-$7$?!#(B2002.11.08 09:00 AM $B$N(B LiveUpdate $B$G=$I|$5$l$kM=Dj$NLOMM!#(B

$B"#(B $BNI$$%K%e!<%9$H0-$$%K%e!<%9(B
(MSDN, 2002.10.29)

$B!!(BIE 6 SP1 $B$G$O!"(BCookie $B$N!V(BHttpOnly $BB0@-!W$r2re$O!"$@$m$&$1$I!#(B

$B$_$J$5$s$b$4B8CN$G$7$g$&$,!"(B $B$"$($F$*OC$7$F$*$-$^$9!#$3$l$O(B XSS $B$NLdBj$r2r7h$7$^$;$s(B! $B@H

$B!!$"$j$^$;$s$,!">.$5$J@Q$_=E$M$,$@$$$8$G$9$+$i!"@_Dj$7$F$*$-$^$;$&!#(B

$B"#(B 2002.11.05

$B"#(B [memo:4926] Re: IE 6$B$N!V%U%!%$%k$N%@%&%s%m!<%I!W%@%$%"%m%0$O%G%U%)%k%H$,!V3+$/!W(B
(memo ML, Tue, 22 Oct 2002 04:07:56 +0900)

$B!!(BIE 6 $B$N>\:Y@_Dj$K$"$k!V%@%&%s%m!<%I$7$?%W%m%0%i%`$N=pL>$r3NG'$9$k!W(B (default: off) $B$r%A%'%C%/$9$k$H!"%U%!%$%k$r3+$/$H$-$K=pL>$,<+F0E*$K%A%'%C%/$5$l$k$h$&$K$J$j!"$J$+$J$+$&$l$7$$$H$$$&OC!#(B $B=pL>$,$"$l$P$=$l$rI=<($N>e$G3NG'%@%$%"%m%0$K$J$k$7!"=pL>$,$J$1$l$P7Y9p%@%$%"%m%0$K$J$k!#(B

$B!!$5$i$K!"%l%8%9%H%j@_Dj$K$h$j!"1&%/%j%C%/$G!V=pL>$r3NG'$7$F3+$/(B...$B!W$r@_Dj2DG=$@$H%U%)%m!<$5$l$F$$$k(B [memo:4938]$B!#(B .reg file: 2000/XP, 98/NT 4.0$B!#$r3NG'$7$F3+$/(B...$B!W$r;n$7$F$_$k$H!"!V%U%!%$%k$N%@%&%s%m!<%I!W%@%$%"%m%0$,(B 2 $B2s(B (!) $B=P$F!"$=$N$"$H$G=pL>8!>Z$N%@%$%"%m%0$K$J$k$h$&$@!#(B

$B"#(B $BHs>o;~$KHw$($m!$!H%;%-%e%j%F%#!&%$%s%7%G%s%H71N}!I$N4+$a(B
($BF|7P(B IT Pro, 2002.11.01)

$B!!$$$$$G$9$M$'1i=,!#$7$?$$$J$"!#(B

$B"#(B 2002.11.01

$B"#(B $B%(%i!<(B:"$B%7%^%s%F%C%/
($B%]%1%C%H%K%e!<%9(B, 2002.11.01)

$B!!(BNorton Internet Security 2003 $B$K$*$$$F!"EE;R%a!<%k%W%m%-%7$,!"@5>o$J%a!<%k$r:o=|$7$F$7$^$&$H$$$&;vNc$,$"$kLOMM!#860x$O:#$N$H$3$mITL@!#(B

$B!!4XO"JsF;(B: $B!ZB3Js![%7%^%s%F%C%/$N%;%-%e%j%F%#%=%U%H!"@5>o%a!<%k$r:o=|$9$kIT6q9g(B ($BF|7P(B BP)$B!#(B

2002.11.07 $BDI5-(B:

$B!!(BKnowledge Base $B$,99?7$5$l$?!#(B

$B!T(B $B860x(B $B!U(B
Norton Internet Security 2003 $B$N%9%Q%`7Y9p5!G=$O!"EE;R%a!<%k$r%9%-%c%s$9$k:]$K!"%a%b%j>e$G%a!<%k$NCf?H$rE83+$7%A%'%C%/$7$^$9$,!"BgNL$NEE;R%a!<%k$rO"B3$7$F(B $Bl9g$K!"$^$l$K%a%b%j4IM}>e$NLdBj$,H/@8$9$k$3$H$K5/0x$7$^$9!#(B
$B!T(B $BH/@8$N3NG'$5$l$F$$$k4D6-(B $B!U(B
$B?tF|4V5/F0$7$D$E$1$F$$$k%3%s%T%e!<%?$G!"%a!<%k%=%U%H$N@_Dj$K$h$j%a!<%k%5!<%P!<$KIQHK$K%"%/%;%9$9$k$h$&$K@_Dj$5$l3n$DBgNL$NEE;R%a!<%k$N

$B!!BgNL$C$F$I$N$/$i$$$NNL$J$s$@$m$&!#9b!9?tF|4V$G$H$$$&$N$@$+$i!"(B1 $BF|(B 10 $BK|DL$/$i$$

$B!T(B $BBP:v(B $B!U(B
$BJ@

$B!!L@F|$G$9$J!#(BSINya $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $B!VF0$+$J$$%3%s%T%e!<%?!W$H%3%s%5%k%?%s%H$N4X78(B
($BF|7P(B IT Pro, 2002.10.30)

$B!!$$$d$!!D!D6/Nu$G$9!#$3$s$J;vNc$,8=

$B"#(B UNIX fixes
(various)

Debian GNU/Linux
Turbolinux
Vine Linux

$B"#(B $BO":\!'IT@5?/F~$NpJs$rM?$($J$$BP:vK!(B
(@IT, 2002.10.23)

$B!!(Bapache, bind, sendmail $B$G

OpenSSH$B$K$D$$$F$O!"%=%U%H%&%'%"@_Dj$K$h$kBP:v$,8=9T%P!<%8%g%s$G$O9T$($J$$!"$5$i$K$O%=!<%9%3!<%I$N%P!<%8%g%sJQ99$r$9$k$H@5>o$K5!G=$7$J$/$J$k$?$a!":#2s$OBP>]30$H$7$?!#(B

$B$@$=$&$G$9!#(B

$B"#(B $BO":\!'4IM}
(@IT, 2002.10.25)

$BFC$K!"F|K\9qFb$NAH?%$,4X78$9$k%$%s%7%G%s%H$K$D$$$F$O!"$<$R(BJPCERT/CC$B$KO"Mm$7$F$[$7$$(B

$B$H$$$&$3$H$@$=$&$G$9!#(B

$B"#(B $B:#CN$C$F$*$/$Y$-4m81(B: $BBh(B16$B2s!!:#CN$C$F$*$/$Y$-4m81$H$O(B
(INTERNET Watch, 2002.10.31)

$B!!$$$d$"!"B>NO$5$s!"$^$H$aJ}$&$^$$$J$"!#(B $B$H$$$&$o$1$G!"e=\$K3+:EM=Dj$NLOMM!#(B $B:#EY$O;~4VD9$$$>!

$B"#(B MS02-061: SQL Server Web $B%?%9%/$G8"8B$,>:3J$9$k(B (Q316333)
(Microsoft, 2002.10.17)

$B!!$*$b$$$C$-$j;~4|$r0o$7$F$$$^$9$,!D!D!#(B

$B!!(BSQL Server 7.0/2000, MSDE 1.0/2000 $B$KZ$5$l$?%f!<%6$O!"(B $BB>$N%f!<%6$,:n@.$7$?$b$N$b4^$`!"A4$F$N(B web $B%?%9%/$r:o=|!&A^F~!&99?7$G$-$F$7$^$&!#4{$K:n@.$5$l$F$$$k(B Web $B%?%9%/$r99?7$9$k$H!"$=$N99?7$5$l$?(B Web $B%?%9%/$O%?%9%/:n@.e>:$5$;$k$3$H$,2DG=$H$J$k!#(B CVE: CAN-2002-1145

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(BMS02-061 patch $B$ON_@QE*(B patch $B$K$J$C$F$$$k!#(B

2003.01.27 $BDI5-(B:

$B!!(BSQL Slammer $B%o!<%`(B $BEP>l$K$"$o$;$F!"(BMS02-061 patch $B$,=P$7D>$5$l$F$$$k!#(B 317748 patch $B$,4^$^$l!"$+$D%$%s%9%H!<%i7A<0$K$J$C$?!#(B

$B"#(B $BDI5-(B

$B!!(B2002.09.17 $B$N(B MS Word$B$KJ8=q$N%O%$%8%c%C%/$r5v$9LdBjE@(B $B$KDI5-$7$?!#(BMS02-059 $B$G2r@b$5$l$F$$$k!#(Bpatch $B$b$"$k!#(B

$B"#(B $BDI5-(B

$B!!(B2002.10.02 $B$N(B Windows XP $B$N(B $B!V%X%k%W$H%5%]!<%H(B $B%;%s%?!pJs(B $B$KDI5-$7$?!#(BMS02-060 $B$G8DJL=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k!#(B

$B"#(B Windows 2000 $B$N4{Dj$N%"%/%;%98"$K$h$j!"%H%m%$$NLZGO%W%m%0%i%`$,
(Microsoft, 2002.10.31)

$B!!(BWindows 2000 $B$K

  1. Windows 2000 $B$G$O!"(B[$B%U%!%$%kL>$r;XDj$7$Fl9g$K!"(B $B%7%9%F%`%k!<%H%G%#%l%/%H%j(B ($B%G%U%)%k%H(B: C:\) $B$,%Q%9$K4^$^$l$F$7$^$&!#(B

  2. Windows 2000 $B$N%G%U%)%k%H$G$O!"%7%9%F%`%k!<%H%G%#%l%/%H%j$r4^$`%k!<%H%G%#%l%/%H%j$O(B Everyone $B%U%k%3%s%H%m!<%k$@!#(B

  3. $B%7%9%F%`%k!<%H%G%#%l%/%H%j$K%H%m%$$NLZGO$r@_CV$7$F$*$/$H!"%m%0%*%s;~$J$I$K!"K\J*$N$+$o$j$K%H%m%$$NLZGO$,

  4. administrator $B$,%m%0%*%s$7$F$/$l$?$j$9$k$H!"$"$H$O$d$jJ|Bj!#(B

$B!!$,$"$k$,!"(B $B%;%-%e%j%F%#!&%9%?%8%"%`(B 2002 $B$K$*$$$F(B SecurityFriday $B$5$s$b$3$NLdBj$rDs5/$5$l!"$O$^$b$H$5$s$,Z$5$l$F$$$k!#(B 2002.10.19 $B$N@.2L(B $B$r;2>H$5$l$?$$!#(B

$B!!BP1~$H$7$F$O!"%7%9%F%`%k!<%H%G%#%l%/%H%j$N(B ACL $B$rE,@Z$K@_Dj$9$k!"$,<($5$l$F$$$k!#$7$+$7!"!V%Q%9$K%7%9%F%`%k!<%H%G%#%l%/%H%j$,4^$^$l$F$7$^$&!W;v$OC*>e$2$G$$$$$N$+(B?

$B!!(BCVE: CAN-2002-1184

$B"#(B PPTP $B%5!<%S%9$NL$%A%'%C%/$N%P%C%U%!$K$h$j!"%5!<%S%95qH]$N967b$r
(Microsoft, 2002.10.31)

$B!!(BWindows 2000 / XP $B$Kl9g$K(B DoS $B967b$r$B!V(BWindows 2000/XP$B!W$N(BPPTP$B$K%P%C%U%!!<%*!<%P!<%U%m!<$N@H $B$N(B fix$B!#(B CVE: CAN-2002-1214

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B Internet Information Service $BMQ$NN_@QE*$J=$@5%W%m%0%i%`(B (Q327696) (MS02-062)
(Microsoft, 2002.10.31)

$B!!(BIIS 4.0, 5.0, 5.1 $B$K?7$?$J(B 4 $B

$B!!N_@QE*(B patch $B$,=P$F$$$k$N$GE,MQ$7$h$&!#(B $B$?$@$7!"(BSite Server $B%f!<%6$O$"$i$+$8$a(B JP317815 $B$r;2>H$7$F$*$/$3$H!#(B

$B;d$K$D$$$F(B