$B%;%-%e%j%F%#%[!<%k(B memo - 2003.10

Last modified: Mon Aug 3 14:16:42 2009 +0900 (JST)

$B"#(B 2003.10.31

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B Mac OS X 10.3 $B$M$?(B
(various)

$B"#(B APPLE-SA-2003-10-28 Mac OS X 10.3 Panther
(apple security-announce ML, Wed, 29 Oct 2003 02:46:35 +0900)

$B!!(BMac OS X 10.3 $B$G$O$$$m$s$J7g4Y$rD>$7$^$7$?!"$G$b(B Mac OS X 10.3 $B$G$7$+D>$5$J$$$+$i(B Mac OS X 10.2.x $B0JA0$N?M$O$:!<$C$H7j$D$-%P%j%P%j$C$F$3$H$G!"(Bbye! $B$H$$$&OC!#8EJkNC;a$K$h$kF|K\8lLu(B: [harden-mac:0515]$B!#(B

$B"#(B 2003.10.30

$B"#(B $BDI5-(B

MS03-045: $B%j%9%H%\%C%/%9$*$h$S%3%s%\%\%C%/%9$N%3%s%H%m!<%k$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,

Windows XP $BMQ$N=$@5%W%m%0%i%`$,:F%j%j!<%9$5$l$F$$$k!#(B $B!V(BDebug Programs (SeDebugPrivilege) $B$N%f!<%6!<8"Mx$NLdBj!W$,=$@5$5$l$F$$$k!"$N$@$=$&$@!#(B

MS03-043: $B%a%C%;%s%8%c(B $B%5!<%S%9$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,

Windows 2000 / XP / Server 2003 $BMQ$N=$@5%W%m%0%i%`$,:F%j%j!<%9$5$l$F$$$k!#(B $B!V(BDebug Programs (SeDebugPrivilege) $B$N%f!<%6!<8"Mx$NLdBj!W$,=$@5$5$l$F$$$k!"$N$@$=$&$@!#(B

MS03-042: Windows $B%H%i%V%k%7%e!<%?(B ActiveX $B%3%s%H%m!<%k$N%P%C%U%!(B $B%*!<%P!<%U%m!<$K$h$j!"%3!<%I$,

$B=$@5%W%m%0%i%`$,:F%j%j!<%9$5$l$F$$$k!#(B $B!V(BDebug Programs (SeDebugPrivilege) $B$N%f!<%6!<8"Mx$NLdBj!W$,=$@5$5$l$F$$$k!"$N$@$=$&$@!#(B

Apache HTTP Server 1.3.29 Released

Re:mod_alias.c $B$N>l9g(B (slashdot.jp)$B!#(BApache 1.3.0 $B$NA0$J$N$G!"A4$F$N(B 1.3.x / 2.x $B$,3:Ev$9$k$h$&$G$9$M!#(B

O-013: Buffer Overflow in Oracle Binary [Oracle Security Alert #59]

$B4XO"(B: 0063-01$B!!(B[Oracle]Oracle Database Server $B%P%$%J%j$N@x:_E*$J%;%-%e%j%F%#$N@H (CTC)$B!#(B

$B"#(B 2003.10.29

$B"#(B $BDI5-(B

[Full-Disclosure] IE Security hole exploited once again - "britney.jpg" irc worm.

$B$$$/$D$+$N(B anti-virus $B%Y%s%@!<$,BP1~$7$?$=$&$G$9!#(B

[Full-Disclosure] Remote overflow in thttpd

[Full-Disclosure] [SECURITY] [DSA 396-1] New thttpd packages fix information leak, DoS and arbitrary code execution$B!#(B

$B"#(B $BCm0U!'(BMicrosoft Windows RPC$B$N@H
(ISS, 2003.10.28$B!A(B29)

$B!!(BNachi $B$N?7New RPC worm?$B!"(B[Full-Disclosure] New variant of Nachi ? $B$J$I(B)$B!"(BISS $B$O!"(Bworm $B$G$"$k2DG=@-$ODc$$$HH=CG$7$F$$$k$h$&$G$9!#(B $B$b$C$H$b!"$=$&$$$&$b$N$,$$$D=P$F$-$F$bIT;W5D$8$c$J$$$N$G!"$R$-$D$E$-Cm0U$,I,MW$J$N$G$7$g$&!#(B

$B!!

$B"#(B 2003.10.28

$B"#(B $B!VF|K\$N%$%s%7%G%s%HBP1~BN@)!W$,%F!<%^$N%Q%M%k%G%#%9%+%C%7%g%s(B
(INTERNET Watch, 2003.10.23)

$B$3$N$h$&$JE@$+$i!">.;3;a$O!VK|$,0lF|K\$,6ICOE*$KA@$o$l$?>l9g$K$O!"JF9q$N%&%$%k%9BP:v%Y%s%@!<$NBP1~$,CY$l$k2DG=@-$,$"$k!W$H;XE&!#(B

$B!!$=$l$O:#$K$O$8$^$C$?OC$G$O$J$$$7!"2DG=@-$G$9$i$J$/!"C1$J$k8=

$BF|K\FH<+$ND4::5!4X$H$7$F!"@/I\$J$I$,@hF,$KN)$C$F9T$J$&J,@O5!4X$,J#?tI,MW$@$H6/D4$7$?!#(B

$B!!@/I\<+?H$NBP1~BN@)$OI,MW$@$,!"$=$l$O!VJF9q$N%&%$%k%9BP:v%Y%s%@!<$NBP1~$,CY$l$k2DG=@-$,$"$k!W$+$i$G$O$J$$$O$:$@$h$M!#(B

Blaster$BH/@8;~$K$O!"!VEvpJs$rDs6!$7$F$$$k(BWeb$B%5%$%H$X$O?t@iK|$N%"%/%;%9$,;&E~$7!"EEOC$O:G9b(B1$BF|(B14$BK|7o$NLd$$9g$o$;$,Mh$?!#EEOCBP1~$O%H!<%?%k$G(B100$BK|7o$KC#$7$F$$$k!#$3$l$O!"$b$O$d(B1$B4k6H$G$OBP1~IT2DG=$@$H46$8$?!J1|E7;a!K!W$H$N$3$H!#(B

$B!!%7%'%"$rBgI}$KMn$H$;$P2sHr$G$-$^$9!D!D$H$$$&$N$O$H$b$+$/$H$7$F!#(B $BA4It(B Microsoft $B$K=8$^$k$h$&$K$7$F$$$k$+$i$=$&$J$k$N$G$"$C$F!#(B $B%a%G%#%"$d(B OEM $B%Y%s%@!

$B!!$^$"!"$$$A$P$s$NLdBj$O!"(BMicrosoft $B$,$f$k$f$k$J@=IJ$r=P2Y$7$?!"$C$F$3$H$J$s$@$1$I!#(B

$B"#(B O-013: Buffer Overflow in Oracle Binary [Oracle Security Alert #59]
(CIAC, 2003.10.21)

$B!!(BUNIX / Linux $BHG$N(B Oracle 9i 9.0.x / 9.2.x $B$K7g4Y!#%3%^%s%I(B oracle $B$H(B oracleO (oracle $B%*!<(B) $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Blocal user $B$,(B oracle $B%f!<%68"8B$rOracle Security Alert #59 $B$G$O(B Oracle 8i $B$K$O$3$N7g4Y$O$J$$!"$H$5$l$F$$$k!#(B $B$^$?(B Windows $BHG$K$O$3$N7g4Y$O$J$$!#(B

$B!!F|K\8lHG(B: $B@bL@(B$B!"(B$BBP1~:v(B (oracle.co.jp)$B!#(B

2003.10.30 $BDI5-(B:

$B!!4XO"(B: 0063-01$B!!(B[Oracle]Oracle Database Server $B%P%$%J%j$N@x:_E*$J%;%-%e%j%F%#$N@H (CTC)$B!#(B

$B"#(B Apache 2.0.48 Released
(installer ML, Tue, 28 Oct 2003 08:05:24 +0900)

$B!!(BApache 2.0.47 $B0JA0(B (?) $B$K7g4Y!#(B

$B!!(BApache 2.0.48 $B$G=$@5$5$l$F$$$k!#(B2.0.48 $B$NA4$F$NJQ99$O(B CHANGES_2.0 $B$r;2>H!#(B

$B"#(B Apache HTTP Server 1.3.29 Released
(vine-security ML, Tue, 28 Oct 2003 06:42:02 +0900)

$B!!(BApache 1.3.28 $B0JA0(B (?) $B$K7g4Y!#(B mod_alias $B$*$h$S(B mod_rewrite $B$K(B buffer overflow $B$9$k7g4Y$,$"$k$h$&$@!#(B CVE: CAN-2003-0542$B!#(B

Fix buffer overflows in mod_alias and mod_rewrite which occurred if one configured a regular expression with more than 9 captures.

$B!!(Bmore than 9 captures $B$C$F$I$&$$$&0UL#$J$s$@$m$&!#(B() $B$,(B 10 $B8D0J>e$"$k$H!"$H$+$$$&OC$@$m$&$+!#(B

$B!!(BApache 1.3.29 $B$G=$@5$5$l$F$$$k!#(B1.3.29 $B$NA4$F$NJQ99$O(B CHANGES_1.3 $B$r;2>H!#(BCGI $BLdBj$b=$@5$5$l$F$$$k$h$&$G$9!#(B

fix / patch:

Changelog:

2003.10.30

Re:mod_alias.c $B$N>l9g(B (slashdot.jp)$B!#(BApache 1.3.0 $B$NA0$J$N$G!"A4$F$N(B 1.3.x / 2.x $B$,3:Ev$9$k$h$&$G$9$M!#(B

2003.11.04

Miracle Linux: apache $B%;%-%e%j%F%#(B

2003.11.07

Vine Linux: [ 2003,11,06 ] Apache $B$K%;%-%e%j%F%#%[!<%k(B

$B"#(B Norton Internet Security 2003 XSS
(bugtraq, Tue, 28 Oct 2003 04:26:31 +0900)

$B!!(BNorton Internet Security 2003 v6.0.4.34 ($BB>$N$b$+$b(B) $B$K7g4Y!#(B NIS 2003 $B$,(B web $B%5%$%H$r(B block $B$7$?;~$KI=<($9$k%(%i!<%Z!<%8$K(B XSS $B7g4Y$,B8:_$9$k$N$@$=$&$@!#(B

2003.11.18 $BDI5-(B:

$B!!%*%U%#%7%c%k(B: Symantec Network Internet Security (NIS) $B$N%5%$%H ($B%7%^%s%F%C%/(B)$B!#(B $B$^$@(B fix $B$5$l$F$$$J$$LOMM!#(B

$B"#(B [Full-Disclosure] Remote overflow in thttpd
(Full-Disclosure, Tue, 28 Oct 2003 05:12:40 +0900)

$B!!(Bthttpd 2.21 $B!A(B 2.23b1 $B$K7g4Y!#(Bdefang() $B$G(B buffer overflow $B$,H/@8!"(Bremote $B$+$iG$0U$N%3!<%I$r

$B!!(B$B%j%j!<%9%N!<%H(B $B$N5-=R$O!"2<$NJ}$K(B

Fixed buffer overflow bug in defang().

$B$H$"$k$@$1$G$9$M!#(B

2003.10.29 $BDI5-(B:

$B!!(B[Full-Disclosure] [SECURITY] [DSA 396-1] New thttpd packages fix information leak, DoS and arbitrary code execution$B!#(B

$B"#(B Libnids <= 1.17 buffer overflow
(bugtraq, Tue, 28 Oct 2003 04:09:55 +0900)

$B!!(Bremote $B$+$iG$0U$N%3!<%I$Nlibnids 1.18 $B$,=P$?$=$&$G$9!#(B

$B!!(BCVE: CAN-2003-0850

$B"#(B 2003.10.27

$B"#(B Internet Explorer and Opera local zone restriction bypass
(bugtraq, Fri, 24 Oct 2003 22:53:03 +0900)

$B!!(BIE 6 $B$H(B Opera $B$K!"(Blocal file $B$K%"%/%;%9$G$-$F$7$^$&7g4Y$,$"$k!"$H$$$&;XE&!#(B $B$3$l$KBP$7$F!"$3$l$O(B IE $B$G$O$J$/(B Flash player $B$N7g4Y$G$"$k$H$N(B$BH?O@(B $B$,(B PivX $B$N(B Thor Larholm $B;a$K$h$C$F$J$5$l$F$$$k!#(B

In summary, when Macromedia changes their Flash player to no longer store Flash cookies in plaintext in a known location, this will no longer be an issue.

$B!!>/$J$/$H$b(B Flash player 6.0.65.0 $B$K$O$3$N7g4Y$,$"$k$h$&$@!#(B patch $B$O$^$@$J$$!#(B

2003.12.17 $BDI5-(B:

$B!!8x<0(B Advisory $BEP>l(B: MPSB03-08 Update to Flash Player Addressing Local Shared Object Security (macromedia.com)$B!#(B Flash Player (7,0,19,0) $B$G=$@5$5$l$F$$$k$=$&$@!#(B

$B"#(B New Trojan
(incidents ML, Sat, 25 Oct 2003 17:18:01 +0900)

$B!!(BNTFS $B$N(B Alternate Data Stream $B$K%H%m%$$r;E9~$^$l$F$7$^$$$^$9$?%M%?!#(B $B%U%)%m!<(B $B$G>R2p$5$l$F$$$k(B

$B$,6=L#?<$+$C$?$G$9!#(B

$B"#(B [Full-Disclosure] IE Security hole exploited once again - "britney.jpg" irc worm.
(Full-Disclosure ML, Mon, 27 Oct 2003 00:16:26 +0900)

$B!!(BIE $B7j$r;H$C$F(B mIRC $BJ}LL$,A@$o$l$F$$$k$=$&$G$9$,!"85%M%?$O$3$l$G$7$g$&$+(B: Internet explorer 6 on windows XP allows exection of arbitrary code$B!#(B

2003.10.29 $BDI5-(B:

$B!!$$$/$D$+$N(B anti-virus $B%Y%s%@!<$,BP1~$7$?$=$&$G$9!#(B

2003.11.04 $BDI5-(B:

$B!!(B[Full-Disclosure] _another_ Internet explorer vulnerability (spread via IRC) - new variation of irc.trojan.fgt$B!#N`;wIJ$,EP>l$7$F$$$k$h$&$G!#(B

$B"#(B 2003.10.23

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B MS03-047: Exchange Server 5.5 Outlook Web Access $B$N@H
(Microsoft, 2003.10.16)

$B!!(Bold news $B$G$9$,!"$^$H$a$F$*$-$^$9!#(B

$B!!(BExchange 5.5 $B$N(B Outlook Web Access (OWA) $B$K7g4Y!#(B OWA $B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0(B (XSS) $B7g4Y$,B8:_$9$k$?$a!"967b

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#$?$@$7!"(BExchange 5.5 SP4 + IE 5.01 $B0J9_$G$J$$$H%$%s%9%H!<%k$G$-$J$$!#$^$?!"(B10/23 $BIU$G=$@5%W%m%0%i%`$,=P$7D>$5$l$F$$$k$N$GCm0U$5$l$?$$!#(B

$B!!(BCVE: CAN-2003-0712$B!#(BKB: 828489$B!#(B

$B"#(B MS03-046: Exchange Server $B$N@H
(Microsoft, 2003.10.16)

$B!!(Bold news $B$G$9$,!"$^$H$a$F$*$-$^$9!#(B

$B!!(BExchange 5.5 / 2000 $B$K7g4Y!#!V(BExchange $B%5!<%P!<>e$N(B SMTP $B%]!<%H$K@\B3$7!"FCJL$J:Y9)$r$7$?3HD%%3%^%s%I%j%/%(%9%H$rH/9T!W$9$k$3$H$K$h$j!"(B

$B"#(B MS03-045: $B%j%9%H%\%C%/%9$*$h$S%3%s%\%\%C%/%9$N%3%s%H%m!<%k$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,
(Microsoft, 2003.10.16)

$B!!(Bold news $B$G$9$,!"$^$H$a$F$*$-$^$9!#(B

$B!!(BWindows NT 4.0 / 2000 / XP / Server 2003 $B$K7g4Y!#(B $B%j%9%H%\%C%/%9%3%s%H%m!<%k$*$h$S%3%s%\%\%C%/%9%3%s%H%m!<%k(B ($B$I$A$i$b(B User32.dll $B$K4^$^$l$k(B) $B$K(B buffer overflow $B$9$k7g4Y$,$"$k!#$3$N7g4Y$r0-MQ$9$k$H!"FCDj$N(B Windows $B%a%C%;!<%8$r%j%9%H%\%C%/%9$"$k$$$O%3%s%\%\%C%/%9$r;HMQ$9$k%"%W%j%1!<%7%g%s$KAw$k$3$H$K$h$j!"G$0U$N%3!<%I$r

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B$BCm0U(B: Windows 2000 $BMQ=$@5%W%m%0%i%`$N$&$A!"%V%i%8%k8l!"(B $B%A%'%38l!"(B $B%G%s%^!<%/8l!"(B $B%U%#%s%i%s%I8l!"(B $B%O%s%,%j!<8l!"(B $B%$%?%j%"8l!"(B $B%N%k%&%'!<8l!"(B $B%]!<%i%s%I8l!"(B $B%]%k%H%,%k8l!"(B $B%m%7%"8l!"(B $B%9%Z%$%s8l!"(B $B%9%&%'!<%G%s8l!"(B $B%H%k%38lHG$K$D$$$F$O!"8_49@-$r2~A1$9$k$?$a$K=$@5%W%m%0%i%`$,=P$7D>$5$l$F$$$k!#(B $B$3$l$i$N8@8lHG$NMxMQPatch MS03-045 for Czech W2K has conflicting kernel32.dll$B!#(B

$B!!(BCVE: CAN-2003-0659$B!#(BKB: 824141$B!#(B

$B!!4XO"(B: Listbox And Combobox Control Buffer Overflow $B!#(B

2003.10.30 $BDI5-(B:

$B!!(BWindows XP $BMQ$N=$@5%W%m%0%i%`$,:F%j%j!<%9$5$l$F$$$k!#(B $B!V(BDebug Programs (SeDebugPrivilege) $B$N%f!<%6!<8"Mx$NLdBj!W$,=$@5$5$l$F$$$k!"$N$@$=$&$@!#(B

2003.11.04 $BDI5-(B:

$B!!%"%C%W%G!<%H$5$l$?M}M3(B: 830846 - Windows Update $B$N%$%s%9%H!<%kCf!"1~Ez$,Dd;_$9$k$+!"BgItJ,$^$?$O$9$Y$F$N(B CPU $B%j%=!<%9$,>CHq$5$l$k(B (Microsoft)$B!#(B

$B%"%C%W%G!<%HHG$N(B ($BCfN,(B) $B=$@5%W%m%0%i%`$K$O!"%P!<%8%g%s(B 5.4.1.0 $B$N(B Update.exe $B$,4^$^$l$F$$$^$9!#(B5.4.1.0 $B0J9_$N%P!<%8%g%s$N(B Update.exe $B$G$O(B [$B%W%m%0%i%`$N%G%P%C%0(B] $B$N%f!<%6!<8"Mx$OI,MW$"$j$^$;$s!#(B

$B"#(B MS03-044: Windows $B$N!V%X%k%W$H%5%]!<%H!W$N%P%C%U%!%*!<%P!<%i%s$K$h$j!"%7%9%F%`$,?/32$5$l$k!J(B825119$B!K(B
(Microsoft, 2003.10.16)

$B!!(Bold news $B$G$9$,!"$^$H$a$F$*$-$^$9!#(B

$B!!(BWindows XP / Server 2003 $B$K7g4Y!#!V%X%k%W$H%5%]!<%H!W$K$*$1$k!"(BHCP $B%W%m%H%3%k4XO"%U%!%$%k$K(B buffer overflow $B$9$k7g4Y$,$"$k!#$3$N7g4Y$r0-MQ$9$k$K$O!"967b

$B!!$3$N7g4Y$N$"$k%3!<%I$O(B Windows XP / Server 2003 $B$@$1$G$J$/(B Windows Me / NT 4.0 / 2000 $B$K$bB8:_$9$k!#$7$+$7$3$l$i$G$O(B HCP $B%W%m%H%3%k$r;HMQ$7$F$$$J$$$?$a!"0-0U$"$k(B URL $B$r%/%j%C%/$7$F$b967b$,9T$o$l$J$$$h$&$@!#(B

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(BWindows XP / Server 2003 $B$@$1$G$J$/(B Windows Me / NT 4.0 / 2000 $BMQ$N=$@5%W%m%0%i%`$bMQ0U$5$l$F$$$k!#(B

$B!!(BCVE: CAN-2003-0711$B!#(BKB: 825119$B!#(B

$B!!4XO"(B: #NISR15102003: Microsoft PCHealth Privilege Escalation (nextgenss.com)$B!#(B

$B"#(B MS03-042: Windows $B%H%i%V%k%7%e!<%?(B ActiveX $B%3%s%H%m!<%k$N%P%C%U%!(B $B%*!<%P!<%U%m!<$K$h$j!"%3!<%I$,
(Microsoft, 2003.10.16)

$B!!(Bold news $B$G$9$,!"$^$H$a$F$*$-$^$9!#(B

$B!!(BWindows 2000 $B$K7g4Y!#(BMicrosoft $B%m!<%+%k%H%i%V%k%7%e!<%?(B ActiveX $B%3%s%H%m!<%k(B (Tshoot.ocx) $B$O!V%9%/%j%W%H$re$GG$0U$N%3!<%I$r

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!(BCVE: CAN-2003-0662$B!#(B KB: 826232)$B!#(B

$B!!4XO"(B: [Full-Disclosure] Microsoft Local Troubleshooter ActiveX control buffer overflow $B!#(B

2003.10.30 $BDI5-(B:

$B!!=$@5%W%m%0%i%`$,:F%j%j!<%9$5$l$F$$$k!#(B $B!V(BDebug Programs (SeDebugPrivilege) $B$N%f!<%6!<8"Mx$NLdBj!W$,=$@5$5$l$F$$$k!"$N$@$=$&$@!#(B

2003.11.04 $BDI5-(B:

$B!!%"%C%W%G!<%H$5$l$?M}M3(B: 830846 - Windows Update $B$N%$%s%9%H!<%kCf!"1~Ez$,Dd;_$9$k$+!"BgItJ,$^$?$O$9$Y$F$N(B CPU $B%j%=!<%9$,>CHq$5$l$k(B (Microsoft)$B!#(B

$B%"%C%W%G!<%HHG$N(B ($BCfN,(B) $B=$@5%W%m%0%i%`$K$O!"%P!<%8%g%s(B 5.4.1.0 $B$N(B Update.exe $B$,4^$^$l$F$$$^$9!#(B5.4.1.0 $B0J9_$N%P!<%8%g%s$N(B Update.exe $B$G$O(B [$B%W%m%0%i%`$N%G%P%C%0(B] $B$N%f!<%6!<8"Mx$OI,MW$"$j$^$;$s!#(B

$B"#(B MS03-041: Authenticode $B$N8!>Z$N@H
(Microsoft, 2003.10.16)

$B!!(Bold news $B$G$9$,!"$^$H$a$F$*$-$^$9!#(BMS03-041 $B0J9_!"(BBulletin $B$N%U%)!<%^%C%H$,JQ99$5$l$F$$$^$9$M!#(B

$B!!(BWindows NT 4.0 / 2000 / XP / Server 2003 $B$K7g4Y!#(B Authenticode $B$,G'>Z$r3NG'$9$kJ}K!$K7g4Y$,$"$j!"!V$"$kFCDj$N%a%b%j$,ITB-$7$?>uBV!W$K$*$$$FG'>Z%@%$%"%m%0$,I=<($5$l$:!"$=$N$^$^(B ActiveX $B%3%s%H%m!<%k$,%@%&%s%m!<%I!&%$%s%9%H!<%k$5$l$F$7$^$&!#$3$N7g4Y$r0-MQ$9$k$H!"0-0U$"$k(B web $B%5%$%H$O0-0U$"$k(B ActiveX $B%3%s%H%m!<%k$r%/%i%$%"%s%H%3%s%T%e!<%?$K%$%s%9%H!<%k$G$-!"%/%i%$%"%s%H%3%s%T%e!<%?>e$G0-$N8B$j$r$D$/$9$3$H$,2DG=$H$J$k!#(B

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!(BCVE: CAN-2003-0660$B!#(BKB: 823182$B!#(B

$B"#(B $BDI5-(B

mIRC DCC Exploit

[Full-Disclosure] remote mirc < 6.11 exploit$B!#(B

Microsoft Outlines New Initiatives in Ongoing Security Efforts To Help Customers: Company Announces Technology Investments to Help Protect Windows Users

$B4XO"5-;v(B: MS$B$N%Q%C%A8x3+IQEY$NJQ99$O%&%$%k%93+H/$NM^;_$J$I$,A@$$(B ($BF|7P(B IT Pro)$B!"(B$B%]%9%H(BMSBlast$B;~Be$N?7%;%-%e%j%F%#@oN,$rHdO*$7$?%^%$%/%m%=%U%H(B (ZDNet)$B!#(B

$B"#(B 2003.10.22

$B"#(B 2003.10.21

$B"#(B Cross Site Java applets
(bugtraq, Tue, 21 Oct 2003 06:24:35 +0900)

$B!!(BSun $B$N(B JRE 1.4.2_01 $B$K7g4Y!#(B $BJL!9$N%I%a%$%s$+$iFI$_9~$^$l$?!"=pL>$5$l$F$$$J$$%"%W%l%C%H$,!"(BJDK $B$NJ8=q2=$5$l$F$$$J$$JQ?t$r2p$7$F%G!<%?$r6&M-$G$-$F$7$^$&!"$H$$$&;XE&!#(B

$B!!(B1.4.2 $B7ONs(B$B$N:G?7$O(B 1.4.2_02 $B$J$N$@$,!"$3$A$i$G$O$I$&$J$s$@$m$&!#(B

$B"#(B $BDI5-(B

buffer overflow in IRCD software

$BpJs$"$j$,$H$&$4$6$$$^$9!#(B

MS03-043: $B%a%C%;%s%8%c(B $B%5!<%S%9$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,

[Full-Disclosure] port of ms03-043 dos, fix for freebsd $B$H(B MS03-043 Popup Messenger Servce buffer-overflow $B4XO"OC$rDI5-!#(B

$B"#(B Opera HREF escaped server name overflow
(bugtraq, Mon, 20 Oct 2003 23:39:48 +0900)

$B!!(BOpera 7.11 / 7.20 $B$N!">/$J$/$H$b(B Windows $BHG$H(B Linux $BHG$K7g4Y!#(BA $B%?%0$N(B HREF $BB0@-$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8$9$k!#$3$N$?$a!"0-0U$"$k(B web $B%Z!<%8:n@.

$B!!(BOpera 7.21 $B$G=$@5$5$l$F$$$k!#$7$+$7!"(BOpera 7.21 press releases (opera.com) $B$K$O(B security $B$J$s$FJ8;z$O$I$3$K$b$J$$!#$^$?(B Changelog for Opera 7.21 for Windows (opera.com) $B$K$O(B

Privacy and security

$B!&(B Updated to latest version of OpenSSL

$B$H$7$+=q$+$l$F$$$J$$!#$3$N2q

$B!!F|K\8lHG$N(B Opera 7.21 $B$O$^$@$J$$$h$&$G$9$M!#(B

$B"#(B tools
(various)

$B"#(B 2003.10.20

$B"#(B MS03-043: $B%a%C%;%s%8%c(B $B%5!<%S%9$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,
(Microsoft, 2003.10.16)

$B!!(BWindows NT 4.0 / 2000 / XP / Server 2003 $B$K7g4Y!#(B $B%a%C%;%s%8%c%5!<%S%9$K(B buffer overflow $B$9$k7g4Y$,$"$k$?$a!"$3$l$r0-MQ$9$k$H!"(Bremote $B$+$i(B local SYTEM $B8"8B$GG$0U$N%3!<%I$r

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2003.10.30 $BDI5-(B: Windows 2000 / XP / Server 2003 $BMQ$N=$@5%W%m%0%i%`$,:F%j%j!<%9$5$l$F$$$k!#(B $B!V(BDebug Programs (SeDebugPrivilege) $B$N%f!<%6!<8"Mx$NLdBj!W$,=$@5$5$l$F$$$k!"$N$@$=$&$@!#(B

2003.11.17 $BDI5-(B: $B>e5-$N=$@5%W%m%0%i%`:F%j%j!<%9$N$&$A!"(BWindows XP $BMQ$K$D$$$F$O!"(B $B%U%!%$%k$N0lIt$,@5$7$/%$%s%9%H!<%k$5$l$J$$$H$$$&LdBj(B $B$,HkL)N"$K=$@5$5$l$F$$$?$3$H$,H=L@!#(B $B1Q8lHG$N(B MS03-043 $B%Z!<%8$G$O!"(Bversion 2.2 (2003.11.14) $B$G$3$N7o$,DI5-$5$l$?!#(B

$B!!2sHr$9$k$K$O!"%a%C%;%s%8%c%5!<%S%9$rL58z$K$9$l$P$h$$!#(B $B$[$H$s$I$N?M$OL58z$K$7$F9=$o$J$$$@$m$&!#(B Windows Server 2003 $B$G$O!"%G%U%)%k%H$GL58z$K$J$C$F$$$k!#(B $BL58z$K$9$kJ}K!$O(B MS03-043: $B!V%a%C%;%s%8%c! $B$r;2>H!#(B

$B!!(BCVE: CAN-2003-0717$B!#(BKB: 828035$B!#(B

$BD4::%D!<%k(B:

$B4XO"(B:

Changelog:

2003.10.21

[Full-Disclosure] port of ms03-043 dos, fix for freebsd $B$H(B MS03-043 Popup Messenger Servce buffer-overflow $B4XO"OC$rDI5-!#(B

2003.10.30

Windows 2000 / XP / Server 2003 $BMQ$N=$@5%W%m%0%i%`$,:F%j%j!<%9$5$l$?$3$H$rDI5-!#(B

2003.11.17

Windows XP $BMQ=$@5%W%m%0%i%`:F%j%j!<%9$K4X$9$kOC$rDI5-!#(B

$B"#(B $B0U30$K?<9o$JEEGHO3$($$LdBj(B
($BF|7P(B BizTech, 2003.10.17)

$B!!(BTEMPEST $B$M$?!#%Y%s%@!<>pJs(B: $BL5@~#L#A#N8~$1%7!<%k%I@_Hw!V#e(B-$B#w#a#v#e!!#A#E#G#I#S(B($B%$!<%8%9(B)$B!W(B ($B%/%^%R%i(B)$B!#(B $BH>7B(B 20m $B$r(B war walking $B$7$F$_$?7k2L$+$i$O!"%,%i%9$,$$$A$P$sDL$j$d$9$$$h$&$J5$$,$7$F$$$k$N$G!V%,%i%9LL%7!<%k%I%U%#%k%`!W$@$1$G$b$+$J$j0c$&$h$&$J5$$,$7$F$$$k$N$@$,!"

$B!!$7$+$7!"$$$/$i$+$+$k$s$@$m$&!#(B

$B"#(B 2003.10.18

$B"#(B 2003.10.17

$B"#(B $BDI5-(B

$BLZMKF|$O(B Windows Update $B$NF|(B ($B:#7n$+$i7n4)(B Windows Update)

CERT Advisory $B$J$I$rDI5-!#(B

$B"#(B 2003.10.16

$B"#(B MS$B!"(BHotmail$B$N@H
(ZDNet, 2003.10.16)

$B!!85%M%?(B: Finjan Software Discovers a New Critical Vulnerability In Microsoft Hotmail$B!#(B ---<iframe ....> $B$J$I$H=q$/$H!"(Bhotmail $B$N%?%0%U%#%k%?$rDL2a$G$-$F$$$?LOMM!#(B

$B"#(B $BLZMKF|$O(B Windows Update $B$NF|(B ($B:#7n$+$i7n4)(B Windows Update)
(Microsoft, 2003.10.16)

$B!!$@$+$i$C$F!"$3$s$J$K$$$C$Q$$$3$J$/$F$b(B:

$B!!(BMS03-043 $B$rMxMQ$7$?%M%C%H%o!<%/7PM3$N967b$d(B MS03-044 $B$rMxMQ$7$?%&%#%k%9$NEP>l$,$"$j$=$&$+$J$"!#$d$i$l$k$^$($K(B MS03-043 Messenger Service Scanning Utility (ISS) $B$GD4::$7$F(B hotfix $B$rE,MQ$7$^$7$g$&!#MxMQ>e$NCm0U(B: [memo:6532]$B!#(B MS03-041 $B$N(B "under certain low memory conditions" $B$H$$$&$N$O$I$NDxEY$N>u67$J$s$@$m$&!#(B

$B!!4XO"5-;v(B:

$B!!:#7n$+$i7n4)(B Windows Update $B$K$J$C$?$N$@$=$&$G!#4)9TF|$OBh(B 3 $BLZMKF|$G8GDj$K$J$k$N$+$J$"!#8GDj$K$7$J$$$H0UL#$J$$$O$:$@$+$i!"$I$3$+$K8GDj$5$l$k$H;W$&$1$I!#(B

$B!!!D!D(BRevamping the Security Bulletin Release Process (Microsoft) $B$K$h$k$H(B

Starting in October 2003, Microsoft will release security bulletins on the second calendar Tuesday of every month. However, the first set of monthly bulletins for October will be released on Wednesday, October 15, 2003.

$B$@$=$&$J$N$G!"(B$BBh(B 2 $B?eMKF|(B $BBh(B 2 $B2PMKF|$NpJs$"$j$,$H$&$4$6$$$^$9!#(BMORITA $B$5$s!"$4;XE&$"$j$,$H$&$4$6$$$^$9!#(B

2003.10.17 $BDI5-(B:

$B!!4XO">pJs(B:

$B"#(B 2003.10.15

$B"#(B UNIX fixes
(various)

Red Hat: SANE $B$M$?(B
Debian: tomcat $B$M$?(B

$B"#(B $BDI5-(B

[Full-Disclosure] Bad news on RPC DCOM vulnerability

ISS $B$bLdBj$NB8:_$r3NG'$7$?LOMM$G$9(B: Microsoft RPC $B$G$N6%9g>uBV$K$h$k%5!<%S%9ITG=(B (ISSKK)$B!#(B MS03-039 $BE,MQ:Q$_$G$b(B DoS $B>uBV(B (crash) $B$,H/@8$7F@$k$,!"$$$DH/@8$9$k$+$rM=B,$9$k$N$O:$Fq$@$H$7$F$$$k!#(B

TIS$B!$8D?M>pJsO31L$N:FH/KI;_$KH4K\:v(B $B??Aj5fL@$OFq9R!"%"%W%i%9$N2q0w>pJsN.=P$G(B

$BCfB<$5$s$+$i$N>pJs$rDI5-(B ($B$"$j$,$H$&$4$6$$$^$9(B)$B!#(B $B$5$i$K2.Ln$5$s$+$i$N>pJs$rDI5-(B ($B$"$j$,$H$&$4$6$$$^$9(B)$B!#(B TOP $B%Z!<%8$K$O%j%s%/$,$"$k(B ($B%U%l!<%`$r%9%/%m!<%k$7$^$7$g$&(B)$B!#$7$+$7(B NEWS $B%Z!<%8$K$O$J$$$7!"%5%$%HFb%-!<%o!<%I8!:w$G$b$R$C$+$+$i$J$$$N$b$^$?;v

ProFTPD ASCII File Remote Compromise Vulnerability

exploit: Working proftpd remote root exploit$B!#(B

$B"#(B 2003.10.14

$B"#(B mIRC DCC Exploit
(nanog ML, Mon, 13 Oct 2003 15:48:40 +0900)

$B!!(BmIRC 6.0$B!A(B6.11 $B$K7g4Y!#(B $B:Y9)$7$?(B DCC $B%j%/%(%9%H$K$h$j!"(Bremote $B$+$i(B mIRC $B$r(B crash $B$5$;$i$l$kLOMM!#(B $B4XO"(B: mIRC Unspecified DCC Request Vulnerability (Exploit) (securiteam.com)$B!#(B

$B!!(BmIRC 6.12 $B$G=$@5$5$l$F$$$k!#(B $B$^$?(B /ignore -wd * $B%G%#%l%/%F%#%V$K$h$j2sHr$G$-$k!#(B

$B!!(BmIRC $B$K$O(B mIRC Buffer Overflow (irc:// Links) $B$H$$$&OC$b$"$C$?$i$7$$!#$3$l$O(B 6.11 $B$G=$@5$5$l$F$$$k$N$@$=$&$@!#(B

2003.10.23 $BDI5-(B:

$B!!(B[Full-Disclosure] remote mirc < 6.11 exploit$B!#(B

$B"#(B buffer overflow in IRCD software
(bugtraq, Mon, 13 Oct 2003 00:39:49 +0900)

$B!!(BIRCnet IRCD 2.10.3p3 $B0JA0$N(B 2.10.x $B$K7g4Y!#(Blocal $B$+$i96N,2DG=$J(B buffer overflow $B7g4Y$,$"$k$=$&$@!#(B2.10.3p4 $B0J9_$G=$@5$5$l$F$$$k!#:G?7$O(B 2.10.3p5$B!#(B http://akson.sgh.waw.pl/~chopin/ircd/patches/m_join.diff $B$K(B patch $B$,$"$k$=$&$@!#(B

$B!!4XO"(B: Buffer Overflow in JOIN Command Leads to DoS (securiteam.com)$B!#(B

2003.10.21 $BDI5-(B:

$B!!$($/$;$k$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B)$B!#(B

buffer overflow in IRCD software$B$K4X$9$k5-:\$G!"(B"Local"$B$+$i(Bbuffer overflow$B$,2DG=$G$O$J$/!"(B"Remote"$B$+$i2DG=$JMM$G$9(B*2$B!#(B

$B
*2 $BIU$12C$($^$9$H(BIRCD$B$N(BI-Line$B$G%"%/%;%9$,5v2D$5$l$F$$$k(BHost$B$+$i$J$iC/$G$b(BIRCD$B$r(BDown$B$5$;$k$3$H$,$G$-$k$h$&$G$9!#(B

$B"#(B Openoffice 1.1.0 Denial Of Service Vulnerability
(security corporation, 2003.10.08)

$B!!(BOpenOffice.org 1.1 $B$N(B UNO $BBP1~5!G=$K7g4Y!#(BSetup.xml $B$d%3%^%s%I%i%$%s%*%W%7%g%s$rMxMQ$7$F(B OpenOffice.org $B$,(B 8100/tcp $B$r(B listen $B$7$F$$$k>uBV(B ($B%G%U%)%k%H$G$O$=$&$J$C$F$$$J$$(B) $B$KBP$7$F(B DoS $B967b$r9T$&$3$H$,2DG=!"$H$$$&;XE&!#(B

$B"#(B $BDI5-(B

Linux vs. Windows Viruses

Counterpoint: Linux vs. Windows Viruses$B!#(Bsecurity fix $B$5$l$F$b%"%J%&%s%9$5$l$J$$$8$c$s!"$H$$$&%1!<%9$O3N$+$K$"$k!#(B

Microsoft Outlines New Initiatives in Ongoing Security Efforts To Help Customers: Company Announces Technology Investments to Help Protect Windows Users

$B%^%$%/%m%=%U%H!"8=9T$N%;%-%e%j%F%#BP:v$KDI2C$7$F!"?7$?$J6/2=:v$rH/I=(B $B!AF1;~$K!"(BWindows$B%f!<%6!<$K8~$1$F!"$5$i$J$k%F%/%N%m%8!<$K4X$9$kEj;q$rH/I=!A(B (MSKK)$B!#(B

[Full-Disclosure] Bad news on RPC DCOM vulnerability

Windows $BMQ%P%$%J%j$J$I!#(B

$B"#(B 2003.10.12

$B"#(B Internet Explorer $BMQ$NN_@QE*$J=$@5%W%m%0%i%`(B (828750) (MS03-040)
(Microsoft, 2003.10.04)

$B!!(Bold news $B$G$9$,!"$^$H$a$F$*$-$^$9!#(B

$B!!(BMS03-032 $B$G<($5$l$?(B Internet Explorer 5.01 / 5.5 / 6 $B$N7g4Y$,D>$j@Z$C$F$$$J$+$C$?LdBj(B ($B;2>H(B: $BJF(BMS$B!"$H$s$@$*AFKv(B-$B=EBg$J@H) $B$N=$@5!#(B

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#$?$@$7(B MS03-040 $B=$@5%W%m%0%i%`$K$OI{:nMQ$,$"$k$N$GCm0U$9$k$3$H!#(B

$B!!$^$?!"(BMS03-040 $B$HF1;~$K(B 828026 - [WMP] Windows Media Player $B$N(B URL $B%9%/%j%W%H(B $B%3%^%s%I5!G=$N99?7(B $B$,8x3+$5$l$F$$$k!#$3$l<+BN$O7g4Y=$@5%W%m%0%i%`$G$O$J$/5!G=8~>e%W%m%0%i%`$N$h$&$@$,!"(BWindows Media Player $B$K$+$i$`7g4Y$bB?$$:r:#$G$b$"$k$N$G!"$<$RE,MQ$7$F$*$-$?$$!#(B

$B"#(B $BDI5-(B

$BJF(BMS$B!"$H$s$@$*AFKv(B-$B=EBg$J@H

reg $B%3%^%s%I$NLdBj$O!"(BWindows Server 2003 $B$K$O$J$$$i$7$$$G$9!#(B

$B"#(B 2003.10.11

$B"#(B [Full-Disclosure] Bad news on RPC DCOM vulnerability
(Fri, 10 Oct 2003 23:48:52 +0900)

$B!!(BMS03-039 $B$N(B Universal Remote Exploit $B$@!"$H$5$l$F$$$k$b$N$,8x3+$5$l$F$$$^$9!#(B

$B!!(B$B%3%s%Q%$%k$G$-$J$$$h!<(B$B$H$$$&OC$b$"$k$h$&$G$9$,!D!D(Bhttp://www.cyberphreak.ch/sploitz/MS03-039.txt $B$J$i$@$$$8$g$&$V$J$N$@$H$+!#(B

$B!!$5$i$K0-$$$3$H$K$O!"4{B8$N(B hotfix $B$rA4$FE,MQ$7$?>l9g$G$b$^$@7g4Y$,;D$C$F$$$k!"$H$$$&OC$,$"$k$=$&$G$9!#(BDoS $B$NB>!"G$0U$N%3!<%I$N

$B!!$5$i$J$k(B fix $B$,EP>l$9$k$^$G!"(BDCOM $B$rL58z$K$9$k$+!"$"$k$$$O(B ($B6-3&(B | $B%Q!<%=%J%k(B) $B%U%!%$%"%&%)!<%k$K$h$k%"%/%;%9@)8f$K$h$C$F2sHr$7$F$*$$$?J}$,$$$$$+$b$7$l$^$;$s!#(B $BBP>]$N(B port $B$O(B MS03-039 $B$N(B FAQ $B$K$"$j$^$9!#(B $B$$$d!"!V$5$i$J$k(B fix$B!W$,EP>l$9$k$N$+$I$&$+CN$j$^$;$s$7!"%U%!%$%"%&%)!<%k$O>o;~2TF/$5$;$?J}$,$$$$$H;W$$$^$9$,!#(B

2003.10.14 $BDI5-(B:

$B!!(BWindows $BMQ%P%$%J%j(B (http://www.SecurityLab.ru/_exploits/rpc3.zip) $B$,8x3+$5$l$F$$$^$9!#$?$@$7!"%7%'%k%3!<%I$O4^$^$l$F$$$^$;$s(B (bshell2 $B$NCf?H$O(B aaaa.... $B$K$J$C$F$$$k(B)$B!#(B

$B!!(BRE: [Full-Disclosure] Bad news on RPC DCOM vulnerability $B$K$O(B snort $B%7%0%M%A%c$b$D$$$F$$$^$9$,!"(B$B8!=P;vNc(B$B$,$"$k$=$&$G!#(B

2003.10.15 $BDI5-(B:

$B!!(BISS $B$bLdBj$NB8:_$r3NG'$7$?LOMM$G$9(B: Microsoft RPC $B$G$N6%9g>uBV$K$h$k%5!<%S%9ITG=(B (ISSKK)$B!#(B MS03-039 $BE,MQ:Q$_$G$b(B DoS $B>uBV(B (crash) $B$,H/@8$7F@$k$,!"$$$DH/@8$9$k$+$rM=B,$9$k$N$O:$Fq$@$H$7$F$$$k!#(B

2004.04.19 $BDI5-(B:

$B!!(BMicrosoft RPC/DCOM $BMQ$NN_@QE*$J=$@5%W%m%0%i%`(B (828741) (MS04-012) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B 2003.10.10

$B"#(B $B$$$m$$$m(B
($B$$$m$$$m(B)

$B"#(B Windows HotFix Briefings Biweekly$B!J(B10$B7n(B10$BF|HG!K(B
(@IT, 2003.10.09)

$B!!(BMS03-040 $B$K$O(B 2 $B$D$NI{:nMQ$,$"$k$=$&$@(B:

$B!!$"$o$;$F!"(B828026 - [WMP] Windows Media Player $B$N(B URL $B%9%/%j%W%H(B $B%3%^%s%I5!G=$N99?7(B $B$H(B 2003.10.07 $B$KDI5-$7$?OC(B$B$,2r@b$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

Microsoft Outlines New Initiatives in Ongoing Security Efforts To Help Customers: Company Announces Technology Investments to Help Protect Windows Users

$BF|K\8l$J4XO"5-;v$rDI5-!#(B

Sendmail 8.12.10 released

NetBSD Security Advisory 2003-016: Sendmail - another prescan() bug CAN-2003-0694

Multiple integer overflows in XFree86 (local/remote)

NetBSD: NetBSD Security Advisory 2003-015: Remote and local vulnerabilities in XFree86 font libraries$B!#(B

NISCC Vulnerability Advisory 006489/OpenSSL: Vulnerability Issues in OpenSSL

fix / patch: $B$K(B NetBSD Security Advisory 2003-017: OpenSSL multiple vulnerabilities $B$rDI2C!#(B

$B"#(B Windows$B$X$N!V0l6K=8Cf$O4m81!W$H(BGartner$B$b;?F1(B
(ZDNet, 2003.10.09)

$B!!!VB?MM@-$O$h$$$3$H$@!W$O$$$$$N$@$1$I!"=EMW$J$N$O!":G8e$N$3$3$@$m$&(B:

$B!!$@$,(BGartner$B$O8\5R$KBP$7$F!"!V@5$7$$$d$jJ}$G9T$J$&$3$H!"$5$b$J$1$l$PA4$/$d$i$J$$$h$&$K!W$H7Y9p$7$F$$$k!#%G%9%/%H%C%W$KB?MM@-$r;}$?$;$k:n6H$G!"4k6H$O1}!9$K$7$F<:GT$9$k2DG=@-$,$"$k$H$$$&!#(BGartner$B$N%l%]!<%H$O!"%5%$%P!<967b$,@.8y$9$k%1!<%9$N(B3$BJ,$N(B2$B$O%7%9%F%`$N@_Dj$N8m$j$rA@$C$?$b$N$G$"$k$H;XE&$7$?>e$G!"4k6H$KBP$7!"B?MM2=$O@5$7$/l9g0J30$O9T$J$&$Y$-$G$O$J$$$H6/D4$7$F$$$k!#(B

$B!!!VJ#?t$N(BOS$B$r$:$5$s$K4IM}$9$k$/$i$$$G$"$l$P!"C10l$N(BOS$B$r87L)$K4IM}$9$kJ}$,!"$h$[$IM%$l$?%;%-%e%j%F%#$r

$B!!;ve!VJ#?t$N(BOS$B!W$O(B Windows + UNIX / Linux $B$@$m$&$,!"(B $B$:$5$s$K4IM}$5$l$?(B UNIX / Linux $B$O(B$B%+%b$,%M%.$7$g$C$F$$$k$h$&$J$b$N(B$B$G$9$+$i$M!#(B

2003.10.10 $BDI5-(B:

$B!!(B$B>pJs%;%-%e%j%F%#Am9g@oN,(B ($B7P:Q;:6H>J(B) $B$N!Z@oN,(B 2$B![$N;\:vNc$H$7$F!"$3$s$J$N$,=P$F$^$9$M(B:

$B0l6K=8Cf!&0MB8%j%9%/$r2sHr$7$?(B IT $B4pHW$N7A@.(B
OS $B$d(B GPS $B$N$h$&$J!"0l6K=8Cf!&0MB8%j%9%/$,@8$8$k62$l$N$"$k4pHW$K$D$$$F$O!"4k6H$d9qL1$,A*Br;h$r;}$F$k$h$&!"9q$H$7$F2?$i$+$NBeBX0F$N3NJ]$r8!F$!#(B

$B!!$"$H!"(BOpinion$B!'(BMS$BHcH=$N(BCCIA$BJs9p=q$KJ*?=$9!J(BPart 1$B!K(B (ZDNet) $B$J$s$F5-;v$b=P$F$$$k$,!"(B

$BC$j$"$k$[$I$KBg$-$J$b$N$@!#(B

$B>o$K$3$l$,@.N)$9$k$h$&$J=q$-J}$r$7$F$$$k$N$O$h$/$J$$!#(B $B$=$s$J$b$N$O!"F3F~

$B"#(B 2003.10.09

$B"#(B Microsoft Outlines New Initiatives in Ongoing Security Efforts To Help Customers: Company Announces Technology Investments to Help Protect Windows Users
(Microsoft, 2003.10.09)

$B!!6=L#?<$$!#(B Ballmer $B;a$NH/8@A4J8$O(B Remarks by Steve Ballmer, CEO, Microsoft Corporation "Partnership, Innovation and Customer Focus" Microsoft Worldwide Partner Conference New Orleans, Louisiana October 9, 2003 $B$K$"$kLOMM!#(B

Ballmer ($BCfN,(B) announced that Microsoft will move to monthly patch releases, which will reduce the burden on IT administrators by adding a level of increased predictability and manageability.

$B!!(Bhotfix $B$O86B'$H$7$FKh7n(B 1 $B2s$@$1$K$J$kLOMM!#!V:#$N$d$jJ}$G$O!"(Bhotfix $BE,MQ$r%9%1%8%e!<%j%s%0$G$-$J$$!W$H$$$C$?HcH=$X$N2sEz$J$N$+$J!#(B $B$G$b7n%$%A$G4V$K$"$&$N$+$J!#(B Ballmer $B;a$NH/8@$=$N$b$N$G$O(B

We will now go to monthly patches -- no more than monthly. If we don't need monthly, we won't have them. But no more than once a month, except for emergency patches which will be made available essentially immediately.

$B$H$J$C$F$$$^$9!#(B

Ballmer also announced that Microsoft is extending security patch support for Windows NT Workstation 4 Service Pack 6a and Windows 2000 Service Pack 2 through June 2004.

$B!!$*$)!A(B?! $B$^$?$b$d(B Windows NT 4.0 $B$,1dL?$5$l$F$7$^$C$?$>!#(B $B!V(BServer $B$@$10];}!W$H$$$&$N$,$o$+$j$K$/$+$C$?!"$H$$$&$3$H$J$N$+$b$7$l$J$$$,!#(B Windows 2000 SP2 $B$bMhG/(B 6 $B7n$^$G0];}!"$H$$$&$N$O!"(BService Pack $B%5%]!<%H%]%j%7!<<+?H$X$NJQ99$,$J$5$l$?$H$$$&$3$H$J$N$+!"$=$l$H$bC1$J$kFCNc$J$N$+!#(B

Ballmer highlighted new tools, including Microsoft's free Software Update Services 2.0, which will be released in the first half of 2004 and will provide a seamless patch, scanning and installation experience for Windows, SQL Server, Office, Exchange Server and Visio.

$B!!(BSUS 2.0 $B$O(B 2004 $BG/A0H>$G$9$+!#(B

$B!!$"$H!"(BWindows XP $B$H(B Server 2003 $B$NMicrosoft's new safety technologies designed to enable customers to more effectively protect their computers and systems from malicious attacks even if patches do not yet exist or have not yet been installed $B$H$$$&$b$N$,4^$^$l$k$=$&$@$,!">\:Y$OL@5-$5$l$F$^$;$s$M!D!D!#(B

$B!!$/$%!A!"$^$?%W%l%<%s;qNAD>$5%J%$%H!#(B

2003.10.10 $BDI5-(B:

$B!!4XO"5-;v(B:

$B!!(B Ballmer $B$5$sH/8@(B $B$N$&$7$m$NJ}$rFI$`$H$$$$$_$?$$!#(BWith that kind of context $B!A(B $B$N$"$?$j$+$i!#(B

2003.10.14 $BDI5-(B:

$B!!(B$B%^%$%/%m%=%U%H!"8=9T$N%;%-%e%j%F%#BP:v$KDI2C$7$F!"?7$?$J6/2=:v$rH/I=(B $B!AF1;~$K!"(BWindows$B%f!<%6!<$K8~$1$F!"$5$i$J$k%F%/%N%m%8!<$K4X$9$kEj;q$rH/I=!A(B (MSKK)$B!#(B

2003.10.23 $BDI5-(B:

$B!!4XO"5-;v(B: MS$B$N%Q%C%A8x3+IQEY$NJQ99$O%&%$%k%93+H/$NM^;_$J$I$,A@$$(B ($BF|7P(B IT Pro)$B!#(B

$BGX7J$K$OF1p$,$"$k!#?WB.$J8x3+$,I,$:$7$b%;%-%e%j%F%#$N8~>e$KF@:v$G$J$$$HH=CG$7$?!#(B

$B!!$=$&$$$&LL$O3N$+$K$"$k$o$1$G!#(B$B%]%9%H(BMSBlast$B;~Be$N?7%;%-%e%j%F%#@oN,$rHdO*$7$?%^%$%/%m%=%U%H(B (ZDNet)$B!#(B

$B9bBt;a$O:G8e$K!"8\5R$KBP$74v$D$+$N%;%-%e%j%F%#BP:v$r9T$C$F$[$7$$$H=R$Y$?!#Cf$G$b!V$<$RAH$_9~$s$G$[$7$$$N$,!"%Q%C%A%^%M%8%a%s%H$N;EAH$_!#%Q%C%AE,MQ$,IiC4$K$J$C$F$7$^$&$N$OK\MhK>$^$7$/$J$$$3$H!#$<$R<+F02=%=%j%e!<%7%g%s$NF3F~$r!W$H8@$&!#(B

$B!!(Bpush $B$J$b$N$H(B pull $B$J$b$N$H!"N>J}I,MW$@$H;W$&$N$G$9$h$M!#(B pull $B$J$b$N$O(B Windows Update / $B<+F099?7(B / SUS $B$N@~$G$$$$$H;W$&$N$G$9$,!"(B push $B7?$,(B SMS $B$H$$$&$N$O!"$J$s$@$+%"%j$r;&$9$N$K(B MOAB $B$rEj2<$9$k$h$&$J46$8$,$7$F!#(B 3rd party $B%W%m%@%/%H$r;H$($H$$$&$3$H$J$N$+$b$7$l$J$$$1$I!"(Bpatch $BE,MQ$K5!G=$r8BDj$7$?!"4J0W(B SMS $B$_$?$$$J$b$N$,$"$C$F$b$$$$$H;W$&$N$G$9$h$M!#(B

2003.12.24 $BDI5-(B:

$B!!$D$E$-(B?: Enhancing Customer Security: New Microsoft Initiatives in the Ongoing Security Effort to Help Customers$B!#(B

$B"#(B $B$$$m$$$m(B
($B$$$m$$$m(B)

$B"#(B $BDI5-(B

NISCC Vulnerability Advisory 006489/OpenSSL: Vulnerability Issues in OpenSSL

fix / patch: $B$K(B FreeBSD Security Advisory FreeBSD-SA-03:18.openssl$B!"(B OpenBSD: DoS bugs in OpenSSL $B$rDI2C!#(B $B4XO"5-;v$J$I(B: $B$K(B New OpenSSL remote vulnerability (issue date 2003/10/02) (ebitech.sk) $B$rDI2C!#(B

HEADS UP: upcoming security advisories

FreeBSD-SA-03:15.openssh, FreeBSD-SA-03:18.openssl $B=P$^$7$?!#(B

Mac OS X 10.2.8 $B$OB>$b%@%a%@%a$G$9(B

$B$$$^$5$i$G$9$,?7(B path $B=P$F$^$9$M(B: APPLE-SA-2003-10-03 Mac OS X 10.2.8 Revised$B!#(B $B8EJk;a$K$h$kK.LuHG(B: [harden-mac:0513]$B!#(B $B?7(B patch $B$ND4;R$O$I$&$J$N$+$7$i!#(B

$B"#(B Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability
(bugtraq, Thu, 09 Oct 2003 01:19:56 +0900)

$B!!(B829493 - $B%f!<%6!<8GM-$N%U%)%k%@$,3+$+$l$k8=>]$K$D$$$F(B $B$NOC!#(BWindows Server 2003 $B$G$N(B shell: URL $B=hM}$K(B .. $B%P%0$,$"$j!"967b

2005.04.07 $BDI5-(B:

$B!!(BWindows Server 2003 SP1 $B1Q8lHG$G=$@5$5$l$F$$$k$3$H$,3NG'$5$l$?(B: penetration technique research site $B;2>H!#(B $B$^$?(B PivX $B$K$h$k$H!"(Bbid 7826 $B$N(B exploit $BMs(B$B$K$"$k(B ftpexp.html $B$K$D$$$F$O(B Windows Server 2003 $B$@$1$G$J$/(B Windows XP (SP2 $B4^$`(B) $B$K$b1F6A$9$k$H$$$&!#(B

$B"#(B The Twenty Most Critical Internet Security Vulnerabilities (Updated) - The Experts Consensus (Version 4.0)
(SANS, 2003.10.08)

$B!!(BSANS $B$K$h$k!"$$$A$P$s%d%P$$>e0L(B 20 $B8D=j$N7g4Y!#(BWindows 10 $B8D=j!"(BUNIX 10 $B8D=j!#(B $B0lHL(B Windows $B%f!<%68~$1$N(B top 1 $B$,(B IIS $B$C$F$3$H$O$J$$$@$m$&$+$i!"(B server $B4IM}pJs$J$N$@$m$&!#(B

$B"#(B 2003.10.08

$B"#(B Adobe SVG Viewer (ASV) Windows $BHG$N(B 3.0 $B0JA0$K(B 3 $B$D$N7g4Y(B
(various)

$B!!(BAdobe SVG Viewer (ASV) Windows $BHG$N(B 3.0 $B0JA0$K(B 3 $B$D$N7g4Y!#(B

$B!!(BAdobe SVG Viewer (ASV) 3.01 for Windows $B$G=$@5$5$l$F$$$k!#(B http://www.adobe.com/svg/viewer/install/mainframed.html $B$+$iF~

$B"#(B 2003.10.07

$B"#(B Blaster$B$H$H$b$K>C$($?2F!=!==q$-;D$7$?IqBfN"(B
($BF|7P(B IT Pro, 2003/10/07)

$B!!%9%Q!<%/%W%i%0$,7P;:>J$G!"%(%s%8%s$O%^%9%a%G%#%"!"$H!#(B $B$=$N$3$m;d$O%M%C%H$KA4$/$D$J$2$i$l$J$$4D6-$K$$$?$N$G!"$^$D$j$K$O$[$H$s$I;22C$G$-$J$+$C$?!#$^$"!";22C$G$-$F$$$?$H$7$F$b30Ln$G$7$+$J$$$s$@$1$I$M!#(B

$B$"$k%"%s%A%&%$%k%9!&%Y%s%@!<$NC4Evl$7$?$=$&$@!#$b$C$H$bK\?M$O$"$^$jK\0U$G$O$J$+$C$?$i$7$/!$!V%F%l%S$r$O$8$a!$?7J9$d;(;o$J$I$N

$B!!@d9%$N@kEA$N5!2q$@$+$i%$%1%$%1%4!<%4!<$@$C$?$s$G$7$g$&$+$M$(!#(B

$B

$B!!H>7B(B 50m $B0JFb$bF1MM$G$9$,!"$3$l$K2C$($F!V(BWindows Update $B$7$?$i%7%c%C%H%@%&%s$G$-$J$/$J$C$A$c$C$?!W$H!"(BWindows Update $B$K$h$k%H%i%V%k$^$G$O$8$a$F7P83$7$??M$b$$$^$7$?!#(B

$B!!4XO"(B: $B??Aj!|(BBlaster$B$HF.$C$?ITL2IT5Y$N(B1$B=54V(B ($BF|7P(B IT Pro)$B!#(B $B$7$+$7!"0U?^$7$F$J$N$+$I$&$J$N$+$h$/$o$+$j$^$;$s$,!"(BTelecom-ISAC $B$d(B JPCERT/CC $B$H$$$&L>;l$O=P$F$3$J$$5-;v$G$9$M!D!D!#(B

$B!!4XO"(B: $B!Z(B Microsoft RPC $B$N@H (@Sam $B$5$s(B)$B!#(B

$B"#(B $BDI5-(B

HTML $B%3%s%P!<%?$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,

MS03-023 $B$K!V7Y9p!W$,DI2C$5$l$?$N$GDI5-!#(B hotfix $BE,MQ8e$K(B IE 6 SP 1 $B$r%$%s%9%H!<%k$7$?>l9g$O!"(BMS03-023 hotfix $B$r:FE,MQ$9$kI,MW$,$"$k!#(B [memo:6500] $B$N7o(B ($B$N0lIt(B) $B$,L@5-$5$l$?LOMM!#(B

$B"#(B 2003.10.06

$B"#(B $BDI5-(B

Linux vs. Windows Viruses

$B=5Kv$K$$$m$$$m9M$($?$3$H$rDI5-!#(B

$B"#(B Opinion$B!'%U%#%C%7%s%0:>5=$KD`$i$l$F$O$$$1$J$$(B
(ZDNet, 2003.10.03)

$B!!0lJ}$G!"<+$B$G$O$J$$(B$B$H$3$m$+$i0FFb%a!<%k$rAw$j$D$1$kGZ(B ($BNc(B: Microsoft) $B$b$$$^$9$+$i$M$(!#$J$s$@$+$J$"!#(B

$B!!(Bspam $B$@$N(B phishing $B$@$N56(B From: $B$N%&%#%k%9!&%o!<%`$@$N$,$3$l$@$1N.9T$C$F$$$k$N$G$9$+$i!"8D?ME*$K$O!"%a!<%k$X$NEE;R=pL>$,$b$C$HN.9T$C$F$7$+$k$Y$-$@$H;W$C$F$$$k$N$G$9$,!"!VBg4k6H!W$H8@$o$l$k$H$3$m$G$9$i$[$H$s$I8+$+$1$^$;$s$M$(!#$=$&$$$&AJ>Y$,

$B"#(B 2003.10.05

$B"#(B 2003.10.03

$B"#(B Linux vs. Windows Viruses
(securityfocus.com, 2003.10.03)

$B!!

2003.10.06 $BDI5-(B:

$B!!$$$m$$$m$H9M$(D>$7$F$_$k$H!"Cx

Instead of just reading an email (... just reading an email?!?), a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable. Even as less sophisticated users begin to migrate to Linux, they may not understand exactly why they can't just execute attachments, but they will still have to go through the steps.

$B$K$D$$$F$O!"%"!<%+%$%P(B (tar, zip, ...) $B$r2p$9$k$3$H$G

Unfortunately, running as root (or Administrator) is common in the Windows world. In fact, Microsoft is still engaging in this risky behavior. Windows XP, supposed Microsoft's most secure desktop operating system, automatically makes the first named user of the system an Administrator, with the power to do anything he wants to the computer.

$B$K$D$$$F$OF10U!#4IM}/$J$/$J$$!"$H$$$&>u67$,Goo;~$K$O0lHL%f!<%6$H;w$?$j$h$C$?$j$N8"8B$7$+$J$$!W$H$$$&(B Mac OS X $B$N@_7W$,$h$j@5$7$$J}8~$@$H;W$&!#(BWindows XP $B$O(B runas $B$rM-8z3hMQ$G$-$F$$$J$$!"$H$b8@$($k!#(B

Linux runs on many architectures, not just Intel, and there are many versions of Linux, many packaging systems, and many shells. But most obvious to the end user, Linux mail clients and address books are far from standardized. KMail, Mozilla Mail, Evolution, pine, mutt, emacs ... the list goes on. It's simply not like the Windows world, in which Microsoft's email programs - Outlook and Outlook Express - dominate.

$B!!B?MM@-$O$h$$$3$H$@!"$O$=$N$H$*$j$J$N$@$,!"(BLinux $B$,Ia5Z$7$?$H$-$K!"$=$&8@$($k$[$IB?MM@-$,@8$8$k$+!"$H$$$&E@$K$D$$$F$O$b$&$A$g$C$H9M$($kI,MW$,$"$k$H;W$&!#(B $B;YG[E*$J$b$N(B 1 $B$D$@$1A*$s$G967b$9$l$P==J,$JL\I8$,B8:_!"$G$O!"$"$^$j0UL#$O$J$$$o$1$G!#;YG[E*$J$b$N$,B8:_$7$J$$@$3&$,M}A[$G$9$h$M!#(B

$B!!5U$K(B Windows $BJ}LL$K$D$$$F$O!"$?$H$($P(B Netscape $B$H(B Opera $B$r%W%j%s%9%H!<%k$7$F$*$/$@$1$G$b$:$$$V$s0c$&E83+$K$J$j$=$&!"$J5$$O$9$k!#(B

2003.10.14 $BDI5-(B:

$B!!(BCounterpoint: Linux vs. Windows Viruses$B!#(B security fix $B$5$l$F$b%"%J%&%s%9$5$l$J$$$8$c$s!"$H$$$&%1!<%9$O3N$+$K$"$k!#(B

$B"#(B HEADS UP: upcoming security advisories
(freebsd-security ML, Fri, 03 Oct 2003 02:08:44 +0900)

$B!!(BFreeBSD-SA-03:15.openssh, FreeBSD-SA-03:16.filedesc, FreeBSD-SA-03:17.procfs, FreeBSD-SA-03:18.openssl $B$,=P$k$+$iCm0U$7$F$M!"$H$$$&OC!#(B FreeBSD-SA-03:16.filedesc $B$H(B FreeBSD-SA-03:17.procfs $B$O=P$^$7$?(B:

$B!!(BFreeBSD-SA-03:17.procfs $B$,=P$?$N$G=q$-$J$*$7$?!#(B

2003.10.10 $BDI5-(B:

$B!!(BFreeBSD-SA-03:15.openssh, FreeBSD-SA-03:18.openssl $B=P$^$7$?!#(B

$B!!(BFreeBSD-SA-03:18.openssl $B$K!V(Bmake world $B$;$h!W$H=q$+$l$F$$$k$N$G(B make world $B$JF|!9!D!D!#(B

$B"#(B $BDI5-(B

NISCC Vulnerability Advisory 006489/OpenSSL: Vulnerability Issues in OpenSSL

Vine Linux: [ 2003,10,03 ] openssl $B$K%;%-%e%j%F%#%[!<%k(B $B$rDI2C!#(B

Welchia / Nachi $B%o!<%`$M$?(B

$B%H%l%s%I%^%$%/%m$O(B 2003.09.16 $BIU(B ($B%Q%?!<%s(B 631 $B0J9_(B) $B$G(B WORM_MSBLAST.D $B$+$i(B WORM_NACHI.A $B$XL>>N$rJQ99!#$"$o$;$F(B WORM_MSBLAST.[EFG] $B$+$i(B WORM_MSBLAST.[DEF] $B$X$H(B 1 $B8D$:$i$7$F$$$k!#(B $B$3$l$KBP1~$7$F!"$3$N9`$N5-=R$rJQ99$7$?!#IzC+$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B DNS$B$K1F6A!"%Q%C%AL$H/9T$N@H
(ZDNet, 2003.10.03)

$B!!(BQhosts $B$H$$$&%H%m%$$NLZGO$,EP>l$7$?$=$&$G!#(B

$B$9$k$h$&$@!#(B

$B!!(BOCN$B$N(BDNS$B%5!<%P!<$K:F$S>c32H/@8!$:GBg(B100$BK|?M$K1F6A(B ($BF|7P(B IT Pro) $B$b4XO"$@$C$?$j$9$k$N$+$J!#(BQhosts $B4XO"5-;v(B:

$B"#(B 2003.10.02

$B"#(B $BD9Ln8)$N?/F~
(slashdot.jp, 2003.10.01)

$B!!4XO"(B: $BD9Ln8)!$!V=;4p%M%C%H$K?/F~@.8y!W$H$N0lItJsF;$rH]Dj(B ($BF|7P(B IT Pro)$B!#8=:_J,@OCf$J$N$G!"@.8y$7$?$H$b$7$F$$$J$$$H$b8@$($J$$LOMM!#(B

$B!VEv=i$NM=Dj$I$*$j!$J,@O$,=*N;8e!$%W%i%$%P%7!<$d$7$+$k$Y$-LdBj$KG[N8$7$?$&$($G!$\:Y$^$G8x$1$K$9$k$+$I$&$+$r7h$a$F$$$k$o$1$G$O$J$$!W!JD9Ln8)(B $B=;4p%M%C%HBP1~%A!<%`%j!<%@!<(B $B2,It1QB';a!K(B

$B"#(B CERT Incident Note IN-2003-04: Exploitation of Internet Explorer Vulnerability
(CERT/CC, 2003.10.01)

$B!!(B$BJF(BMS$B!"$H$s$@$*AFKv(B-$B=EBg$J@H $BOC!#$H$j$"$($:(B MS03-032 $B$rE,MQ$7$?>e$G!"%f!<%6$NBP1~$H$7$F0J2<$r?d>)$7$F$$$k!#(B

$B!!$^$?4IM}

$B"#(B $BDI5-(B

NISCC Vulnerability Advisory 006489/OpenSSL: Vulnerability Issues in OpenSSL

CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations (CERT/CC) (LAC $BK.LuHG(B)$B!"(B Vendor Status Note JVNCA-2003-26: SSL/TLS $B$N (JPCERT/CC JVN) $B$r!V4XO"5-;v$J$I!W$KDI5-!#(B

$B"#(B 2003.10.01

$B"#(B $BDI5-(B

Sendmail 8.12.10 released

Sun Solaris 7$B!A(B9 $BMQ(B patch $B$,MQ0U$5$l$^$7$?!#(B sendmail(1M) Buffer Overflow Vulnerability in Address Parsing Function prescan() $B$d(B 0062-02$B!!(BSun sendmail $B%;%-%e%j%F%#@H (CTC) $B$r;2>H!#B-N)$5$s!"J!86$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

NISCC Vulnerability Advisory 006489/OpenSSL: Vulnerability Issues in OpenSSL

OpenSSL Security Advisory [30 September 2003] Vulnerabilities in ASN.1 parsing $B$,EP>l$7$?$N$G!"$3$l$K4XO"$9$k5-=R$rDI2C!#(B Cisco Security Advisory: SSL Implementation Vulnerabilities$B!"(B Turbolinux Security Advisory TLSA-2003-55$B!"(B [SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues $BDI2C!#!V4XO"5-;v$J$I(B:$B!W$rDI2C!#(B

$BL$=$@5$N(BIE$B@H

$B4XO"5-;v(B: IE$B$N@H (ZDNet)$B!#(B

[VulnWatch] [DDI-1013] Buffer Overflow in Samba allows remote root compromise

Portalworks$BI8=`%j%]%8%H%j$K%P%C%U%!%*!<%P!<%U%m!<$N@H ($BIY;NDL(B)$B!#(B $BH>G/A0$NOC$J$N$K!"$^$@(B patch $B>pJs$,5-:\$5$l$F$$$J$$$h$&$G!#(B

829493 - $B%f!<%6!<8GM-$N%U%)%k%@$,3+$+$l$k8=>]$K$D$$$F(B

$B$3$NLdBj$O!"(BYoshida $B$5$s$,Js9p$7$F$$$k!V(BMicrosoft Internet Explorer %USERPROFILE% Folder Disclosure Vulnerability$B!W$K(B$B;w$F$$$k$,JL$NLdBj(B$B$@$=$&$G$9!#(B_o_

$B"#(B $B!V5D0w$X$N5;=Q>pJsDs6!$,I,MW!W!!(BCPSR$BF|K\;YItG/
($BKhF|(B, 2003.09.29)

$B!!=;4p$H$$$($P!"@>M8(B $B5|;a$K$h$k(B $B=;4p%M%C%HLdBj%i%$%V%i%j!<(B$B$,8x3+$5$l$F$$$^$9$M!#(B $BKhF|$N5-;v$K$b$"$k=;4p%+!<%I$K$D$$$F$O(B $B=;4p%+!<%I$NLdBjE@(B $B$G=R$Y$i$l$F$$$^$9!#(B

$B!!5D0wJ}LL$X$N5;=Q>pJsDs$K$D$$$F$O!"$?$H$($P(B $B$-$g$&$N%(%5(B (gtk's memo) $B$r8+$F$b$o$+$k$h$&$K!"I,MW$G$9$M!#(B $B%$%s%?!<%M%C%H$NNr;K$K$D$$$F$O!"$?$H$($P(B Internet Society $B$N(B A Brief History of the Internet (Takeharu Kudo $B;a$K$h$kKAF,It$NK.Lu(B) $B$H$+!#:G=i$O(B NCP $B$b$J$+$C$?$h$&$G!#(B NCP $B$+$i(B TCP/IP $B$X$N@Z$j$+$($K$D$$$F$O!"$?$H$($P(B RFC801: NCP/TCP TRANSITION PLAN (Adem or D.N.A. $B;a$K$h$kK.Lu(B) $B$H$+!#(B

$B"#(B SecurityFocus Newsletter #213 2003-9-1->2003-9-5
(bugtraq-jp, Tue, 30 Sep 2003 17:34:39 +0900)

$B!!(BSecurityFocus Newsletter $BBh(B 213 $B9f!#(B BO2K $B$G$9$,!"$"$?$i$7$$$N$O(B 1.1.1 $B$8$c$J$/$F(B 1.3 beta 1a $B$J$N$G$O!#(B $B1Q8l%*%j%8%J%kHG(B SecurityFocus Newsletter #213 $B$G$b(B 1.1.1 $B$K$J$C$F$k$+$i;EJ}$J$$$N$@$1$I!#(B

$B"#(B Interstage Application Server$B$K$*$1$k(BJSP$B%=!<%9$*$h$S%G%#%l%/%H%j%j%9%H$,O31L$9$kLdBj$K$D$$$F(B (2003$BG/(B10$B7n(B1$BF|(B)
($BIY;NDL(B, 2003.10.01)

$B!!(BInterstage Application Server $B$K7g4Y!#(BJSP $B%=!<%9$d%G%#%l%/%H%j%j%9%H$,30It$KO31H$9$k2DG=@-$,$"$k$=$&$@!#(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B InterScan for Lotus Notes: WORM_SWEN.A$B$r8!=P$9$k$H%I%_%N%5!<%P$,Dd;_$9$k(B
($B%H%l%s%I%^%$%/%m(B, 2003.09.26)

$B!!(BInterScan for Lotus Notes 2.51 / 2.6 $B$N0lIt(B (UNIX $BHG$N(B 2.51 Patch[23] $B$H(B Windows $BHG$N(B 2.6 Build 1278 $BL$K~(B) $B$K$*$$$F!"DLCN%a%C%;!<%8$rAw?.$9$k$h$&@_Dj$7$F$$$k>l9g$K!"!VFCDj$N7A<0$N%a!<%k!W(B(Swen $B$,$3$l$K3:Ev(B) $B$KBP$9$k%&%$%k%9DLCN%a%C%;!<%8$rG[?.$9$k$H%I%_%N<+BN$,Dd;_$7$F$7$^$&$H$$$&!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$^$?!"DLCN%a%C%;!<%8$rAw?.$7$J$$$h$&@_Dj$9$k$3$H$G2sHr$G$-$k!#(B

$B"#(B Mac OS X 10.2.8 $B$OB>$b%@%a%@%a$G$9(B
($B%?%l%3%_(B, Wed, 01 Oct 2003 02:28:14 +0900)

$B!!>.@>$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B)$B!#6gFIE@$H$+$r$A$g$C$HJT=8$7$^$7$?(B:

$B$J$s$+3'L[$C$F$$$k$N$,IT;W5D$G$7$g$&$,$J$$$s$G$9$1$I!"(BApple$B$C$FAa!9$K%@%a$J(B10.2.8$B$K%"%C%W%G!<%H$7$??M$N5_:Q$r$9$k5$$,L5$$$N$G$7$g$&$+!)(B
$B%"%C%W$5$l$F$$$k$N$,C;4|4V$@$C$?$+$i!"%"%C%W%G!<%H$7$??M$,>/$J$$$+$i!"J|$C$F$*$+$l$F$$$k$N$+!"%f!<%6!<$,>/$J$$(BMac$B$@$+$iA{$.$K$J$i$J$$$N$+!D!D!#(B

$B0lHL$N?M$K$O(BEther$BLdBjDx?<9o$G$J$+$C$?$j!"5$$,$D$+$J$$$N$+$bCN$l$J$$$G$9$,!";d$N4D6-$G$O!"%*!<%G%#%*<~$j$,BgJQ$J;v$K$J$C$F$$$^$9!#(B $B9,$$(BEther$BLdBj$O5/$-$F$$$J$$$N$G$9$,!D!D!#(B

$BK?2;3Z%"%W%j%1!<%7%g%s$,IQHK$K%/%i%C%7%e$9$k$h$&$K$J$C$?$j!"K?2;3Z%"%W%j%1!<%7%g%sN)$A>e$2$F$$$k;~$K(BFinder$B$=$NB>$,D6=E$/$J$C$?$j$7$F$$$^$9!#(B $B%a!<%+!<%5%$%I$G$b!"%/%i%C%7%e%m%08+$F(B10.2.8$B$KLdBj$,$"$j$=$&$@$H8@$C$F$$$^$9!#(B $B2;3Z$7$J$,$iN"$G(BMozilla$B$J$s$FN)$A>e$2$F$$$k$H!"BgJQ$J;v$K$J$j$^$9!#(B

$B$=$l$+$i!"B>$N%G%#%9%H%j%S%e!<%7%g%s$O$o$+$i$J$$$G$9$,!"(B $B%G%e%"%k%V!<%H$G;E9~$s$G$"$k(BYellowDog$B$O%V!<%HESCf$G>!
$B$h$/$_$s$JL[$C$F$$$k$J$H;W$$$^$9!#(B

$B!!8D?ME*$K$O!"$$$A$P$s$NLdBj$O!"(B10.2.8 $B%"%C%W%G!<%H$r4JC1$K%"%s%$%s%9%H!<%k$9$kJ}K!$,$J$$!"$H$$$&$3$H$J$N$G$O$J$$$+$H;W$C$?$j$7$F$$$^$9!#%"%C%W%G!<%HE,MQA0$N>uBV$K4JC1$KLa$;$l$P$$$$$N$@$H;W$&$N$G$9$,!"(BMac OS X 10.3 $B$G$b$=$&$$$&J}LL$N2~A1$,$5$l$kMM;R$O$J$$$h$&$G$9$M!#I=LLE*$J5!G=$N6/2=$h$j$b$`$7$m!"$=$&$$$&E@$NJ}$,=EMW$@$H;W$&$N$G$9$1$I$M$(!#(B

$B!!L[$C$F$k?M$,B?$$$N$O!"=!65>e$NM}M3$b$"$k$N$G$9$+$M$(!#(B $B8D?ME*$K$O(B 10.2.8 $B%"%C%W%G!<%H$NE,MQ$r2sHr$G$-$F$$$k$N$G!"L[$k$b$J$K$b$J$$$N$G$9$,!#(B

2003.10.10 $BDI5-(B:

$B!!$$$^$5$i$G$9$,?7(B path $B=P$F$^$9$M(B: APPLE-SA-2003-10-03 Mac OS X 10.2.8 Revised$B!#(B $B8EJk;a$K$h$kK.LuHG(B: [harden-mac:0513]$B!#(B $B?7(B patch $B$ND4;R$O$I$&$J$N$+$7$i!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B