$B%;%-%e%j%F%#%[!<%k(B memo - 2003.12

$B!!(BIE$B$N?7%;%-%e%j%F%#!<%[!<%k$H$O$F$J%@%$%"%j!<(BXSS$BBP:v(B $B$N$D$E$-(B (?)$B!#(B $B$3$N0lO"$N>u67$O$J$s$J$N$G$7$g$&!#(BIE $B$N(B CSS $B$^$o$j$O$I$&$7$h$&$b$J$$$[$IJQ$J$N$G$7$g$&$+!#(BWindows XP SP2 $B$G$O$$$m$$$m$J$b$N$,(B secure $B$K$J$k(B$B$H@kEA$5$l$F$$$^$9$,!"(BCSS $B$^$o$j$K$D$$$F$b%/%j!<%s%"%C%W$5$l$kM=Dj$O$"$k$N$G$7$g$&$+!#(B

2003.12.19 $BDI5-(B:

$B!!4XO"(B: $B!V(BMSIE6 $B$b$&BLL\$+$b!W(B ($B$($SF|5-(B)$B!#$J$s$@$+$9$5$^$8$$Nc$,7G:\$5$l$F$$$^$9!D!D!#(B $B$I$&$$$&

GnuPG 1.0.2$B0J9_$N(BElGamal$B80=pL>$GHkL)80$,O31L(B

• Turbolinux: Turbolinux Security Advisory TLSA-2003-68
• Vine Linux: [ 2003,12,05 ] gnupg $B$K%;%-%e%j%F%#%[!<%k(B
• Fedora Core 1: [SECURITY] Fedora Core 1 Update: gnupg-1.2.3-2
• Red Hat Linux: [RHSA-2003:390-01] Updated gnupg packages disable ElGamal keys
• FreeBSD: ports/security/gnupg$B!#(B1.2.3_4 $B$G(B fix $B$5$l$F$$$kLOMM!#(B

CVS security update

• Turbolinux: Turbolinux Security Advisory TLSA-2003-69
• Vine Linux: [ 2003,12,13 ] cvs $B$K%;%-%e%j%F%#%[!<%k(B

[Full-Disclosure] lftp buffer overflows

Vine Linux: [ 2003,12,18 ] lftp $B$K%;%-%e%j%F%#%[!<%k(B

IE$B$N?7%;%-%e%j%F%#!<%[!<%k$H$O$F$J%@%$%"%j!<(BXSS$BBP:v(B

Ikegami $B$5$s$+$i(B Mozilla 1.6 beta (20031214) $B$N>pJs$rD:$$$?(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$N$GI=$r99?7!#(B Mozilla 1.5 $B$HF1MM$N$h$&$G$9!#(B

STUDIO KAMADA $B$5$s$N>pJs$rDI5-!#(B@import $B$@$1$G$O$J$/!"$$$m$$$m$J$b$N$K$D$$$F>JN,5-K!$,2DG=$JLOMM!#$J$s$J$N$@$3$l$O!D!D!#(B

IE$B$K(BURL$B$r56Au$G$-$k%Q%C%AL$8x3+$N@H

Opera 7 $B$G$N%Z!<%8>pJs$NI=<($N;EJ}$rF?L>4uK>$5$s$K65$($F$$$?$@$$$?(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$N$GI=$r2~D{!#(B Opera 7.23 $B$G$N%Z!<%8>pJs$O!{$@$C$?!#(B $B$=$NJ}K!(B: [$BI=<((B] $B%a%K%e!<$N(B [$B%[%C%H%j%9%H(B] $B$G!V%Z!<%8>pJs!W$r%A%'%C%/$9$k$H!"%[%C%H%j%9%H$K!V%Z!<%8>pJs!W$H$$$&9`L\$,$G$-$k$N$G!"$3$l$G3NG'$G$-$k!#(B

$B!!$"$($F%;%-%e%j%F%#%[!<%k07$$$7$F$_$k%F%9%H!#(B$B%$%s%7%G%s%H%l%9%]%s%9!=IT@5%"%/%;%9$NH/8+$HBP:v(B$B$r$a$0$k(B$BOC(B$B$H$b$D$J$,$k$N$@$1$I!"NI=q$,Gd$l$F$$$J$$$H$$$&>u67$OCWL?E*$J$o$1$G!#(B

$B!!M-_7;a$N!V$3$l$@$1B?$/$N;vNc$r07$C$F$$$k$o$j$K$O;29MJ88%$,>/$J$$!W$H$$$&HcH=$O%.%c%0$a$$$F$$$k$,!"!V$3$l$@$1$NJ,NL$NFbMF$KBP$7$F!"?^I=$,$-$o$a$F>/$J$$!W$H$$$&HcH=$K$D$$$F$OF10U$@$J$"!#$@$+$i$H8@$C$F!"K\=q$N2ACM$,2<$,$k$o$1$G$O$J$$$N$@$,!#(B

$B!!8D?ME*$K$O!V$=$NBjL>$I$&$K$+$7$F$h!W$H$O;W$&!#$I$&$7$F(B Secrets & Lies $B$,!V(B$B0E9f$N(B$BHkL)$H%&%=!W$K$J$k$N$+A4$/M}2r$G$-$J$$!#8m2r$5$;$9$.$NBjL>$N$*$+$2$GGd>e$,$9$4$/2<$,$C$F$?$j$7$^$;$s$+(B? $B$U$D$&$N?M$O!V0E9f!W$C$F$"$C$?$@$1$G%9%F$J$N$G$O(B? $B:#$+$i$G$bCY$/$J$$$+$i!"!V%;%-%e%j%F%#$NHkL)$H%&%=!W$H$+$KJQ99$9$Y$-$J$N$G$O(B?

$B!!$^$"$H$b$+$/!"$^$@FI$s$G$J$$!"$J$s$F?M$,$$$?$i!":#$9$0CmJ8$9$Y$-$@$m$&!#%?%$%H%kIt$N%j%s%/$O(B amazon.co.jp$B!#(B cbook24.com $B$J$i(B$B$3$3(B$B!D!D$C$FIJ@Z$l$8$c$s(B cbook24$B!#(B $B$7$+$7!"$J$<(B Applied Cryptography $B$,!V$"$o$;$FGc$$$?$$!W$G=P$F$/$k$+$M$((B > amazon.co.jp$B!#(B $B0E9f5;=QBgA4(B $B$H$$$&K.Lu=q$,$"$k$N$K!#(B

2003.12.19 $BDI5-(B:

$B!!4XO"(B: $B!X0E9f$NHkL)$H%&%=!Y@58mI=(B (YAMAGATA Hiroo Official Japanese Page)$B!#(B $BGd$l$F$$$J$$!"$H$$$&$3$H$J$N$G!"@$$NCf$K$O!V=i:~$j!W$7$+B8:_$7$J$$$N$+$b$7$l$^$;$s!#(B

$B!!$G!"0lLk$K$7$F(B amazon.co.jp $B$G$O!V(BAmazon.co.jp $BGd>e%i%s%-%s%0!'(B 91$B!W(B(14:08:59) $B$G!VDL>o(B2$BF|4V0JFb$KH/Aw!W$K$J$C$F$$$?$j$9$k$N$G$9$,!"=V4VIwB.$G$I$&$3$&$H$$$&K\$G$b$J$$$O$:$J$s$G$9$h$M!"K\Ev$O!#(B $B$?$@$7!"@dBPNL$,=P$F$$$J$$!"$H$$$&$N$O!D!D!#(B

• $B!U(B CISCO $B$M$?(B

  • Cisco Security Advisory: Cisco FWSM Vulnerabilities
  • Cisco Security Advisory: Cisco PIX Vulnerabilities

  $B>\:Y$O(B$B!3#R%NF|5-(B$B$r;2>H!#(B

• $B!U(B SecurityFocus Newsletter

  • SecurityFocus Newsletter #224 2003-11-17->2003-11-21
  • SecurityFocus Newsletter #225 2003-11-24->2003-11-28

• $B!U(B [Full-Disclosure] lftp buffer overflows

  lftp 2.6.9 $B0JA0$K7g4Y!#(Blftp $B$,(B HTTP $B$"$k$$$O(B HTTPS $B$rMxMQ$9$k$?$a$N%3!<%I(B (sscanf() $B;HMQItJ,(B) $B$K(B buffer overflow $B$9$k8D=j$,$"$k!#(Blftp 2.6.10 $B$G=$@5$5$l$F$$$k!#(B $B$^$?LdBjH/8+patch $B$,8x3+$5$l$F$$$k!#(B

  CVE: CAN-2003-0963

  • Fedora Core 1: [SECURITY] Fedora Core 1 Update: lftp
  • Red Hat Linux: [RHSA-2003:403-01] Updated lftp packages fix security vulnerability
  • Vine Linux: [ 2003,12,18 ] lftp $B$K%;%-%e%j%F%#%[!<%k(B
  • Turbolinux: Turbolinux Security Advisory TLSA-2004-2
  • FreeBSD: ports/ftp/lftp

IE$B$K(BURL$B$r56Au$G$-$k%Q%C%AL$8x3+$N@H

Microsoft KB $BEP>l(B: 833786 - $B@.$j$9$^$7$?(B Web $B%5%$%H$+8+J,$1$k (Microsoft)$B!#$7$+$7!D!D!#(B

Internet Explorer and Opera local zone restriction bypass

$B8x<0(B Advisory $BEP>l(B: MPSB03-08 Update to Flash Player Addressing Local Shared Object Security (macromedia.com)$B!#(B Flash Player (7,0,19,0) $B$G=$@5$5$l$F$$$k$=$&$@!#(B

$B$7$+$7!"$$$^$@$K(B Flash 7 $B$KBP1~$7$F$/$l$F$$$J$$(B web $B%Z!<%8$H$+!"$"$k$s$G$9$h$M$'!D!D!#(B

Microsoft FrontPage Server Extensions $B$N%P%C%U%!%*!<%P!<%i%s$K$h$j!"%3!<%I$,

Ready-to-Run Software $B8x<08+2r(B: pdate on "Microsoft Security Update 813360, ref MS03-051": (rtr.com)$B!#!V(BUNIX versions for the Microsoft FrontPage 2002 Server Extensions$B!W(B $B$K$O$3$N7g4Y$O$J$$$=$&$@!#(BFrontPage 2000 Server Extensions for UNIX $B$K$D$$$F$O2?$b8l$i$l$F$$$J$$$3$H$KCm0U!#(BFrontPage 2000 Server Extensions for UNIX $B$O$b$O$d0];}$5$l$F$$$J$$$N$G!"MxMQ

IE$B$N?7%;%-%e%j%F%#!<%[!<%k$H$O$F$J%@%$%"%j!<(BXSS$BBP:v(B

$B?eL57n$P$1$i$5$s$+$i!"(BNULL $B$K$D$$$F$O(B Mozilla $B$G$b%@%a$J$N$G$O(B ($B%F%9%H%Z!<%8(B) $B$H$$$&;XE&$r$B$B$r=$@5!&DI2C$7$?!#(B_o_

$BHwA0$5$s$+$i!"(BSafari 1.1(v100.1) $B$G$O(B NULL $BD>Kd$a$,!_$K$J$k$H$N>pJs$rD:$$$?(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$N$GI=$r99?7!#(B

$B=;4p%M%C%H?/F~pJs$N2~$6$s$,2DG=(B

$B=;4p%M%C%H!=!=?)$$0c$&0U8+$NCf$G8+$($F$-$?(B2$B$D$N3V$?$j(B (ZDNet)$B!#(BCS $B$O(B Windows 2000 $B$G$9$+!#(B $BCN;v2q8+!V;TD.B<%M%C%H%o!<%/$N0BA4@-D4::$K$D$$$F!W(B ($BD9Ln8)(B) $B$O!"8+$F$*$+%J%$%H$@$a$N$h$&$G$9!#(B

BIND 8.4.3 Release (8.4.3-REL)

NetBSD: NetBSD Security Advisory 2003-018$B!#(B

$B!!$?$$$X$s;H$$$d$9$=$&$J(B ($B;H$$$d$9$9$.$k(B?!) VPN $B%=%U%H%&%'%"$N$h$&$G$9!#(B $B2>A[%M%C%H%o!<%/%G%P%$%9$H$7$F8+$($k$h$&$G$9!#$=$N$?$a!"86M}E*$K$OA4$F$N%"%W%j%1!<%7%g%s$,(B VPN $B$rMxMQ$G$-$k$N$G$7$g$&!#MW$O(B Ethernet over IP $B$C$F$3$H$G$7$g$&$+!#(B P2P $B$J(B VPN $B$G$O$J$/!"2>A[(B HUB $B$rMxMQ$7$?(B VPN$B!"$H$$$&$H$3$m$,?7$7$$$N$+$J!#F|K\8l%I%-%e%a%s%H$,@0Hw$5$l$F$$$k$N$O$9$P$i$7$$$G$9!#$C$F!"0-MQ$9$k$N$O$+$s$Y$s$7$F$[$7$$$G$9$1$I!#(B

$B!!(B$B!3#R%NF|5-(B $B$G$O!V(BOpenVPN $B$H$I$&0c$&$N(B?$B!W(B $B$H$$$&$h$&$J5-=R$,$"$j$^$9$,!"Hf3S$7$F$_$k$H$3$s$J46$8$G$7$g$&$+!#(B $B%I%-%e%a%s%H$r

$B!!:n

$B!!>/$J$/$H$b!"2>A[(B HUB $B$O(B public $B$K%"%/%;%9$G$-$k>l=j$K$J$$$H$^$:$$$N$+$J!#(B public $B$H8@$C$F$b!"(BTCP $B$N(B port $B$,(B 1 $B$D3+$$$F$$$l$P$=$l$G==J,$C$]$$$1$l$I!#(B $BF~$l$F:F5/F0$7$F:o=|$7$F$_$?$1$I!":o=|8e$b!V%M%C%H%o!<%/@\B3!W$K!V(BSoftEther $B2>A[(B LAN $B@\B3!W$,;D$k$J$"!#A4HL%?%V$N(B [$B%W%m%Q%F%#(B] $B"*(B [$B9=@.(B] $B"*(B $B%I%i%$%P%?%V$N(B [$B:o=|(B]$B!"(B $B$G>C$7$?$1$I!"$=$&$$$&$b$N$J$s$@$m$&$+!#(B

$B!!pJs$"$j$,$H$&$4$6$$$^$9!#(B

2003.12.24 $BDI5-(B:

$B!!(B0.40 Beta2 $B$,=P$F$$$^$9$M!#Hf3SI=$K$D$$$F$O!"(B0.40 Beta2 $BIUB0$N!V(BSoftEther $B;HMQ5vBz7@Ls=q!W$K4p$E$$$F99?7$7$^$7$?!#(BML $B$b$G$-$?$h$&$J$N$G!"$H$j$"$($:(B subscribe $B$7$F$_$k%F%9%H!#(B

$B!!$7$+$7!"(Bweb $B%Z!<%8$K$"$k(B$BCx:n8"!&;HMQ>r7o(B$B$H!"(BSoftEther $B<+?H$r%$%s%9%H!<%k$9$k;~$KI=<($5$l$k!V(BSoftEther $B;HMQ5vBz7@Ls=q!W$NFbMF$,0lCW$7$J$$!"$H$$$&>u67$O:$$C$?$b$N$G$9$M!#(B0.40 Beta2 $B$G$bIT0lCW$N$^$^$G$9!#(B

$B!!$^$?!">eB<$5$s$+$i(B OpenVPN 1.5.0 $B0J9_$G$O(B http proxy $B$r%5%]!<%H$7$F$$$k$H65$($F$$$?$@$$$?(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$N$G!"Hf3SI=$r=$@5$7$^$7$?!#(B

$B!!(BSoftEther Version 0.40 (Beta 2) 10:46 (9DO$B$NF|5-(B)$B!#(Bsnort $B$G;H$($k%7%0%M%A%c!#(B

2003.12.25 $BDI5-(B:

$B!!(B$BCx:n8"!&;HMQ>r7o(B$B$H!"(BSoftEther $B<+?H$r%$%s%9%H!<%k$9$k;~$KI=<($5$l$k!V(BSoftEther $B;HMQ5vBz7@Ls=q!W$NFbMF$,0lCW$7$J$$!"$H$$$&>u67$O2~A1$5$l$^$7$?$M!#$7$+$7!"(Bweb $B%Z!<%8$N(B SoftEther $B;HMQ5vBz7@Ls=q(B $B$,(B gif $B2hA|$H$$$&$N$O$A$g$C$H$J$"!#(B

$B!!(B$B7P:Q;:6H>J$NMW@A$K$h$j(B SoftEther $B$NG[I[$rDd;_(B (softether.com)$B!#(B $B$3$&$$$&935D$,Mh$k$3$H$/$i$$M=A[$7$?>e$G$N9T0Y$8$c$J$+$C$?$N$+(B IPA$B!#$&!<$`!#(B $B$*$*$b$H$NB>$K$b!V:FG[I[!W%5%$%H$,$$$/$D$+$"$k$h$&$G$9$,!"3+H/

$B!!(BSoftEther $B$r;_$a$?$H$3$m$G(B vtun $B$d(B OpenVPN $B$OB8:_$7$D$E$1$k$N$@$,$J$"!D!D!#$=$l$h$j$O!"$3$&$$$&$b$N$H$N@^$j$"$$$r$I$&$D$1$F$$$1$P$$$$$N$+$r9M$($k$Y$-$@$H;W$&$N$@$,!#(B

[CORE-2003-12-05] DCE RPC Vulnerabilities New Attack Vectors Analysis

UNYUN $B$5$s$K$h$k8!>Z7k2L$,!"(BThe Shadow Penguin Security Technical Forum $B$G8x3+$5$l$F$$$^$9!#(B

$B!!(BInternet Exploer $B$O(B CSS $B$N07$$$K$*$$$F!"(B@import $B$@$1$G$O$J$/(B @i $B$H$+(B @im $B$H$+$@$1$G$b(B @import $B$HF1MM$K07$C$F$7$^$&$H$$$&OC!#$^$?(B @impor\0t (\0 $B$O(B NULL $B%3!<%I$N$D$b$j(B) $B$N$h$&$K(B NULL $B%3!<%I$,ESCf$KF~$C$F$$$F$b!"(B@import $B$HF1MM$K07$C$F$7$^$&$H$$$&!#$3$N$?$a!"3F=j$N(B web $B%a!<%k$d7G<(HD!"(Bblog $B$b$N$J$I$G!"$3$N>u67$r0-MQ$7$?(B script $BA^F~$,2DG=$H$J$k2DG=@-$,$"$k!#$O$F$J%@%$%"%j!<$K$D$$$F$O!"$$$A$O$d$/=$@5$5$l$?$=$&$@!#(B ($BZ$7$?7k2L!"7g4Y$,$"$k$N$O(B IE 6 $B$N$_$N$h$&$@!#8e=R(B)

$BF|K\$N3F(BWEBMail$B%5!<%S%9$K$b=PMh$k$@$1$N\:Y$KJ9$$$F$-$?$N$O!"$?$C$?#2

$B!!5U$K8@$&$H!"(BMicrosoft $B$H(B Yahoo! $B$/$i$$$7$+K\5$$JAH?%$O$J$$!"$H$$$&$3$H$J$N$@$m$&!#(B

XSS$BBP:v$K$D$$$F$O!"(BJPCERT$B$OJs9pMQ$NAk8}$,$"$j$^$;$s!#=>Mh!"(BJPCERT$B$KO"Mm$7$F$b!"2?$b2r7h$7$^$;$s$G$7$?!#8D?M$,9-HO$J%7%9%F%`$K$+$+$o$k@H

$B!!:2$N6+$S$@$h$J$"!D!D!#$7$+$7$B9qFb%Y%s%@$H$N@HpJs$NN.DL (JPCERT/CC) $B$r$d$k$H$-$K!"$=$&$$$&J}LL$K$D$$$F$b4^$a$k$Y$-$@$H;W$&$s$G$9$1$I$M$(!#(B

2003.12.16 $BDI5-(B:

$B!!(B$B$B!#(B $B!{$O7g4Y$J$7!"!_$O7g4Y$"$j$G$9!#(B

$B%V%i%&%6(B	$B7k2L(B	$BFC5-;v9`(B
Mozilla 1.5	$B!_(B	@i $B$H$+$O!{$@$1$I(B @i\0mport $B$O!_!"(BNULL $BD>Kd$a$O!{(B
Mozilla 1.6 beta (20031214)	$B!_(B	Ikegami $B$5$sD4$Y(B: @i $B$H$+$O!{$@$1$I(B @i\0mport $B$O!_!"(BNULL $BD>Kd$a$O!{(B
Opera 7.23	$B!{(B	$B!!(B
IE 5.01 SP3 + hotfix	$B!{(B	$B!!(B
IE 5.5 SP2 + hotfix	$B!{(B	$B!!(B
IE 6.0 SP1 + hotfix	$B!_(B	@i $B$H$+$H(B @i\0mport $B$O!_!"(BNULL $BD>Kd$a$O!{(B
Safari 1.1 (v100.1)	$B!_(B	$BHwA0$5$sD4$Y(B: @i $B$d(B @i\0mport $B$O!{$@$,!"(BNULL $BD>Kd$a$,!_(B

$B!!(BIE 6 $B$b$&$@$a$]!D!D(BMozilla$B!"$*A0$b$+!D!D(BSafari $B$b$+!D!D(B$B!#(B

2003.12.17 $BDI5-(B:

$B!!?eL57n$P$1$i$5$s$+$i!"(BNULL $B$K$D$$$F$O(B Mozilla $B$G$b%@%a$J$N$G$O(B ($B%F%9%H%Z!<%8(B) $B$H$$$&;XE&$r$B$B$K%F%9%H9`L\$rDI2C$7$?!#(B_o_

$B!!HwA0$5$s$+$i!"(BSafari 1.1(v100.1) $B$G$O(B NULL $BD>Kd$a$,!_$K$J$k$H$N>pJs$rD:$$$?(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$N$GI=",$r99?7!#(B

2003.12.18 $BDI5-(B:

$B!!(BIkegami $B$5$s$+$i(B Mozilla 1.6 beta (20031214) $B$N>pJs$rD:$$$?(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$N$GI=",$r99?7!#(B

$B!!(BSTUDIO KAMADA $B$5$s$KCmL\$9$Y$->pJs$,(B:

• $B%9%?%$%k%7!<%H$N%-!<%o!<%I$N>JN,7A(B
• $B%9%?%$%k%7!<%H$N%-!<%o!<%I$N>JN,7A!JB3$-!K(B

$B!!(B@import $B$@$1$G$O$J$/!"$$$m$$$m$J$b$N$K$D$$$F>JN,5-K!$,2DG=$JLOMM!#(B $B$J$s$J$N$@$3$l$O!D!D!#(B

2003.12.24 $BDI5-(B:

$B!!(B$B$3$s$I$O(B XSS $B@H ($B$($`$b$8$i(B news)$B!#(B

$B%;%-%e%j%F%#%[!<%k(B memo $B$G$O$"$?$+$b(B Mozilla $B$K(B XSS $B@H

$B!!$9$$$^$;$s!";d<+?H$O(B @import $B$NF0:n$7$+DI$$$+$1$F$^$;$s!#9>B<$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!D9Ln8)$N?/F~

$B!!2$J$I#1#29`L\$N8D?M>pJs$,F~$C$F$$$k!V4{B8=;4p%7%9%F%`!W$K?/F~!#0$CRB<$G$O!"D#Fb#L#A#N$J$I$KD>@\!"@\B3$7$?%Q%=%3%s$+$i#C#S$H#C#S$NA`:nC $B!!4X78J$N303TCDBN!VCOJ}<+<#>pJs%;%s%?!pJs$r8!:w!&1\Mw$G$-$k>uBV$K$J$C$?!#?/F~$O#3F|H>$K5Z$s$@$,!"8!CN$5$l$J$+$C$?!#(B

$B!!0JA0$+$i!VFbIt$+$i$N967b$K$OZ$7$?!"$H$$$&$3$H$J$N$@$m$&!#$H$$$&$+!"$3$l$O!"0l<+<#BN$N(B CS $B$+$i!VA49qL1$N8D?M>pJs$r8!:w!&1\Mw$G$-$k>uBV!W$K$G$-$F$7$^$&!"$H$$$&%7%9%F%`$=$N$b$N$N7g4Y$J$N$G$O$J$$$N$+!#;f%Y!<%9$G9T$C$F$$$k;vL3=hM}$r!"$=$N$^$^%M%C%H%o!<%/%7%9%F%`$KCV$-$+$($?>l9g$K$O!"$3$s$J$3$H$K$O$J$i$J$$$O$:$J$N$K!#=;4p%M%C%H$N%7%9%F%`@_7W$=$N$b$N$,8m$C$F$$$k!"$H$$$&$3$H$G$O$J$$$N$+!#(B

$B!!0lJ}!"GHEDD.$G9T$C$?%$%s%?!<%M%C%H$+$i$N?/F~

$B!!30It$+$i$N967b$KBP$7$F$O!"$=$l$J$j$K$7$C$+$j$7$?KI8f$,9T$o$F$$$k$h$&$@!#(B $B$7$+$7LdBj$O!"FbIt$NKvC<$,

$B!!4XO"(B:

• $B=;4p%M%C%H!'(B $BAmL3>J!"D9Ln8)$N8+2rJ,$+$l$k!!?/F~ ($BKhF|(B)

  $BAmL3>J$O!VD#Fb#L#A#N!J9=Fb>pJsDL?.LV!K$NLdBj$r=;4p%M%C%HK\BN$NLdBj$G$"$k$h$&$K$M$86J$2$F!"8XBg$Ke$2$?7k2L$r8xI=$7!"@?$K0d48$@!W$HHsFq$9$k%3%a%s%H$rH/I=$7$?!#(B

  $BAmL3>J$K$O!"%M%C%H%o!<%/%;%-%e%j%F%#$H$$$&$b$N$,A4$/$o$+$C$F$$$J$$$h$&$@!#(B $B$3$s$JCDBN$,$D$/$k(B $B>pJs%;%-%e%j%F%#!<%;%s%?!<(B$B$N

  $BAmL3>J$,FC$K6/D4$7$F$$$k$N$O!"D9Ln8)$N]30$H$7$F$$$?!#(B

  $BAmL3>J$O!V%U%!%$%"%&%)!<%k(B = $B?@!W$H;W$C$F$$$J$$$+(B? $B%U%!%$%"%&%)!<%k$O!V@55,%"%/%;%9!W$KBP$7$F$OL5NO$@!"$H$$$&;v$N0UL#$rM}2r$7$F$$$J$$$h$&$@!#(B

• $B=;4p%M%C%H!'(B $B?/F~2DG=!!:,44MI$i$0KI8n:v(B ($BKhF|(B)

  $B%;%-%e%j%F%#!\$7$$9CFnBgK!3XIt$N1`ED

  $B$=$&$$$&$3$H$G$9$h$M$(!D!D!#(B

  $B=;4p%M%C%H?/F~ ($BKhF|(B)

  $BEDCfCN;v$O2q8+$G!VAmL3>J$H8+2r$,0[$J$k$N$G$"$l$P!"9gF1$G

  $B!Z>\Js![!V8D?M>pJs$N2~$6$s$,2DG=!W!$D9Ln8)$,=;4p%M%C%H?/F~%F%9%H7k2L$r8xI=(B

  $BAmL3>J$O!$(BLASDEC$B$,4IM}$9$k=;4p%M%C%H$H!$<+<#BN$,4IM}$9$kD#Fb(BLAN$B$NLdBj$OJL$G$"$k$H@bL@$7$F$-$?!#$7$+$7!$=;4p%M%C%HMQ$N(BCS$B$d(BCS$BCu67$O?<9o$@!#(B

  $B$U$`$U$`!#(B

  $BD9Ln8)$O(BLASDEC$B$N4F;kBN@)$N4E$5$b;XE&$7$?!#(B11$B7n(B25$BF|$K0$CRB<$N(BCS$B$N4IM}u67$r%A%'%C%/$9$k$?$a$K!$;0F|8e$N(B11$B7n(B28$BF|$K%U%!%$%"%&%)!<%k$N%W%i%0$r0U?^E*$K$O$:$7$?$H$3$m!$!X2?$+$"$j$^$7$?$+!Y$H$h$&$d$/(BLASDEC$B$+$iO"Mm$,Mh$?!#%5!<%P!<$d%U%!%$%"%&%)!<%k$N2TF/>u67$OGD0.$7$F$$$k$,!$IT@5?/F~$N8!CN$K$OBP1~$7$F$$$J$$!W!JD9Ln8)!K$H7kO@$E$1$?!#(B

  $B!V0U?^E*$K%1!<%V%k$rH4$$$?$i$h$&$d$/5$$,$D$$$?(B LASDEC $B$C$F2?$h!W>uBV$J%o%1$G$9$+!D!D!#(B

  $BD9Ln8)$N%F%9%H7k2L$r@\967b$7$?:#2s$N%F%9%H$N$d$jJ}$O!$DL>o$J$i$"$j$($J$$>u67$r:n$j=P$7$F$$$k!#D9Ln8)$O!$=;4p%M%C%H$HD#Fb(BLAN$B$NLdBj$r:.9g$7!$$&$^$/OC$r$9$j$+$($F$$$k!W$HH?O@$7$?!#(B

  $B%U%!%$%"%&%)!<%k$K$?$h$j$9$.$F$$$k$N$OLdBj$G$O$J$$$N$+(B? $B$D!<$+!V(B2004$BG/(B2$B7n!W$C$F2?$h!#(B $B$$$C$?$$$3$N?MC#$O!"$I$N$/$i$$$N<~4|$G(B patch $B$"$F$r$7$F$$$k$N$@$m$&!#(B $B$b$7$+$7$F!"8D!9$N%[%9%H$NMW:I2=$,A4$/B-$j$J$$$N$G$O(B?

$B!!0J22A$N>\:Y(B:

• $B=;4p%M%C%H?/F~J$H9gF1 ($BKhF|(B)

• $B=;4p%M%C%H?/F~2A!!!V8D?M>pJs$O4m81$J>uBV!W(B ($BKhF|(B)

$B!!B>$N<+<#BN$G$b;w$?$j$h$C$?$j!"$"$k$$$O$b$C$H$R$I$$$N$G$J$$$N$+!#(B

$B!!AmL3>J%3%a%s%H(B:

• $B=;4p%M%C%H?/F~;TD.B<$X$N1F6A$J$$!W!!AmL3>J$O0BA4@-6/D4(B ($BKhF|(B)

  $B$J$*!"Bh;02A$G;XE&$5$l$F$$$k(BCS$B$N%;%-%e%j%F%#!<%Q%C%A$NE,MQ$K$D$$$F$O!"==J,$J%7%9%F%`$NF0:n8!>Z$r9T$$!"Aa4|$K%Q%C%A$rE,MQ$9$k$H$H$b$K!"%Q%9%o!<%I$N@_Dj$,IT==J,$J$I$N;XE&$K$D$$$F$b!";T6hD.B<$KBP$70z$-B3$-E,@Z$J5;=QE*;Y1g$r9T$&M=Dj$G$"$k!#(B

  CS $B$,$R$I$/Ie$C$F$$$k$3$H$OAmL3>J$b3NG'$7$?LOMM!#(B $B$^$?!"0BA4@)$N9b$$%Q%9%o!<%I$N@_Dj$r6/@)$9$k$h$&$J;EAH$_$bF~$l$i$l$F$$$J$+$C$?$3$H$b8+$F$H$l$k!#(B

  $B$5$i$K!"%7%9%F%`E*$K$O!"A`:nZ$,$J$$$H=;4p%M%C%H$N8D?M>pJs$r0z$-=P$9$3$H$,$G$-$J$$$h$&$K$9$kEy!"3FHL$N%;%-%e%j%F%#!$K;T6hD.B<$ND#Fb(BLAN$B$K967bCe$N8D?M>pJs$rEp$_8+$k$3$H$O$G$-$J$$!#(B

  $B$=$N!VA`:n$s$6$$$J<+<#BN$O>/$J$/$J$$$N$G$O(B?

$B!!;38}1Q@h@8%3%a%s%H(B:

• $B=;4p%M%C%H?/F~ ($BKhF|(B)

$B!!H?1~(B:

• $B=;4p%M%C%H?/F~ (slashdot.jp)

$B!!$G!"C/$b2?$b;XE&$7$F$$$J$$$h$&$G$9$1$I!"=;4p%M%C%H$,(B Windows NT $B$GF0$$$F$$$k$H$$$&OC$O$=$N8e$I$&$J$C$F$$$k$s$G$7$g$&!#(B2000 $B$H$+(B XP / Server 2003 $B$X$N>h$j$+$($O40N;$7$F$$$k$s$G$7$g$&$+!#$b$&$9$0(B NT $B$N(B patch $B$O=P$J$/$J$k$s$G$9$,!#$^$"!"(Bpatch $B$"$C$F$b$J$/$F$bF1$8$C$]$$$G$9$1$I!#(B

2003.12.17 $BDI5-(B:

• $B=;4p%M%C%H!=!=?)$$0c$&0U8+$NCf$G8+$($F$-$?(B2$B$D$N3V$?$j(B (ZDNet)

  Windows 2000$B$r%Y!<%9$H$7$F$$$k(BCS$B%5!<%P$G$O!"J#?t$N%Q%C%A$,E,MQ$5$l$F$$$J$+$C$?!#$3$N$?$a!"0-MQ%W%m%0%i%`$rDL$8$F%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$7!"4IM}

  $B$*!<(B Windows 2000 $B$J$s$@!#A4$F$N(B CS $B$O(B Windows 2000 $B$J$N$+$J$"!#(B

  $BCN;v2q8+!V;TD.B<%M%C%H%o!<%/$N0BA4@-D4::$K$D$$$F!W(B ($BD9Ln8)(B) $B$O!"8+$F$*$+%J%$%H$@$a$N$h$&$G$9!#(B

$B!!(B2004.01.16 $B$G=*N;!#$^!"$=$f$3$H$G!A(B ($B@<(B: $B%/%l%h%s$7$s$A$c$s(B)$B!#(B $B$I$&$7$F$b;H$$$D$E$1$J$$$H$@$a$J>l9g$O!"(BPersonal Firewall $B$d(B Anti Virus $B$d(B Anti Trojan $B$G>h$j@Z$k$s$G$9$+$M$(!#(B $B$^$"!"%9%?%s%I%"%m%s$G;H$&$N$J$i!"$=$N$^$^$G$bJL$K$$$$$H;W$$$^$9$1$I$M!#(B $B$^$@$7$P$i$/$O(B Anti Virus $B$bBP1~$5$l$k$h$&$G$9$7!#(B

• $B%^%$%/%m%=%U%H!"(BWindows 98$B$N%5%]!<%H$r(B2004$BG/(B1$B7n(B16$BF|$K=*N;(B

  Windows Me$B$G$O(B2003$BG/(B12$B7n(B31$BF|$G%a%$%s%9%H%j!<%`%U%'!<%:$,=*N;!#M-=~%5%]!<%H$d%;%-%e%j%F%#=$@5%W%m%0%i%`$N?75,Ds6!$O(B2004$BG/(B12$B7n(B31$BF|$^$G$H$J$C$F$$$k!#(BWindows NT Workstation 4.0$B$G$O!"@=IJ%5%]!<%H$O(B2003$BG/(B6$B7n(B30$BF|$G=*N;!#(BSP6a$B$KBP$7$F$N$_?75,%;%-%e%j%F%#=$@5%W%m%0%i%`$r(B2004$BG/(B6$B7n(B30$BF|$^$GDs6!$9$k$H$$$&!#$^$?!"@=IJ%5%]!<%H$r(B2003$BG/(B6$B7n(B30$BF|$K=*N;$7$F$$$k(BWindows 2000 SP2$B$K$*$$$F$b%;%-%e%j%F%#=$@5%W%m%0%i%`?75,Ds6!$r(B2004$BG/(B6$B7n(B30$BF|$^$G1dD9$7$?!#$J$*!"(BWindows 2000$B$N:G?7%P!<%8%g%s$G$"$k(BSP4$B$O!"(B2005$BG/(B3$B7n(B31$BF|$^$G%a%$%s%9%H%j!<%`%U%'!<%:$,@_Dj$5$l$F$$$k!#(B

  Me $B$OMhG/$$$C$Q$$$@$7!"(BNT 4.0 SP6a $B$b(B 2004.06.30 $B$G%;%-%e%j%F%#(B fix $BBG$A$I$a!"$C$F$3$H$G!#(B$B:#EY$3$=(B$B!"(BNT 4.0 $B$O=*N;$9$k$s$G$9$+$M$(!#(B

• Windows 98$B$N%Q%C%A!"%5%]!<%H=*N;8e$G$b(BBlaster$B5i$J$iDs6!$b(B

  $B$h$[$I$N$3$H$,$J$$8B$j=P$7$^$;$s!"$H$$$&0UL#$@$m$&!#(B $B$5MhG/$K(B Blaster $B5i$,Mh$F$b$d$C$Q$j=P$5$J$$$@$m$&$7!#(B $B$^$"!"(BBlaster $B$O(B Windows 9x $B$K$O4X78$J$+$C$?$s$G$9$,(B ($B>P(B)$B!#(B

$B!!!V(BWindows 98 $B8z2L!W$G(B Personal Firewall $B$NGd>e$,>e$,$C$?$j$9$k$H$*$b$7$m$$$s$@$1$I$J$"!#(B

$B!!(BNOD32 $B%P!<%8%g%s(B 2.000.8 (2003.12.09 00:00$B!A(B20:00 $B$N4V8x3+!"8=:_$O8x3+Dd;_(B) $B$G!"(B

• $B%7%c%C%H%@%&%s;~$K%V%k!<%5%s%@!$B%"%s%$%s%9%H!<%k$9$k$H!"!V%"%W%j%1!<%7%g%s$NDI2C$H:o=|!W$NFbMF$,:o=|$5$l$k(B

$B$H$$$&7g4Y$,H/@8$9$kLOMM!#5l%P!<%8%g%s(B 2.000.6 $B$G$O$3$N7g4Y$OH/@8$7$J$$$=$&$@!#(B

$B!!3:Ev$9$k%P!<%8%g%s$rMxMQ$7$F$$$k>l9g$O!"=$@5%b%8%e!<%k$,G[I[$5$l$F$$$k$N$G>e=q$-%$%s%9%H!<%k$9$l$P$h$$!#$^$?!V%7%c%C%H%@%&%s;~$K%V%k!<%5%s%@!l9g$O!"=$@5%b%8%e!<%k$N>e=q$-%$%s%9%H!<%k8e$K(B 2000.6 $B$r:F%$%s%9%H!<%k$9$k!#(B

$B!!$=$l$K$7$F$b!"(BNOD32 $B%9%l(B (2ch.net) $B$O$J$<$3$s$J$K9S$l$k$s$@$m$&!#(B

IE$B$K(BURL$B$r56Au$G$-$k%Q%C%AL$8x3+$N@H

Safari 1.0 $B$N!V%9%F!<%?%9%P!<(B: $B!{!W$O!";d$N;v

$BDGL>$5$s$+$i$N(B Opera 6.05 $B$H(B Netscape Communicator 4.75 $B$N>pJs$rDI5-!#(B IE 5.2.3 for Mac OS X $B$K$D$$$F$b5-:\!#(B

$B!!(BCanna 3.7 $BEP>l!#(B

$B!&%5!<%P$N%;%-%e%j%F%#!<%[!<%k$r=$@5$7$^$7$?!#(B
($BCfN,(B)
$B!&%/%i%$%"%s%H$+$iIT@5$J%j%/%(%9%H$rAw$i$l$k$H!"%P%C%U%!%*!<%P!<%U%m!<$r5/$3$7$?$j!"FbIt>pJs$,O3$l$?$j$9$k$H$$$&%;%-%e%j%F%#LdBj$r=$@5$7$^$7$?!#(B

$B!!5!G=E*$K$O!"(BAPI $B$,?7$7$/$J$C$?$j$7$F$$$k$=$&$G!#(B http://canna.sourceforge.jp/canna37patches/ $B$K!"?7(B API $BBP1~(B patch $B$,$"$k$=$&$G$9!#(B

$B!!(BMS03-026 $B$r$O$8$a$H$9$k(B RPC $B7j$,=P$k$?$S$K!V(Bhigh port $B$+$i?/F~$5$l$k$3$H$O$J$$$N$+(B?$B!W$H$$$&OCBj$,=P$F$$$?$h$&$K;W$&$,!"$I$&$d$i(B MS03-049 $B$K$D$$$F$O$=$NJ}K!$,B8:_$9$kLOMM!#$^$?(B broadcast address $B8~$1$N(B UDP $B%Q%1%C%H$rMxMQ$7$?967b$b2DG=$i$7$$!#(B

$B!!$H$j$"$($:!"4{CN$N7j$K4X$9$k(B patch $B$r$-$A$s$HE,MQ$7$F$*$-$^$7$g$&!#(B $B$3$NJ8=q$GMS03-001$B!"(B MS03-026$B!"(B MS03-043$B!"(B MS03-049 $B$G$9!#(B

2003.12.16 $BDI5-(B:

$B!!(BUNYUN $B$5$s$K$h$k8!>Z7k2L$,!"(BThe Shadow Penguin Security Technical Forum $B$G8x3+$5$l$F$$$^$9!#>/$J$/$H$b(B high port $B$KBP$9$k967b$O!"3N$+$K

$B!!$U$D$&!"(Bweb $B%a!<%k$b$N$G$O!"%a!<%k$K4^$^$l$k%9%/%j%W%H$rL58z2=$9$k$h$&$KAH$s$G$"$k$N$@$,!"J#?t$N(B web $B%a!<%k$b$N$K!"$=$NL58z2=

• Finjan Software Discovers a New Critical Vulnerability In Yahoo E-mail Service

  $BDL$C$F$7$^$&Nc$H$7$F5s$2$i$l$F$$$k$N$O$3$&$$$&$b$N$G$9(B:

  <input type="text" size=80 value="XSS Yahoo Mail" style="\000062 ackground-image:url('java\73 crip\t\3A

  $B$&!<$`!#(B

  The initial tip was received from "stardust (hoshikuzu)"

  $B$*$)!#(B

• $B?7$7$$(BXSS$B@H (hoshikuzu|stardust$B$N=q:X(B)

• $B$O$F$J%@%$%"%j!<(BXSS$BBP:v(B ($B$O$F$J%@%$%"%j!<(B)

  1 $B$D$:$DCzG+$K=hM}$7$F$"$2%J%$%H!"$H$$$&$3$H$J$N$+$J!#(B

2003.12.19 $BDI5-(B:

$B!!4XO"(B: $B!V(BCSS2 $B$N%P%C%/%9%i%C%7%e$N07$$!W(B ($B$($SF|5-(B)$B!#(B $B$&!<$`!D!D!#(B

• $B!U(B Opera 7$B$KG$0U$N%U%!%$%k$r:o=|$G$-$k@H (Internet Watch)$B!#:G?7$N(B Opera 7.23 $B$G(B fix $B$5$l$F$$$k$=$&$@!#(B

• $B!U(B CISCO $B$M$?(B

  • Cisco Security Advisory: Unity Vulnerabilities on IBM-based Servers
  • Cisco Security Advisory: Vulnerability in Authentication Library for ACNS

  $B>\:Y$O(B$B!3#R%NF|5-(B$B$r;2>H!#(B

• $B!U(B #62: CERT CA-2003-26 $B5Z$S0JA0$N(B SSL$BLdBj$KBP$9$k(B SSL$B$N99?7(B (Oracle)$B!#(B

• $B!U(B SOAP $B$M$?(B

  • Multiple Vendor SOAP server (XML parser) attribute blowup DoS

    IBM WebSphere 5.0.[0-2] / 5.0.2.1, Microsoft ASP.NET Web Services (.NET framework 1.[01]), Macromedia ColdFusion MX 6.[01] / JRun 4 $B$N7g4Y$@$=$&$G$9!#(B patch $B$"$k$$$OBP1~:v$,<($5$l$F$$$^$9!#(B

  • Multiple vendor SOAP server (XML parser) denial of service (DTD parameter entities)

    IBM WebSphere 5.0.0, Microsoft ASP.NET Web Services (.NET framework 1.[01]) $B$N7g4Y$@$=$&$G$9!#(B patch $B$"$k$$$OBP1~:v$,<($5$l$F$$$^$9!#(B

IE$B$K(BURL$B$r56Au$G$-$k%Q%C%AL$8x3+$N@H

$B$9$$$^$;$s!"$$$m$$$m$$$8$C$F$^$9!#(B $B!V%F%9%H7k2L$,9g$o$J$$$s$G$9$1$I!W7O$N5?Ld$K$D$$$F$O!"(B $B%F%9%HBP>](B URL $B$rL@5-$7$^$7$?$N$G!"$=$l$G%A%'%C%/$7$F$_$F$/$@$5$$$^$7!#(B

$B!!85%M%?(B:

• Internet Explorer URL parsing vulnerability

  IE $B$K!"%"%I%l%9%P!<$NI=<(FbMF$r56Au$G$-$k7g4Y!#(B $B%G%b%Z!<%8(B: http://www.zapthedingbat.com/security/ex01/vun1.htm$B!#MW(B JavaScript$B!#(B [Test Exploit] $B$r%/%j%C%/$9$k$H(B http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm $B$K%"%/%;%9$9$k$N$@$,!"%"%I%l%9%P!<$NI=<($O!D!D!#(B

• $B%9%F!<%?%9%P!<$r$b56Au$G$-$k(B$B%G%b%3!<%I(B$B!#(B $B%9%F!<%?%9%P!<56Au$K$D$$$F$O(B Netscape 7.1 $B$b$R$C$+$+$j$^$9$M!#(B

• KDE 3.2 Beta 2 $B%?%0$,$D$/A0$N!"(B11 $B7n=i=\$N(B KDE $B$KIUB0$9$k(B Konqueror $B$K$bF1MM$N7g4Y$,$"$k$H$$$&(B$B%U%)%m!<(B$B!#(B

• Mac OS $BMQ(B MSIE $B$O@5>o$@!"$H$$$&(B $B%U%)%m!<(B$B!#(B

• http-equiv@excite.com $B;a$K$h$k(B$B%G%b%3!<%I(B$B!#(B

$B!!$H$$$&$o$1$G!"56(B web $B%5%$%H$rMxMQ$7$?:>5=$J$I$K$b$C$F$3$$$N7g4Y$N$h$&$K8+$($^$9!#BP:v$H$7$F$O!"%"%/%F%#%V%9%/%j%W%H(B / JavaScript $B$rL58z$K$7$?>e$G!"$3$N7g4Y$N$J$$%V%i%&%6$r;H$&!"$K$J$k$N$G$7$g$&!#(B

$B!!$7$+$7!"(BSecunia Advisory SA10289: Internet Explorer System Compromise Vulnerabilities $B$K$D$$$F(B

$B%^%$%/%m%=%U%H

$B$H$$$&$N$O$$$?$@$1$^$;$s$M!#%G%b%3!<%I$,8x3+$5$l$F$$$k$K$b$+$+$o$i$:!V6[5^EY$ODc!W$$$H$O!#(B

$B$5$i$KKh7n$N=$@5%W%m%0%i%`G[I[$K$D$$$F$b8@5Z!#!V:#8e$O!"G[I[%9%1%8%e!<%k$r8=:_$N(B1$B%+7n$K(B1$BEY$+$i(B3$B%+7n$4$H!"$b$7$/$OH>G/$4$H$KJQ99$9$k$3$H$b9M$($F$$$k!W$H%3%a%s%H$7$?!#(B

$B!!7j$"$j$N$^$^(B 6 $B$+7nJ|CV%W%l%$$r8!F$!"$G$9$+!#$$$d$O$d!#(B

2003.12.11 $BDI5-(B:

$B!!(B$B?eL57n$P$1$i(B$B$5$s$+$i>pJs$r$$$?$@$-$^$7$?(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B%9%/%j%W%H$rL58z$K$7$F$bKI$2$J$$>l9g$,$"$k$h$&$G$9!#%9%/%j%W%H$r;HMQ$;$:!"(BHTML $B$KD>@\=q$$$F$7$^$&$$$&%Q%?!<%s$G$bF1MM$N967b$,$G$-$^$9!#0J2<$K>pJs$,$"$j$^$9!#(B
http://d.hatena.ne.jp/hoshikuzu/20031210#p3

$B!!0J2<$O;d$,:n$C$?%G%b$G$9$,!"(B
http://altba.com/bakera/bug/nul-url.html

$B!!$3$l$r(B WindowsXP + MSIE6$B!"%9%/%j%W%HL58z$N4D6-$G;n$7$?$H$3$m!"$A$c$s$H(B (?) microsoft.com $B$N(B URL $B$,I=<($5$l$^$7$?!#(B

$B!!$J$*!"$3$N967b$O(B MSIE4 $B0J9_A4$F$G2DG=$J$h$&$G$9!#(B
$B!!(BMSIE3 $B$G$OBLL\$@$C$?$H$$$&Js9p$,$G$F$$$^$9!#(B:-)
http://altba.com/bakera/hatomaru.aspx/htmlbbs/article/1317

$B!!$^$?!"AG$N(B MSIE $B$G$O$J$/!"%?%V%V%i%&%6$r;HMQ$7$F$$$k$H5sF0$,0c$&$H$$$&>pJs$b$"$j$^$9!#(B
http://znz.s1.xrea.com/t/?date=20031211#p01

$B!!(B$B#1#27n#1#1F|DI5-#3!]!]!]56AuEY%"%C%W$N4,!]!]!](B (hoshikuzu|stardust$B$N=q:X(B) $B$O6/Nu$9$.$^$9$M!#(B $B!V8=>u$N(B IE $B$O4m81$9$.$F;H$$$b$N$K$J$i$J$$!W$H8@$$@Z$C$F$7$^$C$F$h$$$G$7$g$&!#(B $B$$$d$O$d!#(B $B$3$N%G%b$N>l9g$O!"(BIE 5.01 / 5.5 $B$@$H%"%I%l%9%P!<$,!V(Bhttp://www.cnn.com%2FUS%00$B!W$K$J$k$N$G!"$b$7$+$7$?$i!V$J$s$8$c$3$j$c!W$H5$$,$D$1$k$+$b$7$l$^$;$s$,!"(BIE 6 $B$@$H$=$l$9$i$"$j$^$;$s$M!D!D!#(B

$B!!(BOpera 7.23 $B$@$H(B$B$3$s$J%@%$%"%m%0(B$B$,I=<($5$l$^$9(B ($B1Q8lHG$@$H(B$B$3$s$J46$8(B)$B!#$3$l$O$$$$46$8$G$9$M$(!#(B

$B!!$^$H$a$k$H!"$3$s$J46$8$G$7$g$&$+!#%F%9%HBP>]$O(B $B#1#27n#1#1F|DI5-#3!]!]!]56AuEY%"%C%W$N4,!]!]!](B (hoshikuzu|stardust$B$N=q:X(B) $B$N!V(Bhttp://www.cnn.com/US/$B!W$G$9!#(B $B%9%F!<%?%9%P!<$K$D$$$F$O!"%/%j%C%/A0$NI=<($GH=Dj$7$^$7$?!#(B $B!_$O7g4Y$"$j!"!{$O7g4Y$J$7$G$9!#(B

$B%V%i%&%6(B	$B%"%I%l%9%P!<(B	$B%9%F!<%?%9%P!<(B	$B%W%m%Q%F%#(B ($B%Z!<%8>pJs(B)	$BFC5-;v9`(B
IE 5.01 SP3 + hotfix	$B!_(B	$B!_(B	$B!_(B	$B%"%I%l%9%P!<$O(B %2FUS%00 $B$N$h$&$K$J$k(B
IE 5.5 SP2 + hotfix	$B!_(B	$B!_(B	$B!_(B	$B%"%I%l%9%P!<$O(B %2FUS%00 $B$N$h$&$K$J$k(B
IE 6 SP1 + hotfix	$B!_(B	$B!_(B	$B!_(B	$B$@$a$9$.(B
Netscape 7.1	$B!{(B	$B!_(B	$B!{(B	$B!!(B
Mozilla 1.5	$B!{(B	$B!_(B	$B!{(B	$B!!(B
Opera 7.23	$B!{(B	$B!{(B	$B!{(B	$B%@%$%"%m%0$bI=<($5$l$k(B ($BF|K\8l(B$B!"(B$B1Q8l(B)
Safari 1.0	$B!{(B	$B!_(B	$B!{(B	$B!V9=@.%U%!%$%k0lMw!W$r%W%m%Q%F%#$H$7$F07$C$?(B
IE 5.1.7 for Mac OS 8/9	$B!{(B	$B!_(B	$B5!G=$J$7(B?	$B!!(B
IE 5.2.3 for Mac OS X	$B!{(B	$B!_(B	$B5!G=$J$7(B?	$B!!(B
Opera 6.05	$B!{(B	$B!{(B	$B5!G=$J$7(B?	$B%@%$%"%m%0$bI=<($5$l$k$,!"Cf?H$,$J$$(B ($BF|K\8l(B)
Netscape Communicator 4.75	$B!{(B	$B!{(B	$B!{(B	$B!!(B

$B!!$J$*!"(BWindows$BHG(BInternet Explorer$B$K(BURL$B$r56Au$G$-$F$7$^$&@H ($B%j%s%/$H$+HwK:O?$H$+F|5-$H$+(B) $B$K$h$k$H!"(BSafari 1.1 $B$G$O%9%F!<%?%9%P!<$b!V!{!W$N$h$&$G$9!#(B

$B!!(BJavaScript $BHG(B ($B%"%I%l%9%P!<(B + $B%9%F!<%?%9%P!<56Au(B) $B$G$N7k2L$b5-:\$7$F$*$-$^$9!#(Bhttp://www.st.ryukoku.ac.jp/~kjm/test/citibank.html $B$G;n$;$^$9!#(B

$B%V%i%&%6(B	$B%"%I%l%9%P!<(B	$B%9%F!<%?%9%P!<(B	$B%W%m%Q%F%#(B ($B%Z!<%8>pJs(B)	$BFC5-;v9`(B
IE 5.01 SP3 + hotfix	$B!_(B	$B!_(B	$B!_(B	$B$@$a$9$.(B
IE 5.5 SP2 + hotfix	$B!_(B	$B!_(B	$B!{(B	$B!!(B
IE 6 SP1 + hotfix	$B!_(B	$B!_(B	$B!{(B	$B!!(B
Netscape 7.1	$B!{(B	$B!_(B	$B!{(B	$B!!(B
Mozilla 1.5	$B!{(B	$B!_(B	$B!{(B	$B!!(B
Opera 7.23	$B!{(B	$B!_(B	$B!{(B	$B%@%$%"%m%0$bI=<($5$l$k(B
Safari 1.0	$BF0$+$J$$(B	$B!_(B	$B!!(B	$B!!(B
IE 5.1.7 for Mac OS 8/9	$B!{(B	$B!_(B	$B5!G=$J$7(B?	$B!!(B
IE 5.2.3 for Mac OS X	$B!{(B	$B!_(B	$B5!G=$J$7(B?	$B!!(B
Opera 6.05	$B!{(B	$B!_(B	$B5!G=$J$7(B?	$B%@%$%"%m%0$bI=<($5$l$k$,!"Cf?H$,$J$$(B ($BF|K\8l(B)
Netscape Communicator 4.75	$B!{(B	$B!_(B	$B!{(B	$B!!(B

$B!!(BJavaScript $B$,M-8z$J>l9g$K$O!"%9%F!<%?%9%P!<$OA4$/?.MQ$G$-$J$$$h$&$G$9$M!#(B $B$$$d$O$d!#!V(Bstatic $B$J(B href $B$H(B onClick $B;~$N(B href $B$,0[$J$k>l9g$K$O7Y9p$r=P$9!W$h$&$J%*%W%7%g%s(B ($B%G%U%)%k%H$GM-8z(B) $B$,$"$k$H$$$$$N$+$J$"!#(B

2003.12.12 $BDI5-(B:

$B!!(Bmiata $B$5$s$+$i>pJs$rD:$-$^$7$?(B ($B$"$j$,$H$&$4$6$$$^$9(B):

Opera$B$K$b%9%F!<%?%9%P!<$O$"$j$^$9!#(B [$BI=<((B]->[$B%9%F!<%?%9%P!<(B]$B$G!V>e$KI=<(!W!V2<$KI=<(!W!VI=<($7$J$$!W$+$iA*Br$G$-$^$9!#(B

$B!!!V2<$KI=<(!W$K@_Dj$7$F$+$i;n$7$F$_$?$,!"F1MM$K@5$7$$7k2L$,F@$i$l$?$N$G!"",$G$&$@$&$@=q$$$F$$$?ItJ,$r%3%a%s%H%"%&%H$7$?!#(B

$B!!%F%9%H$KMQ$$$?$b$N$H!"!{!_$N0UL#$,ITL@3N$@$C$?$N$GDI5-$7$^$7$?!#(B IE 5.01 / 5.5 / 6 $B$r!"%P!<%8%g%sL@5-$N>e$GJ,N%$7$F5-=R$9$k$h$&$K$7$^$7$?!#(B Netscape 7.1 $B$H(B IE 5.1.7 for Mac OS 8/9 $B$G$N7k2L$rDI2C$7$^$7$?!#(B

$B!!CSED$5$s$+$i%W%m%Q%F%#$K4X$9$k;XE&$rpJs$rDI5-$7$^$7$?!#$^$?:;Lm(B16$B:P$5$s$+$i(B URI$B56Au%P%0(B ($B:;Lm(B16$B:P$5$s(B) $B$r65$($F$$$?$@$$$?$N$G!"(BJavaScript $BHG(B ($B%"%I%l%9%P!<(B + $B%9%F!<%?%9%P!<56Au(B) $B$G$N7k2L$b$^$H$a$F$*$-$^$7$?!#(B $BDGL>$5$s$+$i$$$?$@$$$?>pJs$O!"%F%9%HBP>]$,$$$^$$$AITL@$J$N$G!"0lC6%3%a%s%H%"%&%H$7$F$"$j$^$9(B ($B$4$a$s$J$5$$(B)$B!#(B

2003.12.13 $BDI5-(B:

$B!!(BSafari 1.0 $B$N!V%9%F!<%?%9%P!<(B: $B!{!W$O!";d$N;v

• URI$B56Au%P%0(B ($B:;Lm(B16$B:P$5$s(B)

$B!!DGL>$5$s$+$i(B Opera 6.05 $B$H(B Netscape Communicator 4.75 $B$N>pJs$r?7$?$a$FD:$-$^$7$?(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$N$G!"",$NI=$KDI2C$7$F$*$-$^$7$?!#(B $B$^$?!"(BIE 5.2.3 for Mac OS X $B$K$D$$$F$b5-:\$7$F$*$-$^$7$?!#(B

2003.12.17 $BDI5-(B:

$B!!(BMicrosoft KB $BEP>l(B:

• 833786 - $B@.$j$9$^$7$?(B Web $B%5%$%H$+8+J,$1$k (Microsoft)
• MS$B!"(BIE$B$N(BURL$B$r56Au$G$-$k@H (Internet Watch)
• IE$B@H>N%5%$%H$KCm0U!*(B (Internet Watch)

$B!!$7$+$7!"$3$l!"$=$b$=$b$=$N(B web $B%Z!<%8$,%"%d%7%$$3$H$K5$$,$D$1$J$$$H$I$&$7$h$&$b$J$$$o$1$G!#BP:v$H$7$F$Ol9g$K$O!"(BHTML $B%a!<%k$O%F%-%9%H$K$7$FFI$`$N$,$h$$$G$7$g$&!#(B

• HTML$B%a!<%k$r%F%-%9%H7A<0$GFI$_=P$9(B (@IT)

$B!!$=$l$K$7$F$b!"$J$<(B Internet Watch $B$G$O!V(BMozilla $B$d(B Opera $B$G$O$3$3$^$G$R$I$/$O$J$$!W$H$$$&OC$,>R2p$5$l$J$$$s$@$m$&!#IT;W5D$@!#(B

2003.12.18 $BDI5-(B:

$B!!(BOpera 7 $B$G$N%Z!<%8>pJs$NI=<($N;EJ}$rF?L>4uK>$5$s$K65$($F$$$?$@$$$?(B ($B$"$j$,$H$&$4$6$$$^$9(B) $B$N$GI=$r2~D{!#(B Opera 7.23 $B$G$N%Z!<%8>pJs$O!{$@$C$?!#(B $B$=$NJ}K!(B: [$BI=<((B] $B%a%K%e!<$N(B [$B%[%C%H%j%9%H(B] $B$G!V%Z!<%8>pJs!W$r%A%'%C%/$9$k$H!"%[%C%H%j%9%H$K!V%Z!<%8>pJs!W$H$$$&9`L\$,$G$-$k$N$G!"$3$l$G3NG'$G$-$k!#(B

2003.12.21 $BDI5-(B:

$B!!(BInternet Security Systems Security Alert: Microsoft Internet Explorer URL Spoofing Vulnerability (ISS) $BEP>l!#$3$N7g4Y$r2sHr$9$k$?$a$N%W%m%0%i%`$,(B ISS $B$+$iG[I[$5$l$F$$$k!#(B Product Utilities $B$N(B Microsoft Internet Explorer domain URL spoofing filter $B$,$=$l!#(B ActiveX $B%3%s%H%m!<%k$H$7$F

$B!!l9g$H$O7k2L$,0[$J$k$h$&$K$J$k(B (^^;)$B!#(B $B56Au@h$,(B https: $B$J>l9g$O!"0l=V$=$N%5%$%H$K%"%/%;%9$7$F$7$^$&$h$&$@!#(B

2004.01.05 $BDI5-(B:

$B!!(BNAI VirusScan $B$N(B $B%&%#%k%9Dj5A%U%!%$%k(B 4311 $B0J9_$G!"$3$N7g4Y$KBP1~$5$l$F$$$k!#(B

• Exploit-URLSpoof (NAI)

$B!!$3$s$J46$8$GI=<($5$l$k(B:

2004.01.28 $BDI5-(B:

$B!!(BIE $BMQ(B fix $B$,6aF|EP>l$N$h$&$G$9(B: 834489 - Microsoft plans to release a software update that modifies the default behavior of Internet Explorer for handling user information in HTTP and HTTPS URLs $B!#$^$"!"(Bfix $B$H$$$&$h$j$O;EMMJQ99(B (URL $B$G$N(B username:password $B$rL58z$K$9$k(B) $B$J$N$G$9$,!"$3$l$@$10-MQ$5$l$F$$$k0J>e!";EJ}$J$$$N$G$7$g$&!#(B

$B!!$^$?(B koricoli $B$5$s$K$h$k$H(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B)$B!"@h$4$mEP>l$7$?(B Mozilla 1.6 $B$G$O!"%9%F!<%?%9%P!<$K$D$$$F$b(B $B!{(B $B$K$J$C$F$$$k$=$&$G$9(B (koricoli $B$5$s$K$h$k%-%c%W%A%c2hA|(B)$B!#(B

2004.02.12 $BDI5-(B:

$B!!(BInternet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#=$@5%W%m%0%i%`(B (832894) (MS04-004) (Microsoft) $BEP>l!#(Bfix $B$5$l$?!"$H$5$l$F$$$^$9!#(B CVE: CAN-2003-1025 $B$@$=$&$G!#(B

$B%V%i%&%6(B	$B%"%I%l%9%P!<(B	$B%9%F!<%?%9%P!<(B	$B%W%m%Q%F%#(B ($B%Z!<%8>pJs(B)	$BFC5-;v9`(B
IE 5.01 SP4 + MS04-004	$B!{(B	$B!_(B	$B!{(B	$B!!(B
IE 5.5 SP2 + MS04-004	$B!{(B	$B!_(B	$B!{(B	$B!!(B
IE 6 SP1 + MS04-004	$B!{(B	$B!_(B	$B!{(B	$B!!(B

$B!!%9%F!<%?%9%P!<$O$"$$$+$o$i$:$@$a$G$9$7!"%"%I%l%9%P!<$K$D$$$F$b!"(B fix $B$H$$$&$h$j$O!V(BURL $B$G$N(B username:password $B$rL58z$K$7$?!W$@$1!"$N$h$&$K8+$($^$9!#834489 - Internet Explorer $B$G(B HTTP URL $B$H(B HTTPS URL $B$N%f!<%6!<>pJs$r=hM}$9$k:]$N%G%U%)%k%H$NF0:n$rJQ99$9$k%=%U%H%&%'%"%"%C%W%G!<%H$N%j%j!<%9$K$D$$$F(B (Microsoft) $B$K$"$k%l%8%9%H%j%(%s%H%j$r@_Dj$7$F!V(BURL $B$G$N(B username:password $B$rI|3h!W$5$;$k$H!"8+;v$K$@$a$@$a$G$9!#(B

$B!!8D?ME*$K$O!"(BMS04-004 $B$rE,MQ$7$?>e$G!"(B ISS $B$N(B Microsoft Internet Explorer domain URL spoofing filter $B$bJ;MQ$7$?J}$,$h$$$h$&$K;W$$$^$9!#(B 2 $B=E$Ko$KI=<($5$l$^$9!#(B $B$J$*!"(BISS $B$N%U%#%k%?$r%"%s%$%s%9%H!<%k$9$k$K$O!"%$%s%9%H!<%i$r:FEY5/F0$7$^$9!#(B

$B!!$5$i$K!"(B3rd $B%Q!<%F%#%"%W%j$rJ;MQ$7$F$$$k>l9g$K!"(BMS04-004 $B$,L58z2=$5$l$F$7$^$&>l9g$,$"$k$h$&$G$9!#(B MS04-004$B$N=$@5%W%m%0%i%`$OIT40A4(B? (CNET) $B$r;2>H$7$F$/$@$5$$!#e=q$-$J$N$G$7$g$&$,!#NoH~$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$5$i$K$5$i$K!"(BNAI VirusScan $B$N(B $B%&%#%k%9Dj5A%U%!%$%k(B 4311 $B0J9_$G$NBP1~$@$,!"$I$&$d$iIT==J,$N$h$&$@!#(B

• Exploit-URLSpoof $BB3Js(B ($B$($`$b$8$i(B news)

$B$B$G$b;n$7$F$_$?$H$3$m!"(B2 $BHVL\(B$B$H(B 4 $BHVL\(B ($B$$$:$l$b(B non-JavaScript $BHG(B) $B$r8!=P$7$F$/$l$J$$$h$&$@!#(B $B%9%?!<%@%9%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BSun J2SE $B$K4^$^$l$k(B VeriSign $B$N(B CA $B>ZL@=q$N0lIt$,(B 2004.01.07 $B$G<:8z$7$F$7$^$&$H$$$&OC!#(BJ2SE 1.4.1_06 / 1.4.2_03 $B$G=$@5$5$l$?LOMM!#(B

• J2SE 1.4.2_03 $B%j%j!<%9%N!<%H(B$B!"(B$B%@%&%s%m!<%I(B
• J2SE 1.4.1_06 $B%j%j!<%9%N!<%H(B$B!"(B$B%@%&%s%m!<%I(B

2004.01.06 $BDI5-(B:

$B!!(BOracle $B@=IJ$K$bF1$8LdBj$,$"$C$?$h$&$G$9!#;07nEF$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• VeriSign$B$N%k!<%H>ZL@=q$NM-8z4|8B$K$D$$$F(B (oracle.co.jp)
• Verisign CA$B%k!<%H>ZL@=q!!4|8B@Z$lLdBj$N@bL@(B ($BF|N)(B)

$B!!C/$G$b4JC1$K

Lot of traffic after installing bind 8.4.3 on sparc

$B>\:Y>pJs(B: BIND 8.4.3 $B$NLdBj$K$D$$$F(B (JPRS)$B!#(B Solaris $B$@$+$i$I$&$3$&$H$$$&OC$G$O$J$+$C$?$h$&$G$9!#(B

$B!!2M6u@A5a%b%N$b!"$I$s$I$s?J2=$7$F$$$k$h$&$G$9!#5$$r$D$1$^$7$g$&!#(B

Linux kernel do_brk() lacks argument bound checking

Fedora Core 1: [SECURITY] Updated Fedora Core 1 kernel packages.

• $B!U(B GnuPG 1.2.3, 1.3.3 external HKP interface format string issue$B!#(B $BLdBj$N5!G=(B "external HKP inteface" $B$O!"(B $B0BDjHG(B 1.2.x $B$G$O%G%U%)%k%HL58z!"3+H/HG(B 1.3.x $B$G$O%G%U%)%k%HM-8z!#(B $B$h$C$F!"$[$H$s$I$N?M$K$OL54X78$H;W$o$l!#(B

• $B!U(B [Full-Disclosure] [SCSA-022] Multiple vulnerabilities in Xoops$B!#(B XOOPS 1.3.x, 2.0.x$B!A(B2.0.5 $B$K7g4Y!#(B SQL Injection $B$,2DG=!"%m!<%+%kJQ?t$r:FDj5A2DG=!"%P%J!<$N(B URL $B$rJQ992DG=!#(B 2.0.5.1 $B$G(B fix $B$5$l$F$$$k!#(B

  11/22/2003: Version 2.0.5.1
  ===============================
  - Security fix in banners.php (onokazu)
  - Security fix in modules/newss/include/forumform.inc.php (onokazu)
  - Security fix in include/common.php (onokazu)
  - Security fix in include/functions.php (onokazu)

• $B!U(B CVS security update (cvshome.org)

  • 2003-12-05: CVS Feature Version 1.12.3 Released! (security update)
  • Stable CVS Version 1.11.10 Released! (security update)

  SERVER SECURITY ISSUES
  
  Malformed module requests could cause the CVS server to attempt to create directories and possibly files at the root of the filesystem holding the CVS repository. Filesystem permissions usually prevent the creation of these misplaced directories, but nevertheless, the CVS server now rejects the malformed requests.

  fix / patch:

  • Turbolinux: Turbolinux Security Advisory TLSA-2003-69
  • Vine Linux: [ 2003,12,13 ] cvs $B$K%;%-%e%j%F%#%[!<%k(B
  • Red Hat Linux: [RHSA-2004:003-01] Updated CVS packages fix minor security issue
  • Debian GNU/Linux: [SECURITY] [DSA-422-1] multiple CVS improvements

• $B!U(B $BJF%d%U! (CNET)

  $B$3$NOC$+$J(B: Yahoo Instant Messenger YAUTO.DLL buffer overflow$B!#(BYahoo Instant Messenger $B$N(B Windows $BHG(B 5.6.0.1347 $B0JA0$K7g4Y$,$"$k$=$&$G!#(B Yahoo! Ymsg Control Update: Posted 12/03/03 (Yahoo) $B$H$$$&%Z!<%8$b$G$-$F$$$^$9!#(B

  $B$7$+$7!"$R$-$D$E$$$F$3$s$JOC$,(B: Yahoo Messenger Flaw allows injection of JavaScript into IM Windows$B!#(B Yahoo Messenger 5.5 (Build 1249)$B!"(B Yahoo Messenger 5.6 (Build 1355) $B$K$3$N7g4Y$,$"$k$=$&$G$9!#(B ymsgr: URL $B$r0-MQ$7$F!"G$0U$N%9%/%j%W%H$rhttp://www.ubabble.com/ymsgr1.html $B$K%G%b$,$"$k$=$&$G!#(B

• $B!U(B SecurityFocus Newsletter (bugtraq-jp)

  • SecurityFocus Newsletter #222 2003-11-3->2003-11-7
  • SecurityFocus Newsletter #223 2003-11-10->2003-11-14

• $B!U(B [NEWS] AppleShare IP FTP Server Denial of Service (/) (securiteam.com)$B!#(BAppleShare IP FTP Server 6.3.1 $B0JA0$G(B RMD / $B$H$+$9$k$H(B DoS $B>uBV$K$J$k$=$&$G$9!#(B

$B:F7G!'(BSafari$B$K(BCookie$B$,O31L$9$k@H

official fix $BEP>l(B: APPLE-SA-2003-12-05 Security Update 2003-12-05$B!#(B

$B!!$H$$$&$o$1$G5/F0$5$l$^$7$?!#4X78

$B!!(BSolaris 8 $B$G(B bind 8.4.3 $B$K0\9T$7$?$i!"$J$s$@$+(B IPv6 $B$JL>A0(B (AAAA) $B0z$-%H%i%U%#%C%/$,A}$($?$H$$$&OC!#(B $B%9%l%C%I$rDI$&$H!"(BSolaris 8 $B$J?M$KF1MM;vNc$,J#?t$"$kLOMM!#(B CPU $BIi2Y$b%,%,%C$HA}$($k$_$?$$!#(B lame $B$,$i$_%H%i%V%k(B? ($B$3$N$X$s(B$B$d(B$B$3$N$X$s(B)$B!#(B $B$H$j$"$($:!"(B-4 $B%*%W%7%g%s$r$D$1$F(B IPv4 only $B$K$9$k$H>u67$,7Z8:$5$l$kLOMM(B ($B$3$N$X$s(B)$B!#(B

$B!!(BDNS$B4XO"5;=Q>pJs(B (JPRS) $B$K(B

2003-12-06 BIND 8.4.3 $B$KFCDj$N4D6-2=$G(Bquery$B$r=P$7B3$1$k%P%0$,$"$j(BISC$B$,$3$N%P!<%8%g%s$rGK4~$7$^$7$?!#>\:Y$,J,$+$j

$B$H$"$k$N$@$,!"$3$NOC$+$J$"!D!D!#(B

2003.12.10 $BDI5-(B:

$B!!>\:Y>pJs(B: BIND 8.4.3 $B$NLdBj$K$D$$$F(B (JPRS)$B!#(B Solaris $B$@$+$i$I$&$3$&$H$$$&OC$G$O$J$+$C$?$h$&$G$9!#(B

$B!!(BRFC 3280 $B$K$*$$$F!"(B2004.01.01 $B0J9_$KH/9T$9$kA4$F$N8x3+80>ZL@=q$N(B DirectoryString $B$O86B'$H$7$F(B UTF8String $B$G%(%s%3!<%I$7$J$1$l$P$J$i$J$$$H$J$C$F$$$k$,!"e(B ($BL54|8B$K(B?) $B1d4|$5$l$?$N$G!"5^$$$GBP1~$9$kI,MW$O$J$$!"$i$7$$!#(B

$B!!$7$+$7F|K\@/I\(B GPKI $B$N(B$BAj8_1?MQ@-;EMM=q(B$B$G$O!V86B'$H$7$F(B UTF8String$B!"$?$@$7(B 2003.12.31 $B$^$G$O(B Printable String $B$G$b2D!W$H$J$C$F$*$j!"!V(B2004.01.01 $B0J9_$O(B UTF8String$B!W$G$"$k$3$H$,L@3N2=$5$l$F$$$k!#$3$l$K=>$C$F!"$+$J$j$N>JD#$G$O(B UTF8String $B$X$N0\9T=hCV$,$9$G$Ku67$r$-$A$s$HGD0.$G$-$F$$$J$$>JD#$b;68+$5$l$k$h$&$@(B [memo:6726]$B!#(B $B8D?ME*$K$O!V(BWindows 98 / 98 SE / NT 4.0 $B%9%F!W$GA4$/9=$o$J$$$H;W$&$,!"F0:n>u67$r$-$A$s$HGD0.$G$-$F$$$J$$$H$$$&$N$O$^$:$$$@$m$&!#(B

$B!!$^$@(B UTF8String $B$K0\9T$7$F$$$J$$>JD#$b$"$k$h$&$@$7!"$H$j$"$($:(B$BAj8_1?MQ@-;EMM=q(B$B$O2~D{$7$?J}$,$$$$$H;W$&$N$@$,!":#$+$i$=$s$J$3$H$G$-$k$s$G$9$+$M$(!#(B

$B!!(BNEC $B$*$h$S(B (NEC $B@=%W%j%s%?%(%s%8%s$rEc:\$7$?(B) $BF|N)$N%b%N%/%m%W%j%s%?$K$*$$$F!"FCDjItJ,$,H/G.$7!":G0-$N>l9g$K$OH/2P$9$k7g4Y!#3:Ev5!

$B!!L5=~$GE@8!!&=$M}$r9T$C$F$b$i$($k!#3:Ev5!l9g$O!"%7%j%"%k%J%s%P!<$r3NG'$N>e!"3:Ev$7$F$$$k>l9g$O!V(BNEC$B%W%j%s%?$*5RMM

• $B@aEE%b!<%I@_Dj
• $B@aEE%b!<%I@_Dj

$B!!(Brsync 2.5.6 $B0JA0$K7g4Y!#(Brsync $B$r%5!<%P$H$7$FF0:n$5$;$?>l9g$K(B heap overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$r%5!<%P

$B4XO"(B:

• CVE: CAN-2003-0962
• rsync 2.5.6 $B$K%P%C%U%!%*!<%P!<%U%m!<$N@H (slashdot.jp)

fix / patch:

• Debian GNU/Linux: [SECURITY] [DSA 404-1] New rsync packages fix unauthorised remote code execution
• Red Hat Linux: [RHSA-2003:398-01] New rsync packages fix remote security vulnerability
• Miracle Linux: rsync $B%;%-%e%j%F%#(B 2003/12/05 $B%P%C%U%!%*!<%P!<%U%m!<(B
• Vine Linux: [ 2003,12,05 ] rsync $B$K%;%-%e%j%F%#%[!<%k(B
• FreeBSD: ports/net/rsync/
• Mac OS X:
  • APPLE-SA-2003-12-19 Security Update for Jaguar ($B8EJk;a$K$h$kK.LuHG(B)
  • APPLE-SA-2003-12-19 Security Update for Panther ($B8EJk;a$K$h$kK.LuHG(B)

Changelog:

2003.12.25

Mac OS X fix, CVE $BHV9f$rDI5-!#(B

$B!!!V0l$D$N%V%i%&%6$r%a%s%F%J%s%9$J$jMxMQ$9$k!W$H(B single point of failure $B$K$J$C$F$7$^$&$N$G8D?ME*$K$O9%$-$G$O$"$j$^$;$s!#$b$C$H$b%7%'%"E*$K$O!"(BIE $B$K2?$+$"$k$H!";ve$N(B single point of failure $B$J$s$G$9$1$I$M!D!D!#3XFbE*$K$O!"(BLinux $B$J?M$O(B Netscape / Mozilla $B$@$7!"(BMac OS X $B$J?M$O(B Safari $B$@$7$J$N$G!"7k6I

$B!!(BNetscape / Mozilla $B$r;H$&>l9g$O!"$?$H$($P(B $B%]%j%7!<%^%M!<%8%c(B $B$r;H$C$F%5%$%H%]%j%7!<$r@_Dj$9$k$HJXMx$G$9!#%G%U%)%k%H$G$O(B JavaScript $BL58z$K$7$F$*$$$?>e$G!"!V?.Mj:Q$_%5%$%H!W%]%j%7!<$r:n@.!"$=$3$G$O(B JavaScript $B$rM-8z$K$7!"FCDj$N%5%$%H$@$1!V?.Mj:Q$_%5%$%H!W%]%j%7!<$K4^$^$;$k!"$H$$$C$?;H$$J}$,$G$-$^$9!#(B