$B%;%-%e%j%F%#%[!<%k(B memo - 2004.03

Last modified: Mon Jun 7 14:22:07 2004 +0900 (JST)

$B"#(B 2004.03.30

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

Symantec Norton Internet Security$B$KG$0U$N%3!<%I$,

$B!!(BNIS 2004 $BMQ(B fix $B$,EP>l$7$^$7$?!#(BLiveUpdate $B$9$l$P99?7$5$l$^$9!#(B $B>\:Y$O(B$B%7%^%s%F%C%/$N%"%I%P%$%6%j(B$B$r;2>H$7$F$/$@$5$$!#(B

$B!!$J$*!"(BAntiSpam 2004 $BMQ(B fix $B$O$^$@$G$9!#(B

New OpenSSL releases fix denial of service attacks [17 March 2004]

$B!!(BTurbolinux: Turbolinux Security Advisory TLSA-2004-9

[SECURITY] [DSA 457-1] New wu-ftpd packages fix multiple vulnerabilities

$B!!(BTurbolinux: Turbolinux Security Advisory TLSA-2004-8

$B"#(B 2004.03.29

$B"#(B $BDI5-(B

"Witty" worm attacks BlackICE firewall

$B!!(B$B%Q%C%AE,MQ%b%G%k$K5?Ld$rFM$-$D$1$?(BWitty$B%o!<%`(B (ITmedia)$B!#(B

$B"#(B 2004.03.26

$B"#(B Multiple security problems in Ethereal 0.10.2
(Ethereal.com, 2004.03.22)

$B!!(BEthereal 0.10.2 $B$KJ#?t$N7g4Y!#(Bremote $B$+$iG$0U$N%3!<%I$r

$B!!(BCVE: CAN-2004-0176 CAN-2004-0367 CAN-2004-0365

$B"#(B $B%$%s%?!<%M%C%HEEOC$N%@!<%/%5%$%I$r8!>Z(B $B%T%"%H%%%T%"$r0-MQ$7$?!H%o%s%.%j!I$H$=$NBP:v(B
(Enterprise Watch, 2004.03.26)

$B!!(BIP $BEEOC$rMxMQ$7$?!V%o%s%.%j!W$X$N7|G0$H$=$NBP:v!#(B

$B"#(B 99syslog - syslog() $B5Z$S(B syslogd $B$N9M;!(B
(TANAKA Toshihisa, 2003/5/30 (info from kawa's memo))

$B!!(Bsysklogd-1.4.1rh $B$@$H!"(Bsyslog.c $B$N(B 1679 $B9TL\$"$?$j$+$i$N(B 

        v->iov_base = f->f_lasttime;
($BCfN,(B)
        case F_FORW:
($BCfN,(B)
                if ( strcmp(from, LocalHostName) && NoHops )
                        dprintf("Not sending message to remote.\n");
                else {
                        f->f_time = now;
                        (void) snprintf(line, sizeof(line), "<%d>%s\n", f->f_prevpri, \
                                (char *) iov[4].iov_base);

$B$,!V(Bsyslogd $B$O!"%m%0%5!<%P$K%m%0%a%C%;!<%8$rAw$k:]!"Aj$B!W$J$N$+$J$"!#(BFreeBSD 4.8-RELEASE $B$K$D$$$F$/$k(B syslogd $B$@$H!"(Bsyslogd.c $B$N(B 941 $B9TL\$"$?$j$+$i$N(B 

        v->iov_base = f->f_lasttime;
($BCfN,(B)
        case F_FORW:
                dprintf(" %s\n", f->f_un.f_forw.f_hname);
                /* check for local vs remote messages */
                if (strcasecmp(f->f_prevhost, LocalHostName))
                        l = snprintf(line, sizeof line - 1,
                            "<%d>%.15s Forwarded from %s: %s",
                            f->f_prevpri, iov[0].iov_base, f->f_prevhost,
                            iov[5].iov_base);
                else
                        l = snprintf(line, sizeof line - 1, "<%d>%.15s %s",
                             f->f_prevpri, iov[0].iov_base, iov[5].iov_base);

$B$J$N$G!"F|IU$OF~$C$F$$$k$s$8$c$J$$$+$J$"!#(BEthereal $B$H$+$G%Q%1%C%H$r8+$F$_$?J}$,$h$$$N$@$m$&$1$I!#(B

$B!!(Bfsync() $B$N7o$O!"(BFreeBSD 4.8-RELEASE $B$K$D$$$F$/$k(B syslogd $B$G$bF1MM$N$h$&$G$9!#(B Linux syslogd $B$K$"$k(B fsync() $B6X;_5!G=(B ($B%U%!%$%kL>$N@hF,$K(B - $B$r$D$1$k(B) $B$b$J$$$h$&$G$9!#5$$KF~$i$J$$>l9g$O!"(Bprintsys() $B$N(B 

flags = ISKERNEL | SYNC_FILE | ADDDATE; /* fsync after write */

$B$+$i(B SYNC_FILE $B$r

$B"#(B 2004.03.25

$B"#(B $BDI5-(B

Symantec Norton Internet Security$B$KG$0U$N%3!<%I$,

$B!!(B$B%7%^%s%F%C%/$N%"%I%P%$%6%j(B$B$,2~D{$5$l$F$$$^$9!#(B

  • $B=$@5%Q%C%A$NDs6!M=DjF|$,(B 1 $B=54V$[$I7+$j>e$,$C$F$$$^$9!#(B
    • NIS 2004: 2004.04.02 ($B6b(B)
    • AntiSpam 2004 : 2004.04.14 ($B?e(B)
  • $B@lMQ$NLd$$9g$o$;Ak8}$,$G$-$^$7$?!#(B$B%"%I%P%$%6%j(B$B$r;2>H$7$F$/$@$5$$!#(B
New OpenSSL releases fix denial of service attacks [17 March 2004]

$B!!IY;NDL(B: [$B=EMW(B] OpenSSL$B@H

$B"#(B Possible_Virus $B$N>pJs$HBP1~$K$D$$$F$N$*4j$$(B
($B%H%l%s%I%^%$%/%m(B, 2004.03.25)

$B!!(B2004.03.17 $B$N(B $B%H%l%s%I%^%$%/%m$b$N(B $B$G!">.=P$5$s$+$i(B

$B$3$N%R%e!<%j%9%F%#%C%/5!G=$G$9$,!"2<5-$N$h$&$JDj5A$GL$CN$N$b$N$r8!CN$9$k$h$&$G!"8m8!CN$NB3H/$K$h$k:.Mp$,L5$1$l$PNI$$$G$9$M!#(B($B>P(B

POSSIBLE_VIRUS
http://www.trendmicro.co.jp/vinfo/virusencyclo/default5.asp?VName=POSSIBLE_VIRUS

$B$H$$$&0U8+$r$$$?$@$$$F$$$^$7$?$,!"8+;v$K:.Mp$r>7$$$F$$$k$h$&$G$9!#(B $BEEOC$O$H$s$G$b$J$/:.$s$G$$$k$N$G!"(Bweb $B7PM3$GLd$$$"$o$;$k$N$,5H$N$h$&$G$9!#(B

$B"#(B DoS/DDoS $BBP:v$K$D$$$F(B ($B8!>Z(B)
(@police, 2004.03.24)

$B!!$5$^$6$^$J(B DoS/DDoS $BBP:vZ7k2L!#(B

$B"#(B 2004.03.24

$B"#(B $BDI5-(B

Symantec Norton Internet Security$B$KG$0U$N%3!<%I$,

$B!!(BLAC $B$,F|K\8lHG(B NIS / AntiSpam 2004 $B$G$N:F8=$K@.8y(B: SNS Spiffy Reviews No.9 Successful Reproduction of SYM04-005 "Symantec Norton Internet Security and Norton AntiSpam Remote Access Vulnerability" on Japanese Environments (LAC)$B!#CN<1$N$"$k?M$K$O:F8=$G$-$F$7$^$&$@$1$N>pJs$,$9$G$KDs6!$5$l$F$7$^$C$F$$$k$K$b$+$+$o$i$:!"F|K\8lHG%Q%C%A$O(B 2 $B!A(B 3 $B=54VBT$?$J$$$HF~

"Witty" worm attacks BlackICE firewall

$B!!:rF|IU$1$G!"(BRealSecure BlackICE PC/Server Protection $B:G?7%"%C%W%G!<%?(B (act2) $B$G!"F|K\8lHG(B BlackICE 3.6 ccg $B$,G[I[$5$l$F$$$^$9!#(B

$B!!(BISS PAM/ICQ 'Witty' Worm Analysis (shawbiz.ca)$B!#(B

$B"#(B Hotmail$B$H(BYahoo! Mail$B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H
(ITmedia, 2004.03.24)

$B!!85%M%?(B: GreyMagic Security Advisory GM#005-MC: Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo (greymagic.com)$B!#(B web $B%V%i%&%6$H$7$F(B IE $B$G$O$J$$$b$N(B (Mozilla $B$d(B Opera $B$J$I(B) $B$r;H$($P2sHr$G$-$k$h$&$G$9!#(B

$B!!(BHotmail $B$OD>$C$?$1$I(B Yahoo! $B$O$^$@(B ($B!V4V$b$J$/!WD>$9(B) $B$J$N$@$=$&$G!#(B $B$=$l$K$7$F$b(B HTML+TIME $B$C$F!"C/$,;H$C$F$$$k5!G=$J$s$@$m$&!D!D!#(B

$B"#(B Apache $B4XO"(B
(various)

$B"#(B $B%I%-%e%a%s%H$$$m$$$m(B
(various)

$B"#(B 2004.03.23

$B"#(B Symantec Norton Internet Security$B$KG$0U$N%3!<%I$,
(Internet Watch, 2004.03.23)

$B!!$3$NOC(B:

$B!!(BLiveUpdate $B$rMxMQ$7$F:G?7$N>uBV$K$9$k$3$H$G!"$3$l$i$N7g4Y$KBP1~$G$-$k!D!D$H8@$$$?$$$H$3$m$@$,!"(BSYM04-005 2004$BG/(B3$B7n(B19$BF|(B Symantec Norton Internet Security/Norton AntiSpam $B$K%j%b!<%H%"%/%;%9$N@H ($B%7%^%s%F%C%/(B) $B$K$h$k$H!"(B

$B%7%^%s%F%C%/$NBP1~(B
$B8!>Z$N7k2L!"(BNGSsoftware $B

$B$H$"$j!"F|K\8lHG(B fix $B$O$^$@EP>l$7$F$$$J$$LOMM!#@hF|EP>l$7$?(B BlackICE $B$N7g4Y$r96N,$9$k(B Witty $B%o!<%`(B $B$N$h$&$KF|JF;~:9967b$,@.N)$9$k$N$OK>$^$7$$>u67$G$O$J$$$O$:$J$N$@$,!"$I$&$7$F$3$&!"%m!<%+%i%$%:HG$rL5;k$7$?>pJs8x3+$,$5$lB3$1$F$7$^$&$N$@$m$&!#(B ISS $B$d(B Symantec $B$O!"(BCodeRed / Nimda / Blaster $B5i$N>u67$,H/@8$7$J$$$H!"M}2r$G$-$J$$$N$@$m$&$+!#(B

2004.03.23 $BDI5-(B:

$B!!(BInternet Watch $B$N5-;v(B$B!"$*$h$S(B $B%7%^%s%F%C%/$N%"%I%P%$%6%j(B$B$,2~D{$5$l$?(B ($BBgDE$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)$B!#=$@5%Q%C%ADs6!M=DjF|$,8x3+$5$l$?!#(B

Symantec Norton Internet Security 2004/Professional for Windows $B$N=$@5%Q%C%A$O(B 2004$BG/(B4$B7n(B8$BF|(B($BLZ(B)$B$K!"(B Symantec Norton AntiSpam 2004 $B$N=$@5%Q%C%A$O(B 2004$BG/(B4$B7n(B19$BF|(B($B7n(B)$B$K(B LiveUpdate $B$rDL$8$F$4Ds6!$5$;$FD:$/M=Dj$G$9!#(B

$B!!!D!D$3$l$^$?$($i$$@h$NOC$G$9$J!D!D!#%7%^%s%F%C%/$K$O!"%m!<%+%i%$%:HG$N$3$H$^$G9M$($?>pJs8x3+%]%j%7!<$rAa4|$K:vDj$7$F$[$7$$!"$H!"(B1 $B%f!<%6$H$7$F$b;W$&$>!D!D!#(B

2004.03.24 $BDI5-(B:

$B!!(BLAC $B$,F|K\8lHG(B NIS / AntiSpam 2004 $B$G$N:F8=$K@.8y(B: SNS Spiffy Reviews No.9 Successful Reproduction of SYM04-005 "Symantec Norton Internet Security and Norton AntiSpam Remote Access Vulnerability" on Japanese Environments (LAC)$B!#CN<1$N$"$k?M$K$O:F8=$G$-$F$7$^$&$@$1$N>pJs$,$9$G$KDs6!$5$l$F$7$^$C$F$$$k$K$b$+$+$o$i$:!"F|K\8lHG%Q%C%A$O(B 2 $B!A(B 3 $B=54VBT$?$J$$$HF~

2004.03.25 $BDI5-(B:

$B!!(B$B%7%^%s%F%C%/$N%"%I%P%$%6%j(B$B$,2~D{$5$l$F$$$^$9!#(B

  • $B=$@5%Q%C%A$NDs6!M=DjF|$,(B 1 $B=54V$[$I7+$j>e$,$C$F$$$^$9!#(B
    • NIS 2004: 2004.04.02 ($B6b(B)
    • AntiSpam 2004 : 2004.04.14 ($B?e(B)
  • $B@lMQ$NLd$$9g$o$;Ak8}$,$G$-$^$7$?!#(B$B%"%I%P%$%6%j(B$B$r;2>H$7$F$/$@$5$$!#(B

2004.03.30 $BDI5-(B:

$B!!(BNIS 2004 $BMQ(B fix $B$,EP>l$7$^$7$?!#(BLiveUpdate $B$9$l$P99?7$5$l$^$9!#(B $B>\:Y$O(B$B%7%^%s%F%C%/$N%"%I%P%$%6%j(B$B$r;2>H$7$F$/$@$5$$!#(B

$B!!$J$*!"(BAntiSpam 2004 $BMQ(B fix $B$O$^$@$G$9!#(B

2004.04.14 $BDI5-(B:

$B!!(B4/8 $BIU$G(B AntiSpam 2004 $BMQ(B fix $B$,EP>l$7$F$$$^$7$?(B: 2004$BG/(B4$B7n(B8$BF|(B($BLZ(B)$B$h$j(BSymantec Norton AntiSpam 2004 for Windows $B=$@5%Q%C%A$N(B LiveUpdate $B$K$h$kG[I[$r3+;O$7$^$7$?(B ($B%7%^%s%F%C%/(B)$B!#(B

$B"#(B $B%D!<%k$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

New OpenSSL releases fix denial of service attacks [17 March 2004]
"Witty" worm attacks BlackICE firewall

$B!!(BWitty$B%o!<%`!"5^3H;68e$K0RNO?j$((B (ITmedia)$B!#(B

$B!!(BBlackICE Witty$B%o!<%`(B (ISSKK) $B$,99?7$5$l$F$$$^$9!#(B

[SECURITY] [DSA 457-1] New wu-ftpd packages fix multiple vulnerabilities

$B!!(BVine Linux: [vine-users:065083] wu-ftpd$B$N%;%-%e%j%F%#%"%C%W%G!<%H(B (info from kawa's memo)

$B"#(B 2004.03.22

$B"#(B "Witty" worm attacks BlackICE firewall
(ISC, 2004.03.20)

$B!!(BISS $B@=IJ$K$*$1$k(B ICQ $B2r@O$N@H $B$r96N,$9$k%o!<%`$,EP>l!#7g4Y$r;}$D(B BlackICE $B$rA@$C$F$$$kLOMM!#(B ISC $B7Y9pJ8=q$K$O(B snort signature $B$b7G:\$5$l$F$$$k$N$G!"(Bsnort $BMxMQ

  • W32/Witty.worm (NAI)$B!#L$BP1~$J$N$GCm0U!#(BDAT4342 $B$GBP1~M=Dj!#(B

  • W32.Witty.Worm (Symantec)

    W32.Witty.Worm $B$O%a%b%j>e$K$N$_>oCs$7!"%G%#%9%/$X$N=q$-9~$_$O9T$o$J$$$?$a!"%&%$%k%9Dj5A%U%!%$%k$O$3$N6<0R$r8!=P$7$^$;$s!#$3$N6<0R$r6n=|$9$k$K$O!"0J2<$N

    NAV $B$K$O%a%b%j%9%-%c%s5!G=$O$J$$(B?

  • WORM_WITTY.A (Trendmicro)$B!#(B

    $B$3$N%o!<%`$O%7%9%F%`$N%W%m%;%9>e$N$_$GF0:n$7!"%l%8%9%H%j$N2~JQ!"%U%!%$%k$N:n@.$O9T$$$^$;$s!#$=$N$?$aDL>o$N%Q%?!<%s%U%!%$%k$G8!=P$O$G$-$^$;$s!#(B

    $B%&%#%k%9%P%9%?!<$b(B?

  • Witty (F-Secure)$B!#L$BP1~$N$h$&$@!#(B($B$=$b$=$bBP1~$G$-$k$N$+(B?)

$B!!4XO"(B:

$B!!(BWitty $B$O(B UDP $B$rMxMQ$7$FHK?#$7$F$$$k$h$&$@!#(B Netcraft $B$K$h$k$H!"(B $BEv=i$O(B source port: 4000 $B$J(B UDP $B%Q%1%C%H$N$_$@$C$?$h$&$@$,!"$=$N8e!"(Bsource port: 4000 $B$G$O$J$$$b$N$bEP>l$7$F$$$k$H$$$&!#(B

$B!!BP1~$9$k$K$O(B BlackICE 3.6 ccg $B$K%"%C%W%0%l!<%I$9$l$P$h$$!D!D$N$@$,!"(B ISS $B@=IJ$K$*$1$k(B ICQ $B2r@O$N@H $B$r8+$k8B$j!"F|K\8lHG$N(B BlackICE 3.6 ccg $B$O$^$@F~)$5$l$F$$$kLOMM(B: RealSecure BlackICE PC/Server Protection $B:G?7%"%C%W%G!<%?(B (act2)$B!#(B $B1Q8lHG(B BlackICE $B$O(B BlackICE Update Center (ISS) $B$+$i$bF~

2004.03.23 $BDI5-(B:

$B!!(BWitty$B%o!<%`!"5^3H;68e$K0RNO?j$((B (ITmedia)$B!#(B

$B!!(BBlackICE Witty$B%o!<%`(B (ISSKK) $B$,99?7$5$l$F$$$^$9!#(B

2004.03.24 $BDI5-(B:

$B!!:rF|IU$1$G!"(BRealSecure BlackICE PC/Server Protection $B:G?7%"%C%W%G!<%?(B (act2) $B$G!"F|K\8lHG(B BlackICE 3.6 ccg $B$,G[I[$5$l$F$$$^$9!#(B

$B!!(BISS PAM/ICQ 'Witty' Worm Analysis (shawbiz.ca) $B!#(B

2004.03.29 $BDI5-(B:

$B!!(B$B%Q%C%AE,MQ%b%G%k$K5?Ld$rFM$-$D$1$?(BWitty$B%o!<%`(B (ITmedia)$B!#(B

$B"#(B ISS $B@=IJ$K$*$1$k(B ICQ $B2r@O$N@H
(ISS, 2004.03.18)

$B!!(BISS RealSecure, Proventia, BlackICE $B$K7g4Y!#6qBNE*$K$O!"0J2<$N$b$N$K7g4Y$,$"$k(B:

RealSecure Network 7.0$B!"(BXPU 22.11 $B0JA0(B
RealSecure Server Sensor 7.0$B!"(BXPU 22.11 $B0JA0(B
RealSecure Server Sensor 6.5 for Windows SR 3.10 $B0JA0(B
Proventia A $B%7%j!<%:(B XPU 22.11 $B0JA0(B
Proventia G $B%7%j!<%:(B XPU 22.11 $B0JA0(B
Proventia M $B%7%j!<%:(B XPU 1.9 $B0JA0(B
RealSecure Desktop 7.0 ebl $B0JA0(B
RealSecure Desktop 3.6 ecf $B0JA0(B
RealSecure Guard 3.6 ecf $B0JA0(B
RealSecure Sentry 3.6 ecf $B0JA0(B
BlackICE Agent for Server 3.6 ecf $B0JA0(B
BlackICE PC Protection 3.6 ccf $B0JA0(B
BlackICE Server Protection 3.6 ccf $B0JA0(B

$B!!H/8+pJs(B: Internet Security Systems PAM ICQ Server Response Processing Vulnerability (eEye)$B!#(B

$B!!(BISS $B@=IJ$KMxMQ$5$l$F$$$k(B PAM (Protocol Analysis Module) $B%3%s%]!<%M%s%H$K$*$1$k!"(BICQ $B%5!<%P1~Ez$r4F;k$9$kItJ,$K(B buffer overflow $B$9$k7g4Y$,$"$k!#E~Ce$9$k(B UDP $B%Q%1%C%H$,(B source port = 4000 $B$N>l9g$K(B ICQ v5 $B%5!<%P1~Ez$@$H$_$J$5$l$k$H$$$&!#(B

$B!!(BRealSecure, Proventia, BlackICE Agent $B$K$D$$$F$O%"%C%W%G!<%H$,MQ0U$5$l$F$$$k!#(B BlackICE PC Protection 3.6 / BlackICE Server Protection 3.6 $B$K$D$$$F$O!"1Q8lHG$K$O%"%C%W%G!<%H$,MQ0U$5$l$F$$$k$,!"F|K\8lHG$O$^$@$N$h$&$@!#(B $BEP>l$7RealSecure BlackICE PC/Server Protection $B:G?7%"%C%W%G!<%?(B (act2) $B$+$iF~l$9$k$^$G$O1Q8lHG$N%$%s%9%H!<%k$,?d>)$5$l$F$*$j!"1Q8lHG(B BlackICE $B$O(B BlackICE Update Center (ISS) $B$+$i$bF~

$B"#(B 2004.03.19

$B"#(B $BDI5-(B

McAfee ePolicy Orchestrator Agent$B$N(BHTTP POST$B$N(I"$B%P%C%U%!8m4IM}$K4X$9$k@H

$B!!(B3.x $BMQ$K2C$(!"(B2.x $BMQ(B patch $B$bEP>l$7$?LOMM!#(B

New OpenSSL releases fix denial of service attacks [17 March 2004]

$B"#(B 2004.03.18

$B"#(B New OpenSSL releases fix denial of service attacks [17 March 2004]
(bugtraq, Wed, 17 Mar 2004 22:12:04 +0900)

$B!!(BOpenSSL $B$K(B 2 $B$D$N?7$?$J7g4Y!#(B

  • Null-pointer assignment during SSL handshake (CVE: CAN-2004-0079)

    do_change_cipher_spec() $B$K7g4Y$,$"$j!"(BNULL $B%]%$%s%?$,@_Dj$5$l$F$7$^$&$3$H$,$"$k$H$$$&!#$3$l$rMxMQ$9$k$H!":Y9)$7$?(B SSL/TLS $B%O%s%I%7%'%$%/$r9T$&$3$H$K$h$j!"(Bremote $B$+$i(B OpenSSL ($B$r;H$&%"%W%j(B) $B$r%/%i%C%7%e$5$;$k$3$H$,2DG=!#(B OpenSSL 0.9.6x / 0.9.7x $B$K3:Ev!#(B

  • Out-of-bounds read affects Kerberos ciphersuites (CVE: CAN-2004-0112)

    Kerberos $B$rMxMQ$9$k:]$N(B SSL/TLS $B%O%s%I%7%'%$%/%3!<%I$K7g4Y$,$"$j!"(B remote $B$+$i(B kerberos + OpenSSL ($B$r;H$&%"%W%j(B) $B$r%/%i%C%7%e$5$;$k$3$H$,2DG=!#$3$A$i$O(B OpenSSL 0.9.7[abc] $B$N$_3:Ev!#(B

$B!!(BOpenSSL $BMxMQOpenSSL 0.9.6m / 0.9.7d $B$X$N0\9T$,?d>)$5$l$F$$$k!#(B

fix / patch:

Changelog:

2004.03.19
2004.03.23
2004.03.25
2004.03.30
2004.04.22

$B"#(B $BDI5-(B

Multiple Browser Cookie Path Directory Traversal Vulnerability

$B!!(B[memo:7373] Cookie Path Directory Traversal Vulnerability$B!#9bLZ$5$s$K$h$k%U%)%m!

$B@H

$B!!(BSANS $B4XO">pJs$,DI2C$5$l$^$7$?!#$"$j$,$H$&$4$6$$$^$9!#(B_o_

$B"#(B 2004.03.17

$B"#(B $B@H
(@Sam's room)

$B!!@HSANS $B$,$J$$!A!"$H=q$$$F$*$/$HDI2C$7$F$b$i$($k$+$J$"!#(B

$B!!!D!DBT$?$;$FD:$-$^$9!#(B_o_

2004.03.18 $BDI5-(B:

$B!!(BSANS $B4XO">pJs$,DI2C$5$l$^$7$?!#$"$j$,$H$&$4$6$$$^$9!#(B_o_

$B"#(B 2004.03.16

$B"#(B Oracle $B4XO"(B
(Oracle, 2004.03.12)

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B Multiple Vendor SOAP server array DoS
(bugtraq, Tue, 16 Mar 2004 00:14:10 +0900)

$B!!(BMacromedia ColdFusion/MX 6.0 / 6.1$B!"(BColdFusion/MX 6.0 / 6.1 J2EE$B!"(B JRun 4.0 $B$*$h$S(B Sun Java System Application Server 7.0 Update 2 $B0JA0$K7g4Y!#:Y9)$7$?(B SOAP $B%j%/%(%9%H$rEj$2$i$l$k$H!"(BDoS $B>uBV$K$J$C$F$7$^$&!#(B

$B!!(Bpatch $B$,=P$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B MPSB04-03 Potential Security Risk with Macromedia E-Licensing Client Activation Code
(Macromedia, 2004.03.12)

$B!!(BMac $BHG(B Macromedia MX 2004 $B$H(B Contribute 2 $B$K7g4Y!#%$%s%9%H!<%i$*$h$S(B e-licensing $B%/%i%$%"%s%H$,!"(Bworld-writable $B$J>uBV$G%5!<%S%9$r%$%s%9%H!<%k$7$F$7$^$&LOMM!#F|K\8lHG$r4^$a$F(B patch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!4XO"(B: Macromedia$B!"(BMac$BMQ(BMX$B%D!<%k$N%;%-%e%j%F%#%[!<%k$rKd$a$k%Q%C%A(B (ITmedia)

$B"#(B Apache HTTP Server mod_access information disclosure
(ISS, 2004.03.08)

$B!!(BApache 1.3.x $B$N(B mod_access $B$K7g4Y!#(B Apache 1.3.x $B$r(B big-endian $B$J(B 64-bit $B4D6-$G;HMQ$9$k>l9g$K!"(B $B%M%C%H%^%9%/$J$7$N(B IP $B%"%I%l%9$r;HMQ$7$?5v2D!&5qH]%k!<%k$r$&$^$/=hM}$G$-$J$$$?$a!"%"%/%;%9@)8B$,$&$^$/F/$+$:!">pJsO31H$,H/@8$9$k2DG=@-$,$"$k!#(B Bug#: 23850 (apache.org)$B!#(Bpatch (apache.org)$B!#(BCVE: CAN-2003-0993$B!#(B

$B!!(BApache 1.3.30 $B$G=$@5$5$l$k$=$&$@!#(B

fix / patch:

$B"#(B Multiple Browser Cookie Path Directory Traversal Vulnerability
($B8D?ME*$J%a%b$HHwK:O?(B, 2004.03.14)

$B!!(B[Full-Disclosure] Corsaire Security Advisory: Multiple vendor HTTP user agent cookie path traversal issue $B$K4X$9$k>\:Y$J2r@b!#(B%2e%2e = .. $B$H$$$&$3$H$G!"(Bcookie $BHG(B .. $B%P%0$H$$$&46$8$J$N$+$J!#(B CVE:

$B!!(BIE 5/6 $B$O$^$@D>$C$F$$$J$$$=$&$G$9!#(B

$B!!%9%?!<%@%9%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2004.03.18 $BDI5-(B:

$B!!(B[memo:7373] Cookie Path Directory Traversal Vulnerability$B!#9bLZ$5$s$K$h$k%U%)%m!

$B"#(B 2004.03.15

$B"#(B $BDI5-(B

$B!V(BSCO$B$X$N=P;q$O(BMS$B$N>R2p!W$H(BBayStar$BG'$a$k(B

$B"#(B 2004.03.12

$B"#(B $B!V(BSCO$B$X$N=P;q$O(BMS$B$N>R2p!W$H(BBayStar$BG'$a$k(B
(ITmedia, 2004.03.12)

$B!!$"$^$j$K$bDK$9$.$^$9!D!D(B > Microsoft$B!#4XO"(B:

2004.03.15 $BDI5-(B:

$B"#(B $BDI5-(B

Outlook $B$N@H

$B!!(B[$B6[5^(B] Outlook 2002$B$N@H ($BIY;NDL(B)$B!#(B

$B"#(B DCOM$B$d(BSMB$B$@$1$8$c$J$+$C$?(B Windows$B$N4m81$J!H;EMM!I$,L@$i$+$K(B
($BF|7P(B IT Pro, 2004.03.12)

$B!!%W%l%<%s;qNA(B: Fingerprinting through Windows RPC (securityfriday.com)$B!#(B

$B"#(B 2004.03.11

$B"#(B $BDI5-(B

FreeBSD Security Advisory FreeBSD-SA-04:04.tcp

$B!!(BTCP reassembly DoS (OpenBSD)$B!#(B The problem is fixed in -current, 3.4-stable and 3.3-stable $B$@$=$&$G!#(B

$BIT?3$J%W%m%;%9$rD4::$9$k(B (@iIT) $BOC(B

$B!!!D!D(B FreeBSD $B$K$b(B truss $B%3%^%s%I$,$"$j$^$7$?!#EAK!C+$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B 5.2-RELEASE $B$N(B truss(1) $B$K$O(B -e $B%*%W%7%g%s$b4.9-RELEASE $B$N(B truss(1) $B$K$O;DG0$J$,$i(B -e $B%*%W%7%g%s$O$"$j$^$;$s!#(B

Outlook $B$N@H

$B!!(B2004.03.10 $B;~E@$G$O!V(B"Outlook Today" $B$rA*Br$7$J$$$3$H$K$h$j2sHr$G$-$k!W$H$5$l$F$$$?$,!"(B"Outlook Today" $B$rA*Br$7$J$$>l9g$K$b7g4Y$N1F6A$rpJs$,!V=EMW!W$+$i!V6[5^!W$K>:3J$5$l$?!#(Bpatch $B$d(B Office XP SP3 $B$O!V(B"Outlook Today" $B$rA*Br$7$J$$>l9g!W$N1F6A$K$D$$$F$bBP1~$5$l$F$$$k$N$G!"(Bpatch $B$d(B Office XP SP3 $B$rE,MQ$7$??M$O!"$=$l0J>e2?$+$r$9$kI,MW$O$J$$!#(B

$B!!(Bpatch $B$K$D$$$F$O!V%/%i%$%"%s%HMQ!W$H!V4IM}

$B!!4XO"(B: Technical Cyber Security Alert TA04-070A: Microsoft Outlook mailto URL Handling Vulnerability (us-cert.gov)$B!#(B

$B"#(B 2004.03.10

$B"#(B MSN Messenger $B$N@HpJs$,O3$($$$9$k(B (838512) (MS04-010)
(Microsoft, 2004.03.10)

$B!!(BMSN Messenger 6.0 / 6.1 $B$K7g4Y!#(B MSN Messenger $B$,%U%!%$%k%j%/%(%9%H$r=hM}$9$kJ}K!$K7g4Y$,$"$j!"$3$l$r0-MQ$9$k$H967b$,4{CN!W$+$D!V(BMSN Messenger $B$rF0:n$5$;$F$$$k%f!<%6$KFI$_

$B!!:G?7$N(B MSN Messenger 6.1 (6.1.0211) $B$r%$%s%9%H!<%k$9$l$P$h$$!#(B

$B!!(BCVE: CAN-2004-0122

$B"#(B Outlook $B$N@H
(Microsoft, 2004.03.10)

$B!!(BOutlook 2002 SP2 (Office XP SP2 $B$K$bF1:-$5$l$F$$$k(B) $B$K7g4Y!#(B mailto: URL $B$N=hM}$K7g4Y$,$"$j!"(B"$B%m!<%+%k%^%7%s(B" $B%>!<%s8"8B$G%9%/%j%W%H$rpJs(B:

$B!!$3$N7g4Y$O!"(BOutlook 2002 $B$N%G%U%)%k%H%[!<%`%Z!<%8$H$7$F(B "Outlook Today" $B$rA*Br$7$J$$$3$H$K$h$j2sHr$G$-$k!#%G%U%)%k%H$G$O!"(B"Outlook Today" $B$,%[!<%`%Z!<%8$H$7$F@_Dj$5$l$F$$$k(B (= $B@H

$B!!(Bpatch $B$,=P$F$$$k$N$GE,MQ$9$l$P$h$$!#$^$?(B Office XP SP3 $B$G=$@5$5$l$F$$$k!#(BOffice XP SP3 $B%U%k%U%!%$%k%P!<%8%g%s(B $B$rMxMQ$9$k>l9g$K$O!"(BOffice XP CD $B$N%$%s%9%H!<%k$OMW5a$5$l$J$$!#(B

$B!!(BCVE: CAN-2004-0121

2004.03.11 $BDI5-(B:

$B!!(B2004.03.10 $B;~E@$G$O!V(B"Outlook Today" $B$rA*Br$7$J$$$3$H$K$h$j2sHr$G$-$k!W$H$5$l$F$$$?$,!"(B"Outlook Today" $B$rA*Br$7$J$$>l9g$K$b7g4Y$N1F6A$rpJs$,!V=EMW!W$+$i!V6[5^!W$K>:3J$5$l$?!#(Bpatch $B$d(B Office XP SP3 $B$O!V(B"Outlook Today" $B$rA*Br$7$J$$>l9g!W$N1F6A$K$D$$$F$bBP1~$5$l$F$$$k$N$G!"(Bpatch $B$d(B Office XP SP3 $B$rE,MQ$7$??M$O!"$=$l0J>e2?$+$r$9$kI,MW$O$J$$!#(B

$B!!(Bpatch $B$K$D$$$F$O!V%/%i%$%"%s%HMQ!W$H!V4IM}

$B!!4XO"(B: Technical Cyber Security Alert TA04-070A: Microsoft Outlook mailto URL Handling Vulnerability (us-cert.gov)$B!#(B

2004.03.12 $BDI5-(B:

$B!!(B[$B6[5^(B] Outlook 2002$B$N@H ($BIY;NDL(B)$B!#(B

$B"#(B Windows Media $B%5!<%S%9$N@H
(Microsoft, 2004.03.10)

$B!!(BWindows Media Services 4.1 (Windows 2000 $B$KF1:-(B) $B$K7g4Y!#(B Windows Media Station Service $B$*$h$S(B Windows Media Monitor Service $B$K7g4Y$,$"$j!"(B7007/tcp (Windows Media Station Service $B$,;HMQ(B) $B$^$?$O(B 7778/tcp (Windows Media Monitor Service $B$,;HMQ(B) $B$K:Y9)$7$?%Q%1%C%H$rAw$k$3$H$K$h$j!"$=$l$>$l$N%5!<%S%9$rDd;_$5$;$k$3$H$,$G$-$k!#$7$+$7$=$l0J>e$N$3$H$O$G$-$J$$!#(B

$B!!(Bpatch $B$,=P$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!(BCVE: CAN-2003-0905

$B"#(B $BDI5-(B

iDEFENSE Security Advisory 02.10.04: XFree86 Font Information File Buffer Overflow

Miracle Linux: XFree86 $B%;%-%e%j%F%#(B - $B%U%)%s%H%U%!%$%k$K%P%C%U%!!<%*!<%P%U%m!<$N@H

$B"#(B 2004.03.09

$B"#(B [SECURITY] [DSA 457-1] New wu-ftpd packages fix multiple vulnerabilities
(debian-security-announce, Tue, 09 Mar 2004 15:29:26 +0900)

$B!!(Bwu-ftpd $B$K?7$?$J(B 2 $B$D$N7g4Y!#(B

  • CVE: CAN-2004-0148$B!#(B restricted-gid $B%*%W%7%g%s$G$N@)8B$r2sHr$9$kJ}K!$,B8:_$9$k!#(B

  • CVE: CAN-2004-0185$B!#(B ftpd.c $B$N(B skey_challenge $B4X?t$K(B buffer overflow $B$9$k7g4Y$,$"$k!#(B S/Key $B$r;HMQ$7$F$$$k>l9g$K!"D9Bg$J(B S/Key $B%j%/%(%9%H$K$h$C$F!"(BDoS $B$dG$0U$N%3!<%I$Npatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

fix / patch:

Changelog:

2004.03.23

Vine Linux: [vine-users:065083] wu-ftpd$B$N%;%-%e%j%F%#%"%C%W%G!<%H(B (info from kawa's memo)

2004.03.30

Turbolinux: Turbolinux Security Advisory TLSA-2004-8

$B"#(B 2004.03.08

$B"#(B $B!ZB.Js![(B2038$BG/LdBj$N%A%'%C%/O3$l$G!"(BKDDI$B$,8m@A5a(B
($BF|7P(B IT Pro, 2004.03.05)

$B!!(B2038 $BG/LdBj!"$\$A$\$A=P$F$-$F$$$k$s$G$9$M!#!V(B4$BK|(B5866$B7o!"Am3[$GLs(B1346$BK|1_J,!W$H!"$+$J$j$N3[$G$9$,!"B>

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2004.03.05

$B"#(B Cisco Security Advisory: Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability
(CISCO, 2004.03.05)

$B!!(BCisco WebNS release 5.0(x) $B$^$?$O(B 6.10(x) release train $B$rF0:n$5$;$F$$$k(B CSS 11000 Series Content Services Switch $B$N(B 5002/udp ($B%G%U%)%k%H$N4IM}%]!<%H$J$N$@$=$&$@(B) $B$KBP$7$F!":Y9)$7$?(B UDP $B%Q%1%C%H$rAw$k$H!"(BCSS 11000 $B$,:F5/F0$7$F$7$^$&LOMM!#(B

$B!!=$@5HG$,=P$F$$$k$=$&$@!#(B

$B"#(B Adobe Acrobat Reader XML Forms Data Format Buffer Overflo
(Full-Disclosure ML, Thu, 04 Mar 2004 08:18:54 +0900)

$B!!(BAdobe $B$N(B Acrobat Reader 5.1 $B$K7g4Y!#(BAcrobat Reader 5.1 $B$K$*$1$k(B XFDF (XML Forms Data Format) $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"(Bbuffer overflow $B$,H/@8$9$k!#$3$l$r0-MQ$9$k$H!"967b

$B!!(BAcrobat Reader 5.1 $BMQ$N(B patch $B$OMQ0U$5$l$J$$!#Adobe Reader 6.0 $B$K$O$3$N7g4Y$O$J$$$N$G!"(BAdobe Reader 6.0 $B$K99?7$9$l$P$h$$!#(B

$B!!4XO"JsF;(B:

$B"#(B $BDI5-(B

[Full-Disclosure] Second critical mremap() bug found in all Linux kernels

Fedora Legacy (Red Hat Linux 7.2$B!A(B8.0): [FLSA-2004:1284] Updated kernel resolves security vulnerabilities
Debian ($BDI2CJ,(B): [SECURITY] [DSA 454-1] New Linux 2.2.22 packages fix local root exploit (alpha)

$B"#(B $B2
($BKI:R>pJs$N%Z!<%8(B, 2004.02.24)

$B!!?35D;v9`(B:

  1. $B6hItD>2<$NCO?L$H$BNW3$%3%s%S%J!<%H$NBQ?L@-Ey$K$D$$$F(B ($BD9<~4|CO?LF0$M$?$"$j(B)
  2. $B:e?@!&C8O)BgCO?L!"(BWTC $BEy$N6571$K$D$$$F(B

$B!!8D?ME*$K$O!"(B3 $BHVL\$N!V:e?@!&C8O)BgCO?L!"(BWTC $BEy$N6571$K$D$$$F!W$N!V;vL36I@bL@;qNA!W(B ($BK\BN(B$B!"(B$BJL;f(B) $B$,$?$$$X$s6=L#?<$+$C$?$G$9!#$,$l$-=hM}$H$$$&OC$b$"$k$s$G$9$M!D!D!#(B

$B"#(B 2004.03.04

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B [Full-Disclosure] Buffer overflow in qmail-qmtpd, yet still qmail much better than windows
(Full-Disclosure, Wed, 03 Mar 2004 23:25:20 +0900)

$B!!(Bqmail 1.03 $B$K7g4Y!#(Bqmail-qmtpd.c $B$K$*$$$F!"4D6-JQ?t(B RELAYCLIENT $B$,(B 4$B!A(B1003 $B$ND9$5$G$"$k>l9g$K(B buffer overflow $B$,H/@8!#(B $B$?$@$7!"H/8+

$B"#(B $BDI5-(B

proxy $B4D6-2<$G$N<+F099?7(B

proxy $B4D6-2<$G$N<+F099?7(B ($B$@$a$@$aF|5-(B)$B!#(Bmonyo $B@h@8$,(B local SYSTEM $B$N(B proxy $B$N@_DjJ}K!$r2r@b$J$5$C$F$$$i$C$7$c$$$^$9!#(B $B$"$j$,$?$$$3$H$G$9!#(B_o_

$B"#(B FreeBSD Security Advisory FreeBSD-SA-04:04.tcp
(FreeBSD-security, Wed, 03 Mar 2004 04:55:44 +0900)

$B!!(BFreeBSD 4.x / 5.x $B$K7g4Y!#(B $B%7!<%1%s%9$+$i30$l$?(B (out-of-sequence) TCP $B%;%0%a%s%H$rBgNL$Kl9g$G$b

$B!!(BRELENG_5_2, RELENG_4_9, RELENG_4_8 $B$O4{$K=$@5$5$l$F$$$k!#:G?7%=!<%9$r(B cvsup $BEy$GF~

$B!!4XO"(B:

2004.03.11 $BDI5-(B:

$B!!(BTCP reassembly DoS (OpenBSD)$B!#(B The problem is fixed in -current, 3.4-stable and 3.3-stable $B$@$=$&$G!#(B

$B"#(B 2004.03.03

$B"#(B IE$B$N%U%l!<%`0-MQ$G%Q%9%o!<%IO3$l!=!=(BiDEFENSE$B$,7Y9p(B
(ITmedia, 2004.03.01)

$B!!(BIE 5 / 6 $B$N7g4Y!#0[$J$k%I%a%$%s$K=jB0$9$k%U%l!<%`$K$*$$$F!"$"$k%U%l!<%`$+$iJL$N%U%l!<%`$N%-!iDEFENSE Security Advisory 02.27.04b: Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass$B!#(B $B%U%l!<%`Fb$KK\J*$,E=$j9~$^$l$?%K%;%5%$%H$r9=C[$7!"%f!<%6$rM6$$9~$s$GMxMQ$5$;$?>e$G!"B>$N%U%l!<%`$+$i%-!

$B!!(Bhotfix $B$G$O$J$/!V>-Mh$N(B Service Pack$B!W$G=$@5$5$l$k$N$@$=$&$@!#(B

$B"#(B 2004.03.02

$B"#(B $BDI5-(B

[Full-Disclosure] Second critical mremap() bug found in all Linux kernels

[SECURITY] [DSA 450-1] New Linux 2.4.19 packages fix several local root exploits (mips)
[SECURITY] [DSA 453-1] New Linux 2.2.20 packages fix local root exploit (i386+m68k+powerpc)

$B>\:Y>pJs(B: mremap(2) full details available

metamail format string bugs and buffer overflows

Vine Linux: [ 2004,02,28 ] metamail $B$K%;%-%e%j%F%#%[!<%k(B

Helix Server / Gateway $B$N%5!<%S%91?MQK832(B (DoS) $B967b$K4X$9$k@H

Helix Server / Gateway $B$N@x:_E*$J@H (real.com)$B!#(B Helix Universal Server / Gateway 9 $B$N%"%C%W%G!<%HHG$,EP>l!#(B

$B"#(B Google $B%"%I%o!<%:9-9p$H(B "Spybot"
(bottom dead center, 2004.02.29)

$B!!(Bgoogle $B$G(B Spybot $B$r8!:w(B$B$9$k$H!"(Btop $B$K=P$F$/$k$N$O

$B!!(BSpybot $B$rF~l9g$O!"$^$:$O(B Spybot1.2$B$K$h$k%9%Q%$%&%'%"$N=|5nJ}K!(B ($B%"%@%k%H%5%$%HHo32BP:v$NIt20(B) $B$r$I$&$>!#(B

$B"#(B 2004.03.01

$B"#(B $BDI5-(B

$BCO?LGH$,5pBg9=B$J*$r=1$&(B

$B5~MUNW3$$N@PL}%?%s%/!"5pBgCO?L$GH>?tHo:R!DAaBgM=B,(B ($BFIGd(B)$B!#HVAHCf$G$b

$B"#(B ANNOUNCE: [FreeBSD-Announce] FreeBSD Security Advisory FreeBSD-SA-04:03.jail
(FreeBSD-security ML, Sat, 28 Feb 2004 03:32:01 +0900)

$B!!(BFreeBSD 5.1-RELEASE / 5.2-RELEASE $B$K7g4Y!#(B jail_attach(2) $B%7%9%F%`%3!<%k$N$N(B jail(8) $B4D6-$KBP$7$F40A4$J(B read/write $B8"8B$r

$B!!(BFreeBSD 5.2.1-RELEASE $B$G=$@5$5$l$F$$$kB>!"(B $B:G?7$N(B RELENG_5_2 $B$*$h$S(B RELENG_5_1 $B$G=$@5$5$l$F$$$k!#(B

$B!!(BCVE: CAN-2004-0126

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B