$B%;%-%e%j%F%#%[!<%k(B memo - 2004.04

Last modified: Tue Apr 4 12:39:01 2006 +0900 (JST)

$B"#(B 2004.04.30

$B"#(B $BDI5-(B

Squid Proxy Cache Security Update Advisory SQUID-2004:1
Linux kernel setsockopt MCAST_MSFILTER integer overflow

$B!!(BVine Linux: [ 2004,04,23 ] kernel $B$K%;%-%e%j%F%#%[!<%k(B

2004-04-14: Stable CVS Version 1.11.15 Released! (security update)

$B!!(BMiracle Linux: 2004/4/23 CVS client$B$N@H

$B"#(B [RHSA-2004:179-01] An updated LHA package fixes security vulnerabilities
(Red Hat, Fri, 30 Apr 2004 16:23:00 +0900)

$B!!(BUNIX $BHG(B LHa 1.14i $B$K(B 2 $B$D$N7g4Y!#(B

$B!!H/8+[Full-Disclosure] LHa buffer overflows and directory traversal problems$B!#(B $B=$@5(B patch $B$H%5%s%W%k(B exploit $B$,E:IU$5$l$F$$$k!#(B PoC $B%3!<%I$bEP>l(B: [Full-Disclosure] Lha local stack overflow Proof Of Concept Code$B!#(B

$B!!$^$?!"$3$N7g4Y$O(B LHa $B$@$1$G$J$/!"(BWinZip$B!"(BWinRar$B!"(BMcAfee plugin for CommuniGate Pro $B$K$b$"$k$h$&$@!'(B [Full-Disclosure] LHa repercussions: WinZip, WinRar, CommuniGate Pro McAfee plugin, blog$B!#(B

fix / patch:

$B"#(B 835732 - [MS04-011] Microsoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B ($BI{:nMQ>pJs(B)
(Microsoft, 2004.04.28)

$B!!(BMicrosoft $B$+$i(B MS04-011 $B$NI{:nMQ>pJs$,=P$^$7$?!#(B

$B!!(BMicrosoft $B$O2?$b8@$C$F$J$$$h$&$G$9$,!"$3$&$$$&$b$N$b$"$k$h$&$G(B:

$B!!(Bwindows update$B$7$?$H$-$K>e$2$k%9%l(B 13 (2ch.net) $B$d(B Windows Update$B<:GT$7$?$i(Bage$B$k%9%l(B 5 (2ch.net) $B$G$O!V%5%&%s%I$,LD$i$J$/$J$C$?!W$H$$$&;vNc$bJ#?tJs9p$5$l$F$$$k$h$&$G$9$,!"(B $BK\(B KB (835732) $B$K$O$=$&$$$C$?>pJs$O(B ($B$^$@(B?) $B$J$$$G$9$M!#(B

2004.05.03 $BDI5-(B:

$B!!4XO">pJs(B:

2004.05.06 $BDI5-(B:

$B!!(BPRIMERGY TX200FT > TX200FT$B$N$*CN$i$;(B > $BN10U;v9`(B ($BIY;NDL(B)

IA$B%5!<%P(BPRIMERGY TX200FT$B$K(B MS04-011$B!'(BMicrosoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B (835732) $B$rE,MQ$9$k:]$K$O!";vA0$K%@%&%s%m!<%I8!:w$+$i2<5-$N6[5^=$@5%W%m%0%i%`$r%@%&%s%m!<%I$7E,MQ$7$F$/$@$5$$!#(B

$B!!(BMS04-011 $B$r$=$N$^$^F~$l$k$H%^%:$$LOMM!#(B

2004.05.14 $BDI5-(B:

$B!!(BOracle $B$K4X$9$k>pJs$,=P$^$7$?(B:

$B!!0lJ}!"LdBj$,2r>C$9$k4D6-$b$"$k$h$&$G(B:

$B!!%H%l%s%I%^%$%/%m$N(B ServerProtect for NetAPP $B$G$O!"%"%s%$%s%9%H!<%k$G$-$J$/$J$kIT6q9g$,(B:

2004.05.24 $BDI5-(B:

$B!!K?=j$G0N$$$R$H$KJ9$$$F$_$?$H$3$m!"(BMS04-011 $B$NI{:nMQ$N7o$K$D$$$F$O!"%5%]!<%H$KO"Mm$9$l$PL5NA$G(B patch $B$rF@$i$l$k$h$&$G$9!#K\Ev$K$h$+$C$?(B ($B%]%j%"%s%J(B)$B!#(B

$B!!$3$s$JOC$b$"$k$=$&$G$9(B: 841632 - IIS 5.0 $B$rZL@=q$G%(%i!<$,H/@8$9$k(B (Microsoft)$B!#(BIIS $B$K$b$A$c$s$H(B patch $B$r$"$F$^$7$g$&!#(B

2004.05.26 $BDI5-(B:

$B!!$5$i$J$k>c32>pJs(B:

$B"#(B 2004.04.28

$B"#(B [rsync-announce] Rsync 2.6.1 released (includes security note)
(samba.org, Tue Apr 27 14:01:56 JST 2004)

$B!!(Brsync 2.6.0 ($B$=$l0JA0$b(B?) $B$K7g4Y!#(B chroot $B$7$J$$>uBV$G(B read/write $B2DG=$J(B rsync daemon $B$rF0:n$5$;$F$$$k>l9g!"(B remote $B$N967be=q$-$G$-$F$7$^$&!D!D$H$$$&$3$H$+$J$"!#(B NEWS for rsync 2.6.1 (26 Apr 2004) (samba.org) $B$K$h$k$H(B Paths sent to an rsync daemon are more thoroughly sanitized when chroot is not used $B$@$=$&$J$N$G!"(Bpath $B$N(B sanitize $B$N;EJ}$KLdBj$,$"$C$?LOMM!#(B

$B!!(Brsync 2.6.1 $B$G=$@5$5$l$F$$$k$=$&$@!#(B CVE: CVE-2004-0426$B!#(B

fix / patch:

$B"#(B 2004.04.27

$B"#(B $BDI5-(B

LD-WBBR/B $B$N%;%-%e%j%F%#LdBj$K$D$$$F(B

$B!!(Bfix $B$,=P$?$h$&$G$9(B: $BJ@ (ELECOM)$B!#(B LD-BBR/B$BMQ!!%U%!!<%`%&%'%"(B (ELECOM) $B$K$h$k$H(B:

Ver2.13
  • Telnet$B%]!<%H$rL58z$K$7$^$7$?!#(B
  • $BEv
  • WAN$BB&$+$i$N%U%!!<%`%"%C%W$r6X;_$7$^$7$?!#(B
  • $B%U%!!<%`%"%C%W$N:]$K%Q%9%o!<%I$,I,MW$K$J$j$^$7$?!#(B
  • $B%U%!!<%`%&%'%"%U%!%$%k$K%9%/%i%s%V%k$r$+$1$^$7$?!#(B

$B!!$^$"D>$C$?$N$O$J$K$h$j$J$N$G$7$g$&$,!"!VEv

Microsoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B (835732) (MS04-011)

$B!!4XO">pJs(B:

$B!!$^$@$"$F$F$$$J$$?M!"$$$=$$$G(B patch $B$r$"$F$^$7$g$&!#(B

$B"#(B 2004.04.26

$B"#(B $BDI5-(B

Symantec Client Firewall Denial of Service Vulnerability

$B!!(BSymantec Norton Internet Security 2003/2004$B$N@H ($BIY;NDL(B)$B!#(B FMV $B$K%W%j%$%s%9%H!<%k$5$l$F$$$k$N$@$=$&$G!#(B

$B!!H/8+pJs(B: EEYE: Symantec Multiple Firewall TCP Options Denial of Service

TCP $B%W%m%H%3%k$K@x:_$9$k?.Mj@-$NLdBj(B
Microsoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B (835732) (MS04-011)

$B!!!V(BPCT $B$N@H

$B!!(Bexloit $BB3!9(B:

$B"#(B 2004.04.24

$B"#(B 2004.04.23

$B"#(B 2004.04.22

$B"#(B $BDI5-(B

Microsoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B (835732) (MS04-011)

$B!!(BPCT $B$N@HCVE-2003-0719, Microsoft SSL $B%i%$%V%i%j$K$*$1$k%j%b!<%H%;%-%e%j%F%#?/32$N@H) $B$rFM$/(B exploit $B$,EP>l$7$?$h$&$G$9!#(B $BF|K\8lHG(B Windows 2000 SP4 $B>e$G$N8!>ZJs9p$,$"$j$^$9(B [Snort-users-jp:00933]$B!#$^$?!"$3$N(B exploit $B$,H/@8$5$;$k%Q%1%C%H$r8!CN$9$k(B snort $B%7%0%M%A%c$,8x3+$5$l$F$$$^$9(B [Snort-users-jp:00931]$B!#(B

New OpenSSL releases fix denial of service attacks [17 March 2004]
TCP $B%W%m%H%3%k$K@x:_$9$k?.Mj@-$NLdBj(B

$B!!(Bdraft-ietf-tcpm-tcpsecure-00.txt: Transmission Control Protocol security considerations (IETF) $B$K(B TCP $B$N2~A1J}K!$,5-:\$5$l$F$$$k7o$rDI5-!#(BTCP $B>e$GF0:n$9$k%;%-%e%j%F%#%W%m%H%3%k(B (SSL$B!"(BSSH$B!"!D!D(B) $B$O$3$NLdBj$N1F6A$r

$B!!0J2<$NDI2C(B:

$B"#(B 2004.04.21

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B Linux kernel setsockopt MCAST_MSFILTER integer overflow
(bugtraq, Tue, 20 Apr 2004 20:30:14 +0900)

$B!!(BLinux kernel 2.4.22$B!A(B2.4.25$B!"(B2.6.1$B!A(B2.6.3 $B$K7g4Y!#(B setsockopt() $B$N%5%V%k!<%A%s(B ip_setsockopt() $B$K!"(BMCAST_MSFILTER $B%=%1%C%H%*%W%7%g%s$r@_Dj$7$?>l9g$K(B integer overflow $B$9$k7g4Y$,$"$k!#(B $B$3$l$rMxMQ$9$k$H!"(Blocal user $B$,(B DoS $B967b$ruBV$rH/@8$5$;$k$H$$$&%3!<%I(B: [Full-Disclosure] Linux kernel setsockopt MCAST_MSFILTER integer overflow proof of concept code$B!#(B

$B!!(BLinux kernel 2.4.26 / 2.6.4 $B$G=$@5$5$l$F$$$k!#(B

$B!!(BCVE: CVE-2004-0424

fix / patch:

$B"#(B $BDI5-(B

Linux$B%+!<%M%k$KJ#?t$N@H

$B!!(BVine Linux: [ 2004,04,21 ] kernel $B$K%;%-%e%j%F%#%[!<%k(B

2004-04-14: Stable CVS Version 1.11.15 Released! (security update)

$B!!(BVine Linux: [ 2004,04,21 ] cvs $B$K%;%-%e%j%F%#%[!<%k(B

$B"#(B Symantec Client Firewall Denial of Service Vulnerability
(Symantec, 2004.04.20)

$B!!(BSymantec $B$N(B NIS 2003 / 2004$B!"(BNorton Personal Firewall 2003 / 2004$B!"(B Client Firewall 5.01 / 5.1.1$B!"(B Client Security 1.0 $B$K7g4Y!#(BDoS $B967b$rCVE-2004-0375$B!#(B

$B!!BP1~$H$7$F$O!"(BNIS 2003 / 2004$B!"(BNorton Personal Firewall 2003 / 200 $B$O(B LiveUpdate $B$r

$B!!!D!DF|K\8lHG(B: SYM04-007: Symantec Client Firewall $B$K%5!<%S%95qH]$N@H ($B%7%^%s%F%C%/(B)$B!#(BLiveUpdate $B$r

$B!!$_$_$5$s!"$=$&$@$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2004.04.26 $BDI5-(B:

$B!!(BSymantec Norton Internet Security 2003/2004$B$N@H ($BIY;NDL(B)$B!#(B FMV $B$K%W%j%$%s%9%H!<%k$5$l$F$$$k$N$@$=$&$G!#(B

$B!!H/8+pJs(B: EEYE: Symantec Multiple Firewall TCP Options Denial of Service

$B"#(B CISCO IOS $B$K$*$1$k(B SNMP $B%a%C%;!<%8=hM}$N@H
(JPCERT/CC, 2004.04.21)

$B!!(BCisco IOS 12.x $B$N(B SNMP $B$,%d%P$$LOMM!#(B $B$<$s$<$sFI$a$F$$$J$$$N$G$9$,!"$H$j$$$=$.!#(B

$B"#(B TCP $B%W%m%H%3%k$K@x:_$9$k?.Mj@-$NLdBj(B
(JPCERT/CC, 2004.04.21)

$B!!(BNISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP (uniras.gov.uk) $B$NOC!#(B $B8EMh$+$iCN$i$l$F$$$k(B TCP $B%j%;%C%H967b$K$D$$$F!"=>MhG'<1$5$l$F$$$?!V(B(2^32)/2 (= 2,147,483,648) $B8D$N%;%0%a%s%H$r:n@.$9$kI,MW$,$"$j!"$=$l$[$IMF0W$G$O$J$$!W$h$j$bMF0W$K9T$($kJ}K!$,(B$BH/8+(B$B$5$l$?LOMM!#(B $B>\:Y$O(B draft-ietf-tcpm-tcpsecure-00.txt: Transmission Control Protocol security considerations (IETF) $B$r;2>H!#$3$NJ8=q$K$O!"$3$NLdBj$r7Z8:$9$k$?$a$N(B TCP $B%W%m%H%3%k$N2~A1J}K!$b7G:\$5$l$F$$$k!#(B

$B!!$3$NLdBj$O!"
$B!!(BBGP $B%;%C%7%g%s$O;}B3;~4V$,D9$/!"@\B3$,@ZCG$5$l$?>l9g$K$O%k!<%F%#%s%0%F!<%V%k$N:F9=C[$J$I$,I,MW$G$"$k$?$a!"2DMQ@-$NLL$+$i$b1F6A$NBg$-$5$,7|G0$5$l$^$9!#$=$N$h$&$JLdBj$r2sHr$9$kJ}K!$H$7$F!"(BBGP $B$G$O(B TCP MD5 Signature Option $B$rE,MQ$9$k$3$H$b$48!F$$/$@$5$$!#(B
($BCfN,(B) $BJ;$;$F!"$3$NLdBj$r;HMQ$7$?967b$rKI$0$?$a$K$b!"Aw?.85(B IP $B%"%I%l%9$,:>>N$5$l$F$$$k%Q%1%C%H$r%U%#%k%?%j%s%0$9$k;v$,?d>)$5$l$F$$$^$9!#Aw?.85(BIP $B%"%I%l%9$N:>>N$O!"%5!<%S%91?MQK832(B (DoS) $B967b$J$IMM!9$J967b$G;H$o$l$k4pK\E*$J$N%5%$%H$KBP$9$k967b$rKI$0$?$a$K$b!"$3$N$h$&$J%U%#%k%?%j%s%0$r@_Dj$9$k$3$H$b$*4+$a$7$^$9!#(B

$B!!!V:#=5$N0l8}%a%b!W$N?L8;$O$3$l$+!D!D!#(B ingress / egress filtering $B$O$<$RRFC3013: $B%$%s%?!<%M%C%H%5!<%S%9%W%m%P%$%@$K$*$1$k%;%-%e%j%F%#!<6HL3$*$h$S ($B$7$i$O$?;aLu(B) $B$H$$$&$N$b$"$k$=$&$G!#(B

$B!!(BTCP $B>e$GF0:n$9$k%;%-%e%j%F%#%W%m%H%3%k(B (SSL$B!"(BSSH$B!"!D!D(B) $B$O$3$NLdBj$N1F6A$r

$B!!F1MM$K$7$F(B TCP $B%;%C%7%g%s$X$N%G!<%?A^F~$,9M$($i$l$k$,!"$=$NZ$5$l$F$$$J$$$7!"MF0W$G$O$J$$$H9M$($i$l$F$$$k!#(B

$B!!4XO"(B:

$B!!4XO"JsF;!&5-;v(B:

Changelog:

2004.04.22

$B!!(Bdraft-ietf-tcpm-tcpsecure-00.txt: Transmission Control Protocol security considerations (IETF) $B$K(B TCP $B$N2~A1J}K!$,5-:\$5$l$F$$$k7o$rDI5-!#(BTCP $B>e$GF0:n$9$k%;%-%e%j%F%#%W%m%H%3%k(B (SSL$B!"(BSSH$B!"!D!D(B) $B$O$3$NLdBj$N1F6A$r

$B!!0J2<$NDI2C(B:

2004.04.26
2004.06.02
2005.04.20

$B"#(B 2004.04.20

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B Access Support $B%;%-%e%j%F%#=$@5%W%m%0%i%`(B
(IBM, 2004.04.13)

$B!!(BIBM $B$N(B ThinkPad $B$J$I$K%$%s%9%H!<%k$5$l$F$$$k(B Access Support $B$K!V%;%-%e%j%F%#>e$NLdBj!W$,$"$j!"!V:#$9$0>e5-%;%-%e%j%F%#=$@5%W%m%0%i%`$r%$%s%9%H!<%k!W$9$k$3$H$,?d>)$5$l$F$$$k!#(BAccess Support $B$,%W%j%$%s%9%H!<%k$5$l$F$$$k5!

$B!!$?$@$7!"(B2004.02 $B0J9_$N(B ThinkPad X40 $B$K$O(B Access Support $B$O%W%j%$%s%9%H!<%k$5$l$F$$$J$$$H$$$&!#$^$?!"%W%j%$%s%9%H!<%k$5$l$F$$$J$$5!l9g$O!"F1MM$K%;%-%e%j%F%#=$@5%W%m%0%i%`$r%$%s%9%H!<%k$9$kI,MW$,$"$k!#(B

$B!!>>K\$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2004-04-14: Stable CVS Version 1.11.15 Released! (security update)
(cvshome.org, 2004.04.14)

$B!!(BCVS 1.11.14 / 1.12.6 $B0JA0$K7g4Y!#(BCVS $B$K$*$1$k%Q%9$N07$$$K7g4Y$,$"$C$?$h$&$@!#(B

$B!!(B1.11.15 / 1.12.7 $B$G=$@5$5$l$F$$$k!#(B2004-04-14: CVS Feature Version 1.12.7 Released! (security update)$B!#(B CVE: CVE-2004-0180 CVE-2004-0405

fix / patch:

$B"#(B $BDI5-(B

[memo:7530] $BDa55%a!<%k$K%P%C%U%!%*!<%P!<%i%s$N%;%-%e%j%F%#%[!<%k(B

$B!!(BTsuru-Kame Mail 3.50 for Windows Buffer Overflow Vulnerability (LAC)$B!#(B

$B"#(B 2004.04.19

$B"#(B Linux$B%+!<%M%k$KJ#?t$N@H
(ITmedia, 2004.04.16)

$B!!(BLinux $B%+!<%M%k$KJ#?t$N7g4Y$,H/8+$5$l$?!#$$$:$l$b(B local user $B$G$J$$$HMxMQ$G$-$J$$$,!"(Broot $B8"8B$r

fix / patch:

$B"#(B $BDI5-(B

MP3$B$N(BID3$B%?%0$K@x$`(BMac OS X$B%&%$%k%9$,8+$D$+$k(B

$B!!4XO"5-;v(B: Mac OS X $B$N%H%m!<%8%c%s5;=Q!'(B $BC#?M$N (TidBITS)$B!#(B

$B"#(B Microsoft Jet $B%G!<%?%Y!<%9%(%s%8%s$N@H
(Microsoft, 2004.04.14)

$B!!(BJet 4.0 $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$N

  • Msjet40.dll $B%U%!%$%k$r8!:w$9$k!#B8:_$7$J$1$l$P!"$3$N7g4Y$O$J$$!#(B
  • Msjet40.dll $B%U%!%$%k$,B8:_$9$k>l9g!"%P!<%8%g%s$r3NG'$9$k!#(B4.0.8618.0 $B$h$j8E$$$J$i!"7g4Y$,B8:_$9$k!#(B

$B!!(BMBSA $B$G$b%A%'%C%/$G$-$k$N$G3hMQ$5$l$?$$!#(B

$B!!7g4Y$N$"$k(B Jet 4.0 $B$,%$%s%9%H!<%k$5$l$F$$$k>l9g$O!"=$@5%W%m%0%i%`$rE,MQ$7$h$&!#(B

$B!!(BCVE: CVE-2004-0197$B!#(B

2004.05.12 $BDI5-(B:

$B!!(BWindows XP gold (SP $B$J$7(B) $BMQ$N=$@5%W%m%0%i%`$N%m!<%+%i%$%:$,IT40A4$@$C$?$=$&$G!"?7$7$$99?7%W%m%0%i%`$,EP>l$7$F$$$k!#(B Windows XP SP1 $BMQ=$@5%W%m%0%i%`$K$O!"$3$NLdBj$O$J$$!#(B

$B"#(B Outlook Express $BMQ$NN_@QE*$J=$@5%W%m%0%i%`(B (837009) (MS04-013)
(Microsoft, 2004.04.14)

$B!!(BInternet Explorer showHelp() Restriction Bypass Vulnerability $B$N(B fix$B!#(BCVE: CVE-2004-0380 $B$N5-=R$,$9$C$-$j$7$F$$$F$$$$46$8(B:

The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."

$B!!(BOutlook Express 5.5 SP2 / 6 / 6 SP1 $BMQ$N=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$7$h$&!#(B Windows 98/98SE/Me $B$K$bE,MQ$G$-$k!#(B $BBP1~$9$k(B Internet Explorer $B$O(B:

Outlook Express Internet Explorer
5.5 SP2 5.01 SP4 (Windows 2000 SP4)
5.01 SP3 (Windows 2000 SP3)
5.5 SP2 (Windows Me)
6 6 (Windows XP 32bit gold)
6 SP1 6 SP1 (Windows 98 / 98 SE / Me / NT 4.0 / 2000 / XP
6 (Windows Server 2003) 6 (Windows Server 2003)
6 (Windows XP 64bit)

$B!!$U$D$&$N?M$O(B Internet Explorer 6 SP1 $B$r;H$C$F$$$k$O$:$G$9$h$M!#(B

$B"#(B 2004.04.16

$B"#(B Microsoft RPC/DCOM $BMQ$NN_@QE*$J=$@5%W%m%0%i%`(B (828741) (MS04-012)
(Microsoft, 2004.04.14)

$B!!(BWindows 98 / 98 SE / Me / NT 4.0 / 2000 / XP / Server 2003 $B$N(B RPC / DCOM $B4XO"$G(B 4 $B$D$N?7$?$J7g4Y!#(B

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B $B$3$N=$@5%W%m%0%i%`$O(B MS03-026 / MS03-039 $B$rCV$-$+$($i$l$k$=$&$@!#(B

$B"#(B Subversion Neon Client Code Format String Vulnerabilities
(secunia, Fri, 16 Apr 2004 19:20:25 +0900)

$B!!(BSubversion $B$GMxMQ$5$l$F$$$k(B neon HTTP / WebDAV $B%/%i%$%"%s%H%i%$%V%i%j$N(B 0.24.4 $B0J2<$K(B format $B%P%0$,$"$j!"(B $B0-0U$"$k(B WebDAV $B%5!<%P$X$N%"%/%;%9$K$h$jG$0U$N%3!<%I$,CVE-2004-0179$B!#(B

fix / patch:

$B"#(B OpenOffice Neon Client Code Format String Vulnerabilities
(Secunia, Thu, 15 Apr 2004 22:53:29 +0900)

$B!!(BOpenOffice.org $B$GMxMQ$5$l$F$$$k(B neon HTTP / WebDAV $B%/%i%$%"%s%H%i%$%V%i%j$N(B 0.24.4 $B0J2<$K(B format $B%P%0$,$"$j!"(B $B0-0U$"$k(B WebDAV $B%5!<%P$X$N%"%/%;%9$K$h$jG$0U$N%3!<%I$,CVE-2004-0179$B!#(B

fix / patch:

$B"#(B $B8E$$%O!<%I%G%#%9%/$O$-$l$$$K$7$F
($BF|7P(B IT Pro, 2004.04.14)

$B!!$3$N5-;v$K%j%s%/$,5-:\$5$l$F$$$k$b$N(B:

GNU GPL

  • Autoclave$B!#(B1FD Linux $B>e$G(B GNU shred $B$r;H$C$F(B HDD $B$r>C5n$9$k!"$h$&$@!#(B IDE HDD $B$N$_BP1~$C$]$$!#(B

    Autoclave $B$O(B CD boot $B$K$OBP1~$7$F$$$J$$$h$&$@$,!"(BCD boot $B$5$;$?$$$J$i!"$?$H$($P(B KNOPPIX $B>e$G(B GNU shred $B$r;H$($P$h$$$o$1$G!#(B text boot $B$5$;$l$P$=$l$[$I=E$/$b$J$$$G$7$g$&!#(B

  • Eraser$B!#(B MS-DOS, Windows 9x / Me / 2000 / XP $BBP1~!#(B IDE, SCSI, RAID $BBP1~!#(BHDD $BA4BN>C5n$@$1$G$J$/!"(BExplorer $B%i%$%/$J(B GUI $B$+$i%U%!%$%k$d%G%#%l%/%H%j$r>C5n$7$?$j!"(Bcookie $B$d(B paging file $B$r>C5n$7$?$j$b$G$-$k$h$&$@!#>\:Y$O(B Features $B;2>H!#(B

    boot drive $B$b4^$a$?!"A4$F$N(B HDD $B$N>C5n$K$D$$$F$O(B FAQ $B$N!V(BHow do I Erase all hard drives on my PC?$B!W(B $B$r;2>H!#(B

$B5!G=8BDj$N(B Free $BHG$,$"$k(B
$B>&MQ(B

$B!!$3$N5-;v$K$O$J$$$b$N(B:

GNU GPL

  • DBAN - Darik's Boot and Nuke$B!#(BFD / CD-ROM boot $B$G$-!"(BIDE $B$H(B SCSI $B$KBP1~$7$F$$$k$=$&$G$9!#$\$/$A$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2004.05.17 $BDI5-(B:

$B!!(BEraser 5.7 $B$K4^$^$l$F$$$k!VA4(B HDD $B>C5n%G%#%9%/!W$r;n$7$F$_$?$H$3$m!"$=$NCf?H$O(B DBAN $B$G$7$?!#

$B!!(BActive@ Kill Disk $B$N>l9g$O!"(BFreeDOS + exe $B$J(B disk $B$,$D$/$i$l$^$7$?!#$3$A$i$O$&$^$/5/F0$G$-!">C5n=hM}$b$G$-$?$h$&$G$9!#(Bfree $BHG$G$O!V(B0 $B=q$-(B 1 $B2s!W$7$+$G$-$^$;$s$,!"(Bcasual hack $BBP:v$G$"$l$P$3$l$G$b==J,$G$7$g$&!#5!L)>pJs$,=q$+$l$F$$$k$h$&$J(B disk $B$J$i!"$b$C$H5$9g$$$rF~$l$kI,MW$,$"$k$G$7$g$&$,!#(B

$B!!!D!D$J$s$@$+!"(BFreeSBIE $B$J(B CD $B$D$/$C$?J}$,Aa$$$h$&$J5$$,$7$F$-$^$7$?!#(B $B!D!D(B$B$D$/$j$^$7$?(B$B!#(B $B4JC1$G$7$?!#(B

$B"#(B 2004.04.15

$B"#(B Microsoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B (835732) (MS04-011)
(Microsoft, 2004.04.14)

$B!!(BWindows 98 / 98 SE / Me / NT 4.0 / 2000 / XP / Server 2003 $B$KJ#?t$N7g4Y!#(B $B$3$N(B advisory $B$G$O(B 14 $B8D$N7g4Y$,2r@b$5$l$F$$$k!#(B

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#$?$@$7!"(BWindows 98 / 98 SE / Me $BMQ$N=$@5%W%m%0%i%`$O!V6<0REYH=Dj$,6[5^$G$O$J$$!W$H$$$&M}M3$G!"8x3+$5$l$F$$$J$$$N$GCm0U$5$l$?$$!#(B $B$^$?!"(BNetMeeting $B$N!V%9%?%s%I%"%m%sHG!WMQ$N=$@5%W%m%0%i%`$O(B $B8DJL$N=$@5%W%m%0%i%`(B $B$H$7$FMQ0U$5$l$F$*$j!"$3$l$O(B Windows 98 / 98 SE / Me $B$K$bBP1~$7$F$$$k!#(B Windows 2000 / XP / Server 2003 $B$KE:IU$5$l$F$$$k(B NetMeeting $B$K$D$$$F$O!"(BMS01-011 $B=$@5%W%m%0%i%`$G=$@5$5$l$k$,!"!V%9%?%s%I%"%m%sHG!W$O$=$&$G$O$J$$$N$GCm0U$5$l$?$$!#!V%9%?%s%I%"%m%sHG!W$N99?7>u67$O(B MBSA $B$G$b%A%'%C%/$G$-$J$$$=$&$J$N$G!"$J$*$N$3$HCm0U$,I,MW$@!#(B

$B!!$J$*!"(B$B$h$/4s$;$i$l$k $B$K$"$k$h$&$K!"$3$N=$@5%W%m%0%i%`$rE,MQ$9$k$H!"e$NJQ99$,9T$o$l$k$=$&$@!#(B

$B$3$N=$@5%W%m%0%i%`$K$h$j!"!F(B.folder$B!G$N%U%!%$%k3HD%;R$G=*$o$k%U%!%$%k$,!"%G%#%l%/%H%j$K4XO"IU$1$i$l$J$/$J$j$^$9!#!F(B.folder$B!G$N%U%!%$%k3HD%;R$G=*$o$k%U%!%$%k$,!"$3$l$i$N@H$N%W%m%0%i%`$G%G%#%l%/%H%j$H$7$FI=<($5$l$J$/$J$k$h$&$K5!G=>e$NJQ99$,DI2C$5$l$^$9!#(B

$B!!$U$D$&$N%U%!%$%k$H$7$FI=<($5$l$k$h$&$K$J$k!"$H$$$&$3$H$+$J!#(B

2004.04.22 $BDI5-(B:

$B!!(BPCT $B$N@HCVE-2003-0719, Microsoft SSL $B%i%$%V%i%j$K$*$1$k%j%b!<%H%;%-%e%j%F%#?/32$N@H) $B$rFM$/(B exploit $B$,EP>l$7$?$h$&$G$9!#(B $BF|K\8lHG(B Windows 2000 SP4 $B>e$G$N8!>ZJs9p$,$"$j$^$9(B [Snort-users-jp:00933]$B!#$^$?!"$3$N(B exploit $B$,H/@8$5$;$k%Q%1%C%H$r8!CN$9$k(B snort $B%7%0%M%A%c$,8x3+$5$l$F$$$^$9(B [Snort-users-jp:00931]$B!#(B

2004.04.24 $BDI5-(B:

$B!!(BMicrosoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B (835732) (MS04-011) $B$N!V(BPCT $B$N@Hl$7$F$$$^$9!#(B

$B!!$3$l$KBP1~$7$F!"(BPCT/SSL $B$N0-MQ$r;n$_$k%3!<%I$K4X$9$k>pJs(B (Microsoft) $B$H$$$&%Z!<%8$,8x3+$5$l$F$$$^$9!#$^$@(B MS04-011 $B$NE,MQ$,$G$-$F$$$J$$>l9g$O!"(BIIS $B$K$D$$$F$O(B 187498 - [IIS]PCT 1.0$B!"(BSSL 2.0$B!"(BSSL 3.0 $B$r(B IIS $B>e$GL58z$K$9$kJ}K!(B (Microsoft) $B$K$h$C$F(B PCT 1.0 $B$rL58z$K$9$k$3$H$G!"!V(BPCT $B$N@H

$B!!$J$*!"(BMS04-011 patch (835732) $B$O(B windows update$B$7$?$H$-$K>e$2$k%9%l(B 13 (2ch.net) $B$d(B Windows Update$B<:GT$7$?$i(Bage$B$k%9%l(B 5 (2ch.net) $B$GIT6q9g$K4X$9$kOCBj$,=P$F$$$k$h$&$J$N$G$4Cm0U$/$@$5$$!#(B $B

$B!!(B$B%$%s%?!<%M%C%HDjE@4QB,(B (cyberpolice.go.jp) $B$G$O!"(B443/tcp $B$N(B port scan $B%G!<%?$OL@<($5$l$F$$$J$$$7!"(BPCT 1.0 attack $B$N?t$b$o$+$i$J$$$J$"!#(B

2004.04.26 $BDI5-(B:

$B!!!V(BPCT $B$N@H

$B!!(Bexloit $BB3!9(B:

2004.04.27 $BDI5-(B:

$B!!4XO">pJs(B:

$B!!$^$@$"$F$F$$$J$$?M!"$$$=$$$G(B patch $B$r$"$F$^$7$g$&!#(B

2004.04.30 $BDI5-(B:

$B!!(B835732 - [MS04-011] Microsoft Windows $B$N%;%-%e%j%F%#=$@5%W%m%0%i%`(B$B!#(B $BI{:nMQ>pJs%-%?!

2004.05.02 $BDI5-(B:

$B!!(BSasser $B%o!<%`$K$D$$$F$N$*CN$i$;(B$B!#(BLSASS $B7j(B attack worm $B%-%?!

2004.05.07 $BDI5-(B:

$B!!!X!V(BLSASS $B$N@Hl$7$?2sHr:v$O(B:

%systemroot%\debug\dcpromo.log $B$H$$$&L>A0$N%U%!%$%k$rFI$_
echo dcpromo > %systemroot%\debug\dcpromo.log & attrib +r %systemroot%\debug\dcpromo.log

$B!!$J$<$3$l$G$$$$$N$+!#$3$N7g4Y$K4X$9$k(B eEye $B$N5;=QJ8=q(B Windows Local Security Authority Service Remote Buffer Overflow (eEye) $B$K$O$3$&$"$k(B:

The buffer overflow bug is in a logging function which generates a string for the log file using vsprintf(). The name of the log file is "DCPROMO.LOG", and it is located in the Windows "debug" directory.

$B!!(Bdcpromo.log $B$X$N=q$-9~$_=hM}$K$*$$$F(B vsprintf() $B$,(B buffer overflow $B$9$k$N$@$m$&!#$=$3$G!"$=$b$=$b(B dcpromo.log $B$r(B write open $B$G$-$J$$$h$&$K$7$F$7$^$($P!D!D$H$$$&$3$H$G$$$$$N$+$J!#(B

$B"#(B 2004.04.14

$B"#(B Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability
(CISCO, 2004.04.04)

$B!!(BCISCO $B$NL5@~(B LAN $BG'>Z%W%m%H%3%k(B LEAP $B$KBP$7$F<-=q967b$r9T$&$3$H$,2DG=$@$H$$$&OC$,$"$k$=$&$G!#$=$N$?$a$N%D!<%k$,8x3+$5$l$F$$$k!#(B

$B!!$3$NLdBj$O!"?7$7$$%W%m%H%3%k(B EAP-FAST $B$G$O=$@5$5$l$F$$$k$=$&$@!#(B $B$H$$$&$+!"(Basleap $B:n

$B!!$G!"(Bhttp://asleap.sourceforge.net/ $B$K%"%/%;%9$9$k$H!"$3$s$J5-=R$,$"$j$^$9$M(B:

I wrote asleap while researching weaknesses in the Cisco proprietary LEAP protocol after I discovered that LEAP uses a modified MS-CHAPv2 exchange to authenticate users. MS-CHAPv2 is very bad.

$B!!4XO"(B:

$B"#(B $BDI5-(B

MP3$B$N(BID3$B%?%0$K@x$`(BMac OS X$B%&%$%k%9$,8+$D$+$k(B

$B!!(BMac OS X $B=i$N%H%m%$$NLZGO(B???$B!!!]!!(BMP3Concept $B$=$N8e(B ($B%j%s%/$H$+HwK:O?$H$+F|5-$H$+(B)$B!#(B Mac OS X$B%&%$%k%9BP:v%D!<%k$rL5=~Ds6!(B (ITmedia) $B$J$s$F5-;v$b=P$F$$$k$h$&$G$9$,!"(BLife with MacOS X (SHIRO's pages) $B$N!V(B4/13 MP3Concept $BBP:v!W$NJ}$,$h$$$H;d$b;W$$$^$9!#(B1 $B2s%$%s%9%H!<%k$9$l$P$h$$$o$1$G$9$7!#$"$j$,$?$$$3$H$G$9!#(B

$B!!4XO"(B:

$B!!>/$J$/$H$b(B Apple $B$+$i$N(B official fix $B$,=P$k$^$G$O!"!VA{$.!W$O$<$s$<$s<}$^$C$F$J$$$H;W$&$N$G$9$1$I$M$(!D!D!#(B

Symantec Norton Internet Security$B$KG$0U$N%3!<%I$,

$B!!(B4/8 $BIU$G(B AntiSpam 2004 $BMQ(B fix $B$,EP>l$7$F$$$^$7$?(B: 2004$BG/(B4$B7n(B8$BF|(B($BLZ(B)$B$h$j(BSymantec Norton AntiSpam 2004 for Windows $B=$@5%Q%C%A$N(B LiveUpdate $B$K$h$kG[I[$r3+;O$7$^$7$?(B ($B%7%^%s%F%C%/(B)$B!#(B

$B"#(B 2004.04.13

$B"#(B $BDI5-(B

Internet Explorer showHelp() Restriction Bypass Vulnerability

$B!!$R$-$D$E$-0-MQ$5$l$F$$$k$h$&$G$9!#(B

$B"#(B 2004.04.12

$B"#(B 2004.04.09

$B"#(B MP3$B$N(BID3$B%?%0$K@x$`(BMac OS X$B%&%$%k%9$,8+$D$+$k(B
(ITmedia, 2004.04.09)

$B!!$3$N(B ITmedia $B5-;v$rFI$s$G$b(B Mac OS X$B$K$b%H%m%$$NLZGO$N4m81@-!"(BMP3$B$r56Au$9$k!V(BMP3Concept$B!W(B (MYCOM PC WEB) $B$rFI$s$G$b(B ntego Announces Protection against the First Mac OS X Trojan Horse: MP3Concept (intego.com) $B$rFI$s$G$b!"2?$,5/$3$C$F$$$k$N$+$h$/$o$+$i$J$+$C$?!#(B $B$7$+$7(B More details on Trojan Horse for Mac OS X (MacNN) $B$H!"$7$m$d$^$5$s$N(B [harden-mac:0632] Re: First Mac OS X Trojan Horse $B$rFI$`$H!"$I$&$d$i!"(BMac OS X $B$N!V%l%,%7!<(B Mac OS $BIwL#!W$JItJ,$H!V(BNeXT $B0JMh$N(B UNIX $BE*ItJ,!W$H$N7d4V$r$&$^$/K%$C$?967b$G$"$k$h$&$@!#(B ($B$4$a$s!"$$$^$@$K$-$A$s$HM}2r$G$-$F$$$J$$(B)

$B!!BP93:v$@$,!"$?$H$($P$7$m$d$^$5$s$N(B [harden-mac:0632] Re: First Mac OS X Trojan Horse $B$O!"(Bfile $B$N(B magic $BItJ,$r$-$A$s$H2r

$B!!$7$+$7!"(Bintego $B$N?MC#$O!"(BApple $B$K$3$N7g4Y$NB8:_$rDLCN$7$F$$$?$s$@$m$&$+!#(B $B$I$&$b!"$=$&$K$O8+$($J$$$N$@$,!D!D!#(B

2004.04.14 $BDI5-(B:

$B!!(BMac OS X $B=i$N%H%m%$$NLZGO(B???$B!!!]!!(BMP3Concept $B$=$N8e(B ($B%j%s%/$H$+HwK:O?$H$+F|5-$H$+(B)$B!#(B Mac OS X$B%&%$%k%9BP:v%D!<%k$rL5=~Ds6!(B (ITmedia) $B$J$s$F5-;v$b=P$F$$$k$h$&$G$9$,!"(BLife with MacOS X (SHIRO's pages) $B$N!V(B4/13 MP3Concept $BBP:v!W$NJ}$,$h$$$H;d$b;W$$$^$9!#(B1 $B2s%$%s%9%H!<%k$9$l$P$h$$$o$1$G$9$7!#$"$j$,$?$$$3$H$G$9!#(B

$B!!4XO"(B:

$B!!>/$J$/$H$b(B Apple $B$+$i$N(B official fix $B$,=P$k$^$G$O!"!VA{$.!W$O$<$s$<$s<}$^$C$F$J$$$H;W$&$N$G$9$1$I$M$(!D!D!#(B

2004.04.19 $BDI5-(B:

$B!!4XO"5-;v(B: Mac OS X $B$N%H%m!<%8%c%s5;=Q!'(B $BC#?M$N (TidBITS)$B!#(B

$B"#(B $BDI5-(B

$B!V>pJs%7%9%F%`Ey$N@HpJs$N

$B!!4XO"5-;v(B:

  • $B$-$c$!!"CQ$:$+$7$$$o!D(B (Lucrezia Borgia $B$N(B Room Cantarella)

    $B!!6vA3$J$N$K!V8N0U$@$m(B!$B!W$H$D$C$D$+$l$k$H$+!"0-0U$O$J$$$N$K!V0-0U$"$j$"$j$@$m(B!$B!W$H$D$C$D$+$l$k$H$+!"$$$&2DG=@-$O3N$+$K$"$j$^$9$M!#(B $B$7$+$7!"$3$N%U%m!<$r;H$&>l9g$K$O!"3+H/!&1?1DB&$K$O(B IPA $B$K$h$C$F%U%#%k%?$5$l$?>pJs$,FO$/$h$&$K$J$j$^$9$+$i!"H/8+@\Js9p$9$k>l9g$h$j$ONd@E$K

    $B!!$3$l$^$G$O!"$A$g$C$H$7$?8@MU;H$$$,%b%H$GOC$,$3$8$l$A$c$C$?$j$9$k$3$H$,>/$J$/$J$+$C$?$N$G$O!"$H;W$C$F$$$^$9!#$=$&$$$&%H%i%V%k$O>/$J$/$J$C$F$/$l$k$+$J$"!"$H!#$J$C$F$/$l$k$H$$$$$J$"!#(B

Internet Explorer showHelp() Restriction Bypass Vulnerability

$B!!4XO">pJs(B:

$B!!(BSOggy $B$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B;d$b(Bsquid$B$N%"%/%;%9%3%s%H%m!<%k$KDI5-$r$7$h$&$H!">\:Y$rD4$Y$K4XO"%Z!<%8$H$7$F>R2p$5$l$F$$$k(B<http://www.kb.cert.org/vuls/id/323070>$B$r8+$K9T$C$?$N$G$9$,!"%Z!<%8Cf$K
-----$B0zMQ$3$3$+$i(B-----
An attacker could exploit this vulnerability using a crafted HTML document containing script or an ActiveX object or possibly an IFRAME element. Due to the way IE determines the MIME type of a file referenced by a URL, an HTML document may not necessarily have the expected file name extension (.html or .htm). Likewise, a CHM file may not have the expected .chm extension.
-----$B0zMQ$3$3$^$G(B-----

$B$3$NJ8>O$H!"http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp>$B$N%Z!<%8$rFI$`$H!"(BCHM$B%U%!%$%k$X$N%"%/%;%9$r6X;_$9$k$3$H$O!"$^$C$?$/L58z$G$O$J$$$G$7$g$&$,!"967b

$B!!3N$+$K!D!D!#$^$"!"8z2L$,$J$$$o$1$G$O$J$$$@$m$&$H$$$&$3$H$G!#(B $B!V(Bms-its, its, mk $B%W%m%H%3%k%O%s%I%i$rL58z$K$9$k!W$H$$$&2sHrJ}K!$OI{:nMQ$,Bg$-$$$G$9$7!"!VB>$N%V%i%&%6$r;H$&!W$O!"FCDj$N%a!<%k%=%U%H$r;H$C$F$$$k?M$K$ODL$8$J$$$@$m$&$7!#(B

$B"#(B 2004.04.08

$B"#(B $B7j$$$m$$$m(B
(various)

$B"#(B $B%D!<%k$$$m$$$m(B
(various)

$B"#(B RealNetworks, Inc. $B$,%;%-%e%j%F%#>e$NLdBj$KBP1~$9$k%"%C%W%G!<%H$r%j%j!<%9(B
(RealNetworks, 2004.04.06)

$B!!(BReal Player 8, RealOne, RealOne v2 for Windows, RealPlayer 10 Beta, ReaPlayer Enterprise $B$K7g4Y!#(B.R3T $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"(Bstack overflow $B$,H/@8!#$3$N$?$a!"$3$N7g4Y$r0-MQ$9$k$H!"0-0U$"$k(B .R3T $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

$B!!2sHr$9$k$K$O!"!V(BRich Text 3D$B!W%3%s%]!<%M%s%H$r:o=|$9$l$P$h$$!#(B $BBP1~$9$k$K$O!"%;%-%e%j%F%#%"%C%W%G!<%H$rE,MQ$9$k$+!"(BRealPlayer 10 $B$K%"%C%W%0%l!<%I$9$k!#(B

$B!!4XO"(B: REAL One Player R3T File Format Stack Overflow$B!#(B

$B"#(B [ GLSA 200404-07 ] ClamAV RAR Archive Remote Denial Of Service Vulnerability
(bugtraq, Thu, 08 Apr 2004 03:12:32 +0900)

$B!!(BClam AntiVirus 0.68 $B0J2<$K$*$1$k(B RAR $B%U%!%$%k$N07$$$K7g4Y!#(B Beagle.A $B$N0!

$B!!4XO"(B: announcing ClamAV 0.68-1 (comp.security.virus.clamav.announce)$B!#(B 0.68 $B$GD>$7$?$D$b$j(B$B$,D>$C$F$$$J$+$C$?LOMM!#(B $B$G$b(B ClamAV team $B$O!"(B0.6x $B$h$j$b(B 0.70-rc $B$K$7$?J}$,$$$$!"$C$F=q$$$F$$$^$9$M!#(B FreeBSD $B$N(B ports/security/clamav $B$O(B 0.70-rc $B$K$J$C$F$^$9!#(B

$B"#(B $BDI5-(B

Squid Proxy Cache Security Update Advisory SQUID-2004:1
[Full-Disclosure] R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities
[memo:7530] $BDa55%a!<%k$K%P%C%U%!%*!<%P!<%i%s$N%;%-%e%j%F%#%[!<%k(B

$B!!(B3.52 $BHG$K$bJL$N7g4Y$,$"$C$?$=$&$G!"(B3.53 $BHG$,EP>l$7$F$$$k(B [memo:7536]$B!#(B

$B!V>pJs%7%9%F%`Ey$N@HpJs$N

$B!!4XO"5-;v(B:

$B!!8D?ME*$K$O!"

$B"#(B Cisco Security Advisory: A Default Username and Password in WLSE and HSE Devices
(CISCO, 2004.04.07)

$B!!(BCISCO $B$N(B Wireless LAN Solution Engine (WLSE) $B%=%U%H%&%'%"%P!<%8%g%s(B 2.0, 2.0.2, 2.5 $B$*$h$S(B Hosting Solution Engine (HSE) $B%=%U%H%&%'%"%P!<%8%g%s(B 1.7, 1.7.1, 1.7.2, 1.7.3 $B$K7g4Y!#(B $B%O!<%I%3!<%I$5$l$?%f!<%6L>(B / $B%Q%9%o!<%I$,$"$j!"$=$N%f!<%6L>(B / $B%Q%9%o!<%I$r;H$&$H!"%G%P%$%9$r40A4$K@)8f$G$-$F$7$^$&!#$*$^$1$K!"%O!<%I%3!<%I$5$l$F$$$k$@$1$"$C$F!"%f!<%6L>(B / $B%Q%9%o!<%I$rJQ99!&>C5n$9$k

$B!!BP1~$9$k$K$O!"(BWLSE-2.x-CSCsa11583-K9.zip patch (WLSE $BMQ(B)$B!"$"$k$$$O(B HSE-1.7.x-CSCsa11584.zip patch (HSE $BMQ(B) $B$rE,MQ$9$k!#(B

$B!!F|K\8lHG=P$^$7$?(B: Cisco Security Advisory: WLSE $B$H(B HSE $B$K$*$1$k%G%U%)%k%H%f!<%6%M!<%`(B (CISCO)$B!#(B

$B"#(B 2004.04.07

$B"#(B $B!V3HD%;R$,!X(B.pif$B!Y$J$I$NE:IU%U%!%$%k$O%U%#%k%?%j%s%0$9$Y$-!W!=!=@lLg2H(B
($BF|7P(B IT Pro, 2004.04.07)

$B!!%"%s%A%&%#%k%9%=%U%H$,%&%#%k%9$N;3$KDI$$$D$1$J$$;~Be$G$9$7$M!D!D!#(B

$B!!$7$+$7!"$?$H$($P!V%Q%9%o!<%I$D$-(B zip $B%U%!%$%k!W$r%U%#%k%?$7$F$7$^$C$F$$$$$N$+$I$&$+!"$H$$$C$?$"$?$j$OHyL/$J5$$,!#(B $B!V%Q%9%o!<%I$D$-(B zip $B%U%!%$%k!W$O(B phishing $B$K$bMxMQ$5$l$F$-$F$$$k$h$&$G$9(B: [Full-Disclosure] Another phishing attack$B!#(B $B0lJ}$G!"$$$/$D$+$N%"%s%A%&%#%k%9%=%U%H20$5$s$O!"%5%s%W%kDs=P$K!V%Q%9%o!<%I$D$-(B zip $B%U%!%$%k!W$rMW5a$7$?$j$9$k$s$G$9$h$M!#$J$N$G!";_$a$A$c$&$H%5%s%W%k$,Ds=P$G$-$J$$$H$$$&!D!D!#(B

$B!!$^$?!"$?$H$($P(B Windows XP $B$G$O!"JQ$J3HD%;R$G$b%3%^%s%I%W%m%s%W%H$+$i$J$i$A$c$s$HH(B: [port139:00848] $B0J2<$N%9%l%C%I!#(B (^.^) $B$,$K$J$jF@$k$H$O!#(B Windows XP $B62$k$Y$7!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B Nullsoft Winamp 'in_mod.dll' Heap Overflow
(NGSSoftware, 2004.04.05)

$B!!(BWinamp 2.91$B!A(B5.02 $B$K7g4Y!#(Bplug-in $B%U%!%$%k(B in_mod.dll $B$K$*$1$k(B Fasttracker 2 ('.xm') $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"(Bheap overflow $B$,H/@8!#(B $B$3$N$?$a!"0-0U$"$k(B .xm $B%U%!%$%k$rMxMQ$7$FG$0U$N%3!<%I$r

$B!!(BWinamp 5.03 $B$G=$@5$5$l$F$$$k!#(B $B$^$?!"(B"Fasttracker 2" plug-in $B$rL58z2=$9$k$3$H$K$h$j2sHr$G$-$k!#(B Preferences $B$G@_Dj$G$-$k$h$&$@!#(B

$B!!4XO"JsF;(B: $B%a%G%#%":F@8%=%U%H!V(BWinamp$B!W$KG$0U$N%3!<%I$r (Internet Watch)$B!#(B

$B"#(B $BDI5-(B

Internet Explorer showHelp() Restriction Bypass Vulnerability

$B!!(BRE: [Full-Disclosure] IE exploit going around on irc$B!#(B [Full-Disclosure] IE exploit going around on irc $B$G<($5$l$?967b$O!"(BMS03-032 $B$N!V(B$B%*%V%8%'%/%H%?%0$N@H$B!W$H:#2s$N7g4Y$H$rAH$_$"$o$;$?$b$N$@!"$H$$$&2r@b!#(B

$B!V>pJs%7%9%F%`Ey$N@HpJs$N

$B!!4XO"JsF;(B:

$B"#(B 2004.04.06

$B"#(B Internet Explorer showHelp() Restriction Bypass Vulnerability
(secunia.com, 2004-03-29)

$B!!(BCHM $B%U%!%$%k(B ($B05=L(B HTML $B%X%k%W%U%!%$%k(B) $B$N%O%s%I%i$K(B 2 $B$D$N7g4Y!#(B

  • $BFC$N%m!<%+%k%U%!%$%k$r(B CHM $B%U%!%$%k$@$H2r

  • $B%m!<%+%k%3%s%T%e!<%?>e$NB8:_$7$J$$%U%!%$%k$r;XDj$9$k$3$H$G!"(Bremote $B$N(B CHM $B%U%!%$%k$r(B $B%^%$%3%s%T%e!<%?%>!<%s8"8B$G

$B!!$3$N7g4Y$rMxMQ$7$?967b$,Fw: new IE vurn$B!"(B [Full-Disclosure] IE exploit going around on irc$B!#(B $B0-0U$"$k(B web $B%Z!<%8$K%"%/%;%9$7$?$@$1$G967b$,@.8y$7$F$7$^$&$h$&$@!#$^$:$9$.!#(B

$B!!2sHr$9$k$K$O!"(BCHM $B%U%!%$%k$X$N4XO"$E$1$r:o=|$9$k(B (Windows $B%X%k%W$OL58z2=$5$l$k(B) $B$+!"B>$N%W%m%@%/%H$r;H$&!"$H$5$l$F$$$k!#(Bproxy server $B$G(B CHM $B%U%!%$%k$X$N%"%/%;%9$r;_$a$k$N$bM-8z$+$b$7$l$J$$!#(B

$B!!4XO"(B: Vulnerability Note VU#323070: Microsoft Internet Explorer does not properly validate source of CHM components referenced by ITS protocol handlers (CERT/CC)

2004.04.07 $BDI5-(B:

$B!!(BRE: [Full-Disclosure] IE exploit going around on irc$B!#(B [Full-Disclosure] IE exploit going around on irc $B$G<($5$l$?967b$O!"(BMS03-032 $B$N!V(B$B%*%V%8%'%/%H%?%0$N@H$B!W$H:#2s$N7g4Y$H$rAH$_$"$o$;$?$b$N$@!"$H$$$&2r@b!#(B

2004.04.09 $BDI5-(B:

$B!!4XO">pJs(B:

$B!!(BSOggy $B$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B;d$b(Bsquid$B$N%"%/%;%9%3%s%H%m!<%k$KDI5-$r$7$h$&$H!">\:Y$rD4$Y$K4XO"%Z!<%8$H$7$F>R2p$5$l$F$$$k(B<http://www.kb.cert.org/vuls/id/323070>$B$r8+$K9T$C$?$N$G$9$,!"%Z!<%8Cf$K
-----$B0zMQ$3$3$+$i(B-----
An attacker could exploit this vulnerability using a crafted HTML document containing script or an ActiveX object or possibly an IFRAME element. Due to the way IE determines the MIME type of a file referenced by a URL, an HTML document may not necessarily have the expected file name extension (.html or .htm). Likewise, a CHM file may not have the expected .chm extension.
-----$B0zMQ$3$3$^$G(B-----

$B$3$NJ8>O$H!"http://msdn.microsoft.com/workshop/networking/moniker/overview/appendix_a.asp>$B$N%Z!<%8$rFI$`$H!"(BCHM$B%U%!%$%k$X$N%"%/%;%9$r6X;_$9$k$3$H$O!"$^$C$?$/L58z$G$O$J$$$G$7$g$&$,!"967b

$B!!3N$+$K!D!D!#$^$"!"8z2L$,$J$$$o$1$G$O$J$$$@$m$&$H$$$&$3$H$G!#(B $B!V(Bms-its, its, mk $B%W%m%H%3%k%O%s%I%i$rL58z$K$9$k!W$H$$$&2sHrJ}K!$OI{:nMQ$,Bg$-$$$G$9$7!"!VB>$N%V%i%&%6$r;H$&!W$O!"FCDj$N%a!<%k%=%U%H$r;H$C$F$$$k?M$K$ODL$8$J$$$@$m$&$7!#(B

2004.04.13 $BDI5-(B:

$B!!$R$-$D$E$-0-MQ$5$l$F$$$k$h$&$G$9!#(B

2004.04.19 $BDI5-(B:

$B!!(BOutlook Express $BMQ$NN_@QE*$J=$@5%W%m%0%i%`(B (837009) (MS04-013) $B$G=$@5$5$l$^$7$?!#(B

$B"#(B $B!V>pJs%7%9%F%`Ey$N@HpJs$N
(IPA, 2004.04.06)

$B!!(B$B7P;:>J!"%=%U%H$N7g4Y=$@5$K!V(B45$BF|%k!<%k!W(B ($BF|7P(B) $B$N1F6A$G!"!V(B45 $BF|!W$H$$$&ItJ,$,(B slashdot.jp $B$G$b(B$BOCBj$K$J$C$F$$$^$9(B$B$,!":#2sH/I=$5$l$?Js9p=q$K$O!V(B45 $BF|!W$H$$$&5-:\$O$I$3$K$b$"$j$^$;$s!#(Bp.92 ($B;qNA(B - 20) $B$h$j(B:

JPCERT/CC $B$O!"@=IJ3+H/e!"@HpJs$K4X$9$kBP:vJ}K!$N:vDj$K4X$9$k%9%1%8%e!<%k!"$*$h$S@HpJs$HBP:vJ}K!$N0lHL8xI=$K4X$9$k%9%1%8%e!<%k$r7hDj$7$^$9!#0J8e!"(BJPCERT/CC $B$O!"(BJPCERT/CC $B$,@=IJ3+H/e8xI=F|;~$rJQ99$9$k$3$H$,$"$j$^$9!#$^$?!"J#?t$N@=IJ3+H/pJs$N>l9g!"J#?t$N@=IJ3+H/

$B!!!V@=IJ3+H/$BF|7PJsF;(B $B$K$"$k!V(B45 $BF|!W$H$$$&$H;W$$=P$9$N$O!"(B CERT/CC $B$N8x3+%]%j%7!<(B$B$G$9$M!#(Bp.109 ($B;qNA(B - 37) $B$K$b!"3$30;vNc$N0lMw$,$"$j$^$9!#(B

$B!!$3$NJs9p=q$r%Y!<%9$K$7$F!"(B5 $B7n>e=\$^$G$K!V@/I\$N8xE*%k!<%k0F!W$r$D$/$C$F%Q%V%j%C%/%3%a%s%H$rJg=8$9$k$h$&$G$9!#$=$3$K$O!"$b$7$+$9$k$H!VF|?t!W$,EP>l$9$k$N$+$b$7$l$^$;$s!#QiL\$7$FBT$F!#(B

$B!!7P;:>JHG(B: $B!V>pJs%7%9%F%`Ey$N@HpJs$N$B!#(B

$B!!4XO"JsF;(B:

2004.04.07 $BDI5-(B:

$B!!4XO"JsF;(B:

2004.04.08 $BDI5-(B:

$B!!4XO"5-;v(B:

$B!!8D?ME*$K$O!"

2004.04.09 $BDI5-(B:

$B!!4XO"5-;v(B:

  • $B$-$c$!!"CQ$:$+$7$$$o!D(B (Lucrezia Borgia $B$N(B Room Cantarella)

    $B!!6vA3$J$N$K!V8N0U$@$m(B!$B!W$H$D$C$D$+$l$k$H$+!"0-0U$O$J$$$N$K!V0-0U$"$j$"$j$@$m(B!$B!W$H$D$C$D$+$l$k$H$+!"$$$&2DG=@-$O3N$+$K$"$j$^$9$M!#(B $B$7$+$7!"$3$N%U%m!<$r;H$&>l9g$K$O!"3+H/!&1?1DB&$K$O(B IPA $B$K$h$C$F%U%#%k%?$5$l$?>pJs$,FO$/$h$&$K$J$j$^$9$+$i!"H/8+@\Js9p$9$k>l9g$h$j$ONd@E$K

    $B!!$3$l$^$G$O!"$A$g$C$H$7$?8@MU;H$$$,%b%H$GOC$,$3$8$l$A$c$C$?$j$9$k$3$H$,>/$J$/$J$+$C$?$N$G$O!"$H;W$C$F$$$^$9!#$=$&$$$&%H%i%V%k$O>/$J$/$J$C$F$/$l$k$+$J$"!"$H!#$J$C$F$/$l$k$H$$$$$J$"!#(B

$B"#(B $BDI5-(B

URL$B56AuLdBj:F$S!=!=(BIE$B$H(BOutlook$B$K(B

$B!!(BIkegami $B$5$s$+$i$N>pJs$K$h$k$H!"(BMozilla1.7b (20040329) $B$O$@$$$8$g$&$V!"(BOpera7.23J $B$O$@$a$@$=$&$G$9(B ($B$"$j$,$H$&$4$6$$$^$9(B)$B!#(B

$B!!BP93:v$H$7$F!"%f!<%6%9%?%$%k%7!<%H$r;H$C$F7Y9pE*I=<($r9T$&J}K!$,Ds0F$5$l$F$$$k$h$&$G$9(B:

$B!!%f!<%6!<%9%?%$%k%7!<%H$N@_DjJ}K!$O!"$?$H$($P(B $B%f!<%6!<%9%?%$%k%7!<%H$N%9%9%a(B (Personnel) $B$r;2>H!#%;%s%9$N$$$$%Z!<%8$@$J$"!#$&$i$a$d$^$7$$!#(B

$B!!4XO"5-;v(B: $B%j%s%/@h$N(BURL$B$r56Au$G$-$k%;%-%e%j%F%#!&%[!<%k$,(BIE$B$K!$(BOE$B%f!<%6!<$OFC$KCm0U(B ($BF|7P(B IT Pro)$B!#(B

$B%;%-%e%j%F%#$N4QE@$+$i$O!$!V$$$D$b$O%F%-%9%H7A<0$GI=<($5$;$FBj$,$J$$(BHTML$B%a!<%k$rFI$`>l9g$@$1!$(BHTML$B7A<0$GI=<($5$;$k!W$H$$$C$$J}$,K>$^$7$$!#(BOE$B$G$O!$!V%D!<%k!W$N!V%*%W%7%g%s!W%a%K%e!<$GI=$l$k!VFI$_

$B$H$O8@$&$b$N$N!"$3$l!"(Ball or nothing $B$J@_Dj$J$N$,$D$i$$$G$9$M!#(B $B%G%U%)%k%H$O%F%-%9%HI=<($K$7$F$*$$$F!"1&%/%j%C%/$G(B HTML $BI=<($K$G$-$k!"$H$$$C$?(B UI $B$,$"$k$H$&$l$7$$$N$+$J$"!#(B $B8D?ME*$K$O!"(BHTML $B%a!<%k$J$I$H$$$&4m81$J$b$N$rAw$m$&$H9M$($k$N$J$i!"$;$a$FEE;R=pL>$/$i$$$D$1$k$Y$-$@$H;W$&$7!#EE;R=pL>$+$iH=CG$G$-$k:9=P?M$,(B xxx $B$N>l9g$N$_(B HTML $BI=<($r5v2D$9$k!"$J$s$F@_Dj$,$G$-$F$[$7$$5$$,!#(B

$B"#(B 2004.04.05

$B"#(B [memo:7530] $BDa55%a!<%k$K%P%C%U%!%*!<%P!<%i%s$N%;%-%e%j%F%#%[!<%k(B
(memo ML, Fri, 02 Apr 2004 23:14:02 +0900)

$B!!Da55%a!<%k$N!V$@$$$VA0$+$i!W$N%P!<%8%g%s$K7g4Y!#(B e-mail $B%"%I%l%9$NL>A0ItJ,$KD9Bg$JJ8;zNs$r@_Dj$7$F$*$/$H!"$=$N(B e-mail $B%"%I%l%9$r1&%/%j%C%/$7$?;~E@$G(B buffer overflow $B$,H/@8$7!"G$0U$N%3!<%I$N

2004.04.08 $BDI5-(B:

$B!!(B3.52 $BHG$K$bJL$N7g4Y$,$"$C$?$=$&$G!"(B3.53 $BHG$,EP>l$7$F$$$k(B [memo:7536]$B!#(B

2004.04.20 $BDI5-(B:

$B!!(BTsuru-Kame Mail 3.50 for Windows Buffer Overflow Vulnerability (LAC)$B!#(B

$B"#(B LD-WBBR/B $B$N%;%-%e%j%F%#LdBj$K$D$$$F(B
($BN65A$5$s(B, 2004.04.02)

$B!!(BElecom $B$N(B LD-BBR/B$B!"(B LD-WBBR/B$B!"(B LD-WBBRA/P$B!"(BLD-WBBRB/P$B!"(BLD-WBBRB/AP $B$KJ#?t$N7g4Y$,$"$k$H$$$&;XE&!#0J2<$N7g4Y$,$"$k$H$$$&!#(B

  1. $B%P%C%/%I%"%"%+%&%s%H(B tsubota $B$,B8:_$7!"$H$"$k%Q%9%o!<%I$r;H$&$H(B WAN $BB&$+$i(B telnet $B$G(B login $B$G$-$F$7$^$&!#(B

  2. $B1#$7(B cgi$B!V(Biptables.cgi$B!W$rMxMQ$7$F!"(Broot $B8"8B$GG$0U$N%3%^%s%I$r

  3. WAN $BB&$+$i%U%!!<%`%&%'%"$r%"%C%W%G!<%H$G$-$F$7$^$&!#(B

$B!!$$$:$l$bCWL?E*$J7g4Y$N$h$&$K8+$($k$N$@$,!"$5$i$K:$$C$?$3$H$K!"(BElecom $B$O$3$l$i$N7g4Y$r!V(Bfix $B$O9T$o$J$$$7!"$=$NM=Dj$b$J$$!W$H$7$F$$$k$H$$$&!#(B $B$5$i$K!"$5$i$K:$$C$?$3$H$K$O!"$3$N@=IJ!"(BGPL $B0cH?LdBj(B ($BN65A$5$s(B) $B$bJz$($F$$$k$=$&$G!#(B

$B!!N65A$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(BBB$B%k!<%?2rK6(B ($BN65A$5$s(B) $B$K$O6=L#?<$$>pJs$,$$$C$Q$$$"$j$^$9$M!#(B

$B!!4XO"(B: ELECOM$B$N%k!<%?$G(BGPL$B0cH?$H%;%-%e%j%F%#LdBj$,H/3P(B (slashdot.jp)$B!#(B $B8 ($B;32<9/@.$N%Z!<%8(B) $B$H$$$&OC$b$"$C$?$N$G$9$+!#(B

2004.04.27 $BDI5-(B:

$B!!(Bfix $B$,=P$?$h$&$G$9(B: $BJ@ (ELECOM)$B!#(B LD-BBR/B$BMQ!!%U%!!<%`%&%'%"(B (ELECOM) $B$K$h$k$H(B:

Ver2.13
  • Telnet$B%]!<%H$rL58z$K$7$^$7$?!#(B
  • $BEv
  • WAN$BB&$+$i$N%U%!!<%`%"%C%W$r6X;_$7$^$7$?!#(B
  • $B%U%!!<%`%"%C%W$N:]$K%Q%9%o!<%I$,I,MW$K$J$j$^$7$?!#(B
  • $B%U%!!<%`%&%'%"%U%!%$%k$K%9%/%i%s%V%k$r$+$1$^$7$?!#(B

$B!!$^$"D>$C$?$N$O$J$K$h$j$J$N$G$7$g$&$,!"!VEv

$B"#(B 2004.04.02

$B"#(B URL$B56AuLdBj:F$S!=!=(BIE$B$H(BOutlook$B$K(B
(ITmedia, 2004.04.02)

$B!!56Au!D!D$H$$$&$+!"(BForm $B$OL5;k$7$F!"I=<($I$*$j$K(B trusted_site $B$X$N%j%s%/$r$?$I$C$F$/$l$l$P$$$$$@$1$J$s$G$9$1$I$M!#(B

$B!!(BMozilla 1.5 $B$O$@$$$8$g$&$V$C$]$$$G$9!#(B $B%F%9%H%Z!<%8(B$B!#(B $B%^%:$$>l9g$O(B www.st.ryukoku.ac.jp $B$K$D$J$,$C$F$7$^$$$^$9!#(B $B$@$$$8$g$&$V$J>l9g$O(B www.microsoft.com $B$K$D$J$,$j$^$9!#(B

2004.04.06 $BDI5-(B:

$B!!(BIkegami $B$5$s$+$i$N>pJs$K$h$k$H!"(BMozilla1.7b (20040329) $B$O$@$$$8$g$&$V!"(BOpera7.23J $B$O$@$a$@$=$&$G$9(B ($B$"$j$,$H$&$4$6$$$^$9(B)$B!#(B

$B!!BP93:v$H$7$F!"%f!<%6%9%?%$%k%7!<%H$r;H$C$F7Y9pE*I=<($r9T$&J}K!$,Ds0F$5$l$F$$$k$h$&$G$9(B:

$B!!%f!<%6!<%9%?%$%k%7!<%H$N@_DjJ}K!$O!"$?$H$($P(B $B%f!<%6!<%9%?%$%k%7!<%H$N%9%9%a(B (Personnel) $B$r;2>H!#%;%s%9$N$$$$%Z!<%8$@$J$"!#$&$i$a$d$^$7$$!#(B

$B!!4XO"5-;v(B: $B%j%s%/@h$N(BURL$B$r56Au$G$-$k%;%-%e%j%F%#!&%[!<%k$,(BIE$B$K!$(BOE$B%f!<%6!<$OFC$KCm0U(B ($BF|7P(B IT Pro)$B!#(B

$B%;%-%e%j%F%#$N4QE@$+$i$O!$!V$$$D$b$O%F%-%9%H7A<0$GI=<($5$;$FBj$,$J$$(BHTML$B%a!<%k$rFI$`>l9g$@$1!$(BHTML$B7A<0$GI=<($5$;$k!W$H$$$C$$J}$,K>$^$7$$!#(BOE$B$G$O!$!V%D!<%k!W$N!V%*%W%7%g%s!W%a%K%e!<$GI=$l$k!VFI$_

$B$H$O8@$&$b$N$N!"$3$l!"(Ball or nothing $B$J@_Dj$J$N$,$D$i$$$G$9$M!#(B $B%G%U%)%k%H$O%F%-%9%HI=<($K$7$F$*$$$F!"1&%/%j%C%/$G(B HTML $BI=<($K$G$-$k!"$H$$$C$?(B UI $B$,$"$k$H$&$l$7$$$N$+$J$"!#(B $B8D?ME*$K$O!"(BHTML $B%a!<%k$J$I$H$$$&4m81$J$b$N$rAw$m$&$H9M$($k$N$J$i!"$;$a$FEE;R=pL>$/$i$$$D$1$k$Y$-$@$H;W$&$7!#EE;R=pL>$+$iH=CG$G$-$k:9=P?M$,(B xxx $B$N>l9g$N$_(B HTML $BI=<($r5v2D$9$k!"$J$s$F@_Dj$,$G$-$F$[$7$$5$$,!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2004.04.01

$B"#(B Winny$B%f!<%6!<$N8D?M>pJs$r(BACCS$B$KAw?.$9$k%&%$%k%9$,=P8=(B $B!A(B4$B7n(B4$BF|$d(B5$B7n(B5$BF|$K$J$k$H!"!V(Bwww.accsjp.or.jp$B!W$K%"%/%;%9(B
(Internet Watch, 2004.04.01)

$B!!8D?M>pJs$r(B ACCS $B$KAw$C$F$7$^$&%-%s!|%^0!l!#!V$=$&$$$&$b$N$,=P$F$-$?$i!D!D!WE*OCBj$,$"$A$3$A$K$"$C$?$h$&$K;W$$$^$9$,!"K\Ev$K=P$F$-$?$s$G$9$M!#(B

$B"#(B $BJ?@.#1#5G/EY$K$*$1$kKIHH@-G=$N9b$$7zJ*ItIJ$N3+H/!&Ia5Z$K4X$9$k(B $B41L19gF12q5D$K$h$kKIHH@-G=;n83$N
($B7Y;!D#(B, 2004.04.01)

$B!!L\O?ItJ,$N%j%s%/$O$J$<$+@Z$l$F$$$k$h$&$J$N$G!"(BPDF $BHG$r8+$?J}$,$h$$$G$7$g$&!#(B $B4XO"$+$J(B: $B%,%i%9$NKIHH@-G=$K4X$9$kHD>K;R6(2q4p=`(B ($BHD>K;R6(2q(B)$B!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B