$B%;%-%e%j%F%#%[!<%k(B memo - 2004.09

$B!!85%M%?(B: wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities$B!#(B

• Cross-Domain Cookie Injection

  $B!!(B.co.jp $B$N$h$&$K(B 2LD $B$,<+J,$N$b$N$G$O$J$$>l9g$K!"(B cookie $B$K(B domain=.co.jp. $B$H$+=q$1$F$7$^$&$H$^$:$$$o$1$@$,!"(B

  • mozilla $B$O=q$1$F$7$^$&!#(B CVE: CAN-2004-0867
  • IE $B$d(B Konqueror $B$G$O!"(B.co.jp $B$O$@$$$8$g$&$V$@$1$I(B .ltd.uk $B$N$h$&$K(B 2LD $B$,(B 3 $BJ8;z0J>e$N>l9g$K$O=q$1$F$7$^$&!#(B CVE: CAN-2004-0866 CAN-2004-0746

  $B!!(BOpera $B$O$@$$$8$g$&$V$@$C$?$=$&$@!#(B

• Cross Security Boundary Cookie Injection

  $B!!(Bhttps:// $B$J%A%c%s%M%k$G$N$_$d$j$H$j$5$l$?(B cookie $B$,!"(B http:// $B$J%A%c%s%M%k$+$i$b$d$j$H$j$G$-$F$7$^$&!#(B secure $BB0@-$,@_Dj$5$l$F$$$J$$>l9g$O$=$l$O;EMM$J5$$,$9$k$,!"!V$=$N;EMM$G$$$$$s$G$9$+(B?$B!W$H$$$&LdBjDs5/$+!#(B CVE: CAN-2004-0869 CAN-2004-0870 CAN-2004-0871 CAN-2004-0872

$B!!(BKonqueror $B$N(B CAN-2004-0746 $B$K$D$$$F$O!"(BKDE Security Advisory: Konqueror Cross-Domain Cookie Injection $B$G=$@5$5$l$F$$$k!#(B

$B!!(BApache 2 $B!e(B 2.0.50 $B$N(B mod_ssl $B$K(B DoS $B967b$r $B$G=R$Y$?$b$N(B (CAN-2004-0748, CAN-2004-0751) $B$NB>$K!"(B

• CAN-2004-0786: apr-util $B%i%$%V%i%j$K$*$1$k(B IPv6 URI $B$N=hM}$K7g4Y$,$"$j!"(B $B$=$N$h$&$J(B URI $B$r;XDj$9$k$3$H$K$h$C$F(B remote user $B$,(B DoS $B967b$rCAN-2004-0747: .htaccess $B%U%!%$%k$K$*$1$k(B ${ENVVAR} $B$NE83+$K4X$7$F(B buffer overflow $B$9$k7g4Y$,$"$j!"(Blocal user $B$,(B .htaccess $B%U%!%$%k$rMxMQ$7$F(B apache $BF0:n8"8B$rCAN-2004-0809: mod_dav_fs $B$K7g4Y$,$"$j!"(Bremote user $B$,(B lock $B$rMxMQ$7$F(B DoS $B967b$rBug 31183: LOCK refresh request crashes server (apache.org)

$B!!(BApache 2.0.50 $B0JA0$N(B 2.0.x $B$,3:Ev$9$k!#$^$?(B CAN-2004-0809 $B$O(B mod_dav 1.03 $B0JA0$K$b1F6A$9$k!#(B

$B!!(BApache 2.0.51 $B$G=$@5$5$l$F$$$k!#$^$?(B Apache 2.0.50 $BMQ$N(B patch $B$,8x3+$5$l$F$$$k!#(B

$B!!4XO"(B:

• UNIRAS ALERT - 34/04 - Vulnerability Issues with the Apache Web Server (UNIRAS)
• SA04-002 - Apache config file env variable buffer overflow (SITIC)

• Red Hat Linux ES 3: RHSA-2004:463-09 - Updated httpd packages fix security issues
• Fedora Core:
  [SECURITY] Fedora Core 2 Update: apr-util-0.9.4-14.2
  [SECURITY] Fedora Core 1 Update: apr-util-0.9.4-2.1
  [SECURITY] Fedora Core 2 Update: httpd-2.0.51-2.7
• Gentoo Linux: GLSA 200409-21
• FreeBSD: ports/www/apache2/, ports/www/mod_dav/$B!#(B apache 2.0.50_3, mod_dav 1.0.3_2 $B$G=$@5$5$l$F$$$k!#(B
  • apache --- apr_uri_parse IPv6 address handling vulnerability.
  • mod_dav --- lock related denial-of-service.
  • apache --- ap_resolve_env buffer overflow.

$B!!(Bsudo 1.6.8 $B$K7g4Y!#(B sudo $B$N(B -e $B%*%W%7%g%s(B (sudoedit) $B$K7g4Y$,$"$j!"$3$l$rMxMQ$9$k$H!"0lHL%f!<%6$K$O1\Mw$G$-$J$$%U%!%$%k(B ($BNc(B: /etc/shadow) $B$r1\Mw$G$-$F$7$^$&!#(B exploit$B!#(B

$B!!(Bsudo 1.6.8p1 $B$G=$@5$5$l$F$$$k!#$^$?(B sudo 1.6.7 $B0JA0$K$O$3$N7g4Y$OB8:_$7$J$$!#(B

• FreeBSD: ports/security/sudo/$B!#(B1.6.8p1 $B%Y!<%9$K$J$C$?!#(B
  sudo --- sudoedit information disclosure

$B!!(BQuickTime $B%`!<%S!<$G!"SECURITY.ORG $B$K

2004.09.27 $BDI5-(B:

$B!!;3Fb$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$BK\2H$G$OCY$^$-$J$,$i8r49$r;O$a$F$$$k$h$&$G$9(B
http://www.kryptonitelock.com/inetisscripts/abtinetis.exe/templateform@public?tn=urgent_update

$B0lJ}$GF|K\$NBeM}E9$G$O(B Web $B%5%$%H$r http://www.fet-japan.co.jp/kryptonite/products.html
$B$@$?$7B>
$BEl5^%O%s%:$J$I$G$bHNGd$7$F$$$?$H;W$$$^$9$=$A$i$NBP1~$OJ,$+$j$^$;$s(B

http://www5.big.or.jp/~hellcat/news/0409/17a.html $B$K$b:#2s$NA{F0$,>\$7$/=q$+$l$F$$$^$9(B

2004.09.29 $BDI5-(B:

$B!!(BKryptonite$B%A%e!<%V%7%j%s%@!<%m%C%/$r$4;HMQ$N3'MM$X(B (fet-japan.co.jp, 9/24)$B!#CfB<$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$BK\9q(BUSA$B$NJ}$G$b!"K\7o$K4X$7$F$O(B9$B7n(B13$BF|$K$=$N>pJs$r3NG'$7$F$*$j!"$9$G$KL5=~$G$N%"%C%W%0%l!<%I%5!<%S%9$r$*$3$J$&$3$H$rK\9q$K$FH/I=$7$F$*$j$^$9$,!"(BFET$B$r4^$`(BUSA$B0J30$N3F9qBeM}E9$K$D$-$^$7$F$O!"8=:_K\9q$+$i$NBP1~J}K!$K$D$$$F;X<($rBT$C$F$$$k>u67$K$"$j$^$9!#(B
$BK\9q$h$j$N:G=*E*$J;X<($,E~Ce

$B%O!<%I%G%#%9%/%l%3!<%@!<$+$i$N%3%a%s%H%9%Q%`967b(B

$B!!(Bhideck $B$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B2f$,2H$N(B RD-X4EX $B$G8!>Z$7$F$_$^$7$?!#(B $B$3$8$^@h@8$NM=A[DL$j!"%M%C%H(Bde$B%J%S(B $B$,(B OpenProxy $B$K$K$J$C$F$$$k$3$H$,3NG'$G$-$^$7$?!#(B

$B!!$H$-$s$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B<+Bp$K$"$k(BRD-XS53$B$G$bF1MM$K(BOpen Proxy$BF0:n$r9T$&$3$H$r3NG'$7$^$7$?$N$G$4Js9p$$$?$7$^$9!#(B

$B$$$/$D$+$3$N7o$K$D$-$^$7$F;d$N%Z!<%8$K=q$$$F$$$^$9$N$G$4$i$s$$$?$@$1$l$P9,$$$HB8$8$^$9!#(B
http://tokin.haun.org/blog/archives/2004/09/post_26.html
http://tokin.haun.org/blog/archives/2004/09/re_hdddvd.html

RD-XS53$B$N8!>Z(B
http://tokin.haun.org/blog/archives/2004/09/rdxs53_1.html
RD-XS$B$N8!>Z(B $BB3$-(B
http://tokin.haun.org/blog/archives/2004/09/rdxs.html

JPEG $B=hM}(B (GDI+) $B$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,

$B!!(B835322: $B%0%m!<%P%k$KDs6!$5$l$k(B side-by-side $B%"%;%s%V%j$rE,MQ$7$J$$%"%W%j%1!<%7%g%s$O!"%^%$%/%m%=%U%H$N%=%U%H%&%'%"99?7%W%m%0%i%`$G=$@5$5$l$kLdBj$KBP$7$F@H (Microsoft)$B!#(B $B>e5-(B Sophos $B$N8@$$J,$O!"$3$NOC$+$b$7$l$^$;$s!#(B

$B!!$?$H$($P(B MS04-028 $B7g4Y$N>u67$rD4$Y$h$&$H;W$C$F(B Windows XP SP2 $B$G(B gdiplus.dll $B$r8!:w$7$F$_$k$H!"$B$3$&$J$C$?$j(B$B$7$^$9!#(B

$B!!(BWindows XP $B$GJ,N%%"%W%j%1!<%7%g%s$H(B Side-by-Side $B%"%;%s%V%j$r%S%k%I$7!"%5!<%S%9$rDs6!$9$kJ}K!(B (Microsoft) $B$J$I$K$h$k$H!"(B%windir%\WinSxS $B$H$$$&$N$,(B $B!V(BSide-by-Side $B%"%;%s%V%j%-%c%C%7%e!W$H8F$P$l$k%U%)%k%@$J$N$@$=$&$G$9!#(B $B$A$J$_$K(B MS04-028 $B$N>l9g!"(B5.1.3102.1355 $B0JA0$N%P!<%8%g%s$N(B gdiplus.dll $B$G1F6A$,H/@8$9$k$=$&$G$9!#(B

$B!!(BSide-by-Side $B$O!"!V(BDLL $BCO9v!W$rHr$1$k$?$a$KJ#?t$N%P!<%8%g%s$N(B DLL $B$r%"%W%jKh$KJL!9$KMxMQ$9$k$?$a$N5!9=$N$h$&$G$9!#$7$+$7$3$l$rMxMQ$7$F$7$^$&$H!"%;%-%e%j%F%#%[!<%k$,;D$C$F$$$k(B DLL $B$r;H$$B3$1$k$3$H$K$D$J$,$C$F$7$^$&>l9g$,$"$k$N$G$J$k$Y$/;H$o$J$$$h$&$K$7$F$M!"$H$$$&$3$H$N$h$&$G$9!#(B

$B!!ElRD-XS40 $B$r30It$KL5G'>Z8x3+$9$k$H!"(Banonymous proxy $B$H2=$7$F$7$^$&LOMM!#(B $B!V(B$B%M%C%H(Bde$B%J%S(B$B!W5!G=$rEc:\$7$F$$$k%O!<%I%G%#%9%/%l%3!<%@!<$O3'F1MM$J$N$+$b$7$J$$!#(B ($B8!>Z5a$`(B)

2004.09.21 $BDI5-(B:

$B!!(Bhideck $B$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B2f$,2H$N(B RD-X4EX $B$G8!>Z$7$F$_$^$7$?!#(B $B$3$8$^@h@8$NM=A[DL$j!"%M%C%H(Bde$B%J%S(B $B$,(B OpenProxy $B$K$K$J$C$F$$$k$3$H$,3NG'$G$-$^$7$?!#(B

$B!!$H$-$s$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B<+Bp$K$"$k(BRD-XS53$B$G$bF1MM$K(BOpen Proxy$BF0:n$r9T$&$3$H$r3NG'$7$^$7$?$N$G$4Js9p$$$?$7$^$9!#(B

$B$$$/$D$+$3$N7o$K$D$-$^$7$F;d$N%Z!<%8$K=q$$$F$$$^$9$N$G$4$i$s$$$?$@$1$l$P9,$$$HB8$8$^$9!#(B
http://tokin.haun.org/blog/archives/2004/09/post_26.html
http://tokin.haun.org/blog/archives/2004/09/re_hdddvd.html

RD-XS53$B$N8!>Z(B
http://tokin.haun.org/blog/archives/2004/09/rdxs53_1.html
RD-XS$B$N8!>Z(B $BB3$-(B
http://tokin.haun.org/blog/archives/2004/09/rdxs.html

2004.09.24 $BDI5-(B:

$B!!(B$BK\ED2m0l!'(B $B%M%C%H2HEE$K@x$`%;%-%e%j%F%#%[!<%k(B (ITmedia, 2004.09.24)$B!#(B $BEl

$B!!El)$7$F$*$j$^$;$s!#$7$+$7$J$,$i!":#8e$O!J8x3+$N?d>)$O$7$^$;$s$,!"$"$($F30It8x3+$7$F;H$&>l9g$O!Ke$G%;%-%e%j%F%#$r%*%s$K$7$F$4;HMQ$$$?$@$/$h$&!"Cm0U$rB%$7$F$$$/$3$H$r8!F$Cf$G$9!W$H$N2sEz$rF@$?!J(B*2$B!K!#(BRD$B%7%j!<%:$N%;%-%e%j%F%#@_Dj$O!"%*%s$K$9$k$3$H$G%Q%9%o!<%I$,@_Dj$5$l!"(BWeb$B%V%i%&%6$+$i%"%/%;%9;~$K%f!<%6!Z$,I,MW$K$J$k!#(B

2004.09.27 $BDI5-(B:

$B!!(Boyak $B$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B;d$,$b$D(BRD-X4$B$G8!>Z$7$?$H$3$m!"%;%-%e%j%F%#@_Dj$r(Bon$B$K$7!"%Q%9%o!<%I$r@_Dj$7$F$b!"(B

http://(RD$B%7%j!<%:$N%"%I%l%9(B)/@@@@@www.yahoo.co.jp/

$B$H$$$C$?7A$G!"D>@\(BURL$B$r;XDj$9$l$P!"(BBasic$BG'>Z$,5/$3$i$:$K(B proxy$B@h$N%5%$%H$r;2>H$9$k$3$H$,$G$-$^$7$?!#(B POST$BEy$O;n$7$F$$$^$;$s$,!";29M$^$G!#(B

$B!!$I$R$c$"!D!D!#(B

2004.09.30 $BDI5-(B:

$B!!F#B<$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B;d$b(BRD-XS40$B$r30$+$i3NG'$G$-$k$h$&$K$7$F$$$?$?$a!"$5$C$=$/;n$7$F$_$?$N$G$9$,!"(Boyak $B$5$s$N$*$C$7$c$kMM$K!"%;%-%e%j%F%#(BON,BASIC$BG'>Z!"%k!<%?$G@\B3%]!<%H$NJQ99$r9T$C$F$$$F$b!"@\B3$G$-$F$7$^$$$^$7$?!#(BPOST$B$b2DG=$G$9!#(B
$B$^$?!"%j%P!<%9%W%m%-%7$H$7$F$N5!G=$b;}$C$F$7$^$&$?$a!"$*$=$i$/2HDm$G0lHLE*$K;H$o$l$F$$$k$G$"$m$&%k!<%?$N@_Dj%Z!<%8(B192.168.1.1$BEy$K$b@\B3$G$-$F$7$^$$$^$9!#(B

2004.10.05 $BDI5-(B:

$B!!@u8+$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$BEl $B!c=EMW$J$*CN$i$;!'%;%-%e%j%F%#@_Dj$N$*4j$$!d(B
http://www.rd-style.com/support/info/security/security.htm
$B$H$$$&>pJs$,7G:\$5$l$F$$$^$7$?$N$G$*CN$i$;$7$^$9!#(B

$B%l%3!<%@K\BN$N%P!<%8%g%s$,8E$$$H!"K\BN%;%-%e%j%F%#$N@_Dj$,(BON$B$G$bF?L>(Bproxy$B$H$7$FF0:n$9$k$N$G%P!<%8%g%s%"%C%W$;$h!"$H$$$&$3$H$_$?$$$G$9!#(B

$B$A$J$_$K!";d$,=jM-$7$F$$$k$N$O(B"RD-X4"$B$K5!G=3HD%%-%C%H$rE,1~$7$?(B"RD-X4EX" $B$G$9$N(B $B$G!"$9$G$KK\BN%;%-%e%j%F%#@_Dj$r(BON$B$K$7$F$*$1$P!"(BProxy$BF0:n$r$9$k$H$-$G$b(BBASIC$BG'>Z%@%$%"%m%0$,$G$^$7$?!#(B

$B!!(B$B=EMW$J$*CN$i$;!'%;%-%e%j%F%#!<@_Dj$N$*4j$$(B (rd-style.com) $B$K$h$k$H!"BP>]$H$J$k$N$O(B RD-XS40, RD-X3, RD-XS31, RD-XS41, RD-XS41KJ-CH869, RD-X4, RD-X4EX, RD-XS43, RD-XS53, RD-XS34 (10/5 $B8=:_(B) $B$@$=$&$G$9!#(B

2004.10.07 $BDI5-(B:

$B!!(Boyak $B$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

http://www.rd-style.com/support/info/security/security.htm $B$r$h$s$G$_$k$H!&!&!&(B

$B!!$5$F!"J@]@=IJ$O2<5-$r$4;2>H$/$@$5$$!#!K$K$*$-$^$7$F!X%M%C%H(Bde$B%J%S!Y5!G=$r$*;H$$$N>l9g$K!"0-0U$NBh;0 $B!!D4::$N7k2L!"30It%M%C%H%o!<%/$H$N@\B3$r9T$C$F$$$k!J2<5-(B 1. (2) $B$r$4;2>H$/$@$5$$!#!K$*5RMM$,!">o;~!JD9;~4V!K@\B3$5$l$F!"(B$B%M%C%H%o!<%/@_Dj$N%;%-%e%j%F%#5!G=$rMxMQ$5$l$F$$$J$$>l9g$KH/@8$9$k(B$B$3$H$,$o$+$j$^$7$?!#(B

$B$H$$$&$3$H$G!"$$$+$K$b%;%-%e%j%F%#5!G=$r(Bon$B$K$7$F$$$l$P!"Bg>fIWE*$J5-=R$KFI$a$F$7$^$$!"5l%P!<%8%g%s$@$H%;%-%e%j%F%#5!G=$r(Bon$B$K$7$F$$$F$bLdBj$@$H$$$&$3$H$rEl
$BBP1~ItJ,$K4X$7$F$O!"%P!<%8%g%s%"%C%W!u%;%-%e%j%F%#@_Dj(Bon$B$K$7$m$H$$$&$3$H$G!"LdBj$J$$$N$G$9$,!"$3$N=q$-J}$@$H!"%P!<%8%g%s%"%C%W$r$7$J$$?M$b$$$k$+$b$7$l$J$$$G$9$M!#(B

$B!!F#B<$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$BElZ@_Dj$N$3$H$@$1$,Bg$-$/:N$j>e$2$i$l$F$$$k$h$&$KFI$_ $BLdBj$OG'>Z%P%$%Q%9$G$-$F$7$^$&$3$H$G$9$N$G!"$3$NE@!J%U%!!<%`%&%'%"%"%C%W%0%l!<%I$,:GM%@h!K$rCm0U$5$l$k$H$h$$$+$H;W$$$^$9!#(B

$B!!$=$&8@$o$l$F!"(B $BEl (Internet Watch, 10/6) $B$r8+$k$H!"(B

$B!!El$H%Q%9%o!<%I$NF~NO$,I,MW$K$J$j!"IT@5%"%/%;%9$rKI$2$k$h$&$K$J$k!#(B

$B$H$"$j!"!V%=%U%H$r:G?7HG$K%P!<%8%g%s%"%C%W!W$7$J$$$H!"%;%-%e%j%F%#@_Dj$r!V$"$j!W$K$7$F$bL50UL#$JLOMM$G$"$k$3$H$O6/D4$5$l$F$O$$$^$;$s$M!#(B

2004.10.15 $BDI5-(B:

$B!!(BJVN#E7DDE712: $BElZ$J$7$G%"%/%;%92DG=(B (JVN)$B!#(B

JPEG $B=hM}(B (GDI+) $B$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,

$B!!967b(B JPEG $B%U%!%$%k;vNc$,EP>l$7!"%"%s%A%&%$%k%93F

• Exploit-MS04-028 ($B%^%+%U%#!<(B)
• Bloodhound.Exploit.13 ($B%7%^%s%F%C%/(B)
• MS04-028_JPEG_GDI (Trendimicro)

$B!!(BMicrosoft warns of critical JPEG image vulnerability, reports Sophos (Sophos)

Windows XP SP2 users may still be vulnerable to JPEG flaw

Sophos warns users of Microsoft Windows XP Service Pack 2 that they may still be at risk from the flaw, even though Microsoft has declared the operating system itself does not require an update, as the vulnerability affects programs as well as the operating system.

"Although the Windows XP SP2 operating system is not reported as having the vulnerability, if you are running programs on XP SP2 which contain the flaw - such as Microsoft Office - you could be putting your computer data in danger. It's important that everyone at risk ensures their PC is running the latest security updates," said Cluley.

$B!!(B[Vmyths.com ALERT] Hysteria predicted for 'JPEG Processor' vulnerability (NTBUGTRAQ)$B!#$"$i$f$k(B JPEG $B%U%!%$%k$r%&%$%k%907$$$9$k?M$,=P$F$-$F$$$k$N$+$7$i(B? $BLdBj$K$J$k$N$O!"967bMQ$KFCJL$K:n@.$7$?(B JPEG $B%U%!%$%k$@$1$J$N$G$9$,!#(B

$B!!(BRe: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) (NTBUGTRAQ)$B!#(B 3rd party $B%"%W%j$KF~$C$F$$$k(B gdiplus.dll $B$,LdBj$G$9$M$(!#(B $B%;%-%e%j%F%#$J$s$F5$$K$7$J$$(B 3rd party $B$O;3$[$I$"$j$^$9$7!#(B $B$H$j$"$($:(B gdiplus.dll $B$r8!:w$7$F$_$k$,5H$J$N$G$7$g$&!#(B

JPEG $B=hM}(B (GDI+) $B$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,

$B!!CGB3E*$K99?7$7$F$^$9!D!D!#(B

$B!!(BMicrosoft $B$NB?$/$N%=%U%H%&%'%"$K4^$^$l$F$$$k(B GDI+ $B$K7g4Y!#(B JPEG $B7A<02hA|$N=hM}$K$*$$$F(B buffer overflow $B$9$k7g4Y$,$"$k!#(B $B$3$N7g4Y$rMxMQ$9$k$H!"(BJPEG $B%U%!%$%k$rMQ$$$FG$0U$N%3!<%I$r

$B!!BP1~$9$k$K$O!"=$@5%W%m%0%i%`$rE,MQ$9$k$+!"$"$k$$$O7g4Y$N$J$$%P!<%8%g%s(B (SP) $B$K%"%C%W%0%l!<%I$9$l$P$h$$!#(B Windows Update $B$d(B Office $B%"%C%W%G!<%H(B$B$rMxMQ$9$k$HIiC4$,>/$J$/$F:Q$`$,!"(B $BA4$F$N=$@5$,$3$l$i$+$iF~JPEG $B=hM}(B (GDI+) $B$N%;%-%e%j%F%#99?7%W%m%0%i%`$G%3%s%T%e!<%?$r99?7$9$kJ}K!(B (Microsoft) $B$K$B3XFb8~$1>pJs(B $B$K;d2HHG$N

$B!!BP1~$9$Y$-%U%!%$%k(B: FAQ $B$h$j(B:

SMS $B$O(B Gdiplus.dll $B%U%!%$%k$NB8:_$r8!:w$9$k$3$H$,$G$-$^$9!#$3$N%;%-%e%j%F%#>pJs$K5-:\$5$l$F$$$k1F6A$r Office XP $B$*$h$S(B Project 2002 $B$K$D$$$F!"(BMso.dll $B%U%!%$%k$,B8:_$9$k$+$I$&$+$b8!:w$9$kI,MW$,$"$j$^$9!#(B10.0.6714.0 $B$h$jA0$N(B Mso.dll $B$N$9$Y$F$N%P!<%8%g%s$r99?7$7$F2<$5$$!#(BVisio 2002 $B$K$D$$$F$O!"(BMso.dll $B%U%!%$%k$*$h$S(B Gdiplus.dll $B%U%!%$%k$NB8:_$r8!:w$9$kI,MW$,$"$j$^$9!#$3$NM}M3$O!"(BVisio 2002 $B$O!"N>J}$N%U%!%$%k$rDs6!$9$k$?$a$G$9!#(B(Windows XP $B$^$?$O(B Windows Server 2003 $B$O=|$-$^$9!#$3$l$i$N%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$G$O(B Mso.dll $B%U%!%$%k$N$_$rDs6!$7$^$9!#(B) Windows XP $B$^$?$O(B Windows Server 2003 $B%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$G

$B!!(BWindows Update $B$J$I$G!V(BGDI+ $B8!=P%D!<%k!W$H$$$&$b$N$,G[I[$5$l$F$$$k$,!"e5-%U%!%$%k$K$"$k%U%!%$%k$r$R$H$D$:$D%A%'%C%/$7$?J}$,Aa$$$H;W$&!#(B $B%9%l%C%I(B: MS04-028$B!N6[5^!O!'(BJPEG $B=hM}(B (GDI+) $B$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$, (hotfix.jp) $B$b;2>H!#(B 3rd party $B@=%=%U%H$K4^$^$l$k>l9g$b$"$k$h$&$G$9$M!D!D!#$$$d$O$d!#(B MSDE 2000 $B$HF1$8%Q%?!<%s$+!#(B

$B!!(BJPEG $B=hM}(B (GDI+) $B$N%;%-%e%j%F%#99?7%W%m%0%i%`$G%3%s%T%e!<%?$r99?7$9$kJ}K!(B (Microsoft) $B$K$O!V99?7%W%m%0%i%`HV9f!W$H$$$&5-=RMs$,$"$j$^$9$M!#(B

$B!!4XO"(B:

• $BH/8+[Full-Disclosure] Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow
• CVE: CAN-2004-0200
• 867558: [OFF] 2004 $BG/(B 9 $B7n(B 15 $BF|$K8x3+$5$l$?(B Office $B$N%;%-%e%j%F%#>pJs$K4X$7$F(B
• 833987: [MS04-028] JPEG $B=hM}(B (GDI+) $B$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,
• 830348: Visual Basic$B!"(BVisual C#$B!"(BVisual C++$B!"(BVisual J# .NET $B$*$h$S(B .NET Framework $B$G!"(BJPEG $B=hM}(B (GDI+) $B$N%P%C%U%!(B $B%*!<%P!<%i%s$K$h$j!"%3!<%I$,

2004.09.17 $BDI5-(B:

$B!!967b(B JPEG $B%U%!%$%k;vNc$,EP>l$7!"%"%s%A%&%$%k%93F

• Exploit-MS04-028 ($B%^%+%U%#!<(B)
• Bloodhound.Exploit.13 ($B%7%^%s%F%C%/(B)
• EXPLOIT-MS04-028 ($B%H%l%s%I%^%$%/%m(B)

$B!!(BMicrosoft warns of critical JPEG image vulnerability, reports Sophos (Sophos)

Windows XP SP2 users may still be vulnerable to JPEG flaw

Sophos warns users of Microsoft Windows XP Service Pack 2 that they may still be at risk from the flaw, even though Microsoft has declared the operating system itself does not require an update, as the vulnerability affects programs as well as the operating system.

"Although the Windows XP SP2 operating system is not reported as having the vulnerability, if you are running programs on XP SP2 which contain the flaw - such as Microsoft Office - you could be putting your computer data in danger. It's important that everyone at risk ensures their PC is running the latest security updates," said Cluley.

$B!!(B[Vmyths.com ALERT] Hysteria predicted for 'JPEG Processor' vulnerability (NTBUGTRAQ)$B!#$"$i$f$k(B JPEG $B%U%!%$%k$r%&%$%k%907$$$9$k?M$,=P$F$-$F$$$k$N$+$7$i(B? $BLdBj$K$J$k$N$O!"967bMQ$KFCJL$K:n@.$7$?(B JPEG $B%U%!%$%k$@$1$J$N$G$9$,!#(B

$B!!(BRe: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987) (NTBUGTRAQ)$B!#(B 3rd party $B%"%W%j$KF~$C$F$$$k(B gdiplus.dll $B$,LdBj$G$9$M$(!#(B $B%;%-%e%j%F%#$J$s$F5$$K$7$J$$(B 3rd party $B$O;3$[$I$"$j$^$9$7!#(B $B$H$j$"$($:(B gdiplus.dll $B$r8!:w$7$F$_$k$,5H$J$N$G$7$g$&!#(B

2004.09.20 $BDI5-(B:

$B!!(B835322: $B%0%m!<%P%k$KDs6!$5$l$k(B side-by-side $B%"%;%s%V%j$rE,MQ$7$J$$%"%W%j%1!<%7%g%s$O!"%^%$%/%m%=%U%H$N%=%U%H%&%'%"99?7%W%m%0%i%`$G=$@5$5$l$kLdBj$KBP$7$F@H (Microsoft)$B!#(B $B>e5-(B Sophos $B$N8@$$J,$O!"$3$NOC$+$b$7$l$^$;$s!#(B

2004.09.24 $BDI5-(B:

$B!!(Bcrash $B$9$k(B exploit

• JPEG Processing BOF Proof Of Concept
• [Full-Disclosure] GDIPLUS VULN - MS04-028 - CRASH TEST JPEG [attach]

$B$@$1$G$J$/!"%3%^%s%I$rl$7$F$$$^$9(B:

• Windows JPEG Processing Buffer Overrun PoC Exploit (MS04-028)
• Windows JPEG GDI+ Overflow Shellcoded Exploit (MS04-028)
• Windows JPEG GDI+ Overflow Administrator Exploit (MS04-028)

$B!!$3$l$r

• Microsoft $B$N(B JPEG $B=hM}(B (GDI+) $B$K$*$1$k0-MQ(B (ISSKK)

$B!!

• $B%^%+%U%#!<(B VirusScan Enterprise 7.1.0 + DAT4394
• $B%H%l%s%I%^%$%/%m(B $B%&%#%k%9%P%9%?!<(B 2004$B!"(B $B%(%s%8%s(B 7.100 + $B%Q%?!<%s(B 2.178.00
• $B%7%^%s%F%C%/(B Norton AntiVirus 2004 + $BDj5A%U%!%$%k(B 20040923.035

$B$O!">e5-(B exploit $B$G:n@.$5$l$?(B JPEG $B%U%!%$%k$rA4$F8!=P$7$^$7$?!#(B [memo:7805] $B$K$h$k$H!"(B

• Dr.Web ver. 4.32.1 + drwtoday.vdb(9/24 16:03)

$B$G$b8!=P$9$k$=$&$G$9!#0lJ}!"(B

• NOD32 1.876 (20040924)
• Sophos AntiVirus 3.85 + latest IDEs
• ClamAV 0.75.1 + main.cvd 27, daily.cvd 503
• kaspersky AntiVirus Personal 5.0.149 + data 2004/09/24 18:01:30

$B$O2?$b8!=P$7$^$;$s$G$7$?!#(B ($BDI5-(B: NOD32 1.876 (20040924) $B$OEv3:(B JPEG $B%U%!%$%k$r8!=P$G$-$^$9!#$?$@$7!"!V8!::BP>]%U%!%$%k$N3HD%;R%j%9%H!W$K(B JPEG $B%U%!%$%k$rDI2C$9$k$+!"$"$k$$$O!VA4$F$N%U%!%$%k$r8!::!W$K@_Dj$9$kI,MW$,$"$j$^$9!#!V(B2004.09.25 $BDI5-!W$r;2>H(B)

$B!!(BNews from the Lab (F-Secure) Thursday, September 23, 2004 $B$K$h$k$H!"(BJPEG Downloader 1.0 $B$H$$$&$b$N$bEP>l$7$F$$$k$h$&$G$9!#$7$+$7(B F-Secure AntiVirus $B$O!"(B JPG Vulnerability Exploit (F-Secure) $B$K$h$k$H(B

F-secure$B$O!">-Mh$N%G!<%?!&%Y!<%999?7$K!"$3$N@H

$B$@$=$&$G!"!V=`HwCf!W$H$$$&>u67$N$h$&$G$9!#(B

$B!!%H%l%s%I%^%$%/%m$+$i$OuBV$G$O(B JPEG $B%U%!%$%k$r8!::$7$J$$$N$G@_Dj$rJQ99$7$^$7$g$&!"$H$$$&FbMF$N$h$&$G$9!#$3$l$i$rMxMQ$7$F$$$k>l9g$O$4Cm0U$r!#(B

• InterScan Web Security Suite: UNIX$B!'(BWindows$B!'(BJPEG$B=hM}$N%P%C%U%!%*!<%P!<%i%s$K4X$9$k@H
• InterScan VirusWall UNIX: HTTP$B!'(BJPEG$B=hM}$N%P%C%U%!%*!<%P!<%i%s$K4X$9$k@H

$B!!(BMacromedia $B$+$i$O

• MPSB04-07 - Macromedia Products Not Affected by Microsoft JPEG/GDIPlus Vulnerability

$B!!(BSANS ISC $B$+$i(B GDI Scan $B$,8x3+$5$l$F$$$^$9!#$o$+$j$d$9$/$F$$$$$G$9!#(B

$B!!(BJVN $B$N(B TRTA04-260A: Microsoft Windows JPEG $B%3%s%]!<%M%s%H$K%P%C%U%!%*!<%P!<%U%m!<(B $B$O$J$+$J$+6=L#?<$$$G$9!#(B

$B!!(BMS04-028 $B$J(B JPEG $B2hA|(B (B-) $B$NFH$j8@(B, 2004.09.24)$B!#6=L#?<$$$G$9$M!#(B

2004.09.25 $BDI5-(B:

$B!!(BItagaki $B$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$BI=Bj$N7o$N(BPOC$B$G:n@.$5$l$?%U%!%$%k$r(BNOD32 1877(040925)$B$G;n$7$F$_$^$7$?$,8!=P$9$k$h$&$G$9!#(B

$B$?$@$7!"(BNOD32$B$N4{Dj$G$O(BJPG$B%U%!%$%k$O8!=PBP>]30$J$N$G!"3HD%;R$rDI2C$9$k$+!"A4%U%!%$%k$r8!::BP>]$K$9$kI,MW$,$"$j$^$9!#(B

$B!!_o_$B!#(B $B%5%]!<%H>pJs$K=q$$$F$*$$$F$[$7$$$J$"(B > canon-sol.jp$B!#(B

2004.09.29 $BDI5-(B:

$B!!$5$i$J$k(B exploit $B$,EP>l$7!"$5$i$K$O!"(Bexploit jpeg $B%U%!%$%k$,(B netnews $B$KEj9F$5$l$?LOMM!#(B

• Windows JPEG GDI+ Heap Overflow Remote Exploit (MS04-028)
• Windows JPEG Downloader Toolkit Source Code (MS04-028)
• Windows JPEG GDI+ All in One Remote Exploit (MS04-028)
• GDI Virus in the wild.

$B!!(Bstm_d $B$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B)

[OFF2003] $BJ#?t$N(B GDI+ $B%;%-%e%j%F%#99?7%W%m%0%i%`$r%5%$%l%s%H(B $B%$%s%9%H!<%k$9$k$?$a$N%P%C%A(B $B%U%!%$%k$N:n@.J}K!$*$h$S;HMQJ}K!(B
http://support.microsoft.com/default.aspx?scid=kb;ja;885885
$B$N2<$NJ}$K$KL)$+$K=q$$$F$$$^$9$,(B Visio Viewer $B$b3:Ev$9$k$h$&$G$9!#(B $B$,(B Vewer $B$NBP:vJ}K!$O$^$@=q$$$F$$$J$$$h$&$G$9!#(B

$B!!3N$+$K!D!D!#8DJL$N99?7%W%m%0%i%`$rE,MQ$9$l$P$$$$$N$+$J$"!#(B

$B!!(BGDI Scan (SANS) $B$G$9$,!"(B

• version 2.1 $B$,=P$F$$$^$9!#F?L>4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B
• $B;H$$$+$?$,(B GDI Scan Tutorial and how to fix the GDI+ JPEG Vulnerability (bleepingcomputer.com) $B$G>\$7$/2r@b$5$l$F$$$^$9!#(B

$B!!(BGDIPLUS.DLL$B99?7%W%m%0%i%`(B UpdateGDI+ ($B%"%a%j%+@83h>pJs(B) $B$H$$$&%=%U%H$,8x3+$5$l$F$$$^$9!#(B

• $B@H ($BAk$NEN(B)

$B!!$J$*!"(BSophs AntiVirus $B$O(B Exp/MS04-028 $B$GBP1~$7$?$h$&$G$9!#(B

2004.10.01 $BDI5-(B:

• JPEG$B=hM}$N@H (ITmedia, 9/30)$B!#(B

• InterScan VirusWall NT: JPEG$B=hM}$N%P%C%U%!%*!<%P!<%i%s$K4X$9$k@H ($B%H%l%s%I%^%$%/%m(B)$B!#(B

• penetration technique research site $B$G!V(BMS04-028 $B$N(B Windows XP SP1 $BF|K\8l4D6-MQ8!>Z%U%!%$%k!W$,8x3+$5$l$F$$$^$9!#

2004.10.06 $BDI5-(B:

• GDI+$B$N@HZ%3!<%I!"$=$N$^$^$G$OF|K\8lHG$G$N0-MQ$O:$Fq!)(B (ITmedia, 10/5)$B!#5U$K8@$&$H!"(Bpenetration technique research site $B$K(B PoC JPEG $B%U%!%$%k$,$"$k$h$&$K!"!VF|K\8lHG@lMQ$N%3!<%I!W$,$"$l$PF0$/$o$1$G!#(B$Bgu%-!|%?%^(B$B$J$s$F$b$N$,N.9T$C$?$3$H$b9M$($"$o$;$k$H!"4E$/8+$J$$J}$,$$$$$@$m$&!#(B

• GDI+ $B$rMxMQ$7$F$$$k@=IJ$N%;%-%e%j%F%#BP:vJ}K!$K$D$$$F$h$/4s$;$i$l$k (Microsoft, 9/15)$B!#$3$s$J%Z!<%8$,$"$C$?$H$O!#(B MSDN Online Japan (Microsoft) $B$O(B watch $B$7$F$*$/I,MW$,$"$k$h$&$@!#$/$%!#%"%s%F%J$KF~$l$^$7$?!#(B

• $B%&%$%k%9%P%9%?!<(B2004: JPEG$B=hM}$N@H ($B%H%l%s%I%^%$%/%m(B)$B!#%G%U%)%k%H$G$O!"%*%s%"%/%;%9%9%-%c%J$,H?1~$7$J$$$h$&$G$9!#(B

2004.10.14 $BDI5-(B:

$B!!(BClamAV 0.80rc4 $B$,=P$F$$$^$9!#

$B!!(B2004.10.13 $BIU$G(B MS04-028 $B$,2~D{$5$l$F$$$^$9!#(B

• Windows XP SP2 $B>e$N(B Office XP$B!"(BVisio 2002$B!"(BProject 2002 $B$KBP$9$k!"(B $B2~DjHG$N%;%-%e%j%F%#99?7%W%m%0%i%`$,EP>l$7$F$$$^$9!#(B $B:G=i$N%;%-%e%j%F%#99?7%W%m%0%i%`$O!"$&$^$/E,MQ$5$l$J$$$3$H$,$"$C$?LOMM$G$9!#(B

  • 885876 - Important information that you must know about the MS04-028 security updates if you are using Windows XP Service Pack 2 (Microsoft)
  • 886992 - Software updates that prevent certain MS04-028 security updates from installing correctly (Microsoft)

  $B6qBNE*$K$O!"(B%Programfiles%\Common Files\Microsoft Shared\Office10\Mso.dll $B$,@5$7$/%"%C%W%G!<%H$5$l$J$+$C$?$h$&$G$9!#(B $B2~D{HG$G$O!"$3$NLdBj$,=$@5$5$l$F$$$^$9!#(B $B<+F099?7$d(B Windows Update$B!"(B Office Update $B$GE,MQ$G$-$k$=$&$G$9!#(B

  FAQ $B$N!V(B9 $B7n$KDs6!$5$l$?(B Office XP $B$N%;%-%e%j%F%#99?7%W%m%0%i%`$r%$%s%9%H!<%k$7$^$7$?$,(B mso.dll $B$N%U%!%$%k%P!<%8%g%s$,8E$$$^$^$G$7$?!#2?$+LdBj$,$"$j$^$9$+!)!W$b;2>H!#(B

• MS04-028 Enterprise Update Scanning Tool $B$,EP>l$7$F$$$^$9!#(B

  • 886988 - How to obtain and use the MS04-028 Enterprise Update Scanning Tool in environments that do not use Systems Management Server (Microsoft)

  $B4XO"(B: $BJF(BMS$B!$(BJPEG$B%U%!%$%k=hM}$N%;%-%e%j%F%#!&%[!<%k$r%A%'%C%/$9$k4k6H8~$1%D!<%k$r8x3+(B ($BF|7P(B IT Pro, 2004.10.13)

• Windows 2000 $BMQ$N(B Windows Journal Viewer $B99?7%W%m%0%i%`$,EP>l$7$F$$$^$9!#(BMS04-028 $B$+$i%@%&%s%m!<%I$G$-$^$9!#<+F099?7$d(B Windows Update $B$+$i$bE,MQ$G$-$^$9!#(B

  FAQ $B$N!V(BWindows Journal Viewer $BMQ$N99?7%W%m%0%i%`$,(B 2004 $BG/(B 10 $B7n(B 12 $BF|(B $B!JJF9qF|IU!K(B $B$K%j%j!<%9$5$l$?$N$O$J$<$G$9$+(B?$B!W$b;2>H!#(B

2004.10.20 $BDI5-(B:

$B!!(B885920 - MS04-028 Enterprise Update Scanning Tool $B$NF~ (Microsoft)$B!#(B

2005.01.19 $BDI5-(B:

$B!!(BSYM05-002: $B%7%^%s%F%C%/$,(B Microsoft $B$N(B Graphic Device Interface Component (gdiplus.dll) $B$N99?7$r40N;(B ($B%7%^%s%F%C%/(B, 2005.01.18)$B!#(B $B%7%^%s%F%C%/@=IJ$K4^$^$l$F$$$k(B gdiplus.dll $B$O!"$3$N7g4Y$N1F6A$r

$B!!6qBNE*$K$O!"BP>]$H$J$k$N$O(B LiveUpdate $B%/%i%$%"%s%H$G!"MQ0U$5$l$F$$$k99?7%W%m%0%i%`$O(B LiveUpdate $B$r%P!<%8%g%s(B 2.6 $B$K99?7$9$k$?$a$N$b$N!#(B

2005.01.31 $BDI5-(B:

$B!!(B$B%^%$%/%m%=%U%H!"!H(BGDI+$B!I@H ($BAk$NEN(B, 2005.01.28)$B!#(B

$B!!(BOffice 2000 / XP (2002) / 2003$B!"(BWorks Suite 2001 / 2002 / 2003 / 2004 $B$K7g4Y!#$3$l$i$KIUB0$9$k(B WordPerfect 5.x $B%3%s%P!<%?$K(B heap overflow $B$9$k7g4Y$,$"$k$?$a!"96N,%U%!%$%k$K$h$jG$0U$N%3!<%I$rCAN-2004-0573

$B!!=$@5%W%m%0%i%`$,G[I[$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!(BCisco's Statement abut IPR claimed in draft-gont-tcpm-icmp-attacks-00 (IETF) $B$H$$$&$N$b$"$k$=$&$G$9!#(B RFC2401 $B$O(B IPA $B$5$s$K(B $BF|K\8lLu(B $B$,$"$j$^$9!#(B

$B!!(BMozilla 1.7.3 / Firefox 1.0 Preview Release / Thunderbird 0.8 $B$,=P$F$$$^$9!#(B $B=$@5$5$l$?7g4Y$N>\:Y$K$D$$$F$O!"(B Firefox Preview Release / Mozilla 1.7.3 / Thunderbird 0.8 $B$G=$@5:Q$_(B (Mozilla $B$K$*$1$k4{CN$N@HH$7$F$/$@$5$$!#(B

$B!!4XO"(B: [SA12535] Netscape Multiple Vulnerabilities (secunia)$B!#(BNetscape 7.3 (?) $B$O$$$D=P$k$s$G$7$g$&$M!D!D!#(B

$B!!(B2004.09.13 $B$K!"(BBEA WebLogic $B4XO"$G(B Advisory $B$,(B 9 $B8D$[$I=P$F$$$k$h$&$G$9!#(B WebLogic $B$J?M$O;2>H$7$F$*$-$^$7$g$&!#(B $B$=$l$K$7$F$b!"(Btext/plain $B$GJV$9$N$O$d$a$h$&$h!D!D(B > BEA$B!#(B

• SecurityFocus Newsletter #259 2004-7-19->2004-7-23
• SecurityFocus Newsletter #260 2004-7-26->2004-7-30
• SecurityFocus Newsletter #261 2004-8-2->2004-8-6

$B!!(B9 $B$+7n$G$9$+$=$&$G$9$+!D!D!#(B

$B!!(BSamba 3.x $B$K(B DoS $B967b$r

• [Full-Disclosure] iDEFENSE Security Advisory 09.13.04a: Samba nmbd Invalid Length Denial of Service Vulnerability

  nmbd $B$K7g4Y!#F~NOCM$N8!>Z$K7g4Y$,$"$j!":Y9)$7$?(B UDP $B%Q%1%C%H$K$h$j(B crash $B$9$k!#(Bsamba 2.x $B$K$O$3$N7g4Y$O$J$$!#(B CVE: CAN-2004-0808

• [Full-Disclosure] iDEFENSE Security Advisory 09.13.04b: Samba 3.x SMBD Remote Denial of Service Vulnerability

  smbd $B$K7g4Y!#:Y9)$7$?%j%/%(%9%H$rAw$k$3$H$K$h$j!"5/F0$5$l$k(B smbd $B%W%m%;%9$,$3$H$4$H$/L58B%k!<%W$KF~$j!"$d$,$F%5!<%P$,(B DoS $B>uBV$K$J$k!#(B CVE: CAN-2004-0807

$B!!@5<0%"%J%&%s%9(B: Samba 3.0 DoS Vulnerabilities (samba.org)$B!#(B Samba 3.0.7 $B$G=$@5$5$l$F$$$k!#(B

• Fedora Core:
  [SECURITY] Fedora Core 2 Update: samba-3.0.7-2.FC2
  [SECURITY] Fedora Core 1 Update: samba-3.0.7-2.FC1
• Gentoo Linux: Samba: Denial of Service vulnerabilities
• FreeBSD: ports/net/samba3/$B!#(B3.0.7 $B%Y!<%9$K$J$C$F$$$k!#(B samba3 DoS attack$B!#(B

APPLE-SA-2004-09-07 Security Update 2004-09-07

$B!!(BAPPLE-SA-2004-09-13 Security Update 2004-09-07 v1.1 $B$,=P$^$7$?(B ($B8EJkNC;a$K$h$kK.LuHG(B)$B!#(B Topic: Security Update 2004-09-07 killed ftp (discussions.info.apple.com) $B$N(B fix $B$NB>!"(BSafari $B$N%P!<%8%g%sHV9f$,JQ99$5$l$?$=$&$G$9!#(B

$B!!(BMIME $B5,3J$N$"$$$^$$$JE@$rFM$/$h$&$J(B MIME $B%a!<%k$rAw$k$H!"$$$/$D$+$N%W%m%@%/%H$G$O!"%V%m%C%/$9$Y$-$b$N$rDL$7$F$7$^$&LOMM!#(B $B%"%s%A%&%$%k%9$J$I$N%3%s%F%s%D%A%'%C%+(B / $B%U%#%k%?7ONs$b4^$a!"(Bmail $B4XO"$N$"$i$f$k%W%m%@%/%H$r%F%9%H$9$Y$-$J$N$@$m$&$,!";DG0$J$,$i!"8=:_%j%9%H$5$l$F$$$k%Y%s%@!<$O$"$^$j$K>/$J$$!#$?$H$($P!V(BMicrosoft$B!W$d!V(BRed Hat$B!W!V(BGoogle$B!W$H$$$&J8;z$,8+$"$?$i$J$$$N$O$I$&$7$?$3$H$J$N$+!#(B

$B!!F|K\$G$O(B JVN $B$G(B NISCC-380375 MIME $B$K4X$9$kJ#?t$N@H$B$H$7$F$^$H$a$i$l$F$$$k$,!"$3$3$K$*$$$F$b!"%j%9%H$5$l$F$$$k%Y%s%@!<$O$"$^$j$K>/$J$$!#9q;:$N(B mail $B4XO"%=%U%H$O>/$J$/$J$$$O$:$J$N$@$,!#EPO?$7$^$7$g$&!#(B

$B!!(BCVE:

• CAN-2003-1014
• CAN-2003-1015
• CAN-2003-1016
• CAN-2004-0051
• CAN-2004-0052
• CAN-2004-0053
• CAN-2004-0161
• CAN-2004-0162

2004.09.28 $BDI5-(B:

$B!!(BAdvisory $B$N(B Revision $B$,(B 1.4 $B$K$J$C$F$$$^$9!#(B

• [threatnews] MAILsweeper and NISCC Vulnerability Advisory 380375/MIME$B!#(B $B@_DjJQ99$K$h$kBP1~J}K!$,5-:\$5$l$F$$$k!#(B
• Clearswift Response to NISCC Vulnerability Advisory

ImageMagick 6.0.6: ChangeLog

$B!!(B fix / patch:

• Vine Linux: [ 2004,09,12 ] ImageMagick $B$K%;%-%e%j%F%#%[!<%k(B

[SA12435] LHA Multiple Vulnerabilities

$B!!(B fix / patch:

• Vine Linux: [ 2004,09,11 ] lha$B$K%;%-%e%j%F%#%[!<%k(B

imlib -- BMP decoder heap buffer overflow

$B!!(B fix / patch:

• Fedora Core:
  [SECURITY] Fedora Core 2 Update: imlib-1.9.13-19
  [SECURITY] Fedora Core 1 Update: imlib-1.9.13-15.fc1
• Vine Linux: [ 2004,09,12 ] imlib $B$K%;%-%e%j%F%#%[!<%k(B

$B!!(BF-Secure Anti-Virus for Microsoft Exchange 6.21 $B0JA0(B / 6.01 $B0JA0!"$*$h$S(B F-Secure Internet Gatekeeper 6.32 $B0JA0$K7g4Y!#(B $B$3$l$i$K4^$^$l$k(B F-Secure Content Scanner Server $B$,!"(B $B:Y9)$7$?%Q%1%C%H$K$h$j(B remote $B$+$i(B DoS $B967b$r

$B!!(BF-Secure Anti-Virus for Microsoft Exchange 6.30 $B$*$h$S(B F-Secure Internet Gatekeeper 6.40 $B$G=$@5$5$l$F$$$k!#(B $B$^$?(B hotfix $B$,MQ0U$5$l$F$$$k!#(B

$B!!4XO"(B: [Full-Disclosure] iDEFENSE Security Advisory 09.09.04: F-Secure Internet Gatekeeper Content Scanning Server Denial of Service Vulnerability$B!#(B CVE: CAN-2004-0830

$B!!(BUsermin 1.070 / 1.080 $B$K7g4Y!#(BWeb$B%a!<%k5!G=$K7g4Y$,$"$j!"FC

• Gentoo Linux: Webmin, Usermin: Multiple vulnerabilities in Usermin
• FreeBSD: ports/sysutils/usermin/$B!#(B1.090 $B%Y!<%9$K$J$C$F$$$k!#(B

$B!!(BBrocade Silkworm 2800 / 3200 / 3800 $B$J$I$N(B fiber channel switch $B$K7g4Y$,$"$j!"(B $BFCuBV$H$J$k$=$&$@!#%P!<%8%g%s(B 3.2 $B$N(B code $B$G=$@5$5$l$k$=$&$@!#(B

$B!!(BStar 1.5a09$B!A(B1.5a45 $B$K7g4Y!#(Bcdrecord $B$HF1$8LdBj$NLOMM(B ($BF1$8:n

• Gentoo Linux: star: Suid root vulnerability
• FreeBSD: ports/archivers/star-devel/$B!#(Bstar-1.5a46 $B%Y!<%9$K$J$C$F$$$k!#(B

$B!!(Bcdrtools 2.00.3 $B$K4^$^$l$k(B cdrecord $B%3%^%s%I$K7g4Y!#(B suid root $B$G%$%s%9%H!<%k$5$l$?>l9g$K!"(B$RSH $B4D6-JQ?t$G;XDj$5$l$?%3%^%s%I$r

$B!!(Bsuid root $B$G%$%s%9%H!<%k$7$F$$$J$$>l9g$K$OLdBj$,$J$$!#(B $B$^$?(B cdrtools 2.01a38 $B$G=$@5$5$l$F$$$k!#(B CVE: CAN-2004-0806

• Fedora Core:
  [SECURITY] Fedora Core 2 Update: cdrtools-2.01-0.a27.4.FC2.3
  [SECURITY] Fedora Core 1 Update: cdrtools-2.01-0.a19.2.FC1.1
• Gentoo Linux: GLSA 200409-18
• FreeBSD: ports/sysutils/cdrtools/$B!#(B 2.0.3_4 $B$G=$@5$5$l$F$$$k!#(B $B$b$C$H$b(B FreeBSD $B$G$O(B suid root $B$G$O%$%s%9%H!<%k$5$l$J$$!#(B

$B!!(BStarOffice 7 / OpenOffice 1.1.2 $B$K7g4Y!#(B $B0l;~%U%!%$%k$rC/$G$bFI$a$k$h$&$J%b!<%I$G:n@.$7$F$7$^$&$?$a!"(Blocal user $B$,(B StarOffice / OpenOffice $BMxMQ

$B!!(BStarOffice 7 Product Update 3 $B$*$h$S(B OpenOffice 1.1.3 ($B$^$b$J$/EP>lM=Dj(B) $B$G=$@5$5$l$F$$$k!#(B

$B!!(BCVE: CAN-2004-0752$B!#(B 33357: OpenOffice World-Readable Temporary Files Disclose Files to Local Users (openoffice.org)$B!#(B

$B!!(Bsquid-2.5.STABLE6 $B0JA0$K7g4Y!#(B NTLM $BG'>Z%X%k%Q!<%b%8%e!<%k$K7g4Y$,$"$j!"(BDoS $B967b$rZ$r;H$C$F$$$J$$>l9g$K$O!"$3$N7g4Y$O1F6A$7$J$$!#(B

$B!!(B2.5.STABLE6 $BMQ$N(B patch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

• Gentoo Linux: Squid: Denial of service when using NTLM authentication
• FreeBSD: ports/www/squid/$B!#(B2.5.6_7 $B0J9_$G(B fix $B$5$l$F$$$k!#(B