$B%;%-%e%j%F%#%[!<%k(B memo - 2004.12

Last modified: Tue Aug 23 16:16:33 2005 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2004.12.28

$B"#(B $BDI5-(B

Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise

$B!!;XE&$5$l$?7g4Y$rMxMQ$7$?967b;vNc$,H/@8$7$F$$$k$h$&$@!#(B

$B"#(B PHP $B$r;H$C$?%Z!<%8$K$*$1$k%W%m%0%i%_%s%0%(%i!<$r96N,$9$k%o!<%`$,EP>l(B
(various)

$B!!(BPHP $B$r;H$C$?%Z!<%8$K$*$1$k%W%m%0%i%_%s%0%(%i!<$r96N,$9$k%o!<%`$,EP>l$7$F$$$k$h$&$G$9!#(BPHP $B$N(B Include() $B$"$k$$$O(B Require() $B$r8mMQ$7$?%Z!<%8$rMxMQ$7$FHK?#$7$F$$$k$h$&$G$9!#(B

$B!!(BPHP $B$rMxMQ$7$F$$$k?M$O!":#$9$0$=$N$h$&$J8mMQ$,$J$$$+$I$&$+3NG'$7!"$^$?MxMQ$7$F$$$k(B PHP $B$N%P!<%8%g%s$r:G?7>uBV$K%"%C%W%G!<%H$9$k$3$H$,?d>)$5$l$F$$$^$9!#(B

$B!!4XO"(B: PHP$B$rA@$&?7$?$J%o!<%`$,=P8=!$(BWeb$B%Z!<%8$N%W%m%0%i%`!&%_%9$rFM$/(B ($BF|7P(B IT Pro, 12/27)

$B"#(B 2004.12.27

$B"#(B $BDI5-(B

WordPad $B$N@H

$B!!(BiDEFENSE Security Advisory 12.14.04 - Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerability

$B%O%$%Q!<(B $B%?!<%_%J%k$N@H

$B!!(BHyperTerminal - Buffer Overflow In .ht File$B!#(B

proxy $B4D6-$G(B Windows XP SP2 $B$rMxMQ$9$k$H!"(BWindows Update $B$G%U%!%$%k$r%@%&%s%m!<%I$G$-$J$$(B

$B!!2C2l$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

> $B2sHr:v$O!V(BWindows Server 2003 $B$N(B proxycfg.exe $B$r%3%T$C$F$/$k!W$H$$$&!"(B
>$B$J$s$H$bMpK=$J$b$N!#$=$s$J$3$H8@$&$N$J$i!"(BWindows Server 2003 $B$N(B
>proxycfg.exe $B$r%@%&%s%m!<%I$G$-$k$h$&$K$9$Y$-$@$H;W$&$N$@$,!#$D!<$+!"<+(B
>$BM3$K%3%T$C$F$$$$$s$G$9$+(B

$B;d$b!V<+M3$K%3%T$C$F$M!*!W$K5?Ld$r;}$C$F$$$?$N$G%^%$%/%m%=%U%H$KLd$$9g$o$;$r$7$F$_$^$7$?!#(B

$B<+M3$K%3%T$C$F$$$$$N$+$H!"(B
http://www.microsoft.com/japan/legal/permission/t-mark/img-req4.htm
$B$3$3$K%a!<%k$G
Windows Update$B$K4X$9$k$3$H$J$N$G!"EEOC$GLd$$9g$o$;$F$_$^$7$?!#(B
http://support.microsoft.com/oas/default.aspx?gprid=6527
$B%3%T$C$F(BOK$B$H$$$&JV;v$rLc$&$3$H$,$G$-$^$7$?!#(B

$B%3%T$k$3$H$K4X$7$F$OEEOC$GLd$$9g$o$;$9$l$P(BOK$B$C$]$$$G$9!#(B
#68 : Oracle Server$B@=IJ$K4X$9$k%;%-%e%j%F%#$N@H

$B!!(BNGSSoftware $B$,>\:Y>pJs$r8x3+$7$?!#(B

[VulnWatch] Patch available for IBM DB2 Universal Database flaws

$B!!(BNGSSoftware $B$,>\:Y>pJs$r8x3+$7$?!#(B

$B"#(B $B$$$m$$$m(B
(various)

2005.01.05 $BDI5-(B:

$B!!(Bnetcat 1.11 for Windows is released (vulnwatch.org)$B!#(B Hat-Squad Advisory: Remote buffer overflow in Netcat TCP/IP Swiss Army Knife $B$N(B fix$B!#(B

$B"#(B MS Windows Media Player 9 Vulns (2)
(bugtraq, 2004.12.18)

$B!!(BWindows Media Player 9 $B$KIUB0$9$k(B Active X $B%3%s%H%m!<%k$K7g4Y$,$"$k$?$a!"96N,(B web $B%5!<%P$+$i(B

$B$G$-$F$7$^$&!#$3$N7g4Y$O(B Windows Media Player 10 $B$G=$@5$5$l$F$$$k$=$&$@!#(B

$B"#(B libtiff $B$K(B 2 $B$D$N7g4Y(B
(iDEFENSE, 2004.12.21)

$B!!(Blibtiff $B$K(B 2 $B$D$N7g4Y$,H/8+$5$l$^$7$?!#(B

$B"#(B $B!V(BCLIE Files $B05=L%U%!%$%k2rE`$N@H
(SONY, 2004.11.11)

$B!!(B$B05=L%U%!%$%k2rE`$N@H ($B$^$C$A$c(B 139 hiki) $B$,!"(BSONY CLIE (Palm OS 5) $BFbB"$N(B CLIE Files $B$K$b$"$C$?LOMM!#(BCLIE Files v.1.1.2 $B$G=$@5$5$l$F$$$k!#(B

$B!!9bLZ$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2004.12.25

$B"#(B Linux $B$M$?(B
(various)

$B!!0lIt8E$$$b$N$b$"$j$^$9$,!D!D!#(B

$B"#(B Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise
(Full-Disclosure ML, Sat, 25 Dec 2004 07:48:51 +0900)

$B!!(BWindows XP SP2 (IE 6.0 SP2) $B$K$*$$$F!"(Bweb $B%Z!<%8$K%"%/%;%9$7$?$@$1$G!"A4<+F0$G96N,%U%!%$%k$r%f!<%6$N%9%?!<%H%"%C%W$KJ]B8$5$;$k$3$H$,2DG=$@!"$H$$$&;XE&!#(B

$B!!BP1~J}K!$H$7$F!"(B.HTA $B%U%!%$%k$NL58z2=(B ($B4XO"$E$1$N:o=|$H$$$&0UL#$+(B?)$B!"(BIE $B$K$*$1$k%"%/%F%#%V%9%/%j%W%H$NL58z2=!"$*$h$S(B IE $B$r;H$o$J$$(B (Mozilla / FireFox $B$r;H$&(B)$B!"$,5s$2$i$l$F$$$k!#(BActiveX $B$NL58z2=$bM-8z$J5$$,$9$k$1$I!"5-:\$5$l$F$$$J$$!#(B

2004.12.28 $BDI5-(B:

$B!!;XE&$5$l$?7g4Y$rMxMQ$7$?967b;vNc$,H/@8$7$F$$$k$h$&$@!#(B

2005.01.04 $BDI5-(B:

$B!!(BQwik-Fix Pro Blocks XP SP2 Vulnerability (pivx.com, 2004.12.28)$B!#$H$$$&$3$H$G!#(B

2005.01.13 $BDI5-(B:

$B!!(BHTML $B%X%k%W$N@H $B$K$*$$$F!"(BHTML $B%X%k%W(B ActiveX $B%3%s%H%m!<%k(B (Hhctrl.ocx / Whhctrl.ocx) $B$K$D$$$F$O7g4Y$,=$@5$5$l$^$7$?!#(B

$B"#(B xfocus $B$,8x3+$7$?(B Windows $B$N(B 3 $B$D$N7g4Y(B
(bugtraq, 2004.12.24)

$B!!(Bxfocus $B$N(B flashsky $B;a$,(B Windows $B$NL$=$@5$N7g4Y$r(B 3 $B

$B!!$$$:$l$K$D$$$F$b(B http://www.xfocus.net/flashsky/icoExp/index.html $B$G(B PoC $B%3!<%I$,8x3+$5$l$F$$$k!#(B

$B!!>e5-$7$?$h$&$K!":G=i$N(B 2 $B$D$K$D$$$F$O(B Windows XP SP2 $B$OBP>]30$H$J$C$F$$$k!#(B $B$^$?%7%^%s%F%C%/$H%^%+%U%#!<$N%"%s%A%&%$%k%9%W%m%@%/%H$G$OBP1~$5$l$k(B ($BM=Dj(B) $B$,$"$k$h$&$@!#$"$kDxEY$NKI8f$K$O$J$k$@$m$&!#(B

$B!!4XO"JsF;(B:

2005.01.13 $BDI5-(B:

$B!!>e5-$N$&$A!"(BMicrosoft Windows LoadImage API Integer Buffer overflow $B$H(B Microsoft Windows Kernel ANI File Parsing Crash and DOS Vulnerability $B$K$D$$$F$O(B MS05-002 $B$G=$@5$5$l$F$$$k$h$&$K;W$($k!#(B

$B!!B>$N(B exploit: [Full-Disclosure] Windows (XP SP2) Remote code execution with parameters$B!#(B About CMDExe (Command Execution) Remote code execution with parameters $B$G2r@b$5$l$F$$$k!#(B

$B"#(B 2004.12.24

$B"#(B [Full-Disclosure] Internet Explorer FTP client can be used to send mail
(Full-Disclosure, Fri, 24 Dec 2004 08:56:21 +0900)

$B!!(BIE 6 SP1 / SP2 $B$K7g4Y!#(B img $B%?%0$N(B src $BB0@-$KFC$B%G%b%Z!<%8(B$B$K(B IE $B$G%"%/%;%9$9$k$H!"(B ian-example@penguinhosting.net $B08$K%a!<%k$,Aw$i$l$k$N$GCm0U!#(B $B

$B!!$J$*!"%^%+%U%#!<(B VirusScan Enterprise 8.0i $B$,%$%s%9%H!<%k$5$l$F$$$k4D6-$G$O!"(B VSE 8.0i $B$N!VBgNL%a!<%kG[?.7?%o!<%`$K%a!<%k$rAw?.$5$;$J$$!W5!G=$K$h$j%a!<%kAw?.$,M^;_$5$l$?!#F1MM$N5!G=$N$"$k%;%-%e%j%F%#@=IJ(B ($B%Q!<%=%J%k%U%!%$%"%&%)!<%k$H$+(B?) $B$J$I$rMxMQ$7$F$$$l$PM^;_$G$-$k$G$7$g$&!#(B

2004.12.24 $BDI5-(B:

$B!!%d%^%,%?$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

$B"!(B[Full-Disclosure] Internet Explorer FTP client can be used to sendmail
http://www.st.ryukoku.ac.jp/%7Ekjm/security/memo/2004/12.html#20041224_IEFTP

$B$N7o$G$9$,!"?7$7$$@H
$B"!(BMicrosoft Internet Explorer FTP Command Injection Vulnerability (Secunia)
http://secunia.com/advisories/13404/
http://www.7a69ezine.org/node/view/168
http://yamagata.int21h.jp/d/?date=20041210#p03

$B$N7o$N1~MQ$N$h$&$G$9!#(B

$B%f!<%6L>(B or $B%Q%9%o!<%I(B or $B%G%#%l%/%H%jL>ItJ,$K4^$^$l$k2~9T%3!<%I(B(%0d%0a)$B$r$=$N$^$^E83+$7$F$7$^$&$3$H$,860x$H$J$j$^$9!#"+2~9T%3!<%I%$%s%8%'%/%7%g%s(B

$B"#(B 2004.12.23

$B"#(B $BDI5-(B

Advisory 01/2004: Multiple vulnerabilities in PHP 4/5

$B!!(BCAN-2004-1018 $B$,$J$<$+(B REJECT $B$5$l$F$$$^$9!#$d$^$M$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

IE$B$K%U%#%C%7%s%0$N4m81!=!=(BActiveX$B$KLdBj(B

$B!!4XO"(B: IE$B$K%/%m%9%5%$%H!&%9%/%j%W%F%#%s%0967b$r5v$9$<$$ ($BF|7P(B IT Pro, 12/17)

Windows $B%+!<%M%k$*$h$S(B LSASS $B$N@H:3J$,5/$3$k(B (885835) (MS04-044)

$B!!(B891531 - Windows 2000 $B%Y!<%9$N%3%s%T%e!<%?$K%;%-%e%j%F%#99?7%W%m%0%i%`(B 885835 $B$r%$%s%9%H!<%k$7$?8e!"(BVeritas Backup Exec 8.6 $B$G%9%1%8%e!<%k$7$?%P%C%/%"%C%W$G%(%i!<$,H/@8$7!"%"%W%j%1!<%7%g%s%$%Y%s%H(B ID 57480 $B$,=PNO$5$l$k(B (Microsoft)$B!#(BMS04-044 $B=$@5%W%m%0%i%`(B (KB885835) $B$rE,MQ$7$?4D6-$G!"(BVeritas Backup Exec 8.6 $B$,%H%i%V$k$3$H$,$"$kLOMM!#(BVeritas Backup Exec 8.6 $B$r99?7$;$h!"$H=q$+$l$F$$$k!#(B

$B"#(B 2004.12.22

$B"#(B $BDI5-(B

$BDa55%a!<%k$K$*$1$k(BS/MIME$B$N=pL>8!>Z$K@H

$B!!(B$B$3$N$^$^$G$O(BJVN$B$OLr$KN)$?$J$$(B ($B9bLZ9@8w!w<+Bp$NF|5-(B, 12/19)$B!#(B $BDa55%a!<%k$N(B S/MIME $B$^$o$j$K$O$5$i$J$k7g4Y$,$"$j!"(B4.00 $BHG$G=$@5$5$l$?(B ($B!V(BS/MIME$BEE;R=pL>$N8!>Z4X78$G$N@H

$B"#(B Windows XP SP2 $B$N!V(BWindows $B%;%-%e%j%F%#$N=EMW$J7Y9p!W2hLL(B
(penetration technique research site, 2004.12.13)

$B!!(BWindows XP SP2 $B$N!V(BWindows $B%;%-%e%j%F%#$N=EMW$J7Y9p!W2hLL$G$O!V%W%m%0%i%`%"%$%3%s!W!VL>A0!W!VH/9T85!W$7$+I=<($5$l$J$$$?$a!"$3$l$i$r5v2D$5$l$F$$$k$G$"$m$&%W%m%0%i%`$HF1$8$K$9$k$3$H$K$h$j!"MxMQ

2005.01.04 $BDI5-(B:

$B!!>\:Y5-;v(B: [Windows $B%;%-%e%j%F%#$N=EMW$J7Y9p(B] $B2hLL$r0-MQ$7$?56Au$K$D$$$F(B (penetration technique research site, 2005.01.03)$B!#(B

$BL>A0$NItJ,$K%+!<%=%k$rCV$$$F?tICBT$D$H!"$,I=<($5$l$k$N$G!"(B[Windows $B%;%-%e%j%F%#$N=EMW$J7Y9p(B] $B2hLL$r0-MQ$7$?56Au$r8+GK$k$H$-$KLrN)$D>pJs$H$7$F3P$($F$*$$$F$$$?$@$-$?$$!#(B

$B!!$I$3$+$N%l%8%9%H%j$r$$$8$k$H:G=i$+$iI=<($5$l$?$j$9$k$H$&$l$7$$$N$@$1$I$J$"!#(B

$B"#(B [ZH2004-18SA] Content-Type spoofing in Mozilla Firefox and Opera could allow users to bypass security restrictions
(Full-Disclosure ML, Thu, 16 Dec 2004 10:10:07 +0900)

$B!!(BMozilla Firefox 1.0 / Mozilla 1.7.x / Opera 7.51$B!A(B7.54 $B$K7g4Y!#(B HTML $B%U%!%$%k$r(B Content-Type: text/html. ($B%I%C%H$D$-(B) $B$G

$B"#(B IE$B$K%U%#%C%7%s%0$N4m81!=!=(BActiveX$B$KLdBj(B
(ITmedia, 2004.12.20)

$B!!(BMSIE DHTML Edit Control Cross Site Scripting Vulnerability (bugtraq, Wed, 15 Dec 2004 17:01:33 +0900) $B$NOC!#(B IE 6 $B$N(B DHTML Edit ActiveX $B%3%s%H%m!<%k$K%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$,$"$k$?$a!"(Bweb $B%5%$%H$OK\Mh$N%3%s%F%s%D$KBP$7$FG$0U$N(B JavaScript $B$rA^F~$G$-$k!#$3$l$rMxMQ$9$k$H!"K\Mh$O$G$-$J$$$O$:$N%"%I%l%9%P!<$N(B URL $B:>>N$d(B SSL $B80%"%$%3%s$N:>>N$J$I$,2DG=$H$J$k!#(B

$B!!=$@5%W%m%0%i%`$O$^$@B8:_$7$J$$!#2sHrJ}K!$H$7$F$O!"(BActiveX $B$rL58z$H$9$k!#(B $B$^$?(B Windows XP SP2 $B$G$O!"

  1. DHTML Edit ActiveX $B%3%s%H%m!<%k$rFI$_9~$^$;$k(B web $B%Z!<%8$r1\Mw$9$k!#(B $B%G%b%5%$%H(B ($B8e=R(B) $B$r1\Mw$9$l$P$h$$!#(B
  2. IE $B$N%D!<%k%a%K%e!<$+$i(B [$B%"%I%*%s$N4IM}(B(A)...] $B$rA*$V!#!V%"%I%*%s$N4IM}!W%&%#%s%I%&$,I=<($5$l$k!#(B
  3. $B!V%"%I%*%s$N4IM}!W%&%#%s%I%&$G!V8=:_(B Internet Explorer $B$GFI$_9~$^$l$F$$$k%"%I%*%s!W$rI=<($5$;!"(BDHTML Edit $B%3%s%H%m!<%k$r%]%$%s%H$7!"!VL58z!W$r@_Dj$9$k(B ($B2hA|(B)$B!#(B
  4. IE $B$r:F5/F0$9$k!#(B $B:F$SF1MM$N$B2hA|(B)$B!#(B

$B!!4XO"(B:

$B!!%G%b%5%$%H(B:

2004.12.23 $BDI5-(B:

$B!!4XO"(B: IE$B$K%/%m%9%5%$%H!&%9%/%j%W%F%#%s%0967b$r5v$9$<$$ ($BF|7P(B IT Pro, 12/17)

2005.02.09 $BDI5-(B:

$B!!(BMS05-013 $B$G=$@5$5$l$F$$$k!#(B CVE: CAN-2004-1319

$B"#(B Vulnerability Note VU#497400: phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter
(US-CERT, 2004.12.21)

$B!!(BphpBB 2.0.10 $B0JA0$K7g4Y!#(B viewtopic.php $B$N(B highlight $B%Q%i%a!<%?$KBP$9$k=|@w$,IT40A4$J$?$a!"$3$l$rMxMQ$9$k$H(B remote $B$+$iG$0U$N%3!<%I$rDatabase passwords is open. Passthru() is available. (phpBB.com :: Security Tracker - Final Report)$B!#(B

$B!!(BphpBB 2.0.11 $B$G=$@5$5$l$F$$$k!#(B $B$^$?(B howdark.com exploits - follow up (phpBB) $B$G<($5$l$F$$$k=$@5$r;\$7$F$b$h$$!#(B

$B!!$3$N7g4Y$rA@$C$?%o!<%`(B "Santy" $B$,EP>l$7$F$$$k!#(B

$B!!$J$*!"(BphpBB 2.0.11 $B$G$OB>$K$b(B XSS in username field for privmsg.php $B$d(B XSpider 7 reports vunerabilitt$B!"(B phpBB Attachment Mod Directory Traversal HTTP POST Injection $B$,=$@5$5$l$F$$$k$=$&$@!#(B

2004.12.23 $BDI5-(B:

$B!!4XO"(B:

$B"#(B 2004.12.21

$B"#(B $BDI5-(B

Adobe Reader 6.0.3 update - English, Japanese

$B!!(BiDEFENSE Security Advisory 12.13.04: Adobe Reader 6.0 .ETD File Format String Vulnerability (bugtraq)$B!#(B CVE: CAN-2004-1153 $B$NOC!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B!!8E$$$M$?$b$"$j$^$9$,!D!D!#(B

2005.01.16 $BDI5-(B:

$B!!(BVeritas BackupExec Agent vulnerability $B$N(B exploit $B$,EP>l$7!"$J$K$d$i$5$o$,$7$/$J$C$F$$$kLOMM!#(B

$B!!%]!<%HHV9f$rJQ$($k$K$O!"(B255498 - How to change the port that Network Data Management Protocol uses in VERITAS Backup Exec 9.x for Windows Servers (Veritas) $B$r;2>H$9$k$H$h$$$i$7$$!#$G$b$^$:$O!"(Bpatch $B$"$F$^$7$g$&!#(B

2005.02.01 $BDI5-(B:

$B!!(BJ273419: Backup Exec 8.x $B$*$h$S(B 9.x $B$K$*$1$k%9%?%C%/>e$N%P%C%U%!(B $B%*!<%P!<%U%m!<$KBP$9$k@H (VERITAS)$B!#(B

$B"#(B 2004.12.20

$B"#(B wget: Arbitrary file overwriting/appending/creating and other vulnerabilities
(bugtraq, Thu, 09 Dec 2004 18:14:38 +0900)

$B!!(BGNU wget 1.8.x / 1.9.x $B$KJ#?t$N7g4Y!#(B

fix / patch:

$B"#(B $BDI5-(B

Adobe Reader 6.0.3 update - English, Japanese

$B!!(BAcrobat$B$N@H (slashdot.jp) $B$K5.=E$J>pJs$,!#(B

Advisory 01/2004: Multiple vulnerabilities in PHP 4/5

$B!!4XO"(B:

$B"#(B 2004.12.19

$B"#(B 2004.12.18

$B"#(B Advisory 01/2004: Multiple vulnerabilities in PHP 4/5
(bugtraq, Thu, 16 Dec 2004 03:46:20 +0900)

$B!!(BPHP 4.3.9 $B0JA0(B / 5.0.2 $B0JA0$KJ#?t$N=EBg$J7g4Y!#(B

$B!!(BPHP 4.3.10 / 5.0.3 $B$G=$@5$5$l$F$$$k!#(B PHP 4.3.10 Release Announcement $B$K$b!V(BThis is a maintenance release that in addition to over 30 non-critical bug fixes addresses several very serious security issues$B!W(B $B$H$"$j$^$9$N$G!"Aa4|$K%"%C%W%G!<%H$7$^$;$&!#(B $B$?$@$7!"(BPHP 4.3.10, 5.0.3$B%j%j!<%9(B (slashdot.jp) $B$K$O(B$B%"%C%W%G!<%H$K$h$k(B Zend Optimizer $B$NIT6q9g(B$B$bJs9p$5$l$F$$$k$N$GCm0U$5$l$?$$!#:G?7$N(B Zend Optimizer $B$J$iBg>fIW$@$=$&$@!#(B

$B!!:#2s$N7g4Y$O(B Hardened-PHP $B$N3+H/Cf$KH/8+$5$l$?$N$@$=$&$@!#(Bfrom documentation: 

Hardened-PHP provides:

+ Protection of the Zend Memory Manager with canaries
+ Protection of Zend Linked Lists with canaries
+ Protection against internal format string exploits
+ Protection against arbitrary code inclusion
+ Syslog logging of attackers IP

2004.12.20 $BDI5-(B:

$B!!4XO"(B:

2004.12.23 $BDI5-(B:

$B!!(BCAN-2004-1018 $B$,$J$<$+(B REJECT $B$5$l$F$$$^$9!#$d$^$M$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2004.12.17

$B"#(B $BDI5-(B

Windows $B%+!<%M%k$*$h$S(B LSASS $B$N@H:3J$,5/$3$k(B (885835) (MS04-044)

$B!!(Bsamba-jp ML $B$N(B [samba-jp:17427][samba-jp:17428][samba-jp:17431][samba-jp:17432][samba-jp:17439] $B$rAm9g$9$k$H!"(B

  • Windows XP SP1 + MS04-044 $B=$@5%W%m%0%i%`(B (KB885835)
  • Windows XP SP2

$B$K$*$$$F$O!"(B samba 2.2.x $BF|K\8lHG$N$4$_H"5!G=(B$B$,$&$^$/F0$+$J$/$J$kLOMM!#(B samba 3.x $B$N$4$_H"5!G=(B (recycle VFS $B%b%8%e!<%k$rMxMQ$9$kJ}K!(B) $B$@$HLdBj$J$$LOMM!#(B

proxy $B4D6-$G(B Windows XP SP2 $B$rMxMQ$9$k$H!"(BWindows Update $B$G%U%!%$%k$r%@%&%s%m!<%I$G$-$J$$(B

$B!!(Bproxy.pac $B$rMxMQ$7$F%W%m%-%7$r<+F0@_Dj$7$F$$$k4D6-$G$O!"(Bproxycfg -u $B$K<:GT$9$k$=$&$G$9!#>e86@h@8>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!>e86@h@8$O(B .reg $B%U%!%$%k$rMQ0U$5$l$?$h$&$G$9$,!"(Bproxycfg $B$r

$B!!!D!D@iMU$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B)

  • $BJ@

  • XP-SP2$BE,MQ8e!"(BWindowsUpdate$B$,$G$-$J$$C

  • $B$=$NF0$-$r8+$F$_$k$H!"CA02r7h$r

  • $B$=$3$G!"

  • $B$H$$$&$3$H$G!"%f!<%6B&$NC

$B"#(B [SAMBA] CAN-2004-1154 : Integer overflow could lead to remote code execution in Samba 2.x, 3.0.x <= 3.0.9
(bugtraq, Thu, 16 Dec 2004 21:17:29 +0900)

$B!!(Bsamba 2.x $B7ONs$*$h$S(B 3.0.9 $B0JA0$N(B 3.x $B7ONs$K7g4Y!#(B smbd $B$K(B interger overflow $B$9$k7g4Y$,$"$j(B heap $BGK2u$,H/@8$9$k$?$a!"(Bremote $B$+$i(B smbd $BF0:n8"8B(B ($BDL>o(B root) $B$rC%CAN-2004-1154

$B!!(Bsamba 3.0.9 $BMQ$N(B patch $B$,G[I[$5$l$F$$$k!#$^$?(B samba 3.0.10 $B$G=$@5$5$l$F$$$k!#$J$*!"(Bsamba 2.x $B7ONs$O$b$O$dJ]

$B!!4XO"(B: iDEFENSE Security Advisory 12.16.04: Samba smbd Security Descriptor Integer Overflow Vulnerability

$B"#(B 886185 - Windows XP Service Pack 2 $BMQ$N=EMW$J99?7%W%m%0%i%`$K$D$$$F(B
(Microsoft, 2004.12.16)

$B!!(BWindows XP SP2 $B$KIUB0$9$k(B Windows $B%U%!%$%"%&%)!<%k$N!VNc30!W$K$*$$$FE,MQHO0O(B ($B%9%3!<%W(B) $B$r!V(B$B%f!<%6!<$N%M%C%H%o!<%/(B ($B%5%V%M%C%H(B) $B$N$_(B$B!W$H$7$?>l9g$K!"%@%$%"%k%"%C%W@\B3$r9T$&$H!"$=$NHO0O$,!V%$%s%?!<%M%C%HA4BN!W$HEy2A$K$J$C$F$7$^$&$3$H$,$"$k$=$&$J!#(B

$B0lIt$N%@%$%d%k%"%C%WMQ%=%U%H%&%'%"$,%k!<%F%#%s%0(B $B%F!<%V%k$r9=@.$9$kJ}K!$,860x(B

$B$@$=$&$@!#=$@5%W%m%0%i%`$rE,MQ$9$k$H!"(B

Windows $B%U%!%$%"%&%)!<%k$G!"%@%$%d%k%"%C%W(B $B%M%C%H%o!<%/@\B3$,%m!<%+%k(B $B%5%V%M%C%H>e$K$"$k$H2r

$B$@$=$&$@!#$5$i$K!"(B

$B%5%V%M%C%H$O!"@\B3@h$N%M%C%H%o!<%/$K$h$C$FBg$-$/0[$J$j$^$9!#$=$N$?$a!"(B"$B%f!<%6!<$N%M%C%H%o!<%/(B ($B%5%V%M%C%H(B) $B$N$_(B" $B$N%9%3!<%W$N@)8B$r;HMQ$7$F$b!"%;%-%e%j%F%#$,J]>Z$5$l$k$b$N$G$O$"$j$^$;$s!#ITMW$JCe?.%H%i%U%#%C%/$,%U%!%$%"%&%)!<%k$NNc30$rDL2a$G$-$J$$$h$&$K$9$k$K$O!"%+%9%?%`$N%9%3!<%W%*%W%7%g%s$r;HMQ$9$k$3$H$r6/$/$*4+$a$7$^$9!#(B

$B$@$=$&$@!#$^$"3N$+$K!"%@%$%"%k%"%C%W@\B3$H$$$&$N$O$=$&$$$&$b$N$+$b$7$l$:!#(B

$B!!EDCg$5$s!"4X$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!4XO"(B: XP SP2$B$G(BAir H"$B$d(BFOMA$BC ($BAk$NEN(B, 2004.12.17)$B!#$=$&$$$&I=8=$NJ}$,$o$+$j$d$9$$$G$9$M!"3N$+$K!#(B

$B"#(B Outlook Express$B$K!V(BBCC$B!W$rI=<($9$k?7$?$JIT6q9g!$(BMS$B$O%Q%C%A$r8x3+(B
($BF|7P(B IT Pro, 2004.12.16)

$B!!(BOutlook Express 5.5 / 6.0 $B7ONs$K(B Bcc: $B$,O31H$7$F$7$^$&7g4Y$,$"$kLOMM!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$$N$G$9$,!"!V=EMW$J99?7$H(B Service Pack$B!W$K$OJ,N`$5$l$F$$$J$$$N$G!"(BSUS / $B<+F099?77PM3$G$OE,MQ$G$-$J$$$s$G$9$h$M!#(B $Bl9g$O!"(B proxy $B4D6-$G(B Windows XP SP2 $B$rMxMQ$9$k$H!"(BWindows Update $B$G%U%!%$%k$r%@%&%s%m!<%I$G$-$J$$(B $B$N7o$K$4Cm0U$r!#(B

$B"#(B 2004.12.16

$B"#(B 2004.12.15

$B"#(B $BDI5-(B

proxy $B4D6-$G(B Windows XP SP2 $B$rMxMQ$9$k$H!"(BWindows Update $B$G%U%!%$%k$r%@%&%s%m!<%I$G$-$J$$(B

$B!!%a!<%k$N@0M}$r$7$F$$$?$i!"(B2004.11.01 $B$N;~E@$G!"F#0f$5$s$+$i$3$N7o$K$D$$$F$N>pJs$,Mh$F$-$?$3$H$K5$$,$D$$$?(B orz$B!#$9$s$^$;$s!#(B_o_

$B"#(B WordPad $B$N@H
(Microsoft, 2004.12.15)

$B!!(BWindows NT 4.0 / 2000 / XP / Server 2003 $B$K7g4Y!#(B WordPad $B$,MxMQ$9$k(B Word for Windows 6.0 $B%3%s%P!<%?$KJ#?t$N(B buffer overflow $B$9$k7g4Y$,$"$j!"G$0U$N%3!<%I$rCAN-2004-0571 CAN-2004-0901

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

2004.12.28 $BDI5-(B:

$B!!(BiDEFENSE Security Advisory 12.14.04 - Microsoft Word 6.0/95 Document Converter Buffer Overflow Vulnerability

$B"#(B DHCP $B$N@H
(Microsoft, 2004.12.15)

$B!!(BWindows NT 4.0 Server $B$K7g4Y!#(BDHCP $B%5!<%S%9$K$*$1$k%Q%1%C%H$N8!>Z$K$*$$$FJ#?t$N(B buffer overflow $B$9$k7g4Y$,$"$j!"(BDHCP $B%5!<%S%9$,$$$+$J$k%j%/%(%9%H$KBP$7$F$bL5H?1~$K$J$C$F$7$^$C$?$j!"(Bremote $B$+$i(B DHCP $B%5!<%S%98"8B(B (local SYSTEM?) $B$GG$0U$N%3!<%I$rCAN-2004-0899 CAN-2004-0900

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B $B%O%$%Q!<(B $B%?!<%_%J%k$N@H
(Microsoft, 2004.12.15)

$B!!(BWindows NT 4.0 / 2000 / XP / Server 2003 $B$K7g4Y!#(B $B%O%$%Q!<%?!<%_%J%k$K(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B telnet: URI $B$d96N,(B $B%O%$%Q!<%?!<%_%J%k%;%C%7%g%s(B $B%U%!%$%k(B (.ht) $B$K$h$C$FG$0U$N%3!<%I$rCAN-2004-0568

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

2004.12.28 $BDI5-(B:

$B!!(BHyperTerminal - Buffer Overflow In .ht File$B!#(B

$B"#(B Windows $B%+!<%M%k$*$h$S(B LSASS $B$N@H:3J$,5/$3$k(B (885835) (MS04-044)
(Microsoft, 2004.12.15)

$B!!(BWindows NT 4.0 / 2000 / XP / Server 2003 $B$KJ#?t$N7g4Y!#(B

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

2004.12.17 $BDI5-(B:

$B!!(Bsamba-jp ML $B$N(B [samba-jp:17427][samba-jp:17428][samba-jp:17431][samba-jp:17432][samba-jp:17439] $B$rAm9g$9$k$H!"(B

$B$K$*$$$F$O!"(B samba 2.2.xx $BF|K\8lHG$N$4$_H"5!G=(B$B$,$&$^$/F0$+$J$/$J$kLOMM!#(B samba 3.x $B$N$4$_H"5!G=(B (recycle VFS $B%b%8%e!<%k$rMxMQ$9$kJ}K!(B) $B$@$HLdBj$J$$LOMM!#(B

2004.12.23 $BDI5-(B:

$B!!(B891531 - Windows 2000 $B%Y!<%9$N%3%s%T%e!<%?$K%;%-%e%j%F%#99?7%W%m%0%i%`(B 885835 $B$r%$%s%9%H!<%k$7$?8e!"(BVeritas Backup Exec 8.6 $B$G%9%1%8%e!<%k$7$?%P%C%/%"%C%W$G%(%i!<$,H/@8$7!"%"%W%j%1!<%7%g%s%$%Y%s%H(B ID 57480 $B$,=PNO$5$l$k(B (Microsoft)$B!#(BMS04-044 $B=$@5%W%m%0%i%`(B (KB885835) $B$rE,MQ$7$?4D6-$G!"(BVeritas Backup Exec 8.6 $B$,%H%i%V$k$3$H$,$"$kLOMM!#(BVeritas Backup Exec 8.6 $B$r99?7$;$h!"$H=q$+$l$F$$$k!#(B

$B"#(B WINS $B$N@H
(Microsoft, 2004.12.15)

$B!!(BWindows NT 4.0 Server / 2000 Server / Server 2003 $B$K7g4Y!#(B WINS $B%5!<%S%9$KJ#?t$N7g4Y$,$"$k!#(B

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B

2005.01.04 $BDI5-(B:

$B!!$_$J$5$s!"(Bpatch $B$"$F$^$7$?$h$M(B?

$B"#(B JVN#904429FE: Namazu $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H
(JVN, 2004.12.15)

$B!!(Bnamazu 2.0.13 $B0JA0$K7g4Y!#(B$B%?%V(B(%09) $B$+$i;O$^$k8!:wJ8;zNs(B$B$K$h$C$F(B namazu.cgi $B$G%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$,H/@8!#(B

$B!!(Bnamazu 2.0.14 $B$G=$@5$5$l$F$$$k!#$^$?(B $B%?%V(B(%09) $B$+$i;O$^$k8!:wJ8;zNs$K$h$kLdBj(B $B$K7g4Y2sHrMQ$N%9%/%j%W%H$,Ds<($5$l$F$$$k!#(B

$B"#(B 2004.12.14

$B"#(B $BDI5-(B

Secunia Research 08/12/2004 - Multiple Browsers Window Injection Vulnerability -

$B!!4XO"(B:

$B"#(B Adobe Reader 6.0.3 update - English, Japanese
(adobe, 2004.12.13)

$B!!(BAdobe Reader 6.0.2 $B0JA0$KJ#?t$N7g4Y!#(B

$B!!(BAdobe Reader 6.0.3 $B$G=$@5$5$l$F$$$k!#%"%C%W%G!<%?$,$"$k$N$GE,MQ$7$h$&!#(B

$B!!4XO"(B:

2004.12.20 $BDI5-(B:

$B!!(BAcrobat$B$N@H (slashdot.jp) $B$K5.=E$J>pJs$,!#(B

2004.12.21 $BDI5-(B:

$B!!(BiDEFENSE Security Advisory 12.13.04: Adobe Reader 6.0 .ETD File Format String Vulnerability (bugtraq)$B!#(B CVE: CAN-2004-1153 $B$NOC!#(B

$B"#(B Advisory: Opera security advisory 2004-12-10
(opera, 2004.12.10)

$B!!(BOpera 7.54 $B0JA0$KJ#?t$N7g4Y!#(B

$B!!(BOpera 7.54u1 $B$G=$@5$5$l$F$$$k!#(B $B%@%&%s%m!<%I%Z!<%8(B $B$N1&B&$K$"$k!V(BOpera 7.54 Security Update$B!W$N%j%s%/$+$iF~

$B!!4XO"(B:

$B"#(B 2004.12.13

$B"#(B Secunia Research 08/12/2004 - Multiple Browsers Window Injection Vulnerability -
(secunia, 2004.12.08)

$B!!(BMicrosoft Internet Explorer 6.0, Mozilla 1.7.3, Mozilla Firefox 1.0, Opera 7.54, Safari 1.2.4, Konqueror 3.2.2-6 $B$K7g4Y!#%]%C%W%"%C%W%&%#%s%I%&L>(B (window.open $B$NBh(B 2 $B0z?t(B) $B$,4{CN$N>l9g!"$=$N%]%C%W%"%C%W%&%#%s%I%&$r>h$CuBV$G(B

  1. $B%G%b%5%$%H(B$B$r3+$/(B
  2. $B%G%b%5%$%H$N(B Step 2 $B$K$"$k!V(BWith Pop-up Blocker: Test Now - With Pop-up Blocker - Left Click On This Link$B!W$r:8%/%j%C%/$9$k(B
  3. citibank $B%&%#%s%I%&$,3+$+$l$k$N$G!"$=$3$K$"$k!V(BConsumer Alert$B!W$r:8%/%j%C%/$9$k(B

$B$H$9$k$H!"e5-$HF1MM$@$C$?$7!#(B $B;d$N$d$jJ}$,!"2?$+:,K\E*$K4V0c$C$F$$$k$N$+$J!#(B

$B!!(BSANS ISC $B$K$h$k$H!"0J2<$N2sHrJ}K!$,$"$k$=$&$@!D!D(B

$B!D!D$,!"$=$b$=$b

2004.12.14 $BDI5-(B:

$B!!4XO"(B:

$B"#(B 2004.12.10

$B"#(B $BDI5-(B

57591: Security Vulnerability With Java Plug-in in JRE/SDK

$B!!(B$B%5%s!"(BJava$B%W%i%0%$%s$NG[I[$GIT (CNET, 2004.12.08)$B!#IT

$B!!$$$?$,$-$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

Java$B%W%i%0%$%s$N%"%C%W%G!<%HG[I[$NLdBj$K$D$$$F(BCNET$B$KJs$8$i$l$F$$$^$7$?$,!":#F|8=:_!"%W%i%0%$%s$N<+F0%"%C%W%G!<%H5!G=!J%3%s%H%m!<%k%Q%M%k$K$h$k$b$N!K$,5!G=$7$F$$$J$$$h$&$G$9!#(B1.4.2_05$B$N%^%7%s$G

$B!!;n$7$K(B J2SE SDK 1.4.2_03 $B$r%$%s%9%H!<%k$7$F!"(BJava Plug-in $B%3%s%H%m!<%k%Q%M%k$+$i%"%C%W%G!<%H$7$F$_$?$i!"$=$3$K8=$l$k$N$O(B J2SE JRE 1.4.2_05-b04 $B$H$$$&$b$N$G$7$?!#$U$%$`!#$J$<(B 1.4.2_06 $B$G$O$J$$$N$G$7$g$&$M$(!#(B

$B"#(B [SECURITY] Fedora Core 2 Update: mysql-3.23.58-9.1
(fedora-announce-list, Wed, 08 Dec 2004 12:33:48 -0500)

$B!!(Bfix $B$5$l$?7g4Y(B:

$B"#(B Mac OS X / Adobe Version Cue local root exploit
(milw0rm.com, 2004.12.08)

$B!!(BAdobe Version Cue $B$N(B Mac OS X $BHG$K7g4Y!#(Blocal user $B$,(B root $B8"8B$r]$H$J$k(B Version Cue $B$N%P!<%8%g%s$,L@5-$5$l$F$$$J$$$,!"(B 1.0.1 $B%"%C%W%G!<%H(B $B$rE,MQ$7$F$b$3$NLdBj$,$"$kLOMM(B [harden-mac:0695] [harden-mac:0696]$B!#(B

$B!!(BAdobe $B$+$i$N%"%J%&%s%9!"(Bfix $B6&$KB8:_$7$J$$LOMM!#(B

2005.01.28 $BDI5-(B:

$B!!=$@5$5$l$?$=$&$G$9!#(B

2005.08.23 $BDI5-(B:

$B!!(BMac OS X $B$K$*$$$F%m!<%+%k%f!<%6$N8"8B$,9b$^$k$3$H$K$D$$$F$NCm0U!J(BVersion Cue 1.x$B!K(B (Adobe)$B!#(BCVE: CAN-2005-1307 $B$@$=$&$G$9!#(B

$B"#(B Squid-2.5 Patches: Random error messages in response to malformed host name
(squid-cache.org, 2004.12.07)

$B!!(Bsquid 2.5 $B$K7g4Y!#:Y9)$7$?%[%9%HL>$K$h$C$F@8@.$5$l$k%(%i!<%a%C%;!<%8$K%i%s%@%`$J%G!<%?$,4^$^$l$F$7$^$&$?$a!"FbIt>pJs$,O31H$9$k2DG=@-$,$"$k!#(B patch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

fix / patch:

$B"#(B 2004.12.09

$B"#(B $BDI5-(B

proxy $B4D6-$G(B Windows XP SP2 $B$rMxMQ$9$k$H!"(BWindows Update $B$G%U%!%$%k$r%@%&%s%m!<%I$G$-$J$$(B

$B!!4XO"(B: 888859 - [WU] Windows Update version 5 $B$GMxMQ$9$k%W%m%-%7$K$D$$$F(B (Microsoft)$B!#$3$3$G$b(B proxycfg $B$7$F$M!"$H=q$+$l$F$$$k!#(B

$B!!(Bproxycfg $B%3%^%s%I$O!"(BWindows XP Pro / Server 2003 $B$K$O$"$k$,!"(B Windows 2000 $B$K$O$J$$$h$&$@!#(B MSXML 4.0 SP2 (Microsoft) $B$r%$%s%9%H!<%k$9$k$H(B proxycfg.exe $B$,$b$l$J$/IU$$$F$/$k$N$@$,!"(B $B:$$C$?$3$H$K!"(BWindows 2000 SP3 / SP4 $B$K%$%s%9%H!<%k$7$F$b%(%i!<$,=P$F$&$^$/F0$+$J$$!#(B 829735 - BUG: "WinHTTP5.dll Could Not Be Found" Error Message When You Run Proxycfg.exe after You Install MSXML 4.0 SP2 (Microsoft) $B$K$h$k$H!"2sHr:v$O!V(BWindows Server 2003 $B$N(B proxycfg.exe $B$r%3%T$C$F$/$k!W$H$$$&!"$J$s$H$bMpK=$J$b$N!#$=$s$J$3$H8@$&$N$J$i!"(BWindows Server 2003 $B$N(B proxycfg.exe $B$r%@%&%s%m!<%I$G$-$k$h$&$K$9$Y$-$@$H;W$&$N$@$,!#(B $B$D!<$+!"<+M3$K%3%T$C$F$$$$$s$G$9$+(B?

$B"#(B Internet Explorer 6 SP1 $BMQ$N99?7%W%m%0%i%`$N%m!<%k%"%C%W(B
(Microsoft, 2004.12.06)

$B!!(BIE 6 SP1 $B$KBP$9$k!"Hs%;%-%e%j%F%#E*$J=$@5$b4^$s$@N_@QE*99?7%W%m%0%i%`!#(B $BBP1~4X78$r<($9$H(B:

$B%;%-%e%j%F%#(B fix $B$N$_(B $BHs%;%-%e%j%F%#(B fix $B$b4^$`(B
834707 (MS04-038) 873377
889293 (MS04-040) 889669

$B!!(BIE $B$N%m!<%k%"%C%W=$@5%W%m%0%i%`(B KB889669 $B$rE,MQ$9$k:]$NCm0U(B (updatecorp.co.jp) $B$rFI$s$G$h$&$d$/$o$+$C$?!D!D(B orz$B!#;d$N2r$7$^$7$?!#(B

$B!!4XO"(B: $B!Z7n4)(B M$ Securiyu 2004 $BG/(B 12 $B7n(B 2 $BF|NW;~A}4)9f![(B MS04-040 $BFC=8(B (Windows Security Center)$B!#$*$6$-$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $BL5NA%"%W%j$NBe=~!)(B $B5^A}$9$k%9%Q%$%&%'%"(B($B>e(B)
(WIRED NEWS, 2004.12.08)

$B!!(BiMesh $B$K%P%s%I%k$5$l$F$$$k(B Marketscore $B$H$$$&%9%Q%$%&%'%"(B ($B%7%^%s%F%C%/(B$B!"(BCA) $B$O!"(B $BFbB"$N(B proxy (ossproxy) $B$r;H$C$F(B $BA4$F$N(B web $B%H%i%U%#%C%/$r(B Marketscore $B$B7PM3$G9T$&$h$&$K$7$F$7$^$&$?$a!"8D?M>pJs$,(B Marketscore $BMarketscore $B$G$0$0$k(B$B$H!"$=$l$i$7$$(B proxy $B%[%9%HL>$,=P$F$-$^$9$M!#(B

$B%Z%s%7%k%Y%K%"=#N)Bg3X$N$"$k3X@8$O!"EE;R%a!<%k$G$N

$B!!$3$NO@M}$G9T$/$H!VBg3X$N%M%C%H%o!<%/$r$I$&;H$*$&$HBg3X$N<+M3$G!"3X@8$K;X?^$5$l$k6Z9g$$$O$J$$!W$K$J$k$@$1$N$h$&$J5$$,!#(B

$B%^!<%1%C%H%9%3%"$9$H$3$m$J$/EA$($h$&$HEXNO$7$F$$$k!#;22CpJs$r<}=8$9$k$+!"$3$N>pJs$r$I$&$d$C$F<}=8$9$k$+!"Ds6!$5$l$?>pJs$rJ]8n$9$k$?$a$K9V$8$F$$$kpJs$NMQES$r!"$-$A$s$H@bL@$7$h$&$HEX$a$F$$$k!W(B

$B!!$=$&$$$($P!"(BA.D.2001 $B$K$*$1$k(B office $B;a$N%W%l%<%s%F!<%7%g%s!V%&%$%k%9%O%C%-%s%0!W$K$O

  • $B%&%$%k%9$+H]$+$NH=CG$N4p=`$O $B%i%$%;%s%9!J$$$+$J$k7k2L$K$b@UG$$OIi$$$^$;$sEy!K$KF10U$7$?$+H]$+(B
$B$H$$$&$3$H$K$"$k(B
  • $B%f!<%6$,%i%$%;%s%9$KF10U$5$($7$F$$$l$P%W%m%0%i%`$,$I$s$JF0:n$r$7$h$&$H$+$^$o$J$$!#!J0-$G$O$J$$!K(B
    $B%i%$%;%s%9%O%C%/!J(BA.D.2000$B!K;2>H(B
    $B!!!!!a!d%&%$%k%9$K$b%i%$%;%s%9$r$D$1$h$&!*(B

    $B!!$D$E$-(B: $BL5NA%"%W%j$NBe=~!)(B $B5^A}$9$k%9%Q%$%&%'%"(B($B2<(B) (WIRED NEWS, 2004.12.09)$B!#(B

    $B!!4XO"(B: SSL$B0E9fDL?.$r2rFI$9$k%9%Q%$%&%'%"$KBg3X$,7Y>b(B (ITmedia, 2004.12.01)$B!#(B

    $B"#(B 2004.12.08

    $B"#(B $B$$$m$$$m(B
    (various)

    $B"#(B $BDI5-(B

    $B$$$m$$$m(B (2004.12.07)

    $B!!(Bnfs-utils $B$N7g4Y$O(B 1.0.7-pre1 $B$G=$@5$5$l$F$$$k$=$&$G$9!#(B

    $B"#(B MD5 To Be Considered Harmful Someday
    (bugtraq, Tue, 07 Dec 2004 08:29:34 +0900)

    $B!!(BMD5 $B%3%j%8%g%sOC!#(Bstripwire $B$H$$$&%G%b%D!<%k$b8x3+$5$l$F$$$^$9!#(B

    $B"#(B [Full-Disclosure] Multiple vulnerabilities in w3who ISAPI DLL
    (Full-Disclosure, Mon, 06 Dec 2004 20:40:39 +0900)

    $B!!(BWindows 2000/XP $B%j%=!<%9%-%C%H$K4^$^$l$k(B w3who.dll ISAPI DLL $B$K7g4Y!#(B $B%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$,B8:_$9$kB>!"(Bbuffer overflow $B$9$k7g4Y$b$"$k!#(B CVE: CAN-2004-1133 CAN-2004-1134

    $B!!=$@5%W%m%0%i%`$O$^$@B8:_$7$J$$!#967b$r2sHr$9$k$K$O!"(Bw3who.dll $B$r;H$o$J$$$h$&$K$9$k$7$+$J$$!#(B

    $B!!(Bw3who.dll $B$K$D$$$F$O$3$N$"$?$j$r(B:

    $B!!8=:_!"(Bw3who.dll $B$O%@%&%s%m!<%I$G$-$J$/$J$C$F$$$kLOMM!#(B

    $B"#(B 2004.12.07

    $B"#(B $B$$$m$$$m(B
    (various)

    2004.12.08 $BDI5-(B:

    $B!!(Bnfs-utils $B$N7g4Y$O(B 1.0.7-pre1 $B$G=$@5$5$l$F$$$k$=$&$G$9!#(B

    $B"#(B $BDI5-(B

    Windows 2000$B$KBP$9$k%5!<%S%9!&%Q%C%/$NDs6!$O$^$@B3$1$F$[$7$$(B

    $B!!(B$B%3%s%]!<%M%s%H$rDI2C$7$?$H$-$K!"%;%-%e%j%F%#99?7%W%m%0%i%`$,E,MQ$5$l$J$$8=>]$K$D$$$F(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2004.12.07)$B!#(B $B!V$9$G$K%$%s%9%H!<%k$5$l$F$$$k%3%s%]!<%M%s%H!W$K$D$$$F$O(B XP / Server 2003 $B$N!V%G%e%"%k%b!<%I%$%s%9%H!<%k!W$G2r7h$5$l$F$$$k$,!"!V$^$@%$%s%9%H!<%k$5$l$F$$$J$$%3%s%]!<%M%s%H!W$r2r7h$9$k(B sticky updates $B$O$^$@MBSA $B$G3NG'!"$,8=>u$G$N:GA1

    $B!!(BWindows $B$H(B Windows $B%3%s%]!<%M%s%HMQ%Q%C%1!<%8(B $B%$%s%9%H!<%i(B Update.exe $B$NFbIt%a%+%K%:%`(B (Microsoft) $B$O!"$-$A$s$HFI$s$G$*$$$?J}$,$h$5$=$&$@$J$"!#(B

    $B"#(B proxy $B4D6-$G(B Windows XP SP2 $B$rMxMQ$9$k$H!"(BWindows Update $B$G%U%!%$%k$r%@%&%s%m!<%I$G$-$J$$(B
    ($B%?%l%3%_(B, Mon, 06 Dec 2004 18:34:01 +0900)

    $B!!$R$0$A$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

    $B;d$N$H$3$m$G$O(Bproxy$B7PM3$G(Bweb$B%"%/%;%9$5$;$F$$$k$N$G$9$,!"(B Windows Update$B=PMh$J$$9`L\$,M-$k$H%/%l!<%`$,>e$,$C$FMh$^$7$?!#(B

    $BD4$Y$F$_$k$H!"(BWinXP SP2$B$N(BWindows Update$B$N%P%C%/%(%s%I(BBITS$B$,(B SP2$B%"%C%W%G!<%H;~$K(BIE$B$+$i$N%W%m%-%77Q>5$r9T$C$F$$$J$$$?$a!"(B $B%"%C%W%G!<%?$N%@%&%s%m!<%I$K<:GT$9$k$h$&$G$9!#(B

    $B%"%I%_%K%9%H%l!<%?8"8B$G%3%^%s%I%W%m%s%W%H$+$i(B proxycfg -u $B$G2r7h$7$^$9!#(B

    $B$3$N7o$K$D$$$F$O!"@D;33X1!$N(BNOC$B$G$N>pJs$,NI$/$^$H$^$C$F$$$^$9!#(B
    http://www.agnoc.aoyama.ac.jp/announce/20041203.txt

    $B!!$0$0$C$F$_$k$H!"F1MM$NFbMF$rB>$N>l=j$G$b$_$D$1$k$3$H$,$G$-$?(B:

    $B!!$3$&$$$&$3$H$N$h$&$@!#(B

    • Windows XP SP1 $B$^$G$O!"(BWindows Update $B$O(B BITS $B$H$O4X78$J$/F0:n$7$F$$$?!#(B $BMxMQ

      $B0lJ}!"<+F099?7$O(B BITS $B$rDL$7$F%U%!%$%k$r%@%&%s%m!<%I$7$F$$$?!#(B BITS $B$O(B WinHTTP $B$rMxMQ$7$FF0:n$9$k!#(B $B$=$N$?$a<+F099?7$NMxMQ

    • Windows XP SP2 $B$G$O!"(BWindows Update $B$b(B BITS $B$rDL$7$F%U%!%$%k$r%@%&%s%m!<%I$9$k$h$&$K$J$C$?!#(B $B$=$N$?$a!"(BWindows Update $B$NMxMQ

    $B!!(BWinHTTP $B$N%W%m%-%7@_Dj$O(B proxycfg $B%3%^%s%I$G9T$&!#%3%^%s%I%W%m%s%W%H$+$i

    $BFbMF(B $B%3%^%s%I(B
    $B8=:_$N@_Dj$r8+$k(B proxycfg
    $B8=:_$N%f!<%6$N(B Internet Explorer $B$N%W%m%-%7@_Dj$r(B WinHTTP $B$N%W%m%-%7@_Dj$KH?1G$9$k(B proxycfg -u
    $B%W%m%-%7%5!<%P$H$7$F(B proxy.example.jp:8080 $B$r!"D>@\@\B3$9$k%"%I%l%9$H$7$F(B 192.168.*, *.example.jp, <local> $B$r;XDj$9$k(B proxycfg -p proxy.example.jp:8080 "192.168.*;*.example.jp;<local>"
    WinHTTP $B$N%W%m%-%7@_Dj$r%/%j%"$9$k(B ($BD>@\@\B3$9$k(B) proxycfg -d
    $B%X%k%W$r8+$k(B proxycfg -?

    $B!!(B<local> $B$O!"%W%m%-%7%5!<%P@_Dj$N!V%m!<%+%k%"%I%l%9$K$O%W%m%-%7%5!<%P!<$r;HMQ$7$J$$!W$N$3$H$N$h$&$@!#(B $B%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$J$I$K$*$$$F0U?^$7$J$$>u67$r8F$S9~$`$3$H$,$"$k$N$G!"(B<local> $B$O;H$o$J$$$[$&$,$$$$$H8D?ME*$K$O;W$&!#(B

    2004.12.09 $BDI5-(B:

    $B!!4XO"(B: 888859 - [WU] Windows Update version 5 $B$GMxMQ$9$k%W%m%-%7$K$D$$$F(B (Microsoft)$B!#$3$3$G$b(B proxycfg $B$7$F$M!"$H=q$+$l$F$$$k!#(B

    $B!!(Bproxycfg $B%3%^%s%I$O!"(BWindows XP Pro / Server 2003 $B$K$O$"$k$,!"(B Windows 2000 $B$K$O$J$$$h$&$@!#(B MSXML 4.0 SP2 (Microsoft) $B$r%$%s%9%H!<%k$9$k$H(B proxycfg.exe $B$,$b$l$J$/IU$$$F$/$k$N$@$,!"(B $B:$$C$?$3$H$K!"(BWindows 2000 SP3 / SP4 $B$K%$%s%9%H!<%k$7$F$b%(%i!<$,=P$F$&$^$/F0$+$J$$!#(B 829735 - BUG: "WinHTTP5.dll Could Not Be Found" Error Message When You Run Proxycfg.exe after You Install MSXML 4.0 SP2 (Microsoft) $B$K$h$k$H!"2sHr:v$O!V(BWindows Server 2003 $B$N(B proxycfg.exe $B$r%3%T$C$F$/$k!W$H$$$&!"$J$s$H$bMpK=$J$b$N!#$=$s$J$3$H8@$&$N$J$i!"(BWindows Server 2003 $B$N(B proxycfg.exe $B$r%@%&%s%m!<%I$G$-$k$h$&$K$9$Y$-$@$H;W$&$N$@$,!#(B $B$D!<$+!"<+M3$K%3%T$C$F$$$$$s$G$9$+(B?

    2004.12.15 $BDI5-(B:

    $B!!%a!<%k$N@0M}$r$7$F$$$?$i!"(B2004.11.01 $B$N;~E@$G!"F#0f$5$s$+$i$3$N7o$K$D$$$F$N>pJs$,Mh$F$-$?$3$H$K5$$,$D$$$?(B orz$B!#$9$s$^$;$s!#(B_o_

    2004.12.17 $BDI5-(B:

    $B!!(Bproxy.pac $B$rMxMQ$7$F%W%m%-%7$r<+F0@_Dj$7$F$$$k4D6-$G$O!"(Bproxycfg -u $B$K<:GT$9$k$=$&$G$9!#>e86@h@8>pJs$"$j$,$H$&$4$6$$$^$9!#(B

    $B!!>e86@h@8$O(B .reg $B%U%!%$%k$rMQ0U$5$l$?$h$&$G$9$,!"(Bproxycfg $B$r

    $B!!!D!D@iMU$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B)

    • $BJ@

    • XP-SP2$BE,MQ8e!"(BWindowsUpdate$B$,$G$-$J$$C

    • $B$=$NF0$-$r8+$F$_$k$H!"CA02r7h$r

    • $B$=$3$G!"

    • $B$H$$$&$3$H$G!"%f!<%6B&$NC

    2004.12.27 $BDI5-(B:

    $B!!2C2l$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

    > $B2sHr:v$O!V(BWindows Server 2003 $B$N(B proxycfg.exe $B$r%3%T$C$F$/$k!W$H$$$&!"(B
    >$B$J$s$H$bMpK=$J$b$N!#$=$s$J$3$H8@$&$N$J$i!"(BWindows Server 2003 $B$N(B
    >proxycfg.exe $B$r%@%&%s%m!<%I$G$-$k$h$&$K$9$Y$-$@$H;W$&$N$@$,!#$D!<$+!"<+(B
    >$BM3$K%3%T$C$F$$$$$s$G$9$+(B

    $B;d$b!V<+M3$K%3%T$C$F$M!*!W$K5?Ld$r;}$C$F$$$?$N$G%^%$%/%m%=%U%H$KLd$$9g$o$;$r$7$F$_$^$7$?!#(B

    $B<+M3$K%3%T$C$F$$$$$N$+$H!"(B
    http://www.microsoft.com/japan/legal/permission/t-mark/img-req4.htm
    $B$3$3$K%a!<%k$G
    Windows Update$B$K4X$9$k$3$H$J$N$G!"EEOC$GLd$$9g$o$;$F$_$^$7$?!#(B
    http://support.microsoft.com/oas/default.aspx?gprid=6527
    $B%3%T$C$F(BOK$B$H$$$&JV;v$rLc$&$3$H$,$G$-$^$7$?!#(B

    $B%3%T$k$3$H$K4X$7$F$OEEOC$GLd$$9g$o$;$9$l$P(BOK$B$C$]$$$G$9!#(B

    2005.01.09 $BDI5-(B:

    $B!!(B888859 - [WU] Windows Update version 5 $B$GMxMQ$9$k%W%m%-%7$K$D$$$F(B (Microsoft) $B$,(B 2004.12.22 $BIU$G2~D{$5$l$F$$$k!#(B $B$3$l$r8+$k8B$j$G$O!"(BWPAD (wlug.org.nz$B!"(Bmonyo.com) $B$r;H$C$F$$$k$+!"(Bhttp:// $B$"$k$$$O(B https:// $B$J(B URL $B$G(B .pac $B%U%!%$%k$r;XDj$7$F$$$l$P!"<+F0E*$K(B proxy $B$rG'<1$7$F$/$l$k$h$&$@!#(B $B$=$&$G$J$$>l9g$O!"(Bproxycfg $B%3%^%s%I$J$I$G(B BITS proxy $B$N@_Dj$,I,MW$J$h$&$@!#(B

    $B"#(B DeleGate 8.10.3-pre7
    (delegate.org, 2004.12.06)

    $B!!(BDeleGate 8.10.3-pre7 $B$,=P$F$$$^$9(B ($B:G?7$O(B 8.10.3-pre8 $B$G$9(B)$B!#(B $BJ8;zNs$d%]%$%s%?!"9=B$BN$NG[Ns$N(B buffer overflow $B$KBP1~$5$l$F$$$k$=$&$G$9!#(B[DeleGate:12545] $B$h$j(B:

    $B0lNc$H$7$F!"(B
    delegated -f -P9999 PROXY=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx....($BD6D9$$(B)
    $B$N$h$&$K$9$k$H!"(B8.10.2 $B$^$G$O(B Segmentation fault (core dumped) $B$H$J$j$^$9$,!"(B8.10.3 $B$G$O(B scanf(), strncpy(), $BJ8;zNs=*C<$N@_Dj$N(B3$BCOE@$G!J!*!K%P%C%U%!%*!<%P!<%U%m!<$,L$A3$K8!=P$5$l$F2sHr$5$l$^$9!#(B

    $B!!(B[DeleGate:12546] $B$h$j(B:

    pre6$B$^$G$G$N!"%]%$%s%?$d9=B$BN$NG[Ns$N%*!<%P%U%m!<$KBP=h$7$^$7$?!#(B $BNc$($P!"(B

    -P1,2,3,4,5,6,7,8,9,10,11,... (FD_SETSIZE$B0J>e(B,$BDL>o(B1024)

    $B$N$h$&$K$9$k$H!"(Bsvport.c$B$NCf$K$"$k(B ServerPort se_SVPorts[FD_SETSIZE] $B$H$$$&9=B$BN$NG[Ns$,0n$l$^$9!#(B
    $B$=$NB>B??t$N%*!<%P%U%m!<$,$"$j$^$7$?!#$[$H$s$I$,%m!<%+%k$K$7$+5/$3$;$J$$$b$N$G$O$"$j$^$7$?$,!"Cf$K(B2$B$D$P$+$j!"%j%b!<%H$+$i5/$3$;$F7k9=4m81$@$H;W$o$l$k$b$N$,$"$j$^$7$?!#(B

    $B!!(Bdelegate ML $B$N%"%/%;%9%Q%9%o!<%I$K$D$$$F$O(B ML $B%"!<%+%$%V$N(B top $B%Z!<%8(B$B$r;2>H$7$F$/$@$5$$!#(B

    $B!!(B8.10.x $B7ONs$O$^$@&B07$$$J$N$GCm0U$7$F$/$@$5$$!#(B DeleGate ML $B$G$O!"(BFreeBSD 5.3-RELEASE $B$d(B Debian GNU/Linux 3.1 $B$G$&$^$/(B make $B$G$-$J$$$H$$$&OCBj$,B3$$$F$$$^$9!#(B $B$^$?(B C99 $B$N5!G=$,;H$o$l$F$$$k$h$&$G!"(BFreeBSD 4.10-RELEASE (gcc 2.95.4) $B$G$b$D$/$l$^$;$s$G$7$?!#(BFreeBSD 4.10-RELEASE + gcc 3.4.4 (ports/lang/gcc34) $B$G$O!"(B [DeleGate:12562][DeleGate:12564] $B$N(B FreeBSD 5.3-RELEASE $B$HF1MM$K!"(B

    % ar d lib/libsubst.a lstat.o
    % ar d lib/libsubst.a inet_aton.o

    $B$,I,MW$G$7$?!#(BTurbolinux 10 Desktop (gcc 3.3.1) $B$G$OAGD>$K$D$/$l$^$7$?!#(B

    2005.02.22 $BDI5-(B:

    $B!!(BDeleGate 8.11.0 $B=P$^$7$?!#&B$,

    2005.03.25 $BDI5-(B:

    $B!!(BDeleGate 8.11.1 $B$,=P$F$$$^$9!#(BC99 $B$KE,9g$7$F$$$J$$(B gcc 2.x $B$G$b:n@.$G$-$k$h$&$K$J$j$^$7$?!#$"$j$,$?$d!#(B

    $B"#(B $B!V%a!<%k$G?R$M$k$3$H$O$7$F$$$J$$!W$H$$$&0l$D3P$((B
    ($B9bLZ9@8w!w<+Bp$NF|5-(B, 2004.12.05)

    $B!!%$!<%P%s%/6d9T$C$F!"$3$s$J$N$^$GJ?J8%a!<%k$GAw$C$F$$$k$s$G$9$+!#(B $B$$$d$"!"62$$$J$"!#$*$^$1$K!"@55,$N%a!<%k$K<($5$l$F$$$k(B URL $B$9$i(B http:// $B$8$c$J$$$G$9$+!#(B $B$J$<(B https:// $B$8$c$J$$$s$@$m$&!#(B

    $B!!6d9T$N%M%C%H%5!<%S%9$C$F!"$I$3$b$3$s$J46$8$J$N$+$J$"!#(B

    $B"#(B 2004.12.06

    $B"#(B $BDI5-(B

    ZIP $B%U%!%$%k$M$?(B

    $B!!(Bzip 2.3 $BJ}LL(B fix:

    Yahoo! JAPAN ID$B$H%Q%9%o!<%I$rIT@5$KEp$_

    $B!!>\:Y$,8x3+$5$l$F$$$^$9(B: $B%d%U!<$+$i$NDLCN$rAu$C$?F|K\8l%U%#%C%7%s%0$G2?$,5/$-$F$$$?$+(B ($B9bLZ9@8w!w<+Bp$NF|5-(B, 2004.12.05)$B!#(B

    [SA13269] Winamp "IN_CDDA.dll" Buffer Overflow Vulnerability

    $B!!(BWinamp 5.07 $B$,EP>l$7$F$$$^$9!#7g4Y$,=$@5$5$l$?$3$H$K$J$C$F$$$k$h$&$G$9!#(B

    $B"#(B 2004.12.04

    $B"#(B 2004.12.03

    $B"#(B 2004.12.02

    $B"#(B $BDI5-(B

    IE 6$B$K?7$?$J%P%C%U%!%*!<%P!<%U%m!Z%3!<%I$O8x$K(B

    $B!!(Bpatch $B$,=P$?$h$&$G$9(B: Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (889293) (MS04-040) (Microsoft)$B!#(B

    $B"#(B 2004.12.01

    $B"#(B $BDI5-(B

    Internet Security Systems Protection Alert: Microsoft WINS Server Vulnerability

    $B!!85%M%?(B: Wins.exe remote vulnerability (immunitysec.com)$B!#(B

    $B!!(BMicrosoft KB $BF|K\8lHG(B: WINS $B$N%;%-%e%j%F%#$NLdBj$+$i%3%s%T%e!<%?$rJ]8n$9$kJ}K!(B (Microsoft)

    [$B%;%-%e%j%F%#%[!<%k(B memo]
    $B;d$K$D$$$F(B