$B%;%-%e%j%F%#%[!<%k(B memo - 2005.02

Last modified: Tue May 30 18:45:55 2006 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2005.02.28

$B"#(B Firescrolling [Firefox 1.0]
(bugtraq, Fri, 25 Feb 2005 17:10:30 +0900)

$B!!(B[SA14160] Mozilla / Firefox Three Vulnerabilities $B$J$I$N4{CN$N(B Firefox $B$N7g4Y$rAH$_$"$o$;$k$H!"(B IE$B$N%I%i%C%0!u%I%m%C%W=hM}$K?<9o$J@H $B$HF1MM$N!V%9%/%m!<%k%P!<967b!W$r(B Firefox 1.0 $B$K$bCAN-2005-0527

$B!!(BFirefox 1.0.1 $B$G=$@5$5$l$F$$$k!#(B

2005.03.03 $BDI5-(B:

$B!!(BMozilla Foundation Security Advisory 2005-27 (mozilla.org)

$B"#(B $BDI5-(B

[SA14160] Mozilla / Firefox Three Vulnerabilities

$B!!(BFirefox 1.0.1 $B=P$^$7$?!#(B $B>e5-7g4Y$,=$@5$5$l$F$$$^$9!#(B

$B9q:]2=%I%a%$%sL>BP1~%V%i%&%6$K(BURL$B$,!H56Au!I$5$l$kLdBj!"(BIE$B$O1F6A$J$7(B

$B!!(BFirefox 1.0.1 $B$H(B Opera $B$N

$B!!(BOpera$B!"$d$j$^$9$J!#(B

$B!!$^$?!"(BFirefox $B$G;H$($k(B SpoofStick $B$H$$$&%f!<%F%#%j%F%#$,$"$k$=$&$@!#(B $B<+J,$NL\$b(B URL $B$b?.MQ$G$-$J$$(B (TidBITS $BF|K\8lHG(B #766/14-Feb-05) $B$r;2>H!#(B

$B"#(B 2005.02.26

$B"#(B [Full-Disclosure] iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability
(iDEFENSE, 2005.02.25)

$B!!(Bwu-ftpd 2.6.2 $B0JA0$K7g4Y!#(Bwu-ftpd $B$KBP$7$F!"%/%i%$%"%s%H$+$i(B dir *******($BCfN,(B)*******.* $B$H$+$9$k$H(B DoS $B>uBV$K$J$k!#:G8e$N(B .* $B$,%]%$%s%H$N$h$&$@!#(B iDEFENSE Advisory $B$K$O(B wu_fnmatch.c $B$N(B wu_fnmatch() $B$K$*$1$k:F5"=hM}$,!D!D$H$+=q$+$l$F$$$k$N$@$1$I!"K\Ev$J$N$+$J$"!#(B CVE: CAN-2005-0256

$B!!(Bwu-ftpd.org $B%*%U%#%7%c%k$N=$@5%W%m%0%i%`!"$H$$$&$b$N$O:#$N$H$3$mB8:_$7$J$$!#(B

2005.03.01 $BDI5-(B:

$B!!(BRe: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability (bugtraq)$B!#(B $BD>$9$Y$-$O(B wu_fnmatch.c $B$8$c$J$/$F(B glob.c $B$J$N$G$O!"$H$$$&;XE&!#(Bpatch $B$D$-!#(B $B$3$N(B patch $B$rE,MQ$9$k$H>e5-(B DoS $B$,H/@8$7$J$/$J$k$3$H$r

$B"#(B 2005.02.25

$B"#(B WIDE $B9g=I$K$*$1$k(B DNS $B967b
(WIDE Project, 2005.01.31)

$B!!(BInernet Week 2004: DNS DAY $B$G$b>R2p$5$l$?!"%&%=(B DNS $B1~Ez@8@.%G!<%b%s(B uso800d / dnsattack $B$r;HMQ$7$?(B DNS $B:>>N967bu67$,(B DNS DAY $B$G$NR2p$5$l$F$$$?!#(B

$B!!$H$$$&$o$1$G!"%O%$$$$+$,$G$7$?$+!A!"(BDNS $B:>>N62$$$G$9$M!A!"62$7$$$G$9$M!A!"(BDNSSEC $BM_$7$$$G$9$M!A(B ($B@<(B: $BMd@nD9<#(B$B@h@8(B) $B$H$$$&OC$K$D$J$,$C$F$$$/$o$1$G$9$,!D!D!#(B

$B"#(B Trend Micro $B%"%s%A%&%#%k%9(B $B%i%$%V%i%j$G$N%R!<%W(B $B%*!<%P!<%U%m!<(B
(ISS, 2005.02.24)

$B!!%H%l%s%I%^%$%/%m$N%"%I%P%$%6%j(B: Vulnerability in VSAPI ARJ parsing could allow Remote Code execution (trendmicro.com)

$B!!%H%l%s%I%^%$%/%m$N(B VSAPI 7.500 $B0JA0$K7g4Y!#(B ARJ $B%"!<%+%$%V$N=hM}$K7g4Y$,$"$j!"%"!<%+%$%VFb$ND9Bg$J%U%!%$%kL>$K$h$C$F(B buffer overflow $B$,H/@8$9$k!#(B $B$3$l$K$h$j!":Y9)$7$?(B ARJ $B%"!<%+%$%V$r;H$C$FG$0U$N%3!<%I$r

$B!!(BVSAPI 7.510 $B$G=$@5$5$l$F$$$k!#(B $B1Q8lHG(B VSAPI $B$O(B 7.510 $B$,MQ0U$5$l$F$$$k$,!"(B $BF|K\8lHG(B VSAPI $B$O$^$@(B 7.500 $B$N$^$^$@!#!D!D$H$+=q$$$F$$$k$&$A$K!"$3$s$J$N=P$F$^$7$?(B:

$B!!9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2005.02.24

$B"#(B $BDI5-(B

$B%&%$%k%9BP:v%=%U%HF3F~:Q$_(BXP SP2$B$G%V%k!<%9%/%j!<%s$K$J$kIT6q9g(B

$B!!(BKB 887742 $B$NF|K\8lHG$,EP>l(B: 887742 - Windows XP Service Pack 2 $B$^$?$O(B Windows Server 2003 $B$G(B Stop $B%(%i!<(B "Stop 0x05 (INVALID_PROCESS_ATTACH_ATTEMPT)" $B$,I=<($5$l$k(B$B!#(B $B$^$?!"(Bpatch $B$,(B Windows Update $B$G$bG[I[$5$l$F$$$k$=$&$@(B ($BF|7P(B IT Pro)$B!#(B $B$?$@$7!"(BWindows Server 2003 $BMQ$N(B patch $B$O$^$@$J$$$7!"(BWindows XP Tablet PC Edition 2005 $B$K(B Windows XP Service Pack 2 $BMQ$N(B patch $B$rE,MQ$7$F$b$$$$$N$+H]$+$bL@3N$G$O$J$$!#(BWindows XP Tablet PC Edition 2005 $B$G(B Windows Update $B$7$F$_$l$PEz$O$o$+$k$N$+$b$7$l$J$$!#(B

$B"#(B 2005.02.22

$B"#(B Yahoo! Messenger$B$K(B2$B$D$N@H
(Internet Watch, 2005.02.21)

$B!!$=$l$G!"=$@5HG$O=P$?$s$G$9$+$M$(!#(B

$B"#(B $BDI5-(B

Putty 0.57 $B$h$jA0$N(B sftp $B

$B!!(BPuTTY $B$G(B ISO 2022 $B$K$h$kF|K\8lF~NO!&I=<($r2DG=$K$9$k%Q%C%A(B$B!#(B $B$b(B 0.57 $B%Y!<%9$K$J$C$?!#(B($B>eEg$5$s46

DeleGate 8.10.3-pre7

$B!!(BDeleGate 8.11.0 $B=P$^$7$?!#&B$,

$B"#(B 2005.02.21

$B"#(B $BDI5-(B

$BIT@5%-%c%C%7%e%+!<%I$N%3%9%H$OC/$,IiC4$9$Y$-$+(B

$B!!(B$B0BA4?@OC$r:n$i$;$F$O$J$i$J$$(B ($B:j;3?-IW$N(BBlog, 2005.02.15)$B!#8m2r$r>7$/5-=R$G$4$a$s$J$5$$!#(B

XSS vulnerabilty in ASP.Net [with details]

$B!!(BASP.NET $B$K(B XSS? ($B?eL57n$P$1$i$N$($SF|5-(B, 2005.02.17)$B!#(BresponseEncoding $BB0@-$,(B windows-$B$J$s$H$+(B $B$K$J$C$F$$$k>l9g$O!"F1MM$N=hCV$,I,MW$J$h$&$G$9!#(B

$B"#(B Putty 0.57 $B$h$jA0$N(B sftp $B
(Putty home page, 2005.02.20)

$B!!(BPutty 0.57 $B$h$jA0$N(B sftp $B

$B!!$I$A$i$b(B iDEFENSE $B$,H/8+!&DLJs$7$?$b$N$J$N$G!"$=$N$&$A(B advisory $B$,=P$k$@$m$&!#(B

$B!!(BPutty 0.57 $B$G=$@5$5$l$F$$$k!#LZB<$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#F|K\8lHG$N>u67(B:

$B"#(B Web $B56Au:>5=(B (phishing) $B$NF'$_Bf%5!<%P$K4X$9$kCm0U4-5/(B
(JPCERT/CC, 2005.02.21)

$B!!(B$B:42l$N7o(B$B$OI9;3$N0l3Q$G!"$=$&$$$C$?;vNc$OB??tB8:_$9$k$=$&$G$9!#(B

$BFC$K!"(BOS $B$H$7$F(B Linux $B$,;H$o$l!"3n$D(B OpenSSH $B$d(B telnetd $B$r;H$C$F%j%b!<%H%"%/%;%9$r5v2D$7$F$$$k%$%s%?!<%M%C%H>o;~@\B3$N%5!<%P$KBh;05=(B (phishing) $B$NF'$_Bf%5!<%P$K$9$k%1!<%9$,B??t8+

$B!!(BWindows $B$8$c$J$$$+$i0B?4!"$H$+;W$C$F$k$H9s$$L\$K$"$&$N$G$7$g$&!#(B

$B"#(B 2005.02.19

$B"#(B 2005.02.18

$B"#(B MS$B8&5f
(ITmedia, 2005.02.18)

$B!!(B$B%"%s%A!&%U%)%l%s%8%C%/(B (Makoto Shiotsuki) $B$b;2>H!#(B

$B"#(B XSS vulnerabilty in ASP.Net [with details]
(bugtraq, Thu, 17 Feb 2005 10:33:40 +0900)

$B!!(BASP.NET $B$K7g4Y!#(BASP.NET $B$G$OI8=`$G!"%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$rL$A3$KKI$0$?$a$K%j%/%(%9%H$r8!>Z$7!"4m81$JJ8;z$,4^$^$l$F$$$l$PNc30$rH/@8$5$;$k(B (ValidateRequest, HttpRequestValidationException)$B!#(B $B$H$3$m$,!"(BWeb.config $B$N(B globalization $BMWAG$K$*$$$F(B responseEncoding $BB0@-$r(B windows-1251 $B$H$7$?>l9g$K!"(B $B%j%/%(%9%HCf$K!"(B $B!VA43Q!W1Q?tJ8;z(B (unicode.org) $B$r(B HTTP $B%(%s%3!<%I$7$F4m81$JJ8;z$r5-=R$9$k(B ($B!c!d$J$I$r(B %uff1c %uff1e $B$J$I$N$h$&$K5-=R$9$k(B) $B$H!"8!>Z5!9=$rDL2a$7$?>e$G!"BP1~$9$k$U$D$&$N(B ($B!VH>3Q!W(B) $B1Q?tJ8;z$KJQ49$5$l$F$7$^$&!#(B $B7k2L$H$7$F!"%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$,H/8=$9$k!#(B $B$3$N7g4Y$O!"(BMicrosoft $B=c@5$N(B ASP.NET $B$NB>!"(BGNU $B$K$h$k(B .NET $B$K$=$N$h$&$J>u67$,H/@8$9$k(B responseEncoding $BB0@-$,B8:_$9$k$+$I$&$+$OITL@!#(B

$B!!=$@5%W%m%0%i%`$O:#$N$H$3$mB8:_$7$J$$!#2sHr$9$k$K$O!"(BresponseEncoding $BB0@-$r(B utf-8 $B$H$9$k$+!"%"%W%j%1!<%7%g%sB&$GA43Q1Q?tJ8;zNN0h$rGS=|$9$k!#(B

$B!!!D!D$H$$$&M}2r$G$$$$$N$+$J!#(B UNICODE Collation Charts $B$H$+$b;2>H!"$J$N$+$J!#(B

2005.02.21 $BDI5-(B:

$B!!(BASP.NET $B$K(B XSS? ($B?eL57n$P$1$i$N$($SF|5-(B, 2005.02.17)$B!#(BresponseEncoding $BB0@-$,(B windows- $B$K$J$C$F$$$k>l9g$O!"F1MM$N=hCV$,I,MW$J$h$&$G$9!#(B

$B"#(B 2005.02.17

$B"#(B HP Web-Enabled Management Software Security Patch for Windows
(HP, 2004.12.17)

$B!!(Binfo from: P-141: HP Web-enabled Management Software Vulnerability (CIAC, 2005.02.16)$B!#1F6A$9$k%W%m%@%/%H(B:

PRODUCTS AFFECTED:
* HP Insight Management Agents for Servers
* HP Version Control Repository Agent
* HP Version Control Agent
* HP Insight Manager 7
* HP Array Configuration Utility
* HP Performance Management Pack
* HP Performance Management Pack Tools
* ProLiant Performance Analyzer

$B!!(BHP $B$J5!3#$,F~$C$F$$$k4D6-$@$H!"$1$C$3$&1F6A$7$F$$$?$j$9$k(B? ($B$h$/$o$+$i$s(B)

$B"#(B $BDI5-(B

Windows SharePoint Services $B$*$h$S(B SharePoint Team Services $B$N@H

$B!!(BSharePoint Portal Server 2003 $B$H(B Small Business Server 2003 $B$K$O(B Windows SharePoint Services $B$,4^$^$l$F$$$k$?$a!"$3$N7g4Y$N1F6A$r

$B"#(B [Full-Disclosure] IE/OE Restricted Zone Status Bar Spoofing
(Full-Disclosure, 17 Feb 2005 14:22:08 +0900)

$B!!(BIE 5.01 SP4 / 6 SP[12] $B$K7g4Y!#%9%F!<%?%9%P!<$KI=<($5$l$k%j%s%/@h(B URL $B$r56Au$9$k$3$H$,2DG=!#(B $B;XE&J8=q$K<($5$l$F$$$k$b$N$rMxMQ$7$?(B$B%G%b%Z!<%8(B$B$r$D$/$C$F;n$7$?$H$3$m!"

$B"#(B 2005.02.16

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

WMV$B%U%!%$%k$rAu$&%H%m%$$NLZGO!"(BP2P$B%=%U%H$GN.9TCf!A(BDRM$B$r0-MQ(B

$B!!=$@5%W%m%0%i%`$,EP>l$7$?LOMM(B: Windows Media Player 10$B$N99?7%W%m%0%i%`!"(BDRM$B$N%;%-%e%j%F%#$r6/2=(B (Internet Watch, 2005.02.16)

$B"#(B Linux $B%+!<%M%k$M$?(B
(various)

$B"#(B SHA-1 Broken
(Schneier on Security, 2005.02.15)

$B!!40A4HG(B SHA-1 $B$,GK$i$l$?$=$&$G$9!#(B $B4XO"(B: SHA-1$B$,GK$i$l$?!)(B ($BIpED7=;K(B)

2005.04.07 $BDI5-(B:

$B!!(B$B2rFI$5$l$?(BSHA-1: $B!V(BCRYPTO-GRAM$B!!(BMarch 15, 2005$B!W$h$j(B ($BF|7P(B IT Pro, 2005.04.07)

$B"#(B 2005.02.15

$B"#(B $BDI5-(B

$B9q:]2=%I%a%$%sL>BP1~%V%i%&%6$K(BURL$B$,!H56Au!I$5$l$kLdBj!"(BIE$B$O1F6A$J$7(B

$B!!(BFirefox$B$H(BMozilla$B$N (Internet Watch, 2005.02.15)$B!#8=>u$G$OBEEv$JA*Br$G$7$g$&!#(B

OLE $B$*$h$S(B COM $B$N@H

$B!!I{:nMQ>pJs(B: [OL2003] MS05-012 $BE,MQ8e$KE:IU%U%!%$%kL>$,6uGr$K$J$k(B (Microsoft)$B!#E:IU%U%!%$%k$N%U%!%$%kL>$,!V(B42 $B%P%$%H!W0J>e$N>l9g$KH/@8$9$kLOMM!#(B

Squirrelmail vacation v0.15 local root exploit

$B!!(BPlugins - Vacation Local 1.0 $B$G=$@5$5$l$?$=$&$G$9!#(B

$B"#(B [SA14160] Mozilla / Firefox Three Vulnerabilities
(secunia, 08 Feb 2005 21:30:02 +0900)

$B!!(BMozilla 1.7.5 / Firefox 1.0 $B$K(B 3 $B$D$N7g4Y!#(B

$B!!

2005.02.28 $BDI5-(B:

$B!!(BFirefox 1.0.1 $B=P$^$7$?!#(B $B>e5-7g4Y$,=$@5$5$l$F$$$^$9!#(B

2005.03.02 $BDI5-(B:

$B!!(BMozilla Advisory:

$B"#(B [VulnWatch] iDEFENSE Security Advisory 02.11.05: ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability
(VulnWatch, 12 Feb 2005 05:26:16 +0900)

$B!!(BZoneAlarm / Check Point Integrity $B$K7g4Y!#(B local user $B$,(B DoS $B967b$r

$B!!(BZoneAlarm $B$N>l9g$O<+F0%"%C%W%G!<%H$K$h$j<+F0E*$K=$@5$5$l$k!#(B Check Point Integrity $B$O(B 4.5.122.000 / 5.1.556.166 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B iDEFENSE Security Advisory 02.07.05: SquirrelMail S/MIME Plugin Command Injection Vulnerability
(bugtraq, 08 Feb 2005 05:03:01 +0900)

$B!!(BSquirrelmail S/MIME plugin 0.5 $B0JA0$K7g4Y!#F~NOCM$N=|@w$,IT40A4$J$?$a!"G'>Z$5$l$?(B remote $B%f!<%6$,(B web $B%5!<%P8"8B$GG$0U$N%3!<%I$r

$B!!(BS/MIME plugin 0.6 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B [Full-Disclosure] Microsoft Outlook Web Access URL Injection Vulnerability
(Full-Disclosure, 07 Feb 2005 09:00:10 +0900)

$B!!(BExchange 2003 $B$N(B Outlook Web Access $B$K7g4Y!#(B $B%m%0%*%sMQ$N(B asp $B%Z!<%8$,(B https://[owa-host]/exchweb/bin/auth/owalogon.asp $B$K$"$k>l9g$K!"(B

https://[owa-host]/exchweb/bin/auth/owalogon.asp?url=http://3221234342/

$B$K%"%/%;%9$9$k$H!"G'>Z8e$K(B http://3221234342/ (= http://192.0.34.166/ = http://example.com/) $B$K%j%@%$%l%/%H$5$l$F$7$^$&!#(B

https://[owa-host]/exchweb/bin/auth/owalogon.asp?url=http://3221234342/virus.exe

$B$NJ}$,$o$+$j$d$9$$$+!#96N,%j%s%/$D$-$N(B HTML $B%a!<%kEy$r8+$F!"%j%s%/$r%/%j%C%/$9$k$H!"!D!D!#(B

$B!!$J$*!"$3$N7g4Y$O$5$l$k$=$&$G$9!#(B Exchange 2003 SP2?

$B"#(B CAN-2005-0100: Format string vulnerability in the movemail utility in Emacs / XEmacs
(CVE, 2005.01.18)

$B!!(BEmacs 21.3 $B0JA0(B / XEmacs 21.4 $B0JA0$KIUB0$N(B movemail $B$K7g4Y!#(B popmail() $B$K(B format $B%P%0$,$"$j!"96N,(B pop $B%5!<%P$K@\B3$9$k$HG$0U$N%3!<%I$r

fix / patch:

$B"#(B [PDFml-J:03640] PDF $BE:IU%U%!%$%k$N%&%#%k%9%A%'%C%/(B
(PDFml-J, Wed, 9 Feb 2005 18:17:52 +0900)

$B!!(BPDFml-J ML $B%"!<%+%$%V$N%"%/%;%9%"%+%&%s%H$K$D$$$F$O(B $B!Z2a5n%a!<%k$N $B$r;2>H!#(B

$B!!(BPDF $B$K$OE:IU%U%!%$%k$r@_CV$9$k$3$H$,$G$-$k$,!"$3$NE:IU%U%!%$%k$,%&%$%k%9$K46@w$7$F$$$F$b!"%"%s%A%&%$%k%9%=%U%H$G$O8!=P$5$l$J$$$h$&$@!"$H$$$&;XE&!#(B $B[PDFml-J:03644]$B!"$d$O$j8!=P$5$l$J$+$C$?!#(B $B$J$*!"$3$NOC$O2?G/$bA0$K;XE&$5$l$F$$$k(B [PDFml-J:03641] $B$=$&$G!"$=$l$O(B Adobe PDF files can be used as virus carriers (Richard M. Smith) $B$G$O$J$$$+$H;W$o$l!#(B

$B"#(B AWStats <= 6.3 Multiple vulnerabilities
(bugtraq, Mon, 14 Feb 2005 17:10:40 +0900)

$B!!(BAWStats 6.3 ($B:G?7(B stable) $BHG0JA0$K7g4Y!#(B awstats.pl $B$,(B CGI $B$H$7$Fl9g$K!"F~NO$KBP$9$k=|@w=hM}$K7g4Y$,$"$j!"(B remote $B$+$i(B

$B"#(B 2005.02.14

$B"#(B $BDI5-(B

PNG $B=hM}$N@H

$B!!(BMS05-009 $B$K7Y9p$,DI2C$5$l$?!#(B

$B7Y9p(B : 2005 $BG/(B 2 $B7n(B 10 $BF|(B ($BJF9qF|IU(B) $B$+$i!"(BMSN Messenger $B%5!<%S%9$O!"(BMSN Messenger $B$N1F6A$rl9g$,$"$j$^$9!#(B

$B!!$H$$$&$o$1$G!"%"%C%W%0%l!<%I$7$^$7$g$&!#(B

F-Secure $B%"%s%A%&%$%k%9(B $B%i%$%V%i%j(B $B%*%P!<%U%m!<(B

$B!!(BF-Secure $B%"%s%A%&%#%k%9@=IJ%P%C%U%!%*!<%P%U%m!<@H ($BF|K\%(%U!&%;%-%e%"(B, 2005.02.14)$B!#(B $BF|K\8lHGBP1~(B patch $B=P$F$$$^$9(B ($BK\2H$HF1$8$+$b$7$l$J$$$1$I(B)$B!#(B littlecub $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

SYM05-003: $B%7%^%s%F%C%/$N(B UPX $B2r@O%(%s%8%s$K%R!<%W(I%$B%*!<%P!<%U%m!<$N@H

$B!!(BSYM05-003 $B$,BgI}$K2~D{$5$l$F$$$k!#(B $BBg7'$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#2~D{HG$K$h$k$H!"(B

  • Symantec AntiVirus Corporate Edition 9.0 $B$K$O$3$N7g4Y$O$J$$!#(B

  • $BF|K\8lHG$N(B Symantec AntiVirus Corporate Edition 8.0 / 8.1 $B$K$O$3$N7g4Y$O$J$$!#(B $B1Q8lHG$K$O7g4Y$,B8:_$7!":G?7HG$G=$@5$5$l$F$$$k!#(B

  • Symantec AntiVirus Corporate Edition 7.6 $B$K$O$3$N7g4Y$O$J$$!#(B

  • Symantec Client Security 2.0 $B$K$O$3$N7g4Y$O$J$$!#(B

  • $BF|K\8lHG(B Symantec Client Security 1.0 / 1.1 $B$K$O$3$N7g4Y$O$J$$!#(B $B1Q8lHG$K$O7g4Y$,B8:_$7!":G?7HG$G=$@5$5$l$F$$$k!#(B

$B"#(B 2005.02.12

$B"#(B OpenPGP$B$K@_7W>e$N@H
(slashdot.jp, 2005.02.11)

OpenPGP$B$O5pBg$J%U%!%$%k$rI|9f2=$9$k:]$KA4It$rI|9f$7$J$/$F$b80$,4V0c$C$F$$$k$+$I$&$+$9$0$K%A%'%C%/$G$-$k;EAH$_$rHw$($F$$$k!#(B

$B!!MxJX@-$rDI5Z$9$k$H%;%-%e%j%F%#$O!D!D$NE57?;vNc$J$@$1$N5$$,!#(B $B$^$"!"$3$N7g4Y$,O*Dh$9$k$h$&$J(B ($B0lHLE*$G$O$J$$(B) $B>u67$K$*$$$F$b(B

$B9,$$$K$b(BOpenPGP$B$N>l9g$O0E9f2=$NA0$KF~NO$r05=L$9$k$N$,0lHLE*$J$?$a!"05=L$5$l$?%G!<%?$NCGJR$7$+F@$i$l$:!"K\Ev$NJ?J8$N:F9=C[$O:$Fq$@!#(B

$B$@$=$&$J$N$G!":#$9$0?4G[$9$kI,MW$O$J$5$=$&$G$9$,!#(B

2005.03.25 $BDI5-(B:

$B!!(BGnuPG 1.4.1 $B=P$F$$$^$9!#(B

Added countermeasures against the Mister/Zuccherato CFB attack <http://eprint.iacr.org/2005/033>

$B!!(BGnuPG 1.2.7 / 1.4.0 $BMQ(B patch: [Announce] Attack against OpenPGP encryption

2005.08.23 $BDI5-(B:

$B!!(BCVE: CAN-2005-0366

$B"#(B 2005.02.11

$B"#(B $BIT@5%-%c%C%7%e%+!<%I$N%3%9%H$OC/$,IiC4$9$Y$-$+(B
($B:j;3?-IW$N(BBlog, 2005.02.12)

$B!!F|K\$N6d9T%-%c%C%7%e%+!<%I$O!"Bg

$B!!$b$C$H$b!"!V(BIC $B%+!<%I2=!W$K$b$$$m$$$m$"$C$F!"(B

$B$H$$$&$N$b$"$k$N$GCm0U$,I,MW$+$H!#3N$+$K!V(BIC $B%+!<%IHsBP1~!W$J(B ATM $B$b$^$@$^$@B?$$$@$m$&$H$O;W$$$^$9$,!"$G$b$M$(!#(BUFJ $B6d9T$N>l9g$O!"<'5$%+!<%IItJ,$K$D$$$F$O!"(B

$B$=$l0J30$N#A#T#M(B($BB>9T#A#T#M!&Ev9T#I#C%+!<%IL$BP1~#A#T#M$J$I(B)$B$r$4MxMQ$N>l9g$O!"$"$i$+$8$a$*?==P$$$?$@$$$?!"#1F|$"$?$j$NMxMQ8BEY3[(B($BNc$($P(B10$BK|1_(B)$B$rD6$($?=P6b(B($B$*0z=P$7!"$*?69~$_!"$*?6BX$($=$l$>$l$K$D$$$F(B)$B$r@)8B$$$?$7$^$9!#(B

$B$H$$$&KI8f(B ($BMxMQ8BEY3[%5!<%S%9(B) $B$O$$$A$*$&$"$k$_$?$$$G$9$,!"!V%5!<%S%9$r?=$79~$^$J$$$H;H$($J$$!W$H$$$&$N$,$=$b$=$b!D!D!#>e5-Nc$G$b!"KhF|(B 10 $BK|$:$D0z$-=P$5$l$F$$$k;v$K5$$,$D$+$J$+$C$?$i%*%o%j$J$o$1$@$7!"$$$^$$$A%$%1$F$J$$5$$,!#$?$H$($P%$!<%P%s%/6d9T$,(B 4 $B7n$+$iM=Dj$7$F$$$k!V(BATM$BA`:n;~$NB(;~%a!<%kDLCN!W$_$?$$$J$b$N$,$"$C$F$[$7$$$J$"!#(B $B$"$H!"MxMQ8BEY3[%5!<%S%9$rL@<(E*$K@_Dj$7$J$$>l9g$O!"<'5$%+!<%IItJ,$r;H$C$?=P6b$,%G%U%)%k%H$GL58z2=$5$l$k$H$+$@$H$&$l$7$$$h$&$J!#(B

$B!!4XO"(B:

2005.02.21 $BDI5-(B:

$B!!(B$B0BA4?@OC$r:n$i$;$F$O$J$i$J$$(B ($B:j;3?-IW$N(BBlog, 2005.02.15)$B!#8m2r$r>7$/5-=R$G$4$a$s$J$5$$!#(B

$B"#(B [Full-Disclosure] Administrivia: List Compromised due to Mailman Vulnerability
(Full-Disclosure, Thu, 10 Feb 2005 03:15:02 +0900)

$B!!(Bmailman 2.1.5 $B0JA0$K7g4Y!#(Bprivate.py $B$K$*$1$k=|@w=hM}$,IT==J,$J$?$a$K(B directory traversal $B7g4Y$,H/@8!"(Bremote $B$+$iG$0U$N%U%!%$%k$rFI$_=P$9$3$H$,2DG=!#(B CVE: CAN-2005-0202

$B!!=$@5HG$O$^$@$J$$!#$H$j$"$($:BP1~$9$k$K$O!"(Bprivate.py $B$N(B true_path() $B$r(B $B;XE&J8=q(B $B$K$"$k$h$&$K=q$-$+$($k!#(B

fix / patch:

$B"#(B BrightStor ARCserve Backup $B4XO"(B
(iDEFENSE)

$B"#(B F-Secure $B%"%s%A%&%$%k%9(B $B%i%$%V%i%j(B $B%*%P!<%U%m!<(B
(ISSKK, 2005.02.10)

$B!!(BF-Secure Anti-Virus for Workstation version 5.43 $B0JA0(B / for Windows Servers version 5.50 $B0JA0$J$I!"(BF-Secure $B$N%"%s%A%&%$%k%9@=IJ$K7g4Y!#(B ARJ $B=q8K%U%!%$%k$N=hM}$K$*$$$F(B buffer overflow $B$9$k7g4Y$,$"$j!":Y9)$7$?(B ARJ $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

$B!!(BF-Secure Internet Security / F-Secure Anti-Virus 2004 / 2005$B!"(B F-Secure Personal Express $B$K$D$$$F$O<+F0E*$K99?7$5$l$k$=$&$@$,!"(B $BF|K\8lHG(B F-Secure Internet Security / F-Secure Anti-Virus $B$G$b$=$&$J$N$+$OITL@!#$=$&$@$H$7$F$b!"8=;~E@$G=$@5$,MQ0U$5$l$F$$$k$N$+$I$&$J$N$+!#(B $B8DJL(B patch $B$rF~l9g$O(B F-Secure Anti-Virus 5 hotfixes $B$K$"$k$h$&$@!#(B $B$^$?%2!<%H%&%'%$@=IJ$d(B Linux $BHG@=IJ$J$I$K$D$$$F$O!"(B F-Secure Security Bulletin FSC-2005-1: Code execution vulnerability in ARJ-archive handling $B$K8DJL(B patch $B$,<($5$l$F$$$k$,!"$3$l$bF|K\8lHG$N%W%m%@%/%H$KE,MQ$7$F$$$$$N$+$I$&$+$O$h$/$o$+$i$J$$!#(B

2005.02.14 $BDI5-(B:

$B!!(BF-Secure $B%"%s%A%&%#%k%9@=IJ%P%C%U%!%*!<%P%U%m!<@H ($BF|K\%(%U!&%;%-%e%"(B, 2005.02.14)$B!#(B $BF|K\8lHGBP1~(B patch $B=P$F$$$^$9(B ($BK\2H$HF1$8$+$b$7$l$J$$$1$I(B)$B!#(B littlecub $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $BDI5-(B

Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (867282) (MS05-014)

$B!!(Bsecunia $B$+$i>pJs$,8x3+$5$l$?(B:

$B%5!<%P!<(B $B%a%C%;!<%8(B $B%V%m%C%/$N@H

$B!!4XO"(B: GREENAPPLE (SMB Remote in Windows) (immunitysec.com)$B!#%5!<%P>ZL@=q$N4|8B$,@Z$l$F$^$9!#(B

SYM05-003: $B%7%^%s%F%C%/$N(B UPX $B2r@O%(%s%8%s$K%R!<%W(I%$B%*!<%P!<%U%m!<$N@H

$B!!(BBloodhound.Exploit.26 ($B%7%^%s%F%C%/(B)

$B"#(B ASP.NET $B%Q%98!>Z$N@H
(Microsoft, 2005.02.09)

$B!!(B.NET Framework 1.0 SP2 / SP3, .NET Framework 1.1 gold / SP1 $B$K7g4Y!#(B ASP.NET $B$K$*$1$k%Q%9L>$N@55,2=$BJs9p$5$l$?(B Microsoft ASP.NET $B$N@HpJs(B $B$NOC!#(B CVE: CAN-2004-0847

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2005.03.17 $BDI5-(B:

$B!!$3$N(B patch $B$K$OI{:nMQ$,$"$kLOMM!#(B

$B!!(BKB887219 $B$K4XO"%j%s%/$r4^$a$F>pJs$,$"$k!#(B KB887219 $BF|K\8lHG(B $B$O!"99?7>u67$,1Q8lHG$KDI$$$D$$$F$$$J$$LOMM!#(B(3/18 $B$KDI$$$D$$$?$i$7$$(B)

2005.05.27 $BDI5-(B:

$B!!(BInstallation of .NET Framework service packs is not completed if you first install security update MS05-004 (Microsoft)$B!#(B

$B"#(B Microsoft Office XP $B$N@H
(Microsoft, 2005.02.09)

$B!!(BOffice XP (Word 2002, PowerPoint 2002), Project 2002, Visio 2002, Works Suite 2002 / 2003 / 2004 $B$K7g4Y!#(B $BD9Bg$J(B URL $B%m%1!<%7%g%s$K$h$C$F(B buffer overflow $B$,H/@8!"G$0U$N%3!<%I$r\:Y$K$D$$$F$O(B Finjan Security Advisory: Microsoft Office XP Remote Buffer Overflow Vulnerability $B$r;2>H!#(B CVE: CAN-2004-0848

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!4XO"(B:

$B"#(B Windows SharePoint Services $B$*$h$S(B SharePoint Team Services $B$N@H
(Microsoft, 2005.02.09)

$B!!(BWindows SharePoint Services $B$*$h$S(B SharePoint Team Services $B$K7g4Y!#(B $B%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$,$"$j!"$3$l$rMxMQ$7$F0-0U$"$k%9%/%j%W%H$rCAN-2005-0049

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2005.02.17 $BDI5-(B:

$B!!(BSharePoint Portal Server 2003 $B$H(B Small Business Server 2003 $B$K$O(B Windows SharePoint Services $B$,4^$^$l$F$$$k$?$a!"$3$N7g4Y$N1F6A$r

$B"#(B Windows $B$N@HpJsO3$($$$,5/$3$k(B (888302) (MS05-007)
(Microsoft, 2005.02.09)

$B!!(BWindows XP $B$K7g4Y!#(B $BL>A0IU$-%Q%$%W$+$i!"6&M-%j%=!<%9$K%"%/%;%9$7$?MxMQ$rCAN-2005-0051

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!>\:Y(B: Some details about MS05-007 security bulletin$B!#(B

The MS05-007 patch forbids the NetrSessionEnum operation in the context of a NULL session.

$B"#(B PNG $B=hM}$N@H
(Microsoft, 2005.02.09)

$B!!(BWindows Media Player 9 (Windows 2000 / XP SP1 / Server 2003 $B>e$N$_(B)$B!"(B Windows Messenger 4.7.2009 (Windows XP SP1) / 4.7.3000 (Windows XP SP2) / 5.0 ($BA4(B OS)$B!"(BMSN Messenger 6.1 / 6.2 $B$K7g4Y!#(B PNG $B2hA|$N=hM}$K7g4Y$,$"$j!"G$0U$N%3!<%I$re$N(B Windows Media Player 9$B!"(B Windows Messenger 5.1$B!"(BMSN Messenger for Mac $B$K$O$3$N7g4Y$O$J$$!#(B CVE: CAN-2004-0597 CAN-2004-1244

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#$J$*!"(B MSN Messenger 6.1 / 6.2 $B$*$h$S(B/$B$^$?$O(B Windows Messenger 5.0 $B$rMxMQ$7$F$$$k>l9g$O!"$3$l$i$K4X$9$k(B MS05-009 $B=$@5%W%m%0%i%`$O(B Windows Update $B$G$OE,MQ$5$l$J$$$?$a!"(B MS05-009 web $B%Z!<%8(B $B$+$i8DJL$KF~MSN Messenger 7.0 $B$*;n$7HG(B$B$r%$%s%9%H!<%k$9$k$3$H$G$bBP1~2DG=!#(B $B$^$?!V(BWindows Messenger 5.0 $BMQ$N=$@5%W%m%0%i%`!W$N@5BN$O(B Windows Messenger 5.1 $B$G$"$k!#(B

$B!!(BMS05-009 $B$K$O2sHrJ}K!$b$$$m$$$m$H5-:\$5$l$F$$$k$N$G!"=$@5%W%m%0%i%`$rE,MQ$G$-$J$$(B / $B$7$-$l$J$$>l9g$O9MN8$5$l$?$$!#(B

$B!!4XO"(B:

2005.02.15 $BDI5-(B:

$B!!(BMS05-009 $B$K7Y9p$,DI2C$5$l$?!#(B

$B7Y9p(B : 2005 $BG/(B 2 $B7n(B 10 $BF|(B ($BJF9qF|IU(B) $B$+$i!"(BMSN Messenger $B%5!<%S%9$O!"(BMSN Messenger $B$N1F6A$rl9g$,$"$j$^$9!#(B

$B!!$H$$$&$o$1$G!"%"%C%W%0%l!<%I$7$^$7$g$&!#(B

2005.04.13 $BDI5-(B:

$B!!(BMS05-009 $B$,(B 2005.04.13 $BIU$G99?7$5$l$F$$$k!#(B

$B$J$<%^%$%/%m%=%U%H$O$3$N%;%-%e%j%F%#>pJs$r(B2005$BG/(B4$B7n(B13$BF|$K99?7$7$?$N$G$9$+(B?

$B$3$N%;%-%e%j%F%#>pJs$N%j%j!<%98e!"(BWindows Messenger version 4.7.0.2009 (Windows XP Service Pack 1 $B$Gl9g(B) $B$N99?7$,(B SMS $B$^$?$O<+F099?7$r2p$7G[I[$5$l$?>l9g!"%$%s%9%H!<%k$,<:GT$9$k$3$H$,3NG'$5$l$^$7$?!#(B $B99?7$5$l$?%Q%C%1!<%8$O$3$NF0:n$r=$@5$7$^$9!#(B

$BA02s$N99?7$,@5>o$K%$%s%9%H!<%k$5$l!"8=:_(B Windows Messenger $B$N%P!<%8%g%s(B 4.7.0.2010$B$r

$B"#(B 2005.02.10

$B"#(B $BDI5-(B

Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (867282) (MS05-014)
SMTP $B$N@H

$B!!(BExchange 2000 Server $B$b$3$N7g4Y$N1F6A$r2004 $BG/(B 8 $B7n8x3+$N(B Exchange 2000 Server Service Pack 3 $B0J9_$N99?7%W%m%0%i%`$N(B $B%m!<%k%"%C%W(B$B!W$,I,MW!#(B

$B9q:]2=%I%a%$%sL>BP1~%V%i%&%6$K(BURL$B$,!H56Au!I$5$l$kLdBj!"(BIE$B$O1F6A$J$7(B

$B!!(BJPRS $B$+$iJ8=q=P$^$7$?(B: $B9q:]2=%I%a%$%sL>(B(IDN)$B$N%U%#%C%7%s%0:>5=@H ($BF|K\8l(B.jp, 2/9)$B!#(B $B$7$+$7LdBj$J$N$O!":?$O$$$A$P$s

$BJsF;$G;HMQ$5$l$?(B"payp$B#a(Bl.com" $BFb$N%-%j%kJ8;z!V#a!W$,(BASCII$BJ8;z!V(Ba$B!W$N(Bvariant($BF10l$H$_$J$9$Y$-J8;z(B)$B$G$"$k$HDj5A$9$k$h$&$J%k!<%k$r$3$l$i%,%$%I%i%$%s$K=>$$5,Dj$7$F$*$1$P!"$3$NLdBj$b2sHr$G$-$^$9!#(B $B8=:_(BIDN$B$r%5!<%S%9$7$F$$$k%l%8%9%H%j$N$[$H$s$I$O!"$3$N%,%$%I%i%$%s$K=>$C$FEPO?%5!<%S%9$r9T$C$F$$$k!"$b$7$/$O!"=>$&$3$H$r7W2hCf$G$9!#(B

$B!VA4$F$N%l%8%9%H%j$,]$,8=

JP$B%I%a%$%sL>$G$O!"F|K\8l(BJP$B%I%a%$%sL>$H$7$F;HMQ$G$-$kJ8;z$r4A;z!&2>L>!&1Q?t;z$K8BDj$7$F$$$^$9!#$=$N$?$a!"%-%j%kJ8;z$J$I1Q?t;z$KHs>o$K$h$/;w$?J8;z$,:.:_$7$?%I%a%$%sL>$OEPO?$G$-$^$;$s!#$7$?$,$C$F!":#2s;XE&$5$l$?Nc$K$"$kIT@5%5%$%H$O!"(BJP$B%I%a%$%sL>$K$OB8:_$7$F$$$^$;$s!#(B

$B!!(B.jp $B$K$D$$$F$OBg>fIW$J$h$&$G$9$,!"B>$N%I%a%$%s!"FC$K(B .com $B$J$I$N(B gTLD $B$K$*$$$F$-$A$s$H1?MQ$5$l$F$$$J$$$H!"!V9q:]2=%I%a%$%sL>$O@x:_E*$K4m81$J$N$G;H$($J$$!W$K$J$C$F$7$^$$$^$9$h$M!D!D!#(B

$B!!$^$?!"!V4A;z!&2>L>!&1Q?t;z!W$NFbIt$KB8:_$9$k!";w$?$h$&$J7A$NJ8;z(B ($BNc(B: $B%H(B $B$H(B $BKN(B ($B$\$/(B)) $B$K$D$$$F$OF1MM$NLdBj$,H/@8$9$k$3$H$K$J$k$N$G$7$g$&$+$iCm0U$,I,MW$J$N$G$7$g$&!#(B $B%^%$%/%m%=%U%H(B.jp $B$OEPO?$5$l$F$$$k$h$&$G$9$,!"%^%$%/%m%=%UKN(B.jp $B$OEPO?$5$l$F$$$J$$$h$&$G$9$M!#(B

$B"#(B 2005.02.09

$B"#(B SYM05-003: $B%7%^%s%F%C%/$N(B UPX $B2r@O%(%s%8%s$K%R!<%W(I%$B%*!<%P!<%U%m!<$N@H
($B%7%^%s%F%C%/(B, 2005.02.08)

$B!!%7%^%s%F%C%/$N(B Norton Antivirus 2004 $B$d(B Norton Antivirus 9.0 for Macintosh$B!"(B Norton Internet Security for Macintosh 3.0$B!"(BSymantec AntiVirus Corporate Edition 8.01 / 8.1.1 / 9.0$B!"(BSymantec Client Security 1.0 / 2.0 $B$J$I$N%"%s%A%&%$%k%9@=IJ$K4^$^$l$k(B DEC2EXE $B2r@O%(%s%8%s!&%b%8%e!<%k$K7g4Y!#(B UPX $B05=L$5$l$?%U%!%$%k$N2r@O$K$*$$$F(B heap overflow $B$,H/@8$9$k$?$a!":Y9)$7$?(B UPX $B%X%C%@$r;}$D96N,%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r]@=IJB?$9$.$J$N$G!"(B $B%7%^%s%F%C%/@=IJMxMQSYM05-003 $B$r;2>H$7$F3NG'$5$l$?$$!#(B $B$J$*!"(BNorton Antivirus 2003 / 2005 $B$K$O$3$N7g4Y$O$J$$!#(B

$B!!BP1~$9$k$K$O(B:

$B!!4XO"(B: Symantec $B%"%s%A%&%#%k%9(B $B%i%$%V%i%j$G$N%R!<%W(B $B%*!<%P!<%U%m!<(B (ISSKK)

2005.02.11 $BDI5-(B:

$B!!(BBloodhound.Exploit.26 ($B%7%^%s%F%C%/(B)

2005.02.14 $BDI5-(B:

$B!!(BSYM05-003 $B$,BgI}$K2~D{$5$l$F$$$k!#(B $BBg7'$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#2~D{HG$K$h$k$H!"(B

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2005.02.03)

$B!!(B$B%7%9%F%`%/%i%C%7%e$r0z$-5/$3$9@H ($B%i%$%V%I%"(B)$B!#(B [VulnWatch] High Risk Vulnerabilities in Eudora Mail Client $B$N7o$,=$@5$5$l$F$$$k$=$&$G$9!#6L2,$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B9q:]2=%I%a%$%sL>BP1~%V%i%&%6$K(BURL$B$,!H56Au!I$5$l$kLdBj!"(BIE$B$O1F6A$J$7(B

$B!!(Bsecunia $B$N%G%b%5%$%H(B$B$K@\B3$7$?:]$N%"%I%l%9%P!<$N8+$(J}(B:

  • $B1Q8lHG(B Windows 2000 SP4 $B>e$N1Q8lHG(B Mozilla:
  • $BF|K\8lHG(B Windows XP SP2 $B>e$NF|K\8lHG(B Mozilla:

$B!!F|K\8lHG(B Windows $B>e$NF|K\8lHG(B Mozilla $B$@$H3d$H;kG'$7$d$9$=$&$@$1$I!"1Q8lHG(B Windows $B>e$N1Q8lHG(B Mozilla $B$@$H!"$3$l$O$o$+$i$J$$$G$9$M!#(B

$B!!!V2sHrJ}K!!W$H$7$F$O!"9q:]2=%I%a%$%sL>$X$NBP1~$rL58z$K$9$k!#(B

  • Mozilla $B$N>l9g$O!"(Babout:config $B$K%"%/%;%9$7!"(B network.enableIDN $B$r(B false $B$K$9$k$3$H$GL58z$K$G$-$k!#(B

  • Mozilla Firefox $B$N>l9g$O!"(Bcompreg.dat $B%U%!%$%k$rJT=8$9$k$3$H$GL58z$K$G$-$k!#(BPermanent Fix for the Shmoo Group exploit (Tech.Life.Blogged) $B$r;2>H!#(B

  • IE $B$N>l9g$OI8=`$G$O9q:]2=%I%a%$%sL>$KBP1~$7$F$$$J$$$N$@$,!"(B $BF|K\8l%I%a%$%sL>%W%i%0%$%s(B $B$J$I$K$h$C$F9q:]2=%I%a%$%sL>$KBP1~$7$F$$$k>l9g$O!"$=$l$r%"%s%$%s%9%H!<%k$9$k!#(B

  • Opera $B$d(B Safari $B$K$D$$$F$O!":#$N$H$3$mL58z$K$9$kJ}K!$,$J$$!#(B

IE$B$K%U%#%C%7%s%0$N4m81!=!=(BActiveX$B$KLdBj(B

$B!!(BMS05-013 $B$G=$@5$5$l$F$$$k!#(B CVE: CAN-2004-1319

IE$B$K(B2$B

$B!!(BMS05-008 $B$H(B MS05-014 $B$H$N9g$o$;5;$G=$@5$5$l$F$$$k!#(B (CVE: CAN-2005-0053

$B"#(B $B%i%$%;%s%9(B $B%m%0(B $B%5!<%S%9$N@H
(Microsoft, 2005.02.09)

$B!!(BWindows NT 4.0 Server / 2000 Server / Server 2003 $B$K7g4Y!#(B $B%i%$%;%s%9%m%0%5!<%S%9$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$i(B local SYSTEM $B8"8B$GG$0U$N%3!<%I$r%f!<%6$,%i%$%;%s%9%m%0%5!<%S%9$K@\B3$G$-$k!#(BWindows 2000 Server SP4 $B$*$h$S(B Windows Server 2003 $B$G$O!"G'>Z$5$l$?%f!<%6$"$k$$$O%W%m%0%i%`$N$_$,%i%$%;%s%9%m%0%5!<%S%9$K@\B3$G$-$k!#(B CVE: CAN-2005-0050

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B $B$^$?%i%$%;%s%9%m%0%5!<%S%9$rDd;_$7$F$7$^$($P2sHr$G$-$k!#(B

2005.03.19 $BDI5-(B:

$B!!(Bhttp://www.immunitysec.com/downloads/llssrv_miss.pdf (immunitysec.com)$B!#(BWindows 2000 Advanced Server SP3 / SP4 $B$N>l9g$O!"L5G'>Z%f!<%6$G$"$C$F$b%i%$%;%s%9%m%0%5!<%S%9$K@\B3$G$-$F$7$^$&$H$$$&!#(B $B4XO"(B: Windows 2000 Advanced Server$B$OCm0U!$(B2$B7n$N@H ($BF|7P(B IT Pro, 2005.03.17)$B!#(B

2005.04.13 $BDI5-(B:

$B!!(B$BF|K\8lHG(B MS05-010 $B$O99?7$5$l$F$$$J$$$h$&$@$,!"(B $B1Q8lHG(B MS05-010 $B$O(B 2 $BEY99?7$5$l$F$$$k!#$3$N$"$?$j(B:

Mitigating Factors for License Logging Service Vulnerability - CAN-2005-0050:
($BCfN,(B)
On Windows 2000 Server Service Pack 4 and Windows Server 2003, only authenticated users or programs can establish a connection to the License Logging service. However, this does not apply to installations of Windows 2000 Server where Service Pack 4 has been `slipstreamed' into the operating system directory. For more information, see Microsoft Knowledge Base Article 896658.

$B"#(B $B%5!<%P!<(B $B%a%C%;!<%8(B $B%V%m%C%/$N@H
(Microsoft, 2005.02.09)

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#(BMRXSMB.SYS $B$K$*$1$k(B SMB $B%/%i%$%"%s%H=hM}$K7g4Y$,$"$j!"%5!<%P$,:Y9)$7$?%l%9%]%s%9$rJV$9$H!"%/%i%$%"%s%HB&$G(B overflow $B$,H/@8!"(Blocal SYSTEM $B8"8B$GG$0U$N%3!<%I$rCAN-2005-0045$B!#(B $B>\:Y(B: Windows SMB Client Transaction Response Handling Vulnerability (eEye)$B!#(B

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2005.02.12 $BDI5-(B:

$B!!4XO"(B: GREENAPPLE (SMB Remote in Windows) (immunitysec.com)$B!#%5!<%P>ZL@=q$N4|8B$,@Z$l$F$^$9!#(B

2005.03.11 $BDI5-(B:

$B!!$3$N7g4Y$O!"$9$G$K%5%]!<%H$,=*N;$7$F$$$k(B Windows NT 4.0 $B$K$bB8:_$9$k$3$H$,H=L@!#(B

$B!!(Bkitt $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2005.06.28 $BDI5-(B:

$B!!(BWindows SMB Client Transaction Response Handling (Exploit, MS05-011) (securiteam.com)

2006.05.08 $BDI5-(B:

$B!!(BKB896427 - $B%;%-%e%j%F%#99?7%W%m%0%i%`(B 885250 (MS05-011) $B$N%$%s%9%H!<%k8e!"(BWindows XP $B$^$?$O(B Windows Server 2003 $B$G%M%C%H%o!<%/6&M-$N%5%V%U%)%k%@$NFbMF$,I=<($5$l$J$$$3$H$,$"$k(B (Microsoft)$B!#(B8+3 $B%U%!%$%kL>$N@8@.$rL58z$K$7$F$$$k4D6-$K(B MS05-011 patch $B$r%$%s%9%H!<%k$9$k$H!"IT6q9g$,H/@8$9$kLOMM!#(B patch $B$,=P$F$$$^$9!#(B

$B"#(B OLE $B$*$h$S(B COM $B$N@H
(Microsoft, 2005.02.09)

$B!!(BWindows 98 / 98 SE / Me / 2000 / XP / Server 2003 $B$K(B 2 $B$D$N7g4Y!#(B

$B!!(BWindows 2000 / XP / Server 2003 $B$K$D$$$F$O!"=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B Windows 98 / 98 SE / Me $B$K$D$$$F$O!"(B $BM-=~%5%]!<%H$+$i(B $B=$@5%W%m%0%i%`$rF~

2005.02.15 $BDI5-(B:

$B!!I{:nMQ>pJs(B: [OL2003] MS05-012 $BE,MQ8e$KE:IU%U%!%$%kL>$,6uGr$K$J$k(B (Microsoft)$B!#E:IU%U%!%$%k$N%U%!%$%kL>$,!V(B42 $B%P%$%H!W0J>e$N>l9g$KH/@8$9$kLOMM!#(B

2005.04.01 $BDI5-(B:

$B!!I{:nMQ>pJs(B: 896648 - $B%;%-%e%j%F%#99?7%W%m%0%i%`(B 873333 $B!J(BMS05-012$B!K(B $B$N%$%s%9%H!<%k8e(B svchost.exe $B%(%i!<$,H/@8$9$k$3$H$,$"$j$^$9(B (Microsoft)$B!#(B $BIT6q9g$NB8:_$r3NG'$7$F$$$k$=$&$G$9!#(B

2005.04.19 $BDI5-(B:

$B!!(B896648 - $B%;%-%e%j%F%#99?7%W%m%0%i%`(B 873333 $B!J(BMS05-012$B!K(B $B$N%$%s%9%H!<%k8e(B svchost.exe $B%(%i!<$,H/@8$9$k$3$H$,$"$j$^$9(B (Microsoft) $B$,99?7$5$l$^$7$?!#(B Windows XP COM+ $B=$@5%W%m%0%i%`%m!<%k%"%C%W%Q%C%1!<%8(B 9 (Microsoft) $B$rE,MQ$9$k$3$H$G2r7h$9$k$=$&$G$9!#%U%m!<%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2005.05.20 $BDI5-(B:

$B!!IT6q9g>pJs(B: 894391 - [FIX] $B%;%-%e%j%F%#99?7%W%m%0%i%`(B MS05-012 $B$r%$%s%9%H!<%k8e!"%j%C%A%F%-%9%H7A<0$NEE;R%a!<%k%a%C%;!<%8$G(B 2 $B%P%$%HJ8;z%;%C%H$NE:IU%U%!%$%kL>$,I=<($5$l$:!"%(%i!<%a%C%;!<%8(B "Generic Host Process" $B$,I=<($5$l$k$3$H$,$"$k(B (Microsoft)$B!#(B patch $B$b8x3+$5$l$F$$$k(B: $B%-!<%o!<%I(B "894391" (Microsoft $B%@%&%s%m!<%I%;%s%?!<(B)$B!#(B $B$3$N(B patch $B$G

$B!!(B896648 - $B%;%-%e%j%F%#99?7%W%m%0%i%`(B 873333 $B!J(BMS05-012$B!K(B $B$N%$%s%9%H!<%k8e(B svchost.exe $B%(%i!<$,H/@8$9$k$3$H$,$"$j$^$9(B (Microsoft) $B$K$D$$$F$O!V(BWindows XP COM+ $B=$@5%W%m%0%i%`%m!<%k%"%C%W%Q%C%1!<%8(B 9 $B$r!W$N$^$^$@$,!"(B 894391 $B$r%$%s%9%H!<%k$9$k$H8F$S=P$5$lB&$N(B ole32.dll $B$,99?7$5$l$k$N$G!">u67$,JQ2=$9$k$+$b$7$l$J$$!#(B

$B!!%U%m!<%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2005.06.23 $BDI5-(B:

$B!!(B$B%&%$%k%9%P%9%?!<(B2005$B$N%$%s%9%H!<%k8e!"(I"(BGeneric host Process for win32 services(I#$B%(%i!<$,H/@8$9$k(B ($B%H%l%s%I%^%$%/%m(B, 2005.06.22)$B!#(B

$B"#(B DHTML $BJT=8%3%s%]!<%M%s%H$N(B Active X $B%3%s%H%m!<%k$N@H
(Microsoft, 2005.02.09)

$B!!(BWindows 98 / 98 SE / Me / 2000 / XP / Server 2003 $B$K7g4Y!#(B IE$B$K%U%#%C%7%s%0$N4m81!=!=(BActiveX$B$KLdBj(B $B$NOC!#(B DHTML Editing ActiveX $B%3%s%H%m!<%k(B$B$K$*$$$F!"K\Mh$OJL!9$N%;%-%e%j%F%#%I%a%$%s$KB8:_$9$k$H$7$F07$o$l$J$1$l$P$J$i$J$$$b$N$,!"!<%s8"8B$GF0:n$7$F$7$^$&!#(B $B$3$l$K$h$j!"%"%I%l%9%P!<$d%9%F!<%?%9%P!<$N=q$-$+$(!"%&%$%k%9$NCAN-2004-1319

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2006.04.18 $BDI5-(B:

$B!!$3$N(B patch $B$rE,MQ$9$k$H!"(BWindows XP / Server 2003 $B$GI{:nMQ$,H/@8$9$k$3$H$,$"$kLOMM(B:

$B!!(BKB896180 $B1Q8lHG(B $B$K$h$k$H!"M-=~%5%]!<%H$+$i$5$i$J$k=$@5%W%m%0%i%`$rF~

$B"#(B Windows $B%7%'%k$N@H
(Microsoft, 2005.02.09)

$B!!(BWindows 98 / 98 SE / Me / 2000 / XP / Server 2003 $B$K7g4Y!#(B $B%I%i%C%0%"%s%I%I%m%C%W(B $B%$%Y%s%H$N=hM}$K7g4Y$,$"$j!"96N,(B web $B%5%$%H$r%"%/%;%9$7$?$H$-$K!"%U%!%$%k$r<+F0E*$+$DL57Y9p$G%9%?!<%H%"%C%W%U%)%k%@$J$I$K%3%T!<$5$;$k$3$H$,2DG=!#$3$N7k2L!"IE$B$K(B2$B $B$NOC!#(BCVE: CAN-2005-0053

$B!!(BWindows 2000 / XP / Server 2003 $B$K$D$$$F$O(B $B=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B Windows 98 / 98 SE / Me $B$K$D$$$F$O!"(B $BM-=~%5%]!<%H$+$i(B $B=$@5%W%m%0%i%`$rF~

$B!!$3$N7g4Y$N0lIt$O(B MS05-014 $B$K$*$$$F=$@5$5$l$F$$$k!#40A4$K=$@5$9$k$K$O!"(BMS05-014 $B=$@5%W%m%0%i%`$H(B MS05-008 $B=$@5%W%m%0%i%`$NN>J}$rE,MQ$7$J$1$l$P$J$i$J$$!#(B

$B"#(B Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (867282) (MS05-014)
(Microsoft, 2005.02.09)

$B!!(BInternet Explorer 5.01 SP[34] / 5.5 SP2 / 6 SP[12] $B$N:G?7$NN_@QE*$J=$@5%W%m%0%i%`!#(B $B?7$?$K(B 4 $B$D$N7g4Y$N=$@5$,Ii2Y$5$l$F$$$k!#(B

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B $B$^$?(B $B=$@5%W%m%0%i%`$rE,MQ$9$k$H!"

2005.02.10 $BDI5-(B:

2005.02.12 $BDI5-(B:

$B!!(Bsecunia $B$+$i>pJs$,8x3+$5$l$?(B:

2005.05.18 $BDI5-(B:

$B!!I{:nMQ>pJs(B:

$B!!(BMS05-020 $B$GBP1~$7$F$$$k$=$&$@!#(B

$B"#(B $B%O%$%Q!<%j%s%/(B $B%*%V%8%'%/%H(B $B%i%$%V%i%j$N@H
(Microsoft, 2005.02.09)

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#%O%$%Q!<%j%s%/%*%V%8%'%/%H%i%$%V%i%j$K(B buffer overflow $B$9$k7g4Y$,$"$j!":Y9)$7$?%j%s%/$r;H$C$FG$0U$N%3!<%I$rCAN-2005-0057

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

2005.03.09 $BDI5-(B:

$B!!$3$N7g4Y$O(B Windows 9x / Me $B$K$b$"$j$^$7$?(B ($B$9$$$^$;$s(B)$B!#(B Windows 98 / 98 SE / Me $BMQ$N=$@5%W%m%0%i%`$,EP>l$7$?$=$&$G$9!#(B Windows Update $B$GF~

$B"#(B 2005.02.08

$B"#(B $B9q:]2=%I%a%$%sL>BP1~%V%i%&%6$K(BURL$B$,!H56Au!I$5$l$kLdBj!"(BIE$B$O1F6A$J$7(B
(Internet Watch, 2005.02.08)

$B!!LdBj$H$$$&$+!D!D$3$l$,LdBj$@$H8@$&$N$G$"$l$P!"$=$l$O(B$B9q:]2=%I%a%$%sL>(B$B$NLdBj$G$9$h$M$(!#!V;w$?$h$&$K8+$($kL>A0!W$NOC$O9q:]2=%I%a%$%sL>$,9=A[$5$l$?;~$+$i$"$C$?OC$G$9$7!"3F(B web $B%V%i%&%6$O9q:]2=%I%a%$%sL>$KBP1~$7$?$@$1$G$9$7!#(B IE $B$N>l9g$b!"$?$H$($P(B $BF|K\8l%I%a%$%sL>%W%i%0%$%s(B $B$rF~$l$F$$$?$i1F6A$"$k$G$7$g$&$7!#(B

$B!!BP1~$H$7$F$O!D!D2?$+A`:n$9$k$H@8%I%a%$%sL>$bI=<($9$k$H$+!"$J$N$+$J$"!#(B $B$"$k$$$O!"?'$rJQ$($k$H$+$7$F!V9q:]2=%I%a%$%sL>!W$G$"$k$3$H$,L@3N$K$o$+$k$h$&$K$9$k$H$+(B?

$B!!4XO"(B:

2005.02.09 $BDI5-(B:

$B!!(Bsecunia $B$N%G%b%5%$%H(B$B$K@\B3$7$?:]$N%"%I%l%9%P!<$N8+$(J}(B:

$B!!F|K\8lHG(B Windows $B>e$NF|K\8lHG(B Mozilla $B$@$H3d$H;kG'$7$d$9$=$&$@$1$I!"1Q8lHG(B Windows $B>e$N1Q8lHG(B Mozilla $B$@$H!"$3$l$O$o$+$i$J$$$G$9$M!#(B

$B!!!V2sHrJ}K!!W$H$7$F$O!"9q:]2=%I%a%$%sL>$X$NBP1~$rL58z$K$9$k!#(B

2005.02.10 $BDI5-(B:

$B!!(BJPRS $B$+$iJ8=q=P$^$7$?(B: $B9q:]2=%I%a%$%sL>(B(IDN)$B$N%U%#%C%7%s%0:>5=@H ($BF|K\8l(B.jp, 2/9)$B!#(B $B$7$+$7LdBj$J$N$O!":?$O$$$A$P$s

$BJsF;$G;HMQ$5$l$?(B"payp$B#a(Bl.com" $BFb$N%-%j%kJ8;z!V#a!W$,(BASCII$BJ8;z!V(Ba$B!W$N(Bvariant($BF10l$H$_$J$9$Y$-J8;z(B)$B$G$"$k$HDj5A$9$k$h$&$J%k!<%k$r$3$l$i%,%$%I%i%$%s$K=>$$5,Dj$7$F$*$1$P!"$3$NLdBj$b2sHr$G$-$^$9!#(B $B8=:_(BIDN$B$r%5!<%S%9$7$F$$$k%l%8%9%H%j$N$[$H$s$I$O!"$3$N%,%$%I%i%$%s$K=>$C$FEPO?%5!<%S%9$r9T$C$F$$$k!"$b$7$/$O!"=>$&$3$H$r7W2hCf$G$9!#(B

$B!VA4$F$N%l%8%9%H%j$,]$,8=

JP$B%I%a%$%sL>$G$O!"F|K\8l(BJP$B%I%a%$%sL>$H$7$F;HMQ$G$-$kJ8;z$r4A;z!&2>L>!&1Q?t;z$K8BDj$7$F$$$^$9!#$=$N$?$a!"%-%j%kJ8;z$J$I1Q?t;z$KHs>o$K$h$/;w$?J8;z$,:.:_$7$?%I%a%$%sL>$OEPO?$G$-$^$;$s!#$7$?$,$C$F!":#2s;XE&$5$l$?Nc$K$"$kIT@5%5%$%H$O!"(BJP$B%I%a%$%sL>$K$OB8:_$7$F$$$^$;$s!#(B

$B!!(B.jp $B$K$D$$$F$OBg>fIW$J$h$&$G$9$,!"B>$N%I%a%$%s!"FC$K(B .com $B$J$I$N(B gTLD $B$K$*$$$F$-$A$s$H1?MQ$5$l$F$$$J$$$H!"!V9q:]2=%I%a%$%sL>$O@x:_E*$K4m81$J$N$G;H$($J$$!W$K$J$C$F$7$^$$$^$9$h$M!D!D!#(B

$B!!$^$?!"!V4A;z!&2>L>!&1Q?t;z!W$NFbIt$KB8:_$9$k!";w$?$h$&$J7A$NJ8;z(B ($BNc(B: $B%H(B $B$H(B $BKN(B ($B$\$/(B)) $B$K$D$$$F$OF1MM$NLdBj$,H/@8$9$k$3$H$K$J$k$N$G$7$g$&$+$iCm0U$,I,MW$J$N$G$7$g$&!#(B $B%^%$%/%m%=%U%H(B.jp $B$OEPO?$5$l$F$$$k$h$&$G$9$,!"%^%$%/%m%=%UKN(B.jp $B$OEPO?$5$l$F$$$J$$$h$&$G$9$M!#(B

2005.02.15 $BDI5-(B:

$B!!(BFirefox$B$H(BMozilla$B$N (Internet Watch, 2005.02.15)$B!#8=>u$G$OBEEv$JA*Br$G$7$g$&!#(B

2005.02.28 $BDI5-(B:

$B!!(BFirefox 1.0.1 $B$H(B Opera $B$N

$B!!(BOpera$B!"$d$j$^$9$J!#(B

$B!!$^$?!"(BFirefox $B$G;H$($k(B SpoofStick $B$H$$$&%f!<%F%#%j%F%#$,$"$k$=$&$@!#(B $B<+J,$NL\$b(B URL $B$b?.MQ$G$-$J$$(B (TidBITS $BF|K\8lHG(B #766/14-Feb-05) $B$r;2>H!#(B

2006.05.30 $BDI5-(B:

$B!!$D$E$-(B: Opera$B$K$*$1$k%"%I%l%9%P!<$"$k$$$O%9%F!<%?%9%P!<56Au2DG=$N%]%F%s%7%c%j%F%#!<(B

$B"#(B 2005.02.07

$B"#(B $B8@8l7O(B
(various)

$B"#(B $BDI5-(B

RFC2397 "data" URL $B4XO"(B

$B!!(BOpera 7.54u2 $B$G=$@5$5$l$F$$$k$h$&$G$9(B: $B!H(Bdata:$B!I7A<0$N(BURL$B$K4X$9$k@H ($BAk$NEN(B, 2005.02.07)

$B"#(B 2005.02.06

$B"#(B 2005.02.05

$B"#(B 2005.02.03

$B"#(B $B$$$m$$$m(B
(various)

2005.02.09 $BDI5-(B:

$B!!(B$B%7%9%F%`%/%i%C%7%e$r0z$-5/$3$9@H ($B%i%$%V%I%"(B)$B!#(B [VulnWatch] High Risk Vulnerabilities in Eudora Mail Client $B$N7o$,=$@5$5$l$F$$$k$=$&$G$9!#6L2,$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2005.02.02

$B"#(B Vulnerability Note VU#702777: UW-imapd fails to properly authenticate users when using CRAM-MD5
(CERT/CC, 2005.01.27)

$B!!(BUW-imap $B$K7g4Y!#(BCRAM-MD5 $BG'>Z$,M-8z$J>l9g$K!"(BCRAM-MD5 $BG'>Z$,@5$7$/=hM}$5$l$J$$$?$a!"(B $BG$0U$N%f!<%6$K$J$j$9$^$9$3$H$,2DG=!#(B CRAM-MD5 $BG'>Z$r;H$C$F$$$J$$?M$K$O$3$N7g4Y$O1F6A$7$J$$!#(B

$B!!(BVU#202777 $B$G$O(B imap-2004b $B$G=$@5$5$l$F$$$k(B$B$H$J$C$F$$$k$N$@$,!"(B UW IMAP Server Documentation (washington.edu) $B$r8+$k8B$j$G$O!"(Bimap-2004b $B$G$O$J$/(B imap-2004c $B$G=$@5$5$l$?$G$O$J$$$N$+!"$H$$$&5$$,$9$k!#(B $B$A$J$_$K(B ftp://ftp.cac.washington.edu/mail/ $B$K$"$k:G?7HG$O(B imap-2004c1 $B$G$"$j!"$^$?(B ftp://ftp.cac.washington.edu/mail/old/ $B$K$O$J$<$+(B imap-2004b $B$@$1$,B8:_$7$J$$!#(B

$B!!(BJVN: JVNVU#702777: UW-imap$B$G%f!<%6G'>Z$,@5$7$/9T$o$l$J$$@H

2005.03.08 $BDI5-(B:

$B!!?.Mj$G$-$k6Z$+$i!V(Bimap-2004b $B$G=$@5$5$l$?!W;]$N>pJs$r

$B"#(B iDEFENSE Security Advisory 01.26.05: Openswan XAUTH/PAM Buffer Overflow Vulnerability
(VulnWatch ML, Thu, 27 Jan 2005 02:07:41 +0900)

$B!!(BOpenswan 1.0.9 $B$h$jA0$N(B 1.x$B!"(B2.3.0 $B$h$jA0$N(B 2.x $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(B Openswan $B%"%W%j$r(B XAUTH $B$*$h$S(B PAM $B%5%]!<%H9~$G%3%s%Q%$%k$7$?>l9g$K7g4Y$,H/8=$9$k!#(B remote $B$+$iG$0U$N%3!<%I$rCAN-2005-0162

$B!!(BOpenswan 1.0.9 / 2.3.0 $B$G=$@5$5$l$F$$$k!#$^$?(B Openswan 2.x $BMQ$N(B patch $B$,;XE&J8=q$KE:IU$5$l$F$$$k!#(B

$B"#(B $BO*%;%-%e%j%F%#BP:v2q
(ITmedia, 2005.01.31)

$B!!(BDefeating Microsoft Windows XP SP2 Heap protection and DEP bypass (maxpatrol.com) $B$NOC!#(BWindows XP SP2 $B$N(B DEP (@IT) $B$r2sHr$7$F(B buffer overflow $B7g4Y$r96N,$G$-$k!"$H$$$&;XE&!#(B

$B"#(B 2005.02.01

$B"#(B Firefox$B!$(BMozilla$B!$(BThunderbird$B$K4X$9$k(B12$B7o$N%;%-%e%j%F%#!&%[!<%k$,8x3+!$:G?7HG$G=$@5(B
($BF|7P(B IT Pro, 2005.01.24)

$B!!$b$O$d(B old news $B$@$7!">\:Y$O(B Mozilla Foundation $B%;%-%e%j%F%#%"%I%P%$%6%j(B: 2005 $BG/(B 1 $B7n(B 21 $BF|(B $B$r8+$F$b$i$&$H$7$F!D!D!#(B

$B!!F|7P(B IT Pro $B5-;v$G$O!"=EMWEY$O!V9b!W!VCf!W!VDc!W$KJ,$1$i$l$F$$$k$H$5$l$F$$$k$7!"(B Mozilla Foundation $B%;%-%e%j%F%#%"%I%P%$%6%j(B: 2005 $BG/(B 1 $B7n(B 21 $BF|(B $B$+$i$?$I$C$?3F9`L\$K$b!V=EMWEY!!9b!W$H$+$$$&=q$+$lJ}$r$7$F$$$k!#(B $B$7$+$7(B Mozilla Foundation $B%;%-%e%j%F%#%"%I%P%$%6%j(B: 2005 $BG/(B 1 $B7n(B 21 $BF|(B $B<+BN$N8+1I$($O$H$$$&$H!"@V(B = 2$B!"\t(B = 6$B!"2+(B = 2$B!"Gr(B = 3 $B$G!"=EMWEY$H$O@09g$7$F$$$J$$$h$&$K8+$($k!#$G!"$3$N%Z!<%8$N%=!<%9$r8+$F$_$k$H!"(B class="critical" $B$H$+(B class="moderate" $B$H$+=q$+$l$F$$$k!#(B

$B!!8+$k8B$j$G$O!"$I$&$d$i(B critical > high > moderate > low $B$G!"(Bhigh = $B9b(B, moderate = $BCf(B, low = $BDc(B $B$N$h$&$@!#$G!"$J$<$+(B critical $B$b9b$K$J$C$F$$$k!#$J$<$3$&$J$C$F$$$k$N$+$O$h$/$o$+$i$J$$!#$^$?!"$I$N$h$&$J4p=`$G!V9b!W$H$+!VCf!W$H$+$K$J$C$F$$$k$N$+$b$h$/$o$+$i$J$$!#(B

$B!!(BFirefox 1.0 / Mozilla 1.7.5 / Thunderbird 1.0 $B$G$O!"5s$2$i$l$?7g4Y$O=$@5$5$l$F$$$k$N$@$=$&$@!#(B

$B"#(B [Full-Disclosure] SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow
(Full-Disclosure, Tue, 25 Jan 2005 05:30:08 +0900)

$B!!J#?t$N%"%W%j%1!<%7%g%s$K$*$$$F!"(Bfd_set $B9=B$BN$,$"$U$l$k7g4Y$,B8:_$9$k!"$H$$$&;XE&!#5s$2$i$l$F$$$k$N$O(B gnugk, jabber, bnc, socks5, citadel, dante, rinetd, bld, 3proxy$B!#(B gnugk (OpenH323 Gatekeeper) $B$O(B 2.2.1 $B$G!"(B bnc $B$O(B 2.9.3 $B$G!"(B citadel $B$O(B 6.29 $B$G!"(B dante $B$O(B 1.1.15 $B$G!"(B 3proxy $B$O(B 0.5b $B$G!"(B $B=$@5$5$l$F$$$k!#(B

$B!!$J$*!"$3$N7g4Y$O(B Windows $B$J%W%m%0%i%`$K$OB8:_$7$J$$$N$@$=$&$@!#(B $BM}M3(B$B!#(B

$B"#(B [SA1396yy2] SquirrelMail Three Vulnerabilities
(secunia, Mon, 24 Jan 2005 21:45:29 +0900)

$B!!(BSquirrelMail $B$K(B 3 $B$D$N7g4Y!#(B

  • SquirrelMail 1.4.0-RC1 $B!A(B 1.4.4-RC1 $B$K7g4Y!#(B webmail.php $B$GMxMQ$5$l$k@0?tCM$N=|@w$,IT40A4$J$?$a$K!"(B register_globals $B$,(B On $B$N>l9g$K(B $B%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$,H/@8!#(B CVE: CAN-2005-0104

  • SquirrelMail 1.4.0-RC1 $B!A(B 1.4.4-RC1 $B$K7g4Y!#(B webmail.php $B$K$*$1$k(B URL $BJQ?t$N8!>Z$,IT40A4$J$?$a!"(BSquirrelMail $B$N%U%l!<%`%;%C%H$KG$0U$N30It(B web $B%Z!<%8$rA^F~$G$-$F$7$^$&!#(B CVE: CAN-2005-0103

  • SquirrelMail 1.4.3-RC1 $B!A(B 1.4.4-RC1 $B$K7g4Y!#(B prefs.php $B$K7g4Y$,$"$j!"(B register_globals $B$,(B On $B$N>l9g$K!"(B $B%m!<%+%k%U%!%$%k$r(B SquirrelMail $B$N%3!<%I$N0lIt$H$7$FFI$_9~$^$;$k$3$H$,2DG=!#(B CVE: CAN-2005-0075

$B!!$3$l$i$N7g4Y$O(B SquirrelMail 1.4.4 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B Squid Proxy Cache Security Update Advisory SQUID-2005:3
(squid-org, 2005.01.28)

$B!!(Bsquid 2.5-STABLE7 $B0JA0$K7g4Y!#(BWCCP $B$N(B recvfrom() $B$K(B buffer overflow $B$9$k7g4Y$,$"$k!#$3$N$?$a!"(BWCCP $B$,M-8z$J(B squid ($B4{DjCM(B: WCCP $BL58z(B) $B$r(B remote $B$+$i(B crash $B$5$;$i$l$k!#(B WCCP $B$rL58z$K$9$l$P$3$N7g4Y$r2sHr$G$-$k!#(B

$B!!(BSquid-2.5.STABLE7 $BMQ$N(B patch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B $BDI5-(B

Vulnerability Note VU#938617: BIND 9.3.0 vulnerable to denial of service in validator code

$B!!(Bbind 9.3.0 $BMQ$N(B patch $B$,EP>l$7$F$$$^$9!#(B

$B$$$m$$$m(B (2004.12.21)

$B!!(BJ273419: Backup Exec 8.x $B$*$h$S(B 9.x $B$K$*$1$k%9%?%C%/>e$N%P%C%U%!(B $B%*!<%P!<%U%m!<$KBP$9$k@H (VERITAS)$B!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B