$B%;%-%e%j%F%#%[!<%k(B memo - 2005.03

Last modified: Mon Jan 16 14:27:36 2006 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2005.03.31

$B"#(B KSEC-2005-03-30-01: Kerio Personal Firewall: Local application can bypass network rules
(Kerio, 2005.03.30)

$B!!(BKerio Personal Firewall 4.1.2 $B0JA0$K7g4Y!#(B $B96N,%"%W%j%1!<%7%g%s$,!"B>$N%"%W%j%1!<%7%g%s$K$J$j$9$^$7$F%M%C%H%o!<%/$K%"%/%;%9$9$k$3$H$,2DG=!#(BKerio Personal Firewall 4.1.3 $B0J9_$G=$@5$5$l$F$$$k!#(B

$B"#(B Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerable to Crafted SSL Attack
(Cisco, 2005.03.31)

$B!!(BCisco VPN 3000 Concentrator $B$N%=%U%H%&%'%"(B 4.1.7.A $B0JA0$K7g4Y!#(B HTTPS $B%5!<%S%9$r;HMQ$7$F$$$k>l9g$K!"(BHTTPS $B%5!<%S%9$KBP$7$F:Y9)$7$?%Q%1%C%H$rEj$2$k$H%5!<%S%9$,:F5/F0$5$l$k!#(B $B%=%U%H%&%'%"(B 4.1.7.B $B0J9_$G=$@5$5$l$F$$$k!#(B

$B"#(B Smarty 2.6.8 Released
(Smarty, 2005.03.21)

$B!!(BPHP $BMQ$N%F%s%W%l!<%H%(%s%8%s(B Smarty 2.6.7 $B0JA0$K7g4Y!#(Bregex_replace $B=$>~;R$K7g4Y$,$"$j!"(B $B%F%s%W%l!<%H%;%-%e%j%F%#(B$B$,M-8z$K$J$C$F$$$F$b!"%F%s%W%l!<%H$+$i$N(B PHP $B%3!<%I$N

$B!!(BSmarty 2.6.8 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

APPLE-SA-2005-03-21 Security Update 2005-003

$B!!%5!<%PMQ$,(B Security Update 2005-003 (Server) 1.1 $B$H$7$F:F8x3+$5$l$F$$$^$9!#(B

$B"#(B ppBlog $B8!:w%b%8%e!<%k$K(BXSS$B$N@H
(PPBLOG, 2005.03.04)

$B!!(BppBlog 1.4.0 $BL$K~$K7g4Y!#(B $B8!:w%b%8%e!<%k(B search.inc.php $B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0$r5v$97g4Y$,B8:_$9$k!#(B $B=$@5HG(B search.inc.php $B$,8x3+$5$l$F$$$k$N$GF~$l$+$($l$P$h$$!#(B $B8=:_&B%F%9%HCf$N(B ppBlog 1.4.0 $B$G$O!"$3$N7g4Y$O=$@5$5$l$F$$$k!#(B

2005.04.11 $BDI5-(B:

$B!!(BppBlog 1.4.0 $B$,@5<08x3+$5$l$F$$$^$9!#(B

$B"#(B Sylpheed 0.8.0$B!A(B1.0.3 / 1.9.0 $B!A(B 1.9.4 $B$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k7g4Y(B
(Sylpheed, 2005.03.24)

$B!!(BSylpheed 0.8.0$B!A(B1.0.3 / 1.9.0 $B!A(B 1.9.4 $B$K!"(B Sylpheed 1.0.2 $B0JA0$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k7g4Y(B $B$H$OJL$N!"(Bbuffer overflow $B$,H/@8$9$k7g4Y$,H/8+$5$l$?!#(B Sylpheed 1.0.4 / 1.9.5 $B$G=$@5$5$l$F$$$k!#(B CVE: CAN-2005-0926$B!#(B takayama $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BSylpheed 1.0.4 $B$N(B ChangeLog.jp $B$r8+$k$H!"$3$&=q$+$l$F$$$^$9!#(B 

2005-03-24

       * src/procmime.c:
         procmime_scan_content_type()
         procmime_scan_content_disposition(): $B%9%?%C%/%P%C%U%!%*!<%P!<(B
         $B%U%m!<$r5/$3$92DG=@-$,$"$C$?$N$r=$@5!#(B
       * src/codeconv.c: conv_unmime_header()
         src/unmime.[ch]: unmime_header(): $B%P%C%U%!%5%$%:$N0z?t$rDI2C$7!"(B
         $B%G%3!<%I$7$?J8;zNs$N%5%$%:$r@)8B$7!"%P%C%U%!%*!<%P!<%U%m!<$N(B
         $B2DG=@-$rL5$/$7$?!#(B

$B"#(B 2005.03.30

$B"#(B $BDI5-(B

SYM05-006: Denial of Service in Symantec Norton AntiVirus AutoProtect

$B!!F|K\8lHG%"%I%P%$%6%j=P$^$7$?(B: SYM05-006: Symantec Norton AntiVirus $B$N(B AutoProtect $B5!G=$K%5!<%S%95qH]$N@H ($B%7%^%s%F%C%/(B)

$B%7%^%s%F%C%/$NBP1~(B
$B%7%^%s%F%C%/$G$O!"(B2 $B7o$NLdBj$,(B Symantec Norton AntiVirus $B$N(B Auto-Protect $B5!G=$K1F6A$r$*$h$\$9$3$H$r3NG'$7!"1F6A$r

$B!!$J!"$J$s$@$C$F!<(B (AA $BN,(B)$B!#(B$B1Q8lHG%"%I%P%$%6%j(B $B$K$O(B

Symantec Response
Symantec product engineers confirmed both issues impacting Symantec's Auto-Protect feature in Symantec Norton AntiVirus and have developed and released a patch for all impacted products through Symantec LiveUpdate. Customers running Automatic LiveUpdate should already be updated.

$B$H$"$k$N$K!#$I$&$d$i!"F|K\8lHG%W%m%@%/%HMQ$N=$@5(B patch $B$O$^$@$G$-$F$$$J$$LOMM$G$9!#(B

$B"#(B $B$$$m$$$m(B (2005.03.30)
(various)

2005.04.07 $BDI5-(B:

$B!!F|K\8l(B KB $B=P$^$7$?(B: 889323 - $B4IM} (Microsoft)

$B"#(B 2005.03.29

$B"#(B SYM05-006: Denial of Service in Symantec Norton AntiVirus AutoProtect
(Symantec, 2005.03.28)

$B!!(BNorton AntiVirus 2004 / 2005$B!"(BNorton Internet Security 2004 / 2005$B!"(B Norton System Works 2004 / 2005 $B$K7g4Y!#(B Norton AntiVirus $B$N(B Auto-Protect $B$,M-8z$J>l9g(B ($BI8=`$GM-8z(B) $B$K!"(BDoS $B>uBV$,H/@8$7$F$7$^$&7g4Y$,(B 2 $B

$B!!(BLiveUpdate $B7PM3$G99?7HG$rF~

2005.03.30 $BDI5-(B:

$B!!F|K\8lHG%"%I%P%$%6%j=P$^$7$?(B: SYM05-006: Symantec Norton AntiVirus $B$N(B AutoProtect $B5!G=$K%5!<%S%95qH]$N@H ($B%7%^%s%F%C%/(B)

$B%7%^%s%F%C%/$NBP1~(B
$B%7%^%s%F%C%/$G$O!"(B2 $B7o$NLdBj$,(B Symantec Norton AntiVirus $B$N(B Auto-Protect $B5!G=$K1F6A$r$*$h$\$9$3$H$r3NG'$7!"1F6A$r

$B!!$J!"$J$s$@$C$F!<(B (AA $BN,(B)$B!#(B$B1Q8lHG%"%I%P%$%6%j(B $B$K$O(B

Symantec Response
Symantec product engineers confirmed both issues impacting Symantec's Auto-Protect feature in Symantec Norton AntiVirus and have developed and released a patch for all impacted products through Symantec LiveUpdate. Customers running Automatic LiveUpdate should already be updated.

$B$H$"$k$N$K!#$I$&$d$i!"F|K\8lHG%W%m%@%/%HMQ$N=$@5(B patch $B$O$^$@$G$-$F$$$J$$LOMM$G$9!#(B

2005.04.01 $BDI5-(B:

$B!!(B2005 $B%7%j!<%:$K$D$$$F$OBP1~$5$l$?$h$&$G$9(B: $B%7%^%s%F%C%/!"(BNorton AntiVirus 2005$B$NF|K\HG=$@5%Q%C%A$rG[I[3+;O(B (Internet Watch, 2005.04.01)$B!#(B $B

2005.04.06 $BDI5-(B:

$B!!(B2004 $B%7%j!<%:$K$D$$$F$bBP1~$5$l$?$h$&$G!"(B SYM05-006: Symantec Norton AntiVirus $B$N(B AutoProtect $B5!G=$K%5!<%S%95qH]$N@H $B$,(B 4/5 $BIU$G!VK\7o$N1F6A$r

$B"#(B telnet $B%/%i%$%"%s%H$KJ#?t$N7g4Y(B
(iDEFENSE, 2005.03.29)

$B!!(Btelnet $B%/%i%$%"%s%H$KJ#?t$N7g4Y$,H/8+$5$l$F$$$k!#(B

$B!!(BiDEFENSE Advisory $B$K$O!"7g4Y$N$"$k$b$N$H$7$F!"(B ALT Linux, Mac OS X, FreeBSD, MIT Kerberos, Openwall, Red Hat Enterprise Linux, Solaris 7$B!A(B10 $B$,5s$2$i$l$F$$$k!#$^$?(B HP-UX $B$H(B HP Tru64 UNIX $B$K$O$3$N7g4Y$O$J$$$=$&$@!#(B

$B!!$A$g$C$H3NG'$7$F$_$?$H$3$m!"(Bsocks 5 $B;2>H$B$K4^$^$l$k(B telnet $B%/%i%$%"%s%H$b7g4Y$"$j$N$h$&$K8+$($k!#(B $BMIT krb5 Security Advisory 2005-001: Buffer overflows in telnet client $B$N(B patch $B$,$[$\$=$N$^$^E,MQ$G$-$?$N$G!"$H$j$"$($:$=$l$GMM;R8+!#(B

fix / patch:

2005.04.21 $BDI5-(B:

$B!!(BGentoo, Vine, Debian, Heimdal $BDI2C!#(B

$B"#(B 2005.03.28

$B"#(B PKI$B$h$/$"$k4*0c$$(B(8)$B!V<+J,@lMQ$J$N$KBh;0ZL@=q$rGc$($H$$$&$N$O$*$+$7$$!W(B
($B9bLZ9@8w!w<+Bp$NF|5-(B, 2005.03.27)

$B$3$3$G=EMW$J$N$O!"%$%s%]!<%H@h$,!VG'>Z6I>ZL@=q!W$G$O$J$$$H$$$&$3$H$@!#<+J,$G:n$C$?%*%l%*%lG'>Z6I>ZL@=q$r!VG'>Z6I>ZL@=q!W%9%H%"$K%$%s%]!<%H$9$kJ}K!$G$b!"F1MM$K@5>o$J(BSSL$B@\B3$rZL@=q$KqY$5$l$k!J$b$7$/$OG=F0E*EpD0$r$5$l$k!K%j%9%/$,@8$8$F$7$^$&!#$=$l$KBP$7!"%*%l%*%l%5!<%P>ZL@=q$r!V%5%$%H>ZL@=q!W%9%H%"$KEPO?$9$k$3$NJ}K!$G$"$l$P!"K|$,0lHkL)80$,N.=P$7$F$b!"<+J,MQ$N%5!<%P$X$N%"%/%;%9$K%j%9%/$,@8$8$k$@$1$G:Q$`!#(B

$B!!$*$)!A!#$3$s$J5!G=$,$"$C$?$H$O!#(BFirefox $B$9$P$i$7$$$G$9!#%V%i%\!

$B"#(B 2005.03.27

$B"#(B 2005.03.25

$B"#(B $B!V$^$?$b$d(BDNS$B$N=q$-49$(!$(BWindows NT$B!?(B2000$B$N(BDNS$B%5!<%P!<$OCm0U!W!=!=JF(BSANS Institute
($BF|7P(B IT Pro, 2005.03.25)

$B!!(BCERT(R) Incident Note IN-2001-11: Cache Corruption on Microsoft DNS Servers $B$r$$$^$@$KBP1~$7$F$$$J$$$H$3$m$,$"$C$F!"8+;v$K(B DNS $B%-%c%C%7%e1x@w$5$l$?LOMM!#(B Windows 2000 $B$N(B DNS $B%5!<%P$N>l9g$O!"(B $BFC=8(B $B%$%s%?!<%M%C%H!V>o;~!W@\B37W2h(B $BBh(B6$B2s(B DNS$B%5!<%P$N@_Dj$H3NG'(B (@IT) $B$,;29M$K$J$k!#(B

$B"#(B $BDI5-(B

OpenPGP$B$K@_7W>e$N@H

$B!!(BGnuPG 1.4.1 $B=P$F$$$^$9!#(B

Added countermeasures against the Mister/Zuccherato CFB attack <http://eprint.iacr.org/2005/033>

$B!!(BGnuPG 1.2.7 / 1.4.0 $BMQ(B patch: [Announce] Attack against OpenPGP encryption

DeleGate 8.10.3-pre7

$B!!(BDeleGate 8.11.1 $B$,=P$F$$$^$9!#(BC99 $B$KE,9g$7$F$$$J$$(B gcc 2.x $B$G$b:n@.$G$-$k$h$&$K$J$j$^$7$?!#$"$j$,$?$d!#(B

$B"#(B 2005.03.24

$B"#(B $B!V(BFirefox 1.0.2$B!WF|K\8lHG$r4^$`3F9q8lHG$,8x3+!A%;%-%e%j%F%#=$@5(B3$B7o(B
(Internet Watch, 2005.03.24)

$B!!(BFirefox 1.0.2 $B$,EP>l!#(B3 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$^$9!#(B

$B!!(BFirefox $BMxMQ$BM}9)3XIt(B RINS$B!"(B mozilla-japan.org$B!#(B $B$^$?(B MFSA 2005-30, 32 $B$O(B Mozilla $B$K$b1F6A$7(B 1.7.6 $B$G=$@5$5$l$F$$$^$9!#(B MFSA 2005-30 $B$O(B Thunderbird $B$K$b1F6A$7(B 1.0.2 $B$G=$@5$5$l$F$$$^$9!#(B $B$"$o$;$F99?7$7$^$7$g$&!#(B

$B"#(B Mozilla Foundation $B$G$N(B GIF $B$K$h$k%*!<%P!<%U%m!<(B
(ISSKK, 2005.03.24)

$B!!(BMozilla 1.7.5 $B0JA0!"(BFirefox 1.0.1 $B0JA0!"(BThunderbird 1.0.1 $B0JA0$K7g4Y!#(B GIF $B2hA|$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8$9$k$?$a!"96N,(B GIF $B2hA|$K$h$jG$0U$N%3!<%I$r

$B!!(BMozilla 1.7.6$B!"(BFirefox 1.0.2$B!"(BThunderbird 1.0.2 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2005.03.23

$B"#(B JVN#8F8B1C85: $B%5%$%\%&%:(B Office $B$K$*$1$k%V%i%&%6%9%/%j%W%H
(JVN, 2005.02.07)

$B!!%5%$%\%&%:(B Office 6.1(1.0) $B0JA0$K%/%m%9%5%$%H%9%/%j%W%F%#%s%07g4Y$,$"$k$=$&$G$9!#(B$B!V%/%m%9%5%$%H%9%/%j%W%F%#%s%0@H ($B%5%$%\%&%:(B)$B!#(B

$B!!$^$@=$@5$5$l$F$$$^$;$s!#(B

$B"#(B $BDI5-(B

APPLE-SA-2005-03-21 Security Update 2005-003

$B!!(BSecurity Update 2005-003 $B$N$&$A!"%5!<%PMQ$,$R$C$3$a$i$l$?LOMM$G$9(B [harden-mac:0712]$B!#3N$+$K!"(B$B%@%&%s%m!<%I%Z!<%8(B$B$K$O%/%i%$%"%s%HMQ$7$+$J$$LOMM$G$9!#(B

$B"#(B 2005.03.22

$B"#(B Adaptive Server Enterprise - Companion TechNote to UCN entitled Urgent from Sybase: Security Issues in ASE 12.5.3 and Earlier.
(sybase, 2005.03.08)

$B!!(BSybase Adaptive Server Enterprise 12.5.3 $B0JA0$K(B buffer overflow $B$*$h$S(B DoS $B7g4Y$,$"$j!"(B ASE 12.5.3 ESD#1 $B$G=$@5$5$l$F$$$k!#(B

$B!!4XO"(B: Details of Sybase ASE bugs withheld (NGSSoftware)

2005.04.06 $BDI5-(B:

$B!!>\:Y(B: [VulnWatch] Sybase ASE Multiple Security Issues (#NISR05042005) (NGSSoftware)

$B"#(B $B%;%-%e%j%F%#BP:v$,;\$5$l$?!V(BMozilla$B!W(Bv1.7.6$B$H!V(BThunderbird$B!W(Bv1.0.2$B$,8x3+(B
($BAk$NEN(B, 2005.03.22)

$B!!(BFirefox 1.0.1 $B$K$R$-$D$E$-!"(BMozilla 1.7.6 $B$H(B Thunderbird 1.0.2 $B$,EP>l!#(B Known Vulnerabilities in Mozilla (mozilla.org) $B$b99?7$5$l$F$$$^$9!#(B Mozilla / Thunderbird $BMxMQ

$B"#(B APPLE-SA-2005-03-21 Security Update 2005-003
(apple, Tue, 22 Mar 2005 06:53:20 +0900)

$B!!(BApple Security Update 2005-003 $B$,=P$F$$$^$9!#(B Mac OS X 10.3.8 / X Server 10.3.8 $BMQ$7$+MQ0U$5$l$F$$$^$;$s!#(B $B$$$h$$$h(B 10.2.x $B7ONs$NJ]

$B!!4XO"(B:

2005.03.23 $BDI5-(B:

$B!!(BSecurity Update 2005-003 $B$N$&$A!"%5!<%PMQ$,$R$C$3$a$i$l$?LOMM$G$9(B [harden-mac:0712]$B!#3N$+$K!"(B$B%@%&%s%m!<%I%Z!<%8(B$B$K$O%/%i%$%"%s%HMQ$7$+$J$$LOMM$G$9!#(B

2005.03.31 $BDI5-(B:

$B!!%5!<%PMQ$,(B Security Update 2005-003 (Server) 1.1 $B$H$7$F:F8x3+$5$l$F$$$^$9!#(B

$B"#(B 2005.03.19

$B"#(B $BDI5-(B

$B%i%$%;%s%9(B $B%m%0(B $B%5!<%S%9$N@H

$B!!(Bhttp://www.immunitysec.com/downloads/llssrv_miss.pdf (immunitysec.com)$B!#(BWindows 2000 Advanced Server SP3 / SP4 $B$N>l9g$O!"L5G'>Z%f!<%6$G$"$C$F$b%i%$%;%s%9%m%0%5!<%S%9$K@\B3$G$-$F$7$^$&$H$$$&!#(B $B4XO"(B: Windows 2000 Advanced Server$B$OCm0U!$(B2$B7n$N@H ($BF|7P(B IT Pro, 2005.03.17)$B!#(B

$B"#(B $B$$$m$$$m(B (2005.03.19)
(various)

2005.04.28 $BDI5-(B:

$B!!(BDSA-717-1 lsh-utils -- buffer overflow, typo (Debian GNU/Linux, 2005.04.27)

$B"#(B 2005.03.18

$B"#(B McAfee $B%9%-%c%s%(%s%8%s(B 4320 $B$K%P%C%U%!%*!<%P!<%U%m!<7g4Y(B
(McAfee, 2005.03.18)

$B!!(BMcAfee $B%"%s%A%&%$%k%9%=%U%H%&%'%"$N%9%-%c%s%(%s%8%s(B 4320 $B$K$*$$$F!"(BLHA $B%U%!%$%k$r%9%-%c%s$9$k>l9g$K(B buffer overflow $B$,H/@8!#(B

$B!!$U$D$&$N(B McAfee $B%f!<%6$O!"<+F0E*$K%9%-%c%s%(%s%8%s(B 4400 $B$+$D(B DAT4436 $B0J9_$N>uBV$K$J$C$F$$$k$O$:(B (AsAP $B$@$H(B 4320 $B$N$^$^$N>l9g$,$"$k$+$b(B)$B!#(B $B%?%9%/%H%l%$$N%7!<%k%I%"%$%3%s$r1&%/%j%C%/$7$F%P!<%8%g%s>pJs$r3NG'$5$l$?$$!#(B

$B!!4XO"(B: JVN#1F649902: McAfee$B%&%$%k%9%9%-%c%s%(%s%8%s$K%P%C%U%!%*!<%P!<%U%m!<$N@H (JVN)

$B"#(B 2005.03.17

$B"#(B $BDI5-(B

JVN#DD18AD07: Tomcat $B$K$*$1$k%5!<%S%95qH]$N@H

$B!!(BVU#204710 $B!'(B Tomcat$B$N@H ($B%H%l%s%I%^%$%/%m(B)$B!#(BTrend Micro Control Manager $B$K$O1F6A$J$7!#(B

Multiple AV Vendors MULTIPLE Vulnerabilities.

$B!!(BJotti's malware scan 2.42 $B$G;n$7$F$_$?7k2L$,Js9p$5$l$F$$$^$9(B: Re: [Full-disclosure] Re: Av issues

ASP.NET $B%Q%98!>Z$N@H

$B!!$3$N(B patch $B$K$OI{:nMQ$,$"$kLOMM!#(B

$B!!(BKB887219 $B$K4XO"%j%s%/$r4^$a$F>pJs$,$"$k!#(B KB887219 $BF|K\8lHG(B $B$O!"99?7>u67$,1Q8lHG$KDI$$$D$$$F$$$J$$LOMM!#(B

$BJF9q@/I\$,:G=i$K(BWindows$B$N%Q%C%A$rF~

  • $B%;%-%e%j%F%#%5%_%C%H$H8_49@-I>2A(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2005.03.15)

    Security Update Validation Program (SUVP) $B$K$D$$$F$O!"%;%-%e%j%F%#%5%_%C%H$G$b$s$G$$$k$3$H$G$9$N$G!"$$$/$D$+$N$*5RMM$K$46(NO$$$?$@$-!"8_49@-%F%9%H$r;vA0$K9T$J$C$F$$$?$@$$$F$$$^$9!#$=$N

  • $B!VJF9q@/I\$K%Q%C%A$rM%@hE*$KDs6!$9$k!W$H$$$&JsF;$O8m2r!=!=JF(BMicrosoft ($BF|7P(B IT Pro, 2005.03.16)

    Security Update Validation Program$B$N;22C4k6H!?AH?%$OHs8x3+$J$N$GF1;a$OL@8@$rHr$1$?$,!$(B

    $B;22C4k6H$NNc(B: hp$B!#(BMicrosoft software updates on HP ProLiant Storage Servers (hp / google cache) $B$h$j(B:

    Customers of HP ProLiant Storage Servers are encouraged to apply Microsoft Critical Security Patches as they become available. To ensure the quality of Microsoft security patches on HP ProLiant Storage Servers, HP participates in Microsoft's Security Update Validation Program (SUVP) for Windows Server 2003 and Windows 2000 Server. The purpose of this program is to ensure that Microsoft Security Patches meet customer quality expectations before they are released. Almost all security patches are tested on HP ProLiant Storage Servers before they are ever posted on Microsoft's website for public use. In a few cases, Microsoft is compelled to release security patches before the Security Update Validation Program is completed.

$B"#(B 2005.03.16

$B"#(B $BDI5-(B

Symantec Enterprise Firewall DNSd $B$K$*$1$k(B DNS Cache Poisoning $B$N@H

$B!!(BSYM05-005: $B%7%^%s%F%C%/$N%;%-%e%j%F%#(I%$B%2!<%H%&%'%$@=IJ$K(B DNS $B%j%@%$%l%/%7%g%s$N@H ($B%7%^%s%F%C%/(B, 2005.03.15)$B!#=$@5%W%m%0%i%`$,(B 3/15 $BIU$G$5$i$K99?7$5$l$?LOMM$G$9!#(B

$BJF9q@/I\$,:G=i$K(BWindows$B$N%Q%C%A$rF~

$B!!(BMicrosoft$B!"!V%Q%C%A$NJF@/I\8~$1;vA0G[I[!WJsF;$KH?O@(B (ITmedia, 3/14)$B!#(B

$B!V%=%U%H%&%'%"%"%C%W%G!<%H$N%?%$%`%j!<$JG[I[!W$N6qBNE*FbMF$,!"0lIt$N4k6H$@$1$K8BDj$5$l$?%W%m%0%i%`$G$"$k(BSUVP$B$K6u73$r4^$a$k$H$$$&$3$H$@!#(B

$B!!(BSUVP (Security Update Validation Program) $B$O%;%-%e%j%F%#(B patch $B$N&B%F%9%H$r9T$&%W%m%0%i%`$@$=$&$G!#(BMS$B!"?7$7$$%Q%C%A%F%9%H%W%m%0%i%`$rH/I=!=!=8\5R$d%Q!<%H%J!<$H6(NO(B (ITmedia, 1/14)$B!#(B microsoft.com $B<+?H$K$O!"(BSecurity Update Validation Program $B$K4X$9$k>pJs$O$[$H$s$IB8:_$7$J$$$h$&$G$9$M!#(B

$B"#(B Know your Enemy: Tracking Botnets
(honeynet.org, 2005.03.13)

$B!!(Bbotnet $B$M$?!#L@F|$O$o$,?H$G$b$*$+$7$/$J$$$N$G!"FI$s$G$*$-$^$7$g$&!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B Unfiltered escape sequences in filenames contained in ZIP archives wouldn't be escaped on displaying or logging, and can also lead to bypass AV scanning
(bugtraq, Mon, 14 Mar 2005 23:21:18 +0900)

$B!!(Bzip $B%U%!%$%k$K3JG<$5$l$k%U%!%$%k$NL>A0$K@8%(%9%1!<%W%7!<%1%s%9$r4^$a$k$H(B

$B$,B8:_$9$k!"$H$$$&;XE&!#(B

$B"#(B 2005.03.15

$B"#(B [SA14565] Firefox "Save Link As..." Status Bar Spoofing Weakness
(secunia, 2005.03.15)

$B!!(BFirefox 1.0.1 $B0JA0$K7g4Y!#%j%s%/$r1&%/%j%C%/$7$F(B "save link as..." $B$rA*Br$7$?>l9g$K!"%9%F!<%?%9%P!<$KI=<($5$l$F$$$?$b$N$H$O0[$J$k%j%s%/@h$r

$B!!4XO"(B:

$B"#(B JVN#DD18AD07: Tomcat $B$K$*$1$k%5!<%S%95qH]$N@H
(JVN, 2005.03.14)

$B!!(BApache Tomcat 3.x $B$K7g4Y!#(BAPJ12 (Apache JServ Protocol 1.2) $B%]!<%H(B ($B%G%U%)%k%H(B: 8007/tcp) $B$KBP$7$FFCDj$N%Q%1%C%H$rAw$k$H(B Tomcat $B$,%/%i%C%7%e$7$?$jDd;_$7$?$j$9$k$?$a(B DoS $B$,@.N)!#$3$N7g4Y$O(B Tomcat 5.x $B$K$OB8:_$7$J$$!#(B

$B!!$3$N7g4Y$,=$@5$5$l$kM=Dj$O$J$$!#(BTomcat 5.x $B$K0\9T$9$k$+!"(B8007/tcp $B$r%U%#%k%?$9$k$3$H$G2sHr$G$-$k!#(B

2005.03.17 $BDI5-(B:

$B!!(BVU#204710 $B!'(B Tomcat$B$N@H ($B%H%l%s%I%^%$%/%m(B)$B!#(BTrend Micro Control Manager $B$K$O1F6A$J$7!#(B

$B"#(B 2005.03.14

$B"#(B $BJF9q@/I\$,:G=i$K(BWindows$B$N%Q%C%A$rF~
($BF|7P(B IT Pro, 2005.03.14)

$BJF(BMicrosoft$B$O(B ($BCfN,(B) $B=EMW$J%=%U%H%&%(%"$N99?7$,0lHL$K%j%j!<%9$5$l$k$h$j$b:GBg(B1$B%+7nAa$/!$JF9qEZ0BA4J]>c>J8~$1%P!<%8%g%s$rDs6!$9$k$H$$$&!#(B

$B!!$3$l$C$F!"!V(BUSA $B@/I\$,B>9q$KB8:_$9$k(B Windows $B$r3N

$B!!(BSECURITY SUMMIT 2005 $B$,=*$C$F$+$i$3$s$J%M%?$K5$$,$D$/$H$O!D!D@ZJ"(B > $B26!#(B

2005.03.16 $BDI5-(B:

$B!!(BMicrosoft$B!"!V%Q%C%A$NJF@/I\8~$1;vA0G[I[!WJsF;$KH?O@(B (ITmedia, 3/14)$B!#(B

$B!V%=%U%H%&%'%"%"%C%W%G!<%H$N%?%$%`%j!<$JG[I[!W$N6qBNE*FbMF$,!"0lIt$N4k6H$@$1$K8BDj$5$l$?%W%m%0%i%`$G$"$k(BSUVP$B$K6u73$r4^$a$k$H$$$&$3$H$@!#(B

$B!!(BSUVP (Security Update Validation Program) $B$O%;%-%e%j%F%#(B patch $B$N&B%F%9%H$r9T$&%W%m%0%i%`$@$=$&$G!#(BMS$B!"?7$7$$%Q%C%A%F%9%H%W%m%0%i%`$rH/I=!=!=8\5R$d%Q!<%H%J!<$H6(NO(B (ITmedia, 1/14)$B!#(B microsoft.com $B<+?H$K$O!"(BSecurity Update Validation Program $B$K4X$9$k>pJs$O$[$H$s$IB8:_$7$J$$$h$&$G$9$M!#(B

2005.03.17 $BDI5-(B:

$B"#(B 2005.03.13

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

Windows XP SP2$B$H(BServer 2003$B!"!H8EE5E*$J967b!I$K@H

$B!!(BWindows Server 2003 $B$K$D$$$F$O!"(B 324270 - How To Harden the TCP/IP Stack Against Denial of Service Attacks in Windows Server 2003 (Microsoft) $B$K$"$k@_Dj$r;\$;$P$@$$$8$g$&$V$JLOMM!#(B $B$H$$$&$+!"%G%U%)%k%H$GM-8z$G$O$J$$$N$G$9$M!D!D!#(B

$B%+!<%=%k$*$h$S%"%$%3%s$N%U%)!<%^%C%H$N=hM}$N@H

$B!!!V(BWindows 98 / 98 SE / Me $BMQ$N=$@5%W%m%0%i%`!W$J$N$@$,!"$3$l$r%$%s%9%H!<%k$9$k$H%V%k!<2hLL$K$J$k;vNc$,$=$3$+$7$3$GH/@8$7$F$$$kLOMM!#7'G-$5$/$i$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!$I$&$d$i!V(BWindows 98 / 98 SE / Me $BMQ$N=$@5%W%m%0%i%`!W$O!"%b%8%e!<%kF~$l$+$(7?$N!V=$@5%W%m%0%i%`!W$G$O$J$/!">oCs%W%m%0%i%`$K$h$C$F7g4Y$r2sHr$9$k$b$N$N$h$&$G$9$M!#$G!"$=$l$,!V2?$+!W$H$V$D$+$k$3$H$,$"$k$h$&$G$9!#(B $BLdBj$J$$?M$K$OA4$/LdBj$J$$$h$&$J$N$G$9$,!#(B $B=$@5%W%m%0%i%`$r8DJL$K$7$?$iLdBj$,2r>C$5$l$?Nc(B (2ch.net) $B$b$"$k$h$&$J$N$G!"%V%k!<$J?M$O;n$7$F$_$k$H$$$$$+$b!#(B

$B"#(B Ethereal 0.10.10 released
(Ethereal.com, 2005.03.11)

$B!!(BEthereal 0.10.10 $BEP>l!#(B CAN-2005-0704 CAN-2005-0705 CAN-2005-0699 $B$,=$@5$5$l$F$$$k$=$&$@!#(B

$B"#(B $B%3%3%m%0$O(B SSI $B%$%s%8%'%/%7%g%s2DG=(B
($B?eL57n$P$1$i$N$($SF|5-(B, 2005.02.22)

$B6a$$$&$A$K!"$I$N$h$&$K$7$F%3%3%m%0$K(B SSI $B$,%$%s%8%'%/%7%g%s$G$-$k$N$+!"$=$l$G2?$,$G$-$k$N$+$r$^$H$a$F=q$3$&$+$J$H;W$C$F$$$^$9!#(B
($BCfN,(B)
2005-03-12 $BDI5-(B: $B!V6a$$$&$A$K!W$H=q$-$^$7$?$,!"$7$P$i$/>pJs$N8x3+$r8+Aw$j$^$9!#@hAw$j$NM}M3$O=R$Y$i$l$^$;$s$,!"$*;!$7$/$@$5$$!#(B

$B!!%3%3%m%0$NL@F|$O$I$C$A$@(B orz

$B"#(B Multiple AV Vendors MULTIPLE Vulnerabilities.
(bugtraq, 10 Mar 2005 18:26:22 +0900)

$B!!$5$^$6$^$J:Y9)$r;\$7$?(B zip $B%U%!%$%k$K%&%$%k%9$r4^$^$;$F$*$/$H!"B?$/$N%"%s%A%&%$%k%9%=%U%H$N8!::$r$+$$$/$0$i$;$k$3$H$,2DG=$H$$$&;XE&!#(B $B:Y9)$NJ}K!$H$7$F$O0J2<$,<($5$l$F$$$k(B:

$B!!$3$N7g4Y$O!"FC$K%a!<%k$d(B web $B$J$I$KBP$9$k%"%s%A%&%$%k%9%2!<%H%&%'%$$K$*$$$F=EBg$J1F6A$r;}$D$H9M$($i$l$k!#4{CN$N%&%$%k%9$G$"$C$F$b!">e5-$N$h$&$J:Y9)$7$?(B zip $B%U%!%$%k$K4^$^$;$k$3$H$G!"%"%s%A%&%$%k%9%2!<%H%&%'%$$rDL2a$7$F$7$^$&$N$@!#(B $B$$$:$l$K$D$$$F$b%G%b%U%!%$%k$,MQ0U$5$l$F$$$k$N$G!"3F<+$,MxMQ$7$F$$$k%"%s%A%&%$%k%9%=%U%H$G;n$7$F$_$k$H$h$$$@$m$&!#(B

$B!!$3$N$h$&$J(B zip $B%"!<%+%$%V$,!"(Bzip $B%U%!%$%kBP1~%"%W%j%1!<%7%g%s$K$*$$$F$b0[>o$J$b$N$H$7$F07$o$l$l$PLdBj$J$$$N$@$,!"o$K!WE83+$7$F$7$^$&$N$GLdBj$K$J$k!#(B

2005.03.17 $BDI5-(B:

$B!!(BJotti's malware scan 2.42 $B$G;n$7$F$_$?7k2L$,Js9p$5$l$F$$$^$9(B: Re: [Full-disclosure] Re: Av issues

$B"#(B MySQL $B4XO"(B
(various)

$B!!(BMySQL 4.0.23 $B0JA0(B / 4.1.10 $B0JA0$K(B 3 $B$D$N7g4Y!#(B

$B!!(BMySQL 4.0.24 / 4.1.10a $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2005.03.11

$B"#(B $BDI5-(B

OpenSSH $B$N@H

$B!!(B3/10 $B$H(B 3/11 $B$K2~D{$5$l$F$$$^$9!#(B

$B?/F~$r5=(B (phishing) $B$NF'$_Bf%5!<%P$K$5$l$k$J$I$N;vNc$,!":#G/(B 1$B7n0J9_(B10$B7o0J>eJs9p$5$l$F$$$^$9!#(B
<
$B%5!<%P!<(B $B%a%C%;!<%8(B $B%V%m%C%/$N@H

$B!!$3$N7g4Y$O!"$9$G$K%5%]!<%H$,=*N;$7$F$$$k(B Windows NT 4.0 $B$K$bB8:_$9$k$3$H$,H=L@!#(B

$B!!(Bkitt $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2005.03.10

$B"#(B 2005.03.09

$B"#(B JVN#8BAAAB4E: msearch $B$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k$N@H
(JVN, 2005.03.09)

$B!!(Bmsearch 1.50 / 1.51 $B$*$h$S(B UNICODE $BHG(B msearch 1.51 $B$K7g4Y!#(B $B%G%#%l%/%H%j%H%i%P!<%5%k7g4Y(B (../ $B%P%0(B) $B$,$"$j!"(Bmsearch CGI $B$NF0:n8"8B$G%"%/%;%92DG=$J%5!<%PFb$NG$0U$N%U%!%$%k$N$&$A!"FCDj$N7A<0$rK~$?$9$h$&$J$b$N$K$D$$$F!"$=$NFbMF$r

$B%?%V$K$h$C$F(B5$B$D$N%U%#!<%k%I$KJ,$1$i$l$F!$#19T#1%l%3!<%I$K$J$C$F$$$k%U%!%$%k$G$9!%(B 2$BHVL\!$(B4$BHVL\!$(B5$BHVL\$N%U%#!<%k%I$K4^$^$l$F$$$kFbMF$O(Bmsearch$B$N8!:w$K$h$C$F8!:w7k2L$KI=<($5$l$k>l9g$,$"$j$^$9!%(B

$B$3$l$O%$%s%G%C%/%9%U%!%$%k$N7A<0!#B>$K@_Dj%U%!%$%k$N7A<0$HF10l$N>l9g$K$b

$B!!(Bmsearch 1.52 $B$*$h$S(B UNICODE $BHG(B msearch 1.52 (U1) $B$K$*$$$F=$@5$5$l$F$$$k!#(B

$B"#(B OpenSSH $B$N@H
(JPCERT/CC, 2005.03.09)

$B!!%h%o%h%o$J(B OpenSSH $B$d!"%h%o%h%o$J%Q%9%o!<%I$rA@$C$?967b$,N.9T$C$F$$$k$h$&$G$9!#5$$r$D$1$^$7$g$&!D!D$H8@$C$F$bDL$8$J$$?M$,LdBj$J$s$@$m$&$1$I$J$"!#(B

2005.03.11 $BDI5-(B:

$B!!(B3/10 $B$H(B 3/11 $B$K2~D{$5$l$F$$$^$9!#(B

$B?/F~$r5=(B (phishing) $B$NF'$_Bf%5!<%P$K$5$l$k$J$I$N;vNc$,!":#G/(B 1$B7n0J9_(B10$B7o0J>eJs9p$5$l$F$$$^$9!#(B

$B"#(B $BDI5-(B

$B%O%$%Q!<%j%s%/(B $B%*%V%8%'%/%H(B $B%i%$%V%i%j$N@H

$B!!$3$N7g4Y$O(B Windows 9x / Me $B$K$b$"$j$^$7$?(B ($B$9$$$^$;$s(B)$B!#(B Windows 98 / 98 SE / Me $BMQ$N=$@5%W%m%0%i%`$,EP>l$7$?$=$&$G$9!#(B Windows Update $B$GF~

$B%+!<%=%k$*$h$S%"%$%3%s$N%U%)!<%^%C%H$N=hM}$N@H

$B!!(BWindows 98 / 98 SE / Me $BMQ$N=$@5%W%m%0%i%`$,$h$&$d$/EP>l$7$?$=$&$G$9!#(B Windows Update $B$GF~

$B"#(B 2005.03.08

$B"#(B $B%b%P%$%k5!4o$N;XLfG'>Z%G%P%$%9$KMj$C$F$O$$$1$J$$(B
($B:j;3?-IW$N(BBlog, 2005.03.05)

$B!!$3$l$C$F$D$^$j!"!V%Q%9%o!<%I$r=q$$$?IUd5;f$r%G%#%9%W%l%$$KE=$j$D$1$F$"$k!W$N$H;w$?$h$&$J>u67$J$o$1$G$9$h$M!D!D!#(B

$B!!$=$&$$$($P!"$3$N$4$m;XLfG'>Z$rBj:`$H$7$?(B IBM $B$N(B CM (IBM$B;XLf%;%s%5!<(B?) $B$,$*Cc$N4V$KN.$l$F$$$^$9$,!"$"$l$O%0%_;X967b$X$NBQ@-$O$"$k$s$G$9$+$M$(!#(B $B!D!D$*$C!"(BIBM$B;XLf%;%s%5!<(B$B$N%Z!<%8$KAGE($J$3$H$,=q$$$F$"$k(B:

$B;XLfG'>Z5;=Q$O(B100%$B40A4$JK\?MG'>Z!&>H9g$rJ]>Z$9$k$b$N$G$O$"$j$^$;$s!#K\;XLf%;%s%5!<$r;HMQ$5$l$?$3$H!"$^$?$O;HMQ$G$-$J$+$C$?$3$H$K$h$C$F@8$8$k$$$+$J$kB;32$K4X$7$F$b!"Ev5$/$@$5$$!#(B

$B!!%0%l%$%H!#(B

$B"#(B $BDI5-(B

Vulnerability Note VU#702777: UW-imapd fails to properly authenticate users when using CRAM-MD5

$B!!?.Mj$G$-$k6Z$+$i!V(Bimap-2004b $B$G=$@5$5$l$?!W;]$N>pJs$r

$B"#(B Symantec Enterprise Firewall DNSd $B$K$*$1$k(B DNS Cache Poisoning $B$N@H
(JPRS, 2005.03.08)

$B!!:rG/(B 6 $B7n$N(B SYM04-010: Symantec Gateway Security $B@=IJ$K(B DNS $B%-%c%C%7%e!&%]%$%>%K%s%0$N@H $B$rA@$C$?967b$,N.9T$C$F$$$kLOMM!#(B Symantec Gateway Security 5400 Series, v2.0 / 5300 Series, v1.0$B!"(B Symantec Enterprise Firewall v7.0.x / v8.0$B!"(B Symantec VelociRaptor Model 500/700/1000/1100/1200/1300 $B$NMxMQLatest hotfixes for the Symantec DNSd cache-poisoning vulnerability - March 04, 2005 (Symantec) $B$+$i:G?7$N=$@5%W%m%0%i%`$rF~

$B!!4XO"(B: $B!V860x$O(BDNS$B$N=q$-49$(!)0- ($BF|7P(B IT Pro, 3/7)

2005.03.16 $BDI5-(B:

$B!!(BSYM05-005: $B%7%^%s%F%C%/$N%;%-%e%j%F%#(I%$B%2!<%H%&%'%$@=IJ$K(B DNS $B%j%@%$%l%/%7%g%s$N@H ($B%7%^%s%F%C%/(B, 2005.03.15)$B!#=$@5%W%m%0%i%`$,(B 3/15 $BIU$G$5$i$K99?7$5$l$?LOMM$G$9!#(B

$B"#(B Windows XP SP2$B$H(BServer 2003$B!"!H8EE5E*$J967b!I$K@H
($BF|7P(B IT Pro, 2005.03.07)

$B!!(BWindows Server 2003 $B$d(B Windows XP SP2 $B$,(B LAND attack $B$N1F6A$r

$B!!

$B!!(BICF $B$d(B Windows $B%U%!%$%"%&%)!<%k$rM-8z$K$9$l$PKI$0$3$H$,$G$-$k!#(B

2005.03.13 $BDI5-(B:

$B!!(BWindows Server 2003 $B$K$D$$$F$O!"(B 324270 - How To Harden the TCP/IP Stack Against Denial of Service Attacks in Windows Server 2003 (Microsoft) $B$K$"$k@_Dj$r;\$;$P$@$$$8$g$&$V$JLOMM!#(B $B$H$$$&$+!"%G%U%)%k%H$GM-8z$G$O$J$$$N$G$9$M!D!D!#(B

2005.04.21 $BDI5-(B:

$B!!(BTCP/IP $B$N@H $B$G=$@5$5$l$F$$$k!#(B

$B"#(B 2005.03.07

$B"#(B $BDI5-(B

cURL $BG'>Z7g4Y(B

$B!!(BcURL 7.13.1 $B$,=P$^$7$?!#>e5-7g4Y$,=$@5$5$l$F$$$^$9!#(B iida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

Sylpheed 1.0.2 $B0JA0$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k7g4Y(B

$B!!(BSylpheed $B$K%P%C%U%!%*!<%P!<%U%m!<$NLdBj(B (slashdot.jp)$B!#(B

$B"#(B 2005.03.06

$B"#(B 2005.03.04

$B"#(B Race condition related to Set-Cookie header
(squid, 2005.03.03)

$B!!(Bsquid 2.5-STABLE7 $B$+$i(B 2.5-STABLE9 $B$K7g4Y!#(B $B%5!<%PB&$,;~BeCY$l$N(B Netscape Set-Cookie $B;EMM$K4p$E$/5sF0$r<($9>l9g$K!"(BSet-Cookie $B%X%C%@$,B>?M$KO31H$7$F$7$^$&!#(B 2.5-STABLE9 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B

$B"#(B Sylpheed 1.0.2 $B0JA0$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k7g4Y(B
(Sylpheed, 2005.03.04)

$B!!(BSylpheed 0.8.0 $B!A(B 1.0.2 $B$K7g4Y!#(B

ascii $B0J30$NJ8;z$r4^$`FCDj$N%X%C%@$r$b$D%a%C%;!<%8$KJV?.$7$?$H$-$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k2DG=@-$,$"$C$?(B

$B!!(BChangeLog.jp $B$r8+$k$H!"(B1.0.3 $B$N$H$3$m$K$O!"$3$&=q$+$l$F$$$^$9!#(B 

* src/codeconv.[ch]: $B%P%C%U%!%*!<%P!<%U%m!<$r5/$3$7$F$$$?(B
  conv_unmime_header_overwrite() $B$r:o=|!#(B
* src/compose.c: compose_parse_header(): $B%P%C%U%!%*!<%P!<%U%m!<$r(B
  $B5/$3$9(B conv_unmime_header_overwrite() $B$r;HMQ$7$J$$$h$&$K$7$?!#(B

$B!!(Bsrc/compose.c $B$r8+$F$_$k$H!"3:Ev$9$k$N$O(B reply-to:, cc:, bcc:, followup-to: $B$N$h$&$G$9!#(B

$B!!(BSylpheed 1.0.3 $B$G=$@5$5$l$F$$$^$9!#(B

2005.03.07 $BDI5-(B:

$B!!(BSylpheed $B$K%P%C%U%!%*!<%P!<%U%m!<$NLdBj(B (slashdot.jp)$B!#(B

$B"#(B Java $B%;%-%e%j%F%#%]%j%7!<$NFH<+@_Dj$K4X$9$kCm0U4-5/(B
(IPA, 2005.02.28)

Java $B%"%W%j%1!<%7%g%s$N%$%s%9%H!<%k%W%m%0%i%`Ey$NCf$K$O!"$b$H$b$H@_Dj$5$l$F$$$k%]%j%7!<$r>e=q$-$7$F>C$7$F$7$^$C$?$j!"%]%j%7!<$NE,MQHO0O$r@)8B$7$F$$$J$$$b$N$,$"$j$^$9!#$3$N7k2L!"%&%'%V%Z!<%8>e$K;E3]$1$i$l$?f+$J$I$K$h$j!"%/%i%$%"%s%H>e$N%U%!%$%k$,Ep$_8+$i$l$?$j!"GK2u$5$l$?$j!"%/%i%$%"%s%H$,Bh;0$N(B Java $B%"%W%j%1!<%7%g%s$,F0:n$7$J$/$J$k2DG=@-$,$"$j$^$9!#(B

$B$@$=$&$G$9!#ITE,@Z$J%]%j%7!<@_Dj$NNc$b5-:\$5$l$F$$$^$9$N$G!"(BJava $B$JJ}$O$40lFI$r!#(B

$B"#(B $B$*5RMM3F0L(B: $B%P%C%U%!!&%*!<%P!<%U%m!
(CA, 2005.03.01)

$B!!(BCA $B%i%$%;%s%9%=%U%H%&%(%"(B ($B%i%$%;%s%9%5!<%P$H%i%$%;%s%9%/%i%$%"%s%H$NN>J}(B) v1.53 $B!A(B V1.61.8 $B$KJ#?t$N7g4Y!#(B remote $B$+$i(B local SYSTEM $B8"8B$rC%patch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!4XO"(B:

$B"#(B cURL $BG'>Z7g4Y(B
(iDEFENSE, 2005.02.21)

$B!!(BcURL 7.13.0 $B0JA0$K7g4Y!#(B

$B!!(BCVE: CAN-2005-0490

2005.03.07 $BDI5-(B:

$B!!(BcURL 7.13.1 $B$,=P$^$7$?!#>e5-7g4Y$,=$@5$5$l$F$$$^$9!#(B iida $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2005.03.02

$B"#(B 2.5.STABLE8 Patches: Assertion failure on certain odd DNS responses
(squid-cache.org, 2005.02.13)

$B!!JQ$J(B DNS $B%l%9%]%s%9$K$h$C$F(B squid $B$,0[>o=*N;$7$F$7$^$&LOMM!#(B 2.5.STABLE8 $BMQ$N(B patch $B$,=P$F$$$kB>!"(B2.5.STABLE9 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B phpBB 2.0.13 released - Critical Update
(phpBB, 2005.02.27)

$B!!(BphpBB 2.0.13 $BEP>l!#0J2<$NLdBj$,(B fix $B$5$l$F$$$k!D!D$_$?$$!#(B

$B!!(BphpBB 2.0.12 $B$NCJ3,$G!"0J2<$NLdBj$,(B fix $B$5$l$F$$$?LOMM!#(B

$B"#(B $BDI5-(B

Firescrolling [Firefox 1.0]

$B!!(BMozilla Foundation Security Advisory 2005-27 (mozilla.org)

Mozilla / Mozilla Firefox $BJ}LL(B

$B!!(BMozilla Foundation Security Advisory 2005-23 (mozilla.org)$B!#(B Download Dialog Source Spoofing $B$NOC!#(BFirefox 1.0.1 $B$G(B fix $B!#(B

[SA14160] Mozilla / Firefox Three Vulnerabilities

$B!!(BMozilla Advisory:

$B"#(B iDEFENSE Security Advisory 02.28.05: Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
(iDEFENSE, 2005.03.01)

$B!!(BFirefox 1.0.0, Thunderbird 1.0.0, Mozilla 1.7.5 $B0JA0$K7g4Y!#(B $BJ8;zNsA`:n4X?t$K7g4Y$,$"$j!"%a%b%jGK2u$,H/@8!#96N,(B web $B%Z!<%8$rFI$_$3$^$;$k$3$H$K$h$jG$0U$N%3!<%I$rCAN-2005-0255

$B!!(BFirefox 1.0.1, Thunderbird 1.0.1, Mozilla 1.7.6 $B$G=$@5$5$l$F$$$k!#(B Thunderbird 1.0.1 / Mozilla 1.7.6 $B$O$^$b$J$/EP>lM=Dj!#(B Mozilla Foundation Security Advisory 2005-18 (mozilla.org) $B$b;2>H!#(B

$B!!$3$NB>$K$b!"(BKnown Vulnerabilities in Mozilla (mozilla.org) $B$K$O(B Firefox 1.0.1 $B$G=$@5$5$l$?(B 17 $B$N7g4Y$,>R2p$5$l$F$$$k!#(B

$B"#(B [KDE Security Advisory] kppp Privileged fd Leak Vulnerability
(KDE, 2005.02.28)

$B!!(BKDE 3.1.5 $B0JA0$K4^$^$l$k(B kppp $B$K7g4Y!#(B local user $B$,(B /etc/hosts $B$d(B /etc/resolv.conf $B$r2~JQ$G$-$F$7$^$&!#(B KDE 3.2.x $B$K$O$3$N7g4Y$O$J$$!#(B $B4XO"(B: iDEFENSE Security Advisory 02.28.05: KPPP Privileged File Descriptor Leak Vulnerability$B!#(B CVE: CAN-2005-0205$B!#(B

$B!!(BKDE 3.1.5 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B

$B"#(B Security Patch Update For Realplayer Enterprise
(RealNetworks, 2005.03.01)

$B!!(BRealplayer Enterprise 1.1, 1.2, 1.5, 1.6, 1.7 $B$K7g4Y!#(B $B96N,(B WAV / SMIL $B%U%!%$%k$K$h$j(B buffer overflow $B$,H/@8!"(B $BG$0U$N%3!<%I$,

$B!!BP1~$9$k$K$O!"99?7HG$N(B audp3260.dll $B$*$h$S(B smlr3260.dll $B$,8x3+$5$l$F$$$k$N$G!"$3$l$i$rF~$l$+$($l$P$h$$!#(B

$B!!4XO"(B: [Full-Disclosure] iDEFENSE Security Advisory 03.01.05: RealNetworks RealPlayer .smil Buffer Overflow Vulnerability$B!#(B iDEFENSE $B$K$h$k$H!"(BRealPlayer 8 / 10 / 10.5$B!"(BRealOne Player V1 / V2 $B$K$bF1MM$N7g4Y$,$"$kLOMM!#$^$?(B Mac OS $BHG$d(B Linux $BHG$N(B RealPlayer / RealOne / Helix Player $B$K$b7g4Y$,$"$k!"$H$5$l$F$$$k!#(B http://service.real.com/help/faq/security/security022405.html $B$K$"$k$N$O(B Realplayer Enterprise $B@lMQ$N99?7%b%8%e!<%k$J$N$GCm0U$5$l$?$$!#(B

$B!!(BRealPlayer 8 / 10 / 10.5$B!"(BRealOne Player V1 / V2 $B$O$3$A$i(B: RealNetworks, Inc.$B!"%;%-%e%j%F%#@H (RealNetworks)$B!#6L2,$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BCVE: CAN-2005-0455

$B"#(B SYM05-004: SMTP $B%P%$%s%I9=@.$N@_Dj$,L5;k$5$l$k@H
($B%7%^%s%F%C%/(B, 2005.02.28)

$B!!%7%^%s%F%C%/$N(B Firewall/VPN Appliance 200/200R, Gateway Security 360/360R, Gateway Security 460/460R, Nexland Pro800turbo $B$K7g4Y!#(B $B!V(BWAN $B$N%P%$%s%IBP>]$H$7$F%f!<%6!<$,A*Br$7$?9=@.$rL5;k$7$F(B SMTP$B!JAw?.$5$l$kEE;R%a!<%k!K%H%i%U%#%C%/$NIi2YJ,;6$,9T$o$l$k2DG=@-!W$,$"$k$=$&$J!#(B $B?7$7$$%U%!!<%`%&%(%"$rE,MQ$9$l$P$h$$$h$&$G$9!#(B

$B"#(B 2005.03.01

$B"#(B $BDI5-(B

[Full-Disclosure] iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability

$B!!(BRe: iDEFENSE Security Advisory 02.25.05: WU-FTPD File Globbing Denial of Service Vulnerability (bugtraq)$B!#(B $BD>$9$Y$-$O(B wu_fnmatch.c $B$8$c$J$/$F(B glob.c $B$J$N$G$O!"$H$$$&;XE&!#(Bpatch $B$D$-!#(B $B$3$N(B patch $B$rE,MQ$9$k$H>e5-(B DoS $B$,H/@8$7$J$/$J$k$3$H$r

RFC2397 "data" URL $B4XO"(B

$B!!(B$B%2!<%H%&%'%$BP:v@=IJ$K$*$1$k(BRFC 2397$B!'(BURL$B%9%-!<%`!V(Bdata:$B!W$N0-MQ$K$h$k0-0U$"$k%3!<%I$N8!=P2sHr@H ($B%H%l%s%I%^%$%/%m(B)$B!#%H%l%s%I%^%$%/%m$N%2!<%H%&%'%$@=IJ$K$*$1$k!"(BRFC2397 $B$X$NBP1~>u67!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B