$B%;%-%e%j%F%#%[!<%k(B memo - 2005.06

Last modified: Mon Jan 16 14:27:14 2006 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2005.06.27

$B"#(B $B>CKI>J$N%I%a%$%s(B FDMA.GO.JP $B$KB8:_$7$?4m81@-(B(revised)
(bugtraq-jp, Mon, 27 Jun 2005 07:08:14 +0900)

$B!!(BVISA$B%I%a%$%sLdBj(B$B$HF1MM$N>u67$,!"(B$BAmL3>J>CKID#(B$B$N(B FDMA.GO.JP $B%I%a%$%s$K$*$$$F$bH/@8$9$k;v$,7|G0$5$l$F$$$?$H$$$&;XE&!#(B $B>u67$,82:_2=$9$kD>A0$K!"(BIPA $B7PM3$G$NNkLZ;a$N;XE&$K$h$jBP1~$5$l$?LOMM!#(B $B$?$@$7(B DNS $B1?MQ>e$O$$$^$@LdBj$N$"$k@_Dj$NLOMM!#(B $B%M!<%`%5!<%P$OFbItL>$G!A(BDNS$B$NJz$($kLdBjE@(B (JPRS) $B$H$$$&OC$b$"$j$^$9$7!"JL%I%a%$%s$r(B NS $B;XDj$9$k$N$O$d$a$^$;$&!#(B

$B!!(B($B2~D{HG$,=P$?$N$G%j%s%/@h$r=$@5(B: $BNkLZ$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B / typo fixed: $BKYED$5$s46

$B!!!D!DA0Ln$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B) 

  $B$=$A$i$N(B 2005.06.27 $BIU$1(B
    $B"#(B $B>CKI>J$N%I%a%$%s(B FDMA.GO.JP $B$KB8:_$7$?4m81@-(B 
  $B$K4XO"$7$F$+$+$l$F$$$kBP:v$K0[5D$,$"$j$^$9!#(B

  $B3N$+$K:#2s$N4m81(B($B/$$(B)$B$O(B
    $B!XJL%I%a%$%s$r(B NS $B;XDj$9$k$N$O$d$a$^$;$&!#!Y(B
  $B$K$h$C$FHr$1$i$l$k$G$7$g$&!#(B

  $B$7$+$7!"FbItL>$r;H$&$3$H$K$h$C$F!"(Bglue $B%l%3!<%I$r;XDj$9$kI,MW$,$G$-$^$9!#(B
  DNS $B$N;EAH$rM}2r$9$k$3$H$J$/!"(Bglue $B%l%3!<%I$r;H$&$3$H$O(B
  $B4V0c$C$?(B IP $B%"%I%l%9$r;XDj$9$k$H$$$&JL$J4m81$rM6H/$7$^$9!#(B
  ($B$3$A$i$NNc$O$+$J$j$"$k$H;W$o$l$k!#(B)

  ($BE,Ev$H$O8@$($J$$(B)$BBP:v$r$9$k$3$H$K$h$j!"$h$j4m81$K$J$k$G$7$g$&!#(B

  $B:#2s$N$h$&$J%1!<%9$NBP:v$H$7$F!"(B
  $BFbItL>$r;H$&$3$H$rAG?M8~$1$K4+$a$k$N$O$h$/$J$$$N$G$9!#(B

$B!!;v8N$H$7$F$O!"!V4V0c$C$?(B IP $B%"%I%l%9$r;XDj$9$k!W$N$O4V0c$($k?M$,0-$$$N$G<+6H<+F@$N$h$&$J5$$,$7$^$9$,!"!VL>A0$OF1$8$J$N$@$,$$$D$N$^$K$+(B IP $B%"%I%l%9$,JQ$o$C$F$7$^$C$F$$$?!W$H$$$&>u67$b$"$jF@$=$&$J5$$,$7$F$-$^$7$?!#(B

$B!!$$$:$l$K$7$F$b!"!V(BNS $B$K$O(B ($B%I%a%$%sL>$b4^$a$F(B) $B?.Mj$G$-$k$b$N$r!W$H$$$&$3$H$K$J$k$N$+$J!#?.Mj$G$-$k$H$3$m$G$b$$$-$J$jE]$l$k>l9g$b$"$k$N$G$7$g$&$,!D!D!#(B

2005.06.28 $BDI5-(B:

2005.07.01 $BDI5-(B:

$B"#(B $BDI5-(B

$B%5!<%P!<(B $B%a%C%;!<%8(B $B%V%m%C%/$N@H

$B!!(BWindows SMB Client Transaction Response Handling (Exploit, MS05-011) (securiteam.com)

Outlook Express $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (897715) (MS05-030)

$B!!(Bexploit $B$i$7$-$b$N$,8x3+$5$l$F$$$^$9(B: Microsoft Outlook Express NNTP Buffer Overflow Exploit (MS05-030) (frsirt.com)

$B%a%G%#%"!&#J#R$J$I#L#A#N>c32!"%&%$%k%9BP:v$GIT6q9g(B
Multiple Browsers Dialog Origin Vulnerability Test

$B!!(B$B (slashdot.jp) $B$K$h$k$H!"(BKonqueror $B$N>l9g$O!"$I$3$+$iI=<($5$l$?$N$+$,$A$c$s$H$o$+$k$h$&$G$9!#(B

$B!!(BMicrosoft Security Advisory $B$NF|K\8lHG=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (902333): $B85$N>l=j$,I=<($5$l$J$$%V%i%&%6(B $B%&%#%s%I%&$,%U%#%C%7%s%0:>5=$KMxMQ$5$l$k2DG=@-$K$D$$$F(B (Microsoft)$B!#(B

$B"#(B 2005.06.24

$B"#(B VISA$B%I%a%$%sLdBj2r@b(B
($BNkLZ>oI';a(B, 2005.06.02)

$B!!(Bvisa.co.jp $B$J$I$N(B NS $B%l%3!<%I$K!V(Bescdns01.e-ontap.com$B!W$,5-:\$5$l$F$$$?$N$@$,!"(B2005.05.18 $B$^$G$K(B e-ontap.com $B%I%a%$%s<+BN$,>CLG!#(Be-ontap.com $B%I%a%$%s$r$B%U%!!<%_%s%0(B$B$ruBV$K!#(B $B8+$k$K8+$+$M$?NkLZ;a$,(B e-ontap.com $B$r$BA0Ln;a$N6(NO(B$B$b$"$C$FDLCN!&BP1~Ey$5$l$?LOMM!#(B

$B!!A0Ln;a$K$h$k$H!"$3$N$h$&$JLdBj$r$+$+$($k%I%a%$%s$OB>$K$b$"$k$N$@$,!"@bL@$7$F$b$J$+$J$+M}2r$7$F$b$i$($:!"Cf$K$O=$@5$5$l$J$$$^$^J|CV$5$lB3$1$k;vNc$b$"$k$=$&$@!#(B

$B"#(B RealNetworks, Inc.$B!"%;%-%e%j%F%#@H
(RealNetworks, 2005.06.23)

$B!!(BReal Player 8$B!A(B10.5 (6.0.12.1040-1069) Windows $BHG!"(BRealOne Player v1 / v2$B!"(BRhapsody 3 (build 0.815 - 0.1006)$B!"(BRealPlayer Enterprise$B!"(BMac $BHG(B Real Player 10 / RealOne Player$B!"(BLinux RealPlayerr (10.0.0 - 4) / Helix Player (10.0.0 - 4) $B$K7g4Y!#(B

  1. $B96N,(B MP3 $B%U%!%$%k$rMQ$$$F!"%m!<%+%k%U%!%$%k$r>e=q$-$7$?$j%m!<%+%k%^%7%s>e$N(B ActiveX $B%3%s%H%m!<%k$r

  2. RealText $B$rMQ$$$?(B RealMedia $B%U%!%$%k$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8$9$k$?$a!"(B $B96N,(B RealMedia $B%U%!%$%k$GG$0U$N%3!<%I$r

    $B4XO"(B: [VulnWatch] iDEFENSE Security Advisory 06.23.05: RealNetworks RealPlayer RealText Parsing Heap Overflow Vulnerability$B!#(B CVE: CAN-2005-1277

  3. AVI $B%U%!%$%k$N=hM}$K$*$$$F(B buffer overflow $B$,H/@8$9$k$?$a!"(B $B96N,(B AVI $B%U%!%$%k$GG$0U$N%3!<%I$r

    $B4XO"(B: eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow$B!#(B $BF|K\8lHG(B: eEye Advisory - EEYEB-200505 - RealPlayer vidplin.dll AVI$B=hM}%R!<%W%*!<%P!<%U%m!<(B$B!#(B

  4. $B0JA0$NHG$N(B Internet Explorer $B$N%G%U%)%k%H@_Dj$rMQ$$$F!"(B $B96N,(B web $B%5%$%H$,%m!<%+%k(B HTML $B%U%!%$%k$r:n@.$7!"(BRM $B%U%!%$%k$r1iAU$5$;$k$3$H$G!"$=$N(B HTML $B%U%!%$%k$r;2>H$5$;$k$3$H$,$G$-$k!#(B

$B!!(BWindows $BHG(B RealOne Player v1 / v2 $B$*$h$S(B Real Player 10$B!A(B10.5 (6.0.12.1040-1069) $B$K$D$$$F$O!">e5-$NA4$F$,3:Ev$9$k!#(BWindows $BHG(B Real Player 8 $B$*$h$S(B RealPlayer Enterprise $B$K$D$$$F$O(B 2$B!A(B4 $B$,3:Ev$9$k!#(BRhapsody 3 (build 0.815 - 0.1006) $B$O(B 3 $B$N$_!"(BMac $BHG(B Real Player 10 / RealOne Player $B$H(B Linux RealPlayerr (10.0.0 - 4) / Helix Player (10.0.0 - 4) $B$O(B 2 $B$N$_!#(B

$B!!99?7HG$,$"$k$N$G!"%"%C%W%G!<%H$"$k$$$O%"%C%W%0%l!<%I$9$l$P$h$$!#(B RealPlayer Enterprise $B$K$D$$$F$O$3$A$i(B: Security Patch Update For Realplayer Enterprise (real.com)

$B"#(B 2005.06.23

$B"#(B $BDI5-(B

OLE $B$*$h$S(B COM $B$N@H

$B!!(B$B%&%$%k%9%P%9%?!<(B2005$B$N%$%s%9%H!<%k8e!"(I"(BGeneric host Process for win32 services(I#$B%(%i!<$,H/@8$9$k(B ($B%H%l%s%I%^%$%/%m(B, 2005.06.22)$B!#(B

$B"#(B $B%&%'%V%5%$%H$N%;%-%e%j%F%#BP:v$N:F3NG'$r(B $B!A@H
(IPA, 2005.06.23)

$B!!=PNO;~$NL5322=$O(B?

$B"#(B 2005.06.22

$B"#(B Security bug in 0.0.9.x Tor servers
(announce, 2005.06.16)

$B!!(BTor 0.0.9.x $B$K7g4Y!#(B $B967b0.1.0.10 $B$*$h$S(B 0.0.9.10 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B Multiple Browsers Dialog Origin Vulnerability Test
(Secunia, 2005.06.21)

$B!!(BInternet Explorer (for Windows / Mac), Mozilla, Firefox, Camino, Opera, Safari, iCab $B$K7g4Y!#0-0U$"$k(B web $B%5%$%H$K@_CV$5$l$?%j%s%/$r$?$I$C$F@5Ev$J%5%$%H$r%"%/%;%9$9$k>l9g$K!"0-0U$"$k(B web $B%5%$%H$+$iI=<($5$l$?(B JavaScript $B%@%$%"%m%0$O!"$=$l$,$I$3$+$iMh$?$N$+$r6hJL$9$k$?$a$NI=<($,$J$5$l$J$$$?$a!"@5Ev$J%5%$%H$+$iI=<($5$l$?$+$N$h$&$K8+$($F$7$^$&!#(B $B%G%b(B$B$,MQ0U$5$l$F$$$k$N$G3F<+;n$5$l$?$$!#(B

$B!!(BJavaScript $B$rL58z$K$9$l$P2sHr$G$-$k!#$^$?(B Opera $B$K$D$$$F$O(B 8.01 $B$GBP1~$5$l$F$$$k$=$&$@!#(B

$B!!4XO"(B: Microsoft Security Advisory (902333): Browser Windows Without Indications of Their Origins may be Used in Phishing Attempts (Microsoft)

2005.06.27 $BDI5-(B:

$B!!(B$B (slashdot.jp) $B$K$h$k$H!"(BKonqueror $B$N>l9g$O!"$I$3$+$iI=<($5$l$?$N$+$,$A$c$s$H$o$+$k$h$&$G$9!#(B

$B!!(BMicrosoft Security Advisory $B$NF|K\8lHG=P$^$7$?(B: $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (902333): $B85$N>l=j$,I=<($5$l$J$$%V%i%&%6(B $B%&%#%s%I%&$,%U%#%C%7%s%0:>5=$KMxMQ$5$l$k2DG=@-$K$D$$$F(B (Microsoft)$B!#(B

$B"#(B [SECURITY] Fedora Core 3 Update: ruby-1.8.2-1.fc3.3
(fedora-announce-list, Wed, 22 Jun 2005 02:03:57 +0900)

$B!!(Bruby 1.8.2 $B$N(B lib/xmlrpc/utils.rb $B$K7g4Y!#(BXMLRPC $B%5!<%P>e$GG$0U$N%3%^%s%I$NCAN-2005-1992

$B!!(Bruby-1.8.2-1.fc3.3 $B$K4^$^$l$F$$$k$N$O$3$s$J(B patch: 

diff -ruN ruby-1.8.2.orig/lib/xmlrpc/utils.rb ruby-1.8.2/lib/xmlrpc/utils.rb
--- ruby-1.8.2.orig/lib/xmlrpc/utils.rb 2003-08-15 02:20:14.000000000 +0900
+++ ruby-1.8.2/lib/xmlrpc/utils.rb      2005-06-21 17:28:32.000000000 +0900
@@ -138,7 +138,7 @@
 
     def get_methods(obj, delim=".")
       prefix = @prefix + delim
-      obj.class.public_instance_methods.collect { |name|
+      obj.class.public_instance_methods(false).collect { |name|
         [prefix + name, obj.method(name).to_proc, nil, nil] 
       }
     end

$B"#(B $BDI5-(B

Netscape 8$B$r%$%s%9%H!<%k$9$k$H(BIE$B$N(BXML$B5!G=$K0[>o(B

$B!!(BNetscape 8.02 $B$G=$@5$5$l$?$=$&$G$9(B: IE$B$K0[>o$r$b$?$i$7$?!H(BNetscape 8$BLdBj!I$r=$@5!"!V(BNetscape 8.02$B!W8x3+(B (Internet Watch, 2005.06.20)

$B"#(B 2005.06.21

$B"#(B $B%9%F%C%W(B $B%P%$(B $B%9%F%C%W$NBPOC7?%H%l!<%K%s%0$N@H
(Microsoft, 2005.06.15)

$B!!(BWindows 98 / 98 SE / Me / 2000 / XP / Server 2003 $B$K7g4Y!#(B $B%9%F%C%W%P%$%9%F%C%W(B $B%$%s%?%i%/%F%#%V(B $B%H%l!<%K%s%0$K(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B .cbo $B%U%!%$%k$rDL$8$FG$0U$N%3!<%I$r

$B!!(BWindows 2000 / XP / Server 2003 $B$K$O(B patch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B $B$^$?(B .cbo $B%U%!%$%k$X$N4XO"$E$1$r:o=|$9$k$3$H$K$h$j2sHr$G$-$k!#(B

$B!!$3$N=$@5%W%m%0%i%`$NI,MW@-$O(B MBSA $B$G$O8!=P$G$-$J$$!#(B Enterprise Update Scan Tool $B$G$"$l$P8!=P$G$-$k$=$&$@!#(B

$B"#(B Outlook Express $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (897715) (MS05-030)
(Microsoft, 2005.06.15)

$B!!(BOutlook Express 5.5 SP2 / 6.0 SP1 / 6.0 (Windows Server 2003) $B$K7g4Y!#(B NNTP $B%W%m%H%3%k$N=hM}$K$*$$$F!"(BLIST $B%3%^%s%I$X$N(B reply $B$,D9Bg$@$C$?>l9g$K(B buffer overflow $B$,H/@8!"G$0U$N%3!<%I$r

$B!!(BWindows 2000 / XP / Server 2003 $B$K$O(B patch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$^$?(B news:// URI $B%O%s%I%i$rL58z2=$9$k$3$H$K$h$C$F2sHr$G$-$k!#(B

2005.06.27 $BDI5-(B:

$B!!(Bexploit $B$i$7$-$b$N$,8x3+$5$l$F$$$^$9(B: Microsoft Outlook Express NNTP Buffer Overflow Exploit (MS05-030) (frsirt.com)

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B Sudo version 1.6.8p9 now available, fixes security issue.
(Mon, 20 Jun 2005 23:24:43 +0900)

$B!!(Bsudo 1.3.1$B!A(B1.6.8p8 $B$K7g4Y!#6%9g>uBV$,H/@8$9$k$?$a!"(B

$B"#(B 2005.06.20

$B"#(B $BDI5-(B

XML $B30It%(%s%F%#%F%#$K4X$9$k%;%-%e%j%F%#>pJs!J(BAdobe Reader/Acrobat 7.0-7.0.1$B!K(B

$B!!(B[NEWS] Adobe Reader 7 XML External Entity (XXE) Attack (SecuriTeam)

$B"#(B 2005.06.18

$B"#(B Exchange Server 5.5 $B$N(B Outlook Web Access $B$N@H
(Microsoft, 2005.06.15)

$B!!(BExchange Server 5.5 SP4 $B$K7g4Y!#(BOutlook Web Access $B$K(B XSS $B7g4Y$,$"$k!#(B Exchange Server 2000 / 2003 $B$K$O$3$N7g4Y$O$J$$!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B WebClient $B%5!<%S%9$N@H
(Microsoft, 2005.06.15)

$B!!(BWindows XP SP1 / Server 2003 gold $B$K7g4Y!#(B WebClient $B%5!<%S%9$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$NG'>Z%f!<%6$,(B LocalService $B8"8B$rCAN-2005-1207

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B $B$^$?(B Windows XP SP2 / Server 2003 SP1 $B$K$O$3$N7g4Y$O$J$$!#(B

$B"#(B $B%5!<%P!<(B $B%a%C%;!<%8(B $B%V%m%C%/$N@H
(Microsoft, 2005.06.15)

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#(B SMB $BCAN-2005-1206

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B $BDI5-(B

$BJ#?t$N(BWeb$B%V%i%&%6$K%;%-%e%j%F%#!&%[!<%k!$2hA|%G!<%?$N

$B!!(BNISCC-891011: $BJ#?t$N%&%'%V%V%i%&%6$KB8:_$9$k2hA|%G!<%?$N=hM}$K4X$9$k@H (JVN)

$B"#(B 2005.06.17

$B"#(B HTML $B%X%k%W$N@H
(Microsoft, 2005.06.15)

$B!!(BWindows 98 / 98 SE / Me / 2000 / XP / Server 2003 $B$K7g4Y!#(B HTML $B%X%k%W%U%!%$%k(B (.CHM) $B$N=hM}$K$*$$$F(B buffer overflow $B$9$k7g4Y$,$"$j!"(B $B96N,(B HTML $B%X%k%W%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(Bpatch $B$rE,MQ$9$k$H!"0J2<$NE@$bJQ99$K$J$k(B:

2005.08.14 $BDI5-(B:

$B!!I{:nMQ>pJs(B: 905215 - $B%;%-%e%j%F%#99?7%W%m%0%i%`(B 896358 $B$N%$%s%9%H!<%k8e!"(BHTML $B%X%k%W(B ActiveX $B%3%s%H%m!<%k$N%Q%i%a!<%?$G(B URL $B%9%-!<%`$r;HMQ$9$k$H$-$K!"0lIt$N(B URL $B%9%-!<%`$,L5;k$5$l$k(B (Microsoft)

$B"#(B InterScan VirusWall for UNIX 3.8 Linux$BHG(B Security Patch Readme ($B%S%k%I(B3065 issmtpd,isftpd,ishttpd$B%b%8%e!<%k(B)
($B%H%l%s%I%^%$%/%m(B, 2005.05.25)

$B!!(BInterScan VirusWall for UNIX 3.8 / 3.81 / 3.8 CVP $B%(%G%#%7%g%s$N7g4Y$r=$@5$9$k(B patch $B$,EP>l$7$F$$$k!#(B

$BK\(BPatch$B$rE,MQ$9$k$3$H$K$h$j!"0l;~%U%!%$%k$r:n@.$9$k%G%#%l%/%H%j(B (/tmp) $B$N$"$k%G%#%9%/$N6u$-MFNL$,5vMFNL$KC#$7$?>l9g$K!"$^$l$K%&%$%k%98!:w$,

$B!!$$$^$$$AF|K\8l$K$J$C$F$J$$5$$,$9$k$,!"$^$"!"$=$&$$$&$3$H$J$s$@$m$&!#(B patch $B$O(B solution 6609 $B$+$iF~l$7$F$$$k$N$@$,!"@=IJ(B Q&A $B$,$$$^$@$KEP>l$7$F$$$J$$$N$O$J$s$G$@$m$&!#(B

$B!!$^$C$A$c$@$$$U$/$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B ANNOUNCE: razor-agents 2.70
(razor-users, 2005.06.15)

$B!!(Brazor-agents 2.70 $B$K$*$$$F!"(B $B$U$D$&$G$J$$(B HTML $B%a%C%;!<%8$N=hM}$K$*$$$F(B crash $B$9$k7g4Y!"(B $BL58B%k!<%W$K4Y$$$k7g4Y$J$I$,=$@5$5$l$F$$$k$=$&$J!#(B $B:G?7$O(B 2.72$B!#(B

$B"#(B $BDI5-(B

TCP/IP $B$N@H

$B!!2~D{HG(B patch $B$rE,MQ$9$k$H!"(BISS $B@=IJ$N0lIt$,F0:n$rDd;_$7$F$7$^$&$=$&$G(B:

$B!!(BISS $B@=IJMQ$N(B patch $B$,=P$F$$$k$N$G!"3:Ev

$B"#(B $BJ#?t$N(BWeb$B%V%i%&%6$K%;%-%e%j%F%#!&%[!<%k!$2hA|%G!<%?$N
($BF|7P(B IT Pro, 2005.06.15)

$B!!$3$NOC(B:

$B!!(BGIF87a (GIF)$B!"(BMicrosoft icon resource (ICO)$B!"(B WAP-Forum Wireless bitmap (WBMP)$B!"(BX Consortium X Bitmap (XBM) $B$K$D$$$F!"(Bbuffer overflow $B$d(B Format $B%P%0Ey$N>u67$r%A%'%C%/$7$?LOMM!#(B

$B!!F|7P(B IT Pro $B5-;v$K$b$"$k$h$&$K!"%Y%s%@>pJs$K$O!":#$N$H$3$m(B MSIE $B$NOC$7$+=q$+$l$F$$$J$$!#$3$l$O(B MS05-025 $B$N!V2u$l$?(B GIF $B%U%!%$%k$d(B BMP $B%U%!%$%k$J$I$K$h$C$F(B IE $B$,%/%i%C%7%e$9$k$N$rKI$0$?$a$K!"2hA|%U%!%$%k$r$h$j$-$A$s$H8!>Z$9$k$h$&$K$J!W$k$H$+!V(BXBM $B2hA|$N=hM}$,9T$o$l$J$/$J$k!W$N$3$H$@$H;W$o$l!#(B

$B!!(BJVN $B$K2?$+=P$F$$$=$&$J$b$N$J$N$K!"2?$b=P$F$$$J$$$7!D!D!#(B

2005.06.18 $BDI5-(B:

$B!!(BNISCC-891011: $BJ#?t$N%&%'%V%V%i%&%6$KB8:_$9$k2hA|%G!<%?$N=hM}$K4X$9$k@H (JVN)

$B"#(B Several cross site scripting (XSS) vulnerabilties have been discovered in SquirrelMail versions 1.4.0 - 1.4.4
(SquirrelMail, 2005.06.15)

$B!!(BSquirrelMail 1.4.0$B!A(B1.4.4 $B$K7g4Y!#J#?t$N(B XSS $B7g4Y$,B8:_$9$k!#(B$BBP1~(B patch $B$,8x3+$5$l$F$$$k!#(BSquirrelMail 1.4.5 ($B8=:_(B RC1) $B$G=$@5$5$l$k!#(B

$B!!$J$*!"(BSquirrelMail 1.2 $B7ONs$O$b$O$d0];}$5$l$F$*$i$:!"(B1.4.4 + patch $B$X$N%"%C%W%0%l!<%I$,?d>)$5$l$F$$$k!#(B

2005.07.14 $BDI5-(B:

$B!!(BCVE: CAN-2005-1769

$B"#(B Denial of Service Vulnerability in Apache SpamAssassin 3.0.1-3.0.3
(spamassassin-announce ML, Wed, 15 Jun 2005 20:00:46 GMT)

$B!!(BSpamAssassin 3.0.1$B!A(B3.0.3 $B$K7g4Y!#FCDj$ND9Bg$J%X%C%@$K$h$j=hM};~4V$,BgI}$KA}2C!"(BDoS $B>uBV$H$J$k!#(BSpamAssassin 3.0.4 $B$G=$@5$5$l$F$$$k!#(BCVE: CAN-2005-1266

$B"#(B 2005.06.16

$B"#(B Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (883939) (MS05-025)
(Microsoft, 2005.06.15)

$B!!(BIE 5.01 SP[34] / 5.5 SP2 / 6 SP[12] $B$K?7$?$J(B 2 $B$D$N7g4Y!#(B

$B!!=$@5%W%m%0%i%`$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!(BMS05-025 $B=$@5%W%m%0%i%`$rE,MQ$9$k$H!"0J2<$N;EMMJQ99$b9T$o$l$k$=$&$@(B:

$B!!=$@5%W%m%0%i%`$K$O!">e5-%;%-%e%j%F%#7g4Y$N=$@5$NB>$K!"Hs%;%-%e%j%F%#$J(B IE $B$N=$@5$b4^$^$l$F$$$k!#(B $BHs%;%-%e%j%F%#$J=$@5$bE,MQ$7$?$$>l9g$O!"=$@5%W%m%0%i%`$rE,MQ$9$kA0$K(B KB 897225 $B$N=hCV$rKB 883939 $B$K5-:\$5$l$F$$$k!#(B

$B"#(B XML $B30It%(%s%F%#%F%#$K4X$9$k%;%-%e%j%F%#>pJs!J(BAdobe Reader/Acrobat 7.0-7.0.1$B!K(B
(Adobe, 2005.06.15)

$B!!(BWindows $BHG$*$h$S(B Mac OS $BHG$N(B Adobe Acrobat / Adobe Reader 7.0$B!A(B7.0.1 $B$K7g4Y!#(B JavaScript $B$K(B XML $B%9%/%j%W%H$,4^$^$l$F$$$k>l9g$K!"(Blocal file $B$,B8:_$9$k$+H]$+$rCN$k$3$H$,$G$-$k!#(B

$B!!(BAdobe Acrobat / Adobe Reader 7.0.2 $B$G=$@5$5$l$F$$$k!#(B $B8=;~E@$G$O(B Windows $BHG$N=$@5%b%8%e!<%k$7$+8x3+$5$l$F$$$J$$!#(B

$B!!(BAcrobat $B$N(B JavaScript $B$rL58z$K$9$k$3$H$K$h$j2sHr$G$-$k!#(B Mac OS $BHG$N(B Adobe Acrobat / Adobe Reader 7.0$B!A(B7.0.1 $BMxMQ

$B!!4XO"(B: Adobe Reader 7: XML External Entity (XXE) Attack$B!#(B

2005.06.20 $BDI5-(B:

$B!!(B[NEWS] Adobe Reader 7 XML External Entity (XXE) Attack (SecuriTeam)

2005.07.04 $BDI5-(B:

$B!!(BMac OS $BHG(B Acrobat 7.0.2 / Adobe Reader 7.0.2 $B%"%C%W%G!<%H$,EP>l!#(B XML $B30It%(%s%F%#%F%#$K4X$9$k%;%-%e%j%F%#>pJs!J(BAdobe Reader/Acrobat 7.0-7.0.1$B!K(B (Adobe) $B$b2~D{$5$l!"(BMac OS $BHG%"%C%W%G!<%H%U%!%$%k$X$N%j%s%/$,7G:\$5$l$F$$$k!#(B

$B"#(B Changelog for Opera 8.01 for Windows
(Opera, 2005.06.16)

$B!!(BOpera 8.01 $B$,EP>l$7$F$$$^$9!#B??t$N(B $B%;%-%e%j%F%#=$@5(B$B$,4^$^$l$F$$$^$9!#(B

$B!!(BMac OS X $BHG$b=P$F$^$9(B: Opera 8 delivers secure browsing to Macintosh (opera.com)

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2005.06.14)

$B!!(B$BJF(BAdobe$B$,8xI=$7$?!V(BPhotoshop CS$B!W1Q8lHG$J$I$N@H ($BAk$NEN(B, 6/15)$B!#1Q8lHG(B patch $B$rF|K\8lHG$K$bE,MQ$G$-$k$=$&$G$9!#(B

$B"#(B 2005.06.15

$B"#(B Java $BJ}LL(B
(CTC, 2005.06.15)

$B"#(B $BDI5-(B

TCP/IP $B$N@H

$B!!2~D{HG(B patch $B$,=P$F$$$^$9!#E,MQ$7$^$;$&!#(B

$B"#(B iDEFENSE Security Advisory 06.14.05: Multiple Vendor Telnet Client Information Disclosure Vulnerability
(iDEFENSE Labs, 2005.06.15)

$B!!B?$/$N%Y%s%@!<$N(B telnet $B%/%i%$%"%s%H$K7g4Y!#(B NEW-ENVIRON $B%3%^%s%I$N=hM}$K7g4Y$,$"$j!"%5!<%PB&$+$i(B NEW-ENVIRON $B%3%^%s%I$rAw$i$l$k$H!"%/%i%$%"%s%HB&$NG$0U$N4D6-JQ?t$rDLCN$7$F$7$^$&!#K\Mh$O(B TERM $B$J$IFCDj$N$b$N$K8B$k$Y$-!#(B iDEFENSE $B%"%I%P%$%6%j$G$O(B iframe $B$r;H$C$?f+$,>R2p$5$l$F$$$k!#(B CVE: CAN-2005-0488 CAN-2005-1205

$B!!(BiDEFENSE $B%"%I%P%$%6%j$G$O(B Microsoft (Windows)$B!"(BMIT Kerberos$B!"(BSun (Solaris)$B!"(BSUSE Linux $B$K$3$N7g4Y$,$"$k$H$7$F$$$k!#(B

$B"#(B $B%;%-%e%j%F%#99?7%W%m%0%i%`(B: 2005 $BG/(B 6 $B7n(B
(Microsoft, 2005.06.15)

$B!!?75,(B 10 + $B99?7(B 3 $B=P$F$^$9!#(BIE $B$N99?7$b$"$j$^$9$M!#(B $BHs%;%-%e%j%F%#$J(B IE $B$N99?7$b9T$$$?$$>l9g$O!"(BWindows Update / Microsoft Update $B$NA0$K!"(BKB 897225 $B$N=hCV$r

$B"#(B 2005.06.14

$B"#(B 2005.06.13

$B"#(B $B$$$m$$$m(B
(various)

2005.06.16 $BDI5-(B:

$B!!(B$BJF(BAdobe$B$,8xI=$7$?!V(BPhotoshop CS$B!W1Q8lHG$J$I$N@H ($BAk$NEN(B, 6/15)$B!#1Q8lHG(B patch $B$rF|K\8lHG$K$bE,MQ$G$-$k$=$&$G$9!#(B

$B"#(B $BDI5-(B

ASN.1 $B$N@H

$B!!(BASN.1 $B$N@HpJs(B (LAC, 2005.06.08)

$B"#(B 2005.06.12

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B
(Microsoft, 2005.06.10)

$B!!(B6 $B7n$N(B Windows Update $B$NF|(B (6/15) $B$K$O0J2<$N%;%-%e%j%F%#=$@5%W%m%0%i%`$,EP>l$9$kM=Dj$@$=$&$G!#(B

$B$@$=$&$G$9!#(BWindows $B$N(B 7 $B7o$NCf$K$O!V6[5^!W%l%Y%k$,4^$^$l$k$=$&$G$9!#(B

$B!!(BUpcoming Advisories (eEye) $B$O$I$N$/$i$$8:$j$^$9$+$M$(!D!D!#(B

$B"#(B 2005.06.11

$B"#(B $BDI5-(B

WinZip$B$KJ#?t$N@H

$B!!(BWinZip Local Buffer Overflow (Exploit)$B!#(B

$B=EMW(B: PowerChute Business Edition v6.x.x $B=$@5BP1~$N$40FFb(B

$B!!(B$B=EMW(B: PowerChute Business Edition v6.x.x $B=$@5BP1~$N$40FFb(B (APC) $B$,2~D{$5$l$F$$$^$9!#(B $B860x$O!"(BSun $B$N(B Java JDK/JRE $B$K4^$^$l$k!V0E9f2=%3%s%]!<%M%s%H$N0lIt4|8B@Z$l!W(B $B$G$O$J$/!"!V(BPowerChute Business Edition v6.x.x$B$N>ZL@=q$N4|8B@Z$l!W$@$=$&$G$9!#(B $B$^$?!"(B APC Security Advisory - Denial of Service Vulnerability with PowerChute Business Edition (apc.com) $B$OA4A34X78$J$$OC$G$7$?!#$9$$$^$;$s!#(Borz

$B!!F`NI$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2005.06.10

$B"#(B 2005.06.09

$B"#(B 2005.06.08

$B"#(B 2005.06.07

$B"#(B $BDI5-(B

ASN.1 $B$N@H

$B!!(BMicrosoft ASN.1 $B$N@0?tA`:n$K$*$1$kJ#?t$N@H (ISSKK) $B$,2~D{$5$l$F$$$^$9!#!VF1MM$NLdBj!W$,H/8+$5$l!"(BRBOT $B$NJQ

$BF1MM$NLdBj$KBP$9$k?7$7$$%(%/%9%W%m%$%H$,8x$K$J$C$F$*$j!"(BRBOT $B$NJQ

$B!!1Q8lHG(B: Microsoft ASN.1 Integer Manipulation Vulnerabilities (ISS)

$B!!!VF1MM$NLdBj!W$K$D$$$F$b(B MS04-007 patch $B$GBP1~$5$l$F$$$k$=$&$J$N$G!"F|:"$+$i(B Windows Update $B$7$F$$$k?M$K$O2?$N?4G[$b$"$j$^$;$s!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2005.06.06

$B"#(B Norton AntiVirus $B$N8m8!=P$K$D$$$F(B
(HoeHoe.com $B@WCO(B, 2005.06.05)

$B!!(BNorton AntiVirus $B$N!V(B2005/06/03 $B$NDj5A%U%!%$%k!W0J9_$G!"(B Lhaplus 1.51 ($B0JA0(B?) $B$K4^$^$l$k%U%!%$%k(B Setup.exe $B$H(B Uninst.exe $B$r%&%$%k%9$H$7$F8m8!=P$7$F$7$^$&!#(B $B

$B!!(BTrojan.Dropper $B$G$9$+!#(BSchezo $B;a$K$h$k$H!"!V%W%m%0%i%`Cf$G(B System.ParamStr $B$H$$$&%3%^%s%I%i%$%s$K;XDj$5$l$?%Q%i%a!<%?$r

$B!!(BSystem.ParamStr $B$r;H$o$J$$$h$&$K$9$k$3$H$G(B Lhaplus 1.51a $B$GBP1~$5$l$?$=$&$G!"(B$B$3$A$i(B$B$G(B Setup.exe $B$H(B Uninst.exe $BC1FH$G$bG[I[$7$F$$$k$,!"(BNorton $BB&$G$NBP1~$,K\Mh$"$k$Y$-;Q!#%7%^%s%F%C%/$K3NG'Cf$@$=$&$@!#(B $B:,0E0f$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!!D!D(B20050605.037 $B$GBP1~$5$l$?LOMM$G$9!#=BC+$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B=BC+$5$s$+$i(B:

$B$H$3$m$G!"(BHDDlife 1.0.14.msi $B$bF1$8M}M3$G8m8!=P$5$l$??M$O$o$?$7$@$1$G$7$g$&$+!)(B
($B$3$A$i$b(BSymantec$B$N(BIntelligentUpdater$B99?7$G2r>C:Q$_$N$b$h$&(B)

$B!!Ev3:$N4X?t$r;H$C$F$$$k%=%U%H$O8.JB%"%&%H$J$N$+$b$7$l$^$;$s$M!D!D!#(B

$B"#(B 2005.06.03

$B"#(B $BDI5-(B

$B=EMW(B: PowerChute Business Edition v6.x.x $B=$@5BP1~$N$40FFb(B

$B!!(BAPC$B ($B%f%K%7%9(B, 6/3)

$B"#(B 2005.06.02

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $BDI5-(B

*BSD, SCO OpenServer / UnixWare Hyper-Threading Considered Harmful

$B!!(B101739: Simultaneous Multi-Threading Processors May Leak Information (Sun)$B!#(BSun Solaris $B$G$N$*OC!#(BSolaris 10 $B$K$O(B Zones $B$J$s$F5!G=$,$"$k$N$G$9$+!#(B

Vulnerability Note VU#637934: TCP does not adequately validate segments before updating timestamp value

$B!!(BCVE: CAN-2005-0356$B!"(B BIG-IP TCP Timestamp Denial of Service $B$rDI2C!#(B

$B"#(B 2005.06.01

$B"#(B QuickTime 7.0.1: Security enhancements
(Apple, 2005.06.01)

$B!!(BQuickTime 7.0 $B$K7g4Y!#:Y9)$7$?(B Quartz Composer $B%*%V%8%'%/%H$K$h$j!"(Blocal data $B$r<}=8$7G$0U$N(B web $B%5%$%H$KAw$k$3$H$,2DG=!#(B

$B!!>\:Y(B: Quartz Composer / QuickTime 7 information leakage (remahl.se)$B!#%G%b%5%$%H$b8x3+$5$l$F$$$k!#(B CVE: CAN-2005-1334

$B!!(BQuickTime 7.0.1 $B$G=$@5$5$l$F$$$k!#(B $B%@%&%s%m!<%I(B$B!#(B

$B"#(B $BDI5-(B

[SA15486] BEA WebLogic Multiple Vulnerabilities

$B!!(B$B%;%-%e%j%F%#%"%I%P%$%6%j(B (beasys.co.jp) $B$KF|K\8lHG$,=P$F$$$^$9!#(Bvulcan $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B