$B%;%-%e%j%F%#%[!<%k(B memo - 2005.10

Last modified: Thu May 11 00:49:43 2006 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2005.10.31

$B"#(B Microsoft Collaboration Data Objects $B$N@H
(Microsoft, 2005.10.12)

$B!!(BWindows 2000 / XP / Server 2003$B!"(BExchange 2000 SP3 $B$K7g4Y!#(B COM $B%3%s%]!<%M%s%H(B Collaboration Data Objects $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$rCAN-2005-1987

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B Windows $B%7%'%k$N@H
(Microsoft, 2005.10.12)

$B!!(BWindows 2000 / XP / Server 2003 $B$K(B 3 $B$D$N7g4Y!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#4XO"(B:

$B"#(B Windows FTP $B%/%i%$%"%s%H$N@HAw>l=j$,2~$6$s$5$l$k(B (905495) (MS05-044)
(Microsoft, 2005.10.12)

$B!!(BWindows XP SP1 / Server 2003 gold$B!"$*$h$S(B IE 6 SP1 $B$K7g4Y!#(B Windows FTP $B%/%i%$%"%s%H$K7g4Y$,$"$j!"(BFTP $B%5!<%PFb$N96N,%U%!%$%kL>$N%U%!%$%k$rl=j(B ($BNc(B: $B%f!<%6$N%9%?!<%H%"%C%W%U%)%k%@(B) $B$K%U%!%$%k$rG[CV$5$;$i$l$F$7$^$&!#(B CVE: CAN-2005-2126

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B $B%M%C%H%o!<%/@\B3%^%M!<%8%c$N@H
(Microsoft, 2005.10.12)

$B!!(BWindows 2000 / XP (32bit $BHG$N$_(B) / Server 2003 (32bit $BHG$N$_(B) $B$K7g4Y!#(B netman.dll $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(BWindows 2000 / XP SP1 / Server 2003 gold $B$O(B remote $B$+$i!"(BWindows XP SP2 / Server 2003 SP1 $B$G$O(B local user $B$,(B DoS $B967b$rCAN-2005-2307

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B 2005.10.29

$B"#(B JVN#18282718: Hyper Estraier $B$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k(B/$B%5!<%S%9ITG=$N@H
(JVN, 2005.10.28)

$B!!(BHyper Estraier 1.0.1 $B0JA0$N(B Windows $BHG$K7g4Y!#(B $B%U%!%$%kL>J8;z%3!<%I$NJQ49(B (UTF16LE $B"*(B CP932) $B$KH<$C$F(B

$B$?$a$K!"(B

$B$7$F$7$^$&!D!D$C$F$3$H$G$$$$$N$+$J!#(BHyper Estraier 1.0.2 $B$G=$@5$5$l$F$$$k!#(B

$B!!4XO"(B:

$B"#(B 2005.10.28

$B"#(B 2005.10.27

$B"#(B SNS Advisory No.85: XOOPS Multiple Cross-site Scripting Vulnerabilities
(LAC SNS, 2005.10.25)

$B!!(BXOOPS 2.0.12 JP $B0JA0(B / 2.0.13.1 $B0JA0(B / 2.2.3 RC1 $B0JA0$K7g4Y!#(B $BJ#?t$N(B XSS $B7g4Y$,B8:_$7!"G$0U$N%9%/%j%W%H$rA^F~$G$-$F$7$^$&!#$3$l$rMxMQ$7$F!"%;%C%7%g%s%O%$%8%c%C%/$,2DG=!#(B $B8x<0%"%J%&%s%9(B : XOOPS 2.0.13a JP$B%j%j!<%9(B (xoopscube.jp) $B$K$h$k$H!"(B5 $B$D$N7g4Y$,$"$C$?LOMM!#(B

$B!!(BXOOPS 2.0.13 JP $B$G=$@5$5$l$F$$$k(B ($B:G?7$O(B XOOPS 2.0.13a JP)$B!#$^$?(B$B6aF|EP>lM=Dj$N(B XOOPS 2.0.13.2 $B$G=$@5$5$l$kM=Dj(B$B$@$=$&$@!#(B $B$J$*!"@hF|H/@8$7$?$i$7$$(B xoops.org $B%/%i%C%-%s%0;v7o(B$B$O!"(B$B$3$N7g4Y$H$O4X78$J$$(B$B$=$&$@!#(B

$B!!$3$N7g4Y$K4XO"$7$F!"(Bclass/module.textsanitizer.php $B$N%O%C%/HG$rMxMQ$7$F$$$k>l9g$K$O!"=$@5$5$l$?%O%C%/HG$NF3F~$,I,MW$H$J$k$=$&$@!#>\:Y$O(B XOOPS 2.0.13 JP$B$K4XO"$7$?@HpJs(B (10/26 12:30$B2CI.(B) (xoopscube.jp) $B$r;2>H!#(B

$B!!(BJVN: JVN#77105349

$B"#(B fetchmail-SA-2005-02: password exposure in fetchmailconf
(fetchmail, 2005.10.21)

$B!!(Bfetchmail 6.2.0, 6.2.5, 6.2.5.2 $B$KF1:-$5$l$F$$$k(B fetchmailconf 1.43$B!"(B $B$*$h$SC1FH$GG[I[$5$l$F$$$k(B fetchmailconf 1.43.1 $B$K7g4Y!#(B fetchmailconf $B$,(B .fetchmailrc $B$r=q$-=P$9:]$K!"(B $B:G=i$+$i(B 0600 $B$H$9$k$N$G$O$J$/!"(B $B$^$:(B umask $B$K=>$C$?%Q!<%_%C%7%g%s$G=q$-=P$7$F$7$^$$!"$=$N8e$K(B 0600 $B$KJQ99$9$k!#(B .fetchmailrc $B$K$O%Q%9%o!<%I$J$I$N%;%s%7%F%#%V>pJs$,4^$^$l$k$?$a!"$3$l$O$^$:$$!#(B

$B!!(Bfetchmailconf 1.43.2 (fetchmail-6.2.5.2 $BMQ(B) $B$*$h$S(B fetchmailconf 1.49 (fetchmail 6.2.9-rc6 $B$KF1:-(B) $B$G=$@5$5$l$F$$$k!#(B $B$^$?(B umask 077 $B$9$k$3$H$G2sHr$G$-$k!#(B

$B"#(B $B%k%/%;%s%V%k%/(BSkype$B!$4m81EY!V9b!W$N%;%-%e%j%F%#!&%[!<%k(B2$B7o$r=$@5(B
($BF|7P(B IT Pro, 2005.10.26)

$B!!(BSkype $B$K(B 2 $B

$B!!FC$K8e

$B"#(B 2005.10.26

$B"#(B $BDI5-(B

Snort Back Orifice preprocessor $B$N@H

$B!!(Bexploit $B$@$=$&$G$9(B: http://www.thc.org/exploits/THCsnortbo.c

$B"#(B 2005.10.25

$B"#(B DSA-870-1 sudo -- missing input sanitising
(debian.org, 2005.10.25)

$B!!(Bsudo 1.6.8p9 $B0JA0$K7g4Y!#(Bsudo $B$O!"(Bbash $B%9%/%j%W%H$K$*$$$F4m81$H$J$jF@$k4D6-JQ?t(B SHELLOPTS $B$*$h$S(B PS4 $B$r$=$N$^$^EO$7$F$7$^$&$?$a!"(Bsudo $B7PM3$G(B bash $B%9%/%j%W%H$rl9g$K!"(Blocal user $B$OG$0U$N%7%'%k%3%^%s%I$r>e>:$7$?8"8B(B ($B$?$$$F$$(B root) $B$Gl9g$K$N$_MxMQ2ACM$N$"$k7g4Y$J$N$@$1$I!#(B CVE: CVE-2005-2959

$B!!(Bpatch $B$K$D$$$F$O(B debian $B$N$b$N(B$B$r;2>H!#(B

2005.11.01 $BDI5-(B:

$B!!(Bsudo 1.6.8p10 $B$GBP1~$5$l$F$$$^$9!#:G?7$O(B sudo 1.6.8p11 $B$G$9!#(B

2005.12.19 $BDI5-(B:

$B!!(Bsudo 1.6.8p11 $B$G$O!":o=|$9$k4D6-JQ?t$N%j%9%H$K(B JAVA_TOOL_OPTIONS $B$,DI2C$5$l$?$N$G$7$?!#(B

$B!!(Bsudo $B$N:G?7$O(B sudo 1.6.8p12 $B$G$9!#:o=|$9$k4D6-JQ?t$N%j%9%H$K!"$5$i$K(B PERLLIB, PERL5LIB, PERL5OPT $B$,DI2C$5$l$F$$$^$9!#(B

$B"#(B 2005.10.24

$B"#(B 2005.10.23

$B"#(B Mac$BMQ$N(BSymantec$B@=IJ$K%m!<%+%k%f!<%6!<$N8"8B>:3J$r5v$9@H
(Internet Watch, 2005.10.20)

$B!!$3$NOC(B:

$B!!$$$:$l$K$D$$$F$b(B local user $B$,(B root $B8"8B$rC%

$B!!BP1~$9$k(B Symantec $B%"%I%P%$%6%j$NF|K\8lHG$b=P$F$$$k(B:

$B!!$$$:$l$K$D$$$F$b!"(BLiveUpdate $B7PM3$G99?7HG$rF~l9g$O(B 10.0.2 $B$G99?7$5$l$F$$$k$h$&$@!#(B

$B!!(BCVE: CAN-2005-2759

$B"#(B 2005.10.21

$B"#(B $BDI5-(B

MSDTC $B$*$h$S(B COM+ $B$N@H

$B!!(B907416 - Internet Explorer 6 Service Pack 1 $BMQ$N%;%-%e%j%F%#99?7%W%m%0%i%`(B MS05-052 $B$rE83+$9$k$?$a$N(B Systems Management Server $BE83+%Q%C%1!<%8(B (Microsoft)

2005 $BG/(B 10 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(B908921 - 2005 $BG/(B 10 $B7n(B 11 $BF|$N%;%-%e%j%F%#>pJs8x3+$K4X$9$k8!=P$HE83+$N (Microsoft)

$B"#(B 2005.10.20

$B"#(B $BDI5-(B

Snort Back Orifice preprocessor $B$N@H

$B!!(BSnort BO status update (SANS ISC, 2005.10.20) $B$K$h$k$H!"(B

When this vulnerability was announced yesterday, I was curious to see how difficult this would be to exploit due to the widespread nature of Snort. After doing a little research on the encryption method in Back Orifice, I was able to develop working exploit code in 2 hours. Bad news!!

$B$@$=$&$G!"MF0W$K96N,$G$-$F$7$^$&$h$&$G$9!#$J$*!"(B

I checked the 2.3.2 source tree today and it is not vulnerable.

$B$H$b=q$+$l$F$$$^$9!#(B

DirectShow $B$N@H

$B!!(BMS05-050 $B$,99?7$5$l!"$"$o$;$F(B KB909596 $B$,8x3+$5$l$F$$$^$9!#(B DirectX 8.0 $B$d(B DirectX 9.0 $B$,%$%s%9%H!<%k$5$l$?(B Windows 2000 $B$K$*$$$F(B "Microsoft Windows 2000 Service Pack 4 $B>e$N(B Microsoft DirectX 7.0" $B$r%$%s%9%H!<%k$9$k$H!"e$K!"2?$i$N7Y9p$bI=<($5$l$J$$$h$&$G$9!#(B $B%"%C%W%G!<%H$5$l$J$$$N$O;EMM$J5$$,$7$^$9$,!"7Y9p$,=P$J$$$N$O$J$"!#(B

$B!!@5>o$K%"%C%W%G!<%H$G$-$F$$$k$+H]$+$r3NG'$9$kJ}K!$H$7$F$O!"0J2<$,$"$k$h$&$G$9!#(B

  • MBSA 2.0 $B$r;H$&(B
  • dxdiag $B%3%^%s%I$r;H$C$F!"(BDirectX $B%P!<%8%g%s$H!"BP1~$9$k(B Quartz.dll $B$N%P!<%8%g%s$,(B KB909596 $B$K5-:\$5$l$F$$$kCM$H$J$C$F$$$k$+H]$+$r3NG'$9$k(B

$B!!%"%C%W%G!<%H$5$l$F$$$J$$>l9g$O!"(BWindows Upadte $B$7$^$7$g$&$H$5$l$F$$$^$9!#(B

$B"#(B 2005.10.19

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2005.10.19)

$B!!(B[Full-disclosure] PHP Safedir Restriction Bypass Vulnerabilities $B$K4X$7$F!"Bg3@$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

PHP$B$N(Bsafe_mode$B$d(Bopen_basedir$B@_Dj$K$h$k%U%!%$%k%"%/%;%9$N@)8B$,2sHr$5$l$k!"$H8@$&$N$OLdBj$G$O$J$/;EMM$G$9!#$3$l$O:#$^$G$K2?EY$b(BML$B$J$I$G;XE&$5$l$F$$$k$3$H$G$9$,(BFull-Disclosure$B$N$_$G$O$J$/(BBugTraq $B$K$b?7$7$$(BID$B$,:n$i$l$F$$$^$9(B...

Stefan$B$bJV?.$7$F$$$^$9$,(Bsafe_mode$B$O40A4$J%;%-%e%j%F%#$rDs6!$9$k5!G=$G$O$J$/!"%P%0$N$"$k%W%m%0%i%`$G$bHf3SE*0BA4$K
BugTraq$B$K(BID$B$,:\$;$i$l$?:"$K;d$N%V%m%0$G$b$3$N4V0c$$$K$D$$$F;XE&$7$F$$$^$9!#$3$N7o$O(BFAQ$B2=$7$F$$$^$9!#(B
http://blog.ohgaki.net/index.php/yohgaki/2005/10/06/a_fa_af_a_a_c_ya_a_oa_aooa
Xerox$B%W%j%s%?$KDI@W%3!<%I!=!=(BEFF$B$,7Y9p(B

$B!!(BList of Printers Which Do or Don't Print Tracking Dots (EFF)$B!#(B"yes" $B$O0u$D$-$_$?$$!#(B

Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (896688) (MS05-052)

$B!!(BWindows$B%;%-%e%j%F%#%Q%C%A(B(MS05-052)$BE,MQ4D6-$K$*$1$k(BCommuniNet Object Server$B$N>c32(B($BBh(B1$BJs(B) ($BF|N)(B, 2005.10.18)$B!#(B CommuniNet Object Server $B$X$N@\B3$K$*$$$F>c32$,H/@8$9$kLOMM!#(B CommuniNet Object Server 02-06 $B$X$N%"%C%W%G!<%H!"$b$7$/$O(B CommuniNet Object Server $B%5%$%H$r!V?.Mj:Q$_%5%$%H!W%>!<%s$KDI2C$9$k$3$H$K$h$j2sHr2DG=$@$=$&$G!#(B

$B"#(B $BAj!$D$?$a$K(B
($BF|7P(B BP, 2005.10.14)

$B!!5~Bg$N9bAR@h@8$K$h$k!"$3$N$4$m$N967b798~$N$*$O$J$7!#(B $B$?$$$X$s6=L#?<$$$G$9!#(B

$B"#(B Oracle Critical Patch Update - October 2005
(Oracle, 2005.10.18)

$B!!(BOracle $B$N(B 2005.10 $BHG(B patch $B=P$^$7$?!#Nc$K$h$C$F$b$j$@$/$5$s$G$9!#(B

$B!!$J$*!"(BOpinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers $B$N7o$,:#2s$I$&$J$C$F$$$k$N$+$K$D$$$F$O$h$/$o$+$j$^$;$s!#(B

2005.12.21 $BDI5-(B:

$B!!(BOracle Critical Patch Update - October 2005 (Oracle) $B$,2~D{$5$l$F(B Rev 2 $B$K$J$C$F$$$k$h$&$G$9!#(B

* Added Database version 10.2.0.1 to Affected Products section and the DB and EM risk matrices.
* Moved Oracle Workflow to Category I and clarified version numbers.
* Added Workflow issues to the Database and Application Server Risk Matrices.
* Removed references to PeopleSoft Enterprise Tools, version 8.1.

$B"#(B Snort Back Orifice preprocessor $B$N@H
(JPCERT/CC, 2005.10.19)

$B!!(Bsnort 2.4.0$B!A(B2.4.2 $B$K7g4Y!#(BBack Orifice preprocessor $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$r

$B!!(Bsnort 2.4.3 $B$G=$@5$5$l$F$$$k!#$^$?(B Back Orifice preprocessor $B$rL58z$K$9$k(B (preprocessor bo $B$r;XDj$7$J$$(B) $B$3$H$K$h$C$F7g4Y$r2sHr$G$-$k!#(B

$B!!4XO"(B:

2005.10.20 $BDI5-(B:

$B!!(BSnort BO status update (SANS ISC, 2005.10.20) $B$K$h$k$H!"(B

When this vulnerability was announced yesterday, I was curious to see how difficult this would be to exploit due to the widespread nature of Snort. After doing a little research on the encryption method in Back Orifice, I was able to develop working exploit code in 2 hours. Bad news!!

$B$@$=$&$G!"MF0W$K96N,$G$-$F$7$^$&$h$&$G$9!#$J$*!"(B

I checked the 2.3.2 source tree today and it is not vulnerable.

$B$H$b=q$+$l$F$$$^$9!#(B

2005.10.26 $BDI5-(B:

$B!!(Bexploit $B$@$=$&$G$9(B: http://www.thc.org/exploits/THCsnortbo.c

$B"#(B $B$$$m$$$m(B (2005.10.19)
(various)

2005.10.19 $BDI5-(B:

$B!!(B[Full-disclosure] PHP Safedir Restriction Bypass Vulnerabilities $B$K4X$7$F!"Bg3@$5$s$+$i(B ($B$"$j$,$H$&$4$6$$$^$9(B):

PHP$B$N(Bsafe_mode$B$d(Bopen_basedir$B@_Dj$K$h$k%U%!%$%k%"%/%;%9$N@)8B$,2sHr$5$l$k!"$H8@$&$N$OLdBj$G$O$J$/;EMM$G$9!#$3$l$O:#$^$G$K2?EY$b(BML$B$J$I$G;XE&$5$l$F$$$k$3$H$G$9$,(BFull-Disclosure$B$N$_$G$O$J$/(BBugTraq $B$K$b?7$7$$(BID$B$,:n$i$l$F$$$^$9(B...

Stefan$B$bJV?.$7$F$$$^$9$,(Bsafe_mode$B$O40A4$J%;%-%e%j%F%#$rDs6!$9$k5!G=$G$O$J$/!"%P%0$N$"$k%W%m%0%i%`$G$bHf3SE*0BA4$K
BugTraq$B$K(BID$B$,:\$;$i$l$?:"$K;d$N%V%m%0$G$b$3$N4V0c$$$K$D$$$F;XE&$7$F$$$^$9!#$3$N7o$O(BFAQ$B2=$7$F$$$^$9!#(B
http://blog.ohgaki.net/index.php/yohgaki/2005/10/06/a_fa_af_a_a_c_ya_a_oa_aooa

$B"#(B 2005.10.18

$B"#(B $B!Z=EMW![HkJ8%7%j!<%:(B: Norton AntiVirus 2006$B$r$O$8$a$H$9$k%7%^%s%F%C%/
($BF|N)%=%U%H(B, 2005.10.18)

$B!!(BNorton 2006 $B$HHkJ8%7%j!<%:$H$NAj@-$,$h$/$J$$$h$&$G$9!#(B $B0JA0$b!"(BSAVCE $B$HAj@-$,$h$/$J$$$H$$$&OC$,$"$j$^$7$?$M$(!#(B

2005.11.02 $BDI5-(B:

$B!!%7%^%s%F%C%/$+$i2sHr:v$,8x3+$5$l$?$h$&$G$9!#(B

$B"#(B Xerox$B%W%j%s%?$KDI@W%3!<%I!=!=(BEFF$B$,7Y9p(B
(ITmedia, 2005.10.18)

$B!!(BDocuColor Tracking Dot Decoding Guide (EFF) $B$NOC!#B>

2005.10.19 $BDI5-(B:

$B!!(BList of Printers Which Do or Don't Print Tracking Dots (EFF)$B!#(B"yes" $B$O0u$D$-$_$?$$!#(B

$B"#(B 2005.10.17

$B"#(B $BDI5-(B

MSDTC $B$*$h$S(B COM+ $B$N@H

$B!!(B%windir%\registration $B%G%#%l%/%H%j$N(B ACL $B$r%G%U%)%k%HCM$H$O0[$J$kCM$H$7$F$$$?>l9g$K!"(BMS05-051 patch $B$rE,MQ$9$k$H$5$^$6$^$J>c32$,H/@8$9$kLOMM(B:

$B!!%G%U%)%k%HCM$N$^$^$N?M$K$OLdBj$O$J$$!#(B

$B!!(Be:%windir%\registration $B$J$s$F$$$8$C$?$3$H$J$$$J$!(B (slashdot.jp) $B$h$j(B:

$B;W$$$C$-$j$3$N8=>]$KAx6x$7$^$7$?!#(B ($BCfN,(B) $B860x$r:n$C$?$N$O$*$=$i$/(BCHKDSK$B$K$h$k(BNTFS$B%U%!%$%k%7%9%F%`=$I|$G$9!#(B $B$+$D$F2?2s$+(BPC$B$N(BHDD$B$ND4;R$,0-$/$J$j6/@)(BCHKDSK$B$G!"(B Replacing missing or invalid security descriptor for file xxx Replacing missing or invalid security descriptor for file xxx .... $B$J$s$F%a%C%;!<%8$,2?@i9T!A?tK|9T$b=P$F%G%#%9%/$N%"%/%;%98"$,$`$A$c$/$A$c$K$J$C$?$3$H$,$"$j$^$7$?!#7rA4$J>uBV$N(BXP$B%^%7%s$H8+Hf$Y$J$,$i<+NO$G%Q!<%_%7%g%s$rD>$7$^$/$C$?$N$G$9$,!"(B%windir%\registration $B$J$s$F$H$3$m$K$O4c$,FO$+$:!"(B Administrators & SYSTEM $B$H$b$K0l@Z%"%/%;%98"$J$7$N>uBV$N$^$^$K$J$C$F$^$7$?!#(B

$B!!$=$&$$$&$H$-$O(B secedit.exe $B$H$+!V(B$B%;%-%e%j%F%#$N9=@.$HJ,@O(B$B!W$H$+$r;H$C$F:F@_Dj$9$k$N$,5H$J$N$G$9$,!"(BWindows XP Home $B$K$O!V%;%-%e%j%F%#$N9=@.$HJ,@O!W$b(B secedit.exe $B$b4^$^$l$J$$$h$&$G$9$M!D!D(B orz$B!#(B

$B%W%i%0(B $B%"%s%I(B $B%W%l%$$N@H:3J$,9T$J$o$l$k(B (905749) (MS05-047)

$B!!(BWindows update$B$7$?$H$-$K>e$2$k%9%l(B 22: 271-272 (2ch.net) $B$r8+$k$H!"(BMS05-047 patch (KB905749) $B$K$h$C$F(B

$B$&$_$e!A:F5/F0$7$?$iL5@~(BLAN$B%"%@%W%?$,G'<1$5$l$J$/$J$C$F$7$^$C$?!#(B $B%G%P%$%9%^%M!<%8%c!<$rI=<($5$;$k$H??$CGr$K$J$C$F$7$^$C$F3NG'$G$-$J$/$J$C$F$k$7!#(B

$B$H$$$C$?IT6q9g$,H/@8$9$k;vNc$,J#?tB8:_$9$k$h$&$@!#(B $B;d$N

$B"#(B 2005.10.16

$B"#(B SYM05-018: VERITAS NetBackup: Java User-Interface, format string vulnerability
(Symantec, 2005.10.12)

$B!!(BVERITAS NetBackup DataCenter and BusinesServer 4.5MP ($BHs(B Windows $B$N$_(B) / 4.5FP / 5.0 / 5.1 / 6.0 $B$K7g4Y!#(B $B%/%i%$%"%s%H$H%5!<%P$GF0:n$9$k(B bpjava-msvc (Java user-interface authentication service) $B$K(B format $B%P%0$,$"$j!"(B remote $B$+$iG$0U$N%3!<%I$r

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#4XO"(B:

$B"#(B 2005.10.15

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B $B%"%s%A%&%$%k%94X78$$$m$$$m(B
(various)

$B"#(B $B%W%i%0(B $B%"%s%I(B $B%W%l%$$N@H:3J$,9T$J$o$l$k(B (905749) (MS05-047)
(Microsoft, 2005.10.12)

$B!!(BWindows 2000 / XP (32bit $BHG$N$_(B) $B$K7g4Y!#(B Plug and Play (PnP) (umpnpmgr.dll) $B$K7g4Y$,$"$j!"(B

$B"#(B NetWare $BMQ%/%i%$%"%s%H(B $B%5!<%S%9$N@H
(Microsoft, 2005.10.12)

$B!!(BWindows 2000 / XP (32bit $BHG$N$_(B) / Server 2003 (32bit $BHG$N$_(B) $B$K7g4Y!#(BNetWare $BMQ%/%i%$%"%s%H(B $B%5!<%S%9(B (Client Service for NetWare, CSNW$B!#(B Windows 2000 Server $B$G$O(B Gateway Service for NetWare $B$H8F$P$l$F$$$k(B) $B$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$rCAN-2005-1985

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (896688) (MS05-052)
(Microsoft, 2005.10.12)

$B!!(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (906267) COM $B%*%V%8%'%/%H(B (Msdds.dll) $B$K$h$j(B Internet Explorer $B$,M=4|$J$/=*N;$9$k2DG=@-$,$"$k(B $B$N=$@5!#$H$$$&$+!"(BMS05-052 patch $B$b(B kill bit $B$r@_Dj$9$k$@$1$N$h$&$G$9!#(B kill bit $B$r@_Dj$9$k$N$O!"(Bmsdds.dll $B$@$1$G$J$/!"0J2<$KBP$7$F$@$=$&$G$9!#(B 

$B%/%i%9<1JL;R(B                         COM $B%*%V%8%'%/%H(B
------------------------------------------------------
BC5F1E51-5110-11D1-AFF5-006097C9A284 Blnmgrps.dll
F27CE930-4CA3-11D1-AFF2-006097C9A284 Blnmgrps.dll
3BC4F3A7-652A-11D1-B4D4-00C04FC2DB8D Ciodm.dll
ECABAFC2-7F19-11D2-978E-0000F8757E2A Comsvcs.dll
283807B8-2C60-11D0-A31D-00AA00B92C03 Danim.dll
250770F3-6AF2-11CF-A915-008029E31FCD Htmlmarq.ocx
D24D4453-1F01-11D1-8E63-006097D2DF48 Mdt2dd.dll
03CB9467-FD9D-42A8-82F9-8615B4223E6E Mdt2qd.dll
598EBA02-B49A-11D2-A1C1-00609778EA66 Mpg4ds32.ax
8FE7E181-BB96-11D2-A1CB-00609778EA66 Msadds32.ax
4CFB5280-800B-4367-848F-5A13EBF27F1D Msb1esen.dll
B3E0E785-BD78-4366-9560-B7DABE2723BE Msb1fren.dll
208DD6A3-E12B-4755-9607-2E39EF84CFC5 Msb1geen.dll
EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F Msdds.dll
4FAAB301-CEF6-477C-9F58-F601039E9B78 Msdds.dll
6CBE0382-A879-4D2A-8EC3-1F2A43611BA8 Msdds.dll
F117831B-C052-11D1-B1C0-00C04FC2F3EF Msdtctm.dll
3050F667-98B5-11CF-BB82-00AA00BDCE0B Mshtml.dll
1AA06BA1-0E88-11D1-8391-00C04FBD7C09 Msoeacct.dll
F28D867A-DDB1-11D3-B8E8-00A0C981AEEB Msosvfbr.dll
6B7F1602-D44C-11D0-A7D9-AE3D17000000 Mswcrun.dll
7007ACCF-3202-11D1-AAD2-00805FC1270E Netshell.dll
992CFFA0-F557-101A-88EC-00DD010CCC48 Netshell.dll
00020420-0000-0000-C000-000000000046 Ole2disp.dll
0006F02A-0000-0000-C000-000000000046 Outllib.dll
ABBA001B-3075-11D6-88A4-00B0D0200F88 Psisdecd.dll
CE292861-FC88-11D0-9E69-00C04FD7C15B Qdvd.dll
6E227101-F799-11CF-9227-00AA00A1EB95 Repodbc.dll
7057E952-BD1B-11D1-8919-00C04FC2C836 Shdocvw.dll
7007ACC7-3202-11D1-AAD2-00805FC1270E Shell32.dll
4622AD11-FF23-11D0-8D34-00A0C90F2719 Shell32.dll
98CB4060-D3E7-42A1-8D65-949D34EBFE14 Soa.dll
47C6C527-6204-4F91-849D-66E234DEE015 Srchui.dll
35CEC8A3-2BE6-11D2-8773-92E220524153 Stobject.dll
730F6CDC-2C86-11D2-8773-92E220524153 Stobject.dll
2C10A98F-D64F-43B4-BED6-DD0E1BF2074C Vdt70.dll
6F9F3481-84DD-4B14-B09C-6B4288ECCDE8 Vdt70.dll
8E26BFC1-AFD6-11CF-BFFC-00AA003CFDFC Vmhelper.dll
F0975AFE-5C7F-11D2-8B74-00104B2AFB41 Wbemads.dll

$B!!

$B0lHL$K8x3+$5$l$?Js9p(B (CAN-2005-2127) $B$HN`;w$7$?F0:n$r<($9$=$N$[$+$N(B CLSID $B$K4X$7$FJs9p$7$F$/$@$5$C$?(B CERT/CC $B$N(B Will Dormann $B;a!#(B
$B0lHL$K8x3+$5$l$?Js9p(B (CAN-2005-2127) $B$HN`;w$7$?F0:n$r<($9$=$N$[$+$N(B CLSID $B$K4X$7$FJs9p$7$F$/$@$5$C$?(B French Security Incident Response Team (FrSIRT)
$B0lHL$K8x3+$5$l$?Js9p(B (CAN-2005-2127) $B$HN`;w$7$?F0:n$r<($9$=$N$[$+$N(B CLSID $B$K4X$7$FJs9p$7$F$/$@$5$C$?(B MCI $B$N(B Parvez Anwar $B;a!#(B
$B0lHL$K8x3+$5$l$?Js9p(B (CAN-2005-2127) $B$HN`;w$7$?F0:n$r<($9$=$N$[$+$N(B CLSID $B$K4X$7$FJs9p$7$F$/$@$5$C$?(B eEye $B

$B$H$"$k$N$G!"$=$l$i$K$D$$$F$b$"$o$;$FBP1~$5$l$?$H$$$&$3$H$J$N$G$7$g$&!#(B

$B!!$^$?!"0J2<$NE@$K$D$$$FJQ99$,9T$o$l$F$$$k$=$&$G$9!#(B

  • $B$3$NN_@QE*$J99?7%W%m%0%i%`$O(B COM $B%*%V%8%'%/%H$,(B Internet Explorer $B$G$B$NN_@QE*$J99?7%W%m%0%i%`$O(B Internet Explorer $B$N%]%C%W%"%C%W(B $B%V%m%C%/5!G=$X$N2~A1E@$r4^$_$^$9!#(B
  • $B$3$NN_@QE*$J99?7%W%m%0%i%`$O(B Internet Explorer $B$N%"%I%*%s$N4IM}5!G=$X$N2~A1E@$r4^$_$^$9!#(B
  • $B$3$N99?7%W%m%0%i%`$K$O(B ADODB.Stream $B%*%V%8%'%/%HMQ$K%j%j!<%9$5$l$?(B Kill Bit $B$b4^$^$l$^$9!#(B($BCfN,(B) $B$3$N%*%V%8%'%/%H$N%/%i%9<1JL;R(B (CLSID) $B$O(B 00000566-0000-0010-8000-00AA006D2EA4 $B$G$9!#(B

$B!!$H$$$&$o$1$G!"(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (906267) COM $B%*%V%8%'%/%H(B (Msdds.dll) $B$K$h$j(B Internet Explorer $B$,M=4|$J$/=*N;$9$k2DG=@-$,$"$k(B $B$K$*$$$F(B kill bit $B$r@_Dj$7$??M$b!"(BMS05-052 patch $B$rE,MQ$7$^$7$g$&!#(B

$B!!4XO"(B:

2005.10.19 $BDI5-(B:

$B!!(BWindows$B%;%-%e%j%F%#%Q%C%A(B(MS05-052)$BE,MQ4D6-$K$*$1$k(BCommuniNet Object Server$B$N>c32(B($BBh(B1$BJs(B) ($BF|N)(B, 2005.10.18)$B!#(B CommuniNet Object Server $B$X$N@\B3$K$*$$$F>c32$,H/@8$9$kLOMM!#(B CommuniNet Object Server 02-06 $B$X$N%"%C%W%G!<%H!"$b$7$/$O(B CommuniNet Object Server $B%5%$%H$r!V?.Mj:Q$_%5%$%H!W%>!<%s$KDI2C$9$k$3$H$K$h$j2sHr2DG=$@$=$&$G!#(B

$B"#(B $BDI5-(B

MSDTC $B$*$h$S(B COM+ $B$N@H

$B!!(BRetina MSDTC Scanner (16IP$BBP1~(B) (eEye / SSE) $B$,G[I[$5$l$F$$$?$N$r=q$-K:$l$F$^$7$?!#9b66$5$s$9$$$^$;$s!#(B

$B"#(B $BJ@u67$K$D$$$F!J4Z9q%"%s%i%\H/I=H4?h!K(B
($B%"%s%i%\(B, 2005.10.14)

$B!!(B[Full-disclosure] Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive Handling Buffer Overflow $B$N7o!#(BALZ/UUE/XXE $B%"!<%+%$%V$N=hM}$K$*$$$F(B stack buffer overfow $B$,H/@8$9$k$?$a!"96N,%"!<%+%$%V$K$h$C$FG$0U$N%3!<%I$r

$B!!%9%^!<%H%"%C%W%G!<%H$G99?7$9$l$P$h$$!#(B

$B"#(B 2005.10.14

$B"#(B MSDTC $B$*$h$S(B COM+ $B$N@H
(Microsoft, 2005.10.12)

$B!!(BWindows 2000 / XP / Server 2003 $B$KJ#?t$N7g4Y!#(B

$B"#(B 2005.10.13

$B"#(B $BDI5-(B

OpenSSL Security Advisory [11 October 2005]: Potential SSL 2.0 Rollback (CAN-2005-2969)

$B!!7g4YH/8+4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B):

$B"#(B DirectShow $B$N@H
(Microsoft, 2005.10.12)

$B!!(BDirectX 7.0 / 8.x / 9.x $B$K7g4Y!#(Bquartz.dll / wquartz.dll $B$K7g4Y$,$"$j!"(B $B96N,(B .avi $B%U%!%$%k$r=hM}$5$;$k$3$H$K$h$C$F!V%R!<%W%*!<%P!<%U%m!<$K;w$?!W>uBV$,H/@8!"G$0U$N%3!<%I$r

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B!!4XO"(B:

2005.10.20 $BDI5-(B:

$B!!(BMS05-050 $B$,99?7$5$l!"$"$o$;$F(B KB909596 $B$,8x3+$5$l$F$$$^$9!#(B DirectX 8.0 $B$d(B DirectX 9.0 $B$,%$%s%9%H!<%k$5$l$?(B Windows 2000 $B$K$*$$$F(B "Microsoft Windows 2000 Service Pack 4 $B>e$N(B Microsoft DirectX 7.0" $B$r%$%s%9%H!<%k$9$k$H!"e$K!"2?$i$N7Y9p$bI=<($5$l$J$$$h$&$G$9!#(B $B%"%C%W%G!<%H$5$l$J$$$N$O;EMM$J5$$,$7$^$9$,!"7Y9p$,=P$J$$$N$O$J$"!#(B

$B!!@5>o$K%"%C%W%G!<%H$G$-$F$$$k$+H]$+$r3NG'$9$kJ}K!$H$7$F$O!"0J2<$,$"$k$h$&$G$9!#(B

$B!!%"%C%W%G!<%H$5$l$F$$$J$$>l9g$O!"(BWindows Upadte $B$7$^$7$g$&$H$5$l$F$$$^$9!#(B

$B"#(B 2005.10.12

$B"#(B 2005 $BG/(B 10 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2005.10.12)

$B!!6[5^(B 3$B!"=EMW(B 4$B!"7Y9p(B 2 $B$G$9$+!#4XO"(B:

$B!!$H$j$"$($:

$B!!(B 10 $B7n$N%;%-%e%j%F%#(B $B%j%j!<%9(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 10/12) $B$h$j(B:

$B/!9Cm0U$,I,MW$+$b$7$l$^$;$s!#(B

$B!!(B3rd party $B@=%D!<%k$rMxMQ$9$k>l9g$O$4Cm0U$r!#(B

2005.10.21 $BDI5-(B:

$B!!(B908921 - 2005 $BG/(B 10 $B7n(B 11 $BF|$N%;%-%e%j%F%#>pJs8x3+$K4X$9$k8!=P$HE83+$N (Microsoft)

$B"#(B OpenSSL Security Advisory [11 October 2005]: Potential SSL 2.0 Rollback (CAN-2005-2969)
(openssl.org, 2005.10.11)

$B!!(BOpenSSL 0.9.x $B$K7g4Y!#(BOpenSSL $B$rMxMQ$9$k%5!<%P%"%W%j%1!<%7%g%s$K$*$$$F(B SSL_OP_MSIE_SSLV2_RSA_PADDING $B%*%W%7%g%s$rM-8z$K$7$?>l9g$K7g4Y$,H/@8!#(B $BCf4V2pF~967b$K$h$C$F!"%/%i%$%"%s%H(B - $B%5!<%P4V$G(B SSL 3.0 $B$d(B TLS 1.0 $B$K$h$k@\B3$,2DG=$J>l9g$G$b!"(BSSL 2.0 $B$K6/@)E*$K%m!<%k%P%C%/$5$;$k$3$H$,2DG=!#(B SSL_OP_MSIE_SSLV2_RSA_PADDING $B%*%W%7%g%s$O(B SSL_OP_ALL $B%*%W%7%g%s$K4^$^$l$k$?$a!"B?$/$N(B 3rd $B%Q!<%F%#%"%W%j$,$3$N7g4Y$N1F6A$rCAN-2005-2969

$B!!(BOpenSSL 0.9.7h / 0.9.8a $B$G=$@5$5$l$F$$$k!#$^$?(B OpenSSL 0.9.6$B!A(B0.9.8 $B$KE,MQ2DG=$J(B patch $B$,MQ0U$5$l$F$$$k!#(B patch $B$rE,MQ$9$k$H!"(BSSL_OP_MSIE_SSLV2_RSA_PADDING $B%*%W%7%g%s$OL58z$H$5$l$k!#(B $B$b$H$b$H(B MSIE 3.02 $BBP:v$@$C$?$h$&$J$N$G!"Nr;KE*;HL?$O=*$C$F$b$$$k$@$m$&!#(B

$B!!$3$N7g4Y$O!"%"%W%j%1!<%7%g%s$,(B SSL 2.0 $B$r%5%]!<%H$7$F$$$J$1$l$P2sHr$G$-$k!#(B Firefox$B$,(BSSL 2.0$B$N%5%]!<%H$rGQ;_$X(B (slashdot.jp) $B$H$$$&OC$,$"$C$?$,!"(B $B$U$D$&$N?M$O(B SSL 2.0 $B%5%]!<%H$r$d$a$F$bLdBj$J$$$@$m$&!#(B SSL 2.0 $B$G$J$$$H@\B3$G$-$J$$;vNc(B ($B9bLZ9@8w!w<+Bp$NF|5-(B) $B$H$$$&$N$O!"6K$a$FFCSSL 2.0$B$r%*%s$K$7$m$H;X<($9$k%5%$%H(B ($B9bLZ9@8w!w<+Bp$NF|5-(B) $B$N:a?<$5$,G\2C$5$l$k$o$1$G$9$M!#(B

fix / patch ($B?o;~99?7(B):

2005.10.13 $BDI5-(B:

$B!!7g4YH/8+4uK>$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B):

2006.02.13 $BDI5-(B:

$B!!(B[security bulletin] SSRT051102 rev.1 - HP HTTP Server Running on Windows, Forced Use of Weaker Security Protocol (hp)$B!#(Bpatch$B!#(B

$B"#(B 2005.10.11

$B"#(B BEA Security Advisories and Notifications
(BEA, 2005.10.10)

$B!!(BBEA05-85.00 $B!A(B BEA05-99.00 BEA05-107.00 $B$^$G$,?75,!"(BBEA05-80.02 $B$O99?7$@$=$&$G$9!#(B BEA WebLogic $BMxMQH$7$F$*$-$^$7$g$&!#(B vulcan $B$5$s$A(B$B$G$*$$$*$$%U%)%m!<$5$l$kLOMM$J$N$G!">\:Y$O$=$A$i$r!D!D!#(B vulcan $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Google$B!"%f!<%6!<>pJsN.=P$K$D$J$,$k%5%$%H$N@H
(ITmedia, 2005.10.11)

$B!!!V(Bwww.google.com$B$N%5%V%5%$%H(B2$B$D!W$KB8:_$9$k(B form $B$K$*$1$kF~NO$N8!>Z$,IT==J,$J$?$a$K(B XSS $B7g4Y$,H/@8!"(Bremote $B$+$i(B cookie $B$rGoogle Press Center $B$K$b2?$b$J$5$2!#(B

$B!!4XO"(B: Finjan Identifies Dangerous Cross Site Scripting Vulnerability on Google (finjan.com, 2005.10.10)

$B"#(B 2005.10.10

$B"#(B 2005.10.08

$B"#(B Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
(bugtraq, Fri, 07 Jan 2005 01:01:26 +0900)

$B!!$3$l$^$G(B Oracle $B$K4X$9$k?t!9$N7j$rH/8+$7$F$-$?(B NGSSoftware $B$N(B David Litchfield $B;a$K$h$k0U8+I=L@!#;a$K$h$k$H!"(BOracle $B$K$h$k!V%;%-%e%j%F%#=$@5!W$K$*$$$F$O!":,K\E*$J=$@5$,9T$o$l$F$$$J$$$?$a!"96N,%W%m%0%i%`$r$A$g$C$HJQ99$9$k$@$1$G!"$R$-$D$E$-967b$,@.8y$7$F$7$^$&$i$7$$!#(B

$B!!4XO"(B: Re: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers (bugtraq)$B!#(BRed-Database-Security $B$NCf$N?M$K$h$k%U%)%m!

$B"#(B Oracle $B$M$?(B
(red-database-security.com, 2005.10.07)

$B!!$7$+$7!"$$$:$l$K$b(B Oracle forgot to inform Red-Database-Security that this bug is fixed with CPU July 2005 $B$N$h$&$JIU5-$,$5$l$F$$$k$N$r8+$k$H!"(BOracle $B$C$F!"!D!D!#(B

$B"#(B High Risk Vulnerability in Sun Directory Server
(NGSSoftware, 2005.10.06)

$B!!(BSun Directory Server 5.2 patch 3 $B0JA0$K(B remote $B$+$i96N,2DG=$J7g4Y$,$"$j!"(Bpatch 4 $B$G=$@5$5$l$?$=$&$G$9!#(B

$B"#(B [VulnWatch] Patches available for critical flaws in HP Openview
(NGSSoftware, 2005.10.05)

$B!!(BHP Openview $B$K=EBg$J7g4Y!#(B

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2005.10.07

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B
(Microsoft, 2005.10.07)

$B!!(B2005 $BG/(B 10 $B7n$N;vA0DLCN!"Mh$^$7$?!#(B

  • Windows: 8$B!#:GBg?<9oEY$O!V6[5^!W!#(B
  • Windows / Exchange: 1$B!#:GBg?<9oEY$O!V=EMW!W!#(B
  • $BHs%;%-%e%j%F%#(B: 0
  • $B0-0U$N$"$k%=%U%H%&%'%"$N:o=|%D!<%k$N99?7(B

$B!!(BOffice $B$H$+(B SQL Server $B$H$+$O$J$$$h$&$G$9!#(B9 $B$D$b$"$k$H!"K;$7$/$J$j$=$&$G$9$M!#(B

$B"#(B 2005.10.06

$B"#(B $BDI5-(B

Kaspersky Antivirus Remote Heap Overflow

$B!!(BKaspersky Lab comments on a report regarding a vulnerability in the company's antivirus products (Kaspersky Lab, 2005.10.04)$B!#6L2,$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

The company confirms the presence of a vulnerability in a Kaspersky Anti-Virus module used to process CAB files.

$B!!7g4Y$NB8:_$,(B Kaspersky $B<+?H$K$h$C$F3NG'$5$l$?$=$&$@!#(B

Taking advantage of this vulnerability results in a malfunction of the antivirus program. This effect is present only in the Windows environment and does not affect other operating systems.

$B!!(BWindows $BHG(B Kaspersky Anti-Virus $B$N$_$N7g4Y$G!"(BUNIX / Linux $B$J$IB>$N%W%i%C%H%[!<%`$K$O1F6A$7$J$$$=$&$@!#(B

First of all, on receiving the relevant data, the virus analyst team within a short time period created a package of signatures that detect possible exploits of this vulnerability (procedures that use the vulnerability to compromise a computer). This set of signatures was added to the antivirus databases of Kaspersky Anti-Virus on September 29, significantly reducing the chances of successful use of the CAB vulnerability exploits.

$B!!96N,%3!<%I$r8!=P$9$k$h$&$J%7%0%M%A%c$r(B 9/29 $B$NCJ3,$GEPO?$7$F$"$k$=$&$@!#(B $B%&%$%k%9Dj5A%U%!%$%k$r$-$A$s$H99?7$7$F$"$l$P!"$3$N7g4Y$G$d$i$l$k2DG=@-$O>.$5$=$&$@!#(B

Kaspersky Lab experts are currently developing an emergency update of the company's antivirus products which include the CAB module affected by the vulnerability. The revised list of such products includes: Kaspersky Anti-Virus Personal 5.0, Kaspersky Anti-Virus Personal Pro 5.0, Kaspersky Anti-Virus 5.0 for Windows Workstations, Kaspersky Anti-Virus 5.0 for Windows File Servers, Kaspersky Personal Security Suite 1.1. ($BCfN,(B) Updates eliminating the CAB vulnerability for all the programs listed above will be released in the second half of October 5th, 2005 and will be available for installation using standard updating procedures.

$B!!=$@5$b$=$m$=$m9T$o$l$F$$$k$O$:!"$J$N$+$J!#!D!D=P$?$h$&$G$9(B: KAV v5.0.390 Released! (wilderssecurity.com)$B!#6L2,$5$s(B ($B$U$?$?$S(B) $B>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2005.10.05

$B"#(B SYM05-017: Symantec Antivirus Scan Engine $B!'(B Web $B%5!<%S%94IM}%$%s%?!<%U%'!<%9$K%P%C%U%!!&%*!<%P!<%U%m!<$N@H
(Symantec, 2005.10.05)

$B!!(BSymantec AntiVirus Scan Engine $B$N(B 4.0 $B$H(B 4.3 $B$K7g4Y!#(BSymantec AntiVirus Scan Engine $B$N(B web $B4IM}%$%s%?!<%U%'!<%9$K7g4Y$,$"$j!":Y9)$7$?(B HTTP $B%X%C%@$r4^$`%j%/%(%9%H$rAw$k$3$H$K$h$C$FG$0U$N%3!<%I$r(B SYSTEM $B8"8B$G

$B!!(BSymantec AntiVirus Scan Engine 4.3.12 $B$G=$@5$5$l$F$$$k!#(B $BF~$B$3$A$i(B$B$r;2>H!#(B

$B!!4XO"(B: [Full-disclosure] iDEFENSE Security Advisory 10.04.05: Symantec AntiVirus Scan Engine Web Service Buffer Overflow Vulnerability

$B"#(B $B$$$m$$$m(B
(variuos)

$B"#(B [SA17043] uim Environment Variable Privilege Escalation Vulnerability
(secunia, 2005.10.05)

$B!!(Buim 0.4.9 $B0JA0(B / 0.5.0 $B$K7g4Y!#(Bsuid / sgid $B;~$N4D6-JQ?t$N07$$$K7g4Y$,$"$j!"(B suid / sgid $B;~$K(B local user $B$K$h$k8"8B>e>:$,2DG=$H$J$k!#(B

$B!!(Buim 0.4.9.1 / 0.5.0.1 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B Kaspersky Antivirus Remote Heap Overflow
(rem0te.com, 2005.10.03)

$B!!(BKaspersky Antivirus Library $B$K$*$1$k(B cab $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!"(Bheap overflow $B$,H/@8$9$k!#$3$N$?$a!"96N,(B cab $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rZ$7$F$$$k$,!"B>$NHG$K$bF1MM$N7g4Y$,$"$k$N$+$b$7$l$J$$!#(B

$B!!(BKaspersky $B<+?H$K$O>pJs$O$^$@$J$$$h$&$@!#(B

2005.10.06 $BDI5-(B:

$B!!(BKaspersky Lab comments on a report regarding a vulnerability in the company's antivirus products (Kaspersky Lab, 2005.10.04)$B!#6L2,$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

The company confirms the presence of a vulnerability in a Kaspersky Anti-Virus module used to process CAB files.

$B!!7g4Y$NB8:_$,(B Kaspersky $B<+?H$K$h$C$F3NG'$5$l$?$=$&$@!#(B

Taking advantage of this vulnerability results in a malfunction of the antivirus program. This effect is present only in the Windows environment and does not affect other operating systems.

$B!!(BWindows $BHG(B Kaspersky Anti-Virus $B$N$_$N7g4Y$G!"(BUNIX / Linux $B$J$IB>$N%W%i%C%H%[!<%`$K$O1F6A$7$J$$$=$&$@!#(B

First of all, on receiving the relevant data, the virus analyst team within a short time period created a package of signatures that detect possible exploits of this vulnerability (procedures that use the vulnerability to compromise a computer). This set of signatures was added to the antivirus databases of Kaspersky Anti-Virus on September 29, significantly reducing the chances of successful use of the CAB vulnerability exploits.

$B!!96N,%3!<%I$r8!=P$9$k$h$&$J%7%0%M%A%c$r(B 9/29 $B$NCJ3,$GEPO?$7$F$"$k$=$&$@!#(B $B%&%$%k%9Dj5A%U%!%$%k$r$-$A$s$H99?7$7$F$"$l$P!"$3$N7g4Y$G$d$i$l$k2DG=@-$O>.$5$=$&$@!#(B

Kaspersky Lab experts are currently developing an emergency update of the company's antivirus products which include the CAB module affected by the vulnerability. The revised list of such products includes: Kaspersky Anti-Virus Personal 5.0, Kaspersky Anti-Virus Personal Pro 5.0, Kaspersky Anti-Virus 5.0 for Windows Workstations, Kaspersky Anti-Virus 5.0 for Windows File Servers, Kaspersky Personal Security Suite 1.1. ($BCfN,(B) Updates eliminating the CAB vulnerability for all the programs listed above will be released in the second half of October 5th, 2005 and will be available for installation using standard updating procedures.

$B!!=$@5$b$=$m$=$m9T$o$l$F$$$k$O$:!"$J$N$+$J!#!D!D=P$?$h$&$G$9(B: KAV v5.0.390 Released! (wilderssecurity.com)$B!#6L2,$5$s(B ($B$U$?$?$S(B) $B>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B [SA17054] CVS zlib Vulnerabilities
(secunia, 2005.10.05)

$B!!(Bcvs 1.12.12 $B$K$O(B zlib 1.2.2$B!"(Bcvs 1.12.10$B!A(B1.12.11 $B$K$O(B zlib 1.2.1 $B$,F1:-$5$l$F$$$k$,!"(B $B$3$l$i$K$O(B OpenPKG Security Advisory: OpenPKG-SA-2004.038-zlib $B$H$+(B CAN-2005-2096: zlib 1.2.x buffer overflow $B$H$+(B CAN-2005-1849 $B$H$+$$$&OC$,$"$k$N$G!"(Bcvs 1.12.13 $B$K$O(B zlib 1.2.3 $B$,F1:-$5$l$?$=$&$J!#(B

$B"#(B 2005.10.04

$B"#(B JVN#79314822: Tomcat $B$K$*$1$k%j%/%(%9%H=hM}$K4X$9$k@H
(JVN, 2005.09.30)

$B!!(BTomcat 4.x $B$K7g4Y!#(B Cosminexus Application Server$B$GB>$N%j%/%(%9%H$N%j%/%(%9%H%\%G%#$r;HMQ$9$kLdBj(B ($BF|N)(B) $B$K$h$k$H!"(B

$B>e5-$N@=IJ$r;HMQ$7$F$$$k(BWeb$B%"%W%j%1!<%7%g%s%5!<%P$K$*$$$F!"(BPOST$B%j%/%(%9%H$K$F!"%j%/%(%9%H%\%G%#$rAw?.$;$:$K%3%M%/%7%g%s$r@ZCG$7$?;~$K!"0JA0$KB>$N%j%/%(%9%H$GAw?.$5$l$?%j%/%(%9%H%\%G%#$rMQ$$$F(BServlet/JSP$B$,$N%j%/%(%9%H$GAw?.$5$l$?%j%/%(%9%H%\%G%#$rMQ$$$F(BServlet/JSP$B$,pJs$rMxMQ$7$F!"=hM}$5$l$k2DG=@-$,$"$j$^$9!#(B

$B!!(BTomcat 5.x $B$K$O$3$N7g4Y$O$J$$$=$&$@!#$^$?F|N)$N(B Cosminexus Application Server $B$K$D$$$F$O(B$BBP:vHG(B$B$,$"$k$N$GE,MQ$7$h$&!#(B

$B!!>.=P$5$s!">.NS$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $BDI5-(B

Microsoft$B$N(BJet$B%G!<%?%Y!<%9%(%s%8%s$K@H

$B!!(BMS Office$B$N@H (ITmedia, 2005.10.04)

$B"#(B Lotus Notes$B$K:o=|$7$?$O$:$NE:IU%U%!%$%k$rAw?.$7$F$7$^$&IT6q9g(B
(Internet Watch, 2005.10.03)

$B!!(BLotus Notes 6.0.0$B!A(B6.0.3 / 6.5.0 $B$K$*$$$F!"%I%i%C%0(B & $B%I%m%C%W$G%U%!%$%k$rE:IU$7!"$5$i$K$=$l$r:o=|$7$?>l9g$K!"pJsO31H$K$D$J$,$k>l9g$,$"$kLOMM!#(BNotes 5.x $B0JA0$K$O$3$N7g4Y$O$J$$!#(B

$B!!(BLotus Notes 6.0.4 $B0J9_(B / 6.5.1 $B0J9_$G=$@5$5$l$F$$$k$H$$$&!#(B $B$?$@$7(B 6.0.4 $B0J9_(B / 6.5.1 $B0J9_$K%"%C%W%0%l!<%I$7$F$b!"4{$KB8:_$9$k1#$7E:IU%U%!%$%k$,<+F0E*$K:o=|$5$l$k$o$1$G$O$J$$!#(B $B$3$N$h$&$JJ8=q$O(B LinkAttach Tool (IBM) $B$rMxMQ$7$F8!=P2DG=!#(B

$B"#(B 2005.10.03

$B"#(B 2005.10.02

$B"#(B 2005.10.01

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B