$B%;%-%e%j%F%#%[!<%k(B memo - 2006.11

Last modified: Wed Jul 25 15:53:04 2007 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2006.11.30

$B"#(B $B$$$m$$$m(B (2006.11.30)
(various)

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2006.11.28)

$B!!4XO"(B: [USN-385-1] tar vulnerability$B!#(BCVE-2006-6097 $BOC!#(Bpatch $B$"$j!#(B

$B"#(B Adobe Reader and Acrobat ActiveX Control Remote Code Execution Vulnerabilities
(FrSIRT, 2006.11.28)

$B!!(BWindows $BHG$N(B Adobe Reader / Acrobat / Acrobat Pro 7.0.0$B!A(B7.0.8 $B$K7g4Y!#(B AcroPDF.dll ActiveX $B%3%s%H%m!<%k$K%a%b%jGK2u$,H/@8$9$k7g4Y$,$"$j!"96N,(B web $B%Z!<%8$r1\Mw$5$;$k$HG$0U$N%3!<%I$rCVE-2006-6027

$B!!=$@5HG$O$^$@$J$$!#0J2<$N$$$:$l$+$K$h$C$F2sHr$G$-$k!#(B

2006.12.01 $BDI5-(B:

$B!!4XO"(B: $B%"%I%S(B $B%7%9%F%`%: ($B7Y;!D#(B, 2006.11.30)

2006.12.05 $BDI5-(B:

$B!!(BAcroPDF.dll ActiveX $B%3%s%H%m!<%k$K$O!"$5$i$KJL$NLdBj$,$"$k$i$7$$(B: CVE-2006-6236

2006.12.07 $BDI5-(B:

$B!!(BUpdate available for potential vulnerabilities in Adobe Reader and Adobe Acrobat 7 (Adobe) $BEP>l!#(BAdobe Reader $B$K$D$$$F$O(B Adobe Reader 8 $B$G=$@5$5$l$F$$$kLOMM!#(B Acrobat 7.x $B$K$D$$$F$O!"(BAcrobat 8 $B$X$N99?7$G2r7h$5$l$k$H$O=q$+$l$F$$$J$$$J$"!#(B

$B"#(B 2006.11.29

$B"#(B $B$$$m$$$m(B (2006.11.29)
(various)

$B"#(B Security Update 2006-007 $B$N%;%-%e%j%F%#%3%s%F%s%D$K$D$$$F(B
(Apple, 2006.11.29)

$B!!(BMac OS X 10.3.9 / 10.4.8 $BMQ%;%-%e%j%F%#(B patch$B!#(B

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2006.11.04)

$B!!(BMOKB-01-11-2006 - Apple Airport 802.11 Probe Response Kernel Memory Corruption $B$O(B Security Update 2006-007 $B$G=$@5$5$l$?!#(B

gzip 5 $BO"H/(B

$B!!(B[ GLSA 200611-24 ] LHa: Multiple vulnerabilities

$B"#(B CVE-2006-5815: remote code execution in ProFTPD
(ProFTPD.org, Tue, 28 Nov 2006 01:37:30 +0900)

$B!!(BProFTPD 1.3.0 $B0JA0$KCVE-2006-5815

$B!!(BProFTPD 1.3.0a $B$G=$@5$5$l$F$$$k!#$7$+$7(B ProFTPD 1.3.0a $B$K$OB>$K$b%P%0$,$"$k$i$7$$!#(B

2006.12.01 $BDI5-(B:

$B!!",$N(B mod_tls $BOC$O(B CVE-2006-6170 $B$H$7$FJ,N`$5$l$?$_$?$$!#$3$l$H$OJL$K!"(BCVE-2006-6171 $B$H$$$&$b$N$b$"$k$=$&$@!#$G$b$h$/$h$/8+$k$H!"(BCVE-2006-6171 $B$O(B DISPUTED $B07$$$G$9$M!#(B

fix / patch:

$B"#(B 2006.11.28

$B"#(B tDiary$B$N@H
(tdiary.org, 2006.11.26)

$B!!(BtDiary 2.0.2 $B0JA0(B / 2.1.4.20061115 $B0JA0$K(B XSS $B7g4Y!#(B tDialy 2.0.3 $B$G=$@5$5$l$F$$$k!#$^$?!"(B2.1.4 $B$X$N(B patch $B$,8x3+$5$l$F$$$k!#(B

$B!!4XO"(B: $B!V(BtDiary$B!W%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@HZ$7$F$_$^$7$?(B (nutsecurity, 2006.11.28)

2006.12.12 $BDI5-(B:

$B!!(BtDialy 2.0.3 / 2.1.4.20061127 $B$G$N=$@5$OIT==J,$@$C$?$=$&$G(B: tDiary$B$N@H (tDiary.org)$B!#(BtDiary 2.0.4 $B$G=$@5$5$l$F$$$k!#$^$?(B tDiary 2.1.4.20061127 $B$X$N(B patch $B$,8x3+$5$l$F$$$k!#(B

2006.12.28 $BDI5-(B:

$B!!(BJVN#31185550 tDiary $B$K$*$1$kG$0U$N(B Ruby $B%9%/%j%W%H$r$B!#(B tDiary$B$N@H (tDiary.org) $B$G=$@5$5$l$?7o$NOC!#(B

$B"#(B $B$$$m$$$m(B (2006.11.28)
(various)

2006.11.30 $BDI5-(B:

$B!!4XO"(B: [USN-385-1] tar vulnerability$B!#(BCVE-2006-6097 $BOC!#(Bpatch $B$"$j!#(B

$B"#(B 2006.11.27

$B"#(B $B$$$m$$$m(B (2006.11.27)
(various)

$B!!(B(<ul>$B%?%0JD$8$o$9$l=$@5(B - $B9b66$5$s46

$B"#(B 2006.11.25

$B"#(B $BDI5-(B

Firefox $BMQDjHV(BRSS$B%j!<%@(B Sage $B$K$*$1$k(B RSS Script Injection

$B!!(BSage 1.3.9 $B$G=$@5$5$l$?$=$&$G$9!#$*$*$d$^$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B$3$l$KBP1~$7$?!"(BSage++ 1.3.9 $B$b=P$F$$$^$9!#(B

$B!!4XO"$+$J(B: Sage cross-context scripting -> LOCAL-CONTEXT SCRIPTING

$B"#(B 2006.11.24

$B"#(B CIS Finds Flaws in Firefox v2 Password Manager
(Chapin Information Services, 2006.11.21)

$B!!(BFirefox 2 $B$N%Q%9%o!<%I%^%M!<%8%c$K7g4Y!#$"$k%I%a%$%sFb$N$"$k%Z!<%8(B ($B%m%0%$%s%Z!<%8$J$I(B) $B$K$*$$$FJ]B8$7$?%f!<%6L>(B/$B%Q%9%o!<%I$,!"F1$8%I%a%$%sFb$NJL$N%Z!<%8$K$*$$$F$b<+F0E*$KE,MQ$5$l$F$7$^$&!#$=$N7k2L!"(Bstyle="display: none;" $B$J$I$r;H$C$?1#$7%m%0%$%s%U%)!<%`$r;H$C$F%f!<%6L>(B/$B%Q%9%o!<%I$rH4$-$B%G%b%Z!<%8(B$B$r;2>H(B)$B!#(B Bugzilla Bug 360493 $B$K$h$k$H!"Js9p[SA23046] Firefox Password Manager Information Disclosure $B$K$h$k$H!"(BFirefox 1.x $B$K$bF1MM$N7g4Y$,$"$k$H$$$&!#(B

$B!!(Bpatch $B$O$^$@$J$$!#(BFirefox 2.0.0.1 $B$^$?$O(B 2.0.0.2 $B$G$N=$@5$rL\;X$7$F:n6HCf!#(B $B%Q%9%o!<%I%^%M!<%8%c$rL58z$K$9$l$P2sHr$G$-$k!#(B

  1. [$B%D!<%k(B] $B%a%K%e!<$N(B [$B%*%W%7%g%s(B] $B$rA*Br$7!"!V%*%W%7%g%s!W%&%#%s%I%&$rI=<($5$;$k!#(B
  2. $B!V%*%W%7%g%s!W%&%#%s%I%&$N(B [$B%;%-%e%j%F%#(B] $B%?%V$rA*Br$7!"!V%5%$%H$N%Q%9%o!<%I$r5-21$9$k!W$N%A%'%C%/$r30$9!#(B

$B!!4XO"(B:

2007.07.25 $BDI5-(B:

$B!!;w$?$h$&$JOC(B: Firefox 2.0.0.5$B$K%Q%9%o!<%I$,Ep$^$l$k@H

$B"#(B $B$$$m$$$m(B (2006.11.24)
(various)

$B"#(B Mac OS X$B$K4m81$J%;%-%e%j%F%#!&%[!<%k!$(BWeb$B%"%/%;%9$GHo32$KAx$&62$l(B
($BF|7P(B IT Pro, 2006.11.22)

$B!!(BMOKB-20-11-2006: Mac OS X Apple UDIF Disk Image Kernel Memory Corruption (1) $B$NOC!#(B Mac OS X 10.4.8 $B0JA0$K$*$1$k(B .dmg $B%U%!%$%k$N=hM}$K7g4Y$,$"$j!":Y9)$5$l$?(B .dmg $B%U%!%$%k$K$h$C$F%a%b%jGK2u$,H/@8!"%+!<%M%k%b!<%I$K$*$$$FG$0U$N%3!<%I$r

$B!!(Bpatch $B$O$^$@$J$$!#(B $B$H$j$"$($:!"(BSafari $B$N4D6-@_Dj$K$*$$$F!V%@%&%s%m!<%I8e!"!H0BA4$J!I%U%!%$%k$r3+$/!W$rL58z$K$9$l$P!"%@%&%s%m!<%I$7$?(B .dmg $B%U%!%$%k$K$h$C$F$$$-$J$j967b$5$l$k!"$H$$$&>u67$OKI$2$k!#$=$N>e$G!"0BA4@-$r3NG'$G$-$J$$%5%$%H$+$i$O(B .dmg $B%U%!%$%k$r%@%&%s%m!<%I$7$J$$$h$&$K$9$k!#(B.dmg $B%U%!%$%k<+BN$N@5Ev@-$r3NG'$9$kJ}K!$O!D!DEE;R=pL>$H$+$,JLESMQ0U$5$l$F$$$J$$8B$j$O!"$J$$$s$8$c$J$$$+$J$"!#(B

$B!!4XO">pJs(B:

$B"#(B $BDI5-(B

Microsoft XML $B%3%"%5!<%S%9$N@H

$B!!(BMS06-071 Available Through SUS 1.0 (MSRC blog, 2006.11.22)$B!#(BSUS 1.0 $B$G$b$h$&$d$/G[I[$5$l$?$=$&$G$9!#(B

$B"#(B BLPC$B%Q%=%3%s%a%b(B $B%&%#%k%9BP:v%=%U%H$K4X$9$k=EMW$J$*CN$i$;(B
(BLPC$B%Q%=%3%s%a%b(B, 2006.11.21)

$B!!(BNorton AntiVirus 2007$B!"(BNorton Internet Security 2007$B!"%&%#%k%9%P%9%?!<(B 2007 $B$O!"%9%/%j!<%s%j!<%@!<(B ($BFI$_>e$2%=%U%H(B) $B$H$NJ;MQ$,:$Fq$G$"$k!"$H$$$&OC!#(B $B6qBNE*$K$O!">/$J$/$H$b(B PC-Talker XP $B$H(B JAWS for Windows 7.1 $B$K$*$$$FMxMQ$,:$Fq$G$"$kLOMM!#(Bitochan $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(B2006 $B%P!<%8%g%s$G$O(B Norton $B$b%&%#%k%9%P%9%?!<$bFC$KLdBj$O$J$+$C$?$N$@$=$&$@!#(B $B%9%/%j!<%s%j!<%@!

$B!!(BBLPC $B$K$D$$$F$O!"(B$B%V%i%$%s%I%Q%=%3%s%5%]!<%H(B(BLPC)$B%[!<%`%Z!<%8(B $B$r;2>H!#(B

$B"#(B 2006.11.22

$B"#(B $BDI5-(B

APSB06-18: Update available for HTTP Header Injection Vulnerabilities in Adobe Flash Player

$B!!(BFlash Player 9 for Linux 9.0.21.78 $B$,=P$?$h$&$G$9(B: Linux Beta 2 on Adobe Labs (Emmy Huang, 2006.11.20)

$B"#(B 2006.11.21

$B"#(B $BDI5-(B

Workstation $B%5!<%S%9$N@H

$B!!4XO"(B:

$B"#(B $B$$$m$$$m(B (2006.11.21)
(various)

$B"#(B 2006.11.20

$B"#(B $B$$$m$$$m(B
(various)

$B"#(B 2006.11.19

$B"#(B 2006.11.18

$B"#(B 2006.11.17

$B"#(B $B$$$m$$$m(B (2006.11.17)
(various)

$B"#(B $BDI5-(B

Workstation $B%5!<%S%9$N@H

$B!!4XO"(B:

$B"#(B 2006.11.16

$B"#(B $BDI5-(B

APSB06-18: Update available for HTTP Header Injection Vulnerabilities in Adobe Flash Player

$B!!$i$`$8$#(B $B$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B):

http://labs.adobe.com/downloads/flashplayer9.html $B$r8+$k8B$j!"LdBj$N(BLinux$BHG$O(B9.0.21.55$B$,(BSA$B$HF1$8(B2006/10/18$B$K8x3+$5$l$F$$$k$h$&$G$9!#(BSecurity Bulletin$B$G$O(B9.0.20$B0J>e$K$7$m!"$H$"$k$o$1$G$9$7!"(BSA$B$H(BPlayer$B$N8x3+F|IU$,0lCW$7$F$$$k$3$H$+$i9M$($k$HF1%P!<%8%g%s$G$OBP1~:Q$_$J$N$G$O$J$$$G$7$g$&$+!)(B

$B!!4XO"(B: Beta Refresh on Adobe Labs: Flash Player 9 for Linux beta now available (Emmy Huang, 2006.10.18)$B!#$=$N8e!"(BWindows / Mac OS X $BHG$K$D$$$F$O&B$,FAQ $B$r8+$k$H!"(BFlash Player 9 for Linux $B@5<0HG$OMhG/$K$J$i$J$$$H=P$J$$$h$&$G!#(B

Workstation $B%5!<%S%9$N@H

$B!!4XO"(B: Workstation Service NetpManageIPCConnect Buffer Overflow (eEye)

$B"#(B $B$$$m$$$m(B (2006.11.16)
(various)

$B"#(B SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
(SANS, 2006.11.15)

$B!!(BSANS TOP 20 $B:G?7HG(B Version 7.0$B!#(BCross-Platform Applications $B$,F2!9$?$kCOJb$rC[$$$F$*$j!"(B Security Policy and Personnel $B$d!"(B Special Section $B$H$7$F(B Zero Day Attacks and Prevention Strategies $B$J$s$F9`L\$b$"$k!#(B

$B"#(B 2006.11.15

$B"#(B Microsoft XML $B%3%"%5!<%S%9$N@H
(Microsoft, 2006.11.15)

$B!!(BMicrosoft XML $B%3%"%5!<%S%9(B 4.0 / 6.0 $B$K7g4Y!#(BXML $B%3%"%5!<%S%9Fb$N(B XMLHTTP ActiveX $B%3%s%H%m!<%k$K7g4Y$,$"$j!"96N,(B web $B%Z!<%8$rDL$8$FG$0U$N%3!<%I$r$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (927892) XML $B%3%"%5!<%S%9$N@H $B$NOC!#(B CVE: CVE-2006-5745

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$J$*!"(B927892 $B$K=>$C$F(B kill bit $B$r@_Dj$7$?$"$C$?>l9g!"(Bpatch $B$r%$%s%9%H!<%k$7$F$b<+F0E*$K$O2r=|$5$l$J$$$N$GCm0U!#(B MS06-071 $B$K!"(Bkill bit $B@_DjMQ$*$h$S2r=|MQ$N(B .reg $B%U%!%$%k$N$D$/$j$+$?$,5-$5$l$F$$$k!#(B

2006.11.24 $BDI5-(B:

$B!!(BMS06-071 Available Through SUS 1.0 (MSRC blog, 2006.11.22)$B!#(BSUS 1.0 $B$G$b$h$&$d$/G[I[$5$l$?$=$&$G$9!#(B

$B"#(B Workstation $B%5!<%S%9$N@H
(Microsoft, 2006.11.15)

$B!!(BWindows 2000 / XP (32bit) $B$K7g4Y!#(BWorkstation $B%5!<%S%9$K(B buffer overflow $B$9$k7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$rl9g$OF?L>%f!<%6$K$h$k967b$,2DG=$J$?$a!"4m81EY$,9b$$!#(B CVE: CVE-2006-4691

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$^$?!"(B139/tcp $B$H(B 445/tcp $B$r%U%#%k%?$9$k$3$H$G2sHr$G$-$k!#(B

2006.11.16 $BDI5-(B:

$B!!4XO"(B: Workstation Service NetpManageIPCConnect Buffer Overflow (eEye)

2006.11.17 $BDI5-(B:

$B!!4XO"(B:

2006.11.21 $BDI5-(B:

$B!!4XO"(B:

2006.12.01 $BDI5-(B:

$B!!4XO"(B: Workstation$B%5!<%S%9(B NetpManagerIPCConnect $B%P%C%U%!%*!<%P!<%U%m!<@H ($B=;>&>pJs%7%9%F%`(B / eEye)$B!#9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Adobe $B$N(B Macromedia Flash Player $B$N@H
(Microsoft, 2006.11.15)

$B!!(BAPSB06-11: Multiple Vulnerabilities in Adobe Flash Player 8.0.24.0 and Earlier Versions $B$NOC!#(BWindows XP SP2 $B$K4^$^$l$k(B Flash Player 6 $B$N99?7!#(B

$B"#(B Microsoft $B%(!<%8%'%s%H$N@H
(Microsoft, 2006.11.15)

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#(B Microsoft $B%(!<%8%'%s%H$N(B ActiveX $B%3%s%H%m!<%k$K7g4Y$,$"$j!"(Bbuffer overflow $B$,H/@8!"96N,(B .ACF $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2006-3445

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$J$*!"(BWindows Vista $B$K$3$N7g4Y$O$J$$!#(B

$B"#(B Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (922760) (MS06-067)
(Microsoft, 2006.11.15)

$B!!(BIE 5.01 / 6 $B$K7g4Y!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$^$?!"$$$:$l$N7g4Y$b(B IE 7 $B$K$OB8:_$7$J$$!#(B $B$J$*!"(BDirectAnimation $B$K$D$$$F$O!"=$@5%b%8%e!<%k$GCV$-49$($k$N$G$O$J$/!"4XO"$9$k(B CLSID $B$X$N(B kill bit $B$N@_Dj$,9T$o$l$k!#(B

$B!!(Bpatch $B$rE,MQ$9$k$H!">e5-$N=$@5$K2C$(!"(BWinZip 10.0 $B$N(B ActiveX $B%3%s%H%m!<%k$KBP$7$F(B kill bit $B$r@_Dj$9$k!#(BCLSID $B$O0J2<$N$H$*$j(B:

$B!!(BWinZip 10.0 $B$N7g4Y$K$D$$$F$O!"(B WinZip 10.0 Build 7245 $B$r;2>H!#(B

$B"#(B WinZip 10.0 Build 7245
(WinZip, 2006.11.14)

$B!!(BWinZip 10.0 $B$K4^$^$l$k(B ActiveX $B%3%s%H%m!<%k$K7g4Y!#96N,(B web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$r

2006.11.16 $BDI5-(B:

$B!!(BZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability

$B"#(B NetWare $BMQ%/%i%$%"%s%H(B $B%5!<%S%9$N@H
(Microsoft, 2006.11.15)

$B!!(BWindows 2000 / XP (32bit) / Server 2003 (32bit) $B$K7g4Y!#(BNetware $B4X78$N7g4Y$,(B 2 $BE@B8:_$9$k!#(B

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#$J$*!"(B64bit $BHG$N(B Windows XP / Server 2003$B!"$*$h$S(B Windows Vista $B$K$3$N7g4Y$O$J$$!#(B

$B"#(B APSB06-18: Update available for HTTP Header Injection Vulnerabilities in Adobe Flash Player
(adobe, 2006.11.14)

$B!!(BAPSA06-01: HTTP header injection vulnerabilities in Adobe Flash Player $B$N7o!#(B Flash Player 9.0.28.0 $B$G=$@5$5$l$F$$$k!#(B $B$G$b(B Windows / Mac OS X $BHG$7$+$J$$$7!#(BLinux $B$H$+$N?M$O$I!<$9$s$N(B?

2006.11.16 $BDI5-(B:

$B!!$i$`$8$#(B $B$5$s$+$i(B ($B>pJs$"$j$,$H$&$4$6$$$^$9(B):

http://labs.adobe.com/downloads/flashplayer9.html $B$r8+$k8B$j!"LdBj$N(BLinux$BHG$O(B9.0.21.55$B$,(BSA$B$HF1$8(B2006/10/18$B$K8x3+$5$l$F$$$k$h$&$G$9!#(BSecurity Bulletin$B$G$O(B9.0.20$B0J>e$K$7$m!"$H$"$k$o$1$G$9$7!"(BSA$B$H(BPlayer$B$N8x3+F|IU$,0lCW$7$F$$$k$3$H$+$i9M$($k$HF1%P!<%8%g%s$G$OBP1~:Q$_$J$N$G$O$J$$$G$7$g$&$+!)(B

$B!!4XO"(B: Beta Refresh on Adobe Labs: Flash Player 9 for Linux beta now available (Emmy Huang, 2006.10.18)$B!#$=$N8e!"(BWindows / Mac OS X $BHG$K$D$$$F$O&B$,FAQ $B$r8+$k$H!"(BFlash Player 9 for Linux $B@5<0HG$OMhG/$K$J$i$J$$$H=P$J$$$h$&$G!#(B

2006.11.22 $BDI5-(B:

$B!!(BFlash Player 9 for Linux 9.0.21.78 $B$,=P$?$h$&$G$9(B: Linux Beta 2 on Adobe Labs (Emmy Huang, 2006.11.20)

2007.01.18 $BDI5-(B:

$B!!(BFlash Player 9 for Linux $B@5<0HG$,=P$?$h$&$G$9(B: Adobe Flash Player 9 for Linux now available on adobe.com (Emmy Huang, 2007.01.16)

$B"#(B 2006.11.14

$B"#(B trac Change Log: 0.10.2
(trac, 2006.11.14)

$B!!(Btrac 0.10.2 $BEP>l(B$B!#(B0.10.1 $B$G$N(B CSRF $B@H

$B!!(BNVD: CVE-2006-5878

$B"#(B Upcoming Advisories - EEYEB-2006111
(eEye, 2006.11.11)

$B!!(BAdobe software $B$H$$$C$F$b$$$m$$$m$"$k$+$i$J$"!D!D!#(B

$B"#(B JVN#84656399: Nucleus $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H
(JVN, 2006.11.14)

$B!!(BNucleus 3.23 $B0JA0$K(B XSS $B7g4Y$,$"$j!"(B3.24 $B$G=$@5$5$l$?LOMM!#(B $B$7$+$7!"(BNucleus $BF|K\8lHG(B $B$O$^$@(B 3.23 $B$J$s$@$h$M!#(B

2007.01.16 $BDI5-(B:

$B!!(BCVE-2006-6920$B!#(BNucleus 3.24 $BF|K\8lHG%j%j!<%9(B (Kimitake's blog, 2006.11.17)$B!#(B

$B"#(B 2006.11.13

$B"#(B $BDI5-(B

SONY $B@=%P%C%F%jJ}LL(B

$B!!(BEPSON $B$,8r49:n6H$r3+;O$7$^$7$?(B:

$B"#(B 2006.11.11

$B"#(B $B$$$m$$$m(B (2006.11.11)
(various)

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (927892) XML $B%3%"%5!<%S%9$N@H

$B!!96N,%3!<%I(B (milw0rm):

2006 $BG/(B 10 $B7n$N%;%-%e%j%F%#%j%j!<%9(B

$B!!(B[$B%;%-%e%j%F%#?GCG(B]$B$r ($B%H%l%s%I%^%$%/%m(B)

$BJ@]$,2sHr$5$l$k$3$H$r3NG'$7$F$$$^$9!#(B
[MS06-061] Microsoft XML $B%3%"(B $B%5!<%S%9(B 6.0 $BMQ$N%;%-%e%j%F%#99?7%W%m%0%i%`(B
[MS06-061] Microsoft XML $B%3%"(B $B%5!<%S%9(B 4.0 SP2 $BMQ$N%;%-%e%j%F%#99?7%W%m%0%i%`(B

$B!!$&!<$s!D!D!#(BMS06-061 $B$N!V$3$N%;%-%e%j%F%#99?7%W%m%0%i%`$K4X$9$k$h$/4s$;$i$l$k

PowerPoint$B$K?7$?$J@HZ%3!<%I$b4{$K8x3+(B

$B!!$3$l$G$9$,!"G$0U$N%3!<%I$r

$B"#(B 2006.11.10

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B (2006.11)
(Microsoft, 2006.11.10)

$B!!M=9p=P$^$7$?!#(B

  • XML $B%3%"%5!<%S%9(B: 1$B!#:GBg?<9oEY$O!V6[5^!W(B
  • Windows: 5$B!#:GBg?<9oEY$O!V6[5^!W(B
  • $B0-0U$N$"$k%=%U%H%&%'%"$N:o=|%D!<%k$N99?7(B
  • $B%;%-%e%j%F%#0J30$NM%@hEY$N9b$$99?7%W%m%0%i%`(B
    • WU / SUS: $B$J$7(B
    • MU / WSUS: 2

$B!!(BOffice $B$H$+(B Exchange $B$H$+$N(B patch $B$O$J$$LOMM!#(B

$B!!4XO"(B: 11 $B7n$N%j%j!<%9M=Dj(B ($BF|K\$N%;%-%e%j%F%#%A!<%`$N(B Blog, 2006.11.10)

$B"#(B 2006.11.09

$B"#(B $B$$$m$$$m(B (2006.11.09)
(various)

$B"#(B $BDI5-(B

Announce: OpenSSH 4.5 released

$B!!4XO"(B:

$B!!(BcopSSH $B$O(B Cygwin $B$+$i(B OpenSSH $B$@$1

2006 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B (Microsoft)

$B!!(BMS06-042 patch $B$KIT6q9g$,$"$k$=$&$G$9!#(B

$B!!(BWindows XP / Server 2003 + IE 6 $B$J4D6-$G$7$+H/@8$7$J$$$=$&$G$9!#(B $B$3$N%W%i%C%H%[!<%`$G$O:#8e$O(B IE7 $B?d>)$J$N$G$7$g$&$+$i!"(B Microsoft $B$K$"$j$,$A$J!V0\9T?d?J%P%0!W$J$N$+$b$7$l$^$;$s$M!#(B

mixi$B$N!V$h$/$"$k

$B!!(Bmixi$B$N2hA|(BURL$B$N ($BMU$C$QF|5-(B, 2006.11.09)$B!#2hA|(B URL $B$K;~4V@)8B$G$9$+!#(B $B7G:\$7$?2hA|$N(BURL $B$r%m%0%"%&%H$7$?>uBV$G%/%j%C%/$7$F$b!"2hA|$r8+$k$3$H$,$G$-$k!)(B (mixi $B%X%k%W(B) $B$b!"$J$/$J$C$F$^$9$M!#$J$/$5$J$/$F$b$$$$$N$K!#(B

$B$$$m$$$m(B (2006.10.13)

$B!!(BAdobe $B$NF|K\8lHG%"%I%P%$%6%j$,=P$F$^$7$?!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (927892) XML $B%3%"%5!<%S%9$N@H

$B!!4XO"(B:

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (927709) Visual Studio 2005 $B$N@H

$B!!4XO"(B:

JVN#88325166: $B%O%$%Q!

$B!!(B$B%O%$%Q! (Nutsecurity, 2006.11.08)$B!#(Bnutsec $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $B%&%$%k%9%P%9%?!<(B $B%3!<%]%l!<%H%(%G%#%7%g%s!"(BTrend Micro $B%&%$%k%9%P%9%?!<(B $B%S%8%M%9%;%-%e%j%F%#!"(BTrend Micro Client/Server Security$BMQ(BSecurity Patch $B8x3+$N$*CN$i$;(B
($B%H%l%s%I%^%$%/%m(B, 2006.11.08)

$B!!%&%$%k%9%P%9%?!<(B $B%3!<%]%l!<%H%(%G%#%7%g%s(B 6.5 / 7 / 7.3$B!"%&%$%k%9%P%9%?!<(B $B%S%8%M%9%;%-%e%j%F%#(B 3.0$B!"(BTrend Micro Client/Server Security 2.0 $B$K7g4Y!#(B $B%7%9%F%`;~9o$,(B1996$BG/$+$i(B2037$BG/$^$G$N4V$K@_Dj$5$l$F$$$J$$>l9g$K!"=i4|2=$K<:GT$9$k!#EECS@Z$l$H$+$G%7%9%F%`;~9o$,(B 1970 $BG/$H$+$K$J$C$F$7$^$C$F$$$k$H!"(B OS $B5/F0(B $B"*(B VB $B5/F0<:GT(B $B"*(B $B$=$N8e(B NTP $B$H$+$G;~9o$r9g$o$;$F$b(B VB $B$O;`$s$@$^$^!"$H$$$&$3$H$K$J$k$N$+$J!#;~9oF14|$7$F$$$k$H%H%i%V%k%7%e!<%H$K

$B!!(Bpatch $B$,$"$k$N$GE,MQ$7$F$*$-$^$7$g$&!#(B

$B!!4XO"(B: $B%&%$%k%9%P%9%?!<(B $B%3!<%]%l!<%H%(%G%#%7%g%s(B 6.5 $BHG(B Security Patch(Build_1439)$B$N35MW$*$h$SE,MQJ}K!(B [Solution ID 2060870] ($B%H%l%s%I%^%$%/%m(B)

$B"#(B 2006.11.08

$B"#(B Thunderbird 1.5.0.8 $B%j%j!<%9%N!<%H(B
(mozilla-japan.org, 2006.11.07)

$B!!(BThunderbird 1.5.0.8 $B=P$^$7$?!#(B$B%;%-%e%j%F%#=$@5$,(B 3 $B7o4^$^$l$F$$$^$9(B$B!#6b;R$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BFirefox 1.5.0.8 $B$H(B SeaMonkey 1.0.6 $B$b=P$F$^$9!#(B

$B"#(B $BDI5-(B

SONY $B@=%P%C%F%jJ}LL(B

$B!!(BSONY $B$H%7%c!<%W$,8r49:n6H$r3+;O$7$^$7$?(B:

$B!!$"$H!"(BIEEE$B!"%N!<%H(BPC$BMQ%P%C%F%j!<5,3J$r2~Dj$X(B (ITmedia, 2006.11.08) $B$@$=$&$G$9!#(B

APSA06-01: HTTP header injection vulnerabilities in Adobe Flash Player

$B!!$$$m$s$J>l=j$GDI;n$5$l$F$$$^$9!#(B

$B"#(B Announce: OpenSSH 4.5 released
(OpenSSH.com, 2006.11.08)

$B!!(BOpenSSH 4.5 $B$,=P$^$7$?!#%;%-%e%j%F%#=$@5$,4^$^$l$F$$$^$9!#(B

Fix a bug in the sshd privilege separation monitor that weakened its verification of successful authentication. This bug is not known to be exploitable in the absence of additional vulnerabilities.

2006.11.09 $BDI5-(B:

$B!!4XO"(B:

$B!!(BcopSSH $B$O(B Cygwin $B$+$i(B OpenSSH $B$@$1

$B"#(B 2006.11.07

$B"#(B $B$$$m$$$m(B (2006.11.07)
(various)

$B"#(B 2006.11.06

$B"#(B $B$$$m$$$m(B (2006.11.06)
(various)

$B"#(B ha.ckers.org web application security lab - Archive > Additional Non Alpha Non Digit Character Evasion
($BMU$C$QF|5-(B, 2006.11.05)

$B!!(BIE $B$@$1$G$J$/(B Firefox $B$b$G$9$+!D!D!#@$$NCf!"M;DL8z$+$;$F$k$s$G$9$M!#(B $B%[%o%$%H%j%9%HJ}<0$8$c$J$$$H$@$a$J$s$G$9$M!#(B

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (927709) Visual Studio 2005 $B$N@H

$B!!4XO"(B:

$B"#(B JVN#88325166: $B%O%$%Q!
(JVN, 2006.11.06)

$B!!(B$B%O%$%Q! 2.19.8 $B0JA0$K7g4Y!#(B webif.cgi $B$K(B XSS $B7g4Y$,B8:_!#4IM}e$G%9%/%j%W%H$r

$B!!%O%$%Q!

2006.11.09 $BDI5-(B:

$B!!(B$B%O%$%Q! (Nutsecurity, 2006.11.08)$B!#(Bnutsec $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BCVE: CVE-2006-5774

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (927892) XML $B%3%"%5!<%S%9$N@H
(Microsoft, 2006.11.04)

$B!!(BXMLHTTP4.0 ActiveX $B%3%s%H%m!<%k$K(B 0-day $B7g4Y!#96N,(B web $B%Z!<%8$r1\Mw$9$k$H!"G$0U$N%3!<%I$,uBV$K$"$kLOMM!#(B itochan $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!2sHrJ}K!(B:

$B!!4XO"(B:

2006.11.09 $BDI5-(B:

$B!!4XO"(B:

2006.11.11 $BDI5-(B:

$B!!96N,%3!<%I(B (milw0rm):

$B"#(B 2006.11.05

$B"#(B $BDI5-(B

APSA06-01: HTTP header injection vulnerabilities in Adobe Flash Player

$B!!F|K\8lHG(B: APSA06-01: Adobe Flash Player$B!!(BHTTP$B%X%C%@!&%$%s%8%'%/%7%g%s$N@H (adobe)$B!#(Bcoyote $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

Bluetooth 0day hacking

$B!!4XO"(B: $B%Q%C%AL$AuHw$N(B Mac $B$K(B Bluetooth $B$N(B root $B@H (tidbits)

Advisory: vulnerabilities reported by iDefense

$B!!(B[Full-disclosure] iDefense Security Advisory 10.31.06: Sophos Anti-Virus Petite File Denial of Service Vulnerability

$B"#(B 2006.11.04

$B"#(B $BDI5-(B

PHP 5.2.0$B$,%j%j!<%9!$!V(B200$B7o$rD6$($k%P%0$r=$@5!$Aa5^$K%"%C%W%0%l!<%I$r!W(B

$B!!(BAdvisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability (Hardened-PHP Project)$B!#(BCVE: CVE-2006-5465$B!#(B PHP 5.2.0 $B$G=$@5$5$l$F$$$k!#$^$?(B PHP 4 $BMQ$N(B patch $B$,$"$k!#(B

$B!!$3$s$J5-=R$b(B:

As usual we very strongly recommend that you install Suhosin-Patch and the Suhosin Extension, because once again this advisory proved that remotely triggerable overflows in PHP still exist. It is therefore highly recommended by us to use Suhosin-Patch. It's canary protection will detect overflows and stop execution to make exploitation very hard or impossible.

FreeBSD and OpenBSD's PHP ports already come with Suhosin-Patch activated by default.

Grab your copy and more information at:

http://www.hardened-php.net/suhosin/index.html

$B"#(B $B$$$m$$$m(B (2006.11.04)
(various)

2006.11.29 $BDI5-(B:

$B!!(BMOKB-01-11-2006 - Apple Airport 802.11 Probe Response Kernel Memory Corruption $B$O(B Security Update 2006-007 $B$G=$@5$5$l$?!#(B

$B"#(B InternetExplorer6::base$BMWAG$N(Bstyle$BB0@-$,A4MWAG$K8z$/$N$G(BJavaScript$B$b5-=R$7J|Bj(B
(hoshikuzu | star_dust $B$N=q:X(B, 2006.11.04)

$B!!%;%-%e%j%F%#%[!<%k$J$N$+$I$&$+$h$/$o$+$j$^$;$s$,!"(Bexpression $B$C$F$9$4$$%Q%o!<$G$9$M!D!D!#(B$B$?$@$G$5$(=|5n$7$E$i$$$=$&$G$9$7(B$B!#(B

$B"#(B 2006.11.03

$B"#(B EEYEB-20061024
(eEye, 2006.11.02)

$B!!(BIE 6 $B$K(B with minimal user interaction $B$GG$0U$N%3!<%I$r

$B"#(B Bluetooth 0day hacking
(SANS ISC, 2006.11.02)

$B!!(BBluetooth $B$rMxMQ$7$F4k6HFb%M%C%H%o!<%/$KD>@\?/F~$9$kOC!#(B $B$$$m$$$m$JF;6q$b>R2p$5$l$F$$$k!#(B

$B!!$H$j$"$($:!"(BBluetooth $B$r;H$o$J$$$N$G$"$l$P!"(BBluetooth $B$rL58z$K$7$^$7$g$&!#(B

2006.11.05 $BDI5-(B:

$B!!4XO"(B: $B%Q%C%AL$AuHw$N(B Mac $B$K(B Bluetooth $B$N(B root $B@H (tidbits)

2006.11.06 $BDI5-(B:

$B!!(BNVD: CVE-2006-5465 CVE-2006-5706

$B"#(B PHP 5.2.0$B$,%j%j!<%9!$!V(B200$B7o$rD6$($k%P%0$r=$@5!$Aa5^$K%"%C%W%0%l!<%I$r!W(B
($BF|7P(B IT Pro, 2006.11.03)

$B!!%;%-%e%j%F%#!&%[!<%k$N=$@5$b4^$^$l$F$$$k$=$&$G$9!#(B PHP 5.2.0 Release Announcement (php.net) $B$h$j(B:

Security Enhancements and Fixes in PHP 5.2.0:

  • Made PostgreSQL escaping functions in PostgreSQL and PDO extension keep track of character set encoding whenever possible.
  • Added allow_url_include, set to Off by default to disallow use of URLs for include and require.
  • Disable realpath cache when open_basedir and safe_mode are being used.
  • Improved safe_mode enforcement for error_log() function.
  • Fixed a possible buffer overflow in the underlying code responsible for htmlspecialchars() and htmlentities() functions.
  • Added missing safe_mode and open_basedir checks for the cURL extension.
  • Fixed overflow is str_repeat() & wordwrap() functions on 64bit machines.
  • Fixed handling of long paths inside the tempnam() function.
  • Fixed safe_mode/open_basedir checks for session.save_path, allowing them to account for extra parameters.
  • Fixed ini setting overload in the ini_restore() function.

$B!!4XO"(B: PHP 5.2.0 (Okumura's Blog, 2006.11.03)

$B$5$C$=$/%$%s%9%H!<%k$7$F$_$?$,!$(BDrupal$B$K%m%0%$%s$7$F$buBV$KLa$C$F$7$^$&!#$^$?(B5.1.6$B$KLa$7$F$7$^$C$?!#2?$,JQ$o$C$?$N$@$m$&!)(B

$B!!(BPHP $B$N3+H/85$,;W$C$F$$$k$[$I$K$O@$$NCf$O4E$/$J$$$h$&$G!#(B

2006.11.04 $BDI5-(B:

$B!!(BAdvisory 13/2006: PHP HTML Entity Encoder Heap Overflow Vulnerability (Hardened-PHP Project)$B!#(BCVE: CVE-2006-5465$B!#(B PHP 5.2.0 $B$G=$@5$5$l$F$$$k!#$^$?(B PHP 4 $BMQ$N(B patch $B$,$"$k!#(B

$B!!$3$s$J5-=R$b(B:

As usual we very strongly recommend that you install Suhosin-Patch and the Suhosin Extension, because once again this advisory proved that remotely triggerable overflows in PHP still exist. It is therefore highly recommended by us to use Suhosin-Patch. It's canary protection will detect overflows and stop execution to make exploitation very hard or impossible.

FreeBSD and OpenBSD's PHP ports already come with Suhosin-Patch activated by default.

Grab your copy and more information at:

http://www.hardened-php.net/suhosin/index.html

$B"#(B 2006.11.02

$B"#(B $B$$$m$$$m(B (2006.11.02)
(various)

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (927709) Visual Studio 2005 $B$N@H
(Microsoft, 2006.11.01)

$B!!(BVisual Studio 2005 $B$N(B WmiScriptUtils.dll $B$K4^$^$l$F$$$k(B WMI Object Broker ActiveX $B%3%s%H%m!<%k$K7g4Y$,$"$j!"96N,(B web $B%Z!<%8$r1\Mw$9$k$3$H$GG$0U$N%3!<%I$rCVE-2006-4704

$B!!(Bpatch $B$O$^$@$J$$!#Ev3:(B ActiveX $B%3%s%H%m!<%k$K(B kill bit $B$r@_Dj$9$k$3$H$G2sHr$G$-$k!#(B $B%"%I%P%$%6%j$K$O!"(Bkill bit $B$r@_Dj$9$k$?$a$N(B .reg $B%U%!%$%k$N:n@.J}K!$,7G:\$5$l$F$$$k!#(B

$B!!4XO"(B:

2006.11.06 $BDI5-(B:

$B!!4XO"(B:

2006.11.09 $BDI5-(B:

$B!!4XO"(B:

2006.12.15 $BDI5-(B:

$B!!(BVisual Studio 2005 $B$N@H $B$G=$@5$5$l$?!#(B

$B!!4XO"(B: ZDI-06-047: Microsoft Visual Studio WmiScriptUtils.dll Cross-Zone Scripting Vulnerability (Zero Day Initiative)

$B"#(B 2006.11.01

$B"#(B $BDI5-(B

Windows$B$K(BDoS$B967b$r

$B!!(BWindows$B%$%s%?!<%M%C%H@\B36&M-%5!<%S%9$N@HZ$7$F$_$^$7$?(B (Nutsecurity, 2006.11.01)$B!#(Bnutsec $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Remote DoS in Firefox 1.5.0.7 and Firefox 2
(SANS ISC, 2006.11.01)

$B!!(BGotfault Security - Advisory #05 - 27/10/06 $B$N$3$H$_$?$$!#(B

$B"#(B IE 7$B$K$b!V%]%C%W%"%C%W!&%&%$%s%I%&$r!H>h$C
($BF|7P(B IT Pro, 2006.10.31)

$B!!(B[SA22628] Internet Explorer 7 Window Injection Vulnerability $B$NOC!#(B $B%G%b%Z!<%8(B$B$,MQ0U$5$l$F$$$k!#(B Firefox $B$J$I$G%"%/%;%9$9$k$H%j%s%/@h$O$U$D$&$K3+$+$l$k$,!"(BIE $B$@$H(B secunia $B$N%5%$%H$,=P$F$/$k!#(B

$B!!(BMSRC blog $B$K$h$k$H!"(B

In this case, we did look at the scenario in question and asked ourselves what we could do to help improve our anti-phishing and anti-spoofing features so that customers can better protect themselves. We decided that one thing we could do was to add a feature to IE 7 where it always shows the actual URL of the web page, even in pop-up windows. So we added a pop-up window address bar, enabling users to more accurately make a trust decision.

$B!!(BMicrosoft $BE*$K$O!"(BIE 7 $B$G$O%]%C%W%"%C%W%&%#%s%I%&$K(B URL $B$,>o$KI=<($5$l$k$h$&$K$7$?$+$iH=JL$G$-$k$h$M!"$NLOMM!#$3$l0J>e$N$3$H$r$9$k$D$b$j$O$J$$$_$?$$!#(B $B$^$"!"$3$l$,5$$KF~$i$J$$?M$O!"$H$C$H$H(B Firefox $B$d(B Opera $B$J$I$K>h$j$+$($?J}$,$h$m$7$$$+$H!#(B

$B!!4XO"(B:

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B