$B%;%-%e%j%F%#%[!<%k(B memo - 2008.08

Last modified: Wed Dec 10 15:20:47 2008 +0900 (JST)

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B"#(B 2008.08.29

$B"#(B 2008.08.28

$B"#(B $BDI5-(B

FFFTP $B$N(B FTP $B%/%i%$%"%s%H$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k$N@H

$B!!(BFFFTP 1.96c $B$G=$@5$5$l$^$7$?!#(B $BHx>e$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (951306) Windows $B$N@H:3J$,9T$o$l$k(B

$B!!(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (951306) Windows $B$N@H:3J$,9T$o$l$k(B $B$,2~D{$5$l$F$$$^$9!#(B

2008/08/28: $B$3$N%"%I%P%$%6%j$r99?7$7!"1F6A$r

$B!!4{$K(B 4 $B$+7n7P2a$7$^$7$?$,!"$$$^$@$KD>$C$F$$$J$$$o$1$G$9$M!D!D!#(B

$B"#(B 2008.08.27

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

  • $B6<0R%l%Y%k(B ($B%H%l%s%I%^%$%/%m(B)$B!#(B2008.08.27 20:45 $B8=:_!"$3$&$J$C$F$$$k!#(B

    $B8=:_$N6<0R%l%Y%k!!!'!!$9$Y$FCf(B

    $BJ#?t$N%"%W%j%1!<%7%g%s$KEO$k1F6A$,A[Dj$5$l$k(BDNS$B%-%c%C%7%e%]%$%:%K%s%0$N@H $B$3$N@HuBV$+!"$^$?4XO"$9$k%;%-%e%j%F%#>pJs$,L5$$$+$43NG'$/$@$5$$!#(B

  • $B%M%C%H$N4IM}%7%9%F%`$K7g4Y(B (NHK, 2008.08.27)$B!#JI$K$+$1$i$l$F$$$k3[1o$N0LCV$,HyL/$K%:%l$F$$$k$N$,$H$F$b5$$K$J$k!"$H8@$C$F$*$1$P!"$C$F$$$k$@$m$&$+!#(B($B@hF|$b5$$K$J$C$?$N$@$,!"8@$$K:$l$?!D!D(B)

Apache Tomcat Directory Traversal Vulnerability

$B!!:4L>LZ$5$s$,!"(BApache-Tomcat $B$H>iD9$J(BUTF-8 $BI=8=(B (CVE-2008-2938 $B8!>Z%l%]!<%H(B) $B$r8x3+$7$F$$$^$9(B ($B$9$P$i$7$$(B)$B!#26E*$^$H$a(B:

$B!!4XO"(B:

$B0lB@O:$N@H

$B!!4XO"(B:

$B"#(B $BBg:e%,%9%5!<%S%9%7%g%C%W$r2H$NCf$KF~$l$F$O$$$1$J$$(B
(gigazine, 2008.08.27)

$B!!$$$d$O$d!"$3$l$O$R$I$$!#Bg:e%,%9$NCO0h$N?M$OMWCm0U!#(B($BBgDE;T$O(B$BBgDE;T4k6H6I(B$B07$$$GBg:e%,%9%U%j!<$@$+$iBg>fIW(B?)

2008.09.01 $BDI5-(B:

$B!!B3Js(B: $BB3!VBg:e%,%9%5!<%S%9%7%g%C%W$r2H$KF~$l$F$O$$$1$J$$!W!A7Y;!$K9T$C$F$-$^$7$?JT!A(B (gigazine, 2008.09.01)

$B$J$*!":G8e$K=P$F$-$?G/G[$N7:;v$NJ}$O!"$=$NJ}$,=;$s$G$$$kCO0h$N<+<#2qD9$r$7$F$*$j!"$=$N:]$K$b$$$o$f$kE@8!>&K!$K$D$$$FLdBj$H$J$C$?$?$a!"CO0h$N<+<#2q$,G'Dj$7$?;]$NOS>O$r$7$F$$$J$$>l9g$K$O8MJLK,Ld$K$O1~$8$J$$$h$&$KCO0h=;L1$KE0Dl$5$;!"Ho32$rL$A3$KKI$$$G$$$k$H$N$3$H!#Bg:e%,%9%5!<%S%9%7%g%C%W$N7o$O=i<*$@$C$?$=$&$G$9$,!"%,%95kEr4o$dErJ($+$74o$rGd$j$D$1$k
$B$^$?!"JL$NOC$K1~$8$F$$$?$@$$$?7:;v$NJ}$O$J$s$H<+J,<+?H$N:J$,F1$8$h$&$JHo32$K$"$C$?7P83$,$"$j!"$=$N:]$K$O$$$D$N4V$K$+(B30$BK|1_0J>e$9$k5kEr4o$H8r49$5$;$i$l$F$*$j!"6KC<$J$3$H$r8@$&$H:>5=$^$,$$$N9T0Y$G$"$C$?$,J*E*>Z5r$,$J$+$C$?$?$a!"5c$-?2F~$j$;$6$k$rF@$J$+$C$?$H$N$3$H!#$=$NJ}$N>l9g!"8N>c$7$?$H$$$&$3$H$K$J$C$F$$$k85$N5kEr4o$d%,%9O3$l$,$7$F$$$k$H$$$&%[!<%9$J$I$O$9$Y$FBg:e%,%9%5!<%S%9%7%g%C%W$,!V2s<}$7$F$9$0$K=hJ,$7$?!W$H8@$C$F$$$k$?$aJ*E*>Z5r$,2?$b$J$/!"$"$-$i$a$?$H$N$3$H$G$9!#7Y;!$,Aj

$B!!$J$s$F$3$C$?!D!D!#(B

$B"#(B Active attacks using stolen SSH keys
(SANS ISC, 2008.08.26)

$B!!Ep$_=P$7$?(B SSH $B80$r;H$C$F?/F~$7!"(Blocal kernel exploits $B$rMxMQ$7$F(B root $B8"8B$r

$B!!%Q%9%U%l!<%:$N$D$$$F$$$J$$80$,A@$o$l$F$$$kLOMM!#$I$&$7$F$b%Q%9%U%l!<%:$r$D$1$i$l$J$$>l9g$r=|$$$F!"%Q%9%U%l!<%:$r$D$1$^$7$g$&!#(B

$B!!$3$l$b4XO"$G$7$g$&$+(B:

$B"#(B 2008.08.26

$B"#(B $B0lB@O:$N@H
($B%8%c%9%H%7%9%F%`(B, 2008.08.26)

$B!!0lB@O:%7%j!<%:$K(B 0-day $B7g4Y!#96N,0lB@O:%U%!%$%k$r0lB@O:$d0lB@O:%S%e!<%"$G3+$/$H!"G$0U$N%3!<%I$,

$B!!$I$&$d$i$3$l$N$h$&$@(B:

$B!!(Bpatch $B$O$^$@$J$$!#(B

2008.08.27 $BDI5-(B:

$B!!4XO"(B:

2008.09.11 $BDI5-(B:

$B!!(B$B0lB@O:$N@H$B$,99?7$5$l$?!#BP>]$H$J$k0lB@O:$N%P!<%8%g%s!"$*$h$S=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k!#(B

$B!!BP>]$H$J$k$N$O(B: $B0lB@O:(B 12 / 13 / 2004 / 2005 / $BJ8i:(B / 2006 / 2007 / 2008$B!"0lB@O:%,%P%a%s%H(B 2006 / 2007 / 2008$B!"$*$h$S0lB@O:%S%e!<%"!#0lB@O:$K$O(B patch $B$,!"0lB@O:%S%e!<%"$K$O99?7HG(B (5.1.4.0) $B$,MQ0U$5$l$F$$$k!#$^$?0lB@O:(B 2008 $BBN83HG$K$b!V99?7HG!W$,MQ0U$5$l$k$=$&$@(B ($B:#$O$^$@MQ0U$5$l$F$$$J$$(B)$B!#(B

$B!!4XO"(B:

$B!!0lB@O:(B Lite2 $B$C$F$^$@%5%]!<%H$5$l$F$$$k$C$]$$$N$G$9$,!":#2s$N7g4Y$O$J$$$H$$$&$3$H$J$s$G$9$+$M$(!#(B

2008.09.12 $BDI5-(B:

$B!!4XO"(B:

2008.09.17 $BDI5-(B:

$B!!(B$B0lB@O:$N@H$B$,99?7$5$l$?!#0lB@O:(B 2008 $BBN83HG$N99?7HG$,MQ0U$5$l$F$$$k!#(B

2008.09.19 $BDI5-(B:

$B!!(BSecurity Updates for Exploit-TaroDrop.e (McAfee blog, 2008.09.17)

2008.10.01 $BDI5-(B:

$B!!;0;MO:(B 2008 $B$K$b7g4Y$r4^$`%b%8%e!<%k$NB8:_$,L@$i$+$H$J$j!"(B$B%"%C%W%G!<%H%b%8%e!<%k(B$B$,8x3+$5$l$F$$$k!#$7$+$7!"!V;0;MO:(B2008$B$GH/@8$7$F$$$k8=>]$r2sHr$7$^$9!W$H$$$&@bL@$O$J$s$H$+$J$i$J$$$N$+!#%;%-%e%j%F%#99?7$,4^$^$l$F$$$k$N$K!#(B

$B"#(B $BDI5-(B

$B%^%5%A%e!<%;%C%DO"K.CO:[!"CO2:9$7;_$aL?Na!!(B EFF$B$O!V8@O@$N<+M3$rC%$&7hDj$@!W$HH?H/(B

$B!!4XO"(B:

$B"#(B 2008.08.25

$B"#(B $BDI5-(B

$B%^%5%A%e!<%;%C%DO"K.CO:[!"CO2:9$7;_$aL?Na!!(B EFF$B$O!V8@O@$N<+M3$rC%$&7hDj$@!W$HH?H/(B

$B!!(BFederal Judge Throws Out Gag Order Against Boston Students in Subway Case (WIRED, 2008.08.19)$B!#2>:9$7;_$aL?Na$O2r=|$5$l$?LOMM!#(B

$B$$$m$$$m(B (2008.08.13)

$B!!(BJ2ME$B$G8+$D$+$C$?4m81$J%;%-%e%j%F%#!&%[!<%k(B ($BF|7P(B IT Pro, 2008.08.25)$B!#(BJ2ME security vulnerabilities discovered (McAfee blog, 2008.08.11) $B$NF|K\8lHG!#(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

Red Hat $B$,?/F~$5$l!"?7(B openssh $B%Q%C%1!<%8$,6[5^%j%j!<%9(B

$B!!4XO"(B:

  • $B%l%C%I%O%C%H$N(BRHEL/Fedora$B%$%s%U%i!&%5!<%P$,%O%C%-%s%0$5$l$k!!(B $BF180$N%Q%9%U%l!<%:O31L$J$ICWL?E*$JHo32$O$J$$$H6/D4(B (computerworld.jp, 2008.08.25)

    $B%O%C%-%s%0$r9T$C$?%/%i%C%+!<$O!"(BRHEL 4$B!J!V(Bi386$B!W$*$h$S!V(Bx86_64$B!W%"!<%-%F%/%A%c$N$_!K$H(BRHEL 5$B!J(Bx86_64$B%"!<%-%F%/%A%c$N$_!K$K4XO"$9$k>/?t$N(BOpenSSH$B%Q%C%1!<%8$K=pL>$9$k$3$H$K@.8y$7$?!#(B

    $B%(%C(B! $B$H;W$C$F!"855-;v$H;W$o$l$k(B Red Hat says its servers, Fedora Project's systems, breached (networkworld.com, 2008.08.22) $B$r8+$k$H!"$3$&$J$C$F$^$7$?!#(B

    In the Red Hat compromise, the intruder was able to sign a small number of OpenSSH packages relating to Red Hat Enterprise Linux 4 (i386 and x86_64 architectures only) and Red Hat Enterprise Linux 5 (x86_64 architecture only).

    $B$"$/$^$G(B was able to sign $B$G$"$C$F!"!V=pL>$9$k$3$H$K@.8y$7$?!W(B($B$3$H$,3NG'$5$l$?(B) $B$o$1$G$O$J$$$G$7$g$&!#$^$!!"$I$C$A$K$;$h(B RHN $B$K$ON.$l$F$$$J$$$o$1$G$9$,!#(B

20080229 Canon MFD FTP bounce attack

$B!!(BJVN#10056705 - $BJ#?t$N%-%d%N%s@=%G%8%?%kJ#9g5!!"$*$h$S%l!<%6!<%S!<%`%W%j%s%?!<$K$*$$$FIT@5$J%]!<%H%9%-%c%s$NCf7Q$,9T$o$l$k@H$B$,99?7$5$l$F$$$k!#(B

2008/08/25
$B%-%d%N%s3t<02q

$B!!$,$7$+$7!"(B$B%G%8%?%kJ#9g5!(B Color imageRUNNER$B!?(BimageRUNNER$B!?(BimagePRESS$B%7%j!<%:$KEk:\$5$l$?(BFTP$B%5!<%P!<$N@H ($B%-%d%N%s(B, 2008.03.05) $B$b!"(B $B%l!<%6!<%S!<%`%W%j%s%?!<$KEk:\$5$l$?(BFTP$B%5!<%P!<$N@H ($B%-%d%N%s(B, 2008.03.05) $B$b!"$I$3$,99?7$5$l$?$N$+$5$C$Q$j$o$+$i$J$$!#(BLast Modified $B$bJQ$o$C$F$J$$$_$?$$$@$7!#$I$&$J$C$F$k$N(B?

$B!!!D!D(B JVN $BB&$N%_%9$@$C$?$=$&$G!"8=:_$O99?75-O?$=$N$b$N$,:o=|$5$l$F$$$^$9!#0BF#$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

Microsoft 2008 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS08-051 - $B6[5^(B: Microsoft PowerPoint $B$N@H $B$N(B patch $B$,99?7$5$l$F$$$k!#(Bpatch $B$rl9g$K$@$1LdBj$,$"$C$?LOMM!#(B

$B%^%$%/%m%=%U%H$O$3$N%;%-%e%j%F%#>pJs$r99?7$7!"%^%$%/%m%=%U%H(B $B%@%&%s%m!<%I(B $B%;%s%?!<$+$i8x3+$5$l$?(B Microsoft Office PowerPoint 2003 Service Pack 2 $B$*$h$S(B Microsoft Office PowerPoint 2003 Service Pack 3 $BMQ$N?7$7$$%;%-%e%j%F%#99?7%W%m%0%i%`$N%Q%C%1!<%8$K$D$$$F$*CN$i$;$7$^$7$?!#$^$?!"!V%a%b%j$N3d$jEv$F$N@HpJs!W$N%;%/%7%g%s$+$i!"8m$C$?4KOB:v$r:o=|$7$^$7$?!#(B

$B!!!V8m$C$?4KOB:v!W$C$F2?$@$m$&!D!D!#A0$N%P!<%8%g%s$r5-O?$7$F$$$J$$$+$i$o$+$s$J$$$d!#(B

$B"#(B 2008.08.24

$B"#(B Red Hat $B$,?/F~$5$l!"?7(B openssh $B%Q%C%1!<%8$,6[5^%j%j!<%9(B
(RedHat, 2008.08.22)

$B!!(B2008.08.10 $B$N=5(B (2008.08.10 $B!A(B 2008.08.16) $B$K$*$$$F(B Red Hat $B$*$h$S(B Fedora Project $B$N0lIt$N%5!<%P(B ($BJ#?t(B) $B$,?/F~$5$l$?!#Fb(B 1 $BBf$O(B Fedora $B%Q%C%1!<%8$K=pL>$9$k$?$a$N%5!<%P$@$C$?$,!"!V=pL>MQ$N80$N%Q%9%U%l!<%:$rC%80$O99?7$5$l$?!#$^$?(B Red Hat Network (RHN) $B$K4X$9$k%7%9%F%`$K$D$$$F$O?/F~$rKI;_$G$-$?$=$&$G!"(BRHN $B$rDL$8$FG[?.$5$l$k%Q%C%1!<%8$K$b1F6A$O$J$$$=$&$@!#(B CVE-2008-3844

$B!!$?$@$7!":#2s$N?/F~$K$*$$$F!"?/F~$G$-$k2DG=@-$,$"$C$?!#$3$N$?$a!"M=KI=hCV$H$7$F!"Ev3:(B openssh $B%Q%C%1!<%8$N?7HG$,6[5^%j%j!<%9$5$l$F$$$k!#(B RHEL 4/5 $BMxMQ

$B!!4XO"(B:

2008.08.25 $BDI5-(B:

$B!!4XO"(B:

$B"#(B 2008.08.23

$B"#(B 2008.08.22

$B"#(B $BDI5-(B

$B@55,%5%$%H$KIT@5(BFlash$B9-9p7G:\$+!'(B URL$B$r%3%T%Z$7$?$i0-h$C

$B!!4XO"(B:

$B$$$m$$$m(B (2008.08.13)

$B!!(B$B%N%-%"!"(BSeries 40$B$N@H (computerworld, 2008.08.22)$B!#(BNokia S40 $B$N(B Java $B$N7o!"3NG'$5$l$?$h$&$G$9!#(B

$B"#(B 2008.08.21

$B"#(B Opera 9.52 for Windows Changelog
(Opera.com, 2008.08.20)

$B!!(BOpera 9.52 $BEP>l!#(B7 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#(B

$B"#(B 2008.08.20

$B"#(B $B@55,%5%$%H$KIT@5(BFlash$B9-9p7G:\$+!'(B URL$B$r%3%T%Z$7$?$i0-h$C
(ITmedia, 2008.08.20)

$B!!%/%j%C%W%\!<%I$M$?!#%/%j%C%W%\!<%I$H$$$&$H!V(BIE$B!W$H$$$&C18l$,G>N"$KIb$+$V?M$bB?$$$H;W$$$^$9$,!"(B

$B!!(BFlash Player $B$K$bF1MM$NOC$,$"$k$h$&$G$9!#(BFlash Player $B$N(B ActionScript $B$K$O(B setClipboard() $B$H$$$&%b%N$,MQ0U$5$l$F$$$F!"(BFlash $B$+$i%/%j%C%W%\!<%I$KG$0U$NFbMF$r@_Dj$G$-$kLOMM!#(B $B:#2s$N967b$O!"

  1. $B0-0U$N$"$k(B Flash $B$r9-9p$H$7$FG[?.$9$k(B

  2. $BMxMQ

$B!!(BFlash $B$r;H$C$F$$$k$N$G!"(BWindows $B%f!<%6$@$1$G$O$J$/(B Mac $B%f!<%6BP>]$H$J$kLOMM(B (Linux $B%f!<%6$bF1MM$+(B)$B!#(BsetClipboard() $B$N@bL@$K$O(B

Note: Because of security concerns, it is not possible to read the contents of the system Clipboard. In other words, there is no corresponding System.getClipboard() method.

$B%;%-%e%j%F%#$r9M$($F(B getClipboard() $B$OpJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!855-;v(B: Pwning the clipboard - latest trick used in FakeAlert distribution (Sophos, 2008.08.19)$B!#(B Adobe $B$+$i0l8@(B: Clipboard attack (Adobe Product Security Incident Response Team (PSIRT), 2008.08.19)

$B!!$^$!!"(BIE $B$G$"$l$P!"(BJavaScript $B$@$1$G%$%1$F$7$^$&$N$G%"%l$J$N$G$9$,!#%$%s%?!<%M%C%H%*%W%7%g%s$N(B [$B%;%-%e%j%F%#(B] $B%?%V$K$*$1$k3F%>!<%s$N!V%9%/%j%W%H$K$h$kE=$jIU$1=hM}$N5v2D!W$O!VL58z$K$9$k!W$K@_Dj$7$^$7$g$&!#(B

2008.08.20 $BDI5-(B:

$B!!(BsetClipboard() $B$G$9$,!"(BFirefox $B$d(B Opera $B$G$b$D$/$l$k$=$&$G$9!#(B

2008.08.22 $BDI5-(B:

$B!!4XO"(B:

2008.09.29 $BDI5-(B:

$B!!(BUnderstanding the security changes in Flash Player 10 beta: Setting data on the system Clipboard requires user interaction (adobe.com, 2008.09.20)$B!#(BFlash Player 10 beta $B$G$O!"%/%j%C%W%\!<%I$X$N%3%T!<$K:]$7$F%f!<%6$NBPOCE*$JA`:n$,I,MW$K$J$C$?$=$&$G$9!#(B

$B"#(B 2008.08.19

$B"#(B $B$$$m$$$m(B (2008.08.19)
(various)

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$B"#(B Postfix local privilege escalation via hardlinked symlinks
(Wietse Venema, 2008.08.14)

$B!!%7%s%\%j%C%/%j%s%/$=$l<+BN$KBP$9$k%O!<%I%j%s%/$r5v2D$9$k(B OS (Linux 2.0 $B0J9_!"(BSolaris 2.0 $B0J9_!"(BOpenSolaris 11-2008.5$B!"(BIRIX 6.5 $B$J$I(B) $B$K$*$$$F(B Postfix $B$rMxMQ$9$k$H!"(Blocal user $B$,B>CVE-2008-2936 CVE-2008-2937

$B!!$3$N7g4Y$O!"%7%s%\%j%C%/%j%s%/$=$l<+BN$KBP$9$k%O!<%I%j%s%/$r5v2D$7$J$$(B OS (*BSD, AIX, Mac OS, HP-UX, Linux 1.x, Solaris 1.x $B$J$I(B) $B$G$OH/8=$7$J$$!#$^$?5v2D$9$k(B OS $B$G$"$C$F$b!"l9g$K$OH/8=$7$J$$!#(B

$B!!$J$*!"%7%s%\%j%C%/%j%s%/$=$l<+BN$KBP$9$k%O!<%I%j%s%/$O(B POSIX $B$*$h$S(B XPG4 $BI8=`$K0cH?$9$k!#(B

$B!!$3$N7g4Y$O(B Postfix 2.3.15 / 2.4.8 / 2.5.4 / 2.6-20080814 $B$G=$@5$5$l$F$$$k!#E:IU$5$l$F$$$k(B patch $B$rE,MQ$7$F$b$h$$!#$3$N=$@5$K$h$j!"%a!<%k$NG[?.@h$,%7%s%\%j%C%/%j%s%/$G$"$k>l9g!"$=$N?F%G%#%l%/%H%j$O(B root $B$@$1$,=q$-9~$a$k$h$&$K@_Dj$5$l$F$$$J$1$l$P$J$i$J$/$J$C$?!#(B

$B!!4XO"(B: JVNVU#938323 - Postfix $B$K$*$1$k8"8B>:3J$N@H$B!#(BJVN $B$N=q$-J}$@$H!"$I$s$J(B UNIX $B$G$b$3$N7g4Y$N1F6A$r

2008.09.25 $BDI5-(B:

$B!!(BPoC for Postfix local root vulnerability: CVE-2008-2936 (milw0rm)

$B"#(B 2008.08.18

$B"#(B $B$$$m$$$m(B (2008.08.18)
(various)

2008.12.10 $BDI5-(B:

$B!!(BVisual Studio$B$KL$=$@5$N@H (ITmedia, 2008.08.18) $B$N=$@5%W%m%0%i%`$,$h$&$d$/EP>l(B: MS08-070 - $B6[5^(B: Visual Basic 6.0 $B%i%s%?%$%`3HD%%U%!%$%k(B (ActiveX $B%3%s%H%m!<%k(B) $B$N@H (Microsoft)

$B"#(B 2008.08.17

$B"#(B 2008.08.16

$B"#(B $BDI5-(B

$B%^%5%A%e!<%;%C%DO"K.CO:[!"CO2:9$7;_$aL?Na!!(B EFF$B$O!V8@O@$N<+M3$rC%$&7hDj$@!W$HH?H/(B

$B!!$D$E$-(B:

$B"#(B SYM08-015 - Veritas Storage Foundation for Windows Volume Manager $B$N(B Scheduler Service for Windows $B$G!"%;%-%e%j%F%#(B $B%"%C%W%G!<%H$,2sHr$5$l$k@H
($B%7%^%s%F%C%/(B, 2008.08.14)

$B!!(BZDI-08-053: Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass Vulnerability $B$N7o!#(Bremote $B$+$i(B local SYSTEM $B8"8B$rC%SYM07-009 $B$G$N=$@5$,IT40A4$@$C$?!"$H$$$&$3$H$J$s$G$9$+$M!#(B CVE-2008-3703

$B!!(Bpatch $B$,$"$k$N$GE,MQ$9$l$P$h$$!#(B

$B"#(B 2008.08.14

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (955179) Snapshot Viewer for Microsoft Access $B$N(B ActiveX $B%3%s%H%m!<%k$N@H

$B!!4XO"(B: MS08-041 : The Microsoft Access Snapshot Viewer ActiveX control (Microsoft Security Vulnerability Research & Defense, 2008.08.12)

Microsoft Security Advisory (953635) Vulnerability in Microsoft Word Could Allow Remote Code Execution

$B!!4XO"(B: MS08-042 : Understanding and detecting a specific Word vulnerability (Microsoft Security Vulnerability Research & Defense, 2008.08.12)

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (954960) Microsoft Windows Server Update Services (WSUS) $B$K$h$k%;%-%e%j%F%#99?7%W%m%0%i%`$NE83+$,%V%m%C%/$5$l$k(B

$B!!(BWSUS $B%"%I%P%$%6%j(B 954960 $B$K$D$$$F(B (Japan WSUS Support Team Blog, 2008.08.13)

$B"#(B 2008.08.13

$B"#(B Microsoft 2008 $BG/(B 8 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2008.08.13)

$B!!6[5^(B x 6$B!"=EMW(B x 5$B!#(B

MS08-041 - $B6[5^(B: Microsoft Access Snapshot Viewer $B$N(B ActiveX $B%3%s%H%m!<%k$N@H

$B!!(BAccess 2000 / 2002 (XP) / 2003 $B$*$h$S(B Microsoft Access Snapshot Viewer $B$K7g4Y!#(B$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (955179) Snapshot Viewer for Microsoft Access $B$N(B ActiveX $B%3%s%H%m!<%k$N@H$B$NOC!#(B

$B!!(BMS08-042 - $B=EMW(B: Microsoft Word $B$N@H

$B!!(BWord 2002 (XP) / 2003 $B$K7g4Y!#(B Microsoft Security Advisory (953635) Vulnerability in Microsoft Word Could Allow Remote Code Execution $B$NOC!#(B

MS08-043 - $B6[5^(B: Microsoft Excel $B$N@H

$B!!(BExcel 2000 / 2002 (XP) / 2003 / 2007$B!"(BExcel Viewer 2003 / 2007$B!"(B Word/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/!"(BSharePoint Server 2007$B!"(BOffice 2004 for Mac$B!"(BOffice 2008 for Mac $B$KJ#?t$N7g4Y!#(B

$B!!4XO"(B: MS08-043 : How to prevent this information disclosure vulnerability (Microsoft Security Vulnerability Research & Defense, 2008.08.12)

MS08-044 - $B6[5^(B: Microsoft Office $B%U%#%k%?!<$N@H

$B!!(BOffice 2000 / 2002 (XP) / 2003$B!"(BProject 2002$B!"(BOffice Converter Pack$B!"(BWorks 8 $B$KJ#?t$N7g4Y!#(B

  • Microsoft $B$NIT@5$J7A<0$N(B EPS $B%U%#%k%?!<$N@HCVE-2008-3019$B!#(B EPS (Encapsulated PostScript) $B%U%!%$%kMQ%U%#%k%?$K7g4Y$,$"$j!"96N,(B EPS $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft $B$NIT@5$J7A<0$N(B PICT $B%U%#%k%?!<$N@HCVE-2008-3018$B!#(B PICT $B2hA|MQ%U%#%k%?$K7g4Y$,$"$j!"96N,(B PICT $B2hA|$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft PICT $B%U%#%k%?!<2r@O$N@HCVE-2008-3021$B!#(B PICT $B2hA|MQ%U%#%k%?$K7g4Y$,$"$j!"96N,(B PICT $B2hA|$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft $B$NIT@5$J7A<0$N(B BMP $B%U%#%k%?!<$N@HCVE-2008-3020$B!"(B Microsoft Office BMP Input Filter Heap Overflow Vulnerability (iDefense)$B!#(B BMP $B2hA|MQ%U%#%k%?(B BMPIMP32.FLT $B$K7g4Y$,$"$j!"96N,(B BMP $B2hA|$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft Office WPG $B%$%a!<%8(B $B%U%!%$%k$N%R!<%WGKB;$N@HCVE-2008-3460$B!"(B Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability (iDefense)$B!#(BWordPerfect Graphics (WPG) $B2hA|MQ%U%#%k%?(B WPGIMP32.FLT $B$K7g4Y$,$"$j!"96N,(B WPG $B2hA|$K$h$C$FG$0U$N%3!<%I$r

$B!!3F%U%#%k%?$r%l%8%9%H%j@_Dj$K$h$C$FL58z2=$9$k$3$H$G7g4Y$r2sHr$G$-$k!#(B

MS08-045 - $B6[5^(B: Internet Explorer $BMQ$NN_@QE*$J%;%-%e%j%F%#99?7%W%m%0%i%`(B (953838)

$B!!(BIE 5.01 / 6 / 7 $B$KJ#?t$N7g4Y!#(B

  • HTML $B%*%V%8%'%/%H$N%a%b%j$NGKB;$N@HCVE-2008-2254

  • HTML $B%*%V%8%'%/%H$N%a%b%j$NGKB;$N@HCVE-2008-2255

  • $B=i4|2=$5$l$F$$$J$$%a%b%j$NGKB;$N@HCVE-2008-2256

  • HTML $B%*%V%8%'%/%H$N%a%b%j$NGKB;$N@HCVE-2008-2257 CVE-2008-2258

  • HTML $B$N%3%s%]!<%M%s%H=hM}$N@HCVE-2008-2259

$B!!(BIE August Security Update Now Available (IEBlog, 2008.08.12) $B$K$h$k$H!"(BIE 8 Beta 1 $BMQ$N=$@5%W%m%0%i%`$b$"$k$=$&$G$9!#(B

MS08-046 - $B6[5^(B: Microsoft Image Color Management System $B$N@H

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#(B Microsoft Image Color Management (ICM) System $B$N(B mscms.dll $B$N(B InternalOpenColorProfile $B4X?t$K7g4Y$,$"$j!"96N,(B EMF $B2hA|%U%!%$%k$K$h$C$FG$0U$N%3!<%I$,CVE-2008-2245$B!"(BMicrosoft Windows Color Management Module Heap Buffer Overflow Vulnerability (iDefense)

$B!!%l%8%9%H%j%-!<(B HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize $B$K(B DisableMetaFiles $B$rCM(B 1 $B$GDj5A$9$k$3$H$G7g4Y$r2sHr$G$-$k!#(B

MS08-047 - $B=EMW(B: IPsec $B%]%j%7!<$N=hM}$N@HpJsO3$($$$,5/$3$k(B (953733)

$B!!(BWindows Vista / Server 2008 $B$K7g4Y!#!V4{Dj$N(B IPsec $B%]%j%7!<$,(B Windows Server 2003 $B$N%I%a%$%s$+$i(B Windows Server 2008 $B$N%I%a%$%s$K%$%s%]!<%H$5$l$?;~$N%(%i!<$K$h$j!"@Hu67$G$O!"$3$N%(%i!<$N$?$a$K!"$9$Y$F$N(B IPSec $B$N5,B'$,L5;k$5$l$k2DG=@-$,$"!W$k$=$&$G$9!#(B CVE-2008-2246

MS08-048 - $B=EMW(B: Outlook Express $B$*$h$S(B Windows $B%a!<%kMQ$N%;%-%e%j%F%#99?7%W%m%0%i%`(B (951066)

$B!!(BOutlook Express 5.5 / 6$B!"(BWindows $B%a!<%k$K7g4Y!#(BMHTML $B%W%m%H%3%k%O%s%I%i$N=hM}$K7g4Y$,$"$j!"96N,(B URL $B$h$C$F>pJsO31L$,H/@8$7F@$k!#(B CVE-2008-1448$B!"(B CORE-2008-0103: Internet Explorer Zone Elevation Restrictions Bypass and Security Zone Restrictions Bypass

MS08-049 - $B=EMW(B: $B%$%Y%s%H(B $B%7%9%F%`$N@H

$B!!(BWindows 2000 / XP / Server 2003 / Vista / Server 2008 $B$K7g4Y!#(B Windows $B%$%Y%s%H%7%9%F%`$K7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$rCVE-2008-1457 CVE-2008-1456

$B!!4XO"(B: MS08-049 : When kind of authentication is needed? (Microsoft Security Vulnerability Research & Defense, 2008.08.13)

MS08-050 - $B=EMW(B: Windows Messenger $B$N@HpJs$NO3$($$$,5/$3$k(B (955702)

$B!!(BWindows Messenger 4.7 / 5.1 $B$K7g4Y!#(BActiveX $B%3%s%H%m!<%k(B Messenger.UIAutomation.1 $B$K7g4Y$,$"$j!"96N,(B Web $B%Z!<%8$K$h$C$FG$0U$N%3!<%I$rCVE-2008-0082$B!"(B Microsoft Windows Messenger Remote Illegal Access Vulnerability

$B!!4XO"(B: MS08-050 : Locking an ActiveX control to specific applications. (Microsoft Security Vulnerability Research & Defense, 2008.08.13)

MS08-051 - $B6[5^(B: Microsoft PowerPoint $B$N@H

$B!!(BPowerPoint Viewer 2003 $B$KJ#?t$N7g4Y!#(B

$B!!(BPowerPoint 2000 / 2002 (XP) / 2003 / 2007$B!"(B Word/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/!"(BOffice 2004 for Mac $B$K7g4Y!#(B

  • $B2r@O$N%*!<%P!<%U%m!<$N@HCVE-2008-1455

$B!!4XO"!'(B

2008.08.25 $BDI5-(B:

$B!!(BMS08-051 - $B6[5^(B: Microsoft PowerPoint $B$N@H $B$N(B patch $B$,99?7$5$l$F$$$k!#(Bpatch $B$rl9g$K$@$1LdBj$,$"$C$?LOMM!#(B

$B%^%$%/%m%=%U%H$O$3$N%;%-%e%j%F%#>pJs$r99?7$7!"%^%$%/%m%=%U%H(B $B%@%&%s%m!<%I(B $B%;%s%?!<$+$i8x3+$5$l$?(B Microsoft Office PowerPoint 2003 Service Pack 2 $B$*$h$S(B Microsoft Office PowerPoint 2003 Service Pack 3 $BMQ$N?7$7$$%;%-%e%j%F%#99?7%W%m%0%i%`$N%Q%C%1!<%8$K$D$$$F$*CN$i$;$7$^$7$?!#$^$?!"!V%a%b%j$N3d$jEv$F$N@HpJs!W$N%;%/%7%g%s$+$i!"8m$C$?4KOB:v$r:o=|$7$^$7$?!#(B

$B!!!V8m$C$?4KOB:v!W$C$F2?$@$m$&!D!D!#A0$N%P!<%8%g%s$r5-O?$7$F$$$J$$$+$i$o$+$s$J$$$d!#(B

2008.10.20 $BDI5-(B:

$B!!$h$&$d$/%9%?%s%I%"%m%sHG$N(B Microsoft Access Snapshot Viewer $B$,EP>l!#(B MS08-041 - $B6[5^(B: Microsoft Access Snapshot Viewer $B$N(B ActiveX $B%3%s%H%m!<%k$N@H $B$r;2>H!#(B

$B"#(B $BDI5-(B

Microsoft Security Advisory (953635) Vulnerability in Microsoft Word Could Allow Remote Code Execution

$B!!(BMS08-042 - $B=EMW(B: Microsoft Word $B$N@H $B$G=$@5$5$l$?!#(BWord 2002 (XP) $B$@$1$G$J$/(B Word 2003 $B$b=$@5$5$l$F$$$k!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (955179) Snapshot Viewer for Microsoft Access $B$N(B ActiveX $B%3%s%H%m!<%k$N@H

$B!!(BMS08-041 - $B6[5^(B: Microsoft Access Snapshot Viewer $B$N(B ActiveX $B%3%s%H%m!<%k$N@H $B$G=$@5$5$l$?!#$?$@$7!"%9%?%s%I%"%m%sHG$N(B Microsoft Access Snapshot Viewer $B$@$1$O!"$^$@=$@5HG$,MQ0U$5$l$F$$$J$$!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (954960) Microsoft Windows Server Update Services (WSUS) $B$K$h$k%;%-%e%j%F%#99?7%W%m%0%i%`$NE83+$,%V%m%C%/$5$l$k(B

$B!!2~D{HG$N=$@5%W%m%0%i%`$,(B Microsoft Update $B$GF~

$B"#(B $B$$$m$$$m(B (2008.08.13)
(various)

2008.08.22 $BDI5-(B:

$B!!(B$B%N%-%"!"(BSeries 40$B$N@H (computerworld, 2008.08.22)$B!#(BNokia S40 $B$N(B Java $B$N7o!"3NG'$5$l$?$h$&$G$9!#(B

2008.08.25 $BDI5-(B:

$B!!(BJ2ME$B$G8+$D$+$C$?4m81$J%;%-%e%j%F%#!&%[!<%k(B ($BF|7P(B IT Pro, 2008.08.25)$B!#(BJ2ME security vulnerabilities discovered (McAfee blog, 2008.08.11) $B$NF|K\8lHG!#(B

2008.08.26 $BDI5-(B:

$B!!(BAPSB08-17 - $B%/%m%9%5%$%H%9%/%j%W%F%#%s%0LdBj$KBP=h$9$k$?$a$N(BPresenter 7$B%"%C%W%G!<%H8x3+(B (Adobe)

$B"#(B 2008.08.12

$B"#(B $B%^%5%A%e!<%;%C%DO"K.CO:[!"CO2:9$7;_$aL?Na!!(B EFF$B$O!V8@O@$N<+M3$rC%$&7hDj$@!W$HH?H/(B
(computerworld, 2008.08.12)

$B!!(BDEFCON16 $B$K$*$1$k(B The Anatomy of a Subway Hack: Breaking Crypto RFID's and Magstripes of Ticketing Systems $B$NH/I=$,:9$7;_$a$i$l$?$H$$$&OC!#4XO"(B: MIT Students Gagged by Federal Court Judge - EFF Backs Researchers Forced to Cancel Presentation on Transit Fare Payment System (EFF, 2008.08.09)$B!"(B MIT Students' Response to MBTA Statements (EFF, 2008.08.12)

2008.08.16 $BDI5-(B:

$B!!$D$E$-(B:

2008.08.25 $BDI5-(B:

$B!!(BFederal Judge Throws Out Gag Order Against Boston Students in Subway Case (WIRED, 2008.08.19)$B!#2>:9$7;_$aL?Na$O2r=|$5$l$?LOMM!#(B

2008.08.26 $BDI5-(B:

$B!!4XO"(B:

$B"#(B $B%=!<%9%M%/%9%H$N%&%$%k%9BP:v%=%U%H$K$<$$
($BF|7P(B IT Pro, 2008.08.12)

$B!!%&%$%k%9%;%-%e%j%F%#(B 9.5.0173 $B0JA0!"%&%$%k%9%;%-%e%j%F%#(BZERO 9.5.0173 $B0JA0$K7g4Y!#%"!<%+%$%V%U%!%$%k(B ($BF|7P(B IT Pro $B$K$h$k$H(B .rar $B%"!<%+%$%V(B) $B$N=hM}$K7g4Y$,$"$j!"96N,(B .rar $B%"!<%+%$%V$K$h$C$F%&%$%k%9%9%-%c%s5!G=$,Dd;_$7$F$7$^$&!#(B

$B!!%&%$%k%9%;%-%e%j%F%#(B / $B%&%$%k%9%;%-%e%j%F%#(BZERO $B$N:G?7HG$G$O=$@5$5$l$F$$$k!#DL>o$O!"<+F099?7$rDL$8$F4{$K99?7$5$l$F$$$k$O$:!#4XO"(B:

$B"#(B $B%"%C%W%k!"!V(BiPhone$B!W$KHw$($?!H1#$75!G=!I$NB8:_$rG'$a$k!!(B $B0-0U$"$k%"%W%j%1!<%7%g%s$r1s3VA`:n$GL58z$K!#!V4j$o$/$O;H$$$?$/$J$$5!G=$@!W$H%8%g%V%:;a(B
(computerworld, 2008.08.12)

$B!!(BiPhone $B$K$O(B 3rd party $B%"%W%j%1!<%7%g%s$KBP$9$k%V%i%C%/%j%9%H5!G=$,B8:_$9$k$N$@$=$&$@!#$=$N5!G=$NB8:_$O$H$b$+$/$H$7$F!"(B

$B!!F15!G=$NB8:_$O@h=5!"%;%-%e%j%F%#8&5fe$2$?$3$H$GL@$i$+$K$J$C$?!#F1;a$O(BiPhone$B$N(BOS$B$K!"L$@0Hw$N%V%i%C%/%j%9%H$N$h$&$J(BURL$B$r;XDj$9$k%3!<%I$,(B1$B9TF~$C$F$$$k$N$rH/8+$7$?!#F1(BURL$B$O(BApple$B$N%5!<%P$G$"$j!"8=:_$N$H$3$m2>%G!<%?$7$+F~$C$F$$$J$$!#(B
$B!!%8%8%"%k%9%-!<;a$K$h$k$H!"F1;a$,!H$"$kA`:n!I$r9T$C$?$H$3$m!"FCDj$N%"%W%j%1!<%7%g%s$r

$B!!(BApple $B$K$h$k

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2008 $BG/(B 8 $B7n(B
(Microsoft, 2008.08.08)

$B!!$=$&$$$($PL@F|$G$7$?$M!#2F5Y$_$J$N$K!"6[5^(B x 7$B!"=EMW(B x 5 $B$@$=$&$G!#(B IE $B$d(B Office$B!"(BMedia Player $B$O$*$m$+!"(BMessenger $B$^$G4^$^$l$F$^$9$M!#(B $B4XO"(B:

$B"#(B 2008.08.11

$B"#(B Apache Tomcat Directory Traversal Vulnerability
(milw0rm, 2008.08.11)

$B!!(BTomcat 4.x / 5.x / 6.x $B$K7g4Y!#(Bcontext.xml $B$^$?$O(B server.xml $B$K$*$$$F(B allowLinking $B$,5v2D$5$l$F$*$j!"$+$D(B URIencoding $B$,(B UTF-8 $B$K@_Dj$5$l$F$$$k>l9g$K!"(Bremote $B$+$iG$0U$N%U%!%$%k$r1\Mw$G$-$k$H$$$&!#(B $B$?$@$7(B Apache Security Team $B$O!"$3$l$O(B Java $BB&$N7g4Y$G$"$k$H$7$F$$$k$=$&$@!#(B CVE-2008-2938

$B!!(BTomcat 6.0.18 $B$G=$@5$5$l$F$$$k!#(BTomcat 5.5.x / 4.1.x $B$K$D$$$F$O!"

2008.08.27 $BDI5-(B:

$B!!:4L>LZ$5$s$,!"(BApache-Tomcat $B$H>iD9$J(BUTF-8 $BI=8=(B (CVE-2008-2938 $B8!>Z%l%]!<%H(B) $B$r8x3+$7$F$$$^$9(B ($B$9$P$i$7$$(B)$B!#26E*$^$H$a(B:

$B!!4XO"(B:

$B"#(B [$B=EMW(B] Movable Type 4.2 RC5 $B$H%;%-%e%j%F%#%"%C%W%G!<%H$NDs6!$r3+;O(B
(sixapart.jp, 2008.08.07)

$B!!(BMovable Type 3.x / 4.x$B!"(BMovable Type Enterprise$B!"(BMovable Type Community Solution $B$KJ#?t$N7g4Y!#>\:Y$OITL@$@$,!"(BXSS $B7g4Y!"(BCSRF $B7g4Y$,B8:_$9$k!#(B $B%U%m!<%H$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B!!(BMovable Type 4.1.4 / 4.2 RC5 / 3.37$B!"(BMovable Type Enterprise 4.1.4 / 1.55$B!"(BMovable Type Community Solution 4.04 $B$G=$@5$5$l$F$$$k!#(B

2008.09.16 $BDI5-(B:

$B!!4XO"(B:

$B"#(B $BDI5-(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

XREA$B$NL5NA%5!<%S%9$GI=<($5$l$k9-9pFb$K%&%#%k%9(B

$B!!4XO">pJs!#$$$A#F#F%W%l%$%d!<$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2008.08.10

$B"#(B $B$$$m$$$m(B (2008.08.10)
(various)

$B"#(B $BDI5-(B

XREA$B$NL5NA%5!<%S%9$GI=<($5$l$k9-9pFb$K%&%#%k%9(B

$B!!$^$?%d%i%l$F$?$s$8$c$J$$$+$H$$$&OC$,$"$k$=$&$G(B: $B%"%+%&%s%H%O%C%/BP:v!&%;%-%e%j%F%#(B $BAm9g%9%l(B #667$B!A(B (mmobbs.com)$B!#$$$A#F#F%W%l%$%d!<$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B (typo fixed: $B$$$A%M%H%2%U%!%s$5$s46

$B"#(B 2008.08.08

$B"#(B $BDI5-(B

$BI8E*7?967bBP:v

$B!!(B$BI8E*7?%a!<%k967b$K!HM=KI@\ (Internet Watch, 2008.08.08)

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$B"#(B $B$$$m$$$m(B (2008.08.08)
(various)

$B"#(B 2008.08.07

$B"#(B $BDI5-(B

SECURITY ADVISORY (CVE-2008-3257) Security vulnerability in WebLogic plug-in for Apache (Oracle WebLogic Server / WebLogic Express)

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$?!#(BSECURITY ADVISORY (CVE-2008-3257) version .01 - Patch available for security vulnerability in WebLogic plug-in for Apache (Oracle) $B$r;2>H!#(B

$B"#(B $BI8E*7?967bBP:v
(JPCERT/CC, 2008.08.07)

$B!!!VM=KI@\N$7$F5<;wE*$JI8E*7?967b$r?tl9g$K$b!"$H$F$b;29M$K$J$k$H;W$o$l!#(B

2008.08.08 $BDI5-(B:

$B!!(B$BI8E*7?%a!<%k967b$K!HM=KI@\ (Internet Watch, 2008.08.08)

$B"#(B 2008.08.06

$B"#(B $B$$$m$$$m(B (2008.08.06)
(various)

$B"#(B $BDI5-(B

Mac OS X - About Security Update 2008-005

$B!!(BVulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning $B$N7o!"(Bbind $B$N=$@5$@$1$8$cB-$j$J$$!"$H$$$&OC$,$"$k$h$&$G!#(B

$B!!$3$l$O!D!D(B lookupd $B$,%"%l!"$H$$$&$3$H$J$N$+$J$"!#(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!4XO"(B:

$B"#(B Verifying Installers
(Adobe Product Security Incident Response Team (PSIRT), 2008.08.04)

$B!!%K%;(B Flash Player ($Bl9g$O!"(B$B@55,%5%$%H(B$B$+$iF~$N3NG'$bK:$l$:$K!#;HMQ$7$F$$$k(B Flash Player $B$N%P!<%8%g%sHV9f$O!"(B$B$3$N%Z!<%8(B$B$G3NG'$G$-$^$9!#(B

2008.08.07 $BDI5-(B:

$B!!4XO"(B: $B!V%&%$%k%9$r(BFlash Player$B$K8+$;$+$1$k!W!"56$N(BCNN$B%K%e!<%9$KCm0U(B ($BF|7P(B IT Pro, 2008.08.07)

$B"#(B 2008.08.05

$B"#(B $B$$$m$$$m(B (2008.08.05)
(various)

$B"#(B $BM=9p(B.in$B$,IT@5%3!<%IHo32!"1\Mw$G#2$A$c$s$M$k$KHH9TM=9pEj9F(B
(Internet Watch, 2008.08.04)

$B!!M=9p(B.in $B$K(B (2ch $B$K$b(B?) $BBg7j$,$"$C$?LOMM!#4XO"(B: $BM=9p(B.in$B$,(BXSS$B$G$d$i$l$?(B ($B?eL57n$P$1$i$N$($SF|5-(B, 2008.08.04)$B!#(B

$B"#(B $BDI5-(B

Mac OS X - About Security Update 2008-005

$B!!>\:Y!#(B

$B"#(B 2008.08.04

$B"#(B $BDI5-(B

Program update AVG 8.0.156

$B!!(BSergio Alvarez $B;a$N7o$N>\:Y(B: [n.runs-SA-2008 004] - AVG Antivirus UPX parsing Divide by Zero Advisory (n.runs, 2008.07.28)$B!#(B UPX $B$J%U%!%$%k$G(B 0 $B3d$,H/@8$@$=$&$G!#(B CVE-2008-3373$B!#(B

Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning

$B!!(BBIND 9.3.5-P2 / 9.4.2-P2 / 9.5.0-P2 $B$,8x3+$5$l$^$7$?!#%Q%U%)!<%^%s%9$,2~A1$5$l$F$$$k$=$&$G$9!#(B

$B"#(B 2008.08.01

$B"#(B Mac OS X - About Security Update 2008-005
(apple, 2008.08.01)

$B!!(BMac OS X 10.4.11 / 10.5.4 $BMQ$N(B Security Update 2008-005 $B$,8x3+$5$l$F$$$^$9!#(B Apple Remote Desktop Agent $B$NOC(B$B$d(B Vulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning $B$N7o$b=$@5$5$l$F$$$^$9!#(B

2008.08.05 $BDI5-(B:

$B!!>\:Y!#(B

2008.08.06 $BDI5-(B:

$B!!(BVulnerability Note VU#800113 - Multiple DNS implementations vulnerable to cache poisoning $B$N7o!"(Bbind $B$N=$@5$@$1$8$cB-$j$J$$!"$H$$$&OC$,$"$k$h$&$G!#(B

$B!!$3$l$O!D!D(B lookupd $B$,%"%l!"$H$$$&$3$H$J$N$+$J$"!#(B

$B"#(B Program update AVG 8.0.156
(AVG)

$B!!(BAVG 8.0.156 $BEP>l!#$3$s$J5-=R$,$"$k!#%;%-%e%j%F%#=$@5$,4^$^$l$kLOMM!#(B

Fixed problem with security vulnerability (reported by Sergio Alvarez) that could cause the scanning engine crash on specific samples.

$B!!$3$s$J5-=R$b(B:

Fixed problem with crashes during the infected archive scanning.
($BCfN,(B)
Fixed problem with crash on some corrupted NSIS archives.

2008.08.04 $BDI5-(B:

$B!!(BSergio Alvarez $B;a$N7o$N>\:Y(B: [n.runs-SA-2008 004] - AVG Antivirus UPX parsing Divide by Zero Advisory (n.runs, 2008.07.28)$B!#(B UPX $B$J%U%!%$%k$G(B 0 $B3d$,H/@8$@$=$&$G!#(B CVE-2008-3373$B!#(B

$B"#(B $B$$$m$$$m(B (2008.08.01)
(various)

$B"#(B JVN#33706820 - $BJ#?t$N%Q%J%=%K%C%/(B $B%3%_%e%K%1!<%7%g%s%:3t<02q
(JVN, 2008.08.01)

$B!!%Q%J%=%K%C%/$N%M%C%H%o!<%/%+%a%i(B BB-HCM511/BB-HCM531/BB-HCM580/BB-HCM581/BB-HCM527 $B$*$h$S(B BL-C111/BL-C131 $B$K7g4Y!#(B $B%(%i!<2hLL$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0@H

$B!!(BBB $B%7%j!<%:$O%U%!!<%`%&%'%"(B Ver.3.51R00$B!"(BBL $B%7%j!<%:$O%U%!!<%`%&%'%"(B Ver.3.50R00 $B$G=$@5$5$l$F$$$k!#(B

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B