SecurityFocus Newsletter #183 2003-2-3->2003-2-7

To: bugtraq-jp@securityfocus.com
Subject: SecurityFocus Newsletter #183 2003-2-3->2003-2-7
From: SAKAI Yoriyuki <sakai@lac.co.jp>
Date: Wed, 19 Feb 2003 22:44:08 +0900
Delivered-To: mailing list bugtraq-jp@securityfocus.com
Delivered-To: moderator for bugtraq-jp@securityfocus.com
List-Help: <mailto:bugtraq-jp-help@securityfocus.com>
List-Id: <bugtraq-jp.list-id.securityfocus.com>
List-Post: <mailto:bugtraq-jp@securityfocus.com>
List-Subscribe: <mailto:bugtraq-jp-subscribe@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-jp-unsubscribe@securityfocus.com>
Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
References: <Pine.LNX.4.43.0302101141270.29357-100000@mail.securityfocus.com>
$B:d0f(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 183 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
BugTraq-JP $B$K4X$9$k(B FAQ($BF|K\8l(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0lH$/$@$5$$(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SecurityFocus Newsletter $B$K4X$9$k(BFAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq $B$K4X$9$k(B FAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02qe$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02ql9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Mon, 10 Feb 2003 11:41:56 -0700 (MST)
Message-ID: <Pine.LNX.4.43.0302101141270.29357-100000@mail.securityfocus.com>

SecurityFocus Newsletter #183
-----------------------------

This Issue sponsored by: NetIQ

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
	1. SunScreen, Part Two: Policies, Rules, and NAT
	2. The Great IDS Debate : Signature Analysis Versus Protocol Analysis
	3. Smallpot: Tracking the Slapper and Scalper Unix Worms
	4. Lessons From the Slammer
	5. Something Needs to Change
	6. SecurityFocus DPP Program
	7. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL)
II. BUGTRAQ SUMMARY
	1. SILC Server SSH2 Authentication Password Persistence Weakness
	2. myphpPageTool Remote File Include Vulnerability
	3. Bladeenc Signed Integer Memory Corruption Vulnerability
	4. phpMyShop compte.php SQL Injection Vulnerability
	5. OpenBSD CHPass Temporary File Link File Content Revealing...
	6. KaZaA Advertisement Response Denial of Service Vulnerability
	7. Microsoft Internet Explorer dragDrop Method Local File Reading...
	8. PHP-Nuke Avatar HTML Injection Vulnerability
	9. PAM pam_xauth Module Unintended X Session Cookie Access...
	10. Opera Cross Domain Scripting Vulnerability
	11. Opera JavaScript Console Attribute Injection Vulnerability
	13. Opera Image Rendering HTML Injection Vulnerability
	15. Majordomo Default Configuration Remote List Subscriber...
	17. Linux O_DIRECT Direct Input/Output Information Leak Vulnerability
	18. ByteCatcher FTP Client Long Server Banner Buffer Overflow...
	19. Electrasoft 32Bit FTP Client Long Server Banner Buffer...
	20. Microsoft Windows 2000 NetBIOS Continuation Packets Kernel...
	21. Microsoft Windows 2000 RPC Service Privilege Escalation...
	22. Epic Games Unreal Engine Memory Consumption Denial Of Service...
III. SECURITYFOCUS NEWS ARTICLES
	1. Student charged with massive ID fraud
	2. Spyware found on one in three corporate networks
	3. Discarded computer had confidential medical information
	4. Slammer: Why security benefits from proof of concept code
IV. SECURITYFOCUS TOP 6 TOOLS
	1. Login Anomaly Detection System v0.1
	2. WatchLog v0.1b
	3. FieryFilter v0.3
	4. apachelogrotate.pl v0.1.2
	5. GkrellMMS v2.1.8
	6. Logdog v2.0-RC2

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. SILC Server SSH2 Authentication Password Persistence Weakness
BugTraq ID: 6743
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Feb 01 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6743
$B$^$H$a(B:

SILC (Secure Internet Live Conferencing) $B$O%$%s%?!<%M%C%H>e$G%;%-%e%"$J(B
$B%+%s%U%!%l%s%9%5!<%S%9$rDs6!$9$k$?$a$N%W%m%H%3%k$G$"$k!#(B

SILC $B$,Jz$($kLdBj$K$h$j!"=EMW$J>pJs$,O31L$9$k2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"(BSILC $B$O%Q%9%o!<%I>pJs$r0BA4$KZ$KMxMQ$5$l$k%Q%9%o!<%I$r85$N>uBV$KLa$9;v$,2DG=$G$"(B
$B$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$OG'>Z=hM}$N%M%4%7%(!<%7%g%s8e$N!"G'>ZMQ%Q%9%o!<%I$NZ8e$K%a%b%jFb$+$i%Q%9%o!<%I$r$?$@$A$K>C5n$9$k$3$H$G$"$k!#$7$+$7!"(BSILC
$B$O%a%b%jFb$K%Q%9%o!<%I>pJs$r3JG<$7B3$1$k$?$a!"E,@Z$J8"8B$r;}$DB>$N%f!<(B
$B%6$K$h$C$F%Q%9%o!<%I$r85$KLa$9$3$H$,2DG=$K$J$k$H9M$($i$l$k!#(B
$B$^$?!"$3$N%W%m%H%3%k$rpJs$OEv3:%W%m%;%9$N%a%b%j%@%s%W$+(B
$B$i$bF~2. myphpPageTool Remote File Include Vulnerability
BugTraq ID: 6744
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6744
$B$^$H$a(B:

myphpPagetool $B$O(B Web $B%5%$%H$rJ]e$KB8:_$9(B
$B$k%U%!%$%k$r%$%s%/%k!<%I2DG=$K$J$k$H?d;!$5$l$kLdBj$rJz$($k5?$$$,$"$k!#(B
$B$3$NLdBj$O(B /doc/admin $B%U%)%k%@Fb$N!"(Bindex.php$B!"(Bhelp1.php$B!"(Bhelp2.php$B!"(B
help3.php$B!"(Bhelp4.php$B!"(Bhelp5.php$B!"(Bhelp6.php$B!"(Bhelp7.php$B!"(Bhelp8.php$B!"(Bhelp9.php
$BFb$KB8:_$7$F$$$k!#(B

$BFCDj$N>u672<$K$*$$$F!"%j%b!<%H$N967bl9g!"$3$NLdBj$O(B Web
$B%5!<%P$N$N%P!<%8%g%s(B
$B$K$b1F6A$,5Z$V$+$I$&$+$K$D$$$F$OIT>\$G$"$k!#(B

3. Bladeenc Signed Integer Memory Corruption Vulnerability
BugTraq ID: 6745
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6745
$B$^$H$a(B:

Bladeenc $B$O%*!<%W%s%=!<%9$G8x3+$5$l$F$$$k(B MP3 $B%(%s%3!<%@$G$"$j!"(BMicrosoft
Windows$B!"(BLinux$B!"MM!9$J(B Unix $B$H8@$C$?MM!9$J4D6-$GF0:n2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%a%b%jFbMF$rGK2u$9$kLdBj$,H/8+$5$l$F$$$k!#$3$N%=%U(B
$B%H%&%'%"$O!V:Y@Z$l!W$J%G!<%?Fb$N(B WAV $B7A<0$N2;@<$r%(%s%3!<%I$9$k5!G=$rHw(B
$B$($F$$$k$,!"$3$N5!G=$KLdBj$,H/8+$5$l$F$$$k!#>\:Y$r<($9$H!"%=!<%9%3!<%I(B
$B$N(B samplein.c $BFb$N(B __myfseek() $B4X?tFb$G!"$"$k@0?t$KBP$9$kBEEv@-$N3NG'$,(B
$BE,@Z$K9T$o$l$F$$$J$$$N$G$"$k!#$3$N$?$a!"JQ?t$KIi$N@0?tCM$,M?$($i$l$?>l(B
$B9g$K$O967be=q$-$5$l$k7k2L$,0z(B
$B$-5/$3$5$l$k!#(B

$B967b4. phpMyShop compte.php SQL Injection Vulnerability
BugTraq ID: 6746
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6746
$B$^$H$a(B:

phpMyShop $B$O(B PHP $B$rMxMQ$7$F3+H/$5$l$?%"%W%j%1!<%7%g%s$G$"$j!"$3$N%=%U%H(B
$B%&%'%"$rMQ$$$F!"(BWeb $B%$%s%?%U%'!<%9$rHw$($k%$%s%?!<%M%C%H>e$N>&E9$r1?1D(B
$B2DG=$G$"$k!#(B

$BFCDj$N>u672<$K$*$$$F!"$3$N%=%U%H%&%'%"$O(B SQL $B%/%(%j$rAH$_N)$F$k$?$a$KMQ(B
$B$$$i$l$k%f!<%6$+$iM?$($i$l$?CM$KBP$7$F!"==J,$K%U%#%k%?%j%s%0$r9T$C$F$$$J(B
$B$$!#$3$N$?$a!"967bZ=hM}!"$"$k$$$OEPO?=h(B
$BM}$r2sHr$9$k$?$a$K$3$NLdBj$rMxMQ$9$k967b$r4k$F$k2DG=@-$,$"$k!#(B

SQL $B9=J8$r2~JQ$b$7$/$OCmF~$9$k967b(B (SQL injection attack) $B$O%P%C%/%(%s(B
$B%I%G!<%?%Y!<%9$K@x:_$9$kLdBj$rMxMQ$9$k967b$r9T$&$?$a$K!"62$i$/$OMxMQ$5(B
$B$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O(B phpMyShop 1.00 $B$K$*$$$FH/8+$5$l$F$$$k!#B>$N%P!<%8%g%s$bF1MM(B
$B$NLdBj$rJz$($F$$$k$+$I$&$+$K$D$$$F$OL$>\$G$"$k!#(B

5. OpenBSD CHPass Temporary File Link File Content Revealing Vulnerability
BugTraq ID: 6748
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6748
$B$^$H$a(B:

OpenBSD $B$O%U%j!<$KMxMQ2DG=$J(B BSD $BM3Mh$N(B OS $B$G$"$k!#(B

OpenBSD $B$OFCDj$N%U%!%$%k$NFbMF$rO31L$9$k7k2L$r>7$/LdBj$rJz$($F$$$k!#(B

$BJs9p$K$h$k$H!"(Bchpass $B$,Jz$($kLdBj$N$?$a$K%m!<%+%k$N%f!<%6$OFCDj$N%U%!(B
$B%$%k$NFbMF$r1\Mw2DG=$K$J$k$H?d;!$5$l$F$$$k!#$3$NLdBj$rMxMQ$9$k967b$r4k(B
$B$F$k$?$a$K$O$"$kFCDj$N7A<0$G967bBP>]$N%U%!%$%k$NFbMF$,9=@.$5$l$F$$$kI,(B
$BMW$,$"$k!#$^$?!"$3$NLdBj$O(B chpass $B%3%^%s%I$K%O!<%I%j%s%/$5$l$F$$$k!"(Bchfn
$B%3%^%s%I$H(B chsh $B%3%^%s%I$K$b1F6A$r5Z$\$9!#(B

$B$3$N%3%^%s%I$,]$N%U%!%$%k$N$"$kDxEY$N9T$,I=<($5$l$k7k2L$,0z$-5/$3$5$l$k$H(B
$B?d;!$5$l$k!#(B

$B$3$NLdBj$K$h$j!"%m!<%+%k%f!<%6$O%"%/%;%9$,@)8B$5$l$?%U%!%$%k$NFbMF$rFI(B
$B$_=P$72DG=$G$"$j!"LdBj$rJz$($k%3%^%s%I$rMxMQ$7$F$$$k%3%s%T%e!<%?$X$N$5(B
$B$i$J$k967b$r>7$/2DG=@-$,$"$k!#(B

6. KaZaA Advertisement Response Denial of Service Vulnerability
BugTraq ID: 6747
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6747
$B$^$H$a(B:

KaZaA Media Desktop $B$O(B P2P $B7?(B ($B0lBP0l7?(B) $B%U%!%$%k6&M-%f!<%F%#%j%F%#$G$"(B
$B$k!#$3$N%=%U%H%&%'%"$O(B Microsoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

KaZaA $B%/%i%$%"%s%H$,%U%!%$%k6&M-MQ%5!<%P$H@\B3$r9T$&:]!"9-9p(B (*ad*) $B$r(B
$B%@%&%s%m!<%I$9$k$?$a$N%j%/%(%9%H$,Aw?.$5$l$k!#$3$N%j%/%(%9%H$KBP$9$k!"(B
$BA[Dj$5$l$F$$$J$$1~Ez$rl9g!"(BKaZaA $B%/%i%$%"%s%H$KLdBj$,@8$8$k$3(B
$B$H$,H/8+$5$l$F$$$k!#LdBj$rJz$($k%P!<%8%g%s$N%/%i%$%"%s%H$,$3$NuBV$O%/%i%$%"%s%H(B
$B$,1~EzFb$K4^$^$l$kMM!9$JB0@-CM$KBP$7$F$"$kA0Ds$N$b$H$K=hM}$r9T$C$F$$$k(B
$B$?$a$K@8$8$F$$$k2DG=@-$,$"$k!#A0Ds$K=>$C$?7A<0$G$O$J$$!"1~EzFb$K4^$^$l(B
$B$kCM$,=hM}$5$l$k$3$H$K$h$j!"%/%i%$%"%s%H$OM=B,ITG=$J5sF0$r<($92DG=@-$,(B
$B$"$k!#(B

$B967bZ$G$O$"$k$,!"Js9p$K$h$k$H$3$NLdBj$O967bBP>]$N%/%i%$%"(B
$B%s%H$N%W%m%;%9$N7. Microsoft Internet Explorer dragDrop Method Local File Reading Vulnerability
BugTraq ID: 6749
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6749
$B$^$H$a(B:

Microsoft Internet Explorer 5.5 $B0J9_$G$O(B Web $B%Z!<%8$X(B HTML $BMWAG$r%I%i%C(B
$B%0%"%s%I%I%m%C%W$K$h$jA^F~2DG=$K$9$k!"(BActiveX $B$rMxMQ$9$k%a%=%C%I$,Ds6!(B
$B$5$l$F$$$k!#(B

$B$7$+$7!"(BdragDrop() $B%a%=%C%I$O0-0U$K$h$C$FAH$_N)$F$i$l$?(B Web $B%Z!<%8$+$i(B
Internet Explorer $B$rMxMQ$9$k%f!<%6$N%3%s%T%e!<%?Fb$K$"$k!"%I%i%$%V$+$i(B
$B%U%!%$%k$rFI$_=P$9$?$a$KMxMQ2DG=$J$N$G$"$k!#(B

$B$3$N%a%=%C%I$rMxMQ$9$k%9%/%j%W%HMWAG$,4^$^$l$k(B Web $B%Z!<%8$,:n@.$5$l!"E,(B
$B@Z$K1#JC$5$l$F$$$k>l9g!"%f!<%6$O0-0U$"$k(B Web $B%5!<%P$X%m!<%+%k$N%U%!%$%k(B
$B$r%"%C%W%m!<%I$7$F$7$^$&$h$&$K;E8~$1$i$l$F$7$^$&$N$G$"$k!#(B

$BE57?E*$K$O!"$"$?$+$b%O%$%Q!<%j%s%/$G$"$k$+$NMM$KI=<($5$l!"$J$I$N%F%-%9%H$r(B dragDrop() $B%a%=%C%I$rMQ$$$k(B HTML $B%"%C%W%m!<%I%3(B
$B%s%H%m!<%k%\%C%/%9$X%I%m%C%W$9$k$?$a$NMWAG$,4^$^$l$F$$$k(B JavaScript $B$r(B
$BAH$_N)$F$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$,$O4{CN$G(B
$B$"$kI,MW$,$"$k!#$7$+$7!"$3$N:]AjBP%Q%9$,MxMQ$5$l$k!#$^$?!"$3$N:]%f!<%6(B
$B$K%U%!%$%k$N%"%C%W%m!<%I$r9T$o$;$k$?$a$K$O!"Nc$($P%^%&%9%\%?%s$r%/%j%C(B
$B%/$9$k$J$I$NB>$N9T0Y$r9T$o$;$kI,MW$,$"$k!#(B

8. PHP-Nuke Avatar HTML Injection Vulnerability
BugTraq ID: 6750
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6750
$B$^$H$a(B:

PHPNuke $B$O(B Web $B%$%s%?%U%'!<%9$rHw$($k%]!<%?%k%7%9%F%`$G$"$k!#(BPHP $B$rMxMQ(B
$B$7$F]$N(B Web
$B%V%i%&%6Fb$G!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%H$GZMQ>pJs$O$b$A$m$s!"$=(B
$B$NB>$N=EMW$J>pJs$bC%$N%f!<%6$N(B avatar
$B$r2~JQ!"GK2u2DG=$G$"$j!"$5$i$K$OB>$N967b$b9. PAM pam_xauth Module Unintended X Session Cookie Access Vulnerability
BugTraq ID: 6753
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6753
$B$^$H$a(B:

Pluggable Authentication Modules (PAM) $B$O(B RedHat Linux 8.0 $B0JA0$N%P!<%8%g(B
$B%s$K%G%U%)%k%H$GF1:-$5$l$F$$$k!#$3$N%=%U%H%&%'%"$KF1:-$5$l$F$$$k(B pam_xauth
$B%b%8%e!<%k$O(B X MIT-Magic-Cookies $B$r?75,$K:n@.$7$?%;%C%7%g%s$KEO$9$?$a$K(B
su $B%f!<%F%#%j%F%#$HAH$_9g$o$;$F;HMQ2DG=$G$"$k!#(B

pam_xauth $B%b%8%e!<%k$,(B X $B%;%C%7%g%sFb$G(B su $B%f!<%F%#%j%F%#$HAH$_9g$o$5$l(B
$B$F;HMQ$5$l$k>l9g$KLdBj$,H/8+$5$l$?!#%f!<%6(B (user1) $B$,B>$N%f!<%6(B (user2)
$B$N8"8B$rMxMQ$9$k$?$a$K(B su $B%f!<%F%#%j%F%#$r;HMQ$9$k:]!"$3$N%b%8%e!<%k$O(B
$B8"8B$rMxMQ$5$l$kB&$N%f!<%6(B (user2) $B$N%[!<%`%G%#%l%/%H%j$K0LCV$9$k!"0l;~(B
$B%U%!%$%k(B .xauth Cookie $B$r:n@.$9$k!#$3$N%U%!%$%k$O8"8B$rMxMQ$5$l$kBP>]$N(B
$B%f!<%6$N$_$,FI$_=q$-2DG=$J>uBV$N%Q!<%_%C%7%g%s$,@_Dj$5$l$?>uBV$G:n@.$5(B
$B$l$k!#$^$?!"$3$N%U%!%$%k$K$O8"8B$rMxMQ$5$l$kBP>]$N%f!<%6$N(B X $B%;%C%7%g%s(B
$B$K4X$9$k=EMW$J>pJs$,4^$^$l$F$$$k!#(B

$B$3$N;vJA$O!"%f!<%6(B (user1) $B$,B>$N%f!<%6$N8"8B$rMxMQ$9$k$?$a$K(B su $B$r5/F0(B
$B$9$k:]$N%;%-%e%j%F%#>e$N%j%9%/$NB8:_$r<($7$F$$$k!#K\Mh$N%f!<%6(B (user2)
$B$O$3$N(B Cookie $B%U%!%$%kFbMF$rFI$_9~$_2DG=$G$"$k!#LdBj$O(B Cookie $B%U%!%$%k(B
$B$,8"8B$rMxMQ$5$l$kBP>]$N%f!<%6$N(B X $B%;%C%7%g%s$K4X$9$k=EMW$J>pJs$r4^$`$H(B
$B$$$&;v]$N%f!<%6(B (user1) $B$NG'>ZMQ>pJs$G(B X
$B%5!<%P$K@\B3$9$k$?$a$K!"K\Mh$N%f!<%6$K$h$j$3$NLdBj$rMxMQ$9$k967b$r9T$&(B
$B$3$H$,2DG=$G$"$k!#(B

$BB>$N%f!<%6$,2TF0$9$k(B X $B%"%W%j%1!<%7%g%s$N%;%C%7%g%s$K%"%/%;%9$9$k$3$H$K(B
$B$h$j!"967bpJs$rC%]$N%f!<%6$N8"8B$G$N%3%^%s%I(B
$Bl9g(B
$B$K!"8"8B>:3J$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#Dc0L$N8"8B$r;}$D%f!<%6$,%m!<(B
$B%+%k%7%9%F%`$KBP$7$F(B root $B8"8B$G$N%"%/%;%98"$rC%10. Opera Cross Domain Scripting Vulnerability
BugTraq ID: 6754
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6754
$B$^$H$a(B:

Opera $B$O(B Microsoft Windows$B!"(BLinux$B!"(BUnix $BM3Mh$N(B OS$B!"$5$i$K$O(B Apple MacOS
$B$r4^$`!"MM!9$J4D6-$GMxMQ2DG=$J(B Web $B%/%i%$%"%s%H%=%U%H%&%'%"$G$"$k!#(B

Microsoft Windows $B4D6-8~$1$N(B Opera 7 $B%V%i%&%6$KLdBj$,H/8+$5$l$?!#(B

$B$3$N%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"967bBP>]$H$J$k%f!<%6$NG'>ZMQ>pJs$r(B
$B;}$D967b]$N%f!<%6$K$h$C$F%"%/%;%92D(B
$BG=$J0-0U$"$k%a%=%C%I$r:n@.$9$k$?$a$K!"B>$N%&%$%s%I%&Fb$N%W%m%Q%F%#$d%a(B
$B%=%C%I$r>e=q$-2DG=$G$"$k$H8@$&;vl9g!"967be$N(B
$B%m!<%+%k;q8;$X$N%"%/%;%98"$rC%11. Opera JavaScript Console Attribute Injection Vulnerability
BugTraq ID: 6755
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6755
$B$^$H$a(B:

Opera $B$O(B Microsoft Windows$B!"(BLinux$B!"(BUnix $BM3Mh$N(B OS$B!"$5$i$K$O(B Apple MacOS
$B$r4^$`!"MM!9$J4D6-$GMxMQ2DG=$J(B Web $B%/%i%$%"%s%H%=%U%H%&%'%"$G$"$k!#(B

Microsoft Windows $B4D6-8~$1$N(B Opera 7 $B%V%i%&%6$KLdBj$,H/8+$5$l$?!#LdBj$O(B
$B$3$N%=%U%H%&%'%"$N(B JavaScript $B%3%s%=!<%k%W%m%0%i%`Fb$KB8:_$9$k!#$3$N%3(B
$B%s%=!<%k%W%m%0%i%`$O(B 3 $B$D$N(B HTML $B%U%!%$%k$r$+$i@.$j!"$=$NFb$N0l$D$,(B
'console.html' $B$G$"$k!#$$$:$l$N(B JavaScript $B$G$b%O%s%I%k$5$l$F$$$J$$Nc30(B
$B=hM}$O%3%s%=!<%k$KNs5s$5$l!"%/%j%C%/2DG=$J%O%$%Q!<%j%s%/$XJQ49$5$l$k!#(B

$BLdBj$ONc30%a%C%;!<%8$N=q<0$r@0$($k$?$a$K(B 'console.html' $B$K$h$j;HMQ$5$l(B
$B$k@55,I=8=$KB8:_$9$k!#$H$j$o$1!"Nc30%a%C%;!<%8$O0zMQ(B (") $BJ8;z$r2r@O$7$J(B
$B$$!#0zMQ(B (") $BJ8;z$rA^F~$9$k$3$H$K$h$j!"(Bfile:// $B%W%m%H%3%k$NFbMF$K967b12. Opera History Object Information Disclosure Weakness
BugTraq ID: 6757
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6757
$B$^$H$a(B:

Opera $B$O(B Microsoft Windows$B!"(BLinux$B!"(BUnix $BM3Mh$N(B OS$B!"$5$i$K$O(B Apple MacOS
$B$r4^$`!"MM!9$J4D6-$GMxMQ2DG=$J(B Web $B%/%i%$%"%s%H%=%U%H%&%'%"$G$"$k!#(B

Microsoft Windows $B4D6-8~$1$N(B Opera 7 $B%V%i%&%6$K>pJsO31L$NLdBj$,H/8+$5$l(B
$B$?!#(B

$BLdBj$O$$$/$D$+$N%W%m%Q%F%#$r8x3+$9$k%R%9%H%j%*%V%8%'%/%H$NJ}K!$KM3Mh$9(B
$B$k!#FC$K!"(Bhistory.next $B$*$h$S(B history.previous $B%W%m%Q%F%#$G>pJs$,O31L$9(B
$B$k!#(B

$BLdBj$rJz$($k%f!<%6$O0-0U$"$k(B Web $B%5%$%H$r1\Mw$7$h$&$H$9$k:]$K!"%5%$%H$K(B
$B$h$j5-O?$5$l$?%V%i%&%6$NMzNr$K4X$9$k$$$/$D$+$N>pJs$rJ];}$7$F$$$k2DG=@-(B
$B$,$"$k!#$3$N>pJs$O(B Web $B%5%$%H$N4IM}13. Opera Image Rendering HTML Injection Vulnerability
BugTraq ID: 6756
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6756
$B$^$H$a(B:

Opera $B$O(B Microsoft Windows$B!"(BLinux$B!"(BUnix $BM3Mh$N(B OS$B!"$5$i$K$O(B Apple MacOS
$B$r4^$`!"MM!9$J4D6-$GMxMQ2DG=$J(B Web $B%/%i%$%"%s%H%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"LdBj$rJz$($k%/%i%$%"%s%HFb$G0U?^$9(B
$B$k(B HTML $B$Nl9g$K!"$3$N%=%U%H%&%'%"$OM?$($i$l$?(B URL $B$N=q<0@_Dj$rE,@Z$K9T$o$J$$$+!"(B
$B%m!<%+%k(B URL $B$NId9f2=$rE,@Z$K9T$o$J$$!#FC$K!"%m!<%+%k%U%!%$%k$K%"%/%;%9(B
$B$9$k$?$a$K(B 'file://' $B%W%m%H%3%k$r;XDj$9$k(B URL $B$,<($5$l$?:]!"0-0U$"$k(B HTML
$B$KBP$9$k%U%#%k%?%j%s%0$r==J,$K9T$o$J$$!#(B

$B$3$NLdBj$O!"967bl9g!"7k2L$H$7$F%j%b!<%H$N967b$N967b$b2DG=$G$"$k$H(B
$B?d;!$5$l$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$O(B Microsoft Windows $B8~$1$N(B Opera 7 $B%V%i%&%6$KB8(B
$B:_$9$k!#(B

14. IBM WebSphere Exported XML Password Encoding Weakness
BugTraq ID: 6758
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6758
$B$^$H$a(B:

IBM WebSphere $B$O!"(BLinux $B5Z$SMM!9$J(B Unix$B!"(BMicrosoft Windows $B$r4^$`!"(B
$BMM!9$J4D6-$GMxMQ2DG=$J>&MQ$N(B Web $B%"%W%j%1!<%7%g%s%5!<%P$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O!"4IM}e5-$N(B n $B$OJ8;z0LCV$rI=$9!#(B

$BK\Mh$G$"$l$P1#JC$5$l$F$$$k$O$:$N%Q%9%o!<%I$O(B Base64 $B$r;HMQ$7$FId9f2=$5(B
$B$l$F$$$k!#(B 

$B967bl9g!"%Q(B
$B%9%o!<%I$NI|9f$OMF0W$G$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$?$a$K$O!"4IM}$N%P!<%8%g%s$K$D$$$F$bF1MM$NId9f2=J}K!$,MxMQ$5$l$F$$$k$+$I(B
$B$&$+$K$D$$$F$OL$>\$G$"$k!#$7$+$7!"%Q%9%o!<%I$,Id9f2=$5$l$F$*$j!"6/8G$J(B
$B0E9f2=15. Majordomo Default Configuration Remote List Subscriber Disclosure Vulnerability
BugTraq ID: 6761
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6761
$B$^$H$a(B:

Majordomo $B$O!"%U%j!<$GMxMQ2DG=$J%*!<%W%s%=!<%9$N%a!<%j%s%0%j%9%H4IM}MQ(B
$B%=%U%H%&%'%"%Q%C%1!<%8$G$"$k!#$3$N%=%U%H%&%'%"$O!"(BUnix$B!"(BLinux$B!"(BMicrosoft
Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%j%b!<%H%f!<%6$,=EMW$J>pJs$X%"%/%;%92DG=$JLdBj$,B8(B
$B:_$9$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O%a!<%j%s%0%j%9%H;22CpJs$NJ](B
$B8n$r==J,$K9T$C$F$$$J$$!#FCDj$N%3%^%s%I$r%G%U%)%k%H>uBV$N%=%U%H%&%'%"$K(B
$BAw?.$9$k$3$H$G!"%j%b!<%H%f!<%6$O%a!<%j%s%0%j%9%H;22CpJs$K%"%/(B
$B%;%92DG=$G$"$k$H?d;!$5$l$k!#$3$NLdBj$O!"(BMajordomo $B$KE:IU$5$l$k5;=QJ8=q(B
$B$G<($5$l$F$$$k!#(B

$B$3$NLdBj$O%a!<%j%s%0%j%9%H%^%M!<%8%c$N%G%U%)%k%H@_Dj>uBV$G@8$8$k!#(B
$B$3$N%=%U%H%&%'%"$O(B which $B%3%^%s%I$rH/9T2DG=$J%f!<%6$NHO0O$K4X$9$k%"%/%;(B
$B%9%3%s%H%m!<%k$r==J,$KN10U$7$F$$$J$$!#$3$N$?$a!"(Bwhich @ $B$H%3%^%s%I$rAw(B
$B?.$9$k$3$H$K$h$j!"%j%b!<%H%f!<%6$OEv3:%a!<%j%s%0%j%9%H$N;22C16. Opera Error Message History Disclosure Weakness
BugTraq ID: 6759
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6759
$B$^$H$a(B:

Opera $B$O(B Microsoft Windows$B!"(BLinux$B!"(BUnix $BM3Mh$N(B OS$B!"$5$i$K$O(B Apple MacOS
$B$r4^$`!"MM!9$J4D6-$GMxMQ2DG=$J(B Web $B%/%i%$%"%s%H%=%U%H%&%'%"$G$"$k!#(B

Opera console $B$O(B Web $B%5%$%H$r1\Mw$9$k:]$KH/@8$7$?!"(BJavaScript $B$K4X$9$k(B
$B$$$:$l$N%(%i!<%a%C%;!<%8$rDI@W$9$k$?$a$KMxMQ$5$l$k%b%8%e!<%k$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%b%8%e!<%k$K5-O?$5$l$?%(%i!<%a%C%;!<%8$K%"%/%;%9$9$k(B
$B$?$a$KMxMQ$5$l$kFCDj$N%a%=%C%I$rZ$r7P$F=hM}$r9T$C$F$$$k$+$I$&$+$N3NG'$rBU$C$F$$$k!#FC$K!"$3$N%b(B
$B%8%e!<%k$O(B opera.errorIndex()$B!"(Bopera.errorMessage(i) $B%a%=%C%I$X$N%j%/%((B
$B%9%H$KBP$9$kBEEv@-$N3NG'$r9T$o$J$$!#(B

$B%(%i!<%a%C%;!<%8$K$3$NLdBj$r>7$/(B Web $B%5%$%H$N(B URL $B$b4^$^$l$F$$$k$?$a$K!"(B
$B$3$NLdBj$N1F6A$O$5$i$K9-$,$k$H9M$($i$l$k!#967b]$N%f!<%6$N(B Web $B%V%i%&%8%s%0$N798~$N0lMw$rF@$k$?$a$K!"(B
$B$3$NLdBj$rMxMQ$9$k967b$,2DG=$G$"$k!#(B

$B$3$NLdBj$O(B Microsoft Windows $B4D6-8~$1(B Opera 7 browser $B$K$*$$$FJs9p$5$l(B
$B$F$$$k!#(B

17. Linux O_DIRECT Direct Input/Output Information Leak Vulnerability
BugTraq ID: 6763
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6763
$B$^$H$a(B:

Linux $B%+!<%M%k$O(B Linux OS $B$NCf3KItJ,$G$"$j!"MM!9$J(B Linux $B%G%#%9%H%j%S%e!<(B
$B%7%g%s$KF1:-$5$l$FG[I[$5$l$F$$$k!#(B

Linux $B%+!<%M%k$N(B O_DIRECT $B%U%i%0$KLdBj$,B8:_$9$k$?$a!"%m!<%+%k%f!<%6$O(B
$B@x:_E*$K=EMW$J>pJs$X%"%/%;%92DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"FCDj$N%P!<%8%g%s$N(B Linux $B%+!<%M%k$G$O!"F~=PNO$KD>@\;HMQ$5(B
$B$l$k(B O_DIRECT $B%U%i%0$rE,@Z$K$N%U%!%$%k$N%"%/%;%9@)8B$5$l$?>pJs$rFI$_=P$72DG=$K$J$k$H?d(B
$B;!$5$l$k!#(B

$B$3$NLdBj$K$h$j!"%m!<%+%k%f!<%6$,%+%l%s%H%G%#%l%/%H%jFb$N%U%!%$%k$+$i%"(B
$B%/%;%9@)8B$5$l$?%G!<%?$rFI$_=P$72DG=$G$"$j!"99$K$O:o=|:Q$_%U%!%$%k$rFI(B
$B$_=P$;$k2DG=@-$,$"$k!#(B

$B$J$*!"LdBj$rJz$($k%+!<%M%k$H(B EXT3 $B%U%!%$%k%7%9%F%`$rAH$_9g$o$;$FMxMQ$7(B
$B$F$$$k4D6-$G$O$3$NLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$O$G$-$J$$E@$K$D$$$F$O(B
$BN10U$9$Y$-$G$"$k!#(B

18. ByteCatcher FTP Client Long Server Banner Buffer Overflow Vulnerabiliity
BugTraq ID: 6762
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6762
$B$^$H$a(B:

Save-It Sotwares ByteCatcher $B$O%@%&%s%m!<%I$r:F3+$5$;$k5!G=$rHw$($?!"(B
Microsoft Windows $B8~$1$N(B FTP $B%/%i%$%"%s%H%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O%a%b%jNN0h$,GK2u$5$l$kLdBj$,B8:_$9$k$3$H$,Js9p$5$l(B
$B$F$$$k!#$$$/$D$+$N>u672<$G!"%/%i%$%"%s%H$,0-0U$N$"$k(B FTP $B%5!<%P$K@\B3$7(B
$B$?:]!"6-3&%A%'%C%/$KM3Mh$9$kLdBj(B (boundary condition error) $B$r@8$8$k2D(B
$BG=@-$,$"$k!#(B

$B$3$NLdBj$O(B FTP $B%P%J!<$NIT==J,$J6-3&%A%'%C%/$KM3Mh$9$k$b$N$G$"$k!#(BFTP 
$B%/%i%$%"%s%H$,Hs>o$KBg$-$$(B FTP $B%P%J!<$ruBV$K(B
$B4Y$k!#(B4096 $B%P%$%H$b$7$/$O$=$l0J>e$NBg$-$5$N(B FTP $B%P%J!<$rLdBj$rJz$($F$$(B
$B$k%/%i%$%"%s%H$KAw?.$9$k$3$H$K$h$j!"$3$NLdBj$,:F8=$5$l$k$3$H$,Js9p$5$l(B
$B$F$*$j!"$3$NLdBj$rMxMQ$7!"967b7$/2DG=@-$,$"$k!#%3!<%I$O(B
$B$$$:$l$b(B FTP $B%/%i%$%"%s%H$N%W%m%;%9$HF13J$N8"8B$G19. Electrasoft 32Bit FTP Client Long Server Banner Buffer Overflow Vulnerabiliity
BugTraq ID: 6764
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6764
$B$^$H$a(B:

Electrasoft 32Bit FTP $B$O(B Windows $B8~$1$N7ZNL$J(B FTP $B%/%i%$%"%s%H%"%W%j%1!<(B
$B%7%g%s$G$"$k!#(B

$B$3$NLdBj$O(B FTP $B%P%J!<$KBP$9$k6-3&%A%'%C%/$,IT==J,$G$"$k$?$a$K@8$8!"$3$N(B
FTP $B%/%i%$%"%s%H$,Hs>o$KBg$-$$(B FTP $B%P%J!<$ruBV(B
$B$K4Y$k!#(B4096 $B%P%$%H$b$7$/$O$=$l0J>e$NBg$-$5$N(B FTP $B%P%J!<$rLdBj$rJz$($F(B
$B$$$k%/%i%$%"%s%H$KAw?.$9$k$3$H$K$h$j!"$3$NLdBj$O:F8=$5$l$k$3$H$,Js9p$5(B
$B$l$F$*$j!"$3$l$K$h$j967b7$/2DG=@-$,$"$k!#%3!<%I$O(B
$B$$$:$l$b(B FTP $B%/%i%$%"%s%H$N%W%m%;%9$HF13J$N8"8B$G20. Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
BugTraq ID: 6766
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 03 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6766
$B$^$H$a(B:

Microsoft Windows 2000 $B$O(B NetBIOS $B%Q%1%C%H$ro!"(BSMB $B%a%C%;!<%8$,?tB?$/$N%Q%1%C%H$KJ,3d$5$l$FAw?.$5$l$k:]!"(BNetBIOS
$B7A<0$NO"B3$7$?%Q%1%C%H$,@8@.$5$l$k!#FCDj$N>u672<$K$*$$$F!"$3$N%Q%1%C%H(B
$B$,%5!<%P$K$h$juBV$K4Y$j!"(B
$B$5$i$K$O7k2L$H$7$F(B DoS $B$K4Y$k2DG=@-$,$"$k!#(B

21. Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
BugTraq ID: 6769
Remote: No
$B8xI=F|(B: Feb 04 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6769
$B$^$H$a(B:

Microsoft Windows 2000 $B$O(B distributed computing environment (DCE) $B4D6-(B
$B$K$*$$$F!"%/%i%$%"%s%H$H%5!<%P4V$NDL?.$r9T$&$?$a$K(B Remote Procedure Calls
(RPC) $B$rMxMQ$7$F$$$k!#(BTCP $B%]!<%HHV9f(B 135 $BHV$,E57?E*$K(B DCE $B%(%s%I%]%$%s(B
$B%H2r7h$N$?$a$KMxMQ$5$l$F$$$k!#(B

$B0JA0$+$i(B DCE-RPC $B%(%s%I%]%$%s%H%^%C%Q!<$KBP$7$F(B DoS $B$,0z$-5/$3$5$l$kLd(B
$BBj$,B8:_$9$k$3$H$,Js9p$5$l$F$$$k(B(BID 6005)$B!#(BDoS $B$,@8$8$?7k2L$H$7$F%7%9(B
$B%F%`Fb$NBP1~$9$k%5!<%S%9$,%/%i%C%7%e$7$?>l9g!"L>A0IU$-%Q%$%W$,DL?.Aj:3J$N8"8B$GA0IU$-%Q%$%W(B
$B$X$N@\B3$r;n$_$k:]!"$3$N:3J$9$k$?$a$K0-0U$"$k%f!<(B
$B%6$K$h$C$F>h$C22. Epic Games Unreal Engine Memory Consumption Denial Of Service Vulnerability
BugTraq ID: 6770
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Feb 05 2003 12:00AM
$B4XO"$9$k(BURL:
http://www.securityfocus.com/bid/6770
$B$^$H$a(B:

Epic Games $B$N(B Unreal Engine $B$O(B Unreal $B$*$h$SB>$NB?$/$N%2!<%`$K;HMQ$5$l(B
$B$F$$$k(B 3D game $BMQ$N%(%s%8%s$G$"$k!#(B

$B$5$^$6$^$J%2!<%`$,;HMQ$7$F$$$k(B Unreal Engine $B$N$$$/$D$+$N%P!<%8%g%s$K(B
$B$O%a%b%j>CHq$NLdBj$,Js9p$5$l$F$$$k!#(B

Unreal Engine $B$O%f!<%6$K%M%C%H%o!<%/$G$D$J$,$l$?%2!<%`$rDs6!$9$k$?$a$N(B
$B5!G=$rF1:-$7$F$*$j!"F1$8%M%C%H%o!<%/$N=hM}G=NO$rJ]$H$&$H$9$k(B Compact 
Indices $B$H$7$FCN$i$l$F$$$kJ}K!$r;HMQ$9$k!#(BUnreal Engine $B$O%/%i%$%"%s%H(B
$B$,M?$($?%Q%1%C%H$K4^$^$l$k%$%s%G%C%/%9$NCM$K4p$E$$$F%a%b%j3dEv$F$r9T$&!#(B
$B?tCM$NL7=b$7$?2r1. Student charged with massive ID fraud
$BCxpJs$r<}=8$9$k$?$a$K!"%\%9%H%sBg(B
$B3X$N%-%c%s%Q%9$K$"$k2?==$b$N%3%s%T%e!<%?$XL)$+$K%-!<%9%H%m!<%/$r4F;k$9(B
$B$k%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$F$$$?$3$H$KBP$7!"B46H@8$,AJ>Y$r5/$3$7(B
$B$?!#(B

http://online.securityfocus.com/news/2283

2. Spyware found on one in three corporate networks
$BCxhttp://online.securityfocus.com/news/2282

3. Discarded computer had confidential medical information
$BCx$N@-9T0Y$K$h$j46@w$9$k<@IB$K(B
$BXm$C$F$$$kB?$/$N?M!9$N;aL>$,5-:\$5$l$?5!L)%U%!%$%k$,3JG<$5$l$F$$$k=#$N(B
$B:b;:$N%3%s%T%e!<%?$,!"M>>jIJ07$$$H$7$FGd$j$K=P$5$l$?$HH/I=$7$?!#(B

http://online.securityfocus.com/news/2274

4. Slammer: Why security benefits from proof of concept code
$BCxZL@$9$k$?$a$K8x3+$5$l$k%3!<%I$N;vNc$KJ034$9$k$h(B
$B$j$O$^$@9%$^$7$$$H$N7kO@$r2<$7$?!#(B

http://online.securityfocus.com/news/2268

IV. SECURITY FOCUS TOP 6 TOOLS
------------------------------
1. Login Anomaly Detection System v0.1
$B:nhttp://www.lepied.com/lads/
$BF0:n4D6-(B: Python
$B$^$H$a(B:

Login Anomaly Detection System (LADS) $B$O%m%0%$%s$*$h$S%m%0%"%&%H$NNc30(B
$B$r8!CN$7!"8!CNFbMF$KBP$7$FMM!9$JBP1~$r2DG=$K$9$k%=%U%H%&%'%"$G$9!#(B

2. WatchLog v0.1b
$B:nhttp://www.glug.com/projects/WatchLog/
$BF0:n4D6-(B: Linux, POSIX, UNIX
$B$^$H$a(B:

WatchLog $B$O(B Perl $B$rMxMQ$7$F3+H/$5$l$?!"$h$j%j%"%k%?%$%`$K6a$$%f!<%6$N(B
Web $B%H%i%U%#%C%/$N0lMw$rDs6!$9$k$?$a$K@_7W$5$l$?%=%U%H%&%'%"$G$9!#%f!<(B
$B%6$,0l$D$N%R%C%H$HF1;~$K%9%/%m!<%k$9$k$3$H$G>pJs$rN.$9$h$&$K%5!<%P>e$N(B
$B%m%0%U%!%$%k$rC1$K(B 'tail -f' $B$H$9$k$3$H$O!"B?$/$N>l9g$K$*$$$FJ,$+$j$K$/(B
$B$$7k2L$r$b$?$i$7$^$9!#$3$N%=%U%H%&%'%"$O%m%0%U%!%$%k$r8+$F3:Ev$9$k%G!<(B
$B%?$N$_$rDs<($9$k$3$H$K$h$j!"(BWeb $B%5%$%H>e$N3hF0$N%j%"%k%?%$%`$N0lMw$r%/(B
$B%j!<%s$G@.7?:Q$_$N7A<0$GF10l$N>pJs$rDs<($7$h$&$H$7$^$9!#(B

3. FieryFilter v0.3
$B:nhttp://www.stud.uni-hamburg.de/users/lennart/projects/fieryfilter/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

FieryFilter $B$O(B Linux $B8~$1$NBPOC7?%$%s%?%U%'!<%9$rHw$($?%G%9%/%H%C%W4D6-(B
$B8~$1$N%U%!%$%"%&%)!<%k%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$O?75,$N%M%C%H(B
$B%o!<%/%3%M%/%7%g%s$,3NN)$5$l$kEYKh$K!"%f!<%6$KBP$7$F%3%M%/%7%g%s$NB39T(B
$B$N5v2D!"5qH]$N$$$:$l$+$r3NG'$7$^$9!#%f!<%6$O3NN)$5$l$?%3%M%/%7%g%s$r85(B
$B$K@\B3%k!<%k$r:n@.2DG=$G$"$k$?$a!"Ld$$9g$o$;2s?t$r:G>.8B$K$9$k$3$H$,2D(B
$BG=$G$9!#(B

4. apachelogrotate.pl v0.1.2
$B:nhttp://www.salesianer.de/util/apachelog.html
$BF0:n4D6-(B: Linux, UNIX
$B$^$H$a(B:

apachelogrotate.pl $B$O(B Linux $B%7%9%F%`>e$G2TF0$9$k(B Apache Web $B%5!<%P$N%m(B
$B%0%U%!%$%k$r%m!<%F!<%H$7!"05=L$7$^$9!#$3$N:]!"(BApache $B$N%5!<%S%9$K43>D$9(B
$B$k$3$H$J$/!"$^$?%5!<%P$N@_Dj%U%!%$%k$r915WE*$KJQ99$9$k$3$H$J$/9T$($^$9!#(B
Apache $B$,2TF0$7$F$$$k>l9g!"@_Dj$9$kI,MW$J$/8rBe$9$Y$-%m%0%U%!%$%k$r<1JL(B
$B$9$k$3$H$,2DG=$G$"$j!"MF0W$K%$%s%9%H!<%k2DG=$G$9!#%G%U%)%k%H@_Dj$G$O(B 10
MB $B0J>e$K$J$C$?%m%0%U%!%$%k$O8rBe$5$l$^$9$,!"$3$N@_DjCM$OJQ992DG=$G$"$j!"(B
$B$^$?F|$4$H!"7n$4$H!"G/$4$H$K%m!<%F!<%H$9$k$h$&@_Dj$9$k$3$H$,2DG=$G$9!#(B
$B$3$N%9%/%j%W%H<+BN$K%I%-%e%a%s%H$,F1:-$5$l$F$$$^$9!#(B

5. GkrellMMS v2.1.8
$B:nhttp://gkrellm.luon.net/gkrellmms.phtml
$BF0:n4D6-(B: Linux$B!"(BPOSIX
$B$^$H$a(B:

GkrellMMS $B$O!"(BGKrellM $B$+$i(B XMMS $B$r@)8f$9$k$?$a$N%W%i%0%$%s$G$9!#(B

6. Logdog v2.0-RC2
$B:nhttp://caspian.dotconf.net/menu/Software/LogDog/
$BF0:n4D6-(B: Linux
$B$^$H$a(B:

LogDog $B$O(B syslog $B%G!<%b%s7PM3$G:N$C$?=hM}$r9T$$$^$9!#$3$N(B
$B%=%U%H%&%'%"$,:NMQ$7$F$$$k@_Dj%U%!%$%k$G$O8l6g$d@.6g$N0lMw$r;XDj2DG=$G(B
$B$"$j!"$^$?!"8l6g$d@.6g$rH/8+$7$?>l9g$Khttp://www.lac.co.jp/security/
smime.p7s