Mailing-List: contact bugtraq-jp-help@securityfocus.com; run by ezmlm
Precedence: bulk
To: bugtraq-jp@securityfocus.com
References: <Pine.LNX.4.43.0304211149470.13747-100000@mail.securityfocus.com>
Subject: SecurityFocus Newsletter #193 2003-4-14->2003-4-18
From: Yasuhiro Nishimura <y.nisimr@lac.co.jp>
Message-Id: <200304301721.FID89124..NJZJSOT@lac.co.jp>
Date: Wed, 30 Apr 2003 17:21:31 +0900
Mime-Version: 1.0
Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=sha1; Boundary="---------1051690888-613048677"

-----------1051690888-613048677
Content-Type: text/plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

$B@>B<(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 193 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

---------------------------------------------------------------------------
BugTraq-JP $B$K4X$9$k(B FAQ($BF|K\8l(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
---------------------------------------------------------------------------
---------------------------------------------------------------------------
SecurityFocus Newsletter $B$K4X$9$k(BFAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml
BugTraq $B$K4X$9$k(B FAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
---------------------------------------------------------------------------
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
  $B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
  $B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
  $B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^(B
  $B$9!#(B
---------------------------------------------------------------------------
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
  $BHG$r$4Ej9FD:$/$+!"4F=$<T(B (y.nisimr@lac.co.jp) $B$K$*CN$i$;$/$@$5$$!#(B
  $B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
---------------------------------------------------------------------------
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Mon, 21 Apr 2003 11:50:05 -0600 (MDT)
Message-ID: <Pine.LNX.4.43.0304211149470.13747-100000@mail.securityfocus.com>

SecurityFocus Newsletter #193
-----------------------------

This Issue is Sponsored By: SpiDynamics

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
     1. Statistical-Based Intrusion Detection
     2. On Cures That Are Worse than the Disease
     3. SecurityFocus DPP Program
II. BUGTRAQ SUMMARY
     1. Oracle E-Business Suite RRA/FNDFS Arbitrary File Disclosure...
     2. SmartMax MailMax Password Field Buffer Overflow DOS...
     3. SmartMax MailMax Undisclosed Buffer Overflow Vulnerability
     4. Ocean12 ASP Guestbook Manager Information Disclosure Vulnerability
     5. Microsoft Windows Active Directory Policy Bypass Vulnerability
     6. Ocean12 ASP Guestbook Manager Code Injection Vulnerability
     7. WebGUI HTTPProxy Denial Of Service Vulnerability
     8. BitchX Trojan Horse Vulnerability
     9. LPRng PSBanner Insecure Temporary File Creation Vulnerability
     10. SheerDNS Information Disclosure Vulnerability
     11. SheerDNS CNAME Buffer Overflow Vulnerability
     12. GS-Common PS2Epsi Insecure Temporary File Vulnerability
     13. FipsGuestbook New_Entry.ASP HTML Injection Vulnerability
     14. InstaBoard Index.CFM SQL Injection Vulnerability
     15. ActivCard Gold Cached Static Password Vulnerability
     16. Web Wiz Site News Information Disclosure Vulnerability
     17. IBM FTP Daemon Kerberos 5 Unspecified Administrative Access...
     18. EZ Publish site.ini Information Disclosure Vulnerability
     19. EZ Publish Multiple Cross Site Scripting Vulnerabilities
     20. EZ Publish Multiple Path Disclosure Vulnerabilities
     21. GTKHTML Malformed HTML Document Denial Of Service Vulnerability
     22. Progress Database BINPATHX Environment Variable Buffer...
     23. OSCommerce Product_Info.PHP Denial Of Service Vulnerability
     24. Xoops Glossary Module Cross Site Scripting Vulnerability
     25. 12Planet Chat Server Error Message Installation Path...
     26. 12Planet Chat Server Administration Page Clear Text...
     27. Python Documentation Server Error Page Cross-Site Scripting...
     28. OSCommerce Authentication Bypass Vulnerability
     29. Microsoft Windows EngTextOut Non-ASCII Character Denial Of...
     31. Netcomm NB1300 Modem/Router Weak Default Configuration...
     32. IkonBoard Lang Cookie Arbitrary Command Execution Vulnerability
     33. Ashley Brown iWeb Server Directory Traversal Vulnerability
     34. Mozilla Browser Cross Domain Violation Vulnerability
     35. Novell Groupwise Mail Transport Agent Unspecified DOS...
     36. Novell GroupWise WebAccess Information Disclosure Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
     1. Use a Honeypot, Go to Prison?
     2. Debate: Should You Hire a Hacker?
     3. 'Super-DMCA' fears suppress security research
     4. Security Agency Selects Privacy Watchdog
IV. SECURITYFOCUS TOP 6 TOOLS
     1. Iptables made easy v1.0
     2. Amrita VPN v0.90 beta 2
     3. Crypt Blowfish v0.4.5
     4. Nast v0.1.7
     5. LKL v0.0.2
     6. DSPAM v2.0

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Oracle E-Business Suite RRA/FNDFS Arbitrary File Disclosure
Vulnerability
BugTraq ID: 7325
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7325
$B$^$H$a(B:

Oracle RRA/FNDFS server $B$ODL>o(B Oracle $B$N%f!<%F%#%j%F%#$,(B Concurrent
Manager server $B$+$i%l%]!<%H%G!<%?$r8!:w$7Cj=P$9$k$?$a$KMxMQ$5$l$k!#(BRRA 
$B$O(B Report Review Agent $B$N$3$H$G$"$j!"(BFND File Server (FNDS) $B$H$7$F$bCN$i(B
$B$l$F$$$k!#(B

Oracle E-Business suite FNDFS server $B$K$O967b<T$,0U?^$7$?%U%!%$%k$,O31L(B
$B$9$kLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#(B

$B$3$NLdBj$O$3$N%=%U%H%&%'%"$K$h$jMxMQ$5$l$kDL?.%W%m%H%3%k$KH/8+$5$l$?!#Js(B
$B9p$K$h$k$H!"$3$NLdBj$rMxMQ$7$?967b$K$h$j!"967b<T$O%7%9%F%`!"%G!<%?%Y!<%9!"(B
$B$*$h$S%"%W%j%1!<%7%g%s$K8GM-$NG'>Z5!9=$r1*2s$7!"(BConcurrent Manager
server $B>e$KB8:_$9$k0U?^$7$?%U%!%$%k$NFbMF$rO31L$5$;$k2DG=@-$,$"$k!#$?$@(B
$B$7!"967b<T$,O31L$5$;$k$3$H$,$G$-$k$N$O(B 'oracle' $B$b$7$/$O(B 'applmgr' $B%f!<(B
$B%6%"%+%&%s%H$K$h$jFI<h$j2DG=$J%U%!%$%k$N$_$G$"$kE@$ON10U$5$l$k$Y$-$G$"$k!#(B
$B$^$?!"$3$NLdBj$rMxMQ$7$?967b$r@.8y$5$;$k$?$a$K$O!"(B Concurrent Manager
server $B$XD>@\(B SQL*Net $B$rMxMQ$7$F%"%/%;%9$9$kI,MW$,$"$k!#(B

$B$3$NJ}K!$K$h$jC%<h$5$l$?>pJs$O!"LdBj$rJz$($F$$$k%3%s%T%e!<%?$KBP$9$k$5$i(B
$B$J$k967b$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

2. SmartMax MailMax Password Field Buffer Overflow Denial Of Service Vulnerability
BugTraq ID: 7326
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7326
$B$^$H$a(B:

Smartmax MailMax $B$O(B Microsoft Windows $B8~$1$N%a!<%k%5!<%P$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O%P%C%U%!%*!<%P%U%m!<$,H/@8$9$kLdBj$,B8(B
$B:_$7!"7k2L$H$7$F%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$k!#$3$NLdBj$O%f!<%6$,2a(B
$BEY$KD9$$%Q%9%o!<%I$rMQ$$$F(B IMAP $B%5!<%P$K%m%0%$%s$7$h$&$H$9$k:]$KH/@8$9$k!#(B
$B$3$NLdBj$K$h$j%P%C%U%!%*!<%P%U%m!<$,H/@8$9$k$?$a(B IMAP $B%5!<%P$,%/%i%C%7%e(B
$B$7!"7k2L$H$7$F(B $B%5!<%S%9ITG=>uBV$K4Y$k!#(B

$BDL>o>uBV$KI|5"$9$k$K$OLdBj$rJz$($k%5!<%S%9$N:F5/F0$,I,MW$G$"$k!#L$8!>Z$G(B
$B$O$"$k$,!"$3$NLdBj$rMxMQ$7$?967b$K$h$j!"967b<T$,M?$($k0-0U$"$k%3!<%I$,<B(B
$B9T$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"(BMailMax 5 $B$KB8:_$9$k$HJs9p$5$l$F$$$k!#(B

3. SmartMax MailMax Undisclosed Buffer Overflow Vulnerability
BugTraq ID: 7327
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7327
$B$^$H$a(B:

Smartmax MailMax $B$O(B Microsoft Windows $B8~$1$N%a!<%k%5!<%P$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O%P%C%U%!%*!<%P%U%m!<$,H/@8$9$kLdBj$,B8(B
$B:_$9$k!#$3$NLdBj$N>\:Y$O8=;~E@$G$OL$>\$G$"$j!"K\(B BID $B$O$5$i$J$k>pJs$,F@(B
$B$i$l<!Bh!"99?7M=Dj$G$"$k!#(B

$B$3$NLdBj$N1F6AHO0O$O!"(BBID 7326 $B$K5-:\$NLdBj$HF1MM$G$"$k$H?d;!$5$l$k!#(B

4. Ocean12 ASP Guestbook Manager Information Disclosure Vulnerability
BugTraq ID: 7328
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7328
$B$^$H$a(B:

Ocean12 ASP Guestbook Manager $B$OI,MW$J$b$N$r$9$Y$FHw$($?%2%9%H%V%C%/5!G=(B
$B$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O$9$Y$F(B ASP $B$*$h$S(B 
VBScript $B$G3+H/$5$l$F$*$j!"%G!<%?$NJ]B8$K$O(B Access $B%G!<%?%Y!<%9$rMxMQ$9(B
$B$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O=EMW$J>pJs$rO31L$9$kLdBj$rJz$($F$$$k5?$$(B
$B$,$"$k!#(B

$B967b<T$O$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k%3%s%T%e!<%?>e$N(B Access $B%G!<%?%Y!<(B
$B%9%U%!%$%k$G$"$k(B 'o12guest.mdb' $B$r%j%/%(%9%H$7!"%@%&%s%m!<%I$9$k2DG=@-$,(B
$B$"$k!#$3$N%G!<%?%Y!<%9$O(B 'guestbook/admin/' $B$KB8:_$7$F$*$j$3$N%=%U%H%&%'(B
$B%"$K$h$jMxMQ$5$l$k!#%G!<%?%Y!<%9$K$O$3$N%=%U%H%&%'%"$N4IM}<T$NG'>ZMQ>pJs(B
$B$,J?J8$G3JG<$5$l$F$*$j!"967b<T$KO31L$7$F$7$^$&2DG=@-$,$"$k!#(B

$B$3$N<jCJ$K$h$j<}=8$5$l$?>pJs$O!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k%3%s%T%e!<(B
$B%?$KBP$9$k$5$i$J$k967b$KM-MQ$H$J$k2DG=@-$,$"$k!#(B

5. Microsoft Windows Active Directory Policy Bypass Vulnerability
BugTraq ID: 7330
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7330
$B$^$H$a(B:

$BJs9p$K$h$k$H!"(BMicrosoft Active Directory (AD) Domain Controllers (DC) $B$O!"(B
$B=EMW$J%G!<%?$N2~JQ$,2DG=$H$J$kLdBj$rJz$($F$$$k!#(B

$B$3$NLdBj$O!"(BDC $B$K$h$k%9%-!<%^$*$h$S9=@.%Q!<%F%#%7%g%s$r4IM}$9$k%?%9%/$N(B
$B=hM}J}K!$K4X78$7$F$$$k!#E57?E*$K$O!"$$$:$l$+$N(B DC $B>e$G9T$o$l$kA`:n$O!"B>(B
$B$N(B DC $B$K$b9T$o$l$k!#$7$+$7$J$,$i!"(BAD $B%9%-!<%^$*$h$S9=@.$N4IM}$O!"FCDj$N(B
$B%f!<%6%"%+%&%s%H$G4IM}$9$k$?$a$KC10l$N(B DC $B$K0QBw$5$l$F$$$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"967b<T$OB>$N(B DC $B$N%9%-!<%^$*$h$S9=@.%Q!<%F%#(B
$B%7%g%s$rA`:n2DG=$H$J$k!#7k2L$H$7$F!"4{B8$N(B Windows $B%I%a%$%s$KBP$9$k?<9o(B
$B$J%M%C%H%o!<%/LdBj$,0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B

$B3F%9%-!<%^$*$h$S9=@.%Q!<%F%#%7%g%s$O!"FI<h$j@lMQ$N%G!<%?$H$7$F;R(B DC $B$KB8(B
$B:_$9$k!#;R(B DC $B$N0-0U$"$k4IM}<T$O!"%Q!<%_%C%7%g%s$,IT==J,$G$"$k$3$H$rMxMQ(B
$B$7$F!"(BSYSTEM $B8"8B$GFCDj$N%5!<%S%9$r<B9T$7!"$3$l$i$N%Q!<%F%#%7%g%s$KB8:_(B
$B$9$k%3%s%F%s%D$rA`:n2DG=$G$"$k!#(B

6. Ocean12 ASP Guestbook Manager Code Injection Vulnerability
BugTraq ID: 7329
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7329
$B$^$H$a(B:

Ocean12 ASP Guestbook Manager $B$OI,MW$J$b$N$r$9$Y$FHw$($?%2%9%H%V%C%/5!G=(B
$B$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O$9$Y$F(B ASP $B$*$h$S(B 
VBScript $B$rMxMQ$7$F3+H/$5$l$F$*$j!"%G!<%?$NJ]B8$K$O(B Access $B%G!<%?%Y!<%9(B
$B$rMxMQ$9$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O(B HTML $B%3!<%I$rCmF~$5$l$kLdBj(B (HTML Code
injection vulnerability) $B$rJz$($F$$$k5?$$$,$"$k!#(B

$B$3$N%=%U%H%&%'%"$NJ#?t$N%U%)!<%`%U%#!<%k%I!"6qBNE*$K$O(B 'Name'$B!"(B'E-Mail'$B!"(B
$B$*$h$S(B 'Message' $B%U%#!<%k%I$G9T$o$l$kL5322=(B (sanitize) $B$,IT==J,$G$"$k$3(B
$B$H$+$i!"967b<T$O!"F0E*$K@8@.$5$l$k$3$N%=%U%H%&%'%"$N%Z!<%8$K0U?^$7$?(B 
HTML $B%3!<%I$rCmF~$9$k2DG=@-$,$"$k!#(B

$B967b<T$K$h$jA^F~$5$l$?%9%/%j%W%H%3!<%I$O!"LdBj$rJz$($k%=%U%H%&%'%"$r2TF0(B
$B$5$;$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l!"967b<T(B
$B$K$h$k(B Web $B%3%s%F%s%D$N>h$C<h$j$d(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$NEp$_<h$j(B
$B$r2DG=$K$7$F$7$^$&!#$^$?!"$3$N967b$K$h$j967bBP>]$H$J$k%f!<%6$H$7$F!"Ej9F(B
$B$dEj9FFbMF$N:o=|$r4^$`0U?^E*$JA`:n$r9T$&$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

7. WebGUI HTTPProxy Denial Of Service Vulnerability
BugTraq ID: 7331
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7331
$B$^$H$a(B:

WebGUI $B$O!"0lHL%f!<%6$K$h$kJ#;($J(B Web $B%5%$%H$N9=C[!"0];}$r2DG=$K$9$k4D6-(B
$B$rDs6!$9$k%3%s%F%s%D4IM}%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O!"0-0U$"$k(B HttpProxy $B%j%/%(%9%H$N=hM};~$K!"%5!<%S%9IT(B
$BG=>uBV$K4Y$kLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"967b<T$O$3$N%=%U%H%&%'%"$N(B HttpProxy $B5!G=$K0-0U$"$k%W%m%-(B
$B%7%j%/%(%9%H$rAw?.$9$k2DG=@-$,$"$k!#$3$NA`:n$K$h$j!"$3$N%=%U%H%&%'%"$OCG(B
$BB3E*$J%5!<%S%9ITG=>uBV$K4Y$k$H?dB,$5$l$k!#$3$NLdBj$rMxMQ$7$?967b$,@.8y$9(B
$B$k$H!"$3$N%=%U%H%&%'%"$N(B Web $B%*%V%8%'%/%H$,<+?H$N%3%s%F%s%D$N%W%m%-%7$H(B
$B$7$FF0:n$7$h$&$H$9$k$?$a!"L58B:F5"%k!<%W$K4Y$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"(BWebGUI 5.2.3 $B$KB8:_$9$k$HJs9p$5$l$F$$$k!#L$8!>Z$G$"$k$,!"$3(B
$B$l$h$jA0$N%P!<%8%g%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k!#(B

8. BitchX Trojan Horse Vulnerability
BugTraq ID: 7333
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 13 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7333
$B$^$H$a(B:

BitchX $B$O%U%j!<$KMxMQ2DG=$J%*!<%W%s%=!<%9$N(B IRC $B%/%i%$%"%s%H$G$"$k!#$3$N(B
$B%=%U%H%&%'%"$O(B Unix$B!"(BLinux$B!"$*$h$S(B Microsoft Windows $B$GMxMQ2DG=$G$"$k!#(B

$B:G6a(B BitchX $B$rDs6!$9$k%5!<%P(B www.bitchx.org $B$,%;%-%e%j%F%#>e$N6<0R$KGx$5(B
$B$l$F$$$?$HJs9p$5$l$?!#$3$NJs9p$K$h$k$H!"?/F~<T$O(B BitchX $B$N%=!<%9%3!<%I$r(B
$B2~JQ$7$F%H%m%$$NLZGO$r@x$j9~$^$;$?!#$3$l$K$h$j!"(Bwww.bitchx.org $B$*$h$S%_(B
$B%i!<%5%$%H$+$i%@%&%s%m!<%I$7$?(B BitchX $B$N%=!<%9%3!<%I$K$O!"%H%m%$$NLZGO$,(B
$B:.F~$5$l$F$$$k$H?d;!$5$l$k!#(B

$BJs9p$K$h$k$H!"$3$N%H%m%$$NLZGO$O$3$N%=%U%H%&%'%"$N%3%s%Q%$%k;~$K0lEY<B9T(B
$B$5$l$k!#$3$N%H%m%$$NLZGO$,<B9T$5$l$k$H!"(B207.178.61.5 $B$N(B 6667 $BHV%]!<%H$X(B
$B$N@\B3$r;n$_$k!#(B

$B$3$N%H%m%$$NLZGO$N:.F~$O!"(BBitchX 1.0c19 $B$K4^$^$l$k@_Dj%9%/%j%W%HCf$KH/8+(B
$B$5$l$F$$$k!#(B

$B2C$($F!"$3$N%H%m%$$NLZGO$O(B irssi$B!"(Bfragroute$B!"(Bfragrouter$B!"(Btcpdump$B!"(B
libpcap$B!"(BOpenSSH $B$*$h$S(B Sendmail $B$GH/8+$5$l$?$b$N$HN`;wE@$,$"$k!#(B

$BK\(B BID $B$O$5$i$J$k>pJs$,8x3+$5$l$?;~E@$G99?7M=Dj$G$"$k!#(B

9. LPRng PSBanner Insecure Temporary File Creation Vulnerability
BugTraq ID: 7334
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7334
$B$^$H$a(B:

LPRng psbanner $B$O!"(BPostScript $B7A<0$N%P%J!<$r@8@.$9$k%W%j%s%?%U%#%k%?%f!<(B
$B%F%#%j%F%#$G!"(BLPRng $B$N0lIt$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$N%U%#%k%?$O%;%-%e%"$G$J$$J}K!$G0l;~%U%!%$(B
$B%k$r:n@.$7$F$7$^$&LdBj$rJz$($F$$$k5?$$$,$"$k!#(B

$BFCDj$N>u672<!"6qBNE*$K$O$3$N%=%U%H%&%'%"$,%U%#%k%?$H$7$F@_Dj$5$l$k:]$K!"(B
$B$3$N%=%U%H%&%'%"$O%;%-%e%"$G$J$$J}K!$G%G%P%C%0$rL\E*$H$7$?0l;~%U%!%$%k$r(B
$B:n@.$9$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O4{$K0l;~%U%!%$%k$,B8:_$9$k$+$I$&$+!"$^$?(B
$B$O!"$3$N%U%!%$%k$,B>$N>l=j$X$N%7%s%\%j%C%/%j%s%/$G$"$k$+$I$&$+$r!"$3$N%U%!(B
$B%$%k$,FCDj$NA`:n$N$?$a$K;HMQ$5$l$kA0$K3NG'$7$J$$!#$3$N%U%!%$%k$KBP$7$F9T(B
$B$o$l$kA`:n$O!"(B'daemon' $B8"8B$G<B9T$5$l$k$3$H$K$J$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"7k2L$H$7$F!"$3$NLdBj$rJz$($k%=%U%H%&%'%"$r(B
$B<B9T$7$F$$$k%f!<%6$N8"8B$G!"%7%s%\%j%C%/%j%s%/$rMxMQ$9$k967b$,9T$o$l$k2D(B
$BG=@-$,$"$k!#(B

10. SheerDNS Information Disclosure Vulnerability
BugTraq ID: 7336
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7336
$B$^$H$a(B:

SheerDNS $B$O!"(BUnix $B$*$h$S(B Linux $BM3Mh$N(B OS $B$GF0:n$9$k!"M%$l$?(B DNS $B%5!<%P$G(B
$B$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$OLdBj$rJz$($F$$$k!#(BDNS $B%j%/%(%9%HCf$N%f!<(B
$B%6$K$h$C$FF~NO$5$l$?%G!<%?$NL5322=(B (sanitize) $B$,IT==J,$G$"$k$3$H$+$i!"96(B
$B7b<T$O0U?^$7$?%G%#%l%/%H%j$"$k$$$O%U%!%$%k$NFbMF$r1\Mw$G$-$k2DG=@-$,$"$k!#(B
$B6qBNE*$K$O!"$3$N%=%U%H%&%'%"$O!"(BDNS $B%/%(%j$KAH$_9~$^$l$?!"%G%#%l%/%H%j$N(B
$B;2>H$K4X$9$kJ8;zNs(B (../) $B$N%U%#%k%?%j%s%0$r9T$C$F$$$J$$$3$H$K5/0x$9$k!#(B

$B$3$N%=%U%H%&%'%"$O(B root $B8"8B$G2TF0$7$F$$$k$?$a!"$3$NLdBj$rMxMQ$7$?967b$K(B
$B$h$j!"967b<T$OA4$F$N%7%9%F%`%G%#%l%/%H%j$NFbMF$r1\Mw2DG=$G$"$k!#(B

$B$3$NLdBj$O!"(BSheerDNS 1.0.0 $B$KB8:_$9$k$HJs9p$5$l$F$$$k$,!"$3$l$h$jA0$N%P!<(B
$B%8%g%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k!#(B

11. SheerDNS CNAME Buffer Overflow Vulnerability
BugTraq ID: 7335
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 13 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7335
$B$^$H$a(B:

SheerDNS $B$O!"(BUnix $B$*$h$S(B Linux $BM3Mh$N(B OS $B$GF0:n$9$k!"M%$l$?(B DNS $B%5!<%P$G(B
$B$"$k!#(B

$B$3$N%=%U%H%&%'%"$O!"(BCNAME $B%/%(%j$X$N%l%9%]%s%9$rAH$_N)$F$k:]$K!"%P%C%U%!(B
$B%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$k!#$3$NLdBj$O!"L>A02r7h$K4X$9$k>pJs$N6-(B
$B3&%A%'%C%/$,IT==J,$G$"$k$3$H$K5/0x$9$k!#6qBNE*$K$O!"L>A02r7h$N7k2L$r3JG<(B
$B$9$k$?$a$N@EE*%P%C%U%!$,%/%(%j$K3d$jEv$F$i$l$?%P%C%U%!$h$j$bBg$-$$$N$G$"(B
$B$k!#$3$N%=%U%H%&%'%"$O!"(Bstrcpy() $B4X?t$rMQ$$$F!"L>A02r7h$N7k2L$r%/%(%jMQ(B
$B$N%P%C%U%!$K%3%T!<$7$F$$$k!#(B

$BL>A02r7h$K4X$9$k>pJs$O!"%m!<%+%k%U%!%$%k$+$i8F$S=P$5$l$k!#967b<T$,$3$l$i(B
$B$N%U%!%$%k$NFbMF$r2~JQ$G$-$k>l9g!"%P%C%U%!%*!<%P%U%m!<$rH/@8$5$;%9%?%C%/(B
$B%a%b%j>e$NNY@\$7$?NN0h$r0-0U$"$k%G!<%?$G>e=q$-2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"%5!<%S%9ITG=>uBV$K4Y$i$;$k!"$^$?$O0-0U$"$k(B
$B%3!<%I$N<B9T$,2DG=$H$J$k!#(B

$B$3$NLdBj$O!"(BSheerDNS 1.0.0 $B$KB8:_$9$k$HJs9p$5$l$F$$$k$,!"$3$l$h$jA0$N%P!<(B
$B%8%g%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k!#(B

12. GS-Common PS2Epsi Insecure Temporary File Vulnerability
BugTraq ID: 7337
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7337
$B$^$H$a(B:

gs-common $B$O!"0[$J$k(B Ghostscript $B%j%j!<%9$N$?$a$N0lO"$N6&DL%U%!%$%k$G$"(B
$B$k!#(B

$B$3$N%=%U%H%&%'%"$KF1:-$5$l$k(B ps2espi $B%9%/%j%W%H$O!"(BGhostscript $B$r8F$S=P(B
$B$9:]$K!"%;%-%e%"$G$J$$J}K!$G0l;~%U%!%$%k$r:n@.$9$k!#$3$NLdBj$rMxMQ$7$?96(B
$B7b$K$h$j!"0-0U$"$k%m!<%+%k$N%f!<%6$O%7%s%\%j%C%/%j%s%/$r:n@.$7!"$3$NLdBj(B
$B$rJz$($k%9%/%j%W%H$r8F$S=P$9%f!<%6$,=q$-9~$_2DG=$J%m!<%+%k$N%U%!%$%k$rGK(B
$B2u2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j=EMW$J%U%!%$%k$,GK2u$5$l$?>l9g!"%5!<%S%9ITG=(B
$B>uBV$K4Y$k2DG=@-$,$"$k!#$^$?!"%m!<%+%k$N967b<T$,0U?^E*$J%G!<%?$G%m!<%+%k(B
$B$N%U%!%$%k$r2~JQ$G$-$k>l9g!"8"8B>:3J$b2DG=$G$"$k$H?d;!$5$l$k!#(B

13. FipsGuestbook New_Entry.ASP HTML Injection Vulnerability
BugTraq ID: 7339
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7339
$B$^$H$a(B:

fipsGuestbook $B$O!"(BWeb $B%$%s%?%U%'!<%9$rHw$($?%2%9%H%V%C%/5!G=$rDs6!$9$k%=(B
$B%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O!"(BASP $B$*$h$S(B VBScript $B$G3+H/$5$l$F$*(B
$B$j!"(BMicrosoft Windows $B$GF0:n$9$k!#(B

$B$3$N%=%U%H%&%'%"$O!"%U%)!<%`%G!<%?$K4^$^$l$k(B HTML $B%?%0$*$h$S%9%/%j%W%H%3!<(B
$B%I$NL5322=(B (sanitize) $B$,IT==J,$G$"$k!#$3$NLdBj$O!"(B'new_entry.asp' $B%9%/%j(B
$B%W%H$KB8:_$9$k!#967b<T$O!"$3$N%=%U%H%&%'%"$N(B "Name" $B%U%#!<%k%I$r2p$7$F(B 
HTML $B%?%0$*$h$S%9%/%j%W%H%3!<%I$rCmF~$9$k2DG=@-$,$"$k!#$3$N%3!<%I$O!"(BWeb 
$B%5%$%H$NK,Ld<T$,$3$N%=%U%H%&%'%"$r1\Mw$7$?:]$KI=<($*$h$S2r<a$5$l$k$H?d;!(B
$B$5$l$k!#$3$NJ}K!$K$h$jCmF~$5$l$?0-0U$"$k%3!<%I$O!"$3$NLdBj$rJz$($k%=%U%H(B
$B%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G2r<a(B
$B$5$l$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$rEp$_=P$7$?$j!"(B
$B$"$k$$$O$=$NB>$N967b$,2DG=$G$"$k!#(B

$B$3$NLdBj$O(B fipsGuestbook 1.12.7 $B$KB8:_$9$k$HJs9p$5$l$F$$$k!#$^$?!"B>$N%P!<(B
$B%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$k!#(B

14. InstaBoard Index.CFM SQL Injection Vulnerability
BugTraq ID: 7338
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7338
$B$^$H$a(B:

InstaBoard $B$O!"(BWeb $B%$%s%?%U%'!<%9$rHw$($?B?5!G=$J%G%#%9%+%C%7%g%sMQ$NEE(B
$B;R7G<(HD%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K4^$^$l$k(B 'index.cfm' $B$O(B SQL $B9=J8$,CmF~$5$l$kLdBj(B (SQL
injection vulnerability) $B$rJ#?tJz$($F$$$k$HJs9p$5$l$F$$$k!#$3$NJs9p$K$h(B
$B$k$H!"$3$NLdBj$O(B SQL $B%/%(%j$rAH$_N)$F$k$?$a$KMxMQ$5$l$k!"30It$+$iM?$($i(B
$B$l$k%G!<%?$r==J,$KL5322=(B (sanitize) $B$7$F$$$J$$$3$H$K5/0x$9$k!#$3$N%G!<%?(B
$B$O!"FCDj$N4X?t$X$N%j%/%(%9%HCf$K4^$^$l$k(B URI $B%Q%i%a!<%?$r2p$7$FM?$($i$l(B
$B$k2DG=@-$,$"$k!#%j%b!<%H$N967b<T$O$3$NLdBj$r$&$^$/MxMQ$7!"0-0U$"$k%G!<%?(B
$B$r(B SQL $B%/%(%j$KCmF~$9$k$3$H$K$h$j!"(BSQL $B%/%(%j$N=hM}$r2~JQ$9$k2DG=@-$,$"(B
$B$k!#(B

$B$3$N967b$NGH5ZHO0O$O!"FCDj$N%G!<%?%Y!<%9$N<BAu!"$^$?$OFCDj$N%/%(%j$N0UL#(B
$B$9$kK\<A$K0MB8$9$k$H?d;!$5$l$k!#(BSQL $B9=J8$rCmF~$9$k967b$K$h$j!"FCDj$N>u67(B
$B2<$K$*$$$F!"$3$N%=%U%H%&%'%"$rF0:n$5$;$F$$$k%3%s%T%e!<%?>e$N%G!<%?%Y!<%9(B
$B$KB8:_$9$k@x:_E*$JLdBj$rMxMQ$9$k967b$r4k$F$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O!"(BInstaBoard 1.3 $B$KB8:_$9$k$HJs9p$5$l$F$$$k$,!"$3$l$h$jA0$N%P!<(B
$B%8%g%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$k!#(B

15. ActivCard Gold Cached Static Password Vulnerability
BugTraq ID: 7340
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7340
$B$^$H$a(B:

ActivCard Gold $B$O!"(BMicrosoft Windows $B$*$h$S$=$NB>$N(B OS $B$GF0:n$9$k%9%^!<(B
$B%H%+!<%I$rMxMQ$9$k<jCJ$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O%a%b%jFb$K@EE*%Q%9%o!<%I$r%-%c%C%7%e$7$F(B
$B$$$k!#G'>ZMQ>pJs$O!"(B"scardsrv" $B%W%m%;%9$K3d$jEv$F$i$l$?%a%b%j$KJ]B8$5$l(B
$B$F$$$k!#$3$l$i$NG'>ZMQ>pJs$O!"967b<T$,$3$N%W%m%;%9%a%b%j$r%@%s%W$9$k!"$"(B
$B$k$$$O4{B8$N%a%b%j%@%s%W$K%"%/%;%92DG=$G$"$k>l9g!"967b<T$KO31L$7$F$7$^$&!#(B

$BL$8!>Z$G$O$"$k$,!"@EE*%Q%9%o!<%I$O%9%^!<%H%+!<%I$,<h$j=|$+$l$?8e$b!"%a%b(B
$B%jFb$K0MA3$H$7$FB8:_$9$k$H8@$o$l$F$$$k!#K\LdBj$O!"$3$N%=%U%H%&%'%"$K$h$C(B
$B$F!"$h$j%;%-%e%"$JJ}K!$GJ]B8$5$l$F$$$k$HJs9p$5$l$F$$$k(B PKI $BHkL)80$*$h$S(B
$BF0E*%Q%9%o!<%I80$K$O1F6A$7$J$$!#(B

16. Web Wiz Site News Information Disclosure Vulnerability
BugTraq ID: 7341
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7341
$B$^$H$a(B:

Web Wiz Site News $B$O!"(BASP $B$G3+H/$5$l$?%U%j!<$KG[I[$5$l$F$$$k%K%e!<%94IM}(B
$B%=%U%H%&%'%"$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O=EMW$J>pJs$rO31L$7$F$7$^$&LdBj$rJz$($F$$(B
$B$k5?$$$,$"$k!#(B

$B967b<T$O!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k%3%s%T%e!<%?>e$N(B Access $B%G!<%?(B
$B%Y!<%9%U%!%$%k$G$"$k(B 'news.mdb' $B$X$N%j%/%(%9%H$r:n@.$7!"%@%&%s%m!<%I$9$k(B
$B2DG=@-$,$"$k!#$3$N%U%!%$%k$O!"(B'news' $B%U%)%k%@$KJ]B8$5$l$F$*$j!"$3$N%=%U(B
$B%H%&%'%"$K$h$j;HMQ$5$l$F$$$k!#%G!<%?%Y!<%9$K$O$3$N%=%U%H%&%'%"$N4IM}<T$N(B
$BG'>ZMQ>pJs$,J?J8$G3JG<$5$l$F$*$j!"967b<T$KO31L$7$F$7$^$&2DG=@-$,$"$k!#(B

$B$3$NJ}K!$K$h$C$F<}=8$5$l$?>pJs$O!"LdBj$rJz$($k%3%s%T%e!<%?$KBP$9$k$5$i$J(B
$B$k967b$KM-MQ$H$J$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"(BSite News version 3.06 $B$KB8:_$9$k$HJs9p$5$l$F$$$k$,!"$3$l$h(B
$B$jA0$N%P!<%8%g%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$k!#(B

17. IBM FTP Daemon Kerberos 5 Unspecified Administrative Access Vulnerability
BugTraq ID: 7346
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7346
$B$^$H$a(B:

AIX $B$O!"(BIBM $B$,HNGd$7$F$$$k>&MQMxMQ2DG=$J(B UNIX OS $B$G$"$k!#(B

$B$3$N(B OS $B$KB8:_$9$kLdBj$K$h$j!"%j%b!<%H$N967b<T$OK\Mh%"%/%;%98"$r$b$C$F$$(B
$B$J$$$K$b$+$+$o$i$:%3%s%T%e!<%?$X$N%"%/%;%9$,2DG=$H$J$k!#(B

$BJs9p$K$h$k$H!"(BKerberos 5 $B$rMxMQ$7$?G'>Z$,9T$o$l$k:]!"(BAIX $B$G<BAu$5$l$F$$(B
$B$k(B ftpd $B$KLdBj$,B8:_$9$k!#$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$OK\Mh%"%/%;%9(B
$B8"$r;}$C$F$$$J$$$K$b$+$+$o$i$:!"%j%b!<%H$+$i$N%"%/%;%9$,2DG=$K$J$k!#(B

$B$3$NLdBj$NK\<A$K4X$9$k>\:Y>pJs$O!"8=;~E@$G$O!"$[$H$s$IF~<j$G$-$J$$!#$7$+(B
$B$7$J$,$i!"(BAIX $B$KF1:-$5$l$F$$$k(B FTP $B%G!<%b%s$O!"G'>ZJ}<0$H$7$F%G%U%)%k%H(B
$B$G(B Kerberos 5 $B5!G=$r;HMQ$9$k$h$&$K@_Dj$5$l$F$$$k$3$H$,3NG'$5$l$F$$$k!#$^(B
$B$?!"$3$NLdBj$rMxMQ$7$?967b$K$h$j!"7k2L$H$7$F967b<T$,LdBj$rJz$($k%3%s%T%e!<(B
$B%?$X$N(B root $B8"8B$G$N%"%/%;%98"$rC%<h$G$-$k$3$H$b3NG'$5$l$F$$$k!#(B

18. EZ Publish site.ini Information Disclosure Vulnerability
BugTraq ID: 7347
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7347
$B$^$H$a(B:

eZ Publish $B$O!"(BMicrosoft Windows$B!"(BUnix $B$*$h$S(B Linux $BM3Mh$N(B OS $B$GF0:n$9$k(B 
Web $B%3%s%F%s%D4IM}%=%U%H%&%'%"$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O=EMW$J>pJs$rO31L$7$F$7$^$&LdBj$rJz$($F$$(B
$B$k5?$$$,$"$k!#(B

$B967b<T$O!"$3$N%=%U%H%&%'%"$rF0:n$5$;$F$$$k%3%s%T%e!<%?>e$N@_Dj%U%!%$%k(B 
site.ini $B$r<hF@$9$k%j%/%(%9%H$r:n@.$7!"%@%&%s%m!<%I$9$k2DG=@-$,$"$k!#$3(B
$B$N%U%!%$%k$K$O$3$N%=%U%H%&%'%"$N4IM}<T$NG'>ZMQ>pJs$,J?J8$G3JG<$5$l$F$$$k!#(B
$B$3$N%U%!%$%k$KBP$9$k(B HTTP $B%j%/%(%9%H$r9T$&$3$H$K$h$j!"%j%b!<%H$N967b<T$K(B
$B$3$N%U%!%$%k$NFbMF$,O31L$7$F$7$^$&!#(B

$B$3$NJ}K!$K$h$C$F<}=8$5$l$?>pJs$O!"LdBj$rJz$($k%3%s%T%e!<%?$KBP$9$k$5$i$J(B
$B$k967b$KM-MQ$H$J$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"(BeZ Publish 3.0 $B$KB8:_$9$k$HJs9p$5$l$F$$$k!#$3$l$h$jA0$N%P!<(B
$B%8%g%s$G$b!"$3$NLdBj$K$h$k1F6A$r<u$1$k2DG=@-$,$"$k!#(B

19. EZ Publish Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 7348
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7348
$B$^$H$a(B:

eZ Publish $B$O!"(BMicrosoft Windows$B!"(BUnix $B$*$h$S(B Linux $BM3Mh$N(B OS $B$GF0:n$9$k(B 
Web $B%3%s%F%s%D4IM}%=%U%H%&%'%"$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$OJ#?t$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj(B
$B$rJz$($F$$$k!#$3$l$i$NLdBj$O!"$3$N%=%U%H%&%'%"$KAw?.$5$l$k%f!<%6$,F~NO$9(B
$B$k%G!<%?$NL5322=(B (sanitize) $B$,IT==J,$G$"$k$3$H$K5/0x$9$k!#(B

$B967b<T$O!"LdBj$rJz$($k%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5%$%H$X$N!"0-0U(B
$B$"$k(B HTML $B$*$h$S(B $B%9%/%j%W%H%3!<%I$r4^$`%O%$%Q!<%j%s%/$r:n@.$9$k$3$H$K$h(B
$B$j!"967b2DG=$G$"$k!#%f!<%6$,$3$N%j%s%/@h$rK,Ld$7$?>l9g!"967b<T$K$h$C$FM?(B
$B$($i$l$?(B HTML $B%?%0$*$h$S%9%/%j%W%H%3!<%I$,K,Ld<T$N(B Web $B%V%i%&%6$G2r<a$5(B
$B$l$k!#$3$NLdBj$rMxMQ$9$k967b$O!"LdBj$rJz$($k%=%U%H%&%'%"$r2TF0$7$F$$$k(B 
Web $B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G0z$-5/$3$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$rEp$_=P$9!"$^(B
$B$?$O$=$NB>$N967b$,2DG=$G$"$k!#(B

$B$3$NLdBj$O!"(BeZ Publish 3.0 $B$KB8:_$9$k$HJs9p$5$l$F$$$k!#$3$l$h$jA0$N%P!<(B
$B%8%g%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k!#(B

20. EZ Publish Multiple Path Disclosure Vulnerabilities
BugTraq ID: 7349
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7349
$B$^$H$a(B:

eZ Publish $B$O!"(BMicrosoft Windows$B!"(BUnix $B$*$h$S(B Linux $BM3Mh$N(B OS $B$GF0:n$9$k(B 
Web $B%3%s%F%s%D4IM}%=%U%H%&%'%"$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O!"%Q%9>pJs$rO31L$7$F$7$^$&LdBj$rJz$($F$$(B
$B$k!#$3$NLdBj$O!"(Bkernel/class $B$*$h$S(B kernel/classes $B%G%#%l%/%H%j$K$"$kJ#(B
$B?t$N(B PHP $B%9%/%j%W%H%U%!%$%k$K1F6A$,$"$k!#(B

$B967b<T$O!"LdBj$rJz$($k%Z!<%8$X$N(B HTTP $B%j%/%(%9%H$r:n@.$9$k$3$H$K$h$j!"$3(B
$B$NLdBj$rMxMQ$7$?967b$,2DG=$G$"$k!#$3$l$K$h$j!"%Q%9>pJs$,967b<T$KJV$5$l$k(B
$B$H?d;!$5$l$k!#$3$NJ}K!$K$h$j<}=8$5$l$?>pJs$O!"LdBj$rJz$($k%7%9%F%`$KBP$7(B
$B$F$5$i$J$k967b$r;E3]$1$k:]$K;HMQ$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"(BeZ Publish 3.0 $B$K1F6A$,$"$k!#$^$?!"$3$l$h$jA0$N%P!<%8%g%s$b(B
$B1F6A$r<u$1$k5?$$$,$"$k!#(B

21. GTKHTML Malformed HTML Document Denial Of Service Vulnerability
BugTraq ID: 7350
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7350
$B$^$H$a(B:

GtkHTML $B$O!"(BGnome $B4D6-$N(B HTML $B%l%s%@%j%s%0$*$h$SJT=8%(%s%8%s$G$"$k!#$3$N(B
$B%=%U%H%&%'%"$O!"8D?M$*$h$S%o!<%/%0%k!<%W$N>pJs4IM}%=%U%H%&%'%"$G$"$k(B 
Evolution $B$H$$$C$?!"B?$/$N%"%W%j%1!<%7%g%s$GAH$_9~$^$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$rJz(B
$B$($F$$$k5?$$$,$"$k!#$3$NLdBj$O$3$N%=%U%H%&%'%"$r(B Evolution $B$H0l=o$KMxMQ(B
$B$9$k:]$KH/@8$9$k!#$3$N%=%U%H%&%'%"$,Jz$($kLdBj$K$h$j!"0-0U$"$kEE;R%a!<%k(B
$B$rAw$j$D$1$k$3$H$G!"EE;R%a!<%k%/%i%$%"%s%H(B Evolution $B$r%/%i%C%7%e$5$;$k(B
$B$3$H$,2DG=$G$"$k!#(B

$BL$8!>Z$G$O$"$k$,!"$3$NLdBj$O(B GtkHTML $B$K0MB8$9$kB>$N%"%W%j%1!<%7%g%s$K$b(B
$B1F6A$rM?$($k2DG=@-$,$"$k!#(B

$B8=;~E@$K$*$$$F!"$3$NLdBj$K4X$9$k>\:Y>pJs$O8x3+$5$l$F$$$J$$!#$3$NLdBj$K4X(B
$B$9$k>\:Y>pJs$,8xI=$5$l<!Bh!"K\(B BID $B$O99?7M=Dj$G$"$k!#(B

22. Progress Database BINPATHX Environment Variable Buffer Overflow Vulnerability
BugTraq ID: 7352
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7352
$B$^$H$a(B:

Progress Database $B$O!"(BMicrosoft Windows $B$*$h$S(B Unix $B$GF0:n$9$k>&MQ%G!<%?(B
$B%Y!<%9$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kLdBj$,H/8+$5$l$F$$(B
$B$k!#$3$NLdBj$O!"4D6-JQ?t(B 'BINPATHX' $B$r=hM}$9$k:]$N6-3&%A%'%C%/$,IT==J,$G(B
$B$"$k$3$H$K5/0x$9$k!#(B

$B$3$NJQ?t(B 'BINPATHX' $B$O!"6&M-%i%$%V%i%j$*$h$S$=$NB>%$%s%9%H!<%k%U%!%$%k$N(B
$B>l=j$rFCDj$9$k$?$a$KMQ$$$i$l$k$,!"$3$NJQ?t$KLs(B 240 $B%P%$%H$N%G!<%?$rM?$((B
$B$k;v$G%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$7$F$7$^$&2DG=@-$,$"$k!#7k2L$H$7$F!"(B
$B967b<T$O!"%a%b%jFb$N=EMW$JNN0h$r967b<T$,M?$($kCM$G=q$-49$(2DG=$G$"$k$H?d(B
$B;!$5$l$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"967b<T$O$3$N%=%U%H%&%'%"$N<B9T8"8B$G0U?^$7(B
$B$?%3!<%I$r<B9T$G$-$k2DG=@-$,$"$k!#(B

23. OSCommerce Product_Info.PHP Denial Of Service Vulnerability
BugTraq ID: 7351
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7351
$B$^$H$a(B:

osCommerce $B$O!"%*!<%W%s%=!<%9%3%_%e%K%F%#$G3+H/$,?J$s$G$$$k!"%*%s%i%$%s(B
$B%7%g%C%T%s%0$GEE;R>&<h0z$rMxMQ$9$k<jCJ$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O!"%j%b!<%H$N967b<T$,%5!<%S%9ITG=>uBV$r0z(B
$B$-5/$3$92DG=@-$,$"$kLdBj$rJz$($F$$$k!#Nc$($P(B 'products_id' $B$H$$$C$?0-0U(B
$B$"$k(B URI $B%Q%i%a!<%?$,!"(B'product_info.php' $B%Z!<%8$KEO$5$l$?>l9g!"(BmySQL $B$*(B
$B$h$S$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5!<%P$,IT0BDj$J>uBV$K$J$k$HJs(B
$B9p$5$l$F$$$k!#(B

$B$3$N5sF0$OO"B3E*$K7+$jJV$7H/@8$7!"1JB3E*$J%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,(B
$B$"$k!#(B

$B$3$NLdBj$O(B osCommerce 2.2cvs $B$KB8:_$9$k$HJs9p$5$l$F$$$k$,!"0JA0$N%P!<%8%g(B
$B%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$k!#(B

24. Xoops Glossary Module Cross Site Scripting Vulnerability
BugTraq ID: 7356
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7356
$B$^$H$a(B:

Xoops $B$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"(B'glossaire-aff.php' $B%Z!<%8$K(B URI $B%Q%i%a!<%?(B 'lettre' $B$H$7(B
$B$F%f!<%6$,M?$($kF~NOCM$O!"==J,$KL5322=(B (sanitize) $B$5$l$J$$!#$3$l$K$h$j!"(B
$B967b<T$,LdBj$rJz$($k%5%$%H$KBP$7$F%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r;E3](B
$B$1$k5!2q$rM?$($F$7$^$&!#%j%b!<%H$N967b<T$O!"%9%/%j%W%H%3!<%I$,4^$^$l$?0-(B
$B0U$"$k%j%s%/$r:n@.$7!"K,Ld<T$N%V%i%&%6$G<B9T$5$;$k$3$H$,2DG=$G$"$k!#(B

$B967b<T$K$h$C$FM?$($i$l$k%3!<%I$O!"$3$N%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web 
$B%5%$%H$HF13J$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$OLdBj$rJz$($k%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5(B
$B%$%H$N@5Ev$J%f!<%6$+$iG'>ZMQ>pJs$rC%<h$9$k$?$a$K9T$o$l$k2DG=@-$,$"$k!#$^(B
$B$?!"967b<T$OF~<j$7$?(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$rMQ$$$F@5Ev$J%f!<%6$N%;%C(B
$B%7%g%s$r>h$C<h$k2DG=@-$,$"$j!"$5$i$K$=$NB>$N967b$b2DG=$G$"$k!#(B

$B$3$NLdBj$O(B Xoops 1.3.8 $B$*$h$S(B 1.3.9 $B$KB8:_$9$k$HJs9p$5$l$F$$$k!#(B

25. 12Planet Chat Server Error Message Installation Path Disclosure Vulnerability
BugTraq ID: 7355
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7355
$B$^$H$a(B:

12 Planet Chat Server $B$O(B Windows NT/2000/XP$B!"(BLinux$B!"(BSun Solaris$B!"(BIBM AIX$B!"(B
$B$=$7$F(B HP UNIX $B>e$GF0:n$9$k(B Web $B%$%s%?%U%'!<%9$rHw$($kEE;R7G<(HD5!G=$rDs(B
$B6!$9$k%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O!"$"$kFCDj$N0U?^E*$K:n@.$5$l$?(B URL $B$N%j%/%(%9%H$r<u$1(B
$B<h$k$H!"$3$N%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$F$$$k>l=j$X$N@dBP%Q%9$r4^$`%((B
$B%i!<%a%C%;!<%8$rJV$9!#$3$N%(%i!<%a%C%;!<%8$r@8@.$9$k$?$a$K$O!"0J2<$N$h$&(B
$B$K!"(BURL $B$K>/$J$/$H$bJ8;zNs(B '/qwe' $B$r(B 3 $B$D$r4^$`I,MW$,$"$k!#(B
http://www.victim.com:8080/qwe/qwe/qwe/index.html

URL $B$,!"J8;zNs(B '/qwe' $B$r(B 3 $B$D4^$s$G$$$J$$>l9g$O!"(BHTTP 500 $B%(%i!<%a%C%;!<(B
$B%8$,!"%j%b!<%H$N%f!<%6$KAw$jJV$5$l$F$/$k$@$1$G$"$k!#(B

26. 12Planet Chat Server Administration Page Clear Text Authentication Vulnerability
BugTraq ID: 7354
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 11 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7354
$B$^$H$a(B:

12 Planet Chat Server $B$O(B Windows NT/2000/XP$B!"(BLinux$B!"(BSun Solaris$B!"(BIBM AIX$B!"(B
$B$=$7$F(B HP UNIX $B>e$GF0:n$9$k(B Web $B%$%s%?%U%'!<%9$rHw$($kEE;R7G<(HD5!G=$rDs(B
$B6!$9$k%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$N4IM}<T%5%$%H$N%m%0%$%s%Z!<%8$O!"J?J8$G%f!<%6L>$H%Q%9%o!<(B
$B%I$rAw?.$9$k!#$3$l$K$h$j!"%j%b!<%H$N967b<T$O4IM}<T$NG'>Z>pJs$rEpD0$9$k$3(B
$B$H$,2DG=$H$J$k!#(B

$B$3$N%$%s%?%U%'!<%9$G$O4IM}<T$,<+J,$N%Q%9%o!<%I$rJQ99$G$-$k$,!"$3$N?7$7$$(B
$B%Q%9%o!<%I$bJ?J8$GAw?.$9$k!#(B

27. Python Documentation Server Error Page Cross-Site Scripting Vulnerability
BugTraq ID: 7353
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7353
$B$^$H$a(B:

Python Documentation Server $B$O!"(BPython $B%=%U%H%&%'%"%Q%C%1!<%8$KF1:-$5$l(B
$B$F$$$k%U%j!<$KMxMQ2DG=$J%5!<%P$G$"$k!#$3$N%=%U%H%&%'%"$O!"(BUnix$B!"(BLinux$B!"(B
$B$=$7$F(B Microsoft Windows $B$GMxMQ2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$,B8(B
$B:_$9$k!#(B

$B$3$NLdBj$O!"=PNO%(%i!<$K4^$^$l$k(B HTML $B%?%0$d%9%/%j%W%H%3!<%I$N%U%#%k%?%j(B
$B%s%0$,IT==J,$G$"$k$3$H$K5/0x$7$F$$$k!#(BHTML $B%?%0$d%9%/%j%W%H%3!<%I$,4^$^(B
$B$l$?(B URI $B$,LdBj$rJz$($k%5!<%P$KEO$5$l$k$H!"$=$N%3!<%I$O%5!<%P$N%(%i!<%Z!<(B
$B%8$KI=<($5$l$k!#967b<T$O!"(BHTML $B$d%9%/%j%W%H%3!<%I$,4^$^$l$k0-0U$"$k%j%s(B
$B%/$rAH$_N)$F!"$3$N%=%U%H%&%'%"$N%f!<%6$K$=$N%j%s%/$rF'$^$;$k$h$&$KM6$$9~(B
$B$`$3$H$G!"$3$NLdBj$rMxMQ$7$?967b$,2DG=$G$"$k!#%(%i!<%Z!<%8$,I=<($5$l$k$H!"(B
$B967b<T$K$h$jM?$($i$l$?%3!<%I$O%f!<%6$N(B Web $B%V%i%&%6Fb$G2r<a$5$l$k2DG=@-(B
$B$,$"$k!#$3$N%3!<%I$O$3$N%=%U%H%&%'%"$,<B9T$5$l$F$$$k%;%-%e%j%F%#%3%s%F%-(B
$B%9%H$G<B9T$5$l$k2DG=@-$,$"$k!#(B

$B$3$N%=%U%H%&%'%"$O%G%U%)%k%H@_Dj$G$O(B 7464 $BHV%]!<%H$G<B9T$5$l$k!#(B

28. OSCommerce Authentication Bypass Vulnerability
BugTraq ID: 7357
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7357
$B$^$H$a(B:

osCommerce $B$O!"%*!<%W%s%=!<%9%3%_%e%K%F%#$G3+H/$,?J$s$G$$$k!"%*%s%i%$%s(B
$B%7%g%C%T%s%0$GEE;R>&<h0z$rMxMQ$9$k<jCJ$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O!"G'>Z$,2sHr$5$l$kLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l(B
$B$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$OG'>Z5!9=$N0lIt$H$7$F!!(BHTTP $B%X%C%@$N>pJs(B
$B$rMxMQ$7$F$*$j!"967b<T$O(B HTTP $B$N(B 'referrer' $B%X%C%@$N>pJs$r56$k$3$H$,2DG=(B
$B$G$"$k!#967b<T$,%m!<%+%k%[%9%H$N%"%I%l%9$r(B referrer $B$H$7$F56$k$H!"$3$N%=(B
$B%U%H%&%'%"$K$h$j;HMQ$5$l$F$$$kG'>Z%7%9%F%`$O5!G=ITA4$r5/$3$9!#(B

$B$3$N967b$O!"=EMW$J>pJs$rO31L$9$k$h$&$JB>$N967b$HJ;MQ$5$l$k2DG=@-$,$"$k!#(B
$B6qBNE*$K$O!"@=IJ>pJs$NO31L$d4IM}<T%Z!<%8$X$N%"%/%;%9$,$"$2$i$l$k!#(B

$B$3$NLdBj$O(B osCommerce 2.2cvs $B$KB8:_$9$k$HJs9p$5$l$F$$$k$,!"$3$l$h$jA0$N(B
$B%P!<%8%g%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$k!#(B

29. Microsoft Windows EngTextOut Non-ASCII Character Denial Of Service Vulnerability
BugTraq ID: 7358
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7358
$B$^$H$a(B:

Microsoft Windows $B$NJ#?t%P!<%8%g%s$KEk:\$5$l$F$$$k(B EngTextOut $B4X?t$K$OLd(B
$BBj$,B8:_$9$k$HJs9p$5$l$F$$$k!#$3$N4X?t$O!"(BGDI $B$rMxMQ$7$F%f!<%6$K$h$j;XDj(B
$B$5$l$?>l=j$K0lAH$N;z7A$rI=<($9$k!#$3$NJ8;z$O!"(BSTROBJ $B9=B$$N4X?t$KEO$5$l(B
$B$k!#(B

$B$3$N4X?t$K(B ASCII $B0J30$NJ8;z$rEO$5$l$?>l9g!"7k2L$H$7$F(B OS $B$,%/%i%C%7%e$9(B
$B$k$HJs9p$5$l$F$$$k!#$3$N%/%i%C%7%e$O!"(B'win32k.sys' $B%b%8%e!<%k$G5/$3$k!#(B
$B$3$NLdBj$O!"LdBj$rJz$($k4X?t$rMxMQ$9$k%"%W%j%1!<%7%g%s$r2p$7$F@x:_E*$K0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$k!#(B

30. Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
BugTraq ID: 7360
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7360
$B$^$H$a(B:

NTFS $B$rMxMQ$7$F$$$k(B Microsoft Windows $B$O!"%;%-%e%j%F%#>e!"9%$^$7$/$J$$%Q!<(B
$B%_%C%7%g%s$,8D!9$N%-!<$K@_Dj2DG=$G$"$k!#(B

$B$3$NLdBj$OFH<+$K@_Dj$7$?%Q!<%_%C%7%g%s$r;}$D%l%8%9%H%j%-!<$NL>A0$,JQ99$5(B
$B$l$k:]$K@8$8$k!#L>A0$,JQ99$5$l$?%-!<$OFH<+$K@_Dj$7$?%Q!<%_%C%7%g%s$r$9$Y(B
$B$F<:$&$,!"Be$o$j$K?F$N%Q!<%_%C%7%g%s$r7Q>5$9$k!#$3$NLdBj$O!V7Q>52DG=$J%"(B
$B%/%;%95v2D$r?F$+$i$3$N%*%V%8%'%/%H$K7Q>5$G$-$k$h$&$K$9$k!W$N%A%'%C%/%\%C(B
$B%/%9$,%A%'%C%/$5$l$F$$$k$+H]$+$K$+$+$o$i$:@8$8$k!#(B

$B=,47E*$K%-!<$NL>A0$,JQ99$5$l$k$3$H$O$J$$$,!":o=|$d?7$?$JL>A0$r;H$C$F:F:n(B
$B@.$,9T$J$o$l$k2DG=@-$,$"$k$3$H$+$i!"$3$NLdBj$OH/@8$9$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O!"(BWindows 2000 $B$d(B XP $B$K1F6A$rM?$($k$HJs9p$5$l$F$$$k$,!"(BWindows
NT 4.0 $B$K$b1F6A$rM?$($k2DG=@-$,$"$k!#(B

31. Netcomm NB1300 Modem/Router Weak Default Configuration Settings Vulnerability
BugTraq ID: 7359
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7359
$B$^$H$a(B:

Netcomm NB1300 $B%b%G%`(B/$B%k!<%?!<$O!"(BSOHO $B$^$?$O>.4k6H$N%M%C%H%o!<%/$r(B ADSL 
$B%5!<%S%9%W%m%P%$%@$K@\B3$9$k:]$K;HMQ$5$l$k%G%P%$%9$G$"$k!#(BADSL $B%k!<%?!<(B
$B$O!"(BIP $B%Q%1%C%H$N%k!<%F%#%s%0$*$h$S<+F0E*$K(B IP $B%"%I%l%9$r%f!<%6$K3d$jEv(B
$B$F!"(B1 $B$D$N(B ISP $B%"%+%&%s%H$r6&M-$9$k$3$H$r2DG=$K$9$k(B NAT $B$d(B DHCP $B$N$h$&$J(B
$B5!G=$KBP1~$7$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%G%P%$%9$O%;%-%e%j%F%#>e!"LdBj$N$"$k%G%U%)%k%H@_Dj$G=P(B
$B2Y$5$l$F$$$k!#$3$N%G%P%$%9$O!"%G%U%)%k%H@_Dj$G$O(B WAN $B%$%s%?%U%'!<%9B&$G(B 
FTP $B%5!<%P(B (VxWorks 5.4.1) $B$r8x3+$7$F$$$k!#%G%U%)%k%H@_Dj$G$O!"%f!<%6L>(B
$B$O!"(B'admin'$B!"%Q%9%o!<%I$O(B 'password' $B$7$F@_Dj$5$l$F$$$k!#(B

$B$3$N@_Dj$,JQ99$5$l$F$$$J$$>l9g!"%j%b!<%H$N%f!<%6$O(B FTP $B%5!<%P$K@\B3$7!"(B
$B%G%U%)%k%H$NG'>ZMQ>pJs$rMxMQ$7$FG'>Z$rDL2a$9$k2DG=@-$,$"$k!#$3$l$K$h$j!"(B
$B967b<T$O!"(B'config.reg' $B%U%!%$%kFb$KJ?J8$G3JG<$5$l$F$$$k%k!<%?$N@_Dj>pJs(B
$B$r%@%&%s%m!<%I$9$k$3$H$,2DG=$G$"$kB>!"$=$NB>$N967b$b2DG=$K$J$k!#(B

$B$3$NJ}K!$K$h$C$F<}=8$5$l$?>pJs$O!"967bBP>]$H$J$k%[%9%H(B/$B%M%C%H%o!<%/$KBP(B
$B$9$k$5$i$J$k967b$r9T$J$&$?$a$KMxMQ$5$l$k2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"8=:_%j%j!<%9$5$l$F$$$k$9$Y$F$N(B Netcomm NB 1300 $B$N%U%!!<%`%&%'(B
$B%"$K1F6A$rM?$($k$HJs9p$5$l$F$$$k$3$H$KN10U$9$Y$-$G$"$k!#(B

32. IkonBoard Lang Cookie Arbitrary Command Execution Vulnerability
BugTraq ID: 7361
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7361
$B$^$H$a(B:

Ikonboard $B$O(B Perl $B$G3+H/$5$l$?EE;R7G<(HD(B (BBS) $B5!G=$rDs6!$9$k%=%U%H%&%'(B
$B%"$G$"$j!"MM!9$J(B Web $B%5!<%P$GF0:n$9$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O967b<T$,0U?^$7$?%3%^%s%I$r<B9T$5$l$k5?$$(B
$B$,$"$k!#$3$NLdBj$O!"%f!<%6$+$iM?$($i$l$k(B Cookie $B%G!<%?(B 'lang' $B$KBP$9$kL5(B
$B322=(B (sanitize) $B$,IT==J,$G$"$k$3$H$K5/0x$9$k!#(B

$B6qBNE*$K$O!"%f!<%6$+$iM?$($i$l$k(B Cookie $B%G!<%?$rJ8;zNs$KA^F~$9$kA0$KL532(B
$B2=(B (sanitize) $B$9$k$?$a$K<B9T$5$l$k%Q%?!<%s%^%C%A%s%0$N%3!<%I$KLdBj$,B8:_(B
$B$9$k!#$3$NLdBj$rMxMQ$7$?967b$K$h$j!"967b<T$O0U?^$7$?%3!<%I$N<B9T$,2DG=$G(B
$B$"$k!#967b<T$,$3$N%=%U%H%&%'%"$NL5322=(B (sanitize) $B5!G=$,<:GT$9$k$h$&0U?^(B
$B$7$?!"IT@5$JJ8;zNs$r4^$s$@0-0U$"$k(B Cookie $B$r$3$N%=%U%H%&%'%"$KEO$7$?>l9g!"(B
$B967b<T$,Aw$j9~$s$@%G!<%?$O(B Perl $B$N(B eval() $B4X?t$KEO$5$l$k$H?d;!$5$l$k!#$3(B
$B$l$K$h$j!"967b<T$O0U?^$7$?(B Perl $B%3!<%I$r2r<a$5$;$k$3$H$,2DG=$G$"$k!#7k2L(B
$B$H$7$F!"Nc$($P<B9T7PO)$H$7$F(B Perl $B$N(B system() $B4X?t$r8F$S=P$9$3$H$G!"LdBj(B
$B$rJz$($k%=%U%H%&%'%"$r2TF0$5$;$F$$$k(B Web $B%5!<%P$HF13J$N%;%-%e%j%F%#%3%s(B
$B%F%-%9%H$G0U?^$7$?%3%^%s%I$,<B9T2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O!"(BIkonBoard 3.1.1 $B$KB8:_$9$k$HJs9p$5$l$F$$$k$,!"$3$l$h$jA0$N%P!<(B
$B%8%g%s$G$b1F6A$r<u$1$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$k!#(B

33. Ashley Brown iWeb Server Directory Traversal Vulnerability
BugTraq ID: 7362
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 15 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7362
$B$^$H$a(B:

iWeb Server $B$O!"8!>Z4D6-$N0lIt$H$7$F$NFbIt;HMQ$rA[Dj$7$?>.7?$N(B Web $B%5!<(B
$B%P$G$"$k!#$3$N%=%U%H%&%'%"$O!"7k2L$H$7$F@x:_E*$K=EMW$J>pJs$NO31L$K;j$kLd(B
$BBj$rJz$($k$HJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O%G%#%l%/%H%j$N;2>H$K4X$9$kJ8;zNs(B (../) 
$B$,4^$^$l$k!"%/%i%$%"%s%H$+$iMW5a$5$l$?%Q%9$,@5$7$/%"%/%;%9$G$-$k$+$NBEEv(B
$B@-3NG'$r9T$o$J$$!#967b<T$O!"$3$N$h$&$JJ8;zNs$rMQ$$$F%+%l%s%H%G%#%l%/%H%j(B
$B$+$i$NAjBP%Q%9$rMW5a$9$k$3$H$K$h$C$F!"(BWeb $BMQ$N2>A[%k!<%H%G%#%l%/%H%j$NHO(B
$B0O30$K$"$k%U%!%$%k$*$h$S%G%#%l%/%H%j$rF~<j2DG=$G$"$k!#(B

$B$3$NLdBj$rMxMQ$7$?967b$K$h$j!"%j%b!<%H$N967b<T$OB>$N967b$r;E3]$1$k$N$KM-(B
$BMQ$J=EMW>pJs$rF~<j$9$k2DG=@-$,$"$k!#(B

$B$3$N%=%U%H%&%'%"$N:n<T$O!"$3$N967b$N1F6A$r<u$1$J$$?7$7$$%P!<%8%g%s$r8x3+(B
$B$7$F$$$k!#(B

34. Mozilla Browser Cross Domain Violation Vulnerability
BugTraq ID: 7363
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7363
$B$^$H$a(B:

Mozilla $B$O!"(BMicrosoft Windows $B$*$h$S(B Linux $B$r4^$`!"MM!9$JF0:n4D6-$GMxMQ(B
$B2DG=$J%*!<%W%s%=!<%9$N(B Web $B%V%i%&%6$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$OB>$N%V%i%&%6%&%$%s%I%&Fb$N>pJs$K%"%/%;%9(B
$B2DG=$JLdBj$rJz$($F$$$k!#$3$NLdBj$O!"$3$N%=%U%H%&%'%"$,!"$"$k%I%a%$%s$+$i(B
$BJL$N%I%a%$%s$K%I%-%e%a%s%H$r0\$9:]$N%j%s%/$KBP$9$kL5322=(B (sanitize) $B$,IT(B
$B==J,$G$"$k$3$H$K5/0x$9$k!#6qBNE*$K$O!"(B'onclick' $B%W%m%Q%F%#$K4^$^$l$k0-0U(B
$B$"$k(B HTML $B%3!<%I$,L5322=$5$l$J$$!#(B

'onclick' $B%W%m%Q%F%#$r2p$7$?%3!<%I$N<B9T;~$K!"(BWeb $B%V%i%&%6$N%;%-%e%j%F%#(B
$B%>!<%s%]%j%7!<$N0cH?$,H/@8$7!"85$N(B Web $B%5%$%H$KB>$N%V%i%&%6%&%$%s%I%&Fb(B
$B$N(B Web $B%3%s%F%s%D$rI=<($9$k$3$H$,2DG=$H$J$k!#(B

$B$3$NLdBj$O!"0-0U$"$k%@%$%"%m%0%\%C%/%9$rI=<($9$k$h$&0U?^$5$l$?(B Web $B%Z!<(B
$B%8$rK,Ld$9$k%f!<%6$NB8:_$,I,?\$G$"$k!#$3$N<o$N967b$O!"$b$C$H$b0lHLE*$K$O!"(B
$B%=!<%7%c%k%(%s%8%K%"%j%s%0$rMxMQ$7$F9T$o$l$k!#(B

Mozilla $B$N%3!<%I$KM3Mh$9$kB>$N%V%i%&%6$bK\LdBj$rJz$($F$$$k!#(B

35. Novell Groupwise Mail Transport Agent Unspecified Denial Of Service Vulnerability
BugTraq ID: 7364
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 14 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7364
$B$^$H$a(B:

Novell GroupWise $B$O!"(BNovell $B$+$iHNGd$5$l$F$$$kEE;R%a!<%k!"%+%l%s%@!<!"$*(B
$B$h$S6&F1:n6H$r9T$&$?$a$N5!G=$rHw$($?%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"(B
$B$O(B Novell Netware $B>e$GF0$/$h$&$K@_7W$5$l$F$*$j!"(BWeb $B%V%i%&%6$r2p$7$FMxMQ(B
$B$9$k$?$a$N(B Web $B%"%/%;%9%3%s%]!<%M%s%H$b4^$s$G$$$k!#$3$N%=%U%H%&%'%"$N%/(B
$B%i%$%"%s%H%"%W%j%1!<%7%g%s$O!"(BMicrosoft Windows $B>e$GF0:n$9$k!#(B

$BITL@3N$G$O$"$k$,!"(BGroupWise MTA (Mail Transport Agent) $B$K$O!"LdBj$,B8:_(B
$B$9$k$HJs9p$5$l$F$$$k!#$3$NLdBj$O!"LdBj$rJz$($k%P!<%8%g%s$N(B OpenSSL $B$rF1(B
$B:-$7$F$$$k$3$H$K5/0x$9$k!#(B

$B$3$NLdBj$K4X$9$k>\:Y>pJs$O8=;~E@$G$OL$>\$G$"$k!#K\(B BID $B$O$5$i$J$k>pJs$,(B
$B8x3+$5$l<!Bh!"99?7M=Dj$G$"$k!#(B

$B$3$NLdBj$O(B BID 7101 $B$"$k$$$O(B 7148 $B$G8x3+$5$l$F$$$kLdBj$H4XO"@-$,$"$k$H?d(B
$B;!$5$l$k!#(B

36. Novell GroupWise WebAccess Information Disclosure Vulnerability
BugTraq ID: 7366
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Apr 16 2003 12:00AM
$B4XO"$9$k(B URL:
http://www.securityfocus.com/bid/7366
$B$^$H$a(B:

Novell WebAccess $B$O!"(BNovell Netware $B8~$1$N(B Web $B%$%s%?%U%'%$%9$rHw$($?(B 
GroupWise $B$NG'>Z%3%s%]!<%M%s%H$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O!"%$%s%?!<%M%C%H$NMzNr$KJ]B8$5$l$?(B URL $B%U%)!<%`$KB8:_(B
$B$9$k=EMW$J>pJs$rB>$N%f!<%6$KO31L$7$F$7$^$&2DG=@-$,$"$k$HJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$rMQ$$$F!"(BGroupWise $B%5!<%P>e$KJ]B8$5$l$?%a%C(B
$B%;!<%8$NG'>Z$*$h$S8!:w$r9T$&$?$a$K(B Microsoft Internet explorer 5.0 $B$r;H(B
$BMQ$9$k:]$K!"$3$NLdBj$,H/@8$9$k!#(B

$BJs9p$K$h$k$H!"8!:w$5$l$?%a%C%;!<%8$N(B URL $B$,MzNr%-%c%C%7%e$N0lIt$H$J$k$?(B
$B$a!"%o!<%/%9%F!<%7%g%s$K%"%/%;%9$9$kB>$N%f!<%6$K$h$j1\Mw$5$l$k2DG=@-$,$"(B
$B$k!#(B

$B$3$NLdBj$NK\<A$+$i9M;!$9$k$J$i$P!"$3$NLdBj$N1F6A$O6&M-%o!<%/%9%F!<%7%g%s(B
$B4D6-$G$h$j9-$$$b$N$H$J$k!#(B

III. SECURITYFOCUS NEWS AND COMMENTARY
--------------------------------------
1. Use a Honeypot, Go to Prison?
$BCx<T(B:  Kevin Poulsen, SecurityFocus

$BJF;JK!>J$N%3%s%T%e!<%?HH:a$K7H$o$k@lLg2H$?$A$O!"FCDj$N>u672<$K$*$$$F$O!"(B
$B%O%K!<%]%C%H$N@_CV$O!"%O%K!<%]%C%H$r967b$9$k0J>e$K0cK!$H$J$k2DG=@-$,$"$k(B
$B$3$H$r7Y9p$7$?!#(B

http://www.securityfocus.com/news/4004

2. Debate: Should You Hire a Hacker?
$BCx<T(B:  Deborah Radcliff, SecurityFocus

Kevin Mitnick $B;a$O!"@N$N869p<T$K<U:a$7$?!#$O$?$7$F!"99@8$7$?%O%C%+!<$,!"(B
$B4k6H$N=EMW4pHW$r<i$kG$L3$K="$/$?$a$N?.Mj$rF@$k$3$H$,$G$-$k$N$G$"$m$&$+!#(B

http://www.securityfocus.com/news/3982

3. 'Super-DMCA' fears suppress security research
$BCx<T(B: Kevin Poulsen, SecurityFocus

$B%9%F%,%N%0%i%U%#!<$d%O%K!<%]%C%H$H$$$C$?!"%a%C%;!<%8$N1#JC$d967b$N8!CN5;(B
$B=Q$K$*$1$k8&5f$GM-L>$J%_%7%,%s=#N)Bg3X$N$"$kBg3X1!@8$O!"$3$l$^$G$N8&5fO@(B
$BJ8$d%=%U%H%&%'%"$r6/@)E*$K3$30$K0\F0$5$;$i$l!"JF9qFb$N=;?M$K$h$kF1;a$N%=(B
$B%U%H%&%'%"$NF~<j$r6X$8$F$$$k$3$H$rL@$i$+$K$7$?!#$3$l$O!"G!2?$J$kEE;RDL?.(B
$B$NB8:_!"$b$7$/$OH/?.85$r$b1#JC$9$k$3$H$,2DG=$J%=%U%H%&%'%"$N=jM-$r=E:a$H(B
$B$9$k!";?H]N>O@$N?7$?$J=#K!$r<u$1$?7k2L$G$"$k!#(B

http://www.securityfocus.com/news/3912

4. Security Agency Selects Privacy Watchdog
$BCx<T(B: Jonathan Krim, Washington Post

$B5DO@$r>z$7=P$7$?%$%s%?!<%M%C%H9-9p4k6H$N85%W%i%$%P%7!<4IM}@UG$<T$,!":rF|!"(B
$BJFK\EZ0BA4J]>c>J$N:G9b%W%i%$%P%7!<4IM}@UG$<T(B (CPO) $B$H$7$F;XL>$5$l$?!#F1(B
$B>J$N(B CPO $B$O!"JF@/I\$K$*$1$k:G$b=EMW$JCO0L$G$"$j!"G!2?$K$7$F8D?M$N%W%i%$(B
$B%P%7!<$r!"H?%F%m$X$N@$3&Cf$G$N<h$jAH$_$H%P%i%s%9$r<h$k$+$,5DO@$N>GE@$H$J$C(B
$B$F$$$k!#(B

http://www.securityfocus.com/news/4017

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Iptables made easy v1.0
$B:n<T(B: e5ke
$B4XO"$9$k(B URL:
http://e5ke.dk/iptables/
$B%W%i%C%H%U%)!<%`(B: OS $B$K0MB8$7$J$$(B
$B$^$H$a(B:

Iptables made easy $B$O(B Iptables script generator $B$KM3Mh$9$k0lO"$N(B PHP $B%9(B
$B%/%j%W%H$G$9!#$3$N%=%U%H%&%'%"$O(B PHP $B$rMxMQ$7$F!"%f!<%6$,M?$($?CM$K4p$E(B
$B$$$F(B iptables $B$N5/F0%9%/%j%W%H$r@8@.$7$^$9!#$3$N%=%U%H%&%'%"$NFCD'$O!"%@(B
$B%$%J%_%C%/(B IP $B%"%I%l%9$KBP1~$7$?(B NAT $B5!G=$G$9!#$3$N%=%U%H%&%'%"$O%9%/%j(B
$B%W%H$K$h$j=PNO$5$l$?8e$b=$@5$,MF0W$J7A$G(B input $B%k!<%k$*$h$S(B forward $B%k!<(B
$B%k$r@8@.$7$^$9!#$^$?4IM}<T$,4V0c$C$?%M%C%H%o!<%/>pJs$rEPO?$7$F$7$^$$%"%/(B
$B%;%9$G$-$J$/$J$k$3$H$N$J$$$h$&$K3NG'$9$k%A%'%C%/5!9=$,AH$_9~$^$l$F$$$^$9!#(B

2. Amrita VPN v0.90 beta 2
$B:n<T(B: Jayaraj
$B4XO"$9$k(B URL:
http://amvpn.sourceforge.net
$B%W%i%C%H%U%)!<%`(B: Linux$B!"(BPOSIX
$B$^$H$a(B:

Amrita VPN $B$O(B GNU/Linux $B%7%9%F%`$GF0:n$9$k!"MF0W$K(B VPN $B$rMxMQ$9$k<jCJ$r(B
$BDs6!$9$k%*!<%W%s%=!<%9$N%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$O40A4$K%f!<%6(B
$B%9%Z!<%9$GF0$/$h$&$K<BAu$5$l$F$*$j!"%+!<%M%k%Q%C%A$NE,MQ$d3HD%$OI,MW$"$j(B
$B$^$;$s!#$^$?6/EY$N9b$$0E9f2=$*$h$SG'>Z$r9T$&$?$a$K(B SSL $B$r;HMQ$7$F$$$^$9!#(B

3. Crypt Blowfish v0.4.5
$B:n<T(B: OpenWall Project
$B4XO"$9$k(B URL:
http://www.openwall.com/crypt/
$B%W%i%C%H%U%)!<%`(B: N/A
$B$^$H$a(B:

Crypt Blowfish $B$O(B Blowfish $B%V%m%C%/0E9f%"%k%4%j%:%`$KM3Mh$9$k?7@$Be$N%Q(B
$B%9%o!<%I%O%C%7%e%"%k%4%j%:%`$r<BAu$7$?%=%U%H%&%'%"$G$"$j!"(Bcrypt(3) $B$H:F(B
$BF~2DG=$J%$%s%?%U%'!<%9$K$h$jDs6!$5$l$k!#$3$N%=%U%H%&%'%"$O(B bcrypt $B$H8_49(B
$B@-$,$"$j$^$9!#(B

4. Nast v0.1.7
$B:n<T(B: embyte
$B4XO"$9$k(B URL:
http://nast.berlios.de
$B%W%i%C%H%U%)!<%`(B: FreeBSD$B!"(BLinux$B!"(BNetBSD$B!"(BOpenBSD$B!"(BPOSIX
$B$^$H$a(B:
Nast $B$O!"(BLibnet $B$*$h$S(B Libpcap $B$r4pHW$H$7$?%Q%1%C%H%9%K%U%!$*$h$S(B LAN $B%"(B
$B%J%i%$%6$G$9!#$3$N%D!<%k$O!"DL>o%b!<%I$^$?$O%W%m%_%9%-%c%9%b!<%I$N%M%C%H(B
$B%o!<%/%$%s%?%U%'%$%9>e$G%Q%1%C%H$rK5<u2DG=$G$9!#$3$N%D!<%k$O!"%Q%1%C%H$N(B
$B%X%C%@!"$*$h$S!"(BASCII $B7A<0$^$?$O(B 16 $B?J(B ASCII $B7A<0$N%Z%$%m!<%I$r%@%s%W$7(B
$B$^$9!#$^$?!"MM!9$J%Q%1%C%H%U%#%k%?%j%s%0$,MxMQ2DG=$G$9!#K5<u$7$?%G!<%?$O!"(B
$B8DJL$N%U%!%$%k$KJ]B82DG=$G$9!#$3$N%D!<%k$OJ,@O%D!<%k$H$7$F!"F10l%M%C%H%o!<(B
$B%/>e$K%W%m%_%9%-%c%9%b!<%I$K@_Dj$5$l$?B>$N(B NIC $B$,B8:_$9$k$+$N3NG'!"(BLAN 
$B>e$G8!CN$5$l$?A4%[%9%H$N0lMw:n@.!"%2!<%H%&%'%$$N8!CN!"J#?t%[%9%H$KBP$9$k(B
$B%]!<%H%9%-%c%s$N<B;\!"%G!<%b%s$,JV$9%P%J!<$N<}=8!"(BTCP $B%G!<%?%9%H%j!<%`$N(B
$BDI@W!"@\B3$N%j%;%C%H!"(BLink Type $B$,%O%V$G$"$k$+%9%$%C%A$G$"$k$+$NFCDj$,2D(B
$BG=$G$9!#(B

5. LKL v0.0.2
$B:n<T(B: Carlo Comin
$B4XO"$9$k(B URL:
http://www.spine-group.org/tool.htm
$B%W%i%C%H%U%)!<%`(B: Linux$B!"(BPOSIX
$B$^$H$a(B:
LKL $B$O!"%f!<%6!<%9%Z!<%9$GF0:n$9$k%-!<%m%,!<$G$"$j!"(Bx86 $B%"!<%-%F%-%A%c>e(B
$B$G2TF0$9$k(B Linux $B$G<B9T2DG=$G$9!#$3$N%D!<%k$O!"%O!<%I%&%'%"%-!<%\!<%I%]!<(B
$B%H(B (0x60) $B$r2p$7$FEO$5$l$kA4$F$N>pJs$rK5<u$7!"5-O?$7$^$9!#$^$?!"%-!<%3!<(B
$B%I$r%-!<%^%C%W%U%!%$%k$rMQ$$$F(B ASCII $B7A<0$KJQ49$7$^$9!#(B

6. DSPAM v2.0
$B:n<T(B: Jonathan A. Zdziarski
$B4XO"$9$k(B URL:
http://www.networkdweebs.com/products/dspam/
$B%W%i%C%H%U%)!<%`(B: UNIX
$B$^$H$a(B:
DSPAM $B$O!"L$>5Bz9-9p$NEE;R%a!<%k$r%f!<%6$4$H!"$*$h$S%3%_%e%K%F%#5,LO$GM}(B
$BCNE*$K%U%#%k%?%j%s%0$9$k5!G=$r;}$D%(!<%8%'%s%H$N3+H/$rL\E*$H$9$k%9%Q%`BP(B
$B:v$N%W%m%8%'%/%H$G$9!#$3$N%D!<%k$O!"%Y%$%:M}O@$K4p$E$/%"%k%4%j%:%`$rMQ$$(B
$B$FFCDj$N%H!<%/%sCM$r3d$jEv$F!"AH$_9g$o$;3NN($rMQ$$$k$3$H$K$h$j!"FCDj%f!<(B
$B%6$N9TF0MM<0$rCNE*$K3X=,$9$k$h$&@_7W$5$l$F$$$^$9!#EE;R%a!<%k$O!":G$b?M!9(B
$B$N4X?4$r0z$/%H!<%/%s$KJ,2r$5$l!"EE;R%a!<%k$,%9%Q%`%a!<%k$G$"$k$+$I$&$+$N(B
$BE}7WE*3NN($r7W;;$9$k$N$KMxMQ$5$l$^$9!#(B

--
$BLu(B: $B@>B<9/MN(B(NISHIMURA Yasuhiro)$B!"A}EDCR0l(B(MASUDA Tomokazu)$B!"(B
$B>.>>%_%5(B(KOMATSU Misa)
$B4F=$(B: $B@>B<9/MN(B(NISHIMURA Yasuhiro)
LAC Co., Ltd.
http://www.lac.co.jp/security/

-----------1051690888-613048677
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIRHAYJKoZIhvcNAQcCoIIRDTCCEQkCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
Dr8wggI8MIIBpQIQMlAzz1DRVvNcga1lXE/IJTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQG
EwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGlj
IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMjAw
MTA3MjM1OTU5WjBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1
BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22jVmEtmUhx9mfeuY3rt56GgAqRDvo4
Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtuwfYV1aioP6oSBo0xrH+wNNeP
NGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6Ki8xqu6jZ9rbAgMBAAEw
DQYJKoZIhvcNAQECBQADgYEAS0RmYGhk5Jgb87By5pWJfN17s5XAHS7Y2BnQLTQ9xlCaEIaM
qj87qAT8N1KVw9nJ283yhgbEsRvwgogwQo4XUBxkerg+mUl0l/ysAkP7lgxWBCUMfHyHnSSn
2PAyKbWk312iTMUWMqhC9kWmtja54L9lNpPC0tdr3N5Z1qI1+EUwggI9MIIBpgIRAM26f1bw
3+S8VP4irLNyqlUwDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZl
cmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTk2MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkG
A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1
YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUA
A4GNADCBiQKBgQDlGb9to1ZhLZlIcfZn3rmN67eehoAKkQ76OCWvRoiC5XOooJskXQ0fzGVu
DLDQVoQYh5oGmxChc9+0WDlrbsH2FdWoqD+qEgaNMax/sDTXjzRniAnNFBHiTkVWaR94AoDa
3EeRKbs2yWNcxeDXLYd7obcysHswuiovMaruo2fa2wIDAQABMA0GCSqGSIb3DQEBAgUAA4GB
AEw/uIvGaN/uQzMOXemmyweETXoz/5Ib9Dat2JUiNmgRbHxCzPOcLsQHPxSwD0//kJJ2+eK8
SumPzaCACvfFKfGCIl24sd2BI6N7JRVGMHkW+OoFS5R/HcIcyOO39BBAPBPDXx9T6EjkhrR7
oTWweyW6uNOOqz84nQA0AJjz0XGUMIICPTCCAaYCEQDz1GWTDuTHHs1vChERVlizMA0GCSqG
SIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE3MDUG
A1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAe
Fw05NjAxMjkwMDAwMDBaFw0wNDAxMDcyMzU5NTlaMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQK
Ew5WZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBDZXJ0
aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA5Rm/baNW
YS2ZSHH2Z965jeu3noaACpEO+jglr0aIguVzqKCbJF0NH8xlbgyw0FaEGIeaBpsQoXPftFg5
a27B9hXVqKg/qhIGjTGsf7A01480Z4gJzRQR4k5FVmkfeAKA2txHkSm7NsljXMXg1y2He6G3
MrB7MLoqLzGq7qNn2tsCAwEAATANBgkqhkiG9w0BAQIFAAOBgQAjyGZsVZ9SYWqvFx3is89H
jkwbAjN1+UXvm0exsSugNTbRUnBpybul85NbkmD5ZH7xwT/p0RXx0sAXvaSdF67hB8+6gZbE
rnEZ9s5kv6cZ9VUof3wz1sK5t+slKf0p+GJwQTHdwwfbElMWYNCdB/kAZfyNbBhQILdn3H79
cEstDzCCAzwwggKloAMCAQICEAQa2pqnxtqHdYa+MJp9N08wDQYJKoZIhvcNAQECBQAwXzEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAx
IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk5MDkxNDAwMDAw
MFoXDTA5MDkwOTIzNTk1OVowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAd
BgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBh
dCBodHRwczovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJp
U2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQDnvpzpMy1glZcGiPmrsWEvOOXjEuTGvnb95mH1mMGeDPD3HmpNa7WG
Cp2NaO3eVRcRaBICMi2F3Edx6/eL5KtrsnroadWbYLPfBpPJ4BYttJND7Us7+oNdOuQmwFhj
xm9P25bndFT1lidp0Gx/xN5ekq3mNwt5iSWVdqOuEYKApQIDAQABo4GhMIGeMCQGA1UdEQQd
MBukGTAXMRUwEwYDVQQDEwxBZmZpbGlhdGUxLTUwEQYJYIZIAYb4QgEBBAQDAgEGMEUGA1Ud
IAQ+MDwwOgYKYIZIAYb4RQEHCzAsMCoGCCsGAQUFBwIBFh5odHRwczovL3d3dy52ZXJpc2ln
bi5jby5qcC9SUEEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwDQYJKoZIhvcNAQEC
BQADgYEAuIwwUgDQeNCIO/tzaT6ISelw4QjYJ9up3+be1dxZGHKcEFGtPfwaBNvlTMLV3eW3
BG6W5QRbNNhIaoVl0g8Yw1YuIexVFD7yUKcvQfOOThuG0y93V6Runzha6iErOLabtv05we+V
UnSsknF+qOCLYP9uMIKB/JmDiWnNpnUbAHMwggS5MIIEIqADAgECAhBvS++hdDHwEhbihEbY
piB4MA0GCSqGSIb3DQEBBAUAMIG1MRwwGgYDVQQKExNWZXJpU2lnbiBKYXBhbiBLLksuMR8w
HQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT4wPAYDVQQLEzVUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY28uanAvUlBBIChjKSA5ODE0MDIGA1UEAxMrVmVy
aVNpZ24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw0wMzAzMTAwMDAw
MDBaFw0wNDAzMDkyMzU5NTlaMIIBKjELMAkGA1UEBhMCSlAxHDAaBgNVBAoUE1ZlcmlTaWdu
IEphcGFuIEsuSy4xNDAyBgNVBAsUK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFs
IFN1YnNjcmliZXIxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMg
SW5jb3JwLiBieSBSZWYuLExJQUIuTFREKGMpOTkxPzA9BgNVBAsUNkRpZ2l0YWwgSUQgQ2xh
c3MgMSAtIFNNSU1FIE9yYW5nZXNvZnQgSW5jLi9XaW5iaWZmLzIuMTEbMBkGA1UEAxMSWWFz
dWhpcm8gTmlzaGltdXJhMSEwHwYJKoZIhvcNAQkBFhJ5Lm5pc2ltckBsYWMuY28uanAwgZ8w
DQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAM7sXWSb5aB0EXRgNSeT/xmGveRjfkwzTA7PSw8x
UU4qAPMcUdwTLIrV87ktOOEIa7GrsJdJVbATb4jUvJ5NnzJBNNJLeePkoo82QyEaeJ5QWqAT
PuovaoAVSOww885141iVR4lUUEQe1prnW2subFThrFTQsbJRizSGyagkqZpZAgMBAAGjggFQ
MIIBTDAJBgNVHRMEAjAAMIGsBgNVHSAEgaQwgaEwgZ4GC2CGSAGG+EUBBwEBMIGOMCgGCCsG
AQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vQ1BTMGIGCCsGAQUFBwICMFYwFRYO
VmVyaVNpZ24sIEluYy4wAwIBARo9VmVyaVNpZ24ncyBDUFMgaW5jb3JwLiBieSByZWZlcmVu
Y2UgbGlhYi4gbHRkLiAoYyk5NyBWZXJpU2lnbjALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEB
BAQDAgeAMHAGA1UdHwRpMGcwZaBjoGGGX2h0dHA6Ly9vbnNpdGVjcmwudmVyaXNpZ24uY29t
L1ZlcmlTaWduSmFwYW5LS1ZlcmlTaWduQ2xhc3MxQ0FJbmRpdmlkdWFsU3Vic2NyaWJlci9M
YXRlc3RDUkwuY3JsMA0GCSqGSIb3DQEBBAUAA4GBAHvt8ALuk2OxWjrJtpwOqNTeoJvwlyWo
XAFbf8aItRMk0K3HgqmNvzzLVlFgYno9YaQbaSLFUj45deitv1ItAMHCofHVPju3c/lzUm9z
7TT1fae2uUd3LzA5pyNXF18zjm9a5tyP1Ot5aqvpnKeTHCPuYCBw49Jz4+Pv7Z/f7KAgMYIC
JTCCAiECAQEwgcowgbUxHDAaBgNVBAoTE1ZlcmlTaWduIEphcGFuIEsuSy4xHzAdBgNVBAsT
FlZlcmlTaWduIFRydXN0IE5ldHdvcmsxPjA8BgNVBAsTNVRlcm1zIG9mIHVzZSBhdCBodHRw
czovL3d3dy52ZXJpc2lnbi5jby5qcC9SUEEgKGMpIDk4MTQwMgYDVQQDEytWZXJpU2lnbiBD
bGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyAhBvS++hdDHwEhbihEbYpiB4MAkG
BSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0BCQUxDxcN
MDMwNDMwMDgyMTAwWjAjBgkqhkiG9w0BCQQxFgQUFBpPtEQk4rDel7FsKdTOsH2BLW8wUgYJ
KoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwBwYFKw4DAgcwDQYI
KoZIhvcNAwICAUAwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEgYDFpX/P51Ramp52
RLZJA+Mun3joQ5cr+mAANQQ3GErnYqd8Z6wLKwZN6S1XdT7RI8Z9ohCAN7AipAMyNYYmlucw
MaGeic8O7uUp2maA2DmDSLn42AWLy0pXyWaZO2gwncrl3g7G6YRhzArFKL+gyyrlrQD460yw
W/ltiGzVd8KcFw==

-----------1051690888-613048677--