SecurityFocus

SecurityFocus Newsletter #219 2003-10-13->2003-10-17 Nov 11 2003 02:14PM
tomokazu masuda lac co jp (tomokazu masuda)

$BA}ED(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 219 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------

---
BugTraq-JP $B$K4X$9$k(B FAQ($BF|K\8l(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------

---
------------------------------------------------------------------------

---
SecurityFocus Newsletter $B$K4X$9$k(BFAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml

BugTraq $B$K4X$9$k(B FAQ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
------------------------------------------------------------------------

---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^(B
$B$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^(B
$B$9!#(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0(B
$B$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------

---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------

---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (tomokazu.masuda (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5(B
$B$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------

---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Mon, 20 Oct 2003 10:53:46 -0600 (MDT)
Message-ID: <Pine.LNX.4.58.0310201050230.1503 (at) mail.securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #219
-----------------------------

This Issue is Sponsored by: ISS

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
1. Incident Response Tools For Unix, Part Two: File-System Tools
2. Transparent, Bridging Firewall Devices
3. Disclosure Plan Won't Help
4. Too Many Hacks
5. CCIA Report is Bad Medicine
6. The Flaw of Security Through Diversification
7. Counterpoint: Linux vs. Windows Viruses
II. BUGTRAQ SUMMARY
1. Rit Research Labs TinyWeb Server Remote Denial of Service Vu...
2. Microsoft Windows RPCSS Multi-thread Race Condition Vulnerab...
3. HP Tru64 CDE dtmailpr Unspecified Privileged Access Vulnerab...
4. Gallery index.php Remote File Include Vulnerability
5. Hummingbird CyberDOCS Path Disclosure Vulnerability
6. IRCnet IRCD Local Buffer Overflow Vulnerability
7. mIRC DCC SEND Buffer Overflow Vulnerability
8. mIRC IRC URL Buffer Overflow Vulnerability
9. Multiple myPHPCalendar File Include Vulnerabilities
10. WinSyslog Long Syslog Message Remote Denial Of Service Vulne...
11. Apache Mod_Throttle Module Local Shared Memory Corruption Vu...
12. WrenSoft Zoom Search Engine Cross-Site Scripting Vulnerabili...
13. Apache Tomcat Non-HTTP Request Denial Of Service Vulnerabili...
14. AOL Instant Messenger Getfile Screenname Buffer Overrun Vuln...
15. Microsoft Messenger Service Buffer Overrun Vulnerability
16. Microsoft ListBox/ComboBox Control User32.dll Function Buffe...
17. Microsoft Windows Help And Support Center URI Handler Buffer...
18. DBMail IMAP Service SQL Injection Vulnerability
19. Microsoft ActiveX Authenticode Verification Bypass Vulnerabi...
20. Sun Solaris SysInfo System Call Kernel Memory Reading Vulner...
21. Microsoft Exchange Server 5.5 Outlook Web Access Cross-Site ...
22. Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer...
23. Linksys BEFSX41 EtherFast Router Log Viewer Denial Of Servic...
24. Microsoft Word Macro Name Handler Buffer Overflow Vulnerabil...
25. Sun Solaris Pipe Function Unspecified Kernel Race Condition ...
26. Planet WGSD-1020 Switch Undocumented Administrative User Una...
27. Microsoft Exchange Server Buffer Overflow Vulnerability
28. RealOne Player Temporary File Default Browser Script Executi...
29. Macromedia ColdFusion MX SQL Error Message Cross-Site Scrip...
30. Bajie HTTP Server Example Scripts And Servlets Cross-Site Sc...
III. SECURITYFOCUS NEWS ARTICLES
1. Senators propose Patriot Act limitations
2. Prosecutors admit error in whistleblower conviction
3. Teen charged in cyber stock scam
4. Spam inspires musos to song
5. NetScreen firms firewalls against app attacks
6. Teen computer whiz cleared in Houston hacking
IV. SECURITYFOCUS TOP 6 TOOLS
1. Webmin Usermonitor v0.11a
2. radmind v1.2.0
3. w3pw v1.10
4. testmail v3.1.5
5. Steghide v0.5.1
6. NISCA v2.5

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Rit Research Labs TinyWeb Server Remote Denial of Service Vu...
BugTraq ID: 8810
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 10 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8810
$B$^$H$a(B:

TinyWeb $B$O!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$J!"7ZNL$N(B Web $B%5!<%P%G!<%b(B
$B%s$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967b<T$K%5!<%S%9ITG=>uB
V$r(B
$B0z$-5/$3$5$l$k2DG=@-$,$"$kLdBj$,B8:_$9$k!#$3$NLdBj$O!"967b<T$,0U?^E*$
KAH(B
$B$_N)$F$i$l$?(B HTTP GET $B%j%/%(%9%H(B /cgi-bin/.%00./dddd.html $B$rLdBj$rJz$($k(B
$B%5!<%P$KAw?.$9$k:]$K@8$8$k!#$3$N%j%/%(%9%H$K$h$j!"$3$N%=%U%H%&%'%"$O2
aBg(B
$B$JNL$N(B CPU $B%5%$%/%k$r>CHq$7$F!"%/%i%C%7%e$^$?$O%O%s%0$r0z$-5/$3$92DG=@-(B
$B$,$"$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b<T$O$3$N%=%U%H%&%'%"$rIT0BD
j$J(B
$BJ}K!$GF0:n$5$;!"%/%i%C%7%e$^$?$O%O%s%0$r0z$-5/$3$9$3$H$,2DG=$G$"$k$H?
d;!(B
$B$5$l$k!#(B

TinyWeb 1.9 $B$,$3$NLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k$,!"B>$N%P!<%8%g%s$bF1(B
$BMM$KLdBj$rJz$($F$$$k2DG=@-$,$"$k!#(B

2. Microsoft Windows RPCSS Multi-thread Race Condition Vulnerab...
BugTraq ID: 8811
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 10 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8811
$B$^$H$a(B:

$BJs9p$K$h$k$H!"(BMicrosoft Windows $B$N(B RPCSS $B%5!<%S%9$K$O!"%^%k%A%9%l%C%I$N(B
$B6%9g>uBV$,B8:_$9$k!#$3$N$?$a!"967b<T$O%5!<%S%9ITG=967b$r;E3]$1$k$3$H$
,2D(B
$BG=$G$"$k$H?d;!$5$l$k!#Js9p$K$h$k$H!"$3$NLdBj$O!"$3$N%5!<%S%9$,J#?t$N
(B RPC
$B%j%/%(%9%H$r=hM}$9$k:]$K@8$8$k!#6qBNE*$K$O!"(B2 $B$D$N%9%l%C%I$,F10l$N%j%/(B
$B%(%9%H$r=hM}$9$k>l9g!"0lJ}$N%9%l%C%I$,0MA3$H$7$F%Q%1%C%H$r=hM}$7$F$$$
k4V(B
$B$K!"$b$&0lJ}$N%9%l%C%I$,$=$N%Q%1%C%H$r3+J|$9$k2DG=@-$,$"$k!#(B

$B$3$l$K$h$j!"%a%b%j$N=q$-49$($,0z$-5/$3$5$l$k2DG=@-$,$"$k!#FCDj$N>u672
<$K(B
$B$*$$$F!"0U?^$9$k%3!<%I$r<B9T2DG=$JJ}K!$G$N%a%b%j$N=q$-49$($,0z$-5/$3$
5$l(B
$B$k2DG=@-$,$"$k$,!"LdBj$rJz$($k%3%s%T%e!<%?$N%M%C%H%o!<%/CY1d;~4V!"(B
CPU$B!"(B
$B$*$h$S%a%b%j$N>uBV$H$$$C$?FCDj$NMW0x$K$h$j!"3N<B$KK\LdBj$r:F8=$9$k$3$
H$O(B
$B:$Fq$G$"$k$H?d;!$5$l$k!#%3!<%I$N<B9T$,0z$-5/$3$5$l$k2DG=@-$ODc$$$HH=C
G$5(B
$B$l$F$$$k!#(B

$B$7$+$7$J$,$i!"?.Mj6Z$NJs9p$K$h$k$H!"K\LdBj$O40A4$K%Q%C%A$rE,MQ$7$?(B

Windows XP Service Pack 1 $B%7%9%F%`(B(MS03-039 $B$GDs6!$5$l$?%Q%C%A$r4^$`(B) $B$K(B
$B%5!<%S%9ITG=>uBV$r0z$-5/$3$92DG=@-$,$"$k!#$^$?!"K\LdBj$,%Y%s%@$KDLCN$
5$l(B
$B$F$$$k$3$H$b<($5$l$F$$$k!#(B

$BK\LdBj$rMxMQ$9$k967b$K$h$j40A4$K%Q%C%A$rE,MQ$7$?(B Windows 2000 $B%7%9%F%`$K(B
$B%5!<%S%9ITG=>uBV$r0z$-5/$3$9$H<gD%$9$k?7>pJs$r?.Mj6Z$+$iF~<j$7$F$$$k!
#(B

$B$3$N967b$,(B Windows 2003 $B$KBP$7$F!"$I$N$h$&$J1F6A$r5Z$\$9$+$OL$>\$G$"$k!#(B

3. HP Tru64 CDE dtmailpr Unspecified Privileged Access Vulnerab...
BugTraq ID: 8813
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 10 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8813
$B$^$H$a(B:

Tru64 $B$O!"(BHP $B$K$h$jHNGd$*$h$SJ]<i$,9T$o$l$F$$$k(B Unix $BM3Mh$N(B OS $B$G$"$k!#(B

dtmailpr $B$K$O!"G'>Z:Q$_$N967b<T$,%j%b!<%H$N%3%s%T%e!<%?$KK\Mh5v2D$5$l$F(B
$B$$$J$$8"8B$G$N%"%/%;%9$,2DG=$H$J$kLdBj$,3NG'$5$l$F$$$k!#(B

HP $B$NJs9p$K$h$k$H!"(BTru64 $B$KF1:-$5$l$F$$$k(B Common Desktop Environment $B$K(B
$BB8:_$9$kLdBj$O!"%j%b!<%H$N967b<T$,K\Mh5v2D$5$l$F$$$J$$%j%b!<%H$+$i$NF
C8"(B
$BE*%"%/%;%9$rC%<h$9$k$?$a$K967b$5$l$k2DG=@-$,$"$k!#K\LdBj$K4X$9$kL@3N$
J>p(B
$BJs$O!"8=;~E@$G$O8x3+$5$l$F$$$J$$!#(B

$BK\LdBj$,B>$NF0:n4D6-$N(B CDE $B$K1F6A$r5Z$\$9$+$I$&$+$OL$>\$G$"$k!#$^$?!"K\(B
$BLdBj$K4X$9$kL@3N$J>pJs$O!"8=;~E@$G$O8x3+$5$l$F$$$J$$!#(B

4. Gallery index.php Remote File Include Vulnerability
BugTraq ID: 8814
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 11 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8814
$B$^$H$a(B:

Gallery $B$O!"%U%)%H%"%k%P%`$N:n@.$H$$$C$?!"(BWeb $B%5%$%H>e$N%$%a!<%8$N4IM}$N(B
$BL\E*$H$7$?(B Web $B%"%W%j%1!<%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O!"(BPHP $B%9%/%j%W(B
$B%H8@8l$rMxMQ$7$F3+H/$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O!"%j%b!<%H$N%U%!%$%k$r%$%s%/%k!<%I$5$
l$k(B
$BLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"(Bindex.php $B%9%/%j%W%H$X$N%j%/%(%9(B
$B%HMQ$N%Y!<%9%G%#%l%/%H%j$r;XDj$9$k$?$a$KMQ$$$i$l$k(B GALLERY_BASEDIR URI
$B%Q%i%a!<%?$r=hM}$9$k:]$K@8$8$k!#6qBNE*$K$O!"$3$N%=%U%H%&%'%"$O!"$3$N%
Q%i(B
$B%a!<%?$K$h$j;XDj$5$l$?>l=j$N4pE@$NBEEv@-3NG'$,IT==J,$G$"$k!#7k2L$H$7$
F!"(B
$B967b<T$O%U%!%$%kL>(B util.php $B$rMQ$$$F0-0U$"$k(B PHP $B%9%/%j%W%H%U%!%$%k$r%[(B
$B%9%F%#%s%0$5$;!"(BPHP $B%3!<%I$K%$%s%/%k!<%I$7$?%U%!%$%k$r(B Web $B%5!<%P$K$h$j(B
$B<B9T$5$;$k$3$H$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!":G=*E*$K%j%b!<%H$N%3%s%T%e!<%?>
e$G(B
$B0U?^$9$k%3!<%I$N<B9T$,2DG=$G$"$k$H?d;!$5$l$k!#(B

**$B99?7(B: $B%Y%s%@$O!"K\LdBj$O(B Unix $BM3Mh$N(B OS $B>e$G$N(B 'configuration mode' $B$K(B
$B$*$$$F$N$_967b2DG=$G$"$k$HJs9p$7$F$$$k!#(BWindows $B%f!<%6$O>o$K$3$NLdBj$rJz(B
$B$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#(B

5. Hummingbird CyberDOCS Path Disclosure Vulnerability
BugTraq ID: 8816
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 11 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8816
$B$^$H$a(B:

Hummingbird CyberDOCS (DM) $B$O!"(BMicrosoft Windows server $B4D6-$G(B SQL $B%G!<(B
$B%?%Y!<%9$HO"7H$7$FF0:n$9$k$h$&$K@_7W$5$l$?!"J8=q4IM}%=%U%H%&%'%"$G$"$
k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O%Q%9>pJs$,O31L$9$kLdBj$rJz$($F$$$k5?$
$$,(B
$B$"$k!#967b<T$O!"%Q%i%a!<%?$rM?$($:$K(B cyberdocs.asp $B$"$k$$$O(B loginact.asp
$B%9%/%j%W%H$K%j%/%(%9%H$r9T$&$3$H$K$h$j!"@x:_E*$K%Q%9>pJs$K%"%/%;%92DG
=(B
$B$G$"$k!#$3$l$K$h$j!";v<B>e!"$3$N%=%U%H%&%'%"$N%$%s%9%H!<%k%G%#%l%/%H%
j$,(B
$B4^$^$l$k%(%i!<%Z!<%8$,JV$5$l$k!#(B

$B$3$N>pJs$X$N%"%/%;%9$O!"$5$i$J$k967b$r;E3]$1$k:]$K967b<T$KM-MQ$H$J$k2
DG=(B
$B@-$,$"$k!#(B

6. IRCnet IRCD Local Buffer Overflow Vulnerability
BugTraq ID: 8817
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 13 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8817
$B$^$H$a(B:

IRCnet IRCD $B$O!"(BLinux/Unix $BM3Mh$N(B OS $B$r4^$`B?$/$N4D6-$GMxMQ2DG=$J!"(BIRC
$B$N<BAu$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$O!"%m!<%+%k>e$N%f!<%6$K$h$j967b$5$l$k2
DG=(B
$B@-$,$"$k%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kLdBj$rJz$($F$$$k5?$$$,$"$k!#$
3$N(B
$BLdBj$O!"%a%b%j$N3NJ]:Q$_%P%C%U%!$K%3%T!<$5$l$kA0$N!"%f!<%6$,M?$($?%G!
<%?(B
$B$KBP$9$k6-3&%A%'%C%/$,IT==J,$G$"$k$3$H$K5/0x$9$k$H?d;!$5$l$k!#1F6A$r<
u$1(B
$B$k%P%C%U%!$N%5%$%:$h$jBg$-$JM?$($i$l$?%G!<%?$O!"%P%C%U%!$N6-3&$r0n$l$
F!"(B
$BNY@\$9$k%a%b%jFbMF$r=q$-49$($k2DG=@-$,$"$k!#$3$NLdBj$rMxMQ$9$k967b$K$
h$j!"(B
$BLdBj$rJz$($k%=%U%H%&%'%"$N%/%i%C%7%e$,2DG=$G$"$k$H?d;!$5$l$k!#L$8!>Z$
G(B

$B$O$"$k$,!"$3$NLdBj$NK\<A$+$i9M;!$9$k$H!"$3$NLdBj$rMxMQ$9$k967b$K$h$j!
"%m(B
$B!<%+%k$N967b<T$O@x:_E*$K!"1F6A$r<u$1$k%=%U%H%&%'%"$N8"8B$G0U?^$9$k%3!
<%I(B
$B$N<B9T$,2DG=$G$"$k$H$b?d;!$5$l$k!#(B

$B$3$NLdBj$O!"(BIRCnet IRCD 2.10.3p3 $B0JA0$N(B 2.10 $B3+H/%D%j!<$K1F6A$r5Z$\$9$H(B
$BJs9p$5$l$F$$$k!#(B

7. mIRC DCC SEND Buffer Overflow Vulnerability
BugTraq ID: 8818
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 13 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8818
$B$^$H$a(B:

mIRC $B$O!"(BMicrosoft Windows $B8~$1$K@_7W$5$l$?(B IRC $B%W%m%H%3%k$rMxMQ$9$k%A%c(B
$B%C%H%/%i%$%"%s%H$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967b<T$,LdBj$rJz$($k(B mIRC $B%/%i%$%"%s%H$r(B
$B%/%i%C%7%e$5$;$k$3$H$,2DG=$K$J$kLdBj$,B8:_$9$k$HJs9p$5$l$F$$$k!#$3$NL
dBj(B
$B$O!"(B'DCC SEND' $B%j%/%(%9%H$KBP$9$k6-3&%A%'%C%/$,IT==J,$G$"$k$3$H$K5/0x$9(B
$B$k2DG=@-$,9b$$!#(B

$BJs9p$K$h$k$H!"0-0U$"$k(B 'DCC SEND' $B%j%/%(%9%H$r<u?.$7$?:]!"$3$N%j%/%(%9%H(B
$B$OCWL?E*$J%(%i!<$r0z$-5/$3$7!"1F6A$r<u$1$k%/%i%$%"%s%H$r%/%i%C%7%e$5$
;$k!#(B
'DCC SEND' $B%j%/%(%9%H$O!"%A%c%s%M%k$^$?$OFCDj$N967bBP>]$H$J$k%f!<%6$KAw(B
$B?.2DG=$G$"$k!#L$8!>Z$G$"$k$,!"$3$NLdBj$NK\<A$+$i9M;!$9$k$H!"%j%b!<%H$
N96(B
$B7b<T$O!"@x:_E*$K$3$NLdBj$rMxMQ$7!"1F6A$r<u$1$k(B mIRC $B%/%i%$%"%s%H$N8"8B$G(B
$B0U?^$9$k%3!<%I$r<B9T2DG=$G$"$k$H?d;!$5$l$k!#(B

mIRC 6.1 $B$*$h$S(B 6.11 $B$,$3$NLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k$,!"B>$N%P!<(B
$B%8%g%s$bF1MM$K1F6A$r<u$1$k2DG=@-$,$"$k!#(B

8. mIRC IRC URL Buffer Overflow Vulnerability
BugTraq ID: 8819
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 13 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8819
$B$^$H$a(B:

mIRC $B$O!"(BMicrosoft Windows $B8~$1$K@_7W$5$l$?(B IRC $B%W%m%H%3%k$rMxMQ$9$k%A%c(B
$B%C%H%/%i%$%"%s%H$G$"$k!#$3$N%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$k:]!"(B'i
rc://'
$B7A<0$N(B URL $B$N%O%s%I%i$,EPO?$5$l$k!#$3$l$K$h$j!"(B'IRC URL' $B%j%s%/$rC)$k:]!"(B
$B$3$N%=%U%H%&%'%"$,8F$S=P$5$l$k!#(B

$B$3$N%=%U%H%&%'%"$O!"0-0U$"$k(B 'IRC URL' $B$r=hM}$9$k:]!"%P%C%U%!%*!<%P!<%U(B
$B%m!<$,H/@8$9$kLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#6qBNE*$K$O!
"Ld(B
$BBj$rJz$($k%P!<%8%g%s$N%=%U%H%&%'%"$r2TF0$7$F$$$k%f!<%6$K$h$C$F!"(B99
8 $B%P%$(B
$B%H$rD6$($k(B 'IRC URL' $B%j%s%/$,%/%j%C%/$5$l$?:]$KH/@8$9$k!#(B

$B$3$NLdBj$O!"(B'IRC URL' $B%G!<%?$,%a%b%j$N%P%C%U%!$K%3%T!<$5$l$k:]$N6-3&%A%'(B
$B%C%/$,IT==J,$G$"$k$3$H$K5/0x$7$F$$$k$H?d;!$5$l$k!#3NJ]:Q$_$N%P%C%U%!$
rD6(B
$B$($k%G!<%?$,6-3&$r0n$l!"NY@\$9$k%a%b%j$r=q$-49$($k!#1F6A$r<u$1$k%P%C%
U%!(B
$B$KNY@\$9$k%a%b%jNN0h$O%$%s%9%H%i%/%7%g%s%]%$%s%?$r3JG<$9$k$?$a$K;HMQ$
5$l(B
$B$F$*$j!"967b<T$O!"1F6A$r<u$1$k%/%i%$%"%s%H$N=hM}<j=g$r!"967b<T$N@)8f$
9$k(B
$B%a%b%jNN0h$X0\F0$9$k$h$&2~JQ$9$k2DG=@-$,$"$k!#$3$l$O!":G=*E*$K1F6A$r<
u$1(B
$B$k%/%i%$%"%s%H$r2TF0$7$F$$$k%f!<%6$N8"8B$G0U?^$9$k%3!<%I$N<B9T$,2DG=$
G$"(B
$B$k$H?d;!$5$l$k!#(B

mIRC 6.1 $B$,$3$NLdBj$rJz$($F$$$k5?$$$,$"$k$HJs9p$5$l$F$$$k$,!"B>$N%P!<%8(B
$B%g%s$bF1MM$K1F6A$r<u$1$k2DG=@-$,$"$k!#(B

9. Multiple myPHPCalendar File Include Vulnerabilities
BugTraq ID: 8820
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 13 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8820
$B$^$H$a(B:

myPHPCalendar $B$O!"(BPHP $B$rMxMQ$7$F3+H/$5$l$?!"%*%s%i%$%s$GMxMQ2DG=$J%$%Y%s(B
$B%H7W2h(B/$B%+%l%s%@!<%=%U%H%&%'%"$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O!"%U%!%$%k$r%$%s%/%k!<%I2DG=$H$J$kJ#?t$NLdBj$rJz$($
F$$(B
$B$k5?$$$,$"$k$HJs9p$5$l$F$$$k!#$3$l$i$NLdBj$O!"%f!<%6$,(B 'cal_dir' URI $B%Q(B
$B%i%a!<%?$KM?$($kCM$KBP$9$kL5322=$,IT==J,$G$"$k$3$H$K5/0x$9$k!#(B

$B$3$l$i$NLdBj$rMxMQ$9$k967b$K$h$j!"%j%b!<%H$N967b<T$O!"30It$N0U?^$9$k
(B PHP
$B%9%/%j%W%H$r%$%s%/%k!<%I$7!"%9%/%j%W%H$K4^$^$l$k%3!<%I$r(B Web $B%5!<%P$N8"(B
$B8B$G<B9T2DG=$G$"$k!#(B

$B$3$NLdBj$O!"(BmyPHPCalendar 10192000 $B%S%k%I(B 1 Beta $B$KB8:_$9$k$HJs9p$5$l$F(B
$B$$$k$,!"B>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$
k!#(B

10. WinSyslog Long Syslog Message Remote Denial Of Service Vulne...
BugTraq ID: 8821
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 14 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8821
$B$^$H$a(B:

WinSyslog $B$O!"%7%9%F%`%$%Y%s%H$r5-O?$9$k%5!<%P$G$"$k!#$3$N%=%U%H%&%'%"$O!"(B
Microsoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O!"%j%b!<%H$+$i967b2DG=$J!"%5!<%S%9ITG=>uBV$r0z$-5/$
3$5(B
$B$l$kLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"%W%m%0%i%`$,BT$A<u$1$F$$$
k%](B
$B!<%H(B ($B%G%U%)%k%H$G$O(B 10514/UDP) $B$r2p$7$F!"J#?t$N2aBg$JD9$5$N(B syslog $B%a%C(B
$B%;!<%8$r<u?.$7$?:]$KH/@8$9$k!#K\LdBj$N8x3+$HJ;$;$F!"=y!9$KA}Bg$9$k(B

syslog $B%a%C%;!<%8$rBgNL$KAw?.$7$F!"%5!<%S%9ITG=>uBV$r0z$-5/$3$9967b%9%/(B
$B%j%W%H$,8x3+$5$l$F$$$k!#(B

$B$3$l$K$h$j!"%j%=!<%9$N8O3i$K5/0x$9$k$H?d;!$5$l$k!"%7%9%F%`$,IT0BDj$K$
J$k(B
$B$3$H$bJs9p$5$l$F$$$k!#$3$NLdBj$,6-3&%A%'%C%/$KM3Mh$9$kLdBj$H$$$C$?!"$
h$j(B
$B?<9o$JLdBj$K5/0x$7$F$$$k$+$I$&$+$OL$>\$G$"$k!#(B

$B$3$NLdBj$O!"(BWinSyslog 4.21 SP1 $B$K1F6A$r5Z$\$9$HJs9p$5$l$F$$$k!#B>$N%P!<(B
$B%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$k!#(B

11. Apache Mod_Throttle Module Local Shared Memory Corruption Vu...
BugTraq ID: 8822
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 14 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8822
$B$^$H$a(B:

mod_throttle Apache $B%b%8%e!<%k$O!"(Bsert.com $B$K$h$C$F3+H/$5$l$?%"%W%j%1!<(B
$B%7%g%s$G$"$k!#$3$N%=%U%H%&%'%"$O!"FCDj$N%5!<%P%j%/%(%9%H$r=hM}$9$k:]$
NIi(B
$B2Y$r8:$i$9$h$&@_7W$5$l$F$$$k!#$3$N%=%U%H%&%'%"$O!"(BBSD$B!"(BLinux
$B!"$*$h$S(B
Solaris $B4D6-$GMxMQ2DG=$G$"$k!#(B

$B$3$N%b%8%e!<%k$O!"%m!<%+%k$G$N8"8B>:3J$r2DG=$K$9$kLdBj$rJz$($F$$$k5?$
$$,(B
$B$"$k$HJs9p$5$l$F$$$k!#$3$NLdBj$O!"$3$N%b%8%e!<%k$,!"=EMW$J%G!<%?$r(B
'
apache' $B8"8B$r;}$D%f!<%6$,%"%/%;%92DG=$J6&M-%a%b%j$K8m$C$F3JG<$7$F$$$k$3(B
$B$H$K5/0x$9$k!#7k2L$H$7$F!"967b<T$O6&M-%a%b%j%;%0%a%s%HFb$N%a%b%j%]%$%
s%?(B
$B$*$h$S%G!<%?%U%!%$%k$r2~JQ2DG=$G$"$k$H?d;!$5$l$k!#$3$l$i$N%]%$%s%?$O!
"4{(B
$B$KFbIt%b%8%e!<%k$N=hM}<j=g$d!"(BApache $B$,=*N;;~$K%b%8%e!<%k$r<h$j30$9:]$K(B
$BI,MW$H$J$k=EMW$J%G!<%?$r;X$7$F$$$k2DG=@-$,$"$k!#(B

$B$3$l$O!":G=*E*$K$O(B Apache $B$N5/F0;~$^$?$O=*N;;~$K8"8B>:3J$r0z$-5/$3$92DG=(B
$B@-$,$"$j!"7k2L$H$7$F967b<T$O(B root $B8"8B$rC%<h$9$k2DG=@-$,$"$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$rMxMQ$9$k967b$,@.8y$9$k$?$a$K$O!"967b<T$O2?$i$
+$N(B
$BJ}K!$G(B Apache $B$K@_Dj%U%!%$%k$r%j%m!<%I$5$;$kI,MW$,$"$k!#7k2L$H$7$F!"$3$N(B
$BLdBj$O!"(BBID 5884 $B$K5-:\$5$l$F$$$kLdBj$HJ;MQ$5$l$F967b$KMxMQ$5$l$k2DG=@-(B
$B$,$"$k!#@_Dj%U%!%$%k$r%j%m!<%I$5$;$kB>$NJ}K!$bMxMQ$5$l$k2DG=@-$,$"$k!
#(B

12. WrenSoft Zoom Search Engine Cross-Site Scripting Vulnerabili...
BugTraq ID: 8823
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 14 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8823
$B$^$H$a(B:

WrenSoft Zoom Search Engine $B$O(B Web $B%5%$%H$K8!:w%(%s%8%s$rDI2C2DG=$K$J$k(B
$B8!:w%f!<%F%#%j%F%#$G$"$k!#(B

$B%j%b!<%H$N967b<T$,!"%f!<%6$N%V%i%&%6$G(B HTML $B%?%0!"$^$?$O%9%/%j%W%H$,<B9T(B
$B2DG=$K$J$k$H?d;!$5$l$kLdBj$,!"$3$N%=%U%H%&%'%"$N8!:w%b%8%e!<%k$KB8:_$
9$k(B
$B$HJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$O!"$3$N%=%U%H%&%'%"$K$h$k%f!<%6$,M?$($?F~NO$NL
532(B
$B2=$,IT==J,$G$"$k$3$H$K5/0x$9$k!#(BHTML $B%?%0$*$h$S%9%/%j%W%H%3!<%I$,%f!<%6(B
$B$N%V%i%&%6$G2r<a$5$l$k$?$a!"967b<T$O!"%j%s%/$rC)$C$?%f!<%6$N%V%i%&%6F
b$G(B
$B2r<a$5$l$k2DG=@-$,$"$k(B HTML $B%?%0$^$?$O%9%/%j%W%H%3!<%I$r4^$`0-0U$"$k%j%s(B
$B%/$rAH$_N)$F$k2DG=@-$,$"$k!#$3$N967b$OLdBj$rJz$($k%5%$%H$N%;%-%e%j%F%
#%3(B
$B%s%F%-%9%H$G@8$8$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$K@.8y$7$?>l9g!"967b<T$O(B Cookie $B$KM3Mh$9$kG'>ZMQ>p(B
$BJs$N@`<h$,2DG=$K$J$k$H?d;!$5$l$k!#B>$N967b$b2DG=$G$"$k$H?d;!$5$l$k!#
(B

WrenSoft Zoom Search Engine 2.0 - $B%S%k%I(B: 1018 $B$OLdBj$rJz$($k%Q%C%1!<%8(B
$B$G$"$k$HJs9p$5$l$F$$$k$,!"B>$N%P!<%8%g%s$bF1MM$K1F6A$r<u$1$k2DG=@-$,$
"$k!#(B

13. Apache Tomcat Non-HTTP Request Denial Of Service Vulnerabili...
BugTraq ID: 8824
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8824
$B$^$H$a(B:

Tomcat $B$O(B Jakarta $B%W%m%8%'%/%H$N0lIt$H$7$F(B Apache $B$K$h$j3+H/$5$l$F$$$k(B
Web $B%5!<%P!"$*$h$S(B JSP/Servlet $B%3%s%F%J$G$"$k!#(B

Apache Tomcat 4 $B$O>\:YITL@$N(B HTTP $B$G$O$J$$%j%/%(%9%H%?%$%W$r=hM}$9$k:]$K!"(B
$B%j%b!<%H$+$i%5!<%S%9ITG=>uBV$r0z$-5/$3$5$l$kLdBj$rJz$($F$$$k5?$$$,$"$
k$H(B
$BJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$"$kFCDj$N(B HTTP $B$G$O$J$$%j%/%(%9%H%?%$%W$r(B Tomcat HTTP $B%3(B
$B%M%/%?$,=hM}$9$k:]$K!"(BTomcat $B%5!<%P$O%5!<%S%9$,:F5/F0$5$l$k$^$G!"1F6A$r(B
$B<u$1$k%]!<%H$KBP$9$k$=$N8e$N%j%/%(%9%H$rGK4~$9$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$K$h$j!"%j%b!<%H$N967b<T$O!"1F6A$r<u$1$k$K$h$k%
j%/(B
$B%(%9%H$N=hM}$r8N0U$KK8$2!";v<B>e!"@5Ev$J%f!<%68~$1$N%5!<%S%9$rMxMQITG
=>u(B
$BBV$K4Y$i$;$k$3$H$,2DG=$G$"$k!#(B

$B$3$NLdBj$O(B Tomcat 4.0.x $B$KJs9p$5$l$F$$$k$3$H$KN10U$9$Y$-$G$"$k!#(B

14. AOL Instant Messenger Getfile Screenname Buffer Overrun Vuln...
BugTraq ID: 8825
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8825
$B$^$H$a(B:

AOL Instant Messenger (AIM) $B$O(B Microsoft Windows $B$r4^$`MM!9$J4D6-$GMxMQ(B
$B2DG=$J%$%s%9%?%s%H%a%C%;%s%8%c!<%/%i%$%"%s%H$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$O%j%b!<%H$+$i967b2DG=$J%P%C%U%!%*!<%P!<%U%m!<$NLdBj$
rJz(B
$B$($F$$$k5?$$$,$"$k!#(B

$B$3$N%=%U%H%&%'%"$,%$%s%9%H!<%k$5$l$k:]!"(BAIM URI $BMQ$N%W%m%H%3%k%O%s%I%i$b(B
$B%$%s%9%H!<%k$5$l!"$=$l$K$h$j!"$3$N%=%U%H%&%'%"$,(B Web $B%Z!<%8Fb$+$i8F$S=P(B
$B$5$l$k2DG=@-$,$"$k!#Js9p$K$h$k$H!"(BAIM URI $B%O%s%I%i$r2p$7$FH/@8$9$kLdBj$,(B
$BB8:_$9$k!#6qBNE*$K$O!"$3$NLdBj$O!"(B"getfile" $BA`:n$G;XDj$5$l$?>l9g$N%9%/%j(B
$B!<%s%M%$%`%Q%i%a!<%?$N6-3&%A%'%C%/$,IT==J,$G$"$k$3$H$K5/0x$9$k!#$3$l$
K$h(B
$B$j!"967b<T$O%a%b%jFbMF$r967b<T$,M?$($?CM$G=q$-49$(2DG=$K$J$j!"%$%s%9%
H%i(B
$B%/%7%g%s%]%$%s%?$H$$$C$?JQ?t$r=q$-49$($k$3$H$K$h$C$F!"%W%m%0%i%`$N=hM
}<j(B
$B=g$r@)8f2DG=$K$J$k$H?d;!$5$l$k!#(B

$B967b<T$O!"%9%/%j!<%s%M%$%`$H$7$F2aBg$JD9$5$NCM$r;}$D(B "getfile" $BA`:n$r9T(B
$B$&!"0U?^E*$KAH$_N)$F$i$l$?(B AIM URI(AIM $B%W%m%H%3%k%O%s%I%i$rMxMQ$9$k(B) $B$r(B
$BC)$k$h$&M6F3$9$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$9$k967b$r9T$&2DG=@-$,$"$k!
#Js(B
$B9p$K$h$k$H!"$3$NLdBj$O(B 1130 $BJ8;z0J>e$ND9$5$r;}$D%9%/%j!<%s%M%$%`$rM?$($k(B
$B$3$H$K$h$j!":F8=2DG=$G$"$k!#(B

15. Microsoft Messenger Service Buffer Overrun Vulnerability
BugTraq ID: 8826
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8826
$B$^$H$a(B:

Microsoft Messenger Service $B$O(B "net send" $B%a%C%;!<%8$NAw<u?.$rC4$&(B
Windows $B$N%5!<%S%9$G$"$k!#$3$N%5!<%S%9$O%/%i%$%"%s%H$H%5!<%P4V$N(B Alerter
$B%5!<%S%9$r2p$7$FAw$i$l$kA4$F$N%a%C%;!<%8$b=hM}$9$k!#(BMicrosoft Messenger
Service $B$O(B MSN Messenger $B$H4X78$O$J$$!#(B

Microsoft Messenger Service $B$O%j%b!<%H$+$i967b2DG=$J%P%C%U%!%*!<%P!<%U%m(B
$B!<$NLdBj$rJz$($F$$$k5?$$$,$"$k!#$3$NLdBj$O!"$3$N%5!<%S%9$K$*$1$k6-3&%
A%'(B
$B%C%/$NITHw$K5/0x$7$F$*$j!"%a%b%jFbMF$N=q$-49$($r2DG=$K$9$k$H?d;!$5$l$
k!#(B
$B$3$N%5!<%S%9$,%a%C%;!<%8D9$NBEEv@-3NG'$r;n$_$k:]$K!"6-3&%A%'%C%/$,9T$
o$l(B
$B$?8e!"$3$N%5!<%S%9$O(B CR/LF (Carriage Return/Line-feed) $BJ8;zNs$,(B 2 $B%P%$%H(B
$B$rMW$9$k$3$H$r9MN8$;$:$K!"%a%C%;!<%8K\J8$N(B 0x14 $BJ8;z$r(B CR/LF $BJ8;zNs$KCV(B
$B$-49$($k$HJs9p$5$l$F$$$k!#$3$N$?$a!"0U?^E*$K:n@.$5$l$?%a%C%;!<%8$,@x:
_E*(B
$B$K%W%m%;%9%a%b%j$NNY@\$9$kNN0h$,=q$-49$($i$l$k2DG=@-$,$"$k!#(B

$B$3$N967b$N7k2L!"%5!<%S%9ITG=>uBV!"$^$?$O(B Local System $B8"8B$G$N0-0U$"$k%3(B
$B!<%I$N<B9T$,0z$-5/$3$5$l!"@x:_E*$K%3%s%T%e!<%?$N40A4$J1x@w$,5/$3$k2DG
=@-(B
$B$,$"$k!#(B

$B$3$N%5!<%S%9$O(B NetBIOS ($B%]!<%H(B 137-139) $B$*$h$S(B RPC ($B%]!<%H(B 135) $B$r2p$7$F(B
$B4m81$K$5$i$5$l$k!#(B

16. Microsoft ListBox/ComboBox Control User32.dll Function Buffe...
BugTraq ID: 8827
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8827
$B$^$H$a(B:

ComboBox $B%3%s%H%m!<%k$O!"=jDj$NCM$N%I%m%C%W%@%&%s%j%9%H$HF1MM$K!"%f!<%6(B
$B$,M?$($kF~NO$rJ];}$9$k%U%#!<%k%I$rI=<($9$k$?$a$K;HMQ$5$l$k%/%i%9$G$"$
k!#(B
ListBox $B%3%s%H%m!<%k$OF1MM$N%/%i%9$G$"$k$,!"C1=c$K=jDj$NCM$rI=<($9$k$h$&(B
$B$K0U?^$5$l!"%f!<%6$O0l$D$NCM$rA*Br$9$k$3$H$,2DG=$G$"$k!#(B

Microsoft $B$O!">\:YITL@$N(B User32.dll $B%i%$%V%i%j4X?tFb$K%m!<%+%k%P%C%U%!%*(B
$B!<%P!<%U%m!<LdBj$,B8:_$9$k$HJs9p$7$F$$$k!#(BComboBox $B$*$h$S(B ListBox $B$NN>J}(B
$B$N%3%s%H%m!<%k$O!"(BWindows $B%a%C%;!<%8%s%0%$%Y%s%H$r=hM}$9$k:]$K!"$3$N(B
User32.dll $B4X?t$r8F$S=P$9!#$3$N4X?t$O!"$3$l$i$N(B Windows $B%a%C%;!<%8Fb$KG[(B
$BCV$5$l$F$$$kFCDj$N%G!<%?$r=hM}$9$k:]$K!"7rA4@-$N%A%'%C%/$,IT==J,$G$"$
k$H(B
$B8@$o$l$F$$$k!#6qBNE*$K$O!"FCJL$KAH$_N)$F$i$l$?(B ListBox $B$KBP$9$k(B LB_DIR
$B%a%C%;!<%8!"$^$?$O(B ComboBox $B$KBP$9$k(B CB_DIR $B%a%C%;!<%8$rAw?.$9$k$3$H$K$h(B
$B$j!"$3$NLdBj$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#967b<T$O!"$3$NLdBj$r0z$-5/$
3$9(B
$B$?$a$K!"$=$l$>$l$N%a%C%;!<%8$KBP$7$FD9$$%Q%9L>$r;XDj$9$kI,MW$,$"$k!#J
s9p(B
$B$K$h$k$H!"$3$NLdBj$O(B ($BJ8;zNs$r%3%T!<$9$k4X?t$G$"$k(B) wcscpy $B$r8F$S=P$7$F(B
$B$$$k4V$K!"Nc30$r0z$-5/$3$9!#(B

$B$3$NLdBj$O!"FC8"$N%"%W%j%1!<%7%g%s$,$3$l$i$N1F6A$r<u$1$k%3%s%H%m!<%k%
/%i(B
$B%9$r;HMQ$7!"FC8"$G$J$$%f!<%6$N4D6-$G2TF0$5$l$k:]$K!"%;%-%e%j%F%#%j%9%
/$r(B
$B0z$-5/$3$9!#967b<T$O!";v<B>e!"%P%C%U%!%*!<%P!<%U%m!<$r0z$-5/$3$9$h$&$
K0U(B
$B?^$5$l$?2aEY$J%G!<%?$r4^$`0-0U$"$k(B Windows $B%a%C%;!<%8$rAw?.$7!"967bBP>](B
$B$N%W%m%0%i%`$N=hM}<j=g$r@)8f$9$k2DG=@-$,$"$k!#$3$NLdBj$K$h$j!":G=*E*$
K!"(B
$BBPOC7?$N%m!<%+%k%7%9%F%`$X$N%"%/%;%98"$r;}$D%f!<%6$,4IM}<T8"8B$rC%<h2
DG=(B
$B$K$J$k$H?d;!$5$l$k!#(B

Microsoft $B$O!"$3$NLdBj$O%7%9%F%`>e$NMM!9$J%f!<%6Jd=u%f!<%F%#%j%F%#$r4IM}(B
$B$9$k$h$&$K0U?^$5$l$?(B Utility Manager $B$K1F6A$r5Z$\$9$3$H$bJs9p$7$F$$$k!#(B
$B$3$N%"%W%j%1!<%7%g%s$O!"(BWindows 2000 $B$G$O%G%U%)%k%H$G4IM}<T8"8B$G2TF0$7(B
$B$F$*$j!"$3$NLdBj$N1F6A$r<u$1$k!#7k2L$H$7$F!"$3$N%W%m%0%i%`$O!"967b<T$
K$H(B
$B$C$F:GE,$J967bBP>]$H$J$j$($k!#$7$+$7!"$3$NLdBj$,1F6A$r5Z$\$9HO0O$O(B

Utility Manager $B$K8B$i$l$F$*$i$:!"1F6A$r<u$1$k%3%s%H%m!<%k$r;HMQ$9$kG$0U(B
$B$N%5!<%I%Q!<%F%#@=%W%m%0%i%`$bLdBj$rJz$($F$$$k$3$H$KN10U$9$Y$-$G$"$k!
#(B

$B:G=*E*$K!"(BMicrosoft $B$O(B Windows XP $B$*$h$S(B Windows 2003 $B$KF1:-$5$l$F$$$k(B
Utility Manager $B$O$3$NLdBj$rMxMQ$7$F8"8B$r>:3J$5$l$k$3$H$O$J$/!"%m%0%$%s(B
$B%f!<%6$N8"8B$G8F$S=P$5$l$k$HH/I=$7$F$$$k!#(B

17. Microsoft Windows Help And Support Center URI Handler Buffer...
BugTraq ID: 8828
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8828
$B$^$H$a(B:

Microsoft Windows $B$K$O!"(BWindows $B$N5!G=$d%O!<%I%&%'%"%5%]!<%H$K$D$$$F$N4v(B
$B$D$+$N%H%T%C%/%9$rDs6!$9$k(B Help and Support Center ($B!V%X%k%W$H%5%]!<%H!W!"(B
HSC) $B5!G=$rHw$($F$$$k!#$^$?!"(BHSC $B$O!V(Bhcp://$B!W%W%l%U%#%C%/%9$r2p$7$F%Z!<(B
$B%8$rI=<($9$k$3$H$,2DG=$J(B URI $B%O%s%I%i$rDs6!$7$F$$$k!#(B

$BJs9p$K$h$k$H!"%P%C%U%!%*!<%P!<%U%m!<$NLdBj$O!"(BMicrosoft Windows $B$N(B Help
and Support Center $B$K1F6A$rM?$($k!#$3$NLdBj$O!"(Bhelpsvc.exe $B$KB8:_$7$F$*(B
$B$j!"(Bsvchost.exe $B%W%m%;%9$K$h$j5/F0$9$k!#(B

$B$3$NLdBj$O!"!V(Bhcp://$B!W(BURI $B%j%s%/$r<h$j07$&:]$NIT==J,$J6-3&%A%'%C%/$K5/0x(B
$B$9$k$HJs9p$5$l$F$$$k!#$3$l$K$h$j!"(BURI $B%O%s%I%i$r2p$7$F(B HSC $B$KM?$($i$l$?(B
$B2aBg$JD9$5$NJ8;zNs$,%a%b%j$N3NJ]:Q$_%P%C%U%!$N6-3&$r0n$l$k2DG=@-$,$"$
k!#(B

$B967b<T$O!"967b<T$,M?$($?CM$G1F6A$r<u$1$k%P%C%U%!$KNY@\$9$k%9%?%C%/%a%
b%j(B
$B$r=q$-49$($k$?$a$K!"$3$NLdBj$r0U?^E*$K0z$-5/$3$92DG=@-$,$"$k!#$3$l$K$
h$j!"(B
$B%$%s%9%H%i%/%7%g%s%]%$%s%?$^$?$O(B SEH (Structured Exception Handler) $B$N=q(B
$B$-49$($,2DG=$K$J$k!#:G=*E*$K!"967b<T$O!"%W%m%0%i%`$N=hM}<j=g$r967b<T$
,@)(B
$B8f$9$k%a%b%j$K0\$7!"%m!<%+%k%3%s%T%e!<%?$N%;%-%e%j%F%#%3%s%F%-%9%H$G0
U?^(B
$B$9$k%3!<%I$N<B9T$r0z$-5/$3$92DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"(BWeb $B%Z!<%8$^$?$O(B HTML $B7A<0$NEE;R%a!<%kFb$K(B 'hcp://' $B%W%l%U%#(B
$B%C%/%9$rMQ$$$F0-0U$"$k%j%s%/$rAH$_9~$`$3$H$K$h$j967b2DG=$G$"$k!#$^$?!
"8"(B
$B8B>:3J$r0z$-5/$3$9$?$a$K%m!<%+%k>e$G$3$NLdBj$rMxMQ$9$k967b$,9T$o$l$k2
DG=(B
$B@-$,$"$k!#(B

$B%Y%s%@$O!"LdBj$rJz$($k%3!<%I$OA4$F$N%5%]!<%H(B OS $B$KB8:_$9$k$,!"967b$KMxMQ(B
$B2DG=$JLdBj$X$H7R$,$k967b$NG^2p$O!"(BWindows XP $B$*$h$S(B Windows Server 2003
$B$N$_$KB8:_$9$k$H9M$($i$l$F$$$k$H=R$Y$F$$$k$3$H$KN10U$9$Y$-$G$"$k!#$3$
l$O!"(B
HCP $B%W%m%H%3%k$,B>$N$9$Y$F$N(B Windows OS $B$G$O%5%]!<%H$5$l$F$$$J$$$?$a$G$"(B
$B$k!#(B

$BK\LdBj$O!"(BBID 6802 $B$GJs9p$5$l$F$$$kLdBj$K4XO"$7$F$$$k2DG=@-$,$"$k!#(B

18. DBMail IMAP Service SQL Injection Vulnerability
BugTraq ID: 8829
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8829
$B$^$H$a(B:

dbmail $B$O!"EE;R%a!<%k%a%C%;!<%8$NJ]B8$*$h$S%G!<%?%Y!<%9$+$i$N8!:w$r9T$&(B
$B$?$a$KMxMQ$5$l$k0lO"$N%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%&%'%"$O!"(BMySQ
L $B$^$?(B
$B$O(B PostgreSQL $B%G!<%?%Y!<%9$KBP1~$7$F$$$k!#(B

$BJs9p$K$h$k$H!"(Bdbmail IMAP $B%5!<%S%9$K$O!"%j%b!<%H$N967b<T$,0-0U$"$k(B SQL
$B9=J8$r%G!<%?%Y!<%9%/%(%j$KCmF~2DG=$JLdBj$,B8:_$9$k!#$3$NLdBj$N860x$O!
"%f(B
$B!<%6$,M?$($?F~NO$NL5322=$,IT==J,$G$"$k$3$H$G$"$k!#(B

$B$3$NLdBj$O%f!<%6L>$*$h$S%Q%9%o!<%I$H$$$C$?MM!9$J%Q%i%a!<%?$KB8:_$9$k$
HJs(B
$B9p$5$l$F$$$k!#Js9p$K$h$k$H!"LdBj$rJz$($k%Q%i%a!<%?$O!"%G!<%?%Y!<%9$KA
H$_(B
$B9~$^$l$kA0$N%f!<%6$,M?$($?F~NO$,L5322=$5$l$J$$!#$3$NLdBj$rMxMQ$9$k967
b$K(B
$B$h$j!"%j%b!<%H$N967b<T$O!"%5!<%P$X$NG'>Z$r;n$_$k:]$K(B SQL $B%/%(%j$NO@M}9=(B
$B@.$r2~JQ$9$k2DG=@-$,$"$k!#(B

$B0-0U$"$k%f!<%6$O!"=EMW$J>pJs$r1\Mw$^$?$OJQ99$9$k$?$a$K!"%G!<%?%Y!<%9%
/%((B
$B%j$r2~JQ$9$k2DG=@-$,$"$j!"@x:_E*$K$3$N%=%U%H%&%'%"$^$?$O%G!<%?%Y!<%9$
X$N(B
$B%;%-%e%j%F%#>e$N6<0R$r0z$-5/$3$9!#(B

dbmail 1.1 $B0JA0$,$3$NLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k$,!"B>$N%P!<%8%g%s(B
$B$bF1MM$K1F6A$r<u$1$k2DG=@-$,$"$k!#(B

19. Microsoft ActiveX Authenticode Verification Bypass Vulnerabi...
BugTraq ID: 8830
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8830
$B$^$H$a(B:

Authenticode $B$O!"(BActiveX $B%3%s%H%m!<%k$NBEEv@-3NG'$r9T$&%3%s%]!<%M%s%H$G(B
$B$"$k!#(BWeb $B%Z!<%8$,(B ActiveX $B%3%s%H%m!<%k$N%$%s%9%H!<%k$r;n$_$k:]!"(B
Authenticode $B$O=pL>$5$l$?(B ActiveX $B%3%s%H%m!<%k$NH/9T<T$r8!>Z$7!"%f!<%6$,(B
$B$=$N%3%s%H%m!<%k$r%$%s%9%H!<%k$9$k$+$I$&$+$N3NG'2hLL$rI=<($9$k!#(B

Authenticode $B$,(B ActiveX $B%3%s%H%m!<%k$K$h$j1*2s$5$l$kLdBj$,B8:_$9$k!#(B

$B%a%b%jMFNL$,>/$J$/$J$C$F$$$kFCDj$N>u672<$K$*$$$F!"(BAuthenticode $B$,%f!<%6(B
$B$X$N3NG'2hLL$rI=<($;$:$K!"(BActiveX $B%3%s%H%m!<%k$,%$%s%9%H!<%k$5$l$k2DG=@-(B
$B$,$"$k!#$3$NLdBj$K$h$j!"(BWeb $B%Z!<%8$^$?$O(B HTML $B7A<0$NEE;R%a!<%k$KKd$a9~$^(B
$B$l$?0-0U$"$k(B ActiveX $B%3%s%H%m!<%k$,!"LdBj$rJz$($k%3%s%T%e!<%?>e$K%$%s%9(B
$B%H!<%k$5$l<B9T$5$l$k2DG=@-$,$"$k!#$3$N(B ActiveX $B%3%s%H%m!<%k$O!"%+%l%s%H(B
$B%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%H$G<B9T$5$l$k!#(B

20. Sun Solaris SysInfo System Call Kernel Memory Reading Vulner...
BugTraq ID: 8831
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8831
$B$^$H$a(B:

Solaris $B$O(B Sun Microsystems $B$K$h$C$FJ]<i!"HNGd$,9T$o$l$F$$$k(B Unix $B%*%Z%l(B
$B!<%F%#%s%0%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$O(B Sparc $B$*$h$S(B Intel $B%"!<%-%F(B
$B%/%A%c$GMxMQ2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$N(B sysinfo $B%7%9%F%`%3!<%k$K$OLdBj$,B8:_$9(B
$B$k!#$3$N$?$a!"967b<T$O@x:_E*$K=EMW$J>pJs$K%"%/%;%92DG=$G$"$k$H?d;!$5$
l$k!#(B

$B$3$NLdBj$O!"%m!<%+%k$N%f!<%6$K$h$k%+!<%M%k>pJs$NFI$_<h$j$KB8:_$9$k!#
(B
sysinfo $B$KB8:_$9$kITHw$K$h$j!"%f!<%6$O%+!<%M%k%a%b%j6u4V$rFI$_<h$j2DG=$H(B
$B$J$k!#%f!<%6$NFCDj%;%0%a%s%H$NFI$_<h$j2DG=HO0O!"$^$?!"L\I8$H$J$k>l=j$
rFI(B
$B$_<h$k$?$a$KK\LdBj$rA`:n2DG=$+$I$&$+$OL$>\$G$"$k!#$7$+$7$J$,$i!"K\LdB
j$K(B
$B$h$k%a%b%j%@%s%W$K%Q%9%o!<%I>pJs$H$$$C$?=EMW$J>pJs$,4^$^$l$k2DG=@-$,$
"$k!#(B

$B$3$NLdBj$K$h$j%+!<%M%k%a%b%j$NFI$_<h$j$N$_$,2DG=$G$"$k$3$H$KN10U$9$Y$
-$G(B
$B$"$k!#(BSun $B$K$h$kJs9p$K$h$k$H!"%m!<%+%k$N%f!<%6$O!"$3$NLdBj$r2p$7$F$N%+!<(B
$B%M%k%a%b%j6u4V$X$N=q$-9~$_$OIT2DG=$G$"$k!#(B

21. Microsoft Exchange Server 5.5 Outlook Web Access Cross-Site ...
BugTraq ID: 8832
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8832
$B$^$H$a(B:

Microsoft Exchange Server 5.5 $B$O!"(BMicrosoft $B$K$h$jHNGd$5$l$F$$$kEE;R%a!<(B
$B%k$*$h$S%G%#%l%/%H%j%5!<%P$G$"$k!#(BOutlook Web Access $B$O!"%f!<%6$,(B Web $B$r(B
$B2p$7$F(B Exchange $B%a!<%k%\%C%/%9$K%"%/%;%92DG=$H$J$k!"(BExchange $B%5!<%P$K$h(B
$B$jDs6!$5$l$k%5!<%S%9$G$"$k!#(B

$B$3$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967b<T$,!"LdBj$rJz$($k%P!<%8%g%s$N$3$
N%=(B
$B%U%H%&%'%"$r<B9T$7$F$$$k%f!<%6$N%V%i%&%6$G(B HTML $B$^$?$O%9%/%j%W%H%3!<%I$r(B
$B<B9T2DG=$JLdBj$,B8:_$9$k$HJs9p$5$l$F$$$k!#(B

$BJs9p$K$h$k$H!"$3$NLdBj$O!"(B Outlook Web Access $B$N(B Compose New Message $B%U(B
$B%)!<%`Fb$N%f!<%6$,M?$($?%G!<%?$KBP$9$k=hM}$,ITE,@Z$G$"$k$3$H$K5/0x$9$
k!#(B
$B$3$NLdBj$O!"$3$N%=%U%H%&%'%"$K$h$k%f!<%6$,M?$($?F~NO$NL5322=$,IT==J,$
G$"(B
$B$k$3$H$K5/0x$9$k!#(BHTML $B%?%0$*$h$S%9%/%j%W%H%3!<%I$,%f!<%6$N%V%i%&%6$G2r(B
$B<a$5$l$k$?$a!"967b<T$O!"%j%s%/$rC)$C$?%f!<%6$N%V%i%&%6Fb$G2r<a$5$l$k2
DG=(B
$B@-$,$"$k(B HTML $B%?%0$^$?$O%9%/%j%W%H%3!<%I$r4^$`0-0U$"$k%j%s%/$rAH$_N)$F$k(B
$B2DG=@-$,$"$k!#$3$N967b$OLdBj$rJz$($k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%H$
G@8(B

$B$8$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b<T$O!"$5$i$J$k967b$r;E3]$1$
k:](B
$B$KM-MQ$H$J$k!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$,2DG=$G$"$k$H?d;!$5$l$k!#(B

22. Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer...
BugTraq ID: 8833
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8833
$B$^$H$a(B:

Microsoft TroubleShooter ActiveX $B%3%s%H%m!<%k$KLdBj$,H/8+$5$l$F$$$k!#$3(B
$B$NLdBj$K$h$j!"%j%b!<%H$N967b<T$O!"%/%i%$%"%s%H%f!<%6$N8"8B$G0U?^$9$k%
3!<(B
$B%I$N<B9T$,2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O!"(BActiveX $B%3%s%H%m!<%k$K$h$j(B RunQuery2 $B%a%=%C%I$r2p$7$FM?$($i(B
$B$l$?%G!<%?$KBP$9$k6-3&%A%'%C%/$,IT==J,$G$"$k$3$H$K5/0x$9$k!#0-0U$"$kJ
}K!(B
$B$G$3$N%3%s%H%m!<%k$r8F$S=P$9(B HTML $BJ8=q$r1\Mw$9$k$3$H$K$h$j!"967b<T$O@x:_(B
$BE*$K$3$NJ8=q$r1\Mw$9$k%f!<%6$N8"8B$G0U?^$9$k%3%^%s%I$N<B9T$,2DG=$G$"$
k!#(B

$B$3$NLdBj$O!"%V%i%&%6$^$?$O(B HTML $B7A<0$NEE;R%a!<%k$r2p$7$?(B Web $B%Z!<%8$N1\(B
$BMw$*$h$S(B ActiveX $B%3%s%H%m!<%k$r8F$S=P$9$=$NB>$N%W%m%0%i%`$H$$$C$?!"?t<o(B
$BN`$N<jCJ$N(B 1 $B$D$r2p$7$F!"967b$5$l$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$k!#(B
$B$^$?!"$3$N%3%s%H%m!<%k$O!"(B"Safe For Scripting"($B%9%/%j%W%H$r<B9T$7$F$b0B(B
$BA4(B) $B$H$7$F%^!<%/$5$l$F$*$j!"$=$N$?$a!"%f!<%6$O$3$N%3%s%H%m!<%k$,8F$S=P$5
(B
$B$l$k:]$K3NG'2hLL$,I=<($5$l$J$$2DG=@-$,$"$k!#(B

$B$3$NLdBj$O!"(BTroubleShooter ActiveX $B%3%s%H%m!<%k(B (tshoot.ocx) $B$r%G%U%)%k(B
$B%H$G%$%s%9%H!<%k$5$l$k(B Windows 2000 $B$N$_$K1F6A$r5Z$\$9!#(B

23. Linksys BEFSX41 EtherFast Router Log Viewer Denial Of Servic...
BugTraq ID: 8834
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8834
$B$^$H$a(B:

Linksys Instant Broadband EtherFast Cable/DSL Firewall Router with 4-
Port Switch/VPN Endpoint $B$O2HDm!"$*$h$S>.5,LO%*%U%#%9$N%f!<%6$rBP>]$H$7(B
$B$?%O!<%I%&%'%"7?$N%k!<%?$G$"$k!#(B

$B$3$N%k!<%?$N(B BEFSX41 $B%P!<%8%g%s$O%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$k!#$3$N(B
$BLdBj$O(B Web $B4IM}%$%s%?!<%U%'!<%9$N%m%0%S%e!<%"$r2p$7$FH/3P$9$k!#IT@5$JCM(B
$B$r(B "Log_Page_Num" $B%Q%i%a!<%?$KAw?.$9$k$3$H$K$h$j!"$3$N>uBV$r0z$-5/$3$7!"(B
$B$3$N%k!<%?$N1~Ez$rDd;_$5$;$k$3$H$,2DG=$H$J$k!#%m%0%S%e!<%"$O(B Group.cgi
$B$r2p$7$F<BAu$5$l$F$$$k!#0J2<$NNc$O$3$NLdBj$rNc<($9$k$?$a$KDs6!$5$l$F$
$$k!#(B
http://192.168.1.1/Group.cgi?Log_Page_Num=1111111111&LogClear=0

$B$3$NLdBj$rMxMQ$9$k967b$O!"%m%0%S%e!<%"$K0U?^E*$J%Q%i%a!<%?$G%j%/%(%9%
H$r(B
$BAw?.$9$k$?$a$K!"4IM}<T%f!<%6$G$N%m%0%$%s$,I,MW$G$"$k$,!"4IM}<T%f!<%6$
OK\(B
$BLdBj$rMxMQ$9$k0-0U$"$k(B URI $B$rC)$k$h$&$KM6F3$5$l$k2DG=@-$,$"$k!#$3$N(B URI
$B$O4IM}<T%f!<%6$,C)$k(B Web $B%Z!<%8$N%$%a!<%8%?%0$KKd$a9~$^$l$F$$$k2DG=@-$,(B
$B$"$k!#$3$N%k!<%?$,M=B,2DG=$J%"%I%l%9$G$"$k$3$H!"$*$h$SB?$/$N%k!<%?$N%
3%^(B
$B%s%I$,(B HTTP $B%W%m%H%3%k$N(B GET $B%j%/%(%9%H$r2p$7$FAw?.$5$l$k$3$H$K5/0x$7$F!"(B
$B$3$N<o$N967b$rMxMQ$7$F!"%m%0%$%s$7$F$$$k4IM}<T%f!<%6$KB>$N%k!<%?$N%3%
^(B

$B%s%I$r<B9T$5$;$k$3$H$b2DG=$G$"$k$H?d;!$5$l$k!#$3$l$OL$8!>Z$G$"$k!#(B

24. Microsoft Word Macro Name Handler Buffer Overflow Vulnerabil...
BugTraq ID: 8835
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8835
$B$^$H$a(B:

Microsoft Word $B$O(B Microsoft Office $B%Q%C%1!<%8$N0lIt$H$7$FHNGd$5$l$F$$$k(B
$B%F%-%9%H%I%-%e%a%s%HJT=8%=%U%H$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kLdB
j$,(B
$BB8:_$9$k5?$$$,$"$k!#(B

$B$3$NLdBj$O!"%^%/%mL>%O%s%I%i%k!<%A%s$G9T$o$l$k6-3&%A%'%C%/$,IT==J,$G$
"$k(B
$B$3$H$K5/0x$9$k$HJs9p$5$l$F$$$k!#Js9p$K$h$k$H!"%^%/%m$,J]B8$5$l$k:]!"
(B
Unicode $BFbIt(B/$B30It%^%/%mL>$*$h$SBP1~$9$kJ8;zNs$N%5%$%:$r4^$`%^%/%m$N>pJs
(B
$B$O!"4XO"$9$k%o!<%I%I%-%e%a%s%H$KKd$a9~$^$l$F$$$kFbIt9=B$$K3JG<$5$l$k!
#$3(B
$B$l$i$N%^%/%mL>$,=hM}$5$l$k:]!"%^%/%mL>$O(B Unicode 256 $BJ8;z$N%^%/%mL>$r3J(B
$BG<$9$k8GDjD9$N%a%b%jFbIt$N3NJ]:Q$_%P%C%U%!$K%3%T!<$5$l$k!#(B

$BJs9p$K$h$k$H!"%^%/%mL>$r3NJ]:Q$_%P%C%U%!$K%3%T!<$9$k<j=g$O!"6-3&%A%'%
C%/(B
$B$N>r7oL?Na$,IT==J,$G$"$k!#$3$NLdBj$N7k2L$H$7$F!"967b<T$O0-0U$"$k%o!<%
I%I(B
$B%-%e%a%s%H$rAH$_N)$F!"%a%b%j$N3NJ]:Q$_%P%C%U%!$N%5%$%:$rD6$($k%^%/%mL
>J8(B
$B;zNs$N%5%$%:$K2~JQ$9$k2DG=@-$,$"$k!#967b$rM=4|$7$F$$$J$$%f!<%6$,$3$N%
o!<(B
$B%I%I%-%e%a%s%H$r3+$/$H!"%a%b%j$N=q$-49$($,@8$8!"(BWord $B$,%/%i%C%7%e$9$k2D(B
$BG=@-$,$"$k!#(B

$B8=;~E@$G$O!"$3$NLdBj$,0U?^$9$k%3!<%I$r<B9T$9$k$?$a$KMxMQ$5$l$k2DG=@-$
,$"(B
$B$k$+$OL$>\$G$"$k!#(B

Office XP $B$KF1:-$5$l$F$$$k(B Microsoft Word $B$O!"$3$NLdBj$rJz$($F$$$k$HJs9p(B
$B$5$l$F$$$J$$!#(B

25. Sun Solaris Pipe Function Unspecified Kernel Race Condition ...
BugTraq ID: 8836
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8836
$B$^$H$a(B:

Solaris $B$O(B Sun Microsystems $B$K$h$C$FJ]<i!"HNGd$,9T$o$l$F$$$k(B Unix $B%*%Z%l(B
$B!<%F%#%s%0%7%9%F%`$G$"$k!#$3$N%=%U%H%&%'%"$O(B Sparc $B$*$h$S(B Intel $B%"!<%-%F(B
$B%/%A%c$GMxMQ2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$N%Q%$%W4X?t$H(B STREAMS $B%k!<%A%s$KLdBj$,B8(B
$B:_$9$k!#$3$N$?$a!"967b<T$OLdBj$N$"$k%3%s%T%e!<%?$r%/%i%C%7%e$5$;$k$3$
H$,(B
$B2DG=$G$"$k$H?d;!$5$l$k!#(B

$B$3$NLdBj$O$3$l$i$N%f!<%F%#%j%F%#$N6%9g>uBV$G$"$k!#FCDj$N>u672<$G$O!"%
m!<(B
$B%+%k$N%f!<%6$O%Q%$%W4X?t$H(B STREAMS $B%k!<%A%s$rMxMQ$7$F!"0U?^E*$K%+!<%M%k(B
$B$G6%9g>uBV$r0z$-5/$3$9$3$H$,2DG=$G$"$k!#$3$l$K$h$j!"%3%s%T%e!<%?$rIT0
BDj(B
$B$K$5$;!"%/%i%C%7%e$5$;$k$3$H$,2DG=$G$"$k!#(B

$BLdBj$N$"$k%3%s%]!<%M%s%H!"$*$h$S$3$NLdBj$rMxMQ$9$k<jCJ$K4X$9$kL@3N$J>
\:Y(B
$B$O8x3+$5$l$F$$$J$$!#K\(B BID $B$O$5$i$J$k>pJs$,8x3+$5$l$?;~E@$G99?7$5$l$k!#(B

26. Planet WGSD-1020 Switch Undocumented Administrative User Una...
BugTraq ID: 8837
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8837
$B$^$H$a(B:

Planet WGSD-1020 $B$O!"%.%,%S%C%H%M%C%H%o!<%/%5%]!<%H$r4^$`!"%9%$%C%A%s%0(B
$B%G%P%$%9$G$"$k!#$3$N%G%P%$%9$O!"(BSNMP $B$*$h$S(B Web $B%V%i%&%6$GMxMQ2DG=$J4IM}(B
$B%$%s%?!<%U%'%$%9$rHw$($F$$$k!#(B

$BJs9p$K$h$k$H!"$3$N%G%P%$%9$K$O!"%I%-%e%a%s%H2=$5$l$F$$$J$$%G%U%)%k%H$
N4I(B
$BM}%f!<%6$,B8:_$9$k!#%f!<%6L>(B "superuser"$B!"%Q%9%o!<%I(B "planet" $B$rM?$($k$3(B
$B$H$G!"$3$N%f!<%6$K%"%/%;%92DG=$G$"$k!#$3$NLdBj$K$h$j!";v<B>e!"$3$N%G%
P%$(B
$B%9$X$N4IM}<T8"8B$G$N%"%/%;%9$,2DG=$H$J$k!#(B

$B$3$N%f!<%6$O%I%-%e%a%s%H2=$5$l$F$$$J$$$H=R$Y$i$l$F$$$k$,!"$3$N%G%P%$%
9$N(B
$B@_Dj%U%!%$%k$K$FEv3:%f!<%6$rL58z$K$G$-$k$HJs9p$5$l$F$$$kE@$KN10U$9$Y$
-$G(B
$B$"$k!#(B

$B$3$NLdBj$O!"A4$F$N%U%!!<%`%&%'%"%P!<%8%g%s$N$3$N%G%P%$%9$K1F6A$r5Z$\$
9$H(B
$BJs9p$5$l$F$$$k!#(B

27. Microsoft Exchange Server Buffer Overflow Vulnerability
BugTraq ID: 8838
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8838
$B$^$H$a(B:

Microsoft $B$O!"(BExchange Server $B$,%j%b!<%H$+$i967b2DG=$J%P%C%U%!%*!<%P!<%U(B
$B%m!<$,H/@8$9$kLdBj$N1F6A$r<u$1$k$H8xI=$7$F$$$k!#$3$N%*!<%P!<%U%m!<$O!
"G'(B
$B>Z$,9T$o$l$F$$$J$$(B SMTP $B%/%i%$%"%s%H$K$h$j%j%b!<%H$+$i0z$-5/$3$5$l$k2DG=(B
$B@-$,$"$k!#(B

Microsoft $B$O!"(BExchange 2000 Server $B$r2TF0$5$;$F$$$k%3%s%T%e!<%?>e$G%j%b(B
$B!<%H$+$i%3!<%I$N<B9T$,2DG=$G$"$k$H8xI=$7$F$$$k!#(BExchange Server 5.5 $B$r2T(B
$BF0$5$;$F$$$k%3%s%T%e!<%?$O!"%5!<%S%9ITG=967b$NLdBj$rJz$($F$$$k!#(B

$B%j%b!<%H$N967b<T$O!"967bBP>]$H$J$k%5!<%P$N(B SMTP $B%]!<%H$K@\B3$7!"2aBg$JD9(B
$B$5$N(B ESMTP $B%j%/%(%9%H$rAw?.$9$k2DG=@-$,$"$k!#7k2L$H$7$F!"(BExchange Server
5.5 $B%7%9%F%`>e$G$O!"%a%b%j$N8O3i$K5/0x$7$F!"%5!<%S%9ITG=>uBV$,0z$-5/$3(B

$B$5$l$k!#(B

Exchange 2000 Server $B$r2TF0$5$;$F$$$k%3%s%T%e!<%?>e$G$O!"$3$N2aBg$JD9$5(B
$B$N%j%/%(%9%H$K$h$j!"FbIt%P%C%U%!$N%*!<%P!<%U%m!<$,0z$-5/$3$5$l$k!#(B

Exchange $B%5!<%S%9$N%;%-%e%j%F%#%3%s%F%-%9%H$G0U?^$9$k%3!<%I$N<B9T$b2DG=(B
$B$G$"$k$H?d;!$5$l$k!#(B

Windows NT$B!"(B2000$B!"(BXP$B!"(B2003 $B$GDs6!$5$l$k(B SMTP $B%5!<%S%9$O!"LdBj$rJz$($k%P(B
$B!<%8%g%s$N(B Exchange $B$,%$%s%9%H!<%k$5$l$F$$$J$$8B$j!"K\LdBj$K$h$k1F6A$r<u(B
$B$1$J$$E@$KN10U$9$Y$-$G$"$k!#(B

28. RealOne Player Temporary File Default Browser Script Executi...
BugTraq ID: 8839
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8839
$B$^$H$a(B:

RealOne Player $B$O!"(BMicrosoft Windows $B$*$h$S(B MacOS $B$r4^$`B?$/$N4D6-$GMxMQ(B
$B2DG=$J%a%G%#%"%W%l%$%d!<$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O0l;~%U%!%$%k$r<h$j07$&:]$KLdBj$,$"$
k!#(B
$B$3$N$?$a!"967b<T$O!"%f!<%6$N(B Web $B%V%i%&%6Fb$GIT@5$JA`:n$r<B9T2DG=$G$"$k(B
$B$H?d;!$5$l$k!#(B

$B$3$NLdBj$K4X$9$kL@3N$J>\:Y$O8=;~E@$G$O8x3+$5$l$F$$$J$$!#FCDj$N>u672<$
K$*(B
$B$$$F!"%3%s%T%e!<%?>e$N%G%U%)%k%H%V%i%&%6$K0l;~%U%!%$%k$,FI$_9~$^$l$kA
0$K!"(B
$B0l;~%U%!%$%k$K=q$-9~$_2DG=$G$"$k$3$H$,H=L@$7$F$$$k!#$3$l$i$N%U%!%$%k$
K=q(B
$B$-9~$^$l$k%G!<%?$K$O!"%9%/%j%W%H%3!<%I$d0U?^$9$k(B URL $B$,4^$^$l$k2DG=@-$,(B
$B$"$k!#(B

$B$3$NLdBj$K$h$j!"FI$_9~$^$l$?%U%!%$%k$O!"%G%U%)%k%H%V%i%&%6$r2p$7$F%m!
<%+(B
$B%k%;%-%e%j%F%#%>!<%s$G%9%/%j%W%H$N<B9T$,2DG=$G$"$j!"$=$N$?$a!"(BReal
One
Player $B%f!<%6$N8"8B$G%m!<%+%k%7%9%F%`>e$GA`:n$,2DG=$G$"$k$H?d;!$5$l$k!#(B
$B$7$+$7$J$,$i!"$3$l$O(B Real $B$^$?$O(B Symantec $B$K$h$k8!>Z$O$5$l$F$$$J$$!#(B

29. Macromedia ColdFusion MX SQL Error Message Cross-Site Scrip...
BugTraq ID: 8840
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 15 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8840
$B$^$H$a(B:

ColdFusion MX $B$O!"(BMacromedia $B$,HNGd$7$F$$$k!"(BWeb $B%"%W%j%1!<%7%g%s%5!<%P(B
$B$r3+H/$7!"1?1D$9$k$?$a$N5!9=$rDs6!$9$k%=%U%H%&%'%"$G$"$k!#$3$N%=%U%H%
&%'(B
$B%"$OC1BN$G(B UNIX$B!"(BLinux$B!"(BMicrosoft Windows $B4D6-$GMxMQ2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$K$O!"%j%b!<%H$N967b<T$,(B HTML $B$^$?$O%9%/%j(B
$B%W%H%3!<%I$rLdBj$rJz$($k%P!<%8%g%s$N$3$N%=%U%H%&%'%"$r<B9T$7$F$$$k%f!
<%6(B
$B$N%V%i%&%6$G<B9T2DG=$JLdBj$,B8:_$9$k!#(B

$B$3$NLdBj$O!"$3$N%=%U%H%&%'%"$K$h$k%f!<%6$,M?$($?F~NO$KBP$9$kL5322=$,I
T==(B
$BJ,$G$"$k$3$H$K5/0x$9$k!#L$8!>Z$G$O$"$k$,!"Js9p$K$h$k$H!"$3$N%=%U%H%&%
'%"(B
$B$,MxMQ$9$k%G!<%?%Y!<%9$K$h$j@8@.$5$l$k%(%i!<%Z!<%8$r$3$N%=%U%H%&%'%"$
,I=(B
$B<($9$k:]$KLdBj$,@8$8$k!#$=$N$?$a!"967b<T$O!"%j%s%/$rC)$C$?:]$K%f!<%6$
N%V(B
$B%i%&%6$G2r<a$5$l$k(B HTML $B$^$?$O%9%/%j%W%H%3!<%I$,4^$^$l$?0-0U$"$k%j%s%/$r(B
$BAH$_N)$F$k$3$H$,2DG=$G$"$k!#$3$N967b$O!"LdBj$rJz$($k%5%$%H$N%;%-%e%j%
F%#(B
$B%3%s%F%-%9%H$G@8$8$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$,@.8y$7$?>l9g!"967b<T$O!"(BCookie $B$KM3Mh$9$kG'>ZMQ(B
$B>pJs$N@`<h$,2DG=$G$"$k!#$^$?!"B>$N967b$b2DG=$G$"$k!#(B

Macromedia ColdFusion MX 6.0 $B$,$3$NLdBj$rJz$($F$$$k$HJs9p$5$l$F$$$k$,!"(B
$BB>$N%P!<%8%g%s$bF1MM$K1F6A$r<u$1$k2DG=@-$,$"$k!#(B

30. Bajie HTTP Server Example Scripts And Servlets Cross-Site Sc...
BugTraq ID: 8841
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Oct 16 2003
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/8841
$B$^$H$a(B:

Bajie HTTP Web Server $B$O!"(BJava $B$G5-=R$5$l$?(B Web $B%5!<%P$G$"$k!#$3$N%=%U%H(B
$B%&%'%"$O!"(BMicrosoft Windows $B$*$h$S(B Unix/Linux $BM3Mh$N(B OS $B$GMxMQ2DG=$G$"$k!#(B

$BJs9p$K$h$k$H!"$3$N%=%U%H%&%'%"$N0lIt$H$7$FG[I[$5$l$F$$$k%G%b%s%9%H%l!
<%7(B
$B%g%s%9%/%j%W%H$H%5!<%V%l%C%H$K$O!"J#?t$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0$
NLd(B
$BBj$rJz$($F$$$k5?$$$,$"$k!#$3$l$i$N%G%b%s%9%H%l!<%7%g%s%9%/%j%W%H$H%5!
<%V(B
$B%l%C%H$O30It$+$i$N%"%/%;%9$KBP$9$k8x3+$rL\E*$H$9$k$b$N$G$O$J$/!"$3$N%
=%U(B
$B%H%&%'%"$K4^$^$l$k5!G=@-$N<B1i$H$7$F$NF0:n$rL\E*$H$7$F$$$k!#(B

$BJs9p$K$h$k$H!"%j%b!<%H$N967b<T$O!"1F6A$r<u$1$k%5!<%P>e$NLdBj$rJz$($k%
G%b(B
$B%s%9%H%l!<%7%g%s%9%/%j%W%H$*$h$S%5!<%V%l%C%H$N2?$l$+$K!"%9%/%j%W%H$*$
h$S(B
HTML $B%3!<%I$r4^$`0-0U$"$k%j%s%/$rAH$_N)$F$k2DG=@-$,$"$k!#$3$N%j%s%/$,C)(B

$B$i$l$?>l9g!"%j%s%/$K4^$^$l$k%3!<%I$O%j%s%/$rC)$C$?%f!<%6$N(B Web $B%V%i%&%6(B
$B$G2r<a$5$l$k!#%3!<%I$N<B9T$O!"$3$N%=%U%H%&%'%">e$G<B9T$5$l$F$$$kLdBj$
rJz(B
$B$($k%9%/%j%W%H$N8"8B$G9T$o$l$k!#(B

$B$3$NLdBj$rMxMQ$9$k967b$K$h$j!"%j%b!<%H$N967b<T$O(B Cookie $B$KM3Mh$9$kG'>ZMQ(B
$B>pJs$N@`<h$,2DG=$G$"$k!#$^$?!"B>$N967b$b2DG=$G$"$k!#(B

$B$3$NLdBj$O(B Bajie HTTP server 0.95zxv4 $B$K1F6A$r5Z$\$9$HJs9p$5$l$F$$$k$,!"(B
$BF10l$N%G%b%s%9%H%l!<%7%g%s%9%/%j%W%H$,F1:-$5$l$F$$$k!"$3$l$h$jA0$N%P!
<%8(B
$B%g%s$bLdBj$rJz$($F$$$k2DG=@-$,$"$k$3$H$KN10U$9$Y$-$G$"$k!#(B

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Senators propose Patriot Act limitations
$BCx<T(B: Kevin Poulsen

2001 $BG/!"JF>e1!5D2q$O!"JF9q0&9q<TK!(B (USA-PATRIOT) $B$r(B 98 $BBP(B 1 $B$G>5G'$7$?!#(B
$B$7$+$7!"N>E^$N;Y;}$rF@$F$$$k?7$?$JK!0F$O!"$3$N0&9q<TK!$N4v$D$+$rL58z$
H$9(B
$B$k!#(B

http://www.securityfocus.com/news/7245

2. Prosecutors admit error in whistleblower conviction
$BCx<T(B: Kevin Poulsen

$BJFO"K.$NEv6I<T$O!"858[MQ<T$N%;%-%e%j%F%#%[!<%k$r7Y9p$7$h$&$H!"8\5R$J$
I$K(B
$B>pJs3+<($r9T$J$C$?$H$7$F!"JFO"K.7:L3=j$K(B 16 $B%v7n4V$K$o$?$jI~Lr$7$??MJ*$N(B
$BM-:aH=7h$r<h$j>C$90U8~$G$$$k!#(B

http://www.securityfocus.com/news/7202

3. Teen charged in cyber stock scam
$BCx<T(B: Kevin Poulsen

$B$"$kEj;q2H$O!"2ACM$N$J$$(B Cisco $B3t$N%*%W%7%g%s$r=hJ,$7$h$&$H!">Z7t<h0z8}(B
$B:B$r%O%C%-%s%0$7$?$H$$$&5?$$$,3]$1$i$l$F$$$k!#(B

http://www.securityfocus.com/news/7177

4. Spam inspires musos to song
$BCx<T(B: John Leyden, The Register

http://www.securityfocus.com/news/7253

5. NetScreen firms firewalls against app attacks
$BCx<T(B: John Leyden, The Register

http://www.securityfocus.com/news/7252

6. Teen computer whiz cleared in Houston hacking
$BCx<T(B: , The Associated Press

http://www.securityfocus.com/news/7242

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Webmin Usermonitor v0.11a
$B:n<T(B: Alexander Gehrig <webmin (at) gehrigal (dot) de [email concealed]>
$B4XO"$9$k(B URL: http://www.gehrigal.net/projects/webmin_usermonitor/
$BF0:n4D6-(B: AIX$B!"(BFreeBSD$B!"(BHP-UX$B!"(BIRIX$B!"(BLinux$B!"(BNetBSD$
B!"(BOpenBSD$B!"(BSCO,
Solaris, SunOS, UNIX
$B$^$H$a(B:

Webmin Usermonitor $B$O!"(BTelnet$B!"(BSSH$B!"$^$?$O(B Samba $B$K4p$E$/!"%3%s%T%e!<%?(B
$B$X$NA4$F$N%f!<%6@\B3$r1\Mw2DG=$J(B Webmin $B%b%8%e!<%k$G$"$k!#%f!<%6@\B3$N@Z(B
$BCG$d%f!<%6$X$N%a%C%;!<%8Aw?.$,2DG=$G$9!#(B

2. radmind v1.2.0
$B:n<T(B: UMich RSUG
$B4XO"$9$k(B URL: http://rsug.itd.umich.edu/software/radmind
$BF0:n4D6-(B: FreeBSD$B!"(BLinux$B!"(BMacOS$B!"(BOpenBSD$B!"(BSolaris$B!"(BS
unOS$B!"(BUNIX
$B$^$H$a(B:

radmind $B$O(B Unix $B$N%3%^%s%I%i%$%s$GF0:n$9$k%D!<%k72$G!"J#?t$N(B Unix $B$,F0:n(B
$B$9$k%3%s%T%e!<%?$N%U%!%$%k%7%9%F%`$r%j%b!<%H$+$i4IM}$G$-$k$3$H$r0U?^$
7$F(B
$B3+H/$5$l$F$$$^$9!#Cf3K5!G=$H$7$F5s$2$i$l$k5!G=$O!"$"$?$+$b(B tripwire$B$N$h(B
$B$&$KF0:n$9$k5!G=$G$9!#$3$N5!G=$O4IM}2<$K$"$k%U%!%$%k%7%9%F%`Fb$N!"%U%
!%$(B
$B%k!"%G%#%l%/%H%j!"%O!<%I%j%s%/!"%7%s%\%j%C%/%j%s%/$J$I$N%*%V%8%'%/%H$
NJQ(B
$B2=$rH/8+2DG=$G$9!#%*%W%7%g%s$G$O$"$j$^$9$,!"$3$N%=%U%H%&%'%"$OJQ2=FbM
F$r(B
$B85$KLa$9$3$H$,2DG=$G$9!#4IM}2<$K$"$k%3%s%T%e!<%?$N$=$l$>$l$K$OJ#?t$N:
n@.(B
$B:Q$_%m!<%I%;%C%H!"3,AX2=$5$l$?%*!<%P!<%m!<%I$r@_Dj2DG=$G$9!#$3$N5!G=$
K$h(B
$B$j!"Nc$($P%"%W%j%1!<%7%g%s$4$H$K(B OS $B$r$=$l$>$lJL8D$K3d$jEv$F$k$3$H$,2DG=(B
$B$K$J$j$^$9!#%m!<%I%;%C%H$O%j%b!<%H$N%5!<%PFb$K3JG<$5$l!"%5!<%PFb$N%m!
<%I(B
$B%;%C%H$r99?7$9$k$3$H$K$h$j!"JQ99FbMF$O4IM}BP>]$N%3%s%T%e!<%?$XE>Aw2DG
=$G(B
$B$9!#(B

3. w3pw v1.10
$B:n<T(B: Thomas Seifert
$B4XO"$9$k(B URL: http://w3pw.sourceforge.net/
$BF0:n4D6-(B: OS $B$K0MB8$7$J$$(B
$B$^$H$a(B:

w3pw $B$O!"(BPHP $B$rMxMQ$7$F3+H/$5$l!"(BWeb $B%$%s%?!<%U%'%$%9$rHw$($?%Q%9%o!<%I(B
$B4IM}%D!<%k$G$9!#0E9f2=$5$l$?>pJs$O!"(BMySQL $B%G!<%?%Y!<%9$K3JG<$5$l$^$9!#(B

4. testmail v3.1.5
$B:n<T(B: c.kruk
$B4XO"$9$k(B URL: http://strony.wp.pl/wp/c_kruk/
$BF0:n4D6-(B: Perl (perl $B$,F0:n$9$k4D6-(B)
$B$^$H$a(B:

testmail $B$O!"(BPOP3 $B%5!<%P$G$NEE;R%a!<%k$N2DMQ@-$N%A%'%C%/!"Dj5A$5$l$?%k!<(B
$B%k$K4p$E$$$?%U%#%k%?%j%s%0!"$*$h$S(B ($BA*Br$5$l$?%a%=%C%I$K$h$C$F$O(B) $B%m!<%+(B
$B%k$N%a!<%k%\%C%/%9$K%a%C%;!<%8$r<hF@!"$^$?$O%5!<%P$+$i$N:o=|$r9T$J$&
(B
Perl $B%9%/%j%W%H$G$9!#$3$N%=%U%H%&%'%"$O(B Perl libnet $B%b%8%e!<%k$r;HMQ$7!"(B
$B%9%Q%`$r2sHr$9$k$N$KM-MQ$G$9!#(B

5. Steghide v0.5.1
$B:n<T(B: Stefan Hetzl
$B4XO"$9$k(B URL: http://steghide.sourceforge.net
$BF0:n4D6-(B: AIX$B!"(BBSDI$B!"(BDigital UNIX/Alpha$B!"(BFreeBSD$B!"(BHP-UX$B!"(BIRIX$B!"(BLinux,
NetBSD, OpenBSD, SCO, Solaris, SunOS, True64 UNIX, Ultrix, UNIX,
Unixware,
Windows 95/98, Windows NT
$B$^$H$a(B:

Steghide $B$O!"%G!<%?%U%!%$%k$N%S%C%H$rB>$N%U%!%$%k$N:G2<0L%S%C%H$N0lIt$K(B
$B1#$7!"%G!<%?%U%!%$%k$NB8:_$rIT2D;k$K$7!"H=L@$G$-$J$$$h$&$K$9$k%9%F%,%
N%0(B
$B%i%U%#!<%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$O0\?"2DG=$GI}9-$$@_Dj$,2DG
=$G(B
$B$"$k$h$&$K0U?^$5$l$F$*$j!"(Bbmp$B!"(Bwav $B$*$h$S(B au $B%U%!%$%k$X$N%G!<%?1#JC!"(B
blowfish $B0E9f2=!"(Bblowfish $B0E9f80$N%Q%9%U%l!<%:$N(B MD5 $B%O%C%7%e!"$*$h$S%3(B
$B%s%F%J%G!<%?Fb$N1#$7%S%C%H$N5<;w%i%s%@%`G[CV$NFCD'$,$"$j$^$9!#(B

6. NISCA v2.5
$B:n<T(B: Brett Baugh
$B4XO"$9$k(B URL: http://nisca.sourceforge.net/
$BF0:n4D6-(B: POSIX
$B$^$H$a(B:

NISCA (Network Interface Statistics Collection Agent) $B$O$h$j=@Fp$J!"(BPHP4
$B$rMxMQ$7$F3+H/$5$l$?(B MRTG $B$NBeBX%=%U%H%&%'%"$G$9!#$3$N%=%U%H%&%'%"$O!"(B
$BE}7W%G!<%?$r<}=8$9$k$?$a$K(B SNMP $B$*$h$S(B $B%m!<%+%k%[%9%H$N(B /proc/net/dev $B%G(B
$B%P%$%9%U%!%$%k%G%#%l%/%H%j$NFI$_<h$j$r%5%]!<%H$7$F$$$^$9!#$3$N%=%U%H%
&%'(B
$B%"$O<}=8$7$?%G!<%?$r3JG<$9$k$?$a$K(B MySQL $B$r;HMQ$7!"E>Aw$5$l$?%P%$%H!"E>(B
$BAw$5$l$?%Q%1%C%H!"E>Aw%(%i!<!"$*$h$SGK4~$5$l$?%Q%1%C%H$r%$%s%?!<%U%'!
<%9(B
$B$NF~=P$4$H$KJ,N%$7!"E}7W%G!<%?$H$7$F3JG<$7$F$$$^$9!#$3$N%=%U%H%&%'%"$
O!"(B
$B%G!<%?%Y!<%9$K3JG<$5$l$?G$0U$N%?%$%`%U%l!<%`$+$i$N%G!<%?$r;HMQ$7$F!"%
0%i(B
$B%U$*$h$S%F%-%9%H7A<0$N%l%]!<%HI=$r@8@.$7$^$9!#%Q%C%1!<%8A4BN$O(B PHP4 $B$r;H(B
$BMQ$7$F2TF0$7$^$9!#$3$N%Q%C%1!<%8$O!"E}7W%G!<%?$N<}=8$N$?$a$K(B ("daemon"
$B$H$7$F%P%C%/%0%i%&%s%I$G2TF0$5$l$F$$$k(B) PHP $B$N(B CGI $B%P%$%J%j$r;HMQ$7!"(BGUI
$B$N%U%)!<%`!"$*$h$S%l%]!<%H$r@8@.$9$k$?$a$K(B CGI $B$^$?$O(B Apache $B$N%b%8%e!<(B
$B%k$r;HMQ$7$^$9!#$3$N%=%U%H%&%'%"$O4{B8$N(B MRTG $B$N%m%0%U%!%$%k$r%$%s%]!<%H(B
$B$9$k$3$H$b2DG=$G$9!#(B

--
$BLu(B: $BA}EDCR0l(B(MASUDA Tomokazu)$B!">.>>%_%5(B(KOMATSU Misa)$B!"(B
$BGOCeFF(B(UMAKI Atsushi)$B!"3QED8<;J(B(KAKUDA Motoshi)$B!"(B
$B@P86J8;R(B(ISHIHARA Ayako)$B!">!3$D>?M(B(KATSUMI Naoto)$B!"(B
$B9b66=SB@O:(B(TAKAHASHI Shuntarou)
$B4F=$(B: $BA}EDCR0l(B(MASUDA Tomokazu)
LAC Co., Ltd.
http://www.lac.co.jp/security/

[ reply ]