Bugtraq in Japanese
SecurityFocus Newsletter #283 2005-01-03->2005-01-07 Jul 08 2005 11:06AM
Tsuneo Ogasawara (t ogaswr lac co jp)
$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 283 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/popups/forums/bugtraq-jp/faq.shtml
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/securityfocusnews/intro.shtml

BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/popups/forums/bugtraq/faq.shtml
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: 11 Jan 2005 21:15:46 -0000
Message-ID: <20050111211546.30680.qmail (at) sfcm.securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #283
-----------------------------

This Issue is Sponsored By: SPI Dynamics

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Microsoft Anti-Spyware?
2. The Perils of Deep Packet Inspection
3. SSH Port Forwarding
4. Stamping Passport
II. BUGTRAQ SUMMARY
1. Joe Lumbroso FormMail.php Arbitrary Remote File Access Vulne...
2. HTML Headline Temporary File Symbolic Link Vulnerabilities
3. GFI MailEssentials and MailSecurity HTML Email Remote Denial...
4. SIR GNUBoard File Upload Extension Restriction Bypass Vulner...
5. FlatNuke Form Submission Input Validation Vulnerability
6. Apple AirPort Wireless Distribution System Remote Denial of ...
7. Mozilla/Firefox File Download Dialog Spoofing Vulnerability
8. Bugzilla Internal Error Cross-Site Scripting Vulnerability
9. 3Com 3CDaemon Multiple Remote Vulnerabilities
10. All Enthusiast PhotoPost Classifieds Multiple Input Validati...
11. All Enthusiast PhotoPost PHP Pro Multiple Cross-Site Scripti...
12. All Enthusiast ReviewPost PHP Pro Multiple Input Validation ...
13. MyBulletinBoard MEMBER.PHP SQL Injection Vulnerability
14. Soldner Secret Wars Multiple Remote Vulnerabilities
15. QwikiWiki Remote Directory Traversal Vulnerability
16. Multiple Vendor Bluetooth Device Unauthorized Serial Command...
17. Linux Kernel SYSENTER Thread Information Pointer Local Infor...
18. Linux Kernel Local File Descriptor Passing Security Module B...
19. IBM DB2 XML Function Unauthorized File Creation and Disclosu...
20. LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerabil...
21. Symantec CcErrDsp.ErrorDisplay.1 ActiveX Remote Denial Of Se...
22. WinHKI Multiple Remote Vulnerabilities
23. Winace Remote Directory Traversal Vulnerability
24. Virtual Hosting Control System SQL.PHP Remote File Include V...
25. b2evolution INDEX.PHP SQL Injection Vulnerability
26. Mod_DOSEvasive Apache Module Local Insecure Temporary File C...
27. Noah Grey Greymatter Password Disclosure Vulnerability
28. Jeuce Personal Web Server Directory Traversal And Denial Of ...
29. Noah Grey Greymatter GM-CPLog.CGI HTML Injection Vulnerabili...
30. Exim Illegal IPv6 Address Buffer Overflow Vulnerability
31. Microsoft Multiple Unspecified Security Vulnerabilities
32. Amphora Gate Unauthorized Access Vulnerability
33. Exim SPA Authentication Remote Buffer Overflow Vulnerability
34. Noah Grey Greymatter GM-Comments.CGI HTML Injection Vulnerab...
35. Linux kernel Uselib() Local Privilege Escalation Vulnerabili...
36. SugarCRM/SugarSales Remote File Include Vulnerability
37. Amp II 3D Game Engine Remote Denial Of Service Vulnerability
38. Simple PHP Blog Remote Directory Traversal Vulnerabilities
39. Novell GroupWise WebAccess Potential Information Disclosure ...
40. Linux Kernel Multiple Local MOXA Serial Driver Buffer Overfl...
41. Linux Kernel Random Poolsize SysCTL Handler Integer Overflow...
42. Linux Kernel Local RLIMIT_MEMLOCK Bypass Denial Of Service V...
43. Linux Kernel SCSI IOCTL Integer Overflow Vulnerability
III. SECURITYFOCUS NEWS ARTICLES
1. Netizens eye Web-enabled surveillance cams
2. Sims 2 hacks spread like viruses
3. Groups fight Internet wiretap push
4. MS virus clean-up tool sparks controversy
5. Vital Files Exposed In GMU Hacking
6. Exploit code attacks unpatched IE bug
IV. SECURITYFOCUS TOP 6 TOOLS
1. Azure Web Log 1.5
2. Interface Traffic Indicator 1.2.3
3. Colasoft Capsa 4.05
4. Attack Tool Kit (ATK) 3.0
5. One-Time Password Generator 1.0
6. tenshi 0.3.2

I. FRONT AND CENTER($BF|K\8lLu$J$7(B)
---------------------------------

II. BUGTRAQ SUMMARY
-------------------
1. Joe Lumbroso FormMail.php Arbitrary Remote File Access Vulne...
BugTraq ID: 12145
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 01 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12145
$BMWLs(B:
$B%j%b!<%H$N967b<T$,!"%;%C%7%g%s$KBP1~$9$k(B Web $B%5!<%P%W%m%;%9$+$iFI$_=P$7(B
$B$,$G$-$k%U%!%$%k%7%9%F%`>e$N%U%!%$%k$r<hF@$9$k$N$,2DG=$G$"$k$HJs9p$5$
l$F(B
$B$$$^$9!#(B"ar_file" $BJQ?t$G;XDj$5$l$?%U%!%$%k$O!"Aw?.$5$l$kEE;R%a!<%k%a%C%;!<(B
$B%8$K%$%s%/%k!<%I$5$l$^$9!#967b<T$O!"AjBP%Q%9$GG$0U$N%U%!%$%k$r;XDj$9$
k$3(B
$B$H$,2DG=$G$9!#EE;R%a!<%k%a%C%;!<%8$N<u?.<T$O%/%i%$%"%s%H$,;XDj$9$k$?$
a!"(B
$B%5!<%P%W%m%;%9$K%"%/%;%92DG=$J%U%!%$%k%7%9%F%`>e$NG$0U$N%U%!%$%k$,!"%
j%b!<(B
$B%H$NEE;R%a!<%k%"%I%l%9$KAw?.$5$l$k2DG=@-$,$"$j$^$9!#(B

2. HTML Headline Temporary File Symbolic Link Vulnerabilities
BugTraq ID: 12147
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 03 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12147
$BMWLs(B:
HtmlHeadline $B$G$O!"B??t$N%$%s%9%?%s%9$G%;%-%e%j%F%#>eITE,@Z$J0l;~%U%!%$(B
$B%k$,;HMQ$5$l$k$3$H$,Js9p$5$l$F$$$^$9!#>/$J$/$H$b!"$3$N$h$&$J%$%s%9%?%
s%9(B
$B$N0lIt$O!"%U%!%$%k%7%9%F%`>e$N%U%!%$%k$rGK2u$9$k$?$a$KMxMQ$5$l$k2DG=@
-$,(B
$B$"$k$HJs9p$5$l$F$$$^$9!#(BHtmlHeadline $B$G$O!"$9$Y$F$N%f!<%6$,=q$-9~$_2DG=(B
$B$J(B "/tmp" $BFb$G!"M=B,2DG=$J%U%!%$%kL>$NIU$$$?0l;~%U%!%$%k$N:n@.$d=q$-9~$_(B
$B$,9T$o$l$k2DG=@-$,$"$j$^$9!#(B

3. GFI MailEssentials and MailSecurity HTML Email Remote Denial...
BugTraq ID: 12148
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 03 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12148
$BMWLs(B:
GFI MailEssentials $B$H(B MailSecurity $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S(B
$B%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?(B HTML $B7A<0(B
$B$NEE;R%a!<%k%a%C%;!<%8$,=hM}$5$l$k$H$-$KH/@8$7$^$9!#%5!<%P$N%j%V!<%H$
d%5!<(B
$B%S%9$N:F5/F0$r<B9T$7$F$b!"$3$NLdBj$O2r7h$5$l$^$;$s!#(B

4. SIR GNUBoard File Upload Extension Restriction Bypass Vulner...
BugTraq ID: 12149
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 03 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12149
$BMWLs(B:
SIR GNUBoard $B$G$O!"%"%C%W%m!<%I$5$l$?%U%!%$%k$N%U%!%$%k3HD%;R$KBP$9$kBE(B
$BEv@-$N3NG'$,E,@Z$K<B9T$5$l$^$;$s!#$3$N$?$a!"(BGNUBoard $B$r<B9T$9$k(B Web $B%5%$(B
$B%H$KBP$7$F!"%j%b!<%H%f!<%6$,0-0U$"$k%9%/%j%W%H%U%!%$%k$r%"%C%W%m!<%I$
9$k(B
$B$N$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#$3$l$i$N%9%/%j%W%H$O!"%5%$%H$K%"%
/%;(B
$B%9$9$k%f!<%6$N%V%i%&%6$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$
,$"(B
$B$j$^$9!#(B

5. FlatNuke Form Submission Input Validation Vulnerability
BugTraq ID: 12150
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 03 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12150
$BMWLs(B:
FlatNuke $B$K$O!"F~NOCM$KBP$9$kBEEv@-$N3NG'$,E,@Z$K<B9T$5$l$J$$5?$$$,$"$j(B
$B$^$9!#$3$N$?$a!"%j%b!<%H%f!<%6$,%5%$%H$N4IM}<T%"%+%&%s%H$r:n@.$9$k!"$
"$k(B
$B$$$OG$0U$N%9%/%j%W%H%3!<%I$rA^F~$9$k$N$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$
9!#(B
$B$3$NLdBj$O%U%)!<%i%`$NEPO?=hM}$GH/@8$7$^$9!#(B

FlatNuke 2.5.1 $B$K$*$$$F!"$3$NLdBj$,Js9p$5$l$F$$$^$9!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

6. Apple AirPort Wireless Distribution System Remote Denial of ...
BugTraq ID: 12152
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 03 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12152
$BMWLs(B:
Apple $B$NL5@~%Y!<%9%9%F!<%7%g%s$G$"$k(B AirPort Extreme $B$H(B AirPort Express
$B$K$O!"(BWDS (Wireless Distribution System) $B%b!<%I$G;HMQ$5$l$k>l9g$K%5!<%S(B
$B%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#$3$N$?$a!"%j%b!<%H$N967b<T$,%Y!<%9%9%
F!<(B
$B%7%g%s$G$N%H%i%U%#%C%/=hM}$rDd;_$9$k$N$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$
9!#(B

7. Mozilla/Firefox File Download Dialog Spoofing Vulnerability
BugTraq ID: 12153
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12153
$BMWLs(B:
Mozilla $B$H(B Firefox $B$K$O!"0-0U$"$k(B Web $B%Z!<%8$,%@%&%s%m!<%I%=!<%9$r56Au$9(B
$B$k$N$r5v$7$F$7$^$&5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%=!<%7%c%k%(%s%8%K%"%j%s%0967b$K$h$j!"%f!<%6$
,0-(B
$B0U$"$k%U%!%$%k$r?.Mj$G$-$k%=!<%9$+$i$N%U%!%$%k$G$"$k$H;W$$9~$s$G%@%&%
s%m!<(B
$B%I$9$k$h$&$K;E8~$1$i$l$k2DG=@-$,$"$j$^$9!#(B

8. Bugzilla Internal Error Cross-Site Scripting Vulnerability
BugTraq ID: 12154
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12154
$BMWLs(B:
Bugzilla $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$K$h$kF~NOCM$r4^$`FbIt%(%i!<$,=hM}$5$l$k$H$-$K0z$-5
/$3(B
$B$5$l$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"FbIt$N%(%i!<%Z!<%8$G0-0U$"$k(B HTML $B$d%9%/%j%W%H%3!<(B
$B%I$,=hM}$5$l$k$N$r0z$-5/$3$9%j%s%/$r!"%f!<%6$,;HMQ$9$k$h$&$K;E8~$1$i$
l$k(B
$B2DG=@-$,$"$j$^$9!#LdBj$,MxMQ$5$l$k$3$H$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>p(B
$BJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

9. 3Com 3CDaemon Multiple Remote Vulnerabilities
BugTraq ID: 12155
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12155
$BMWLs(B:
3CDaemon $B$K$O!"%;%-%e%j%F%#>e$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$k$HJs9p$5$l(B
$B$F$$$^$9!#967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G%
"%W(B
$B%j%1!<%7%g%s$N%/%i%C%7%e!"=EMW>pJs$N3+<(!"$*$h$SG$0U$N%3!<%I<B9T$r0z$
-5/(B
$B$3$92DG=@-$,$"$j$^$9!#(B

$B0J2<$NLdBj$,H/8+$5$l$F$$$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$O!"J#?t$N%U%)!<%^%C%H%9%H%j%s%0$NLdBj$N1F6A$r<u$
1$k(B
$B$HJs9p$5$l$F$$$^$9!#967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"%5!<%S%9ITG=>uBV$
r0z(B
$B$-5/$3$7$?$j!"G$0U$N%W%m%;%9%a%b%j$K=q$-9~$s$G%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#(B

$B$^$?!"$3$N%"%W%j%1!<%7%g%s$O!"%P%C%U%!%*!<%P!<%U%m!<$K4XO"$9$kJ#?t$NL
dBj(B
$B$N1F6A$r<u$1$^$9!#%j%b!<%H$N967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"LdBj$N$"$
k%3(B
$B%s%T%e!<%?>e$GG$0U$N%3!<%I$r<B9T$7$?$j!"%"%W%j%1!<%7%g%s$r%/%i%C%7%e$
5$;(B
$B$k2DG=@-$,$"$j$^$9!#(B

$B$^$?(B 3CDaemon $B$G$O!"FCDj$N(B MS-DOS $B%G%P%$%9L>$,MW5a$5$l$k$H$-$K=EMW>pJs$,(B
$B3+<($5$l$F$7$^$$$^$9!#$3$N%?%$%W$N=EMW>pJs$O!"$3$N%3%s%T%e!<%?$KBP$9$
k99(B
$B$J$k967b$KMxMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

3CDaemon 2.0 revision 10 $B$K$*$$$F!"$3$l$i$NLdBj$,Js9p$5$l$F$$$^$9!#$=$N(B
$BB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

10. All Enthusiast PhotoPost Classifieds Multiple Input Validati...
BugTraq ID: 12156
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 03 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12156
$BMWLs(B:
PhotoPost Classifieds $B$K$O!"F~NOCM$KBP$9$kBEEv@-$N3NG'$,E,@Z$K<B9T$5$l$J(B
$B$$$3$H$KM3Mh$9$k%;%-%e%j%F%#>e$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$k$HJs9p$
5$l(B
$B$F$$$^$9!#%j%b!<%H$N967b<T$O!"(BSQL $B9=J8$rCmF~$9$k967b!"%/%m%9%5%$%H%9%/%j(B
$B%W%F%#%s%0967b!"$*$h$SLdBj$N$"$k%5!<%P$X$NG$0U$N%U%!%$%k$N%"%C%W%m!<%
I$r(B
$B<B9T$9$k2DG=@-$,$"$j$^$9!#(B

PhotoPost Classifieds $B$N$9$Y$F$N%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj$N5?$$$,(B
$B$"$k$HJs9p$5$l$F$$$^$9!#(B

11. All Enthusiast PhotoPost PHP Pro Multiple Cross-Site Scripti...
BugTraq ID: 12157
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12157
$BMWLs(B:
PhotoPost PHP Pro $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t$NLd(B
$BBj$,B8:_$9$k5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#$3$l$i$NLdBj$O!"%f!<%6$K$h$
kF~(B
$BNOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$KDI2C$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$
,%"(B
$B%W%j%1!<%7%g%s$K$h$jE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"967b$rM=4|$7$F$$$J$$%f!<%6$N%V%i%&%6$
GG$(B
$B0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$C$F!"(BCook
ie $B$K(B
$BM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#
(B

PhotoPost PHP Pro 4.8.1 $B$K$*$$$F!"$3$l$i$NLdBj$N5?$$$,$"$k$HJs9p$5$l$F$$(B
$B$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

12. All Enthusiast ReviewPost PHP Pro Multiple Input Validation ...
BugTraq ID: 12159
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12159
$BMWLs(B:
ReviewPost PHP Pro $B$K$O!"F~NOCM$KBP$9$kBEEv@-$N3NG'$,E,@Z$K<B9T$5$l$J$$(B
$B$?$a$K!"%;%-%e%j%F%#>e$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$k$HJs9p$5$l$F$$$
^$9!#(B
$B%j%b!<%H$N967b<T$O!"(BSQL $B9=J8$rCmF~$9$k967b!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0(B
$B967b!"$*$h$SLdBj$N$"$k%5!<%P$X$NG$0U$N%U%!%$%k$N%"%C%W%m!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#(B

ReviewPost PHP Pro $B$N$9$Y$F$N%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj$N5?$$$,$"(B
$B$k$HJs9p$5$l$F$$$^$9!#(B

13. MyBulletinBoard MEMBER.PHP SQL Injection Vulnerability
BugTraq ID: 12161
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12161
$BMWLs(B:
MyBulletinBoard $B$O!"%j%b!<%H$+$i(B SQL $B9=J8$rCmF~2DG=$JLdBj$N1F6A$r<u$1$k(B
$B$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%6$K$h$kF~NOCM$r(B SQL $B%/%(%j$KDI2C$9(B
$B$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,%"%W%j%1!<%7%g%s$K$h$jE,@Z$K<B9T$5$l$
J$$(B
$B$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BSQL $B%/%(%j$NJ8;zNs$rA`:n$7!"G$0U$N%G!<%?%Y!<(B
$B%9%/%(%j$rH/9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"%G!<%?%Y!<%9$N=EMW>pJ
s$,(B
$B3+<($5$l$?$jGK2u$5$l$k2DG=@-$,$"$j$^$9!#967b$,@.8yN#$K<B9T$5$l$k$3$H$
K$h(B
$B$j!"4IM}<T$N%Q%9%o!<%I%O%C%7%e$,967b<T$K3+<($5$l$k2DG=@-$,$"$k$HJs9p$
5$l(B
$B$F$$$^$9!#(B

MyBulletinBoard $B$N$9$Y$F$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$H9M(B
$B$($i$l$^$9!#(B

14. Soldner Secret Wars Multiple Remote Vulnerabilities
BugTraq ID: 12162
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12162
$BMWLs(B:
Secret Wars $B$K$O!"%;%-%e%j%F%#>e$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$k$HJs9p$5(B
$B$l$F$$$^$9!#967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"%5!<%P$G%5!<%S%9ITG=>uBV$
r0z(B
$B$-5/$3$7$?$j!"4IM}(B Web $B%$%s%?%U%'!<%9$+$iG$0U$N%3!<%I<B9T$d(B HTML $B%?%0$r(B
$BA^F~$9$k967b$r9T$&2DG=@-$,$"$j$^$9!#(B

Secret Wars 30830 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

15. QwikiWiki Remote Directory Traversal Vulnerability
BugTraq ID: 12163
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12163
$BMWLs(B:
QwikiWiki $B$K$O!"%j%b!<%H$+$i%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k2DG=@-$,(B
$B$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%6$K$h$kF~NOCM$N%5%K%?%$%:=hM
}$,(B
$B%"%W%j%1!<%7%g%s$K$h$jE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B0-0U$"$k%f!<%6$O!"(B'..' $B$J$I$N%G%#%l%/%H%j;2>H$K4X$9$kJ8;zNs$r4^$`MW5a$r(B
$BH/9T$7!"%5!<%P$N%k!<%H%G%#%l%/%H%j$d(B Web $B%a!<%k%f!<%6$,DL>o%"%/%;%9$G$-(B
$B$k>l=j0J30$N%G%#%l%/%H%j$K3JG<$5$l$F$$$k%U%!%$%k$r1\Mw$9$k2DG=@-$,$"$
j$^(B
$B$9!#$3$N$h$&$J9T0Y$O!"%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G0z$-5/$3$5$
l$^(B
$B$9!#$7$?$,$C$F!"1\Mw$5$l$k2DG=@-$,$"$k$N$O!"DL>o%5!<%P$K%"%/%;%92DG=$
J%U%!(B
$B%$%k$K8BDj$5$l$^$9!#$3$N967b$K$h$j!"%7%9%F%`$N@09g@-$d5!L)@-$,B;$M$i$
l$k(B
$B2DG=@-$,$"$j$^$9!#<}=8$5$l$?>pJs$O!"%P%C%/%(%s%I%7%9%F%`$KBP$7$FB>$N<
oN`(B
$B$N967b$r<B9T$9$k$?$a$KMxMQ$5$l$k2DG=@-$b$"$j$^$9!#(B

QwikiWiki 1.4.1 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B
$B$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

16. Multiple Vendor Bluetooth Device Unauthorized Serial Command...
BugTraq ID: 12166
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 04 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12166
$BMWLs(B:
$BJ#?t$N%Y%s%@$+$iDs6!$5$l$F$$$k(B Bluetooth $B%G%P%$%9$K$O!"IT@5%"%/%;%9$NLd(B
$BBj$,B8:_$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%j%b!<%H%f!<%6$,%b%P%$%k%G%P%$%9$r%b%G%`$H$7$
F;H(B
$BMQ$9$k$N$,5v$5$l$F$7$^$$$^$9!#@\B3$,3NN)$5$l$k$H!"%j%b!<%H%f!<%6$O$3$
N%7(B
$B%_%e%l!<%7%g%s$5$l$?%b%G%`$rMxMQ$7$FH/?.$7!"%b%P%$%k%G%P%$%9$+$i$N@x:
_E*(B
$B$K=EMW$J>pJs$N%@%&%s%m!<%I!"DL?.$N4F;k!"DL?.$N1*2s!"$^$?$O%$%s%?!<%M%
C%H(B
$B$J$I$N%G!<%?%5!<%S%9$X$N@\B3$r<B9T$9$k2DG=@-$,$"$j$^$9!#$=$NB>$N967b$
,<B(B
$B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

$B$3$NLdBj$O!"(BBluetooth $B%W%m%H%3%k%l%$%d!<$G$O$J$/%"%W%j%1!<%7%g%s%l%$%d!<(B
$B$KB8:_$9$k2DG=@-$,$"$kE@$KN10U$9$Y$-$G$9!#(B

17. Linux Kernel SYSENTER Thread Information Pointer Local Infor...
BugTraq ID: 12167
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 05 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12167
$BMWLs(B:
Linux $B%+!<%M%k$K$O!"%m!<%+%k$G>pJs$,O31L$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^(B

$B$9!#(B

$B$3$NLdBj$O!"%m!<%+%k$N967b<T$,@x:_E*$K=EMW$J>pJs$K%"%/%;%9$7!"$3$l$r9
9$J(B
$B$k967b$N<j=u$1$H$9$k$?$a$K;HMQ$9$k$N$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!
#(B

$B8=;~E@$G$O==J,$J>pJs$,Ds6!$5$l$F$$$J$$$?$a!"99$J$k>\:Y$OITL@$G$9!#>\:
Y>p(B
$BJs$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

2.6 $B%7%j!<%:$N(B Linux $B%+!<%M%k$N(B 2.6.10 $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$N(B
$BLdBj$,Js9p$5$l$F$$$^$9!#(B

18. Linux Kernel Local File Descriptor Passing Security Module B...
BugTraq ID: 12168
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 05 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12168
$BMWLs(B:
$BFCDj$N>u67$K$*$$$F!"(BLinux $B%+!<%M%k$G$O(B SCM $B%7%9%F%`$GDj5A$5$l$?%;%-%e%j(B
$B%F%#%b%8%e!<%k4X?t$N8F$S=P$7$,E,@Z$K<B9T$5$l$J$$$3$H$,Js9p$5$l$F$$$^$
9!#(B

$B$3$NLdBj$K$h$j!"%m!<%+%k$N967b<T$,%U%!%$%k5-=R;R$rEO$9$H$-$K!"4|BT$5$
l$F(B
$B$$$k%;%-%e%j%F%#5!G=$r2sHr$9$k$N$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#$3$
NLd(B
$BBj$K$h$k6qBNE*$J1F6A$O!"EO$5$l$k%U%!%$%k5-=R;R$r;HMQ$9$k%"%W%j%1!<%7%
g%s(B
$B$N<BAu$K$h$j0[$J$j$^$9!#%*!<%W%s$5$l$?%U%!%$%k5-=R;R$,!"DL>o$O%"%/%;%
9$,(B
$B5v$5$l$J$$$O$:$N%W%m%;%9$KEO$5$l$F$7$^$&$H$$$&7k2L$,$b$?$i$5$l$k2DG=@
-$,(B
$B$"$k$H?d;!$5$l$^$9!#$3$l$K$h$j!"K\Mh$O%"%/%;%9$,5v$5$l$J$$%U%!%$%k$KB
P$7(B
$B$F967b<T$,%"%/%;%9$7!"FI$_=P$7$d2~$6$s$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

2.6 $B%7%j!<%:$N(B Linux $B%+!<%M%k$N(B 2.6.10 $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$N(B
$BLdBj$,Js9p$5$l$F$$$^$9!#(B

19. IBM DB2 XML Function Unauthorized File Creation and Disclosu...
BugTraq ID: 12170
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 05 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12170
$BMWLs(B:
IBM DB2 $B$K$O!"LdBj$N$"$k%3%s%T%e!<%?$G967b<T$,G$0U$N%U%!%$%k$r:n@.$7$?$j(B
$B3+<($9$k$N$r5v$7$F$7$^$&5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$K$h$j!
"96(B
$B7b<T$,%G!<%?$rGK2u$7$?$j=EMW>pJs$r3+<($7$F!"LdBj$N$"$k%3%s%T%e!<%?$GG
$0U(B
$B$N%3!<%I$r<B9T$9$k$N$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

DB2 $B$GDs6!$5$l$k(B XML $B5!G=$r%f!<%6$,;HMQ$7$F!"(BDB2 $B%5!<%P$N%Q!<%_%C%7%g%s(B
$B$GG$0U$N%U%!%$%k$r:n@.!">e=q$-!"3+<($9$k$3$H$K$h$j!"$3$NLdBj$,MxMQ$5$
l$k(B
$B$3$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k$K$O!"967b<T$O%G!<%?%Y!<%9$K@\B3$9$kI,MW$,$"$j$^$9!
#96(B
$B7b$,@.8yN#$KMxMQ$5$l$k$H!"%3%s%T%e!<%?$d%G!<%?%Y!<%9$N5!G=$,40A4$KB;$
J$o(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BBID 11327 $B$G8xI=$5$l$?J#?t$NL$FCDj$NLdBj$N$$$:$l$+$G$"$k$H9M(B
$B$($i$l$^$9!#(B

20. LibTIFF TIFFDUMP Heap Corruption Integer Overflow Vulnerabil...
BugTraq ID: 12173
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 05 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12173
$BMWLs(B:
'tiffdump' $B$O!"%R!<%WNN0h$,GK2u$5$l$kLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^(B
$B$9!#$3$NLdBj$O!"0-0U$"$k2hA|%U%!%$%k$d0U?^E*$K:n@.$5$l$?2hA|%U%!%$%k$
,=h(B
$BM}$5$l$k$H$-$K@0?t%*!<%P!<%U%m!<$,0z$-5/$3$5$l$k$3$H$KM3Mh$7$^$9!#M}O
@E*(B
$B$K$O!"967b<T$O$3$NLdBj$rMxMQ$7$F!"(BTIFF $B2hA|%G!<%?$,=hM}$5$l$k:]$K!"LdBj(B
$B$N$"$k%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#2hA|%G!<%?$O30It%=!<%9$+$iDs6!$5$l$k2DG=@-$,$"$k$
?$a!"(B
$B$3$l$i$NLdBj$O%j%b!<%H$+$iMxMQ2DG=$G$"$k$H9M$($i$l$^$9!#(B

21. Symantec CcErrDsp.ErrorDisplay.1 ActiveX Remote Denial Of Se...
BugTraq ID: 12175
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12175
$BMWLs(B:
Symantec CcErrDsp.ErrorDisplay.1 ActiveX $B%*%V%8%'%/%H$K$O!"%9%?%C%/%a%b(B
$B%j$,$9$Y$F>CHq$5$l$F%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$k$HJs9p$5$l$F$$$^$
9!#(B
$B$3$N(B ActiveX $B%*%V%8%'%/%H$O!"(BNorton AntiVirus $B$H0l=o$K%$%s%9%H!<%k$5$l$^(B
$B$9!#(B

$B$3$NLdBj$NH/8+<T$O!"$3$N>u67$,%W%m%;%9%a%b%j$rGK2u$9$k$?$a$KMxMQ$5$l$
k$3(B
$B$H$O$J$$!"$H9M$($i$l$k$HJs9p$7$F$$$^$9!#$3$NLdBj$,@.8yN#$KMxMQ$5$l$?>
l9g(B
$B$O!"LdBj$N$"$k%b%8%e!<%k$N%i%s%?%$%`%(%i!<$K$h$j%5!<%S%9ITG=>uBV$,0z$
-5/(B
$B$3$5$l!"$3$l$K$h$C$F%*%V%8%'%/%H$N8F$S=P$7$r<B9T$9$k%/%i%$%"%s%H%"%W%
j%1!<(B
$B%7%g%s(B ($BDL>o$O(B Internet Explorer) $B$N<B9T%$%s%9%?%s%9$,%/%i%C%7%e$9$k2DG=(B
$B@-$,$"$j$^$9!#(B

Norton AntiVirus 2004 $B$O!"%*%V%8%'%/%H$NLdBj$N$"$k%P!<%8%g%s$,F1:-$5$l$F(B
$B=P2Y$5$l$F$$$^$9!#(BNorton Internet Security $B$J$I!"(BNorton AntiVirus $B$N$=$N(B
$BB>$N%P!<%8%g%s$dB>$N@=IJ$b!"LdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(BSy
mantec
$B$O!"8=:_$3$NLdBj$rD4::Cf$G$9!#(B

22. WinHKI Multiple Remote Vulnerabilities
BugTraq ID: 12176
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12176
$BMWLs(B:
WinHKI $B$K$O!"%j%b!<%H$+$i<B9T2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$N$"$k$3$H$,(B
$BJs9p$5$l$F$$$^$9!#$3$l$i$NLdBj$O!"967b<T$,%5!<%S%9ITG=>uBV$r0z$-5/$3$
996(B
$B7b$d%G%#%l%/%H%j%H%i%P!<%5%k967b$r<B9T$7$F!"LdBj$N$"$k%3%s%T%e!<%?$NG
$0U(B
$B$N>l=j$K%U%!%$%k$rG[CV$9$k$N$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B0J2<$NLdBj$,H/8+$5$l$F$$$^$9!#(B

$B$^$:!"%j%b!<%H$N967b<T$,%5!<%S%9ITG=>uBV$r0z$-5/$3$9967b$r2C$($k$N$r5
v$7(B
$B$F$7$^$&2DG=@-$N$"$kLdBj$,(B 2 $B$DB8:_$7$^$9!#967b<T$O!"0-0U$"$k(B BH $B%U%!%$(B
$B%k$d(B LHA $B%U%!%$%k$r:n@.$7$F%f!<%6$KAw?.$7!"$3$l$,(B WinHKI $B$r2p$7$F=hM}$5(B
$B$l$k$h$&$K;E8~$1$k2DG=@-$,$"$j$^$9!#$3$N967b$K@.8y$9$k$H!"%5!<%S%9$,%
/%i%C(B
$B%7%e$7$?$jDd;_$9$k2DG=@-$,$"$j$^$9!#(B

$B$^$?!"967b<T$O%G%#%l%/%H%j%H%i%P!<%5%k967b$r<B9T$7!"G$0U$N>l=j$K0-0U$
"$k(B
$B%U%!%$%k$rG[CV$9$k2DG=@-$,$"$j$^$9!#$3$l$i$NLdBj$O!"0U?^E*$K:n@.$5$l$
?(B
BH$B!"(BCAB$B!"$*$h$S(B ZIP $B7A<0$N05=L%U%!%$%k$,=hM}$5$l$k$H$-$K0z$-5/$3$5$l$^$9!#(B
$B967b<T$O!"%3%s%T%e!<%?>e$G@x:_E*$K0-0U$"$k%U%!%$%k$rG[CV$7$?$j%G!<%?$
rGK(B
$B2u$7$F!"$3$l$K$h$j$5$^$6$^$J967b$r;n$_$k2DG=@-$,$"$j$^$9!#(B

WinHKI 1.4d $B$K$*$$$F!"$3$l$i$NLdBj$N5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#$=$NB>(B
$B$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

23. Winace Remote Directory Traversal Vulnerability
BugTraq ID: 12177
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12177
$BMWLs(B:
$B967b<T$,%G%#%l%/%H%j%H%i%P!<%5%k967b$r<B9T$9$k2DG=@-$,$"$k$HJs9p$5$l$
F$$(B
$B$^$9!#$3$l$i$NLdBj$O!"0U?^E*$K:n@.$5$l$?05=L%U%!%$%k$,=hM}$5$l$k$H$-$
K0z(B
$B$-5/$3$5$l$^$9!#(B

$B967b$,@.8yN#$K<B9T$5$l$k$H!"%3%s%T%e!<%?>e$G967b<T$,@x:_E*$K0-0U$"$k%
U%!(B
$B%$%k$rG[CV$7$?$j%U%!%$%k$r>e=q$-$7$F!"$3$l$K$h$j$5$^$6$^$J967b$r;n$_$
k$N(B
$B$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B8=;~E@$G$O!"(BWinace $B$N$9$Y$F$N%P!<%8%g%s$K$*$$$F!"LdBj$,B8:_$9$k$H9M$($i(B
$B$l$^$9!#(B

24. Virtual Hosting Control System SQL.PHP Remote File Include V...
BugTraq ID: 12178
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12178
$BMWLs(B:
Virtual Hosting Control System $B$K$O!"%j%b!<%H$+$i(B PHP $B%U%!%$%k$r%$%s%/%k!<(B
$B%I$G$-$k5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"%j%b!<%H%f!<%6$,%j%
b!<(B
$B%H%5!<%P$+$iDs6!$5$l$?(B PHP $B%9%/%j%W%H$r%$%s%/%k!<%I$9$k$N$r5v$7$F$7$^$&(B
$B2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$NMxMQ$K$h$j!"$3$N%"%W%j%1!<%7%g%s$N%[%9%H$H$J$k(B Web $B%5!<%P$N%;(B
$B%-%e%j%F%#%3%s%F%-%9%HFb$G!"0-0U$"$k(B PHP $B%3!<%I$,<B9T$5$l$k$N$,5v$5$l$F(B
$B$7$^$&2DG=@-$,$"$j$^$9!#(B

25. b2evolution INDEX.PHP SQL Injection Vulnerability
BugTraq ID: 12179
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12179
$BMWLs(B:
b2evolution $B$N(B 'index.php' $B%9%/%j%W%H$O!"%j%b!<%H$+$i(B SQL $B9=J8$rCmF~2DG=(B
$B$JLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%6$K$h$kF~NOC
M$r(B
SQL $B%/%(%j$KDI2C$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,%"%W%j%1!<%7%g%s$K$h$j
(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BSQL $B%/%(%j$NJ8;zNs$rA`:n$7!"G$0U$N%G!<%?%Y!<(B
$B%9%/%(%j$rH/9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"%G!<%?%Y!<%9$N=EMW>pJ
s$,(B
$B3+<($5$l$?$jGK2u$5$l$k2DG=@-$,$"$j$^$9!#(B

b2evolution $B$N$9$Y$F$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$H9M$($i(B
$B$l$^$9!#(B

26. Mod_DOSEvasive Apache Module Local Insecure Temporary File C...
BugTraq ID: 12181
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12181
$BMWLs(B:
mod_dosevasive $B$O!"%m!<%+%k$G0l;~%U%!%$%k$,:n@.$5$l$kLdBj$N1F6A$r<u$1$k(B
$B$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"0l;~%U%!%$%k$N:n@.$H=q$-9~$_$,%;%-%e%
j%F%#(B
$B>eE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%b%8%e!<%k$rMxMQ$9$k(B Web $B%5!<%P$N(B
$B8"8B$G!"I8E*%3%s%T%e!<%?>e$GG$0U$N%U%!%$%k$K=q$-9~$`2DG=@-$,$"$j$^$9!
#(B

27. Noah Grey Greymatter Password Disclosure Vulnerability
BugTraq ID: 12182
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12182
$BMWLs(B:
Noah Grey $B$K$h$k(B Greymatter 3.1 $B$O!"%Q%9%o!<%I$,O31L$9$kLdBj$N1F6A$r<u$1(B
$B$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"(B'main entry pages' $B%;%/%7%g%s$,:F9=C[(B
$B$5$l$k:]$K!"%f!<%6$N%f!<%6L>$HJ?J8$N%Q%9%o!<%I$r4^$`0l;~%U%!%$%k$,:n@
.$5(B
$B$l$k$3$H$KM3Mh$7$^$9!#(B

28. Jeuce Personal Web Server Directory Traversal And Denial Of ...
BugTraq ID: 12183
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12183
$BMWLs(B:
Jeuce Personal Web Server $B$K$O!"%j%b!<%H$+$i%G%#%l%/%H%j%H%i%P!<%5%k967b(B
$B$r<u$1$?$j!"%5!<%S%9ITG=>uBV$r0z$-5/$3$5$l$k2DG=@-$,$"$k$HJs9p$5$l$F$
$$^(B
$B$9!#(B

$B%G%#%l%/%H%j%H%i%P!<%5%k$NLdBj$O!"%f!<%6$,F~NO$7$?%G!<%?$N%5%K%?%$%:=
hM}(B
$B$,%"%W%j%1!<%7%g%s$K$h$jE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#%j%b!<%H$
N96(B
$B7b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%5!<%P%W%m%;%9$N>ZL@=q$r;HMQ$7!"%
5!<(B
$B%S%9$rDs6!$7$F$$$k%3%s%T%e!<%?>e$N@x:_E*$K=EMW$JG$0U$N%U%!%$%k$NFbMF$
r<h(B
$BF@$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B%5!<%S%9ITG=>uBV$K4Y$kLdBj$O!"%j%b!<%H$N967b<T$,LdBj$N$"$k%"%W%j%1!<%
7%g(B
$B%s$r%/%i%C%7%e$5$;$k!"$"$k$$$O99$J$kMW5a$KBP$9$k%5!<%S%95qH]$r0z$-5/$
3$9(B
$B$N$r5v$7$F$7$^$&$3$H$,Js9p$5$l$F$$$^$9!#(BJeuce Personal Web Server 2.13$B$K(B
$B$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%
g%s(B
$B$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

29. Noah Grey Greymatter GM-CPLog.CGI HTML Injection Vulnerabili...
BugTraq ID: 12184
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12184
$BMWLs(B:
Noah Grey $B$K$h$k(B Greymatter $B$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$N1F6A$r<u$1$k(B
$B$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"%m%0%$%s;~$K%f!<%6$K$h$kF~NOCM$N%5%K%
?%$(B
$B%:=hM}$,%"%W%j%1!<%7%g%s$K$h$jE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,;XDj$7$?(B HTML $B%?%0$d%9%/%j%W%H%3!<%I$O%5%$%H$N%W%m%Q%F%#$K%"%/%;(B
$B%9$G$-$k2DG=@-$,$"$j!"$3$l$K$h$j(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$,0z$-(B
$B5/$3$5$l$k2DG=@-$,$"$j$^$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"%f!<%6$KBP$9$
k%5(B
$B%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$9!#(B

30. Exim Illegal IPv6 Address Buffer Overflow Vulnerability
BugTraq ID: 12185
$B%j%b!<%H$+$i$N:F8=@-(B: $BITL@(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12185
$BMWLs(B:
Exim $B$K$O!"IT@5$J(B IPv6 $B%"%I%l%9$N2r@O$,;n9T$5$l$k$H$-$K%P%C%U%!%*!<%P!<(B
$B%U%m!<$,H/@8$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%6$K$
h$k(B
$BF~NOCM$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%A%'%C%/$,%"%W%j%
1!<(B
$B%7%g%s$K$h$jE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$BLdBj$N:G=i$NJs9p<T$O!"$3$NLdBj$,MxMQ$5$l$k$H!"L$FCDj$N%3%^%s%I%i%$%s0
z?t(B
$B$r;HMQ$7$?(B Exim $B$N8F$S=P$7$K$h$j8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$k$H<((B
$B:6$7$F$$$^$9!#(BExim $B%P%$%J%j$,(B setuid $B%S%C%H$,IUM?$5$l$F%$%s%9%H!<%k$5$l(B
$B$F$$$k>l9g$K$N$_!"8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B%3%^%s%I%i%$%s=hM}$K4XO"$7$J$$%3!<%I%Q%9$K$h$j!"%j%b!<%H$+$i$N967b$K$
h$j(B
$B%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k2DG=@-$,$"$j$^$9$,!"$3$l$K$D$$$F$O8=;
~E@(B
$B$G$OL$8!>Z$G$9!#(B

31. Microsoft Multiple Unspecified Security Vulnerabilities
BugTraq ID: 12186
$B%j%b!<%H$+$i$N:F8=@-(B: $BITL@(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12186
$BMWLs(B:
Microsoft $B$O!"(B2005 $BG/(B1 $B7n(B 11 $BF|$K(B Windows $B4XO"$N%;%-%e%j%F%#>pJs$r(B 3 $B7o(B
$B%j%j!<%9$9$kM=Dj$G$"$k$H$N;vA0DL9p$r=P$7$^$7$?!#(B

$B$3$l$i$N%;%-%e%j%F%#>pJs$K4^$^$l$kLdBj$N7o?t!"$*$h$SLdBj$N1F6A$r<u$1$
k6q(B
$BBNE*$J%3%s%]!<%M%s%H$d%W%i%C%H%U%)!<%`$K$D$$$F$O8xI=$5$l$F$$$^$;$s!#
(B

$B$3$l$i$N%;%-%e%j%F%#>pJs$K$O!"?<9oEY$,(B '$B6[5^(B' $B$NLdBj$,4^$^$l$F$$$^$9!#(B

32. Amphora Gate Unauthorized Access Vulnerability
BugTraq ID: 12187
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12187
$BMWLs(B:
Amphora Gate $B$K$O!"IT@5%"%/%;%9$,<B9T$5$l$k5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#(B
$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,E,@Z$JG'>ZMQ>pJs$rDs6!$;$:$K=EMW$J4
IM}(B
$B%9%/%j%W%H$K%"%/%;%9$9$k$N$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B967b<T$O!"LdBj$N$"$k%5!<%P$K4IM}<T%"%/%;%9$r9T$&2DG=@-$,$"$k$H?d;!$5$
l$^(B
$B$9!#(B

$B99$J$k>pJs$O!"8=;~E@$G$O8xI=$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!Bh!"$3$N
(B BID
$B$O99?7$5$l$kM=Dj$G$9!#(B

33. Exim SPA Authentication Remote Buffer Overflow Vulnerability
BugTraq ID: 12188
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12188
$BMWLs(B:
Exim $B$K$O!"(BSPA $B$r2p$7$F%j%b!<%H%f!<%6$NG'>Z$,;n9T$5$l$k$H$-$K%P%C%U%!%*!<(B
$B%P!<%U%m!<$,H/@8$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%
6$K(B
$B$h$kF~NOCM$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%A%'%C%/$,%"%
W%j(B
$B%1!<%7%g%s$K$h$jE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%j%b!<%H$N967b<T$,LdBj$N$"$k%5!<%P%"%W%j%1!<%
7%g(B
$B%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$r<B9T$9$k$N$,5v$5$l$F$7$
^$&(B
$B$HJs9p$5$l$F$$$^$9!#(BSPA $BG'>Z$,;HMQ$5$l$k$h$&$K@_Dj$5$l$F$$$k>l9g$K$N$_!"(B
$B$3$NLdBj$,MxMQ2DG=$G$9!#(BSPA $BG'>Z$O!"%G%U%)%k%H$G$OM-8z$K@_Dj$5$l$F$$$^$;(B
$B$s!#(B

34. Noah Grey Greymatter GM-Comments.CGI HTML Injection Vulnerab...
BugTraq ID: 12189
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 06 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12189
$BMWLs(B:
Greymatter $B$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,(B 'gm-comments.cgi' $B$KF~NO$7$?CM$N%5%K%?%$%:=hM}$,%"(B
$B%W%j%1!<%7%g%s$K$h$jE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,;XDj$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$O%5%$%H$N%W%m%Q%F%#$K%"%/%;%9$G(B
$B$-$k2DG=@-$,$"$j!"$3$l$K$h$j(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3(B
$B$5$l$k2DG=@-$,$"$j$^$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%
$%H(B
$B$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG
=@-(B
$B$b$"$j$^$9!#(B

35. Linux kernel Uselib() Local Privilege Escalation Vulnerabili...
BugTraq ID: 12190
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12190
$BMWLs(B:
Linux $B%+!<%M%k$K$O!"%m!<%+%k$G8"8B>:3J$,0z$-5/$3$5$l$k5?$$$,$"$k$HJs9p$5(B

$B$l$F$$$^$9!#$3$NLdBj$O!"6%9g>uBV$,H/@8$9$k7k2L$H$7$F!"(BLinux $B$N%P%$%J%j%U%)(B
$B!<(B
$B%^%C%H%m!<%@$N(B 'uselib()' $B4X?t$G0z$-5/$3$5$l$^$9!#$3$NLdBj$,@.8yN#$KMxMQ(B
$B$5$l$k$H!"%m!<%+%k$N967b<T$,LdBj$N$"$k%3%s%T%e!<%?>e$G8"8B$r>:3J$5$;$
k$N(B
$B$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

ELF $B$*$h$S(B a.out $B$N%m!<%@$,$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#(B

36. SugarCRM/SugarSales Remote File Include Vulnerability
BugTraq ID: 12191
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12191
$BMWLs(B:
SugarCRM $B$*$h$S(B SugarSales $B$K$O!"967b<T$,30It$N%U%!%$%k$N%$%s%/%k!<%I%Q(B
$B%9$rA`:n$9$k$N$r5v$7$F$7$^$&5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$K$h$j!"LdBj$N$"$k%=%U%H%&%'%"$N%[%9%H$H$J$k(B Web $B%5!<%P$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$,<B9T$5$l$k$N$,5v$5$l$F$
7$^(B
$B$$$^$9!#%m!<%+%k$N%U%!%$%k$,%$%s%/%k!<%I$5$l$k$H!"=EMW>pJs$,3+<($5$l$
k2D(B
$BG=@-$,$"$j$^$9!#%j%b!<%H$N%U%!%$%k$,%$%s%/%k!<%I$5$l$k$H!"%j%b!<%H%=!
<%9(B
$B$+$i0-0U$"$k(B PHP $B%9%/%j%W%H$,%$%s%/%k!<%I$5$l$k2DG=@-$,$"$j$^$9!#(B

37. Amp II 3D Game Engine Remote Denial Of Service Vulnerability
BugTraq ID: 12192
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12192
$BMWLs(B:
3D $B%2!<%`%(%s%8%s$N(B Amp II $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>u(B
$BBV$K4Y$k5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"Nc30E*$J>u67$,E,@Z$
K=h(B
$BM}$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

Amp II $B$N%=%1%C%H=hM}%3!<%I$G$O!"@x:_E*$KNc30E*$J>u67$,$9$Y$FE,@Z$K=hM}(B
$B$5$l$J$$$3$H$,Js9p$5$l$F$$$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$
/2D(B
$BG=@-$,$"$j$^$9!#(B

38. Simple PHP Blog Remote Directory Traversal Vulnerabilities
BugTraq ID: 12193
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12193
$BMWLs(B:
Simple PHP Blog $B$K$O!"%j%b!<%H$+$i<B9T$5$l$k%G%#%l%/%H%j%H%i%P!<%5%k967b(B
$B$K4XO"$9$kLdBj$,(B 2 $B7oB8:_$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#$3$l$i$NLd(B
$BBj$O!"%f!<%6$,F~NO$7$?%G!<%?$N%5%K%?%$%:=hM}$,%"%W%j%1!<%7%g%s$K$h$jE
,@Z(B
$B$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$OBh(B 1 $B$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%5!<%P%W%m%;%9$N>ZL@(B
$B=q$r;HMQ$7!"%5!<%S%9$rDs6!$7$F$$$k%3%s%T%e!<%?>e$N@x:_E*$K=EMW$JG$0U$
N%U%!(B
$B%$%k$NFbMF$r<hF@$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B%j%b!<%H$N967b<T$OBh(B 2 $B$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%5!<%P%W%m%;%9$N>ZL@(B
$B=q$r;HMQ$7!"%5!<%S%9$rDs6!$7$F$$$k%3%s%T%e!<%?>e$NG$0U$N>l=j$K%G%#%l%
/%H(B
$B%j$r:n@.$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#(B

Simple PHP Blog 0.3.7c $B$K$*$$$F!"$3$l$i$NLdBj$,Js9p$5$l$F$$$^$9!#(B

$B$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

39. Novell GroupWise WebAccess Potential Information Disclosure ...
BugTraq ID: 12194
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12194
$BMWLs(B:
GroupWise WebAccess $B%3%s%]!<%M%s%H$K$O!">pJsO31L$N5?$$$,$"$k$HJs9p$5$l$F(B
$B$$$^$9!#$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,=EMW$J%G!<%?$r<}=8$7!"$3$l$
r;H(B
$BMQ$7$FLdBj$N$"$k%3%s%T%e!<%?$KBP$7$F99$J$k967b$r<B9T$9$k2DG=@-$,$"$j$
^$9!#(B

$B$3$NLdBj$O!"8=;~E@$G$OL$8!>Z$G$"$kE@$KN10U$9$Y$-$G$9!#$3$NLdBj$rMxMQ$
9$k(B
$B$K$O!"M-8z$JG'>ZMQ>pJs$rDs6!$9$kI,MW$,$"$j$^$9!#99$J$k>pJs$,8x3+$5$l<
!Bh!"(B
$B>\:Y$,Js9p$5$l$kM=Dj$G$9!#(B

$B8=;~E@$G$O!"(BGroupWise $B$N$9$Y$F$N%P!<%8%g%s$KLdBj$,B8:_$9$k$H9M$($i$l$^$9!#(B

40. Linux Kernel Multiple Local MOXA Serial Driver Buffer Overfl...
BugTraq ID: 12195
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12195
$BMWLs(B:
Linux $B%+!<%M%k$N(B MOXA $B%7%j%"%k%]!<%H%I%i%$%P$K$O!"%P%C%U%!%*!<%P!<%U%m!<(B
$B$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#$3$l$i$
NLd(B
$BBj$O!"%f!<%6$,F~NO$7$?%G!<%?$r8GDjD9$N%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!
"6-(B
$B3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$l$i$NLdBj$O!"(B'drivers/char/moxa.c' $B%U%!%$%k$GH/@8$7$^$9!#(B

$BLdBj$N$"$k4X?t$O!"(B'copy_from_user()' $B4X?t8F$S=P$7$r<B9T$7$F!"%f!<%6$,;X(B
$BDj$9$k%f!<%6%9%Z!<%9$N%G!<%?$r(B 10,240 $B%P%$%H$ND9$5$N8GDjD9$N@EE*$J%+!<%M(B
$B%k%a%b%j%P%C%U%!(B (moxaBuff) $B$K%3%T!<$7$^$9!#$3$N$H$-!"(B'MoxaDriverIoctl()'
$B$+$iEO$5$l$k!"%f!<%6$,;XDj$7$?D9$5$N0z?t$,MxMQ$5$l$^$9!#$=$N7k2L!"6-3
&$,(B
$BITE,@Z$J=hM}$,H/@8$7!"$3$N$?$a$K%m!<%+%k$+$i$N967b$G%P%C%U%!%*!<%P!<%
U%m!<(B
$B$,H/@8$9$k2DG=@-$,$"$j$^$9!#(B

Linux $B$N(B 2.2 $B$+$i(B 2.4 $B$^$G!"$*$h$S(B 2.6 $B$N%+!<%M%k$K$*$$$F!"$3$l$i$NLdBj(B
$B$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#(B

41. Linux Kernel Random Poolsize SysCTL Handler Integer Overflow...
BugTraq ID: 12196
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12196
$BMWLs(B:
Linux $B%+!<%M%k$K$O!"%m!<%+%k$+$i$N967b$K$h$j@0?t%*!<%P!<%U%m!<$,H/@8$9$k(B

$B5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"(B'random.c' $B%+!<%M%k%I%i%$%P$N(B
'poolsize_strategy' $B4X?t$GH/@8$7$^$9!#(B

$B$3$NLdBj$O!"%+!<%M%k%a%b%j$N%3%T!<=hM}$G@0?t$NCM$,%f!<%6%i%s%I$N(B size $B0z(B
$B?t$H$7$F;HMQ$5$l$kA0$K!"$3$NCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%+!<%M%k%a%b%j$,GK2u$5$l!"(Bring-0 $B$N8"8B$GG$0U$N(B
$B%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"%+!<%M%k%Q%K%C%/$r0z$-5/$3$
9$?(B
$B$a$KLdBj$,MxMQ$5$l$k2DG=@-$b$"$j$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k$K$O!"%f!<%6$O(B UID 0 $B$rI,MW$H$7$^$9$,!"4IM}<T8"8B$OI,(B
$BMW$G$O$"$j$^$;$s!#$3$l$K$h$j!"LdBj$NMxMQ$,K8$2$i$l$k2DG=@-$,$"$j$^$9!
#(B

42. Linux Kernel Local RLIMIT_MEMLOCK Bypass Denial Of Service V...
BugTraq ID: 12197
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12197
$BMWLs(B:
Linux $B%+!<%M%k$K$O!"3d$jEv$F$i$l$?%a%b%j$r%m%C%/$9$k5!G=$,$"$j$^$9!#FCDj(B

$B$N%"%W%j%1!<%7%g%s$G$O!"$3$N5!G=$r;HMQ$7$F!"%a%b%j$,%a%$%s%a%b%j$+$i%
G%#(B
$B%9%/$K%9%o%C%W%"%&%H$7$J$$$h$&$K@)8f$5$l$^$9!#(B

Linux $B%+!<%M%k$K$O!"%m%C%/$5$l$?%a%b%j%Z!<%8$,=hM}$5$l$k$H$-$K!"%m!<%+%k(B

$B$+$i%5!<%S%9ITG=>uBV$,0z$-5/$3$5$l$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#$
3$N(B
$BLdBj$O!"(B'mlockall()' $B%7%9%F%`%3!<%k$KBP$7$F!";XDj$5$l$?@)8B$,E,@Z$KE,MQ(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

Linux $B%+!<%M%k(B 2.6.9 $B$H(B 2.6.10.2 $B$K$*$$$F!"$3$NLdBj$,Js9p$5$l$F$$$^$9!#(B

43. Linux Kernel SCSI IOCTL Integer Overflow Vulnerability
BugTraq ID: 12198
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: Jan 07 2005
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/12198
$BMWLs(B:
Linux $B%+!<%M%k$K$O!"%m!<%+%k$+$i$N967b$K$h$j@0?t%*!<%P!<%U%m!<$,H/@8$9$k(B

$B5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"(B'scsi_ioctl.c' $B%+!<%M%k%I%i%$(B
$B%P$N(B 'sg_scsi_ioctl' $B4X?t$GH/@8$7$^$9!#(B

$B$3$NLdBj$O!"%+!<%M%k%a%b%j$N%3%T!<=hM}$G%f!<%6$,@)8f$9$k@0?t$NCM$,%f!
<%6(B
$B%i%s%I$N(B size $B0z?t$H$7$F;HMQ$5$l$kA0$K!"$3$NCM$N%5%K%?%$%:=hM}$,E,@Z$K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%+!<%M%k%a%b%j$,GK2u$5$l!"(Bring-0 $B$N8"8B$GG$0U$N(B
$B%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"%+!<%M%k%Q%K%C%/$r0z$-5/$3$
7$?(B
$B$j%+!<%M%k%a%b%j$NFbMF$r3+<($7$?$j$9$k$?$a$K!"$3$NLdBj$,MxMQ$5$l$k2DG
=@-(B
$B$,$"$j$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k$K$O!"%f!<%6$OBP1~$9$k(B SCSI $B%G%P%$%9$K%"%/%;%9$9$kI,MW(B
$B$,$"$k$3$H$,Js9p$5$l$F$$$^$9!#$3$l$K$h$j!"LdBj$NMxMQ$,K8$2$i$l$k2DG=@
-$,(B
$B$"$j$^$9!#(B

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Netizens eye Web-enabled surveillance cams
$BCx<T(B: Kevin Poulsen

$B@$3&Cf$N?M!9$,CmL\$r4s$;$F$$$^$9!#(B

http://www.securityfocus.com/news/10251

2. Sims 2 hacks spread like viruses
$BCx<T(B: Kevin Poulsen

$B%P!<%A%c%k%[!<%`$G%-%C%A%s$NEE2=@=IJ$J$I$N%*%V%8%'%/%H$,4qL/$J?6$kIq$
$$r(B
$B$9$k$h$&$K$J$C$?$i!"(BSims 2 $B$N8x<0(B Web $B%5%$%H$G%O%C%-%s%0$5$l$?%3!<%I$rCN(B
$B$i$:$K<hF@$7$F$7$^$C$?2DG=@-$,$"$j$^$9!#$5$i$K!"$=$N%3!<%I$r3H;6$7$F$
7$^$C(B
$B$?2DG=@-$b$"$j$^$9!#(B

http://www.securityfocus.com/news/10232

3. Groups fight Internet wiretap push
$BCx<T(B: Kevin Poulsen

$B6H3&CDBN$*$h$S;Y;}CDBN$O!"%V%m!<%I%P%s%I$d(B VoIP $B$N%f!<%6$NDL?.K5<u$K8=:_(B
$B;Y>c$,$"$k$3$H$r>ZL@$9$k$h$&$K(B FBI $B$KBP$7$FMW5a$7$F$$$^$9!#(B

http://www.securityfocus.com/news/10192

4. MS virus clean-up tool sparks controversy
$BCx<T(B: John Leyden, The Register

Microsoft $B$+$i!"0-0U$"$k%=%U%H%&%'%"$N:o=|%D!<%k$,EP>l$7$^$7$?!#(B
Microsoft $B$O!"(B2003 $BG/(B 6 $B7n$K%k!<%^%K%"$N%&%$%k%9BP:v4k6H$G$"$k(B GeCAD
Software $B$rGc<}$7$^$7$?$,!":#2s$N%D!<%k$O$3$NGc<}$K$h$k=i$a$F$N6qBNE*$J(B
$B@.2L$G$9!#(B

http://www.securityfocus.com/news/10261

5. Vital Files Exposed In GMU Hacking
$BCx<T(B: Jonathan Krim, Washington Post

http://www.securityfocus.com/news/10259

6. Exploit code attacks unpatched IE bug
$BCx<T(B: John Leyden, The Register

Internet Explorer $B$N(B HTML $B%X%k%W$N@)8f5!G=$KB8:_$9$kLdBj$rMxMQ$9$k%3!<%I(B
$B$,!"%$%s%?!<%M%C%H>e$K8x3+$5$l$^$7$?!#(B

http://www.securityfocus.com/news/10254

IV. SECURITYFOCUS TOP 6 TOOLS
-----------------------------
1. Azure Web Log 1.5
$B:n<T(B: Azure Desktop
$B4XO"$9$k(B URL: http://www.azuredesktop.com/download/awlog.zip
$BF0:n4D6-(B: Windows 2000$B!"(BWindows 95/98$B!"(BWindows NT$B!"(BWindows XP
$BMWLs(B:

$B$3$N%m%02r@O%D!<%k$O!"(B $B%5%$%HFb$G$b$C$H$b?M5$$N$"$k%Z!<%8$d%U%!%$%k!"(B $B8=(B
$B:_$N%"%/%;%9?t$d%"%/%;%985!"(B $B%"%/%;%9$K;HMQ$5$l$k%V%i%&%6$d(B OS $B$N<oN`!"(B
$B%5%$%H$N%H%i%U%#%C%/$J$I!"4IM}$7$F$$$k(B Web $B%5%$%H$K$D$$$FCN$j$?$$$H;W$&(B
$B>pJs$r$9$Y$FDs6!$7$^$9!#$^$?!"(B1 $BG/J,$NE}7W!"(B $B%Z!<%8$d%U%!%$%k$4$H$N8DJL(B
$B$NE}7W!"2a5n(B 2 $B$+7n4V$NKhF|$N%R%C%H?t!"(B1 $BG/J,$NKh7n$N%R%C%H?t!"FCDj$N%Z!<(B
$B%8$d%U%!%$%k$r;2>H$7$F$$$k%5%$%H$J$I!"FH<+$N>pJs$rDs6!$9$k5!G=$b$"$j$
^$9!#(B
$BJ#?t%5%$%H$NE}7W$,%5%]!<%H$5$l$^$9!#(B

2. Interface Traffic Indicator 1.2.3
$B:n<T(B: Carsten Schmidt
$B4XO"$9$k(B URL: http://software.ccschmidt.de/#inftraffic
$BF0:n4D6-(B: Windows 2000$B!"(BWindows NT$B!"(BWindows XP
$BMWLs(B:

Interface Traffic Indicator $B$O!"%$%s%?%U%'!<%9>e$GAw<u?.$N%H%i%U%#%C%/$r(B
$BB,Dj$7!"%S%C%H(B/$BIC!"%P%$%H(B/$BIC!"$^$?$O2TF/N($GI=<($9$k%0%i%
U%f!<%F%#%j%F%#(B
$B$G$9!#%]!<%j%s%04V3V$r(B 3 $BIC$KD4@a$G$-$k$9$Y$F$N(B SNMP $BBP1~%G%P%$%9(B ($B%3%s(B
$B%T%e!<%?!"(BNIC$B!"%9%$%C%A!"%k!<%?$J$I(B) $B$GMxMQ$G$-$^$9!#%W%m%U%'%C%7%g%J%k(B
$B$J%M%C%H%o!<%/4D6-$GA*Br$7$?%M%C%H%o!<%/%$%s%?%U%'!<%9(B ($B%G%P%$%9$+$i>pJs(B
$B$,Ds6!$5$l$k>l9g$O!"%P%C%/%W%l!<%s%]!<%H$b2DG=(B) $B$r4F;k$7$?$j!"%[!<%`%M%C(B
$B%H%o!<%/$d%1!<%V%k(B/$B%b%G%`(B/ISDN $B$K$h$k%$%s%?!<%M%C%H@\B3$r4F;k$7$?$j$9$k(B
$B$3$H$,$G$-$^$9!#(B

3. Colasoft Capsa 4.05
$B:n<T(B: Roy Luo
$B4XO"$9$k(B URL: http://www.colasoft.com/
$BF0:n4D6-(B: Windows 2000$B!"(BWindows 95/98$B!"(BWindows XP
$BMWLs(B:

Capsa $B$O!"%Q%1%C%H$N%G%3!<%I$H%M%C%H%o!<%/?GCG$N$?$a$N%M%C%H%o!<%/4F;k$*(B

$B$h$S2r@O5!G=$rDs6!$9$k6/NO$G;H$$$d$9$$%=%U%H%&%'%"$G$9!#%j%"%k%?%$%`$
N4F(B
$B;k$H%G!<%?2r@O5!G=$K$h$j!"%m!<%+%k%[%9%H$*$h$S%m!<%+%k%M%C%H%o!<%/>e$
N%M%C(B
$B%H%o!<%/%H%i%U%#%C%/$N%-%c%W%A%c$H%G%3!<%I$r%5%]!<%H$7$^$9!#(BCapsa $B$K$O!"(B
$B%Q%1%C%H2r@O%b%8%e!<%k$*$h$S(B 3 $B$D$N9bEY$J2r@O%b%8%e!<%k(B ($BEE;R%a!<%k2r@O(B
$B%b%8%e!<%k!"(BWeb $B2r@O%b%8%e!<%k!"$*$h$S%H%i%s%6%/%7%g%s2r@O%b%8%e!<%k(B) $B$,(B
$B4^$^$l$F$$$^$9!#(B

4. Attack Tool Kit (ATK) 3.0
$B:n<T(B: Marc Ruef
$B4XO"$9$k(B URL: http://www.computec.ch/projekte/atk/
$BF0:n4D6-(B: Windows 2000$B!"(BWindows 95/98$B!"(BWindows NT$B!"(BWindows XP
$BMWLs(B:

Attack Tool Kit (ATK) $B$O!"?/F~%F%9%H$H6/2=$5$l$?%;%-%e%j%F%#4F::$rDs6!$9(B
$B$k%*!<%W%s%=!<%9$N%f!<%F%#%j%F%#$G$9!#(BATK 3.0 $B$K$*$1$k$b$C$H$b=EMW$JJQ99(B
$B$O!"@lMQ$N?/F~;n9T%k!<%A%s$H(B Plugin AutoUpdate (HTTP $B$r;HMQ(B) $B$,F3F~$5$l(B
$B$F$$$kE@$G$9!#(B

5. One-Time Password Generator 1.0
$B:n<T(B: Marcin Simonides
$B4XO"$9$k(B URL: http://marcin.studio4plus.com/en/otpgen/
$BF0:n4D6-(B: Java
$BMWLs(B:

Java $BBP1~$N7HBSEEOCMQ$N%o%s%?%$%`$N%Q%9%o!<%I@8@.%D!<%k(B (One-Time
Password Generator) $B$G$9!#%$%s%?%U%'!<%9$O!"I,MW$J%-!<A`:n$r:G>.8B$KM^$((B
$B$k$h$&$K@_7W$5$l$F$$$^$9!#(B

6. tenshi 0.3.2
$B:n<T(B: Andrea Barisani
$B4XO"$9$k(B URL: http://tenshi.gentoo.org/
$BF0:n4D6-(B: Perl (Perl $B$r%5%]!<%H$9$k$9$Y$F$N%7%9%F%`(B)
$BMWLs(B:

tenshi $B$O!"%f!<%6$,Dj5A$7$?@55,I=8=$H0lCW$7$?9T$N%m%0%U%!%$%k$r4F;k$7!"(B
$B$=$N7k2L$rJs9p$9$k$h$&$K@_7W$5$l$?!"%m%04F;kMQ%=%U%H%&%'%"$G$9!#@55,I
=8=(B
$B$O!"7Y9p4V3V$*$h$S%a!<%k$N<u?.<T$N0lMw$r;}$DJ#?t$N%-%e!<$K;XDj$5$l$^$
9!#(B

$B%-%e!<$O!"%m%0$K;XDj$5$l$?9T$,B8:_$7$?$i$9$0$KDLCN$9$k$h$&$K@_Dj$G$-$
^$9!#(B
$B$^$?Dj4|E*$K%l%]!<%H$rAw?.$9$k$h$&$K@_Dj$9$k$3$H$,2DG=$G$9!#(B

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus