SecurityFocus

SecurityFocus Newsletter #306 2005-06-27->2005-07-01 Nov 18 2005 09:36AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 306 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Tue, 05 Jul 2005 14:58:50 -0600
Message-ID: <42CAF48A.3060107 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #306
-----------------------------

This Issue is Sponsored By: Black Hat

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Rats in the security world
2. Fighting EPO Viruses
3. Who's to blame?
II. BUGTRAQ SUMMARY
1. TCP-IP Datalook Local Denial of Service Vulnerability
2. ASPNuke Multiple Cross-Site Scripting Vulnerabilities
3. ASPNuke Language_Select.ASP HTTP Response Splitting Vulnerability
4. ASPNuke Comment_Post.ASP SQL Injection Vulnerability
5. True North Software IA EMailServer Remote Format String Vulnerability
6. PHP-Fusion SUBMIT.PHP HTML Injection Vulnerabilities
7. ActiveBuyAndSell Multiple SQL Injection Vulnerabilities
8. ActiveBuyAndSell SendPassword.ASP Cross-Site Scripting Vulnerability
9. ASPPlayground.NET Remote Arbitrary File Upload Vulnerability
10. Mensajeitor IP Parameter HTML Injection Vulnerability
11. WebCalendar Assistant_Edit.PHP Unauthorized Access Vulnerability
12. RealNetworks Real and RealOne Player Unspecified MP3 ActiveX Control Execution Vulnerability
13. Sun Solaris Runtime Linker LD_AUDIT Privilege Escalation Vulnerability
14. Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission Escalation Vulnerability
15. Adobe Acrobat/Adobe Reader Arbitrary File Execution Vulnerability
16. Infradig Inframail Advantage Server Edition Multiple Remote Buffer Overflow Vulnerabilities
17. Community Server Forums SearchResults.ASPX Cross-Site Scripting Vulnerability
18. SofoTex BisonFTP Remote Denial Of Service Vulnerability
19. Hosting Controller Error.ASP Cross-Site Scripting Vulnerability
20. UBBDesign JCDex Lite Index.PHP Remote File Include Vulnerability
21. Dynamic Biz Website Builder (QuickWeb) Login.ASP SQL Injection Vulnerability
22. Raritan Dominion SX Multiple Vulnerabilities
23. PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
24. Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability
25. XML-RPC for PHP Remote Code Injection Vulnerability
26. Clam Anti-Virus ClamAV Cabinet File Parsing Remote Denial Of Service Vulnerability
27. Clam Anti-Virus ClamAV MS-Expand File Parsing Remote Denial Of Service Vulnerability
28. CGI-Club imTRBBS Remote Command Execution Vulnerability
29. Cisco IOS AAA RADIUS Authentication Bypass Vulnerability
30. Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
31. Xoops XMLRPC Multiple SQL Injection Vulnerabilities
32. Xoops Multiple Cross-Site Scripting Vulnerabilities
33. Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability
34. Raven Software Soldier Of Fortune 2 Ignore Command Remote Denial of Service Vulnerability
35. NateOn Messenger Directory Listing Disclosure Vulnerability
36. FreeBSD IPFW Address Table Lookup Atomicity Error Firewall Rule Bypass Vulnerability
37. FreeBSD TCP Stack Established Connection Denial of Service Vulnerability
38. Crip Helper Script Insecure Temporary File Creation Vulnerability
39. Apache HTTP Request Smuggling Vulnerability
40. Comdev eCommerce Review Form HTML Injection Vulnerability
41. Pavsta Auto Site SitePath Remote File Include Vulnerability
42. Comdev eCommerce Index.PHP Cross-Site Scripting Vulnerability
43. Drupal Arbitrary PHP Code Execution Vulnerability
44. FSboard Directory Traversal Vulnerability
45. Hitachi Hibun Viewer Unspecified Privilege Escalation Vulnerability
46. Hitachi Hibun PCMCIA Disk Access Restriction Bypass Vulnerability
47. SSH Secure Shell/Tectia Server on Windows Host Identification Key Permission Vulnerability
48. Mambo Open Source Multiple Unspecified Injection Vulnerabilities
49. Mambo Open Source Session ID Spoofing Vulnerability
50. Mambo Open Source MosDBTable Class Unspecified Vulnerability
51. NetBSD CLCS / EMUXKI Audio Driver Local Denial of Service Vulnerability
52. Prevx Pro 2005 Intrusion Prevention System Multiple Vulnerabilities
53. Golden FTP Server Pro Multiple Remote Vulnerabilities
54. OpenLDAP TLS Plaintext Password Vulnerability
55. PADL Software PAM_LDAP TLS Plaintext Password Vulnerability
56. OSTicket Multiple Input Validation Vulnerabilities
57. RaXnet Cacti Input Filter Multiple SQL Injection Vulnerabilities
58. RaXnet Cacti Graph_Image.PHP Remote Command Execution Variant Vulnerability
59. RaXnet Cacti Config.PHP Design Error Vulnerability
III. SECURITYFOCUS NEWS
1. Flawed USC admissions site allowed access to applicant data
2. Reverse engineering patches making disclosure a moot choice?
3. Open-source projects get free checkup by automated tools
4. Targeted Trojan-horse attacks hitting U.S., worldwide
5. Sasser suspect goes on trial
6. China signs anti-spam pact
7. Warning over unpatched IE bug
8. Net radio station silenced after phishing bust

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------------

II.BUGTRAQ SUMMARY
------------------
1. TCP-IP Datalook Local Denial of Service Vulnerability
BugTraq ID: 14061
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-06-26
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14061
$BMWLs(B:
TCP-IP Datalook $B$O!"%m!<%+%k$G%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r<u$1$^$9!#(B

$B6qBNE*$K$O!"967b<T$O0U?^E*$K:n@.$5$l$?%Q%1%C%H$r(B TCP-IP Datalook $B$N<u?.(B
$B%]!<%H$KAw?.$7!"%/%i%C%7%e$r0z$-5/$3$9$3$H$,2DG=$G$9!#(B

TCP-IP Datalook 1.3 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^(B
$B$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

2. ASPNuke Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14062
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14062
$BMWLs(B:
ASPNuke $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$N$$$:$l$+$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%
&%6(B
$B$G!"I8E*$H$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%
3!<(B
$B%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N(B
$B@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

3. ASPNuke Language_Select.ASP HTTP Response Splitting Vulnerability
BugTraq ID: 14063
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14063
$BMWLs(B:
ASPNuke $B$K$O!"(BHTTP $B1~EzJ,3d$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(B
$B%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$
7$^(B
$B$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"%G!<%?$N2~$6$s!"%-%c%C%7%e1x@w$
d56$C(B
$B$?%3%s%F%s%D$rI=<($5$;$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"%/%i%$%"%s%H%f!
<%6(B
$B$r$"$?$+$b0BA4$G$"$k$H8m2r$5$;$k$h$&$K;E8~$1$k$5$^$6$^$J967b$KMxMQ$5$
l$k(B
$B2DG=@-$,$"$j$^$9!#(B

4. ASPNuke Comment_Post.ASP SQL Injection Vulnerability
BugTraq ID: 14064
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14064
$BMWLs(B:
ASPNuke $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

5. True North Software IA EMailServer Remote Format String Vulnerability
BugTraq ID: 14065
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14065
$BMWLs(B:
True North Software $B$N(B IA eMailServer $B$K$O!"%j%b!<%H$+$iMxMQ2DG=$J%U%)!<(B
$B%^%C%H%9%H%j%s%0$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;
XDj(B
$B$7$?F~NOCM$r;XDj$5$l$?%U%)!<%^%C%H$KJQ49$7$F=PNO$r9T$&4X?t$G;HMQ$9$kA
0$K!"(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"D>@\E*$J1F6A$H$7$F%5!<%S%9ITG=>uBV$,0z$-5/$3$
5$l(B
$B$k$3$H$,Js9p$5$l$F$$$^$9!#(B

IA eMailServer 5.2.2. Build: 1051 $B$K$*$$$F!"$3$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$h$jA0$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

6. PHP-Fusion SUBMIT.PHP HTML Injection Vulnerabilities
BugTraq ID: 14066
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14066
$BMWLs(B:
PHP-Fusion $B$K$O!"!F(Bsubmit.php$B!G%9%/%j%W%H$,1F6A$r<u$1$k(BHTML $B%?%0$rA^F~2D(B
$BG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"0-0U$"$k(B HTML $B$d%9%/%j%W%H%3!<%I$rLdBj$N(B
$B$"$k%"%W%j%1!<%7%g%s$KA^F~$9$k2DG=@-$,$"$j$^$9!#5?$$$r;}$?$J$$%f!<%6$
^$?(B
$B$O4IM}<T$,$=$N%Z!<%8$rI=<($9$k$H!"LdBj$N$"$k(B Web $B%5%$%H$N%;%-%e%j%F%#%3(B
$B%s%F%-%9%HFb$G!"967b<T$,;XDj$7$?%9%/%j%W%H%3!<%I$,%f!<%6$N%V%i%&%6$G<
B9T(B
$B$5$l$F$7$^$$$^$9!#(B

7. ActiveBuyAndSell Multiple SQL Injection Vulnerabilities
BugTraq ID: 14067
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14067
$BMWLs(B:
ActiveBuyAndSell $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"(B
$B$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0(B
$B$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

ActiveBuyAndSell 6.x $B$N3F%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$k(B
$B$HJs9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!
#(B

8. ActiveBuyAndSell SendPassword.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14068
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14068
$BMWLs(B:
ActiveBuyAndSell $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9
T$5(B
$B$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E*$H$
J$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

ActiveBuyAndSell 6.2 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$(B
$B$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

9. ASPPlayground.NET Remote Arbitrary File Upload Vulnerability
BugTraq ID: 14070
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14070
$BMWLs(B:
ASPPlayground.NET $B$K$O!"%j%b!<%H$+$iG$0U$N%U%!%$%k$,%"%C%W%m!<%I$5$l$k5?(B
$B$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"0-0U$N$"$k%9%/%j%W%H$r4^$`G$0U$N%U%!%$%k$r%"%C%W%m!<%I$7!
"Ld(B
$BBj$N$"$k%5!<%P>e$G$3$N%9%/%j%W%H$r<B9T$9$k$3$H$r%j%b!<%H$N967b<T$K5v$
7$F(B
$B$7$^$&2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!":G=*E*$K(B Web $B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GIT@5%"(B
$B%/%;%9$r>7$/2DG=@-$,$"$j$^$9!#(B

10. Mensajeitor IP Parameter HTML Injection Vulnerability
BugTraq ID: 14071
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14071
$BMWLs(B:
Mensajeitor $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA
0$K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l!"$3$l$K$h$j(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N(B
$B@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$NLdBj$rMxMQ$7$
F!"(B
$B%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG=@-$b$"$j$^$9!#$=$
NB>(B
$B$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

11. WebCalendar Assistant_Edit.PHP Unauthorized Access Vulnerability
BugTraq ID: 14072
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14072
$BMWLs(B:
WebCalendar $B$O!"K\Mh5v2D$5$l$F$$$J$$%"%/%;%9$,9T$o$l$kLdBj$N1F6A$r<u$1$^(B
$B$9!#(B

WebCalendar $B$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"%f!<(B
$B%6$,(B 'assistant_edit.php' $B%9%/%j%W%H$X$N%"%/%;%9$r5v2D$9$kA0$KG'>Z=hM}$,(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%Y%s%@$O!"(BWebCalendar 1.0.0 $B$G$3$NLdBj$r=$@5$7$F$$$^$9!#$3$l$h$jA0$N%P!<(B
$B%8%g%s$,1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

12. RealNetworks Real and RealOne Player Unspecified MP3 ActiveX Control Execution Vulnerability
BugTraq ID: 14073
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14073
$BMWLs(B:
NGSSoftware $B$O!"(BRealPlayer for Windows $B$,%;%-%e%j%F%#>e$NLdBj$N1F6A$r<u(B
$B$1$k$3$H$rJs9p$7$F$$$^$9!#$3$NLdBj$O!"0U?^E*$K:n@.$7$?0-0U$"$k(B MP3 $B%U%!(B
$B%$%k$r;HMQ$7$FG$0U$N%U%!%$%k$r>e=q$-$7$?$j!"(BActiveX $B%3%s%H%m!<%k$r<B9T$7(B
$B$?$j$9$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$N>\:Y$O8eF|(B (2005 $BG/(B 9 $B7n(B 27 $BF|(B) $B$^$GHs8x3+$G$9!#>\:Y$,8x3+$5$l(B
$B<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

13. Sun Solaris Runtime Linker LD_AUDIT Privilege Escalation Vulnerability
BugTraq ID: 14074
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14074
$BMWLs(B:
Sun Solaris $B$N%i%s%?%$%`%j%s%+$K$O!"8"8B>:3J$,0z$-5/$3$5$l$k5?$$$,$"$j$^(B
$B$9!#(B

$BB?$/$N%*%Z%l!<%F%#%s%0%7%9%F%`$N%i%s%?%$%`%j%s%+$O!"(Bsetuid $B$^$?$O(B setgid
$B%P%$%J%j$N<B9T;~$K(B LD_* $B4D6-JQ?t$rL5;k$9$k$h$&$K@_7W$5$l$F$$$^$9!#(BSun
Solaris $BMQ$N(B ld.so $B$K$D$$$F@bL@$7$F$$$k%^%K%e%"%k$N%Z!<%8$K$O!"(Bsetuid $B$^(B
$B$?$O(B setgid $B%P%$%J%j$,<B9T$5$l$k$H$-$K$O0lDj$NM=KIA<CV$,9V$8$i$l$k!"$H$b(B
$B5-=R$5$l$F$$$^$9!#(BLD_AUDIT $B$,;HMQ$5$l$k$H$-$K$3$l$i$NM=KIA<CV$,E,@Z$K<B(B
$B9T$5$l$J$$$3$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$K$h$j!"%m!<%+%k$N967b<T$,LdBj$N$"$k%3%s%T%e!<%?$KBP$7$F4IM}<
T%"(B
$B%/%;%9$r<B9T$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

14. Adobe Acrobat/Adobe Reader Safari Frameworks Folder Permission Escalation Vulnerability
BugTraq ID: 14075
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-06-27
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14075
$BMWLs(B:
Mac OS X $B>e$G2TF0$9$k(B Adobe Acrobat $B$*$h$S(B Adobe Reader $B$O!"%U%)%k%@%Q!<(B
$B%_%C%7%g%s$N>:3J$,0z$-5/$3$5$l$kLdBj$N1F6A$r<u$1$^$9!#(B

Adobe Reader $B$*$h$S(B Acrobat $B$N%"%C%W%G!<%?$K$*$$$F!"$3$NLdBj$,B8:_$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%m!<%+%k$N967b<T$K$h$C$F@x:_E*$K0-0U$N$"$k(B Frameworks
$B$,DI2C$5$l!"7k2L$H$7$F8"8B>:3J$J$I$N$5$^$6$^$J967b$,0z$-5/$3$5$l$k2DG
=@-(B
$B$,$"$j$^$9!#(B

15. Adobe Acrobat/Adobe Reader Arbitrary File Execution Vulnerability
BugTraq ID: 14076
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14076
$BMWLs(B:
Mac OS X $B>e$G2TF0$9$k(B Adobe Acrobat $B$*$h$S(B Adobe Reader $B$O!"%j%b!<%H$N96(B
$B7b<T$K$h$j%3%s%T%e!<%?>e$GG$0U$N%U%!%$%k$,<B9T$5$l$kLdBj$N1F6A$r<u$1$
^$9!#(B

$B$3$NLdBj$O!"0-0U$"$k(B JavaScript $B%3!<%I$r4^$`(B PDF $B%U%!%$%k$,%"%W%j%1!<%7%g(B
$B%s$K$h$j=hM}$5$l$k$H$-$K0z$-5/$3$5$l$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"(BAdobe Acrobat $B$^$?$O(B Adobe Reader $B$r<B9T$9$k%f!<(B
$B%6$N8"8B$GG$0U$N%3!<%I$,<B9T$5$l$k967b$J$I!"$5$^$6$^$J967b$,0z$-5/$3$
5$l(B
$B$k2DG=@-$,$"$j$^$9!#(B

16. Infradig Inframail Advantage Server Edition Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14077
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14077
$BMWLs(B:
Infradig Inframail Advantage Server Edition $B$O!"%j%b!<%H$+$iMxMQ2DG=$JJ#(B
$B?t$N%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F6A$r<u$1$^$9!#$3$l$i$NLdBj$O!"6-3
&%A%'%C(B
$B%/$,%"%W%j%1!<%7%g%s$K$h$C$F<B9T$5$l$J$$$?$a$KH/@8$7!"%j%b!<%H$N967b<
T$,(B
$B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%^%7%s%3!<%I$r<B9T$9$k$3$
H$r(B
$B5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B0J2<$NLdBj$,8!=P$5$l$F$$$^$9!#(B

Inframail Advantage Server Edition $B$N(B FTP $B%5!<%P%3%s%]!<%M%s%H$O!"%j%b!<(B
$B%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F6A$r<u$1$^$9!#(B

Inframail Advantage Server Edition $B$N%a!<%k%5!<%P%3%s%]!<%M%s%H$O!"%j%b!<(B
$B%H$+$iMxMQ2DG=$JJL$N%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F6A$r<u$1$^$9!#(B

Infradig Inframail Advantage Server Edition 6.0 $B$N%P!<%8%g%s(B 6.37 $B$K$*$$(B
$B$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

17. Community Server Forums SearchResults.ASPX Cross-Site Scripting Vulnerability
BugTraq ID: 14078
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14078
$BMWLs(B:
Community Server Forums $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?(B
$B$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@
Z$K(B
$B<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E*$H$
J$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

18. SofoTex BisonFTP Remote Denial Of Service Vulnerability
BugTraq ID: 14079
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14079
$BMWLs(B:
SofoTex BisonFTP $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?(B
$B$$$,$"$j$^$9!#G'>Z$K@.8y$7$?>l9g$K8B$j$3$NLdBj$rMxMQ$G$-$k$3$H$,Js9p$
5$l(B
$B$F$$$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$
/2D(B
$BG=@-$,$"$j$^$9!#(B

19. Hosting Controller Error.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14080
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14080
$BMWLs(B:
Hosting Controller $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,(B 'error.asp' $B%9%/%j%W%H$K;XDj$7$?F~NOCM$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E*$H$
J$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

20. UBBDesign JCDex Lite Index.PHP Remote File Include Vulnerability
BugTraq ID: 14081
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14081
$BMWLs(B:
JCDex Lite $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

21. Dynamic Biz Website Builder (QuickWeb) Login.ASP SQL Injection Vulnerability
BugTraq ID: 14083
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14083
$BMWLs(B:
Dynamic Biz Website Builder (QuickWeb) $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

Dynamic Biz Website Builder (QuickWeb) 1.0 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u(B
$B$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

22. Raritan Dominion SX Multiple Vulnerabilities
BugTraq ID: 14084
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14084
$BMWLs(B:
Raritan Dominion SX $B$K$O!"%;%-%e%j%F%#>e$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$k(B
$B$HJs9p$5$l$F$$$^$9!#(B

$B%Q%9%o!<%IJ]8n$5$l$F$$$J$$(B 2 $B$D$N%G%U%)%k%H%"%+%&%s%H$,$3$N%5!<%P$K4^$^(B
$B$l$F$$$k$3$H$,Js9p$5$l$F$$$^$9!#%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!
"Ld(B
$BBj$N$"$k%5!<%P$KIT@5$K%"%/%;%9$9$k2DG=@-$,$"$j$^$9!#(B

$B$b$&(B 1 $B$D$NLdBj$K$h$j!"$9$Y$F$N%f!<%6$,%7%c%I%&%Q%9%o!<%I%U%!%$%k$rFI$_(B
$B=P$9$3$H$,2DG=$G$"$k$?$a!"967b<T$,LdBj$N$"$k%3%s%T%e!<%?>e$G8"8B$r>:3
J$9(B
$B$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

Raritan Dominion SX16$B!"(BSX32$B!"(BSX4$B!"(BSX8 $B$*$h$S(B SXA-48 $B$K$*$$$F!"$3$NLdBj$N(B
$B1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#$3$l$i$NLdBj$rJs9p$7$?8&5f<T$O!"%
U%!!<(B
$B%`%&%'%"%P!<%8%g%s(B 2.4.6 $B$G2TF0$9$k(B DSX32 $B$r%F%9%H$7$?7k2L!"$3$l$i$NLdBj(B
$B$N1F6A$r<u$1$k$3$H$,3NG'$5$l$?$H=R$Y$F$$$^$9!#(B

$B>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

23. PHPBB Viewtopic.PHP Remote Code Execution Vulnerability
BugTraq ID: 14086
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14086
$BMWLs(B:
phpBB $B$N(B 'viewtopic.php' $B%9%/%j%W%H$K$O!"%j%b!<%H$+$i(B PHP $B%9%/%j%W%H$,A^(B
$BF~$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?(B URI $B%Q%i%a!<%?$r;H(B
$BMQ$7$F!"F0E*$K@8@.$7$?(B Web $B%Z!<%8$r9=C[$9$kA0$K!"%Q%i%a!<%?$N%5%K%?%$%:(B
$B=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%=%U%H%&%'%"$r%[%9%H$
9$k(B
Web $B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%3%^%s%I$r<B9T$9$k2DG=@-
(B
$B$,$"$j$^$9!#(B

24. Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability
BugTraq ID: 14087
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14087
$BMWLs(B:
Microsoft Internet Explorer $B$K$O!"%R!<%WNN0h$G%P%C%U%!%*!<%P!<%U%m!<$,H/(B
$B@8$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(B'javaprxy.dll' COM $B%*%V%8%'%/%H$,0-0U(B
$B$"$k(B Web $B%Z!<%8$K$h$C$F%$%s%9%?%s%92=$5$l$k$H$-$K0z$-5/$3$5$l$^$9!#(B

$B$3$NLdBj$,0-MQ$5$l$k$H!"%/%i%$%"%s%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0
U$N(B
$B%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#(B

Windows XP SP2 $B>e$G2TF0$9$k(B Internet Explorer 6.0 $B%j%j!<%9$K$*$$$F!"$3$N(B
$BLdBj$,Js9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$
^$9(B

25. XML-RPC for PHP Remote Code Injection Vulnerability
BugTraq ID: 14088
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14088
$BMWLs(B:
XML-RPC for PHP $B$K$O!"%j%b!<%H$+$i(B SQL $B9=J8$rCmF~2DG=$JLdBj$N1F6A$r<u$1(B
$B$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U(B
$B$N%3%^%s%I$^$?$O%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"%j%b!<%
H$+(B
$B$i$NIT@5%"%/%;%9$J$I!"MM!9$J967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

XML-RPC for PHP 1.1 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B
$B$3$N%i%$%V%i%j$r;HMQ$9$k$=$NB>$N%"%W%j%1!<%7%g%s$b1F6A$r<u$1$^$9!#(B

26. Clam Anti-Virus ClamAV Cabinet File Parsing Remote Denial Of Service Vulnerability
BugTraq ID: 14089
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14089
$BMWLs(B:
ClamAV $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r<u(B
$B$1$^$9!#$3$NLdBj$O!"0-0U$"$k(B Cab $B%U%!%$%k$NFbMF$,E,@Z$K=hM}$5$l$J$$$3$H(B
$B$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BClam Anti-Virus $B%G!<%b%s$r%/%i%C%7%e$5$;$k2D(B
$BG=@-$,$"$j$^$9!#$=$N7k2L!"LdBj$N$"$k%3%s%T%e!<%?$,0-0U$"$k%3!<%I$K$h$
k46(B
$B@w$KBP$7$FL5KIHw$K$J$C$F$7$^$&2DG=@-$,$"$j$^$9!#(B

27. Clam Anti-Virus ClamAV MS-Expand File Parsing Remote Denial Of Service Vulnerability
BugTraq ID: 14090
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14090
$BMWLs(B:
ClamAV $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r<u(B
$B$1$^$9!#$3$NLdBj$O!"(BMS-Expand $B%U%!%$%k$,E,@Z$K=hM}$5$l$J$$$3$H$KM3Mh$7$^(B
$B$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BClam Anti-Virus $B%G!<%b%s$,@5>o$K5!G=$9$k$3$H(B
$B$r;_$a$F$7$^$&2DG=@-$,$"$j$^$9!#$=$N7k2L!"LdBj$N$"$k%3%s%T%e!<%?$,0-0
U$"(B
$B$k%3!<%I$K$h$k46@w$KBP$7$FL5KIHw$K$J$C$F$7$^$&2DG=@-$,$"$j$^$9!#(B

28. CGI-Club imTRBBS Remote Command Execution Vulnerability
BugTraq ID: 14091
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14091
$BMWLs(B:
imTRBBS $B$O!"%j%b!<%H$+$i%3%^%s%I$,<B9T$5$l$kLdBj$N1F6A$r<u$1$^$9!#(B

$B6qBNE*$K$O!"@hF,$K(B '|' $BJ8;z$,IU$$$F$$$kG$0U$N%3%^%s%I$r(B 'im_trbbs.cgi'
$B%9%/%j%W%H$r2p$7$F;XDj$9$k$3$H$,2DG=$G$9!#$3$NG$0U$N%3%^%s%I$O!"%"%W%
j%1!<(B
$B%7%g%s$r<B9T$9$k(B Web $B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$^$9!#(B

imTRBBS 1.02 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#$=(B
$B$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

29. Cisco IOS AAA RADIUS Authentication Bypass Vulnerability
BugTraq ID: 14092
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14092
$BMWLs(B:
Cisco IOS Remote Authentication Dial In User Service (RADIUS) $B$K$O!"%j%b!<(B
$B%H$+$i$NG'>Z$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

Cisco IOS $B$,(B AAA RADIUS $BG'>Z$r;HMQ$9$k$h$&$K@_Dj$5$l$F$*$j!"$5$i$K%U%)!<(B
$B%k%P%C%/%a%=%C%I$H$7$F(B 'none' $B$r;HMQ$9$k$h$&$K@_Dj$5$l$F$$$k$H$-$K!"$3$N(B
$BLdBj$,H/@8$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$FG'>Z$r2sHr$7!"LdBj$N$"$k%5!<%S%9$
KBP(B
$B$7$FIT@5%"%/%;%9$r9T$&2DG=@-$,$"$j$^$9!#(B

30. Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
BugTraq ID: 14093
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14093
$BMWLs(B:
Microsoft $B$O!"(BWindows 2000 SP4 $BMQ$N(B Update Rollup 1 $B$r%j%j!<%9$7$^$7$?!#(B
$B$3$N%j%j!<%9$G$O!"@x:_E*$J%;%-%e%j%F%#>e$NLdBj$d@H<e@-$r4^$`B??t$N%P%
0$,(B
$B2r>C$5$l$F$$$^$9!#$^$?!"0JA0$N%;%-%e%j%F%#%"%C%W%G!<%HMQ$N$5$^$6$^$J%
;%-%e(B
$B%j%F%#6/2=$d%m!<%k%"%C%W$b4^$^$l$^$9!#$3$N(B Update Rollup $B$K$O!"0JA0$K%j(B
$B%j!<%9$5$l$?B??t$N%;%-%e%j%F%#%Q%C%A$K2C$(!"$5$^$6$^$J%*%Z%l!<%F%#%s%
0%7(B
$B%9%F%`%3%s%]!<%M%s%H$N%;%-%e%j%F%#%W%m%Q%F%#$K@x:_E*$K1F6A$rM?$($k62$
l$N(B
$B$"$kB??t$NLdBj$KBP$9$k=$@5$b4^$^$l$F$$$^$9!#(B

31. Xoops XMLRPC Multiple SQL Injection Vulnerabilities
BugTraq ID: 14094
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14094
$BMWLs(B:
Xoops $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l(B
$B$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

$B%Y%s%@$O!"(BXoops 2.0.12 $B$G$3$NLdBj$r=$@5$7$F$$$^$9!#$3$l$h$jA0$N%P!<%8%g(B
$B%s$,1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

32. Xoops Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14096
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14096
$BMWLs(B:
Xoops $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t$NLdBj$,B8:_$9$k(B

$B5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM
}$,(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B%Y%s%@$O(B Xoops 2.0.12 $B$G(B $B$G$3$l$i$NLdBj$r=$@5$7$F$$$^$9!#$3$l$h$jA0$N%P!<(B
$B%8%g%s$,1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

33. Community Link Pro Login.CGI File Parameter Remote Command Execution Vulnerability
BugTraq ID: 14097
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14097
$BMWLs(B:
Community Link Pro $B$K$O!"%j%b!<%H$+$iG$0U$N%3%^%s%I$,<B9T$5$l$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?%G!<%?$N%5%K%?%$%:=hM}$,E,@Z$K<B9
T$5(B
$B$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$O!"G$0U$N%3%^%s%I$K@\F,<-$H$7$F(B '|' $B$NJ8;z$rIU(B
$B$1$F!"%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G$3$l$i$N%3%^%s%I$r<B9T$9$k$
3$H(B
$B$,2DG=$G$9!#(B

34. Raven Software Soldier Of Fortune 2 Ignore Command Remote Denial of Service Vulnerability
BugTraq ID: 14098
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14098
$BMWLs(B:
Raven Software Soldier Of Fortune 2 $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9(B
$BITG=>uBV$K4Y$kLdBj$N1F6A$r<u$1$^$9!#(B

$BFC$K!"0-0U$"$k%/%i%$%"%s%H$+$i(B '/ignore' $B%3%^%s%I$r2p$7$FAw?.$5$l$?2aEY(B
$B$KBg$-$JCM$r!"LdBj$N$"$k%5!<%P%"%W%j%1!<%7%g%s$,<u?.$7$?$H$-$K!"$3$NL
dBj(B
$B$,H/@8$7$^$9!#(B

$B967b<T$O!"$3$NLdBj$rMxMQ$7$FI8E*%5!<%P$r%/%i%C%7%e$5$;!"@55,%f!<%6$X$
N%5!<(B
$B%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(B

35. NateOn Messenger Directory Listing Disclosure Vulnerability
BugTraq ID: 14100
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14100
$BMWLs(B:
NateOn Messenger $B$K$O!"%j%b!<%H$+$iMxMQ2DG=$J%G%#%l%/%H%j$,0lMwI=<($5$l(B
$B$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"F~NOCM$NBEEv@-3NG'$K4X$9$
kL$(B
$BFCDj$NLdBj$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"I8E*%f!<%6$N%G%#%l%/%H%j0lMw$r<hF@$9$k2DG
=@-(B
$B$,$"$j$^$9!#$3$NJ}K!$G<hF@$7$?>pJs$O!"I8E*%f!<%6$KBP$9$k99$J$k967b$r;
n$_(B
$B$k$?$a$N<j=u$1$H$7$F;HMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

36. FreeBSD IPFW Address Table Lookup Atomicity Error Firewall Rule Bypass Vulnerability
BugTraq ID: 14102
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14102
$BMWLs(B:
FreeBSD IPFW $B$K$O!"86;R?t%(%i!<$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$K$h$j!"(B
$BFCDj$N>u67$K$*$$$F%k%C%/%"%C%W%F!<%V%k$N>H9g$G%(%i!<$,H/@8$9$k2DG=@-$
,$"(B
$B$j$^$9!#(BSMP (Symmetric Multi-Processor) $B%Y!<%9$N%W%i%C%H%U%)!<%`!"$^$?$O(B
'PREEMPTION' $B5!G=$,M-8z$K@_Dj$5$l$F$$$k%7%9%F%`%+!<%M%k$r;}$D(B UP (Uni
Processor) $B%W%i%C%H%U%)!<%`$K$*$$$F!"$3$NLdBj$,B8:_$9$k$HJs9p$5$l$F$$$^(B
$B$9!#%a%b(B:$B$3$l$O%G%U%)%k%H$N@_Dj$G$O$"$j$^$;$s!#(B

$B$3$NLdBj$O!"LdBj$N$"$k%U%!%$%"%&%)!<%k$GJ]8n$5$l$F$$$kI8E*%3%s%T%e!<%
?(B
$B$KBP$7$F967b$r<B9T$9$k:]$KMxMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

37. FreeBSD TCP Stack Established Connection Denial of Service Vulnerability
BugTraq ID: 14104
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-29
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14104
$BMWLs(B:
FreeBSD $B$N(B TCP $B%9%?%C%/$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K(B
$B4Y$kLdBj$N1F6A$r<u$1$^$9!#(B

$BLdBj$N$"$k%3%s%T%e!<%?$N@\B3$,3NN)$7$F$$$k>uBV$G!"(BSYN $B%U%i%0$,IU$1$i$l$?(B
TCP $B%Q%1%C%H$r<u?.$7!"<u$1F~$l$k$H$-$K!"$3$NLdBj$,H/@8$7$^$9!#(B

$B967b$,@.8y$9$k$H!"I8E*$H$J$k@\B3$N%5!<%S%95qH]$,0z$-5/$3$5$l$k2DG=@-$
,$"(B
$B$j$^$9!#(B

FreeBSD $B$N$9$Y$F$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

38. Crip Helper Script Insecure Temporary File Creation Vulnerability
BugTraq ID: 14105
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14105
$BMWLs(B:
Crip Helper $B%9%/%j%W%H$O!"%;%-%e%j%F%#>eITE,@Z$JJ}K!$G0l;~%U%!%$%k$r:n@.(B
$B$7$^$9!#%m!<%+%k$K%"%/%;%9$,2DG=$J967b<T$O$3$NLdBj$r;HMQ$9$k$3$H$K$h$
j!"(B
$B%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%U%!%$%k$r>e=q$-$9$k2DG
=@-(B
$B$,$"$j$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l!"=EMW$J%U%!%$%k$,>e=q$-$5$l$k967b$r<u$1$?>l9g!"%G!
<%?(B
$B$NJ6<:$^$?$O%5!<%S%95qH]$,0z$-5/$3$5$l$k2DG=@-$,9b$$$3$H$,?dB,$5$l$^$
9!#(B
$B$^$?!"967b<T$,%+%9%?%`%G!<%?$r>e=q$-$9$k$3$H$,2DG=$G$"$k>l9g$K$O!"L$8
!>Z(B
$B$G$9$,8"8B$,>:3J$5$l$k2DG=@-$b$"$j$^$9!#(B

crip 3.5 $B$K$*$$$F$3$NLdBj$N1F6A$r<u$1$^$9!#$=$NB>$N%j%j!<%9$b1F6A$r<u$1(B
$B$k2DG=@-$,$"$j$^$9(B

39. Apache HTTP Request Smuggling Vulnerability
BugTraq ID: 14106
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14106
$BMWLs(B:
Apache $B$K$O!"(BHTTP $B%j%/%(%9%H%9%^%0%j%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B

'Transfer-Encoding:chunked$B!G(B $B%X%C%@$*$h$S(B 'Content-Length' $B%X%C%@$r4^$`(B
$B0U?^E*$K:n@.$5$l$?%j%/%(%9%H$O!"%*%j%8%J%k$N(B 'Content-Length' $B%X%C%@$r4^(B
$B$`%j%"%;%s%V%k$5$l$?%j%/%(%9%H$r%5!<%P$KE>Aw$5$;$k$3$H$,2DG=$G$9!#$3$
NLd(B
$BBj$K$h$j!"M-8z$J(B HTTP $B%j%/%(%9%H$K0-0U$"$k%j%/%(%9%H$,%T%.!<%P%C%/$5$l$k(B
$B2DG=@-$,$"$j$^$9!#(B

$B$3$N967b$N7k2L$H$7$F!"%-%c%C%7%e$N1x@w!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0!
"%;%C(B
$B%7%g%s%O%$%8%c%C%/$J$I$N967b$r>7$/2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"Ev=i(B BID 13873 (Multiple Vendor Multiple HTTP Request
Smuggling Vulnerabilities) $B$GJs9p$5$l$^$7$?!#>\:Y>pJs$N8x3+$*$h$S%Y%s%@(B
$B$K$h$k8!>Z$KH<$$!"?75,$K(B BID $B$,3d$jEv$F$i$l$^$7$?!#(B

40. Comdev eCommerce Review Form HTML Injection Vulnerability
BugTraq ID: 14107
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14107
$BMWLs(B:
Comdev eCommerce $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$
kA0(B
$B$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l!"$3$l$K$h$j(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$N(B
$B@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$NLdBj$rMxMQ$7$
F!"(B
$B%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$9!#$=$NB>$N967
b$,(B
$B0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

41. Pavsta Auto Site SitePath Remote File Include Vulnerability
BugTraq ID: 14108
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14108
$BMWLs(B:
Pavsta Auto File $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9
T$5(B
$B$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

42. Comdev eCommerce Index.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14109
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-28
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14109
$BMWLs(B:
Comdev eCommerce $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,(B 'index.php' $B%9%/%j%W%H$K;XDj$7$?F~NOCM$N%5(B
$B%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E*$H$
J$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

43. Drupal Arbitrary PHP Code Execution Vulnerability
BugTraq ID: 14110
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14110
$BMWLs(B:
Drupal $B$K$O!"G$0U$N(B PHP $B%3!<%I$N<B9T$,5v$5$l$F$7$^$&LdBj$,B8:_$9$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

Drupal $B$N%U%#%k%?%a%+%K%:%`$K$*$$$F!"%f!<%6$,(B 'comments' $B$*$h$S(B
$B!F(Bpostings$B!G(B $B$K;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$^$;$s!#(B

$B%Y%s%@$O!"(BDrupal 4.6.2 $B$*$h$S(B 4.5.4 $B$G$3$NLdBj$r=$@5$7$F$$$^$9!#$3$l$h$j(B
$BA0$N%P!<%8%g%s$K$*$$$F!"LdBj$,Js9p$5$l$F$$$^$9!#(B

44. FSboard Directory Traversal Vulnerability
BugTraq ID: 14111
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14111
$BMWLs(B:
FSboard $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,(B Web $B%k!<%H0J30$N>l=j$K$"$k%U%!%$%k$r(B
$BFI$_=P$9$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"(BWeb $B%5!<%P$,%Q!<(B
$B%_%C%7%g%s$r;}$C$F$$$k%U%!%$%k$KBP$7$F%"%/%;%9$9$k$?$a$K$N$_!"MxMQ$,2
DG=(B
$B$G$9!#(B

$B8=;~E@$G$O!"(BFSboard $B$N$9$Y$F$N%P!<%8%g%s$KLdBj$,B8:_$7$^$9!#(B

45. Hitachi Hibun Viewer Unspecified Privilege Escalation Vulnerability
BugTraq ID: 14113
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14113
$BMWLs(B:
Hitachi Hibun $B$K$O!"8"8B$,>:3J$5$l$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$N>\:Y$O8x3+$5$l$F$$$^$;$s$,!"%/%i%$%"%s%H%3%s%T%e!<%?$+$i(B
Hibun
Viewer $B$N%S%e!<5!G=$r2p$7$F$3$NLdBj$,MxMQ$5$l$k2DG=@-$N$"$k$3$H$,Js9p$5(B
$B$l$F$$$^$9!#(B

$B>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

46. Hitachi Hibun PCMCIA Disk Access Restriction Bypass Vulnerability
BugTraq ID: 14114
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14114
$BMWLs(B:
Hitachi Hibun $B$K$O!"%"%/%;%9@)8B$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"(BHibun $B$,!"(BPCMCIA $B7PM3$G%3%s%T%e!<%?$K@\B3$7$F$$$k30It%I%i%$(B
$B%V$rFbIt%G%#%9%/$H$7$FG'<1$7$F$7$^$&$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$O!"I8E*$H$J$k%3%s%T%e!<%?!"%f!<%6!"$^$?$O%M%
C%H(B
$B%o!<%/$KBP$7$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$J$k2DG=@-$N$"$k!"=EMW$
J>p(B
$BJs$r<hF@$9$k2DG=@-$,$"$j$^$9!#(B

47. SSH Secure Shell/Tectia Server on Windows Host Identification Key Permission Vulnerability
BugTraq ID: 14116
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14116
$BMWLs(B:
Windows $B%W%i%C%H%U%)!<%`>e$G2TF0$9$k(B SSH Secure Shell/Tectia Server $B$K$O!"(B
$BF1$8%3%s%T%e!<%?$r;HMQ$9$kB>$N%f!<%6$KHkL)80$r3+<($7$F$7$^$&LdBj$,B8:
_$9(B
$B$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"HkL)80$,3JG<$5$l$F$$$k%U%!%$%k$KBP$7!"%
;%-%e(B
$B%j%F%#>eITE,@Z$J%Q!<%_%C%7%g%s$,%G%U%)%k%H$G4XO"IU$1$i$l$k$3$H$KM3Mh$
7$^(B
$B$9!#(B

$B%[%9%H(B ID $B%-!<$r<hF@$G$-$k0-0U$"$k%f!<%6$O!"$3$N80$r;HMQ$7$F%/%i%$%"%s%H(B
$B$KBP$7$F967b$r;E3]$1$k2DG=@-$,$"$j$^$9!#(B

Tectia Server $B%j%j!<%9(B 4.0 $B0J9_!"(BSSH Secure Shell $B$H$$$&@=IJL>$O!"(BTectia
Server $B$KJQ99$5$l$^$7$?!#(B

48. Mambo Open Source Multiple Unspecified Injection Vulnerabilities
BugTraq ID: 14117
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14117
$BMWLs(B:
Mambo $B$K$O!"A^F~$K4X$9$kL$FCDj$NJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l(B

$B$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$F$$$k$H9M$($i$l$^$9!#(B

$B$3$l$i$NLdBj$NMxMQ$K@.8y$9$k$H!"IT@5%"%/%;%9$,<B9T$5$l$k2DG=@-$,$"$j$
^$9!#(B
$B$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

$B%Y%s%@$O(B Mambo 4.5.2.2 $B0J9_$K$*$$$F$3$l$i$NLdBj$r=$@5$7$F$$$^$9!#$3$l$h(B
$B$jA0$N%P!<%8%g%s$,1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

49. Mambo Open Source Session ID Spoofing Vulnerability
BugTraq ID: 14119
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14119
$BMWLs(B:
Mambo $B$K$O!"%;%C%7%g%s(BID $B$,56Au$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B%Y%s%@$O!"(BMambo 4.5.2.2 $B0J9_$G$3$NLdBj$r=$@5$7$F$$$^$9!#$3$l$h$jA0$N%P!<(B
$B%8%g%s$K$*$$$F!"LdBj$,Js9p$5$l$F$$$^$9!#(B

50. Mambo Open Source MosDBTable Class Unspecified Vulnerability
BugTraq ID: 14120
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14120
$BMWLs(B:
Mambo $B$K$O!"L$FCDj$N%;%-%e%j%F%#>e$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLd(B

$BBj$O!"(BMambo $B$N(B mosDBTable $B%/%i%9$N%P%$%s%I%a%=%C%I$K$*$1$kLdBj$KM3Mh$7$F(B
$B$$$k$H%Y%s%@$h$jJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$N1F6A$O!"8=;~E@$G$OITL@$G$9!#>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99(B
$B?7$5$l$kM=Dj$G$9!#(B

51. KDE DCOPServer Local Denial of Service Vulnerability
BugTraq ID: 14122
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-06-30
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14122
$BMWLs(B:
NetBSD $B$O!"%m!<%+%k$G%5!<%S%9ITG=>uBV$K4Y$kLdBj$,B8:_$9$k$3$H$rJs9p$7$F(B
$B$$$^$9!#$3$NLdBj$O!"(Bclcs $B%*!<%G%#%*%I%i%$%P$*$h$S(B emuxki $B%*!<%G%#%*%I%i(B
$B%$%P$KB8:_$9$k%+!<%M%k%l%Y%k$N%P%0$KM3Mh$7$^$9!#(BNetBSD 1.6 $B$+$i(B 2.0.2 $B$K(B
$B$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

$B%*!<%G%#%*%G%P%$%9$K%"%/%;%9$,2DG=$J%m!<%+%k%f!<%6$O!"FCDj$N%O!<%I%&%
'%"(B
$B$,<h$jIU$1$i$l$F$$$k%7%9%F%`>e$G%+!<%M%k$K>c32$rH/@8$5$;$k$3$H$,2DG=$
G$9!#(B
$B$3$l$i$N%I%i%$%P$K4XO"IU$1$i$l$F$$$k%G%P%$%9$O<!$N$H$*$j$G$9!#(B

CS4280/4281$B!"(BSB Live$B!"$^$?$O(B SB PC 512

$B$3$NLdBj$O!"%m!<%+%k%f!<%6$,%*!<%G%#%*%G%P%$%9$K%"%/%;%92DG=$G$"$k%^%
k%A(B
$B%f!<%6%7%9%F%`$K$*$$$FH/@8$7$^$9!#%f!<%6$,%*!<%G%#%*%G%P%$%9$K%"%/%;%
9$7(B
$B$J$$$H8+9~$^$l$k%7%9%F%`$K$*$$$F$O!"%^%k%A%a%G%#%"%"%W%j%1!<%7%g%s$r%
$%s(B
$B%9%H!<%k$9$k:]$K(B setuid $B%S%C%H$,IUM?$5$l$k>l9g$,$"$j$^$9!#$3$N$h$&$K%$%s(B
$B%9%H!<%k$5$l$?%"%W%j%1!<%7%g%s<+BN$K%;%-%e%j%F%#>e$NLdBj$,B8:_$7$F$$$
?>l(B
$B9g!"967bMQ$N%Q%9$rDs6!$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

52. Prevx Pro 2005 Intrusion Prevention System Multiple Vulnerabilities
BugTraq ID: 14123
$B%j%b!<%H$+$i$N:F8=@-(B:$B$J$7(B
$B8xI=F|(B: 2005-07-01
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14123
$BMWLs(B:
Prevx Pro 2005 Intrusion Prevention System $B$O!"%;%-%e%j%F%#>e$NJ#?t$NLd(B
$BBj$N1F6A$r<u$1$^$9!#(B

$B%m!<%+%k$N967b<T$O!"$3$N%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#5!G=$r2sHr$9$k$
3$H(B
$B$,$G$-$^$9!#$3$NLdBj$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$KBP$9$kMM!9$J967b$
,0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B8=;~E@$G$O!"(BPrevx Pro 2005 $B$N$9$Y$F$N%P!<%8%g%s$,LdBj$N1F6A$r<u$1$k$H9M(B
$B$($i$l$^$9!#(B

53. Golden FTP Server Pro Multiple Remote Vulnerabilities
BugTraq ID: 14124
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-01
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14124
$BMWLs(B:
Golden FTP Server Pro $B$O!"%j%b!<%H$+$i<B9T2DG=$JJ#?t$NLdBj$N1F6A$r<u$1$^(B
$B$9!#(B

$B0J2<$NLdBj$,H/8+$5$l$F$$$^$9!#(B

Golden FTP Server Pro $B$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k2DG=@-$,$"(B
$B$j$^$9!#%j%b!<%H$N967b<T$O!"%"%W%j%1!<%7%g%s%G%#%l%/%H%j$K3JG<$5$l$F$
$$k(B
$B%U%!%$%kL>$*$h$S%f!<%6L>$r3+<($9$k2DG=@-$,$"$j$^$9!#(B

$B967b<T$O!"B8:_$7$F$$$J$$%U%!%$%k$NFI$_=P$7$r;n$_$k$3$H$K$h$j!"6&M-$N@
dBP(B
$B%Q%9L>$rGD0.$9$k$3$H$,2DG=$G$9!#(B

$B$3$l$i$NLdBj$O!"LdBj$N$"$k%3%s%T%e!<%?$KBP$7$F99$J$k967b$r;n$_$k$?$a$
N<j(B
$B=u$1$H$J$k2DG=@-$,$"$j$^$9!#(B

Golden FTP Server Pro 2.60 $B$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$^$9!#(B

54. OpenLDAP TLS Plaintext Password Vulnerability
BugTraq ID: 14125
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-01
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14125
$BMWLs(B:
OpenLDAP $B$O!"(BTLS $B$H0l=o$K;HMQ$5$l$?>l9g$K%Q%9%o!<%I$,O31L$9$kLdBj$N1F6A(B
$B$r<u$1$^$9!#(B

$B$3$NLdBj$O!"(BTLS $B$r;HMQ$7$F%9%l!<%V$X$N@\B3$,3NN)$7!"%/%i%$%"%s%H$,%^%9%?!<(B
$B$KBP$7$F;2>H$5$l$k$H$-$K0z$-5/$3$5$l$^$9!#$3$N@\B3$G$O(B TLS $B$O;HMQ$5$l$J(B
$B$$$?$a!"%M%C%H%o!<%/%H%i%U%#%C%/$rK5<u$7!"%f!<%6>ZL@=q$rC%<h$9$k$3$H$
r96(B
$B7b<T$K5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B8=;~E@$G$O!"(BOpenLDAP 2.1.25 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,H=L@$7(B
$B$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

55. PADL Software PAM_LDAP TLS Plaintext Password Vulnerability
BugTraq ID: 14126
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-01
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14126
$BMWLs(B:
PAM_LDAP $B$O!"(BTLS $B$H0l=o$K;HMQ$5$l$?>l9g$K%Q%9%o!<%I$,O31L$9$kLdBj$N1F6A(B
$B$r<u$1$^$9!#(B

$B$3$NLdBj$O!"(BTLS $B$r;HMQ$7$F%9%l!<%V$X$N@\B3$,3NN)$7!"%/%i%$%"%s%H$,%^%9%?!<(B
$B$KBP$7$F;2>H$5$l$k$H$-$K0z$-5/$3$5$l$^$9!#$3$N@\B3$G$O(B TLS $B$O;HMQ$5$l$J(B
$B$$$?$a!"%M%C%H%o!<%/%H%i%U%#%C%/$rK5<u$7!"%f!<%6>ZL@=q$rC%<h$9$k$3$H$
r96(B
$B7b<T$K5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B8=;~E@$G$O!"(BPAM_LDAP $B$N%S%k%I(B 166 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,(B
$BH=L@$7$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

56. OSTicket Multiple Input Validation Vulnerabilities
BugTraq ID: 14127
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-01
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14127
$BMWLs(B:
osTicket $B$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$N1F6A$r<u$1$^$9!#$3(B
$B$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?%G!<%?$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$
J$$(B
$B$3$H$KM3Mh$7$^$9!#(B

$B0J2<$NLdBj$,H/8+$5$l$F$$$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$K$O(B SQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%
?$,(B
$B3+<($5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%
s%I(B
$B%G!<%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$
9!#(B

$B$^$?(B osTicket $B$K$O!"%m!<%+%k$G%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#(B
$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

osTicket 1.3.1 beta $B0JA0$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

57. RaXnet Cacti Input Filter Multiple SQL Injection Vulnerabilities
BugTraq ID: 14128
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-01
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14128
$BMWLs(B:
RaXnet Cacti $B$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O!"F~NOCM%U%#%k%?$N%P%0$KM3Mh$7$F$*$j!"%f!<%6$,;XDj$7$?F
~NO(B
$BCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J(B
$B$$2DG=@-$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

58. RaXnet Cacti Graph_Image.PHP Remote Command Execution Variant Vulnerability
BugTraq ID: 14129
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-01
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14129
$BMWLs(B:
RaXnet Cacti $B$K$O!"%j%b!<%H$+$i%3%^%s%I$,<B9T$5$l$kLdBj$,B8:_$9$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"(B'graph_image.php' $B%9%/%j%W%H$GH/@8$7$^$9!#$3$NLdBj(B
$B$OF~NOCM%U%#%k%?$N%P%0$KM3Mh$7$F$*$j!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%
$%:(B
$B=hM}$,E,@Z$K<B9T$5$l$J$$2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$X$NIT@5%"%/%;%9$J$I!"MM!9$J967
b$,(B
$B0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

59. RaXnet Cacti Config.PHP Design Error Vulnerability
BugTraq ID: 14130
$B%j%b!<%H$+$i$N:F8=@-(B:$B$"$j(B
$B8xI=F|(B: 2005-07-01
$B4XO"$9$k(B URL:http://www.securityfocus.com/bid/14130
$BMWLs(B:
RaXnet Cacti $B$O!"(B'session_start()' $B$*$h$S(B 'addslashes()' $B$N8F$S=P$7$rK8(B
$B$2$k$3$H$r967b<T$K5v$7$F$7$^$&$H$$$&@_7W>e$NITHw$N1F6A$r<u$1$^$9!#(B

$B1F6A$r<u$1$k(B 'session_start()' $B$*$h$S(B 'addslashes()' $B4X?t$O!"967b<T$K$h$C(B
$B$F@)8f$5$l$kCM$K0MB8$9$k(B 'if' $B@)8fJ8$NCf$K%M%9%H2=$5$l$F$$$^$9!#$3$NCM$O!"(B
'register_globals' $B$,@_Dj$5$l$k$H$-$K(B URI $B%Q%i%a!<%?$r2p$7$F@)8f$5$l$k$3(B
$B$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$l$i$NLdBj$rMxMQ$9$k%j%b!<%H$N967b<T$O!"LdBj$N$"$k%=%U%H%&%'%"$G4IM
}%"(B
$B%/%;%98"8B$rC%<h$9$k2DG=@-$,$"$j$^$9!#(B

III.SECURITYFOCUS NEWS
----------------------
1. Flawed USC admissions site allowed access to applicant data
$BCx<T(B:Robert Lemos
$BFn%+%j%U%)%k%K%"Bg3X$N%*%s%i%$%sF~3X4j=q%7%9%F%`$N%W%m%0%i%_%s%0%(%i!
<$K(B
$B$h$j!"F~3X4uK><T$N>pJs$,C/$G$b%"%/%;%92DG=$J>uBV$K$J$C$F$7$^$$$^$7$?!
#(B

http://www.securityfocus.com/news/11239

2. Reverse engineering patches making disclosure a moot choice?
$BCx<T(B:Robert Lemos
$B%W%m%0%i%`=$@5$K$h$C$FH/@8$7$F$7$^$C$?%3!<%I$N:90[$r8!=P$9$k%D!<%k$O!
"F|(B
$B$KF|$K2~NI$5$l$F$$$^$9!#$=$N7k2L!"%;%-%e%j%F%#8&5f<T$H@x:_E*$J967b<T$
NN>(B
$BJ}$K$H$C$F!"%;%-%e%j%F%#>e$NLdBj$rC;;~4V$KFCDj$9$k$3$H$,2DG=$H$J$C$F$
$$^(B
$B$9!#(B

http://www.securityfocus.com/news/11235

3. Open-source projects get free checkup by automated tools
$BCx<T(B:Robert Lemos
Unix $B$K;w$?%*%Z%l!<%F%#%s%0%7%9%F%`$G$"$k(B FreeBSD $B$N%=!<%9%3!<%I$O!"<+F0(B
$BJ,@O%D!<%k$K$h$C$F%3!<%G%#%s%0$NLdBj$,H/8+$5$l$?!":G?7$N%3%_%e%K%F%#%
=%U(B
$B%H%&%'%"$G$9!#(B

http://www.securityfocus.com/news/11230

4. Targeted Trojan-horse attacks hitting U.S., worldwide
$BCx<T(B:Robert Lemos
$B1Q9q$N%$%s%7%G%s%H%l%9%]%s%9%A!<%`(B ($B%;%-%e%j%F%#BP:v%A!<%`(B) $B$O!"9qFb$N4k(B
$B6H$*$h$S@/I\7O5!4X$rI8E*$H$7$?H/8+$,Fq$7$$967b$K$D$$$F7Y9p$rH/$7$^$7$
?!#(B
$B$7$+$7!"%;%-%e%j%F%#4k6H$O!"!V$3$N967b$OJF9q$r4^$`A4@$3&$N4k6H$*$h$SA
H?%(B
$B$rI8E*$H$7$F$$$k!W$H=R$Y$F$$$^$9!#(B

http://www.securityfocus.com/news/11222

5. Sasser suspect goes on trial
$BCx<T(B: John Leyden
$B0-L>9b$$%3%s%T%e!<%?%&%$%k%9(B Sasser $B$r:n@.$7$?$H$7$F9pAJ$5$l$?%I%$%D?M$N(B
$B%F%#!<%s%(%$%8%c!<$O!"K\F|(B (7 $B7n(B 5 $BF|2PMKF|(B) $B%3%s%T%e!<%?$NGK2u9T0Y$N:a(B
$B$G:[H=$r<u$1$kM=Dj$G$9!#(B

http://www.securityfocus.com/news/11238

6. China signs anti-spam pact
$BCx<T(B: Tim Richardson
$BJF9q$K<!$0@$3&Bh(B 2 $B0L$N%9%Q%`@8;:9q$G$"$kCf9q$O!"LBOG%a!<%k$r<h$jDy$^$k(B
$B$?$a$N9q:]6(Dj$K=pL>$7$^$7$?!#(B

http://www.securityfocus.com/news/11236

7. Warning over unpatched IE bug
$BCx<T(B: John Leyden
$B=$@5%Q%C%A$,Ev$F$i$l$F$$$J$$(B Internet Explorer $B$NLdBj$O!"LdBj$N$"$k(B
Windows PC $B$r40A4$K@)8f$9$k$?$a$NJ}K!$r%O%C%+!<$?$A$KDs6!$7$F$$$k!"$H%;(B
$B%-%e%j%F%#8&5f<T$O7Y9p$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11237

8. Net radio station silenced after phishing bust
$BCx<T(B: Jan Libbenga
$B:#=5=i$a!"%N%k%&%'!<$N$H$"$k%$%s%?!<%M%C%H%i%8%*6I$,0l;~E*$KJD:?$5$l$
^$7(B
$B$?!#EA$($i$l$k$H$3$m$K$h$k$H!"=>6H0w$N(B 1 $B?M$,(B eBay $B$N%U%#%C%7%s%0:>5=$r(B
$B9T$C$?$3$H$,860x$G$9!#(B

http://www.securityfocus.com/news/11234

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html

[ reply ]