SecurityFocus

SecurityFocus Newsletter #310 2005-08-01->2005-08-05 Dec 09 2005 08:28AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 310 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Tue, 09 Aug 2005 16:22:48 -0600
Message-ID: <42F92CB8.5030806 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #310
-----------------------------

This Issue is Sponsored By: CrossTec

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Greasing the wheel with Greasemonkey
2. Security still underfunded
3. Windows Syscall Shellcode
II. BUGTRAQ SUMMARY
1. Kayako LiveResponse Multiple Input Validation Vulnerabilities
2. PluggedOut CMS Multiple Input Validation Vulnerabilities
3. PC-Experience/Toppe Unauthorized User Access Vulnerability
4. PC-Experience/Toppe PM.PHP MSG Parameter Cross-Site Scripting Vulnerability
5. Ragnarok Online Control Panel Authentication Bypass Vulnerability
6. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
7. Jabber Studio JabberD Multiple Remote Buffer Overflow Vulnerabilities
8. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
9. MySQL Eventum Multiple SQL Injection Vulnerabilities
10. ChurchInfo Multiple SQL Injection Vulnerabilities
11. PHPFreeNews Multiple Cross Site Scripting Vulnerabilities
12. AderSoftware CFBB Index.CFM Cross-Site Scripting Vulnerability
13. No-Brainer SMTP Client Log_Msg() Remote Format String Vulnerability
14. PHPFreeNews Admin Login SQL Injection Vulnerability
15. OpenBook Admin.PHP SQL Injection Vulnerability
16. Apple Mac OS X Font Book Font Collection Buffer Overflow Vulnerability
17. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions Vulnerability
18. Shiny Entertainment Sacrifice Remote Arbitrary Code Execution Vulnerabilities
19. Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness
20. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial of Service Vulnerability
21. nCipher CHIL Random Cache Leakage Vulnerability
22. Computer Associates BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability
23. Naxtor Shopping Cart Lost_password.PHP Cross Site Scripting Vulnerability
24. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability
25. Naxtor Shopping Cart Shop_Display_Products.PHP SQL Injection Vulnerability
26. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
27. ProRat Server Remote Buffer Overflow Vulnerability
28. Debian Apt-Cacher Remote Command Execution Vulnerability
29. Fusebox Index.CFM Cross-Site Scripting Vulnerability
30. Symantec Norton GoBack Local Authentication Bypass Vulnerability
31. GXT Editor Buffer Overflow Vulnerability
32. Karrigell KS File Arbitrary Python Command Execution Vulnerability
33. Web Content Management Multiple Cross-Site Scripting Vulnerabilities
34. Web Content Management Administrator Account Unauthorized Access Vulnerability
35. Silvernews Admin.PHP SQL Injection Vulnerability
36. Linux Kernel Stack Fault Exceptions Unspecified Local Denial of Service Vulnerability
37. Naxtor E-directory Message.ASP Cross Site Scripting Vulnerability
38. Naxtor E-directory Default.ASP SQL Injection Vulnerability
39. Linux Kernel NFSACL Protocol XDR Data Remote Denial of Service Vulnerability
40. Denora IRC Stats Remote Buffer Overflow Vulnerability
41. LogiCampus Helpdesk Unspecified Cross Site Scripting Vulnerability
42. NetworkActiv Web Server Cross-Site Scripting Vulnerability
43. PortailPHP Index.PHP SQL Injection Vulnerability
44. McDATA E/OS Remote Denial Of Service Vulnerability
45. Microsoft August Advance Notification Unspecified Security Vulnerabilities
46. Linux Kernel XFRM Array Index Buffer Overflow Vulnerability
47. Comdev ECommerce Config.PHP Remote File Include Vulnerability
48. Comdev eCommerce WCE.Download.PHP Directory Traversal Vulnerability
49. Microsoft Windows Unspecified Remote Arbitrary Code Execution Vulnerability
50. Jax PHP Scripts Multiple Cross-Site Scripting Vulnerabilities
51. Jax PHP Scripts Multiple Remote Information Disclosure Vulnerabilities
52. FlatNuke Multiple Cross Site Scripting Vulnerabilities
53. PHPOpenChat Multiple HTML Injection Vulnerabilities
54. FlatNuke User Data Arbitrary PHP Code Execution Vulnerability
55. Lantronix Secure Console Server SCS820/SCS1620 Multiple Local Vulnerabilities
56. EMC Navisphere Manager Directory Traversal And Information Disclosure Vulnerabilities
57. Acunetix Web Vulnerability Scanner Remote Denial of Service Vulnerability
58. PHP-Fusion Messages.PHP SQL Injection Vulnerability
III. SECURITYFOCUS NEWS
1. Microsoft's "monkeys" find first zero-day exploit
2. Annual hacking game teaches security lessons
3. Exploit writers team up to target Cisco routers
4. Reading, rooting, 'rithmetic: Preschoolers learn programming
5. ID theft automated using keylogger Trojan
6. Former 'Spam King' pays MS $7m to settle lawsuit
7. Microsoft quells Vista virus concerns
8. OS exploits are 'old hat'

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------------

II. BUGTRAQ SUMMARY
--------------------
1. Kayako LiveResponse Multiple Input Validation Vulnerabilities
BugTraq ID: 14425
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14425
$BMWLs(B:
Kayako LiveResponse $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj!"(BSQL $B9=J8$r(B
$BCmF~2DG=$JLdBj!"$*$h$S(B HTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O$9$Y$F!"F~NOCM$NBEEv@-3NG'$NITHw$K4XO"$7$F$$$^$9!#(B

$B%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$H(B HTML $B%?%0$rA^F~2DG=$JLdBj$K$h$j!"(B
Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j(B
$B$^$9!#(BSQL $B9=J8$rCmF~2DG=$JLdBj$O!"%j%b!<%H$N967b<T$,%=%U%H%&%'%"$KBP$9$k(B
$B6<0R$r>7$$$?$j!"%G!<%?%Y!<%9$KBP$7$FB>$N967b$r<B9T$7$?$j$9$k$3$H$r5v$
7$F(B
$B$7$^$&2DG=@-$,$"$j$^$9!#(B

2. PluggedOut CMS Multiple Input Validation Vulnerabilities
BugTraq ID: 14426
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14426
$BMWLs(B:
PluggedOut CMS $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$NLdBj$*$h$S(B SQL $B9=J8$r(B
$BCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$BLdBj$,MxMQ$5$l$k$3$H$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$d%G!<%?%Y!<(B
$B%9$N%G!<%?$KBP$9$kIT@5%"%/%;%9$J$I$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$
=$N(B
$BB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

3. PC-Experience/Toppe Unauthorized User Access Vulnerability
BugTraq ID: 14427
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14427
$BMWLs(B:
PC-Experience $B$*$h$S(B Toppe $B$O!"%j%b!<%H$N967b<T$,G$0U$N%f!<%6%"%+%&%s%H(B
$B$KIT@5$K%"%/%;%9$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"
(B
Cookie $BG'>Z$K4XO"$9$k%"%/%;%9$NBEEv@-3NG'$NITHw$KM3Mh$7$^$9!#(B

4. PC-Experience/Toppe PM.PHP MSG Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 14428
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14428
$BMWLs(B:
PC-Experience $B$*$h$S(B Toppe $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1(B
$B$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%j%b!<%H$N967b<T$,B>$N(B PC-Experience/Toppe
$B%f!<%6$N(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$K%"%/%;%9$9$k$3$H$r5v$7$F$7$^$&2DG=(B
$B@-$,$"$j$^$9!#(B

5. Ragnarok Online Control Panel Authentication Bypass Vulnerability
BugTraq ID: 14429
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14429
$BMWLs(B:
Ragnarok Online Control Panel (ROCP) $B$K$O!"%j%b!<%H$N967b<T$,%f!<%6G'>Z(B
$B$r2sHr$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(BPHP $BJQ?t$N=hM}J}K!$K4XO"$7$F$*$j!"(B
$B%f!<%6$NG'>ZMQ>pJs$N3NG'$N$?$a$K;HMQ$5$l$kJQ?t$r967b<T$,A`$k$3$H$r5v$
7$F(B
$B$7$^$$$^$9!#(B

$BLdBj$NMxMQ$K$h$j!"(BROCP $B%5%$%H$KBP$7$F4IM}<T%"%/%;%9$,<B9T$5$l$k2DG=@-$,(B
$B$"$j$^$9!#(B

$B$3$l$O!"(BApache Web $B%5!<%P$r;HMQ$9$k(B ROCP $B$r%[%9%H$9$k%5%$%H$K8BDjE*$JLd(B
$BBj$G$"$k2DG=@-$,$"$j$^$9!#$3$l$K$D$$$F$O!"L$8!>Z$G$9!#(B

6. NetCPlus BusinessMail Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14434
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14434
$BMWLs(B:
BusinessMail $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$K4XO"$9$k(B
$BJ#?t$NLdBj$N1F6A$r<u$1$^$9!#$3$l$i$NLdBj$O6-3&%A%'%C%/$NITHw$KM3Mh$7!
"%j(B
$B%b!<%H$N967b<T$,%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%^%7%s%3!
<%I(B
$B$r<B9T$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

BusinessMail 4.60 $B$K$*$$$F!"LdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#$=(B
$B$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

7. Jabber Studio JabberD Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 14435
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14435
$BMWLs(B:
Jabber Studio $B$N(B jabberd $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<(B
$B$K4XO"$9$kJ#?t$NLdBj$N1F6A$r<u$1$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"%5!<%P%W%m%;%9$N8"8B$G%3%s%T%e!<%?>e$
GG$(B
$B0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$d8"8B>
:3J(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

jabberd 2.0s8 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$^$9!#(B

8. MySQL Eventum Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14436
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14436
$BMWLs(B:
MySQL Eventum $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$,B8(B
$B:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%
$%:(B
$B=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$
9$k(B
$B2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N96(B
$B7b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

9. MySQL Eventum Multiple SQL Injection Vulnerabilities
BugTraq ID: 14437
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14437
$BMWLs(B:
MySQL Eventum $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

10. ChurchInfo Multiple SQL Injection Vulnerabilities
BugTraq ID: 14438
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14438
$BMWLs(B:
ChurchInfo $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+(B
$B<($5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%
I%G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

11. PHPFreeNews Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14439
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14439
$BMWLs(B:
PHPFreeNews $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%
:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$
N$"(B
$B$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$i$NLdBj$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J(B
$B$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

12. AderSoftware CFBB Index.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14440
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14440
$BMWLs(B:
CFBB $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#$3$N(B

$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$"$
k%5(B
$B%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG
=@-(B
$B$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

CFBB 1.1.0 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A(B
$B$r<u$1$k2DG=@-$,$"$j$^$9!#(B

13. No-Brainer SMTP Client Log_Msg() Remote Format String Vulnerability
BugTraq ID: 14441
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14441
$BMWLs(B:
nbSMTP $B$N%a%C%;!<%8$N%m%.%s%05!G=$O!"%j%b!<%H$+$iMxMQ2DG=$J%U%)!<%^%C%H(B
$B%9%H%j%s%0$NLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$O!";XDj$5$l$?%U%)!<%^%C%H$
KJQ(B
$B49$7$F=PNO$r9T$&4X?t$G%f!<%6$,;XDj$7$?F~NOCM$r%U%)!<%^%C%H;XDj;R$H$7$
F;H(B
$BMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"G$0U$N%W%m%;%9%a%b%j$K=q$-9~$_!
"%3!<(B
$B%I$N<B9T$r0z$-5/$3$92DG=@-$,$"$j$^$9!#(B

14. PHPFreeNews Admin Login SQL Injection Vulnerability
BugTraq ID: 14442
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14442
$BMWLs(B:
PHPFreeNews $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K(B
$B%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

15. OpenBook Admin.PHP SQL Injection Vulnerability
BugTraq ID: 14444
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14444
$BMWLs(B:
OpenBook $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLd(B
$BBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?(B
$B%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

16. Apple Mac OS X Font Book Font Collection Buffer Overflow Vulnerability
BugTraq ID: 14445
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14445
$BMWLs(B:
Apple Font Book $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%U%)%s%H%3%l%/%7%g%s%U%!%$%k$,=hM}$5$l$k$H$-$KH/@8$7$^$9!#$
3$N(B
$BLdBj$O!"%U%)%s%H%3%l%/%7%g%s$N%P%s%I%k$K4^$^$l$k%f!<%6$,M?$($?%G!<%?$
N6-(B
$B3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7!"FbIt%P%C%U%!$N%*!<%P!<%U%
m!<(B
$B$*$h$S%a%b%jGK2u$r0z$-5/$3$7$^$9!#$3$l$i$N%U%!%$%k$O30It%=!<%9$KM3Mh$
9$k(B
$B>l9g$,$"$k$?$a!"%j%b!<%H$+$i$3$NLdBj$rMxMQ$G$-$k$H9M$($i$l$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$O!"$3$l$i$N%U%!%$%k$N%G%U%)%k%H$N%O%s%I%i$G$"$k2
DG=(B
$B@-$,$"$k$?$a!"0-0U$"$k(B Web $B%Z!<%8$r;HMQ$9$k$J$I$N<jCJ$K$h$jLdBj$,MxMQ$5(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

$BLdBj$NMxMQ$,@.8y$9$k$H!"$3$N%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%6$N%;%-%e%
j%F%#(B
$B%3%s%F%-%9%HFb$GG$0U$N%3!<%I<B9T$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

17. Trend Micro OfficeScan POP3 Module Shared Section Insecure Permissions Vulnerability
BugTraq ID: 14448
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14448
$BMWLs(B:
Trend Micro OfficeScan $B$N(B pop3 $B%b%8%e!<%k$G$O!"6&M-%;%/%7%g%s$,%;%-%e%j(B
$B%F%#>eE,@Z$K;HMQ$5$l$^$;$s!#(B

$B967b<T$O!"LdBj$N$"$k%a%b%jNN0h$K3JG<$5$l$F$$$k%G!<%?$rFI$_<h$j!"@x:_E
*$K(B
$B=EMW$J>pJs$K%"%/%;%9$9$k2DG=@-$,$"$j$^$9!#$^$?!"6&M-%a%b%j%;%0%a%s%H$
KG$(B
$B0U$N%G!<%?$r=q$-9~$`2DG=@-$b$"$j$^$9!#(B

$B$3$NNN0h$K%G!<%?$r=q$-9~$`$3$H$K$h$j!"EE;R%a!<%k$N(B pop3 $B%b%8%e!<%k$G%^%k(B
$B%&%'%"$,<WCG$5$l$?$H$-$K%f!<%6$KI=<($5$l$k%a%C%;!<%8$r2~$6$s$9$k2DG=@
-$,(B
$B$"$j$^$9!#$3$l$O%=!<%7%c%k%(%s%8%K%"%j%s%0967b$GMxMQ$5$l$k2DG=@-$,$"$
j$^(B
$B$9!#(B

$B$3$NLdBj$NMxMQ$K$h$j!"(BOfficeScan $B%5!<%S%9$,%/%i%C%7%e$7$?$j!"(BSystem $B%l%Y(B
$B%k$N8"8B$GG$0U$N%^%7%s%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#$3$l$K$D$$$
F$O!"(B
$BL$8!>Z$G$9!#(B

OfficeScan 5.58 $B$K$*$$$F!"$3$NLdBj$,Js9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s(B
$B$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9(B

18. Shiny Entertainment Sacrifice Remote Arbitrary Code Execution Vulnerabilities
BugTraq ID: 14449
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14449
$BMWLs(B:
Sacrifice $B$O!"%j%b!<%H$+$i$NG$0U$N%3!<%I<B9T$K4XO"$9$kJ#?t$NLdBj$N1F6A$r(B
$B<u$1$^$9!#$3$l$i$NLdBj$K$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%
m!<(B
$B$NLdBj!"$*$h$S%j%b!<%H$+$iMxMQ2DG=$J%U%)!<%^%C%H%9%H%j%s%0$NLdBj$,4^$
^$l(B
$B$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%
-%9(B
$B%HFb$GG$0U$N%3!<%I$r<B9T$7!"IT@5%"%/%;%9$r9T$&2DG=@-$,$"$j$^$9!#(B

Sacrifice patch 3 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$^$9!#(B

19. Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness
BugTraq ID: 14450
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14450
$BMWLs(B:
Info-ZIP unzip $B$K$O!"%;%-%e%j%F%#>e$NLdBj$,B8:_$9$k5?$$$,$"$k$HJs9p$5$l(B
$B$F$$$^$9!#$3$NLdBj$O!"$9$Y$F$N%f!<%6$,=q$-9~$_$G$-$k!"$^$?$O%0%k!<%W$
G=q(B
$B$-9~$_$G$-$k%G%#%l%/%H%j$K%"!<%+%$%V$,Cj=P$5$l$k>l9g$K$N$_H/@8$7$^$9!
#(B
unzip $B$G$O!"?7$7$/Cj=P$7$?%U%!%$%k$KBP$7$FHs%"%H%_%C%/$J%W%m%7!<%8%c$G=q(B

$B$-9~$_$r<B9T$7!"$=$N8e%Q!<%_%C%7%g%s$rJQ99$9$k$3$H$,Js9p$5$l$F$$$^$9!
#(B

$B%m!<%+%k$N967b<T$O$3$NLdBj$rMxMQ$7$F!"I8E*%U%!%$%k$N%U%!%$%k%Q!<%_%C%
7%g(B
$B%s$r2~$6$s$9$k2DG=@-$,$"$j$^$9!#(B

20. Pablo Software Solutions Quick 'n Easy FTP Server User Command Denial of Service Vulnerability
BugTraq ID: 14451
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14451
$BMWLs(B:
Quick 'n Easy FTP Server $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV(B
$B$K4Y$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%/%i%$%"%s%H$,(B USER $B%3%^%s%I$KBP$7$F2a(B
$BEY$KD9$$0z?t$r;XDj$9$k$3$H$K$h$j0z$-5/$3$5$l$^$9!#(B

$BLdBj$NMxMQ$,@.8y$9$k$H!"%j%=!<%9$N>CLW$K$h$j%/%i%C%7%e$,0z$-5/$3$5$l$
k2D(B
$BG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"Ev=i%P%C%U%!%*!<%P!<%U%m!<$NLdBj$G$"$k$H<1JL$5$l$^$7$?!#9
9$J(B
$B$k>\:Y$,8x3+$5$l$?$N$KH<$$!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$KJQ99$5$l$^$7$
?!#(B

21. nCipher CHIL Random Cache Leakage Vulnerability
BugTraq ID: 14452
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14452
$BMWLs(B:
nCipher $B$N(B CHIL $B%i%$%V%i%j$O!"%-%c%C%7%e$,%i%s%@%`$KO31L$9$kLdBj$N1F6A$r(B
$B<u$1$^$9!#(B

$B$3$NLdBj$O!"%W%m%0%i%`$,(B nCipher $B$N%O!<%I%&%'%"%b%8%e!<%k$+$i%i%s%@%`%P(B
$B%$%H$r<hF@$7$h$&$H$9$k$H$-$K0z$-5/$3$5$l$^$9!#%i%$%V%i%j$r8F$S=P$9%W%
m%0(B
$B%i%`$N%W%m%;%9$,J,4t$9$k>l9g$O!";R%W%m%;%9$,7Q>5$9$k%-%c%C%7%e$O!"?F$
N%-%c%C(B
$B%7%e$HF10l$N%i%s%@%`@-$r;}$D$3$H$K$J$j$^$9!#(B

$B%W%m%;%9$,J,4t$7!"(BCHIL $B$r;HMQ$7$F%i%s%@%`%G!<%?$r@8@.$9$k%"%W%j%1!<%7%g(B
$B%s$N<oN`$K$h$j!"$3$NLdBj$N1F6A$O0[$J$j$^$9!#(BSSL $B%O%s%I%7%'%$%/$N<:GT$K$h(B
$B$j(B Web $B%5!<%P$,%5!<%S%9ITG=>uBV$K4Y$C$?$j!"B>$N967b$,<B9T$5$l$?$j$9$k2D(B
$BG=@-$,$"$j$^$9!#(B

$B%W%m%;%9$,J,4t$7!"D>@\$^$?$O(B OpenSSL $B$r2p$7$F(B CHIL $B$r;HMQ$9$k%"%W%j%1!<(B
$B%7%g%s$O!"$3$NLdBj$N1F6A$r<u$1$^$9!#(BOpenSSL 0.9.6-ENGINE $B$*$h$S(B 0.9.7 $B$G(B
$B$O!"(B"chil" $B%(%s%8%s$,M-8z$K$J$C$F$$$k>l9g$K(B CHIL $B$r;HMQ$7!"(BRAND_bytes $B$^(B
$B$?$O(B RAND_pseudo_bytes $B$r2p$7$FMp?t$,@8@.$5$l$^$9!#(B

22. Computer Associates BrightStor ARCserve Backup Remote Buffer Overflow Vulnerability
BugTraq ID: 14453
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14453
$BMWLs(B:
Computer Associates $B$N(B BrightStor ARCserve Backup $B$*$h$S(B BrightStor
Enterprise Backup Agents for Windows $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%9%?%C%/(B
$B>e$G$N%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"<u$1<
h$k(B
$B%G!<%?$N6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B SYSTEM
$B8"8B$GG$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$^$?!"%5!<%S%9ITG=>uBV$
,0z(B
$B$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

23. Naxtor Shopping Cart Lost_password.PHP Cross Site Scripting Vulnerability
BugTraq ID: 14454
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14454
$BMWLs(B:
Naxtor Shopping Cart $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$
K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$"$
k%5(B
$B%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG
=@-(B
$B$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

24. Metasploit Framework MSFWeb Defanged Mode Restriction Bypass Vulnerability
BugTraq ID: 14455
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14455
$BMWLs(B:
Metasploit Framework $B$N(B msfweb $B$K$O!"@)8B$,2sHr$5$l$k2DG=@-$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%"%/%;%9%3%s%H%m!<%k$N@)8B$,E,@Z$K<BAu$5$l$F$$$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B$3$NLdBj$O!"%j%b!<%H$N967b<T$,LdBj$N$"$k(B Web $B%5!<%P$N%;%-%e%j%F%#@)8B$r(B
$B2sHr$9$k$3$H$r5v$7$F$7$^$$$^$9!#967b<T$OLdBj$N$"$k(B msfweb $B%W%m%;%9$r%[%9(B
$B%H$9$k%3%s%T%e!<%?$+$i967b$,9T$o$l$F$$$k4V!"(BMetasploit Framework $B$r;HMQ(B
$B$7$FG$0U$N%3%s%T%e!<%?$KBP$7$F967b$r<B9T$9$k$?$a$K$3$NLdBj$rMxMQ$9$k2
DG=(B
$B@-$,$"$j$^$9!#(B

$B$^$?!"967b<T$O(B Metasploit Framework $B$N%Z%$%m!<%I5!G=$rA`:n$7$F(Bmsfweb$B$r%[(B
$B%9%H$9$k%3%s%T%e!<%?>e$N%U%!%$%k$r2~$6$s$7!"G$0U$N%3!<%I$r<B9T$7$F%7%
9%F(B
$B%`$KBP$9$k6<0R$r>7$/2DG=@-$,$"$j$^$9!#(B

Metasploit Framework $B$N%^%K%e%"%k$G$O!"@x:_E*$J%;%-%e%j%F%#>e$NLdBj$K$h(B
$B$j!"(Bmsfweb $B$O$9$Y$F$N%f!<%6$,%"%/%;%9$G$-$k$h$&$K$9$Y$-$G$O$J$$$HL@5-$7(B
$B$F$$$kE@$KN10U$9$Y$-$G$9!#(B

25. Naxtor Shopping Cart Shop_Display_Products.PHP SQL Injection Vulnerability
BugTraq ID: 14456
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14456
$BMWLs(B:
Naxtor Shopping Cart $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~(B
$BNOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

26. Microsoft ActiveSync Network Synchronization Multiple Vulnerabilities
BugTraq ID: 14457
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14457
$BMWLs(B:
Microsoft ActiveSync $B$G;HMQ$5$l$k%M%C%H%o!<%/F14|%W%m%H%3%k$G$O!"$$$/$D(B
$B$+$NLdBj$,H/8+$5$l$F$$$^$9!#(B

$BBh(B 1 $B$K!"$9$Y$F$N%M%C%H%o!<%/%H%i%U%#%C%/$GJ?J8$r;HMQ$7$FDL?.$,9T$o$l$k(B

$BLdBj$,B8:_$7$^$9!#(B

$BBh(B 2 $B$K!"%Q%9%o!<%IG'>Z$,7gG!$7$F$$$kLdBj$,B8:_$7$^$9!#(B

$BBh(B 3 $B$K!"%M%C%H%o!<%/7PM3$GF14|$r3+;O$7$h$&$H$9$k$H>pJs$,3+<($5$l$kLdBj(B

$B$,B8:_$7$^$9!#(B

$BBh(B 4 $B$K!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$,B8:_$7$^$9!#(B

$B$3$l$i$NLdBj$rAH$_9g$o$;$FMxMQ$9$k$3$H$K$h$j!"%m!<%+%k$N967b<T$O@x:_E
*$K(B
$B=EMW$J>pJs$K%"%/%;%9$7!"99$J$k967b$N<j=u$1$H$7$F;HMQ$G$-$^$9!#$^$?967
b<T(B
$B$O!"F14|%W%m%H%3%k$N%7%_%e%l!<%H$K$h$C$F%G!<%?$N2~$6$s$dGK2u$r<B9T$7$
?$j!"(B
ActiveSync $B%5!<%S%9$rGK2u$7$?$j$9$k2DG=@-$,$"$j$^$9!#(B

27. ProRat Server Remote Buffer Overflow Vulnerability
BugTraq ID: 14458
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14458
$BMWLs(B:
ProRat Server $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F(B
$B6A$r<u$1$^$9!#(B

$B967b$,@.8y$9$k$H!"8GDjD9$N%P%C%U%!$G%*!<%P!<%U%m!<$,0z$-5/$3$5$l!"LdB
j$N(B
$B$"$k%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$k2DG
=@-(B
$B$,$"$j$^$9!#$3$l$K$h$j!"967b<T$,8"8B$r>:3J$5$;$k$3$H$,5v$5$l$F$7$^$&2
DG=(B
$B@-$,$"$j$^$9!#(B

28. Debian Apt-Cacher Remote Command Execution Vulnerability
BugTraq ID: 14459
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14459
$BMWLs(B:
apt-cacher $B$K$O!"%j%b!<%H$+$i%3%^%s%I$,<B9T$5$l$k5?$$$,$"$j$^$9!#(B

$B6qBNE*$K$O!"%-%c%C%7%e$r9T$&%[%9%H$H$7$F5!G=$7$F$$$k%3%s%T%e!<%?>e$G!
"%j(B
$B%b!<%H$N967b<T$,(B 'www-data' $B$N8"8B$GG$0U$N%3%^%s%I$r<B9T$9$k$,5v$5$l$F$7(B
$B$^$&2DG=@-$,$"$j$^$9!#(B

$B$3$l$K$h$j!"967b<T$OLdBj$N$"$k%3%s%T%e!<%?$KIT@5$K%"%/%;%9$9$k2DG=@-$
,$"(B
$B$j$^$9!#(B

29. Fusebox Index.CFM Cross-Site Scripting Vulnerability
BugTraq ID: 14460
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14460
$BMWLs(B:
Fusebox $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$
3$H(B
$B$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$"$
k%5(B
$B%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG
=@-(B
$B$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

Fusebox 4.1.0 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#$=$NB>(B
$B$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

$B@=IJ=P2Y;~$K$O%l%$%"%&%H@_Dj%U%!%$%k$,4^$^$l$F$$$J$$$?$a!"$3$NLdBj$,B
8:_(B
$B$9$k$H$O9M$($i$l$F$$$^$;$s!#$3$l$K$D$$$F$O!"(BSymantec $B$G$OL$8!>Z$G$9!#(B

30. Symantec Norton GoBack Local Authentication Bypass Vulnerability
BugTraq ID: 14461
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14461
$BMWLs(B:
Norton GoBack $B$K$O!"%m!<%+%k$GG'>Z$,2sHr$5$l$k5?$$$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"G$0U$N%Q%9%o!<%ICM$,<u$1F~$l$i$l!"967b<T$,$5$^$6$^$
J@_(B
$BDjJQ99$r<B9T$9$k$3$H$,5v$5$l$F$7$^$$$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG
=@-(B
$B$b$"$j$^$9!#(B

Symantec $B$O!"8=:_$3$NLdBj$rD4::Cf$G$9!#99$J$kJ,@O$,40N;<!Bh!"$3$N(B BID $B$O(B
$B99?7$5$l$kM=Dj$G$9!#(B

31. GXT Editor Buffer Overflow Vulnerability
BugTraq ID: 14462
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14462
$BMWLs(B:
GXT Editor $B$O!"%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"(B
$B%f!<%6$,;XDj$7$?%G!<%?$N6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$
^$9!#(B

$B967b$,@.8y$9$k$H!"8GDjD9$N%P%C%U%!$G%*!<%P!<%U%m!<$,0z$-5/$3$5$l!"LdB
j$N(B
$B$"$k%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$
5$l(B
$B$k2DG=@-$,$"$j$^$9!#(B

32. Karrigell KS File Arbitrary Python Command Execution Vulnerability
BugTraq ID: 14463
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-07-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14463
$BMWLs(B:
Karrigell $B$K$O!"G$0U$N(B Python $B%3%^%s%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#$3$N(B
$BLdBj$O!"@_7W>e$NITHw$K$h$j!"K\Mh%"%/%;%9$G$-$J$$(B Python $B%3%^%s%I$r%j%b!<(B
$B%H$N967b<T$,<B9T$9$k$3$H$,5v$5$l$F$7$^$&$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BKarrigell $B%U%l!<%`%o!<%/$N%[%9%H$H$J$k(B Web
$B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N(B Python $B%3%^%s%I$r<B9T$9$k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"%j%b!<%H$N0-0U$"$k%f!<%6$O%5!<%S%9ITG=>uB
V$r(B
$B0z$-5/$3$7$?$j!"G$0U$N%U%!%$%k$N:n@.$d>e=q$-$r<B9T$7$?$j$G$-$^$9!#$^$
?!"(B
$B%[%9%H%3%s%T%e!<%?$KBP$9$k6<0R$r>7$/2DG=@-$b$"$j$^$9!#(B

33. Web Content Management Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14464
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14464
$BMWLs(B:
Web content management $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t(B
$B$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOC
M$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$
9$k(B
$B2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N96(B
$B7b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

34. Web Content Management Administrator Account Unauthorized Access Vulnerability
BugTraq ID: 14465
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14465
$BMWLs(B:
Web content management $B$K$O!"IT@5%"%/%;%9$,<B9T$5$l$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"4IM}5!G=$X$N%"%/%;%9$,E,@Z$K4IM}$5$l$J$$$3$H$KM3Mh$7$^$9!#
(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"40A4$J4IM}<T8"8B$GLdBj$N$"$k%"%W%j%1!<%7%
g%s(B
$B$K%"%/%;%9$G$-$^$9!#$^$?!"%P%C%/%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$,2C$
($i(B
$B$l$k2DG=@-$,$"$j$^$9!#B>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

35. Silvernews Admin.PHP SQL Injection Vulnerability
BugTraq ID: 14466
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14466
$BMWLs(B:
Silvernews $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

SQL $B9=J8$rCmF~$9$k<jK!$r;HMQ$7$F4IM}<T8"8B$K$h$k%m%0%$%s$r2sHr$9$k$3$H$K
(B
$B$h$j!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$k2DG=@-$,$"$j$^$9!#(B

36. Linux Kernel Stack Fault Exceptions Unspecified Local Denial of Service Vulnerability
BugTraq ID: 14467
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14467
$BMWLs(B:
Linux Kernel $B$K$O!"%m!<%+%k$G%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"%m!<%+%k%f!<%6$,%9%?%C%/0cH?$NNc30$rH/@8$5$;$?$H$-$KH/@8$
7$^(B
$B$9!#%m!<%+%k$N967b<T$O$3$NLdBj$rMxMQ$7$F!"%+!<%M%k$r%/%i%C%7%e$5$;$k$
3$H(B
$B$K$h$j!"LdBj$N$"$k%3%s%T%e!<%?$r%5!<%S%9ITG=>uBV$K4Y$l$k2DG=@-$,$"$j$
^$9!#(B

37. Naxtor E-directory Message.ASP Cross Site Scripting Vulnerability
BugTraq ID: 14468
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14468
$BMWLs(B:
Naxtor E-directory $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,(B
$B$"$j$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N(B Web $B%V%i%&%6$K(B HTML
$B$d%9%/%j%W%H%3!<%I$rA^F~$G$-$^$9!#$3$l$K$h$j!"967b<T$O(B Cookie $B$KM3Mh$9$k(B
$BG'>ZMQ>pJs$r@`<h$9$k2DG=@-$,$"$j$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG=@-$
b$"(B
$B$j$^$9!#(B

38. Naxtor E-directory Default.ASP SQL Injection Vulnerability
BugTraq ID: 14469
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-03
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14469
$BMWLs(B:
Naxtor E-directory $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$BLdBj$NMxMQ$,@.8y$9$k$H!"LdBj$N$"$k%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%
F%-(B
$B%9%HFb$G40A4$J4IM}<T%"%/%;%9$,<B9T$5$l$F$7$^$$$^$9!#(B

39. Linux Kernel NFSACL Protocol XDR Data Remote Denial of Service Vulnerability
BugTraq ID: 14470
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-04
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14470
$BMWLs(B:
Linux Kernel $B$O!"(Bnfsacl $B%W%m%H%3%k$N(B XDR $B%G!<%?$r=hM}$9$k$H$-$K!"%j%b!<(B
$B%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$K4X$9$k6qBNE*$J>\:Y$O8x3+$5$l$F$$$^$;$s!#967b<T$O%+!<%M%k%a%
b%j(B
$B$rGK2u$9$k$?$a$K!"2aEY$KD9$$J8;zNs$NCM$r4^$`(B XDR $B%G!<%?$r0U?^E*$K:n@.$9(B
$B$k$H?d;!$5$l$^$9!#(B

$B$3$l$K$h$j!"%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#(B

40. Denora IRC Stats Remote Buffer Overflow Vulnerability
BugTraq ID: 14471
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-04
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14471
$BMWLs(B:
Denora IRC Stats $B$O!"%j%b!<%H$+$i$N967b$K$h$k%P%C%U%!%*!<%P!<%U%m!<$NLd(B
$BBj$N1F6A$r<u$1$^$9!#(B

$B967b$,@.8y$9$k$H%a%b%j$,GK4~$5$l!"967b<T$,%"%W%j%1!<%7%g%s$N%;%-%e%j%
F%#(B
$B%3%s%F%-%9%HFb$GG$0U$N%3!<%I$r<B9T$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$
j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

Denora IRC Stats 1.1.0 $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1(B
$B$^$9!#(B

41. LogiCampus Helpdesk Unspecified Cross Site Scripting Vulnerability
BugTraq ID: 14472
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-04
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14472
$BMWLs(B:
LogiCampus $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N(B Web $B%V%i%&%6$K(B HTML
$B$d%9%/%j%W%H%3!<%I$rA^F~$G$-$^$9!#$3$l$K$h$j!"967b<T$O(B Cookie $B$KM3Mh$9$k(B
$BG'>ZMQ>pJs$r@`<h$9$k2DG=@-$,$"$j$^$9!#$^$?!"B>$N967b$r<B9T$9$k2DG=@-$
b$"(B
$B$j$^$9!#(B

42. NetworkActiv Web Server Cross-Site Scripting Vulnerability
BugTraq ID: 14473
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-04
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14473
$BMWLs(B:
NetworkActiv Web Server $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?(B
$B$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@
Z$K(B
$B<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$"$
k%5(B
$B%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG
=@-(B
$B$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

43. PortailPHP Index.PHP SQL Injection Vulnerability
BugTraq ID: 14474
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-04
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14474
$BMWLs(B:
Portail PHP $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K(B
$B%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$N967b$K$h$k1F6A$O!"A`:n$5$l$k%/%(%j$N7A<0$d%G!<%?%Y!<%9$N<BAu$K$h$
j0[(B
$B$J$j$^$9!#(B

Portail PHP 2.4 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B
$B$3$N>pJs$,@53N$G$J$$$H$$$&L7=b$9$kJs9p$b$"$j$^$9!#(B

44. McDATA E/OS Remote Denial Of Service Vulnerability
BugTraq ID: 14475
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-04
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14475
$BMWLs(B:
McDATA $B$N(B Sphereon Fabric Switch 4300 $B$H(B 4500$B!"$*$h$S(B Intrepid Director
Switch 6064 $B$H(B 6140$B$K$O!"(B6.0.0 $B$h$jA0$N%P!<%8%g%s$N(B E/OS $B$r<B9T$9$k$H$-!"(B
$B%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#$3$NL
dBj(B
$B$O!"%M%C%H%o!<%/$N%V%m!<%I%-%c%9%H%9%H!<%`$,E,@Z$K=hM}$5$l$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B%9%H%l!<%8$K(B SAN $B$r;HMQ$9$k%[%9%H$O!"IUB0$N%9%H%l!<%8$K40A4$K%"%/%;%9$G(B
$B$-$J$/$J$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BSAN $B$K@\B3$9$k@x:_E*$KB??t$N%5!<%P$KBP$9$k%9%H%l!<%8%5!<%S%9(B
$B$N5qH]$r967b<T$,F1;~$K0z$-5/$3$9$3$H$r5v$7$F$7$^$$$^$9!#(B

E/OS 6.0.0 $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

45. Microsoft August Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 14476
$B%j%b!<%H$+$i$N:F8=@-(B: $BITL@(B
$B8xI=F|(B: 2005-08-04
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14476
$BMWLs(B:
Microsoft $B$O!"(B2005 $B7n(B 8 $B7n(B 9 $BF|$K%;%-%e%j%F%#>pJs$r(B 6 $B7o%j%j!<%9$9$kM=Dj(B
$B$G$"$k$H$N;vA0DL9p$r=P$7$^$7$?!#(B

$B$3$l$i$O$9$Y$F!"(BMicrosoft Windows $B$NLdBj$r2r7h$9$k$?$a$N%;%-%e%j%F%#>pJs(B
$B$G$9!#(B

46. Linux Kernel XFRM Array Index Buffer Overflow Vulnerability
BugTraq ID: 14477
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14477
$BMWLs(B:
Linux Kernel $B$K$O!"G[Ns$N;X?t$G%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?%G!<%?$NBEEv@-3NG'$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#$3$NLdBj$O!"(BXFRM $B$H$$$&%M%C%H%o!<%/%"!<%-%F%/%A%c$N(B
$B%3!<%I$G0z$-5/$3$5$l$^$9!#(B

$B967b$,@.8y$9$k$H!"%m!<%+%k$N967b<T$,%*!<%P!<%U%m!<$r0z$-5/$3$7$F%a%b%
j$r(B
$BGK2u$7!"%5!<%S%9ITG=>uBV$r>7$/$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#G
$0U(B
$B$N%3!<%I$,<B9T$5$l$k2DG=@-$b$"$j$^$9$,!"$3$l$K$D$$$F$OL$8!>Z$G$9!#(B

Linux Kernel 2.6.x $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

47. Comdev ECommerce Config.PHP Remote File Include Vulnerability
BugTraq ID: 14478
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14478
$BMWLs(B:
Comdev eCommerce $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9
T$5(B
$B$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

Comdev eCommerce 3.0 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$(B
$B$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

48. Comdev eCommerce WCE.Download.PHP Directory Traversal Vulnerability
BugTraq ID: 14479
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14479
$BMWLs(B:
Comdev eCommerce $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^(B
$B$9!#(B

$B%j%b!<%H$NG'>Z$5$l$F$$$J$$%f!<%6$O!"(BWeb $B%"%W%j%1!<%7%g%s$N%k!<%H%Q%9$KBP(B
$B$7$F%G%#%l%/%H%j%H%i%P!<%5%kJ8;zNs(B '../' $B$r;HMQ$9$k$3$H$G!"G$0U$N%m!<%+(B
$B%k%U%!%$%k$NFbMF$r3+<($9$k$3$H$,2DG=$G$9!#$3$NLdBj$,MxMQ$5$l$k$H!"5!L
)@-(B
$B$,<:$o$l$k2DG=@-$,$"$j$^$9!#(B

49. Microsoft Windows Unspecified Remote Arbitrary Code Execution Vulnerability
BugTraq ID: 14480
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14480
$BMWLs(B:
Microsoft Windows $B$O!"%j%b!<%H$+$iG$0U$N%3!<%I$r<B9T2DG=$JL$FCDj$NLdBj$N(B
$B1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%j%b!<%H$NG'>Z$5$l$F$$$J$$967b<T$,!"%f!<%6$N%$%s%?%i%/%F%
#%V(B
$B$JA`:n$r9T$o$:$KLdBj$N$"$k%3%s%T%e!<%?$K%"%/%;%9$9$k$3$H$r5v$7$F$7$^$
&2D(B
$BG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$O!"I,MW$H$J$k%f!<%6$K$h$kA`:n$J$7$KMxMQ$5$l$k$?$a!"0-0U$"$k%
3!<(B
$B%I$N<+8JEAGE$,=uD9$5$l$k2DG=@-$,$"$k$HJs9p$5$l$F$$$^$9!#(BSYSTEM $B%l%Y%k$N(B
$B6<0R$,>7$+$l$k2DG=@-$b$"$k$H?d;!$5$l$^$9!#(B

$B>\:Y$,ITL@$J$?$a!"99$J$k>pJs$O8=;~E@$G$ODs6!$5$l$F$$$^$;$s!#>\:Y$,8x3
+$5(B
$B$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

50. Jax PHP Scripts Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14481
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14481
$BMWLs(B:
Jax PHP $B%9%/%j%W%H$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$N(B
$B1F6A$r<u$1$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM
}$,(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$
9$k(B
$B2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N96(B
$B7b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

51. Jax PHP Scripts Multiple Remote Information Disclosure Vulnerabilities
BugTraq ID: 14482
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14482
$BMWLs(B:
Jax PHP $B%9%/%j%W%H$K$O!"%j%b!<%H$+$i>pJs$r3+<(2DG=$JJ#?t$NLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$O!"=EMW$J>pJs$d8"8B$rI,MW$H$9$k>pJs$X$N%"%/%;%9$rG'$a$kA
0$K!"(B
$B%"%/%;%9$NBEEv@-3NG'$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"<WCG$5$l$F$$$k%f!<%6$d!"(BWeb $B%5%$%H$K9W8%(B
$B$9$k%f!<%6$N(B IP $B$r<hF@$G$-$^$9!#(BWeb $B%5%$%H$K9W8%$9$k%f!<%6$K$O!"@A4j=q$K(B
$B=pL>$7$?%f!<%6!"(Bformmail $B$r;HMQ$7$F%a%C%;!<%8$rAw?.$7$?%f!<%6!"%a%C%;!<(B
$B%8$r4s9F$7$?%f!<%6!"$*$h$S%j%s%/$rDs0F$7$?%f!<%6$,4^$^$l$^$9!#(B

52. FlatNuke Multiple Cross Site Scripting Vulnerabilities
BugTraq ID: 14483
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14483
$BMWLs(B:
FlatNuke $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N(B Web $B%V%i%&%6$K(B
HTML $B$d%9%/%j%W%H%3!<%I$r<B9T$G$-$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>Z(B
$BMQ>pJs$,@`<h$5$l$k2DG=@-$,$"$j$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$
"$j(B
$B$^$9!#(B

53. PHPOpenChat Multiple HTML Injection Vulnerabilities
BugTraq ID: 14484
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14484
$BMWLs(B:
PHPOpenChat $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$
G;H(B
$BMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG=@-$
b$"(B
$B$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

54. FlatNuke User Data Arbitrary PHP Code Execution Vulnerability
BugTraq ID: 14485
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14485
$BMWLs(B:
FlatNuke $B$O!"G$0U$N(B PHP $B%3!<%I$r<B9T2DG=$JLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj(B
$B$O!"%f!<%6EPO?;~$K%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"%f!<%6%G!<%?$N0lIt$H$7$FG$0U$N(B PHP $B%3!<%I$r(B
$B;XDj$G$-$^$9!#$3$l$K$h$j!"967b<T$O3JG<$5$l$F$$$k%U%!%$%k$r8F$S=P$7!"
(BWeb
$B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%3%a%s%H$,DI2C$5$l$F$$$J$
$%3!<(B
$B%I$r<B9T$G$-$^$9!#$3$l$O!"%P%C%/%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$r;n$
_$k(B
$B$?$a$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#(B

55. Lantronix Secure Console Server SCS820/SCS1620 Multiple Local Vulnerabilities
BugTraq ID: 14486
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14486
$BMWLs(B:
Lantronix Secure Console Server SCS820/SCS1620 $B%G%P%$%9$K$O!"%m!<%+%k$G(B
$BMxMQ2DG=$JJ#?t$NLdBj$,B8:_$9$k2DG=@-$,$"$j$^$9!#(B

$BBh(B 1 $B$K!"%G%U%)%k%H$N%Q!<%_%C%7%g%s$N%;%-%e%j%F%#$,E,@Z$G$J$$LdBj$,B8:_(B

$B$7$^$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"4IM}<T8"8B$GG$0U$N%U%!%$%k$K%G!<%
?$r(B
$B=q$-9~$`2DG=@-$,$"$j$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#
(B

$BBh(B 2 $B$K!"%3%^%s%I%i%$%s%$%s%?%U%'!<%9$K$*$1$k%G%#%l%/%H%j%H%i%P!<%5%k$N(B

$BLdBj$,B8:_$7$^$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"%P%C%/%(%s%I$N%*%Z%l!<%
F%#(B
$B%s%0%7%9%F%`$KIT@5$K%"%/%;%9$9$k2DG=@-$,$"$j$^$9!#(B

$BBh(B 3 $B$K!"%3%^%s%I%i%$%s%$%s%?%U%'!<%9$K$*$1$k8"8B>:3J$NLdBj$,B8:_$7$^$9!#
(B
$B%G%P%$%9$KBP$7$F(B 'sysadmin' $B%"%/%;%9$r<B9T$G$-$k%f!<%6$O!"%3%^%s%I%i%$%s(B
$B%$%s%?%U%'!<%9$r%(%9%1!<%W$7!"%P%C%/%(%s%I$N%*%Z%l!<%F%#%s%0%7%9%F%`$
G4I(B
$BM}<T8"8B$r<hF@$G$-$^$9!#(B

$B:G8e$K!"(B'edituser' $B%P%$%J%j$N%P%C%U%!%*!<%P!<%U%m!<$NLdBj$,B8:_$7$^$9!#(B
$B967b<T$O$3$NLdBj$rMxMQ$7$F!"4IM}<T8"8B$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k2
DG=(B
$B@-$,$"$j$^$9!#(B

4.4 $B$h$jA0$N%U%!!<%`%&%'%"$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p
(B
$B$5$l$F$$$^$9!#(B

56. EMC Navisphere Manager Directory Traversal And Information Disclosure Vulnerabilities
BugTraq ID: 14487
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14487
$BMWLs(B:
EMC Navisphere Manager $B$O!"%G%#%l%/%H%j%H%i%P!<%5%k$*$h$S>pJs3+<($NLdBj(B
$B$N1F6A$r<u$1$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$NG'>Z$5$l$F$$$J$$%f!<%6$O!"%G%#%l%/%H%j%H%i%P!<%5%kJ8;zNs(B
'../'
$B$r;HMQ$9$k$3$H$G!"G$0U$N%m!<%+%k%U%!%$%k$NFbMF$r3+<($9$k$3$H$,2DG=$G$
9!#(B
$B$^$?967b<T$O!"%j%/%(%9%H$NKvHx$K(B '.' $B$rDI2C$9$k$3$H$K$h$jG$0U$N%G%#%l%/(B
$B%H%j$NFbMF$r<hF@$G$-$^$9!#$3$l$i$NLdBj$,MxMQ$5$l$k$H!"5!L)@-$,<:$o$l!
">p(B
$BJs$,3+<($5$l$k2DG=@-$,$"$j$^$9!#(B

57. Acunetix Web Vulnerability Scanner Remote Denial of Service Vulnerability
BugTraq ID: 14488
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14488
$BMWLs(B:
Acunetix Web Vulnerability Scanner $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9(B
$BITG=>uBV$K4Y$kLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"%"%W%j%1!<%7%g%s$N(B
Web
$B%9%K%U%!%3%s%]!<%M%s%H$K1F6A$7$^$9!#(B

$B967b<T$O!"2?$i$+$NJ}K!$K$h$j%5!<%P$r@)8f2<$KCV$$$?$j!"%M%C%H%o!<%/$K5
6B$(B
$B$7$?%H%i%U%#%C%/$rAw?.$7$?$j$9$k$3$H$K$h$j!"$3$NLdBj$rMxMQ$G$-$^$9!#9
67b(B
$B$,@.8y$9$k$H!"%j%=!<%9$,>CLW$7$F%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$^$
9!#(B

Acunetix Web Vulnerability Scanner 2.0 $B$K$*$$$F!"LdBj$N1F6A$r<u$1$^$9!#(B
$B$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

58. PHP-Fusion Messages.PHP SQL Injection Vulnerability
BugTraq ID: 14489
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14489
$BMWLs(B:
PHP-Fusion $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,(B 'messages.php' $B%9%/%j%W%H$K;XDj$7$?F~NOCM$r(B SQL $B%/(B
$B%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

III.SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Microsoft's "monkeys" find first zero-day exploit
$BCx<T(B: Robert Lemos
Microsoft $B$O!"<B;\Cf$N(B HoneyMonkey $B%W%m%8%'%/%H$G(B Windows $B%3%s%T%e!<%?$K(B
$B$D$$$F(B 750 $B$rD6$($k967b%W%m%0%i%`$rH/8+$7$F$$$^$9!#$3$NCf$K$O!"L$8x3+$N(B
$BLdBj$rMxMQ$7$?967b$b4^$^$l$F$$$^$9!#(B

http://www.securityfocus.com/news/11273

2. Annual hacking game teaches security lessons
$BCx<T(B: Robert Lemos
$B%O%C%-%s%0$K$D$$$F$N2q5D$G$"$k(B DEF CON $B$G<B;\$5$l$?!V(BCapture the Flag$B!W(B
$B%2!<%`$G$O!"%O%C%-%s%0$N%9%-%k$rB,$k<jCJ$H$7$F%3!<%I4F::$N=EMW@-$,6/D
4$5(B
$B$l$^$7$?!#$5$i$K!";22C<T$OJ*M}E*$J%;%-%e%j%F%#$H6&$K967b$dKI1R$N6Q9U$
K$D(B
$B$$$F$b9MN8$7$J$1$l$P$J$j$^$;$s$G$7$?!#(B

http://www.securityfocus.com/news/11269

3. Exploit writers team up to target Cisco routers
$BCx<T(B: Robert Lemos
$B%;%-%e%j%F%#LdBj$rH/8+<T$K$h$k:G6a$N$"$kH/I=$r5Q2<$7$h$&$H$7$?(B Cisco $B<R(B
$B$KJ"$rN)$F$?%;%-%e%j%F%#8&5f<T$*$h$S%O%C%+!<C#$O!"$3$N5pBg$J%M%C%H%o!
<%/(B
$B4k6H%8%c%$%"%s%H$N%$%s%?!<%M%C%H@=IJ$rI8E*$H$7$?967b$N:F8=$*$h$S3HBg$
rL\(B
$BO@$s$G$$$^$9!#(B

http://www.securityfocus.com/news/11263

4. Reading, rooting, 'rithmetic: Preschoolers learn programming
$BCx<T(B: Robert Lemos
$B$H$"$k650i@lLg2H$O!";R6!$?$A$NAOB$@-$H5;=Q=,F@$r6/2=$9$k$?$a$K$O!"="3
XA0(B
$B$+$i%3%s%T%e!<%?%W%m%0%i%_%s%0$*$h$S%O%C%-%s%0$N5;=Q$r65$($k$Y$-$G$"$
k$H(B
$BO@$8$F$$$^$9!#(B

http://www.securityfocus.com/news/11262

5. ID theft automated using keylogger Trojan
$BCx<T(B: John Leyden
$B%9%Q%$%&%'%"BP:v$N8&5f<T$O!"%-!<%m%,!<$r;HMQ$9$kBg5,LO$J(B ID $B@`Ep$rFM$-;_(B
$B$a$^$7$?!#(B

http://www.securityfocus.com/news/11274

6. Former 'Spam King' pays MS $7m to settle lawsuit
$BCx<T(B: John Leyden
$B%9%Q%`2&(B Scott Richter $B$O!"H?%9%Q%`AJ>Y$G(B Microsoft $B$X$N(B 700 $BK|%I%k$NOB(B
$B2r6b;YJ'$$$K9g0U$7$^$7$?!#(B

http://www.securityfocus.com/news/11275

7. Microsoft quells Vista virus concerns
$BCx<T(B: John Leyden
Microsoft $B$O!"<!4|%*%Z%l!<%F%#%s%0%7%9%F%`$G$"$k(B Windows Vista $B$K$O?7$7(B
$B$$%9%/%j%W%H%D!<%k$,F1:-$5$l$J$$$3$H$rG'$a$^$7$?!#(B

http://www.securityfocus.com/news/11271

8. OS exploits are 'old hat'
$BCx<T(B: John Leyden
Black Hat $B2q5D$G(B Michael Lynn $B$,H/I=$7$?(B Cisco $B%-%C%H$N%;%-%e%j%F%#$NLd(B
$BBj$O!"%M%C%H%o!<%/%Y%s%@A4HL$K$D$$$F$bEv$F$O$^$kLdBj$G$9!#(B

http://www.securityfocus.com/news/11272

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html
0?l *?H?÷
?]0?Y10 +0 *?H?÷
?
û0?0?k9ÊT?þP"2þ2ÙÛû?0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
180518235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
?÷Îv\«??Ü?o49]?>kr,áÇ¢{@)¹x?ºLÅ£j^?n{ãòAf¾û®¢Î?ó¢4?´²¶$òåÕàÈåbm?{Ë¾»?|WÊð7©¯?î¾(?Ù&v ÍÄNð®Õ¾¯WjÐ BBBô
Ì¥x??&8?G0?0?kLÇêª?>qÓ?ø=:???0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
280801235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
©OÃ
Çg¾,ËÙ¨Í-uç~?;rë~ë\- ?Ökm`|å®Å#\JÐ¯±]óÇ¶
Ûà?
Ý¼Çv?µÝOÃ?u¸ÀæÉ[k¥¸?Ü¬¤ÝríN¡÷O¼ÓêÈdt{Â?A?esXñ?<j±?ÉÄ?¼ÏEmEân"?þ¼1\
èòÙ0?¶0? %îs<û ?U??{?í¿0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
020404000000Z
070403235959Z0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0?0
*?H?÷
0?¼+þîO×ùútüoÃøÊ?(v'È4 Ëªr-Éö?~?hòKïÉÿo½?îÓ??ÿ¨þîhU°¼ð°óåNhfisµ:V÷^uæo;êâd'\`?ÝÛ+·¼¶ª¡$)¯t¦?¯GöÕK~,e3îÛ¥<
KCp?ÙÙÂ??Äø(£¤0¡0Uÿ0ÿ0FU ?0=0;`?H?øE0,0*+https://www.verisign.co.jp/rpa0U
ÿ0 `?H?øB0 U0¤010UC1C2-1-40
*?H?÷
\?Ïh??¿ÏÓ_n²N>?Qs?e¢w ~ü v1?ÿîv4YVÊæGèãTÓÈ?Î?«bMo]?¸¢±?_K??Çó[m³#ÕcÑU*¿þ·ÄUò´o:?¿ê§q^/=¯?
?òt)ÿÌõ
?¬ÕÕ?ô÷7ªÔ?pd{0?10?? d2?7Åw?É??¹?b?ñ0
*?H?÷
0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0
050331000000Z
060331235959Z0ü10U
VeriSign Japan K.K.10UISP Service CA1503U,Terms of use at www.verisign.co.jp/rpa (c)011806U/Service Name - 5BF88D474BD2A6D3E7E073163F0C4D1210UHitachijoho10UTsuneo Ogasawara1!0 *?H?÷
t.ogaswr (at) lac.co (dot) jp0 [email concealed]?0
*?H?÷
0?¿*E´\2ÅÍóDíÐÏÇ~?+Ü=Ù&-u4)~è§ÊÇ2ÉnAàÙWÍØoÓÐûÊfÚq³.?³¥Hë¼ÀÚ×?!0¯6iÚ??±?rÙDÏdA[?Ùî?´q\~ãè?ú¨
Ä»ù?oÊi1¶+_ãr?#??>¥þ?IÁeA£ä0á0 U00EU >0<0:
`?H?øE0,0*+https://www.verisign.co.jp/rpa0U 0
`?H?øB?0ZUS0Q0O M K?Ihttp://onsitecrl.verisign.co.jp/VeriSi
gnJapanKKISPServiceCA/LatestCRL.crl0
`?H?øE ÿ0
*?H?÷
TMÎ¤©ýäøpßËµ"òÎ©,ÍË¶Q??`puÏ?¥?F?ÿ¬ãÅz?¸íñ²Oð)ô2ð$³q?âüý |øu
ßx©?Ì0³Jçjñ^9?^ p('?öC¦^ã=?øîÍ?&´ª.àTaxz4ÓÄÇ«<v?òY³QúÄ1?90?50Þ0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CAd2?7Åw?É??¹?b?ñ0 + ±0 *?H?÷
1 *?H?÷
0 *?H?÷
1
051209082800Z0# *?H?÷
1p?¸ [qz;qíÓ?eýu?v0R *?H?÷
1E0C0
*?H?÷
0*?H?÷
?0+0
*?H?÷
@0
*?H?÷
(0
*?H?÷
?BÄ0ëÊQ¬ÇmÅ Öre:ç!.GÙ
P_r?b5ÂlíÊÿEWãÑINx-?L8&ÿZì[_( ??¢éý¶5ÏÙ£Cz=KÈ[eq?^?¢ðv~·,÷®Ã6àqA? {ov?>
©? ,/ÁQµ½?ÄÜÕ&??^

[ reply ]