SecurityFocus

SecurityFocus Newsletter #314 2005-08-29->2005-09-02 Dec 21 2005 11:19AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 314 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Wed, 07 Sep 2005 14:30:16 -0600
Message-ID: <431F4DD8.1030408 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #314
-----------------------------

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Exploiting Cisco with FX
2. A changing landscape
3. A new way to bypass Windows heap protections
II. BUGTRAQ SUMMARY
1. PHPMyAdmin Cookie.Auth.Lib.PHP HTML Injection Vulnerability
2. PHPMyAdmin Error.PHP Cross-Site Scripting Vulnerability
3. SqWebMail HTML Email IMG Tag Script Injection Vulnerability
4. Land Down Under Signature HTML Injection Vulnerability
5. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
6. PHPWebNotes Api.PHP Remote File Include Vulnerability
7. Simple PHP Blog Comment_Delete_CGI.PHP Directory Traversal Vulnerability
8. MyBB Member.PHP SQL Injection Vulnerability
9. Land Down Under Multiple SQL Injection Vulnerabilities
10. AutoLinks Pro Al_initialize.PHP Remote File Include Vulnerability
11. PHP-Fusion BBCode URL Tag Script Injection Vulnerability
12. Cosmoshop Multiple SQL Injection Vulnerabilities
13. BFCommand & Control Server Manager Multiple Remote Vulnerabilities
14. Hesk Admin.PHP Authentication Bypass Vulnerability
15. UMN Gopher Client Remote Buffer Overflow Vulnerability
16. PHPLDAPAdmin Unauthorized Access Vulnerability
17. PHPLDAPAdmin Welcome.PHP Multiple Vulnerabilities
18. Maildrop Lockmail Local Privilege Escalation Vulnerability
19. BlueWhaleCRM AccountID SQL Injection Vulnerability
20. FreeStyle Wiki Arbitrary Perl Command Execution Vulnerability
21. e107 Forum_post.PHP Arbitrary Post Creation Vulnerability
22. BNBT EasyTracker Remote Denial Of Service Vulnerability
23. Novell Netware CIFS.NLM Denial of Service Vulnerability
24. FlatNuke ID Parameter Directory Traversal Vulnerability
25. Greymatter Gm.CGI HTML Injection Vulnerability
26. FlatNuke USR Parameter Cross-Site Scripting Vulnerability
27. Indiatimes Messenger Remote Buffer Overflow Vulnerability
28. DameWare Mini Remote Control Server Pre-Authentication Username Buffer Overflow Vulnerability
29. Symantec LiveUpdate Client Local Information Disclosure Vulnerability
30. CMS Made Simple Lang.PHP Remote File Include Vulnerability
31. Barracuda Spam Firewall IMG.PL Remote Directory Traversal Vulnerability
32. Frox Arbitrary Configuration File Access Vulnerability
33. Barracuda Spam Firewall IMG.PL Remote Command Execution Vulnerability
34. DownFile Multiple Cross-Site Scripting Vulnerabilities
35. DownFile Administrator Unauthorized Access Vulnerability
36. 3Com Network Supervisor Directory Traversal Vulnerability
37. SILC Server Insecure Temporary File Creation Vulnerability
38. Multiple Vendor Web Vulnerability Scanners HTML Injection Vulnerability
39. Novell NetMail Remote IMAP Heap Buffer Overflow Vulnerability
40. Linux Kernel ZLib Local Null Pointer Dereference Denial of Service Vulnerability
41. Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
42. PolyGen Local Denial of Service Vulnerability
43. WhitSoft Development SlimFTPd Remote Denial of Service Vulnerability
44. GBook Multiple Unspecified Cross-Site Scripting Vulnerabilities
45. OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
46. PBLang Bulletin Board System Multiple Remote Vulnerabilities
47. OpenSSH GSSAPI Credential Disclosure Vulnerability
48. FileZilla FTP Client Hard-Coded Cipher Key Vulnerability
49. Squid Proxy SSLConnectTimeout Remote Denial Of Service Vulnerability
50. Plain Black Software WebGUI Remote Perl Command Execution Vulnerabilities
III. SECURITYFOCUS NEWS
1. Big debate over small packets
2. Katrina's destruction attracts online fraudsters
3. Hidden-code flaw in Windows renews worries over stealthly malware
4. Zotob suspects arrested in Turkey and Morocco
5. E-banking security provokes fear or indifference
6. Trusted Computing standards won't apply to Vista - Schneier
7. Hi-tech no panacea for ID theft woes
8. HP warns over OpenView flaw

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------

II.BUGTRAQ SUMMARY
--------------------
1. PHPMyAdmin Cookie.Auth.Lib.PHP HTML Injection Vulnerability
BugTraq ID: 14674
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14674
$BMWLs(B:
phpMyAdmin $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%=%U%H%&%'%"$N@55,%f!<%6$+$i(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$r@`(B
$B<h$9$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$j$^$9!#$^$?$=$NB>$N967b$H$7$F!"$3$NL
dBj(B
$B$K$h$j%=%U%H%&%'%"$r%[%9%H$9$k%5%$%H$KG$0U$N%3%s%F%s%D$,A^F~$5$l$k967
b$,(B
$B9T$o$l$k2DG=@-$b$"$j$^$9!#(B

2. PHPMyAdmin Error.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14675
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-28
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14675
$BMWLs(B:
phpMyAdmin $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%=%U%H%&%'%"$N@55,%f!<%6$+$i(B Cookie $B$KM3Mh$9$kG'>ZMQ>pJs$r@`(B
$B<h$9$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$j$^$9!#0-0U$"$k(B HTML $B$d%9%/%j%W%H%3!<%I(B
$B$r4^$`(B URI $B%j%s%/$rI8E*%f!<%6$,%/%j%C%/$9$k$3$H$,967b$r9T$&$?$a$KI,MW$H(B
$B$J$j$^$9!#(B

3. SqWebMail HTML Email IMG Tag Script Injection Vulnerability
BugTraq ID: 14676
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14676
$BMWLs(B:
SqWebMail $B$O!"%j%b!<%H$N967b<T$,%f!<%6$N%V%i%&%6$KG$0U$N%9%/%j%W%H%3!<%I(B
$B$rA^F~$7$F<B9T$9$k$3$H$r5v$7$F$7$^$&LdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$K$h$j%f!<%6$NG'>ZMQ>pJs$,@`<h$5$l$k$?$a!"%;%C%7%g%s%O%$%8%c%
C%/(B
$B$J$I$N$5$^$6$^$J967b$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

SqWebMail 5.0.4 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#$=$N(B
$BB>$N%P!<%8%g%s$bLdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

4. Land Down Under Signature HTML Injection Vulnerability
BugTraq ID: 14677
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14677
$BMWLs(B:
Land Down Under $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$
kA0(B
$B$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

5. FUDforum Avatar Upload Arbitrary Script Upload Vulnerability
BugTraq ID: 14678
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14678
$BMWLs(B:
FUDforum $B$K$O!"%j%b!<%H$+$iG$0U$N(B PHP $B%U%!%$%k$,%"%C%W%m!<%I$5$l$k5?$$$,(B
$B$"$j$^$9!#(B

$B967b<T$O!"%$%a!<%8%U%!%$%k$K%9%/%j%W%H%U%!%$%k$r4^$a$FLdBj$N$"$k%5!<%
P$K(B
$B%"%C%W%m!<%I$9$k$3$H$,2DG=$G$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$+$iIT@5$K%"%/%;%9$5$l$k>l9g$,$"$j$^$9!#(B

FUDforum 2.7.1 $B$h$j$bA0$N%P!<%8%g%s$,1F6A$r<u$1$^$9!#8=;~E@$G(B Symantec
$B$O!"(B2.7.1 $B$,F1MM$K1F6A$r<u$1$k$+$I$&$+$K$D$$$F$O8!>Z$G$-$F$$$^$;$s!#(B

6. PHPWebNotes Api.PHP Remote File Include Vulnerability
BugTraq ID: 14679
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14679
$BMWLs(B:
phpWebNotes $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#(B

hpWebNotes $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k2DG=@-$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h(B
$B$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

7. Simple PHP Blog Comment_Delete_CGI.PHP Directory Traversal Vulnerability
BugTraq ID: 14681
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14681
$BMWLs(B:
Simple PHP Blog $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%H(B
$BFb$GLdBj$N$"$k%7%9%F%`>e$NG$0U$N%U%!%$%k$r:o=|$9$k2DG=@-$,$"$j$^$9!#
(B

8. MyBB Member.PHP SQL Injection Vulnerability
BugTraq ID: 14684
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14684
$BMWLs(B:
MyBB $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"(B
$B%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$
7$^(B
$B$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

9. Land Down Under Multiple SQL Injection Vulnerabilities
BugTraq ID: 14685
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14685
$BMWLs(B:
Land Down Under $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

10. AutoLinks Pro Al_initialize.PHP Remote File Include Vulnerability
BugTraq ID: 14686
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14686
$BMWLs(B:
AutoLinks Pro $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

11. PHP-Fusion BBCode URL Tag Script Injection Vulnerability
BugTraq ID: 14688
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14688
$BMWLs(B:
PHP-Fusion $B$K$O!"%9%/%j%W%H$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$
3$H(B
$B$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

12. Cosmoshop Multiple SQL Injection Vulnerabilities
BugTraq ID: 14689
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14689
$BMWLs(B:
Cosmoshop $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O!"$$$/$D$+$N(B CGI $B%9%/%j%W%H$K$*$1$kF~NOCM$N%5%K%?%$%:=hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O(B SQL $B9=J8$rCmF~$9$k<jK!$r;HMQ$7$F4IM}<T8"8B$K$h$k%m%0%$%s$r2sHr(B
$B$9$k$3$H$K$h$j!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$k2DG=@-$,$"$j$^$
9!#(B
$BLdBj$NMxMQ$,@.8y$9$k$H!"LdBj$N$"$k%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%
F%-(B
$B%9%HFb$G40A4$J4IM}<T%"%/%;%9$,<B9T$5$l$F$7$^$$$^$9!#(B

13. BFCommand & Control Server Manager Multiple Remote Vulnerabilities
BugTraq ID: 14690
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14690
$BMWLs(B:
BFCC $B$H(B BFVCC $B%5!<%P%^%M!<%8%c$K$O!"%j%b!<%H$+$iMxMQ2DG=$JJ#?t$N%;%-%e%j(B
$B%F%#LdBj$,B8:_$7$^$9!#(B

$B:G=i$N(B 2 $B$D$NLdBj$O!"%m%0%$%s$r2sHr$5$l$kLdBj$G$9!#$3$l$i$NLdBj$O!"%j%b!<(B
$B%H$NF?L>$N967b<T$,LdBj$N$"$k%5!<%P%W%m%;%9$KBP$9$k%"%/%;%98"8B$r<hF@$
9$k(B
$B$3$H$r5v$7$F$7$^$$$^$9!#(B

3 $BHVL\$NLdBj$O!"%5!<%P%"%W%j%1!<%7%g%s$,@\B3$9$k%/%i%$%"%s%HB&$G%"%/%;%
9(B
$B%3%s%H%m!<%k!"8"8B!"$*$h$S$=$N$[$+$N%3%^%s%I$r<BAu$7$F$7$^$&$H$$$&@_7
W>e(B
$B$NITHw$G$9!#$3$NLdBj$rMxMQ$9$k%j%b!<%H$N967b<T$O!"LdBj$N$"$k%"%W%j%1!
<%7%g(B
$B%s$KBP$9$k40A4$J4IM}%"%/%;%98"8B$r<hF@$9$k$3$H$,2DG=$H$J$j$^$9!#(B

4 $BHVL\$O!"%j%b!<%H$+$i%5!<%S%9ITG=>uBV$K4Y$kLdBj$G$9!#$3$NLdBj$O!"J#?t$
N(B
$B@\B3$,E,@Z$K=hM}$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$l$i$NLdBj$O!"%j%b!<%H$N967b<T$,LdBj$N$"$k%5!<%P%"%W%j%1!<%7%g%s$KB
P$9(B
$B$k4IM}%"%/%;%98"8B$r<hF@$7!"%"%W%j%1!<%7%g%s$X$NJL$N%f!<%6$+$i$N%"%/%
;%9(B
$B$r5qH]$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

14. Hesk Admin.PHP Authentication Bypass Vulnerability
BugTraq ID: 14692
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-29
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14692
$BMWLs(B:
Hesk $B$K$O!"G'>Z$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B%"%W%j%1!<%7%g%s$OM-8z$J%f!<%6L>$H%Q%9%o!<%I$NAH$_9g$o$;$rE,@Z$K8!>Z$
7$J(B
$B$$$?$a!"7k2LE*$K%Q%9%o!<%I$r;XDj$;$:$K4IM}%"%/%;%9$r5v$7$F$7$^$$$^$9!
#(B

$B$3$NLdBj$K$h$j!"=EMW$J%G!<%?$X$N%"%/%;%9!"%X%k%W%G%9%/%G!<%?$d%W%m%0%
i%`(B
$B%3!<%I$N2~$6$s!"$*$h$S$=$NB>$N967b$,9T$o$l$k>l9g$,$"$j$^$9!#(B

15. UMN Gopher Client Remote Buffer Overflow Vulnerability
BugTraq ID: 14693
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14693
$BMWLs(B:
Gopher $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?(B
$B$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?%5!<%P$+$i$N(B '+VIEWS: ' $B1~Ez$r%/%i%$%"%s%H(B
$B$,=hM}$9$k:]$K0z$-5/$3$5$l$^$9!#(B

$B%j%b!<%H$N967b<T$O!"%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%6$N%;%-%e%j%F%#%3%
s%F(B
$B%-%9%H$G%"%/%;%98"8B$rIT@5$K<hF@$9$k2DG=@-$,$"$j$^$9!#(B

Gopher 3.0.9 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#B>$N%P!<(B
$B%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

16. PHPLDAPAdmin Unauthorized Access Vulnerability
BugTraq ID: 14694
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14694
$BMWLs(B:
phpldapAdmin $B$K$O!"K\Mh5v2D$5$l$F$$$J$$%"%/%;%9$,9T$o$l$kLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#$3$NLdBj$O!"(BLDAP $B$N4IM}5!G=$X$N%"%/%;%98"8B$rIUM?$9$kA0(B
$B$K!"%f!<%6$NG'>ZMQ>pJs$NBEEv@-3NG'$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B967b<T$O%5!<%P$KF?L>$G%m%0%$%s$7!"4IM}5!G=$r;HMQ$7$F(B LDAP $B%G!<%?%Y!<%9$r(B
$BJQ99$9$k$3$H$,2DG=$G$9!#(B

17. PHPLDAPAdmin Welcome.PHP Multiple Vulnerabilities
BugTraq ID: 14695
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14695
$BMWLs(B:
phpldapAdmin $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E
,@Z(B
$B$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

phpldapAdmin $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%H(B
$BFb$GLdBj$N$"$k%7%9%F%`>e$NG$0U$N%U%!%$%k$rFI$_=P$9$3$H$,2DG=$G$9!#<hF
@$5(B
$B$l$?>pJs$K$h$j!"%P%C%/%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$,2C$($i$l$k2DG
=@-(B
$B$,$"$j$^$9!#B>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

phpldapAdmin $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^(B
$B$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G(B
$BG$0U$N(B PHP $B%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

phpldapAdmin $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$b$"$j$^(B
$B$9!#967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$
N%9(B
$B%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$k(B
$BG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

18. Maildrop Lockmail Local Privilege Escalation Vulnerability
BugTraq ID: 14696
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-08-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14696
$BMWLs(B:
Lockmail $B$O!"%m!<%+%k$G$N8"8B>:3J$NLdBj$N1F6A$r<u$1$^$9!#(B

$B%m!<%+%k$N967b<T$O!"(Bmail $B%0%k!<%W$N8"8B$GG$0U$N%3%^%s%I$r<B9T$9$k$3$H$,(B
$B2DG=$G$9!#(B

Maildrop 1.5.3 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#$=$NB>$N%P!<%8%g%s$b(B
$B1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

19. BlueWhaleCRM AccountID SQL Injection Vulnerability
BugTraq ID: 14697
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14697
$BMWLs(B:
BlueWhaleCRM $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3(B
$B$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5(B
$B%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

20. FreeStyle Wiki Arbitrary Perl Command Execution Vulnerability
BugTraq ID: 14698
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14698
$BMWLs(B:
FreeStyle Wiki $B$K$O!"G$0U$N%3%^%s%I$,<B9T$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%
3%s(B
$B%F%-%9%HFb$GG$0U$N(B Perl $B%3%^%s%I$r<B9T$9$k$3$H$,2DG=$G$9!#(B

21. e107 Forum_post.PHP Arbitrary Post Creation Vulnerability
BugTraq ID: 14699
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14699
$BMWLs(B:
e107 $B$K$O!"F~NOCM$NBEEv@-3NG'$KLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"
(B
$B%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$
7$^(B
$B$9!#(B

$B$3$NLdBj$rMxMQ$9$k967b$K@.8y$9$k$H!"967b<T$OG$0U$N%U%)!<%i%`$K$*$$$F%
a%C(B
$B%;!<%8$NEj9F:n@.$,2DG=$H$J$j$^$9!#(B

22. BNBT EasyTracker Remote Denial Of Service Vulnerability
BugTraq ID: 14700
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-30
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14700
$BMWLs(B:
BNBT EasyTracker $B$N(B HTTP $B2r@O%3!<%I$K$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$,B8(B
$B:_$7$^$9!#$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?(B HTTP $BMW5a$,E,@Z$K=hM}$5$l$J$$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$,0U?^E*$K:n@.$7$?(B HTTP $BMW5a$r%"%W%j%1!<%7%g%s$KAw?.$9$k$H!"LdBj$N(B
$B$"$k%"%W%j%1!<%7%g%s$GM=4|$;$L%(%i!<$,H/@8$7!"=*N;$7$F$7$^$&$3$H$,%l%
]!<(B
$B%H$K$h$j<(:6$5$l$F$$$^$9!#(B

$B%j%b!<%H$N967b<T$O%"%W%j%1!<%7%g%s$r=*N;$5$;!"@55,%f!<%6$X$N%5!<%S%95
qH](B
$B$r>7$/$3$H$,2DG=$G$9!#(B

23. Novell Netware CIFS.NLM Denial of Service Vulnerability
BugTraq ID: 14701
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14701
$BMWLs(B:
Netware CIFS.NLM $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?(B
$B$$$,$"$k$3$H$,Js9p$5$l$F$$$^$9!#(B

$BJs9p$K$h$k$H!"(BW32.Randex.CCC $B%o!<%`$,0[>o=*N;$KM3Mh$9$k%5!<%S%9ITG=>uBV(B
$B$r>7$/$3$NLdBj$r0z$-5/$3$7$^$9!#(B

NetWare 5.1$B!"(B6.0$B!"(B6.5 SP2 $B$*$h$S(B 6.5 SP3 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1(B
$B$^$9!#(B

24. FlatNuke ID Parameter Directory Traversal Vulnerability
BugTraq ID: 14702
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14702
$BMWLs(B:
FlatNuke $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$BG'>Z$5$l$F$$$J$$%f!<%6$O!"%G%#%l%/%H%j;2>H$K4X$9$kJ8;zNs(B '../' $B$rLdBj$N(B
$B$"$k%Q%i%a!<%?$K;XDj$9$k$3$H$G!"G$0U$N%U%!%$%k$rFI$_=P$9$3$H$,2DG=$G$
9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"5!L)@-$,<:$o$l$k2DG=@-$,$"$j$^$9!#<hF@$5$l$?>
pJs(B
$B$K$h$j!"%P%C%/%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$,2C$($i$l$k2DG=@-$,$"$
j$^(B
$B$9!#B>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

25. Greymatter Gm.CGI HTML Injection Vulnerability
BugTraq ID: 14703
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14703
$BMWLs(B:
Greymatter $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$N(B
$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$
K!"(B
$BF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

26. FlatNuke USR Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 14704
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14704
$BMWLs(B:
FlatNuke $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$
$$3(B
$B$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

27. Indiatimes Messenger Remote Buffer Overflow Vulnerability
BugTraq ID: 14705
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14705
$BMWLs(B:
Indiatimes Messenger $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<(B
$B$,H/@8$9$k5?$$$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B967b$,@.8y$9$k$H!"%/%i%$%"%s%H$N%/%i%C%7%e$,%H%j%,$5$l$k!"$"$k$$$OG$0
U$N(B
$B%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#B3$$$F967b<T$O!"%"%W%j%1!<%7%g%s$
r<B(B
$B9T$9$k%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%H$G%j%b!<%H%"%/%;%98"8B$rIT@5$K<
hF@(B
$B$9$k2DG=@-$,$"$j$^$9!#(B

Indiatimes Messenger 6.0 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

28. DameWare Mini Remote Control Server Pre-Authentication Username Buffer Overflow Vulnerability
BugTraq ID: 14707
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14707
$BMWLs(B:
DameWare Mini Remote Control Server $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<(B
$B%P!<%U%m!<$NLdBj$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?%G!<%?$
r=E(B
$BMW$J%W%m%;%9%P%C%U%!$K%3%T!<$9$k:]$K!"6-3&%A%'%C%/$,<:GT$9$k$3$H$KM3M
h$7(B
$B$^$9!#(B

$B%j%b!<%H$N967b<T$O!"LdBj$N$"$k%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9%
HFb(B
$B$GG$0U$N%^%7%s%3!<%I$r<B9T$7!"%7%9%F%`$KBP$9$k6<0R$r>7$/2DG=@-$,$"$j$
^$9!#(B

$B$3$NLdBj$O!"(BBID 9213 (DameWare Mini Remote Control Server
Pre-Authentication Buffer Overflow Vulnerability) $B$G<($5$l$F$$$kLdBj$KN`(B
$B;w$7$F$$$^$9!#$3$NLdBj$O!"LdBj$N$"$k%"%W%j%1!<%7%g%s$K$*$1$k2a5n$NLdB
j$"(B
$B$k$$$O$=$l$K4XO"$9$kLdBj$G$"$k2DG=@-$,$"$j$^$9!#(B

29. Symantec LiveUpdate Client Local Information Disclosure Vulnerability
BugTraq ID: 14708
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-08-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14708
$BMWLs(B:
Symantec LiveUpdate Client $B$O!"%m!<%+%k$G>pJs$,3+<($5$l$kLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#(B

LiveUpdate $B%5!<%P$X$N%"%/%;%9$K;HMQ$5$l$?%5!<%PL>!"(BIP $B%"%I%l%9!"%5%V%M%C(B
$B%H!"%5%V%M%C%H%^%9%/!"@\B3%W%m%H%3%k!"%f!<%6L>!"$*$h$S%Q%9%o!<%I$J$I$
N=E(B
$BMW>pJs$,!"J?J8$N%U%!%$%k$K5-O?$5$l$^$9!#(B

$B%m!<%+%k$N967b<T$O!"B3$$$F$3$N%U%!%$%k$K%"%/%;%9$7$F!"%5!<%P$K%"%/%;%
9$9(B
$B$k$?$a$NG'>ZMQ>pJs$r3+<($9$k$3$H$,2DG=$G$9!#$3$NLdBj$K$h$j!"%5!<%P$X$
N@x(B
$B:_E*$J6<0R$r>7$/$J$I!"$5$^$6$^$J967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!
#(B

30. CMS Made Simple Lang.PHP Remote File Include Vulnerability
BugTraq ID: 14709
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-08-31
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14709
$BMWLs(B:
CMS Made Simple $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N(B PHP $B%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h(B
$B$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

CMS Made Simple .10 $B0JA0$N$9$Y$F$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u(B
$B$1$k$HJs9p$5$l$F$$$^$9!#(B

31. Barracuda Spam Firewall IMG.PL Remote Directory Traversal Vulnerability
BugTraq ID: 14710
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14710
$BMWLs(B:
Barracuda Spam Firewall $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,(B
$B$"$j$^$9!#$3$N%"%W%j%1!<%7%g%s$N(B Web $B%$%s%?%U%'!<%9$,$3$NLdBj$N1F6A$r<u(B
$B$1$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"5!L)@-$,<:$o$l!"967b<T$K$h$jG$0U$N%U%!%$%k$,3
+<((B
$B$5$l$k2DG=@-$,$"$j$^$9!#<hF@$5$l$?>pJs$O!"%P%C%/%(%s%I%7%9%F%`$KBP$7$
F99(B
$B$J$k967b$r;n$_$k$?$a$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#(B

Barracuda Spam Firewall firmware 3.1.17 $B0JA0$K$*$$$F$3$NLdBj$N1F6A$r<u$1$^$9!#(B

32. Frox Arbitrary Configuration File Access Vulnerability
BugTraq ID: 14711
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14711
$BMWLs(B:
Frox $B$K$O!"G$0U$N%U%!%$%k$KFI$_<h$j8"8B$r5v2D$7$F$7$^$&LdBj$,B8:_$9$k5?(B

$B$$$,$"$j$^$9!#(B

$B$3$NLdBj$NMxMQ$K@.8y$9$k$H!"(BFrox$B%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%
9%HFb$G!"(B
$B%7%9%F%`>e$GG$0U$N%U%!%$%k$KBP$9$kFI$_<h$j8"8B$r967b<T$KIUM?$7$F$7$^$
$$^(B
$B$9!#<hF@$5$l$?>pJs$K$h$j!"%P%C%/%(%s%I%7%9%F%`$KBP$7$F99$J$k967b$,2C$
($i(B
$B$l$k2DG=@-$,$"$j$^$9!#B>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

Frox $B$,(B setuid $B$^$?$O(B setgid $B$N8"8B$,IUM?$5$l$F%$%s%9%H!<%k$5$l$F$$$k>l(B
$B9g$N$_!"$3$NLdBj$,MxMQ$5$l$kE@$KN10U$9$Y$-$G$9!#(B

33. Barracuda Spam Firewall IMG.PL Remote Command Execution Vulnerability
BugTraq ID: 14712
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14712
$BMWLs(B:
Barracuda Spam Firewall $B$K$O!"%j%b!<%H$+$iG$0U$N%3%^%s%I$,<B9T$5$l$k5?$$(B
$B$,$"$j$^$9!#(B

$B%f!<%6$,;XDj$7$?%3%^%s%I$,%G%P%$%9$N(B Web $B%$%s%?%U%'!<%9$G=hM}$5$l$k$H$-(B
$B$K!"$3$NLdBj$,H/@8$7$^$9!#(B

$B967b<T$OG$0U$N%3%^%s%I$r;XDj$7$F%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G<
B9T(B
$B$9$k$3$H$,$G$-$^$9!#$3$NLdBj$K$h$j!"IT@5$J%j%b!<%H%"%/%;%9$,0z$-5/$3$
5$l(B
$B$k2DG=@-$,$"$j$^$9!#(B

Barracuda Spam Firewall firmware 3.1.17 $B0JA0$K$*$$$F$3$NLdBj$N1F6A$r<u$1(B
$B$^$9!#(B

34. DownFile Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14713
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14713
$BMWLs(B:
DownFile $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

35. DownFile Administrator Unauthorized Access Vulnerability
BugTraq ID: 14714
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14714
$BMWLs(B:
DownFile $B$K$O!"K\Mh5v2D$5$l$F$$$J$$%"%/%;%9$,9T$o$l$kLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"4IM}5!G=$X$N%"%/%;%98"8B$rIUM?$9$kA0$K!"E,@Z$
KG'(B
$B>Z$,<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"4IM}5!G=$X$N%"%/%;%98"8B$r<hF@$G$-$k$?$a!
"7k(B
$B2L$H$7$F8"8B>:3J$,0z$-5/$3$5$l$^$9!#(B

36. 3Com Network Supervisor Directory Traversal Vulnerability
BugTraq ID: 14715
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14715
$BMWLs(B:
Network Supervisor $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"$j(B
$B$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$O!"(BHTTP GET $BMW5a$GM?$($i$l$?F~NOCM$rE,@Z$K%5%K%?%$(B
$B%:=hM}$7$F$$$^$;$s!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"5!L)@-$,<:$o$l!"G$0U$N%U%!%$%k$,967b<T$K3+<($
5$l(B
$B$k2DG=@-$,$"$j$^$9!#967b$,@.8y$9$k$H!"LdBj$N$"$k%I%i%$%V$K$"$k$9$Y$F$
N%U%!(B
$B%$%k$,3+<($5$l$F$7$^$&E@$KN10U$9$Y$-$G$9!#(B

37. SILC Server Insecure Temporary File Creation Vulnerability
BugTraq ID: 14716
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14716
$BMWLs(B:
SILC Server $B$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$o$l$^$;$s!#(B
$B$3$NLdBj$O!"(B'silcd/silcd.c' $B%U%!%$%k$KB8:_$7$^$9!#(B

$B$3$N967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$k>l9g!"%G!<%?$,GK2u$5$l$k$^$
?$O(B
$B%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,9b$$$H?dB,$5$l$^$9!#$=$NB>$N967b$,<B9T$
5$l(B
$B$k2DG=@-$b$"$j$^$9!#(B

38. Multiple Vendor Web Vulnerability Scanners HTML Injection Vulnerability
BugTraq ID: 14717
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14717
$BMWLs(B:
Web $B@H<e@-%9%-%c%J$N(B N-Stealth $B$*$h$S(B Nikto $B$K$O(B HTML $B%?%0$rA^F~2DG=$JLd(B
$BBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$
K@8(B
$B@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$GG$0U$N(B
HTML
$B$^$?$O%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

39. Novell NetMail Remote IMAP Heap Buffer Overflow Vulnerability
BugTraq ID: 14718
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14718
$BMWLs(B:
Novell NetMail $B$N(B IMAP $B%(!<%8%'%s%H$N(B IMAP $B%3%^%s%I$N(BContinuation $B4X?t$K(B
$B$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%
6$,(B
$B;XDj$7$?%G!<%?$r%5%$%:$,IT==J,$J%a%b%j%P%C%U%!$K%3%T!<$9$kA0$K!"6-3&%
A%'%C(B
$B%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%5!<%P%W%m%;%9$N%;%-%
e%j(B
$B%F%#%3%s%F%-%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"Ev=i(B BID 13926 (Novell NetMail Multiple Remote
Vulnerabilities) $B$G@bL@$5$l$^$7$?!#(B

40. Linux Kernel ZLib Local Null Pointer Dereference Denial of Service Vulnerability
BugTraq ID: 14720
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14720
$BMWLs(B:
Linux Kernel $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"0U(B
$B?^E*$K:n@.$5$l$?05=L%U%!%$%k$,E,@Z$K=hM}$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O!"$3$NLdBj$rMxMQ$7$F%+!<%M%k$r%/%i%C%7%e$5$;!"@55,%f!<%6$X$N%
5!<(B
$B%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(B

41. Apache Mod_SSL SSLVerifyClient Restriction Bypass Vulnerability
BugTraq ID: 14721
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14721
$BMWLs(B:
Apache 2.x $B$N(B mod_ssl $B$K$O!"%;%-%e%j%F%#>e$N@)8B$,2sHr$5$l$kLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#(Bmod_ssl $B$,(B 'SSLVerifyClient' $B%G%#%l%/%F%#%V$H0l=o$K;H(B
$BMQ$9$k$h$&$K@_Dj$5$l$F$$$k>l9g$K!"$3$NLdBj$OH/@8$7$^$9!#(B

$B$3$NLdBj$K$h$j!"967b<T$,%;%-%e%j%F%#%]%j%7$r2sHr$7$F!"M-8z$J%/%i%$%"%
s%H(B
$BG'>ZMQ>pJs$,$J$$>l9g$K$O!"%/%i%$%"%s%H$+$i$N%"%/%;%9$,6X;_$5$l$F$$$k>
l=j(B
$B$K%"%/%;%9$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

42. PolyGen Local Denial of Service Vulnerability
BugTraq ID: 14722
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14722
$BMWLs(B:
PolyGen $B$K$O!"%m!<%+%k$+$i$N967b$G%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#(B

$B%m!<%+%k$N967b<T$O!"%j%=!<%9$r>CHq$7%5!<%S%9ITG=>uBV$K4Y$i$;$k2DG=@-$
,$"(B
$B$j$^$9!#(B

PolyGen 1.0.6 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

43. WhitSoft Development SlimFTPd Remote Denial of Service Vulnerability
BugTraq ID: 14723
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14723
$BMWLs(B:
SlimFTPd $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$ONc30E*$J>u67$N=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B$3$NLdBj$O!"%m%0%$%sCf$KH/@8$7$^$9!#0-0U$N$"$kF~NOCM$,E,@Z$JJ}K!$G=hM
}$5(B
$B$l$J$$$?$a$K!"%5!<%P$,%/%i%C%7%e$7!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$$$
F$7(B
$B$^$$$^$9!#(B

44. GBook Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 14725
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14725
$BMWLs(B:
gBook $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t$NLdBj$,B8:_$9$k(B

$B5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM
}$,(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

45. OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
BugTraq ID: 14727
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14727
$BMWLs(B:
OpenSSH $B$O!"(B'GatewayPorts' $B%*%W%7%g%s$,ITE,@Z$KM-8z2=$5$l$kLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#$3$NLdBj$K$h$j!"K\Mh8"8B$N$J$$%[%9%H$,(B SSH SOCKS $B%W%m(B
$B%-%7$r;HMQ$9$k2DG=@-$,$"$j$^$9!#(B

$BFC$K!"(B'DynamicForward' $B%*%W%7%g%s$,M-8z$K@_Dj$5$l$F$$$k>l9g$O!"(B
'GatewayPorts' $B$,L5>r7o$GM-8z$K$J$j$^$9!#(B

$B$3$NLdBj$O!"%j%b!<%H$N967b<T$,(B SOCKS $B%W%m%-%7$r;HMQ$7$F@_Dj$5$l$F$$$k(B
SSH $B@\B3$r2p$7$FG$0U$N(B TCP $B@\B3$r9T$&$3$H$r5v$7$F$7$^$$$^$9!#$^$?!"0BA4(B
$B$G$"$k$H4V0c$C$F9M$($i$l$F$7$^$&@\B3$K$h$j!"%3%s%T%e!<%?$d%5!<%S%9$KB
P$7(B
$B$F967b$,9T$o$l$F$7$^$$$^$9!#(B

OpenSSH 4.0 $B$*$h$S(B 4.1 $B$K$*$$$F$3$NLdBj$N1F6A$r<u$1$^$9!#(B

46. PBLang Bulletin Board System Multiple Remote Vulnerabilities.
BugTraq ID: 14728
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14728
$BMWLs(B:
PBLang $B$K$O!"%j%b!<%H$+$i<B9T2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$k$HJs9p(B
$B$5$l$F$$$^$9!#(B

2 $B$D$N%"%/%;%98!>Z%(%i!<$K$h$j!"967b<T$,@)8B$5$l$F$$$k%3%s%F%s%D$K%"%/%
;(B
$B%9$7!"G$0U$N%a%C%;!<%8$r:o=|$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

$B$^$?!"JL$NLdBj$O!"967b<T$,%5%$%H$KG$0U$N%9%/%j%W%H%3!<%I$rA^F~$7$F!"4
IM}(B
$BMQ$N%"%+%&%s%H$r:n@.$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

PBLang 4.66z $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj$N1F6A$r<u$1$^$9!#(B

47. OpenSSH GSSAPI Credential Disclosure Vulnerability
BugTraq ID: 14729
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14729
$BMWLs(B:
OpenSSH $B$K$O!"(BGSSAPI $BG'>ZMQ>pJs$,0QG$$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$BFC$K!"%f!<%6$,(B GSSAPI $BG'>Z$r@_Dj$7$F$*$j!"(B'GSSAPIDelegateCredentials' $B$,(B
$BM-8z$K@_Dj$5$l$F$$$k>l9g$O!"(BKerberos $BG'>Z>pJs$,%j%b!<%H%[%9%H$KE>Aw$5$l(B
$B$^$9!#$3$l$O!"%f!<%6$,(B GSSAPI $B0J30$NG'>ZJ}K!$r;HMQ$7$F@\B3$7$?>l9g(B ($B$3$l(B
$B$ODL>oM=4|$5$l$kA`:n$G$O$"$j$^$;$s(B) $B$G$bH/@8$7$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,(B GSSAPI $B$NG'>ZMQ>pJs$KIT@5$K%"%/%;%9$7!"(B
$B$3$NG'>ZMQ>pJs$rMxMQ$7$F!"85$N%W%j%s%7%Q%k$KIUM?$5$l$F$$$k%j%=!<%9$K%
"%/(B
$B%;%9$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

OpenSSH 4.2 $B$h$jA0$N%P!<%8%g%s$,$3$NLdBj$N1F6A$r<u$1$^$9!#(B

48. FileZilla FTP Client Hard-Coded Cipher Key Vulnerability
BugTraq ID: 14730
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-02
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14730
$BMWLs(B:
FileZilla FTP $B%/%i%$%"%s%H$O!"%m!<%+%k$N967b<T$,%f!<%6$N%Q%9%o!<%I$r<hF@(B
$B$7$F%j%b!<%H%5!<%P$K%"%/%;%9$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

$B$3$N%"%W%j%1!<%7%g%s$G$O!"%O!<%I%3!<%I$5$l$F$$$k0E9f%-!<$,%Q%9%o!<%I$
NI|(B
$B9f$K;HMQ$5$l$^$9$,!"$3$N%-!<$O(B XML $B%U%!%$%k$^$?$O(B Windows $B%l%8%9%H%j$KJ](B
$B4I$5$l$^$9!#(B

$B$3$N$?$a!"967b<T$,I8E*%f!<%6$N8"8B$G(B FTP $B%5!<%P$K%"%/%;%9$9$k$3$H$r5v$7(B
$B$F$7$^$$$^$9!#(B

49. Squid Proxy SSLConnectTimeout Remote Denial Of Service Vulnerability.
BugTraq ID: 14731
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14731
$BMWLs(B:
Squid Proxy $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A(B
$B$r<u$1$^$9!#$3$NLdBj$O!"Nc30E*$J%M%C%H%o!<%/MW5a$,E,@Z$K=hM}$5$l$J$$$
3$H(B
$B$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O!"$3$NLdBj$rMxMQ$7$FLdBj$N$"$k(B Squid Proxy $B$r%/%i%C%7%e(B
$B$5$;!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(B

50. Plain Black Software WebGUI Remote Perl Command Execution Vulnerabilities
BugTraq ID: 14732
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-01
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14732
$BMWLs(B:
WebGUI $B$K$O!"G$0U$N(B Perl $B%3%^%s%I$,<B9T$5$l$kLdBj$,B8:_$9$k2DG=@-$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?%G!<%?$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O!"LdBj$N$"$k%"%W%j%1!<%7%g%s$N%[%9%H$H$J$k(B Web $B%5!<%P(B
$B$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N(B Perl $B%3%^%s%I$r<B9T$9$k2DG=@-$,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5$J%j%b!<%H%"%/%;%9$,0z$-5/$3$5$l$^$9!#(B

WebGUI 6.7.3 $B$h$jA0$N%P!<%8%g%s$K$*$$$F$3$NLdBj$N1F6A$r<u$1$^$9!#(B

III.SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Big debate over small packets
$BCx<T(B: Robert Lemos
ICMP $B$N7g4Y$,?<9o$J6<0R$H$J$j$&$k$N$+$H$$$&5DO@$,$R$H2F9T$o$l!"%"%k%<%s(B

$B%A%s$N$"$k8&5f<T$O%$%s%?!<%M%C%H$N5;=Q5,3J5!4X$KBP$7$FLdBj$r=$@5$9$k$
Y$-(B
$B$@$H$9$kH`$NDs0F$r<h$jF~$l$k$h$&$KF/$-$+$1$F$$$^$9!#(B

http://www.securityfocus.com/news/11306

2. Katrina's destruction attracts online fraudsters
$BCx<T(B: Robert Lemos
$BIT?3$J%A%c%j%F%#%5%$%H$+$i%O%j%1!<%s4XO"$NOCBj$rMxMQ$7$?0-0U$N$"$k%3!
<%I(B
$B$^$G!"%K%e!<%*%j%s%:$d%a%-%7%3OQ$r=1$C$?<+A3:R32$H%$%s%?!<%M%C%H>e$N0
-;v(B
$B$rAH$_9g$o$;$FMxMQ$9$k?M4V$,A}$($F$$$^$9!#(B

http://www.securityfocus.com/news/11302

3. Hidden-code flaw in Windows renews worries over stealthly malware
$BCx<T(B: Robert Lemos
$B$$$/$D$+$N%;%-%e%j%F%#%W%m%0%i%`$H%7%9%F%`%f!<%F%#%j%F%#$,%7%9%F%`$NJ
Q99(B
$B$r8!=P$9$kJ}K!$K7g4Y$,$"$k$?$a$K!"%9%Q%$%&%'%"$,HkL)N"$K<B9T$5$l$k$3$
H$r(B
$B5v$7$F$7$^$$!"967b%3!<%I$,5$IU$+$l$:$K<B9T$5$l$kLdBj$,?7$?$KH/@8$7$F$
$$^(B
$B$9!#(B

http://www.securityfocus.com/news/11300

4. Zotob suspects arrested in Turkey and Morocco
$BCx<T(B: Robert Lemos
$B99?7(B: $BEv6I$O!":G6a$N(B Zotob $B%o!<%`$NG[?.$K4XM?$7$?5?$$$G%H%k%3?M$NCK$H%b(B
$B%m%C%3?M$NCK$rBaJa$7$^$7$?!#(B

http://www.securityfocus.com/news/11297

5. E-banking security provokes fear or indifference
$BCx<T(B: John Leyden
Forrester Research $B$N%"%J%j%9%H$N:G6a$N8&5f$K$h$j!"%*%s%i%$%s%P%s%-%s%0(B
$B$N%;%-%e%j%F%#$K$D$$$FAjH?$9$k4Q$+$?$,B8:_$9$k$3$H$,L@$i$+$K$J$C$F$$$
^$9!#(B
$B1Q9q$N(B 11,300 $B?M$N%M%C%H%f!<%6$rBP>]$H$7$?D4::$G!"B?$/$N%*%s%i%$%s%P%s%-(B
$B%s%0$N%f!<%6$,%;%-%e%j%F%#$K$D$$$FK~B-$7$F$$$k0lJ}$G!"%;%-%e%j%F%#$KI
T0B(B
$B$r46$8$F$$$k$3$H$rD>@\$NM}M3$H$7$F%*%s%i%$%s%P%s%-%s%0$rMxMQ$9$k$3$H$
rD|(B
$B$a$?%f!<%6$,>/$J$+$i$:B8:_$7$F$$$k$3$H$,J,$+$j$^$7$?!#(B

http://www.securityfocus.com/news/11305

6. Trusted Computing standards won't apply to Vista - Schneier
$BCx<T(B: John Leyden
$B?.Mj$N$*$1$k%3%s%T%e!<%F%#%s%04D6-$r3+H/$9$k$?$a$KLrN)$D%,%$%I%i%$%s$
N(B
Windows $B$N<!4|%P!<%8%g%s$X$NE,MQ$r(B Microsoft $B<R$Om4m0$7$F$$$k$H!"CxL>$J(B
$B%;%-%e%j%F%#$N@lLg2H$G$"$k(B Bruce Schneier $B$O=R$Y$F$$$^$9!#(B

http://www.securityfocus.com/news/11303

7. Hi-tech no panacea for ID theft woes
$BCx<T(B: John Leyden
$B%F%/%N%m%8$r$5$i$K9bEY2=$7$F(B ID $B$N<hF@$d:>5=$rKI;_$9$k$?$a$N;n$_$O!"5U8z(B
$B2L$K$J$k62$l$,$"$k$H1Q9q$N8&5f<T$O7Y9p$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11304

8. HP warns over OpenView flaw
$BCx<T(B: John Leyden
HP $B@=IJ$G9-HO$K;HMQ$5$l$F$$$k%M%C%H%o!<%/4IM}%9%$!<%H$N%3%s%]!<%M%s%H(B
HP
OpenView $B$K4XO"$9$kLq2p$J@x:_E*$JLdBj$,H/8+$5$l$?$?$a$K!"4k6H%f!<%6$OB.(B
$B$d$+$K2sHr:v$rE,MQ$9$k$3$H$r5a$a$i$l$F$$$^$9!#(B

http://www.securityfocus.com/news/11301

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html
0?l *?H?÷
?]0?Y10 +0 *?H?÷
?
û0?0?k9ÊT?þP"2þ2ÙÛû?0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
180518235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
?÷Îv\«??Ü?o49]?>kr,áÇ¢{@)¹x?ºLÅ£j^?n{ãòAf¾û®¢Î?ó¢4?´²¶$òåÕàÈåbm?{Ë¾»?|WÊð7©¯?î¾(?Ù&v ÍÄNð®Õ¾¯WjÐ BBBô
Ì¥x??&8?G0?0?kLÇêª?>qÓ?ø=:???0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
280801235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
©OÃ
Çg¾,ËÙ¨Í-uç~?;rë~ë\- ?Ökm`|å®Å#\JÐ¯±]óÇ¶
Ûà?
Ý¼Çv?µÝOÃ?u¸ÀæÉ[k¥¸?Ü¬¤ÝríN¡÷O¼ÓêÈdt{Â?A?esXñ?<j±?ÉÄ?¼ÏEmEân"?þ¼1\
èòÙ0?¶0? %îs<û ?U??{?í¿0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
020404000000Z
070403235959Z0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0?0
*?H?÷
0?¼+þîO×ùútüoÃøÊ?(v'È4 Ëªr-Éö?~?hòKïÉÿo½?îÓ??ÿ¨þîhU°¼ð°óåNhfisµ:V÷^uæo;êâd'\`?ÝÛ+·¼¶ª¡$)¯t¦?¯GöÕK~,e3îÛ¥<
KCp?ÙÙÂ??Äø(£¤0¡0Uÿ0ÿ0FU ?0=0;`?H?øE0,0*+https://www.verisign.co.jp/rpa0U
ÿ0 `?H?øB0 U0¤010UC1C2-1-40
*?H?÷
\?Ïh??¿ÏÓ_n²N>?Qs?e¢w ~ü v1?ÿîv4YVÊæGèãTÓÈ?Î?«bMo]?¸¢±?_K??Çó[m³#ÕcÑU*¿þ·ÄUò´o:?¿ê§q^/=¯?
?òt)ÿÌõ
?¬ÕÕ?ô÷7ªÔ?pd{0?10?? d2?7Åw?É??¹?b?ñ0
*?H?÷
0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0
050331000000Z
060331235959Z0ü10U
VeriSign Japan K.K.10UISP Service CA1503U,Terms of use at www.verisign.co.jp/rpa (c)011806U/Service Name - 5BF88D474BD2A6D3E7E073163F0C4D1210UHitachijoho10UTsuneo Ogasawara1!0 *?H?÷
t.ogaswr (at) lac.co (dot) jp0 [email concealed]?0
*?H?÷
0?¿*E´\2ÅÍóDíÐÏÇ~?+Ü=Ù&-u4)~è§ÊÇ2ÉnAàÙWÍØoÓÐûÊfÚq³.?³¥Hë¼ÀÚ×?!0¯6iÚ??±?rÙDÏdA[?Ùî?´q\~ãè?ú¨
Ä»ù?oÊi1¶+_ãr?#??>¥þ?IÁeA£ä0á0 U00EU >0<0:
`?H?øE0,0*+https://www.verisign.co.jp/rpa0U 0
`?H?øB?0ZUS0Q0O M K?Ihttp://onsitecrl.verisign.co.jp/VeriSi
gnJapanKKISPServiceCA/LatestCRL.crl0
`?H?øE ÿ0
*?H?÷
TMÎ¤©ýäøpßËµ"òÎ©,ÍË¶Q??`puÏ?¥?F?ÿ¬ãÅz?¸íñ²Oð)ô2ð$³q?âüý |øu
ßx©?Ì0³Jçjñ^9?^ p('?öC¦^ã=?øîÍ?&´ª.àTaxz4ÓÄÇ«<v?òY³QúÄ1?90?50Þ0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CAd2?7Åw?É??¹?b?ñ0 + ±0 *?H?÷
1 *?H?÷
0 *?H?÷
1
051221111900Z0# *?H?÷
1"·f'×ÜT mÆb?ó?,??ÿ0R *?H?÷
1E0C0
*?H?÷
0*?H?÷
?0+0
*?H?÷
@0
*?H?÷
(0
*?H?÷
?ËH1?cÅúÇ4?]>?öÆeÝÏeä×b(ö?X¢l?A¨E+g6Z?%vË?ÃÚµag,+pã?[~e#
Î´tKaû/¯O±?kTtÉ#c\h_õþ?#¬sF±ßÈËYjù?.§
Î?ð?±cêDJ·?Lêm
¦QÉªW?o

[ reply ]