SecurityFocus

SecurityFocus Newsletter #315 2005-09-05->2005-09-09 Dec 28 2005 07:31AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 315 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Tue, 13 Sep 2005 16:28:15 -0600
Message-ID: <4327527F.8010809 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #315
-----------------------------

This Issue is Sponsored By: CrossTec

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Embedded market ripe for picking
2. Security lessons from Katrina
II. BUGTRAQ SUMMARY
1. KDE kcheckpass Local Privilege Escalation Vulnerability
2. HP OpenView Event Correlation Services Unspecified Remote Privilege Escalation Vulnerability
3. OpenTTD Multiple Unspecified Format String Vulnerabilities
4. MyBloggie login.php SQL Injection Vulnerability
5. Rediff Bol Instant Messenger ActiveX Control Information Disclosure Vulnerability
6. Urban Multiple Unspecified Stack Buffer Overflow Vulnerabilities
7. MAXdev MD-Pro Cross-Site Scripting Vulnerability
8. Microsoft Windows Keyboard Event Privilege Escalation Weakness
9. SqWebMail HTML Email Script Tag Script Injection Vulnerability
10. Gentoo Net-SNMP Local Privilege Escalation Vulnerability
11. Land Down Under Events.PHP HTML Injection Vulnerability
12. Man2web Multiple Scripts Command Execution Vulnerability
13. Unclassified NewsBoard Description Field HTML Injection Vulnerability
14. Feedback Form Perl Script CHFeedBack.PL Unauthorized Mail Relay Vulnerability
15. MAXdev MD-Pro Arbitrary Remote File Upload Vulnerability
16. MAXdev MD-Pro Multiple Cross-Site Scripting Vulnerabilities
17. GuppY PrintFAQ.PHP Cross-Site Scripting Vulnerability
18. GuppY Error.PHP HTML Injection Vulnerability
19. MyBulletinBoard Forumdisplay.PHP Cross-Site Scripting Vulnerability
20. Smb4k Insecure Temporary File Creation Vulnerability
21. Symantec Brightmail AntiSpam Deeply Nested Zip File Denial Of Service Vulnerability
22. Symantec Brightmail AntiSpam Winmail.DAT Decomposer Denial Of Service Vulnerability
23. ALTools ALZip ACE Archive File Name Buffer Overflow Vulnerability
24. CSystems WebArchiveX ActiveX Component Arbitrary File Read and Write Vulnerabilities
25. MyBulletinBoard Multiple SQL Injection Vulnerabilities
26. PHPCommunityCalendar Multiple SQL Injection Vulnerabilities
27. Microsoft IIS WebDAV HTTP Request Source Code Disclosure Vulnerability
28. PBLang Bulletin Board System SetCookie.PHP Directory Traversal Vulnerability
29. PBLang Bulletin Board System HTML Injection Vulnerability
30. PHPCommunityCalendar Multiple Remote Cross-Site Scripting Vulnerabilities
31. SecureOL VE2 Physical Memory Secured Environment Access Vulnerability
32. Distributed Checksum ClearingHouse DCCIFD Denial Of Service Vulnerability
33. Cisco IOS Firewall Authentication Proxy Buffer Overflow Vulnerability
34. Open WebMail OpenWebmail-main.PL Cross-Site Scripting Vulnerability
35. Eset Software NOD32 Antivirus ARJ Archive Handling Remote Buffer Overflow Vulnerability
36. Class-1 Forum SQL Injection Vulnerability
37. FreeRADIUS Multiple Remote Vulnerabilities
38. Stylemotion WEB//NEWS Multiple SQL Injection Vulnerabilities
39. AMember Remote File Include Vulnerability
40. Mimicboard2 Multiple HTML Injection Vulnerabilities
41. Mimicboard2 Mimic2.Dat Unauthorized Access Vulnerability.
42. Microsoft September Advance Notification Unspecified Security Vulnerabilities
43. Check Point SecurePlatform NGX Firewall Rules Bypass Vulnerability
44. MyBulletinBoard Forumdisplay.PHP Fid Parameter Cross-Site Scripting Vulnerability
45. Cisco CSS 11500 Series SSL Authentication Bypass Vulnerability
46. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
47. Linux Kernel Sendmsg() Local Buffer Overflow Vulnerability
48. MyBulletinBoard RateThread.PHP SQL Injection Vulnerability
49. Linux Kernel Raw_sendmsg() Kernel Memory Access Vulnerability
50. Sun Java System Web Proxy Server Unspecified Remote Denial Of Service Vulnerability
51. Sawmill Unspecified Cross-Site Scripting Vulnerability
52. Linux Kernel SCSI ProcFS Denial Of Service Vulnerability
53. Linux Kernel Netfilter Ipt_recent Remote Denial of Service Vulnerability
54. Ipswitch Whatsup Small Business 2004 File Disclosure Vulnerability
55. Linux Kernel EXT2/EXT3 File System Access Control Bypass Vulnerability
56. GNU Mailutils Imap4D Search Command Remote Format String Vulnerability
57. KillProcess Local Privilege Escalation Vulnerability
58. Zebedee Remote Denial Of Service Vulnerability
59. Ipswitch Whatsup Gold Map.ASP Cross-Site Scripting Vulnerability
60. IBM OS/400 Malformed SNMP Requests Remote Denial Of Service Vulnerability
61. Ipswitch Whatsup Gold Cross-Site Scripting Vulnerability
62. IBM OS/400 Multiple OSP-CERT Vulnerabilities
III. SECURITYFOCUS NEWS
1. Big debate over small packets
2. Katrina's destruction attracts online fraudsters
3. Hidden-code flaw in Windows renews worries over stealthly malware
4. Zotob suspects arrested in Turkey and Morocco
5. Bot herder websites in internet take-down
6. Users play fast and loose with corporate PCs
7. Mozilla disables IDN to guard against Firefox flaw
8. MS pulls upcoming Windows security patch

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------

II.BUGTRAQ SUMMARY
--------------------
1. KDE kcheckpass Local Privilege Escalation Vulnerability
BugTraq ID: 14736
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14736
$BMWLs(B:
KDE kcheckpass $B$K$O!"%m!<%+%k$G8"8B>:3J$,0z$-5/$3$5$l$k5?$$$,$"$j$^$9!#(B
$B967b$,@.8y$9$k$H!"967b<T$,4IM}<T8"8B$rIT@5$K<hF@$9$k$3$H$r5v$7$F$7$^$
&2D(B
$BG=@-$,$"$j$^$9!#(B

KDE 3.2.0 $B$+$i(B 3.4.2 $B$^$G$N$9$Y$F$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r(B
$B<u$1$^$9!#(B

2. HP OpenView Event Correlation Services Unspecified Remote Privilege Escalation Vulnerability
BugTraq ID: 14737
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14737
$BMWLs(B:
HP OpenView Event Correlation Services $B$K$O!"8"8B$r>:3J2DG=$JL$FCDj$NLd(B
$BBj$,B8:_$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$K4XO"$9$k>\:Y>pJs$O!"8=;~E@$G$O8x3+$5$l$F$$$^$;$s!#>\:Y$,8x3
+$5(B
$B$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

3. OpenTTD Multiple Unspecified Format String Vulnerabilities
BugTraq ID: 14738
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14738
$BMWLs(B:
OpenTTD $B$K$O!"J#?t$N%U%)!<%^%C%H%9%H%j%s%0$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$,Mn$A$k2DG=@-!"$^$?$O%j%b!<%H$+$iG
$0U(B
$B$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#(B

4. MyBloggie login.php SQL Injection Vulnerability
BugTraq ID: 14739
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14739
$BMWLs(B:
MyBloggie $B$N(B 'login.php' $B%9%/%j%W%H$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~NOCM$
rEO(B
$B$7!"%/%(%j$NO@M}9=B$$rA`:n$9$k$J$I$N967b$,5v$5$l$F$7$^$&2DG=@-$,$"$j$
^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

5. Rediff Bol Instant Messenger ActiveX Control Information Disclosure Vulnerability
BugTraq ID: 14740
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14740
$BMWLs(B:
Rediff Bol Instant Messenger $B$K$O!">pJs$,O31L$9$k5?$$$,$"$j$^$9!#0-0U$"(B
$B$k(B ActiveX $B%3%s%H%m!<%k$K$h$j!"967b<T$,1F6A$r<u$1$k%f!<%6$N(B Windows $B%"%I(B
$B%l%9D"$NFbMF$r<hF@$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

6. Urban Multiple Unspecified Stack Buffer Overflow Vulnerabilities
BugTraq ID: 14741
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14741
$BMWLs(B:
Urban $B$K$O!"%9%?%C%/>e$G%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kL$FCDj$NJ#?t$NLd(B

$BBj$,B8:_$9$k5?$$$,$"$j$^$9!#967b$,@.8y$9$k$H!"G$0U$N%3!<%I$,<B9T$5$l$
k2D(B
$BG=@-$,$"$j$^$9!#(B

7. MAXdev MD-Pro Cross-Site Scripting Vulnerability
BugTraq ID: 14742
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14742
$BMWLs(B:
MD-Pro $B$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t$NLdBj$N1F6A$r<u$1(B
$B$k$3$H$,Js9p$5$l$F$$$^$9!#$3$l$i$NLdBj$O(B "wl-search.php" $B%9%/%j%W%H$*$h(B
$B$S(B "dl-search.php" $B%9%/%j%W%H$KB8:_$7!"F~NOCM$KBP$9$kBEEv@-3NG'$NITHw$K(B
$BM3Mh$7$^$9!#967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$NB>$N%f!<%6$^$?$OF10l%
I%a(B
$B%$%s>e$G%[%9%H$5$l$F$$$kB>$N%f!<%6$KBP$9$k967b$r5v$7$F$7$^$&2DG=@-$,$
"$j(B
$B$^$9!#%;%C%7%g%s%O%$%8%c%C%/$d%3%s%F%s%D$N56Au$J$I$N967b$r<u$1$k2DG=@
-$,(B
$B$"$j$^$9!#(B

8. Microsoft Windows Keyboard Event Privilege Escalation Weakness
BugTraq ID: 14743
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-05
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14743
$BMWLs(B:
Microsoft Windows $B$K$O!"8"8B>:3J$,0z$-5/$3$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"(Bkeybd_event() $B4X?t$r2p$7$FAw?.$5$l$?%-!<%\!<%I%$%Y%s%H$r=hM}$9$k$H$-(B
$B$N@_7W>e$NITHw$KM3Mh$7$^$9!#$3$NLdBj$K$h$j!"%-!<%\!<%I%$%Y%s%H$,$h$j9
b$$(B
$B8"8B$r;}$D%G%9%/%H%C%W%"%W%j%1!<%7%g%s$KAw?.$5$l$k2DG=@-$,$"$j$^$9!#
(B

$B$3$NLdBj$O!"9b$$8"8B$r;}$D%f!<%6$H$7$F<B9TCf$G$"$k(B 'explorer.exe' $B$J$I$N(B
$B%G%9%/%H%C%W%"%W%j%1!<%7%g%s$K0-0U$"$k%-!<%\!<%I%$%Y%s%H$,Aw?.$5$l$k2
DG=(B
$B@-$,$"$k$?$a!"%m!<%+%k$G$N%;%-%e%j%F%#>e$N6<0R$r$b$?$i$7$^$9!#$3$N$h$
&$J(B
$B%-!<%\!<%I%$%Y%s%H$O!"I8E*%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G2r<a$5$
l$^(B
$B$9!#8"8B$r>:3J$9$k$?$a$K!"%5!<%S%9$K@x:_$9$k%j%b!<%H$+$i%3!<%I<B9T$,2
DG=(B
$B$JLdBj$rMxMQ$7$F$+$i$3$NLdBj$,MxMQ$5$l$k2DG=@-$,$"$j$^$9!#$3$N%7%J%j%
*$G(B
$B$O$=$N%5!<%S%9$h$j$b9b$$8"8B$r;}$D%f!<%6$,%G%9%/%H%C%W$K%m%0%$%s$7$F$
$$k(B
$BI,MW$,$"$j$^$9!#(B

9. SqWebMail HTML Email Script Tag Script Injection Vulnerability
BugTraq ID: 14744
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14744
$BMWLs(B:
SqWebMail $B$O!"%j%b!<%H$N967b<T$O%f!<%6$N%V%i%&%6$GG$0U$N%9%/%j%W%H%3!<%I(B
$B$rA^F~$*$h$S<B9T$9$k2DG=@-$N$"$kLdBj$N1F6A$r<u$1$^$9!#(B

$B$3$NLdBj$O!"%f!<%6>ZL@=q$N@`<h$KM3Mh$9$k%;%C%7%g%s%O%$%8%c%C%/$J$I$N$
5$^(B
$B$6$^$J967b$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

SqWebMail 5.0.4 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#$=$N(B
$BB>$N%P!<%8%g%s$bLdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

10. Gentoo Net-SNMP Local Privilege Escalation Vulnerability
BugTraq ID: 14745
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14745
$BMWLs(B:
Gentoo Net-SNMP $B$O!"%m!<%+%k$G$N8"8B>:3J$NLdBj$N1F6A$r<u$1$^$9!#(B

portage $B%0%k!<%W8"8B$r;}$D%m!<%+%k$N967b<T$O!"(BNet-SNMP Perl $B%b%8%e!<%k$K(B
$B$h$C$F%m!<%I$5$l$k6&M-%*%V%8%'%/%H$r:n@.$7!"$=$N7k2L(B Perl $B%9%/%j%W%H$r<B(B
$B9T$9$k%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%3!<%I$r<B9T$9$k2DG=@
-$,(B
$B$"$j$^$9!#(B

Gentoo Net-SNMP 5.2.1.2-r1 $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r(B
$B<u$1$^$9!#(BNet-SNMP $B%Q%C%1!<%8$O$3$NLdBj$N1F6A$r<u$1$^$;$s!#(B

11. Land Down Under Events.PHP HTML Injection Vulnerability
BugTraq ID: 14746
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14746
$BMWLs(B:
Land Down Under $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$
kA0(B
$B$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

12. Man2web Multiple Scripts Command Execution Vulnerability
BugTraq ID: 14747
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14747
$BMWLs(B:
man2web $B$O!"J#?t$N%9%/%j%W%H$,1F6A$r<u$1$k%3%^%s%I<B9T$NLdBj$N1F6A$r<u$1(B
$B$^$9!#(B

$B%j%b!<%H$N967b<T$O!"(BHTTP GET $BMW5a$r2p$7$F$3$N%"%W%j%1!<%7%g%s$KG$0U$N%3(B
$B%^%s%I$r;XDj$9$k$3$H$,2DG=$G$9!#;XDj$5$l$?%3%^%s%I$O!"LdBj$N$"$k(B Web $B%5!<(B
$B%P$N8"8B$G<B9T$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%j%b!<%H$+$i$N967b$r<j=u$1$9$k$3$H$,2DG=$G$9!#(B

13. Unclassified NewsBoard Description Field HTML Injection Vulnerability
BugTraq ID: 14748
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14748
$BMWLs(B:
Unclassified NewsBoard $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$
G;H(B
$BMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

14. Feedback Form Perl Script CHFeedBack.PL Unauthorized Mail Relay Vulnerability
BugTraq ID: 14749
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14749
$BMWLs(B:
chfeedback.pl $B$K$O!"%a!<%k%j%l!<$H$7$FIT@5$KMxMQ$5$l$kLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$O!"(BCR-LF $B%7!<%1%s%9$r;HMQ$9$k$3$H$K$h$j!"G$0U$N(B
SMTP $B%X%C%@$rA^F~$9$k2DG=@-$,$"$j$^$9!#(B

$BLdBj$NMxMQ$K@.8y$9$k$H!"$3$N%"%W%j%1!<%7%g%s$r%a!<%k%j%l!<$H$7$FIT@5;
HMQ(B
$B$G$-$k2DG=@-$,$"$j$^$9!#G$0U$N%3%s%T%e!<%?$KEE;R%a!<%k$,Aw?.$5$l$k2DG
=@-(B
$B$,$"$j$^$9!#$3$NLdBj$O!"%9%Q%`G[?.6H<T$d$=$NB>$N0-0U$"$kCDBN$K$h$jMxM
Q$5(B
$B$l$k2DG=@-$,$"$j$^$9(B

15. MAXdev MD-Pro Arbitrary Remote File Upload Vulnerability
BugTraq ID: 14750
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14750
$BMWLs(B:
MAXdev MD-Pro $B$K$O!"%j%b!<%H$+$iG$0U$N%U%!%$%k$,%"%C%W%m!<%I$5$l$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"FCDj$N%U%!%$%k3HD%;R$N$_$r5v2D$9$k%[%o%$%H%j%9%H$N<jK!$G$
O$J(B
$B$/!"%"%C%W%m!<%I$G$-$J$$%U%!%$%k3HD%;R$r;XDj$9$k%V%i%C%/%j%9%H$N<jK!$
r;H(B
$BMQ$7$F$$$k$H$$$&%"%W%j%1!<%7%g%s$N@_7W>e$NITHw$KM3Mh$7$^$9!#$3$NLdBj$
rMx(B
$BMQ$9$k967b<T$O!"0-0U$"$k%9%/%j%W%H$r4^$`G$0U$N%U%!%$%k$r%"%C%W%m!<%I$
7$F!"(B
$BLdBj$N$"$k%5!<%P>e$G$=$N%9%/%j%W%H$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!":G=*E*$K(B Web $B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GIT@5%"(B
$B%/%;%9$r>7$/2DG=@-$,$"$j$^$9!#(B

16. MAXdev MD-Pro Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 14751
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14751
$BMWLs(B:
MAXdev MD-Pro $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$r<u$1$kJ#?t$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%
:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

17. GuppY PrintFAQ.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14752
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14752
$BMWLs(B:
GuppY $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^$9!#$3$N(B

$BLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$
H$K(B
$BM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

18. GuppY Error.PHP HTML Injection Vulnerability
BugTraq ID: 14753
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14753
$BMWLs(B:
GuppY $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!"F
~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

19. MyBulletinBoard Forumdisplay.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 14754
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-06
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14754
$BMWLs(B:
MyBulletinBoard $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$4IM}<T%f!<%6$N%V%i%&%6$G!"L
dBj(B
$B$N$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<
B9T(B
$B$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I(B
$B$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

20. Smb4k Insecure Temporary File Creation Vulnerability
BugTraq ID: 14756
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14756
$BMWLs(B:
Smb4k $B$K$O%;%-%e%j%F%#>eITE,@Z$K0l;~%U%!%$%k$,:n@.$5$l$k5?$$$,$"$j$^$9!#(B

$B%m!<%+%k$N967b<T$O$3$NLdBj$rMxMQ$9$k967b$K@.8y$9$k$H!"=EMW$J>pJs$X$N%
"%/(B
$B%;%9$r<hF@$9$k2DG=@-$,$"$j$^$9!#(B

21. Symantec Brightmail AntiSpam Deeply Nested Zip File Denial Of Service Vulnerability
BugTraq ID: 14757
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14757
$BMWLs(B:
Symantec Brightmail AntiSpam $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#$3$NLdBj$O!"$3$N%"%W%j%1!<%7%g%s$N%&%$%k%9BP:v%9%-%c%
J(B /
$B%/%j!<%J!<$,?<$$3,AX9=B$$r;}$D(B zip $B%U%!%$%k$r=hM}$9$k$H$-$KH/@8$7$^$9!#(B

22. Symantec Brightmail AntiSpam Winmail.DAT Decomposer Denial Of Service Vulnerability
BugTraq ID: 14758
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14758
$BMWLs(B:
Symantec Brightmail AntiSpam $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$,B8:_$9$k(B
$B5?$$$,$"$j$^$9!#$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?%a%C%;!<%8$r=hM}$9$k$H$
-$K(B
$BH/@8$9$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%"%W%j%1!<%7%g%s$N2rE`%3%s%]!<%M%s%H$,%/%i%C%
7%e(B
$B$9$k2DG=@-$,$"$j$^$9!#(B

23. ALTools ALZip ACE Archive File Name Buffer Overflow Vulnerability
BugTraq ID: 14759
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14759
$BMWLs(B:
ALTools ALZip $B$K$O!"2aEY$KD9$$%U%!%$%kL>$r;}$D%U%!%$%k$r4^$s$@(B ACE $B%"!<(B
$B%+%$%V$,=hM}$5$l$k$H$-$K%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$
9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%6$N%;%-%e%j%F%
#%3(B
$B%s%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#0-0U$"$k(B ACE $B%"!<(B
$B%+%$%V$O30It$N?.Mj$G$-$J$$%=!<%9$+$i$N$b$N$G$"$k$H;W$o$l$k$?$a!"$3$NL
dBj(B
$B$O;v<B>e%j%b!<%H$+$iMxMQ2DG=$G$"$k$H9M$($i$l$^$9!#(B

24. CSystems WebArchiveX ActiveX Component Arbitrary File Read and Write Vulnerabilities
BugTraq ID: 14760
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14760
$BMWLs(B:
WebArchiveX $B$O!"%j%b!<%H$N967b<T$,G$0U$N%U%!%$%k$NFI$_<h$j$*$h$S=q$-9~$_(B
$B$9$k$3$H$r5v$7$F$7$^$&(B 2 $B$D$NLdBj$N1F6A$r<u$1$^$9!#$3$l$i$NLdBj$O!"(B"Safe
for Scripting" $B$H%^!<%/$5$l$F$$$k$b$N$H$7$F<h$j07$C$F$7$^$&@_7W>e$NITHw(B
$B$KM3Mh$7$FH/@8$7!"%j%b!<%H$+$i%"%/%;%92DG=$JMM!9$JJ}K!$rDs6!$7$F$7$^$
$$^(B
$B$9!#(B

2005 $BG/(B 9 $B7n(B 6 $BF|$h$jA0$N(B WebArchiveX.dll 5.5.0.76 $B%$%s%9%H!<%k$K$*$$$F!"(B
$B$3$l$i$NLdBj$N1F6A$r<u$1$^$9!#(B

25. MyBulletinBoard Multiple SQL Injection Vulnerabilities
BugTraq ID: 14762
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14762
$BMWLs(B:
MyBulletinBoard $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"(B
$BF~NOCM$KBP$9$k%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

26. PHPCommunityCalendar Multiple SQL Injection Vulnerabilities
BugTraq ID: 14763
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14763
$BMWLs(B:
PHPCommunityCalendar $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$(B
$B$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9(B
$B$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#
(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

27. Microsoft IIS WebDAV HTTP Request Source Code Disclosure Vulnerability
BugTraq ID: 14764
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-04
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14764
$BMWLs(B:
Microsoft IIS $B$O!"%j%b!<%H$+$i%9%/%j%W%H$N%=!<%9$,3+<($5$l$kLdBj$N1F6A$r(B
$B<u$1$k$HJs9p$5$l$F$$$^$9!#(B

$B967b$,@.8y$9$k$H!"(BWeb $B%5!<%P$OMW5a$5$l$?%U%!%$%k$rJ?J8$GI=<($7$F$7$^$&$?(B
$B$a!"%=!<%9$,3+<($5$l$^$9!#(B

$B$3$NLdBj$O!"MW5a$5$l$?%U%!%$%k$,(B FAT $B$^$?$O(B FAT32 $B%\%j%e!<%`$K3JG<$5$l$F(B
$B$$$k>l9g$K$N$_H/@8$7!"%9%/%j%W%H%U%!%$%k$,(B NTFS $B%\%j%e!<%`$K3JG<$5$l$F$$(B
$B$k>l9g$K$OH/@8$7$J$$E@$KN10U$9$Y$-$G$9!#(B

Microsoft IIS 5.1 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

28. PBLang Bulletin Board System SetCookie.PHP Directory Traversal Vulnerability
BugTraq ID: 14765
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14765
$BMWLs(B:
PBLang $B$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$N1F6A$r<u$1$^$9!#$3$NLdBj$O!"%f!<(B

$B%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B$3$NLdBj$,MxMQ$5$l$k$H!"5!L)@-$,<:$o$l$k2DG=@-$,$"$j$^$9!#<hF@$5$l$?>
pJs(B
$B$O!"%P%C%/%(%s%I%7%9%F%`$KBP$9$k99$J$k967b$N<j=u$1$H$J$k2DG=@-$,$"$j$
^$9!#(B
$B$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

29. PBLang Bulletin Board System HTML Injection Vulnerability
BugTraq ID: 14766
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14766
$BMWLs(B:
PBLang $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!"F
~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

30. PHPCommunityCalendar Multiple Remote Cross-Site Scripting Vulnerabilities
BugTraq ID: 14767
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14767
$BMWLs(B:
phpCommunityCalendar $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$kJ#?t(B
$B$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOC
M$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"I8E
*$H(B
$B$J$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

31. SecureOL VE2 Physical Memory Secured Environment Access Vulnerability
BugTraq ID: 14768
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14768
$BMWLs(B:
SecureOL VE2 $B$K$O!"%m!<%+%k$N967b<T$,J*M}%a%b%j$d%;%-%e%"$J4D6-$KBP$7$F(B
$BIT@5$KD>@\E*$J%"%/%;%9$r<hF@$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#
(B

$B967b$,@.8y$9$k$H!"967b<T$O%"%W%j%1!<%7%g%s$K$h$C$F9=C[$5$l$?%;%-%e%"$
J4D(B
$B6-$KIT@5%"%/%;%9$9$k2DG=@-$,$"$j$^$9!#$=$N7k2L!">pJs$NO31L$KM3Mh$9$kM
M!9(B
$B$J967b$r>7$/2DG=@-$,$"$j$^$9!#(B

32. Distributed Checksum ClearingHouse DCCIFD Denial Of Service Vulnerability
BugTraq ID: 14769
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14769
$BMWLs(B:
Distributed Checksum ClearingHouse $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S(B
$B%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#$3$NLdBj$ONc30E*$J>u67$N=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r%/%
i%C(B
$B%7%e$5$;!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#$3$N%=%U%
H%&%'(B
$B%"$O%9%Q%`BP:v$N%3%s%F%s%D%U%#%k%?$G$"$k$?$a!"$=$NB>$N1F6A$,%7%9%F%`$
K5Z(B
$B$V2DG=@-$,$"$j$^$9!#(B

33. Cisco IOS Firewall Authentication Proxy Buffer Overflow Vulnerability
BugTraq ID: 14770
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14770
$BMWLs(B:
Cisco IOS Firewall Authentication Proxy $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/(B
$B@8$9$k5?$$$,$"$j$^$9!#$3$NLdBj$rMxMQ$9$k967b$K@.8y$9$k$H!"%5!<%S%95qH
]$^(B
$B$?$OG$0U$N%3!<%I<B9T$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

FTP $B%W%m%H%3%k$*$h$S(B Telnet $B%W%m%H%3%k$K$*$$$F$3$NLdBj$N1F6A$r<u$1$^$9$,!"(B
HTTP $B$O1F6A$r<u$1$^$;$s!#(B

34. Open WebMail OpenWebmail-main.PL Cross-Site Scripting Vulnerability
BugTraq ID: 14771
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-07
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14771
$BMWLs(B:
Open WebMail $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^(B
$B$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$
l$J(B
$B$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

35. Eset Software NOD32 Antivirus ARJ Archive Handling Remote Buffer Overflow Vulnerability
BugTraq ID: 14773
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14773
$BMWLs(B:
NOD32 Antivirus $B$O!"(BARJ $B%"!<%+%$%V$r=hM}$9$k$H$-$K%j%b!<%H$+$iMxMQ2DG=$J(B
$B%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F6A$r<u$1$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BSYSTEM $B8"8B$G%j%b!<%H$+$iIT@5%"%/%;%9$9$k2D(B
$BG=@-$,$"$j$^$9!#(B

nod32.002 version 1.033 build 1127 $B$r<B9T$9$k(B NOD32 for Windows 2.5 $B$K$*(B
$B$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9$,!"$=$NB>$N%P!<%8%
g%s(B
$B$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

36. Class-1 Forum SQL Injection Vulnerability
BugTraq ID: 14774
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14774
$BMWLs(B:
Class-1 Forum $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j!"%j%b!<%H$N967b<T$,%G!<%?%Y!<%9%/%(%j$K0-0U$"$kF~NOCM$
rEO(B
$B$9$3$H$,5v$5$l$F$7$^$&$?$a!"%U%!%$%k$,%"%C%W%m!<%I$5$l$kLdBj$r>7$/2DG
=@-(B
$B$,$"$j$^$9!#(B

$B967b<T$,%5!<%P$K0-0U$"$k%9%/%j%W%H$r%"%C%W%m!<%I$7!"<B9T$9$k$3$H$,2DG
=$G(B
$B$"$k>l9g!"$3$NLdBj$O%j%b!<%H$+$i$NIT@5%"%/%;%9$r>7$/2DG=@-$,$"$j$^$9!
#$=(B
$B$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

Class-1 Forum 0.24.4 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$HJs9p$5$l$F$$$^$9!#(B
$B$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

37. FreeRADIUS Multiple Remote Vulnerabilities
BugTraq ID: 14775
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14775
$BMWLs(B:
FreeRADIUS $B$O!"%j%b!<%H$+$i<B9T2DG=$JJ#?t$NLdBj$N1F6A$r<u$1$^$9!#(B

$BBh(B 1 $B$NLdBj$O!"%a%b%j$N=hM}$K4XO"$9$kLdBj$G$9!#$3$l$i$NLdBj$O!"%j%b!<%H(B

$B$N967b<T$,LdBj$N$"$k%5!<%S%9$r%/%i%C%7%e$5$;$k!"$"$k$$$OLdBj$N$"$k%"%
W%j(B
$B%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k$
3$H(B
$B$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B$^$?!"(BFreeRADIUS $B$O!"%U%!%$%k5-=R;R$,O31L$7$F$7$^$&LdBj$N1F6A$r<u$1$^$9!#(B
$BLdBj$K$h$j!"967b<T$,DL>o%"%/%;%9$9$k$3$H$,$G$-$J$$%U%!%$%k$X$N%"%/%;%
9$r(B
$B<hF@$G$-$k2DG=@-$,$"$j$^$9!#(B

LDAP $B%b%8%e!<%k$K$O!"967b<T$,;XDj$7$?%G!<%?$N%5%K%?%$%:=hM}$,E,@Z$K<B9T(B

$B$5$l$J$$$^$^!"@_Dj$5$l$?(B LDAP $B%G!<%?%Y!<%9$K%G!<%?$,EO$5$l$F$7$^$&$H$$$&(B
$BITHw$,B8:_$7$^$9!#(B

FreeRADIUS 1.0.4 $B$K$*$$$F!"$3$l$i$9$Y$F$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5(B
$B$l$F$$$^$9!#$3$l$h$jA0$N%P!<%8%g%s$K$*$$$F$b!"$3$l$i$NLdBj$N$&$A(B 1 $B$D0J(B
$B>e$NLdBj$N1F6A$r<u$1$k$H9M$($i$l$^$9!#(B

$B99?7(B: $B%Y%s%@$O$3$l$i$NLdBj$KBP$9$k2sEz$r7G:\$7$F$$$^$9!#>\:Y$K$D$$$F$O!"(B

"Response to Suse Audit Report on FreeRADIUS" $B$r;2>H$7$F$/$@$5$$!#(B

38. Stylemotion WEB//NEWS Multiple SQL Injection Vulnerabilities
BugTraq ID: 14776
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14776
$BMWLs(B:
WEB//NEWS $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NO(B
$BCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

39. AMember Remote File Include Vulnerability
BugTraq ID: 14777
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14777
$BMWLs(B:
aMember $B$K$O!"%j%b!<%H$+$i%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#(B

$BMM!9$J%9%/%j%W%H$KEO$5$l$kF~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$^$;$
s!#(B
$B967b<T$O!"0-0U$"$kG$0U$N%3!<%I$r967b<T$,@)8f$9$k%5%$%H$G%[%9%H$7!"(B
URI $B%Q(B
$B%i%a!<%?$r;HMQ$7$F$=$N%U%!%$%k$r%$%s%/%k!<%I$9$k2DG=@-$,$"$j$^$9!#(B

$BLdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;%9$N8"8B$r;HMQ$7!"G$0U$N%5!<(B
$B%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k$?$a$K$3$NLdBj$,MxMQ$5$l$k2DG=@-$,$
"$j(B
$B$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

aMember Pro 2.3.4 $B$K$*$$$F!"LdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#$=(B
$B$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

40. Mimicboard2 Multiple HTML Injection Vulnerabilities
BugTraq ID: 14778
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14778
$BMWLs(B:
Mimicboard2 $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^(B
$B$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$
G;H(B
$BMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$
9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(BCookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N2r<aJ}K!$r@)8f$9$k2DG=@-$b$"$j$^$
9!#(B
$B$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

41. Mimicboard2 Mimic2.Dat Unauthorized Access Vulnerability.
BugTraq ID: 14779
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14779
$BMWLs(B:
Mimicboard2 $B$O!"K\Mh5v2D$5$l$F$$$J$$%"%/%;%9$,9T$o$l$kLdBj$N1F6A$r<u$1$^(B
$B$9!#$3$NLdBj$O!"8"8B$,I,MW$J>pJs$X$N%"%/%;%9$r5v2D$9$kA0$K!"%f!<%6G'>
Z$,(B
$BA4$/<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$rMxMQ$9$k967b<T$O!"%f!<%6>pJs$*$h$S(B DES $B$G0E9f2=$5$l$?4IM}<T%Q(B
$B%9%o!<%I$r<hF@$9$k$3$H$,2DG=$G$9!#(B

42. Microsoft September Advance Notification Unspecified Security Vulnerabilities
BugTraq ID: 14780
$B%j%b!<%H$+$i$N:F8=@-(B: $BITL@(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14780
$BMWLs(B:
Microsoft $B$O!"(B2005 $B7n(B 9 $B7n(B 13 $BF|$K%;%-%e%j%F%#>pJs$r%j%j!<%9$9$kM=Dj$G$"(B
$B$k$H$N;vA0DL9p$r=P$7$^$7$?!#(B

$B$3$N%;%-%e%j%F%#>pJs$O!"(BMicrosoft Windows $B$K1F6A$rM?$($^$9!#(B

$B99?7(B: Microsoft $B$O!"Kh7nH/9T$5$l$k%;%-%e%j%F%#>pJs$N(B 9 $B7nHG$N0lIt$H$7$F(B
9 $B7n(B 13 $BF|$K%;%-%e%j%F%#%"%C%W%G!<%H$r4^$a$kM=Dj$O$J$$$HJs9p$7$F$$$^$9!#(B

43. Check Point SecurePlatform NGX Firewall Rules Bypass Vulnerability
BugTraq ID: 14781
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14781
$BMWLs(B:
Check Point SecurePlatform NGX $B$O!">&MQ%M%C%H%o!<%/$N%;%-%e%j%F%#@=IJ$N(B
$B%W%i%C%H%U%)!<%`$G$9!#(B

Check Point SecurePlatform NGX $B$K$O!"%U%!%$%"%&%)!<%k%k!<%k$,2sHr$5$l$k(B
$BLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"4|BT$5$l$k%U%!%$%"%&%)!<%k%
k!<(B
$B%k$,E,@Z$K<BAu$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"967b<T$,%U%!%$%"%&%)!<%k%k!<%k$r2sHr$9$k$3$H$r5v$7$F$7$^$
$!"(B
$B$=$N$?$a4|BT$5$l$k@)8B$r<u$1$k$3$H$J$/J]8n$5$l$F$$$k%5!<%S%9$d%3%s%T%
e!<(B
$B%?$KBP$9$k967b$r5v$7$F$7$^$$$^$9!#(B

$B$^$?!"$3$NLdBj$O$"$?$+$b0BA4$G$"$k$+$N$h$&$J8m2r$r%U%!%$%"%&%)!<%k4IM
}(B
$B<T$KM?$($F$7$^$$$^$9!#(B

44. MyBulletinBoard Forumdisplay.PHP Fid Parameter Cross-Site Scripting Vulnerability
BugTraq ID: 14782
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14782
$BMWLs(B:
MyBulletinBoard $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

45. Cisco CSS 11500 Series SSL Authentication Bypass Vulnerability
BugTraq ID: 14783
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14783
$BMWLs(B:
Cisco CSS (Content Services Switches) 11500 Series $B%G%P%$%9$K$O!"G'>Z$,(B
$B2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%G%P%$%9$,(B SSL $B$r;H(B
$BMQ$7$F0E9f2=$*$h$S%/%i%$%"%s%HG'>Z$r<B;\$9$k$H$-$KH/@8$9$k2DG=@-$,$"$
j$^(B
$B$9!#(B

$B967b$,@.8y$9$k$H!"%3%s%F%s%D$KIT@5%"%/%;%9$9$k$3$H$,5v$5$l$F$7$^$&2DG
=@-(B
$B$,$"$j$^$9!#(B

CSS5-SSL-K9/CSS11501S-K9 $B$N3F%b%8%e!<%k$,$=$l$>$l%$%s%9%H!<%k$5$l$F$$$k(B
Cisco CSS 11500/11501 $B%G%P%$%9$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

46. Mozilla/Netscape/Firefox Browsers Domain Name Remote Buffer Overflow Vulnerability
BugTraq ID: 14784
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14784
$BMWLs(B:
Mozilla/Netscape/Firefox $B$K$O!"0U?^E*$K:n@.$5$l$?(B URI $B$,=hM}$5$l$k$H$-$K(B
$B%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k%j%b!<%H$+$iMxMQ2DG=$JLdBj$,B8:_$9$k5
?$$(B
$B$,$"$k$HJs9p$5$l$F$$$^$9!#(B

$B967b$,@.8y$9$k$H%/%i%C%7%e$7$?$j!"G$0U$N%3!<%I$,<B9T$5$l$?$j$9$k2DG=@
-$,(B
$B$"$j$^$9!#(B

Firefox 1.0.6 $B$*$h$S(B 1.5 Beta $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B
Mozilla 1.7.11 $B$H(B Netscape 8.0.3.3 $B$*$h$S(B 7.2 $B$b1F6A$r<u$1$^$9!#(B

47. Linux Kernel Sendmsg() Local Buffer Overflow Vulnerability
BugTraq ID: 14785
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14785
$BMWLs(B:
Linux Kernel $B$K$O!"%m!<%+%k$G$N967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9(B
$B$k5?$$$,$"$j$^$9!#(B

$B0U?^E*$K:n@.$5$l$?%f!<%6;XDj$N%G!<%?$,%f!<%6%i%s%I$+$i%+!<%M%k%a%b%j$
K%3(B
$B%T!<$5$l$k$H$-$K!"(B 'sendmsg()' $B$K$*$$$F$3$NLdBj$N1F6A$r5Z$\$7$^$9!#(B

$B967b$K@.8y$9$k$H!"%m!<%+%k$N967b<T$,%*!<%P!<%U%m!<$r0z$-5/$3$92DG=@-$
,$"(B
$B$j$^$9!#$=$N7k2L!"%a%b%j$NGK2u$KM3Mh$9$k%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$
,$"(B
$B$j$^$9!#$^$?!"8"8B>:3J$N860x$H$J$kG$0U$N%3!<%I<B9T$,0z$-5/$3$5$l$k2DG
=@-(B
$B$b$"$j$^$9!#(B

48. MyBulletinBoard RateThread.PHP SQL Injection Vulnerability
BugTraq ID: 14786
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14786
$BMWLs(B:
MyBulletinBoard $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

49. Linux Kernel Raw_sendmsg() Kernel Memory Access Vulnerability
BugTraq ID: 14787
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14787
$BMWLs(B:
Linux Kernel $B$K$O!"%+!<%M%k%a%b%j$X$N%"%/%;%9$K4XO"$9$kLdBj$,B8:_$9$k5?(B
$B$$$,$"$j$^$9!#(B

'raw_sendmsg()' $B4X?t$K1F6A$rM?$($k$3$NLdBj$O!"(BIO $B%]!<%H$X$NIT@5%"%/%;%9(B
$B$KM3Mh$7$F%m!<%+%k$N967b<T$,%+!<%M%k%a%b%j$r3+<($9$k$3$H!"$^$?$O%O!<%
I%&%'(B
$B%"$N>uBV$rA`:n$9$k$3$H$r5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

Linux Kernel 2.6.10 $B$K$*$$$F!"$3$NLdBj$,B8:_$9$k$HJs9p$5$l$^$7$?!#$=$NB>(B
$B$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

50. Sun Java System Web Proxy Server Unspecified Remote Denial Of Service Vulnerability
BugTraq ID: 14788
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-08
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14788
$BMWLs(B:
Sun Java System Web Proxy Server $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9(B
$BITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"LdBj$
N$"(B
$B$k%5!<%S%9$,MW5a$K1~Ez$9$k5!G=$rDd;_$9$k$h$&$K;E8~$1$k$3$H$r%j%b!<%H$
N96(B
$B7b<T$K5v$7$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%j%b!<%H$N967b<T$O@55,%f!<%6$X$N%5!<%S%95qH]$r0z$-5
/$3(B
$B$92DG=@-$,$"$j$^$9!#(B

51. Sawmill Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 14789
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14789
$BMWLs(B:
Sawmill $B$K$O!"L$FCDj$N%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

52. Linux Kernel SCSI ProcFS Denial Of Service Vulnerability
BugTraq ID: 14790
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14790
$BMWLs(B:
Linux Kernel $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
Linux Kernel $B$O!":G=*E*$K%5!<%S%95qH]$r>7$/2DG=@-$N$"$k%a%b%jO31L$NLdBj(B
$B$N1F6A$r<u$1$^$9!#(B

$B%m!<%+%k$N967b<T$O!"(B'/proc/scsi/sg/devices' $B%U%!%$%k$KBP$7$F7+$jJV$7FI$_(B
$B<h$j$r<B9T$7$F%+!<%M%k%a%b%j$r>CHq$9$k$3$H$K$h$C$F$3$NLdBj$rMxMQ$7!"%
5!<(B
$B%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(B

53. Linux Kernel Netfilter Ipt_recent Remote Denial of Service
Vulnerability
BugTraq ID: 14791
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14791
$BMWLs(B:
Linux Kernel $B$K$O!"%m!<%+%k$G%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$k$HJs9p$5$l(B
$B$F$$$^$9!#(B

$B967b<T$O!"(B'ipt_recent' $B%b%8%e!<%k$r;HMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?$K0U(B
$B?^E*$K:n@.$5$l$?%Q%1%C%H$rAw?.$9$k$3$H$K$h$C$F$3$NLdBj$rMxMQ$9$k$3$H$
,2D(B
$BG=$G$9!#(B

$B967b$,@.8y$9$k$H!"%5!<%S%9ITG=>uBV$K4Y$k2DG=@-$,$"$j$^$9!#(B

54. Ipswitch Whatsup Small Business 2004 File Disclosure Vulnerability
BugTraq ID: 14792
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14792
$BMWLs(B:
Ipswitch Whatsup Small Business 2004 $B$K$O!"%U%!%$%k$,3+<($5$l$k5?$$$,$"(B
$B$k$HJs9p$5$l$F$$$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"@x:_E*$K=EMW$J>pJs$r4^$`%U%!%$%
k$r(B
$B3+<($9$k2DG=@-$,$"$j$^$9!#(B

55. Linux Kernel EXT2/EXT3 File System Access Control Bypass Vulnerability
BugTraq ID: 14793
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14793
$BMWLs(B:
Linux Kernel $B$K$O!"(BEXT2/EXT3 $B%U%!%$%k%7%9%F%`$r;HMQ$9$k$H$-$K!"%"%/%;%9(B
$B@)8B$,2sHr2DG=$JLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"%G!<%?$NGK2u$H2~$6$s!">pJs$N3+<(!"G$0U$N%3!<%I<B9T$
J$I(B
$B$r>7$/2DG=@-$,$"$j$^$9!#(B

56. GNU Mailutils Imap4D Search Command Remote Format String Vulnerability
BugTraq ID: 14794
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14794
$BMWLs(B:
imap4d $B$K$O!"%j%b!<%H$+$iMxMQ2DG=$J%U%)!<%^%C%H%9%H%j%s%0$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"%/%i%$%"%s%H$+$iAw?.$5$l$?0-0U$"$k8!:w%3%^%s%I$,=hM}$5$l$
k:](B
$B$K0z$-5/$3$5$l$^$9!#(B

$B967b$,@.8y$9$k$H!"G$0U$N%3!<%I$,<B9T$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#$3$
l$K(B
$B$h$j!"$3$N%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GIT@5%"%/%;%9$d8"8B>:3J$
,0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

GNU Mailutils 0.6 $B$K$*$$$F!"$3$NLdBj$,8!>Z:Q$_$G$9!#$=$NB>$N%P!<%8%g%s$K(B
$B$bLdBj$,B8:_$9$k2DG=@-$,$"$j$^$9!#(B

57. KillProcess Local Privilege Escalation Vulnerability
BugTraq ID: 14795
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14795
$BMWLs(B:
KillProcess $B$K$O!"%m!<%+%k$G$N967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k(B
$B5?$$$,$"$j$^$9!#(B

$B967b$,@.8y$9$k$H!"(BKillProcess $B$r<B9T$7$F$$$k%f!<%6$N8"8B$GG$0U$N%^%7%s%3!<(B
$B%I<B9T$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

KillProcess 2.20 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

58. Zebedee Remote Denial Of Service Vulnerability
BugTraq ID: 14796
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14796
$BMWLs(B:
Zebedee $B$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A$r<u(B
$B$1$^$9!#$3$NLdBj$O!"Nc30E*$J%M%C%H%o!<%/MW5a$,E,@Z$K=hM}$5$l$J$$$3$H$
KM3(B
$BMh$7$^$9!#(B

$B6qBNE*$K$O!"(BZebedee $B$OMW5a$5$l$?08@h%]!<%H$K%<%m$,4^$^$l$F$$$k@\B3MW5a$r(B
$B=hM}$9$k$3$H$,$G$-$^$;$s!#(B

$B%j%b!<%H$N967b<T$O!"$3$NLdBj$rMxMQ$7$FLdBj$N$"$k%"%W%j%1!<%7%g%s$r%/%
i%C(B
$B%7%e$5$;!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!#(B

Zebedee 2.4.1 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#$=(B
$B$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

59. Ipswitch Whatsup Gold Map.ASP Cross-Site Scripting Vulnerability
BugTraq ID: 14797
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14797
$BMWLs(B:
Ipswitch Whatsup Gold $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$
K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$
"$k(B
$B%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$
k2D(B
$BG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b(B
$B$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

60. IBM OS/400 Malformed SNMP Requests Remote Denial Of Service Vulnerability
BugTraq ID: 14798
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14798
$BMWLs(B:
IBM OS/400 $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$j!"(BSNMP $B%5!<(B
$B%S%9$,1F6A$r<u$1$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BSNMP $B%W%m%;%9$N%(%i!<$N%m%.%s%05!G=$KM3Mh$7$F$GH/@8$7$^$9!#(B
SNMP $B%W%m%;%9$O!"0U?^E*$K:n@.$5$l$?(B SNMP $B%Q%1%C%H$r<u?.$9$k$H!"$=$N%Q%1%C(B
$B%H$K4XO"$9$k>pJs$r%8%g%V%m%0$K5-O?$7$^$9!#(B

$B%G%U%)%k%H$G$O!"%8%g%V%m%0$O(B 'Job message queue full action' $B$K(B '*NOWRAP'
$B$,@_Dj$5$l$F$$$^$9!#%8%g%V%m%0$,$$$C$Q$$$K$J$k$H!"(BSNMP $B%8%g%V$OITE,@Z$K(B
$BCfCG$7$F$7$^$$$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$FLdBj$N$"$k%3%s%T%e!<%?>e$N(B SNMP $B%8%g(B
$B%V$r%/%i%C%7%e$5$;!"@55,%f!<%6$X$N%5!<%S%95qH]$r>7$/2DG=@-$,$"$j$^$9!
#(B

61. Ipswitch Whatsup Gold Cross-Site Scripting Vulnerability
BugTraq ID: 14799
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14799
$BMWLs(B:
Ipswitch Whatsup Gold $B$K$O!"%U%!%$%k$,3+<($5$l$k5?$$$,$"$j$^$9!#$3$NLdBj(B
$B$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"@x:_E*$K=EMW$J>pJs$r4^$`%U%!%$%
k$r(B
$B3+<($9$k2DG=@-$,$"$j$^$9!#$3$NJ}K!$G<hF@$5$l$?>pJs$O!"$3$N%=%U%H%&%'%
"$*(B
$B$h$S%[%9%H%3%s%T%e!<%?$KBP$7$F99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$7$F;HM
Q$5(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

62. IBM OS/400 Multiple OSP-CERT Vulnerabilities
BugTraq ID: 14800
$B%j%b!<%H$+$i$N:F8=@-(B: $BITL@(B
$B8xI=F|(B: 2005-09-09
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/14800
$BMWLs(B:
IBM OS/400 osp-cert $B$O!"J#?t$NLdBj$N1F6A$r<u$1$^$9!#(B

$B:G=i$K3NG'$5$l$?LdBj$O!"%m!<%+%k$N(BCA$B>ZL@=q$K$*$1$kLdBj$G$9!#$3$
l$i$N>ZL@(B
$B=q$r:n@.$9$k:]$K!"(BX.509 $B$N4pK\E*$J@)8B$,DI2C$5$l$^$;$s!#%m!<%+%k$N(BCA$B>ZL@(B
$B=q$,M-8z$JG'>Z6I$H$7$FE,@Z$KG'<1$5$l$J$$$?$a!"$3$l$i$N>ZL@=q$NBEEv@-3
NG'(B
$B$rE,@Z$K<B9T$9$k$3$H$,IT2DG=$G$9!#$^$?!"$3$l$+$iGI@8$7$?>ZL@=q%A%'!<%
s$N(B
$BBEEv@-3NG'$bF1MM$G$9!#(B

$B<!$NLdBj$O!"?7$?$J>ZL@=q$,MxMQ2DG=$K$J$C$?$H$-$K!"$=$N>ZL@=q$NJVAw$,E
,@Z(B
$B$K9T$o$l$J$$$H$$$&LdBj$G$9!#$3$NLdBj$O!"A`:nCf$K>ZL@=q$,3JG<$5$l$F$$$
k%U%!(B
$B%$%k$NJQ99$,E,@Z$KG'<1$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$^$?!"(BASN.1 $B$N2r@O$K4XO"$9$kL$FCDj$NJ#?t$NLdBj$bB8:_$7$^$9!#$3$l$i$NLdBj(B
$B$K4XO"$9$k>\:Y>pJs$O!"8=;~E@$G$O8x3+$5$l$F$$$^$;$s!#(B

$B$3$l$i$NLdBj$rMxMQ$9$k967b<T$O!"0E9f2=%=%U%H%&%'%"$N%;%-%e%j%F%#%W%m%
Q%F%#(B
$B$r2~JQ!"2sHr!"$^$?$O2~$6$s$9$k2DG=@-$,$"$j$^$9!#6qBNE*$J1F6A$*$h$S<B9
T2D(B
$BG=$J967b%7%J%j%*$O!"8=;~E@$G$OITL@$G$9!#(B

III.SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Big debate over small packets
$BCx<T(B: Robert Lemos
ICMP $B$N7g4Y$,?<9o$J6<0R$H$J$j$&$k$N$+$H$$$&5DO@$,$R$H2F9T$o$l!"%"%k%<%s(B

$B%A%s$N$"$k8&5f<T$O%$%s%?!<%M%C%H$N5;=Q5,3J5!4X$KBP$7$FLdBj$r=$@5$9$k$
Y$-(B
$B$@$H$9$kH`$NDs0F$r<h$jF~$l$k$h$&$KF/$-$+$1$F$$$^$9!#(B

http://www.securityfocus.com/news/11306

2. Katrina's destruction attracts online fraudsters
$BCx<T(B: Robert Lemos
$BIT?3$J%A%c%j%F%#%5%$%H$+$i%O%j%1!<%s4XO"$NOCBj$rMxMQ$7$?0-0U$N$"$k%3!
<%I(B
$B$^$G!"%K%e!<%*%j%s%:$d%a%-%7%3OQ$r=1$C$?<+A3:R32$H%$%s%?!<%M%C%H>e$N0
-;v(B
$B$rAH$_9g$o$;$FMxMQ$9$k?M4V$,A}$($F$$$^$9!#(B

http://www.securityfocus.com/news/11302

3. Hidden-code flaw in Windows renews worries over stealthly malware
$BCx<T(B: Robert Lemos
$B$$$/$D$+$N%;%-%e%j%F%#%W%m%0%i%`$H%7%9%F%`%f!<%F%#%j%F%#$,%7%9%F%`$NJ
Q99(B
$B$r8!=P$9$kJ}K!$K7g4Y$,$"$k$?$a$K!"%9%Q%$%&%'%"$,HkL)N"$K<B9T$5$l$k$3$
H$r(B
$B5v$7$F$7$^$$!"967b%3!<%I$,5$IU$+$l$:$K<B9T$5$l$kLdBj$,?7$?$KH/@8$7$F$
$$^(B
$B$9!#(B

http://www.securityfocus.com/news/11300

4. Zotob suspects arrested in Turkey and Morocco
$BCx<T(B: Robert Lemos
$B99?7(B: $BEv6I$O!":G6a$N(B Zotob $B%o!<%`$NG[?.$K4XM?$7$?5?$$$G%H%k%3?M$NCK$H%b(B
$B%m%C%3?M$NCK$rBaJa$7$^$7$?!#(B

http://www.securityfocus.com/news/11297

5. Bot herder websites in internet take-down
$BCx<T(B: John Leyden
$B%\%C%H<}=82H$N(BWeb $B%5%$%H$G$O!"%;%-%e%j%F%#LdBj$rJz$($k(B Windows PC $B$N%>%s(B
$B%S%M%C%H%o!<%/$N4IM}%W%m%;%9$rJ,$+$j$d$9$/$7$FDs6!$9$k$3$H$KFC2=$7$F$
$$^(B
$B$9$,!"$3$N$h$&$J%5%$%H$,HsFq$rMa$S$F$$$^$9!#(B

http://www.securityfocus.com/news/11311

6. Users play fast and loose with corporate PCs
$BCx<T(B: John Leyden
$B%f!<%6$O!"2q<R$N(B IT $BItLg$,%&%$%k%9!"%o!<%`!"%9%Q%$%&%'%"!"%U%#%C%7%s%0:>(B
$B5=$J$I$N%;%-%e%j%F%#>e$N6<0R$+$i<+J,$?$A$r<i$C$F$/$l$k$H9M$($F$$$k$?$
a$K!"(B
$B;E;v>l$K$*$$$F$NJ}$,4m81$J%$%s%?!<%M%C%H>e$G$N9T0Y$r9T$C$F$7$^$$$^$9!
#(B

http://www.securityfocus.com/news/11312

7. Mozilla disables IDN to guard against Firefox flaw
$BCx<T(B: John Leyden
$B@x:_E*$K?<9o$J(B Firefox $B$N%;%-%e%j%F%#>e$NLdBj$,6bMKF|(B (9 $B7n(B 9 $BF|(B) $B8xI=$5(B
$B$l$??t;~4V8e$K!"(BMozilla $B$N3+H/<T$?$A$O$3$N%V%i%&%6%=%U%H%&%'%"$N2sHr:v$r(B
$BH/I=$9$k$?$a$KAGAa$/9TF0$K0\$7$^$7$?!#(B

http://www.securityfocus.com/news/11309

8. MS pulls upcoming Windows security patch
$BCx<T(B: John Leyden
Microsoft $B$O!"E12s$,CY$l$?M}M3$OIJ<A>e$NLdBj$G$"$k$H$7$F!"=EMW$J(B Windows
$B%;%-%e%j%F%#%Q%C%A$NH/I=$r2PMKF|$K$9$k$H7hDj$7$^$7$?!#(B

http://www.securityfocus.com/news/11310

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html
0?l *?H?÷
?]0?Y10 +0 *?H?÷
?
û0?0?k9ÊT?þP"2þ2ÙÛû?0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
180518235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
?÷Îv\«??Ü?o49]?>kr,áÇ¢{@)¹x?ºLÅ£j^?n{ãòAf¾û®¢Î?ó¢4?´²¶$òåÕàÈåbm?{Ë¾»?|WÊð7©¯?î¾(?Ù&v ÍÄNð®Õ¾¯WjÐ BBBô
Ì¥x??&8?G0?0?kLÇêª?>qÓ?ø=:???0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
280801235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
©OÃ
Çg¾,ËÙ¨Í-uç~?;rë~ë\- ?Ökm`|å®Å#\JÐ¯±]óÇ¶
Ûà?
Ý¼Çv?µÝOÃ?u¸ÀæÉ[k¥¸?Ü¬¤ÝríN¡÷O¼ÓêÈdt{Â?A?esXñ?<j±?ÉÄ?¼ÏEmEân"?þ¼1\
èòÙ0?¶0? %îs<û ?U??{?í¿0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
020404000000Z
070403235959Z0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0?0
*?H?÷
0?¼+þîO×ùútüoÃøÊ?(v'È4 Ëªr-Éö?~?hòKïÉÿo½?îÓ??ÿ¨þîhU°¼ð°óåNhfisµ:V÷^uæo;êâd'\`?ÝÛ+·¼¶ª¡$)¯t¦?¯GöÕK~,e3îÛ¥<
KCp?ÙÙÂ??Äø(£¤0¡0Uÿ0ÿ0FU ?0=0;`?H?øE0,0*+https://www.verisign.co.jp/rpa0U
ÿ0 `?H?øB0 U0¤010UC1C2-1-40
*?H?÷
\?Ïh??¿ÏÓ_n²N>?Qs?e¢w ~ü v1?ÿîv4YVÊæGèãTÓÈ?Î?«bMo]?¸¢±?_K??Çó[m³#ÕcÑU*¿þ·ÄUò´o:?¿ê§q^/=¯?
?òt)ÿÌõ
?¬ÕÕ?ô÷7ªÔ?pd{0?10?? d2?7Åw?É??¹?b?ñ0
*?H?÷
0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0
050331000000Z
060331235959Z0ü10U
VeriSign Japan K.K.10UISP Service CA1503U,Terms of use at www.verisign.co.jp/rpa (c)011806U/Service Name - 5BF88D474BD2A6D3E7E073163F0C4D1210UHitachijoho10UTsuneo Ogasawara1!0 *?H?÷
t.ogaswr (at) lac.co (dot) jp0 [email concealed]?0
*?H?÷
0?¿*E´\2ÅÍóDíÐÏÇ~?+Ü=Ù&-u4)~è§ÊÇ2ÉnAàÙWÍØoÓÐûÊfÚq³.?³¥Hë¼ÀÚ×?!0¯6iÚ??±?rÙDÏdA[?Ùî?´q\~ãè?ú¨
Ä»ù?oÊi1¶+_ãr?#??>¥þ?IÁeA£ä0á0 U00EU >0<0:
`?H?øE0,0*+https://www.verisign.co.jp/rpa0U 0
`?H?øB?0ZUS0Q0O M K?Ihttp://onsitecrl.verisign.co.jp/VeriSi
gnJapanKKISPServiceCA/LatestCRL.crl0
`?H?øE ÿ0
*?H?÷
TMÎ¤©ýäøpßËµ"òÎ©,ÍË¶Q??`puÏ?¥?F?ÿ¬ãÅz?¸íñ²Oð)ô2ð$³q?âüý |øu
ßx©?Ì0³Jçjñ^9?^ p('?öC¦^ã=?øîÍ?&´ª.àTaxz4ÓÄÇ«<v?òY³QúÄ1?90?50Þ0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CAd2?7Åw?É??¹?b?ñ0 + ±0 *?H?÷
1 *?H?÷
0 *?H?÷
1
051228073100Z0# *?H?÷
1ÁH?ÎPÛ?Ûnxét??:bN0R *?H?÷
1E0C0
*?H?÷
0*?H?÷
?0+0
*?H?÷
@0
*?H?÷
(0
*?H?÷
?O?EcôG³Z
7?¥
|Ý¾?×¾é_Tã?6!Ó?¿·L8°òüS¼?Cqñ¢?°?ÞÛ®Ï?%ë?}AÄxO?àÌÆ??¥il¨?KöÇ7haSj
`Þ»Óü£u¾<
?¥TÄ??Ý?¼|ÿ«?*-H?A?þ

[ reply ]