SecurityFocus

SecurityFocus Newsletter #321 2005-10-17->2005-10-21 Feb 03 2006 08:58AM
Tsuneo Ogasawara (t ogaswr lac co jp)

$B>.3^86(B@$B%i%C%/$G$9!#(B

SecurityFocus Newsletter $BBh(B 321 $B9f$NOBLu$r$*FO$1$7$^$9!#(B
$BLu$N$J$$9`L\$K$D$$$F$O!VF|K\8lLu$J$7!W$H$7$F6hJL$7$F$"$j$^$9!#(B

------------------------------------------------------------------------
---
BugTraq-JP $B$K4X$9$k(B FAQ ($BF|K\8l(B):
http://www.securityfocus.com/archive/79/description
$B!&(BSecurityFocus Newsletter $B$NOBLu$O(B BugTraq-JP $B$G0l<!G[I[$5$l$F$$$^$9(B
$B!&(BBugTraq-JP $B$X$N;22CJ}K!!"C&B`J}K!$O$3$N(B FAQ $B$r$4;2>H$/$@$5$$(B
------------------------------------------------------------------------
---
SecurityFocus Newsletter $B%"!<%+%$%V(B ($B1Q8l(B):
http://www.securityfocus.com/archive/78
BugTraq $B$K4X$9$k(B FAQ ($B1Q8l(B):
http://www.securityfocus.com/archive/1/description
------------------------------------------------------------------------
---
$B0zMQ$K4X$9$kHw9M(B:
$B!&$3$NOBLu$O(B SecurityFocus $B$N5v2D$r3t<02q<R%i%C%/$,F@$?>e$G9T$o$l$F$$$^$9!#(B
$B!&(BSecurityFocus Newsletter $B$NOBLu$r(B Netnews, Mailinglist, World Wide Web,
$B=q@R(B, $B$=$NB>$N5-O?G^BN$G0zMQ$5$l$k>l9g$K$O%a!<%k$NA4J80zMQ$r$*4j$$$7$^$9!#
(B
$B!&F|K\8lHG%K%e!<%9%l%?!<(B 1 $B9f$+$i(B 3 $B9f$^$G$K$O$3$NHw9M$,IU$$$F$$$^$;$s$,!"(B
$B=`MQ$9$k$b$N$H$7$^$9!#(B
$B!&$^$?!"(BSecurityFocus $BDs6!$N(B BugTraq-JP $B%"!<%+%$%V(B [*1] $B$X$N$$$+$J$k7A<0$N(B
$B%O%$%Q!<%j%s%/$b>e5-$K=`$8$F$/$@$5$$!#(B
1) http://online.securityfocus.com/archive/79
------------------------------------------------------------------------
---
$B$3$NOBLu$K4X$9$kHw9M(B:
$B!&$3$NOBLu$NE,MQ@.2L$K$D$$$F3t<02q<R%i%C%/$O@UG$$rIi$o$J$$$b$N$H$7$^
(B
$B$9!#(B
------------------------------------------------------------------------
---
$BLu<T$+$i$N$*CN$i$;(B:
$B!&$b$7!"(Btypo $B$d8mLu$,8+$D$+$C$?>l9g!"(BBugTraq-JP $B$X(B Errata $B$H$7$F=$@5(B
$BHG$r$4Ej9FD:$/$+!"4F=$<T(B (t.ogaswr (at) lac.co (dot) jp [email concealed]) $B$K$*CN$i$;$/$@$5$$!#(B
$B8e<T$N>l9g$K$O=$@5HG$r$G$-$k$@$1?WB.$KH/9T$7$^$9!#(B
------------------------------------------------------------------------
---
This translation is encoded and posted in ISO-2022-JP.

$B86HG(B:
Date: Wed, 26 Oct 2005 16:09:23 -0600
Message-ID: <435FFE93.501 (at) securityfocus (dot) com [email concealed]>

SecurityFocus Newsletter #321
-----------------------------

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
1. Collaborative endpoint security, part one
2. Evolution of Web-based worms
3. The click-wrap conundrum
II. BUGTRAQ SUMMARY
1. Sun Solaris Proc Filesystem Local Denial Of Service Vulnerability
2. Flexbackup Multiple Insecure Temporary File Creation Vulnerabilities
3. Lynx NNTP Article Header Buffer Overflow Vulnerability
4. Comersus BackOffice Plus Multiple Cross-Site Scripting Vulnerabilities
5. PHP Safedir Restriction Bypass Vulnerabilities
6. Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
7. OpenWBEM Multiple Unspecified Remote Buffer Overflow Vulnerabilities
8. Linux Kernel Console Keymap Local Command Injection Vulnerability
9. RARLAB WinRAR Command Line Processing Buffer Overflow Vulnerability
10. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
11. E107 Resetcore.PHP SQL Injection Vulnerability
12. IBM DB2 Universal Database Multiple Vulnerabilities
13. NetFlow Analyzer 4 Cross-Site Scripting Vulnerability
14. NetPBM PNMToPNG Buffer Overflow Vulnerability
15. Rockliffe MailSite Express Arbitrary File Upload Vulnerability
16. Microsoft Windows Unspecified Remote Code Execution Vulnerability
17. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
18. MySource Multiple Cross-Site Scripting Vulnerabilities
19. MySource Multiple Remote File Include Vulnerabilities
20. Oracle October Security Update Multiple Vulnerabilities
21. Xerver Multiple Input Validation Vulnerabilities
22. HP-UX LPD Arbitrary Command Execution Vulnerability
23. PHPNuke Modules.PHP Search Module Remote Directory Traversal Vulnerability
24. HP-UX FTP Server Directory Listing Vulnerability
25. Oracle Workflow Multiple Unspecified Cross-Site Scripting Vulnerabilities
26. Yiff-Server File Permission Bypass Weakness
27. Paros HSQLDB Remote Authentication Bypass Vulnerability
28. Symantec LiveUpdate for Macintosh Local Privilege Escalation Vulnerability
29. Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege Escalation Vulnerability
30. Cisco 11500 Content Services Switch Malformed SSL Client Certificate Denial of Service Vulnerability
31. Oracle Workflow Wf_monitor Cross-Site Scripting Vulnerability
32. Oracle Application Server 10g emagent.exe Stack Overflow Vulnerability
33. Oracle Workflow Wf_route Cross-Site Scripting Vulnerability
34. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13
35. Chipmunk Multiple Cross-Site Scripting Vulnerabilities
36. PHP-Nuke Modules.PHP NukeFixes Addon Remote Directory Traversal Vulnerability
37. Debian Module-Assistant Insecure Temporary File Creation Vulnerability
38. Splatt Forums Remote Authentication Bypass Vulnerability
39. BMV PostScript File Handling Integer Overflow Vulnerability
40. Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
41. Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
42. Squid FTP Server Response Denial Of Service Vulnerability
43. Ethereal Service Location Protocol Dissection Stack Buffer Overflow Vulnerability
44. SCO UnixWare PPP Prompt Local Buffer Overflow Vulnerability
45. SCO OpenServer Backupsh Local Buffer Overflow Vulnerability
46. ZipGenius Multiple Archive Formats File Name Buffer Overflow Vulnerabilities
47. AL-Caricatier SS.PHP Authentication Bypass Vulnerability
48. Oracle Application Server HTTP Response Splitting Vulnerability
49. TikiWiki Unspecified Cross-Site Scripting Vulnerability
50. SUSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
51. Nuked Klan Multiple HTML Injection Vulnerabilities
52. BMC Control M Agent Insecure File Permission Vulnerability
53. Zomplog Detail.PHP HTML Injection Vulnerability
54. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
55. phpBB Avatar Upload HTML Injection Vulnerability
56. eBASEweb Unspecified SQL Injection Vulnerability
57. FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
III. SECURITYFOCUS NEWS
1. Web defacer sentenced, facing deportation
2. Snort vulnerability "wormable" but not widespread
3. Worm worries don't wait for Windows exploits
4. Arrests unlikely to impact bot net threat, say experts
5. Say hello to the Skype Trojan
6. Shared music abuse bug hits iTunes
7. US cybersecurity all at sea
8. Worm fears over MS October patch batch

I. FRONT AND CENTER ($BF|K\8lLu$J$7(B)
----------------------------

II. BUGTRAQ SUMMARY
--------------------
1. Sun Solaris Proc Filesystem Local Denial Of Service Vulnerability
BugTraq ID: 15115
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-16
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15115
$BMWLs(B:
Sun Solaris $B$K$O!"%m!<%+%k$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"(B
$B$j$^$9!#(B

$B%m!<%+%k$NK\Mh8"8B$r;}$?$J$$%f!<%6$O!"(B'/proc' $B%U%!%$%k%7%9%F%`$G%7%9%F%`(B
$B%Q%K%C%/$r0z$-5/$3$7$F%5!<%S%95qH]$r>7$/$3$H$,$G$-$^$9!#(B

2. Flexbackup Multiple Insecure Temporary File Creation Vulnerabilities
BugTraq ID: 15116
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15116
$BMWLs(B:
Flexbackup $B$G$O!"$$$/$D$+$N0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$o(B
$B$l$^$;$s!#(B

$B$3$N967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$k>l9g!"%G!<%?$,GK2u$?$j%5!<%
S%9(B
$BITG=>uBV$K4Y$C$?$j$9$k2DG=@-$,9b$$$H9M$($i$l$^$9!#$=$NB>$N967b$,<B9T$
5$l(B
$B$k2DG=@-$b$"$j$^$9!#(B

Flexbackup 1.2.1 $B0JA0$N%P!<%8%g%s$K$*$$$F!"LdBj$N1F6A$r<u$1$^$9!#(B

3. Lynx NNTP Article Header Buffer Overflow Vulnerability
BugTraq ID: 15117
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15117
$BMWLs(B:
Lynx $B$K$O!"(BNNTP $B%"!<%F%#%/%k%X%C%@$r=hM}$9$k$H$-$K%P%C%U%!%*!<%P!<%U%m!<(B
$B$,H/@8$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(B'news: ' URI $B$d(B 'nntp: ' URI $B$J$I!"(BNNTP $B%3%s%F%s%D$,=hM}$5$l(B
$B$k$H$-$K0z$-5/$3$5$l$^$9!#$3$NLdBj$NMxMQ$,@.8y$9$k$H!"%W%m%0%i%`$N%f!
<%6(B
$B$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%3!<%I$,<B9T$5$l$F$7$^$$$^$9!#(B

4. Comersus BackOffice Plus Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15118
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15118
$BMWLs(B:
BackOffice Plus $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$,(B
$BB8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%
?%$(B
$B%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

5. PHP Safedir Restriction Bypass Vulnerabilities
BugTraq ID: 15119
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15119
$BMWLs(B:
PHP $B$K$O!"967b<T$K(B 'safedir' $B$H$7$F@_Dj$7$?%G%#%l%/%H%j@)8B$r2sHr$9$k$3(B
$B$H$r5v$7$F$7$^$&J#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-(B
$B%9%HFb$GLdBj$N$"$k%7%9%F%`>e$KB8:_$9$kG$0U$N%3!<%I$r<B9T$7$?$j!"G$0U$
N%U%!(B
$B%$%k$NFbMF$r<hF@$7$?$j$G$-$k2DG=@-$,$"$j$^$9!#(B

$B<hF@$5$l$?>pJs$O!"LdBj$N$^$k%7%9%F%`$KBP$9$k99$J$k967b$N<j=u$1$H$J$k2
DG=(B
$B@-$,$"$j$^$9!#$=$NB>$N967b$,<B9T$5$l$k2DG=@-$b$"$j$^$9!#(B

$B$3$l$i$NLdBj$O!":G?7%P!<%8%g%s$N(B CVS $B$G$O=$@5$5$l$F$$$^$9!#(B

6. Gentoo Linux Multiple Packages Insecure RUNPATH Vulnerability
BugTraq ID: 15120
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15120
$BMWLs(B:
Gentoo Linux $B$NJ#?t$N%Q%C%1!<%8$K$O!"%;%-%e%j%F%#>eITE,@Z$J(BRUNPATH $B$NLd(B
$BBj$N1F6A$,$"$j$^$9!#$3$NLdBj$O%S%k%I%7%9%F%`$NITHw$KM3Mh$7!"$3$N$?$a$
K%;(B
$B%-%e%j%F%#>eITE,@Z$J(B RUNPATH $B$,FCDj$N%P%$%J%j$K4^$^$l$F$7$^$$$^$9!#(B

$B$3$NLdBj$O!"LdBj$N$"$k<B9T2DG=%U%!%$%k$r<B9T$9$k%f!<%6$N%;%-%e%j%F%#%
3%s(B
$B%F%-%9%HFb$GG$0U$N%3!<%I$,<B9T$5$l$k7k2L$r>7$/2DG=@-$,$"$j$^$9!#$3$l$
K$h(B
$B$j!"8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$rMxMQ$G$-$k$N$O!"(B 'portage' $B%0%k!<%W$N%a%s%P$H$J$C$F$$$k%f!<%6(B
$B$N$_$G$9!#(B

7. OpenWBEM Multiple Unspecified Remote Buffer Overflow Vulnerabilities
BugTraq ID: 15121
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15121
$BMWLs(B:
OpenWBEM $B$K$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$K4XO"$9$kJ#(B
$B?t$NL$FCDj$NLdBj$,B8:_$9$k2DG=@-$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;
XDj(B
$B$7$?%G!<%?$r%5%$%:$,E,@Z$K;XDj$5$l$F$$$J$$%a%b%j%P%C%U%!$K%3%T!<$9$kA
0$K!"(B
$B6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$l$i$NLdBj$O!"@0?t%*!<%P!<%U%m!<$*$h$S%P%C%U%!%*!<%P!<%U%m!<$K4XO"$
9$k(B
$BJ#?t$NLdBj$H$7$F3NG'$5$l$F$$$^$9!#99$J$k>\:Y$O!"8=;~E@$G$O8xI=$5$l$F$
$$^(B
$B$;$s!#>\:Y>pJs$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

$B$3$l$i$NLdBj$O!"%j%b!<%H$N967b<T$,4IM}<T8"8B$GG$0U$N%^%7%s%3!<%I$r<B9
T$7!"(B
$B%7%9%F%`$r40A4$KGK2u$9$k$3$H$r5v$7$F$7$^$$$^$9!#(B

8. Linux Kernel Console Keymap Local Command Injection Vulnerability
BugTraq ID: 15122
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15122
$BMWLs(B:
Linux Kernel $B$G$O!"%m!<%+%k$+$i$N967b$K$h$j%3%s%=!<%k%-!<%^%C%W$,JQ99$5(B
$B$l!"$=$N7k2L%3%^%s%I$,A^F~$5$l$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"K\Mh8"8
B$r(B
$B;}$?$J$$%f!<%6$,%7%9%F%`A4BN$N%3%s%=!<%k%-!<%^%C%W$rJQ99$G$-$k$3$H$KM
3Mh(B
$B$7$^$9!#(B

$B%m!<%+%k%f!<%6$O%3%s%=!<%k%-!<%^%C%W$rJQ99$7$F%^%/%m%3%^%s%I$r%9%/%j%
W%H(B
$B$K4^$a$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"967b<T$,8e$+$i%3%s%=!<%k$r;HMQ$
9$k(B
$B%f!<%6$N8"8B$GG$0U$N%3%^%s%I$r<B9T$9$k$3$H$r5v$7$F$7$^$$$^$9!#$3$l$K$
h$C(B
$B$F8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

9. RARLAB WinRAR Command Line Processing Buffer Overflow Vulnerability
BugTraq ID: 15123
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15123
$BMWLs(B:
RARLAB WinRAR $B$N%3%^%s%I%i%$%s=hM}$G$O!"%j%b!<%H$+$i$N967b$K$h$j%/%i%$%"(B
$B%s%HB&$G%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$kLdBj$,Js9p$5$l$F$$$^$9!#$3$NL
dBj(B
$B$O!"%f!<%6$,;XDj$7$?J8;zNs$r8GDjD9$N%W%m%;%9%P%C%U%!$K%3%T!<$9$kA0$K!
"J8(B
$B;zNsD9$NBEEv@-3NG'$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%
6$N(B
$B8"8B$GG$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%
9$d(B
$B8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

10. Opera Web Browser Multiple Malformed HTML Parsing Denial Of Service Vulnerabilities
BugTraq ID: 15124
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15124
$BMWLs(B:
Opera Web $B%V%i%&%6$K$O!"7k2LE*$K%V%i%&%6$r%/%i%C%7%e$5$;$k2DG=@-$N$"$kJ#(B
$B?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"0U?^E*$K:n@.$5$l$?F
CDj(B
$B$N(B HTML $B%3%s%F%s%D$,2r@O$5$l$k$H$-$K0z$-5/$3$5$l$^$9!#$3$N7k2L0z$-5/$3$5(B
$B$l$k$N$O%5!<%S%9ITG=>uBV$N$_$G$"$j!"LdBj$,99$KMxMQ$5$l$FG$0U$N%3!<%I$
,<B(B
$B9T$5$l$k$3$H$O$J$$$H?d;!$5$l$^$9$,!"$3$l$K$D$$$F$OL$8!>Z$G$9!#(B

11. E107 Resetcore.PHP SQL Injection Vulnerability
BugTraq ID: 15125
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15125
$BMWLs(B:
e107 $B$K$O!"(BSQL $B9=J8$rCmF~$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj(B
$B$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$K4IM}<T8"8B$G%
"%/(B
$B%;%9$G$-$^$9!#$3$NLdBj$K$h$j!"(BWeb $B%5!<%P%W%m%;%9$N%;%-%e%j%F%#%3%s%F%-%9(B
$B%HFb$G%7%9%F%`$KBP$9$k6<0R$,>7$+$l$k2DG=@-$,$"$j$^$9!#(B

12. IBM DB2 Universal Database Multiple Vulnerabilities
BugTraq ID: 15126
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15126
$BMWLs(B:
IBM DB2 Universal Database $B$K$O!"J#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"%5!<%S%9ITG=>uBV$r0z$-5/$3$9$J$I$NIT@
5$J(B
$B9T0Y$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

DB2 8 FixPak 10 (8.2 FixPak 3) $B$h$jA0$N%P!<%8%g%s$K$*$$$F!"$3$l$i$NLdBj(B
$B$N1F6A$r<u$1$^$9!#(B

13. NetFlow Analyzer 4 Cross-Site Scripting Vulnerability
BugTraq ID: 15127
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15127
$BMWLs(B:
NetFlow Analyzer 4 $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,(B
$B$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$"$
k%5(B
$B%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG
=@-(B
$B$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

14. NetPBM PNMToPNG Buffer Overflow Vulnerability
BugTraq ID: 15128
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15128
$BMWLs(B:
pnmtopng $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k2DG=@-$,$"$j$^$9!#$3$NLd(B
$BBj$O!"%f!<%6$,;XDj$7$?F~NO%G!<%?$r%5%$%:$,IT==J,$J%a%b%j%P%C%U%!$K%3%
T!<(B
$B$9$kA0$K!"6-3&%A%'%C%/$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#$3$NLdBj$
O!"(B
'-trans' $B%3%^%s%I%i%$%s%*%W%7%g%s$,;HMQ$5$l$k$H$-$K$N$_0z$-5/$3$5$l$k$3(B
$B$H$,Js9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$O967b<T$,0-0U$"$k(B PNM $B%U%!%$%k$r:n@.$9$k$3$H$r5v$7$F$7$^$$!"$3(B
$B$N%U%!%$%k$,2r@O$5$l$k$H$-$KG$0U$N%^%7%s%3!<%I$,<B9T$5$l$^$9!#$3$l$OL
dBj(B
$B$N$"$k%f!<%F%#%j%F%#$r<B9T$9$k%f!<%6$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G0z$
-5/(B
$B$3$5$l$^$9!#(B

NetPBM 10.0 $B$K$*$$$F!"$3$NLdBj$,Js9p$5$l$^$7$?!#$=$NB>$N%P!<%8%g%s$b1F6A(B
$B$r<u$1$k2DG=@-$,$"$j$^$9!#(B

15. Rockliffe MailSite Express Arbitrary File Upload Vulnerability
BugTraq ID: 15129
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15129
$BMWLs(B:
MailSite Express $B$K$O!"G$0U$N%U%!%$%k$,%"%C%W%m!<%I$5$l$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U(B
$B$N%3!<%I$r%"%C%W%m!<%I$7$F<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$jIT@5%"%
/%;(B
$B%9$,9T$o$l$?$j8"8B>:3J$,0z$-5/$3$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$=$NB>$
N96(B
$B7b$,2C$($i$l$k2DG=@-$b$"$j$^$9!#(B

16. Microsoft Windows Unspecified Remote Code Execution Vulnerability
BugTraq ID: 15130
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-17
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15130
$BMWLs(B:
Microsoft Windows $B$K$O!"%j%b!<%H$+$i%3!<%I$r<B9T2DG=$JL$FCDj$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O(B Windows Media Player $B$H(B Internet Explorer $B$,1F6A$r<u$1$k$3$H(B
$B$,Js9p$5$l$F$*$j!"%j%b!<%H$N967b<T$,G$0U$N%3!<%I$r<B9T$9$k$3$H$r5v$7$
F$7(B
$B$^$$$^$9!#$3$l$K$h$j!"967b<T$OLdBj$N$"$k%/%i%$%"%s%H$r<B9T$9$k%f!<%6$
N%;(B
$B%-%e%j%F%#%3%s%F%-%9%HFb$GIT@5%"%/%;%9$r9T$&2DG=@-$,$"$j$^$9!#(B

$B>\:Y$,ITL@$J$?$a!"99$J$k>pJs$O8=;~E@$G$OJs9p$5$l$F$$$^$;$s!#>\:Y$,8x3
+$5(B
$B$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

17. Snort Back Orifice Preprocessor Remote Stack Buffer Overflow Vulnerability
BugTraq ID: 15131
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15131
$BMWLs(B:
Snort $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k2DG=(B

$B@-$,$"$j$^$9!#$3$NLdBj$O!"%M%C%H%o!<%/>e$N%G!<%?$,=EMW$J%W%m%;%9%P%C%
U%!(B
$B$K%;%-%e%j%F%#>eE,@Z$K%3%T!<$5$l$J$$$3$H$KM3Mh$7$^$9!#$3$NLdBj$O!"(B
Back
Orifice $B%W%j%W%m%;%C%5$KB8:_$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%
6$N(B
$B8"8B$GG$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%
9$d(B
$B8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$NFC@-$K$h$j!"G$0U$NAw?.@h%"%I%l%9$*$h$S%]!<%H$KBP$7$F56Au$5$
l$?(B
$BAw?.85%"%I%l%9$r4^$`C10l$N(B UDP $B%Q%1%C%H$rAw?.$9$k$3$H$K$h$j!"MxMQ$5$l$k(B
$B2DG=@-$,$"$j$^$9!#$3$N%"%W%j%1!<%7%g%s$G%Q%1%C%H$N%9%K%U%!$,9T$o$l$F$
$$k(B
$B4V$K!"$3$NLdBj$,MxMQ$5$l$k2DG=@-$,$"$j$^$9!#$3$l$i$NE@$O!"967b<T$,$h$
jB?(B
$B$/$N%3%s%T%e!<%?$KBP$9$k6<0R$r>7$/$?$a$K%U%!%$%"%&%)!<%k$r2sHr$9$k<j=
u$1(B
$B$H$7$FMxMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

$B%*%Z%l!<%F%#%s%0%7%9%F%`$d%3%s%Q%$%i%P!<%8%g%s$N0c$$$K$h$j!"$3$NLdBj$
r3N(B
$B<B$K<B9T$9$k$3$H$O:$Fq$G$"$k$3$H$,Js9p$5$l$F$$$^$9!#LdBj$NMxMQ$r;n$_$
F<:(B
$BGT$7$?>l9g$O%"%W%j%1!<%7%g%s$,%/%i%C%7%e$7!"$3$N$?$a$KB>$N967b$,8!CN$
5$l(B
$B$J$/$J$k2DG=@-$,$"$j$^$9!#(B

Snort 2.4.0 $B$+$i(B 2.4.2 $B$^$G$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^(B
$B$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9$,!"$3$l$K$D$$$F$
O8!(B
$B>Z$5$l$F$$$^$;$s!#(B

18. MySource Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15132
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15132
$BMWLs(B:
MySource $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NLdBj$,B8:_$9(B
$B$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=
hM}(B
$B$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$i$NLdBj$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`(B
$B<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

19. MySource Multiple Remote File Include Vulnerabilities
BugTraq ID: 15133
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15133
$BMWLs(B:
MySource $B$K$O!"%j%b!<%H$*$h$S%m!<%+%k$+$i%U%!%$%k$r%$%s%/%k!<%I2DG=$JJ#(B
$B?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~N
OCM(B
$B$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N8"8B$GLdBj$N$"$k%3%s(B
$B%T%e!<%?>e$GG$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$j$
^$9!#(B
$B$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

20. Oracle October Security Update Multiple Vulnerabilities
BugTraq ID: 15134
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-18
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15134
$BMWLs(B:
Oracle Database Server$B!"(BOracle Enterprise Manager$B!"(BOracle Application
Server$B!"(BOracle Collaboration Suite$B!"(BOracle E-Business $B%9%$!<%H$*$h$S$=$N(B
$B%"%W%j%1!<%7%g%s!"(BOracle PeopleSoft Enterprise$B!"$*$h$S(B JD Edwards
EnterpriseOne $B$O!"J#?t$NLdBj$N1F6A$r<u$1$^$9!#(B

$B%Y%s%@$,8!=P$7$?LdBj$O!"(BOracle $B@=IJ$N$9$Y$F$N%;%-%e%j%F%#4XO"%W%m%Q%F%#(B
$B$K1F6A$7!"%m!<%+%k$*$h$S%j%b!<%H$+$iMxMQ2DG=$J6<0R$r>7$-$^$9!#(B

Oracle $B$O$3$l$iLdBj$r2r7h$9$k$?$a!"(BCritical Patch Update $B%"%I%P%$%6%j$r(B
2005 $BG/(B 10 $B7n$K%j%j!<%9$7$F$$$^$9!#$3$N(B Critical Patch Update $B$K$h$j!"%5(B
$B%]!<%H$5$l$k%j%j!<%9$K$D$$$FLdBj$,2r7h$5$l$^$9!#%5%]!<%H$5$l$J$$A0$N%
j%j!<(B
$B%9$b!"$3$NLdBj$N1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$K$D$$$F$N6qBNE*$J>\:Y$O!"8=;~E@$G$O8x3+$5$l$F$$$^$;$s!#
(B

$B>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l!"LdBj$4$H$K8DJL$N(B BID $B$KJ,3d$5$l(B
$B$kM=Dj$G$9!#(B

21. Xerver Multiple Input Validation Vulnerabilities
BugTraq ID: 15135
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15135
$BMWLs(B:
Xerver $B$K$O!"F~NOCM$NBEEv@-3NG'$K4XO"$9$kJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j(B
$B$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<
B9T(B
$B$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$OG$0U$NLdBj$rMxMQ$7$F!"(BWeb $B%"%/%;%9$,2DG=$JG$0U$N%9%/%j%W%H$N%3%s(B
$B%F%s%D$r3+<($G$-$^$9!#$3$l$K$h$j<hF@$5$l$?>pJs$O!"99$J$k967b$r;n$_$k$
?$a(B
$B$N<j=u$1$H$J$k2DG=@-$,$"$j$^$9!#(B

$B967b<T$O(B Web $B%"%/%;%9$,2DG=$JG$0U$N%U%)%k%@$N%G%#%l%/%H%j0lMw$r<hF@$G$-(B
$B$^$9!#$3$l$K$h$j<hF@$5$l$?>pJs$O!"99$J$k967b$r;n$_$k$?$a$N<j=u$1$H$J$
k2D(B
$BG=@-$,$"$j$^$9!#(B

$B967b<T$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r2C$($k$3$H$,$G$-$^$9!#967b<
T$O(B
$B$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$"$k%5%$%H$
N%;(B
$B%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$
j$^(B
$B$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z$-5/$3$5(B
$B$l$k2DG=@-$,$"$j$^$9!#(B

22. HP-UX LPD Arbitrary Command Execution Vulnerability
BugTraq ID: 15136
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15136
$BMWLs(B:
HP-UX lpd $B$O%j%b!<%H$+$iG$0U$N%3%^%s%I$r<B9T2DG=$JLdBj$N1F6A$r<u$1$^$9!#(B

$B967b$,@.8y$9$k$H!"%3%s%T%e!<%?$N5!G=$,40A4$KB;$J$o$l$k2DG=@-$,$"$j$^$
9!#(B

HP security bulletin HPSBUX0208-213 $B$G!"(BHP $B$,$3$NLdBj$r8xI=$7$J$$$^$^2r(B
$B7h$7$F$$$?$3$H$,Js9p$5$l$F$$$^$9!#(B

23. PHPNuke Modules.PHP Search Module Remote Directory Traversal Vulnerability
BugTraq ID: 15137
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15137
$BMWLs(B:
PHPNuke Search Module $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9
T$5(B
$B$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O!"G'>Z$r<u$1$?%f!<%6$d8"8B$N$"$k%f!<%6$N$_$,K\Mh%"%
/%;(B
$B%92DG=$J%U%!%$%k$r1\Mw$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j<hF@$5$l$?>pJs$
O!"(B
$B99$J$k967b$r<B9T$9$k>e$G;HMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

24. HP-UX FTP Server Directory Listing Vulnerability
BugTraq ID: 15138
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15138
$BMWLs(B:
HP-UX $B$KF1:-$5$l$F$$$k(B FTP $B%5!<%P$K$O!"G'>Z$5$l$J$$967b<T$,%G%#%l%/%H%j(B
$B$N0lMw$r<hF@$G$-$k5?$$$,$"$j$^$9!#(B

$B$3$N967b$r<B9T$9$k>e$G!"G'>ZMQ>pJs$OI,MW$H$5$l$^$;$s!#967b$,@.8y$9$k$
H=E(B
$BMW$J>pJs$,3+<($5$l!"B>$NLdBj$rMxMQ$9$k$?$a$N<j=u$1$H$J$k2DG=@-$,$"$j$
^$9!#(B

HP $B$O$3$NLdBj$r8xI=$;$:$K=$@5$7$?$3$H$,Js9p$5$l$F$$$^$9!#(B

25. Oracle Workflow Multiple Unspecified Cross-Site Scripting Vulnerabilities
BugTraq ID: 15139
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15139
$BMWLs(B:
Oracle Workflow $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kJ#?t$NL$FCDj(B
$B$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOC
M$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N(B
$B967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

Oracle October Critical Patch Update $B$G$3$l$i$NLdBj$,=$@5$5$l$?$3$H$,Js(B
$B9p$5$l$F$$$^$9(B (BID 15134 $B$r;2>H(B)$B!#$?$@$7!"Ev3:%"%C%W%G!<%H$N%G!<%?%Y!<(B
$B%9%^%H%j%C%/%9$K$O$3$l$i$NLdBj$,%j%9%H$5$l$F$$$^$;$s!#(B

$B>\:Y>pJs$NJs9p$KH<$$!"$3$N(B BID $B$O(B BID 15145 (Oracle Workflow Wf_monitor
Cross-Site Scripting Vulnerability) $B$H(B BID 15147 (Oracle Workflow
Wf_route Cross-Site Scripting Vulnerability) $B$KJ,3d$5$l$^$7$?!#$3$N(B BID
$B$OGK4~$5$l$k$3$H$K$J$j$^$9!#(B

26. Yiff-Server File Permission Bypass Weakness
BugTraq ID: 15140
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15140
$BMWLs(B:
Yiff-Server $B$K$O%U%!%$%k%Q!<%_%C%7%g%s$,2sHr$5$l$kLdBj$,B8:_$9$k5?$$$,$"(B
$B$j$^$9!#$3$NLdBj$O@_7W>e$NITHw$KM3Mh$7!"%m!<%+%k%f!<%6$,B>$N%f!<%6$N%
U%!(B
$B%$%k$KBP$7$F%U%!%$%k$N%Q!<%_%C%7%g%s$K4X78$J$/%"%/%;%9$9$k$3$H$,2DG=$
G$9!#(B

$B%P!<%8%g%s(B 2.14.5 $B$K$*$$$F!"$3$NLdBj$,3NG'$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g(B
$B%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

27. Paros HSQLDB Remote Authentication Bypass Vulnerability
BugTraq ID: 15141
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15141
$BMWLs(B:
Paros $B$K$O!"%j%b!<%H$+$iG'>Z$,2sHr$5$l$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$K$h$j=EMW$J>pJs$,3+<($5$l!"I8E*%^%7%s>e$G%3%^%s%I$,<B9T$5$l$
k2D(B
$BG=@-$,$"$j$^$9!#(B

Paros 3.2.5 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#$3$l$h$jA0$N%P!<%8%g%s$b(B
$B1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

28. Symantec LiveUpdate for Macintosh Local Privilege Escalation Vulnerability
BugTraq ID: 15142
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15142
$BMWLs(B:
Symantec LiveUpdate for Macintosh $B$O!"%m!<%+%k$G8"8B>:3J2DG=$NLdBj$N1F6A(B
$B$r<u$1$^$9!#(B

$B967b$,@.8y$9$k$H!"967b<T$,LdBj$N$"$k%3%s%T%e!<%?$r40A4$K@)8f$9$k$3$H$
,5v(B
$B$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

29. Symantec Norton Antivirus For Macintosh DiskMountNotify Local Privilege Escalation Vulnerability
BugTraq ID: 15143
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15143
$BMWLs(B:
Symantec Norton Antivirus for Macintosh $B$K$O!"%m!<%+%k$G8"8B>:3J$,0z$-5/(B
$B$3$5$l$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"(Bsetuid root $B%S%C%H$,IU2C$5$l$?%P%$(B
$B%J%j$N(B PATH $B4D6-JQ?t$,E,@Z$K;HMQ$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$O!"%m!<%+%k$N967b<T$,4IM}<T%"%/%;%9$r<B9T$7!"LdBj$N$"$k%3%s%
T%e!<(B
$B%?$N5!G=$r40A4$KB;$M$k$3$H$r5v$7$F$7$^$$$^$9!#(B

30. Cisco 11500 Content Services Switch Malformed SSL Client Certificate Denial of Service Vulnerability
BugTraq ID: 15144
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15144
$BMWLs(B:
Cisco 11500 Content Services Switch $B$K$O!"0U?^E*$K:n@.$5$l$?(B SSL $B%/%i%$(B
$B%"%s%H>ZL@=q$,=hM}$5$l$k$H$-$K%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#
(B

WebNS $B%*%Z%l!<%F%#%s%0%7%9%F%`$N(B 7.1 $B$+$i(B 7.5 $B$^$G$N%P!<%8%g%s$r<B9T$9$k(B
Cisco 11500 Content Services Switch $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

31. Oracle Workflow Wf_monitor Cross-Site Scripting Vulnerability
BugTraq ID: 15145
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15145
$BMWLs(B:
Oracle Workflow $B$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^(B
$B$9!#(B

$B$3$NLdBj$K$h$j(B 'wf_monitor' $B%9%/%j%W%H$,1F6A$r<u$1$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$K$*$$$F!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$
9$k(B
$B2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N96(B
$B7b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BBID 15134 (Oracle October Security Update Multiple
Vulnerabilities) $B$GJs9p$5$l$F$$$k$h$&$K!"(BOracle Critical Patch Update -
October 2005 $B$G2r7h$5$l$^$7$?!#$3$NLdBj$O(B BID 15139 (Oracle Workflow
Multiple Unspecified Cross-Site Scripting Vulnerabilities) $B$G$bJs9p$5$l(B
$B$^$7$?!#99$J$k>pJs$,8x3+$5$l$?$N$KH<$$!"?75,$K(B BID $B$,3d$jEv$F$i$l$^$7$?!#(B

32. Oracle Application Server 10g emagent.exe Stack Overflow Vulnerability
BugTraq ID: 15146
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15146
$BMWLs(B:
Oracle Application Server 10g $B$K$O!"%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?$$(B
$B$,$"$j$^$9!#LdBj$NMxMQ$,@.8y$9$k$H!"(BSYSTEM $B8"8B$GG$0U$N%3!<%I<B9T$,5v$5(B
$B$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!#Ev=i(B BID 15134 (Oracle October Security Update Multiple
Vulnerabilities) $B$GJs9p$5$l$^$7$?!#99$J$k>\:Y$,8x3+$5$l$?$N$KH<$$!"?75,(B
$B$K(B BID $B$,3d$jEv$F$i$l$^$7$?!#(B

33. Oracle Workflow Wf_route Cross-Site Scripting Vulnerability
BugTraq ID: 15147
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15147
$BMWLs(B:
Oracle Workflow $B$K$O%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$r<u$1$k5?$$$,$"$j$^(B
$B$9!#(B

$B$3$NLdBj$K$h$j(B 'wf_route' $B%9%/%j%W%H$,1F6A$r<u$1$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$K$*$$$F!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$
9$k(B
$B2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N96(B
$B7b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BBID 15134 (Oracle October Security Update Multiple
Vulnerabilities) $B$GJs9p$5$l$F$$$k$h$&$K!"(BOracle Critical Patch Update -
October 2005 $B$G2r7h$5$l$^$7$?!#$3$NLdBj$O(B BID 15139 (Oracle Workflow
Multiple Unspecified Cross-Site Scripting Vulnerabilities) $B$G$bJs9p$5$l(B
$B$^$7$?!#99$J$k>pJs$,8x3+$5$l$?$N$KH<$$!"?75,$K(B BID $B$,3d$jEv$F$i$l$^$7$?!#(B

34. Ethereal Multiple Protocol Dissector Vulnerabilities In Versions Prior To 0.10.13
BugTraq ID: 15148
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-19
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15148
$BMWLs(B:
Ethereal $B$G$O$$$/$D$+$NLdBj$,%Y%s%@$K$h$C$F8xI=$5$l$F$$$^$9!#Js9p$5$l$F(B
$B$$$kLdBj$O!"$5$^$6$^$J%W%m%H%3%k2r@OIt$KB8:_$7$^$9!#(B

$B0J2<$NLdBj$,Js9p$5$l$F$$$^$9!#(B
- $B%P%C%U%!%*!<%P!<%U%m!<$NLdBj(B
- NULL $B%]%$%s%?$K$h$k;2>HFI$_=P$7$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj(B
- $BL58B%k!<%W$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj(B
- $B%a%b%j$r;H$$?T$/$7%5!<%S%9ITG=>uBV$K4Y$kLdBj(B
- $B%<%m$K$h$k=|;;$N$?$a%5!<%S%9ITG=>uBV$K4Y$kLdBj(B
- $BL58z$J%]%$%s%?(B free() $B$N;n9T$K$h$j%5!<%S%9ITG=>uBV$K4Y$kLdBj(B
- $B%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj(B

$B$3$l$i$NLdBj$O!"%j%b!<%H$N967b<T$,LdBj$N$"$k%"%W%j%1!<%7%g%s$N%;%-%e%
j%F%#(B
$B%3%s%F%-%9%HFb$GG$0U$N%^%7%s%3!<%I$r<B9T$9$k$3$H$r5v$7$F$7$^$&2DG=@-$
,$"(B
$B$j$^$9!#$^$?!"967b<T$OLdBj$N$"$k%"%W%j%1!<%7%g%s$r%/%i%C%7%e$5$;$k2DG
=@-(B
$B$,$"$j$^$9!#(B

Ethereal 0.7.7 $B$+$i(B 0.10.12 $B$^$G$N%P!<%8%g%s$,!"$=$l$>$l0[$J$kLdBj$N1F6A(B
$B$r<u$1$^$9!#(B

35. Chipmunk Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 15149
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15149
$BMWLs(B:
Chipmunk $B@=IJ$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0967b$K4XO"$9$kJ#?t$NLdBj(B
$B$,B8:_$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%
K%?(B
$B%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdB
j$N(B
$B$"$k%5%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G!"G$0U$N%9%/%j%W%H%3!<%I$r<B9
T$9(B
$B$k2DG=@-$,$"$j$^$9!#$3$l$i$NLdBj$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`(B
$B<h$J$I$N967b$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

36. PHP-Nuke Modules.PHP NukeFixes Addon Remote Directory Traversal Vulnerability
BugTraq ID: 15150
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15150
$BMWLs(B:
PHP-Nuke NukeFixes Addon $B$K$O!"%G%#%l%/%H%j%H%i%P!<%5%k967b$r<u$1$k5?$$(B
$B$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$
K<B(B
$B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O!"G'>Z$r<u$1$?%f!<%6$d8"8B$N$"$k%f!<%6$N$_$,K\Mh%"%
/%;(B
$B%92DG=$J%U%!%$%k$r1\Mw$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j<hF@$5$l$?>pJs$
O!"(B
$B99$J$k967b$r<B9T$9$k>e$G;HMQ$5$l$k2DG=@-$,$"$j$^$9!#(B

37. Debian Module-Assistant Insecure Temporary File Creation Vulnerability
BugTraq ID: 15151
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15151
$BMWLs(B:
Debian $B%b%8%e!<%k%"%7%9%?%s%H$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,(B
$B@Z$K9T$o$l$^$;$s!#(B

$B$3$N967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$k>l9g!"%G!<%?$,GK2u$?$j%5!<%
S%9(B
$BITG=>uBV$K4Y$C$?$j$9$k2DG=@-$,9b$$$H9M$($i$l$^$9!#$=$NB>$N967b$,<B9T$
5$l(B
$B$k2DG=@-$b$"$j$^$9!#(B

38. Splatt Forums Remote Authentication Bypass Vulnerability
BugTraq ID: 15152
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15152
$BMWLs(B:
Splatt Forums $B$K$O!"%j%b!<%H$+$iG'>Z$,2sHr$5$l$k5?$$$,$"$j$^$9!#(B

$B967b<T$O4IM}MQ$N%m%0%$%s=hM}$r2sHr$7!"%U%)!<%i%`4IM}<T$NM-8z$J8"8B$r;
HMQ(B
$B$7$FEj9F$X$NJQ99$r9T$&2DG=@-$,$"$j$^$9!#(B

39. BMV PostScript File Handling Integer Overflow Vulnerability
BugTraq ID: 15153
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15153
$BMWLs(B:
BMV $B$K$O!"@0?t%*!<%P!<%U%m!<$,H/@8$9$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?(B PostScript $B%U%!%$%k$,=hM}$5$l$k:]$K0z$-5/(B
$B$3$5$l$^$9!#(B

$B967b$,@.8y$9$k$H!"G$0U$N%3!<%I$,<B9T$5$l!"IT@5%"%/%;%9$,0z$-5/$3$5$l$
k2D(B
$BG=@-$,$"$j$^$9!#0lIt$N%G%#%9%H%j%S%e!<%7%g%s$G$O(B BMV $B$O%G%U%)%k%H$G(B
setuid root $B%S%C%H$,IUM?$5$l$F%$%s%9%H!<%k$5$l$k$?$a!"967b<T$,$3$NLdBj$r(B
$BMxMQ$7$F4IM}<T8"8B$r<hF@$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$k$3$H$,Js9
p$5(B
$B$l$F$$$^$9!#(B

40. Linux Kernel World Writable SYSFS DRM Debug File Vulnerability
BugTraq ID: 15154
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15154
$BMWLs(B:
Linux Kernel $B$K$O!"C/$G$b=q$-9~$_2DG=$J%U%!%$%k$,(B SYSFS $B$K:n@.$5$l$kLdBj(B
$B$,B8:_$9$k5?$$$,$"$j$^$9!#LdBj$,MxMQ$5$l$k$H!"967b<T$,=EMW$J>pJs$r<hF
@$9(B
$B$k$3$H$,5v$5$l$F$7$^$&2DG=@-$,$"$j$^$9!#(B

41. Linux Kernel IPV6 Unspecified Denial of Service Vulnerability
BugTraq ID: 15156
$B%j%b!<%H$+$i$N:F8=@-(B: $BITL@(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15156
$BMWLs(B:
Linux Kernel $B$K$O!"%5!<%S%9ITG=>uBV$K4Y$kL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"(B
$B$k$HJs9p$5$l$F$$$^$9!#(B

$B$3$NLdBj$OL58B%k!<%W$K$h$j0z$-5/$3$5$l!"(BIPv6 $B$N=hM}%k!<%A%s$K1F6A$r5Z$\(B
$B$9$3$H$,Js9p$5$l$F$$$^$9!#(B

$B8=;~E@$G$O99$J$k>pJs$O8x3+$5$l$F$$$^$;$s!#>\:Y$,8x3+$5$l<!Bh!"$3$N(B
BID
$B$O99?7$5$l$kM=Dj$G$9!#(B

42. Squid FTP Server Response Denial Of Service Vulnerability
BugTraq ID: 15157
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15157
$BMWLs(B:
Squid $B$K$O!"%j%b!<%H$+$i$N967b$K$h$j%5!<%S%9ITG=>uBV$K4Y$k5?$$$,$"$j$^$9!#
(B

$B$3$NLdBj$O(B Squid $B$H(B FTP $B%5!<%P$N4V$NDL?.J}K!$KITHw$,$"$k$3$H$KM3Mh$7$^$9!#(B

Squid 2.5 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$,Js9p$5$l$F$$$^$9!#(B

43. Ethereal Service Location Protocol Dissection Stack Buffer Overflow Vulnerability
BugTraq ID: 15158
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15158
$BMWLs(B:
Ethereal $B$O!"%j%b!<%H$+$iMxMQ2DG=$J%P%C%U%!%*!<%P!<%U%m!<$NLdBj$N1F6A$r(B
$B<u$1$^$9!#$3$NLdBj$O!"%M%C%H%o!<%/>e$N%G!<%?$,=EMW$J%W%m%;%9%P%C%U%!$
K%;(B
$B%-%e%j%F%#>eE,@Z$K%3%T!<$5$l$J$$$3$H$KM3Mh$7$^$9!#$3$NLdBj$O!"(BServ
ice
Location Protocol $B2r@OIt$KB8:_$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%"%W%j%1!<%7%g%s$r<B9T$9$k%f!<%
6$N(B
$B8"8B$GG$0U$N%3!<%I$r<B9T$9$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%
9$d(B
$B8"8B>:3J$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

Ethereal $B$G$O@\B3>uBV$,DI@W$5$l$J$$$?$a!"%]!<%H(B 427 $B$X$NC10l$N(B TCP $B%Q%1%C(B
$B%H$K$h$j$3$NLdBj$,MxMQ$5$l$k2DG=@-$,$"$j$^$9!#$3$l$K$h$j!"0-0U$"$k%f!
<%6(B
$B$,967b85$r56Au$7$?$j!"(BTCP $B%]!<%H(B 427 $B$r%j%9%s$9$k%5!<%S%9$,%"%/%F%#%V$G(B
$B$J$$$J$$$H$-$K$3$NLdBj$rMxMQ$7$?$j$9$k$3$H$,5v$5$l$F$7$^$$$^$9!#(B

$B$3$NLdBj$O!"Ev=i(B BID 15148 (Ethereal Multiple Protocol Dissector
Vulnerabilities In Versions Prior To 0.10.13) $B$G8xI=$5$l$?E@$KN10U$9$Y$-(B
$B$G$9!#(B

44. SCO UnixWare PPP Prompt Local Buffer Overflow Vulnerability
BugTraq ID: 15159
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15159
$BMWLs(B:
SCO UnixWare $B$K$O!"%m!<%+%k$G$N967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9(B
$B$k5?$$$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BUnixware $B$N(B PPP (Point-to-Point Protocol) $B%W%m%s%W%H$+$i;XDj(B
$B$5$l$?BgNL$N%G!<%?$,=hM}$5$l$k$H$-$K0z$-5/$3$5$l$^$9!#(B

UnixWare 7.1.4 $B$*$h$S(B UnixWare 7.1.3 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3(B
$B$H$,Js9p$5$l$F$$$^$9!#(B

45. SCO OpenServer Backupsh Local Buffer Overflow Vulnerability
BugTraq ID: 15160
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-20
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15160
$BMWLs(B:
backupsh $B$K$O!"%m!<%+%k$G$N967b$K$h$j%P%C%U%!%*!<%P!<%U%m!<$,H/@8$9$k5?(B
$B$$$,$"$j$^$9!#(B

$B$3$NLdBj$OBgNL$N%G!<%?$,=hM}$5$l$k$H$-$K0z$-5/$3$5$l$k$?$a!"%W%m%;%9%
a%b(B
$B%j$,GK2u$5$l$k2DG=@-$,$"$j$^$9!#$3$NLdBj$K4XO"$9$k>\:Y>pJs$O!"8=;~E@$
G$O(B
$B8x3+$5$l$F$$$^$;$s!#(B

$B967b$,@.8y$9$k$H!"(Bbackup $B%0%k!<%W$N8"8B$GG$0U$N%^%7%s%3!<%I<B9T$,5v$5$l(B
$B$F$7$^$$$^$9!#(B

OpenServer 5.0.7 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

authsh $B%f!<%F%#%j%F%#$b$3$NLdBj$N1F6A$r<u$1$^$9!#LdBj$NMxMQ$,@.8y$9$k$H!"(B

$B967b<T$,(B auth $B%0%k!<%W$N8"8B$r<hF@$9$k2DG=@-$,$"$j$^$9!#(B

46. ZipGenius Multiple Archive Formats File Name Buffer Overflow Vulnerabilities
BugTraq ID: 15161
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15161
$BMWLs(B:
ZipGenius $B$K$O!"$5$^$6$^$J%"!<%+%$%V7A<0$,=hM}$5$l$k$H$-$K%P%C%U%!%*!<%P!<(B
$B%U%m!<$,H/@8$9$kJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B

$B$3$l$i$NLdBj$O!"G$0U$N%3!<%I$r<B9T$9$k$?$a$KMxMQ$5$l$k2DG=@-$,$"$j$^$
9!#(B
$B$3$l$K$h$j!"$3$N%"%W%j%1!<%7%g%s$r<B9T$7$F$$$k%f!<%6$N%;%-%e%j%F%#%3%
s%F(B
$B%-%9%HFb$G!"G$0U$N%3!<%I$,<B9T$5$l$k2DG=@-$,$"$j$^$9!#(B

ZipGenius 5.5.1.468 $B$*$h$S(B 6.0.2.1041 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3(B
$B$H$,Js9p$5$l$F$$$^$9!#$=$NB>$N%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$
9!#(B

47. AL-Caricatier SS.PHP Authentication Bypass Vulnerability
BugTraq ID: 15162
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15162
$BMWLs(B:
AL-Caricatier $B$K$O!"G'>Z$,2sHr$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,(B
$B;XDj$7$?F~NOCM$NBEEv@-3NG'$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B$3$NLdBj$K$h$j!"967b<T$,=EMW$J>pJs$r3+<($7!"%"%W%j%1!<%7%g%s$d%5%$%H$
K4I(B
$BM}<T8"8B$G%"%/%;%9$9$k2DG=@-$,$"$j$^$9!#(B

AL-Caricatier 2.5 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

48. Oracle Application Server HTTP Response Splitting Vulnerability
BugTraq ID: 15163
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15163
$BMWLs(B:
Oracle Application Server $B$K$O!"(BHTTP $B1~EzJ,3d$,0z$-5/$3$5$l$k5?$$$,$"$j(B
$B$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$
5$l(B
$B$J$$$3$H$KM3Mh$7$^$9!#(B

$B%j%b!<%H$N967b<T$O$3$NLdBj$rMxMQ$7$F!"%G!<%?$N2~$6$s!"%-%c%C%7%e1x@w$
d56$C(B
$B$?%3%s%F%s%D$rI=<($5$;$k2DG=@-$,$"$j$^$9!#$3$NLdBj$O!"%/%i%$%"%s%H%f!
<%6(B
$B$r$"$?$+$b0BA4$G$"$k$H8m2r$5$;$k$h$&$K;E8~$1$k$5$^$6$^$J967b$KMxMQ$5$
l$k(B
$B2DG=@-$,$"$j$^$9!#(B

$B$3$NLdBj$O!"(BBID 15134 (Oracle October Security Update Multiple
Vulnerabilities) $B$GJs9p$5$l$F$$$k$h$&$K!"(BOracle Critical Patch Update -
October 2005 $B$G2r7h$5$l$^$7$?!#99$J$k>pJs$,8x3+$5$l$?$N$KH<$$!"?75,$K(B
BID $B$,3d$jEv$F$i$l$^$7$?!#(B

49. TikiWiki Unspecified Cross-Site Scripting Vulnerability
BugTraq ID: 15164
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15164
$BMWLs(B:
TikiWiki $B$K$O!"%/%m%9%5%$%H%9%/%j%W%F%#%s%0$K4XO"$9$kL$FCDj$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%:=hM
}$,(B
$BE,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7!"5?$$$r;}$?$J$$%f!<%6$N%V%i%&%6$G!"LdBj$N$"$
k%5(B
$B%$%H$N%;%-%e%j%F%#%3%s%F%-%9%HFb$GG$0U$N%9%/%j%W%H%3!<%I$r<B9T$9$k2DG
=@-(B
$B$,$"$j$^$9!#$3$l$K$h$j!"(BCookie $B$KM3Mh$9$kG'>ZMQ>pJs$N@`<h$J$I$N967b$,0z(B
$B$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

50. SUSE Linux Squid Proxy SSL Handling Denial of Service Vulnerability
BugTraq ID: 15165
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15165
$BMWLs(B:
SUSE Linux $B$G<B9T$5$l$k(B Squid Proxy $B$O!"%5!<%S%9ITG=>uBV$K4Y$kLdBj$N1F6A(B
$B$r<u$1$^$9!#(B

$B$3$NLdBj$O!"0U?^E*$K:n@.$5$l$?(B HTTPS $B%G!<%?$,=hM}$5$l$k$H$-$K0z$-5/$3$5(B
$B$l$k$3$H$,Js9p$5$l$F$$$^$9!#%"%W%j%1!<%7%g%s$NFC@-$K$h$j!"$3$NLdBj$K$
h$j(B
$B%j%b!<%H$+$i6<0R$,$b$?$i$5$l$k2DG=@-$,$"$k$3$H$,?d;!$5$l$^$9!#(B

$BLdBj$NMxMQ$,@.8y$9$k$H!"%5!<%S%9$,%/%i%C%7%e$9$k2DG=@-$,$"$j$^$9!#(B

SuSE Linux 9.0 $B$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3$H$,Js9p$5$l$F$$$^$9!#(B

$B>\:Y$,8x3+$5$l<!Bh!"$3$N(B BID $B$O99?7$5$l$kM=Dj$G$9!#(B

51. Nuked Klan Multiple HTML Injection Vulnerabilities
BugTraq ID: 15166
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-21
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15166
$BMWLs(B:
Nuked Klan $B$K$O!"(BHTML $B%?%0$rA^F~2DG=$JJ#?t$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HM
Q$9(B
$B$kA0$K!"F~NOCM$N%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#
(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(B Cookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
l$i(B
$B$NLdBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG
=@-(B
$B$b$"$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

52. BMC Control M Agent Insecure File Permission Vulnerability
BugTraq ID: 15167
$B%j%b!<%H$+$i$N:F8=@-(B: $B$J$7(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15167
$BMWLs(B:
BMC Control M Agent $B$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$o$l(B
$B$^$;$s!#(B

$B$3$N%"%W%j%1!<%7%g%s$G$O!"0l;~%U%!%$%k$N:n@.$,%;%-%e%j%F%#>eE,@Z$K9T$
o$l(B
$B$^$;$s!#%m!<%+%k$K%"%/%;%9$,2DG=$J967b<T$O$3$NLdBj$r;HMQ$9$k$3$H$K$h$
j!"(B
$B%"%W%j%1!<%7%g%s$N%;%-%e%j%F%#%3%s%F%-%9%HFb$G%U%!%$%k$r>e=q$-$9$k2DG
=@-(B
$B$,$"$j$^$9!#(B

$B$3$N967b$K$h$j=EMW$J%U%!%$%k$,>e=q$-$5$l$k>l9g!"%G!<%?$,GK2u$?$j%5!<%
S%9(B
$BITG=>uBV$K4Y$C$?$j$9$k2DG=@-$,9b$$$H9M$($i$l$^$9!#$=$NB>$N967b$,<B9T$
5$l(B
$B$k2DG=@-$b$"$j$^$9!#(B

BMC Control M Agent 6.1.03 $B$K$*$$$F!"LdBj$N1F6A$r<u$1$^$9!#$3$l$h$jA0$N(B
$B%P!<%8%g%s$b1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#(B

53. Zomplog Detail.PHP HTML Injection Vulnerability
BugTraq ID: 15168
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15168
$BMWLs(B:
Zomplog $B$K$O(B HTML $B%?%0$rA^F~$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;X(B
$BDj$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%
$%:(B
$B=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(B Cookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG=@-$
b$"(B
$B$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

Zomplog 3.4 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$^$9!#(B

54. phpMyAdmin Theme Variable Local File Inclusion Vulnerability
BugTraq ID: 15169
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15169
$BMWLs(B:
phpMyAdmin $B$K$O!"%m!<%+%k$G%U%!%$%k$,%$%s%/%k!<%I$5$l$k5?$$$,$"$j$^$9!#(B

$B967b<T$O$3$NLdBj$rMxMQ$7$F!"LdBj$N$"$k%3%s%T%e!<%?>e$G(B Web $B%5!<%P%W%m%;(B
$B%9$N8"8B$r;HMQ$7!"G$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$
,$"(B
$B$j$^$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

phpMyAdmin 2.6.4-pl2 $B0JA0$N%P!<%8%g%s$K$*$$$F!"$3$NLdBj$N1F6A$r<u$1$k$3(B
$B$H$,Js9p$5$l$F$$$^$9!#(B

55. phpBB Avatar Upload HTML Injection Vulnerability
BugTraq ID: 15170
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15170
$BMWLs(B:
phpBB $B$K$O(B HTML $B%?%0$rA^F~$5$l$k5?$$$,$"$j$^$9!#$3$NLdBj$O!"%f!<%6$,;XDj(B
$B$7$?F~NOCM$rF0E*$K@8@.$7$?%3%s%F%s%D$G;HMQ$9$kA0$K!"F~NOCM$N%5%K%?%$%
:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$,Ds6!$7$?(B HTML $B$d%9%/%j%W%H%3!<%I$OLdBj$N$"$k(B Web $B%5%$%H$N%;%-%e(B
$B%j%F%#%3%s%F%-%9%HFb$G<B9T$5$l$k2DG=@-$,$"$j!"$3$l$K$h$j(B Cookie $B$KM3Mh$9(B
$B$kG'>ZMQ>pJs$N@`<h$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$O$3$
NLd(B
$BBj$rMxMQ$7$F!"%f!<%6$KBP$9$k%5%$%H$N%l%s%@%j%s%0J}K!$r@)8f$9$k2DG=@-$
b$"(B
$B$j$^$9!#$=$NB>$N967b$,0z$-5/$3$5$l$k2DG=@-$b$"$j$^$9!#(B

Web $B%V%i%&%6$K(B Microsoft Internet Explorer $B$r;HMQ$7$F$$$k>l9g$K$N$_$3$N(B
$BLdBj$,0z$-5/$3$5$l$^$9!#(B

56. eBASEweb Unspecified SQL Injection Vulnerability
BugTraq ID: 15171
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15171
$BMWLs(B:
eBASEweb $B$K$O!"(BSQL $B9=J8$rCmF~2DG=$JL$FCDj$NLdBj$,B8:_$9$k5?$$$,$"$j$^$9!#(B
$B$3$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$r(B SQL $B%/%(%j$G;HMQ$9$kA0$K!"F~NOCM$N(B
$B%5%K%?%$%:=hM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b$,@.8y$9$k$H!"%"%W%j%1!<%7%g%s$KBP$9$k6<0R$,>7$+$l$?$j!"%G!<%?$,3
+<((B
$B$5$l$?$jA`:n$5$l$?$j$9$k2DG=@-$,$"$j$^$9!#$^$?!"967b<T$,%P%C%/%(%s%I%
G!<(B
$B%?%Y!<%9$N<BAu$NLdBj$rMxMQ$9$k$3$H$,5v$5$l$F$7$^$&2DG=@-$b$"$j$^$9!#
(B

$B99$J$k>\:Y$ODs6!$5$l$F$$$^$;$s!#(B

57. FlatNuke Index.PHP Multiple Remote File Include Vulnerabilities
BugTraq ID: 15172
$B%j%b!<%H$+$i$N:F8=@-(B: $B$"$j(B
$B8xI=F|(B: 2005-10-22
$B4XO"$9$k(B URL: http://www.securityfocus.com/bid/15172
$BMWLs(B:
FlatNuke $B$K$O!"%j%b!<%H$+$i%U%!%$%k$r%$%s%/%k!<%I2DG=$JJ#?t$NLdBj$,B8:_(B
$B$9$k5?$$$,$"$j$^$9!#$3$l$i$NLdBj$O!"%f!<%6$,;XDj$7$?F~NOCM$N%5%K%?%$%
:=h(B
$BM}$,E,@Z$K<B9T$5$l$J$$$3$H$KM3Mh$7$^$9!#(B

$B967b<T$O$3$l$i$NLdBj$rMxMQ$7$F!"(BWeb $B%5!<%P%W%m%;%9$N8"8B$GLdBj$N$"$k%3(B
$B%s%T%e!<%?>e$GG$0U$N%5!<%P%5%$%I%9%/%j%W%H%3!<%I$r<B9T$9$k2DG=@-$,$"$
j$^(B
$B$9!#$3$l$K$h$j!"IT@5%"%/%;%9$,0z$-5/$3$5$l$k2DG=@-$,$"$j$^$9!#(B

$B0-0U$"$k%f!<%6$,$3$l$i$NLdBj$rMxMQ$9$k$K$O!"%"%+%&%s%H$r=jM-$7$F!"%"%
W%j(B
$B%1!<%7%g%s$K%m%0%$%s$9$kI,MW$,$"$kE@$KN10U$9$Y$-$G$9!#(B

III. SECURITYFOCUS NEWS ARTICLES
--------------------------------
1. Web defacer sentenced, facing deportation
$BCx<T(B: Robert Lemos
Rafael Nunez-Aponte $B$OJF9q6u73$N(B Web $B%5%$%H2~$6$s$K$D$$$F;JK!<h0z$K9g0U(B
$B$7!"I~Lr$9$k$3$H$K$J$j$^$7$?!#$7$+$7!"(BNASA $B4XO"J8=q$NO31L$K4XO"$9$kMF5?(B
$B$K$D$$$F$O$^$@7hCe$7$F$$$^$;$s!#(B

http://www.securityfocus.com/news/11350

2. Snort vulnerability "wormable" but not widespread
$BCx<T(B: Robert Lemos
$B%*!<%W%s%=!<%9$N?/F~8!CN%7%9%F%`$N%W%j%W%m%;%C%55!G=$K(B 3 $B%v7nA0$+$iB8:_(B
$B$9$k7g4Y$O%o!<%`:n<T$N4X?4$r0z$-IU$1$k2DG=@-$,$"$j$^$9$,!"LdBj$N1F6A$
r<u(B
$B$1$k%7%9%F%`$N?t$O>/$J$$$H9M$($i$l$^$9!#(B

http://www.securityfocus.com/news/11349

3. Worm worries don't wait for Windows exploits
$BCx<T(B: Robert Lemos
$B:G6aH/I=$5$l$?(B Microsoft Windows $B$NLdBj$,%$%s%?!<%M%C%H%o!<%`$N1B?)$H$J(B
$B$k2DG=@-$K$D$$$F!"%;%-%e%j%F%#8&5f<T$?$A$N0U8+$O?)$$0c$C$F$$$^$9!#(B

http://www.securityfocus.com/news/11346

4. Arrests unlikely to impact bot net threat, say experts
$BCx<T(B: Robert Lemos
$B967b$r<u$1$?(B 100,000 $BBf0J>e$N%3%s%T%e!<%?$+$i@.$k%M%C%H%o!<%/$r@)8f$7$?(B
$BMF5?$G@hF|%*%i%s%@$G(B 3 $B?M$NCK@-$,BaJa$5$l$^$7$?$,!"$3$l$K$h$C$F%\%C%H%M%C(B
$B%H$r<h$j0O$`AH?%HH:a$,8:>/$9$k2DG=@-$ODc$$$G$7$g$&!#(B

http://www.securityfocus.com/news/11344

5. Say hello to the Skype Trojan
$BCx<T(B: John Leyden
$B%&%$%k%9:n@.<T$O!"?M5$$N9b$$(B VoIP $B%=%U%H%&%'%"$N:G?7%P!<%8%g%s$K8+$;$+$1(B
$B$??7$?$J%H%m%$$NLZGO$r;HMQ$7$F!"(BSkype $B%f!<%6$rI8E*$K$7$F$$$^$9!#(B

http://www.securityfocus.com/news/11348

6. Shared music abuse bug hits iTunes
$BCx<T(B: John Leyden
$B%;%-%e%j%F%#8&5f<T$O!"?M5$$N9b$$(B Apple $B$N(B iTunes $B%W%m%0%i%`$GLdBj$rH/8+(B
$B$7$^$7$?!#$3$NLdBj$O!"6&M-$N2;3Z$r%@%&%s%m!<%I$9$k%$%s%?!<%U%'!<%9$G<
B9T(B
$B$5$l$k2DG=@-$,$"$j$^$9!#(B

http://www.securityfocus.com/news/11347

7. US cybersecurity all at sea
$BCx<T(B: John Leyden
$B9qEZ0BA4J]>c>J$K$h$k%"%a%j%+9qFb$N%5%$%P!<%;%-%e%j%F%#%j%9%/$N4IM}$OI
T==(B
$BJ,$G$"$k!"$H@h$NJF9qBgE}NN>pJs%;%-%e%j%F%#C4Ev8\Ld$OH/8@$7$F$$$^$9!#
(B

http://www.securityfocus.com/news/11345

8. Worm fears over MS October patch batch
$BCx<T(B: John Leyden
Microsoft $B$O(B 9 $B7o$N%"%C%W%G!<%H$r4^$`=$@5%W%m%0%i%`$r2PMKF|$KH/I=$7$^$7(B
$B$?!#(B

http://www.securityfocus.com/news/11342

--
$BK]Lu(B: LAC $BK]Lu%A!<%`(B
$B4F=$(B: $B>.3^8691M:(B (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html
0?l *?H?÷
?]0?Y10 +0 *?H?÷
?
û0?0?k9ÊT?þP"2þ2ÙÛû?0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
180518235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
?÷Îv\«??Ü?o49]?>kr,áÇ¢{@)¹x?ºLÅ£j^?n{ãòAf¾û®¢Î?ó¢4?´²¶$òåÕàÈåbm?{Ë¾»?|WÊð7©¯?î¾(?Ù&v ÍÄNð®Õ¾¯WjÐ BBBô
Ì¥x??&8?G0?0?kLÇêª?>qÓ?ø=:???0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
980518000000Z
280801235959Z0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0?0
*?H?÷
0?ªÐº¾-¸?ÔÊÒ¼v1Ê?Ø??V¼ÙooR6nuV
UÓßC?!e?~½!Þk2??4?A5ë?ë?ÝªY?Sm?Oíåâ*ZÁ¹Ä¦ÏÈEë¦]??>ðd$v¥Í«o¶Ø{Qa
n¦?Èâ·å4ÜA?ê @¾s?=kçu0
*?H?÷
©OÃ
Çg¾,ËÙ¨Í-uç~?;rë~ë\- ?Ökm`|å®Å#\JÐ¯±]óÇ¶
Ûà?
Ý¼Çv?µÝOÃ?u¸ÀæÉ[k¥¸?Ü¬¤ÝríN¡÷O¼ÓêÈdt{Â?A?esXñ?<j±?ÉÄ?¼ÏEmEân"?þ¼1\
èòÙ0?¶0? %îs<û ?U??{?í¿0
*?H?÷
0Á10 UUS10U
VeriSign, Inc.1<0:U3Class 1 Public Primary Certification Authority - G21:08U1(c) 1998 VeriSign, Inc. - For authorized use only10UVeriSign Trust Network0
020404000000Z
070403235959Z0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0?0
*?H?÷
0?¼+þîO×ùútüoÃøÊ?(v'È4 Ëªr-Éö?~?hòKïÉÿo½?îÓ??ÿ¨þîhU°¼ð°óåNhfisµ:V÷^uæo;êâd'\`?ÝÛ+·¼¶ª¡$)¯t¦?¯GöÕK~,e3îÛ¥<
KCp?ÙÙÂ??Äø(£¤0¡0Uÿ0ÿ0FU ?0=0;`?H?øE0,0*+https://www.verisign.co.jp/rpa0U
ÿ0 `?H?øB0 U0¤010UC1C2-1-40
*?H?÷
\?Ïh??¿ÏÓ_n²N>?Qs?e¢w ~ü v1?ÿîv4YVÊæGèãTÓÈ?Î?«bMo]?¸¢±?_K??Çó[m³#ÕcÑU*¿þ·ÄUò´o:?¿ê§q^/=¯?
?òt)ÿÌõ
?¬ÕÕ?ô÷7ªÔ?pd{0?10?? d2?7Åw?É??¹?b?ñ0
*?H?÷
0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CA0
050331000000Z
060331235959Z0ü10U
VeriSign Japan K.K.10UISP Service CA1503U,Terms of use at www.verisign.co.jp/rpa (c)011806U/Service Name - 5BF88D474BD2A6D3E7E073163F0C4D1210UHitachijoho10UTsuneo Ogasawara1!0 *?H?÷
t.ogaswr (at) lac.co (dot) jp0 [email concealed]?0
*?H?÷
0?¿*E´\2ÅÍóDíÐÏÇ~?+Ü=Ù&-u4)~è§ÊÇ2ÉnAàÙWÍØoÓÐûÊfÚq³.?³¥Hë¼ÀÚ×?!0¯6iÚ??±?rÙDÏdA[?Ùî?´q\~ãè?ú¨
Ä»ù?oÊi1¶+_ãr?#??>¥þ?IÁeA£ä0á0 U00EU >0<0:
`?H?øE0,0*+https://www.verisign.co.jp/rpa0U 0
`?H?øB?0ZUS0Q0O M K?Ihttp://onsitecrl.verisign.co.jp/VeriSi
gnJapanKKISPServiceCA/LatestCRL.crl0
`?H?øE ÿ0
*?H?÷
TMÎ¤©ýäøpßËµ"òÎ©,ÍË¶Q??`puÏ?¥?F?ÿ¬ãÅz?¸íñ²Oð)ô2ð$³q?âüý |øu
ßx©?Ì0³Jçjñ^9?^ p('?öC¦^ã=?øîÍ?&´ª.àTaxz4ÓÄÇ«<v?òY³QúÄ1?90?50Þ0É10U
VeriSign Japan K.K.10UVeriSign Trust Network1=0;U4Terms of use at https://www.verisign.co.jp/rpa (c)02100.U'Class 1 OnSite Individual Subscriber CA10UISP Service CAd2?7Åw?É??¹?b?ñ0 + ±0 *?H?÷
1 *?H?÷
0 *?H?÷
1
060203085800Z0# *?H?÷
1Ñ§ÀÏj>ÐföóªGýÊCumÁ0R *?H?÷
1E0C0
*?H?÷
0*?H?÷
?0+0
*?H?÷
@0
*?H?÷
(0
*?H?÷
?2¾F?Ý´õ
Æ/¯¾Ê«t¦[*&tT²a®÷u"Å2?öþýþ??/GBïß;²Ð!C26¶G?+ÏÇo~äµwå¡gíTL±¿¦¬D??F
k>Æ?ÐU?ìÂDÊ*¥?_ÎnGbà?
?ÁxòâjbÂtÎð&è5ºè

[ reply ]