[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SecurityFocus Newsletter #303 2005-06-06->2005-06-10

To: bugtraq-jp@xxxxxxxxxxxxxxxxx
Subject: SecurityFocus Newsletter #303 2005-06-06->2005-06-10
From: Tsuneo Ogasawara <t.ogaswr@xxxxxxxxx>
Date: Fri, 4 Nov 2005 18:53:38 +0900
小笠原@ラックです。

SecurityFocus Newsletter 第 303 号の和訳をお届けします。
#303 より、SecurityFocus Newsletter (英語) のフォーマットが今までと異なり
ます。これに伴い、TOOLS の項目が除外されてしまいました。

また、#303 は「II. BUGTRAQ SUMMARY」の項目がタイトルとリンクのみとなってお
り、和訳対象は「III. SECURITYFOCUS NEWS」 のみとなっています。

---------------------------------------------------------------------------
BugTraq-JP に関する FAQ (日本語):
http://www.securityfocus.com/archive/79/description
・SecurityFocus Newsletter の和訳は BugTraq-JP で一次配布されています
・BugTraq-JP への参加方法、脱退方法はこの FAQ をご参照ください
---------------------------------------------------------------------------
SecurityFocus Newsletter アーカイブ (英語):
http://www.securityfocus.com/archive/78
BugTraq に関する FAQ (英語):
http://www.securityfocus.com/archive/1/description
---------------------------------------------------------------------------
引用に関する備考:
・この和訳は SecurityFocus の許可を株式会社ラックが得た上で行われています。
・SecurityFocus Newsletter の和訳を Netnews, Mailinglist, World Wide Web,
  書籍, その他の記録媒体で引用される場合にはメールの全文引用をお願いします。
・日本語版ニュースレター 1 号から 3 号までにはこの備考が付いていませんが、
  準用するものとします。
・また、SecurityFocus 提供の BugTraq-JP アーカイブ [*1] へのいかなる形式の
  ハイパーリンクも上記に準じてください。
1) http://online.securityfocus.com/archive/79
---------------------------------------------------------------------------
この和訳に関する備考:
・この和訳の適用成果について株式会社ラックは責任を負わないものとしま
  す。
---------------------------------------------------------------------------
訳者からのお知らせ:
・もし、typo や誤訳が見つかった場合、BugTraq-JP へ Errata として修正
  版をご投稿頂くか、監修者 (t.ogaswr@xxxxxxxxx) にお知らせください。
  後者の場合には修正版をできるだけ迅速に発行します。
---------------------------------------------------------------------------
This translation is encoded and posted in ISO-2022-JP.

原版:
14 Jun 2005 23:43:08 -0000
Message-ID: <42AF62E5.3010309@xxxxxxxxxxxxxxxxx>

SecurityFocus Newsletter #303
-----------------------------

This Issue is Sponsored By: SPI Dynamics

I. FRONT AND CENTER (日本語訳なし)
       1. Shred It!
       2. A Role Model for Security. Almost.
       3. Software Firewalls: Made of Straw? Part 1 of 2
       4. Microsoft's Most Successful Failure
II. BUGTRAQ SUMMARY (日本語訳なし)
       1. MDKSA-2005:100 - Updated rsh packages fix vulnerability
       2. MDKSA-2005:099 - Updated gaim packages fix more vulnerabilities
       3. Anti-Virus Malformed ZIP Archives flaws [UPDATE]
       4. iDEFENSE Security Advisory 06.14.05: Microsoft Windows Interactive Training Buffer Overflow Vulnerability
       5. iDEFENSE Security Advisory 06.14.05: Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
       6. iDEFENSE Security Advisory 06.14.05: Multiple Vendor Telnet Client Information Disclosure Vulnerability
       7. Bluetooth dot dot attacks (update)
       8. URL-Encoding Problem in Finjan SurfinGate
       9. [NGSEC] AntiPharming v1.00 FREE
       10. Local privilege escalation using runasp V3.5.1
       11. Remote Exploit for  Web_store.cgi
       12. [ GLSA 200506-12 ] MediaWiki: Cross-site scripting vulnerability
       13. UPDATE: [ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability
       14. NDSS '06 -- Call for Papers
       15. FusionBB Multiple Vulnerabilities
       16. TSL-2005-0028 - multi
       17. Security contact of airport Rome, Italy
       18. reconsidering physical security: pod slurping
       19. File Upload Manager Sploits
       20. singapore v0.9.11 cross site scripting and path disclosure
       21. [ GLSA 200506-11 ] Gaim: Denial of Service vulnerabilities
       22. Bluetooth SIG Denial of Service vulnerability
       23. [ GLSA 200506-10 ] LutelWall: Insecure temporary file creation
       24. Multiple vulnerabilities in Pico Server (pServ) v3.3
       25. [ GLSA 200506-09 ] gedit: Format string vulnerability
       26. [ GLSA 200506-08 ] GNU shtool, ocaml-mysql: Insecure temporary file creation
       27. [ GLSA 200506-07 ] Ettercap: Format string vulnerability
       28. [OpenPKG-SA-2005.010] OpenPKG Security Advisory (openpkg)
       29. [OpenPKG-SA-2005.009] OpenPKG Security Advisory (gzip)
       30. [OpenPKG-SA-2005.008] OpenPKG Security Advisory (bzip2)
       31. [OpenPKG-SA-2005.007] OpenPKG Security Advisory (cvs)
       32. osCommere HTTP Response Splitting
       33. Voice VLAN Access/Abuse Possible on Cisco voice-enabled,    802.1x-secured Interfaces
       34. [Full-disclosure] [USN-139-1] Gaim vulnerability
       35. Webhints v1.03 Remote Command Execution
       36. "Meanwhile, on the other side of the web server" - a new write-up by Amit Klein
       37. MDKSA-2005:098 - Updated wget packages fix vulnerabilities
       38. [ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities
       39. Arbitrary code execution in eping plugin
       40. Invision Gallery Vulnerabilities
       41. tftp 2000 1.0.0.1
       42. [USN-138-1] gedit vulnerability
       43. Invision Community Blog Vulnerabilities
       44. SUSE Security Announcement: several kernel security problems  (SUSE-SA:2005:029)
       45. FreeBSD Security Advisory FreeBSD-SA-05:12.bind9
       46. FreeBSD Security Advisory FreeBSD-SA-05:11.gzip
       47. FreeBSD Security Advisory FreeBSD-SA-05:10.tcpdump
       48. xmysqladmin insecure temporary file creation
       49. [ Suresec Advisories ] - Mac OS X 10.4 - launchd local root vulnerability
       50. leafnode security announcement leafnode-SA-2005-02 (CAN-2005-1911)
       51. 2 SQL injection in Loki download manager v2.0
       52. [ GLSA 200506-05 ] SilverCity: Insecure file permissions
       53. [USN-137-1] Linux kernel vulnerabilities
III. SECURITYFOCUS NEWS
       1. Stealthy Trojan horses, modular bot software dodging defenses
       2. Latest Bluetooth attack makes short work of weak passwords
       3. Study: Flaw disclosure hurts software maker's stock
       4. Cybersecurity czar will have hard road ahead
       5. VXers love Britney Spears - official
       6. Motorola downplays data security breach
       7. Skulls Trojan poses as security code
       8. Japanese 'Yahoo! phisher' arrested


I. FRONT AND CENTER (日本語訳なし)
------------------------------------

II. BUGTRAQ SUMMARY (日本語訳なし)
----------------------------------
1. MDKSA-2005:100 - Updated rsh packages fix vulnerability
http://www.securityfocus.com/archive/1/402254

2. MDKSA-2005:099 - Updated gaim packages fix more vulnerabilities
http://www.securityfocus.com/archive/1/402256

3. Anti-Virus Malformed ZIP Archives flaws [UPDATE]
http://www.securityfocus.com/archive/1/402244

4. iDEFENSE Security Advisory 06.14.05: Microsoft Windows Interactive Training Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/402245

5. iDEFENSE Security Advisory 06.14.05: Microsoft Outlook Express NNTP Response Parsing Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/402246

6. iDEFENSE Security Advisory 06.14.05: Multiple Vendor Telnet Client Information Disclosure Vulnerability
http://www.securityfocus.com/archive/1/402230

7. Bluetooth dot dot attacks (update)
http://www.securityfocus.com/archive/1/402262

8. URL-Encoding Problem in Finjan SurfinGate
http://www.securityfocus.com/archive/1/402231

9. [NGSEC] AntiPharming v1.00 FREE
http://www.securityfocus.com/archive/1/402251

10. Local privilege escalation using runasp V3.5.1
http://www.securityfocus.com/archive/1/402234

11. Remote Exploit for  Web_store.cgi
http://www.securityfocus.com/archive/1/402253

12. [ GLSA 200506-12 ] MediaWiki: Cross-site scripting vulnerability
http://www.securityfocus.com/archive/1/402160

13. UPDATE: [ GLSA 200505-06 ] TCPDump: Decoding routines Denial of Service vulnerability
http://www.securityfocus.com/archive/1/402263

14. NDSS '06 -- Call for Papers
http://www.securityfocus.com/archive/1/402163

15. FusionBB Multiple Vulnerabilities
http://www.securityfocus.com/archive/1/402257

16. TSL-2005-0028 - multi
http://www.securityfocus.com/archive/1/402138

17. Security contact of airport Rome, Italy
http://www.securityfocus.com/archive/1/402126

18. reconsidering physical security: pod slurping
http://www.securityfocus.com/archive/1/402143

19. File Upload Manager Sploits
http://www.securityfocus.com/archive/1/402125

20. singapore v0.9.11 cross site scripting and path disclosure
http://www.securityfocus.com/archive/1/402127

21. [ GLSA 200506-11 ] Gaim: Denial of Service vulnerabilities
http://www.securityfocus.com/archive/1/402128

22. Bluetooth SIG Denial of Service vulnerability
http://www.securityfocus.com/archive/1/402156

23. [ GLSA 200506-10 ] LutelWall: Insecure temporary file creation
http://www.securityfocus.com/archive/1/402047

24. Multiple vulnerabilities in Pico Server (pServ) v3.3
http://www.securityfocus.com/archive/1/402045

25. [ GLSA 200506-09 ] gedit: Format string vulnerability
http://www.securityfocus.com/archive/1/402048

26. [ GLSA 200506-08 ] GNU shtool, ocaml-mysql: Insecure temporary file creation
http://www.securityfocus.com/archive/1/402050

27. [ GLSA 200506-07 ] Ettercap: Format string vulnerability
http://www.securityfocus.com/archive/1/402049

28. [OpenPKG-SA-2005.010] OpenPKG Security Advisory (openpkg)
http://www.securityfocus.com/archive/1/402142

29. [OpenPKG-SA-2005.009] OpenPKG Security Advisory (gzip)
http://www.securityfocus.com/archive/1/402129

30. [OpenPKG-SA-2005.008] OpenPKG Security Advisory (bzip2)
http://www.securityfocus.com/archive/1/402124

31. [OpenPKG-SA-2005.007] OpenPKG Security Advisory (cvs)
http://www.securityfocus.com/archive/1/402119

32. osCommere HTTP Response Splitting
http://www.securityfocus.com/archive/1/401936

33. Voice VLAN Access/Abuse Possible on Cisco voice-enabled,   802.1x-secured Interfaces
http://www.securityfocus.com/archive/1/401938

34. [Full-disclosure] [USN-139-1] Gaim vulnerability
http://www.securityfocus.com/archive/1/401939

35. Webhints v1.03 Remote Command Execution
http://www.securityfocus.com/archive/1/401940

36. "Meanwhile, on the other side of the web server" - a new write-up by Amit Klein
http://www.securityfocus.com/archive/1/401866

37. MDKSA-2005:098 - Updated wget packages fix vulnerabilities
http://www.securityfocus.com/archive/1/401865

38. [ GLSA 200506-06 ] libextractor: Multiple overflow vulnerabilities
http://www.securityfocus.com/archive/1/401868

39. Arbitrary code execution in eping plugin
http://www.securityfocus.com/archive/1/401862

40. Invision Gallery Vulnerabilities
http://www.securityfocus.com/archive/1/401833

41. tftp 2000 1.0.0.1
http://www.securityfocus.com/archive/1/401818

42. [USN-138-1] gedit vulnerability
http://www.securityfocus.com/archive/1/401869

43. Invision Community Blog Vulnerabilities
http://www.securityfocus.com/archive/1/401815

44. SUSE Security Announcement: several kernel security problems  (SUSE-SA:2005:029)
http://www.securityfocus.com/archive/1/401820

45. FreeBSD Security Advisory FreeBSD-SA-05:12.bind9
http://www.securityfocus.com/archive/1/401827

46. FreeBSD Security Advisory FreeBSD-SA-05:11.gzip
http://www.securityfocus.com/archive/1/401821

47. FreeBSD Security Advisory FreeBSD-SA-05:10.tcpdump
http://www.securityfocus.com/archive/1/401834

48. xmysqladmin insecure temporary file creation
http://www.securityfocus.com/archive/1/401828

49. [ Suresec Advisories ] - Mac OS X 10.4 - launchd local root vulnerability
http://www.securityfocus.com/archive/1/401822

50. leafnode security announcement leafnode-SA-2005-02 (CAN-2005-1911)
http://www.securityfocus.com/archive/1/401819

51. 2 SQL injection in Loki download manager v2.0
http://www.securityfocus.com/archive/1/401771

52. [ GLSA 200506-05 ] SilverCity: Insecure file permissions
http://www.securityfocus.com/archive/1/401770

53. [USN-137-1] Linux kernel vulnerabilities
http://www.securityfocus.com/archive/1/401748


III. SECURITYFOCUS NEWS
-----------------------
1. Stealthy Trojan horses, modular bot software dodging defenses
著者: Robert Lemos
PC をリモートからコントロールが可能なゾンビ PC へと変えてしまうソフトウェア
は進化していますが、防御策はそれに追いついてはいません。

http://www.securityfocus.com/news/11209

2. Latest Bluetooth attack makes short work of weak passwords
著者: Robert Lemos
セキュリティ保護のために 4 桁の PIN を使用するデバイスは、1 秒に満たない時
間で脅威にさらされる可能性がありますが、長いパスワードは攻撃に対する耐性が
あると研究者は述べています。

http://www.securityfocus.com/news/11202

3. Study: Flaw disclosure hurts software maker's stock
著者: Robert Lemos
脆弱性が発見された場合、ソフトウェアメーカーの株価に損害が及んでしまうと 2 
人の研究者は述べています。しかしながら、脆弱性を公表することの長期的影響は
まだ不明確です。

http://www.securityfocus.com/news/11197

4. Cybersecurity czar will have hard road ahead
著者: Robert Lemos
米国国土安全保障省のサイバーセキュリティ統括員にさらに強い影響力を与える今
月に可決されそうな議案について、セキュリティ専門家はまだ大きな課題が解決さ
れていないと述べています。

http://www.securityfocus.com/news/11194

5. VXers love Britney Spears - official
著者: John Leyden
スペインのアンチウイルスファームである Panda Software は、インターネット上
に拡散するウイルスで悪用された有名人ランキングを発表しました。

http://www.securityfocus.com/news/11210

6. Motorola downplays data security breach
著者: John Leyden
Motorola 従業員の個人情報が含むコンピュータがある受託業者のオフィスで盗難さ
れました。これは、比較的重要ではないセキュリティ騒動を招きました。

http://www.securityfocus.com/news/11206

7. Skulls Trojan poses as security code
著者: John Leyden
ウイルス作成者は、F-Secure のモバイルアンチウイルスソフトウェアの海賊版と見
せかけた携帯電話用のマルウェアを作成しました。

http://www.securityfocus.com/news/11207

8. Japanese 'Yahoo! phisher' arrested
By: Jan Libbenga
伝えられるところによると、Yafoo と呼ばれるフィッシング詐欺のサイトを運営する
大阪在住の男性が今日逮捕されました。

http://www.securityfocus.com/news/11208

--
翻訳: LAC 翻訳チーム
監修: 小笠原恒雄 (OGASAWARA Tsuneo)
LAC Co., Ltd.
http://www.lac.co.jp/index.html
Attachment: smime.p7s
Description: S/MIME cryptographic signature
Prev by Date: AU携帯電話サービス迷惑メール防止機能の迂回
Next by Date: SecurityFocus Newsletter #304 2005-06-13->2005-06-17
Previous by thread: AU携帯電話サービス迷惑メール防止機能の迂回
Next by thread: SecurityFocus Newsletter #304 2005-06-13->2005-06-17
Index(es):
- Date
- Thread