$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Wed Apr 9 20:55:42 2008 +0900 (JST)

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"(B $B2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

Scan Security Wire $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B%M%C%H%i%s%J!<(B$B$N(B $B%Y%9%H!&%*%V!&>o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

$B!!(B$BF|7P(B $B%M%C%H%o!<%/%;%-%e%j%F%#(B 2002 Vol.1 $B%5%]!<%H%Z!<%8(B$B$r$D$/$j$^$7$?!#(B (Vol.3 $B$N%5%]!<%H%Z!<%8$bI,MW$J$N$+$J$"!D!DFC$K=q$/$3$H$J$$$N$G$9$,(B)

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B27$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$B%j%G%k!&%O!<%H!V(B$B@oN,O@!!4V@\E*%"%W%m!<%A(B$B!W(B ($BI|4)7hDj(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B103$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B166$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B%;%-%e%j%F%#%[!<%k(B memo BoF 2007 $B$r3+:E$7$^$7$?!#%W%l%<%s%F!<%7%g%s$7$FD:$$$?3'MM!"$*$h$S$4;22C$5$l$?3'MM!"$"$j$,$H$&$4$6$$$^$7$?!#(B

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2008.04.09

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2008.02.05)

$B!!(BUltraVNC $B$N7o!#(B$B%j%b!<%HA`:n%U%j!<%=%U%H!V(BUltraVNC$B!W$K%;%-%e%j%F%#!&%[!<%k!$F|K\8l4D6-$G$NBP1~K!$r>R2p(B ($BF|7P(B IT Pro, 2008.04.09) $B$K$*$$$F!">e5-(B vncviewer $B$OF|K\8l%-!<%\!<%I$KBP1~$7$F$$$J$$7o$H$=$NBP1~$K$D$$$F!"(B $B;32\:Y$K2r@b$7$F$$$^$9!#%]%$%s%H$O$3$&$_$?$$(B:

  • $B;vA0$K(B UltraVNC 1.0.2 $BF|K\8lHG(B Release 2 $B$r:o=|$7!":F5/F0$7$?8e$K(B UltraVNC 1.0.4 RC14 $B$r%$%s%9%H!<%k$9$k(B ($B>e=q$-%$%s%9%H!<%k$O%@%a(B)
  • UltraVNC 1.0.4 RC14 $B$G$OF|K\8l%-!<%\!<%I$KBP1~$7$F$*$j!"@_Dj$9$l$PMxMQ$G$-$k(B ($B@_Dj$7$J$$$HMxMQ$G$-$J$$(B)

$B"#(B 2008.04.08

$B"#(B $BDI5-(B

mixi$B$,5,LsJQ99M=Dj!"F|5-$NL5CG=PHG$,2DG=$K(B

$B!!(B$B%_%/%7%#$NMxMQ5,Ls2~DjLdBj$,<($9(BCGM$B;~Be$N8"Mx=hM}$N$"$jJ}(B ($BF|7P(B BP, 2008.04.03)

$B"#(B [SA29665] CA Products Alert Notification Server Multiple Vulnerabilities
(Secunia, 2008.04.05)

$B!!(BCA Anti-Virus for the Enterprise (eTrust Antivirus) 7.1 / r8 / r8.1$B!"(B BrightStor ARCserve Backup r11 / r11.1 / r11.5$B!"(BCA Threat Manager for the Enterprise (eTrust Integrated Threat Management) r8 / r8.1 $B$K4^$^$l$k(B Alert Notification Server $B%5!<%S%9(B (Alert.exe 7.1.758.0 / 8.0.450.0 / 8.1.586.0) $B$KJ#?t$N7g4Y$,$"$j!"(Bremote $B$+$iG$0U$N%3!<%I$rCVE-2007-4620

$B!!=$@5%W%m%0%i%`$,8x3+$5$l$F$$$k$N$GE,MQ$9$l$P$h$$!#(B Security Notice for Alert Notification Server (CA) $B$r;2>H!#(B

$B"#(B HP USB Keys Shipped with Malware for your Proliant Server
(SANS ISC, 2008.04.07)

$B!!(BHP USB$B%U%m%C%T!<(B(B $B%I%i%$%V(B $B%-!<(B$B$N0lIt(B (?) $B$K%&%$%k%9$,F1:-$5$l$F$$$kLOMM!#(B

$B"#(B 2008.04.07

$B"#(B $BIT6q9g$H6[5^%a%s%F%J%s%9$K$D$-$^$7$F(I%%%$B$=$l$@$1!)(B
($B%V%m%0L1(B - $B%7%g%\!<%s(B, 2008.04.05)

$B!!(B$B%V%m%0L1(B$B$H$$$&%5%$%H$K$*$$$F!"(B2008 $BG/(B 2 $B7n0J9_$KJ#?t2s(B iframe $B$rA^F~$5$l$k967b$,9T$o$l$F$$$k$K$b$+$+$o$i$:!"MxMQ

$B!!%j%M!<%8%e;qNA<<$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B OpenSSH 5.0 Release Notes
(OpenSSH.com, 2008.04.03)

$B!!(BOpenSSH 5.0/5.0p1 $B=P$F$$$^$9!#8M0f$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B $B

CVE-2008-1483: Avoid possible hijacking of X11-forwarded connections by refusing to listen on a port unless all address families bind successfully.

$B"#(B 2008.04.04

$B"#(B $BDI5-(B

[SA29315] RealPlayer ActiveX Control "Console" Property Memory Corruption

$B!!(BUnpatched RealPlayer Vulnerability Being Exploited in the Wild (Symantec blog, 2008.04.03) $B$K$h$k$H!"(B $B$3$N7g4Y$O(B RealPlayer 11.0.2 $B$K4^$^$l$k(B rmoc3260.dll (6.0.10 .50) $B$G=$@5$5$l$F$$$k$=$&$@!#(BRealPlayer $B%@%&%s%m!<%I%Z!<%8(B$B$+$i(B RealPlayer11GOLD_ja.exe $B$r%@%&%s%m!<%I$7$F%$%s%9%H!<%k$7$F$_$?$H$3$m!"(BRealPlayer 11.0.2 $B$@$C$?!#(B

$B!!(BPoC

[openmya:038862] Re: $B@H

$B!!(B$B!V>pJs%;%-%e%j%F%#Aa4|7Y2|%Q!<%H%J!<%7%C%W%,%$%I%i%$%s!W$N(B2008$BG/HG$r8x3+(B $B!A%&%'%V%5%$%H1?1D (IPA, 2008.04.04)

2008$BG/(B3$B7nKv$^$G$K%=%U%H%&%'%"@=IJ5Z$S%&%'%V%5%$%H$N@H

$B!!(B$B%=%U%H%&%'%"Ey$N@HpJs$K4X$9$kFO=P>u67(B [2007$BG/Bh(B4$B;MH>4|!J(B10$B7n!A(B12$B7n!K(B] (IPA) $B$K$h$k$H!"(B2007 $BG/Kv$G(B 1123 + 626 = 1749 $B$J$N$G!"(B2008Q1 $B$O(B 2046 - 1749 = 297$B!#(B 2007$BG/$O(B

2007Q1 37 + 96 = 133
2007Q2 46 + 95 = 141
2007Q3 49 + 103 = 152
2007Q4 66 + 80 = 146

$B$J$N$G!"(B2008Q1 $B$N(B 297 $B$H$$$&?t;z$O!V$3$l$^$G$NG\!W$G$9$J!#?ME*;q8;$,BP1~$G$-$J$/$J$C$F$$$k$N$G$9$+$M$(!#(B

$B"#(B SYM08-009 - Symantec AutoFix Support Tool ActiveX Control Vulnerabilities
(Symantec, 2008.04.02)

$B!!(BNorton 360 version 1.0$B!"(BNorton AntiVirus / Norton Internet Security / Norton System Works 2006 $B!A(B 2008 $B$K4^$^$l$k(B Symantec AutoFix Tool $B$KMxMQ$5$l$k(B ActiveX $B%3%s%H%m!<%k(B (SYMADATA.DLL) $B$K(B 2 $Bu67$,H/@8$7F@$k!#(B

$B!!=$@5HG$N(B AutoFix Tool $B$O<+F0E*$K%$%s%9%H!<%k$5$l$k!#$^$?(B https://www-secure.symantec.com/techsupp/asa/install.jsp $B$+$i$bF~

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#>pJs$N;vA0DLCN(B - 2008 $BG/(B 4 $B7n(B
(Microsoft, 2008.04.04)

$B!!6[5^(B: 5$B!"=EMW(B: 3 $B$H!":#7n$b@9$j$@$/$5$s$G$9!#(BWindows Vista SP1 / Server 2008 $B$bNc30$G$O$J$$$h$&$G!#(B

$B"#(B Changelog for Opera 9.27 for Windows
(Opera, 2008.04.04)

$B!!(BOpera 9.27 $BEP>l!#(B2 $B7o$N%;%-%e%j%F%#7g4Y$,=$@5$5$l$F$$$k!#(B

$B!!2C$($F!"%Q%9%o!<%IF~NO;~$N%-!<%\!<%I=hM}$,2~A1$5$l$F$$$k$=$&$@!#(B

$B"#(B 2008.04.03

$B"#(B $B$$$m$$$m(B (2008.04.03)
(various)

$B"#(B About the security content of QuickTime 7.4.5
(Apple, 2008.04.03)

$B!!(BQuickTime 7.4.5 $BEP>l!#(B11 $B

  • QuickTime for Java $B$K8"8B>e>:$r5v$97g4Y$,$"$k!#(B CVE-2008-1013

  • $B3+$/$HFCDj$N30It(B URL $B$X<+F0E*$K%"%/%;%9$9$k$h$&$J96N,(B QuickTime $B%`!<%S!<$r:n@.$9$k$3$H$,$G$-!"(B $B$3$l$K$h$C$F>pJsO31H$,H/@8$9$k!#(B CVE-2008-1014

  • data reference atom $B$N=hM}$K7g4Y$,$"$j(B buffer overflow $B$,H/@8!"96N,(B QuickTime $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1015

  • movie media track $B$N=hM}$K7g4Y$,$"$j%a%b%jGK2u$,H/@8!"96N,(B QuickTime $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1016

  • 'crgn' atom $B$N=hM}$K7g4Y$,$"$j(B buffer overflow $B$,H/@8!"96N,(B QuickTime $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1017

  • 'chan' atom $B$N=hM}$K7g4Y$,$"$j(B buffer overflow $B$,H/@8!"96N,(B QuickTime $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1018

  • PICT $B%l%3!<%I$N=hM}$K7g4Y$,$"$j(B buffer overflow $B$,H/@8!"96N,(B PICT $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1019

  • PICT $B2hA|$N=hM}$K$*$1$k%(%i!<=hM}$K7g4Y$,$"$j(B buffer overflow $B$,H/@8!"96N,(B PICT $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1020

  • $B%"%K%a!<%7%g%s(B CODEC $B$N=hM}$K7g4Y$,$"$j(B buffer overflow $B$,H/@8!"96N,%`!<%S!<%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1021

  • 'obji' atom $B$N=hM}$K7g4Y$,$"$j(B buffer overflow $B$,H/@8!"96N,(B QuickTime VR $B%`!<%S!<$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1022

  • Clip opcode $B$N=hM}$K7g4Y$,$"$j(B buffer overflow $B$,H/@8!"96N,(B PICT $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2008-1023

$B!!(BWindows $BHG$N(B Apple Software Update $B$G$b99?7$G$-$k$h$&$G$9!#$?$@$7!"(BiTunes $B$d(B Safari $B$r%$%s%9%H!<%k$7$F$$$J$/$F$b$=$l$i$N9`L\$,8=$l$k$N$GCm0U$7$^$7$g$&!#(B $B=|30@_Dj$b$G$-$J$$$7$J$"!#(BApple Software Update $B$N(B [$B%D!<%k(B] $B%a%K%e!<$K$O(B [$BA*Br$5$l$?99?7$rL5;k(B] $B$H$$$&$b$N$,$"$j$^$9$,(B ($BEDCg$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)$B!"$3$l!"(BApple Software Update $B$r=*N;$9$k$H8z2L$,>C$($A$c$&$_$?$$!#(B $B

$B"#(B 2008.04.02

$B"#(B 2008.04.01

$B"#(B WordPress 2.3.3 Invaded by Wily JavaScript
(trendmicro blog, 2008.03.31)

$B!!(BWordPress 2.3.3 $B$KG$0U$N(B JavaScript $B$rA^F~$5$l$k7g4Y$,$"$j!"%3%a%s%H$9$k$K$OEPO?$,I,MW$H$J$k$h$&$J%5%$%H$K$*$$$F!"9-HO0O$K967b$5$l$F$$$kLOMM!#(B patch $B$O$^$@$J$$$H$$$&!#2sHr:v$H$7$F$O(B:

As a workaround, users may want to close their registration feature. Also, be wary of third-party plug-ins you install in your blog sites.

$B"#(B $BDI5-(B

wnpa-sec-2008-02 - Multiple problems in Wireshark versions 0.99.2 to 0.99.8

$B!!=P$^$7$?(B: Wireshark 1.0 Released (wireshark.org, 2008.03.31)

$B"#(B OpenID.ne.jp$B$N!D(B
($B$F$/$F$/;e4,$-(B, 2008.03.30)

$B!!(Bhttp://www.openid.ne.jp/ $B$K7g4Y!#(B $B%"%+%&%s%H:n@.2hLL(B$B$G!"%?%0$D$-$NCM$rF~NO$G$-$F$7$^$&LOMM!#;vNc$K$D$$$F$O(B http://guest.openid.ne.jp/ $B$r;2>H!#(Bitochan $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B Vista$B!$L$8x3+$N(BFlash$B@H
($BF|7P(B IT Pro, 2008.03.31)

$B!!(BFlash Player ($B%P!<%8%g%sITL@(B) $B$K(B 0-day $B7g4Y$,$"$j!"$3$l$rDL$8$F(B Windows Vista $B$,96N,$5$l$?LOMM!#F1%3%s%F%9%H$G$O4{$K(B MacBook Air $B$,96N,$5$l$F$$$k(B$B$,!"$3$l$KB3$/@.2L!#2q>l$K$O(B Linux $B$b$"$C$?$N$@$,!"$"$^$jAj $B%O%C%-%s%0!&%3%s%F%9%H$G(BMac$B$H(BVista$B$O4YMn!=!=(BLinux$B$@$1$,L5=}(B (computerworld, 2008.03.31) $B$h$j(B:

$B!!(B400$BL>$K5Z$V;22C!$D$?$a$K967b%3!<%I$r=q$/$N$O!"H`$i$NBgH>$,7y$@$H9M$($?$=$&$@!#(B

$B!!F|K\8mLu!V(BLinux $B%^%s%I%/%;!W(B

$B2a5n$N5-;v(B: 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
$B;d$K$D$$$F(B