$B%;%-%e%j%F%#%[!<%k(B memo

Last modified: Sat Mar 20 23:17:49 2010 +0900 (JST)

$B!!(BSecurity Watch $B$5$s$,E9$8$^$$$5$l$F$7$^$C$?$N$G!"(B $B8D?M$GDI$$$+$1$F$_$k%F%9%H$G$9!#(B $BHwK:O?$H$7$F=q$$$F$*$/$D$b$j$J$N$G!"(B Security Watch $B$5$s$N$h$&$J>\:Y$J$b$N$G$O$"$j$^$;$s!#(B $B4pK\E*$J%?!<%2%C%H$O(B UNIX$B!"(BWindows$B!"(BMac OS (priority $B=g(B) $B$H$7$^$9!#(B $B$^$?!"$3$N%Z!<%8$NFbMF$O$I$N%Z!<%8$K$bA}$7$FL5J]>Z$G$"$k$3$H$r@k8@$7$F$*$-$^$9!#A4$F$N>pJs$,=8$^$C$F$$$k$o$1$b$"$j$^$;$s!#(B

$B!!$3$3$K:\$;$k>pJs$K$D$$$F$O!"2DG=$J8B$j(B 1 $BpJs8;$X$N%j%s%/$r:n@.$7$F$*$-$^$9!#(B $B3F<+$G(B 1 $BpJs8;$NFbMF$r3NG'$7$F$/$@$5$$!#(B $B$3$N%Z!<%8$NFbMF$r$/$l$0$l$b1-0{$_$K$7$J$$$h$&$K!#(B $B4V0c$$$rH/8+$5$l$?J}!"5-:\$5$l$F$$$J$$>pJs$r$4B8CN$NJ}!"$<$R(B$B$*$7$($F$/$@$5$$(B$B!#$h$m$7$/$*4j$$$$$?$7$^$9!#(B

$B!!$3$N%Z!<%8$N>pJs$rMxMQ$5$l$kA0$K!"(B$BCm0U=q$-(B$B$r$*FI$_$/$@$5$$!#(B

$B!!(B[ $BDjHV>pJs8;(B ] $B!!2a5n$N5-;v(B: 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[SCAN Security Wire NP Prize 2001]

$B!V(BScan Security Wire$B!W(B $BSCAN Security Wire NP Prize 2001 $B$r^(B$B$7$^$7$?!#(B

$B!!(B

$B!V%M%C%H%i%s%J!o=,^$r!"%Y%9%H!&%*%V!&>o=,^$r^$7$^$7$?!#(B

www.iraqbodycount.org www.iraqbodycount.org

$BI|4)%j%/%(%9%H
$B%8%'%$%`%:(B.$B#F(B.$B%@%K%,%s!V(B $B?7!&@oAh$N%F%/%N%m%8!<(B$B!W(B($B8=:_(B27$BI<(B)
$BCf;3?.90!V(B$B%=%U%H%&%'%"$NK!E*J]8n(B$B!W(B ($B8=:_(B119$BI<(B) ($B%*%s%G%^%s%I9XF~2D(B)
$B%j%G%k!&%O!<%H!V(B$B@oN,O@!!4V@\E*%"%W%m!<%A(B$B!W(B ($BI|4)7hDj(B)
$BN&0f;0O:Lu!&JT!V(B$B%Y%H%J%`5"4TJ<$N>Z8@(B$B!W(B ($B8=:_(B103$BI<(B)
$BNS9nL@!V(B$B%+%U%+%9$N>.$5$J9q!!%A%'%A%'%sFHN)1?F0;OKv(B$B!W(B ($B8=:_(B166$BI<(B)

RSS $B$KBP1~$7$F$_$^$7$?!#(B $B>.%M%?$O4^$^$l$F$$$^$;$s!#!V@/<#$M$?%&%<%'!W$H$$$&?M$O(B RSS $B%Y!<%9$GFI$`$H9,$;$K$J$l$k$G$7$g$&(B ($B%&%6$/$J$$?M$O(B $B$3$C$A$N(B RSS $B$,$h$$$+$b$7$l$^$;$s(B)$B!#(B RSS 1.0 $B$G$9$N$G!"$"$/$^$G(B RDF Site Summary $B$G$9!#(B $B8=:_$O(B Really Simple Syndication $B$K$OBP1~$7$F$$$^$;$s!#(B
$B:#$9$0(B Really Simple Syndication $B$,$[$7$$?M$O!"$N$$$s$5$s$K$h$k(B Web $B%5%$%H$N(B RSS $B$r>! $B$r;2>H$7$F$/$@$5$$!#(B($B$N$$$s$5$s>pJs$"$j$,$H$&$4$6$$$^$9(B)

$B<BMQ(B SSH $BBh(B2$BHG(B: $B%;%-%e%
2 $B:~$,=P$^$7$?!#(B$B%*%i%$%j!<$GCmJ8$7(B$B!"Hw9MMw$K!VI,$:(B2$B:~$G$"$k$3$H!W$H=q$/$H(B 2 $B:~$r3N

$B"#(B 2010.03.20

$B"#(B Finding Malware on your network via cached DNS entries
(innismir.net, 2010.03.18)

$B!!(Bzeusdnsscrape.pl $B$r;H$C$F!"(BDNS $B%-%c%C%7%e%5!<%P$rD4$Y$F$_$k$F$9$H!#(B($filelocation $B$O!"0BA4$r3NG'$G$-$k>l=j$KJQ99$7$?J}$,$$$$$h$&$J5$$,$9$k$J$!(B)

$B"#(B 2010.03.19

$B"#(B Google Chrome - Stable Channel Update
(Google Chrome Releases, 2010.03.17)

$B!!(BGoogle Chrome 4.1.249.1036 for Windows $BEP>l!#=i$N(B $1337 $B5i7g4Y$r4^$`!"(B9 $B7o$N7g4Y$,=$@5$5$l$F$$$k!#(B Encouraging More Chromium Security Research (The Chromium Blog, 1/28) $B$K$h$k$H!"(B $1337 $B$O$3$s$JBP>]$KB#$i$l$k$=$&$G!#(B

Q) What reward might I get?
A) As per Mozilla, our base reward for eligible bugs is $500. If the panel finds a particular bug particularly severe or particularly clever, we envisage rewards of $1337. The panel may also decide a single report actually constitutes multiple bugs. As a consumer of the Chromium open source project, Google will be sponsoring the rewards.

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2010.02.23)

$B!!(B[SA38608] Mozilla Firefox Unspecified Code Execution Vulnerability (secunia, 2010.02.18) $B$N7o!"(B Update on Secunia Advisory SA38608 (Mozilla Security Blog, 2010.03.18) $B$K$h$k$H!"(B Mozilla.org $B$G7g4Y$NB8:_$,3NG'$5$l!"(B 2010.03.30 (US $B;~4V$+(B?) $B$K%j%j!<%9$5$l$kM=Dj$N(B Firefox 3.6.2 $B$G=$@5$5$l$kLOMM!#(B

$B"#(B 2010.03.18

$B"#(B 2010.03.17

$B"#(B Virtual PC Hypervisor Memory Protection Vulnerability
(Core Security, 2010.03.16)

$B!!(BVirtual PC$B!"(BVirtual PC 2007 gold / SP1$B!"(BVirtual Server 2005 gold / R2 SP1 $B$K7g4Y!#%O%$%Q!<%P%$%6!<$N%a%b%j!<4IM}$K7g4Y$,$"$j!"J*M}%O!<%I%&%'%">e$G$O96N,$G$-$J$$$h$&$J7g4Y$,!"2>A[%^%7%s>e$G$O96N,$G$-$F$7$^$&!#(B DEP$B!"(BSafeSEH$B!"(BASLR $B$H$$$C$?(B Windows $B$N%;%-%e%j%F%#5!9=$bHt$S1[$($i$l$kLOMM!#(B Windows 7 $B$N(B XP Mode $B$b$3$N7g4Y$N1F6A$r

$B!!(Bpatch $B$O$^$@$J$$!#(BCore Security $B$O(B 2009.08 $B$K(B Microsoft $B$KDLCN:Q$@$,!"$^$@D>$C$F$J$$!#(B

$B"#(B 2010.03.16

$B"#(B $BDI5-(B

Apache HTTP Server (httpd) 2.2.15 Released

$B!!4XO"(B: Apache HTTP Server Vulnerability Advisory for Adobe Flash Media Server Customers (Adobe PSIRT blog, 2010.03.15)$B!#(BAdobe Flash Media Server 3.5.x (Windows $BHG$N$_(B) $B$K$O(B Apache 2.2.9 $B$,F1:-$5$l$F$$$k$N$G!"(Bmod_isapi.so $B$r%3%a%s%H%"%&%H$7$FBP=h$7$F$MOC!#(B

Microsoft 2010 $BG/(B 3 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BWindows XP $B$K$O%`!<%S!<%a!<%+!<(B 2.6 $B$r%$%s%9%H!<%k$G$-$J$$$N$G5-=R$r=$@5!#(BMaeda $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

[Full-disclosure] Spamassassin Milter Plugin Remote Root

$B!!Mh$F$$$k$h$&$G$9(B: Spamassassin Milter Plugin Remote Root Attack (SANS ISC, 2010.03.15)

$B"#(B 2010.03.15

$B"#(B $BDI5-(B

Microsoft 2010 $BG/(B 3 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BWindows$B$N2hLL$,Cf9q8l$K!=!=(B3$B7n$N(BMS$B%Q%C%A$G0lIt$KIT6q9g(B (ITmedia, 2010.03.15)$B!#1Q8lHG(B Windows + Excel 2002 / 2003 $B$N>l9g$K(B MS10-017 patch $B$r$"$F$k$H!"%3%s%H%m!<%k%Q%M%k$N!V%=%U%H%&%'%"$NDI2C$H:o=|!W$d!V%W%m%0%i%`$H5!G=!W$,!"$J$<$+Cf9q8lI=<($K$J$C$F$7$^$&$3$H$,$"$k$=$&$G!#(B $B$3$N8=>]$,H/@8$7$?>l9g$O!"0lC6(B patch $B$r%"%s%$%s%9%H!<%k$7!"@\E,MQ$9$l$P$h$$$=$&$@!#(B

$B"#(B 2010.03.14

$B"#(B Microsoft 2010 $BG/(B 3 $B7n$N%;%-%e%j%F%#>pJs(B
(Microsoft, 2010.03.10)

$B!!:#2s$O(B 2 $B7o!#(B

MS10-016 - $B=EMW(B: Windows $B%`!<%S!<(B $B%a!<%+!<$N@H

$B!!(BWindows $B%`!<%S!<%a!<%+!<(B 2.1 / 2.6 / 6.0$B!"(BMicrosoft Producer 2003 $B$K7g4Y!#(B buffer overflow $B$9$k7g4Y$,$"$j!"96N,(B MSWMM / MSProducer / MSProducerZ / MSProducerBF $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$rCVE-2010-0265$B!#(B Exploitability Index: 1

$B!!$J$*!"(BWindows Live $B%`!<%S!<%a!<%+!<$K$O$3$N7g4Y$O$J$$!#(B

$B!!(BWindows XP $B$K$O%`!<%S!<%a!<%+!<(B 2.1$B!"(BWindows Vista $B$K$O(B $B%`!<%S!<%a!<%+!<(B 6.0 $B$,F1:-$5$l$F$$$k!#(BWindows XP / Vista / 7 $B$K$O(B $B%`!<%S!<%a!<%+!<(B 2.6 $B$r%$%s%9%H!<%k$G$-$k!#(B

$B!!%`!<%S!<%a!<%+!<(B 2.1 / 2.6 / 6.0 $B$K$D$$$F$O=$@5%W%m%0%i%`$,MQ0U$5$l$F$$$k$,!"(B Microsoft Producer 2003 $B$N=$@5%W%m%0%i%`$O$^$@$J$$!#(B Producer 2003 $B$H$$$&$N$O(B PowerPoint 2002 / 2003 $B8~$1$N%"%I%$%s$J$N$@$=$&$G!"(B Microsoft $B$O(B Producer 2003 $B$N%"%s%$%s%9%H!<%k$r?d>)$7$F$$$k!#(B $B$=$l$,$G$-$J$$>l9g$O!"(B KB 975561 $B$K7G:\$5$l$F$$$k(B Microsoft Fix it $B$r

MS10-017 - $B=EMW(B: Microsoft Office Excel $B$N@H

$B!!(BExcel 2002 / 2003 / 2007$B!"(BOffice 2004 / 2008 for Mac$B!"(BOpen XML File Format Converter for Mac$B!"(BExcel Viewer$B!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/!"(BSharePoint Server 2007 $B$K7g4Y!#(B

  • Microsoft Office Excel $B$N%l%3!<%I(B $B%a%b%jGKB;$N@HCVE-2010-0257

    $B!!(BExcel 2002 $B$K7g4Y!"96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft Office Excel $B%7!<%H$N%*%V%8%'%/%H7?$N:.Mp$N@HCVE-2010-0258

    $B!!(BExcel 2002 / 2003 / 2007$B!"(BOffice 2004 / 2008 for Mac$B!"(BOpen XML File Format Converter for Mac$B!"(BExcel Viewer$B!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/$K7g4Y!#(B $B96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft Office Excel $B$N(B MDXTUPLE $B%l%3!<%I$N%R!<%W(B $B%*!<%P!<%U%m!<$N@HCVE-2010-0260

    $B!!(BExcel 2007$B!"(BExcel Viewer$B!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/$K7g4Y!#96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft Office Excel $B$N(B MDXSET $B%l%3!<%I$N%R!<%W(B $B%*!<%P!<%U%m!<$N@HCVE-2010-0261

    $B!!(BExcel 2007$B!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/$K7g4Y!#96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft Office Excel $B$N(B FNGROUPNAME $B%l%3!<%I$N=i4|2=$5$l$F$$$J$$%a%b%j$N@HCVE-2010-0262

    $B!!(BExcel 2003 / 2007$B!"(BOffice 2004 for Mac $B$K7g4Y!#96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft Office Excel $B$N(B XLSX $B%U%!%$%k2r@O$N%3!<%ICVE-2010-0263

    $B!!(BExcel 2007$B!"(BOffice 2008 for Mac$B!"(BOpen XML File Format Converter for Mac$B!"(BExcel Viewer$B!"(BWord/Excel/PowerPoint 2007 $B%U%!%$%k7A<0MQ(B Microsoft Office $B8_495!G=%Q%C%/!"(BSharePoint Server 2007 $B$K7g4Y!#96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

  • Microsoft Office Excel $B$N(B DbOrParamQry $B%l%3!<%I2r@O$N@HCVE-2010-0264

    $B!!(BExcel 2002$B!"(BOffice 2004 / 2008 for Mac$B!"(BOpen XML File Format Converter for Mac $B$K7g4Y!#96N,(B Excel $B%U%!%$%k$K$h$C$FG$0U$N%3!<%I$r

2010.03.15 $BDI5-(B:

$B!!(BWindows$B$N2hLL$,Cf9q8l$K!=!=(B3$B7n$N(BMS$B%Q%C%A$G0lIt$KIT6q9g(B (ITmedia, 2010.03.15)$B!#1Q8lHG(B Windows + Excel 2002 / 2003 $B$N>l9g$K(B MS10-017 patch $B$r$"$F$k$H!"%3%s%H%m!<%k%Q%M%k$N!V%=%U%H%&%'%"$NDI2C$H:o=|!W$d!V%W%m%0%i%`$H5!G=!W$,!"$J$<$+Cf9q8lI=<($K$J$C$F$7$^$&$3$H$,$"$k$=$&$G!#(B $B$3$N8=>]$,H/@8$7$?>l9g$O!"0lC6(B patch $B$r%"%s%$%s%9%H!<%k$7!"@\E,MQ$9$l$P$h$$$=$&$@!#(B

2010.03.16 $BDI5-(B:

$B!!(BWindows XP $B$K$O%`!<%S!<%a!<%+!<(B 2.6 $B$r%$%s%9%H!<%k$G$-$J$$$N$G5-=R$r=$@5!#(BMaeda $B$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2010.03.08)

$B!!(B Locate and Exploit the Energizer Trojan (metasploit blog, 2010.03.08)

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (981374) Internet Explorer $B$N@H

$B!!1Q8lHG%"%I%P%$%6%j!"(BMicrosoft Security Advisory (981374) Vulnerability in Internet Explorer Could Allow Remote Code Execution (Microsoft) $B$,(B 2010.03.12 $BIU$G99?7$5$l$F(B version 1.2 $B$K$J$C$F$$$k!#(B

  • $B!V(Biepeers.dll $B$N%T%"(B $B%U%!%/%H%j(B $B%/%i%9$rL58z$K$9$k!WJ}K!$,(B Microsoft Fix it $B$K$J$C$?!#(BKB 981374 $B$K$O!V(Biepeers.dll $B$N%T%"(B $B%U%!%/%H%j(B $B%/%i%9$rL58z$K$9$k!W(BFix it 50386 $B$H(B $B!V(BDEP $B$rM-8z$K$9$k!W(BFix it 50285 $B$N(B 2 $B$D$,7G:\$5$l$F$$$k!#(B

    $B$J$*!"(B01:15 AM $B8=:_!"(B$BF|K\8lHG$N(B KB 981374 $B$K$O(B $B!V(BDEP $B$rM-8z$K$9$k!W(BFix it $B$7$+$J$$$N$GCm0U!#(B

$B"#(B 2010.03.13

$B"#(B 2010.03.12

$B"#(B $BDI5-(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (981374) Internet Explorer $B$N@H

$B!!4XO"(B:

$B"#(B Safari 4.0.5 $B$N%;%-%e%j%F%#%3%s%F%s%D$K$D$$$F(B
(Apple, 2010.03.11)

$B!!(BSafari 4.0.5 $BEP>l!#(B16 $B

$B"#(B 2010.03.11

$B"#(B samba - CVE-2010-0728: Allowing all file system access even when permissions should have denied access
(samba.org, 2010.03.08)

$B!!(Bsamba 3.3.11 / 3.4.6 / 3.5.0 $B$N$_$K7g4Y!#(B Linux $B$NHsF14|(B IO $B$N=hM}$K7g4Y$,$"$j!"(B smbd $B$,(B CAP_DAC_OVERRIDE $B%1!<%Q%S%j%F%#(B $B$r7Q>5$7$F5/F0$5$l$?>l9g$K!"A4$F$N%U%!%$%k%7%9%F%`$X$N%"%/%;%9$,!"$?$H$(%Q!<%_%C%7%g%s$K$h$C$F5qH]$5$l$F$$$?>l9g$G$"$C$F$b!"5v2D$5$l$F$7$^$&!#(B CVE-2010-0728

$B!!(Bsamba 3.3.12 / 3.4.7 / 3.5.1 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2010.03.08)

$B!!(B$B@H ($B%^%$%3%_%8%c!<%J%k(B, 2010.03.04)$B!#(BJVNVU#576029 - libpng $B$K$*$1$k05=L$5$l$?Jd=u%A%c%s%/$N=hM}$K@H (JVN, 2010.03.04) $B4XO"!#(B

$B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (981169) VBScript $B$N@H

$B!!(BIE$B$K$*$1$k(BVBScript $B$H(B Windows Help $B%U%!%$%k$N(B $BAj8_:nMQ$NJ}K!$KB8:_$9$k@HZ%l%]!<%H!J(B2010.03.05$BDI5-!K(B (NTT $B%G!<%?%;%-%e%j%F%#(B, 2010.03.05)

APSB10-07: Security Advisory for Adobe Reader and Acrobat

$B!!4XO"(B:

$B"#(B [Full-disclosure] Spamassassin Milter Plugin Remote Root
(Full-disclosure ML, 2010.03.08)

$B!!(BSpamAssassin Milter Plugin $B$K7g4Y$,$"$j!"(B-x $B%*%W%7%g%s$D$-$G5/F0$7$?>l9g$K!"(Broot $B8"8B$GG$0U$N%3%^%s%I$r

2010.03.16 $BDI5-(B:

$B!!Mh$F$$$k$h$&$G$9(B: Spamassassin Milter Plugin Remote Root Attack (SANS ISC, 2010.03.15)

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (981374) Internet Explorer $B$N@H
(Microsoft, 2010.03.10)

$B!!(BIE 6 / 7 $B$K(B 0-day $B7g4Y!"96N,(B Web $B%Z!<%8$r1\Mw$9$k$HG$0U$N%3!<%I$rCVE-2010-0806$B!#(B $B4XO"(B:

$B!!J#?t$N2sHr:v$,7G:\$5$l$F$$$k$,!"(BKB 981374 $BE*$K$O!V(BDEP $B$NM-8z2=!W$,%*%9%9%a$NLOMM!#8D?ME*$K$O!V(BIE 8 $B$K0\9T$9$k!W$r?d>)!#3N

32bit Windows: Echo y| cacls %WINDIR%\SYSTEM32\iepeers.DLL /E /P everyone:N
64bit Windows: Echo y| cacls %WINDIR%\SYSWOW64\iepeers.DLL /E /P everyone:N

2010.03.11 $BDI5-(B:

$B!!2sHrJ}K!$,DI2C$5$l$?!#!V(Biepeers.dll $B$N%T%"(B $B%U%!%/%H%j(B $B%/%i%9$rL58z$K$9$k!W(B $B$3$H$G$b2sHr$G$-$kLOMM!#%l%8%9%H%j@_DjJ}K!$,5-:\$5$l$F$$$k!#(B

2010.03.12 $BDI5-(B:

$B!!4XO"(B:

2010.03.14 $BDI5-(B:

$B!!1Q8lHG%"%I%P%$%6%j!"(BMicrosoft Security Advisory (981374) Vulnerability in Internet Explorer Could Allow Remote Code Execution (Microsoft) $B$,(B 2010.03.12 $BIU$G99?7$5$l$F(B version 1.2 $B$K$J$C$F$$$k!#(B

  • $B!V(Biepeers.dll $B$N%T%"(B $B%U%!%/%H%j(B $B%/%i%9$rL58z$K$9$k!WJ}K!$,(B Microsoft Fix it $B$K$J$C$?!#(BKB 981374 $B$K$O!V(Biepeers.dll $B$N%T%"(B $B%U%!%/%H%j(B $B%/%i%9$rL58z$K$9$k!W(BFix it 50386 $B$H(B $B!V(BDEP $B$rM-8z$K$9$k!W(BFix it 50285 $B$N(B 2 $B$D$,7G:\$5$l$F$$$k!#(B

    $B$J$*!"(B01:15 AM $B8=:_!"(B$BF|K\8lHG$N(B KB 981374 $B$K$O(B $B!V(BDEP $B$rM-8z$K$9$k!W(BFix it $B$7$+$J$$$N$GCm0U!#(B

$B"#(B 2010.03.09

$B"#(B All Your Apps Are Belong to Apple: The iPhone Developer Program License Agreement
(EFF, 2010.03.08)

$B!!>!$F$J$$!#0z$-J,$1$i$l$J$$!#F($2$i$l$J$$!#Dq93$OL50UL#$@!#(B

$B"#(B Q1 2010 Web Browser Comparative Test: Socially-Engineered Malware
(nsslabs, 2010.02)

$B!!(BWeb $B%V%i%&%6$,AuHw$9$k(B URL $B%U%#%k%?%j%s%05!G=$K$D$$$F!"BP%^%k%&%'%"$H$$$&4QE@$G%j%"%k%?%$%`%F%9%H$r

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2010.03.08)

$B!!(BUsing Nmap to detect the Arucer (ie, Energizer) Trojan (SkullSecurity, 2010.03.08)$B!#(B Vulnerability Note VU#154421: Energizer DUO USB battery charger software allows unauthorized remote system access (US-CERT, 2010.03.05) $B4XO"$M$?!#(B

$B"#(B 2010.03.08

$B"#(B $B$$$m$$$m(B (2010.03.08)
(various)

2010.03.09 $BDI5-(B:

$B!!(BUsing Nmap to detect the Arucer (ie, Energizer) Trojan (SkullSecurity, 2010.03.08)$B!#(B Vulnerability Note VU#154421: Energizer DUO USB battery charger software allows unauthorized remote system access (US-CERT, 2010.03.05) $B4XO"$M$?!#(B

2010.03.11 $BDI5-(B:

$B!!(B$B@H ($B%^%$%3%_%8%c!<%J%k(B, 2010.03.04)$B!#(BJVNVU#576029 - libpng $B$K$*$1$k05=L$5$l$?Jd=u%A%c%s%/$N=hM}$K@H (JVN, 2010.03.04) $B4XO"!#(B

2010.03.14 $BDI5-(B:

$B!!(B Locate and Exploit the Energizer Trojan (metasploit blog, 2010.03.08)

$B"#(B Apache HTTP Server (httpd) 2.2.15 Released
(apache.org, 2010.03.07)

$B!!(BCHANGES_2.2.15 $B$K$h$k$H!"(B

  • SECURITY: CVE-2009-3555 (cve.mitre.org)
    mod_ssl: Comprehensive fix of the TLS renegotiation prefix injection attack when compiled against OpenSSL version 0.9.8m or later. Introduces the 'SSLInsecureRenegotiation' directive to reopen this vulnerability and offer unsafe legacy renegotiation with clients which do not yet support the new secure renegotiation protocol, RFC 5746. [Joe Orton, and with thanks to the OpenSSL Team]

  • SECURITY: CVE-2009-3555 (cve.mitre.org)
    mod_ssl: A partial fix for the TLS renegotiation prefix injection attack by rejecting any client-initiated renegotiations. Forcibly disable keepalive for the connection if there is any buffered data readable. Any configuration which requires renegotiation for per-directory/location access control is still vulnerable, unless using OpenSSL >= 0.9.8l. [Joe Orton, Ruediger Pluem, Hartmut Keil <Hartmut.Keil adnovum.ch>]

  • SECURITY: CVE-2010-0408 (cve.mitre.org)
    mod_proxy_ajp: Respond with HTTP_BAD_REQUEST when the body is not sent when request headers indicate a request body is incoming; not a case of HTTP_INTERNAL_SERVER_ERROR. [Niku Toivola <niku.toivola sulake.com>]

  • SECURITY: CVE-2010-0425 (cve.mitre.org)
    mod_isapi: Do not unload an isapi .dll module until the request processing is completed, avoiding orphaned callback pointers. [Brett Gervasoni <brettg senseofsecurity.com>, Jeff Trawick]

  • SECURITY: CVE-2010-0434 (cve.mitre.org)
    Ensure each subrequest has a shallow copy of headers_in so that the parent request headers are not corrupted. Elimiates a problematic optimization in the case of no request body. PR 48359 [Jake Scott, William Rowe, Ruediger Pluem]

2010.03.16 $BDI5-(B:

$B!!4XO"(B: Apache HTTP Server Vulnerability Advisory for Adobe Flash Media Server Customers (Adobe PSIRT blog, 2010.03.15)$B!#(BAdobe Flash Media Server 3.5.x (Windows $BHG$N$_(B) $B$K$O(B Apache 2.2.9 $B$,F1:-$5$l$F$$$k$N$G!"(Bmod_isapi.so $B$r%3%a%s%H%"%&%H$7$FBP=h$7$F$MOC!#(B

$B"#(B 2010.03.07

$B"#(B 2010.03.05

$B"#(B SA-CORE-2010-001 - Drupal core - Multiple vulnerabilities
(Drupal.org, 2010.03.03)

$B!!(BDrupal 5.x / 6.x $B$KJ#?t$N7g4Y$,$"$j!"(BDrupal 5.22 / 6.16 $B$G=$@5$5$l$F$$$k$=$&$G$9!#(B

$B"#(B Opera$B%V%i%&%6$K?<9o$J@H
(ITmedia, 2010.03.05)

$B!!$3$N7o(B: Opera 10.10 - 10.50 Integer overflow leading to out of bounds array access R/W 0day poc (exploit-db.com, 2010.03.03)$B!#D9Bg$J(B Content-Length: $B$K$h$C$FH/>I$9$k$h$&$G!#(B

$B!!(BOpera $B$K$O(B patch $B$H$$$&35G0$O$J$$$N$G!"?7HGBT$A$G$9$M!#(B

$B"#(B 2010.03.04

$B!!!Z$R$J$^$D$j$N

$B"#(B 2010.03.03

$B!!!Z@$$NCfE*$K$O$R$J$^$D$j$C$F$3$H$K$J$C$F$$$k![(B

$B"#(B $B$$$m$$$m(B (2010.03.03)
(various)

  • CVE-2010-0789$B!#(B2.7.4 $B0JA0(B / 2.8.1 $B0JA0$N(B FUSE $B$K7g4Y!#(Bfusermount $B$K(B symlink $B967b$r

    FUSE 2.7.5 / 2.8.2 $B$G=$@5$5$l$F$$$k!#(B

$B"#(B Thunderbird 3.0.3 $B%j%j!<%9%N!<%H(B
(mozilla.jp, 2010.03.01)

$B!!(BThunderbird 3.0.3 $B6[5^=P2Y!#(BThunderbird 3.0.2 $B$GH/@8$7$?=EBg$J>c32!"(B Bug 548735 - Local Folders "account" has disappeared from the left hand folder pane with v3.0.2 (mozilla.org) $B$KBP1~!#(B

$B"#(B $B!ZCm0U4-5/![(BGumblar$B!J%,%s%V%i!
(LAC, 2010.03.03)

$B!!Nc$N(B .htaccess $B$K$h$k%j%@%$%l%/%H(B$B$N7o!#(B

$B!Z(BWeb$B%5!<%P4IM}
$B?H$K3P$($N$J$$(B.htaccess$B%U%!%$%k$,B8:_$7$J$$$+$r3NG'$7$F$/$@$5$$!#(BFTP$BE>Aw%m%0$G(B.htaccess$B%U%!%$%k$,%"%C%W%m!<%I$5$l$F$$$J$$$+$r3NG'(B9$k$N$bM-8z$G$9!#

$B"#(B $BDI5-(B

Renegotiating TLS

$B!!(BOpera 10.50 $BEP>l!#(BRFC5746 $B$KBP1~$7$F$$$k$h$&$G$9!#(B

Claimed Zero Day exploit in Samba

$B!!(Bsamba 3.5.0 $B$G$O%G%U%)%k%H$G(B wide links = no $B$H$J$C$F$$$k$=$&$G$9!#(B

$B!!(BCVE-2010-0926

Microsoft 2010 $BG/(B 2 $B7n$N%;%-%e%j%F%#>pJs(B

$B!!(BMS10-015 - $B=EMW(B: Windows $B%+!<%M%k$N@H:3J$5$l$k(B (977165) $B$,2~D{$5$l$^$7$?!#?7$7$$(B patch $B$,EP>l$7$F$$$^$9!#(B

$B$J$<$3$N%;%-%e%j%F%#>pJs$O(B 2010 $BG/(B 3 $B7n(B 3 $BF|$K99?7$5$l$?$N$G$9$+(B?
$B%^%$%/%m%=%U%H$O$3$N%;%-%e%j%F%#>pJs$r99?7$7!"(BWindows Update $B>e$G(B MS10-015 $B$N%;%-%e%j%F%#99?7%W%m%0%i%`$N2~D{HG%Q%C%1!<%8$NDs6!$r3+;O$7$?$3$H$r$*CN$i$;$7$^$7$?!#$3$N2~D{$O!"%Q%C%1!<%8$N%$%s%9%H!<%k(B $B%m%8%C%/$NJQ99$N$?$a$K9T$o$l$?$b$N$G!"FCDj$N0[>o$J>uBV$,%7%9%F%`$KB8:_$9$k>l9g$K$O%;%-%e%j%F%#99?7%W%m%0%i%`$,%$%s%9%H!<%k$5$l$J$$$h$&$K$7$^$9!#(B $B$3$l$i$N%7%9%F%`$N0[>o$J>uBV$O!"%3%s%T%e!<%?!<(B $B%&%$%k%9$X$N46@w$K$h$k$b$N$G$"$k$H9M$($i$l!"%*%Z%l!<%F%#%s%0(B $B%7%9%F%`$N%U%!%$%k$r2~$6$s$5$l$k$3$H$G!"46@w$7$?%3%s%T%e!<%?!<$O(B MS10-015 $B$N%;%-%e%j%F%#99?7%W%m%0%i%`$H8_49@-$N$J$$>uBV$K$J$j$^$9!#$^$?!">l9g$K$h$C$F!"%&%$%k%9$K46@w$7$?%3%s%T%e!<%?!<>e$K%;%-%e%j%F%#99?7%W%m%0%i%`(B MS10-015 $B$r%$%s%9%H!<%k$9$k$H!"%3%s%T%e!<%?!<$,:F5/F0$r7+$jJV$7$^$9!#$3$N8=>]$K4X$9$k>\:Y>pJs$O!"(B$B$3$A$i$N(B Web $B%5%$%H(B ($B1Q8l>pJs(B) $B$r$4Mw$/$@$5$$!#$3$l$O!"(BWindows Update $B$GG[I[$5$l$k99?7%W%m%0%i%`(B $B%Q%C%1!<%8$N%$%s%9%H!<%k(B $B%m%8%C%/$N$_$NJQ99$G!"%;%-%e%j%F%#99?7%W%m%0%i%`$N%P%$%J%j$^$?$O(B Windows Update $B$N8!=P%m%8%C%/$KBP$9$kJQ99$O$"$j$^$;$s!#%^%$%/%m%=%U%H(B $B%@%&%s%m!<%I(B $B%;%s%?!<$h$jDs6!$7$F$$$k%;%-%e%j%F%#99?7%W%m%0%i%`$K$OJQ99$O$J$/!"$3$N?7$?$J%Q%C%1!<%8(B $B%$%s%9%H!<%k(B $B%m%8%C%/$O4^$^$l$F$$$^$;$s!#$9$G$K%7%9%F%`$r99?7:Q$_$N$*5RMM!"<+F099?7$rM-8z$K$7$F$$$k$*5RMM$OFCJL$JAl9g$O!"$G$-$k8B$jAa$$;~4|$K$3$N%;%-%e%j%F%#99?7%W%m%0%i%`$rE,MQ$9$k$3$H$r8!F$$7$F$/$@$5$$!#(B

$B!!(BHow to determine whether a computer is compatible with security update 977165 (Microsoft KB 980966) $B$b;2>H!#(Bpatch $B$rE,MQ$G$-$k$+H]$+$rH=CG$9$k$?$a$N(B Microsoft Fix it $B$d!"%A%'%C%/%D!<%k(B MpSysChk.exe $B$,8x3+$5$l$F$$$k!#(B

$B"#(B 2010.03.02

$B"#(B $B%^%$%/%m%=%U%H(B $B%;%-%e%j%F%#(B $B%"%I%P%$%6%j(B (981169) VBScript $B$N@H
(Microsoft, 2010.03.02)

$B!!(BWindows 2000 / XP / Server 2003 $B$K7g4Y!#!V(BInternet Explorer $B$r;HMQ$9$k:]$N!"(BVBScript $B$H(B Windows Help $B%U%!%$%k$NAj8_:nMQ$NJ}K!!W$K7g4Y$,$"$j!"96N,(B Web $B%Z!<%8$r;H$C$FG$0U$N%3!<%I$rCVE-2010-0483$B!#(B $B$3$N7o(B:

$B!!J#?t$N2sHrJ}K!$,5-$5$l$F$$$k$1$I!"$U$D$&$N?M$,

echo Y | cacls "%windir%\winhlp32.exe" /E /P everyone:N

$B!!La$9$H$-$O(B:

echo Y | cacls "%windir%\winhlp32.exe" /E /R everyone

$B!!!V(BIE $B$r;H$o$J$$!W$b?d>)$@$1$I!"2sHr$7$-$l$J$$>l9g$,$"$k$@$m$&$7!D!D!#(B $B$"!"!V(BWindows XP $B%9%F!W$b?d>)$G$-$^$9$M!#(B

2010.03.11 $BDI5-(B:

$B!!(BIE$B$K$*$1$k(BVBScript $B$H(B Windows Help $B%U%!%$%k$N(B $BAj8_:nMQ$NJ}K!$KB8:_$9$k@HZ%l%]!<%H!J(B2010.03.05$BDI5-!K(B (NTT $B%G!<%?%;%-%e%j%F%#(B, 2010.03.05)

$B"#(B $B$$$m$$$m(B (2010.03.02)
(various)

$B"#(B $BDI5-(B

$B$$$m$$$m(B (2010.02.15)

$B!!(BAPSB10-05: Security update available for BlazeDS (Adobe, 2010.02.11) $B$NF|K\8lHG(B: APSB10-05: BlazeDS$BMQ%;%-%e%j%F%#%"%C%W%G!<%H8x3+(B (Adobe)

Firefox 3.5.8 / 3.0.18$B!"(BSeaMonkey 2.0.3 $B%j%j!<%9(B

$B!!(BThunderbird 3.0.2 $B=P$^$7$?!#(B $B%j%j!<%9%N!<%H(B$B!#9b66$5$s>pJs$"$j$,$H$&$4$6$$$^$9!#(B

$B"#(B 2010.03.01

$B2a5n$N5-;v(B: 2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 | 2003 | 2002 | 2001 | 2000 | 1999 | 1998

[$B%;%-%e%j%F%#%[!<%k(B memo]
[$B;d$K$D$$$F(B]