セキュリティホール情報<2003/03/05-1> | ScanNetSecurity
2021.03.05(金)

セキュリティホール情報<2003/03/05-1>

告知:  SCAN シリーズ まるとく・セキュリティ商品 4大キャンペーン!3月末まで!    http://shop.vagabond.co.jp/campaign/  『Scan Security Management』 創刊!    http://shop.vagabond.co.jp/m-ssm01.shtm

脆弱性と脅威 セキュリティホール・脆弱性
告知:
 SCAN シリーズ まるとく・セキュリティ商品 4大キャンペーン!3月末まで!
  http://shop.vagabond.co.jp/campaign/
 『Scan Security Management』 創刊!
  http://shop.vagabond.co.jp/m-ssm01.shtm


<プラットフォーム共通>
▽ sendmail
 sendmailのメールヘッダーにバッファオーバーフローの脆弱性が発見された。この問題を利用することにより、攻撃メールを転送させるなどの攻撃が可能となる。 [更新]

□ 関連情報:

 SENDMAIL.ORG
 Sendmail 8.12.8
 http://www.sendmail.org/8.12.8.html

 Sendmail セキュリティアラート
 http://www.sendmail.com/jp/security/

 Internet Security Systems Security Advisory
 Remote Sendmail Header Processing Vulnerability
 http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950

 CERT 2003/03/04 更新
 Vulnerability Note VU#398025
 Remote Buffer Overflow in Sendmail
 http://www.kb.cert.org/vuls/id/398025

 CERT Advisory
 CA-2003-07 Remote Buffer Overflow in Sendmail
 http://www.cert.org/advisories/CA-2003-07.html

 CIAC
 N-048: Sendmail MTA Vulnerability
 http://www.ciac.org/ciac/bulletins/n-048.shtml

 CVE (Common Vulnerabilities and Exposures)
 CAN-2002-1337
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337

 ISS X-Force Database
 sendmail-header-processing-bo (10748) Sendmail mail header processing buffer overflow
 http://www.iss.net/security_center/static/10748.php

 IPA
 Sendmail における深刻なセキュリティ脆弱性について
 http://www.ipa.go.jp/security/ciadr/20030303sendmail.html

 Free Sun Alert Notifications
 sendmail(1M) Parses Headers Incorrectly in Certain Corner Cases
 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F51181&zone_32=category%3Asecurity

 SuSE Security Announcement
 SuSE-SA:2003:013 sendmail-tls
 http://lists2.suse.com/archive/suse-security-announce/2003-Mar/0001.html

 Apple Security Advisory
 APPLE-SA-2003-03-03 sendmail
 http://lists.apple.com/archives/security-announce/2003/Mar/03/applesa20030303sendmail.txt

 CERT/CC Vulnerability Note
 IBM Information for VU#398025
 http://www.kb.cert.org/vuls/id/JPLA-5K6Q2Z

 SGI Security Advisory
 20030301-01-P Mail Header Buffer Overflow In Sendmail
 ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P

 Internet Security Systems セキュリティ アラート
 「Sendmailのヘッダー処理に対する脆弱性」
 http://www.isskk.co.jp/support/techinfo/general/SendmailHeader_xforce.html

 FreeBSD Security Advisory
 FreeBSD-SA-03:04.sendmail
 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch

 OpenBSD
 022: SECURITY FIX: March 3, 2003
 A source code patch exists which remedies the problem.
 http://www.openbsd.org/errata31.html#sendmail

 Red Hat Linux Security Advisory
 RHSA-2003:073-06 Updated sendmail packages fix critical security issues
 http://rhn.redhat.com/errata/RHSA-2003-073.html

 Red Hat Linux Security Advisory
 RHSA-2003:074-06 Updated sendmail packages fix critical security issue
 https://rhn.redhat.com/errata/RHSA-2003-074.html

 MandrakeSoft Security Advisory
 MDKSA-2003:028 : sendmail
 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:028

 SecurityFocus
 [RHSA-2003:073-06] Updated sendmail packages fix critical security issues
 http://www.securityfocus.com/archive/1/313632/2003-03-01/2003-03-07/0

 SecurityFocus
 endmail 8.12.8 available
 http://www.securityfocus.com/archive/1/313631/2003-03-01/2003-03-07/0

 SecurityFocus
 Mail Header Buffer Overflow In Sendmail
 http://www.securityfocus.com/archive/1/313624/2003-03-01/2003-03-07/0

 SecurityFocus
 FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail
 http://www.securityfocus.com/archive/1/313649/2003-03-01/2003-03-07/0

 SecurityFocus
 Sendmail buffer overflow vulnerability in AIX.
 http://www.securityfocus.com/archive/1/313637/2003-03-01/2003-03-07/0

 SecurityFocus
 SuSE Security Announcement: sendmail (SuSE-SA:2003:013)
 http://www.securityfocus.com/archive/1/313688/2003-03-01/2003-03-07/0

 SecurityFocus
 MDKSA-2003:028 - Updated sendmail packages fix remotely exploitable buffer overflow vulnerability
 http://www.securityfocus.com/archive/1/313690/2003-03-01/2003-03-07/0

 SecurityFocus
 [CLA-2003:571] Conectiva Linux Security Announcement - sendmail
 http://www.securityfocus.com/archive/1/313719/2003-03-01/2003-03-07/0

 Internet Security Systems セキュリティ アラート 2003/03/05 追加
 Sendmailのヘッダー処理に対する脆弱性
 http://www.isskk.co.jp/support/techinfo/general/SendmailHeader_xforce.html

 JPCERT/CC Alert 2003/03/05 追加
 endmail の脆弱性に関する注意喚起
 http://www.jpcert.or.jp/at/2003/at030002.txt

 Vendor Status Note JVNCA-2003-07
 Sendmail に遠隔から攻略可能な脆弱性
 http://jvn.doi.ics.keio.ac.jp/vn/JVNCA-2003-07.html

 IBM 2003/03/05 追加
 IBM Information for VU#398025
 ftp://ftp.software.ibm.com/aix/efixes/security/sendmail_efix.tar.Z

 SGI Security Advisory 2003/03/05 追加
 20030301-01-P Mail Header Buffer Overflow In Sendmail
 ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P

 Free Sun Alert Notifications 2003/03/05 追加
 sendmail(1M) Parses Headers Incorrectly in Certain Corner Cases
 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F51181

 OpenBSD 3.2 errata 2003/03/05 追加
 009: セキュリティのための修正
 http://www.openbsd.org/ja/errata.html#sendmail

 FreeBSD Security Advisory 2003/03/05 追加
 sendmail header parsing buffer overflow
 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc

 NetBSD Security Advisory 2003/03/05 追加
 Malformed header Sendmail Vulnerability
 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc

 Red Hat Linux Security Advisory 2003/03/05 追加
 RHSA-2003:073-06 sendmailパッケージのアップデート
 http://www.redhat.co.jp/support/errata/RHSA/RHSA-2003-073J.html

 Turbolinux Security Advisory 2003/03/05 追加
 TLSA-2003-13 sendmail のヘッダー処理に対する脆弱性
 http://www.turbolinux.co.jp/security/TLSA-2003-13j.txt

 SuSE Security Announcement 2003/03/05 追加
 sendmail, sendmail-tls: local privilege escalation
 http://www.suse.de/de/security/2003_13_sendmail.html

 アップル 2003/03/05 追加
 Security Update 2003-03-03
 http://www.apple.co.jp/ftp-info/reference/security_update_2003-03-03.html

 SecuriTeam.com 2003/03/05 追加
 Remote Sendmail Header Processing Vulnerability
 http://www.securiteam.com/securitynews/5SP02159FC.html

 SecurityFocus 2003/03/05 追加
 GLSA: sendmail (200303-4)
 http://www.securityfocus.com/archive/1/313762/2003-03-01/2003-03-07/0

 SecurityFocus 2003/03/05 追加
 [SECURITY] [DSA-257-1] sendmail remote exploit
 http://www.securityfocus.com/archive/1/313763/2003-03-01/2003-03-07/0

 SecurityFocus 2003/03/05 追加
 HP-UX security bulletins digest [Fwd/sendmail issue]
 http://www.securityfocus.com/archive/1/313788/2003-03-01/2003-03-07/0

 SecurityFocus 2003/03/05 追加
 [OpenPKG-SA-2003.016] OpenPKG Security Advisory (sendmail)
 http://www.securityfocus.com/archive/1/313875/2003-03-01/2003-03-07/0

 LinuxSecurity 2003/03/05 追加
 SuSE: sendmail/sendmail-tls Remote vulnerability
 http://www.linuxsecurity.com/advisories/suse_advisory-2915.html

 LinuxSecurity 2003/03/05 追加
 Mandrake: sendmail Remote vulnerability
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2916.html

 LinuxSecurity 2003/03/05 追加
 Debian: sendmail remote exploit
 http://www.linuxsecurity.com/advisories/debian_advisory-2918.html

 LinuxSecurity 2003/03/05 追加
 FreeBSD: sendmail remote exploit
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2919.html

 LinuxSecurity 2003/03/05 追加
 Gentoo: sendmail remote root exploit
 http://www.linuxsecurity.com/advisories/gentoo_advisory-2920.html

 LinuxSecurity 2003/03/05 追加
 NetBSD: sendmail remote exploit
 http://www.linuxsecurity.com/advisories/netbsd_advisory-2922.html

 LinuxSecurity 2003/03/05 追加
 Slackware: sendmail remote exploit
 http://www.linuxsecurity.com/advisories/slackware_advisory-2923.html

 LinuxSecurity 2003/03/05 追加
 OpenPKG: sendmail remote exploit
 http://www.linuxsecurity.com/advisories/other_advisory-2928.html

 LinuxSecurity 2003/03/05 追加
 FreeBSD: REVISED: sendmail remote exploit
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2930.html

 Debian GNU/Linux ─ Security Information
 DSA-257-1 sendmail ─ remote exploit
 http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00039.html

 SOLARSPEED.NET - Free Sun Cobalt PKG files
 Sendmail "Remote Header Processing Vulnerability" patch (Security upgrade)
 http://www.solarspeed.net/downloads/index.php

 Sun(sm) Alert Notification
 51181 sendmail(1M) Parses Headers Incorrectly in Certain Corner Cases
 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F51181&zone_32=category%3Asecurity

 Tru64 UNIX] V5.1B PK1 BL01 ECO Summary
 SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability
 http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51bb1-c0003900-16874-es-20030211.README

 Tru64 UNIX V5.1A PK4 BL21 ECO Summary
 SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability
 http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51ab21-c0103500-17099-es-20030226.README

 Tru64 UNIX V5.1A PK3 BL03 ECO Summary
 SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability
 http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51ab3-c0101900-16876-es-20030211.README

 Tru64 UNIX V5.1 PK6 BL20 ECO Summary
 SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability
 http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51b20-c0169800-16980-es-20030218.README

 Tru64 UNIX V5.1 PK5 BL19 ECO Summary
 SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability
 http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51b19-c0169100-16882-es-20030211.README

 Tru64 UNIX V5.0A PK3 BL17 ECO Summary
 SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability
 http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v50ab17-c0031300-16884-es-20030211.README

 Tru64 UNIX V4.0G PK3 BL17 ECO Summary
 SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability
 http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v40gb17-c0028100-16887-es-20030211.README

 Tru64 UNIX V4.0F PK7 BL18 ECO Summary
 SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability
 http://ftp.support.compaq.com/patches/public/Readmes/unix/duv40fb18-c0092200-16888-es-20030211.README

 MIRACLE LINUX CORPORATION セキュリティ情報
 セキュリティ問題に対応したパッケージ
 http://www.miraclelinux.com/security/index.html

 CTC セキュリティ情報
 0001-46 sendmailのセキュリティ脆弱性
 http://www.ctc-g.co.jp/security/0001-46.html

▽ Snort
 SnortのRPCプロセッサにバッファオーバーフローの脆弱性が発見された。この問題を利用することにより、リモートの攻撃者が任意のコードを実行させることが可能となる。 [更新]

□ 関連情報:

 Snort.org
 Snort 1.9.1 released, fixes vulnerability in rpc decoder
 http://www.snort.org/

 CERT
 Vulnerability Note VU#916785
 Snort RPC preprocessing buffer overflow when decoding fragmented RPC records
 http://www.kb.cert.org/vuls/id/916785

 Internet Security Systems Security Advisory
 Snort RPC Preprocessing Vulnerability
 http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951

 CIAC
 N-049: Snort RPC Preprocessing Vulnerability
 http://www.ciac.org/ciac/bulletins/n-049.shtml

 SecurityFocus
 Snort RPC Vulnerability (fwd)
 http://www.securityfocus.com/archive/1/313689/2003-03-01/2003-03-07/0

 SecurityFocus
 [Snort-2003-001] Buffer overflow in Snort RPC preprocessor (fwd)
 http://www.securityfocus.com/archive/1/313722/2003-03-01/2003-03-07/0

 IPA 2003/03/05 追加
 Snort にバッファオーバーフローの脆弱性(CIAC N-049)
 http://www.ipa.go.jp/security/

 Internet Security Systems Security Advisory 2003/03/05 追加
 Snort RPC Preprocessing Vulnerability
 http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951

 ISS X-Force Database
 snort-rpc-fragment-bo (10956) Snort fragmented RPC preprocessor buffer overflow
 http://www.iss.net/security_center/static/10956.php

 Internet Security Systems セキュリティ アドバイザリ
 2003/03/05 追加
 「Snort での RPC プリプロッセッシングの脆弱点」
 http://www.isskk.co.jp/support/techinfo/general/SnortRPC_xforce.html

 CVE 2003/03/05 追加
 CAN-2003-0033
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0033

 LinuxSecurity 2003/03/05 追加
 Snort: buffer overflow vulnerability
 http://www.linuxsecurity.com/advisories/other_advisory-2924.html

▽ OpenSSL
 OpenSSLのSSL/TLSに対するタイミングに関する攻撃が可能になる問題が発見された。この問題により、攻撃者が接続時のデータ認証のタイミングを測定することなどが可能となる。 [更新]

□ 関連情報:

 SecurityFocus
 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
 http://online.securityfocus.com/archive/1/312364/2003-02-17/2003-02-23/0

 SecurityFocus
 OpenSSL 0.9.7a and 0.9.6i released
 http://online.securityfocus.com/archive/1/312333/2003-02-17/2003-02-23/0

 OpenSSL Security Advisory
 Timing-based attacks on SSL/TLS with CBC encryption
 http://www.openssl.org/news/secadv_20030219.txt

 LASEC
 Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC,WTLS...
 http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Vau02a

 CVE (Common Vulnerabilities and Exposures)
 CAN-2003-0078
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078

 SecurityFocus 2003/02/21 追加
 [ESA-20030220-005] OpenSSL timing-based attack vulnerability
 http://online.securityfocus.com/archive/1/312503/2003-02-18/2003-02-24/0

 SecurityFocus 2003/02/21 追加
 GLSA: openssl (200302-10)
 http://online.securityfocus.com/archive/1/312562/2003-02-18/2003-02-24/0

 LinuxSecurity 2003/02/21 追加
 Gentoo: openssl timing based attack vulnerability
 http://www.linuxsecurity.com/advisories/gentoo_advisory-2875.html

 LinuxSecurity 2003/02/21 追加
 EnGarde: OpenSSL timing-based attack vulnerability
 http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html

 Security Bugware 2003/02/21 追加
 openssl timming attack to obtain plaintext of SSL/TLS
 communication
 http://www.securitybugware.org/Other/6003.html

 ISS X-Force Database 2003/02/21 追加
 ssl-cbc-information-leak (11369) Multiple SSL/TLS implementation
 CBC ciphersuites information leak
 http://www.iss.net/security_center/static/11369.php

 MandrakeSoft Security Advisory 2003/02/22 追加
 MDKSA-2003:020 openssl
 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:020

 ecurityTracker.com Archives 2003/02/22 追加
 Alert ID:1006132 OpenSSL Flaw in Processing Padding Errors May LetRemote Users Obtain Certain Plaintext Information
 http://www.securitytracker.com/alerts/2003/Feb/1006132.html

 SecurityFocus 2003/02/24 追加
 TSLSA-2003-0005 - openssl
 http://online.securityfocus.com/archive/1/312755/2003-02-20/2003-02-26/0

 SecurityFocus 2003/02/24 追加
 MDKSA-2003:020 - Updated openssl packages fix timing-based attack vulnerability
 http://online.securityfocus.com/archive/1/312756/2003-02-20/2003-02-26/0

 LinuxSecurity 2003/02/24 追加
 Trustix: openssl block cipher padding vulnerability
 http://www.linuxsecurity.com/advisories/trustix_advisory-2885.html

 OpenBSD Security Advisory 2003/02/24 追加
 007: SECURITY FIX: February 22, 2003
 http://www.jp.openbsd.org/errata.html#ssl

 OpenBSD Security Advisory 2003/02/24 追加
 021: SECURITY FIX: February 23, 2003
 http://www.jp.openbsd.org/errata31.html#ssl2

 FreeBSD Security Advisory 2003/02/25 追加
 FreeBSD-SA-03:02 openssl OpenSSL timing-based SSL/TLS attack
 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc

 Debian GNU/Linux ─ Security Information 2003/02/25 追加
 DSA-253-1 openssl ─ information leak
 http://www.debian.org/security/2003/dsa-253

 SecurityFocus 2003/02/25 追加
 [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
 http://online.securityfocus.com/archive/1/312986/2003-02-22/2003-02-28/0

 SecurityFocus 2003/02/25 追加
 [CLA-2003:570] Conectiva Linux Security Announcement - openssl
 http://online.securityfocus.com/archive/1/312999/2003-02-22/2003-02-28/0

 LinuxSecurity 2003/02/25 追加
 Debian: openssl Information leak
 ttp://www.linuxsecurity.com/advisories/debian_advisory-2887.html

 FreeBSD Security Advisory 2003/02/26 追加
 FreeBSD-SA-03:02 openssl [REVISED] OpenSSL timing-based SSL/TLS attack
 http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1104

 LinuxSecurity 2003/02/26 追加
 FreeBSD: openssl information leak
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2897.html

 LinuxSecurity 2003/02/26 追加
 andrake: openssl information leak
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2896.html

 LinuxSecurity 2003/02/26 追加
 Connectiva: openssl information leak
 http://www.linuxsecurity.com/advisories/connectiva_advisory-2893.html

 SuSE Security Announcement 2003/02/27 追加
 openssl: remote attack on encryption
 http://www.suse.de/de/security/2003_011_openssl.html

 SecurityFocus 2003/02/27 追加
 SuSE Security Announcement: openssl (SuSE-SA:2003:011)
 http://online.securityfocus.com/archive/1/313229/2003-02-24/2003-03-02/0

 LinuxSecurity 2003/02/27 追加
 FreeBSD: REVISED: openssl information leak
 http://www.linuxsecurity.com/advisories/freebsd_advisory-2903.html

 Turbolinux Security Center 2003/02/28 追加
 TLSA-2003-10 oepnssl Timing-based attacks on SSL/TLS with CBC encryption
 http://www.turbolinux.com/security/TLSA-2003-10.txt

 Turbolinux Japan Security Center 2003/02/28 追加
 TLSA-2003-10 oepnssl SSL/TLS の CBC 暗号化方式に対するタイミングベースの攻撃
 http://www.turbolinux.co.jp/security/TLSA-2003-10j.txt

 LinuxSecurty 2003/02/28 追加
 SuSe: openssl information leak
 http://www.linuxsecurity.com/advisories/suse_advisory-2904.html

 NetBSD Security Advisory 2003/03/04 追加
 NetBSD-SA2003-001 Encryption weakness in OpenSSL code
 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc

 LinuxSecurity 2003/03/05 追加
 NetBSD: OpenSSL timing-based attack vulnerability
 http://www.linuxsecurity.com/advisories/netbsd_advisory-2921.html

▽ ISC BIND
 BIND のオプションである recursion が原因で、複数のセキュリティホールが存在する。この問題を利用することにより、リモートから任意のコーを実行されたり DoS 攻撃を受ける可能性がある。 [更新]

□ 関連情報:

 Internet Software Consortium
 BIND Vulnerabilities
 http://www.isc.org/products/BIND/bind-security.html

 Internet Security Systems Security Advisory
 Multiple Remote Vulnerabilities in BIND4 and BIND8
 http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469

 Internet Security Systems セキュリティ アドバイザリ
 BIND4 および BIND8 でのリモートで利用可能な複数の脆弱点
 http://www.isskk.co.jp/support/techinfo/general/BIND4and8_xforce.html

 CIAC (Computer Incident Advisory Capability)
 N-013: ISCRemote Vulnerabilities in BIND4 and BIND8
 http://www.ciac.org/ciac/bulletins/n-013.shtml

 CVE (Common Vulnerabilities and Exposures)
 CAN-2002-1219
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219

 CVE (Common Vulnerabilities and Exposures)
 CAN-2002-1220
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220

 CVE (Common Vulnerabilities and Exposures)
 CAN-2002-1221
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221

 LinuxSecurity.com
 RedHat: Alert: BIND 4/8 Vulnerabilities
 http://www.linuxsecurity.com/advisories/redhat_advisory-2559.html

 IPA
 BIND4及びBIND8に複数の脆弱性
 http://www.ipa.go.jp/security/news/news.html

 ERT/CC Vulnerability Note 2002/11/15 更新
 VU#844360 Domain Name System (DNS) stub resolver libraries vulnerable to buffer overflows via network name or address lookups
 http://www.kb.cert.org/vuls/id/844360

 CERT/CC Vulnerability Note 2002/11/21 更新
 VU#229595 ISC BIND 8 fails to properly handle DNS lookups for non-existent sub-domains when overly large OPT resource records are appen ded to a query
 http://www.kb.cert.org/vuls/id/229595

 CERT/CC Vulnerability Note 2002/12/03 更新
 VU#852283 Remotely exploitable buffer overflow in the named process
 http://www.kb.cert.org/vuls/id/852283

 CERT/CC Vulnerability Note 2002/12/02 更新
 VU#581682 ISC BIND 8 fails to properly dereference cache SIG RR elements with invalid expiry times from the internal database
 http://www.kb.cert.org/vuls/id/581682

 CERT/CC (CERT Coordination Center) 2002/11/15 追加
 CA-2002-31 Multiple Vulnerabilities in BIND
 http://www.cert.org/advisories/CA-2002-31.html

 SuSE Security Announcement 2002/11/15 追加
 SuSE-SA:2002:044 bind8
 http://www.suse.de/de/security/2002_004_bind8.html

 SecurityFocus 2002/11/15 追加
 FreeBSD Security Advisory FreeBSD-SA-02:43.bind
 http://online.securityfocus.com/archive/1/299804/2002-11-12/2002-11-18/0

 SecurityFocus 2002/11/15 追加
 SuSE Security Announcement: Multiple vulnerabilities in BIND8 (SuSE-SA:2002:044)
 http://online.securityfocus.com/archive/1/299801/2002-11-12/2002-11-18/0

 LinuxSecurity 2002/11/15 追加
 Debian: bind multiple vulnerabilities
 http://www.linuxsecurity.com/advisories/debian_advisory-2569.html

 LinuxSecurity 2002/11/15 追加
 Connectiva: bind multiple vulnerabilities
 http://www.linuxsecurity.com/advisories/other_advisory-2570.html

 LinuxSecurity 2002/11/15 追加
 Mandrake: bind multiple vulnerabilities
 http://www.linuxsecurity.com/advisories/mandrake_advisory-2572.html

 FreeBSD Security Advisory 2002/11/18 追加
 FreeBSD-SA-02:43.bind multiple vulnerabilities in BIND
 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:43.bind.asc

 Debian GNU/Linux ─ Security Information 2002/11/18 追加
 DSA-196-1 bind ─ several
 http://lists.debian.org/debian-security-announce/debian-security-announce-2002/msg00120.html

 MandrakeSoft Security Advisory 2002/11/18 追加
 MDKSA-2002:077 bind
 http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-077.php?dis=7.2

 Vine Linux errata 2002/11/18 追加
 bind にセキュリティホール
 http://www.vinelinux.org/errata/25x/20021115-1.html

 OpenBSD Security Advisory 2002/11/18 追加
 005: SECURITY FIX: November 14, 2002
 http://www.openbsd.org/errata.html#named

 OpenBSD Security Advisory 2002/11/18 追加
 019: SECURITY FIX: November 14, 2002
 http://www.openbsd.org/errata31.html#named

 OpenBSD Security Advisory 2002/11/18 追加
 036: SECURITY FIX: November 14, 2002
 http://www.openbsd.org/errata30.html#named

 SecurityFocus 2002/11/18 追加
 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
 http://online.securityfocus.com/archive/1/300019/2002-11-14/2002-11-20/0

 Vine Linux errata [2.1.x] 2002/11/19 追加
 bind にセキュリティホール
 http://www.vinelinux.org/errata/2x/20021117-2.html

 ISS X-Force Database 2002/11/20 追加
 bind-sig-rr-bo (10304)
 ISC BIND SIG cached resource records (RR) heap buffer overflow
 http://www.iss.net/security_center/static/10304.php

 ISS X-Force Database 2002/11/20 追加
 bind-opt-rr-dos (10332)
 ISC BIND OPT resource record (RR) denial of service
 http://www.iss.net/security_center/static/10332.php

 ISS X-Force Database 2002/11/20 追加
 bind-null-dereference-dos (10333)
 ISC BIND SIG null pointer dereference denial of service
 http://www.iss.net/security_center/static/10333.php

 ISS X-Force Database 2002/11/20 追加
 bind-dns-libresolv-bo (10624)
 ISC BIND DNS stub resolver library (libresolv.a) stack buffer overflows
 http://www.iss.net/security_center/static/10624.php

 Turbolinux Japan Security Center 2002/11/20 追加
 bind 3つのセキュリティ上の問題
 http://www.turbolinux.co.jp/security/bind-8.2.6-2.html

 NetBSD Security Advisory 2002/11/21 追加
 NetBSD-SA2002-028 Buffer overrun in getnetbyname/getnetbyaddr
 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-028.txt.asc

 NetBSD Security Advisory 2002/11/21 追加
 NetBSD-SA2002-029 named(8) multiple denial of service and remote execution of code
 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-029.txt.asc

 CVE (Common Vulnerabilities and Exposures) 2002/11/21 追加
 CAN-2002-0029
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0029

 Apple Security Advisory 2002/11/25 追加
 Security Update 2002-11-21 is available
 http://lists.apple.com/mhonarc/security-announce/msg00020.html

 SecuriTeam.com 2002/11/27 追加
 Vulnerability in Requests Control of BIND Versions 4 and 8 Allows DNS Spoofing
 http://www.securiteam.com/unixfocus/6N00O2060K.html

 SecurtyFocus 2002/12/05 追加
 Multiple Vulnerabilities in BIND Name Service Daemon on IRIX
 http://online.securityfocus.com/archive/1/302120/2002-12-02/2002-12-08/0

 SCO Security Advisory 2002/12/06 追加
 CSSA-2002-054.0 Linux: exploitable memory leak in ypserv
 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2002-054.0.txt

 SecurtyFocus 2002/12/06 追加
 BIND Name Server DNS Spoofing Vulnerability on IRIX
 http://online.securityfocus.com/archive/1/302208/2002-12-02/2002-12-08/0

 LinuxSecurty
 Caldera: bind multiple vulnerabilities
 http://www.linuxsecurity.com/advisories/caldera_advisory-2691.html

 SecurtyFocus 2003/01/16 追加
 Security Update: [CSSA-2003-SCO.2] UnixWare 7.1.1 : multiple vulnerabilities in BIND (CERT CA-2002-31)
 http://online.securityfocus.com/archive/1/306750/2003-01-13/2003-01-19/0

 Free Sun Alert Notifications 2003/02/05 追加
 Security vulnerabilities in BIND and libresolv (CERT CA-2002-31)
 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818&zone_32=category%3Asecurity

 Sun(sm) Alert Notification 2003/03/04 更新
 48818 Security vulnerabilities in BIND and libresolv (CERT CA-2002-31)
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0029

▽ FTP clients
 FTP clientsのファイル名の取り扱い時「|」を使用することにより問題が発生する。この問題を利用することにより、任意のコードを実行させることが可能となる。[更新]

□ 関連情報:

 CERT
 Vulnerability Note VU#258721 2003/02/03 更新
 Various FTP clients fail to account for pipe (|) characters in default file names
 http://www.kb.cert.org/vuls/id/258721

 SecurityTracker.com Archives
 Alert ID:1006006 Kerberos and Other FTP Clients Allow Malicious
 FTP Servers to Execute Arbitrary Code on the Client
 http://www.securitytracker.com/alerts/2003/Jan/1006006.html

 Red Hat Linux Security Advisory
 RHSA-2003:020-09 Updated kerberos packages fix vulnerability in ftp client
 https://rhn.redhat.com/errata/RHSA-2003-020.html

 CIAC (Computer Incident Advisory Capability) 2003/02/05 追加
 N-036: Updated Kerberos Packages Fix Vulnerability in ftp Client
 http://www.ciac.org/ciac/bulletins/n-036.shtml

 MandrakeSoft Security Advisory 2003/02/22 追加
 MDKSA-2003:021 krb5
 http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:021

 CVE (Common Vulnerabilities and Exposures) 2003/02/22 追加
 CAN-2003-0041
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0041

 SCO Security Advisory 2003/03/04 追加
 CSSA-2003-SCO.3 UnixWare 7.1.1 Open UNIX 8.0.0 UnixWare 7.1.3 :ftp vulnerability with pipe symbols in filenames
 ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.3/CSSA-2003-SCO.3.txt


【更に詳細な情報サービスのお申し込みはこちら
   https://shop.vagabond.co.jp/cgi-bin/mm/p.cgi?sof01_sdx
《ScanNetSecurity》

Scan PREMIUM 会員限定記事

もっと見る

Scan PREMIUM 会員限定記事特集をもっと見る

カテゴリ別新着記事

★★会員限定記事、週 1 回のメルマガ、人気ニュースランキング、特集一覧をお届け…無料会員登録はアドレスのみで所要 1 分程度 ★★
★★会員限定記事、週 1 回のメルマガ、人気ニュースランキング、特集一覧をお届け…無料会員登録はアドレスのみで所要 1 分程度 ★★

登録すれば、記事一覧、人気記事ランキング、BASIC 会員限定記事をすべて閲覧できます。毎週月曜朝には一週間のまとめメルマガをお届けします(BASIC 登録後 PREMIUM にアップグレードすれば全ての限定コンテンツにフルアクセスできます)。

×