告知 ────────────────────────────────最新セキュリティホール、改竄、ウィルス、SecuriTeam情報を毎日お届け! Scan Daily EXpress 法人購読 3月末まで期間限定の割引サービス中 通常 16万円(全セット) を 9万8千円に大幅ディスカウント http://shop.vagabond.co.jp/m-sdx01.shtml━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━下の記事は、Scan Daily EXpress の一部を転載したものです─────────────────────────────────── <プラットフォーム共通> ▽ PHP PHPのPingに、リモートの攻撃者が任意のコードを実行させることのできる脆弱性が発見された。この問題を利用することにより、OS制御などを行うことが可能となる。 SecurityFocus [SCSA-009] Remote Command Execution Vulnerability in PHP Ping http://www.securityfocus.com/archive/1/314129/2003-03-04/2003-03-10/0 Security Bugware PHP Ping Remote Command Execution http://www.securitybugware.org/Other/6044.html ▽ PHP phpMyShopに、リモートから許可なしにシステムにログオンできる脆弱性が発見された。 SecuriTeam.com SQL Injection Vulnerability Found in PHPMyShop http://www.securiteam.com/unixfocus/5KP031F9FC.html ▽ PHP-Nuke PHP-NukeのWebmailモジュールに、セキュリティ上の脆弱性が発見された。この問題を利用することにより、攻撃者がconfig.phpや、ユーザー名やパスワードなどを上書きすることが可能となる。 [更新] SecurityFocus PHP-Nuke : config.php reveled with php uploaded file.(Affect all uploads implementations in phpnuke).SECURING PHP-NUKE. http://www.securityfocus.com/archive/1/313583/2003-02-28/2003-03-06/0 Security Bugware 2003/03/07 追加 PHP-Nuke Serious SQL Injection Security Holes http://www.securitybugware.org/Other/6045.html ▽ Macromedia Flash Player Macromedia Flash Playerにセキュリティ上の脆弱性が発見された。この問題を利用することにより、リモートの攻撃者が任意のコードを実行させることが可能となる。 [更新] Macromedia Security Zone MPSB03-03 Security Patch for Macromedia Flash Player http://www.macromedia.com/devnet/security/security_zone/mpsb03-03.html SecuriTeam.com Critical Security Hole Found in Macromedia Flash Player http://www.securiteam.com/securitynews/5MP051F9FU.html SecurityTracker.com Archives 2003/03/07 追加 Alert ID:1006207 Macromedia Flash Player Has Unspecified Buffer Overflow That May Allow Remote Users to Execute Arbitrary Code http://www.securitytracker.com/alerts/2003/Mar/1006207.html IPA/ISEC 2003/03/07 追加 Macromedia Flash Player に脆弱性 http://www.ipa.go.jp/security/ ▽ Opera Operaにクロスサイトスクリプティングの脆弱性が発見された。この問題を利用することにより、悪意のあるコードを埋め込み実行させることが可能となる。 [更新] SecurityFocus 2003/02/27 追加 Secunia Research: Opera browser Cross Site Scripting http://online.securityfocus.com/archive/1/313216/2003-02-24/2003-03-02/0 Secunia - Secunia Research Opera browser Cross Site Scripting http://www.secunia.com/secunia_research/2003-1/advisory/ SecurityTracker.com Archives Alert ID:1006178 Opera Web Browser Redirection Input Validation Hole Allows Cross-Site Scripting Attacks http://www.securitytracker.com/alerts/2003/Feb/1006178.html ▽ Snort SnortのRPCプロセッサにバッファオーバーフローの脆弱性が発見された。この問題を利用することにより、リモートの攻撃者が任意のコードを実行させることが可能となる。 Snort.org Snort 1.9.1 released, fixes vulnerability in rpc decoder http://www.snort.org/ CERT Vulnerability Note VU#916785 Snort RPC preprocessing buffer overflow when decoding fragmented RPC records http://www.kb.cert.org/vuls/id/916785 Internet Security Systems Security Advisory Snort RPC Preprocessing Vulnerability http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951 CIAC N-049: Snort RPC Preprocessing Vulnerability http://www.ciac.org/ciac/bulletins/n-049.shtml SecurityFocus Snort RPC Vulnerability (fwd) http://www.securityfocus.com/archive/1/313689/2003-03-01/2003-03-07/0 SecurityFocus [Snort-2003-001] Buffer overflow in Snort RPC preprocessor (fwd) http://www.securityfocus.com/archive/1/313722/2003-03-01/2003-03-07/0 IPA 2003/03/05 追加 Snort にバッファオーバーフローの脆弱性(CIAC N-049) http://www.ipa.go.jp/security/ Internet Security Systems Security Advisory 2003/03/05 追加 Snort RPC Preprocessing Vulnerability http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951 Internet Security Systems セキュリティ アドバイザリ 2003/03/05 追加 「Snort での RPC プリプロッセッシングの脆弱点」 http://www.isskk.co.jp/support/techinfo/general/SnortRPC_xforce.html CVE 2003/03/05 追加 CAN-2003-0033 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0033 LinuxSecurity 2003/03/05 追加 Snort: buffer overflow vulnerability http://www.linuxsecurity.com/advisories/other_advisory-2924.html MandrakeSoft Security Advisory 2003/03/06 追加 MDKSA-2003:029 : snort http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:029 SecurityFocus 2003/03/07 追加 GLSA: snort (200303-6) http://www.securityfocus.com/archive/1/314121/2003-03-04/2003-03-10/0 LinuxSecurity 2003/03/07 追加 Gentoo: snort buffer overflow vulnerability http://www.linuxsecurity.com/advisories/gentoo_advisory-2936.html ▽ OpenSSL OpenSSLのSSL/TLSに対するタイミングに関する攻撃が可能になる問題が発見された。この問題により、攻撃者が接続時のデータ認証のタイミングを測定することなどが可能となる。 [更新] □ 関連情報: SecurityFocus [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl) http://online.securityfocus.com/archive/1/312364/2003-02-17/2003-02-23/0 SecurityFocus OpenSSL 0.9.7a and 0.9.6i released http://online.securityfocus.com/archive/1/312333/2003-02-17/2003-02-23/0 OpenSSL Security Advisory Timing-based attacks on SSL/TLS with CBC encryption http://www.openssl.org/news/secadv_20030219.txt LASEC Security Flaws Induced by CBC Padding - Applications to SSL, IPSEC,WTLS... http://lasecwww.epfl.ch/php_code/publications/search.php?ref=Vau02a CVE (Common Vulnerabilities and Exposures) CAN-2003-0078 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078 SecurityFocus 2003/02/21 追加 [ESA-20030220-005] OpenSSL timing-based attack vulnerability http://online.securityfocus.com/archive/1/312503/2003-02-18/2003-02-24/0 SecurityFocus 2003/02/21 追加 GLSA: openssl (200302-10) http://online.securityfocus.com/archive/1/312562/2003-02-18/2003-02-24/0 LinuxSecurity 2003/02/21 追加 Gentoo: openssl timing based attack vulnerability http://www.linuxsecurity.com/advisories/gentoo_advisory-2875.html LinuxSecurity 2003/02/21 追加 EnGarde: OpenSSL timing-based attack vulnerability http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html Security Bugware 2003/02/21 追加 openssl timming attack to obtain plaintext of SSL/TLS communication http://www.securitybugware.org/Other/6003.html ISS X-Force Database 2003/02/21 追加 ssl-cbc-information-leak (11369) Multiple SSL/TLS implementation CBC ciphersuites information leak http://www.iss.net/security_center/static/11369.php MandrakeSoft Security Advisory 2003/02/22 追加 MDKSA-2003:020 openssl http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:020 SecurityTracker.com Archives 2003/02/22 追加 Alert ID:1006132 OpenSSL Flaw in Processing Padding Errors May LetRemote Users Obtain Certain Plaintext Information http://www.securitytracker.com/alerts/2003/Feb/1006132.html SecurityFocus 2003/02/24 追加 TSLSA-2003-0005 - openssl http://online.securityfocus.com/archive/1/312755/2003-02-20/2003-02-26/0 SecurityFocus 2003/02/24 追加 MDKSA-2003:020 - Updated openssl packages fix timing-based attack vulnerability http://online.securityfocus.com/archive/1/312756/2003-02-20/2003-02-26/0 LinuxSecurity 2003/02/24 追加 Trustix: openssl block cipher padding vulnerability http://www.linuxsecurity.com/advisories/trustix_advisory-2885.html OpenBSD Security Advisory 2003/02/24 追加 007: SECURITY FIX: February 22, 2003 http://www.jp.openbsd.org/errata.html#ssl OpenBSD Security Advisory 2003/02/24 追加 021: SECURITY FIX: February 23, 2003 http://www.jp.openbsd.org/errata31.html#ssl2 FreeBSD Security Advisory 2003/02/25 追加 FreeBSD-SA-03:02 openssl OpenSSL timing-based SSL/TLS attack ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:02.openssl.asc Debian GNU/Linux ─ Security Information 2003/02/25 追加 DSA-253-1 openssl ─ information leak http://www.debian.org/security/2003/dsa-253 SecurityFocus 2003/02/25 追加 [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability http://online.securityfocus.com/archive/1/312986/2003-02-22/2003-02-28/0 SecurityFocus 2003/02/25 追加 [CLA-2003:570] Conectiva Linux Security Announcement - openssl http://online.securityfocus.com/archive/1/312999/2003-02-22/2003-02-28/0 LinuxSecurity 2003/02/25 追加 Debian: openssl Information leak http://www.linuxsecurity.com/advisories/debian_advisory-2887.html FreeBSD Security Advisory 2003/02/26 追加 FreeBSD-SA-03:02 openssl [REVISED] OpenSSL timing-based SSL/TLS attack http://home.jp.freebsd.org/cgi-bin/showmail/announce-jp/1104 LinuxSecurity 2003/02/26 追加 FreeBSD: openssl information leak http://www.linuxsecurity.com/advisories/freebsd_advisory-2897.html LinuxSecurity 2003/02/26 追加 Mandrake: openssl information leak http://www.linuxsecurity.com/advisories/mandrake_advisory-2896.html LinuxSecurity 2003/02/26 追加 Connectiva: openssl information leak http://www.linuxsecurity.com/advisories/connectiva_advisory-2893.html SuSE Security Announcement 2003/02/27 追加 openssl: remote attack on encryption http://www.suse.de/de/security/2003_011_openssl.html SecurityFocus 2003/02/27 追加 SuSE Security Announcement: openssl (SuSE-SA:2003:011) http://online.securityfocus.com/archive/1/313229/2003-02-24/2003-03-02/0 LinuxSecurity 2003/02/27 追加 FreeBSD: REVISED: openssl information leak http://www.linuxsecurity.com/advisories/freebsd_advisory-2903.html urbolinux Security Center 2003/02/28 追加 TLSA-2003-10 oepnssl Timing-based attacks on SSL/TLS with CBC encryption http://www.turbolinux.com/security/TLSA-2003-10.txt Turbolinux Japan Security Center 2003/02/28 追加 TLSA-2003-10 oepnssl SSL/TLS の CBC 暗号化方式に対するタイミングベースの攻撃 http://www.turbolinux.co.jp/security/TLSA-2003-10j.txt LinuxSecurty 2003/02/28 追加 SuSe: openssl information leak http://www.linuxsecurity.com/advisories/suse_advisory-2904.html NetBSD Security Advisory 2003/03/04 追加 NetBSD-SA2003-001 Encryption weakness in OpenSSL code ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc LinuxSecurity 2003/03/05 追加 NetBSD: OpenSSL timing-based attack vulnerability http://www.linuxsecurity.com/advisories/netbsd_advisory-2921.html Apple Security Advisory 2003/03/05 追加 APPLE-SA-2003-03-03 sendmail http://lists.apple.com/archives/security-announce/2003/Mar/03/applesa20030303sendmail.txt MARC: msg 2003/03/06 追加 Internet Software Consortium Security Advisory: 5 March 2003 http://marc.theaimsgroup.com/?l=bind-announce&m=104692041818694&w=2 Red Hat Linux Security Advisory 2003/03/07 追加 RHSA-2003:062-11 Updated OpenSSL packages fix timing attack http://rhn.redhat.com/errata/RHSA-2003-062.html SecurityFocus 2003/03/07 追加 [RHSA-2003:062-11] Updated OpenSSL packages fix timing attack http://www.securityfocus.com/archive/1/314107/2003-03-04/2003-03-10/0 LinuxSecurity 2003/03/07 追加 RedHat: OpenSSL timing-based attack vulnerability http://www.linuxsecurity.com/advisories/redhat_advisory-2939.html ▽ Macromedia Flash Player───────────────────── Macromedia Flash Playerにセキュリティ上の脆弱性が発見された。この問題を利用することにより、リモートの攻撃者が任意のコードを実行させることが可能となる。 Macromedia Security Zone MPSB03-03 Security Patch for Macromedia Flash Player http://www.macromedia.com/devnet/security/security_zone/mpsb03-03.html SecuriTeam.com Critical Security Hole Found in Macromedia Flash Player http://www.securiteam.com/securitynews/5MP051F9FU.html IPA 2003/03/07 追加 Macromedia Flash Player に脆弱性 http://www.ipa.go.jp/security/ ▽ sendmail sendmailのメールヘッダーにバッファオーバーフローの脆弱性が発見された。この問題を利用することにより、攻撃メールを転送させるなどの攻撃が可能となる。 [更新] □ 関連情報: SENDMAIL.ORG Sendmail 8.12.8 http://www.sendmail.org/8.12.8.html Sendmail セキュリティアラート http://www.sendmail.com/jp/security/ Internet Security Systems Security Advisory Remote Sendmail Header Processing Vulnerability http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950 CERT 2003/03/04 更新 Vulnerability Note VU#398025 Remote Buffer Overflow in Sendmail http://www.kb.cert.org/vuls/id/398025 CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail http://www.cert.org/advisories/CA-2003-07.html CIAC N-048: Sendmail MTA Vulnerability http://www.ciac.org/ciac/bulletins/n-048.shtml CVE (Common Vulnerabilities and Exposures) CAN-2002-1337 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 ISS X-Force Database sendmail-header-processing-bo (10748) Sendmail mail header processing buffer overflow http://www.iss.net/security_center/static/10748.php IPA Sendmail における深刻なセキュリティ脆弱性について http://www.ipa.go.jp/security/ciadr/20030303sendmail.html Free Sun Alert Notifications sendmail(1M) Parses Headers Incorrectly in Certain Corner Cases http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F51181&zone_32=category%3Asecurity SuSE Security Announcement SuSE-SA:2003:013 sendmail-tls http://lists2.suse.com/archive/suse-security-announce/2003-Mar/0001.html Apple Security Advisory APPLE-SA-2003-03-03 sendmail http://lists.apple.com/archives/security-announce/2003/Mar/03/applesa20030303sendmail.txt CERT/CC Vulnerability Note IBM Information for VU#398025 http://www.kb.cert.org/vuls/id/JPLA-5K6Q2Z SGI Security Advisory 20030301-01-P Mail Header Buffer Overflow In Sendmail ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Internet Security Systems セキュリティ アラート 「Sendmailのヘッダー処理に対する脆弱性」 http://www.isskk.co.jp/support/techinfo/general/SendmailHeader_xforce.html FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch OpenBSD 022: SECURITY FIX: March 3, 2003 A source code patch exists which remedies the problem. http://www.openbsd.org/errata31.html#sendmail Red Hat Linux Security Advisory RHSA-2003:073-06 Updated sendmail packages fix critical security issues http://rhn.redhat.com/errata/RHSA-2003-073.html Red Hat Linux Security Advisory RHSA-2003:074-06 Updated sendmail packages fix critical security issue https://rhn.redhat.com/errata/RHSA-2003-074.html MandrakeSoft Security Advisory MDKSA-2003:028 : sendmail http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:028 SecurityFocus [RHSA-2003:073-06] Updated sendmail packages fix critical security issues http://www.securityfocus.com/archive/1/313632/2003-03-01/2003-03-07/0 SecurityFocus sendmail 8.12.8 available http://www.securityfocus.com/archive/1/313631/2003-03-01/2003-03-07/0 SecurityFocus Mail Header Buffer Overflow In Sendmail http://www.securityfocus.com/archive/1/313624/2003-03-01/2003-03-07/0 SecurityFocus FreeBSD Security Advisory FreeBSD-SA-03:04.sendmail http://www.securityfocus.com/archive/1/313649/2003-03-01/2003-03-07/0 SecurityFocus Sendmail buffer overflow vulnerability in AIX. http://www.securityfocus.com/archive/1/313637/2003-03-01/2003-03-07/0 SecurityFocus SuSE Security Announcement: sendmail (SuSE-SA:2003:013) http://www.securityfocus.com/archive/1/313688/2003-03-01/2003-03-07/0 SecurityFocus MDKSA-2003:028 - Updated sendmail packages fix remotely exploitable buffer overflow vulnerability http://www.securityfocus.com/archive/1/313690/2003-03-01/2003-03-07/0 SecurityFocus [CLA-2003:571] Conectiva Linux Security Announcement - sendmail http://www.securityfocus.com/archive/1/313719/2003-03-01/2003-03-07/0 Internet Security Systems セキュリティ アラート 2003/03/05 追加 Sendmailのヘッダー処理に対する脆弱性 http://www.isskk.co.jp/support/techinfo/general/SendmailHeader_xforce.html JPCERT/CC Alert 2003/03/05 追加 sendmail の脆弱性に関する注意喚起 http://www.jpcert.or.jp/at/2003/at030002.txt Vendor Status Note JVNCA-2003-07 Sendmail に遠隔から攻略可能な脆弱性 http://jvn.doi.ics.keio.ac.jp/vn/JVNCA-2003-07.html IBM 2003/03/05 追加 IBM Information for VU#398025 ftp://ftp.software.ibm.com/aix/efixes/security/sendmail_efix.tar.Z SGI Security Advisory 2003/03/05 追加 20030301-01-P Mail Header Buffer Overflow In Sendmail ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P Free Sun Alert Notifications 2003/03/05 追加 sendmail(1M) Parses Headers Incorrectly in Certain Corner Cases http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F51181 OpenBSD 3.2 errata 2003/03/05 追加 009: セキュリティのための修正 http://www.openbsd.org/ja/errata.html#sendmail FreeBSD Security Advisory 2003/03/05 追加 sendmail header parsing buffer overflow ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:04.sendmail.asc NetBSD Security Advisory 2003/03/05 追加 Malformed header Sendmail Vulnerability ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc Red Hat Linux Security Advisory 2003/03/05 追加 RHSA-2003:073-06 sendmailパッケージのアップデート http://www.redhat.co.jp/support/errata/RHSA/RHSA-2003-073J.html Turbolinux Security Advisory 2003/03/05 追加 TLSA-2003-13 sendmail のヘッダー処理に対する脆弱性 http://www.turbolinux.co.jp/security/TLSA-2003-13j.txt SuSE Security Announcement 2003/03/05 追加 sendmail, sendmail-tls: local privilege escalation http://www.suse.de/de/security/2003_13_sendmail.html アップル 2003/03/05 追加 Security Update 2003-03-03 http://www.apple.co.jp/ftp-info/reference/security_update_2003-03-03.html SecuriTeam.com 2003/03/05 追加 Remote Sendmail Header Processing Vulnerability http://www.securiteam.com/securitynews/5SP02159FC.html SecurityFocus 2003/03/05 追加 GLSA: sendmail (200303-4) http://www.securityfocus.com/archive/1/313762/2003-03-01/2003-03-07/0 SecurityFocus 2003/03/05 追加 [SECURITY] [DSA-257-1] sendmail remote exploit http://www.securityfocus.com/archive/1/313763/2003-03-01/2003-03-07/0 SecurityFocus 2003/03/05 追加 HP-UX security bulletins digest [Fwd/sendmail issue] http://www.securityfocus.com/archive/1/313788/2003-03-01/2003-03-07/0 SecurityFocus 2003/03/05 追加 [OpenPKG-SA-2003.016] OpenPKG Security Advisory (sendmail) http://www.securityfocus.com/archive/1/313875/2003-03-01/2003-03-07/0 LinuxSecurity 2003/03/05 追加 SuSE: sendmail/sendmail-tls Remote vulnerability http://www.linuxsecurity.com/advisories/suse_advisory-2915.html LinuxSecurity 2003/03/05 追加 Mandrake: sendmail Remote vulnerability http://www.linuxsecurity.com/advisories/mandrake_advisory-2916.html LinuxSecurity 2003/03/05 追加 Debian: sendmail remote exploit http://www.linuxsecurity.com/advisories/debian_advisory-2918.html LinuxSecurity 2003/03/05 追加 FreeBSD: sendmail remote exploit http://www.linuxsecurity.com/advisories/freebsd_advisory-2919.html LinuxSecurity 2003/03/05 追加 Gentoo: sendmail remote root exploit http://www.linuxsecurity.com/advisories/gentoo_advisory-2920.html LinuxSecurity 2003/03/05 追加 NetBSD: sendmail remote exploit http://www.linuxsecurity.com/advisories/netbsd_advisory-2922.html LinuxSecurity 2003/03/05 追加 Slackware: sendmail remote exploit http://www.linuxsecurity.com/advisories/slackware_advisory-2923.html LinuxSecurity 2003/03/05 追加 OpenPKG: sendmail remote exploit http://www.linuxsecurity.com/advisories/other_advisory-2928.html LinuxSecurity 2003/03/05 追加 FreeBSD: REVISED: sendmail remote exploit http://www.linuxsecurity.com/advisories/freebsd_advisory-2930.html Debian GNU/Linux ─ Security Information DSA-257-1 sendmail ─ remote exploit http://lists.debian.org/debian-security-announce/debian-security-announce-2003/msg00039.html SOLARSPEED.NET - Free Sun Cobalt PKG files Sendmail "Remote Header Processing Vulnerability" patch (Security upgrade) http://www.solarspeed.net/downloads/index.php Sun(sm) Alert Notification 51181 sendmail(1M) Parses Headers Incorrectly in Certain Corner Cases http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F51181&zone_32=category%3Asecurity Tru64 UNIX] V5.1B PK1 BL01 ECO Summary SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51bb1-c0003900-16874-es-20030211.README Tru64 UNIX V5.1A PK4 BL21 ECO Summary SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51ab21-c0103500-17099-es-20030226.README Tru64 UNIX V5.1A PK3 BL03 ECO Summary SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51ab3-c0101900-16876-es-20030211.README Tru64 UNIX V5.1 PK6 BL20 ECO Summary SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51b20-c0169800-16980-es-20030218.README Tru64 UNIX V5.1 PK5 BL19 ECO Summary SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v51b19-c0169100-16882-es-20030211.README Tru64 UNIX V5.0A PK3 BL17 ECO Summary SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v50ab17-c0031300-16884-es-20030211.README Tru64 UNIX V4.0G PK3 BL17 ECO Summary SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability http://ftp.support.compaq.com/patches/public/Readmes/unix/t64v40gb17-c0028100-16887-es-20030211.README Tru64 UNIX V4.0F PK7 BL18 ECO Summary SSRT3469 - HP Tru64 UNIX sendmail Potential Security Vulnerability http://ftp.support.compaq.com/patches/public/Readmes/unix/duv40fb18-c0092200-16888-es-20030211.README MIRACLE LINUX CORPORATION セキュリティ情報 セキュリティ問題に対応したパッケージ http://www.miraclelinux.com/security/index.html CTC セキュリティ情報 0001-46 sendmailのセキュリティ脆弱性 http://www.ctc-g.co.jp/security/0001-46.html HP社セキュリティ報告 2003/03/06 追加 HPSBUX0302-246 sendmailにおける潜在的セキュリティ脆弱性(改訂1) http://www.jpn.hp.com/upassist/assist2/secbltn/HPSBTL0210-073.html Debian GNU/Linux ─ Security Information 2003/03/06 追加 DSA-257-1 sendmail ─ remote exploit http://www.debian.org/security/2003/dsa-257 Miracle Linux Support 2003/03/06 追加 sendmail バッファオーバーフロー http://www.miraclelinux.com/support/update/data/sendmail.html LinuxSecurity 2003/03/06 追加 YellowDog: sendmail remote exploit http://www.linuxsecurity.com/advisories/yellowdog_advisory-2935.html LinuxSecurity 2003/03/06 追加 Debian: sendmail-wide remote exploit http://www.linuxsecurity.com/advisories/debian_advisory-2932.html SecurityTracker.com Archives 2003/03/06 追加 Alert ID:1006199 Sendmail Buffer Overflow in Parsing Certain Header Comments May Let Remote Users Execute Arbitrary Code with Root Privileges http://www.securitytracker.com/alerts/2003/Mar/1006199.html <その他の製品> ▽ NetScreen NetScreen 5XP / 5XTに搭載されているScreenOSが4.0.0以降のバージョンの場合、設定が工場出荷時の状態に戻ってしまう問題が発見された。この問題により、NATなどによる外部へのアクセスや、外部からのあらゆる通信が遮断されてしまう。 NetScreen Security Alert 56305 Potential loss of configuration http://www.netscreen.com/support/alerts/03_06_03.html ▽ HP Jetdirect HP Jetdirectカードに、ネットワーク上のプリンタにアクセスすることが可能となる問題が発見された。この問題を利用することにより、SNMPパスワードを奪取することが可能となる。 SecurityFocus New HP Jetdirect SNMP password vulnerability when using Web JetAdmin http://www.securityfocus.com/archive/1/313618/2003-03-01/2003-03-07/0 SecurityFocus 2003/03/07 追加 New HP Jetdirect SNMP password vulnerability when using Web JetAdmin http://www.securityfocus.com/archive/1/314171/2003-03-04/2003-03-10/0【更に詳細な情報サービスのお申し込みはこちら https://shop.vagabond.co.jp/cgi-bin/mm/p.cgi?sof01_sdx 】
