-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

                                                         JPCERT-WR-2008-4801
                                                                   JPCERT/CC
                                                                  2008-12-10

                 <<< JPCERT/CC REPORT 2008-12-10 >>>

$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B
$B"#(B11/30($BF|(B)$B!A(B12/06($BEZ(B) $B$N%;%-%e%j%F%#4XO">pJs(B
$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B

== $BL\(B  $B<!(B ==================================================================

$B!Z(B1$B![(BJava Runtime Environment (JRE) $B$KJ#?t$N@H<e@-(B
$B!Z(B2$B![(BMovable Type Enterprise $B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
$B!Z(B3$B![(BDATAC RealWin $B$K%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
$B!Z(B4$B![(BLinksys $B$N%o%$%d%l%9%M%C%H%o!<%/%S%G%*%+%a%i(B WVC54GC $B$H$=$N(B ActiveX $B%3%s%H%m!<%k$KJ#?t$N@H<e@-(B
$B!Z(B5$B![!V(BC/C++ $B%;%-%e%"%3!<%G%#%s%0(B $B%O!<%U%G%$%-%c%s%W!W;22C<TJg=8$N$*CN$i$;(B
$B!Z(B6$B![(BSecurityDay2008 $B$N$*CN$i$;(B (2008$BG/(B12$B7n(B16$BF|3+:E(B)
$B!Z:#=5$N$R$H$/$A%a%b![C4Ev<T$,A*$V(B 2008$BG/$N=EBg%K%e!<%9(B

  $B"(>R2p$9$k%;%-%e%j%F%#4XO">pJs$NA*Dj4p=`$O0J2<$N%Z!<%8$r$4Mw$/$@$5$$!#(B
        http://www.jpcert.or.jp/wr/

  $B"((BHTML $BHG$*$h$S(B XML $BHG$O0J2<$N%Z!<%8$r$4Mw$/$@$5$$!#(B
        http://www.jpcert.or.jp/wr/2008/wr084801.html
        http://www.jpcert.or.jp/wr/2008/wr084801.xml
============================================================================


$B!Z(B1$B![(BJava Runtime Environment (JRE) $B$KJ#?t$N@H<e@-(B

    $B>pJs8;(B
      US-CERT Technical Cyber Security Alert TA08-340A
      Sun Java Updates for Multiple Vulnerabilities
      http://www.us-cert.gov/cas/techalerts/TA08-340A.html

      US-CERT Cyber Security Alert SA08-340A
      Sun Java Updates for Multiple Vulnerabilities
      http://www.us-cert.gov/cas/alerts/SA08-340A.html

    $B35MW(B
      Java Runtime Environment (JRE) $B$K$O!"J#?t$N@H<e@-$,$"$j$^$9!#7k(B
      $B2L$H$7$F!"1s3V$NBh;0<T$,G$0U$N%3!<%I$r<B9T$7$?$j!"8"8B$r>:3J$7$?(B
      $B$j!"%5!<%S%91?MQK832(B (DoS) $B967b$r9T$C$?$j$9$k$J$I$N2DG=@-$,$"$j(B
      $B$^$9!#(B

      $BBP>]$H$J$k@=IJ$*$h$S%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B

      - JDK/JRE 6 Update 10 $B$*$h$S$=$l0JA0(B
      - JDK/JRE 5.0 Update 16 $B$*$h$S$=$l0JA0(B
      - SDK/JRE 1.4.2_18 $B$*$h$S$=$l0JA0(B
      - SDK/JRE 1.3.1_23 $B$*$h$S$=$l0JA0(B

      $B$3$NLdBj$O!"(BSun $B$,Ds6!$9$k=$@5:Q$_$N%P!<%8%g%s$K!"3:Ev$9$k@=IJ$r(B
      $B99?7$9$k$3$H$G2r7h$7$^$9!#(B


      $B$J$*!"(BSDK/JRE 1.4.2 $B7ONs$*$h$S(B SDK/JRE 1.3.1 $B7ONs$O$9$G$K%5%]!<(B
      $B%H$,=*N;$7$F$$$^$9!#:#8e=$@5%W%m%0%i%`$ODs6!$5$l$^$;$s!#8e7Q$N%P!<(B
      $B%8%g%s$X$NBP1~$r$*$9$9$a$7$^$9!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      Japan Vulnerability Notes JVNTA08-193A
      Java $B$K$*$1$kJ#?t$N@H<e@-$KBP$9$k%"%C%W%G!<%H(B
      http://jvn.jp/cert/JVNTA08-193A/index.html

    $B4XO"J8=q(B ($B1Q8l(B)
      Sun Alert Notification 244986
      The Java Runtime Environment Creates Temporary Files That Have "Guessable" File Names
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-244986-1

      Sun Alert Notification 244987
      Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-244987-1

      Sun Alert Notification 244988
      Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-244988-1

      Sun Alert Notification 244989
      The Java Runtime Environment (JRE) "Java Update" Mechanism Does Not Check the Digital Signature of the JRE that it Downloads
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-244989-1

      Sun Alert Notification 244990
      A Buffer Overflow Vulnerability in the Java Runtime Environment (JRE) May Allow Privileges to be Escalated
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-244990-1

      Sun Alert Notification 244991
      A Security Vulnerability in the Java Runtime Environment (JRE) Related to Deserializing Calendar Objects May Allow Privileges to be Escalated
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-244991-1

      Sun Alert Notification 245246
      The Java Runtime Environment UTF-8 Decoder May Allow Multiple Representations of UTF-8 Input
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-245246-1

      Sun Alert Notification 246266
      Security Vulnerability in Java Runtime Environment May Allow Applets to List the Contents of the Current User's Home Directory
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-246266-1

      Sun Alert Notification 246286
      Security Vulnerability in the Java Runtime Environment With Processing RSA Public Keys
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-246286-1

      Sun Alert Notification 246366
      Security Vulnerabilities in the Java Runtime Environment (JRE) JAX-WS and JAXB Packages may Allow Privileges to be Escalated
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-246366-1

      Sun Alert Notification 246386
      A Security Vulnerability in Java Runtime Environment (JRE) With Parsing of Zip Files May Allow Reading of Arbitrary Memory Locations
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-246386-1

      Sun Alert Notification 246387
      A Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost
      http://sunsolve.sun.com/search/document.do?assetkey=1-66-246387-1

$B!Z(B2$B![(BMovable Type Enterprise $B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B

    $B>pJs8;(B
      Japan Vulnerability Notes JVN#02216739
      Movable Type Enterprise $B$K$*$1$k%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
      http://jvn.jp/jp/JVN02216739/index.html

    $B35MW(B
      Movable Type Enterprise $B$K$O!"4IM}2hLL$K%/%m%9%5%$%H%9%/%j%W%F%#(B
      $B%s%0$N@H<e@-$,$"$j$^$9!#7k2L$H$7$F!"1s3V$NBh;0<T$,%f!<%6$N%V%i%&(B
      $B%6>e$GG$0U$N%9%/%j%W%H$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

      $BBP>]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B

      - Movable Type Enterprise 1.5

      $B$J$*!"$3$N@H<e@-$O!"(BJPCERT/CC REPORT 2008-09-18$B9f!Z(B2$B![$*$h$S(B
      JPCERT/CC REPORT 2008-10-22$B9f!Z(B4$B![$H$O0[$J$kLdBj$G$9!#(B

      $B$3$NLdBj$O!"%7%C%/%9!&%"%Q!<%H$,Ds6!$9$k=$@5:Q$_$N%P!<%8%g%s$K(B
      Movable Type Enterprise $B$r99?7$9$k$3$H$G2r7h$7$^$9!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      $B%7%C%/%9!&%"%Q!<%H(B
      [$B=EMW(B] $B%;%-%e%j%F%#%"%C%W%G!<%H(B Movable Type 4.23 $B$NDs6!$r3+;O(B
      http://www.movabletype.jp/blog/_movable_type_423.html

      $B%7%C%/%9!&%"%Q!<%H(B
      [$B=EMW(B] $B%;%-%e%j%F%#%"%C%W%G!<%H(B Movable Type 4.23 $B$NDs6!$r3+;O(B
      http://www.sixapart.jp/movabletype/news/2008/12/03-1400.html

      JPCERT/CC REPORT 2008-09-18
      $B!Z(B2$B![(BMovable Type $B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
      http://www.jpcert.or.jp/wr/2008/wr083601.html#2

      JPCERT/CC REPORT 2008-10-22
      $B!Z(B4$B![(BMovable Type $B$K%/%m%9%5%$%H%9%/%j%W%F%#%s%0$N@H<e@-(B
      http://www.jpcert.or.jp/wr/2008/wr084101.html#4

$B!Z(B3$B![(BDATAC RealWin $B$K%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B

    $B>pJs8;(B
      US-CERT Vulnerability Note VU#976484
      DATAC RealWin buffer overflow
      http://www.kb.cert.org/vuls/id/976484

    $B35MW(B
      DATAC RealWin $B$K$O!"(BFC_INFOTAG/SET_CONTROL $B%Q%1%C%H$N=hM}$K5/0x(B
      $B$9$k%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-$,$"$j$^$9!#7k2L$H$7$F!"1s3V$N(B
      $BBh;0<T$,:Y9)$7$?%Q%1%C%H$r=hM}$5$;$k$3$H$GG$0U$N%3!<%I$r<B9T$7$?(B
      $B$j!"%5!<%S%91?MQK832(B (DoS) $B967b$r9T$C$?$j$9$k2DG=@-$,$"$j$^$9!#(B

      $BBP>]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B

      - RealWin 2.x

      2008$BG/(B12$B7n(B3$BF|8=:_!"$3$NLdBj$KBP$9$k=$@5%W%m%0%i%`$O3NG'$5$l$F$*(B
      $B$j$^$;$s!#2sHr:v$H$7$F$O!"?.Mj$G$-$J$$%M%C%H%o!<%/$+$i(B RealWin 
      $B$X$N%"%/%;%9$r6X;_$9$k$J$IE,@Z$J%"%/%;%9@)8B$r9T$&J}K!$,$"$j$^$9!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      Japan Vulnerability Notes JVNVU#976484
      DATAC RealWin $B$K%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
      http://jvn.jp/cert/JVNVU976484/index.html

    $B4XO"J8=q(B ($B1Q8l(B)
      DATAC Control International Ltd.
      RealWin SCADA System by RealFlex Technologies Ltd
      http://www.dataconline.com/software/realwin.php

$B!Z(B4$B![(BLinksys $B$N%o%$%d%l%9%M%C%H%o!<%/%S%G%*%+%a%i(B WVC54GC $B$H$=$N(B ActiveX $B%3%s%H%m!<%k$KJ#?t$N@H<e@-(B

    $B>pJs8;(B
      US-CERT Vulnerability Note VU#528993
      Linksys WVC54GC wireless video camera vulnerable to information disclosure
      http://www.kb.cert.org/vuls/id/528993

      US-CERT Vulnerability Note VU#639345
      Linksys WVC54GC NetCamPlayerWeb11gv2 ActiveX control stack buffer overflow
      http://www.kb.cert.org/vuls/id/639345

    $B35MW(B
      Linksys $B$,Ds6!$9$k%o%$%d%l%9%M%C%H%o!<%/%S%G%*%+%a%i(B WVC54GC $B$*(B
      $B$h$S$=$N(B ActiveX $B%3%s%H%m!<%k$K$O!"J#?t$N@H<e@-$,$"$j$^$9!#7k2L(B
      $B$H$7$F!"1s3V$NBh;0<T$,:Y9)$7$?%Q%1%C%H$rEv3:@=IJ$KAw?.$9$k$3$H$G(B
      $B5!L)>pJs$r<hF@$7$?$j!":Y9)$7$?(B HTML $BJ8=q$r1\Mw$5$;$k$3$H$G3:Ev$9(B
      $B$k(B ActiveX $B%3%s%H%m!<%k$r;HMQ$7$F$$$k%f!<%6$N8"8B$GG$0U$N%3!<%I(B
      $B$r<B9T$7$?$j$9$k2DG=@-$,$"$j$^$9!#(B

      $B$3$NLdBj$O!"(BLinksys $B$,Ds6!$9$k=$@5:Q$_$N%P!<%8%g%s$K!"(BWVC54GC $B$N(B
      $B%U%!!<%`%&%'%"$r99?7$9$k$3$H$G2r7h$7$^$9!#$J$*!"3:Ev$9$k(B ActiveX
      $B%3%s%H%m!<%k$,%$%s%9%H!<%k$5$l$F$$$k>l9g$K$O!"%U%!!<%`%&%'%"$r99(B
      $B?7$7$?@=IJ$K@\B3$7$F(B ActiveX $B%3%s%H%m!<%k$r99?7$9$kI,MW$,$"$j$^$9!#(B
      $B>\:Y$K$D$$$F$O!"(BLinksys $B$,Ds6!$9$k>pJs$r;2>H$7$F$/$@$5$$!#(B

    $B4XO"J8=q(B ($B1Q8l(B)
      Linksys
      WVC54GCA
      http://www.linksys.com/servlet/Satellite?c=L_Product_C2&childpagename=US%2FLayout&cid=1175239651656&pagename=Linksys%2FCommon%2FVisitorWrapper&lid=5165686883B0


      Linksys
      Firmware Release History
      http://www.linksys.com/servlet/Satellite?blobcol=urldata&blobheadername1=Content-Type&blobheadername2=Content-Disposition&blobheadervalue1=text%2Fplain&blobheadervalue2=inline%3B+filename%3DWVC54GC-V1.0_non-RoHS-v1.25_fw_ver.txt&blobkey=id&blobtable=MungoBlobs&blobwhere=1193776031728&ssbinary=true&lid=8104724130B17


$B!Z(B5$B![!V(BC/C++ $B%;%-%e%"%3!<%G%#%s%0(B $B%O!<%U%G%$%-%c%s%W!W;22C<TJg=8$N$*CN$i$;(B

    $B>pJs8;(B
      JPCERT/CC
      C/C++ $B%;%-%e%"%3!<%G%#%s%0(B $B%O!<%U%G%$%-%c%s%W$N$40FFb(B
      https://www.jpcert.or.jp/event/half-day_Camp-seminar.html

    $B35MW(B
      JPCERT $B%3!<%G%#%M!<%7%g%s%;%s%?!<$O!"(BC/C++ $B8@8l$G@H<e@-$r4^$^$J(B
      $B$$0BA4$J%W%m%0%i%`$r%3!<%G%#%s%0$9$k6qBNE*$J%F%/%K%C%/$H%N%&%O%&(B
      $B$r3X$s$G$$$?$@$/$?$a$N%;%_%J!<$r!V(BC/C++ $B%;%-%e%"%3!<%G%#%s%0(B $B%H(B
      $B%o%$%i%$%H%;%_%J!<!W$HBj$7$F(B 2008$BG/(B6$B7n(B4$BF|$+$i(B 12$B7n(B3$BF|$^$GA4(B7$B2s$K(B
      $BEO$j3+:E$7$^$7$?!#(B

      $B%=%U%H%&%(%"Ey$N@H<e@-BP:v$K4X$9$k;v6H$N0l4D$H$7$F3+:E$7$?$3$N%;(B
      $B%_%J!<$r0l?M$G$bB?$/$N%W%m%0%i%`3+H/<T$NJ}!9$K<u9V$7$F$$$?$@$1$k(B
      $B$h$&!"%H%o%$%i%$%H%;%_%J!<$G$*Aw$j$7$?FbMF$rA4(B3$B2s$K:FJT@.$7!"(B
      $B!V(BC/C++ $B%;%-%e%"%3!<%G%#%s%0(B $B%O!<%U%G%$%-%c%s%W!W$HBj$7$F3+:E$$(B
      $B$?$7$^$9!#%H%o%$%i%$%H%;%_%J!<$HF1$8$/;22CHq$OL5NA$G$9!#(B

      $BBh(B1$B2s$O(B 2009$BG/(B1$B7n(B29$BF|3+:EM=Dj$G$9!#(B

      $BF|;~(B:   part1 $B!cJ8;zNs!&@0?t!d(B
              2009$BG/(B1$B7n(B29$BF|(B ($BLZ(B) 13:00$B!A(B18:00 ($B<uIU(B 12:30$B!A(B)
      $B2q>l(B:   $B3t<02q<R%$%s%?!<%M%C%H%$%K%7%"%F%#%V!!Bg2q5D<<(B1
              $BEl5~ET@iBeED6h?@ED?@J]D.(B1-105 $B?@J]D.;00f%S%k%G%#%s%0(B 17$B3,(B
      $B<u9VNA(B: $BL5NA(B
      $BDj0w(B:   80$BL>(B

$B!Z(B6$B![(BSecurityDay2008 $B$N$*CN$i$;(B (2008$BG/(B12$B7n(B16$BF|3+:E(B)

    $B>pJs8;(B
      SecurityDay2008
      http://securityday.jp/

    $B35MW(B
      2008$BG/(B12$B7n(B16$BF|(B($B2P(B)$B!"El5~(B $B%Y%k%5!<%kH,=E='$K$*$$$F(B JPCERT $B%3!<%G%#(B
      $B%M!<%7%g%s%;%s%?!<(B (JPCERT/CC)$B!"F|K\%$%s%?!<%M%C%H%W%m%P%$%@!<6((B
      $B2q(B (JAIPA)$B!"F|K\%G!<%?DL?.6(2q(B (Telecom-ISAC Japan)$B!"F|K\%M%C%H(B
      $B%o!<%/%;%-%e%j%F%#6(2q(B (JNSA)$B!"F|K\EE;RG'>Z6(5D2q(B (JCAF) $B<g:E$N(B
      $B!V(BSecurityDay2008 $B!AF|K\$N>pJs%;%-%e%j%F%#$N$"$jJ}$r9M$($k!A!W$r(B
      $B3+:E$7$^$9!#(B

      $BF|;~!'(B2008$BG/(B12$B7n(B16$BF|(B($B2P(B) 9:50 $B3+;O(B
      $B2q>l!'%Y%k%5!<%kH,=E='(B 2F
            $BEl5~ETCf1{6hH,=E='(B 1-3-7 $BH,=E='%U%!!<%9%H(B $B%U%#%J%s%7%c%k%S%k(B
            http://www.bellesalle.co.jp/bs_yaesu/images/shikihai.html
      $BHqMQ!'(B5,000$B1_(B ($B@G9~(B)

      SecurityDay2008 $B$X$N;22C$K$O!";vA0$N$*?=$79~$_$,I,MW$G$9!#;22CHq(B
      $B$O!"EvF|2q>l<uIU$G$N8=6b@:;;$H$J$j$^$9$N$G!"M=Ls40N;8e$K%a!<%k$G(B
      $BAw$i$l$k<u9VM=LsI<$rI,$:$4;};2$/$@$5$k$h$&$*4j$$$$$?$7$^$9!#(B

      $B%W%m%0%i%`!";22C?=$79~$_Ey!">\:Y$O0J2<$N(B Web $B%Z!<%8$r$4;2>H$/$@(B
      $B$5$$!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      SecurityDay2008
      $B;22C?=$79~$_J}K!(B
      http://securityday.jp/?register

      JPCERT/CC
      SecurityDay2008 $B3+:E$N$*CN$i$;(B
      http://www.jpcert.or.jp/event/sec2008-seminar.html


$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B
$B"#:#=5$N$R$H$/$A%a%b(B
$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B

$B!{C4Ev<T$,A*$V(B 2008$BG/$N=EBg%K%e!<%9(B

      2008$BG/$b$$$h$$$h;D$j>/$J$/$J$C$F;2$j$^$7$?!#:#G/$b$3$N>l$r$*<Z$j(B
      $B$7$F!"C4Ev<T$,A*$s$@%3%s%T%e!<%?%;%-%e%j%F%#$K$*$1$k(B 2008$BG/$N=E(B
      $BBg%K%e!<%9$r$4>R2p$$$?$7$^$9!#(B

      - DNS $B%-%c%C%7%e%]%$%:%K%s%0(B
        2008$BG/(B7$B7n(B DNS $B%-%c%C%7%e%5!<%P$N@H<e@-$K4X$9$kLdBj$,Bg$-$JOCBj(B
        $B$H$J$j$^$7$?!#JF9q$N%;%-%e%j%F%#8&5f<T$,8zN(E*$K(B DNS $B%-%c%C%7%e(B
        $B%]%$%:%K%s%0$r9T$&<jK!$r8x3+$7$^$7$?!#F1;~$K(B DNS $B%5!<%P%=%U%H(B
        $B%&%(%"$N%Y%s%@!<$OBP:vHG$r8x3+$7!"(BDNS $B%5!<%P4IM}<T$OBP:v$KDI$o(B
        $B$l$k$3$H$K$J$j$^$7$?!#(B

          [$BB3Js(B] $BJ#?t$N(B DNS $B%5!<%P@=IJ$K$*$1$k%-%c%C%7%e%]%$%:%K%s%0$N@H<e@-$K4X$9$kCm0U4-5/(B
          http://www.jpcert.or.jp/at/2008/at080014.txt

      - $BBg5,LO(B SQL $B%$%s%8%'%/%7%g%s$H<jK!$N?J2=(B
        SQL $B%$%s%8%'%/%7%g%s$K$h$j!"@55,$N%3%s%F%s%D$K0-0U$"$k%5%$%H$X(B
        $B$N%j%s%/$,Kd$a9~$^$l$k$H$$$&;vNc$,B?H/$7$^$7$?!#(BIIS $B$H(B SQL
        server $B$NAH$_9g$o$;$KBP$9$k967b$r9T$&%D!<%k$d%/%C%-!<$K(B SQL $B$r(B
        $BKd$a9~$s$G967b$9$k<jK!$J$I$,3NG'$5$l$F$$$^$9!#(B

          SQL $B%$%s%8%'%/%7%g%s$K$h$k(B Web $B%5%$%H2~$6$s$K4X$9$kCm0U4-5/(B
          http://www.jpcert.or.jp/at/2008/at080005.txt

      - Debian GNU/Linux $B$N(B OpenSSL $B%Q%C%1!<%8LdBj(B
        2008$BG/(B5$B7n(B Debian $B$N(B OpenSSL $B%i%$%V%i%j$G@8@.$5$l$kMp?t$,?dB,$5(B
        $B$l$d$9$$;v$,H/3P$7$^$7$?!#LdBj$O(B 2006$BG/(B5$B7n$N=$@5$K$h$C$F5/$3$j!"(B
        $B$=$N8eH/8+$5$l$J$$$^$^!"J|CV$5$l$F$$$^$7$?!#!V%*!<%W%s%=!<%9$N(B
        $B%=%U%H%&%(%"$G$OB?$/$N?M$K$h$C$F%3!<%I$r%l%S%e!<$5$l$F$$$k$?$a(B
        $B0BA4!W$H$$$&?@OC$,Jx$l5n$j$^$7$?!#(B

          OpenSSL $B%Q%C%1!<%8$N@H<e@-$H$=$N1F6A$K$D$$$F(B (SSH$B80!"(BSSL$B>ZL@=qEy!K(B
          http://www.debian.or.jp/blog/openssl_package_and_its_vulnerability.html

      - $B%9%Q%`%a!<%k$,0l;~E*$K8:>/(B
        2008$BG/(B11$B7n(B $BB?$/$N(B C&C $B%5!<%P$r%[%9%F%#%s%0$7$F$$$?(B McColo 
        $B<R$,>eN.(B ISP $B$K$h$j%$%s%?!<%M%C%H@\B3$r<WCG$5$l$^$7$?!#@lLg2H(B
        $B$ND4::$G$O!"$3$ND>8e$K%9%Q%`%a!<%k$NNL$,:GBg(B 75%$B8:>/$7$^$7$?!#(B

          $B%7%j%3%s%P%l!<(B $B%9%Q%`H/?.855?OG$NAH?%2rBN$G@$3&$N%9%Q%`Aw?.NL$,(B 75$B!s8:>/(B
          http://www.sophos.co.jp/pressoffice/news/articles/2008/11/slb-1112-McColo.html

      - $BLBOG%a!<%kBP:v(B 2$BK!$N2~@5(B
        2008$BG/(B12$B7n(B $BFCDjEE;R%a!<%kK!!"FCDj>&<h0zK!$,2~@5;\9T$5$l!"9-9p(B
        $B$J$I$N%a!<%k$rAw$k;v6H<T$O!"<u?.<T$N;vA0F10U$,I,MW$H$J$j$^$7$?!#(B
        $B$3$l$K$h$j!";vA0$KF10U$rF@$F$$$J$$%f!<%6$K9-9p@kEA%a!<%k$rAw?.(B
        $B$9$k$3$H$OG'$a$i$l$J$/$J$j$^$7$?!#(B

          $BLBOG%a!<%kBP:v(B
          http://www.soumu.go.jp/joho_tsusin/d_syohi/m_mail.html
          http://www.meti.go.jp/policy/economy/consumer/consumer/tokutei/meiwaku/index.html

      - Google $B%9%H%j!<%H%S%e!<$N%5!<%S%93+;O(B
        2008$BG/(B8$B7n(B Google $B%^%C%W$N%9%H%j!<%H%S%e!<$N%5!<%S%9$,F|K\$G3+(B
        $B;O$5$l$^$7$?!#JXMx$J%5!<%S%9$H$7$FI>2A$5$l$k0lJ}$G!"?7$?$J%W%i(B
        $B%$%P%7!<LdBj$H$7$F5DO@$r8F$S$^$7$?!#$^$?(B Google $B%^%$%^%C%W$N%G(B
        $B%U%)%k%H$N8x3+@_Dj$d!"EPO?COE@$N4IM}J}K!$J$I$K$D$$$F$bLdBj$H$J(B
        $B$j$^$7$?!#(B

          Google$B%9%H%j!<%H%S%e!<!$LLGr$$$1$IL\E*$O2?!)(B
          http://itpro.nikkeibp.co.jp/article/OPINION/20080905/314188/?ST=cloud&P=1

      - $BL5@~(B LAN $B$N0E9f2rFI(B
        $BL5@~(B LAN $B$G;HMQ$5$l$F$$$k(B WEP $B$K$D$$$F!"0JA0$h$jC;;~4V$G2rFI$G(B
        $B$-$k<jK!$,8x3+$5$l$^$7$?!#(B2008$BG/(B11$B7n$K$O(B WPA $B$KBP$7$F$b2rFI$,(B
        $B2DG=$H$$$&H/I=$,$"$j$^$7$?!#:#8e!"L5@~(B LAN $B$rF3F~$9$k>l9g$O!"(B
        WPA2 $BBP1~$N5!4o$rA*Dj$9$k$3$H$r$*$9$9$a$7$^$9!#(B

          $BL5@~(BLAN$B%;%-%e%j%F%#5,3J!V(BWPA$B!WFMGK!)!)$=$NBP:v$O!)(B
          http://www.itmedia.co.jp/news/articles/0811/11/news083.html

      - USB $B%a%b%j$r2p$7$?%&%$%k%946@w(B
        USB $B%a%b%j$r2p$7$?%&%$%k%946@w$,Bg$-$JOCBj$K$J$j$^$7$?!#(BUSB $B%a(B
        $B%b%j$@$1$G$J$/!"7HBS2;3Z%W%l!<%d$d%G%8%?%k%U%)%H%U%l!<%`$J$I$b(B
        $BF1MM$N46@w7PO)$H$J$j$^$9!#(B

          USB $B%a%b%j$r7PM3$7$F46@w$9$k%^%k%&%'%"(B
          http://www.jpcert.or.jp/wr/2008/wr080401.html#Memo

      - $B86ED%&%$%k%9:n<TBaJa(B
        2008$BG/(B1$B7n(B $B<g$K%U%!%$%k6&M-%=%U%H7PM3$GN.DL$9$k86ED%&%$%k%9$N:n(B
        $B<T$,BaJa$5$l!"Cx:n8"K!0cH?$HL>M@TLB;$N:a$G7:;v9pAJ$5$l$^$7$?!#(B
        $B8=9T$NK!@)EY$G$O%&%$%k%9$r:n@.$9$k$3$H$rD>@\<h$jDy$^$k$3$H$,$G(B
        $B$-$J$$$H$$$&LdBjE@$,2~$a$FIb$-D&$j$K$J$j$^$7$?!#(B

          $B%&%$%k%9:n<TBaJa!"!VJ|N.?@!W$rqY$k(B
          http://www.yomiuri.co.jp/net/security/goshinjyutsu/20080125nt0d.htm

      - $BI8E*7?967b$NA}2C$HBP:v<jK!$N6/2=(B
        JPCERT/CC $B$d(B IPA $B$J$I$ND4::$K$h$k$HI8E*7?967b$O:#$bA}2C$7$F$$(B
        $B$^$9!#BP:v$N0l$D$H$7$F!"967b$rLO$7$?L532$J%a!<%k$HE:IU%U%!%$%k(B
        $B$r=>6H0w$KAw?.$9$k!V(BIT $B%;%-%e%j%F%#M=KI@\<o!W$J$I$N71N}<jK!$K(B
        $BCmL\$,=8$^$C$F$$$^$9!#(B

          $BI8E*7?967bBP:v<jK!$K4X$9$kD4::Js9p=q(B
          http://www.jpcert.or.jp/research/2008/inoculation_200808.pdf

      $B:#G/0lG/(B JPCERT/CC REPORT $B$N$40&FI!"@?$K$"$j$,$H$&$4$6$$$^$7$?!#(B
      $BG/Fb$N(B JPCERT/CC REPORT $BH/9T$O$"$H(B 2$B2s$G$9!#(B

      2009$BG/$b(B JPCERT/CC REPORT $B$r$h$m$7$/$*4j$$$$$?$7$^$9!#(B


$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B
$B"#(BJPCERT/CC $B$+$i$N$*4j$$(B
$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B

$B!~K\%l%]!<%H$K4X$9$k$*Ld$$9g$o$;$O(B editor@jpcert.or.jp $B08$K$*4j$$CW$7$^(B
  $B$9!#$?$@$7!"(BJPCERT/CC $B$G$O!"Ds6!$9$k>pJs$K$D$$$F6qBNE*$JFbMF$=$N$b$N$K(B
  $B$D$$$F$N$4<ALd$K$O$*Ez$($G$-$J$$>l9g$b$"$j$^$9!#$^$?%P%C%/%J%s%P!<$O!"(B
  $B0J2<$N(B URL $B$+$i$4MxMQ$$$?$@$1$^$9!#(B

        http://www.jpcert.or.jp/wr/

$B!~K\%a!<%j%s%0%j%9%H$N9XFI?=9~$d9XFIDd;_!"$^$?EPO?$7$?EE;R%a!<%k%"%I%l%9(B
  $B$NJQ99$J$I$K$D$-$^$7$F$O!"0J2<$N(B URL $B$r;2>H$7$F$/$@$5$$!#(B

        http://www.jpcert.or.jp/announce.html

$B!~(BJPCERT/CC $B$X$N%;%-%e%j%F%#%$%s%7%G%s%H$NJs9pJ}K!$K$D$$$F$O0J2<$N(B URL
  $B$r;2>H$7$F$/$@$5$$!#(B

        http://www.jpcert.or.jp/form/

$B0J>e!#(B
__________

2008 (C) JPCERT/CC
-----BEGIN PGP SIGNATURE-----

iQCVAwUBST8L8Yx1ay4slNTtAQgA9gP/fyK7CLGVo561P9rKgsnBNu9XClTCqxlM
NKANep1pHzuXiOjbFYaO93oHP76rdgVxgV/oPvclY37nDl/NCPfAZZTvlJTW65Z5
ha1B2gnotek73X+oOec95uwKj7ykMvXTZAlJxrdSjAZeOzyBXx2l6RX29KQt0U45
XSiJhFm2pnM=
=u3rO
-----END PGP SIGNATURE-----