-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

                                                         JPCERT-WR-2010-3001
                                                                   JPCERT/CC
                                                                  2010-08-11

            <<< JPCERT/CC WEEKLY REPORT 2010-08-11 >>>

$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B
$B"#(B08/01($BF|(B)$B!A(B08/07($BEZ(B) $B$N%;%-%e%j%F%#4XO">pJs(B
$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B

== $BL\(B  $B<!(B ==================================================================

$B!Z(B1$B![(BPHP $B$KJ#?t$N@H<e@-(B
$B!Z(B2$B![(BFreeType 2 $B$K%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
$B!Z(B3$B![(BWind River Systems VxWorks $B$KJ#?t$N@H<e@-(B
$B!Z(B4$B![(BCisco Adaptive Security Appliances (ASA) 5500 $B%7%j!<%:$KJ#?t$N@H<e@-(B
$B!Z(B5$B![(BCitrix Online Plug-In $B$*$h$S(B ICA Client $B$K@H<e@-(B
$B!Z(B6$B![(BOracle Siebel Option Pack for IE ActiveX $B%3%s%H%m!<%k$K@H<e@-(B
$B!Z(B7$B![(BInvensys Wonderware Archestra ConfigurationAccessComponent ActiveX $B%3%s%H%m!<%k$K@H<e@-(B
$B!Z(B8$B![(BC/C++ $B%;%-%e%"%3!<%G%#%s%0%;%_%J!<(B 2010 $B!wL>8E20(B $B;22C<TJg=8Cf(B
$B!Z:#=5$N$R$H$/$A%a%b![(BSSH $B%Q%9%o!<%IG'>Z(B: $B6<0R$HBP:v(B

  $B"(>R2p$9$k%;%-%e%j%F%#4XO">pJs$NA*Dj4p=`$O0J2<$N%Z!<%8$r$4Mw$/$@$5$$!#(B
        https://www.jpcert.or.jp/wr/

  $B"((BHTML $BHG$*$h$S(B XML $BHG$O0J2<$N%Z!<%8$r$4Mw$/$@$5$$!#(B
        https://www.jpcert.or.jp/wr/2010/wr103001.html
        https://www.jpcert.or.jp/wr/2010/wr103001.xml
============================================================================


$B!Z(B1$B![(BPHP $B$KJ#?t$N@H<e@-(B

    $B>pJs8;(B
      DOE-CIRC Technical Bulletin T-411
      PHP 'SplObjectStorage' Unserializer Arbitrary Code Execution Vulnerability
      http://www.doecirc.energy.gov/bulletins/t-411.shtml

    $B35MW(B
      PHP $B$K$O!"J#?t$N@H<e@-$,$"$j$^$9!#7k2L$H$7$F!"1s3V$NBh;0<T$,5!L)(B
      $B>pJs$r<hF@$7$?$j!"G$0U$N%3!<%I$r<B9T$7$?$j$9$k2DG=@-$,$"$j$^$9!#(B

      $BBP>]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B

      - PHP 5.3.3 $B$h$jA0$N%P!<%8%g%s(B
      - PHP 5.2.14 $B$h$jA0$N%P!<%8%g%s(B

      $B$3$NLdBj$O!";HMQ$7$F$$$k(B OS $B$N%Y%s%@$dG[I[85$,Ds6!$9$k=$@5:Q$_$N(B
      $B%P!<%8%g%s$K(B PHP $B$r99?7$9$k$3$H$G2r7h$7$^$9!#>\:Y$K$D$$$F$O!"3F(B
      $B%Y%s%@$dG[I[85$,Ds6!$9$k>pJs$r;2>H$7$F$/$@$5$$!#(B

      $B$J$*!"(BPHP 5.2 $B7O$K$D$$$F$O!":#2s$N(B PHP 5.2.14 $B$,:G8e$N%j%j!<%9$H(B
      $B$J$kM=Dj$G$9!#(BPHP 5.3 $B7O$X$N0\9T$r$48!F$$/$@$5$$!#(B

    $B4XO"J8=q(B ($B1Q8l(B)
      The PHP Group
      PHP 5.3.3 Released!
      http://www.php.net/archive/2010.php#id2010-07-22-2

      The PHP Group
      PHP 5.2.14 Released!
      http://www.php.net/archive/2010.php#id2010-07-22-1

$B!Z(B2$B![(BFreeType 2 $B$K%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B

    $B>pJs8;(B
      US-CERT Vulnerability Note VU#275247
      FreeType 2 CFF font stack corruption vulnerability
      http://www.kb.cert.org/vuls/id/275247

    $B35MW(B
      $B%U%)%s%H%(%s%8%s$G$"$k(B FreeType 2 $B$K$O!"(BCFF $B%U%)%s%H$N=hM}$K5/0x(B
      $B$9$k%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-$,$"$j$^$9!#7k2L$H$7$F!"1s3V$N(B
      $BBh;0<T$,:Y9)$7$?(B CFF $B%U%)%s%H$r=hM}$5$;$k$3$H$GG$0U$N%3!<%I$r<B(B
      $B9T$9$k2DG=@-$,$"$j$^$9!#(BFoxit Reader $B$J$I$N(B FreeType $B$r;HMQ$9$k(B
      $B%"%W%j%1!<%7%g%s$,1F6A$r<u$1$k2DG=@-$,$"$j$^$9!#$^$?!"K\@H<e@-$r(B
      $B;HMQ$7$?967b3hF0$,3NG'$5$l$F$$$^$9!#(B

      $BBP>]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B

      - FreeType 2.4.2 $B$h$jA0$N%P!<%8%g%s(B

      $B$3$NLdBj$O!";HMQ$7$F$$$k(B OS $B$N%Y%s%@$dG[I[85$,Ds6!$9$k=$@5:Q$_$N(B
      $B%P!<%8%g%s$K!"3:Ev$9$k@=IJ$r99?7$9$k$3$H$G2r7h$7$^$9!#>\:Y$K$D$$(B
      $B$F$O!"3F%Y%s%@$dG[I[85$,Ds6!$9$k>pJs$r;2>H$7$F$/$@$5$$!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      Japan Vulnerability Notes JVNVU#275247
      FreeType 2 $B$K$*$1$k(B CFF $B%U%)%s%H$N=hM}$K@H<e@-(B
      https://jvn.jp/cert/JVNVU275247/index.html

    $B4XO"J8=q(B ($B1Q8l(B)
      The FreeType Project
      FreeType 2.4.2 has been released
      http://freetype.sourceforge.net/index2.html#release-freetype-2.4.2

      The FreeType Project
      CHANGES BETWEEN 2.4.1 and 2.4.2
      http://sourceforge.net/projects/freetype/files/freetype2/2.4.2/NEWS/view

      Foxit Corporation Announcements
      Security Release - Foxit Reader 4.1.1.0805
      http://www.foxitsoftware.com/announcements/2010861227.html

      Red Hat Security Advisory RHSA-2010:0607-2
      Important: freetype security update
      https://rhn.redhat.com/errata/RHSA-2010-0607.html

$B!Z(B3$B![(BWind River Systems VxWorks $B$KJ#?t$N@H<e@-(B

    $B>pJs8;(B
      US-CERT Vulnerability Note VU#840249
      Wind River Systems VxWorks weak default hashing algorithm in standard authentication API (loginLib)
      http://www.kb.cert.org/vuls/id/840249

      US-CERT Vulnerability Note VU#362332
      Wind River Systems VxWorks debug service enabled by default
      http://www.kb.cert.org/vuls/id/362332

    $B35MW(B
      Wind River Systems VxWorks $B$r;HMQ$7$?@=IJ$K$O!"J#?t$N@H<e@-$,$"(B
      $B$j$^$9!#7k2L$H$7$F!"1s3V$NBh;0<T$,(B VxWorks $B$r;HMQ$7$?@=IJ$K!"IT(B
      $B@5$K%"%/%;%9$7$?$j!"IT@5$KA`:n$7$?$j$9$k2DG=@-$,$"$j$^$9!#(B

      $BBP>]$H$J$k@=IJ$O0J2<$NDL$j$G$9!#(B

      - VxWorks

      $BBP:vJ}K!$H$7$F!"%G%P%C%0%5!<%S%9$rL58z$K$9$k!"%"%/%;%9$r@)8B$9$k!"(B
      $BG'>Z;~$K;HMQ$9$k%O%C%7%e4X?t$rCV$-49$($k$J$I$NJ}K!$,$"$j$^$9!#>\(B
      $B:Y$K$D$$$F$O!">e5->pJs8;$*$h$S2<5-4XO"J8=q$r;2>H$7$F$/$@$5$$!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      Wind River
      $B%&%$%s%I%j%P!<(B $B%5%]!<%H(B
      http://www.windriver.com/japan/support/index.html

      Japan Vulnerability Notes JVNVU#840249
      Wind River Systems VxWorks $B$NG'>Z(B API (loginLib) $B$K$*$1$kLdBj(B
      https://jvn.jp/cert/JVNVU840249/index.html

      Japan Vulnerability Notes JVNVU#362332
      Wind River Systems VxWorks $B$K$*$$$F%G%P%C%0%5!<%S%9$,%G%U%)%k%H$GM-8z$K$J$C$F$$$kLdBj(B
      https://jvn.jp/cert/JVNVU362332/index.html

    $B4XO"J8=q(B ($B1Q8l(B)
      Wind River Support
      Wind River
      http://windriver.com/support/

      US-CERT
      Wind River Systems, Inc. Information for VU#362332
      http://www.kb.cert.org/vuls/id/MAPG-86EPFA

      Wind River online support ($BEPO?$,I,MW$G$9(B)
      https://support.windriver.com/olsPortal/faces/maintenance/downloadDetails.jspx?contentId=033708

      ICS-CERT ADVISORY ICSA-10-214-01
      VXWORKS VULNERABILITIES
      http://www.us-cert.gov/control_systems/pdf/ICSA-10-214-01_VxWorks_Vulnerabilities.pdf

$B!Z(B4$B![(BCisco Adaptive Security Appliances (ASA) 5500 $B%7%j!<%:$KJ#?t$N@H<e@-(B

    $B>pJs8;(B
      CERT-FI Reports
      CERT-FI Advisory on Cisco ASA TLS
      http://www.cert.fi/en/reports/2010/vulnerability364194.html

    $B35MW(B
      Cisco Adaptive Security Appliances (ASA) 5500 $B%7%j!<%:$K$O!"J#?t(B
      $B$N@H<e@-$,$"$j$^$9!#7k2L$H$7$F!"1s3V$NBh;0<T$,%5!<%S%91?MQK832(B 
      (DoS) $B967b$r9T$&2DG=@-$,$"$j$^$9!#(B

      $BBP>]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B

      - Cisco ASA Software 7.0$B!"(B7.1$B!"(B7.2$B!"(B8.0$B!"(B8.1$B!"(B8.2$B!"(B8.3

      $B$3$NLdBj$O!"(BCisco $B$,Ds6!$9$k=$@5:Q$_$N%P!<%8%g%s$K(B Cisco ASA 
      Software $B$r99?7$9$k$3$H$G2r7h$7$^$9!#>\:Y$K$D$$$F$O(B Cisco $B$,Ds6!(B
      $B$9$k>pJs$r;2>H$7$F$/$@$5$$!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      Cisco Security Advisory 111877
      Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
      http://www.cisco.com/JP/support/public/ht/security/109/1090341/cisco-sa-20100804-asa-j.shtml

    $B4XO"J8=q(B ($B1Q8l(B)
      Cisco Security Advisory 111877
      Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
      http://www.cisco.com/en/US/products/products_security_advisory09186a0080b3f12f.shtml

      Cisco Applied Mitigation Bulletin 112090
       Identifying and Mitigating Exploitation of the Multiple Vulnerabilities in Cisco ASA 5500 Series Adaptive Security Appliances
      http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080b3f132.html

$B!Z(B5$B![(BCitrix Online Plug-In $B$*$h$S(B ICA Client $B$K@H<e@-(B

    $B>pJs8;(B
      DOE-CIRC Technical Bulletin T-409
      Citrix Online Plug-In and ICA Client Heap Overflow Remote Code Execution Vulnerability
      http://www.doecirc.energy.gov/bulletins/t-409.shtml

    $B35MW(B
      Citrix Online Plug-In $B$*$h$S(B ICA Client $B$K$O!"@H<e@-$,$"$j$^$9!#(B
      $B7k2L$H$7$F!"1s3V$NBh;0<T$,:Y9)$7$?%5!<%P$K(B ICA $B@\B3$r$5$;$k$3$H(B
      $B$G!"%m%0%$%s%f!<%6$N8"8B$GG$0U$N%3!<%I$r%/%i%$%"%s%H%G%P%$%9>e$G(B
      $B<B9T$7$?$j!"%5!<%S%91?MQK832(B (DoS) $B967b$r9T$C$?$j$9$k2DG=@-$,$"(B
      $B$j$^$9!#(B

      $B$3$NLdBj$O!"(BCitrix $B$,Ds6!$9$k=$@5:Q$_$N%P!<%8%g%s$K!"3:Ev$9$k@=(B
      $BIJ$r99?7$9$k$3$H$G2r7h$7$^$9!#>\:Y$K$D$$$F$O!"(BCitrix $B$,Ds6!$9$k(B
      $B>pJs$r;2>H$7$F$/$@$5$$!#(B

    $B4XO"J8=q(B ($B1Q8l(B)
      Citrix Knowledge Center CTX125975
      Vulnerability in Citrix Online Plug-Ins and ICA Clients could result in arbitrary code execution
      http://support.citrix.com/article/CTX125975

$B!Z(B6$B![(BOracle Siebel Option Pack for IE ActiveX $B%3%s%H%m!<%k$K@H<e@-(B

    $B>pJs8;(B
      US-CERT Vulnerability Note VU#174089
      Oracle Siebel Option Pack for IE ActiveX control memory initialization vulnerability
      http://www.kb.cert.org/vuls/id/174089

    $B35MW(B
      Oracle Siebel Customer Relationship Management $B$,;HMQ$7$F$$$k(B 
      Oracle Siebel Option Pack for IE ActiveX $B%3%s%H%m!<%k$K$O!"%a%b(B
      $B%j$N=i4|2=$K5/0x$9$k@H<e@-$,$"$j$^$9!#7k2L$H$7$F!"1s3V$NBh;0<T$,(B
      $B:Y9)$7$?(B HTML $BJ8=q$r1\Mw$5$;$k$3$H$G!"%f!<%6$N8"8B$GG$0U$N%3!<%I(B
      $B$r<B9T$9$k2DG=@-$,$"$j$^$9!#(B

      $BBP>]$H$J$k@=IJ$O0J2<$NDL$j$G$9!#(B

      - Oracle Siebel Customer Relationship Management

      2010$BG/(B8$B7n(B10$BF|8=:_!"$3$NLdBj$KBP$9$k2r7h:v$ODs6!$5$l$F$$$^$;$s!#(B

      Internet Explorer $B$G$N2sHr:v$H$7$F!"(BKill Bit $B$r@_Dj$9$k!"%$%s%?!<(B
      $B%M%C%H%>!<%s$G(B ActiveX $B%3%s%H%m!<%k$rL58z$K$9$k$J$I$NJ}K!$,$"$j(B
      $B$^$9!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      Oracle
      Siebel Customer Relationship Management$B!J(BCRM$B!K%"%W%j%1!<%7%g%s(B
      http://www.oracle.com/lang/jp/applications/crm/siebel/index.html

      Japan Vulnerability Notes JVNVU#174089
      Oracle Siebel Option Pack for IE $B$N(B ActiveX $B%3%s%H%m!<%k$N%a%b%j=i4|2==hM}$K@H<e@-(B
      https://jvn.jp/cert/JVNVU174089/index.html

      $B%^%$%/%m%=%U%H(B $B%5%]!<%H%*%s%i%$%s(B
      Internet Explorer $B$G(B ActiveX $B%3%s%H%m!<%k$NF0:n$rDd;_$9$kJ}K!(B
      http://support.microsoft.com/kb/240797/ja

    $B4XO"J8=q(B ($B1Q8l(B)
      Oracle
      Siebel Customer Relationship Management (CRM) Applications
      http://www.oracle.com/us/products/applications/siebel/index.html

$B!Z(B7$B![(BInvensys Wonderware Archestra ConfigurationAccessComponent ActiveX $B%3%s%H%m!<%k$K@H<e@-(B

    $B>pJs8;(B
      US-CERT Vulnerability Note VU#703189
      Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control stack buffer overflow
      http://www.kb.cert.org/vuls/id/703189

    $B35MW(B
      Invensys $B$N(B Wonderware Archestra IDE (Integrated Development 
      Environment) $B$*$h$S(B InFusion IEE (Integrated Engineering 
      Environment) $B$,;HMQ$7$F$$$k(B Wonderware Archestra 
      ConfigurationAccessComponent ActiveX $B%3%s%H%m!<%k$K$O!"%P%C%U%!(B
      $B%*!<%P!<%U%m!<$N@H<e@-$,$"$j$^$9!#7k2L$H$7$F!"1s3V$NBh;0<T$,:Y9)(B
      $B$7$?(B HTML $BJ8=q$r1\Mw$5$;$k$3$H$G%f!<%6$N8"8B$GG$0U$N%3!<%I$r<B9T(B
      $B$7$?$j!"%5!<%S%91?MQK832(B (DoS) $B967b$r9T$C$?$j$9$k2DG=@-$,$"$j$^(B
      $B$9!#(B

      $BBP>]$H$J$k%P!<%8%g%s$O0J2<$NDL$j$G$9!#(B

      - Wonderware Application Server 3.1 Service Pack 2 Patch 01 $B$h$j(B
        $BA0$N%P!<%8%g%s(B

      $B$3$NLdBj$O!"(BInvensys $B$,Ds6!$9$k=$@5:Q$_$N%P!<%8%g%s$K!"3:Ev$9$k(B
      $B@=IJ$r99?7$9$k$3$H$G2r7h$7$^$9!#>\:Y$K$D$$$F$O!"(BInvensys $B$,Ds6!(B
      $B$9$k>pJs$r;2>H$7$F$/$@$5$$!#(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      Japan Vulnerability Notes JVNVU#703189
      Wonderware Archestra ConfigurationAccessComponent ActiveX $B%3%s%H%m!<%k$K$*$1$k%P%C%U%!%*!<%P!<%U%m!<$N@H<e@-(B
      https://jvn.jp/cert/JVNVU703189/index.html

    $B4XO"J8=q(B ($B1Q8l(B)
      Invensys ($BEPO?$,I,MW$G$9(B)
      Global Customer Support
      http://support.ips.invensys.com/

      Invensys
      Invensys Operations Management Security Bulletin
      http://www.kb.cert.org/CERT_WEB/services/vul-notes.nsf/6eacfaeab94596f5852569290066a50b/b96f3df70ef05a8f85257775004f739a/$FILE/invensys-advisory.pdf

      Wonderware ($BEPO?$,I,MW$G$9(B)
      Personal Account Services
      http://wdn.wonderware.com/

      Wonderware PacWest
      Wonderware Tech Alert 138 Security Vulnerability - Wonderware ArchestrA ConfigurationAccessComponent ActiveX Stack Overflow (LFSEC00000037)
      http://www.pacwest.wonderware.com/web/News/NewsDetails.aspx?NewsID=203108

$B!Z(B8$B![(BC/C++ $B%;%-%e%"%3!<%G%#%s%0%;%_%J!<(B 2010 $B!wL>8E20(B $B;22C<TJg=8Cf(B

    $B>pJs8;(B
      JPCERT/CC
      C/C++ $B%;%-%e%"%3!<%G%#%s%0%;%_%J!<(B 2010 $B!wL>8E20(B $B$N$40FFb(B
      https://www.jpcert.or.jp/event/securecoding-NGY-seminar.html

    $B35MW(B
      JPCERT $B%3!<%G%#%M!<%7%g%s%;%s%?!<$O!"(BC/C++ $B8@8l$G@H<e@-$r4^$^$J$$(B
      $B0BA4$J%W%m%0%i%`$r%3!<%G%#%s%0$9$k6qBNE*$J%F%/%K%C%/$H%N%&%O%&$r3X(B
      $B$s$G$$$?$@$/!V(BC/C++ $B%;%-%e%"%3!<%G%#%s%0%;%_%J!<!W$r3+:E$7$F$$$^$9!#(B

      $B!V(BC/C++ $B%;%-%e%"%3!<%G%#%s%0%;%_%J!<(B2010$B!wL>8E20!W$O!"El3$CO6h$N(B
      $B%W%m%0%i%`3+H/<T$N3'MM$K<u9V$$$?$@$1$k$h$&!"L>8E20$r2q>l$H$7$F(B 
      9$B7n(B2$BF|!"(B3$BF|$N(B 2$BF|4V%3!<%9$G3+:E$7$^$9!#<u9VNA$OL5NA$G$9!#$U$k$C(B
      $B$F$4;22C$/$@$5$$!#(B

        [$BF|;~(B] part 1 $B!c%;%-%e%"%3!<%G%#%s%035O@!&J8;zNs!d!!(B2010$BG/(B9$B7n(B2$BF|(B($BLZ(B)
                 9:30 -       $B<uIU3+;O(B
                10:00 - 12:00 $B%;%-%e%"%3!<%G%#%s%035O@(B
                13:00 - 15:00 $BJ8;zNs(B
                15:15 - 17:15 $B1i=,(B($BJ8;zNs(B)

               part2 $B!c@0?t!&%3!<%I%l%S%e!<!d!!(B2010$BG/(B9$B7n(B3$BF|(B($B6b(B)
                 9:10 -       $B<uIU3+;O(B
                 9:30 - 12:00 $B@0?t(B
                13:00 - 15:00 $B1i=,(B($B@0?t(B)
                15:15 - 17:15 $B%3!<%I%l%S%e!<(B

        [$B2q>l(B] $BL>1X(BABC$B%S%kBh(B3$B2q5D<<(B
               $B0&CN8)L>8E20;TCfB<6hDXD.(B16-23

        [$BDj0w(B]$B!!(B50$BL>!?2s(B
                ($B;22C<TB??t$N>l9g$O$*?=$79~$_@hCe=g$H$J$j$^$9(B)

        [$BBP>](B]$B!!(BC/C++$B8@8l$G$N%=%U%H%&%'%"3+H/$K7H$o$k%W%m%0%i%^!"%W%m%8%'(B
                $B%/%H%^%M!<%8%c!"%3!<%I%l%S%e%"!<!"IJ<A4IM}C4Ev<T!"%W%m%0%i(B
                $B%^!&%(%s%8%K%"$N650iC4Ev<T!"Ey(B

    $B4XO"J8=q(B ($BF|K\8l(B)
      JPCERT/CC
      C/C++ $B%;%-%e%"%3!<%G%#%s%0%;%_%J!<(B 2010 $B!w(B $BL>8E20(B $B$*?=$79~$_(B
      https://www.jpcert.or.jp/event/securecoding-NGY-application.html


$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B
$B"#:#=5$N$R$H$/$A%a%b(B
$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B

$B!{(BSSH $B%Q%9%o!<%IG'>Z(B: $B6<0R$HBP:v(B

      $BHs1DMx$N%;%-%e%j%F%#8&5fAH?%$N%I%i%4%s%j%5!<%A%0%k!<%W$,(B SSH $B$N(B
      $B%Q%9%o!<%IG'>Z$K$*$1$k6<0R$HBP:v$K$D$$$F2r@b$7$?%[%o%$%H%Z!<%Q!<(B
      $B$r8x3+$7$F$$$^$9!#(B

      JPCERT/CC $B$G$b!"DjE@4QB,%7%9%F%`$G(B SSH $B$N%5!<%P$rC5:w$9$k%Q%1%C(B
      $B%H$r7QB3E*$K4QB,$7$F$$$^$9!#$^$?!"%V%k!<%H%U%)!<%9967b$J$I$G<B:](B
      $B$K4IM}<T8"8B$,C%$o$l$k$J$I$N%$%s%7%G%s%HJs9p$b<uNN$7$F$$$^$9!#(B

      $B$3$N5!2q$K(B SSH $B%5!<%P$N1?MQ$r8+D>$7!"0BA4$J1?MQ$r?4$,$1$^$7$g$&!#(B

    $B;29MJ88%(B ($BF|K\8l(B)
      JPCERT/CC
      $B%$%s%?!<%M%C%HDjE@4QB,%7%9%F%`(B SSH $B4QB,7k2L%0%i%U(B
      https://www.jpcert.or.jp/isdas/graphL.html#link_ssh

    $B;29MJ88%(B ($B1Q8l(B)
      Dragon Research Group
      SSH Password Authentication: Threats and Countermeasures
      http://drg.team-cymru.org/insight/sshpwauth-tac.html


$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B
$B"#(BJPCERT/CC $B$+$i$N$*4j$$(B
$B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B

$B!~K\%l%]!<%H$K4X$9$k$*Ld$$9g$o$;$O(B editor@jpcert.or.jp $B08$K$*4j$$CW$7$^(B
  $B$9!#$?$@$7!"(BJPCERT/CC $B$G$O!"Ds6!$9$k>pJs$K$D$$$F6qBNE*$JFbMF$=$N$b$N$K(B
  $B$D$$$F$N$4<ALd$K$O$*Ez$($G$-$J$$>l9g$b$"$j$^$9!#$^$?%P%C%/%J%s%P!<$O!"(B
  $B0J2<$N(B URL $B$+$i$4MxMQ$$$?$@$1$^$9!#(B

        https://www.jpcert.or.jp/wr/

$B!~K\%a!<%j%s%0%j%9%H$N9XFI?=9~$d9XFIDd;_!"$^$?EPO?$7$?EE;R%a!<%k%"%I%l%9(B
  $B$NJQ99$J$I$K$D$-$^$7$F$O!"0J2<$N(B URL $B$r;2>H$7$F$/$@$5$$!#(B

        https://www.jpcert.or.jp/announce.html

$B!~(BJPCERT/CC $B$X$N%;%-%e%j%F%#%$%s%7%G%s%H$NJs9pJ}K!$K$D$$$F$O0J2<$N(B URL
  $B$r;2>H$7$F$/$@$5$$!#(B

        https://www.jpcert.or.jp/form/

$B0J>e!#(B
__________

2010 (C) JPCERT/CC
-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJMYfVbAAoJEDF9l6Rp7OBIDE8IAJ8VnRQsyOHR+7dvZ8r8QxWh
xlHhJFGZreq1+MAT7z333HPbY5OuRxAvdgQyuBdmmC+DKGZtlVeK6AuW6kH7daee
zuhEQ3CdwNVXMxWSR7tVlmzpYrrRZTj0F9Xz9W0XRKjqBMtgBbvuTD4eL8xaw2d6
v1vpLnWos4q11ctB9QPVCbi1maLn5P3ax0MKq3CyH7VOLYKVBlewialwO3F6Q/lK
qPT5eCvHpPMhoGkTzpSNxD7xjx9bu8E/6omjZykgQmEqJkEy3N+uvFMOftoQWs5p
cdYxm/jO9iYiZ8cMsnYPXCKLON6oG5+NHOItqdvWOn2Q4BF14wUk8I64hO14uc0=
=Oa8r
-----END PGP SIGNATURE-----