Windows Linux : Windows NT (JWNTUG) Event Planning Working Group
1: Linux Windows 2: Apache IIS 3: Netscape / Mozilla,, Opera IE 4: Microsoft fix
JWNTUG JWNTUG at your own risk
1: Linux Windows
(1) Eiji James Yoshida Open Port (TCP) (2002.05.01-31) [*] : OS Windows Linux Linux UNIX ( ) (/1111) 316 314 178 303 [*] http://www.geocities.co.jp/siliconvalley/1667/index.htm
(2) SecurityFocus.com 2002 Q1 TOP 10 attacks [*] 1. Code Red - MS Indexing Server/Indexing Services ISAPI Buffer Overflow Attack 2. Nimda - Microsoft IIS 4.0/5.0 Extended UNICODE Directory Traversal Attack 3. Matt Wright Formmail Attack 4. WU-FTPD File Globbing Heap Corruption Attack 5. SSH CRC32 Compenation Detection Attack 6. Generic CDE dtspcd Buffer Overflow Attack 7. Generic System V Derived Login Buffer Overflow Attack 8. Generic SNMP PROTOS Test Suite Attacks 9. Shaft DDoS Client To Handler Attack 10. PHP Post File Upload Buffer Overflow Attack [*] http://www.securityfocus.com/corporate/research/ top10attacks_q1_2002.shtml
(3) 2002.01.01 2002.06.10 fix OS / Microsoft RedHat Linux 7.2 Debian GNU/Linux Sun FreeBSD patch 26 46 35 6 27! : patch (Sun)
: Linux OS security hole fix B "Trusted OS" security hole fix web web
: Open Source Closed Source Open Source Open Source Open Source fix and/or Use the source, Luke!
2: Apache IIS
IIS MS00-078/086/01 078/086/01-026: 026: UNICODE BUG MS01-023: 023: IPP ISAPI buffer overflow MS01-033: 033: Index server buffer overflow MS01-035: 035: FrontPage Server Extensions buffer overflow MS01-044: 044: cumulative patch (SSI buffer overflow ) MS02-018: 018: cumulative patch (ASP chunk encoding / HTTP header / SSI /.HTR buffer overflow, CSS ) MS02-028: 028: Heap overrun in HTR Chunked Encoding
Web JWNTUG IIS 7% 2% 34% 26% 18% Apache 22% 13% 14% 7% 12% IIS vs. apache
Apache bug free 1.3.12: fix 1.3.14: virtual hosting Host: CGI 1.3.22: Host:.log Apache hosting 1.3.13 Win32 1.3.24: Win32 Apache Remote command execution
Apache bug free ( ) 3 rd party PHP» PHP 4.htaccess. attribute transfer vuln.. (bid 2206)» PHP 4 engine disable source viewing vuln.. (bid 2205)» PHP post file upload buffer overflow (bid 4183) WebDAV» mod_encoding (20011026a, 20011211a) mod_ssl» buffer overflow (bid 4189) Apache tomcat» (bid 2982)
web application web SSI, CGI, ASP, JSP, PHP, ColdFusion, get cookie cookie (virtual?!)
Apache : IIS IIS Apache file/directory ISAPI IIS Lockdown, URLScan,, guard 3 patch IIS Apache IIS 6 (^^;;)
3: Netscape / Mozilla,, Opera IE
IE MS02-005 005 / 008 / 009 / 013 / 015 / 022 / 023 / 027» patch» MS02-022 022 MSN 02-013 013 Java VM IE patch» HTML (MS02 MS02-023 023 fix )» gopher:// buffer overflow (bid 4930, MS02-027) 027)» ftp:// (bid 4954)» Unpatched IE security holes: http://jscript jscript.dk/unpatched/
Netscape, Opera? IE Netscape 6.1 6.2.2 / mozilla 0.9.7 1.0RC1 Opera 6.01 cookie / Opera 6.01, 6.02 Opera! fix Netscape
IE bug MIME Content-Type:» Content-Type: text/plain» fusianasan (.gif )» Opera» microsoft.com ( )
: Netscape, Opera = WWW IE Netscape / Opera IE? Opera Netscape IE 3rd party? web OS!! ( ( ) OS ( )
4: Microsoft fix
ftp:// (bid 4954) IE FTP Explorer web 2 ( ) ftp:// URL
( ) OS PC98x1 48h IE 1.5 2 fix OS 3 4?» MS02-024 024 (DebPloit( DebPloit NT/2000) 2.5» MS02-017 017 (Multiple UNC NT/2000/XP) 5.5
: LAC Content-Disposition Microsoft LAC http://www.lac lac.co..co.jp/security/intelligence/snsadvisory /48.html Microsoft 3 rd party software http://www.microsoft.com/technet/security/topics/snsrp rt.asp Microsoft TechNet Security link MS02-023 023 fix
Microsoft web page ( ) mail ( )» ( )»?» CVE ( ( ) e-mail ; secure@microsoft microsoft.com (0120-69 69-0196)» 9:30-12:00, 13:00-19:00 19:00 MSKK 24h
Microsoft» ( ) OEM watch Microsoft»» Microsoft, OEM, 3 rd party Microsoft OEM? Software Update Services?
:! (by ) 1 fix? 1»» 1 Guninski ( )» 2 ( ) Sun
Microsoft Linux / Open Source djb?» djbdns, qmail, (http://cr.yp yp.to)»» Windows Windows Open Source!
1999 2000 CodeRed / Nimda patch»!» secure.net?»?!
Windows NT (JWNTUG) http://www.jwntug jwntug.or..or.jp/index-j.html : Mailing List Security ML JWNTUG Newsletter event Microsoft Conference (MSC) JWNTUG Open Talk» Microsoft BOF in Internet Week We need you!
Appendix
URL - Microsoft Microsoft Technet :» http://www.microsoft.com/technet/security/ :» http://www.microsoft.com/japan/technet/security/ (HFNetChk, URLScan ):» http://www.microsoft.com/japan/technet/security/tools/tools.asp Security Bulletin: MSxx-xxx xxx :» http://www.microsoft.com/technet/security/bulletin/msxx-xxx.asp xxx.asp :» http://www.microsoft.com/japan/technet/security/prekb.asp?sec_cd= MSxx-xxx xxx
URL - Microsoft Microsoft (Knowledge Base) (Qxxxxxx):» http://www.microsoft microsoft.com/.com/technet/support/kb.asp?id=xxxxxx (JPxxxxxx, Jxxxxxx):» http://www.microsoft microsoft.com/.com/japan/support/kb/artivles/jpxxx/x/xx.htm» http://www.microsoft.com/japan/support/kb/artivles/jxxx/x/xx.htm htm
URL web page US CERT/CC ( ( )» http://www.cert.org/ CERT/CC Incident Notes» http://www.cert.org/incident_notes/ CIAC ( ( )» http://www.ciac ciac.org/ JPCERT/CC» http://www.jpcert jpcert.or..or.jp/ IPA» http://www.ipa ipa.go..go.jp/security/
URL web page CVE» http://www.cve.mitre.org/ CAN-XXXX XXXX-XXX» http://www.cve.mitre.org/cgi-bin/cvename.cgi?name= bin/cvename.cgi?name=can- XXXX-XXX BUGTRAQ bugid XXXX» http://www.securityfocus.com/bid/xxxx /XXXX Apache Week Apache httpd 1.3 vulnerabilities PHP» http://www. apacheweek.com/features/security.com/features/security-13» http://www.php php.net/
URL web page RedHat Debian» http://www.jp jp.redhat.com/support/errata/» http://www.debian.org/security/ FreeBSD» http://www.freebsd freebsd.org/security/ Sun» http://sunsolve.sun.com/pub-cgi/secbulletin.pl cgi/secbulletin.pl
URL web page Netscape Security Center Opera» http://wp.netscape.com/security/» http://wp wp.netscape.com/.com/ja/security/» http://www.opera.com/support/service/security/» http://www.jp.opera.com/support/service/security/ Georgi Guninski Security Research» http://www.guninski guninski.com/
URL web page Windows NT (JWNTUG) port139» http://www.jwntug jwntug.or..or.jp/» http://www.port139.co.jp jp/ Win» http://winsec winsec.toranoana.ne.jp/ memo» http://www.st.ryukoku.ac.jp/~kjm/security/memo/» http://www.st st.ryukoku.ac..ac.jp/~kjm/security/antenna/ ZDNet Helpdesk Security How-To» http://www.zdnet.co.jp/help/howto/security/
URL BUGTRAQ ( ( )» http://www.securityfocus securityfocus.com/ NTBUGTRAQ ( ( )» http://www.ntbugtraq ntbugtraq.com/ memo ML» http://memo.st.ryukoku.ac.jp/ Security Talk ML» http://www.office.ac/security_talk_ml_guide.html 24 ML» http://cn24h.hawkeye.ac/connect24h.html port139 ML ( ( )» http://www.port139.co.jp jp/ntsec_ml.htm