From owner-doc-jp-work@jp.FreeBSD.org Fri Feb 22 05:10:35 2002
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id g1LKAZq17071;
	Fri, 22 Feb 2002 05:10:35 +0900 (JST)
	(envelope-from owner-doc-jp-work@jp.FreeBSD.org)
Received: from mail4.nec.com (dns4.nec.com [131.241.15.4])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id g1LKAYW17066
	for <doc-jp-work@jp.FreeBSD.org>; Fri, 22 Feb 2002 05:10:34 +0900 (JST)
	(envelope-from hino@ccrl.sj.nec.com)
Received: from netkeeper2.sj.nec.com (netkeeper2.sj.nec.com [131.241.31.10])
	by mail4.nec.com (/) with ESMTP id g1LKAQe19020
	for <doc-jp-work@jp.FreeBSD.org>; Thu, 21 Feb 2002 12:10:26 -0800 (PST)
Received: from ccrl.sj.nec.com (localhost [127.0.0.1])
	by netkeeper2.sj.nec.com (8.9.1a/8.9.1) with ESMTP id MAA27863
	for <doc-jp-work@jp.FreeBSD.org>; Thu, 21 Feb 2002 12:10:20 -0800 (PST)
Received: from localhost (alfa [131.241.79.205])
	by ccrl.sj.nec.com (8.9.3/8.9.2) with ESMTP id MAA09552
	for <doc-jp-work@jp.FreeBSD.org>; Thu, 21 Feb 2002 12:10:21 -0800 (PST)
Date: Thu, 21 Feb 2002 12:10:21 -0800 (PST)
Message-Id: <20020221.121021.44159544.hino@ccrl.sj.nec.com>
To: doc-jp-work@jp.FreeBSD.org
From: Koji Hino <hino@ccrl.sj.nec.com>
In-Reply-To: <20020222.044813.74753180.hrs@eos.ocn.ne.jp>
References: <200202211358.g1LDwSg16775@freefall.freebsd.org>
	<20020222.044813.74753180.hrs@eos.ocn.ne.jp>
Organization: C&C Research Laboratories (CCRL), NEC USA, Inc.
X-Mailer: Mew version 2.2rc2 on Emacs 21.1 / Mule 5.0 (SAKAKI)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Content-Transfer-Encoding: 7bit
Reply-To: doc-jp-work@jp.FreeBSD.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+011218
X-Sequence: doc-jp-work 170
Subject: [doc-jp-work 170] Re: ANNOUNCE: FreeBSD Ports Security
 Advisory FreeBSD-SA-02:12.squid
Errors-To: owner-doc-jp-work@jp.FreeBSD.org
Sender: owner-doc-jp-work@jp.FreeBSD.org
X-Originator: hino@ccrl.sj.nec.com

$B$3$s$K$A$O!#$3$s$J;~4V$K$46lO+MM$G$9!D(B

From: Hiroki Sato <hrs@eos.ocn.ne.jp>
 Subject: [doc-jp-work 169] Re: ANNOUNCE: FreeBSD Ports Security
Advisory FreeBSD-SA-02:12.squid
 Date: Fri, 22 Feb 2002 04:48:13 +0900 (JST)

:> III. $B1F6AHO0O(B - Impact
:> 
:> 1) An attacker with the ability to send packets to the Squid SNMP port
:> can cause Squid to run out of memory and crash. (NOTE: The FreeBSD
:> port does not have SNMP enabled by default.)
:> 
:> 1) Squid $B$N(B SNMP $B%]!<%H$K%Q%1%C%H$rAw?.$G$-$k967b<T$O(B, Squid $B$r(B
:>    $BMxMQ$7$F%a%b%j$r8O3i$5$;(B, $B%5!<%P$r%/%i%C%7%e$5$;$k$3$H$,2DG=$G$9(B
:>    ($BCm(B: FreeBSD $B$N(B port $B$NI8=`@_Dj$G$O(B, SNMP $B$OM-8z$K$J$C$F$$$^$;$s(B).

$B!D967b<T$O(B, Squid$B$K%a%b%j$r;H$$2L$?$5$;(B, $B$=$7$F%/%i%C%7%e$5$;$k$3$H$,(B
$B2DG=$G$9(B

$B$H$+$G$$$+$,$G$7$g$&!)(B

$BF|Ln(B
