From owner-doc-jp@jp.freebsd.org  Fri Mar 16 13:00:28 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id NAA62709;
	Fri, 16 Mar 2001 13:00:28 +0900 (JST)
	(envelope-from owner-doc-jp@jp.FreeBSD.org)
Received: from mail2.noc.ntt.co.jp (mail2.noc.ntt.co.jp [210.163.32.54])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id NAA62704
	for <doc-jp@jp.freebsd.org>; Fri, 16 Mar 2001 13:00:27 +0900 (JST)
	(envelope-from susumu.wakabayashi@ntt.com)
Received: from ms2-gw.noc.ntt.com (ms2-gw.noc.ntt.com) by mail2.noc.ntt.co.jp (8.9.3/NOC-MAIL2) id NAA26678 for <doc-jp@jp.freebsd.org>; Fri, 16 Mar 2001 13:00:17 +0900 (JST)
Received: from mr2-gw.noc.ntt.com by ms2-gw.noc.ntt.com (8.9.3/3.7W) id NAA20316; Fri, 16 Mar 2001 13:00:09 +0900 (JST)
Received: from mail3.noc.ntt.com by mr2-gw.noc.ntt.com (8.9.3/3.7W) id NAA20304; Fri, 16 Mar 2001 13:00:09 +0900 (JST)
Received: from jazz.wakabaya.net by mail3.noc.ntt.com (8.9.3/3.7W) id NAA11152; Fri, 16 Mar 2001 13:00:08 +0900 (JST)
Date: Fri, 16 Mar 2001 13:00:34 +0900
Message-ID: <87wv9q2wil.wl@jazz.wakabaya.net>
From: susumu.wakabayashi@ntt.com (=?ISO-2022-JP?B?GyRCPGNOUxsoQiA=?=
 =?ISO-2022-JP?B?GyRCP0obKEI=?=)
To: doc-jp@jp.freebsd.org
In-Reply-To: <20010314.091057.71082267.hrs@eos.ocn.ne.jp>
References: <200103122331.f2CNVdI26137@freefall.freebsd.org>
	<20010314.091057.71082267.hrs@eos.ocn.ne.jp>
User-Agent: Wanderlust/2.5.8 (Smooth) SEMI/1.14.3 (Ushinoya) SLIM/1.14.6
 (=?ISO-2022-JP?B?GyRCR09ePDFRTiQyPxsoQg==?=) APEL/10.3 Emacs/21.0.100
 (i386-unknown-freebsd4.3) MULE/5.0 (=?ISO-2022-JP?B?GyRCOC1MWhsoQg==?=)
MIME-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya")
Content-Type: text/plain; charset=ISO-2022-JP
Reply-To: doc-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: doc-jp 8050
Subject: [doc-jp 8050] Re: ANNOUNCE: FreeBSD Ports Security Advisory FreeBSD-SA-01:23.icecast
Errors-To: owner-doc-jp@jp.freebsd.org
Sender: owner-doc-jp@jp.freebsd.org
X-Originator: susumu.wakabayashi@ntt.com

$B$*Ck5Y$_$N<cNS$G$9(B. 

From: Hiroki Sato
Subject: [doc-jp 8043] Re: ANNOUNCE: FreeBSD Ports Security Advisory FreeBSD-SA-01:23.icecast
Message-ID: <20010314.091057.71082267.hrs@eos.ocn.ne.jp>
Date: Wed, 14 Mar 2001 09:10:57 +0900 (JST)

H>  01:23,26,27,28,29 $B$G$9!#(B

OK $B$@$H;W$$$^$9(B. 

$B0J2<(B, $B$I$A$i$G$bNI$$(B, $B$5$5$$$JE@(B:

H> There are a number of other potential abuses of format strings which
H> may or may not pose security risks, but have not currently been
H> audited.
H> 
H> $B$^$?(B, $BB>$K$b%;%-%e%j%F%#>e$N4m81$rUT$s$G$$$k2DG=@-$N$"$k=q<0J8;zNs$N(B
H> $BMtMQ$,?tB?$/4^$^$l$F$$$^$9$,(B, $B8=;~E@$G$O$^$@(B, $B$=$l$i$K4X$9$kD4::$O(B
H> $B$5$l$F$$$^$;$s(B.

	$BD4::"+"*8!::(B

$B1QOB<-=qD>LuE*$K$O(B audit $B$O8e<T$+$J(B, $B$H$$$&$@$1$G$9(B. 

H> $B$^$:(B, icecast $B$N;}$D%;%-%e%j%F%#>e$N<eE@$K$h$k1F6A$r:G>.2=$9$k$?$a$K(B
($B$J$I$J$I(B)

	$B1F6A$r:G>.2=$9$k(B	$B"+"*1F6A$r:G>.$K$9$k(B
	$B%"%+%&%s%H$rL58z2=$9$k(B	$B"+"*%"%+%&%s%H$rL58z$K$9$k(B
	$B@_Dj$GL58z2=$5$l$F$$$k(B	$B"+"*@_Dj$GL58z$K$5$l$F$$$k(B
	$B=$@5$rM-8z2=$5$;$k(B	$B"+"*=$@5$rM-8z$K$9$k(B

$B!D$J$s$+9q8l$_$?$$(B. $B8e<T$NJ}$rIaDL$K;H$&$+$J$H;W$$$^$7$?(B. 
$B$G$b$-$C$H9%$_$NLdBj$G$9(B. 

#$B<+F02=$9$k%D!<%k(B, $B$O$3$C$A$NJ}$,9%$-$@$7(B
--
http://www.wakabaya.net/susumu/				$B<cNS(B $B?J(B
