From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Sep 19 07:39:22 2001
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id HAA24676;
	Wed, 19 Sep 2001 07:39:22 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from pixy.netlab.is.tsukuba.ac.jp (netlab-83.netlab.is.tsukuba.ac.jp [130.158.83.243])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with SMTP id HAA24671
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 19 Sep 2001 07:39:21 +0900 (JST)
	(envelope-from ush@netlab.is.tsukuba.ac.jp)
Received: (qmail 82294 invoked from network); 18 Sep 2001 22:39:13 -0000
Received: from unknown (HELO localhost) (130.158.85.30)
  by 130.158.85.2 with SMTP; 18 Sep 2001 22:39:13 -0000
To: FreeBSD-users-jp@jp.freebsd.org
In-Reply-To: <20010919014659.11CE.HIRAI@mbf.nifty.com>
References: <20010918225704.1E55.HIRAI@mbf.nifty.com>
	<20010918161805.25014@mail.ca2.so-net.ne.jp>
	<20010919014659.11CE.HIRAI@mbf.nifty.com>
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20010919073913H.ush@netlab.is.tsukuba.ac.jp>
Date: Wed, 19 Sep 2001 07:39:13 +0900
From: Ushine Hiroyuki <ush@netlab.is.tsukuba.ac.jp>
X-Dispatcher: imput version 20000228(IM140)
Lines: 29
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+010328
X-Sequence: FreeBSD-users-jp 64363
Subject: [FreeBSD-users-jp 64363] Re: W32.Nimda.A@mm (Re:
 =?ISO-2022-JP?B?GyRCPzc8byEpGyhC?=)
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: ush@netlab.is.tsukuba.ac.jp

hirai> $BJ?0f$G$9!#(B
hirai> 
hirai> $B$d$C$Q$j(BCodeBlue$B$G$O$J$+$C$?$h$&$G$9!#(B
hirai> 
hirai> http://www.trusecure.com/html/tspub/hypeorhot/rxalerts/tsa01024_cid177.shtml
hirai> http://securityresponse.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
hirai> 
hirai> # $B$9$4$$@*$$$GMh$F$^$9(B;(
$B;d$N4IM}$7$F$$$k%5%$%H$G$b!$(Bdefault.ida?X..., GET cmd.exe$B$@$1$G%m%0$r<h$C$F(B
$B$_$^$7$?!%(B

9/18$B$N%m%0$K5-O?$5$l$F$$$?FCD'$+$i3d=P$7$?(BIP$B%"%I%l%9?t(B
		hostA	hostB
CODE REDII	  49	  54
GET cmd.exe	  43	  29

9/19$B$G$O(B
coderedII	   9	   9
GET cmd.exe	 120	  81

W32.Nimda.A@mm $B$+!$%9%-%c%s%A%'%C%/$+!$$=$l0J30$+6hJL$O$G$-$J$$$b$N$N!$(B
18$BF|8a8e(B10$B;~2a$.$+$i$I$s$I$s%m%0$,A}$(B3$1$F$^$9!%(B

Symantec $B$N(B Security Reponse $B$r$_$k$H(B Discovered on: Sep 18$B$J$N$G!$(B
$B$b$7$9$Y$F$,46@w%5%$%H$@$H$9$k$H!$(Bcode red$B0J>e$K46@wB.EY$,B.$$$h$&$J(B
$B5$$,$7$^$9!%(B

$B:#2s$NLdBj$b(B IIS $B$,$i$_$G$9$,!$(BApache$B$H$+$G$3$&$$$&LdBj$,$*$-$?>l9g$,(B
$B%$%s%9%H!<%kBf?t%Y!<%9$+$i?dB,$5$l$kHo325,LO$r9M$($k$H62$$$G$9$M!%(B
