[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Translate]security/2003/dsa-253.wml - 254.wml

ä½é‡Žï¼ æµœæ¾ã§ã™ã€‚

In <20030301.085729.60847410.debian@xxxxxxxxxxxxxxxxx>,
  on "Sat, 1 Mar 2003 08:57:32 +0900',
 Tomohiro KUBOTA <debian@xxxxxxxxxxxxxxxxx> ã•ã‚“ wrote:

> ä¹…ä¿ç”°ã§ã™ã€‚
>> 郷田ã§ã™ã€‚

作業ã‚ã‚ŠãŒã¨ã†ã”ã–ã„ã¾ã™ã€‚

> (dsa-254)

> Though, most probably not in Debian.
>
> ãŸã¶ã‚“ã€most ã¯ã€Œå¤§éƒ¨åˆ†ã€ã§ã¯ãªãã€probably ã«ã‹ã‹ã‚‹å‰¯è©žã˜ã‚ƒãªã„ã‹ã¨
> æ€ã£ã¦ã„ã¾ã™ã€‚ã¾ãŸã€not 以下ã€å‹•è©žã¾ã§ã‚‚ãŒçœç•¥ã•ã‚Œã¦ã—ã¾ã£ã¦ã„ã¾ã™ãŒã€
> ãŸã¶ã‚“ç›´å‰ã®æ–‡ã®å†…容 (can be exploited by a remote attacker) ãŒãã‚‹ã¨
> æ€ã„ã¾ã™ã€‚ãã“ã§ã€
> 「ã“ã®è„†å¼±æ€§ã¯ã€Debian ã§ã¯ãŠãらã攻撃ã«åˆ©ç”¨ã§ããªã„ã ã‚ã†ã¨æ€ã‚れるã€
> ã¨ã‹ã ã¨æ€ã†ã®ã§ã™ãŒã€most ã¨ã„ã†æœ€ä¸Šç´šãŒä½¿ã‚ã‚Œã¦ã„ã‚‹ç†ç”±ãŒã‚ˆã
> 分ã‹ã‚‰ãªã„ã®ã§ã™ã€‚

 most prob 㧠eijirou を検索ã—ãŸã‚‰

most probable cause 
   一番ã‚ã‚Šãã†ãªåŽŸå› 
most probable fault 
   一番起ã“ã‚Šãã†ãªæ•…éšœ
most probable number 
   最確数◆ã€ç•¥ã€‘MPN
most probable position 
   最も確ã‹ã‚‰ã—ã„ä½ç½®â—†ã€ç•¥ã€‘MPP
most probable value 
   最確値

ã¨ã„ã†ä¾‹ãŒå‡ºã¦ãã¾ã—ãŸã€‚

Fortunately, the Debian package drops privileges quite early after
startup, so those problems aer not likely to result in an exploit on a
Debian machine.

ã¨ã„ã†æ–‡ãŒã‚ã‚‹ã®ã§ã€"those problems" ã«ã¯ãã®ç›´å‰ã®
(æ—¢ã«ä¿®æ­£ã•ã‚ŒãŸ) security flaw ã ã‘ã§ãªãã€æœ¬é¡Œã§ã‚ã‚‹

 A buffer overflow occurs in the 'get_origin()' function. 

ã«ã¤ã„ã¦ã‚‚

「ãŸã ã—ã€Debian 上ã§ã“ã®è„†å¼±æ€§ã‚’利用ã—ã¦ãƒªãƒ¢ãƒ¼ãƒˆã‹ã‚‰
  root 特権を奪å–ã™ã‚‹ã“ã¨ã¯ã€éžå¸¸ã«é›£ã—ã„ã¨æ€ã‚れる。ã€

ã¨ã„ã†ã“ã¨ã‚’書ããŸã‹ã£ãŸã®ã§ã¯ãªã„ã§ã—ょã†ã‹ã€‚

# 関係ã‚ã‚Šã¾ã›ã‚“ãŒã€ä¸Šã®åŽŸæ–‡ (メールã‹ã‚‰å¼•ç”¨) ã®
# "those problems aer" ã£ã¦ "are" ã® typo ã§ã™ã‚ˆã­ã€‚

>> <p>The Common Vulnerabilities and Exposures (CVE) プロジェクトã¯
>> ã•ã‚‰ã«ã€ä»¥ä¸‹ã®ã‚ˆã†ãªè„†å¼±æ€§ã‚’確èªã—ã¦ã„ã¾ã™ã€‚ã“れらã¯ã€Debian ã®ä¸­ã§ã¯
>> ç¾å®‰å®šç‰ˆ (stable)(woody) ã¨æ—§å®‰å®šç‰ˆ (potato) ã§ä¿®æ­£ã•ã‚ŒãŸã‚‚ã®ã§ã‚ã‚Šã€
>> ãã®å®Œå…¨æ€§ã«è¨€åŠã•ã‚Œã¦ã„ã‚‹ã‚‚ã®ã§ã™ã€‚(ã¾ãŸã€ä»–ã®ãƒ‡ã‚£ã‚¹ãƒˆãƒªãƒ“ューション
>> ã«ã¤ã„ã¦ã¯å€‹åˆ¥ã®å‹§å‘ŠãŒå‡ºã•ã‚Œã¾ã™ã€‚):
>
> 「完全性ã«è¨€åŠã•ã‚Œã¦ã„ã‚‹ã€ã§ã™ãŒã€è¨€åŠã—ã¦ã„ã‚‹ã®ã¯ã€CVE プロジェクト
> ã§ã¯ãªãã€dsa-254 ã ã¨æ€ã„ã¾ã™ã€‚ã¤ã¾ã‚Šã€ã™ã§ã«ä¿®æ­£ãŒå‡ºã•ã‚Œã¦ã„ã‚‹ã‘ã©ã€
> 念ã®ãŸã‚ã€ã‚‚ã†ä¸€åº¦ã“ã“ã«æ›¸ã„ã¦ãŠãよã€ã¨ã„ã†æ„味ã ã¨æ€ã„ã¾ã™ã€‚
> ãªãœãªã‚‰ã€ã€Œare mentioned hereã€ã¨ã€ã€Œhereã€ãŒä½¿ã‚ã‚Œã¦ã„ã‚‹ã‹ã‚‰ã§ã™ã€‚
> ä»–ã®ãƒ‡ã‚£ã‚¹ãƒˆãƒªãƒ“ューションã«ã¤ã„ã¦ã®éƒ¨åˆ†ãŒã€ã€Œsinceã€ã§ã¤ãªãŒã£ã¦ã„ã‚‹ã®ãŒ
> よãã‚ã‹ã‚‰ãªã„ã®ã§ã™ãŒã€‚

「もã†ä¸€åº¦æ›¸ã„ã¦ãŠãã€ã®ç†ç”±ã¨ã—ã¦ã€
「念ã®ãŸã‚ã« for completenessã€ã¨ã„ã†ç†ç”±ã®ä»–ã«ã‚‚ã€

  ã©ã†ã›ä»–ã®ãƒ‡ã‚£ã‚¹ãƒˆãƒªãƒ“ューションã¯
  ã“れら㮠security flaw ã«ã¤ã„ã¦ã‚‚
  (Debian ã§ã¯æ—¢ã«ä¿®æ­£æ¸ˆã¿ã ã‘ã©ã€ã¾ã ä¿®æ­£
   ã§ãã¦ã„ãªã‹ã£ãŸã¨ã“ã‚も多ã„ã ã‚ã†ã‹ã‚‰)
  ãã¡ã‚“ã¨ãã‚Œãžã‚Œã® flaw ã«ã¤ã„ã¦ãƒ‘ッケージã®
  修正㨠advisory ã®ç™ºè¡ŒãŒå¿…è¦ã«ãªã‚‹ (ã ã‚ã†)

   (ãã‚Œã ã‹ã‚‰ã€ã“れら㮠flaw ã«ã¤ã„ã¦ã‚‚ã©ã“ã‹ã§
    「修正済ã¿ã€ã¨ã„ã†ã‚¢ãƒŠã‚¦ãƒ³ã‚¹ã‚’書ã„ã¦ãŠã‹ãªã„ã¨ã€
    「Debian ã¯ã“れら㮠flaw ã«å¯¾å‡¦ã—ã¦ã„ãªã„ã€ã¨
    誤解ã—ãŸã‚Šã€æ€ã„è¾¼ã¿ã‹ã‚‰ãƒ‡ãƒžã‚’æµã—ãŸã‚Šã™ã‚‹ã“ã¨ãŒ
    ç„¡ã„ã¨ã‚‚é™ã‚‰ãªã„ã§ã—ょ ? ;)
  
ã¨ã„ã†ã€ã¡ã‚‡ã£ã¨æ„地悪ãªç†ç”±ãŒã‚ã‚‹ã€ã¨ã„ã†ã“ã¨ã§ã¯
ãªã„ã§ã—ょã†ã‹ã€‚

# 書ã„ãŸã»ã†ã‚‚「ã¡ã‚‡ã£ã¨å«Œå‘³ã‹ãªã€œã€ãªã©ã¨
# 考ãˆã¦ã€() ã®ä¸­ã«æ›¸ã„ãŸã‚“ã§ã—ょã†ã€ãã£ã¨ã€‚

-- 
 # (ã‚ãŸã—ã®ãŠã†ã¡ã¯æµœæ¾å¸‚ã€ã‚¢ã‚«ã‚¦ãƒŸã‚¬ãƒ¡ã®ãµã‚‹ã•ã¨ã®è¡—)
   <kgh12351@xxxxxxxxxxx> : Taketoshi Sano (ä½é‡Žã€€æ­¦ä¿Š)