CVE技术问题的示例

所有：以下是一些特定的CVE示例，以说明我计划在本周日讨论的一些技术问题。我没有早些时候发布它们，因为我不想在细节上浏览“更大的问题”，但也许他们可以提供一些思考的食物。- 史蒂夫（Steve------从某些角度来看，大多数SA类别漏洞可能不是“漏洞”。考虑使用CVE-00612，CVE-00629或CVE-00626收集信息。尽管如此，至少在某些情况下，许多“限制性”安全政策会将其视为脆弱性。CVE-00500-从某些角度来看（假设不是关键系统目录）CVE-00497-如果“正确”配置，而不是某些视角（注意特定相关的CF类别问题），例如CVE-00563或CVE-00527）。不包括“不可修复”的设计缺陷（例如，Digital Unix 4.0转移到基于堆栈的执行），但与设计限制有关的“可解决”问题是（例如Smurf，CVE-00513）。高基数漏洞--------------------------------------------------------------------------------------------------------------------------------------------------------------》中的一些高基数漏洞199904290013中。请注意，它们也可能存在抽象水平（LOA）问题。CVE -00119-每个Buggy Beta软件是否应该获得自己的条目？ what about "commonly used" or "prevalent" beta software? CVE-00660 - rolls all post-compromise installed hacker utilities into one CVE-00586 - *any* network service could run on an unusual port, which may not be accounted for by network filters CVE-00559 - there are too many "critical" files or directories to enumerate. But then who says what is "critical"? (Partial answer: not the CVE.) CVE-00537, CVE-00538 - too many different-but-related "options" in web browsers Level of Abstraction (LOA) examples ----------------------------------- CVE-00502, CVE-00504, CVE-00506, CVE-00508, CVE-00519 - all have to do with default passwords, but they're separated by "functionality." So is this too low an LOA? Note also the converse - these are high cardinality vulnerabilities too. CVE-00536 - LOA is too high for NT experts, but what is the appropriate way to split this vulnerability? CVE-00534 - configuration problem whose LOA is fixed because each right is an option on the same menu. CVE-00620, CVE-00621 - service "suites" that consist of component services CVE-00346, CVE-00068 - most tools roll these into one, but they're split because they're different executables. CVE-00578, CVE-00579 - other vulnerabilities like these discriminate between "system critical" and "normal" resources, the idea being that "system critical" may allow system compromise, while "normal" may at worst leak information. CVE-00025, CVE-00026, CVE-00027, ... - same as previous example CVE-00552 - too low level? An instance of a higher cardinality vulnerability, e.g. "TCP/IP service or surrogate available through web interface" CVE-00557, CVE-00558, CVE-00559 - are 557 and 558 subsumed by 559? Is 559 at the proper LOA? CVE-00306, CVE-00030 - same application on different OS'es Description Problems -------------------- Some of these examples are due to incomplete information provided from my source (e.g. an advisory that's written to obscure relevant details). CVE-000022, CVE-00023, CVE-00187 - 22 and 23 are distinguishable by the function name, but it requires a glance at the references to be certain of the difference - 187 appears different than 22 and 23, but the associated advisory doesn't provide additional details CVE-00001 - not enough info in source advisory CVE-00254 and CVE-00186 have inconsistent terminology. Descriptions often don't need software version numbers, but consider CVE-00478, CVE-00393, CVE-00047, CVE-00205, and CVE-00204 as examples where version numbers are useful to a human reader who is trying to distinguish between these vulnerabilities. CVE-00534 - has "too much" information (listing most known privileges), however is useful for some mapping/search tasks, so the specific options are included. Missing Vulnerabilities ----------------------- Example: Note that CVE-00661 is only intended to refer to "normal" software packages that have been replaced by Trojan Horses at their distribution site (e.g. TCP Wrappers of a few months ago). [Note also the desciption problems.] There isn't a specific vulnerability for Trojan Horses that a hacker might install after a compromise (though it would fall under GENERIC-MP), but such an entry would overlap CVE-00660. Other MP category vulnerabilities are missing too, e.g. hacker-modified configurations (although some configurations would already be "spotted" under CVE-00663).