[技术]rpc。cmsd——一个bug或两个?

:迈克·普罗塞下面观察了可以- 1999 - 0696(最近rpc.cmsd)。这是同样的问题cve - 1999 - 0320吗?什么好主意吗?= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0696阶段:提出(19991208)类别:科幻参考:CIAC: j - 051参考:太阳:00188参考:CERT: ca - 99 - 08年参考:惠普:00102参考:康柏:SSRT0614U_RPC_CMSD缓冲区溢出在CDE日历管理器服务守护进程(rpc.cmsd) >纠正我如果我错了,因为我没有测试这个设备,但是>太阳最初报道这个漏洞在0166年太阳公告,1998年3月。> CVE董事会接受了CVE - 1999 - 0320。00188太阳公告1999年7月>的精确欺骗98公报除了一些>附加CDE在后续版本的补丁SunOS / Solaris。CERT >主管供应商警报和其他额外的信息在这波为其他供应商的>系统(为什么花了一年多呢?),但我们已经有一个CVE编号>杰出的脆弱性。这些独立的漏洞吗?或>一样只是发现影响超过最初认为?如果是这样,>建议合并到现有的CVE,就调整>描述现有的CVE供应商>系统反映了额外的脆弱。 >Additional reference: BID 486 and 524 I think the two problems might be different. First of all, CAN-1999-0696 explicitly describes a buffer overflow in the Sun and CERT advisories. CVE-1999-0320 doesn't mention a buffer overflow, and describes an attack scenario where someone can overwrite files, which usually makes me think of following symbolic links or using a .. attack or whatever, but not a buffer overflow. It is weird that the patches are the same, though, except for the patches for later CDE versions. Perhaps they didn't preserve the patch in later versions? - Steve