(提案)集群RECENT-14 - 22的候选人

下面的集群包含22个候选人宣布3月11日至3月30日,2000年。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0226 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 018. - asp参考:报价:1066参考:网址:http://www.securityfocus.com/bid/1066参考:XF: iis-chunked-encoding-dos IIS 4.0允许攻击者造成拒绝服务请求较大的缓冲在POST或PUT命令消耗内存,又称“分块传输编码的缓冲区溢出漏洞。”ED_PRI CAN-2000-0226 1 VOTE: ================================= Candidate: CAN-2000-0228 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 016. - asp参考:报价:1058参考:网址:http://www.securityfocus.com/bid/1058微软Windows媒体许可管理器允许远程攻击者造成拒绝服务发送一个请求导致经理停止畸形,又名“畸形的媒体许可请求”的弱点。ED_PRI - 2000 - 0228 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0232:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:女士:ms00 - 021参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 021. - asp参考:BUGTRAQ: 20000330远程DoS攻击在Windows 2000 / NT 4.0 TCP / IP打印请求服务器漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html参考:报价:1082参考:网址:http://www.securityfocus.com/bid/1082微软TCP / IP印刷服务,即为Unix打印服务,允许攻击者造成拒绝服务通过一个畸形的TCP / IP打印请求。ED_PRI - 2000 - 0232 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0233:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:SUSE: 20000327安全漏洞在SUSE Linux IMAP服务器参考:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.htmlSuSE Linux IMAP服务器允许远程攻击者绕过IMAP认证并获得特权。ED_PRI - 2000 - 0233 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0235:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:FREEBSD: FreeBSD-SA-00:10参考:http://archives.neohapsis.com/archives/freebsd/2000-03/0068.html参考:报价:1070参考:网址:http://www.securityfocus.com/bid/1070缓冲区溢出orville-write包中哈项目允许本地用户获得根权限。ED_PRI - 2000 - 0235 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0245:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:SGI: 20000303 - 01 - px参考:网址:ftp://sgigate.sgi.com/security/20000303-01-PX参考:BUGTRAQ: 20000328 Objectserver脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil参考:报价:1079参考:网址:http://www.securityfocus.com/bid/1079脆弱性在SGI IRIX objectserver守护进程允许远程攻击者创建用户帐户。ED_PRI - 2000 - 0245 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0246:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:女士:ms00 - 019参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 019. - asp参考:MSKB: Q249599参考:网址:http://www.microsoft.com/technet/support/kb.asp?ID=249599参考:报价:1081参考:网址:http://www.securityfocus.com/bid/1081IIS 4.0和5.0不正确执行ISAPI扩展处理如果虚拟目录映射到一个UNC份额,它允许远程攻击者读取ASP的源代码和其他文件。ED_PRI - 2000 - 0246 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0234:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:CF参考:BUGTRAQ: 20000330钴apache配置暴露. htaccess参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com参考:MISC:http://www.securityfocus.com/templates/advisory.html?id=2150参考:报价:1083参考:网址:http://www.securityfocus.com/bid/1083钴RaQ2和RaQ3的默认配置中指定的访问。配置允许远程攻击者查看敏感一个. htaccess文件的内容。ED_PRI - 2000 - 0234 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0243:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000324 AnalogX SimpleServer 1.03远程崩溃”:参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web - 5645555 @post2.rnci.com参考:XF: simpleserver-exception-dos参考:报价:1076参考:网址:http://www.securityfocus.com/bid/1076参考:MISC:http://www.analogx.com/contents/download/network/sswww.htm缓冲区溢出在AnalogX SimpleServer: WWW HTTP服务器1.03允许远程攻击者造成拒绝服务通过一个简短的GET请求目录。ED_PRI - 2000 - 0243 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0247:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000322当地根妥协GNQS 3.50.6 3.50.7参考:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html参考:MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt脆弱性Generic-NQS (GNQS)允许本地用户获得根权限。ED_PRI - 2000 - 0247 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0227:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000323当地拒绝服务攻击Linux参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000323175509.A23709@clearway.com参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0254.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0272.html参考:报价:1072参考:网址:http://www.securityfocus.com/bid/1072参考:XF: linux-domain-socket-dos Linux 2.2。x内核并没有限制数量的Unix域套接字所定义的wmem_max paremeter,它允许本地用户造成拒绝服务通过请求大量的套接字。ED_PRI - 2000 - 0227 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0229:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000322 gpm-root参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000322182143.4498.qmail@securityfocus.com参考:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html参考:报价:1069参考:网址:http://www.securityfocus.com/bid/1069参考:XF: linux-gpm-root gpm-root流量包中不适当的放弃特权,它允许本地用户获得特权,开始从gpm-root效用。ED_PRI - 2000 - 0229 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0230:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000316 & c开发咨询——都是imwheel参考:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html参考:报价:1060参考:网址:http://www.securityfocus.com/bid/1060缓冲区溢出imwheel允许本地用户获得根权限通过imwheel-solo脚本和长家里环境变量。ED_PRI - 2000 - 0230 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0231:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000316“开发咨询——kreatecd & c都是”:参考:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html参考:XF: linux-kreatecd-path参考:报价:1061参考:网址:http://www.securityfocus.com/bid/1061Linux kreatecd信托使用用户提供的路径,找到cdrecord程序,允许本地用户获得根权限。ED_PRI - 2000 - 0231 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0236:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000317(安全000317. exp.1.5]网景企业服务器和‘?wp的标签参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com参考:http://archives.neohapsis.com/archives/bugtraq/2000-03/0191.html参考:http://archives.neohapsis.com/archives/bugtraq/2000-03/0238.html参考:报价:1063参考:网址:http://www.securityfocus.com/bid/1063参考:XF: netscape-server-directory-indexing网景Enterprise Server启用了Web发布允许远程攻击者通过Web发布服务器目录列表标签如? wp-ver-info和? wp-cs-dump。ED_PRI - 2000 - 0236 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0237:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1参考:报价:1075参考:网址:http://www.securityfocus.com/bid/1075网景Enterprise Server启用了Web发布允许远程攻击者任意目录列表/出版商目录通过GET请求,它提供了一个Java小程序,允许攻击者浏览目录。ED_PRI - 2000 - 0237 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0238:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000317 DoS NAVIEG参考:http://www.securityfocus..com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us参考:XF: nav-email-gateway-dos参考:报价:1064参考:网址:http://www.securityfocus.com/bid/1064缓冲区溢出的web服务器诺顿杀毒软件对网络电子邮件网关允许远程攻击者通过一个长URL引起拒绝服务。ED_PRI - 2000 - 0238 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0239:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000315本地/远程DoS攻击MERCUR WebView网络邮箱服务1.0参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95325335825295&w=2参考网址:http://www.ussrback.com/labs36.html参考:报价:1056参考:网址:http://www.securityfocus.com/bid/1056参考:XF: mercur-webview-get-dos缓冲区溢出的MERCUR WebView邮箱服务器允许远程攻击者通过长mail_user引起拒绝服务参数的GET请求。ED_PRI - 2000 - 0239 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0240:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000321 vqserver / ........../参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net参考:XF: vqserver-dir-traverse参考:报价:1067参考:网址:http://www.securityfocus.com/bid/1067vqSoft vqServer程序允许远程攻击者通过/ ..........读取任意文件/在URL中,变异的. .(点点)攻击。ED_PRI - 2000 - 0240 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0241:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000321 vqserver / ........../参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net参考:报价:1068参考:网址:http://www.securityfocus.com/bid/1068参考:XF: vqserver-passwd-plaintext vqSoft vqServer敏感信息如密码明文存储在服务器。cfg文件,它允许攻击者获得特权。ED_PRI - 2000 - 0241 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0242:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000325 Windmail允许网络用户得到任何文件参考:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-03-22&msg=20000325224146.6839.qmail@securityfocus.com参考:XF: windmail-fileread参考:XF: windmail-pipe-command参考:报价:1073参考:网址:http://www.securityfocus.com/bid/1073WindMail允许远程攻击者读取任意文件或执行命令通过shell元字符。ED_PRI - 2000 - 0242 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0244:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000328 Citrix ICA基本加密参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bso.4.20.0003290949280.2640 - 100000 @naughty.monkey.org参考:报价:1077参考:网址:http://www.securityfocus.com/bid/1077Citrix ICA(独立计算架构)协议使用弱加密(XOR)用户身份验证。ED_PRI - 2000 - 0244 3投票: