(CD) CD建议:SF-LOC(软件缺陷在不同的行代码)

以下内容决定(CD)与多个软件缺陷的情况同时出现在同一个应用程序。CD提议日期:6/12/2000投票期内:7/10/2000最终决定:7/24/2000 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * CD: SF-LOC(软件缺陷在不同的代码行数)* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *类型:抽象版本:1.0提出:6/12/2000最终决定:N /一个简短的描述- - - - - - - - - - - - - - - - - -如果两个或更多不同的软件缺陷发生在不同的行代码在同一个可执行文件或库,然后记录他们在不同的条目。(非正式,区分不同缺陷在同一软件。)定义- - - - - - - - - - - -所有的定义都非正式。“图书馆”是一组功能打包成相同的文件,然后由多个程序使用这些函数访问。DLL的C库和Perl模块都是指“库”。The "trigger code" is the specific line in the source code whose execution affects the system's security. For example, the trigger code for a buffer overflow might be a call to the strcat() function which causes the overflow and overwrites a stack pointer, or the trigger code for a packet reassembly problem might be the specific line of code that causes the affected system to crash. Affected Candidates ------------------- All active candidates that are affected by this content decision can be obtained via the following URL:http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CD SF-LOC应用程序- - - - - - - - - - - -如果一个*出现在CD条目,然后如果项目适用于P1和P2,然后剩下的CD不应该被应用。注意:这个CD与CD相交:SF-EXEC对软件缺陷发生在库。考虑两个问题,P1和P2。* *试图定义证据库,然后用它来决定是否申请这张CD。* 1)如果P1和P2不发生在相同的可执行文件,并没有证据表明他们都出现在相同的库,那么这个CD不适用,和CD: SF-EXEC应该咨询。* 2)如果能证明P1的触发代码是不同的触发代码P2,然后P1和P2必须保持分裂。* 3)如果能证明P1的触发代码是一样的为P2触发代码,那么必须合并P1和P2,即使剥削的方法可能会有所不同。* 4)如果P1和P2不固定同样的补丁或补丁,然后他们必须保持分裂。5)如果有强有力的证据表明,P1和P2触发代码相同,有强有力的证据表明,P1和P2在同一个库,那么P1和P2应该合并。6)如果P1的开发方法是明显不同于P2的剥削,那么P1和P2应该分裂。 For example, P1 might appear to be a buffer overflow that is caused by sending a long command line argument, whereas P2 might follow symbolic links improperly. 7) If the methods of exploitation for P1 and P2 are the same (or extremely similar), and the results of the exploitation are the same, then P1 and P2 should be MERGED. 8) If there are conflicting recommendations from previous items in this CD, then the first item that applies should be used to determine whether P1 and P2 should be SPLIT or MERGED. 9) If no item in this CD (besides this one) suggests whether P1 and P2 should be MERGED or SPLIT, then they should be MERGED. Examples --------http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CD SF-LOC* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *可以- 1999 - 0855和- 1999 - 0857 - 1999 - 0855:缓冲区溢出在FreeBSD环球数码创意程序通过一个长- t参数。- 1999 - 0857:FreeBSD环球数码创意程序允许本地用户修改文件通过一个符号链接攻击。SF-LOC。2和SF-LOC。3可以回答通过查看源代码,但假设它不是可用的。SF-LOC。4不适用,因为没有已知的补丁。SF-LOC。5不适用。SF-LOC。6 applies. The buffer overflow is exploited differently than the symlink problem, so SF-LOC.6 suggests SPLIT. SF-LOC.7 does not apply. Therefore, these candidates should remain SPLIT by CD:SF-LOC.6. ********************************************* CAN-1999-0844: Denial of service in MDaemon WorldClient and WebConfig services via a long URL. WorldClient and WebConfig problems could appear in the same library, so we should apply CD:SF-LOC. But since these are separate executables, but strongly related services, we should apply CD:SF-EXEC as well. SF-LOC.2 and SF-LOC.3 do not apply, because there is no source code available. SF-LOC.4 does not apply. SF-LOC.5 suggests MERGE. SF-LOC.6 does not apply. SF-LOC.7 suggests MERGE. SF-EXEC.1, SF-EXEC.2, and SF-EXEC.3 do not apply. SF-EXEC.4 suggests MERGE. SF-EXEC.5 does not apply. SF-EXEC.6 suggests MERGE. SF-EXEC.7 does not apply. CD:SF-LOC and CD:SF-EXEC both suggest merge. This is in direct conflict with the recommendations by several voters on this candidate, as well as the Bugtraq database. However, the exploit as coded by USSR is the same. ********************************************* CAN-1999-0948: Buffer overflow in uum program for Canna input system allows local users to gain root privileges. CAN-1999-0949: Buffer overflow in canuum program for Canna input system allows local users to gain root privileges. Should these 2 candidates be merged? There could be a library situation here, because both are exploitable through command line options, and command line parsing is sometimes handled by library code. So SF-LOC and SF-EXEC should both be applied. SF-LOC.2 and .3 do not apply. There do not appear to be any patches, so SF-LOC.4 does not apply. SF-LOC.5 does not apply because there isn't particularly strong evidence. SF-LOC.6 gets hairy. How different is an exploitation of one command option versus a different one? Let's say that the exploitation is similar. Then SF-LOC.7 suggests that these should be MERGED. SF-LOC.8 doesn't apply. SF-LOC.9 suggests MERGE, assuming we haven't decided whether we can apply SF-LOC.6 or SF-LOC.7. SF-EXEC.2 and SF-EXEC.3 do not apply. SF-EXEC.4 is hairy, like SF-LOC.6. SF-EXEC.5, SF-EXEC.6, and SF-EXEC.7 do not apply. SF-EXEC.9 suggests MERGE as a fallback. *** This example makes clear that SF-EXEC and SF-LOC could be more precise about whether there's a "significant difference" in an exploitation or not.