(提案)集群近20 - 31的候选人

下面的集群包含31个候选人宣布5/11/2000和5/19/2000之间。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0305 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000615 Assigned: 20000509 Category: SF Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240参考:女士:ms00 - 029参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 029. - asp参考:报价:1236参考:网址:http://www.securityfocus.com/bid/1236参考:XF: ip-fragment-reassembly-dos Windows 95, Windows 98, Windows 2000, Windows NT 4.0,和终端服务器系统允许远程攻击者造成拒绝服务通过发送大量相同的支离破碎的IP数据包,即jolt2或IP碎片重组的脆弱性。ED_PRI - 2000 - 0305 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0389:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516缓冲区溢出漏洞在KERBEROS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html参考:CERT: ca - 2000 - 06年参考:网址:http://www.cert.org/advisories/ca - 2000 - 06. - html参考:FREEBSD: FreeBSD-SA-00:20参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html参考:XF: kerberos-krb-rd-req-bo参考:报价:1220参考:网址:http://www.securityfocus.com/bid/1220缓冲区溢出在Kerberos krb_rd_req函数4和5允许远程攻击者获得根权限。ED_PRI - 2000 - 0389 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0390:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516缓冲区溢出漏洞在KERBEROS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html参考:CERT: ca - 2000 - 06年参考:网址:http://www.cert.org/advisories/ca - 2000 - 06. - html参考:FREEBSD: FreeBSD-SA-00:20参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html参考:报价:1220参考:网址:http://www.securityfocus.com/bid/1220参考:XF: kerberos-krb425-conv-principal-bo缓冲区溢出在Kerberos 5 krb425_conv_principal函数允许远程攻击者获得根权限。ED_PRI - 2000 - 0390 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0391:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516缓冲区溢出漏洞在KERBEROS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html参考:CERT: ca - 2000 - 06年参考:网址:http://www.cert.org/advisories/ca - 2000 - 06. - html参考:FREEBSD: FreeBSD-SA-00:20参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html参考:报价:1220参考:网址:http://www.securityfocus.com/bid/1220缓冲区溢出在Kerberos 5 krshd允许远程攻击者获得根权限。ED_PRI - 2000 - 0391 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0392:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516缓冲区溢出漏洞在KERBEROS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html参考:CERT: ca - 2000 - 06年参考:网址:http://www.cert.org/advisories/ca - 2000 - 06. - html参考:FREEBSD: FreeBSD-SA-00:20参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html参考:XF: kerberos-ksu-bo参考:报价:1220参考:网址:http://www.securityfocus.com/bid/1220缓冲区溢出在Kerberos 5允许本地用户已经获得根权限。ED_PRI - 2000 - 0392 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0393:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516 kscd脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html参考:SUSE: 20000529 kmulti < = 1.1.2参考:网址:http://www.suse.de/de/support/security/suse_security_announce_50.txt参考:XF: kscd-shell-env-variable参考:报价:1206参考:网址:http://www.securityfocus.com/bid/1206KDE kscd程序也不删除权限时执行一个程序中指定用户的SHELL环境变量,它允许用户通过指定执行另一个程序来获得特权。ED_PRI - 2000 - 0393 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0405:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:L0PHT: 20000515 AntiSniff version 1.01和研究者版本1 DNS溢出参考:网址:http://www.l0pht.com/advisories/asniff_advisory.txt参考:报价:1207参考:网址:http://www.securityfocus.com/bid/1207参考:XF: antisniff-dns-overflow缓冲区溢出在L0pht AntiSniff允许远程攻击者执行任意命令通过一个畸形的DNS响应包。ED_PRI - 2000 - 0405 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0406:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:XF: netscape-invalid-ssl-sessions参考:CERT: ca - 2000 - 05参考:网址:http://www.cert.org/advisories/ca - 2000 - 05. - html参考:REDHAT: RHSA-2000:028-02参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 028. - html参考:报价:1188参考:网址:http://www.securityfocus.com/bid/1188网景沟通者之前版本4.73和4.07导航不正确验证SSL证书,它允许远程攻击者窃取信息从一个合法的web服务器,到自己的恶意服务器,又名“Acros-Suencksen SSL”漏洞。ED_PRI - 2000 - 0406 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0408:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:MISC:http://www.ussrback.com/labs40.html参考:女士:ms00 - 030参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 030. - asp参考:XF: iis-malformed-information-extension参考:XF: iis-url-extension-data-dos参考:报价:1190参考:网址:http://www.securityfocus.com/bid/1190IIS 4.05和5.0允许远程攻击者造成拒绝服务通过一个长,复杂的URL,似乎包含了大量的文件扩展名,又名“畸形的扩展数据URL”漏洞。ED_PRI - 2000 - 0408 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0419:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:女士:ms00 - 034参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 034. - asp参考:报价:1197参考:网址:http://www.securityfocus.com/bid/1197办公室2000 UA ActiveX控件被标记为“安全的脚本,它允许远程攻击者通过“给我”功能进行未经授权的活动在办公室帮忙,又名“Office 2000 UA控制”的弱点。ED_PRI - 2000 - 0419 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0464:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:XF: ie-malformed-component-attribute参考:女士:ms00 - 033参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 033. - asp参考:报价:1223参考:网址:http://www.securityfocus.com/bid/1223Internet Explorer 4。x和5。x允许远程攻击者执行任意命令通过一个缓冲区溢出的ActiveX参数解析能力,又名“畸形的组件属性”的弱点。ED_PRI - 2000 - 0464 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0465:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:XF: ie-frame-domain-verification参考:女士:ms00 - 033参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 033. - asp参考:报价:1224参考:网址:http://www.securityfocus.com/bid/1224Internet Explorer 4。x和5。x并适当验证的领域框架在一个浏览器窗口,它允许远程攻击者通过帧读取客户端文件,又名“帧域验证”的弱点。ED_PRI - 2000 - 0465 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0394:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000519 RFP2K05: NetProwler vs RFProwler参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2参考:BUGTRAQ: 20000522 RFP2K05——NetProwler“碎片化”问题参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com参考:XF: axent-netprowler-ipfrag-dos参考:报价:1225参考:网址:http://www.securityfocus.com/bid/1225NetProwler 3.0允许远程攻击者造成拒绝服务通过发送畸形的IP数据包触发NetProwler中间人的签名。ED_PRI - 2000 - 0394 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0407:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000512新Solaris根利用/usr/lib/lp/bin/netpr参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html参考:XF: sol-netpr-bo参考:报价:1200参考:网址:http://www.securityfocus.com/bid/1200缓冲区溢出在Solaris netpr程序允许本地用户执行任意命令通过一个长—p选项。ED_PRI - 2000 - 0407 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0436:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000522 MetaProducts离线浏览器目录遍历脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html参考:确认:http://www.metaproducts.com/mpOE-HY.html参考:报价:1231参考:网址:http://www.securityfocus.com/bid/1231MetaProducts 1.2和更早的离线浏览器允许远程攻击者访问任意文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0436 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0395:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516成为CProxy v3.3 SP 2 DoS参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48 e44f0e40 01美元dc11ac@peopletel.org参考:XF: cproxy-http-dos参考:报价:1213参考:网址:http://www.securityfocus.com/bid/1213缓冲区溢出CProxy 3.3允许远程用户造成拒绝服务通过一个HTTP请求。ED_PRI - 2000 - 0395 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0397:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000515脆弱性EMURL-based电子邮件提供商参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html参考:XF: emurl-account-access参考:报价:1203参考:网址:http://www.securityfocus.com/bid/1203EMURL基于网络的电子邮件帐户的软件编码可预测的在用户会话标识符的url,它允许远程攻击者访问用户的电子邮件帐户。ED_PRI - 2000 - 0397 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0400:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516微软安全缺陷吗?参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95868514521257&w=2参考:报价:1221参考:网址:http://www.securityfocus.com/bid/1221参考:XF: ie-active-movie-control Internet Explorer 5中的Microsoft Active电影ActiveX控件并没有限制,可以下载文件类型,它允许攻击者任何类型的文件下载到用户的系统编码在电子邮件消息或新闻文章。万博下载包ED_PRI - 2000 - 0400 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0415:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000512 Outlook Express 4中溢出。*——太长文件名扩展图形格式的参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0140.html参考:报价:1195参考:网址:http://www.securityfocus.com/bid/1195缓冲区溢出Outlook Express 4。x允许攻击者通过邮件或引起拒绝服务消息,jpg或bmp格式附件长文件名。万博下载包ED_PRI - 2000 - 0415 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0416:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000511 NTMail代理利用参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net参考:报价:1196参考:网址:http://www.securityfocus.com/bid/1196NTMail 5。x允许网络用户绕过NTMail代理限制通过重定向请求NTMail的web服务器配置。ED_PRI - 2000 - 0416 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0420:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:CF参考:NTBUGTRAQ: 20000511国际空间站专家咨询参考00/26:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0112.html参考:报价:1198参考:网址:http://www.securityfocus.com/bid/1198缺省配置Windows 2000家门店的SYSKEY启动键在注册表中,艾克佛公司的产品可以让攻击者tor它和用它来解密加密的文件系统(EFS)数据。ED_PRI - 2000 - 0420 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0421:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000510咨询:检查系统(blaat $ var blaat)调用Bugzilla 2.8参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html参考:报价:1199参考:网址:http://www.securityfocus.com/bid/1199process_bug。cgi脚本在Bugzilla允许远程攻击者通过sehll元字符执行任意命令。ED_PRI - 2000 - 0421 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0424:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000514参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil参考:报价:1202参考:网址:http://www.securityfocus.com/bid/1202CGI柜台4.0.7乔治·Burgyan允许远程攻击者通过shell元字符执行任意命令。ED_PRI - 2000 - 0424 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0432:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516 Vuln日历。pl脚本(马特·克鲁斯压延)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html参考:报价:1215参考:网址:http://www.securityfocus.com/bid/1215压延机。pl和calendar_admin。pl脚本由马特·克鲁斯日历允许远程攻击者通过shell元字符执行任意命令。ED_PRI - 2000 - 0432 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0434:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:CF参考:BUGTRAQ: 20000516 Allmanage。pl漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html参考:报价:1217参考:网址:http://www.securityfocus.com/bid/1217Allmanage网站管理软件的管理密码明文存储在一个文件可以访问远程攻击者。ED_PRI - 2000 - 0434 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0435:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000516 Allmanage。pl漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html参考:报价:1217参考:网址:http://www.securityfocus.com/bid/1217allmanageup。pl文件上传的CGI脚本Allmanage网站管理软件2.6可以直接调用远程攻击者,他们可以修改用户帐户或web页面。ED_PRI - 2000 - 0435 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0450:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000518弗兰克-威廉姆斯:安全注意:老大哥系统和网络监控参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0216.html参考:报价:1257参考:网址:http://www.securityfocus.com/bid/1257脆弱性在老大哥bdd服务器系统和网络监控允许攻击者执行任意命令。ED_PRI - 2000 - 0450 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0451:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000518远程Dos攻击英特尔表达8100路由器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html参考:报价:1228参考:网址:http://www.securityfocus.com/bid/12288100年英特尔表达ISDN路由器允许远程攻击者通过超大或引起拒绝服务分散的ICMP数据包。ED_PRI - 2000 - 0451 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0452:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000518 Lotus ESMTP服务(Lotus Domino版本5.0.1(国际)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html参考:XF: lotus-domino-esmtp-bo参考:报价:1229参考:网址:http://www.securityfocus.com/bid/1229缓冲区溢出的Lotus Domino服务器5.0.1 ESMTP服务允许远程攻击者造成拒绝服务通过一个长的邮件命令。ED_PRI - 2000 - 0452 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0453:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000518肮脏XFree Xserver DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html参考:报价:1235参考:网址:http://www.securityfocus.com/bid/1235XFree86 3.3。4.0 x和允许用户造成拒绝服务通过一个负面的计数器值的畸形TCP包发送到端口6000。ED_PRI - 2000 - 0453 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0463:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000517辅助安全顾问/ OS 5.0 (DoS)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html参考:XF: beos-tcp-frag-dos参考:报价:1222参考:网址:http://www.securityfocus.com/bid/1222BeOS 5.0允许远程攻击者通过分散TCP数据包导致拒绝服务。ED_PRI - 2000 - 0463 3投票: