(提案)集群RECENT-21 - 28候选人

下面的集群包含28个候选人宣布5/21/2000和6/8/2000之间。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0376 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000615 Assigned: 20000606 Category: SF Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. ED_PRI CAN-2000-0376 1 VOTE: ================================= Candidate: CAN-2000-0377 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000615 Assigned: 20000608 Category: SF Reference: MS:MS00-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 040. - asp远程注册表服务器在Windows NT 4.0允许本地经过身份验证的用户通过畸形引起拒绝服务请求,导致登录过程失败,又名“远程注册表访问认证”的弱点。ED_PRI - 2000 - 0377 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0402:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:女士:ms00 - 035参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 035. - asp参考:报价:1281参考:网址:http://www.securityfocus.com/bid/1281参考:XF: mssql-agent-stored-pw Microsoft SQL Server 7.0中的混合模式验证功能存储系统管理员(sa)账户在一个日志文件明文被任何用户可读,又名“SQL Server 7.0 Service Pack密码”的弱点。ED_PRI - 2000 - 0402 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0403:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:女士:ms00 - 036参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 036. - asp参考:XF: win-browser-hostannouncement参考:报价:1261参考:网址:http://www.securityfocus.com/bid/1261CIFS计算机浏览器服务在Windows NT 4.0允许远程攻击者造成拒绝服务通过发送大量的主持人宣布请求主浏览表,又名“HostAnnouncement洪水”或“HostAnnouncement框架”的弱点。ED_PRI - 2000 - 0403 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0404:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:女士:ms00 - 036参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 036. - asp参考:报价:1262参考:网址:http://www.securityfocus.com/bid/1262CIFS电脑浏览器服务允许远程攻击者造成拒绝服务通过发送ResetBrowser主浏览器框架,又名“ResetBrowser框架”的弱点。ED_PRI - 2000 - 0404 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0441:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:IBM: ERS-OAR-E01-2000:087.1参考:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html参考:报价:1241参考:网址:http://www.securityfocus.com/bid/1241漏洞在AIX 3.2。x和4。x允许本地用户获得写访问文件在本地或远程安装AIX文件系统。ED_PRI - 2000 - 0441 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0455:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:奈:20000529初始化数据溢出在Xlock参考:网址:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp参考:NETBSD: NETBSD - sa2000 - 003参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——003.参考:涡轮:TLSA2000012-1参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html参考:报价:1267参考:网址:http://www.securityfocus.com/bid/1267参考:XF: xlock-bo-read-passwd缓冲区溢出在xlockmore xlock程序4.16和更早的版本允许本地用户读取敏感数据从内存中通过一个长模式的选择。ED_PRI - 2000 - 0455 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0456:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:NETBSD: NETBSD - sa2000 - 005参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——005.参考:报价:1272参考:网址:http://www.securityfocus.com/bid/1272参考:XF: bsd-syscall-cpu-dos NetBSD 1.4.2早些时候,允许本地用户造成拒绝服务通过不断运行某些系统调用内核不让出CPU,又名“cpu-hog”。ED_PRI - 2000 - 0456 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0461:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:OPENBSD: 20000526参考:网址:http://www.openbsd.org/errata26.html semconfig参考:NETBSD: NETBSD - sa2000 - 004参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——004.参考:FREEBSD: FreeBSD-SA-00:19参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc参考:报价:1270参考:网址:http://www.securityfocus.com/bid/1270无证semconfig系统调用在BSD冻结的状态信号,它允许本地用户造成拒绝服务使用semconfig信号系统的调用。ED_PRI - 2000 - 0461 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0462:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:NETBSD: NETBSD - sa2000 - 006参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——006.参考:报价:1273参考:网址:http://www.securityfocus.com/bid/1273ftpd /etc/ftpchroot NetBSD 1.4.2不正确解析条目中,不改变根目录指定的用户,这些用户可以访问他们的home目录以外的其他文件。ED_PRI - 2000 - 0462 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0431:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000522问题与首页RaQ2钴/ RaQ3参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net参考:BUGTRAQ: 20000525钴网络安全顾问——网页设计参考:确认:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html参考:报价:1238参考:网址:http://www.securityfocus.com/bid/1238参考:XF: cobalt-cgiwrap-bypass钴RaQ2和RaQ3不正确设置文件的访问权限和所有权是通过首页上传,它允许攻击者绕过cgiwrap和修改文件。ED_PRI - 2000 - 0431 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0437:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:确认:http://www.tis.com/support/cyberadvisory.html参考:确认:http://www.pgp.com/jump/gauntlet_advisory.asp参考:BUGTRAQ: 20000522挑战CyberPatrol缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html参考:XF: gauntlet-cyberdaemon-bo参考:报价:1234参考:网址:http://www.securityfocus.com/bid/1234缓冲区溢出的CyberPatrol守护进程“cyberdaemon”用于挑战和WebShield允许远程攻击者造成拒绝服务或执行任意命令。ED_PRI - 2000 - 0437 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0438:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000522 fdmount缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html参考:XF: linux-fdmount-bo参考:报价:1239参考:网址:http://www.securityfocus.com/bid/1239缓冲区溢出在fdmount Linux系统允许本地用户“软盘”组中执行任意命令通过一个长挂载点参数。ED_PRI - 2000 - 0438 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0442:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000523 Qpopper 2.53远程问题,用户可以获得gid =邮件参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html参考:报价:1242参考:网址:http://www.securityfocus.com/bid/1242参考:XF: qualcomm-qpopper-euidl Qpopper 2.53和更早的允许本地用户获得特权:通过一个格式化字符串头,这是由euidl处理命令。ED_PRI - 2000 - 0442 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0454:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000527 Mandrake 7.0: /usr/bin/cdrecord gid = 80(罢工# 2)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html参考:BUGTRAQ: 20000603(盖尔人所得钱款][安全]宣布cdrecord参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html参考:报价:1265参考:网址:http://www.securityfocus.com/bid/1265参考:XF: linux-cdrecord-execute缓冲区溢出在Linux cdrecord允许本地用户获得特权通过开发参数。ED_PRI - 2000 - 0454 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0460:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000526 KDE: /usr/bin/kdesud, gid = 0利用参考:http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html参考:报价:1274参考:网址:http://www.securityfocus.com/bid/1274缓冲区溢出在kdesud Mandrake Linux允许本地使用获得特权通过长时间显示环境变量。ED_PRI - 2000 - 0460 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0396:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000524警报:Carello参考文件创建缺陷:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html参考:报价:1245参考:网址:http://www.securityfocus.com/bid/1245参考:XF: carello-file-duplication add.exe项目Carello购物车软件允许远程攻击者重复的文件在服务器上,这可能允许攻击者读取web脚本如asp的源代码文件。ED_PRI - 2000 - 0396 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0398:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000524警报:缓冲区溢出在Rockliffe MailSite参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html参考:报价:1244参考:网址:http://www.securityfocus.com/bid/1244参考:XF: mailsite-get-overflow wconsole缓冲区溢出。dll在Rockliffe MailSite管理代理允许远程攻击者通过长query_string执行任意命令参数的HTTP GET请求。ED_PRI - 2000 - 0398 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0399:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000524迪尔菲尔德通讯MDaemon邮件服务器DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html参考:XF: deerfield-mdaemon-dos参考:报价:1250参考:网址:http://www.securityfocus.com/bid/1250缓冲区溢出MDaemon流行服务器允许远程攻击者造成拒绝服务通过用户名。ED_PRI - 2000 - 0399 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0401:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000525警报:PDG购物车溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95928319715983&w=2PDG参考:NTBUGTRAQ: 20000525警告:购物车溢出参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95928667119963&w=2参考:确认:http://www.pdgsoft.com/Security/security2.html参考:报价:1256参考:网址:http://www.securityfocus.com/bid/1256缓冲区溢出的重定向。exe和changepw。exe在PDGSoft购物车允许远程攻击者执行任意命令通过一个查询字符串。ED_PRI - 2000 - 0401 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0418:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 3220开曼群岛20000523 h DSL路由器软件更新和新的奖金攻击参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html参考:XF: cayman-dsl-dos参考:报价:1240参考:网址:http://www.securityfocus.com/bid/1240开曼3220 - h DSL路由器允许远程攻击者通过超大ICMP回应引起拒绝服务(ping)请求。ED_PRI - 2000 - 0418 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0443:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000524惠普Web JetAdmin 5.6版本的Web接口服务器目录遍历脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html参考:XF: hp-jetadmin-directory-traversal参考:报价:1243参考:网址:http://www.securityfocus.com/bid/1243惠普的web接口服务器web 5.6 JetAdmin允许远程攻击者读取任意文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0443 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0444:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000524惠普Web 6.0版本JetAdmin远程DoS攻击漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0277.html参考:XF: hp-jetadmin-malformed-url-dos参考:报价:1246参考:网址:http://www.securityfocus.com/bid/1246惠普Web JetAdmin 6.0允许远程攻击者通过畸形引起拒绝服务URL端口8000。ED_PRI - 2000 - 0444 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0445:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000523键生成安全缺陷在PGP 5.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html参考:报价:1251参考:网址:http://www.securityfocus.com/bid/1251PGP 5 pgpk命令。x在Unix系统上使用一个随机数据来源不足非交互式生成密钥对,这可能产生可预见的钥匙。ED_PRI - 2000 - 0445 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0446:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000524远程xploit MDBMS中参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html参考:XF: mdbms-bo参考:报价:1252参考:网址:http://www.securityfocus.com/bid/1252缓冲区溢出MDBMS中数据库服务器允许远程攻击者执行任意命令通过一个长字符串。ED_PRI - 2000 - 0446 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0447:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000525 DST2K0003:缓冲区溢出在奈WebShield SMTP v4.5.44 Managem ent工具参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net参考:XF: nai-webshield-bo参考:报价:1254参考:网址:http://www.securityfocus.com/bid/1254缓冲区溢出WebShield SMTP 4.5.44允许远程攻击者执行任意命令通过一个长WebShield远程管理服务的配置参数。ED_PRI - 2000 - 0447 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0448:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000525 DST2K0003:缓冲区溢出在奈WebShield SMTP v4.5.44 Managem ent工具参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net参考:XF: nai-webshield-config-mod参考:报价:1253参考:网址:http://www.securityfocus.com/bid/1253WebShield SMTP管理工具版本4.5.44不适当限制管理端口不决心当一个IP地址的主机名,它允许远程攻击者访问配置通过GET_CONFIG命令。ED_PRI - 2000 - 0448 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0449:最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000525 Omnis弱加密——许多产品影响参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html参考:报价:1255参考:网址:http://www.securityfocus.com/bid/1255Omnis Studio 2.4使用弱加密数据库字段的加密(微不足道的编码)。ED_PRI - 2000 - 0449 3投票: