再保险(建议):集群RECENT-21 - 28候选人

* Steven m . Christey (coley@LINUS.MITRE.ORG)[000615 03:02]: >以下集群包含28个候选人,宣布> 5/21/2000和6/8/2000之间。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0376 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000606 > Category: SF > Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software > > Buffer overflow in the HTTP proxy server for the i-drive Filo software > allows remote attackers to execute arbitrary commands via a long HTTP > GET request. > > > ED_PRI CAN-2000-0376 1 > > > VOTE: MODIFY Reference: BID 1324 > > ================================= > Candidate: CAN-2000-0377 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000608 > Category: SF > Reference: MS:MS00-040 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 040. - asp> >远程注册表服务器在Windows NT 4.0允许本地>经过身份验证的用户通过畸形引起拒绝服务>请求,导致登录过程失败,又名“远程>注册表访问认证”的弱点。> > > ED_PRI - 2000 - 0377 1 > > >投票:修改参考:出价1331 > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0402 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:女士:ms00 - 035 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 035. - asp>参考:报价:1281 >参考:网址:http://www.securityfocus.com/bid/1281>参考:XF: mssql-agent-stored-pw > >混合模式验证能力在Microsoft SQL Server 7.0 >存储系统管理员(sa)账户在明文日志>文件由任何用户可读,又名“SQL Server 7.0服务>包密码”的弱点。> > > ED_PRI - 2000 - 0402 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0403 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:女士:ms00 - 036 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 036. - asp>参考:XF: win-browser-hostannouncement >参考:报价:1261 >参考:网址:http://www.securityfocus.com/bid/1261> > CIFS计算机浏览器服务在Windows NT 4.0允许远程攻击者>引起拒绝服务通过发送大量>主持人宣布请求主浏览表,又名>“HostAnnouncement洪水”或“HostAnnouncement框架”的弱点。> > > ED_PRI - 2000 - 0403 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0404 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:女士:ms00 - 036 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 036. - asp>参考:报价:1262 >参考:网址:http://www.securityfocus.com/bid/1262> > CIFS电脑浏览器服务允许远程攻击者造成>拒绝服务通过发送ResetBrowser帧到主>浏览器,又名“ResetBrowser框架”的弱点。> > > ED_PRI - 2000 - 0404 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0441 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:IBM: ERS-OAR-E01-2000:087.1 >参考:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html>参考:报价:1241 >参考:网址:http://www.securityfocus.com/bid/1241> >漏洞在AIX 3.2。x和4。x允许本地用户获得写>访问文件在本地或远程安装AIX文件系统。> > > ED_PRI - 2000 - 0441 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0455 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:奈:20000529初始化数据溢出Xlock >参考:网址:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp>参考:NETBSD: NETBSD - sa2000 - 003 >参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——003.>参考:涡轮:TLSA2000012-1 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html>参考:报价:1267 >参考:网址:http://www.securityfocus.com/bid/1267>参考:XF: xlock-bo-read-passwd > >缓冲区溢出xlockmore xlock程序4.16和更早的版本>允许本地用户敏感数据从内存中读通过长模式>选项。> > > ED_PRI - 2000 - 0455 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0456 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:NETBSD: NETBSD - sa2000 - 005 >参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——005.>参考:报价:1272 >参考:网址:http://www.securityfocus.com/bid/1272>参考:XF: bsd-syscall-cpu-dos > > NetBSD 1.4.2早些时候,允许本地用户原因拒绝>服务通过不断运行某些系统调用内核>不让出CPU,又名“cpu-hog”。> > > ED_PRI - 2000 - 0456 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0461 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:OPENBSD: 20000526 >参考:网址:http://www.openbsd.org/errata26.html semconfig>参考:NETBSD: NETBSD - sa2000 - 004 >参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——004.>参考:FREEBSD: FreeBSD-SA-00:19 >参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc>参考:报价:1270 >参考:网址:http://www.securityfocus.com/bid/1270> >无证semconfig系统调用在BSD冻结的状态>信号量,它允许本地用户造成拒绝服务>信号系统通过使用semconfig电话。> > > ED_PRI - 2000 - 0461 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0462 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:NETBSD: NETBSD - sa2000 - 006 >参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——006.>参考:报价:1273 >参考:网址:http://www.securityfocus.com/bid/1273> >在NetBSD 1.4.2 ftpd并不正确解析条目/etc/ftpchroot >,不chroot指定的用户,这些用户可以>访问他们的home目录以外的其他文件。> > > ED_PRI - 2000 - 0462 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0431 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000522问题首页RaQ2钴/ RaQ3 >参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net>参考:BUGTRAQ: 20000525网络钴-安全咨询首页>参考:确认:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html>参考:报价:1238 >参考:网址:http://www.securityfocus.com/bid/1238>参考:XF: cobalt-cgiwrap-bypass > >钴RaQ2和RaQ3不正确设置文件的访问权限和所有权>通过首页上传,它允许>攻击者绕过cgiwrap和修改文件。> > > ED_PRI - 2000 - 0431 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0437 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:确认:http://www.tis.com/support/cyberadvisory.html>参考:确认:http://www.pgp.com/jump/gauntlet_advisory.asp>参考:BUGTRAQ: 20000522挑战CyberPatrol缓冲区溢出>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html>参考:XF: gauntlet-cyberdaemon-bo >参考:报价:1234 >参考:网址:http://www.securityfocus.com/bid/1234> >中的缓冲区溢出CyberPatrol守护进程“cyberdaemon”用于>挑战和WebShield允许远程攻击者导致拒绝>服务或执行任意命令。> > > ED_PRI - 2000 - 0437 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0438 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000522 fdmount缓冲区溢出>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html>参考:XF: linux-fdmount-bo >参考:报价:1239 >参考:网址:http://www.securityfocus.com/bid/1239> >缓冲区溢出在fdmount Linux系统允许本地用户>“软盘”组中执行任意命令通过一个长挂载点>参数。> > > ED_PRI - 2000 - 0438 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0442 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000523 Qpopper 2.53远程问题,用户可以获得gid =邮件>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html>参考:报价:1242 >参考:网址:http://www.securityfocus.com/bid/1242>参考:XF: qualcomm-qpopper-euidl > > Qpopper 2.53和更早的允许通过一个本地用户获得特权>:格式化字符串头,这是由euidl >命令进行处理。> > > ED_PRI - 2000 - 0442 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0454 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000527 Mandrake 7.0: /usr/bin/cdrecord gid = 80(# 2) >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html>参考:BUGTRAQ: 20000603(盖尔人所得钱款][安全]宣布cdrecord >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html>参考:报价:1265 >参考:网址:http://www.securityfocus.com/bid/1265>参考:XF: linux-cdrecord-execute > >缓冲区溢出在Linux cdrecord允许本地用户获得特权>通过开发参数。> > > ED_PRI - 2000 - 0454 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0460 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000526 KDE: /usr/bin/kdesud, gid = 0利用>参考:http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html>参考:报价:1274 >参考:网址:http://www.securityfocus.com/bid/1274> >缓冲区溢出在kdesud Mandrake Linux允许本地使用获得>特权通过长显示环境变量。> > > ED_PRI - 2000 - 0460 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0396 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000524警报:Carello >引用文件创建缺陷:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html>参考:报价:1245 >参考:网址:http://www.securityfocus.com/bid/1245>参考:XF: carello-file-duplication > > add.exe项目Carello购物车软件允许远程攻击者>复制服务器上的文件,这将允许>攻击者读取web脚本如asp的源代码文件。> > > ED_PRI - 2000 - 0396 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0398 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000524警报:缓冲区溢出在Rockliffe MailSite >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html>参考:报价:1244 >参考:网址:http://www.securityfocus.com/bid/1244>参考:XF: mailsite-get-overflow > > wconsole缓冲区溢出。dll在Rockliffe MailSite管理代理>允许远程攻击者执行任意命令通过一个长> query_string参数的HTTP GET请求。> > > ED_PRI - 2000 - 0398 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0399 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000524迪尔菲尔德通讯MDaemon邮件服务器DoS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html>参考:XF: deerfield-mdaemon-dos >参考:报价:1250 >参考:网址:http://www.securityfocus.com/bid/1250> >在MDaemon POP服务器允许远程缓冲区溢出攻击者造成>拒绝服务通过用户名。> > > ED_PRI - 2000 - 0399 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0401 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000525警报:PDG购物车溢出>参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95928319715983&w=2PDG >参考:NTBUGTRAQ: 20000525警告:购物车溢出>参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95928667119963&w=2>参考:确认:http://www.pdgsoft.com/Security/security2.html>参考:报价:1256 >参考:网址:http://www.securityfocus.com/bid/1256> >在重定向缓冲区溢出。exe和changepw。exe PDGSoft购物>车允许远程攻击者执行任意命令通过一个长>查询字符串。> > > ED_PRI - 2000 - 0401 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0418 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 3220开曼群岛20000523 h DSL路由器软件更新和新的奖金攻击>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html>参考:XF: cayman-dsl-dos >参考:报价:1240 >参考:网址:http://www.securityfocus.com/bid/1240> >开曼3220 - h DSL路由器允许远程攻击者造成拒绝服务>通过超大的ICMP回应(ping)请求。> > > ED_PRI - 2000 - 0418 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0443 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000524惠普网络JetAdmin 5.6版本的Web接口服务器目录遍历脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html>参考:XF: hp-jetadmin-directory-traversal >参考:报价:1243 >参考:网址:http://www.securityfocus.com/bid/1243> > web接口服务器在惠普web JetAdmin 5.6允许远程攻击者>读取任意文件通过一个. .(点点)攻击。> > > ED_PRI - 2000 - 0443 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0444 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000524惠普Web 6.0版本JetAdmin远程DoS攻击弱点>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0277.html>参考:XF: hp-jetadmin-malformed-url-dos >参考:报价:1246 >参考:网址:http://www.securityfocus.com/bid/1246> >惠普Web JetAdmin 6.0允许远程攻击者造成拒绝通过一个畸形的URL >服务端口8000。> > > ED_PRI - 2000 - 0444 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0445 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000523键生成安全缺陷在PGP 5.0 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html>参考:报价:1251 >参考:网址:http://www.securityfocus.com/bid/1251> > pgpk命令PGP 5。x在Unix系统上使用一个不够>非交互式生成密钥对随机数据来源,>可能产生可预见的钥匙。> > > ED_PRI - 2000 - 0445 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0446 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000524远程xploit MDBMS中>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html>参考:XF: mdbms-bo >参考:报价:1252 >参考:网址:http://www.securityfocus.com/bid/1252> >缓冲区溢出MDBMS中数据库服务器允许远程攻击者>执行任意命令通过一个长字符串。> > > ED_PRI - 2000 - 0446 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0447 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000525 DST2K0003:缓冲区溢出在奈WebShield SMTP v4.5.44 Managem ent工具>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net>参考:XF: nai-webshield-bo >参考:报价:1254 >参考:网址:http://www.securityfocus.com/bid/1254> >缓冲区溢出WebShield SMTP 4.5.44允许远程攻击者>执行任意命令通过一个长配置参数> WebShield远程管理服务。> > > ED_PRI - 2000 - 0447 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0448 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000525 DST2K0003:缓冲区溢出在奈WebShield SMTP v4.5.44 Managem ent工具>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net>参考:XF: nai-webshield-config-mod >参考:报价:1253 >参考:网址:http://www.securityfocus.com/bid/1253> > 4.5.44 WebShield SMTP管理工具版本不正确>限制管理端口的访问当一个IP地址不>解析主机名,它允许远程攻击者访问>配置通过GET_CONFIG命令。> > > ED_PRI - 2000 - 0448 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0449 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000525 Omnis弱加密——许多产品的影响>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html>参考:报价:1255 >参考:网址:http://www.securityfocus.com/bid/1255> > Omnis Studio 2.4使用弱加密(简单编码)>加密数据库字段。> > > ED_PRI - 2000 - 0449 3 > > >投票:接受,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船