(提案)集群RECENT-22 - 33的候选人

下面的集群包含33个候选人宣布5/21/2000和6/5/2000之间。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0467 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Splitvt exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html参考:DEBIAN: 20000605根利用splitvt参考:网址:http://www.debian.org/security/2000/20000605a参考:报价:1346参考:网址:http://www.securityfocus.com/bid/1346缓冲区溢出在Linux splitvt 1.6.3早些时候,允许本地用户获得根权限通过长密码屏幕锁定功能。ED_PRI - 2000 - 0467 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0495:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:女士:ms00 - 038参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 038. - asp参考:报价:1282参考:网址:http://www.securityfocus.com/bid/1282微软Windows媒体编码器允许远程攻击者通过畸形引起拒绝服务请求,又名“畸形的Windows媒体编码器请求”的弱点。ED_PRI - 2000 - 0495 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0517:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:CERT: ca - 2000 - 08年参考:网址:http://www.cert.org/advisories/ca - 2000 - 08. - html参考:报价:1260参考:网址:http://www.securityfocus.com/bid/1260Netscape 4.73和更早的不适当的警告用户可能无效的证书如果用户此前接受证书一个不同的网站,这可能允许远程攻击者欺骗一个合法的网站,网站的DNS信息的影响。ED_PRI - 2000 - 0517 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0518:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:女士:ms00 - 039参考:http://www.microsoft.com/technet/security/bulletin/ms00 - 039. - asp参考:报价:1309参考:网址:http://www.securityfocus.com/bid/1309Internet Explorer 4.0和5.0不正确验证SSL证书的所有内容,如果连接到服务器通过一个图像或一个框架,即两种不同的“SSL证书验证”的漏洞。ED_PRI - 2000 - 0518 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0519:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:女士:ms00 - 039参考:http://www.microsoft.com/technet/security/bulletin/ms00 - 039. - asp参考:报价:1309参考:网址:http://www.securityfocus.com/bid/1309Internet Explorer 4.0和5.0不正确re-validate SSL证书如果用户建立一个新的SSL会话期间与同一个服务器相同的ie浏览器会话,即两种不同的“SSL证书验证”的漏洞。ED_PRI - 2000 - 0519 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0530:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000531 KDE:: KApplication特性?参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html参考:火山口:综援- 2000 - 015.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 015.0.txt参考:报价:1291参考:网址:http://www.securityfocus.com/bid/1291在KDE 1.1.2 KApplication类配置文件管理能力允许本地用户覆盖任意文件。ED_PRI - 2000 - 0530 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0537:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000606 BRU脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html参考:火山口:综援- 2000 - 018.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 018.0.txt参考:报价:1321参考:网址:http://www.securityfocus.com/bid/1321无条件转移备份软件允许本地用户把数据添加到任意文件,通过指定一个替代BRUEXECLOG环境变量配置文件。ED_PRI - 2000 - 0537 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0545:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000602 /usr/bin/Mail利用Slackware 7.0 (mail-slack.c)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0435.html参考:DEBIAN: 20000605 mailx:邮件组利用mailx参考:网址:http://www.debian.org/security/2000/20000605参考:报价:1305参考:网址:http://www.securityfocus.com/bid/1305缓冲区溢出mailx邮件命令(又名邮件)在Linux系统允许本地用户获得特权通过长- c(副本)参数。ED_PRI - 2000 - 0545 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0474:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601远程DoS攻击在真正的网络服务器(罢工# 2)脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html参考:BUGTRAQ: 20000601远程RealServer DoS攻击:苏联- 2000043参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html参考:报价:1288参考:网址:http://www.securityfocus.com/bid/1288真正的网络RealServer 7。x允许远程攻击者通过畸形引起拒绝服务请求一个页面在viewsource目录中。ED_PRI - 2000 - 0474 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0486:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000530 TACACS +协议及其实现的分析参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html参考:确认:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html参考:报价:1293参考:网址:http://www.securityfocus.com/bid/1293缓冲区溢出在思科TACACS + tac_plus服务器允许远程攻击者通过畸形引起拒绝服务包长度字段。ED_PRI - 2000 - 0486 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0505:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000603 Re: IBM HTTP SERVER / APACHE参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsf.4.20.0006031912360.45740 - 100000 @alive.znep.com参考:报价:1284参考:网址:http://www.securityfocus.com/bid/1284Apache 1.3。x HTTP服务器在Windows平台允许远程攻击者列出目录的内容通过请求的URL包含大量的/字符。ED_PRI - 2000 - 0505 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0536:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:确认:http://www.synack.net/xinetd/参考:报价:1381参考:网址:http://www.securityfocus.com/bid/1381xinetd 2.1.8。如果x不适当限制连接主机名用于访问控制和连接主机没有反向DNS条目。ED_PRI - 2000 - 0536 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0468:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601惠普安全漏洞的男人命令参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.sol.4.02.10006021014400.4779 - 100000 @nofud.nwest.attws.com参考:报价:1302参考:网址:http://www.securityfocus.com/bid/1302在hp - ux 10.20和11个允许本地攻击者覆盖文件通过一个符号链接攻击。ED_PRI - 2000 - 0468 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0470:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601硬件开发,得到网络参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html参考:报价:1290参考:网址:http://www.securityfocus.com/bid/1290快板RomPager HTTP服务器允许远程攻击者通过畸形引起拒绝服务身份验证请求。ED_PRI - 2000 - 0470 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0476:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 [rootshell.com] Xterm DoS攻击参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html参考:报价:1298参考:网址:http://www.securityfocus.com/bid/1298Eterm xterm, rxvt允许攻击者造成拒绝服务通过嵌入特定的转义字符,迫使窗口大小。ED_PRI - 2000 - 0476 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0481:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:VULN-DEV: 20000601 Kmail堆溢出参考:网址:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez参考:报价:1380参考:网址:http://www.securityfocus.com/bid/1380缓冲区溢出在KDE Kmail允许远程攻击者通过附件导致拒绝服务长文件名。ED_PRI - 2000 - 0481 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0487:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:女士:ms00 - 032参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 032. - asp参考:报价:1295参考:网址:http://www.securityfocus.com/bid/1295受保护存储在Windows 2000不正确选择最强的加密时可用,从而使用一个默认的40位加密而不是56位DES加密,又名“受保护的存储关键长度”的弱点。ED_PRI - 2000 - 0487 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0488:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 DST2K0007:缓冲区溢出在ITHouse邮件服务器v1.04参考:网址:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html参考:报价:1285参考:网址:http://www.securityfocus.com/bid/1285缓冲区溢出ITHouse邮件服务器1.04允许远程攻击者执行任意命令通过一个长收件人邮件命令。ED_PRI - 2000 - 0488 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0489:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 19990826当地DoS在FreeBSD参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.9908270039010.16315 - 100000 @thetis.deor.org参考:BUGTRAQ: 20000601当地FreeBSD, Openbsd NetBSD, DoS漏洞- Mac OS X的影响参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com参考:报价:622参考:网址:http://www.securityfocus.com/bid/622FreeBSD, NetBSD, OpenBSD允许攻击者造成拒绝服务通过创建大量的套接字对使用socketpair函数,通过setsockopt设置大型缓冲区大小,然后写大的缓冲区。ED_PRI - 2000 - 0489 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0490:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 Netwin Dmail方案参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html参考:报价:1297参考:网址:http://www.securityfocus.com/bid/1297缓冲区溢出的NetWin DSMTP 2.7 q NetWin dmail包允许远程攻击者通过长ETRN请求执行任意命令。ED_PRI - 2000 - 0490 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0491:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000521“gdm”远程洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html参考:SUSE: 20000524安全漏洞在gdm < = 2.0 beta4-25参考:网址:http://www.suse.de/de/support/security/suse_security_announce_49.txt参考:BUGTRAQ: 20000607 Conectiva Linux安全公告——gdm参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html参考:火山口:综援- 2000 - 013.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 013.0.txt参考:报价:1233参考:网址:http://www.securityfocus.com/bid/1233参考:报价:1279参考:网址:http://www.securityfocus.com/bid/1279参考:报价:1370参考:网址:http://www.securityfocus.com/bid/1370缓冲区溢出的XDMCP GNOME gdm的解析代码,KDE kdm, wdm允许远程攻击者执行任意命令或引起拒绝服务通过一个长FORWARD_QUERY请求。ED_PRI - 2000 - 0491 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0492:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609不安全的加密密码v1.2参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0450.html参考:报价:1300参考:网址:http://www.securityfocus.com/bid/1300PassWD 1.2使用弱加密(简单编码)来存储密码,它允许攻击者可以读取密码文件easliy解密密码。ED_PRI - 2000 - 0492 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0493:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:VULN-DEV: 20000601漏洞在SNTS参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html参考:报价:1289参考:网址:http://www.securityfocus.com/bid/1289缓冲区溢出在简单网络时间同步(smt)守护进程允许远程攻击者通过长命令导致拒绝服务。ED_PRI - 2000 - 0493 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0507:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 DST2K0006:拒绝服务可能在实践上邮箱服务器参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2参考:报价:1286参考:网址:http://www.securityfocus.com/bid/1286上邮箱服务器2.5允许远程攻击者通过长直升机造成拒绝服务命令。ED_PRI - 2000 - 0507 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0509:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 DST2K0008:缓冲区溢出水鹿Server 4.3参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95990103207665&w=2参考:报价:1287参考:网址:http://www.securityfocus.com/bid/1287缓冲区溢出在手指和域名查询服务示范脚本水鹿Server 4.3允许远程攻击者执行任意命令通过一个主机名。ED_PRI - 2000 - 0509 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0521:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000605 MDMA咨询# 5:阅读专家网络服务器下的CGI脚本参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html参考:报价:1313参考:网址:http://www.securityfocus.com/bid/1313莎凡特web服务器允许远程攻击者阅读源代码的CGI脚本通过GET请求,不包括HTTP版本号。ED_PRI - 2000 - 0521 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0524:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000604 Microsoft Outlook(表达)错误. .参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0045.html参考:报价:1333参考:网址:http://www.securityfocus.com/bid/1333Microsoft Outlook和Outlook Express允许远程攻击者造成拒绝服务通过发送电子邮件与空白领域如BCC、应答、回传)或。ED_PRI - 2000 - 0524 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0544:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000604匿名SMBwriteX DoS参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0231.html参考:报价:1304参考:网址:http://www.securityfocus.com/bid/1304Windows NT和Windows 2000主机允许远程攻击者通过畸形引起拒绝服务DCE / RPC SMBwriteX请求包含无效的数据长度。ED_PRI - 2000 - 0544 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0551:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000523我想参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html参考:报价:1263参考:网址:http://www.securityfocus.com/bid/1263文件传输机制Danware朋友6.0不提供身份验证,它允许远程攻击者访问和修改任意文件。ED_PRI - 2000 - 0551 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0553:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:未知参考:BUGTRAQ: 20000525安全漏洞IPFilter 3.3.15和3.4.3参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html参考:报价:1308参考:网址:http://www.securityfocus.com/bid/1308早些时候在IPFilter防火墙3.4.3和竞争条件,当配置重叠“return-rst”和“保持状态”规则,允许远程攻击者绕过访问限制。ED_PRI - 2000 - 0553 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0556:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0011: DoS & BufferOverrun CMail v2.4.7邮箱参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html参考:确认:http://www.computalynx.net/万博下载包news/Jun2000/news0806200001.html参考:报价:1319参考:网址:http://www.securityfocus.com/bid/1319缓冲区溢出的web界面Cmail 2.4.7允许远程攻击者造成拒绝服务通过发送大量用户名用户对话框运行在端口8002上。ED_PRI - 2000 - 0556 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0557:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0011: DoS & BufferOverrun CMail v2.4.7邮箱参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html参考:报价:1318参考:网址:http://www.securityfocus.com/bid/1318缓冲区溢出的web界面Cmail 2.4.7允许远程攻击者执行任意命令通过一个GET请求。ED_PRI - 2000 - 0557 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0564:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000529 ICQ Web前端远程DoS攻击漏洞参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0218.html留言板的CGI程序在ICQ Web服务ICQ 2000面前,99 b,和其他允许远程攻击者造成拒绝服务通过一个URL长名称参数。ED_PRI - 2000 - 0564 3投票: