(提案)集群RECENT-24 - 31的候选人

下面的集群包含31个候选人宣布6/14/2000和6/22/2000之间。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0466 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000620 Category: SF Reference: ISS:20000620 Insecure call of external program in AIX cdmount Reference: URL:http://xforce.iss.net/alerts/advise55.php参考:报价:1384参考:网址:http://www.securityfocus.com/bid/1384AIX cdmount允许本地用户获得根权限通过shell元字符。ED_PRI - 2000 - 0466 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0475:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:女士:ms00 - 020参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 020. - asp参考:报价:1350参考:网址:http://www.securityfocus.com/bid/1350Windows 2000允许本地用户进程访问其他用户的桌面在同一个Windows站,又名“桌面分离”的弱点。ED_PRI - 2000 - 0475 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0483:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000615 (Brian@digicool.com: Zope Zope安全警报和2.1.7更新[*重要*]]参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html参考:确认:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert参考:REDHAT: RHSA-2000:038-01参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2350参考:BUGTRAQ: 2000615 Conectiva Linux安全公告——ZOPE参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br参考:报价:1354参考:网址:http://www.securityfocus.com/bid/1354DocumentTemplate Zope包允许远程攻击者修改DTMLDocuments或擅自DTMLMethods。ED_PRI - 2000 - 0483 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0485:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:女士:ms00 - 041参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 041. - asp参考:报价:1292参考:网址:http://www.securityfocus.com/bid/1292Microsoft SQL Server允许本地用户获取数据库密码通过数据转换服务(DTS)包属性对话框,又名“DTS密码”的弱点。ED_PRI - 2000 - 0485 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0533:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:SGI: 20000601 - 01 - p参考:网址:ftp://sgigate.sgi.com/security/20000601-01-P参考:报价:1379参考:网址:http://www.securityfocus.com/bid/1379脆弱性在SGI cvconnect IRIX车间允许本地用户覆盖任意文件。ED_PRI - 2000 - 0533 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0539:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:阿莱尔:asb00 - 015参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full参考:报价:1386参考:网址:http://www.securityfocus.com/bid/1386Servlet示例阿莱尔JRun 2.3。x允许远程攻击者获取敏感信息,例如通过SessionServlet清单HttpSession ID的servlet。ED_PRI - 2000 - 0539 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0540:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:阿莱尔:asb00 - 015参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full参考:报价:1386参考:网址:http://www.securityfocus.com/bid/1386JSP示例文件在阿莱尔JRun 2.3。x允许远程攻击者访问任意文件(如通过viewsource.jsp)或获得配置信息。ED_PRI - 2000 - 0540 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0469:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000613 CGI:赛琳娜溶胶的WebBanner(随机横幅生成器)脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl参考:BUGTRAQ: 20000620 Re: CGI:赛琳娜溶胶的WebBanner(随机横幅生成器)脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net参考:报价:1347参考:网址:http://www.securityfocus.com/bid/1347赛琳娜索尔WebBanner 4.0允许远程攻击者读取任意文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0469 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0477:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614漏洞在诺顿杀毒软件供交流参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html参考:报价:1351参考:网址:http://www.securityfocus.com/bid/1351缓冲区溢出的诺顿杀毒软件交换(NavExchange)允许远程攻击者造成拒绝服务通过一个. zip文件,其中包含长文件名。ED_PRI - 2000 - 0477 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0478:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614漏洞在诺顿杀毒软件供交流参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html参考:报价:1351参考:网址:http://www.securityfocus.com/bid/1351在某些情况下,诺顿杀毒交换(NavExchange)进入“应急开放”状态病毒可以通过服务器。ED_PRI - 2000 - 0478 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0510:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620杯DoS bug参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch参考:报价:1373参考:网址:http://www.securityfocus.com/bid/1373杯(常见Unix打印系统)1.04和更早的允许远程攻击者通过IPP畸形引起拒绝服务请求。ED_PRI - 2000 - 0510 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0511:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620杯DoS bug参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch参考:报价:1373参考:网址:http://www.securityfocus.com/bid/1373杯(常见Unix打印系统)1.04和更早的允许远程攻击者造成拒绝服务通过一个CGI POST请求。ED_PRI - 2000 - 0511 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0512:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620杯DoS bug参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch参考:报价:1373参考:网址:http://www.securityfocus.com/bid/1373杯(常见的Unix印刷系统)1.04和更早的不适当的删除请求文件,它允许远程攻击者造成拒绝服务。ED_PRI - 2000 - 0512 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0513:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620杯DoS bug参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch参考:报价:1373参考:网址:http://www.securityfocus.com/bid/1373杯(常见Unix打印系统)1.04和更早的允许远程攻击者造成拒绝服务进行身份验证的用户名不存在或密码没有影子。ED_PRI - 2000 - 0513 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0514:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614安全顾问:远程根脆弱GSSFTP守护进程参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu参考:确认:http://web.mit.edu/kerberos/www/advisories/ftp.txt参考:报价:1374参考:网址:http://www.securityfocus.com/bid/1374在Kerberos 5 1.1 GSSFTP FTP守护进程。x不适当限制一些FTP命令,远程攻击者可以导致拒绝服务,和本地用户获得根权限。ED_PRI - 2000 - 0514 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0528:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000619净工具PKI服务器利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html参考:确认:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt参考:报价:1364参考:网址:http://www.securityfocus.com/bid/1364网络工具PKI服务器不适当限制访问远程攻击者当XUDA模板文件不包含其他文件的绝对路径名。ED_PRI - 2000 - 0528 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0529:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000619净工具PKI服务器利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html参考:确认:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt参考:报价:1363参考:网址:http://www.securityfocus.com/bid/1363净工具PKI服务器允许远程攻击者造成拒绝服务通过一个HTTP请求。ED_PRI - 2000 - 0529 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0562:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620我回冰集团网络脆弱性对孔1.2参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html我2.1和更早的后卫,我不管Pro 2.0.23早些时候,不适当的块回口交通安全设置时紧张或更低。ED_PRI - 2000 - 0562 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0471:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614漏洞在Solaris ufsrestore参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html参考:报价:1348参考:网址:http://www.securityfocus.com/bid/1348缓冲区溢出在Solaris ufsrestore早8和允许本地用户获得根权限通过长路径名。ED_PRI - 2000 - 0471 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0473:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 19991231本地/远程缓冲区溢出漏洞在AnalogX SimpleServer: WWW HTTP服务器v1.1参考:MISC:http://www.analogx.com/contents/download/network/sswww.htm参考:报价:1349参考:网址:http://www.securityfocus.com/bid/1349缓冲区溢出在AnalogX SimpleServer 1.05允许远程攻击者造成拒绝服务长期以来通过GET请求程序目录的目录。ED_PRI - 2000 - 0473 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0479:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000616倍数遥控器DoS攻击龙服务器v1.00和v2.00参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2参考:报价:1352参考:网址:http://www.securityfocus.com/bid/1352龙FTP服务器允许远程攻击者造成拒绝服务通过用户命令。ED_PRI - 2000 - 0479 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0480:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000616倍数遥控器DoS攻击龙服务器v1.00和v2.00参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2参考:报价:1352参考:网址:http://www.securityfocus.com/bid/1352龙telnet服务器允许远程攻击者造成拒绝服务通过用户名。ED_PRI - 2000 - 0480 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0484:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000616远程DoS攻击小HTTP服务器版本。1.212脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2参考:NTBUGTRAQ: 20000616远程DoS攻击小HTTP服务器版本。1.212脆弱性参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2参考:报价:1355参考:网址:http://www.securityfocus.com/bid/1355缓冲区溢出的小型HTTP服务器允许远程攻击者造成拒绝服务通过GET请求。ED_PRI - 2000 - 0484 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0494:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000616 Veritas卷管理器3.0。x洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html参考:报价:1356参考:网址:http://www.securityfocus.com/bid/1356Veritas卷管理器创建一个人人可写的.server_pids文件,它允许本地用户任意命令添加到这个文件,然后由vmsa_server执行脚本。ED_PRI - 2000 - 0494 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0500:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:CF参考:BUGTRAQ: 20000621 BEA WebLogic /文件/ showcode脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2参考:报价:1378参考:网址:http://www.securityfocus.com/bid/1378BEA WebLogic 5.1.0的默认配置,远程攻击者可以查看源代码的程序通过请求URL /文件/开始,导致默认servlet显示文件没有进一步处理。ED_PRI - 2000 - 0500 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0501:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000616 mdaemon 2.8.5.0 WinNT和都远程DoS参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html参考:报价:1366参考:网址:http://www.securityfocus.com/bid/1366竞争条件在MDaemon 2.8.5.0 POP服务器允许本地用户造成拒绝服务通过输入UIDL命令并迅速退出服务器。ED_PRI - 2000 - 0501 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0504:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000619 XFree86: libICE DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html参考:报价:1369参考:网址:http://www.securityfocus.com/bid/1369libICE XFree86允许远程攻击者造成拒绝服务通过指定一个较大的值不正确检查SKIP_STRING宏。ED_PRI - 2000 - 0504 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0531:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620 gpm引用错误:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10006201453090.1812 - 200000 @apollo.aci.com.pl参考:报价:1377参考:网址:http://www.securityfocus.com/bid/1377Linux中gpm程序允许本地用户因洪水导致拒绝服务/dev/gpmctl设备与流套接字。ED_PRI - 2000 - 0531 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0541:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000617 Infosec.20000617.panda。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html参考:报价:1359参考:网址:http://www.securityfocus.com/bid/1359在端口2001上熊猫卫士控制台允许本地用户通过CMD命令执行任意命令没有认证。ED_PRI - 2000 - 0541 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0543:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614远程DoS攻击网络伙伴PGP证书服务器版本2.5脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0107.html参考:报价:1343参考:网址:http://www.securityfocus.com/bid/1343PGP证书服务器的命令端口2.5.0 2.5.1允许远程攻击者造成拒绝服务如果他们的主机名没有反向DNS条目,它们连接到端口4000。ED_PRI - 2000 - 0543 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0561:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620 DST2K0018:多个BufferOverruns WebBBS HTTP服务器v1.15参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html参考:报价:1365参考:网址:http://www.securityfocus.com/bid/1365缓冲区溢出WebBBS 1.15允许远程攻击者执行任意命令通过一个HTTP GET请求。ED_PRI - 2000 - 0561 3投票: