(提案)集群RECENT-25 - 16的候选人

下面的集群包含16个候选人宣布6/19/2000和6/25/2000之间。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0573 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96171893218000&w=2参考:BUGTRAQ: 20000623 WUFTPD 2.6.0远程根利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96179429114160&w=2参考:BUGTRAQ: 20000707发布的新版本的WuFTPD Sploit参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96299933720862&w=2参考:BUGTRAQ: 20000623 ftpd:咨询版本参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com参考:AUSCERT: aa - 2000.02参考:网址:ftp://ftp.auscert.org.au/pub/auscert/advisory/aa - 2000.02参考:CERT: ca - 2000 - 13参考:网址:http://www.cert.org/advisories/ca - 2000 - 13. - html参考:DEBIAN: 20000622 wu-ftp:远程根利用wu-ftp参考:网址:http://www.debian.org/security/2000/20000623参考:火山口:综援- 2000 - 020.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 020.0.txt参考:REDHAT: RHSA-2000:039-02参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 039 - 02. - html参考:BUGTRAQ: 20000723 CONECTIVA LINUX安全公告——WU-FTPD(再发行)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html参考:BUGTRAQ: 20000702[安全]宣布wu-ftpd更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html参考:FREEBSD: FreeBSD-SA-00:29参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1参考:NETBSD: NETBSD - sa2000 - 009参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——010.参考:XF: wuftp-format-string-stack-overwrite参考:报价:1387参考:网址:http://www.securityfocus.com/bid/1387lreply函数在wu-ftpd 2.6.0早些时候不正确清洁一个不可信的格式字符串,它允许远程攻击者通过网站EXEC命令执行任意命令。ED_PRI - 2000 - 0573 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0577:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000621网景FTP服务器——“专业”地狱:>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006211351280.23780 - 100000 @nimue.tpi.pl参考:BUGTRAQ: 20000629 (forw) Re:网景ftp服务器(fwd)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html参考:报价:1411参考:网址:http://www.securityfocus.com/bid/1411参考:XF: netscape-ftpserver-chroot网景专业服务FTP服务器1.3.6允许远程攻击者读取任意文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0577 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0578:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000621可预测性问题IRIX Cron和编译器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html参考:报价:1412参考:网址:http://www.securityfocus.com/bid/1412SGI MIPSPro编译器C, c++, F77和法郎生成临时文件在/ tmp可预测的文件名,这可能允许本地用户恶意内容插入到这些文件被另一个用户编译。ED_PRI - 2000 - 0578 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0579:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000621可预测性问题IRIX Cron和编译器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html参考:报价:1413参考:网址:http://www.securityfocus.com/bid/1413IRIX crontab创建临时文件的umask与可预见的文件名和用户,这可能允许本地用户修改其他用户的crontab文件正在编辑。ED_PRI - 2000 - 0579 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0601:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000625 LeafChat拒绝服务引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsf.4.10.10006252056110.74551 - 100000 @unix.za.net参考:XF: irc-leafchat-dos参考:报价:1396参考:网址:http://www.securityfocus.com/bid/1396LeafChat 1.7 IRC客户机允许远程IRC服务器导致拒绝服务迅速发送大量的错误消息。ED_PRI - 2000 - 0601 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0602:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000621 rh 6.2 - gid妥协,等参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006211209500.22969 - 100000 @nimue.tpi.pl参考:XF: redhat-secure-locate-path参考:报价:1385参考:网址:http://www.securityfocus.com/bid/1385安全定位(slocate)在Red Hat Linux允许本地用户获得特权通过畸形LOCATE_PATH环境变量中指定的配置文件。ED_PRI - 2000 - 0602 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0604:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:CF参考:BUGTRAQ: 20000621 rh 6.2 - gid妥协,等参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006211209500.22969 - 100000 @nimue.tpi.pl参考:报价:1383参考:网址:http://www.securityfocus.com/bid/1383参考:XF: redhat-gkermit gkermit在Red Hat Linux安装setgid uucp不当,它允许本地用户属于uucp修改文件。ED_PRI - 2000 - 0604 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0606:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000619问题“kon2”方案参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006192340340.19998 - 100000 @ferret.lmh.ox.ac.uk参考:XF: linux-kon-bo参考:报价:1371参考:网址:http://www.securityfocus.com/bid/1371缓冲区溢出在今敏在汉字程序控制台(今敏)包在Linux可能允许本地用户通过长-StartupMessage参数获得根权限。ED_PRI - 2000 - 0606 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0607:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000619问题“kon2”方案参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006192340340.19998 - 100000 @ferret.lmh.ox.ac.uk参考:XF: linux-kon-bo参考:报价:1371参考:网址:http://www.securityfocus.com/bid/1371缓冲区溢出的盛名在汉字程序控制台(今敏)包在Linux上可能会允许本地用户root特权通过一个输入文件包含长CHARSET_REGISTRY或CHARSET_ENCODING设置。ED_PRI - 2000 - 0607 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0608:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000620 NetWin dMailWeb拒绝服务引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=4.1.20000621113334.00996820@qlink.queensu.ca参考:报价:1376参考:网址:http://www.securityfocus.com/bid/1376参考:XF: dmailweb-long-pophost-dos NetWin dMailWeb和cwMail 2.6我之前,允许远程攻击者通过长期流行导致拒绝服务参数(pophost)。ED_PRI - 2000 - 0608 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0609:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000620 NetWin dMailWeb拒绝服务引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=4.1.20000621113334.00996820@qlink.queensu.ca参考:XF: dmailweb-long-username-dos参考:报价:1376参考:网址:http://www.securityfocus.com/bid/1376NetWin dMailWeb cwMail 2.6 g和早些时候允许远程攻击者造成拒绝服务通过很长的用户名参数。ED_PRI - 2000 - 0609 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0610:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000623 NetWin dMailWeb无限制的邮件传递引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000623203007.00944760@qlink.queensu.ca参考:报价:1390参考:网址:http://www.securityfocus.com/bid/1390NetWin dMailWeb cwMail 2.6 g和早些时候允许远程攻击者绕过身份验证,并使用服务器进行邮件中继通过用户名包含一个回车。ED_PRI - 2000 - 0610 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0611:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:CF参考:BUGTRAQ: 20000623 NetWin dMailWeb无限制的邮件传递引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html参考:报价:1391参考:网址:http://www.securityfocus.com/bid/1391的默认配置NetWin dMailWeb和cwMail信托所有流行的服务器,它允许攻击者绕过正常的认证和导致拒绝服务。ED_PRI - 2000 - 0611 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0617:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000622生殖卫生图书馆6.2 xconq包-溢出收益gid游戏参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0222.html缓冲区溢出xconq和cconq游戏项目在Red Hat Linux允许本地用户通过长期获得更多特权用户环境变量。ED_PRI - 2000 - 0617 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0618:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000622生殖卫生图书馆6.2 xconq包-溢出收益gid游戏参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0222.html缓冲区溢出xconq和cconq游戏项目在Red Hat Linux允许本地用户获得更多特权通过长显示环境变量。ED_PRI - 2000 - 0618 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0620:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:报价:1409参考:网址:http://www.securityfocus.com/bid/1409libX11 X库允许远程攻击者通过资源导致拒绝服务的面具0,这导致libX11进入一个无限循环。ED_PRI - 2000 - 0620 3投票: