(提案)集群RECENT-27 - 15的候选人

下面的集群包含15个候选人宣布7/1/2000和7/18/2000之间(但除了可以- 2000 - 0567 7/11)或之前公布。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0566 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000712 Category: SF Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis Reference: REDHAT:RHSA-2000:041-02 Reference: BID:1434 Reference: CALDERA:CSSA-2000-021.0 Reference: BUGTRAQ:20000707 [Security Announce] man update makewhatis in Linux man package allows local users to overwrite files via a symlink attack. ED_PRI CAN-2000-0566 1 VOTE: ================================= Candidate: CAN-2000-0567 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MS:MS00-043 Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients Reference: BID:1481 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1481缓冲区溢出在Microsoft Outlook和Outlook Express允许远程攻击者执行任意命令通过一个长日期字段在一封电子邮件头,又名“畸形的电子邮件头”的弱点。ED_PRI - 2000 - 0567 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0584:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html参考:DEBIAN: 20000701美人蕉服务器:缓冲区溢出参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q2/0062.html参考:FREEBSD: FreeBSD-SA-00:31参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1参考:报价:1445参考:网址:http://www.securityfocus.com/bid/1445缓冲区溢出在美人蕉输入系统允许远程攻击者执行任意命令通过一个SR_INIT命令具有悠久的用户名或组名称。ED_PRI - 2000 - 0584 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0594:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:VULN-DEV: 20000704 BitchX /忽略错误引用:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html参考:BUGTRAQ: 20000704 BitchX利用可能即将发生,某些DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html参考:REDHAT: RHSA-2000:042-01引用:引用URL:: FREEBSD: FreeBSD-SA-00:32参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html参考:火山口:综援- 2000 - 022.0参考:URL:参考:BUGTRAQ: 20000707 BitchX更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html参考:BUGTRAQ: 20000707 CONECTIVA LINUX安全公告——BitchX参考:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html参考:报价:1436参考:网址:http://www.securityfocus.com/bid/1436BitchX IRC客户端不正确清洁一个不可信的格式字符串,它允许远程攻击者导致拒绝服务通过一个邀请一个通道的名字包括特殊格式化字符。ED_PRI - 2000 - 0594 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0595:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:FREEBSD: FreeBSD-SA-00:24参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html参考:报价:1437参考:网址:http://www.securityfocus.com/bid/1437libedit搜索.editrc文件在当前目录,而不是用户的主目录,这可能允许本地用户执行任意命令通过安装一个修改.editrc在另一个目录。ED_PRI - 2000 - 0595 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0603:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:女士:ms00 - 048参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 048. - asp参考:报价:1444参考:网址:http://www.securityfocus.com/bid/1444Microsoft SQL Server 7.0允许本地用户绕过权限存储过程通过引用通过一个临时存储过程,又名“存储过程权限”的弱点。ED_PRI - 2000 - 0603 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0613:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000320焦油DMZ拒绝服务- TCP重置参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net参考:思科:20000711思科安全PIX防火墙TCP重置脆弱性参考:网址:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml参考:报价:1454参考:网址:http://www.securityfocus.com/bid/1454思科安全PIX防火墙不正确识别伪造TCP重置(RST)数据包,它允许远程攻击者强迫合法连接防火墙关闭。ED_PRI - 2000 - 0613 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0614:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:SUSE: 20000710安全漏洞在tnef < 0 - 124参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q3/0002.html参考:报价:1450参考:网址:http://www.securityfocus.com/bid/1450Tnef程序在Linux系统允许远程攻击者通过Tnef覆盖任意文件编码压缩附件为解压缩输出指定绝对路径名。ED_PRI - 2000 - 0614 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0591:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000705 Novell BorderManager 3.0 EE - URL编码规则绕过参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0075.html参考:报价:1432参考:网址:http://www.securityfocus.com/bid/1432Novell BorderManager 3.0和3.5允许远程攻击者绕过URL编码字符的过滤请求的URL。ED_PRI - 2000 - 0591 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0571:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000703远程DoS攻击LocalWEB HTTP服务器1.2.0脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com参考:报价:1423参考:网址:http://www.securityfocus.com/bid/1423LocalWEB HTTP服务器1.2.0允许远程攻击者造成拒绝服务通过一个GET请求。ED_PRI - 2000 - 0571 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0572:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000704恢复密码可见系统的剃刀参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=613309F30B6DD2118C020000F809376C05CABD49@emss03m09.orl.lmco.com参考:报价:1424参考:网址:http://www.securityfocus.com/bid/1424剃刀配置管理工具使用弱密码文件加密,它允许本地用户获得特权。ED_PRI - 2000 - 0572 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0574:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000705 proftp咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html参考:BUGTRAQ: 20000706 ftpd和setproctitle()参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html参考:CERT: ca - 2000 - 13参考:网址:http://www.cert.org/advisories/ca - 2000 - 13. - html参考:BUGTRAQ: 20000710 opieftpd setproctitle()补丁参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html参考:NETBSD: NETBSD - sa2000 - 009参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——009.参考:报价:1425参考:网址:http://www.securityfocus.com/bid/1425参考:报价:1438参考:网址:http://www.securityfocus.com/bid/1438FTP服务器如OpenBSD ftpd, NetBSD ftpd, ProFTPd和Opieftpd不正确清洁不可信的格式字符串,用于setproctitle函数(有时称为set_proc_title),它允许远程攻击者造成拒绝服务或执行任意命令。ED_PRI - 2000 - 0574 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0576:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000704 Oracle Web侦听器AIX DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html参考:报价:1427参考:网址:http://www.securityfocus.com/bid/1427Oracle Web侦听器的AIX版本4.0.7.0.0和4.0.8.1.0允许远程攻击者通过畸形引起拒绝服务的URL。ED_PRI - 2000 - 0576 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0590:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000706脆弱性Poll_It cgi v2.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html参考:报价:1431参考:网址:http://www.securityfocus.com/bid/1431调查它2.0 CGI脚本允许远程攻击者读取任意文件指定文件名的data_dir参数。ED_PRI - 2000 - 0590 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0605:最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:未知参考:NTBUGTRAQ: 20000710两个问题:黑板CourseInfo 4.0商店管理员密码以明文;奇怪的设置winreg键。参考网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=NTBUGTRAQ&P=R1647参考:报价:1460参考:网址:http://www.securityfocus.com/bid/1460黑板CourseInfo 4.0存储本地和SQL管理员用户名和密码的明文的注册表键访问控制允许用户访问密码。ED_PRI - 2000 - 0605 3投票: