[建议]群集最近36-15名候选人

[：“史蒂文·克里斯蒂” <coley@linus.mitre.org>]

The following cluster contains 15 candidates that were announced between July 25 and August 31, 2000. Note that the voting web site will not be updated with this cluster until late tonight. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0812 URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0812Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20000926 Category: SF/CF/MP/SA/AN/unknown Reference: SUN:00197 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype = coll&doc=secbull/197&type=0&nav=sec.sba参考：杂项：http://www.securityfocus.com/templates/advisory.html?id=2542Sun Java Web服务器中的管理模块允许远程攻击者通过将Java代码上传到模块来执行任意命令，并调用com.sun.server.server.http.pagecompile.jsp92.jspservlet，通过请求以a / servlet / tag / tag / tag / tag / tag / tag / tag / tag / tag / tag。分析------------------- ED_PRI CAN-2000-0812 1供应商确认：未知抽象：这似乎与CAN-2000-0629相同。但是，根据Casper Dik的说法，CAN-2000-0629与示例代码有关，但这与管理服务器本身中的错误有关。因此，这应该与CAN-2000-0629分开。投票部分---------------可能的投票：接受/修改/noop/recepting/recast/拒绝如果接受或修改，包括接受理由：逐个验证的逐日验证，已确认 -供供应商，逐个验证的 - 信任，独立于肯定或提供其他原因。投票：accept_reason：评论：==========================================================候选：CAN-2000-0824 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0824Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:19990917 A few bugs... Reference: URL:http://archives.neoashes.com/archives/bugtraq/0992.html参考：bugtraq：20000831 glibc unsetenv bug参考：URL：http://www.securityfocus.com/archive/1/79537参考：火山口：CSSA-2000-028.0参考：URL：http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt参考：Debian：20000902 GLIBC：本地根源利用参考：URL：http://www.debian.org/security/2000/20000902Reference: MANDRAKE:MDKSA-2000:040 Reference: URL:http://www.linux-mandrake.com/en/updates/mdksa-2000-040.php3参考：Mandrake：MDKSA-2000：045参考：URL：http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3参考：RedHat：RHSA-2000：057-04参考：URL：http://www.redhat.com/support/errata/rhsa-2000-057-04.html参考：Turbo：TLSA2000020-1参考：URL：http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html参考：SUSE：20000924 GLIBC环境安全问题参考：URL：http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txtReference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc Reference: URL:http://archives.neoashes.com/archives/bugtraq/2000-08/0436.html参考：Bugtraq：20000905 Conectiva Linux安全公告 -  GLIBC参考：URL：http://archives.neoashes.com/archives/bugtraq/2000-08/0509.html参考：Bugtraq：20000906 [Slackware-Security]：GLIBC 2.1.3漏洞修补了参考：URL：http://archives.neoashes.com/archives/bugtraq/2000-08/0525.htmlReference: BID:648 Reference: URL:http://www.securityfocus.com/bid/648参考：出价：1639参考：URL：http://www.securityfocus.com/bid/1639如果将变量提供给程序两次，则GLIBC 2.1.1中的UNSETENV函数无法正确拆除环境变量，该变量可以允许本地用户在SetUID程序中执行任意命令，从而通过指定自己的重复环境变量（例如LD_PRELOAD或LD_LIBRAD或LD_LIBRARY_PATH）。分析-------------------------------------------------2000-0824 1供应商确认：是抽象：最初在1999年9月发现此问题，但直到9月才完全注意到并解决了问题2000年。投票部分---------------可能的投票：ACCEPT/MODIFY/NOOP/NOOP/REVIST/RECAST/拒绝如果接受或修改，包括接受理由：逐个验证，逐日验证，公认的供应商，逐个验证的 - 信任，独立于肯定或提供其他原因。投票：accept_reason：评论：=========================================================候选：CAN-2000-0862 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-2000-0862最终决定：临时决定：修改：提议：20001018分配：20001018类别：参考：Allaire：ASB00-23参考：URL：URL：http://archives.neoashes.com/archives/archives/vendor/2000-q3/0059.htmlAllaire Spectra 1.0.1的管理接口实用程序中的漏洞允许远程攻击者读取和修改敏感配置信息。Analysis ---------------- ED_PRI CAN-2000-0862 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/noop/审查/重铸/拒绝如果接受或修改，请包括接受理由：逐个验证，由供应商确认，通过供应商，通过验证的by-someone-i-trust，has-has-has-has-has-tepentent condecondentent-Condrust或提供确认或提供其他原因。投票：accept_reason：评论：==========================================================候选：CAN-2000-0864 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-200000-0864最终决定：临时决定：修改：提议：20001018分配：20001018类别：参考：FreeBSD：FreeBSD-SA-00：45参考：URL：URL：http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html参考：Bugtraq：20000911 ESOUND-0.2.19补丁参考：URL：http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html参考：Mandrake：MDKSA-2000：051参考：URL：http://archives.neoashes.com/archives/bugtraq/2000-09/0328.htm参考：出价：1659参考：URL：http://www.securityfocus.com/bid/1659参考：RedHat：RHSA-2000：077-03种族条件在创建Gnome ESOUND 0.2.19及以前的Unix域插座的情况下，允许本地用户更改任意文件和目录的权限，并通过A获得额外的特权，并通过A获得额外的特权。符号攻击。Analysis ---------------- ED_PRI CAN-2000-0864 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/修改/noop/审查/重新播放/拒绝如果接受或修改，请包括接受理由：逐个验证，逐个供应商，通过供应商确认，逐个验证，bysome-trust，has-hos-has-has-has-has-hos-tepentent-nependent-nependent-nependent-Condentent或提供其他原因。投票：accept_reason：评论：==========================================================候选：CAN-2000-0804 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-2000-0804最终决定：临时决定：修改：提议：20001018分配：20000925类别：SF/CF/CF/MP/MP/SA/AN/UNKNOWER参考：确认：http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection检查点VPN-1/FireWall-1 4.1及更早的检查员允许远程攻击者通过碎片的TCP连接请求绕过方向性检查或重新打开封闭的TCP连接请求，即“单向连接执行执行”。分析----------------------------------------------------------- 2000-0804 2供应商确认：是的咨询包含：在检查点的咨询中，他们说“方向性检查是另一个安全层，VPN-1/FireWall-1增加了这些协议。绕过此检查本身并不是安全风险的攻击，但是否则，此检查将实质上最大程度地减少[其他漏洞]的影响。”因此，这比固有的漏洞或暴露范围更像是错误修复（或设计改进）？是否有可比较的产品有这种问题？一个普遍的问题是：如果某事是“最先进的”，但是在该最新的问题中发现了限制，那是脆弱性，暴露于还是没有？这种功能是最先进的吗？如果该技术不再成为“最先进的”  - 那么它会成为CVE中包含的“值得”怎么办？类似的候选人是CAN-1999-0598至CAN-1999-0602，其中描述了Ptacek和Newsham发现和宣传的入侵检测系统中的基本问题。万博下载包还考虑CAN-2000-0093，其中Red Hat Linux将使用“相对较弱”的DES加密而不是MD5。 Problems related to weak encryption are covered by CD:DESIGN-WEAK-ENCRYPTION. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0805 URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-2000-0805最终决定：临时决定：修改：提议：20001018分配：20000925类别：SF/CF/CF/MP/MP/SA/AN/UNKNOWER参考：确认：http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of检查点VPN-1/FireWall-1 4.1和更早的不适当重新反复重新封装的FWS数据包，即使它们不是来自有效的FWZ客户端，也就是“又称“重新封装数据包”的重新传播”。分析------------------------------------------------2000-0805 3供应商确认：未知包含：检查点咨询说：用于促进攻击。”换句话说，这是一个暴露，因此应包括在CVE中。投票部分---------------可能的投票：接受/修改/noop/recepting/recast/拒绝如果接受或修改，包括接受理由：逐个验证的逐日验证，已确认 -供供应商，逐个验证的 - 信任，独立于肯定或提供其他原因。投票：accept_reason：评论：==========================================================候选：CAN-2000-0806 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-2000-0806最终决定：临时决定：修改：提议：20001018分配：20000925类别：SF/CF/CF/MP/MP/SA/AN/UNKNOWER参考：确认：http://www.checkpoint.com/techsupport/alerts/list_vun.html#inter-module_communicationsThe inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass." Analysis ---------------- ED_PRI CAN-2000-0806 3 Vendor Acknowledgement: unknown INCLUSION: The Check Point advisory states that "This allowed theoretical denial of service attacks" and "There is no known risk to customers because of this issue." Its solution is apparently to "strengthen" their authentication mechanism. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0807 URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-2000-0807最终决定：临时决定：修改：提议：20001018分配：20000925类别：SF/CF/CF/MP/MP/SA/AN/UNKNOWER参考：确认：http://www.checkpoint.com/techsupport/alerts/list_vun.html#opsec_authenticationThe OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability." Analysis ---------------- ED_PRI CAN-2000-0807 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0808 URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-2000-0808最终决定：临时决定：修改：提议：20001018分配：20000925类别：SF/CF/CF/MP/MP/SA/AN/UNKNOWER参考：确认：http://www.checkpoint.com/techsupport/alerts/list_vun.html#one time_password检查点VPN-1/FireWall-1 4.1和更早的远程攻击者在检查点VPN-1/Firewall-1 4.1中的Mecahnism中的种子生成Mecahnism允许远程攻击者通过蛮力攻击绕过身份验证验证。”分析------------------------------------------------------2000-0808 3供应商确认：未知的咨询对问题的原因或该机制的“蛮力”的真正方式含糊不清。一个问题在于生成种子的指标如下：“新服务包中已经加强了S/关键种子生成机制。”投票部分---------------可能的投票：接受/修改/noop/recepting/recast/拒绝如果接受或修改，包括接受理由：逐个验证的逐日验证，已确认 -供供应商，逐个验证的 - 信任，独立于肯定或提供其他原因。投票：accept_reason：评论：==========================================================候选：CAN-2000-0809 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-2000-0809最终决定：临时决定：修改：提议：20001018分配：20000925类别：SF/CF/CF/MP/MP/SA/AN/UNKNOWER参考：确认：http://www.checkpoint.com/techsupport/alerts/list_vun.html#getkey_buffer在检查点VPN-1/FireWall-1 4.1及更早的“ getKey”中的getKey中的缓冲区溢出允许远程攻击者造成服务拒绝。Analysis ---------------- ED_PRI CAN-2000-0809 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/noop/审查/重铸/拒绝如果接受或修改，请包括接受理由：逐个验证，由供应商确认，通过供应商，通过验证的by-someone-i-trust，has-has-has-has-has-tepentent condecondentent-Condrust或提供确认或提供其他原因。投票：accept_reason：评论：==========================================================候选：CAN-2000-0813 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0813最终决定：临时决定：修改：提议：20001018分配：20000926类别：SF/CF/CF/MP/MP/SA/AN/UNKNOWER参考：确认：http://www.checkpoint.com/techsupport/alerts/list_vun.html#ftp_connectionCheck Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass." Analysis ---------------- ED_PRI CAN-2000-0813 3 Vendor Acknowledgement: unknown INCLUSION: This looks like it might be the same as CVE-2000-0150, however CVE-2000-0150 was announced on February 9. At the very least, the issues are closely related. CVE-2000-0150 was related to hiding PASV commands, whereas this one (a way of doing an FTP Bounce) is done with the PORT command. Seeftp://ftp.cert.org/pub/tech_tips/ftp_port_attacks有关FTP反弹攻击的描述。投票部分---------------可能的投票：接受/修改/noop/recepting/recast/拒绝如果接受或修改，包括接受理由：逐个验证的逐日验证，已确认 -供供应商，逐个验证的 - 信任，独立于肯定或提供其他原因。投票：accept_reason：评论：==========================================================候选：CAN-2000-0825 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0825Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: WIN2KSEC:20000817 Imail Web Service Remote DoS Attack v.2 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html参考：杂项：http://www.ipswitch.com/support/patches-upgrades.html#imailIpswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash. Analysis ---------------- ED_PRI CAN-2000-0825 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0832 URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0832最终决定：临时决定：修改：提议：20001018分配：20001015类别：SF参考：BUGTRAQ：20000817 HTGREP CGI CGI CGI任意文件查看脆弱性参考：URL：url：url：http://archives.neoapsis.com/archives/bugtraq/2000-08/0208.htmlHTGREP CGI程序允许远程攻击者通过指定HDR参数中的完整路径名来读取任意文件。Analysis ---------------- ED_PRI CAN-2000-0832 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/noop/审查/重铸/拒绝如果接受或修改，请包括接受理由：通过我的org验证，通过供应商确认，通过验证，逐个验证，独立于肯定或提供其他确认或提供其他原因。投票：accept_reason：评论：=========================================================候选：CAN-2000-0837 URL：http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0837Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability. Reference: URL:http://www.securityfocus.com/archive/1/73843参考：出价：1543参考：URL：http://www.securityfocus.com/bid/1543参考：XF：servu-null-character-dos参考：URL：http://xforce.iss.net/static/5029.phpFTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. Analysis ---------------- ED_PRI CAN-2000-0837 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0846 URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name = Can-2000-0846Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem Reference: URL:http://archives.neoashes.com/archives/bugtraq/2000-08/0256.html参考：出价：1598参考：URL：http://www.securityfocus.com/bid/1598参考：XF：darxite-login-bo参考：URL：http://xforce.iss.net/static/5134.phpDarxite 0.4和更早的缓冲区溢出允许远程攻击者通过长的用户名或密码执行任意命令。Analysis ---------------- ED_PRI CAN-2000-0846 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/noop/审查/重铸/拒绝如果接受或修改，请包括接受理由：通过我的org验证，通过供应商确认，通过验证，逐个验证，独立于肯定或提供其他确认或提供其他原因。投票：accept_reason：评论：