{"id":3370,"date":"2017-06-23T19:44:48","date_gmt":"2017-06-23T11:44:48","guid":{"rendered":"https:\/\/ixyzero.com\/blog\/?p=3370"},"modified":"2017-07-15T10:36:16","modified_gmt":"2017-07-15T02:36:16","slug":"%e7%90%86%e8%a7%a3redhat%e7%9a%84%e6%bc%8f%e6%b4%9e%e8%af%84%e5%88%86%e5%92%8cnvd%e7%9a%84%e5%b7%ae%e5%bc%82","status":"publish","type":"post","link":"https:\/\/ixyzero.com\/blog\/archives\/3370.html","title":{"rendered":"\u7406\u89e3RedHat\u7684\u6f0f\u6d1e\u8bc4\u5206\u548cNVD\u7684\u5dee\u5f02"},"content":{"rendered":"

=Start=<\/p>\n

\u7f18\u7531\uff1a<\/h4>\n

NVD\u548cRedHat\u5bf9 CVE-2017-8890<\/a> \u6f0f\u6d1e\u7684\u8bc4\u5206\u5dee\u5f02\uff1a<\/p>\n

NVD<\/a>\u7ed9\u51fa\u7684 Base Score<\/code> \u4e3a 9.8\uff0c Vector String<\/code> \u4e3a\uff1a
\nCVSS:3.0\/AV:N<\/strong><\/span>\/AC:L\/PR:N\/UI:N\/S:U\/C:H<\/span><\/strong>\/I:H<\/span><\/strong>\/A:H (legend)<\/p>\n

RedHat<\/a>\u7ed9\u51fa\u7684 Base Score<\/code> \u4e3a 5.5\uff0c Vector String<\/code> \u4e3a\uff1a
\nCVSS:3.0\/AV:L<\/span><\/strong>\/AC:L\/PR:L\/UI:N\/S:U\/C:N<\/span><\/strong>\/I:N<\/span><\/strong>\/A:H<\/p>\n

\u6b63\u6587\uff1a<\/h4>\n
\u53c2\u8003\u89e3\u7b54\uff1a<\/h5>\n

\u300cRedHat\u4ea7\u54c1\u98ce\u9669\u8bc4\u5206\u300d\u548c\u300c\u5e38\u89c1\u7684\u6f0f\u6d1e\u8bc4\u5206\u7cfb\u7edf(CVSS)\u300d\u7684\u57fa\u7840\u5f97\u5206\u63d0\u4f9b\u4e86\u4e00\u4e2a\u4f18\u5148\u7ea7\u98ce\u9669\u8bc4\u4f30\uff0c\u4ee5\u5e2e\u52a9\u60a8\u4e86\u89e3\u548c\u5b89\u6392\u7cfb\u7edf\u5347\u7ea7\uff0c\u4f7f\u60a8\u80fd\u591f\u6839\u636e\u60a8\u7684\u72ec\u7279\u73af\u5883\u5bf9\u6bcf\u4e2a\u95ee\u9898\u7684\u98ce\u9669\u4f5c\u51fa\u660e\u667a\u7684\u51b3\u7b56\u3002<\/p>\n

\n\n\n\n<\/colgroup>\n\n\n\n\n\n\n\n
\n
SEVERITY RATING<\/div>\n<\/th>\n
\n
DESCRIPTION<\/div>\n<\/th>\n<\/tr>\n<\/thead>\n
CRITICAL IMPACT<\/p>\n

(\u4e25\u91cd)<\/th>\n

\u8fd9\u4e00\u8bc4\u7ea7\u662f\u7531\u8fdc\u7a0b<\/strong><\/span>\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1<\/strong><\/span>\u7684\u653b\u51fb\u8005\u5bb9\u6613\u5229\u7528<\/strong><\/span>\u7684\u7f3a\u9677\u5f15\u8d77\u7684\uff0c\u53ef\u5bfc\u81f4\u7cfb\u7edf\u5728\u4e0d\u9700\u8981\u7528\u6237\u4ea4\u4e92\u7684\u60c5\u51b5\u4e0b\u88ab\u653b\u9677\uff08\u4efb\u610f\u4ee3\u7801\u6267\u884c\uff09\u3002\u8fd9\u4e9b\u662f\u53ef\u4ee5\u88ab\u8815\u866b\u5229\u7528\u7684\u6f0f\u6d1e\u7c7b\u578b\u3002\u9700\u8981\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\uff0c\u672c\u5730\u7528\u6237\u6216\u4e0d\u592a\u53ef\u80fd\u7684\u914d\u7f6e\u7684\u7f3a\u9677\u4e0d\u4f1a\u88ab\u5f52\u7c7b\u4e3a\u4e25\u91cd\u5f71\u54cd\u3002<\/td>\n<\/tr>\n
IMPORTANT IMPACT<\/p>\n

(\u9ad8\u5371)<\/th>\n

\u8fd9\u4e00\u8bc4\u7ea7\u662f\u7ed9\u90a3\u4e9b\u53ef\u4ee5\u8f7b\u6613<\/strong><\/span>\u5730\u5371\u53ca\u8d44\u6e90\u7684\u673a\u5bc6\u6027\uff0c\u5b8c\u6574\u6027\u6216\u53ef\u7528\u6027<\/strong>\u7684\u6f0f\u6d1e\u7684\u3002\u8fd9\u4e9b\u6f0f\u6d1e\u4e3b\u8981\u6709\uff1a\u5141\u8bb8\u672c\u5730\u7528\u6237\u63d0\u5347\u6743\u9650\u7684\u6f0f\u6d1e<\/span>\uff0c\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u67e5\u770b\u672c\u5e94\u7531\u8eab\u4efd\u9a8c\u8bc1\u4fdd\u62a4\u7684\u8d44\u6e90<\/span>\uff0c\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u7528\u6237\u6267\u884c\u4efb\u610f\u4ee3\u7801<\/span><\/strong>\uff0c\u6216\u5141\u8bb8\u8fdc\u7a0b\u7528\u6237\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1<\/span>\u3002<\/td>\n<\/tr>\n
MODERATE IMPACT<\/p>\n

(\u4e2d\u5371)<\/th>\n

\u8fd9\u4e00\u8bc4\u7ea7\u662f\u7ed9\u90a3\u4e9b\u5229\u7528\u6761\u4ef6\u6bd4\u8f83\u82db\u523b<\/strong><\/span>\uff0c\u4f46\u4e00\u65e6\u5229\u7528\u6210\u529f\u5219\u53ef\u80fd\u5bfc\u81f4\u5bf9\u8d44\u6e90\u7684\u673a\u5bc6\u6027\uff0c\u5b8c\u6574\u6027\u6216\u53ef\u7528\u6027\u53d7\u5230\u5371\u5bb3\u7684\u6f0f\u6d1e\u3002\u8fd9\u4e9b\u662f\u53ef\u80fd\u53d7\u5230\u91cd\u5927\u5f71\u54cd\u6216\u91cd\u8981\u5f71\u54cd\u4f46\u4e0d\u592a\u6613\u4e8e\u5229\u7528\u7684\u6f0f\u6d1e\u7684\u7c7b\u578b\uff0c\u57fa\u4e8e\u5bf9\u7f3a\u9677\u7684\u6280\u672f\u8bc4\u4f30\uff0c\u6216\u5f71\u54cd\u4e0d\u592a\u53ef\u80fd\u7684\u914d\u7f6e\u3002<\/td>\n<\/tr>\n
LOW IMPACT<\/strong><\/p>\n

(\u4f4e\u5371)<\/th>\n

\u8fd9\u4e00\u8bc4\u7ea7\u53ef\u7528\u4e8e\u6240\u6709\u5176\u4ed6\u6709\u5b89\u5168\u5f71\u54cd\u7684\u95ee\u9898\u3002\u8fd9\u4e9b\u662f\u88ab\u8ba4\u4e3a\u4e0d\u592a\u53ef\u80fd\u88ab\u5229\u7528\u7684\u6f0f\u6d1e<\/strong>\uff0c\u6216\u8005\u5373\u4fbf\u88ab\u6210\u529f\u5229\u7528\u5f71\u54cd\u4e5f\u5f88\u5c0f\u7684\u6f0f\u6d1e<\/strong>\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n
\n
\n
\n

CVSS\u6807\u51c6\u63d0\u4f9b\u7684\u4fe1\u606f\u975e\u5e38\u6709\u7528\uff0c\u4f46\u662fRed Hat\u5e76\u4e0d\u4ec5\u4ec5\u4f7f\u7528CVSS\u7ed9\u5b9a\u7684\u7ea7\u522b\u6765\u786e\u5b9a\u54ea\u4e9b\u7f3a\u9677\/\u6f0f\u6d1e\u9700\u8981\u4f18\u5148\u4fee\u590d\u3002CVSS\u88ab\u4f5c\u4e3a\u6307\u5bfc\u539f\u5219\u7528\u4e8e\u786e\u5b9a\u7f3a\u9677\/\u6f0f\u6d1e\u7684\u5173\u952e\u6307\u6807\uff0c\u4f46\u662f\u6f0f\u6d1e\u4fee\u590d\u7684\u4f18\u5148\u7ea7\u522b\u662f\u7531\u4e0a\u9762\u63d0\u5230\u7684\u7f3a\u9677\/\u6f0f\u6d1e\u4ea7\u751f\u7684\u6574\u4f53\u5f71\u54cd\u51b3\u5b9a\u7684\u3002<\/p>\n<\/div>\n<\/div>\n<\/div>\n

CVSS v3 Base Metrics
\n#CVSS v3\u57fa\u7840\u5ea6\u91cf\u6307\u6807<\/h6>\n