(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-09 - 14的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-09 - 14的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2000年2月15日星期二19:29:13 -0500(美国东部时间)
- 交货日期:2000年2月15日19:32:45星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含14个候选人,所有这些公布2月4日至2月14日,2000年。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。* * * * * * * * * *注意* * * * * * * * * *注意* * * * * * * * * *注意* * * * * * * * * *注意* * * * * * * * * *请记住,你的投票和评论将被记录和公开的邮件列表档案或其他格式。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0139:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:报价:982参考:网址:http://www.securityfocus.com/bid/982互联网在任何地方POP3邮件服务器允许本地用户造成拒绝服务通过一个畸形RETR命令。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0140:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:NTBUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:报价:980参考:网址:http://www.securityfocus.com/bid/980互联网在任何地方POP3邮件服务器允许远程攻击者通过大量导致拒绝服务的连接。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0141:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000211 perl cgi洞UltimateBB Infopop corp .)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ruInfopop终极公告板(UBB)允许远程攻击者通过shell元字符执行命令的主题隐藏字段。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0142:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000211廷巴克图Pro 2.0 b650 DoS认证协议在廷巴克图Pro 2.0 b650允许远程攻击者造成拒绝服务通过连接到端口407和1417。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0143:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000211 sshd和流行/ ftponly用户错误的配置SSH协议服务器sshd允许本地用户没有shell访问重定向一个TCP连接通过服务使用标准的系统数据库密码的身份验证,例如流行或FTP。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0144:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html参考:BUGTRAQ: 20000207 Infosec.20000207.axis700。参考:报价:971参考:网址:http://www.securityfocus.com/bid/971轴700网络扫描仪不适当限制对管理员的访问的url,它允许用户绕过密码保护通过. .(点点)攻击。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0145:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:CF参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0038.html参考:BUGTRAQ: 20000205 Debian(冻):烫发/usr/lib/libguile.so.6.0.0 libguile。所以gnucash所使用的库文件在Debian Linux安装人人可写的权限。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0146:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html参考:BUGTRAQ: 20000207 Novell GroupWise 5.5增强包Web Access拒绝、e参考:报价:972参考:网址:http://www.securityfocus.com/bid/972Java服务器在Novell GroupWise Web访问增强包允许远程攻击者造成拒绝服务通过一个长URL servlet。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0147:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:CF参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0045.html参考:奈:20000207 SNMPD违约可写社区字符串引用:报价:973参考:网址:http://www.securityfocus.com/bid/973在上海合作组织OpenServer snmpd SNMP社区字符串,可写在默认情况下,它允许本地攻击者修改主机的配置。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0148:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html参考:BUGTRAQ: 20000208远程访问漏洞在所有MySQL服务器版本参考:BUGTRAQ: 20000214 MySQL 3.22.32发布参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000 - 02 - 8 &msg=pine.bso.4.21.0002141636590.27495 - 100000 @birdie.sekure.net参考:报价:975参考:网址:http://www.securityfocus.com/bid/975MySQL 3.22允许远程攻击者绕过密码身份验证和访问数据库通过一个简短的检查字符串。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0149:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html参考:BUGTRAQ: 20000209(安全000209. exp.1.2]宙斯Web服务器获得的CGI脚本参考来源:BUGTRAQ: 20000208宙斯Web服务器:零终止字符串引用:报价:977参考:网址:http://www.securityfocus.com/bid/977宙斯web服务器,远程攻击者可以查看通过null字符CGI程序的源代码(% 00)的URL。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0150:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000209防火墙1 FTP服务器漏洞参考:BUGTRAQ: 20000212 Re:防火墙1 FTP服务器漏洞参考:BUGTRAQ: 20000210多个防火墙:FTP应用级网关“PASV”漏洞参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=51A8E31DE32DD211A0590008C71E7E4C59686E@tro-03-msg.merkantildata.no参考:报价:979参考:网址:http://www.securityfocus.com/bid/979防火墙1允许远程攻击者绕过一个FTP服务器上的端口访问限制,迫使它发送恶意数据包227防火墙1曲解为一个有效的回应客户的PASV尝试。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0151:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:SUSE: 20000209 - 3.77 - 44参考:报价:981参考:网址:http://www.securityfocus.com/bid/981GNU使遵循符号链接从stdin读取一个Makefile,其他本地用户可以执行命令。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0152:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000209 Novell BorderManager 3.5远程缓慢死亡参考:BUGTRAQ: 20000211 BorderManager csatpxy。nlm修复牟利。远程攻击者可以引起拒绝服务在Novell BorderManager 3.5按回车键的telnet连接到端口2000。投票:
- 上一页的日期:(提案)DDOS——分布式DoS(1候选人)
- 下一个按日期:[技术]新的董事会成员投票支持增强
- Prev线程:DDoS, VPN再保险(建议):DDoS——分布式DoS(1候选人)
- 下一个线程:[技术]新的董事会成员投票支持增强
- 指数(es):
