(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群近10 - 15的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群近10 - 15的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0500年:星期二,2000年2月22日21:31:00(美国东部时间)
- 交货日期:2000年2月22日21:34:16星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含15个候选人公布2月15日至2月21日,2000年。与过去的集群,这个包括url的引用。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。* * * * * * * * * *注意* * * * * * * * * *注意* * * * * * * * * *注意* * * * * * * * * *注意* * * * * * * * * *请记住,你的投票和评论将被记录和公开的邮件列表档案或其他格式。 ================================= Candidate: CAN-2000-0153 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000216 Doubledot bug in FrontPage FrontPage Personal Web Server. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000801bf780a 9 ad4b2e0 0100007 f@localhost美元参考:报价:989参考:网址:http://www.securityfocus.com/bid/989首页个人Web服务器(PWS)允许远程攻击者通过....读文件(点点)攻击。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0154:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:奈:20000215 ARCserve符号链接漏洞参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af 94528870 4美元d2f45a1@jmagdych.na.nai.com参考:报价:988参考:网址:http://www.securityfocus.com/bid/988在UnixWare ARCserve代理允许本地攻击者修改任意文件通过一个符号链接攻击。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0155:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000218自动运行。正脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000701bf79cd fdb5a620 4美元c4342a6@mightye.org参考:报价:993参考:网址:http://www.securityfocus.com/bid/993Windows NT自动执行自动运行。inf文件不可拆卸的媒体,它允许本地攻击者指定执行另一个程序时,其他用户访问一个驱动器。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0156:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:女士:ms00 - 009参考:网址:http://www.microsoft.com/technet/security/bulletins/ms00 - 009. - aspInternet Explorer 4。x和5。x允许远程web服务器访问文件在客户端之外的安全域,又名“图像源定向”的弱点。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0157:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:NETBSD: 1999 - 012参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa1999 txt.asc——012.NetBSD ptrace呼吁VAX允许本地用户获得特权在调试过程中通过修改PSL内容。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0158:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:奈:20000215远程漏洞MMDF SMTP守护程序参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000001bf78af 6 d0d47a0 4美元d2f45a1@jmagdych.na.nai.com参考:BUGTRAQ: 20000218 MMDF参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=200002181449.JAA03436@dragonfly.corp.home.net参考:报价:997参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=997缓冲区溢出在MMDF服务器允许远程攻击者获得特权通过很长邮件从命令到SMTP守护进程。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0159:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:惠普:hpsbux0002 - 111参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org惠普Ignite-UX不拯救/ etc / passwd当它创建一个可信的形象系统,可以将密码字段设置为空白,让攻击者获得特权。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0160:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000221微软签署软件可以安装软件没有提示用户参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000221103938.T21312@securityfocus.comMicrosoft Active安装ActiveX组件在Internet Explorer 4。x和5。x允许远程攻击者没有提示用户安装软件组件说明软件的制造商是微软。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0161:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:女士:ms00 - 010参考:网址:http://www.microsoft.com/technet/security/bulletins/ms00 - 010. - asp参考:报价:994参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=994示例web站点在微软网站服务器3.0商务版不验证身份证号码,它允许远程攻击者执行SQL命令。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0162:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:女士:ms00 - 011参考:网址:http://www.microsoft.com/technet/security/bulletins/ms00 - 011. - asp微软Internet Explorer 4中虚拟机(VM)。x和5。x允许远程攻击者读取文件通过一个恶意逃Java沙箱的Java applet,又名“VM文件阅读”的弱点。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0163:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:FREEBSD: FreeBSD-SA-00:03参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2092参考:报价:996参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=996asmon和ascpu FreeBSD允许本地用户通过一个配置文件获得根权限。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0164:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000220太阳互联网邮件服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000 - 02 - 15 - &msg=pine.sol.4.21.0002200031320.22675 - 100000 @klayman.hq.formus.pl太阳的安装互联网邮件服务器(SIMS)创建一个全局文件,允许本地用户获取密码。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0165:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000210 Re:应用程序代理?参考:FREEBSD: FreeBSD-SA-00:04参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000 - 02 - 15 - &msg=pine.bsf.4.21.0002192249290.10784 - 100000 @freefall.freebsd.org参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000 - 02 - 8 &msg=pine.bsf.4.10.10002100058420.43483 - 100000 @hydrant.intranova.net代表应用程序代理有几个缓冲区溢出,允许远程攻击者执行命令。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0166:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000221本地/远程Exploiteable缓冲区溢出漏洞InterAccess TelnetD Server 4.0的Windows NT参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com参考:报价:995参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=995缓冲区溢出的InterAccess telnet服务器TelnetD允许远程攻击者执行命令通过一个漫长的登录名。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0167:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:NTBUGTRAQ: 20000215 Inetinfo坠毁。exe通过使用longfilename \ mailroot \皮卡目录参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0002&L=ntbugtraq&F=&S=&P=8800IIS Inetinfo。exe允许本地用户造成拒绝服务通过创建一个邮件文件的名称和一个. txt。eml扩展在皮卡目录中。投票:
- 上一页的日期:(董事会)马文克里加入了编辑部
- 下一个按日期:再保险:你的法律顾问在击败DDOS攻击
- Prev线程:(董事会)马文克里加入了编辑部
- 下一个线程:[CVEPRI]奥兰多和无奖!
- 指数(es):
