(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-11 - 19的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-11 - 19的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2000年3月21日,星期二23:12:41 -0500(美国东部时间)
- 交货日期:2000年3月21日23:12:52星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含19个候选人宣布2月3日至2月26日,2000年。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0211 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS00-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 013. - asp参考:XF: win-media-dos参考:报价:1000参考:网址:http://www.securityfocus.com/bid/1000Windows媒体服务器允许远程攻击者通过一系列导致拒绝服务客户握手包发送顺序不当,又名“混乱的Windows媒体服务握手”的弱点。ED_PRI - 2000 - 0211 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0215:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:上海合作组织:某人- 00.05参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 00.05 a参考:报价:1019参考:网址:http://www.securityfocus.com/bid/1019脆弱性在上海合作组织在UnixWare 7铜项目。x允许本地用户获得特权。ED_PRI - 2000 - 0215 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0218:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:SUSE: 20000210 util < 2.10 f参考:网址:http://www.suse.de/de/support/security/suse_security_announce_39.txt参考:火山口:综援- 2000 - 002.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 002.0.txt缓冲区溢出在Linux中挂载和umount允许本地用户获得根权限来通过一个长相对路径名。ED_PRI - 2000 - 0218 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0224:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:奈:20000215 ARCserve符号链接漏洞参考:网址:http://www.nai.com/nai_labs/asp_set/advisory/37_ARCserve.asp参考:上海合作组织:SSE063参考:网址:ftp://ftp.sco.com/SSE/sse063.ltr参考:XF: sco-openserver-arc-symlink ARCserve代理在上海合作组织UnixWare 7。x允许本地攻击者获得根权限通过一个符号链接攻击。ED_PRI - 2000 - 0224 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0170:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000226人错误可能导致根妥协(RH 6.1和其他框)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0348.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0078.html参考:报价:1011参考:网址:http://www.securityfocus.com/bid/1011缓冲区溢出的程序在Linux中允许本地用户获得特权人通过从环境变量。ED_PRI - 2000 - 0170 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0212:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000224本地/远程原产。年代袭击InterAccess TelnetD服务器4.0版*所有构建* WinNT脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPEELFCCAA.labs@ussrback.com参考:报价:1001参考:网址:http://www.securityfocus.com/bid/1001InterAccess TelnetID服务器4.0允许远程攻击者通过畸形进行拒绝服务终端客户端配置信息。ED_PRI - 2000 - 0212 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0182:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000223 DoS iPlanet Web服务器,Enterprise Edition 4.1参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0276.htmliPlanet Web Server 4.1允许远程攻击者造成拒绝服务通过大量的命令,消耗内存并导致内核恐慌。ED_PRI - 2000 - 0182 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0194:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000224 Corel Linux 1.0本地根妥协参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html参考:报价:1007参考:网址:http://www.securityfocus.com/bid/1007buildxconf Corel Linux允许本地用户修改或创建任意文件通过- x或- f参数。ED_PRI - 2000 - 0194 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0195:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000224 Corel Linux 1.0本地根妥协参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html参考:报价:1008参考:网址:http://www.securityfocus.com/bid/1008setxconf Corel Linux允许本地用户获得root访问通过- t参数,它执行用户的.xserverrc文件。ED_PRI - 2000 - 0195 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0203:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000228 Re: TrendMicro OfficeScan tmlisten。exe DoS参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D@srvnt04.previnet.it参考:BUGTRAQ: 20000315趋势科技发布补丁“OfficeScan DoS和消息重放”V ulnerabilies参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=d129bbe1730ad2118a0300805fc1c2fe038af28b@209 - 76 - 212 - 10. - trendmicro.com参考:MISC:http://www.antivirus.com/download/ofce_patch_35.htm参考:报价:1013参考:网址:http://www.securityfocus.com/bid/1013Trend Micro OfficeScan客户机tmlisten。exe允许远程攻击者通过畸形引起拒绝服务数据端口12345。ED_PRI - 2000 - 0203 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0204:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000226 DOS Trendmicro OfficeScan参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html参考:BUGTRAQ: 20000315趋势科技发布补丁“OfficeScan DoS和消息重放”V ulnerabilies参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=d129bbe1730ad2118a0300805fc1c2fe038af28b@209 - 76 - 212 - 10. - trendmicro.com参考:MISC:http://www.antivirus.com/download/ofce_patch_35.htm参考:报价:1013参考:网址:http://www.securityfocus.com/bid/1013Trend Micro OfficeScan客户机允许远程攻击者造成拒绝服务通过5连接到端口12345,而CPU利用率为100%。ED_PRI - 2000 - 0204 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0210:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000221 flex执照经理tempfile可预测的名字……参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0267.html参考:报价:998参考:网址:http://www.securityfocus.com/bid/998太阳点燃项目Flex许可证管理器(特征码)遵循符号链接,它允许本地用户修改任意文件。ED_PRI - 2000 - 0210 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0213:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000223水鹿服务器警报!参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3@cybcom.net参考:确认:= http://www.sambar.com/session/highlight?url=/syshelp/history.htm&words=security +颜色红色参考:XF: sambar-batfiles参考:报价:1002参考:网址:http://www.securityfocus.com/bid/1002水鹿服务器包括批处理文件的回声。蝙蝠和你好。蝙蝠在CGI目录,允许远程攻击者通过shell元字符执行命令。ED_PRI - 2000 - 0213 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0214:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000224如何恢复密码使用FTP Explorer的注册表!参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10002242035500.30645 - 100000 @unreal.sekure.org参考:报价:1003参考:网址:http://www.securityfocus.com/bid/1003FTP Explorer使用弱加密存储用户名,密码和FTP站点的配置文件。ED_PRI - 2000 - 0214 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0217:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000224 SSH和xauth参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0317.html参考:报价:1006参考:网址:http://www.securityfocus.com/bid/1006的默认配置SSH允许X转发,这可能允许远程攻击者控制客户的X会话通过恶意xauth程序。ED_PRI - 2000 - 0217 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0219:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000223 redhat 6.0:单用户引导安全漏洞参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200002230248.NAA19185@cairo.anu.edu.au参考:报价:1005参考:网址:http://www.securityfocus.com/bid/1005Red Hat 6.0允许本地用户获得root访问启动单用户密码提示和打击^ C。ED_PRI - 2000 - 0219 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0220:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000225 Zonealarm出口敏感数据Zonealarm系统和网络信息以明文发送敏感区域实验室服务器如果用户请求更多关于一个事件的信息。ED_PRI - 2000 - 0220 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0221:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000225蝎子马林参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0324.html参考:报价:1009参考:网址:http://www.securityfocus.com/bid/1009诺蒂卡马林鱼桥允许远程攻击者造成拒绝服务通过一个零长度UDP数据包SNMP港口。ED_PRI - 2000 - 0221 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0222:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000215 Windows 2000安装过程的弱点参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr参考:报价:990参考:网址:http://www.securityfocus.com/bid/990安装Windows 2000不激活管理员密码,直到系统重启,它允许远程攻击者连接到管理$共享没有密码,直到重新启动。ED_PRI - 2000 - 0222 3投票:
- 上一页的日期:[CVEPRI]的优先候选人选票和常规的“待办事项”
- 下一个按日期:(提案)集群RECENT-12 - 20的候选人
- Prev线程:[CVEPRI]的优先候选人选票和常规的“待办事项”
- 下一个线程:(提案)集群RECENT-12 - 20的候选人
- 指数(es):
