(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-13 - 19的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-13 - 19的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2000年3月21日,星期二23:22:33 -0500(美国东部时间)
- 交货日期:2000年3月21日23:22:42星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含19个候选人之间宣布3月4日和3月14日,2000年。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0168 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0087.html参考:女士:ms00 - 017参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2126参考:报价:1043参考:网址:http://www.securityfocus.com/bid/1043Microsoft Windows操作系统允许攻击者造成拒绝服务通过一个文件路径名,包括设备名称,即“DOS设备路径名”的弱点。ED_PRI - 2000 - 0168 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0173:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:上海合作组织:某人- 00.08参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 00.08 a在上海合作组织UnixWare 7.1鳗鱼系统的脆弱性。x允许远程攻击者造成拒绝服务。ED_PRI - 2000 - 0173 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0200:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:女士:ms00 - 015参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 015. - asp参考:报价:1034参考:网址:http://www.securityfocus.com/bid/1034缓冲区溢出在微软剪辑艺术画廊允许远程攻击者造成拒绝服务或执行命令通过一个畸形的CIL(剪辑艺术库)文件,又名“剪贴画缓冲区溢出漏洞。ED_PRI - 2000 - 0200 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0202:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:女士:ms00 - 014参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 014. - asp参考:报价:1041参考:网址:http://www.securityfocus.com/bid/1041Microsoft SQL Server 7.0和微软数据引擎(MSDE) 1.0允许远程攻击者获得特权通过畸形在SQL查询的Select语句。ED_PRI - 2000 - 0202 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0169:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:NTBUGTRAQ: 20000314 Oracle Web 4.0侦听器。x参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html参考:报价:1053参考:网址:http://www.securityfocus.com/bid/1053批处理文件在Oracle web侦听器ows-bin目录允许远程攻击者执行命令通过一个畸形的URL,包括“? &”。ED_PRI - 2000 - 0169 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0171:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000311咨询都是——atsadc参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html参考:报价:1048参考:网址:http://www.securityfocus.com/bid/1048atsadc atsar包中为Linux不正确检查输出文件的权限,它允许本地用户获得根权限。ED_PRI - 2000 - 0171 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0174:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000308(安全000309. exp.1.4] StarScheduler (StarOffice)漏洞参考:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html参考:报价:1040参考:网址:http://www.securityfocus.com/bid/1040StarOffice StarScheduler web服务器允许远程攻击者读取任意文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0174 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0175:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000308(安全000309. exp.1.4] StarScheduler (StarOffice)漏洞参考:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html参考:报价:1039参考:网址:http://www.securityfocus.com/bid/1039缓冲区溢出的StarOffice StarScheduler web服务器允许远程攻击者获得root访问通过GET命令。ED_PRI - 2000 - 0175 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0180:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:NTBUGTRAQ: 20000313逗留搜索引擎公开文件参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html参考:报价:1052参考:网址:http://www.securityfocus.com/bid/1052逗留搜索引擎允许远程攻击者读取任意文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0180 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0181:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000311我们的老朋友防火墙1参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html参考:报价:1054参考:网址:http://www.securityfocus.com/bid/1054防火墙1 3.0和4.0泄漏与私有IP地址信息数据包,这可能允许远程攻击者确定的实际IP地址的主机进行连接。ED_PRI - 2000 - 0181 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0183:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:BUGTRAQ:前轮驱动:20000310 ircii - 4.4:缓冲区溢出参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html参考:报价:1046参考:网址:http://www.securityfocus.com/bid/1046缓冲区溢出ircII 4.4 IRC客户机允许远程攻击者执行命令通过DCC聊天功能。ED_PRI - 2000 - 0183 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0184:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000309参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html参考:报价:1037参考:网址:http://www.securityfocus.com/bid/1037Linux printtool设置打印机配置文件的权限是公开,它允许本地攻击者获取打印机共享密码。ED_PRI - 2000 - 0184 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0185:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000308 RealServer暴露内部IP地址参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html参考:报价:1049参考:网址:http://www.securityfocus.com/bid/1049RealMedia RealServer揭示了真正的真正的服务器的IP地址,即使地址应该是私有的。ED_PRI - 2000 - 0185 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0192:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000304 OpenLinux 2.3: rpm_query参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html参考:报价:1036参考:网址:http://www.securityfocus.com/bid/1036默认安装的破火山口OpenLinux 2.3包括rpm_query CGI程序,它允许远程攻击者确定包是安装在系统上。ED_PRI - 2000 - 0192 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0197:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:NTBUGTRAQ: 20000313在工作——拒绝服务/特权高程参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/current/0202.html参考:报价:1050参考:网址:http://www.securityfocus.com/bid/1050Windows NT调度器使用驱动器映射的交互式用户正在登录系统,它允许本地用户获得特权通过提供一个特洛伊木马批处理文件代替原来的批处理文件。ED_PRI - 2000 - 0197 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0198:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:NTBUGTRAQ: 20000314本地/远程远程DoS攻击倍数MERCUR v3.2 * 98(对于Windows / NT脆弱性参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/current/0206.html参考:BUGTRAQ: 20000314本地/远程远程DoS攻击倍数MERCUR v3.2 * 98(对于Windows / NT脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/current/0137.html参考:报价:1051参考:网址:http://www.securityfocus.com/bid/1051缓冲区溢出MERCUR POP3和IMAP服务器的邮件服务器套件允许远程攻击者造成拒绝服务。ED_PRI - 2000 - 0198 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0199:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:国际空间站:20000314脆弱性在Microsoft SQL Server 7.0加密用于存储管理登录ID引用:报价:1055参考:网址:http://www.securityfocus.com/bid/1055当一个新的SQL Server注册企业经理Microsoft SQL Server 7.0和“总是提示输入登录名和密码”选项没有设置,那么企业管理器使用弱加密存储登录ID和密码。ED_PRI - 2000 - 0199 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0206:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000305 Oracle安装程序问题参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html参考:报价:1035参考:网址:http://www.securityfocus.com/bid/1035安装Oracle 8.1.5。x在Linux上遵循符号链接和创建orainstRoot。sh文件,对外公开权限,允许本地用户获得特权。ED_PRI - 2000 - 0206 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0223:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000311咨询都是——wmcdplay参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html参考:报价:1047参考:网址:http://www.securityfocus.com/bid/1047缓冲区溢出的wmcdplay CD播放器程序WindowMaker桌面允许本地用户通过长参数获得根权限。ED_PRI - 2000 - 0223 3投票:
- 上一页的日期:(提案)集群RECENT-12 - 20的候选人
- 下一个按日期:[最终]接受各种集群的53个候选人
- Prev线程:(提案)集群RECENT-12 - 20的候选人
- 下一个线程:[最终]接受各种集群的53个候选人
- 指数(es):
