[日期上一页][下一个日期][线程上一页][线程下][日期索引][线程索引]
(临时)接受23候选人从最近的集群(最后的4/7)
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(临时):接受来自最近的23名候选人集群(最后的4/7)
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:星期一,3 4月2000 20:26:55 -0400(美国东部时间)
- 交货日期:星期一4月3 20:28:26 2000
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我做了一个临时决定接受以下23 RECENT-11候选人,RECENT-12, RECENT-13集群。还有35从这些集群需要更多的选票的候选人或被限制内容决定。我将做出最终决定这些候选人星期五,4月7日。候选人来自以下集群:12 RECENT-11 9 RECENT-12 2 RECENT-13选民:墙接受(6)无操作(17)勒布朗接受(5)等待(18)Ozancin接受(17)修改(1)等待(5)科尔接受(15)无操作(6)阿姆斯特朗接受布莱克(12)接受(19)无操作(4)-史蒂夫= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0170:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000226人错误可能导致根妥协(RH 6.1和其他框)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0348.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0078.html参考:报价:1011参考:网址:http://www.securityfocus.com/bid/1011缓冲区溢出的程序在Linux中允许本地用户获得特权人通过从环境变量。推断行动:- 2000 - 0170能接受(4接受,1 ack, 0评论)目前投票:接受(4)布莱克,科尔,阿姆斯特朗,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0172:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000303潜在的安全问题与地铁参考:DEBIAN: 20000309地铁参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q1/0032.html参考:FREEBSD: FreeBSD-SA-00:09参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2131参考:BUGTRAQ: 20000308 (TL-Security-Announce)地铁- 0.41和更早的TLSA2000003-1 (fwd)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0072.html参考:报价:1038参考:网址:http://www.securityfocus.com/bid/1038地铁项目不合理放弃特权,这可能允许本地用户获得特权。推断行动:- 2000 - 0172 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受布莱克(1)修改(1)Ozancin等待(3)墙,科尔,勒布朗评论:Ozancin >描述不能提供足够的信息= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0178:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000227咨询:铸造网络ServerIron TCP / IP序列可预测性参考:MISC:http://www.foundrynet.com/bugTraq.html参考:报价:1017参考:网址:http://www.securityfocus.com/bid/1017ServerIron铸造网络交换机的可预测的TCP / IP序列号,它允许远程攻击者恶搞或劫持会话。推断行动:- 2000 - 0178 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)布莱克,Ozancin等待(3)墙,科尔,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0182:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000223 DoS iPlanet Web服务器,Enterprise Edition 4.1参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0276.htmliPlanet Web Server 4.1允许远程攻击者造成拒绝服务通过大量的命令,消耗内存并导致内核恐慌。推断行动:- 2000 - 0182能接受(3接受0 ack, 0评论)目前投票:接受(3)科尔,阿姆斯特朗,Ozancin等待(3)墙,布莱克,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0186:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000228 (Hackerslab bug_paper] Linux转储缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0375.html参考:涡轮:TLSA200007-1参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2130参考:报价:1020参考:网址:http://www.securityfocus.com/bid/1020缓冲区溢出的转储工具在Linux ext2fs备份包允许本地用户获得特权通过命令行参数。推断行动:- 2000 - 0186 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待(3)墙,布莱克,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0189:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:NTBUGTRAQ: 20000301 coldfusion应用程序。cfm显示完整路径参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/current/0178.html参考:BUGTRAQ: 20000305 ColdFusion错误:应用程序。cfm显示完整路径参考:网址:http://archives.neohapsis.com/archives/bugtraq/current/0033.html参考:报价:1021参考:网址:http://www.securityfocus.com/bid/1021ColdFusion服务器4。x允许远程攻击者决定的真实路径名通过HTTP请求到应用程序服务器。cfm或onrequestend。cfm文件。推断行动:- 2000 - 0189能接受(4接受,1 ack, 0评论)目前投票:接受(4)墙,布莱克,科尔,Ozancin等待(1)勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0194:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000224 Corel Linux 1.0本地根妥协参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html参考:报价:1007参考:网址:http://www.securityfocus.com/bid/1007buildxconf Corel Linux允许本地用户修改或创建任意文件通过- x或- f参数。推断行动:- 2000 - 0194能接受(3接受0 ack, 0评论)目前投票:接受(3)科尔,阿姆斯特朗,Ozancin等待(3)墙,布莱克,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0196:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻参考:DEBIAN: 20000228远程利用nmh参考:网址:http://www.debian.org/security/2000/20000229引用:引用URL::报价:1018参考:网址:http://www.securityfocus.com/bid/1018缓冲区溢出在Linux mhshow nmh包允许远程攻击者执行命令通过畸形MIME头在电子邮件消息。推断行动:- 2000 - 0196能接受(3接受,1 ack, 0评论)目前投票:接受(3)布莱克,科尔,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0200:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:女士:ms00 - 015参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 015. - asp参考:报价:1034参考:网址:http://www.securityfocus.com/bid/1034缓冲区溢出在微软剪辑艺术画廊允许远程攻击者造成拒绝服务或执行命令通过一个畸形的CIL(剪辑艺术库)文件,又名“剪贴画缓冲区溢出漏洞。推断行动:- 2000 - 0200能接受(4接受,1 ack, 0评论)目前投票:接受(4)墙,布莱克,勒布朗,Ozancin = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0201:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000301 IE 5。x允许使用chm文件执行任意程序参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0408.html参考:报价:1033参考:网址:http://www.securityfocus.com/bid/1033window.showHelp()方法在Internet Explorer 5。x不限制HTML帮助文件(chm)执行从本地主机,远程攻击者可以通过微软网络执行任意命令。推断行动:- 2000 - 0201能接受(4接受,0 ack, 0评论)目前投票:接受(4)墙,布莱克,科尔,勒布朗等待(1)Ozancin = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0202:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻参考:女士:ms00 - 014参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 014. - asp参考:报价:1041参考:网址:http://www.securityfocus.com/bid/1041Microsoft SQL Server 7.0和微软数据引擎(MSDE) 1.0允许远程攻击者获得特权通过畸形在SQL查询的Select语句。推断行动:- 2000 - 0202能接受(4接受,1 ack, 0评论)目前投票:接受(4)墙,布莱克,勒布朗,Ozancin = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0207:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000301 infosrch。cgi漏洞(IRIX 6.5)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10003021059360.21162 - 100000 @inetarena.com参考:报价:1031参考:网址:http://www.securityfocus.com/bid/1031SGI InfoSearch infosrch CGI程序。cgi允许远程攻击者通过shell元字符执行命令。推断行动:- 2000 - 0207能接受(3接受0 ack, 0评论)目前投票:接受(3)布莱克,科尔,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0208:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000228 ht: / /挖远程信息暴露参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10002281422420.30728 - 100000 @wso.williams.edu参考:FREEBSD: FreeBSD-SA-00:06参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2107参考:DEBIAN: 20000226远程用户可以读取文件与网络服务器uid参考:网址:http://www.debian.org/security/2000/20000227参考:涡轮:TLSA200005-1参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2113参考:报价:1026参考:网址:http://www.securityfocus.com/bid/1026htdig (ht: / /挖)CGI程序htsearch封闭允许远程攻击者读取任意文件的文件名参数htsearch引号(')。推断行动:- 2000 - 0208能接受(3接受,2 ack, 0评论)目前投票:接受(3)布莱克,科尔,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0209:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000227猞猁,有人又聋又盲,)参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0002271629490.15796 - 100000 @dione.ids.pl参考:FREEBSD: FreeBSD-SA-00:08参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2127参考:报价:1012参考:网址:http://www.securityfocus.com/bid/1012缓冲区溢出猞猁2。x允许远程攻击者可能崩溃猞猁和执行命令通过一个长URL恶意网页。推断行动:- 2000 - 0209能接受(3接受,1 ack, 0评论)目前投票:接受(3)布莱克,科尔,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0210:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000221 flex执照经理tempfile可预测的名字……参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0267.html参考:报价:998参考:网址:http://www.securityfocus.com/bid/998太阳点燃项目Flex许可证管理器(特征码)遵循符号链接,它允许本地用户修改任意文件。推断行动:- 2000 - 0210能接受(3接受0 ack, 0评论)目前投票:接受(3)布莱克,阿姆斯特朗,Ozancin等待(3)墙,勒布朗,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0211:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:女士:ms00 - 013参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 013. - asp参考:XF: win-media-dos参考:报价:1000参考:网址:http://www.securityfocus.com/bid/1000Windows媒体服务器允许远程攻击者通过一系列导致拒绝服务客户握手包发送顺序不当,又名“混乱的Windows媒体服务握手”的弱点。推断行动:- 2000 - 0211能接受(5接受,1 ack, 0评论)目前投票:接受(5)墙,布莱克,勒布朗,科尔,阿姆斯特朗等待(1)Ozancin = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0212:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000224本地/远程原产。年代袭击InterAccess TelnetD服务器4.0版*所有构建* WinNT脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPEELFCCAA.labs@ussrback.com参考:报价:1001参考:网址:http://www.securityfocus.com/bid/1001InterAccess TelnetID服务器4.0允许远程攻击者通过畸形进行拒绝服务终端客户端配置信息。推断行动:- 2000 - 0212 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,阿姆斯特朗等待(4)墙,布莱克,勒布朗,Ozancin = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0215:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:上海合作组织:某人- 00.05参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 00.05 a参考:报价:1019参考:网址:http://www.securityfocus.com/bid/1019脆弱性在上海合作组织在UnixWare 7铜项目。x允许本地用户获得特权。推断行动:- 2000 - 0215 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)布莱克,阿姆斯特朗等待(4)墙,勒布朗,科尔,Ozancin = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0217:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000224 SSH和xauth参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0317.html参考:报价:1006参考:网址:http://www.securityfocus.com/bid/1006的默认配置SSH允许X转发,这可能允许远程攻击者控制客户的X会话通过恶意xauth程序。推断行动:- 2000 - 0217能接受(4接受,0 ack, 0评论)目前投票:接受(4)布莱克,科尔,阿姆斯特朗,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0218:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:SUSE: 20000210 util < 2.10 f参考:网址:http://www.suse.de/de/support/security/suse_security_announce_39.txt参考:火山口:综援- 2000 - 002.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 002.0.txt缓冲区溢出在Linux中挂载和umount允许本地用户获得根权限来通过一个长相对路径名。推断行动:- 2000 - 0218能接受(4接受,2 ack, 0评论)目前投票:接受(4)布莱克,科尔,阿姆斯特朗,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0221:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000225蝎子马林参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0324.html参考:报价:1009参考:网址:http://www.securityfocus.com/bid/1009诺蒂卡马林鱼桥允许远程攻击者造成拒绝服务通过一个零长度UDP数据包SNMP港口。推断行动:- 2000 - 0221能接受(3接受0 ack, 0评论)目前投票:接受(3)布莱克,阿姆斯特朗,Ozancin等待(3)墙,勒布朗,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0222:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000215 Windows 2000安装过程的弱点参考:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr参考:报价:990参考:网址:http://www.securityfocus.com/bid/990安装Windows 2000不激活管理员密码,直到系统重启,它允许远程攻击者连接到管理$共享没有密码,直到重新启动。推断行动:- 2000 - 0222能接受(6接受0 ack 0审查)目前投票:接受(6)墙,布莱克,勒布朗,科尔,阿姆斯特朗,Ozancin = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0224:最终决定:阶段性裁决:20000404修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:奈:20000215 ARCserve符号链接漏洞参考:网址:http://www.nai.com/nai_labs/asp_set/advisory/37_ARCserve.asp参考:上海合作组织:SSE063参考:网址:ftp://ftp.sco.com/SSE/sse063.ltr参考:XF: sco-openserver-arc-symlink ARCserve代理在上海合作组织UnixWare 7。x允许本地攻击者获得根权限通过一个符号链接攻击。推断行动:- 2000 - 0224 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)布莱克,阿姆斯特朗等待(4)墙,勒布朗,科尔,Ozancin
- 下一个按日期:【投票】19高优先级的候选人更需要1票
- 下一个线程:【投票】19高优先级的候选人更需要1票
- 指数(es):
