(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
【投票】19高优先级的候选人更需要1票
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(票):19个高优先级的候选人更需要1票
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:星期一,3 4月2000 23:01:12 -0400(美国东部时间)
- 交货日期:星期一4月3 23:01:22 2000
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
,下面是第一个在一系列常规的优先列表将确定候选人(a)高优先级和(b)接近被接受。以下活动由软件供应商候选人都承认。他们只需要一个接受投票。如果你有机会在这些投票,请把你的票给我。谢谢你,史蒂夫的总结票使用(按升序的“严重性”)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the moderator to determine whether or not a candidate is added to CVE. Where there is disagreement, the moderator must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ================================= Candidate: CAN-2000-0024 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: MS:MS99-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99 - 061. - asp参考:BUGTRAQ: 19991228第三方软件受到IIS漏洞参考“转义字符解析”:BUGTRAQ: 19991229更多信息ms99 - 061 (IIS转义字符脆弱性)IIS不合理规范化的url,可能允许远程攻击者绕过访问限制的第三方软件通过转义字符,又名“转义字符解析”的弱点。推断行动:- 2000 - 0024 MOREVOTES-1(1接受,1 ack, 1审查)目前投票:修改(1)Stracener回顾(1)阿姆斯特朗评论:Stracener >添加裁判:MSKB: Q246401投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0044:最终决定:阶段性裁决:修改:建议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000105安全警报——战争FTP守护进程所有版本参考:报价:919参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=919宏在战争中FTP 1.70和1.67 b2允许本地或远程攻击者读取任意文件或执行命令。推断行动:- 2000 - 0044 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:修改(1)法国人评论:弗雷希> XF: warftp-macro-access-files投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0050:最终决定:阶段性裁决:修改:建议:20000125分配:20000122类别:科幻参考:报价:915参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=915参考:阿莱尔:ASB00-01参考:网址:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full阿莱尔光谱网络桌面允许经过身份验证的用户访问其他网络桌面部分通过指定明确的url。推断行动:- 2000 - 0050 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:修改(1)法国人评论:弗雷希> XF: allaire-webtop-access投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0051:最终决定:阶段性裁决:修改:建议:20000125分配:20000122类别:科幻参考:报价:916参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=916参考:阿莱尔:ASB00-02参考:网址:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full阿莱尔谱配置向导允许远程攻击者造成拒绝服务通过不断重新提交数据集合索引通过一个URL。推断行动:- 2000 - 0051 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:修改(1)法国人评论:弗雷希> XF: allaire-spectra-config-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0052:最终决定:阶段性裁决:修改:20000204 - 01提议:20000125分配:20000122类别:科幻参考:L0PHT: 20000104 PamSlam参考:网址:http://www.l0pht.com/advisories/pam_advisory参考:REDHAT: RHSA-2000:001-01参考:网址:http://www.redhat.com/support/errata/rhsa2000001 - 03. - html参考:XF: linux-pam-userhelper参考:网址:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper参考:报价:913参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=913Red Hat userhelper项目usermode包允许本地用户获得root访问通过PAM和. .(点点)攻击。修改:ADDREF XF: linux-pam-userhelper推断行动:- 2000 - 0052 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:修改(1)法国人评论:弗雷希> XF: linux-pam-userhelper投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0057:最终决定:阶段性裁决:修改:建议:20000125分配:20000122类别:科幻参考:阿莱尔:ASB00-03参考:网址:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full参考:报价:917参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=917冷聚变CFCACHE标记的地方临时缓存文件在web文档根,允许远程攻击者获得敏感的系统信息。推断行动:- 2000 - 0057 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:修改(1)法国人评论:弗雷希> XF: coldfusion-cfcache投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0062:最终决定:阶段性裁决:修改:建议:20000125分配:20000122类别:科幻参考:报价:922参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=922参考:BUGTRAQ: 20000104 (petrilli@digicool.com: [Zope]安全警报)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.netDTML实现Z对象发布环境(Zope)允许远程攻击者进行未经授权的活动。推断行动:- 2000 - 0062 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:修改(1)法国人评论:弗雷希> XF: zope-dtml投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0070:最终决定:阶段性裁决:修改:20000204 - 01提议:20000125分配:20000122类别:科幻参考:BINDVIEW: 20000113当地促销漏洞在Windows NT 4参考:网址:http://www.bindview.com/security/advisory/adv_NtImpersonate.html参考:女士:ms00 - 003参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 003. - asp参考:MSKB: Q247869参考:XF: nt-spoofed-lpc-port参考:网址:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-portNtImpersonateClientOfPort本地过程调用Windows NT 4.0允许本地用户获得特权,又名“欺骗LPC的端口的请求。”Modifications: ADDREF XF:nt-spoofed-lpc-port INFERRED ACTION: CAN-2000-0070 MOREVOTES-1 (1 accept, 3 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> ADDREF XF:nt-spoofed-lpc-port VOTE: ================================= Candidate: CAN-2000-0073 Published: Final-Decision: Interim-Decision: Modified: 20000204-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: MS:MS00-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 005. - asp参考:MSKB: Q249973参考:XF: win-malformed-rtf-control-word参考:网址:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word缓冲区溢出在微软富文本格式(RTF)阅读器允许攻击者通过畸形引起拒绝服务控制字。修改:ADDREF XF: win-malformed-rtf-control-word推断行动:- 2000 - 0073 MOREVOTES-1 (1, 2 ack, 0评论)目前投票:修改(1)法国人评论:弗雷希> ADDREF XF: win-malformed-rtf-control-word投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0083:最终决定:阶段性裁决:修改:建议:20000125分配:20000122类别:科幻参考:惠普:hpsbux0001 - 109参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2031惠普asecure创建音频安全文件音频。证交会与不安全的权限,允许本地用户造成拒绝服务或获得更多的特权。推断行动:- 2000 - 0083 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:修改(1)法国人评论:弗雷希> XF: hp-audio-security-perms投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0091:最终决定:阶段性裁决:修改:20000403 - 01提议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000122远程根qmail-pop vpopmail咨询和开发补丁参考:BUGTRAQ: 20000123 Re: vpopmail / vchkpw远程根利用参考:报价:942参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=942参考:MISC:http://www.inter7.com/vpopmail/ChangeLog参考:MISC:http://www.inter7.com/vpopmail/缓冲区溢出在vchkpw / vpopmail流行身份验证包允许远程攻击者获得根权限通过很长的用户名或密码。修改:ADDREF MISC:http://www.inter7.com/vpopmail/ChangeLogADDREF MISC:http://www.inter7.com/vpopmail/推断行动:- 2000 - 0091 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0095:最终决定:阶段性裁决:修改:建议:20000208分配:20000202类别:科幻参考:惠普:hpsbux0001 - 110参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2041参考:报价:944参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=944hp - ux 10.30和11.00使用的PMTU发现过程来确定最优MTU生成大量的交通在应对小数据包,允许远程攻击者使系统用作包放大器。推断行动:- 2000 - 0095 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0099:最终决定:阶段性裁决:修改:建议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000119 Unixware ppptalk参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94840959614790&w=2缓冲区溢出在UnixWare ppptalk命令允许本地用户获得特权通过长提示参数。推断行动:- 2000 - 0099 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0107:最终决定:阶段性裁决:修改:建议:20000208分配:20000208类别:科幻参考:DEBIAN: 20000201参考:网址:http://www.debian.org/security/2000/20000201参考:报价:958参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=958Linux成人计划允许本地攻击者修改任意文件通过一个符号链接攻击。推断行动:- 2000 - 0107 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0112:最终决定:阶段性裁决:修改:建议:20000208分配:20000208类别:CF参考:BUGTRAQ: 20000202脆弱性在Debian Linux默认启动配置参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94952030018431&w=2参考:报价:960参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=960默认安装Debian Linux使用一个不安全的主引导记录(MBR),允许本地用户从软盘启动期间安装。推断行动:- 2000 - 0112 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0131:最终决定:阶段性裁决:修改:建议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000201 war-ftpd 1.6 x DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2参考:报价:966参考:网址:http://www.securityfocus.com/bid/966在战争中缓冲区溢出FTPd 1.6 x允许用户通过长MKD和慢性消耗病引起拒绝服务的命令。推断行动:- 2000 - 0131 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0159:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:惠普:hpsbux0002 - 111参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org惠普Ignite-UX不拯救/ etc / passwd当它创建一个可信的形象系统,可以将密码字段设置为空白,让攻击者获得特权。推断行动:- 2000 - 0159 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(2)墙,勒布朗投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0165:最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000210 Re:应用程序代理?参考:FREEBSD: FreeBSD-SA-00:04参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000 - 02 - 15 - &msg=pine.bsf.4.21.0002192249290.10784 - 100000 @freefall.freebsd.org参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000 - 02 - 8 &msg=pine.bsf.4.10.10002100058420.43483 - 100000 @hydrant.intranova.net代表应用程序代理有几个缓冲区溢出,允许远程攻击者执行命令。推断行动:- 2000 - 0165 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(2)墙,勒布朗投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0173:最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻参考:上海合作组织:某人- 00.08参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 00.08 a在上海合作组织UnixWare 7.1鳗鱼系统的脆弱性。x允许远程攻击者造成拒绝服务。推断行动:- 2000 - 0173 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受布莱克(1)无操作(3)墙,勒布朗,Ozancin投票:
- 上一页的日期:(临时)接受23候选人从最近的集群(最后的4/7)
- 下一个按日期:[最终]接受各种集群的23名候选人
- Prev线程:(临时)接受23候选人从最近的集群(最后的4/7)
- 下一个线程:[最终]接受各种集群的23名候选人
- 指数(es):
