(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(临时)接受31候选人从各种集群(最后的4/14)
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(临时):接受来自各种集群的31个候选人最后(4/14)
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:星期一,2000年4月10 23:02:30 -0400(美国东部时间)
- 交货日期:星期一4月10 23:02:49 2000
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我做了一个临时决定接受以下31个候选人从各种集群。周五我将做出最终决定,2000年4月14日。如果这些候选人接受,CVE的下一版本将超过600项。候选人来自以下集群:1网络12 UNIX-UNCONF RECENT-03 1 RECENT-05 6 RECENT-06 4 RECENT-07 2 RECENT-08 2 RECENT-09 1近10 1 RECENT-13选民:墙接受(1)等待(8)勒布朗等待(12)Ozancin接受(24)无操作(1)科尔接受莫尼耶(11)修改(1)接受(2)接受(2)Stracener接受主教(11)修改(3)弗雷希接受(4)修改(17)Christey等待(11)普罗塞接受布莱克(1)接受(5)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0676:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990808 sdtcm_convert参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org参考:XF: sun-sdtcm-convert参考:报价:575参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=575sdtcm_convert在Solaris 2.6允许本地用户覆盖敏感文件通过一个符号链接攻击。修改:修改DESC和XF / Bugtraq REF stdcm_convert sdtcm_convert。推断行动:- 1999 - 0676能接受(3接受,1 ack, 0评论)目前投票:接受(2)Stracener,弗伦奇等待Ozancin修改(1)(1)勒布朗评论:弗雷希> CHGREF XF: sun-sdtcm-convert弗雷希> CHGREF BUGTRAQ: 19990808 sdtcm_convert弗雷希>描述需要更改sdtcm_convert = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0711:最终决定:阶段性裁决:20000411修改:20000410 - 02年提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990430 *大*安全漏洞与人性化智能代理安装Oracle 8.0.5参考:网址:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1参考:BUGTRAQ: 19990506甲骨文安全后续补丁和FAQ: setuid oratclsh参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92609807906778&w=2参考:XF: oracle-oratclsh oratclsh解释器在Oracle 8。x智能代理Unix允许本地用户执行Tcl命令作为根。修改:CHANGEREF BUGTRAQ[添加日期]ADDREF BUGTRAQ: 19990506甲骨文安全后续补丁和FAQ: setuid oratclsh推断行动:- 1999 - 0711能接受(3接受,1 ack, 0评论)目前投票:接受(3)Stracener Ozancin,弗雷希无操作(2)Christey,勒布朗评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey > Bugtraq多个验证。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0720:最终决定:阶段性裁决:20000411修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD /猞猁/ vlock / mc / glibc 2.0。x参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355 - 300000 @nimue.ids.pl参考:报价:597参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=597参考:XF: linux-pt-chown pt_chown命令在Linux中允许本地用户修改遥控终端设备,属于其他用户。修改:ADDREF BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD /猞猁/ vlock / mc / glibc 2.0。x ADDREF网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355 - 300000 @nimue.ids.pl推断行动:- 1999 - 0720能接受(3接受,1 ack, 0评论)目前投票:接受(2)Ozancin,弗雷希修改(1)Stracener等待(1)勒布朗评论:Stracener >添加裁判:BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD Stracener > /猞猁/ Stracener > vlock / mc / glibc 2.0。x = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0747:最终决定:阶段性裁决:20000411修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990816对称多处理(SMP) Vulnerbility BSDi 4.0.1参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsi.4.10.9908170253560.19291 - 100000 @saturn.psn.net参考:报价:589参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=589参考:XF: bsdi-smp-dos拒绝服务在BSDi对称多处理(SMP)当一个函数调用时,系统有较高的CPU负载。修改:CHANGEREF BUGTRAQ[添加日期]推断行动:- 1999 - 0747能接受(3接受0 ack, 0评论)目前投票:接受(2)Ozancin,弗雷希修改(1)Stracener等待(2)Christey,勒布朗评论:Stracener >添加日期裁判上图:BUGTRAQ: 19990817对称…由供应商Christey >这个候选人是未经证实的。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0773:最终决定:阶段性裁决:20000411修改:建议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990511 Solaris2.6和2.7 lpset溢出参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017参考:XF: sol-lpset-bo缓冲区溢出在Solaris lpset程序允许本地用户获得根访问。推断行动:- 1999 - 0773能接受(3接受0 ack, 0评论)目前投票:接受(3)Stracener Ozancin,弗雷希无操作(2)Christey,勒布朗评论:Christey >这个候选人是由供应商未经证实的。发布的UNYUN Christey >影子企鹅安全。Christey > Christey >跟踪表明,利用有限的范围Christey >组14。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0790:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:19991214分配:19991125类别:科幻参考:MISC:http://home.netscape.com/security/notes/jscachebrowsing.html参考:XF:从网景netscape-javascript远程攻击者可以读取信息用户的缓存通过JavaScript。修改:ADDREF XF: netscape-javascript ADDREF MISC:http://home.netscape.com/security/notes/jscachebrowsing.html推断行动:- 1999 - 0790能接受(4接受,1 ack, 0评论)目前投票:接受(2)布莱克,Stracener修改(2)科尔,弗雷希无操作(1)Christey评论:科尔>被剥削是什么?Christey >http://home.netscape.com/security/notes/jscachebrowsing.html弗雷希> XF: netscape-javascript弗雷希>网景公司:http://home.netscape.com/security/notes/jscachebrowsing.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0799:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19970725可利用的缓冲区溢出在bootpd(大多数尤尼克公司)参考:XF: bootpd-bo bootpd 2.4.3缓冲区溢出,早些时候通过引导文件位置。修改:ADDREF XF: bootpd-bo推断行动:- 1999 - 0799能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener Ozancin修改(1)法国人评论:弗雷希> XF: bootpd-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0813:最终决定:阶段性裁决:20000411修改:20000410 - 02年提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990810严重bug在cfingerd 1.4.0参考:BUGTRAQ: 19980724 cfingerd根安全漏洞参考:DEBIAN: 19990814参考:XF: cfingerd-privileges cfingerd启用了ALLOW_EXECUTION不适当放弃特权时执行一个程序代表用户,允许本地用户获得根权限。修改:ADDREF DEBIAN: 19990814 ADDREF BUGTRAQ: 19980724 CFINGERD根安全漏洞DESC添加ALLOW_EXECUTION预选赛ADDREF XF: cfingerd-privileges推断行动:- 1999 - 0813 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Ozancin评论:弗雷希> XF: cfingerd-privileges = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0888:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990817安全漏洞在Oracle参考:XF: oracle-dbsnmp参考:报价:585参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=585dbsnmp在Oracle智能代理允许本地用户获得特权通过设置ORACLE_HOME环境变量,找到nmiconf dbsnmp使用。tcl脚本。修改:ADDREF XF: oracle-dbsnmp推断行动:- 1999 - 0888能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener Ozancin修改(1)法国人评论:弗雷希> XF: oracle-dbsnmp = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0903:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991025 IBM AIX包过滤模块参考:BUGTRAQ: 19991027 Re: IBM AIX包过滤模块(后续)参考:XF: aix-genfilt-filtering genfilt在AIX信息包过滤模块不正确过滤目的地端口流量大于32767。修改:ADDREF XF: aix-genfilt-filtering推断行动:- 1999 - 0903能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener Ozancin修改(1)法国人评论:弗雷希> XF: aix-genfilt-filtering = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0906:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990923 SuSE 6.2 sccw溢出利用参考:SuSE: 19990926安全漏洞sccw(第二部分)参考:报价:656参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=656参考:XF: linux-sccw-bo缓冲区溢出sccw允许本地用户获得root访问通过家庭环境变量。修改:ADDREF SUSE: 19990926安全漏洞sccw(第二部分)ADDREF XF: linux-sccw-bo推断行动:- 1999 - 0906能接受(3接受,1 ack, 0评论)目前投票:接受(1)Ozancin修改(2)Stracener弗雷希无操作(1)Christey评论:Stracener >添加裁判:SUSE:安全漏洞sccw(第二部分)26.09.1999 Christey > ADDREF SUSE: 19990926安全漏洞sccw(第二部分)弗雷希> XF: linux-sccw-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0958:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19980112 Re:洞MP-RAS sudo。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=21.5参考:XF: sudo-dot-dot-attack sudo。x允许本地用户执行任意命令通过一个. .(点点)攻击。修改:ADDREF XF: sudo-dot-dot-attack推断行动:- 1999 - 0958能接受(4接受,1 ack, 0评论)目前投票:接受(3)Stracener Ozancin,贝弗伦奇等待修改(1)(2)Christey,勒布朗评论:Christey > Bugtraq跟踪确认。弗雷希> XF: sudo-dot-dot-attack = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0961:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19960921在惠普sysdiag Vunerability吗?参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2参考:CIAC: H-03参考:XF: hp-sysdiag-symlink HPUX sysdiag允许本地用户获得根权限通过日志文件创建符号链接攻击。修改:ADDREF CIAC: H-03 ADDREF XF: hp-sysdiag-symlink推断行动:- 1999 - 0961能接受(4接受,1 ack, 0评论)目前投票:接受(3)Stracener Ozancin,贝弗伦奇等待修改(1)(2)Christey,勒布朗评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey > Bugtraq跟踪验证了两个海报。弗雷希> XF: hp-sysdiag-symlink弗雷希>描述与hp - ux应该开始,不是HPUX。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 1008:最终决定:阶段性裁决:20000411修改:20000410 - 02年提议:19991222分配:19991221类别:科幻参考:BUGTRAQ: 19991215 FreeBSD 3.3 xsoldier根利用参考:MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2参考:报价:871参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=871参考:XF: unix-xsoldier-overflow xsoldier程序允许本地用户获得root访问通过很长一段的论点。修改:ADDREF XF: unix-xsoldier-overflow推断行动:- 1999 - 1008能接受(4接受,0 ack, 0评论)目前投票:接受(3)科尔,Stracener,布莱克弗伦奇等待修改(1)(3)墙,Christey,勒布朗评论:弗雷希> XF: unix-xsoldier-overflow Christey >在freebsd-security确认邮件列表。布莱克>确认邮件列表上相当于供应商确认在我布莱克>。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0044:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000105安全警报——战争FTP守护进程所有版本参考:报价:919参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=919参考:XF: warftp-macro-access-files宏在战争中FTP 1.70和1.67 b2允许本地或远程攻击者读取任意文件或执行命令。修改:ADDREF XF: warftp-macro-access-files推断行动:- 2000 - 0044 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Ozancin修改(1)法国人评论:弗雷希> XF: warftp-macro-access-files = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0052:最终决定:阶段性裁决:20000411修改:20000204 - 01提议:20000125分配:20000122类别:科幻参考:L0PHT: 20000104 PamSlam参考:网址:http://www.l0pht.com/advisories/pam_advisory参考:REDHAT: RHSA-2000:001-01参考:网址:http://www.redhat.com/support/errata/rhsa2000001 - 03. - html参考:XF: linux-pam-userhelper参考:网址:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper参考:报价:913参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=913Red Hat userhelper项目usermode包允许本地用户获得root访问通过PAM和. .(点点)攻击。修改:ADDREF XF: linux-pam-userhelper推断行动:- 2000 - 0052 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Ozancin修改(1)法国人评论:弗雷希> XF: linux-pam-userhelper = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0053:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:女士:ms00 - 001参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 001. - asp参考:MSKB: Q246731参考:报价:912参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=912参考:XF: mcis-malformed-imap微软商业网络系统(mci) IMAP服务器允许远程攻击者通过IMAP畸形引起拒绝服务请求。修改:ADDREF XF: mcis-malformed-imap推断行动:- 2000 - 0053 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(1)普罗塞修改(1)法国人评论:弗雷希> XF: mcis-malformed-imap = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0057:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:阿莱尔:ASB00-03参考:网址:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full参考:XF: coldfusion-cfcache参考:报价:917参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=917冷聚变CFCACHE标记的地方临时缓存文件在web文档根,允许远程攻击者获得敏感的系统信息。修改:ADDREF XF: coldfusion-cfcache推断行动:- 2000 - 0057 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Ozancin修改(1)法国人评论:弗雷希> XF: coldfusion-cfcache = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0062:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000104 (petrilli@digicool.com: [Zope]安全警报)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net参考:报价:922参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=922参考:XF: zope-dtml DTML实现Z对象发布环境(Zope)允许远程攻击者进行未经授权的活动。修改:ADDREF XF: zope-dtml推断行动:- 2000 - 0062 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Ozancin修改(1)法国人评论:弗雷希> XF: zope-dtml = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0073:最终决定:阶段性裁决:20000411修改:20000204 - 01提议:20000125分配:20000122类别:科幻参考:女士:ms00 - 005参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 005. - asp参考:MSKB: Q249973参考:XF: win-malformed-rtf-control-word参考:网址:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word缓冲区溢出在微软富文本格式(RTF)阅读器允许攻击者通过畸形引起拒绝服务控制字。修改:ADDREF XF: win-malformed-rtf-control-word推断行动:- 2000 - 0073 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(1)Ozancin修改(1)法国人评论:弗雷希> ADDREF XF: win-malformed-rtf-control-word = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0083:最终决定:阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:惠普:hpsbux0001 - 109参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2031参考:XF: hp-audio-security-perms惠普asecure创建音频安全文件音频。证交会与不安全的权限,允许本地用户造成拒绝服务或获得更多的特权。修改:ADDREF XF: hp-audio-security-perms推断行动:- 2000 - 0083 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Ozancin修改(1)法国人评论:弗雷希> XF: hp-audio-security-perms = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0091:最终决定:阶段性裁决:20000411修改:20000403 - 01提议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000122远程根qmail-pop vpopmail咨询和开发补丁参考:BUGTRAQ: 20000123 Re: vpopmail / vchkpw远程根利用参考:报价:942参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=942参考:MISC:http://www.inter7.com/vpopmail/ChangeLog参考:MISC:http://www.inter7.com/vpopmail/缓冲区溢出在vchkpw / vpopmail流行身份验证包允许远程攻击者获得根权限通过很长的用户名或密码。修改:ADDREF MISC:http://www.inter7.com/vpopmail/ChangeLogADDREF MISC:http://www.inter7.com/vpopmail/推断行动:- 2000 - 0091 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0095:最终决定:阶段性裁决:20000411修改:建议:20000208分配:20000202类别:科幻参考:惠普:hpsbux0001 - 110参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2041参考:报价:944参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=944hp - ux 10.30和11.00使用的PMTU发现过程来确定最优MTU生成大量的交通在应对小数据包,允许远程攻击者使系统用作包放大器。推断行动:- 2000 - 0095 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0099:最终决定:阶段性裁决:20000411修改:建议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000119 Unixware ppptalk参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94840959614790&w=2缓冲区溢出在UnixWare ppptalk命令允许本地用户获得特权通过长提示参数。推断行动:- 2000 - 0099 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0100:最终决定:阶段性裁决:20000411修改:20000321 - 01提议:20000208分配:20000202类别:CF参考:NTBUGTRAQ: 20000115安全漏洞与2.0短信远程控制参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html参考:女士:ms00 - 012参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 012. - asp手机短信远程控制的程序安装不安全的权限,它允许本地用户获得特权通过修改或替换程序。修改:ADDREF女士:ms00 - 012的行动:- 2000 - 0100 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0107:最终决定:阶段性裁决:20000411修改:建议:20000208分配:20000208类别:科幻参考:DEBIAN: 20000201参考:网址:http://www.debian.org/security/2000/20000201参考:报价:958参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=958Linux成人计划允许本地攻击者修改任意文件通过一个符号链接攻击。推断行动:- 2000 - 0107 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0131:最终决定:阶段性裁决:20000411修改:建议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000201 war-ftpd 1.6 x DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2参考:报价:966参考:网址:http://www.securityfocus.com/bid/966在战争中缓冲区溢出FTPd 1.6 x允许用户通过长MKD和慢性消耗病引起拒绝服务的命令。推断行动:- 2000 - 0131 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待(2)墙,Christey评论:Christey >供应商承认,这是一个DoShttp://war.jgaa.com/alert/= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0140:最终决定:阶段性裁决:20000411修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2参考:NTBUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:报价:980参考:网址:http://www.securityfocus.com/bid/980互联网在任何地方POP3邮件服务器允许远程攻击者通过大量导致拒绝服务的连接。推断行动:- 2000 - 0140能接受(3接受0 ack, 0评论)目前投票:接受(3)主教,科尔,布莱克等待(2)勒布朗,Christey评论:Christey >这个候选人是由供应商未经证实的。田中伸男(Nobuo Miwa Christey > Christey >报道,主持人BUGTRAQ-JP。布莱克>一样可以- 2000 - 0139。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0144:最终决定:阶段性裁决:20000411修改:建议:20000216分配:20000216类别:科幻参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html参考:BUGTRAQ: 20000207 Infosec.20000207.axis700。参考:报价:971参考:网址:http://www.securityfocus.com/bid/971轴700网络扫描仪不适当限制对管理员的访问的url,它允许用户绕过密码保护通过. .(点点)攻击。推断行动:- 2000 - 0144能接受(3接受0 ack, 0评论)目前投票:接受(3)主教,科尔,布莱克等待(2)勒布朗,Christey评论:Christey >海报声称厂商已经发布了一个补丁。布莱克>其实,海报表明,他们忽略了这个问题。然而,布雷克>非常简单,似乎不太可能被搞砸了布莱克>。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0159:最终决定:阶段性裁决:20000411修改:建议:20000223分配:20000223类别:科幻参考:惠普:hpsbux0002 - 111参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org惠普Ignite-UX不拯救/ etc / passwd当它创建一个可信的形象系统,可以将密码字段设置为空白,让攻击者获得特权。推断行动:- 2000 - 0159 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0183:最终决定:阶段性裁决:20000411修改:建议:20000322分配:20000322类别:科幻参考:BUGTRAQ:前轮驱动:20000310 ircii - 4.4:缓冲区溢出参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html参考:报价:1046参考:网址:http://www.securityfocus.com/bid/1046缓冲区溢出ircII 4.4 IRC客户机允许远程攻击者执行命令通过DCC聊天功能。推断行动:- 2000 - 0183能接受(3接受0 ack, 0评论)目前投票:接受(3)布莱克,Ozancin,科尔等待(2)墙,勒布朗
- 上一页的日期:[CVEPRI] CVE 20000410发布版本
- 下一个按日期:(提案)集群RECENT-14 - 22的候选人
- Prev线程:[CVEPRI] CVE 20000410发布版本
- 下一个线程:(提案)集群RECENT-14 - 22的候选人
- 指数(es):
