(提案)集群近15 - 29岁的候选人

下面的集群包含29候选人宣布3月26日至4月12日,2000年。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0251 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: HP:HPSBUX0004-112 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html参考:报价:1090参考:网址:http://www.securityfocus.com/bid/1090hp - ux 11.04 VirtualVault (VVOS)将数据发送给贫穷的进程通过一个接口,多个别名IP地址。ED_PRI - 2000 - 0251 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0258:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:女士:ms00 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 023. - asp参考:报价:1101参考:网址:http://www.securityfocus.com/bid/1101IIS 4.0和5.0允许远程攻击者造成拒绝服务通过发送很多url与大量的转义字符,又名“无数逃脱字符”的弱点。ED_PRI - 2000 - 0258 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0277:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:女士:ms00 - 022参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 022. - asp参考:报价:1087参考:网址:http://www.securityfocus.com/bid/1087Microsoft Excel 97和2000不警告用户在执行Excel宏语言(XLM)宏在外部文本文件,这可能允许攻击者执行一个宏观的病毒,又名“XLM文本”宏观脆弱性。ED_PRI - 2000 - 0277 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0294:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻/ CF / MP / SA / /未知参考:FREEBSD: FreeBSD-SA-00:12参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2162参考:报价:1107参考:网址:http://www.securityfocus.com/bid/1107缓冲区溢出的healthd FreeBSD允许本地用户获得根权限。ED_PRI - 2000 - 0294 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0297:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:阿莱尔:ASB00-06参考:网址:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full参考:报价:1085参考:网址:http://www.securityfocus.com/bid/1085阿莱尔论坛2.0.5允许远程攻击者绕过访问限制安全会议通过rightAccessAllForums或rightModerateAllForums变量。ED_PRI - 2000 - 0297 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0261:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000415(无主题)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html参考:BUGTRAQ: 20000418 AVM的声明引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com参考:报价:1103参考:网址:http://www.securityfocus.com/bid/1103AVM肯!web服务器允许远程攻击者读取任意文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0261 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0262:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000415(无主题)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html参考:BUGTRAQ: 20000418 AVM的声明引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com参考:报价:1103参考:网址:http://www.securityfocus.com/bid/1103AVM肯!ISDN代理服务器允许远程攻击者通过畸形引起拒绝服务请求。ED_PRI - 2000 - 0262 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0274:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000410 linux受托人1.5长路径名脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html参考:MISC:http://www.braysystems.com/linux/trustees.html参考:报价:1096参考:网址:http://www.securityfocus.com/bid/1096Linux内核补丁允许攻击者造成受托人拒绝服务通过访问一个文件或目录的名称。ED_PRI - 2000 - 0274 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0279:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000407 BeOS网络DOS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html参考:MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312参考:报价:1100参考:网址:http://www.securityfocus.com/bid/1100BeOS允许远程攻击者通过畸形引起拒绝服务包的长度小于头部的长度。ED_PRI - 2000 - 0279 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0255:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000405银背大猩猩安全顾问:Nbase-Xyplex DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html参考:报价:1091参考:网址:http://www.securityfocus.com/bid/1091的Nbase-Xyplex EdgeBlaster路由器允许远程攻击者通过扫描引起拒绝服务FormMail CGI程序。ED_PRI - 2000 - 0255 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0259:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:CF参考:女士:ms00 - 024参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 024. - asp参考:报价:1105参考:网址:http://www.securityfocus.com/bid/1105的默认权限加密\ OffloadModExpo卸载注册表键使用的Windows NT 4.0允许本地用户获取其他用户的密钥妥协。ED_PRI - 2000 - 0259 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0273:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000409一个有趣的DOS pcANYWHERE8.0和9.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html参考:报价:1095参考:网址:http://www.securityfocus.com/bid/1095PCAnywhere允许远程攻击者造成拒绝服务之前终止连接PCAnywhere提供一个登录提示。ED_PRI - 2000 - 0273 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0275:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:L0PHT: 20000410 CRYPTOCard PalmToken销提取参考:网址:http://www.l0pht.com/advisories/cc-pinextract.txt参考:BUGTRAQ: 20000410 CRYPTOAdmin 4.1服务器与PalmPilot PT-1牌1.04销提取离子参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0033.html参考:报价:1097参考:网址:http://www.securityfocus.com/bid/1097CRYPTOCard CryptoAdmin PalmOS使用弱加密存储用户的密码,它允许攻击者访问.PDB文件生成有效PT-1销断裂的令牌之后。ED_PRI - 2000 - 0275 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0276:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000410 BeOS系统调用错误引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com参考:报价:1098参考:网址:http://www.securityfocus.com/bid/1098BeOS 4.5和5.0允许本地用户通过畸形直接导致拒绝服务系统调用使用中断37。ED_PRI - 2000 - 0276 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0278:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000331 SalesLogix触摸屏Web应用程序错误:URL请求崩溃触摸屏Web应用程序参考:网址:http://archives.neohapsis.com/archives/bugtraq/current/0006.html参考:报价:1089参考:网址:http://www.securityfocus.com/bid/1089的SalesLogix触摸屏允许远程攻击者造成拒绝服务通过访问的URL slxweb。dll管理程序,不验证用户。ED_PRI - 2000 - 0278 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0280:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000403 Win32 RealPlayer 6/7缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0018.html参考:报价:1088参考:网址:http://www.securityfocus.com/bid/1088缓冲区溢出的RealNetworks RealPlayer客户机版本6和7允许远程攻击者造成拒绝服务通过一个长URL位置。ED_PRI - 2000 - 0280 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0281:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000326小小的napster错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0277.html参考:BUGTRAQ: 20000330 Napster公司应对Colten爱德华兹参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0299.html在Napster客户端缓冲区溢出β5允许远程攻击者通过长消息引起拒绝服务。ED_PRI - 2000 - 0281 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0282:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000412 TalentSoft Web +输入验证错误漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html参考:报价:1102参考:网址:http://www.securityfocus.com/bid/1102TalentSoft webpsvr守护进程在Web +购物车应用程序允许远程攻击者读取任意文件通过一个. .(点点)攻击webplus CGI程序。ED_PRI - 2000 - 0282 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0283:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:CF参考:BUGTRAQ: 20000412性能副驾驶员IRIX 6.5参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html参考:报价:1106参考:网址:http://www.securityfocus.com/bid/1106默认安装IRIX性能副驾驶系统允许远程攻击者访问敏感信息通过pmcd守护进程。ED_PRI - 2000 - 0283 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0287:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000412 BizDB搜索脚本在服务器上启用Shell命令执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html参考:报价:1104参考:网址:http://www.securityfocus.com/bid/1104bizdb-search BizDB CGI脚本。cgi允许远程攻击者通过shell元字符dbname执行任意命令参数。ED_PRI - 2000 - 0287 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0288:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000412 Infonautic getdoc。cgi可能允许未经授权的用户访问文件参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0049.htmlInfonautics getdoc。cgi允许远程攻击者绕过访问文档的付款阶段通过改良型变量。ED_PRI - 2000 - 0288 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0289:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000327与Linux 2.2的安全问题。x IP伪装参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html参考:报价:1078参考:网址:http://www.securityfocus.com/bid/1078在Linux 2.2 IP伪装。x允许远程攻击者通过内部接口路由UDP数据包通过修改外部源IP地址和端口号匹配建立连接。ED_PRI - 2000 - 0289 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0290:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000331 Webstar 4.0缓冲区溢出漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html缓冲区溢出Webstar HTTP服务器允许远程攻击者造成拒绝服务通过一个GET请求。ED_PRI - 2000 - 0290 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0296:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000331 fcheck v.2.7.45和不安全使用Perl的系统()参考:网址:http://archives.neohapsis.com/archives/bugtraq/current/0011.html参考:报价:1086参考:网址:http://www.securityfocus.com/bid/1086fcheck允许本地用户获得特权将shell元字符嵌入由fcheck处理文件名。ED_PRI - 2000 - 0296 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0298:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:CF参考:NTBUGTRAQ: 20000407所有用户启动文件夹敞开如果无人值守安装和OEMP重新安装= 1参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html无人值守安装Windows 2000 OEMPreinstall选项集的不安全的所有用户和默认用户目录的权限。ED_PRI - 2000 - 0298 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0299:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000404 WebObjects DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0020.html在WebObjects缓冲区溢出。exe WebObjects Developer 4.5包允许远程攻击者通过一个HTTP请求导致拒绝服务等长的头接受。ED_PRI - 2000 - 0299 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0300:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000405 PcAnywhere弱密码加密参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000406030958.23902.qmail@securityfocus.com参考:报价:1093参考:网址:http://www.securityfocus.com/bid/1093的默认加密方法PcAnywhere 9。x使用弱加密,它允许远程攻击者嗅嗅和解密PcAnywhere或NT域帐户。ED_PRI - 2000 - 0300 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0301:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000405 Re: IMAIL (Ipswitch) DoS尤朵拉(高通)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95507019226096&w=2参考:报价:1094参考:网址:http://www.securityfocus.com/bid/1094Ipswitch IMAIL server 6.02和更早的允许远程攻击者通过身份验证cram -导致拒绝服务命令。ED_PRI - 2000 - 0301 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0302:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000331警报:女士索引服务器(CISADV000330)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95453598317340&w=2参考:女士:ms00 - 006参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 006. - asp参考:报价:1084参考:网址:http://www.securityfocus.com/bid/1084微软索引服务器,远程攻击者可以查看通过附加一个ASP的源代码文件% 20的文件名CiWebHitsFile参数null。htw URL。ED_PRI - 2000 - 0302 3投票: