(日期:][日期下][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-16 - 25的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-16 - 25的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2000年4月25日,星期二22:11:40 -0400(美国东部时间)
- 交货日期:2000年4月25日22:11:49星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含25个候选人宣布4月14日至4月24日,2000年。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0256 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: MS:MS00-028 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 028. - asp参考:报价:1117参考:网址:http://www.securityfocus.com/bid/1117在htimage缓冲区溢出。exe和Imagemap。exe在97年和98年网页设计服务器扩展允许用户进行活动,否则将无法通过网站,又名“服务器端图像映射组件”的弱点。ED_PRI - 2000 - 0256 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0260:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:女士:ms00 - 025参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 025. - asp参考:报价:1109参考:网址:http://www.securityfocus.com/bid/1109dvwssr缓冲区溢出。dll dll在微软Visual Interdev 1.0允许用户造成拒绝服务或执行命令,又名“链接视图服务器端组件”的弱点。ED_PRI - 2000 - 0260 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0267:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:思科:20000419 CISCO Catalyst启用密码绕过漏洞参考:网址:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml参考:报价:1122参考:网址:http://www.securityfocus.com/bid/1122思科催化剂5.4。x允许用户访问“启用”模式没有密码。ED_PRI - 2000 - 0267 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0268:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:思科:20000420思科IOS软件远程登录选项处理漏洞参考:网址:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml参考:报价:1123参考:网址:http://www.securityfocus.com/bid/1123思科IOS 11。x和12。x允许远程攻击者造成拒绝服务通过发送环境选项Telnet守护进程之前准备好接受它,导致系统重新启动。ED_PRI - 2000 - 0268 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0264:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000417 bug的熊猫安全3.0参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es参考:报价:1119参考:网址:http://www.securityfocus.com/bid/1119熊猫安全3.0禁用注册表编辑允许用户通过直接编辑注册表并获得特权执行.reg文件或使用其他方法。ED_PRI - 2000 - 0264 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0265:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000417 bug的熊猫安全3.0参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es参考:报价:1119参考:网址:http://www.securityfocus.com/bid/1119熊猫熊猫安全3.0允许用户卸载软件通过添加/删除程序applet。ED_PRI - 2000 - 0265 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0248:最终决定:阶段性裁决:修改:建议:20000426分配:20000420类别:科幻/ CF / MP / SA / /未知参考:国际空间站:20000424后门密码在Red Hat Linux虚拟服务器包参考:REDHAT: RHSA-2000:014-10 Linux虚拟服务器的web GUI (lv)软件在Red Hat Linux食人鱼包中有一个后门passowrd允许远程攻击者执行任意命令。ED_PRI - 2000 - 0248 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0250:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000414 qnx地穴comprimised参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0072.html参考:报价:1114参考:网址:http://www.securityfocus.com/bid/1114安葬在QNX使用弱加密功能,它允许本地用户解密密码。ED_PRI - 2000 - 0250 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0252:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000411后门在商业购物车参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html参考:报价:1115参考:网址:http://www.securityfocus.com/bid/1115dansie购物车购物车应用程序。pl允许远程攻击者通过shell元字符执行命令的形式变量。ED_PRI - 2000 - 0252 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0253:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000411 Re:后门在商业购物车参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0061.html参考:报价:1115参考:网址:http://www.securityfocus.com/bid/1115dansie购物车购物车应用程序。pl允许远程攻击者修改敏感的购买信息通过隐藏表单字段。ED_PRI - 2000 - 0253 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0254:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000411 Re:后门在商业购物车参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0088.html参考:报价:1115参考:网址:http://www.securityfocus.com/bid/1115dansie购物车购物车应用程序。pl允许远程攻击者获取购物车数据库和配置信息通过一个URL引用env, db或var表单变量。ED_PRI - 2000 - 0254 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0257:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000418网络操作系统5.1 (server 5.00 h, 1999年12月11日)…参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0004171825340.10088 - 100000 @nimue.tpi.pl参考:报价:1118参考:网址:http://www.securityfocus.com/bid/1118缓冲区溢出的网络远程web管理实用程序允许远程攻击者造成拒绝服务或通过一个长URL执行命令。ED_PRI - 2000 - 0257 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0263:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 xfs参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html参考:报价:1111参考:网址:http://www.securityfocus.com/bid/1111X字体服务器xfs在Red Hat Linux 6。x允许攻击者通过畸形引起拒绝服务请求。ED_PRI - 2000 - 0263 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0266:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000418 IE 5安全vulnerablity——绕过满足安全策略使用Java / JavaScript(活跃和禁用脚本不是那么容易)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FC6130.D6D178FD@nat.bg参考:报价:1121参考:网址:http://www.securityfocus.com/bid/1121Internet Explorer 5.01允许远程攻击者绕过十字框架通过恶意applet安全政策与Java JSObject修改DOM属性设置IFRAME任意Javascript URL。ED_PRI - 2000 - 0266 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0269:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000418 RUS-CERT咨询200004 - 01:GNU Emacs 20参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de参考:报价:1125参考:网址:http://www.securityfocus.com/bid/1125Emacs 20不正确设置权限从属企业设备当开始一个新的子进程,它允许本地用户读取或修改Emacs和子进程之间的通信。ED_PRI - 2000 - 0269 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0270:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000418 RUS-CERT咨询200004 - 01:GNU Emacs 20参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de参考:报价:1125参考:网址:http://www.securityfocus.com/bid/1126Emacs 20中的make-temp-name Lisp函数创建临时文件和可预测的名称,它允许攻击者进行符号链接攻击。ED_PRI - 2000 - 0270 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0271:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000418 RUS-CERT咨询200004 - 01:GNU Emacs 20参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de参考:报价:1125参考:网址:http://www.securityfocus.com/bid/1125read-passwd和其他20在Emacs Lisp函数不正确清楚最近的历史类型的钥匙,它允许攻击者读取加密的密码。ED_PRI - 2000 - 0271 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0272:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000420远程DoS攻击真正的网络服务器漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2参考:报价:1128参考:网址:http://www.securityfocus.com/bid/1128RealNetworks RealServer的允许远程攻击者造成拒绝服务通过发送畸形的输入到服务器在端口7070上。ED_PRI - 2000 - 0272 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0284:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 imapd4r1 v12.264参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0074.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0085.html参考:报价:1110参考:网址:http://www.securityfocus.com/bid/1110缓冲区溢位在华盛顿大学imapd 4.7版本允许用户拥有一个有效的账户通过列表或其他命令执行命令。ED_PRI - 2000 - 0284 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0285:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 XFree86服务器溢出参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html缓冲区溢位XFree86 3.3。x允许本地用户执行任意命令通过一个长-xkbmap参数。ED_PRI - 2000 - 0285 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0286:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 xfs参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10004161525040.1186 @localhost——200000参考:报价:1111参考:网址:http://www.securityfocus.com/bid/1111X fontserver xfs允许本地用户通过畸形引起拒绝服务输入到服务器。ED_PRI - 2000 - 0286 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0291:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 StarOffice 5.1参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0077.html参考:报价:1112参考:网址:http://www.securityfocus.com/bid/1112缓冲区溢位明星办公室5.1允许攻击者造成拒绝服务在一个文档中嵌入一个长URL。ED_PRI - 2000 - 0291 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0292:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000418 Adtran DoS参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10004190908140.32750 - 100000 @localhost.localdomain参考:报价:1129参考:网址:http://www.securityfocus.com/bid/1129的Adtran MX2800 M13多路复用器允许远程攻击者通过ping洪水导致拒绝服务的以太网接口,导致设备崩溃。ED_PRI - 2000 - 0292 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0293:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000421本地用户可以删除任意文件在suse linux参考:报价:1130参考:网址:http://www.securityfocus.com/bid/1130aaa_base在SuSE Linux 6.3中,和cron。每天在早期版本,允许本地用户删除任意文件创建文件的名字包含空格,然后正确解释aaa_base时删除过期文件的/ tmp目录中。ED_PRI - 2000 - 0293 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0295:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000420远程漏洞LCDproc 0.4参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.1000421010946.15318i - 200000 @schizo.strange.net参考:报价:1131参考:网址:http://www.securityfocus.com/bid/1131缓冲区溢出LCDproc允许远程攻击者通过screen_add命令获得根权限。ED_PRI - 2000 - 0295 3投票:
- 上一页的日期:(提案)集群近15 - 29岁的候选人
- Prev线程:(提案)集群近15 - 29岁的候选人
- 指数(es):
