(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
再保险(建议):集群RECENT-18 - 14的候选人
- 来:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 主题:再保险(建议):集群RECENT-18 - 14的候选人
- 从:aleph1@securityfocus.com
- 日期:2000年5月20日,星期六11:03:33 -0700
- Cc:cve-editorial-board-list@lists.mitre.org
- 交货日期:2000年5月20日14:03:43坐
- 在回复:<200005180056. uaa14651@basie.mitre.org>;从coley@LINUS.MITRE。ORG上结婚,2000年5月17日在08:56:28PM -0400
- 引用:<200005180056. uaa14651@basie.mitre.org>
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
* Steven m . Christey (coley@LINUS.MITRE.ORG)[000518 00:58]: >以下集群包含14个候选人宣布> 4月27日至5月17日,2000年。注意,这个集群不>包括所有这些日期之间的新问题;那些将被添加在未来发布>。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。 > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0303 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000503 > Category: SF > Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature > Reference: URL:http://xforce.iss.net/alerts/advise50.php3>参考:确认:http://www.quake3arena.com/万博下载包news/index.html> > Quake3领域允许恶意服务器运营商读取或修改>文件在客户端通过点点(. .)攻击。> > > ED_PRI - 2000 - 0303 1 > > >投票:修改参考:出价1169 > > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0304 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000508 >类别:科幻小说>参考:国际空间站:20000511 Microsoft IIS远程拒绝服务攻击>参考:网址:http://xforce.iss.net/alerts/advise52.php3>参考:女士:ms00 - 031 >参考:网址:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905> > Microsoft IIS 4.0和5.0 IISADMPWD虚拟目录>安装允许远程攻击者通过>导致拒绝servoce inetinfo畸形的请求。exe程序> > > ED_PRI - 2000 - 0304 1 > > >投票:修改参考:出价1191 > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0342 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:MISC:http://www.peacefire.org/security/stealthattach/explanation.html>参考:确认:http://万博下载包news.cnet.com/news/0 - 1005 - 200 - 1773077. - html?tag=st.ne.fd.lthd.1005 - 200 - 1773077>参考:报价:1157 >参考:网址:http://www.securityfocus.com/bid/1157> > Eudora 4。x允许远程攻击者绕过用户警告>执行附件指的是通过使用.lnk文件>附件。> > > ED_PRI - 2000 - 0342 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0346 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:BUGTRAQ: 20000502信息:AppleShare IP再南瓜安全缺陷>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com>参考:确认:http://asu.info.apple.com/swupdates.nsf/artnum/n11670>参考:报价:1162 >参考:网址:http://www.securityfocus.com/bid/1162> > AppleShare IP 6.1和以后可能允许远程攻击者读取>敏感信息通过一个无效的范围请求到web服务器> > > > ED_PRI - 2000 - 0346 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0350 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000516 >类别:科幻小说>参考:MISC:http://www.securityfocus.com/templates/advisory.html?id=2220>参考:确认:http://advice.networkice.com/advice/Support/KB/q000166/> >调试功能NetworkICE冰盖2.0.23 >启用早些时候,它允许远程攻击者绕过弱者>身份验证和加密后的事件。> > > ED_PRI - 2000 - 0350 2 > > >投票:修改参考:出价1216 > > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0332 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:BUGTRAQ: 20000502玩UltraBoard V1.6X >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com>参考:报价:1164 >参考:网址:http://www.securityfocus.com/bid/1164> > UltraBoard。pl或UltraBoard。cgi cgi脚本UltraBoard 1.6允许远程攻击者>读取任意文件通过一个路径名字符串>包括点点(. .)和结尾空字节。> > > ED_PRI - 2000 - 0332 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0333 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:BUGTRAQ: 20000502拒绝服务攻击tcpdump >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.sol.4.10.10005021942380.2077 - 100000 @paranoia.pgci.ca>参考:报价:1165 >参考:网址:http://www.securityfocus.com/bid/1165> > tcpdump、轻盈和其他嗅探包允许远程攻击者>通过畸形引起拒绝服务的DNS数据包跳>抵消指本身,导致tcpdump进入无限循环>同时解压包。> > > ED_PRI - 2000 - 0333 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0335 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:BUGTRAQ: 20000502 glibc解析器弱点>参考:报价:1166 >参考:网址:http://www.securityfocus.com/bid/1166> > glibc 2.1.3中的解析器使用可预测的id,它允许本地攻击者>恶搞DNS查询结果。> > > ED_PRI - 2000 - 0335 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0340 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:BUGTRAQ: 20000428 SuSE 6.3 Gnomelib缓冲区溢出>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub>参考:报价:1155 >参考:网址:http://www.securityfocus.com/bid/1155> >缓冲区溢出在SuSE Linux 6.3 Gnomelib允许本地用户>执行任意命令通过显示环境变量。> > > ED_PRI - 2000 - 0340 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0341 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:NTBUGTRAQ: 20000501远程DoS攻击在卡桑德拉NNTPServer v1.10从心房>参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2>参考:报价:1156 >参考:网址:http://www.securityfocus.com/bid/1156> >心房卡桑德拉NNTP服务器1.10允许远程攻击者造成>拒绝服务通过一个漫长的登录名。> > > ED_PRI - 2000 - 0341 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0343 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:BUGTRAQ: 20000502 spj - 003 - 000 - S0ftPj咨询>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005021736.TAA01991@ALuSSi>参考:报价:1158 >参考:网址:http://www.securityfocus.com/bid/1158> > Sniffit 0.3中缓冲区溢出。x - l日志记录选项启用>允许远程攻击者执行任意命令通过一个长的邮件>从邮件标题。> > > ED_PRI - 2000 - 0343 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0344 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:BUGTRAQ: 20000501 Linux knfsd DoS问题>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0005012042550.6419 - 100000 @ferret.lmh.ox.ac.uk>参考:报价:1160 >参考:网址:http://www.securityfocus.com/bid/1160> > knfsd NFS服务器的Linux内核2.2。x允许远程攻击者>引起拒绝服务通过一个负面的价值大小。> > > ED_PRI - 2000 - 0344 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0345 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:BUGTRAQ: 20000502可能的问题与思科在线帮助吗?>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com>参考:报价:1161 >参考:网址:http://www.securityfocus.com/bid/1161> >在线帮助系统选项在Cisco路由器允许非特权>用户“启用”访问获取敏感信息通过>显示命令。> > > ED_PRI - 2000 - 0345 3 > > >投票:可以说这不是一个弱点。思科回复说这是标准的行为,只是没有良好的文档记录。他们没有计划改变,只会记录它更好。> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0347 >发表:>最终决定:>阶段性裁决::>修改>提出:20000518 >分配:20000511 >类别:科幻小说>参考:NTBUGTRAQ: 20000501 el8.org咨询——赢得95/98 DoS (RFParalyze.c) >参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2>参考:报价:1163 >参考:网址:http://www.securityfocus.com/bid/1163> > Windows 95, Windows 98允许远程攻击者通过NETBIOS引起拒绝服务>会话请求包和一个零源名称。> > > ED_PRI - 2000 - 0347 3 > > >投票接受——伊莱亚斯利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船
- 引用:
- (提案)集群RECENT-18 - 14的候选人
- 来自:“Steven m . Christey”< coley@linus.mitre.org >
- (提案)集群RECENT-18 - 14的候选人
- 上一页的日期:Fwd: IP:这是一次媒体开始标记这些病毒正确!
- 下一个按日期:再保险(建议):集群商- 15的候选人
- Prev线程:(提案)集群RECENT-18 - 14的候选人
- 下一个线程:(CVEPRI)下一阶段网络犯罪公约声明
- 指数(es):
