(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(临时)最近接受31候选人最后(7/12)
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(临时):最近接受31候选人最后(7/12)
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2000年7月6日星期四21:31:12 -0400(美国东部时间)
- 交货日期:2000年7月6日21:31:20星期四
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我做了一个临时决定接受以下31个候选人通过商从RECENT-01集群。我将在7月12日做出最终决定。集群的故障如下:1 RECENT-01 8 RECENT-04 2 RECENT-05 1 RECENT-07 1近10 1 RECENT-11 3 RECENT-13 1 RECENT-14 5近15 1 RECENT-16 7商选民:征收接受(7)修改(2)无操作(1)墙接受(3)无操作(16)审核(1)勒布朗接受(2)修改(1)等待(9)Ozancin接受(4)科尔接受(5)修改(1)等待(16)Stracener弗伦奇接受接受(16)修改(1)(1)修改(30)Dik接受(4)修改(2)Christey等待(8)Magdych修改(1)阿姆斯特朗接受(10)普罗塞接受布莱克(1)接受(3)无操作(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0820:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991130几个freebsd - 3.3漏洞参考:报价:838参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=838参考:XF: freebsd-seyon-dir-add FreeBSD seyon允许用户获得特权通过修改路径变量寻找xterm和seyon-emu命令。修改:ADDREF XF: freebsd-seyon-dir-add推断行动:- 1999 - 0820能接受(5接受0 ack, 0评论)目前投票:接受(3)阿姆斯特朗,Stracener,普罗塞修改(2)科尔,弗雷希无操作(2)Christey, Christey评论:科尔>实际上有几个vulenrabilities seyon允许用户提升特权,都弗雷希> XF: freebsd-seyon-dir-add Christey > ADDREF吗?火山口:综援- 1999 - 037.0普罗塞>同意也有早seyon措施报告,但在不同的地区。火山口公告指seyon问题,允许uucp特权。Christey >火山口咨询措辞含糊,所以不确定是否应该被添加。Eric指出,其他seyon问题中确定相关Bugtraq职位。它们是由可以- 1999 - 0863 - 1999 - 0821。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0001:最终决定:阶段性裁决:20000707修改:20000626 - 02年提议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991222 RealMedia Server 5.0破碎机(rmscrash.c)参考:报价:888参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=888参考:XF: realserver-ramgen-dos RealMedia服务器允许远程攻击者通过长ramgen引起拒绝服务请求。修改:ADDREF报价:888 ADDREF XF: realserver-ramgen-dos推断行动:- 2000 - 0001能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener,阿姆斯特朗修改(1)法国人评论:弗雷希> XF: realserver-ramgen-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0011:最终决定:阶段性裁决:20000707修改:20000626 - 03提议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991231本地/远程缓冲区溢出漏洞在AnalogX SimpleServer: WWW HTTP服务器v1.1参考:MISC:http://www.analogx.com/contents/download/network/sswww.htm参考:XF: simpleserver-get-bo参考:报价:906参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=906缓冲区溢出在AnalogX SimpleServer: WWW HTTP服务器允许远程攻击者执行命令通过一个GET请求。修改:DESC添加“http服务器”ADDREF MISC:http://www.analogx.com/contents/download/network/sswww.htmADDREF XF: simpleserver-get-bo推断行动:- 2000 - 0011能接受(3接受,1 ack, 0评论)目前投票:接受(2)Stracener,阿姆斯特朗修改(1)法国人评论:弗雷希> XF: simpleserver-get-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0013:最终决定:阶段性裁决:20000707修改:20000626 - 01提议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991231 irix-soundplayer。sh参考:XF: irix-soundplayer-symlink参考报价:909参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=909IRIX soundplayer程序允许本地用户获得特权,包括shell元字符. wav文件,这是通过midikeys程序执行。修改:DESC改变以反映soundplayer bug,指定正确的错误ADDREF XF: irix-soundplayer-symlink推断行动:- 2000 - 0013能接受(3接受0 ack, 0评论)目前投票:接受(1)阿姆斯特朗修改(2)Stracener弗雷希无操作(1)Christey评论:Christey >描述应该修改。这个问题不是一个符号链接攻击,而能够路由命令使用shell元字符。Stracener >这不是一个符号链接攻击。描述应该改变(见下文)。这是发生了什么:1)脚本创建了一个包含C代码的文件生成一个setuid壳牌在/ tmp编译和执行时,2)编译的C源文件输出到/ tmp / kungfoo, 3)执行midikeys 4)用户打开一个wav文件(通过soundplayer)并将文件保存为“foo; / tmp / kungfoo”。soundplayer中的“可利用的条件”是一种软件缺陷允许命令保存文件时(即分离。后,无论放置”;“soundplayer执行)。我建议的描述:“一个bug soundplayer (midikeys的一部分)允许用户保存命令分隔符(即的wav文件。“;”)和多个命令,导致执行任意代码。”Frech> XF:irix-soundplayer-symlink ================================= Candidate: CAN-2000-0015 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991231 tftpserv.sh Reference: BID:910 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=910参考:XF: cascadeview-tftp-symlink CascadeView TFTP服务器允许本地用户获得特权通过一个符号链接攻击。修改:ADDREF XF: cascadeview-tftp-symlink推断行动:- 2000 - 0015能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener,阿姆斯特朗修改(1)法国人评论:弗雷希> XF: cascadeview-tftp-symlink = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0018:最终决定:阶段性裁决:20000707修改:20000626 - 01提议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991221 Wmmon在FreeBSD参考:报价:885参考:XF: freebsd-wmmon-root-exploit Wmmon FreeBSD允许本地用户获得特权通过.wmmonrc配置文件。修改:ADDREF XF: freebsd-wmmon-root-exploit ADDREF报价:885推断行动:- 2000 - 0018能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener,阿姆斯特朗修改(1)法国人评论:弗雷希> XF: freebsd-wmmon-root-exploit = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0030:最终决定:阶段性裁决:20000707修改:20000626 - 01提议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991222 Solaris 2.7 dmispd参考本地/远程问题:XF: sol-dmispd-fill-disk参考:报价:878 Solaris dmispd dmi_cmd允许本地用户填满磁盘空间限制通过添加文件到/var/dmi/db数据库。修改:ADDREF XF: sol-dmispd-fill-disk ADDREF报价:878推断行动:- 2000 - 0030能接受(4接受,1 ack, 0评论)目前投票:接受(3)Stracener,阿姆斯特朗,Dik修改(1)法国人评论:弗雷希> XF: sol-dmispd-fill-disk = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0032:最终决定:阶段性裁决:20000707修改:20000626 - 01提议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991222 Solaris 2.7 dmispd参考本地/远程问题:XF: sol-dmispd-dos参考:报价:878 Solaris dmi_cmd允许本地用户崩溃dmispd守护进程通过添加一个畸形/var/dmi/db数据库文件。修改:ADDREF XF: sol-dmispd-dos ADDREF报价:878推断行动:- 2000 - 0032能接受(4接受,1 ack, 0评论)目前投票:接受(3)Stracener,阿姆斯特朗,Dik修改(1)法国人评论:弗雷希> XF: sol-dmispd-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0034:最终决定:阶段性裁决:20000707修改:20000626 - 01提议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991222更多网景密码可用。参考:XF: netscape-password-preferences Netscape 4.7记录用户密码的偏好。js文件在IMAP或流行,即使用户不启用“记住密码”。Modifications: ADDREF XF:netscape-password-preferences INFERRED ACTION: CAN-2000-0034 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:netscape-password-preferences ================================= Candidate: CAN-2000-0045 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling. Reference: BUGTRAQ:20000113 New MySQL Available Reference: XF:mysql-pwd-grant Reference: BID:926 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=926MySQL允许本地用户修改密码为任意的MySQL用户通过授予特权。修改:ADDREF XF: mysql-pwd-grant推断行动:- 2000 - 0045 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: mysql-pwd-grant = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0076:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 19991230 vibackup。sh参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2参考:DEBIAN: 20000109 nvi:不正确的引导脚本参考文件删除:网址:http://www.debian.org/security/2000/20000108参考:XF: nvi-delete-files nviboot引导脚本在Debian nvi包允许本地用户删除文件通过在vi.recover畸形的条目。修改:ADDREF XF: nvi-delete-files推断行动:- 2000 - 0076 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(3)征税,墙,科尔评论:弗雷希> XF: nvi-delete-files = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0092:最终决定:阶段性裁决:20000707修改:20000626 - 01提议:20000208分配:20000202类别:科幻参考:FREEBSD: FreeBSD-SA-00:01参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc参考:报价:939参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=939参考:XF: gnu-makefile-tmp-root BSD使程序允许本地用户修改文件通过一个符号链接攻击时使用- j选项。修改:ADDREF XF: gnu-makefile-tmp-root推断行动:- 2000 - 0092 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(2)墙,科尔评论:科尔>请改变我从审查到等待,我不能找到我的信息寻找弗雷希> XF: gnu-makefile-tmp-root = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0157:最终决定:阶段性裁决:20000707修改:20000321 - 01提议:20000223分配:20000223类别:科幻参考:NETBSD: 1999 - 012参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa1999 txt.asc——012.参考:XF: netbsd-ptrace NetBSD ptrace呼吁VAX允许本地用户获得特权在调试过程中通过修改PSL内容。修改:ADDREF XF: netbsd-ptrace推断行动:- 2000 - 0157 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: netbsd-ptrace = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0168:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000306 con \ con是个老东西(不管怎样很酷)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0087.html参考:女士:ms00 - 017参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2126参考:报价:1043参考:网址:http://www.securityfocus.com/bid/1043参考:XF: win-dos-devicename-dos Microsoft Windows 9 x操作系统允许攻击者造成拒绝服务通过一个文件路径名,包括设备名称,即“DOS设备路径名”的弱点。修改:ADDREF XF: win-dos-devicename-dos DESC(添加版本)的行动:- 2000 - 0168 ACCEPT_REV(5接受,1 ack, 1审查)目前投票:接受(3)布莱克,Ozancin,科尔修改(2)勒布朗,弗雷希回顾(1)墙评论:勒布朗>这只会影响都不是Windows NT或Windows 2000弗雷希> XF: win-dos-devicename-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0174:最终决定:阶段性裁决:20000707修改:20000626 - 01提议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000308(安全000309. exp.1.4] StarScheduler (StarOffice)漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html参考:报价:1040参考:网址:http://www.securityfocus.com/bid/1040参考:XF: staroffice-scheduler-fileread StarOffice StarScheduler web服务器允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: staroffice-scheduler-fileread推断行动:- 2000 - 0174能接受(4接受,1 ack, 0评论)目前投票:接受(3)布莱克,Ozancin,弗伦奇等待Dik修改(1)(4)墙,勒布朗,科尔,Christey评论:Christey >太阳补丁ID 109185,日期为2000年3月27日报道在SD # 73159,“shttpd安全问题。本使用StarSchedule服务器。”But did they fix 2000-0174, 2000-0175, or both? Frech> XF:staroffice-scheduler-fileread ================================= Candidate: CAN-2000-0175 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html参考:XF: staroffice-scheduler-bo参考:报价:1039参考:网址:http://www.securityfocus.com/bid/1039缓冲区溢出的StarOffice StarScheduler web服务器允许远程攻击者获得root访问通过GET命令。修改:ADDREF XF: staroffice-scheduler-bo推断行动:- 2000 - 0175能接受(4接受,1 ack, 0评论)目前投票:接受(3)布莱克,Ozancin,弗伦奇等待Dik修改(1)(4)墙,勒布朗,科尔,Christey评论:Christey >太阳补丁ID 109185,日期为2000年3月27日报道在SD # 73159,“shttpd安全问题。本使用StarSchedule服务器。”But did they fix 2000-0174, 2000-0175, or both? Frech> XF:staroffice-scheduler-bo ================================= Candidate: CAN-2000-0195 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html参考:报价:1008参考:网址:http://www.securityfocus.com/bid/1008参考:XF: corel-linux-setxconf-root setxconf Corel Linux允许本地用户获得root访问通过- t参数,它执行用户的.xserverrc文件。推断行动:- 2000 - 0195能接受(3接受0 ack, 0评论)目前投票:接受(2)阿姆斯特朗,弗伦奇等待Ozancin修改(1)(4)墙,布莱克,勒布朗,科尔评论:弗雷希> XF: corel-linux-setxconf-root = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0236:最终决定:阶段性裁决:20000707修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000317(安全000317. exp.1.5]网景企业服务器和‘?wp的标签参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0191.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0238.html参考:报价:1063参考:网址:http://www.securityfocus.com/bid/1063参考:XF: netscape-server-directory-indexing网景Enterprise Server启用了Web发布允许远程攻击者通过Web发布服务器目录列表标签如? wp-ver-info和? wp-cs-dump。推断行动:- 2000 - 0236能接受(3接受0 ack, 0评论)目前投票:接受(2)抑郁症,科尔修改(1)Magdych评论:Magdych >改变第一个实例“Web发布”到“目录索引”。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0251:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000426分配:20000426类别:科幻参考:惠普:hpsbux0004 - 112参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html参考:报价:1090参考:网址:http://www.securityfocus.com/bid/1090参考:XF: hp-virtual-vault hp - ux 11.04 VirtualVault (VVOS)将数据发送给贫穷的进程通过一个接口,多个别名IP地址。修改:ADDREF XF: hp-virtual-vault推断行动:- 2000 - 0251 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(2)墙,科尔评论:弗雷希> XF: hp-virtual-vault = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0261:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000415(无主题)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html参考:BUGTRAQ: 20000418 AVM的声明引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com参考:XF: ken-download-files参考:报价:1103参考:网址:http://www.securityfocus.com/bid/1103AVM肯!web服务器允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: ken-download-files推断行动:- 2000 - 0261 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(2)墙,科尔评论:弗雷希> XF: ken-download-files = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0262:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000415(无主题)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html参考:BUGTRAQ: 20000418 AVM的声明引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com参考:报价:1103参考:网址:http://www.securityfocus.com/bid/1103参考:XF: ken-dos AVM肯!ISDN代理服务器允许远程攻击者通过畸形引起拒绝服务请求。修改:ADDREF XF: ken-dos推断行动:- 2000 - 0262 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(2)墙,科尔评论:弗雷希> XF: ken-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0264:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000426分配:20000426类别:未知参考:BUGTRAQ: 20000417 bug的熊猫安全3.0参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es参考:确认:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip参考:XF: panda-admin-privileges参考:报价:1119参考:网址:http://www.securityfocus.com/bid/1119熊猫安全3.0禁用注册表编辑允许用户通过直接编辑注册表并获得特权执行.reg文件或使用其他方法。修改:ADDREF确认:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zipADDREF XF: panda-admin-privileges推断行动:- 2000 - 0264 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(3)墙,科尔,Christey评论:Christey >确认:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip弗雷希> XF: panda-admin-privileges = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0279:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000407 BeOS网络DOS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html参考:MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312参考:报价:1100参考:网址:http://www.securityfocus.com/bid/1100参考:XF: beos-networking-dos BeOS允许远程攻击者通过畸形引起拒绝服务包的长度小于头部的长度。修改:ADDREF XF: beos-networking-dos推断行动:- 2000 - 0279 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(2)墙,科尔评论:弗雷希> XF: beos-networking-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0297:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000426分配:20000426类别:科幻参考:阿莱尔:ASB00-06参考:网址:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full参考:报价:1085参考:网址:http://www.securityfocus.com/bid/1085参考:XF: allaire-forums-allaccess阿莱尔论坛2.0.5允许远程攻击者绕过访问限制安全会议通过rightAccessAllForums或rightModerateAllForums变量。修改:ADDREF XF: allaire-forums-allaccess推断行动:- 2000 - 0297 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(3)墙,科尔,Christey评论:Christey > ADDREF XF: allaire-forums-allaccess弗雷希> XF: allaire-forums-allaccess = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0311:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000518分配:20000511类别:科幻参考:女士:ms00 - 026参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 026. - asp参考:XF: ms-mixed-object参考:报价:1145参考:网址:http://www.securityfocus.com/bid/1145Windows 2000域控制器允许恶意用户修改Active Directory信息通过修改一个不受保护的属性,又名“混合对象访问”的弱点。修改:ADDREF XF: ms-mixed-object推断行动:- 2000 - 0311能接受(5接受,1 ack, 0评论)目前投票:接受(4)勒布朗,科尔,墙,利维修改(1)法国人评论:弗雷希> XF: ms-mixed-object = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0316:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000424 x86 lp利用参考Solaris 7:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html参考:SUNBUG: 4314312参考:报价:1143参考:网址:http://www.securityfocus.com/bid/1143参考:XF: solaris-lp-bo缓冲区溢出在Solaris 7 lp允许本地用户获得根权限通过长- d选项。修改:ADDREF SUNBUG: 4314312 ADDREF XF: solaris-lp-bo推断行动:- 2000 - 0316能接受(3接受,1 ack, 0评论)目前投票:接受(1)征收修改(2)Dik弗雷希无操作(3)勒布朗,科尔,墙评论:Dik >这是一个许多libprint.so.2缓冲区溢出;参考:SUNBUG 4314312弗雷希> XF: solaris-lp-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0331:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000421 CMD。EXE溢出(CISADV000420)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html参考:女士:ms00 - 027参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 027. - asp参考:报价:1135参考:网址:http://www.securityfocus.com/bid/1135参考:XF: nt-cmd-overflow缓冲区溢出在微软命令处理器(用于cmd . exe) Windows NT和Windows 2000允许本地用户造成拒绝服务通过一个环境变量,又名“畸形的环境变量”的弱点。修改:ADDREF XF: nt-cmd-overflow推断行动:- 2000 - 0331能接受(5接受,1 ack, 0评论)目前投票:接受(4)勒布朗,科尔,墙,利维修改(1)法国人评论:弗雷希> XF: nt-cmd-overflow = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0334:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000518分配:20000511类别:科幻参考:阿莱尔:ASB00-10参考:网址:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full参考报价:1181参考:XF: allaire-spectra-container-editor-preview阿莱尔光谱容器编辑预览工具不正确执行对象安全性,攻击者可以通过对象方法进行未经授权的活动,被添加到容器对象发布规则。修改:ADDREF报价:1181 ADDREF XF: allaire-spectra-container-editor-preview推断行动:- 2000 - 0334 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:修改(2)征税,弗雷希无操作(3)勒布朗,科尔,墙评论:征收>参考:申办1181年弗雷希> XF: allaire-spectra-container-editor-preview = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0336:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000518分配:20000511类别:科幻参考:REDHAT: RHSA-2000:012-05参考:网址:http://www.redhat.com/support/errata/rhsa - 2000012 - 05. - html参考:火山口:综援- 2000 - 009.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 009.0.txt参考:涡轮:TLSA2000010-1参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html参考:报价:1232参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=1232参考:XF: openldap-symlink-attack Linux OpenLDAP服务器允许本地用户修改任意文件通过一个符号链接攻击。修改:ADDREF报价:1232 ADDREF XF: openldap-symlink-attack ADDREF火山口:综援- 2000 - 009.0 ADDREF涡轮:TLSA2000010-1 DESC删除Red Hat推断行动:- 2000 - 0336能接受(3接受,2 ack, 0评论)目前投票:接受科尔(1)修改(2)征税,弗雷希无操作(3)勒布朗,墙,Christey评论:征收>参考:申办1232年弗雷希> XF: openldap-symlink-attack注意:这不仅仅是Red Hat的问题。看到ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 009.0.txt和http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html,你也不妨把它们作为引用。:-)Christey >也ADDREF报价:1232 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0337:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000424 Solaris x86 Xsun溢出。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html参考:SUNBUG: 4335411参考:XF: solaris-xsun-bo参考:报价:1140参考:网址:http://www.securityfocus.com/bid/1140缓冲区溢出Xsun X服务器在Solaris 7允许本地用户通过长- dev参数获得根权限。修改:ADDREF SUNBUG: 4335411 ADDREF XF: solaris-xsun-bo推断行动:- 2000 - 0337能接受(3接受,1 ack, 0评论)目前投票:接受(1)征收修改(2)Dik弗雷希无操作(3)勒布朗,科尔,墙评论:Dik >参考:SUNBUG: 4335411法国人> XF: solaris-xsun-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0339:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000420 ZoneAlarm参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com参考:报价:1137参考:网址:http://www.securityfocus.com/bid/1137参考:XF: zonealarm-portscan ZoneAlarm 2.1.10早些时候,不过滤UDP数据包的源端口67,它允许远程攻击者绕过防火墙规则。修改:ADDREF XF: zonealarm-portscan推断行动:- 2000 - 0339能接受(3接受,1 ack, 0评论)目前投票:接受(2)墙,莱维弗伦奇等待修改(1)(2)勒布朗,科尔评论:弗雷希> XF: zonealarm-portscan
- 上一页的日期:(临时)接受67最近候选人最后(7/12)
- 下一个按日期:(临时)接受22遗留候选人最后(7/12)
- Prev线程:(临时)接受67最近候选人最后(7/12)
- 下一个线程:(临时)接受22遗留候选人最后(7/12)
- 指数(es):
