(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
再保险(建议):集群RECENT-24 - 31的候选人
- 来:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 主题:再保险(建议):集群RECENT-24 - 31的候选人
- 从:aleph1@securityfocus.com
- 日期-0700年:星期二,2000年7月11日20:26:10
- Cc:cve-editorial-board-list@lists.mitre.org
- 交货日期:2000年7月11日23:25:43星期二
- 在回复:<200007120231. waa01924@basie.mitre.org>;从coley@LINUS.MITRE。ORG在星期二,2000年7月11日,-0400年10:31:59PM
- 引用:<200007120231. waa01924@basie.mitre.org>
* Steven m . Christey (coley@LINUS.MITRE.ORG)[000712 02:33]: >以下集群包含31个候选人,宣布> 6/14/2000和6/22/2000之间。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0466 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000620 > Category: SF > Reference: ISS:20000620 Insecure call of external program in AIX cdmount > Reference: URL:http://xforce.iss.net/alerts/advise55.php>参考:报价:1384 >参考:网址:http://www.securityfocus.com/bid/1384> > AIX cdmount允许本地用户获得根权限通过shell元字符。> > > ED_PRI - 2000 - 0466 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0475 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:女士:ms00 - 020 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 020. - asp>参考:报价:1350 >参考:网址:http://www.securityfocus.com/bid/1350> > Windows 2000允许本地用户进程访问其他用户的>桌面在同一个Windows站,又名“桌面分离”>脆弱性。> > > ED_PRI - 2000 - 0475 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0483 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000615 (Brian@digicool.com: Zope Zope安全警报和2.1.7更新[*重要*]]>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html>参考:确认:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert>参考:REDHAT: RHSA-2000:038-01 >参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2350>参考:BUGTRAQ: 2000615 Conectiva Linux安全公告- ZOPE >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br>参考:报价:1354 >参考:网址:http://www.securityfocus.com/bid/1354> > DocumentTemplate Zope包允许远程攻击者修改> DTMLDocuments或擅自DTMLMethods。> > > ED_PRI - 2000 - 0483 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0485 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:女士:ms00 - 041 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 041. - asp>参考:报价:1292 >参考:网址:http://www.securityfocus.com/bid/1292> > Microsoft SQL Server允许本地用户获取数据库密码>通过数据转换服务(DTS)包属性对话框,>又名“DTS密码”的弱点。> > > ED_PRI - 2000 - 0485 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0533 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:SGI: 20000601 - 01 - p >参考:网址:ftp://sgigate.sgi.com/security/20000601-01-P>参考:报价:1379 >参考:网址:http://www.securityfocus.com/bid/1379> >脆弱性在SGI cvconnect IRIX车间允许本地用户>覆盖任意文件。> > > ED_PRI - 2000 - 0533 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0539 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:阿莱尔:asb00 - 015 >参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full>参考:报价:1386 >参考:网址:http://www.securityfocus.com/bid/1386> > Servlet示例阿莱尔JRun 2.3。x允许远程攻击者>获取敏感信息,例如通过> SessionServlet清单HttpSession ID的servlet。> > > ED_PRI - 2000 - 0539 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0540 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:阿莱尔:asb00 - 015 >参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full>参考:报价:1386 >参考:网址:http://www.securityfocus.com/bid/1386> > JSP示例文件在阿莱尔JRun 2.3。x允许远程攻击者>访问任意的文件(如通过viewsource.jsp)或获得>配置信息。> > > ED_PRI - 2000 - 0540 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0469 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000613 CGI:赛琳娜溶胶的WebBanner(随机横幅生成器)脆弱性>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl>参考:BUGTRAQ: 20000620 Re: CGI:赛琳娜溶胶的WebBanner(随机横幅生成器)脆弱性>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net>参考:报价:1347 >参考:网址:http://www.securityfocus.com/bid/1347> >赛琳娜索尔WebBanner 4.0允许远程攻击者读取任意>文件通过一个. .(点点)攻击。> > > ED_PRI - 2000 - 0469 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0477 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000614漏洞在诺顿杀毒交换>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html>参考:报价:1351 >参考:网址:http://www.securityfocus.com/bid/1351> >缓冲区溢出的诺顿杀毒交换(NavExchange)允许>远程攻击者通过一个. zip文件,造成拒绝服务>包含长文件名。> > > ED_PRI - 2000 - 0477 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0478 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000614漏洞在诺顿杀毒交换>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html>参考:报价:1351 >参考:网址:http://www.securityfocus.com/bid/1351> >在某些情况下,诺顿杀毒交换(NavExchange)进入>“应急开放”状态病毒可以通过服务器。> > > ED_PRI - 2000 - 0478 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0510 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000620杯DoS bug >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html>参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch>参考:报价:1373 >参考:网址:http://www.securityfocus.com/bid/1373> >杯(常见Unix打印系统)1.04和更早的允许远程攻击者>引起拒绝服务通过一个畸形的IPP的请求。> > > ED_PRI - 2000 - 0510 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0511 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000620杯DoS bug >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html>参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch>参考:报价:1373 >参考:网址:http://www.securityfocus.com/bid/1373> >杯(常见Unix打印系统)1.04和更早的允许远程攻击者>引起拒绝服务通过一个CGI POST请求。> > > ED_PRI - 2000 - 0511 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0512 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000620杯DoS bug >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html>参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch>参考:报价:1373 >参考:网址:http://www.securityfocus.com/bid/1373> >杯(常见的Unix印刷系统)1.04和更早的不正确>删除请求文件,它允许远程攻击者造成拒绝服务>。> > > ED_PRI - 2000 - 0512 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0513 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000620杯DoS bug >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html>参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch>参考:报价:1373 >参考:网址:http://www.securityfocus.com/bid/1373> >杯(常见Unix打印系统)1.04和更早的允许远程攻击者>引起拒绝服务通过验证用户>名不存在或密码没有影子。> > > ED_PRI - 2000 - 0513 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0514 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000614安全顾问:远程根脆弱GSSFTP守护进程>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu>参考:确认:http://web.mit.edu/kerberos/www/advisories/ftp.txt>参考:报价:1374 >参考:网址:http://www.securityfocus.com/bid/1374在Kerberos 5 1.1 > > GSSFTP FTP守护进程。x不适当限制>访问一些FTP命令,它允许远程攻击者造成拒绝服务,以及本地用户获得根权限。> > > ED_PRI - 2000 - 0514 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0528 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000619净工具PKI服务器利用>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html>参考:确认:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt>参考:报价:1364 >参考:网址:http://www.securityfocus.com/bid/1364> >网络工具PKI服务器不适当限制访问远程攻击者>当XUDA模板文件不包含绝对>其他文件的路径名。> > > ED_PRI - 2000 - 0528 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0529 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000619净工具PKI服务器利用>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html>参考:确认:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt>参考:报价:1363 >参考:网址:http://www.securityfocus.com/bid/1363> >网络工具PKI服务器允许远程攻击者导致拒绝>服务通过一个HTTP请求。> > > ED_PRI - 2000 - 0529 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0562 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000620我回冰集团网络脆弱性对孔1.2 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html> >我2.1和更早的后卫,我不管Pro 2.0.23和>之前,不适当的块回口交通安全>设置时紧张或更低。> > > ED_PRI - 2000 - 0562 2 > > >投票:回顾>别人怎么想?这应该是一个vuln吗?我能看到一些特性的参数不可以,除非你使用的最大安全设置。> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0471 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000614漏洞在Solaris ufsrestore >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html>参考:报价:1348 >参考:网址:http://www.securityfocus.com/bid/1348> >缓冲区溢出在Solaris ufsrestore早8和允许本地>用户获得根权限通过长路径名。> > > ED_PRI - 2000 - 0471 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0473 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 19991231本地/远程缓冲区溢出漏洞在AnalogX SimpleServer: WWW HTTP服务器v1.1 >参考:MISC:http://www.analogx.com/contents/download/network/sswww.htm>参考:报价:1349 >参考:网址:http://www.securityfocus.com/bid/1349> >缓冲区溢出在AnalogX SimpleServer 1.05允许远程攻击者>导致拒绝服务通过一个长GET请求的程序>目录目录。> > > ED_PRI - 2000 - 0473 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0479 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000616倍数遥控器DoS攻击龙服务器v1.00和v2.00 >参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2>参考:报价:1352 >参考:网址:http://www.securityfocus.com/bid/1352> >龙FTP服务器允许远程攻击者造成拒绝服务>通过用户命令。> > > ED_PRI - 2000 - 0479 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0480 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000616倍数遥控器DoS攻击龙服务器v1.00和v2.00 >参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2>参考:报价:1352 >参考:网址:http://www.securityfocus.com/bid/1352> >龙telnet服务器允许远程攻击者造成拒绝服务>通过很长的用户名。> > > ED_PRI - 2000 - 0480 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0484 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000616远程DoS攻击小HTTP服务器版本。1.212脆弱性>参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2>参考:NTBUGTRAQ: 20000616远程DoS攻击小HTTP服务器版本。1.212脆弱性>参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2>参考:报价:1355 >参考:网址:http://www.securityfocus.com/bid/1355> >缓冲区溢出在小HTTP服务器允许远程攻击者造成>拒绝服务通过一个GET请求。> > > ED_PRI - 2000 - 0484 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0494 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000616 Veritas卷管理器3.0。x洞>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html>参考:报价:1356 >参考:网址:http://www.securityfocus.com/bid/1356> > Veritas卷管理器创建一个人人可写的.server_pids文件>本地用户可以任意命令添加到该文件,vmsa_server >然后执行的脚本。> > > ED_PRI - 2000 - 0494 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0500 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:CF >参考:BUGTRAQ: 20000621 BEA WebLogic /文件/ showcode脆弱性>引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2>参考:报价:1378 >参考:网址:http://www.securityfocus.com/bid/1378> >的默认配置BEA WebLogic 5.1.0允许远程攻击者>查看源代码的程序通过请求URL > /文件/开始,导致默认servlet显示文件>没有进一步处理。> > > ED_PRI - 2000 - 0500 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0501 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000616 mdaemon 2.8.5.0 WinNT和都远程DoS >参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html>参考:报价:1366 >参考:网址:http://www.securityfocus.com/bid/1366> >竞争条件在MDaemon 2.8.5.0 POP服务器允许本地用户>引起拒绝服务通过输入UIDL命令并迅速>退出服务器。> > > ED_PRI - 2000 - 0501 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0504 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000619 XFree86: libICE DoS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html>参考:报价:1369 >参考:网址:http://www.securityfocus.com/bid/1369> > libICE XFree86允许远程攻击者造成拒绝服务>通过指定一个较大的值不正确检查> SKIP_STRING宏。> > > ED_PRI - 2000 - 0504 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0531 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000620 gpm >引用错误:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10006201453090.1812 - 200000 @apollo.aci.com.pl>参考:报价:1377 >参考:网址:http://www.securityfocus.com/bid/1377> > Linux流量计划允许本地用户造成拒绝服务通过>洪水/dev/gpmctl设备流套接字。> > > ED_PRI - 2000 - 0531 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0541 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000617 Infosec.20000617.panda。>引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html>参考:报价:1359 >参考:网址:http://www.securityfocus.com/bid/1359> >在端口2001上熊猫卫士控制台允许本地用户>执行任意命令没有身份验证通过CMD命令。> > > ED_PRI - 2000 - 0541 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0543 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000614远程DoS攻击网络伙伴PGP证书服务器版本2.5中的脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0107.html>参考:报价:1343 >参考:网址:http://www.securityfocus.com/bid/1343> >命令端口PGP证书服务器2.5.0和2.5.1允许远程攻击者>引起拒绝服务如果他们的主机名>不反向DNS条目并连接到端口4000。> > > ED_PRI - 2000 - 0543 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0561 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000620 DST2K0018:多个BufferOverruns WebBBS HTTP服务器v1.15 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html>参考:报价:1365 >参考:网址:http://www.securityfocus.com/bid/1365> >缓冲区溢出WebBBS 1.15允许远程攻击者执行>任意命令通过一个HTTP GET请求。> > > ED_PRI - 2000 - 0561 3 > > >投票:接受,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船
- 引用:
- (提案)集群RECENT-24 - 31的候选人
- 来自:“Steven m . Christey”< coley@linus.mitre.org >
- (提案)集群RECENT-24 - 31的候选人
- 上一页的日期:再保险(建议):集群RECENT-23 - 34的候选人
- 下一个按日期:[最终]接受66最近的候选人
- Prev线程:(提案)集群RECENT-24 - 31的候选人
- 下一个线程:[最终]接受66最近的候选人
- 指数(es):
