(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
再保险(建议):集群RECENT-26 - 22的候选人
- 来:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 主题:再保险(建议):集群RECENT-26 - 22的候选人
- 从:aleph1@securityfocus.com
- 日期20:星期四,2000年7月13:59:26 -0700
- Cc:cve-editorial-board-list@lists.mitre.org
- 交货日期:2000年7月20日16:58:54星期四
- 在回复:<200007192336. taa01890@basie.mitre.org>;从coley@LINUS.MITRE。ORG上结婚,2000年7月19日07:36:20PM -0400
- 引用:<200007192336. taa01890@basie.mitre.org>
* Steven m . Christey (coley@LINUS.MITRE.ORG)[000719 23:37]: >以下集群包含22个候选人宣布> 6/26/2000和6/30/2000之间。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0585 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client. > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html>参考:OPENBSD: 20000624一个严重的错误在dhclient(8)可以从恶意dhcp服务器允许字符串作为根用户在shell中执行。>参考:网址:http://www.openbsd.org/errata.html dhclient>参考:DEBIAN: 20000628 dhcp客户端:远程根利用dhcp客户端>参考:网址:http://www.debian.org/security/2000/20000628>参考:BUGTRAQ: 20000702[安全]宣布dhcp更新>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html>参考:SUSE: 20000711安全漏洞dhclient < 2.0 >参考:网址:http://www.suse.de/de/support/security/suse_security_announce_56.txt>参考:XF: openbsd-isc-dhcp-bo >参考:NETBSD: NETBSD - sa2000 - 008 >参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——008.>参考:报价:1388 >参考:网址:http://www.securityfocus.com/bid/1388> > ISC DHCP客户端程序dhclient允许远程攻击者通过shell元字符>执行任意命令。> > > ED_PRI - 2000 - 0585 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0596 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000627 IE 5和访问2000漏洞-执行程序>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg>参考:BUGTRAQ: 20000627弗兰克-威廉姆斯:即2000和访问漏洞-执行程序>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb f59b0 418美元96217 aa8@src.bu.edu>参考:女士:ms00 - 049 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 049. - asp>参考:XF: ie-access-vba-code-execute >参考:报价:1398 >参考:网址:http://www.securityfocus.com/bid/1398> > Internet Explorer 5。x不警告用户在打开一个微软>访问数据库文件中引用ActiveX对象标签> HTML文档,这可能允许远程攻击者执行任意命令,又名“IE脚本”的弱点。> > > ED_PRI - 2000 - 0596 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0597 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000627 IE 5和Excel 2000, PowerPoint 2000漏洞-执行程序>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg>参考:女士:ms00 - 049 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 049. - asp>参考:报价:1399 >参考:网址:http://www.securityfocus.com/bid/1399>参考:XF: ie-powerpoint-activex-object-execute > >微软Office 2000 (Excel和PowerPoint)和PowerPoint 97 >标记为安全的脚本,它允许远程攻击者的力量> Internet Explorer或保存文件的电子邮件客户端任意>位置通过Visual Basic应用程序(VBA) SaveAs函数>又名“办公室HTML脚本”的弱点。> > > ED_PRI - 2000 - 0597 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0616 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:惠普:hpsbmp0006 - 007 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html>参考:报价:1405 >参考:网址:http://www.securityfocus.com/bid/1405> >脆弱性在惠普TurboIMAGE DBUTIL允许本地用户获得通过DBUTIL.PUB.SYS >额外的特权。> > > ED_PRI - 2000 - 0616 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0582 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000630 SecureXpert咨询(sx - 20000620 - 3) >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.1000630162106.4619c - 100000 @fjord.fscinternet.com>参考:XF: fw1-resource-overload-dos >参考:报价:1416 >参考:网址:http://www.securityfocus.com/bid/1416> >检查防火墙1 4.0和4.1允许远程攻击者造成>拒绝服务发送一串二进制零SMTP >安全服务器代理。> > > ED_PRI - 2000 - 0582 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0583 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000626 >引用vpopmail-3.4.11问题:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com>参考:确认:http://www.vpopmail.cx/vpopmail-ChangeLog>参考:报价:1418 >参考:网址:http://www.securityfocus.com/bid/1418> > vchkpw计划在4.8版本不正确清洁前vpopmail >一个不可信的格式字符串中使用syslog调用,它允许远程攻击者>引起拒绝服务通过一个包含任意用户或通过>命令格式化指令。> > > ED_PRI - 2000 - 0583 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0588 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000626 sawmill5.0.21旧路径错误与弱散列算法>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html>参考:BUGTRAQ: 20000706 Flowerfire锯木厂漏洞的补丁可用>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html>参考:报价:1402 >参考:网址:http://www.securityfocus.com/bid/1402>参考:XF: sawmill-file-access > >锯木厂5.0.21 CGI程序允许远程攻击者读取任意文件的第一>行rfcf清单文件的参数,锯木厂>的内容试图解析配置命令。> > > ED_PRI - 2000 - 0588 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0568 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000630多个漏洞Sybergen安全桌面>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se>参考:XF: sybergen-routing-table-modify >参考:报价:1417 >参考:网址:http://www.securityfocus.com/bid/1417> > Sybergen安全桌面2.1不正确防范虚假>路由器广告(ICMP类型9),它允许远程攻击者>修改默认路由。> > > ED_PRI - 2000 - 0568 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0569 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:MISC:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html>参考:报价:1420 >参考:网址:http://www.securityfocus.com/bid/1420> > Sybergen Sygate允许远程攻击者造成拒绝服务>通过发送一个畸形的DNS UDP包的内部接口。> > > ED_PRI - 2000 - 0569 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0570 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000627 DoS在一流的互联网服务5.770 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html>参考:XF: firstclass-large-bcc-dos >参考:报价:1421 >参考:网址:http://www.securityfocus.com/bid/1421> >一流的互联网服务服务器允许远程攻击者造成>拒绝服务长时间通过发送电子邮件:邮件标题。> > > ED_PRI - 2000 - 0570 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0575 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000630 Kerberos安全漏洞在SSH-1 >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007010511.BAA16944@syrinx.oankali.net>参考:报价:1426 >参考:网址:http://www.securityfocus.com/bid/1426> > SSH 1.2.27使用Kerberos身份验证支持存储Kerberos >门票在当前目录中创建一个文件>的登录用户,这可能允许远程攻击者嗅>票缓存,如果主目录上安装NFS。> > > ED_PRI - 2000 - 0575 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0580 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000630 SecureXpert咨询(sx - 20000620 - 2) >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.1000630161935.4619b - 100000 @fjord.fscinternet.com>参考:XF: win2k-cpu-overload-dos >参考:报价:1415 >参考:网址:http://www.securityfocus.com/bid/1415> > Windows 2000服务器允许远程攻击者导致拒绝>服务发送一个连续的二进制零各种TCP和UDP端口,大大增加了CPU利用率。> > > ED_PRI - 2000 - 0580 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0581 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000630 SecureXpert咨询(sx - 20000620 - 1) >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.1000630161841.4619a - 100000 @fjord.fscinternet.com>参考:XF: win2k-telnetserver-dos >参考:报价:1414 >参考:网址:http://www.securityfocus.com/bid/1414> > Windows 2000 Telnet服务器允许远程攻击者造成拒绝服务>通过发送二进制零的连续流,这>导致服务器崩溃。> > > ED_PRI - 2000 - 0581 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0586 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:VULN-DEV: 20000628 dalnet 4.6.5远程漏洞>参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html>参考:XF: ircd-dalnet-summon-bo >参考:报价:1404 >参考:网址:http://www.securityfocus.com/bid/1404> >缓冲区溢出在Dalnet IRC服务器4.6.5允许远程攻击者>引起拒绝服务或通过召唤>命令执行任意命令。> > > ED_PRI - 2000 - 0586 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0587 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:XF: glftpd-privpath-directive >参考:BUGTRAQ: 20000626 Glftpd privpath虫子……+修复>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10006261041360.31907 - 200000 @twix.thrijswijk.nl>参考:BUGTRAQ: 20000627 Re: Glftpd privpath虫子……+修复>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html>参考:报价:1401 >参考:网址:http://www.securityfocus.com/bid/1401> > glftpd 1.18中的privpath指令允许远程攻击者>绕过访问限制为目录使用文件名>完成能力。> > > ED_PRI - 2000 - 0587 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0589 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000626 sawmill5.0.21旧路径错误与弱散列算法>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html>参考:BUGTRAQ: 20000706 Flowerfire锯木厂漏洞的补丁可用>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html>参考:报价:1403 >参考:网址:http://www.securityfocus.com/bid/1403>参考:XF: sawmill-weak-encryption > >锯木厂5.0.21使用弱加密存储密码,它允许>攻击者很容易解密密码和修改锯木厂>配置。> > > ED_PRI - 2000 - 0589 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0592 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000627 (SPSadvisory # 37) WinProxy 2.0.0/2.0.1 DoS和可利用的缓冲区溢出>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp>参考:XF: winproxy-command-bo >参考:报价:1400 >参考:网址:http://www.securityfocus.com/bid/1400> >缓冲区溢出的POP3服务WinProxy 2.0和2.0.1允许远程攻击者>执行任意命令通过长期用户,通过,>列表,RETR或删除命令。> > > ED_PRI - 2000 - 0592 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0593 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000627 (SPSadvisory # 37) WinProxy 2.0.0/2.0.1 DoS和可利用的缓冲区溢出>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp>参考:XF: winproxy-get-dos >参考:报价:1400 >参考:网址:http://www.securityfocus.com/bid/1400> > WinProxy 2.0和2.0.1允许远程攻击者导致拒绝>服务发送一个HTTP GET请求没有清单> HTTP版本号码。> > > ED_PRI - 2000 - 0593 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0598 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000626 + Telnet代理网关问题>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html>参考:报价:1395 >参考:网址:http://www.securityfocus.com/bid/1395>参考:XF: fortech-proxy-telnet-gateway >参考:XF: proxyplus-telnet-gateway > > Fortech代理+允许远程攻击者绕过访问限制为管理服务> >通过telnet代理通过重定向连接。> > > ED_PRI - 2000 - 0598 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0599 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000629 iMesh 1.02脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html>参考:XF: imesh-tcp-port-overflow >参考:报价:1407 >参考:网址:http://www.securityfocus.com/bid/1407> >缓冲区溢出iMesh 1.02允许远程攻击者>执行任意命令通过一个长字符串iMesh端口。> > > ED_PRI - 2000 - 0599 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0600 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000626网景企业服务器为网络虚拟目录Vulnerab能力>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html>参考:报价:1393 >参考:网址:http://www.securityfocus.com/bid/1393>参考:XF: netscape-virtual-directory-bo >参考:XF: netscape-enterprise-netware-bo > >网景企业服务器网络5.1允许远程攻击者>引起拒绝服务或执行任意命令通过>畸形的URL。> > > ED_PRI - 2000 - 0600 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0612 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000629车ARP处理在Windoze >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395B7E64.9FB3D4DB@starzetz.de>参考:XF: win-arp-spoofing >参考:报价:1406 >参考:网址:http://www.securityfocus.com/bid/1406> > Windows 95, Windows 98不妥善处理欺骗ARP数据包,>允许远程攻击者覆盖静态缓存>表中的条目。> > > ED_PRI - 2000 - 0612 3 > > >投票:接受,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船
- 引用:
- (提案)集群RECENT-26 - 22的候选人
- 来自:“Steven m . Christey”< coley@linus.mitre.org >
- (提案)集群RECENT-26 - 22的候选人
- 上一页的日期:再保险(建议):集群RECENT-25 - 16的候选人
- 下一个按日期:再保险(建议):集群RECENT-27 - 15的候选人
- Prev线程:(提案)集群RECENT-26 - 22的候选人
- 下一个线程:(提案)集群RECENT-27 - 15的候选人
- 指数(es):
