(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
再保险(建议):集群RECENT-27 - 15的候选人
- 来:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 主题:再保险(建议):集群RECENT-27 - 15的候选人
- 从:aleph1@securityfocus.com
- 日期20:星期四,2000年7月14:01:16 -0700
- Cc:cve-editorial-board-list@lists.mitre.org
- 交货日期:2000年7月20日17:00:45星期四
- 在回复:<200007192341. taa01913@basie.mitre.org>;从coley@LINUS.MITRE。ORG上结婚,2000年7月19日07:41:19PM -0400
- 引用:<200007192341. taa01913@basie.mitre.org>
* Steven m . Christey (coley@LINUS.MITRE.ORG)[000719 23:42]: >以下集群包含15个候选人宣布> 7/1/2000和7/18/2000之间(但除了可以- 2000 - 0567 > 7/11)或之前宣布。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0566 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000712 > Category: SF > Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis > Reference: REDHAT:RHSA-2000:041-02 > Reference: BID:1434 > Reference: CALDERA:CSSA-2000-021.0 > Reference: BUGTRAQ:20000707 [Security Announce] man update > > makewhatis in Linux man package allows local users to overwrite files > via a symlink attack. > > > ED_PRI CAN-2000-0566 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0567 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: MS:MS00-043 > Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients > Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients > Reference: BID:1481 > Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1481> >缓冲区溢出在Microsoft Outlook和Outlook Express允许远程攻击者>执行任意命令通过一个长日期字段>电子邮件头,又名“畸形的电子邮件头”的弱点。> > > ED_PRI - 2000 - 0567 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0584 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html>参考:DEBIAN: 20000701美人蕉服务器:缓冲区溢出>参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q2/0062.html>参考:FREEBSD: FreeBSD-SA-00:31 >参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1>参考:报价:1445 >参考:网址:http://www.securityfocus.com/bid/1445> >缓冲区溢出在美人蕉输入系统允许远程攻击者>执行任意命令通过一个SR_INIT命令长用户>名称或组名称。> > > ED_PRI - 2000 - 0584 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0594 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:VULN-DEV: 20000704 BitchX /忽略错误>参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html>参考:BUGTRAQ: 20000704 BitchX利用可能即将发生,某些DoS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html>参考:REDHAT: RHSA-2000:042-01 >参考:URL: >参考:FREEBSD: FreeBSD-SA-00:32 >参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html>参考:火山口:综援- 2000 - 022.0 >参考:URL: >参考:BUGTRAQ: 20000707 BitchX更新>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html>参考:BUGTRAQ: 20000707 CONECTIVA LINUX安全公告- BitchX >参考:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html>参考:报价:1436 >参考:网址:http://www.securityfocus.com/bid/1436> > BitchX IRC客户端不正确清洁一个不可信的格式>字符串,它允许远程攻击者通过>引起拒绝服务的邀请一个通道的名字包括特殊格式>字符。> > > ED_PRI - 2000 - 0594 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0595 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:FREEBSD: FreeBSD-SA-00:24 >参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html>参考:报价:1437 >参考:网址:http://www.securityfocus.com/bid/1437> > libedit搜索.editrc文件在当前目录>而不是用户的主目录,这可能允许本地用户执行>任意命令通过安装在另一个>修改.editrc目录。> > > ED_PRI - 2000 - 0595 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0603 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:女士:ms00 - 048 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 048. - asp>参考:报价:1444 >参考:网址:http://www.securityfocus.com/bid/1444> > Microsoft SQL Server 7.0允许本地用户绕过权限>存储过程通过引用通过一个临时存储>过程,又名“存储过程权限”的弱点。> > > ED_PRI - 2000 - 0603 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0613 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000320焦油DMZ拒绝服务- TCP重置>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net>参考:思科:20000711思科安全PIX防火墙TCP重置脆弱性>参考:网址:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml>参考:报价:1454 >参考:网址:http://www.securityfocus.com/bid/1454> >思科安全PIX防火墙不正确识别伪造TCP重置> (RST)数据包,它允许远程攻击者强迫防火墙>关闭合法连接。> > > ED_PRI - 2000 - 0613 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0614 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:SUSE: 20000710安全漏洞tnef < 0 - 124 >参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q3/0002.html>参考:报价:1450 >参考:网址:http://www.securityfocus.com/bid/1450> > Tnef程序在Linux系统允许远程攻击者通过Tnef覆盖>任意文件编码压缩的附件,为解压缩输出指定绝对路径名>。> > > ED_PRI - 2000 - 0614 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0591 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000705 Novell BorderManager 3.0 EE - URL编码规则绕过>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0075.html>参考:报价:1432 >参考:网址:http://www.securityfocus.com/bid/1432> > Novell BorderManager 3.0和3.5允许远程攻击者绕过URL >编码字符的过滤请求的URL。> > > ED_PRI - 2000 - 0591 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0571 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000703远程DoS攻击LocalWEB HTTP服务器1.2.0脆弱性>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com>参考:报价:1423 >参考:网址:http://www.securityfocus.com/bid/1423> > LocalWEB HTTP服务器1.2.0允许远程攻击者造成拒绝服务>通过GET请求。> > > ED_PRI - 2000 - 0571 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0572 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000704恢复密码可见系统的剃须刀>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=613309F30B6DD2118C020000F809376C05CABD49@emss03m09.orl.lmco.com>参考:报价:1424 >参考:网址:http://www.securityfocus.com/bid/1424> >剃刀配置管理工具使用弱加密>密码文件,它允许本地用户获得特权。> > > ED_PRI - 2000 - 0572 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0574 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000705 proftp咨询>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html>参考:BUGTRAQ: 20000706 ftpd和setproctitle() >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html>参考:CERT: ca - 2000 - 13 >参考:网址:http://www.cert.org/advisories/ca - 2000 - 13. - html>参考:BUGTRAQ: 20000710 opieftpd setproctitle()补丁>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html>参考:NETBSD: NETBSD - sa2000 - 009 >参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——009.>参考:报价:1425 >参考:网址:http://www.securityfocus.com/bid/1425>参考:报价:1438 >参考:网址:http://www.securityfocus.com/bid/1438> > FTP服务器如OpenBSD ftpd, NetBSD ftpd, ProFTPd和Opieftpd >清洁不当不可信的格式字符串中使用> setproctitle函数(有时称为set_proc_title), >允许远程攻击者造成拒绝服务或执行任意命令。> > > ED_PRI - 2000 - 0574 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0576 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000704 Oracle Web侦听器AIX DoS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html>参考:报价:1427 >参考:网址:http://www.securityfocus.com/bid/1427> > Oracle Web侦听器的AIX版本4.0.7.0.0和4.0.8.1.0允许远程攻击者>引起拒绝服务通过一个畸形的URL。> > > ED_PRI - 2000 - 0576 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0590 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:科幻小说>参考:BUGTRAQ: 20000706脆弱性Poll_It cgi v2.0 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html>参考:报价:1431 >参考:网址:http://www.securityfocus.com/bid/1431> >调查它2.0 CGI脚本允许远程攻击者读取任意文件> data_dir参数通过指定文件名。> > > ED_PRI - 2000 - 0590 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0605 >发表:>最终决定:>阶段性裁决::>修改>提出:20000719 >分配:20000719 >类别:未知>参考:NTBUGTRAQ: 20000710两个问题:黑板CourseInfo 4.0商店管理员密码以明文;奇怪的设置winreg键。>参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=NTBUGTRAQ&P=R1647>参考:报价:1460 >参考:网址:http://www.securityfocus.com/bid/1460> >黑板CourseInfo 4.0存储本地和SQL >管理员用户名和密码明文的注册表键访问>控件允许用户访问密码。> > > ED_PRI - 2000 - 0605 3 > > >投票:接受,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船
- 引用:
- (提案)集群RECENT-27 - 15的候选人
- 来自:“Steven m . Christey”< coley@linus.mitre.org >
- (提案)集群RECENT-27 - 15的候选人
- 上一页的日期:再保险(建议):集群RECENT-26 - 22的候选人
- 下一个按日期:[技术]最近候选分配问题的及时性
- Prev线程:(提案)集群RECENT-27 - 15的候选人
- 下一个线程:[技术]最近候选分配问题的及时性
- 指数(es):
