(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
再保险(建议):集群RECENT-28 - 18的候选人
- 来:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 主题:再保险(建议):集群RECENT-28 - 18的候选人
- 从:aleph1@securityfocus.com
- 日期:结婚,2 2000年8月20:42:58 -0700
- Cc:cve-editorial-board-list@lists.mitre.org
- 交货日期:2000年8月2 23:43:18结婚
- 在回复:<200008030252. waa05671@basie.mitre.org>;从coley@LINUS.MITRE。ORG上结婚,2000年8月2日在10:52:04PM -0400
- 引用:<200008030252. waa05671@basie.mitre.org>
* Steven m . Christey (coley@LINUS.MITRE.ORG)[000803 02:55]: >以下集群包含18个候选人宣布> 7/7/2000和7/12/2000之间。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0637 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg>参考:女士:ms00 - 051 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 051. - asp>参考:报价:1451 >参考:网址:http://www.securityfocus.com/bid/1451> > Microsoft Excel 97和2000年允许攻击者执行任意>命令通过指定一个恶意使用寄存器. dll。ID >功能,又名“Excel登记。ID功能”的弱点。> > > ED_PRI - 2000 - 0637 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0654 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:女士:ms00 - 041 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 041. - asp>参考:报价:1466 >参考:网址:http://www.securityfocus.com/bid/1466> >微软企业管理器允许本地用户获取数据库>密码通过数据转换服务(DTS)包注册>服务器对话框对话框,又名“DTS密码”的一种变体>脆弱性。> > > ED_PRI - 2000 - 0654 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0670 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000712 cvsweb:简历提交者>引用远程shell:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html>参考:BUGTRAQ: 20000714 MDKSA-2000:019 cvsweb更新>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html>参考:DEBIAN: 20000716 >参考:网址:http://www.debian.org/security/2000/20000719b>参考:报价:1469 >参考:网址:http://www.securityfocus.com/bid/1469> >中的cvsweb CGI脚本cvsweb 1.80允许远程攻击者与>写访问CVS存储库通过>执行任意命令shell元字符。> > > ED_PRI - 2000 - 0670 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0628 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000710宣布Apache:: ASP v1.95 -安全漏洞固定>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html>参考:确认:http://www.nodeworks.com/asp/changes.html>参考:报价:1457 >参考:网址:http://www.securityfocus.com/bid/1457> >。asp脚本示例Apache asp模块Apache:: asp > 1.93和更早的允许远程攻击者修改文件。> > > ED_PRI - 2000 - 0628 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0635 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000711 Akopia MiniVend管道命令执行漏洞>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html>参考:报价:1449 >参考:网址:http://www.securityfocus.com/bid/1449> > view_page。html示例页面MiniVend购物车程序>允许远程攻击者执行任意命令通过shell元字符。> > > ED_PRI - 2000 - 0635 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0638 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000711老大哥利用>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html>参考:BUGTRAQ: 20000711远程利用在所有当前版本的老大哥>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html>参考:确认:http://bb4.com/README.CHANGES>参考:报价:1455 >参考:网址:http://www.securityfocus.com/bid/1455> >大哥早1.4 h1和允许远程攻击者读取>任意文件通过一个. .(点点)攻击。> > > ED_PRI - 2000 - 0638 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0639 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:CF >参考:BUGTRAQ: 20000711老大哥文件名扩展脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html>参考:报价:1494 >参考:网址:http://www.securityfocus.com/bid/1494> >“老大哥”的默认配置1.4 h2和早>不包括适当的访问限制,允许远程攻击者通过使用bdd >执行任意命令上传一个文件>扩展将导致它的CGI脚本的执行web >服务器。> > > ED_PRI - 2000 - 0639 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0650 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:CF >参考:NTBUGTRAQ: 20000711潜在脆弱性McAfee Netshield和麦咖啡4.5 >参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753>参考:报价:1458 >参考:网址:http://www.securityfocus.com/bid/1458> >默认安装的麦咖啡4.5和4.5 NetShield >安全权限的注册表键标识> AutoUpgrade目录,它允许本地用户执行任意>命令代替设置。EXE该目录中的特洛伊木马。> > > ED_PRI - 2000 - 0650 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0629 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:CF >参考:BUGTRAQ: 20000711 Sun的Java Web服务器远程命令执行漏洞>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html>参考:MISC:http://www.sun.com/software/jwebserver/faq/jwsca - 2000 - 02. - html>参考:报价:1459 >参考:网址:http://www.securityfocus.com/bid/1459> >太阳的默认配置Java web server 2.0和更早>允许远程攻击者执行任意命令上传> Java代码到服务器通过董事会。html,然后直接调用JSP编译器> servlet。> > > ED_PRI - 2000 - 0629 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0640 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000708 gnu-pop3d (FTGate问题),莎凡特网络服务器,公会FTPd >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html>参考:报价:1452 >参考:网址:http://www.securityfocus.com/bid/1452> >公会FTPd允许远程攻击者确定存在的文件>根通过FTP外. .(点点)攻击,它提供了>不同的错误消息取决于该文件是否存在。> > > ED_PRI - 2000 - 0640 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0641 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000708 gnu-pop3d (FTGate问题),莎凡特网络服务器,公会FTPd >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html>参考:报价:1453 >参考:网址:http://www.securityfocus.com/bid/1453莎凡特> > web服务器允许远程攻击者执行任意>命令通过一个GET请求。> > > ED_PRI - 2000 - 0641 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0642 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:CF >参考:BUGTRAQ: 20000711的DoS WEBactive win65 / NT服务器>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org>参考:报价:1497 >参考:网址:http://www.securityfocus.com/bid/1497> > WebActive HTTP Server 1.00的默认配置存储web >访问日志活动。登录文档根,它允许远程攻击者>查看日志通过直接请求页面。> > > ED_PRI - 2000 - 0642 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0648 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000711 WFTPD / WFTPD Pro 2.41 RC10拒绝服务>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=e13bvu6 - 0007 d8 - 00 @dwarf.box.sk>参考:报价:1456 >参考:网址:http://www.securityfocus.com/bid/1456> > WFTPD和WFTPD Pro 2.41允许本地用户原因拒绝>服务通过执行重命名(RNTO)命令之前> (RNFR)命令重命名。> > > ED_PRI - 2000 - 0648 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0651 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000707 Novell边境经理-任何人都可以冒充一个身份验证的用户>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com>参考:报价:1440 >参考:网址:http://www.securityfocus.com/bid/1440> >在Novell BorderManager ClientTrust项目不正确>验证身份验证请求的起源,这可能允许远程>重放攻击者冒充另一个用户的身份验证>请求和响应端口3024的受害者的机器。> > > ED_PRI - 2000 - 0651 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0660 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000712 Infosec.20000712.worldclient.2.1 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html>参考:报价:1462 >参考:网址:http://www.securityfocus.com/bid/1462> > WDaemon web服务器WorldClient 2.1允许远程攻击者>读取任意文件通过一个. .(点点)攻击。> > > ED_PRI - 2000 - 0660 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0661 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000710远程DoS攻击WircSrv Irc服务器v5.07s脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html>参考:报价:1448 >参考:网址:http://www.securityfocus.com/bid/1448> > WircSrv IRC服务器5.07年代允许远程攻击者造成拒绝通过一个长字符串>服务服务器端口。> > > ED_PRI - 2000 - 0661 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0669 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000711远程拒绝服务,网络5.0与SP 5 >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5 c3d0 9330美元d801a8c0@dimuthu.baysidegrp.com.au>参考:报价:1467 >参考:网址:http://www.securityfocus.com/bid/1467> >网络操作系统5.0允许远程攻击者因洪水导致拒绝服务>与随机数据端口40193。> > > ED_PRI - 2000 - 0669 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0674 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000712 ftp。pl脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html>参考:报价:1471 >参考:网址:http://www.securityfocus.com/bid/1471> > ftp。pl CGI程序虚拟幻想FTP浏览器允许远程攻击者>阅读目录以外的文档根通过> . .(点点)攻击。> > > ED_PRI - 2000 - 0674 3 > > >投票:接受,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船
- 引用:
- (提案)集群RECENT-28 - 18的候选人
- 来自:“Steven m . Christey”< coley@linus.mitre.org >
- (提案)集群RECENT-28 - 18的候选人
- 上一页的日期:(提案)集群近三十- 17的候选人
- 下一个按日期:再保险(建议):集群RECENT-29 - 20的候选人
- Prev线程:(提案)集群RECENT-28 - 18的候选人
- 下一个线程:(提案)集群RECENT-29 - 20的候选人
- 指数(es):
