(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
再保险(建议):集群RECENT-29 - 20的候选人
- 来:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 主题:再保险(建议):集群RECENT-29 - 20的候选人
- 从:aleph1@securityfocus.com
- 日期:结婚,2 2000年8月20:45:00 -0700
- Cc:cve-editorial-board-list@lists.mitre.org
- 交货日期:2000年8月2 23:44:20结婚
- 在回复:<200008030254. waa05677@basie.mitre.org>;从coley@LINUS.MITRE。ORG上结婚,2000年8月2日在10:54:03PM -0400
- 引用:<200008030254. waa05677@basie.mitre.org>
* Steven m . Christey (coley@LINUS.MITRE.ORG)[000803 02:57]: >以下集群包含20个候选人宣布> 7/13/2000和7/20/2000之间。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0622 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: NAI:20000719 O'Reilly WebSite Professional Overflow > Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2424>参考:确认:http://website.oreilly.com/support/software/wspro25_releasenotes.txt>参考:报价:1487 >参考:网址:http://www.securityfocus.com/bid/1487> > Webfind CGI程序的缓冲区溢出O ' reilly的网站>专业web服务器2。x允许远程攻击者>执行任意命令通过一个URL包含“关键词”参数。> > > ED_PRI - 2000 - 0622 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0630 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:女士:ms00 - 044 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 044. - asp>参考:报价:1488 >参考:网址:http://www.securityfocus.com/bid/1488> > IIS 4.0和5.0允许远程攻击者获取源>代码片段通过附加一个+。htr URL,变异的“通过.HTR文件片段>阅读”的弱点。> > > ED_PRI - 2000 - 0630 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0631 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:女士:ms00 - 044 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 044. - asp>参考:报价:1476 >参考:网址:http://www.securityfocus.com/bid/1476从IIS 3.0 > >管理脚本,后来包括在IIS 4.0 > 5.0,允许远程攻击者通过访问>脚本导致拒绝服务没有一个特定的参数,即“没有目录>浏览器参数”的弱点。> > > ED_PRI - 2000 - 0631 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0632 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:奈:20000717[秘密- 2000 - 07]LISTSERV Web档案远程溢出>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0222.html>参考:确认:http://www.lsoft.com/万博下载包news/default.asp?item=Advisory1>参考:报价:1490 >参考:网址:http://www.securityfocus.com/bid/1490> > web archive组件中的缓冲区溢出ot L-Soft其实早1.8 d >和允许远程攻击者通过>执行任意命令查询字符串。> > > ED_PRI - 2000 - 0632 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0653 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:女士:ms00 - 045 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 045. - asp>参考:报价:1502 >参考:网址:http://www.securityfocus.com/bid/1502> >微软Outlook Express允许远程攻击者监控用户>电子邮件通过创建一个持久的浏览器链接到Outlook Express >窗口,又名“持久Mail-Browser链接”的弱点。> > > ED_PRI - 2000 - 0653 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0666 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000716很多很多乐趣与rpc。statd >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html>参考:DEBIAN: 20000715 rpc。statd:远程根利用>参考:网址:http://www.debian.org/security/2000/20000719a>参考:REDHAT: RHSA-2000:043-03 >参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 043 - 03. - html>参考:BUGTRAQ: 20000717 CONECTIVA LINUX安全公告- nfs-utils >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html>参考:BUGTRAQ: 20000718 Trustix安全顾问- nfs-utils >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html>参考:BUGTRAQ: 20000718[安全]宣布MDKSA-2000:021 nfs-utils更新>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html>参考:火山口:综援- 2000 - 025.0 >参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 025.0.txt>参考:报价:1480 >参考:网址:http://www.securityfocus.com/bid/1480> > rpc。statd nfs-utils包中在不同的Linux发行版>不正确清洁不可信的格式字符串,它允许远程攻击者>获得根权限。> > > ED_PRI - 2000 - 0666 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0667 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:火山口:综援- 2000 - 024.0 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0273.html>参考:报价:1512 >参考:网址:http://www.securityfocus.com/bid/1512> >脆弱性在火山口中gpm Linux允许本地用户删除>任意文件或进行拒绝服务。> > > ED_PRI - 2000 - 0667 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0633 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000718 MDKSA-2000:020 usermode更新>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html>参考:报价:1489 >参考:网址:http://www.securityfocus.com/bid/1489> >脆弱性在Mandrake Linux usermode包允许本地用户>系统重新启动或停止。> > > ED_PRI - 2000 - 0633 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0623 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:NTBUGTRAQ: 20000719警报:缓冲区溢出是O ' reilly WebsitePro httpd32。exe (CISADV000717) >引用:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=5946>参考:报价:1492 >参考:网址:http://www.securityfocus.com/bid/1492> >缓冲区溢出在O ' reilly的网站专业web server 2.4和>允许远程攻击者执行任意命令早些时候通过GET请求或介绍人头>长。> > > ED_PRI - 2000 - 0623 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0624 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000720 Winamp M3U播放列表解析器缓冲区溢位安全漏洞>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html>参考:报价:1496 >参考:网址:http://www.securityfocus.com/bid/1496> >缓冲区溢出WinAmp 2.64和更早的允许远程攻击者>执行任意命令通过一个长# EXTINF:扩展在M3U >播放列表。> > > ED_PRI - 2000 - 0624 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0625 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:L0PHT: 20000718 NetZero密码加密算法>参考:网址:http://www.l0pht.com/advisories/netzero.txt>参考:报价:1483 >参考:网址:http://www.securityfocus.com/bid/1483> > NetZero 3.0和更早的使用弱加密存储用户>登录信息,它允许本地用户解密密码。> > > ED_PRI - 2000 - 0625 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0626 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000718多个bug在阿里巴巴2.0 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html>参考:报价:1482 >参考:网址:http://www.securityfocus.com/bid/1482> >缓冲区溢位在阿里巴巴web服务器允许远程攻击者造成>拒绝服务通过GET请求。> > > ED_PRI - 2000 - 0626 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0627 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000718黑板Courseinfo v4.0用户身份验证>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html>参考:报价:1486 >参考:网址:http://www.securityfocus.com/bid/1486> >黑板CourseInfo 4.0不正确验证用户身份,这>允许本地用户修改CourseInfo数据库信息和获得>特权通过直接调用支持CGI程序如> user_update_passwd。pl和user_update_admin.pl。> > > ED_PRI - 2000 - 0627 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0634 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000717 s21sec - 003:漏洞在CommuniGate Pro v3.2.4 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html>参考:报价:1493 >参考:网址:http://www.securityfocus.com/bid/1493> > web管理界面为CommuniGate 3.2.5 >早些时候,允许远程攻击者读取任意文件通过一个. .(点点)>攻击。> > > ED_PRI - 2000 - 0634 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0636 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000719惠普Jetdirect——无效的FTP命令DoS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html>参考:报价:1491 >参考:网址:http://www.securityfocus.com/bid/1491> >惠普JetDirect打印机G.08.20 H.08.20和早期版本允许远程攻击者>引起拒绝服务通过一个畸形的FTP >引用命令。> > > ED_PRI - 2000 - 0636 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0643 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000711的DoS WEBactive win65 / NT服务器>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org>参考:报价:1470 >参考:网址:http://www.securityfocus.com/bid/1470> >缓冲区溢出在WebActive HTTP服务器1.00允许远程攻击者>导致拒绝服务通过一个长URL。> > > ED_PRI - 2000 - 0643 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0649 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:NTBUGTRAQ: 20000713 IIS4基本身份验证领域问题>参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html>参考:报价:1499 >参考:网址:http://www.securityfocus.com/bid/1499> > IIS 4.0允许远程攻击者获得的内部IP地址>服务器通过一个HTTP 1.0 web页面请求保护>的基本身份验证,也没有定义的领域。> > > ED_PRI - 2000 - 0649 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0662 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000714 IE 5.5和5.01的弱点——阅读至少来自任何主机的本地和文本和html文件解析>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg>参考:报价:1474 >参考:网址:http://www.securityfocus.com/bid/1474> > Internet Explorer 5。x和Microsoft Outlook允许远程攻击者>读取任意文件的内容重定向一个IFRAME使用DHTML >编辑控件(DHTML)。> > > ED_PRI - 2000 - 0662 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0665 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻>参考:NTBUGTRAQ: 20000717 DoS Gamsoft TelSrv telnet服务器Windows 95/98 / NT / 2 k女士。>参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html>参考:报价:1478 >参考:网址:http://www.securityfocus.com/bid/1478> > AMSoft TelSrv telnet服务器1.5和更早的允许远程攻击者通过长>引起拒绝服务用户名。> > > ED_PRI - 2000 - 0665 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0675 >发表:>最终决定:>阶段性裁决::>修改>提出:20000803 >分配:20000802 >类别:科幻小说>参考:BUGTRAQ: 20000713 MDMA船员的看门人利用>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2 e1ec4@kungphusion a52cbd80 367美元>参考:报价:1477 >参考:网址:http://www.securityfocus.com/bid/1477> >缓冲区溢出Infopulse看门人3.5和更早的允许远程攻击者>执行任意命令通过一个长字符串。> > > ED_PRI - 2000 - 0675 3 > > >投票:接受,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船
- 引用:
- (提案)集群RECENT-29 - 20的候选人
- 来自:“Steven m . Christey”< coley@linus.mitre.org >
- (提案)集群RECENT-29 - 20的候选人
- 上一页的日期:再保险(建议):集群RECENT-28 - 18的候选人
- 下一个按日期:再保险(建议):集群近三十- 17的候选人
- Prev线程:(提案)集群RECENT-29 - 20的候选人
- 下一个线程:(提案)集群近三十- 17的候选人
- 指数(es):
