(提案)集群RECENT-31和RECENT-32 - 53年的候选人

这个消息包含候选人2集群,由于候选人本周提出的体积。在投票网站集群分离。董事会成员可以使用web站点,而不是这个投票,投票发布其他董事会成员和作为一个公共记录的一部分。这些投票投票包括新的分析领域应用程序的前一篇文章中讨论与解释的内容决定。供应商确认的程度也更加突出。最后,添加了一个新的ACCEPT_REASON形式对董事会成员包括他们投票的原因接受或修改一个项目。RECENT-31包含20个问题宣布7/10/2000和7/31/2000之间。RECENT-32包含33个问题宣布8/1/2000和8/8/2000之间。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0676 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000811 Category: SF Reference: CERT:CA-2000-15 Reference: URL:http://www.cert.org/advisories/ca - 2000 - 15. - html参考:报价:1546参考:网址:http://www.securityfocus.com/bid/1546网景的沟通者和导航器4.04 4.74允许远程攻击者读取任意文件通过使用Java applet来打开一个连接到一个URL使用“文件”,“http”、“https”,和“ftp协议,证明了棕色的孔。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0676 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0696:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:太阳:00196参考:网址:http://archives.neohapsis.com/archives/sun/2000-q3/0001.html参考:报价:1554参考:网址:http://www.securityfocus.com/bid/1554dwhttpd web服务器的管理界面在Solaris AnswerBook2不正确验证请求支持CGi脚本,它允许远程攻击者将用户帐户添加到接口直接调用admin CGi脚本。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0696 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0697:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:太阳:00196参考:网址:http://archives.neohapsis.com/archives/sun/2000-q3/0001.html参考:报价:1556参考:网址:http://www.securityfocus.com/bid/1556dwhttpd web服务器的管理界面Solaris AnswerBook2允许界面用户远程执行命令通过shell元字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0697 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0700:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:思科:20000803可能绕过访问控制和拒绝服务的千兆交换机路由器使用千兆以太网和快速以太网卡参考:网址:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml参考:报价:1541参考:网址:http://www.securityfocus.com/bid/1541思科的千兆交换机路由器(GSR)和快速以太网/千兆以太网卡和IOS 11.2或更高版本不妥善处理线卡失败,它允许远程攻击者绕过acl或强迫停止转发数据包的接口。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0700 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0703:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000805 sperl 5.00503(和更新;)利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html参考:SUSE: 20000810安全漏洞在perl,所有版本参考:网址:http://www.suse.de/de/support/security/suse_security_announce_59.txt参考:火山口:综援- 2000 - 026.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 026.0.txt参考:DEBIAN: 20000808 mailx:当地利用参考:网址:http://www.debian.org/security/2000/20000810参考:REDHAT: RHSA-2000:048-03参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 048 - 03. - html参考:涡轮:TLSA2000018-1参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html参考:BUGTRAQ: 20000814 Trustix安全顾问——perl和mailx参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html参考:BUGTRAQ: 20000808 MDKSA-2000:031 perl更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html参考:BUGTRAQ: 20000810 Conectiva Linux安全announcemente——PERL参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html参考:报价:1547参考:网址:http://www.securityfocus.com/bid/1547suidperl(又名sperl)不正确清洁转义序列“~ !”在调用/bin/mail之前发送错误报告,它允许本地用户获得特权通过设置“互动”环境变量和调用suidperl文件名包含转义序列。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0703 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0705:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (Hackerslab bug_paper] ntop web模式vulnerabliity参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html参考:REDHAT: RHSA-2000:049-02参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0065.html参考:报价:1550参考:网址:http://www.securityfocus.com/bid/1550ntop运行在web模式允许远程攻击者读取任意文件通过一个. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0705 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0711:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000816 JDK 1.1。x监听套接字脆弱性(Re: BrownOrifice可以突破防火墙!)参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp参考:BUGTRAQ: 20000805危险的Java / Netscape安全漏洞参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com参考:CERT: ca - 2000 - 15参考:网址:http://www.cert.org/advisories/ca - 2000 - 15. - html参考:报价:1545参考:网址:http://www.securityfocus.com/bid/1545网景沟通者没有妥善防止考察对象由不可信实体,它允许远程攻击者创建一个服务器在受害者的系统通过恶意applet,布朗所展示的孔。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0711 1供应商确认:是的,这非常类似于可以- 2000 - 0676,这是最初的职位描述的其他漏洞布朗宣布孔。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0737:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 053参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 053. - asp参考:报价:1535参考:网址:http://www.securityfocus.com/bid/1535服务控制管理器(SCM)在Windows 2000创建可预测的命名管道,它允许本地用户控制台访问获得管理员权限,又名“服务控制管理器命名管道模拟”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0737 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0742:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000602 ipx风暴参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&mid=63120参考:女士:ms00 - 054参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 054. - asp参考:报价:1544参考:网址:http://www.securityfocus.com/bid/1544IPX协议实现在Microsoft Windows 95和98年允许远程攻击者造成拒绝服务通过发送一个ping包的源IP地址是一个广播地址。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0742 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0750:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html参考:FREEBSD: FreeBSD-SA-00:40参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html参考:OPENBSD: 20000705 Mopd包含缓冲区溢出。参考网址:http://www.openbsd.org/errata.html mopd参考:REDHAT: rhsa - 2000 - 050 - 01参考:网址:http://www.redhat.com/support/errata/powertools/rhsa - 2000 - 050 - 01. - html参考:MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h参考:报价:1558参考:网址:http://www.securityfocus.com/bid/1558在mopd缓冲区溢出(维护操作协议装载机守护进程)允许远程攻击者执行任意命令通过一个长文件名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0750 1供应商确认:是的咨询抽象:这是一个不同类型的错误比格式字符串的问题,所以CD: SF-LOC表明,应该有一个单独的条目。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0751:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html参考:FREEBSD: FreeBSD-SA-00:40参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html参考:OPENBSD: 20000705 Mopd包含缓冲区溢出。参考网址:http://www.openbsd.org/errata.html mopd参考:REDHAT: rhsa - 2000 - 050 - 01参考:网址:http://www.redhat.com/support/errata/powertools/rhsa - 2000 - 050 - 01. - html参考:MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h参考:报价:1559参考:网址:http://www.securityfocus.com/bid/1559mopd(维护操作协议加载器守护程序)不正确清洁user-injected格式字符串,它允许远程攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0751 1供应商确认:是的咨询抽象:有多种格式字符串漏洞。例如,参见:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/018_mopd.patchhttp://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=hCD: SF-LOC建议创建一个单独的为每一个条目。但这些报告如何?源代码行号OpenBSD和NetBSD之间不同,例如。程序名称单独不充分的因为可能有多个vuln在同一个程序。条件,使错误可能是合适的,但我没有源代码检查。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0786:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000726 userv安全边界工具1.0.1(安全修复)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html参考:DEBIAN: 20000727 userv:当地利用参考:网址:http://www.debian.org/security/2000/20000727参考:确认:http://marc.theaimsgroup.com/?l=bugtraq&m=96473640717095&w=2参考:报价:1516参考:网址:http://www.securityfocus.com/bid/1516GNU userv 1.0.0和早些时候不正确执行文件描述符交换,可以腐败USERV_GROUPS USERV_GIDS环境变量和允许本地用户绕过一些访问限制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0786 1供应商确认:是的文章投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0681:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000815 BEA Weblogic server代理库漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html参考:报价:1570参考:网址:http://www.securityfocus.com/bid/1570缓冲区溢出在BEA WebLogic server代理插件允许远程攻击者执行任意命令通过一个长URL以. jsp扩展名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0681 2供应商确认:是的咨询抽象:各种来源报告多个溢出,所以CD: SF-LOC建议创建一个单独的为每一个条目。然而,BEA顾问指出,问题是在一个位置。它可能似乎是多个溢出,因为代理可以安装在不同的web服务器。按照指导的编辑委员会,厂商应该是最终的权威,这应该是一个单一入口,除非它是决定性地证明,有多个溢出。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0682:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000728 BEA WebLogic力量处理程序显示代码漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html参考:确认:http://developer.bea.com/alerts/security_000731.html参考:报价:1518参考:网址:http://www.securityfocus.com/bid/1518BEA WebLogic 5.1。x允许远程攻击者读取源代码解析/ ConsoleHelp /插入页面的URL,它调用FileServlet。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0682 2供应商确认:是的咨询CD: SF-LOC适用于这个SSIServlet / *。shtml /问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0683:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000728 BEA WebLogic力量处理程序显示代码漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html参考:确认:http://developer.bea.com/alerts/security_000728.html参考:报价:1517参考:网址:http://www.securityfocus.com/bid/1517BEA WebLogic 5.1。x允许远程攻击者读取源代码解析页面插入/ *。shtml / URL,调用SSIServlet。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0683 2供应商确认:是的咨询CD: SF-LOC也适用于这个和ConsoleHelp问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0684:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000731 BEA WebLogic * / * . jsp。jhtml远程命令执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html参考:确认:http://developer.bea.com/alerts/security_000731.html参考:报价:1525参考:网址:http://www.securityfocus.com/bid/1525BEA WebLogic 5.1。x不适当限制访问JSPServlet,这可能允许远程攻击者编译和执行Java JSP代码在任何源文件通过直接调用servlet。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0684 2供应商确认:是的咨询这PageCompileServlet bug影响CF: SF-LOC。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0685:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000731 BEA WebLogic * / * . jsp。jhtml远程命令执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html参考:确认:http://developer.bea.com/alerts/security_000731.html参考:报价:1525参考:网址:http://www.securityfocus.com/bid/1525BEA WebLogic 5.1。x不适当限制访问PageCompileServlet,这可能允许远程攻击者编译和执行Java JHTML代码通过直接调用servlet的任何源文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0685 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0707:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000804 pcc MySQL数据库管理工具v1.2.3 -咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html参考:确认:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324参考:报价:1557参考:网址:http://www.securityfocus.com/bid/1557pcc MySQLDatabase管理工具经理1.2.4 dbconnect早些时候,安装文件。公司内的web根,它允许远程攻击者获得管理密码等敏感信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0707 2供应商确认:是的,次用户组投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0712:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:MISC:http://www.egroups.com/message/lids/1038参考:BUGTRAQ: 2000803盖子严重错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html参考:确认:http://www.lids.org/changelog.html参考:报价:1549参考:网址:http://www.securityfocus.com/bid/1549Linux入侵检测系统(盖子)0.9.7允许本地用户获得根权限时盖子通过安全= 0启动选项是禁用的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0712 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0747:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000726 CONECTIVA LINUX安全公告——OPENLDAP参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.htmllogrotate脚本的openldap早于1.2.11 Conectiva Linux日志守护进程发送一个信号到内核不当(klogd)并杀死它。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0747 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0779:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:确认:http://www.checkpoint.com/techsupport/alerts/list_vun.html Improper_stderr参考:报价:1534参考:网址:http://www.securityfocus.com/bid/1534检查点防火墙1与RSH / REXEC设置启用允许远程攻击者绕过访问限制和连接到RSH /通过畸形REXEC客户连接请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0779 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0679:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000728 cvs安全问题参考:网址:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org参考:报价:1523参考:网址:http://www.securityfocus.com/bid/1523CVS 1.10.8客户信托CVS服务器提供的路径名,它允许服务器强迫客户端创建任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0679 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0680:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000728 cvs安全问题参考:网址:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org参考:报价:1524参考:网址:http://www.securityfocus.com/bid/1524CVS 1.10.8服务器不适当限制用户创建任意的签入。食物或更新。学监的程序,它允许远程CVS提交者修改或创建特洛伊木马程序签入。食物或更新。食物的名字,然后执行一个CVS提交行动。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0680 3供应商确认:未知的内容决定:SF-EXEC, SF-LOC包容问题:跟踪原始文章表明存在分歧,是否这是一个问题。有人声称,CVS旨在使用shell访问,因此没有额外的访问授予袭击者“利用”这个明显的错误。抽象问题:CD: SF-EXEC适用这里因为有两个二进制文件可以被利用,签入。学监和Update.prog。因为都是关键的组件相同的软件包和它们演示了相同的问题,CD: SF-EXEC说让他们的总和。有人可能认为,问题是在CVS提交进程启动这些二进制文件;在这种情况下,CD: SF-EXEC并不适用,我们将应用CD: SF-LOC,看看这两个应该是分裂。建议补丁表明签入。学监和更新。prog are treated as separate requests, and they exist in 2 separate lines of code, thus CD:SF-LOC in this case might suggest SPLITTING them. This could be viewed as analogous to different ActiveX controls being marked as safe for scripting (scriptlet.typelib in CVE-1999-0668, and Eyedog in CAN-1999-0669). Decisions regarding those ActiveX controls could thus apply in this case as well. Also note that this affects CAN-1999-0988 and CAN-1999-0828. See the voting record for these candidates for further discussion. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0693 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html参考:报价:1563参考:网址:http://www.securityfocus.com/bid/1563pgxconfig猛禽GFX配置工具的使用相对路径名称“cp”程序的系统调用,它允许本地用户执行任意命令通过修改他们的路径指向另一种“cp”计划。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0693 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0694:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802当地根妥协PGX配置Sun Sparc Solaris参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.htmlpgxconfig的猛禽GFX配置工具可能会允许本地用户权限通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0694 3供应商确认:未知的这个问题被提到在原始Bugtraq帖子,但没有详细描述。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0695:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802当地根妥协PGX配置Sun Sparc Solaris参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.htmlpgxconfig猛禽GFX配置工具中可能包含缓冲区溢出,允许本地用户通过命令行选项来获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0695 3供应商确认:未知的这个问题被提到在原始Bugtraq帖子,但没有详细描述。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0699:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000806 HPUX FTPd脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0028.html参考:报价:1560参考:网址:http://www.securityfocus.com/bid/1560hp - ux ftpd不正确清洁不可信的格式字符串,这可能允许远程攻击者造成拒绝服务或通过传递命令执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0699 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0701:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000801咨询:邮差当地妥协参考:网址:http://www.securityfocus.com/archive/1/73220参考:确认:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000802105050.A11733@rak.isternet.sk参考:BUGTRAQ: 20000802 CONECTIVA LINUX安全公告——邮差参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html参考:BUGTRAQ: 20000802 MDKSA-2000:030——Linux-Mandrake不受邮递员问题参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html参考:REDHAT: RHSA-2000:030-03参考:网址:http://www.redhat.com/support/errata/secureserver/rhsa - 2000 - 030 - 03. - html参考:报价:1539参考:网址:http://www.securityfocus.com/bid/1539邮差2.0 beta3和2.0中的包装程序beta4不正确清洁不可信的格式字符串,它允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0701 3供应商确认:对咨询内容的决定:EX-BETA CD: EX-BETA表明,这不应该被包括在CVE因为它是一个beta版本,除非这是广泛分布的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0704:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:SGI: 20000803 - 01 -参考:网址:ftp://sgigate.sgi.com/security/20000803-01-A参考:报价:1603参考:网址:http://www.securityfocus.com/bid/1603缓冲区溢出在SGI欧姆龙的世界观将允许远程攻击者执行任意命令通过长JS_OPEN JS_MKDIR或JS_FILE_INFO命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0704 3供应商确认:对咨询内容的决定:SF-LOC CD: SF-LOC适用,但是需要更多的信息。如果每个命令都由一个读/解析函数,那么这些应该呆在一个单一的CVE项目。如果有不同的读/解析函数调用命令,那么这应该是分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0713:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000726系列[SPSadvisory # 39] Adobe Acrobat PDF文件缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0382.html参考:确认:http://www.adobe.com/misc/pdfsecurity.html参考:报价:1509参考:网址:http://www.securityfocus.com/bid/1509缓冲区溢出在Adobe Acrobat 4.05中,读者,商业工具,并填写产品处理PDF文件允许攻击者执行任意命令通过一个长/注册中心或订购说明符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0713 3供应商确认:对咨询内容的决定:SF-EXEC, SF-LOC抽象问题:CD: SF-EXEC可以申请因为有多个产品/可执行文件;建议这些合并成一个单一的CVE项目以来的产品是同一个包的一部分。然而,这些错误可能都源自一个“图书馆”在这种情况下,CD: SF-LOC适用,可能建议合并。但是可能有不同的行代码用于/注册表和排序,在这种情况下,CD: SF-LOC建议分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0714:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:REDHAT: RHSA-2000:047-03参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 047 - 03. - html参考:报价:1551参考:网址:http://www.securityfocus.com/bid/1551umb-scheme 3.2 -11安装Red Hat Linux与对外公开文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0714 3供应商确认:对咨询内容的决定:INSTALL-PERM抽象问题:像这样的一些问题有关的安装文件,设置不适当的权限。每一个单独的文件要一个单独的CVE条目吗?或者点符号应使用?这个问题已经被贴上CD: INSTALL-PERM。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0715:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000805 Diskcheck 3.1.1符号链接漏洞参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398BD1FD.BAEE3B70@chonnam.chonnam.ac.kr参考:报价:1552参考:网址:http://www.securityfocus.com/bid/1552DiskCheck DiskCheck脚本。pl在Red Hat Linux允许本地用户创建或覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0715 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0739:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802奈净工具PKI服务器漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html参考:报价:1537参考:网址:http://www.securityfocus.com/bid/1537强。exe程序在奈净工具PKI服务器允许远程攻击者读取任意文件通过一个. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0739 3供应商确认:未知的各种来源的候选人包括引用补丁,但似乎没有办法获得简单的供应商确认没有登记和/或客户。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0740:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802奈净工具PKI服务器漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html参考:报价:1536参考:网址:http://www.securityfocus.com/bid/1536缓冲区溢出的强劲。exe程序在奈净工具PKI服务器允许远程攻击者执行任意命令通过一个长URL的HTTPS端口。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0740 3供应商确认:未知的这个项目的各种来源包括引用补丁,但似乎没有办法获得简单的供应商确认没有登记和/或客户。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0741:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802奈净工具PKI服务器漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html参考:报价:1538参考:网址:http://www.securityfocus.com/bid/1538强。exe程序在奈净工具PKI服务器不正确清洁user-injected格式字符串,它允许远程攻击者通过一个URL执行任意命令.XUDA扩展。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0741 3供应商确认:未知的这个项目的各种来源包括引用补丁,但似乎没有办法获得简单的供应商确认没有登记和/或客户。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0748:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000726 Group-writable可执行在OpenLDAP参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0375.html参考:报价:1511参考:网址:http://www.securityfocus.com/bid/1511OpenLDAP 1.2.11早些时候,不当的ud二进制安装组写权限,这将允许任何用户的组来替代二进制特洛伊木马。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0748 3供应商确认:未知的包容:曼德拉草MDKSA-2000:024和SUSE文档说他们并不脆弱。后续的文章不能复制这个问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0757:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000808利用Totalbill……参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0074.html参考:报价:1555参考:网址:http://www.securityfocus.com/bid/1555系统产生的服务在Aptis Totalbill不执行身份验证,它允许远程攻击者获得根权限通过连接到服务并指定要执行的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0757 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0759:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000719 [LoWNOISE] Tomcat 3.1路径暴露的问题。参考网址:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3flist%3d1%26date%3d2000 - 07 - 15% - 26 - msg%3dpine.sun.3.96.1000719184401.17782a - 100000 @grex.cyberspace.org参考:报价:1531参考:网址:http://www.securityfocus.com/bid/1531参考:XF: tomcat-error-path-reveal Apache Jakarta Tomcat 3.1在揭示物理路径信息远程攻击者请求URL时,不存在,它生成一个错误消息,其中包括物理路径。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0759 3供应商确认:未知的内容决定:DESIGN-REAL-PATH包含:CD: DESIGN-REAL-PATH说,揭示物理路径信息,远程攻击者是一个接触,因此应该被包括在CVE。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0760:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000719 [LoWNOISE] Snoop Servlet (Tomcat 3.1和3.0)参考:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3flist%3d1%26date%3d2000 - 07 - 15% - 26 - msg%3dpine.sun.3.96.1000719235404.24004a - 100000 @grex.cyberspace.org参考:XF: tomcat-snoop-info参考:报价:1532参考:网址:http://www.securityfocus.com/bid/1532Snoop servlet在雅加达在Apache Tomcat 3.1和3.0显示敏感系统信息当远程攻击者请求一个不存在的网址.snp扩展。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0760 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0773:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000731两个八戒网络服务器安全缺陷参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html参考:报价:1522参考:网址:http://www.securityfocus.com/bid/1522八戒HTTP 0.30 web服务器允许远程攻击者读取任意文件通过请求的URL包含“....”,点点的一种变体攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0773 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0774:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000731两个八戒网络服务器安全缺陷参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html参考:报价:1521参考:网址:http://www.securityfocus.com/bid/1521示例Java servlet“测试”在八戒HTTP web服务器0.30揭示了真正的web文档根目录的路径名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0774 3供应商确认:未知的内容决定:DESIGN-REAL-PATH包含:CD: DESIGN-REAL-PATH说,揭示物理路径信息,远程攻击者是一个接触,因此应该被包括在CVE。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0781:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000728 6.62客户端代理Unix脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000728034420.A19824@sdf.freeshell.org参考:报价:1519参考:网址:http://www.securityfocus.com/bid/1519uagentsetup ARCServeIT客户代理6.62不正确检查存在或所有权的一个临时文件移动到代理。cfg配置文件,它允许本地用户通过修改临时文件执行任意命令前移动。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0781 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0785:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000713 wIRCSrv愚蠢参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96353027909756&w=2WircSrv IRC服务器5.07年代允许IRC运营商通过importmotd命令读取任意文件,设置消息的一天(公告)到指定的文件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0785 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0788:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000807字女士和女士访问漏洞执行任意程序,可以利用IE /前景参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg参考:报价:1566参考:网址:http://www.securityfocus.com/bid/1566邮件合并工具在Microsoft Word不提示用户在执行之前Visual Basic (VBA)脚本的访问数据库,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0788 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0793:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000728诺顿防病毒保护残疾人在网络操作系统参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398222C5@zathras.cc.vt.edu参考:报价:1533参考:网址:http://www.securityfocus.com/bid/1533诺顿杀毒软件与网络操作系统客户端5.00.01C不正确后重新启动auto-protection服务系统的第一个用户已经注销。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0793 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0794:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (LSD)一些未发表的LSD利用代码参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl参考:报价:1527参考:网址:http://www.securityfocus.com/bid/1527在IRIX libgl缓冲区溢出。所以图书馆允许本地用户获得根权限通过长HOME变量gmemusage和gr_osview等项目。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0794 3供应商确认:未知的抽象:CD: SF-LOC说,由于这是一个错误在图书馆,应该创建一个条目,即使这图书馆是由多个可执行文件使用。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0795:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (LSD)一些未发表的LSD利用代码参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl参考:报价:1529参考:网址:http://www.securityfocus.com/bid/1529缓冲区溢出在lpstat IRIX 6.2和6.3允许本地用户获得根权限通过长- n选项。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0795 3供应商确认:未知这可能是一个不同的错误比- 1999 - 0952,自-0952年以来- c选项。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0796:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (LSD)一些未发表的LSD利用代码参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl参考:报价:1528参考:网址:http://www.securityfocus.com/bid/1528缓冲区溢出在dmplay IRIX 6.2和6.3允许本地用户获得根权限通过命令行选项。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0796 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0797:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (LSD)一些未发表的LSD利用代码参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl参考:报价:1526参考:网址:http://www.securityfocus.com/bid/1526缓冲区溢出在gr_osview IRIX 6.2和6.3允许本地用户获得特权通过长- d选项。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0797 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0798:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (LSD)一些未发表的LSD利用代码参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl参考:报价:1540参考:网址:http://www.securityfocus.com/bid/1540截断函数IRIX 6。x不正确检查权限xfs文件系统中的文件时,它允许本地用户删除任意文件的内容。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0798 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0799:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (LSD)一些未发表的LSD利用代码参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl参考:报价:1530参考:网址:http://www.securityfocus.com/bid/1530在SGI IRIX inpview项目允许本地用户获得特权通过符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0799 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0801:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000727 (Hackerslab bug_paper] hp - ux快速公车提供缓冲区溢出vul - t选项。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0388.html参考:报价:1520参考:网址:http://www.securityfocus.com/bid/1520缓冲区溢出在快速公车提供程序在hp - ux 11.00允许本地用户通过长- t选项获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0801 3供应商确认:未知的包容:最初的声明表明,它是不确定这是可利用的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0802:最终决定:阶段性裁决:修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000722更多的坏censorware参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96430372326912&w=2参考:XF: bair-security-removal拜尔计划不合理限制访问Internet Explorer网络选项菜单,它允许本地用户获取访问菜单通过修改注册表键开始拜尔。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0802 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: