(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(临时)最近接受68候选人最后(10/13)
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(临时):最近接受68候选人最后(10/13)
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:-0400年结婚,2000年10月11日01:04:13(美国东部时间)
- 交货日期:2000年10月11日01:07:34结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我做了一个临时决定接受以下68名候选人通过RECENT-27从RECENT-23集群。这些集群包含候选人公开宣布在6月6日,2000年和2000年7月18日。我将在10月13日做出最终决定。感谢所有董事会成员获得了他们的选票!10月1日以来的15个不同的成员投票。选民:墙接受(10)等待(37)征收接受(67)修改(1)勒布朗接受(3)修改(1)等待(41)Ozancin接受(19)等待(9)科尔接受(19)无操作(12)Dik接受(1)法国人接受(10)修改(58)Christey等待(37)阿姆斯特朗接受(1)等待(7)评论(1)Magdych接受(16)审核(10)普罗塞接受布莱克(2)接受(4)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0466网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0466最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000620类别:科幻参考:国际空间站:20000620不安全的外部程序在AIX cdmount参考:网址:http://xforce.iss.net/alerts/advise55.php参考:XF: aix-cdmount-insecure-call参考:报价:1384参考:网址:http://www.securityfocus.com/bid/1384AIX cdmount允许本地用户获得根权限通过shell元字符。修改:ADDREF XF: aix-cdmount-insecure-call推断行动:- 2000 - 0466 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: aix-cdmount-insecure-call弗雷希> XF: aix-cdmount-insecure-call(4724) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0469网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0469最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000613 CGI:赛琳娜溶胶的WebBanner(随机横幅生成器)脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl参考:BUGTRAQ: 20000620 Re: CGI:赛琳娜溶胶的WebBanner(随机横幅生成器)脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net参考:报价:1347参考:网址:http://www.securityfocus.com/bid/1347参考:XF: webbanner-input-validation-exe赛琳娜索尔WebBanner 4.0允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: webbanner-input-validation-exe推断行动:- 2000 - 0469 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: webbanner-input-validation-exe弗雷希> XF: webbanner-input-validation-exe(4696) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0471网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0471最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614漏洞在Solaris ufsrestore参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html参考:SUNBUG: 4339366参考:报价:1348参考:网址:http://www.securityfocus.com/bid/1348参考:XF: sol-ufsrestore-bo参考:网址:http://xforce.iss.net/static/4711.php缓冲区溢出在Solaris ufsrestore早8和允许本地用户获得根权限通过长路径名。修改:ADDREF XF: sol-ufsrestore-bo ADDREF SUNBUG: 4339366推断行动:- 2000 - 0471 ACCEPT_REV(5接受,1 ack, 1审查)目前投票:接受(4)征税,Ozancin, Dik,科尔弗伦奇等待修改(1)(1)Christey回顾(1)阿姆斯特朗选民的评论:Christey > XF: sol-ufsrestore-bo弗雷希> XF: sol-ufsrestore-bo (4711) Dik >太阳错误:4339366 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0472网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0472最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000106 innd 2.2.2远程缓冲区溢出参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html参考:火山口:综援- 2000 - 016.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 016.0.txt参考:BUGTRAQ: 20000707酒店更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html参考:BUGTRAQ: 20000721(宣布)酒店2.2.3可用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html参考:BUGTRAQ: 20000722 MDKSA-2000:023酒店更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html参考:报价:1316参考:网址:http://www.securityfocus.com/bid/1316参考:XF: innd-cancel-overflow参考:网址:http://xforce.iss.net/static/4615.php缓冲区溢出在2.2.2 innd允许远程攻击者通过取消执行任意命令请求包含一个长消息ID。修改:ADDREF BUGTRAQ: 20000607酒店更新ADDREF BUGTRAQ: 20000721(宣布)酒店2.2.3可用ADDREF BUGTRAQ: 20000722 MDKSA-2000:023酒店更新ADDREF XF: innd-cancel-overflow推断行动:- 2000 - 0472能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,Ozancin弗伦奇等待修改(1)(3)墙,勒布朗,Christey选民的评论:Christey >添加Mandrake确认:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.htmlChristey >http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.htmlChristey > ADDREF BUGTRAQ: 20000721(宣布)酒店2.2.3可用http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.htmlADDREF BUGTRAQ: 20000722 MDKSA-2000:023酒店更新网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html弗雷希> XF: innd-cancel-overflow(4615) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0475网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0475最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:女士:ms00 - 020参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 020. - asp参考:报价:1350参考:网址:http://www.securityfocus.com/bid/1350参考:XF: win2k-desktop-separation参考:网址:http://xforce.iss.net/static/4714.phpWindows 2000允许本地用户进程访问其他用户的桌面在同一个Windows站,又名“桌面分离”的弱点。修改:ADDREF XF: win2k-desktop-separation推断行动:- 2000 - 0475 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > ADDREF XF: win2k-desktop-separation弗雷希> XF: win2k-desktop-separation(4714) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0477网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0477最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614漏洞在诺顿杀毒软件供交流参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0316.html参考:报价:1351参考:网址:http://www.securityfocus.com/bid/1351参考:XF: antivirus-nav-zip-bo参考:网址:http://xforce.iss.net/static/4710.php缓冲区溢出的诺顿杀毒软件交换(NavExchange)允许远程攻击者造成拒绝服务通过一个. zip文件,其中包含长文件名。修改:ADDREF XF: antivirus-nav-zip-bo推断行动:- 2000 - 0477能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,普罗塞弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: antivirus-nav-zip-bo弗雷希> XF: antivirus-nav-zip-bo普罗瑟(4710)>这个问题除了可以- 2000 - 0478被NAVMSE团队在同一个消息,裁判Bugtraq消息,结婚2000年6月28日09:31:49主题:Re:诺顿杀毒软件的漏洞与修复NAVMSE 2.1中编码。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0478网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0478最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614漏洞在诺顿杀毒软件供交流参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html参考:报价:1351参考:网址:http://www.securityfocus.com/bid/1351参考:XF: antivirus-nav-fail-open参考:网址:http://xforce.iss.net/static/4709.php在某些情况下,诺顿杀毒交换(NavExchange)进入“应急开放”状态病毒可以通过服务器。修改:ADDREF XF: antivirus-nav-fail-open推断行动:- 2000 - 0478能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,普罗塞弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: antivirus-nav-fail-open弗雷希> XF: antivirus-nav-fail-open普罗瑟(4709)>这被NAVMSE团队,裁判Bugtraq消息,结婚2000年6月28日09:31:49主题:Re:诺顿杀毒软件的漏洞与修复NAVMSE 2.1中编码。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0482网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0482最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000605 FW-1 IP碎片脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html参考:确认:http://www.checkpoint.com/techsupport/alerts/list_vun.html IP_Fragmentation参考:报价:1312参考:网址:http://www.securityfocus.com/bid/1312参考:XF: fw1-packet-fragment-dos参考:网址:http://xforce.iss.net/static/4609.php检查防火墙1允许远程攻击者造成拒绝服务通过发送大量的畸形的支离破碎的IP数据包。修改:DESC正确拼写防火墙1]ADDREF确认:http://www.checkpoint.com/techsupport/alerts/list_vun.html IP_FragmentationADDREF XF: fw1-packet-fragment-dos推断行动:- 2000 - 0482能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(3)墙,勒布朗,Christey选民的评论:弗雷希> XF: fw1-packet-fragment-dos(4609)检查在拼写问题是防火墙1点的产品。Christey >看起来这是经检查确认点:http://www.checkpoint.com/techsupport/alerts/list_vun.html IP_Fragmentation= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0483网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0483最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000615 (Brian@digicool.com: Zope Zope安全警报和2.1.7更新[*重要*]]参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html参考:确认:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert参考:REDHAT: RHSA-2000:038-01参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2350参考:FREEBSD: FreeBSD-SA-00:38参考:网址:ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd - sa - 00% - 3 - a38.zope.asc参考:BUGTRAQ: 20000728 MDKSA-2000:026 Zope更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html参考:BUGTRAQ: 2000615 Conectiva Linux安全公告——ZOPE参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br参考:报价:1354参考:网址:http://www.securityfocus.com/bid/1354参考:XF: zope-dtml-remote-modify参考:网址:http://xforce.iss.net/static/4716.phpDocumentTemplate包在Zope 2.2和更早的允许远程攻击者修改DTMLDocuments或擅自DTMLMethods。修改:ADDREF XF: zope-dtml-remote-modify ADDREF BUGTRAQ: 20000728 MDKSA-2000:026 Zope更新ADDREF FREEBSD: FreeBSD-SA-00:38 DESC(添加版本信息)的行动:- 2000 - 0483 ACCEPT_ACK (2, 3 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: zope-dtml-remote-modify弗雷希> XF: zope-dtml-remote-modify (4716) Christey > ADDREF BUGTRAQ: 20000728 MDKSA-2000:026 Zope更新http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.htmlADDREF FREEBSD: FreeBSD-SA-00:38网址:ftp://ftp.freebsd.org/pub/freebsd/cert/advisories/freebsd - sa - 00% - 3 - a38.zope.asc添加影响版本。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0484网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0484最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000616远程DoS攻击小HTTP服务器版本。1.212脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2参考:NTBUGTRAQ: 20000616远程DoS攻击小HTTP服务器版本。1.212脆弱性参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2参考:报价:1355参考:网址:http://www.securityfocus.com/bid/1355参考:XF: small-http-get-overflow-dos参考:网址:http://xforce.iss.net/static/4692.php缓冲区溢出的小型HTTP服务器允许远程攻击者造成拒绝服务通过GET请求。修改:ADDREF XF: small-http-get-overflow-dos推断行动:- 2000 - 0484能接受(4接受,0 ack, 0评论)目前投票:接受(3)征税,墙,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,Ozancin, Christey选民的评论:Christey > XF: small-http-get-overflow-dos弗雷希> XF: small-http-get-overflow-dos墙(4692)> UssrLabs证实了1.212版本的小型HTTP服务器。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0485网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0485最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000530弗兰克-威廉姆斯:盗取密码使用SQL Server EM参考:网址:http://www.securityfocus.com/archive/1/62771参考:女士:ms00 - 041参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 041. - asp参考:报价:1292参考:网址:http://www.securityfocus.com/bid/1292参考:XF: mssql-dts-reveal-passwords参考:网址:http://xforce.iss.net/static/4582.phpMicrosoft SQL Server允许本地用户获取数据库密码通过数据转换服务(DTS)包属性对话框,又名“DTS密码”的弱点。修改:ADDREF XF: mssql-dts-reveal-passwords推断行动:- 2000 - 0485 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:弗雷希> mssql-dts-reveal-passwords (4582) Christey > ADDREFhttp://www.securityfocus.com/templates/archive.pike?list=1&msg=002201bfca52 9 ce75ac0 78779美元dd0@adscorp.comChristey >有两个不同的对话框允许您获得数据库密码;一个捕获- 2000 - 0485,和其他可以- 2000 - 0485。CD: SF-LOC表明保持这些分裂。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0494网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0494最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000616 Veritas卷管理器3.0。x洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html参考:确认:http://seer.support.veritas.com/tnotes/volumeman/230053.htm参考:报价:1356参考:网址:http://www.securityfocus.com/bid/1356参考:XF: veritas-volume-manager Veritas卷管理器创建一个人人可写的.server_pids文件,它允许本地用户任意命令添加到这个文件,然后由vmsa_server执行脚本。修改:ADDREF XF: veritas-volume-manager ADDREF确认:http://seer.support.veritas.com/tnotes/volumeman/230053.htm推断行动:- 2000 - 0494 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)阿姆斯特朗,Ozancin, Christey,科尔选民的评论:弗雷希> XF: veritas-volume-manager (5009) Christey >确认:http://seer.support.veritas.com/tnotes/volumeman/230053.htm这是2000年9月1日,TechNote ID 230053。确认文本是:真理发现安全问题……在启动时自umask Solaris版本2.8之前是000,/var/opt/vmsa/logs/.等文件的权限server_pids设置为666。这允许任何用户输入命令在这个文件中,将执行这些命令当vmsa_server被管理员停止。系统安全是妥协的结果。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0497网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0497最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000612 IBM WebSphere JSP showcode脆弱性参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html参考:确认:http://www - 4. ibm.com/software/webservers/appserv/efix.html参考:报价:1328参考:网址:http://www.securityfocus.com/bid/1328参考:XF: websphere-jsp-source-read IBM WebSphere服务器3.0.2允许远程攻击者视图JSP程序的源代码通过请求URL提供大写的JSP扩展。修改:ADDREF XF: websphere-jsp-source-read推断行动:- 2000 - 0497 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)墙,勒布朗,Ozancin, Christey选民的评论:Christey > XF: websphere-jsp-source-read弗雷希> XF: websphere-jsp-source-read(4697) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0499网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0499最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:CF参考:NTBUGTRAQ: 20000612 BEA WebLogic JSP showcode脆弱性参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm参考:确认:http://developer.bea.com/alerts/security_000612.html参考:报价:1328参考:网址:http://www.securityfocus.com/bid/1328参考:XF: weblogic-jsp-source-read参考:网址:http://xforce.iss.net/static/4694.phpBEA WebLogic 3.1.8中通过4.5.1的默认配置,远程攻击者可以查看源代码的JSP程序请求URL提供的JSP扩展大写。修改:ADDREF XF: weblogic-jsp-source-read ADDREF确认:http://developer.bea.com/alerts/security_000612.htmlDESC变化来确定配置问题,推断行动:添加版本可以- 2000 - 0499 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)墙,勒布朗,Ozancin, Christey选民的评论:弗雷希> XF: weblogic-jsp-source-read(4694)在描述,改变:“通过请求URL,……”Christey >确认:http://developer.bea.com/alerts/security_000612.htmlChristey >改变描述来反映,这是一个默认的配置问题。确认:http://developer.bea.com/alerts/security_000612.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0500网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0500最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:CF参考:确认:http://www.weblogic.com/docs51/admindocs/http.html文件参考:BUGTRAQ: 20000621 BEA WebLogic /文件/ showcode脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2参考:报价:1378参考:网址:http://www.securityfocus.com/bid/1378参考:XF: weblogic-file-source-read参考:网址:http://xforce.iss.net/static/4775.phpBEA WebLogic 5.1.0的默认配置,远程攻击者可以查看源代码的程序通过请求URL /文件/开始,导致默认servlet显示文件没有进一步处理。修改:ADDREF确认:http://www.weblogic.com/docs51/admindocs/http.html文件ADDREF XF: weblogic-file-source-read推断行动:- 2000 - 0500 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey >确认:http://www.weblogic.com/docs51/admindocs/http.html文件弗雷希> XF: weblogic-file-source-read (4775) Christey >改变描述来反映,这是一个默认的配置问题。确认:http://developer.bea.com/alerts/security_000621.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0501网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0501最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000616 mdaemon 2.8.5.0 WinNT和都远程DoS参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html参考:报价:1366参考:网址:http://www.securityfocus.com/bid/1366参考:XF: mdaemon-pass-dos参考:网址:http://xforce.iss.net/static/4745.php竞争条件在MDaemon 2.8.5.0 POP服务器允许本地用户造成拒绝服务通过输入UIDL命令并迅速退出服务器。修改:ADDREF XF: mdaemon-pass-dos推断行动:- 2000 - 0501能接受(5接受,1 ack, 0评论)目前投票:接受(4)阿姆斯特朗,Levy墙,科尔弗伦奇等待修改(1)(2)Ozancin, Christey选民的评论:Christey > XF: mdaemon-pass-dos弗雷希> XF: mdaemon-pass-dos墙(4745)>供应商同意,并发布一个补丁。改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0506网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0506最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609 Sendmail & procmail当地根利用Linux内核2.2.16pre5参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006090852340.3475 - 300000 @alfa.elzabsoft.pl参考:REDHAT: RHSA-2000:037-05参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 037 - 05. - html参考:涡轮:TLSA2000013-1参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-June/000012.html参考:SGI: 20000802 - 01 - p参考:网址:ftp://sgigate.sgi.com/security/20000802-01-P参考:BUGTRAQ: 20000609 Trustix安全咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html参考:BUGTRAQ: 20000608 CONECTIVA LINUX内核安全公告——参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html参考:报价:1322参考:网址:http://www.securityfocus.com/bid/1322参考:XF: linux-kernel-capabilities 2.2.16前的“能力”功能在Linux中允许本地用户造成拒绝服务或获得特权通过设置功能防止setuid计划放弃特权,又称“Linux内核setuid / setcap漏洞。”Modifications: ADDREF REDHAT:RHSA-2000:037-05 ADDREF XF:linux-kernel-capabilities ADDREF SGI:20000802-01-P INFERRED ACTION: CAN-2000-0506 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> ADDREF REDHAT:RHSA-2000:037-05 URL:http://www.redhat.com/support/errata/rhsa - 2000 - 037 - 05. - html弗雷希> XF: linux-kernel-capabilities (4650) Christey > ADDREF SGI: 20000802 - 01 - pftp://sgigate.sgi.com/security/20000802-01-P= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0508网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0508最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000608远程linux中DOS rpc。lockd参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html参考:报价:1372参考:网址:http://www.securityfocus.com/bid/1372参考:XF: linux-lockd-remote-dos参考:网址:http://xforce.iss.net/static/5050.phprpc。lockd在Red Hat Linux 6.1和6.2允许远程攻击者通过畸形引起拒绝服务请求。修改:ADDREF XF: linux-lockd-remote-dos推断行动:- 2000 - 0508能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: linux-lockd-remote-dos(5050) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0510网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0510最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620杯DoS bug参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch参考:报价:1373参考:网址:http://www.securityfocus.com/bid/1373参考:XF: debian-cups-malformed-ipp参考:网址:http://xforce.iss.net/static/4846.php杯(常见Unix打印系统)1.04和更早的允许远程攻击者通过IPP畸形引起拒绝服务请求。修改:ADDREF XF: debian-cups-malformed-ipp推断行动:- 2000 - 0510 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: debian-cups-malformed-ipp弗雷希> XF: debian-cups-posts(4846) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0511网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0511最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620杯DoS bug参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch参考:报价:1373参考:网址:http://www.securityfocus.com/bid/1373参考:XF: debian-cups-posts参考:网址:http://xforce.iss.net/static/4846.php杯(常见Unix打印系统)1.04和更早的允许远程攻击者造成拒绝服务通过一个CGI POST请求。修改:ADDREF XF: debian-cups-posts推断行动:- 2000 - 0511 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收修改(1)弗雷希选民的评论:弗雷希> XF: debian-cups-posts(4846) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0512网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0512最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620杯DoS bug参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch参考:报价:1373参考:网址:http://www.securityfocus.com/bid/1373参考:XF: debian-cups-posts参考:网址:http://xforce.iss.net/static/4846.php杯(常见的Unix印刷系统)1.04和更早的不适当的删除请求文件,它允许远程攻击者造成拒绝服务。修改:ADDREF XF: debian-cups-posts推断行动:- 2000 - 0512 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收修改(1)弗雷希选民的评论:弗雷希> XF: debian-cups-posts(4846) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0513网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0513最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620杯DoS bug参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html参考:确认:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch参考:报价:1373参考:网址:http://www.securityfocus.com/bid/1373参考:XF: debian-cups-posts参考:网址:http://xforce.iss.net/static/4846.php杯(常见Unix打印系统)1.04和更早的允许远程攻击者造成拒绝服务进行身份验证的用户名不存在或密码没有影子。修改:ADDREF XF: debian-cups-posts推断行动:- 2000 - 0513 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收修改(1)弗雷希选民的评论:弗雷希> XF: debian-cups-posts(4846) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0514网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0514最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614安全顾问:远程根脆弱GSSFTP守护进程参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu参考:确认:http://web.mit.edu/kerberos/www/advisories/ftp.txt参考:报价:1374参考:网址:http://www.securityfocus.com/bid/1374参考:XF: kerberos-gssftpd-dos参考:网址:http://xforce.iss.net/static/4734.php在Kerberos 5 1.1 GSSFTP FTP守护进程。x不适当限制一些FTP命令,远程攻击者可以导致拒绝服务,和本地用户获得根权限。修改:ADDREF XF: kerberos-gssftpd-dos(4734)推断行动:- 2000 - 0514 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: kerberos-gssftpd-dos弗雷希> XF: kerberos-gssftpd-dos(4734) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0515网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0515最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:CF参考:BUGTRAQ: 20000607 (Hackerslab bug_paper] hp - ux SNMP守护进程脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org参考:BUGTRAQ: 20000608 Re: hp - ux SNMP守护进程脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com参考:报价:1327参考:网址:http://www.securityfocus.com/bid/1327参考:XF: hpux-snmp-daemon参考:网址:http://xforce.iss.net/static/4643.phpsnmpd。conf配置文件为SNMP守护进程(snmpd)在hp - ux 11.0是人人可写的,它允许本地用户修改SNMP配置或获得的特权。修改:ADDREF XF: hpux-snmp-daemon推断行动:- 2000 - 0515能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: hpux-snmp-daemon(4643) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0516网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0516最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000606为Access Manager 5.0.0明文LDAP根密码。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html参考:报价:1329参考:网址:http://www.securityfocus.com/bid/1329参考:XF: shiva-plaintext-ldap-password参考:网址:http://xforce.iss.net/static/4612.php当配置为配置信息存储在LDAP目录中,湿婆Access Manager 5.0.0存储根DN(专有名称)名和密码明文世界可读的文件,它允许本地用户妥协LDAP服务器。修改:ADDREF XF: shiva-plaintext-ldap-password推断行动:- 2000 - 0516能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: shiva-plaintext-ldap-password(4612) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0522网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0522最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000608潜在的DoS攻击RSA的ACE /服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c 3 c206960 050010美元ac@xtranet.co.uk参考:确认:ftp://ftp.securid.com/support/outgoing/dos/readme.txt参考:BUGTRAQ: 20000714 Re: RSA Aceserver UDP水灾脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html参考:报价:1332参考:网址:http://www.securityfocus.com/bid/1332参考:XF: aceserver-udp-packet-dos参考:网址:http://xforce.iss.net/static/5053.phpRSA ACE /服务器允许远程攻击者因洪水导致拒绝服务服务器的身份验证请求端口与UDP数据包,导致服务器崩溃。修改:ADDREF确认:ftp://ftp.securid.com/support/outgoing/dos/readme.txtADDREF BUGTRAQ: 20000714 Re: RSA Aceserver UDP水灾脆弱性ADDREF XF: aceserver-udp-packet-dos推断行动:- 2000 - 0522能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(3)墙,勒布朗,Christey选民的评论:Christey > ADDREF确认:ftp://ftp.securid.com/support/outgoing/dos/readme.txtADDREFhttp://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html弗雷希> XF: aceserver-udp-packet-dos(5053) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0525网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0525最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609 OpenSSH UseLogin选项允许远程访问与根特权。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html参考:OPENBSD: 20000606非默认UseLogin特性/etc/sshd_config坏了,不应该被使用。参考网址:http://www.openbsd.org/errata.html uselogin参考:报价:1334参考:网址:http://www.securityfocus.com/bid/1334参考:XF: openssh-uselogin-remote-exec参考:网址:http://xforce.iss.net/static/4646.phpOpenSSH不适当放弃特权UseLogin选项启用时,它允许本地用户提供命令执行任意命令ssh守护进程。修改:ADDREF XF: openssh-uselogin-remote-exec推断行动:- 2000 - 0525能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(3)墙,勒布朗,Christey选民的评论:Christey > XF: openssh-uselogin-remote-exechttp://archives.neohapsis.com/archives/freebsd/2000-07/0040.html弗雷希> XF: openssh-uselogin-remote-exec(4646) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0528网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0528最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000619净工具PKI服务器利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html参考:确认:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt参考:报价:1364参考:网址:http://www.securityfocus.com/bid/1364参考:XF: nettools-pki-unauthenticated-access参考:网址:http://xforce.iss.net/static/4743.php网络工具PKI服务器不适当限制访问远程攻击者当XUDA模板文件不包含其他文件的绝对路径名。修改:ADDREF XF: nettools-pki-unauthenticated-access推断行动:- 2000 - 0528 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: nettools-pki-unauthenticated-access弗雷希> XF: nettools-pki-unauthenticated-access(4743) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0529网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0529最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000619净工具PKI服务器利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html参考:确认:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt参考:报价:1363参考:网址:http://www.securityfocus.com/bid/1363参考:XF: nettools-pki-http-bo参考:网址:http://xforce.iss.net/static/4744.php净工具PKI服务器允许远程攻击者造成拒绝服务通过一个HTTP请求。修改:ADDREF XF: nettools-pki-http-bo推断行动:- 2000 - 0529 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: nettools-pki-http-bo弗雷希> XF: nettools-pki-http-bo(4744) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0532网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0532最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:CF参考:FREEBSD: FreeBSD-SA-00:21参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html参考:报价:1323参考:网址:http://www.securityfocus.com/bid/1323参考:XF: freebsd-ssh-ports参考:网址:http://xforce.iss.net/static/4638.phpSSH的FreeBSD补丁2000-01-14配置SSH监听端口722端口22,这可能允许远程攻击者通过端口722访问SSH即使端口22否则过滤。修改:ADDREF XF: freebsd-ssh-ports推断行动:- 2000 - 0532能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: freebsd-ssh-ports(4638) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0533网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0533最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:SGI: 20000601 - 01 - p参考:网址:ftp://sgigate.sgi.com/security/20000601-01-P参考:报价:1379参考:网址:http://www.securityfocus.com/bid/1379参考:XF: irix-workshop-cvconnect-overwrite参考:网址:http://xforce.iss.net/static/4725.php脆弱性在SGI cvconnect IRIX车间允许本地用户覆盖任意文件。修改:ADDREF irix-workshop-cvconnect-overwrite(4725)推断行动:- 2000 - 0533 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey选民的评论:Christey > XF: irix-workshop-cvconnect-overwrite弗雷希> XF: irix-workshop-cvconnect-overwrite(4725) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0534网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0534最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:FREEBSD: FreeBSD-SA-00:22安全咨询参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html参考:报价:1325参考:网址:http://www.securityfocus.com/bid/1325参考:XF: apsfilter-elevate-privileges参考:网址:http://xforce.iss.net/static/4617.phpFreeBSD的apsfilter软件端口包没有正确读取用户过滤配置,它允许本地用户作为lpd用户执行命令。修改:ADDREF XF: apsfilter-elevate-privileges推断行动:- 2000 - 0534 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin选民的评论:弗雷希> XF: apsfilter-elevate-privileges(4617) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0538网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0538最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000607新阿莱尔ColdFusion DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2参考:阿莱尔:ASB00-14参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full参考:报价:1314参考:网址:http://www.securityfocus.com/bid/1314参考:XF: coldfusion-parse-dos参考:网址:http://xforce.iss.net/static/4611.phpColdFusion管理员ColdFusion 4.5.1和早些时候允许远程攻击者造成拒绝服务通过登录密码。修改:ADDREF XF: coldfusion-parse-dos推断行动:- 2000 - 0538能接受(4接受,1 ack, 0评论)目前投票:接受(3)征税,墙,弗伦奇等待Ozancin修改(1)(1)勒布朗选民的评论:弗雷希> XF: coldfusion-parse-dos(4611) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0539网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0539最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:阿莱尔:asb00 - 015参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full参考:报价:1386参考:网址:http://www.securityfocus.com/bid/1386参考:XF: jrun-read-sample-files参考:网址:http://xforce.iss.net/static/4774.phpServlet示例阿莱尔JRun 2.3。x允许远程攻击者获取敏感信息,例如通过SessionServlet清单HttpSession ID的servlet。修改:ADDREF XF: jrun-read-sample-files推断行动:- 2000 - 0539 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收修改(1)弗雷希选民的评论:弗雷希> XF: jrun-read-sample-files(4774) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0540网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0540最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:阿莱尔:asb00 - 015参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full参考:报价:1386参考:网址:http://www.securityfocus.com/bid/1386参考:XF: jrun-read-sample-files参考:网址:http://xforce.iss.net/static/4774.phpJSP示例文件在阿莱尔JRun 2.3。x允许远程攻击者访问任意文件(如通过viewsource.jsp)或获得配置信息。修改:ADDREF XF: jrun-read-sample-files推断行动:- 2000 - 0540 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收修改(1)弗雷希选民的评论:弗雷希> XF: jrun-read-sample-files(4774) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0548网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0548最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt参考:CERT: ca - 2000 - 11参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html参考:CIAC: k - 051参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml参考:XF: kerberos-emsg-bo缓冲区溢出在第4 Kerberos KDC程序允许远程攻击者造成拒绝服务通过kerb_err_reply e_msg变量函数。修改:ADDREF XF: kerberos-emsg-bo DELREF报价:1338推断行动:- 2000 - 0548能接受(3接受,3 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(3)墙,勒布朗,Christey选民的评论:Christey > ADDREF XF: kerberos-emsg-bo弗雷希> XF: kerberos-emsg-bo(4658)不应该报价:1338 (Kerberos4 KDC AUTH_MSG_KDC_REQUEST空终止脆弱性)被分配到- 2000 - 0549吗?Christey >安德烈是正确的,报价:1338应该分配给可以- 2000 - 0549。所以报价应该得到这个?= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0549网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0549最终决定:阶段性裁决:20001011修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt参考:CERT: ca - 2000 - 11参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html参考:CIAC: k - 051参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml4 Kerberos KDC程序不正确检查空终止AUTH_MSG_KDC_REQUEST请求,它允许远程攻击者通过畸形引起拒绝服务请求。推断行动:- 2000 - 0549能接受(3接受,3 ack, 0评论)目前投票:接受(1)Ozancin修改(2)征税,弗雷希无操作(3)墙,勒布朗,Christey选民的评论:Christey > ADDREF报价:1464网址:http://www.securityfocus.com/bid/1464弗雷希> XF: kerberos-authmsgkdcrequests(4659)改变> (Levy投票从审查修改)征收>删除引用出价1464。添加引用出价1338。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0550网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0550最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt参考:CERT: ca - 2000 - 11参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html参考:CIAC: k - 051参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml参考:XF: kerberos-free-memory参考:报价:1465参考:网址:http://www.securityfocus.com/bid/14654 Kerberos KDC程序不当释放内存的两倍(又名“双重释放”),它允许远程攻击者造成拒绝服务。修改:ADDREF XF: kerberos-free-memory ADDREF报价:1465推断行动:- 2000 - 0550能接受(3接受,3 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(3)墙,勒布朗,Christey选民的评论:Christey > XF: kerberos-free-memory Christey > ADDREF报价:1465网址:http://www.securityfocus.com/bid/1465弗雷希> XF: kerberos-free-memory(4660)改变> (Levy投票从审查接受)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0552网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0552最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000606 ICQ2000A ICQmail temparary互联网链接vulnearbility参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html参考:报价:1307参考:网址:http://www.securityfocus.com/bid/1307参考:XF: icq-temp-link参考:网址:http://xforce.iss.net/static/4607.phpICQwebmail客户机ICQ 2000创建一个世界可读期间临时文件登录,不删除它,它允许本地用户获取敏感信息。修改:ADDREF XF: icq-temp-link推断行动:- 2000 - 0552能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: icq-temp-link(4607) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0555网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0555最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0010: DoS &路径暴露弱点同乐会v2.60a参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html参考:报价:1320参考:网址:http://www.securityfocus.com/bid/1320参考:XF: ceilidh-post-dos参考:网址:http://xforce.iss.net/static/4622.php同乐会允许远程攻击者造成拒绝服务通过大量的POST请求。修改:ADDREF XF: ceilidh-post-dos推断行动:- 2000 - 0555能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(3)墙,勒布朗,Christey选民的评论:Christey > ADDREF XF: ceilidh-post-dos弗雷希> XF: ceilidh-post-dos(4622) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0558网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0558最终决定:阶段性裁决:20001011修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0012:在惠普BufferOverrun Openview网络节点经理v6.1参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html参考:报价:1317参考:网址:http://www.securityfocus.com/bid/1317缓冲区溢出在惠普Openview网络节点管理器6.1允许远程攻击者执行任意命令通过报警服务(OVALARMSRV)在端口2345上。推断行动:- 2000 - 0558能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(3)墙,勒布朗,Christey选民的评论:弗雷希> XF: hp-openview-nnm-bo (4619) Christey >惠普:hpsbux0008 - 119 NMM 6.1中描述了一个弱点,但其稀疏的评论暗示问题是有关网络密码,但没有提及,在原Bugtraq职位候选人。Christey > ADDREF惠普:hpsbux0009 - 122网址:http://www.securityfocus.com/templates/advisory.html?id=2675咨询这个漏洞很明显相关。所以,哪一个是惠普:hpsbux0008 - 119处理?= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0561网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0561最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620 DST2K0018:多个BufferOverruns WebBBS HTTP服务器v1.15参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html参考:报价:1365参考:网址:http://www.securityfocus.com/bid/1365参考:XF: webbbs-get-request-overflow参考:网址:http://xforce.iss.net/static/4742.php缓冲区溢出WebBBS 1.15允许远程攻击者执行任意命令通过一个HTTP GET请求。修改:ADDREF XF: webbbs-get-request-overflow推断行动:- 2000 - 0561能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,Ozancin, Christey选民的评论:Christey > XF: webbbs-get-request-overflow弗雷希> XF: webbbs-get-request-overflow(4742)改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0566网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0566最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000712类别:科幻参考:国际空间站:20000712不安全的临时文件处理在Linux makewhatis参考:REDHAT: RHSA-2000:041-02参考:报价:1434参考:火山口:综援- 2000 - 021.0参考:BUGTRAQ: 20000707(安全宣布)人更新参考:BUGTRAQ: 20000727 CONECTIVA Linux安全公告——男人参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html参考:XF: linux-man-makewhatis-tmp参考:网址:http://xforce.iss.net/static/4900.phpmakewhatis在Linux中男人包允许本地用户覆盖文件通过一个符号链接攻击。修改:ADDREF XF: linux-man-makewhatis-tmp ADDREF BUGTRAQ: 20000727 CONECTIVA LINUX安全公告——人的行动:- 2000 - 0566能接受(4接受,3 ack, 0评论)目前投票:接受(3)征税,Magdych,科尔弗伦奇等待修改(1)(3)墙,勒布朗,Christey选民的评论:弗雷希> XF: linux-man-makewhatis-tmp (4900) Christey > ADDREF BUGTRAQ: 20000727 CONECTIVA LINUX安全公告——男人网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0567网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0567最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:女士:ms00 - 043参考:BUGTRAQ: 20000719 MS Outlook电子邮件客户端引用缓冲区溢出:BUGTRAQ: 20000719亚伦德鲁-安全顾问:缓冲区溢出在前景&女士Outlook Express邮件客户参考:报价:1481参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=1481参考:XF: outlook-date-overflow参考:网址:http://xforce.iss.net/static/4953.php缓冲区溢出在Microsoft Outlook和Outlook Express允许远程攻击者执行任意命令通过一个长日期字段在一封电子邮件头,又名“畸形的电子邮件头”的弱点。修改:ADDREF XF: outlook-date-overflow推断行动:- 2000 - 0567能接受(6接受,1 ack, 0评论)目前投票:接受(4)征税,墙,Magdych,科尔修改(2)勒布朗,弗雷希选民的评论:勒布朗>需要添加女士最近公告参考弗雷希> XF: outlook-date-overflow(4953) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0571网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0571最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000703远程DoS攻击LocalWEB HTTP服务器1.2.0脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com参考:报价:1423参考:网址:http://www.securityfocus.com/bid/1423参考:XF: localweb-get-bo参考:网址:http://xforce.iss.net/static/4896.phpLocalWEB HTTP服务器1.2.0允许远程攻击者造成拒绝服务通过一个GET请求。修改:ADDREF XF: localweb-get-bo推断行动:- 2000 - 0571能接受(4接受,0 ack, 0评论)目前投票:接受(3)征税,Magdych,科尔弗伦奇等待修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: localweb-get-bo(4896) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0579网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0579最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000621可预测性问题IRIX Cron和编译器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html参考:报价:1413参考:网址:http://www.securityfocus.com/bid/1413参考:XF: irix-cron-modify-crontab IRIX crontab创建临时文件的umask与可预见的文件名和用户,这可能允许本地用户修改其他用户的crontab文件正在编辑。修改:ADDREF XF: irix-cron-modify-crontab推断行动:- 2000 - 0579 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(4)征税,布莱克,Ozancin,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,墙,勒布朗回顾(1)Magdych选民的评论:弗雷希> XF: irix-cron-modify-crontab改变(5008)>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0582网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0582最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000630 SecureXpert咨询(sx - 20000620 - 3)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.1000630162106.4619c - 100000 @fjord.fscinternet.com参考:确认:http://www.checkpoint.com/techsupport/alerts/list_vun.html SMTP_Security参考:XF: fw1-resource-overload-dos参考:报价:1416参考:网址:http://www.securityfocus.com/bid/1416检查防火墙1 4.0和4.1允许远程攻击者造成拒绝服务通过发送一个无效的命令流(如二进制零)安全SMTP服务器代理。修改:ADDREF确认:http://www.checkpoint.com/techsupport/alerts/list_vun.html SMTP_SecurityDESC提到“无效的命令”而不是二进制零。推断行动:- 2000 - 0582 ACCEPT_REV(3接受,1 ack, 1审查)目前投票:接受(3)征税,抑郁症,科尔等待(3)墙,勒布朗,Christey回顾(1)Magdych选民的评论:Christey >看起来这是经检查确认点:http://www.checkpoint.com/techsupport/alerts/list_vun.html SMTP_Security= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0583网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0583最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626 vpopmail-3.4.11问题参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com参考:确认:http://www.vpopmail.cx/vpopmail-ChangeLog参考:报价:1418参考:网址:http://www.securityfocus.com/bid/1418参考:XF: vpopmail-format-string vchkpw计划在4.8版本之前vpopmail不正确清洁一个不可信的格式字符串中使用syslog调用,它允许远程攻击者通过一个用户或引起拒绝服务传递命令包含任意格式指令。修改:ADDREF XF: vpopmail-format-string推断行动:- 2000 - 0583 ACCEPT_ACK_REV(2接受,1 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,科尔回顾(1)Magdych选民的评论:弗雷希> XF: vpopmail-format-string(5046) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0584网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0584最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html参考:DEBIAN: 20000701美人蕉服务器:缓冲区溢出参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q2/0062.html参考:FREEBSD: FreeBSD-SA-00:31参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1参考:报价:1445参考:网址:http://www.securityfocus.com/bid/1445参考:XF: canna-bin-execute-bo参考:网址:http://xforce.iss.net/static/4912.php缓冲区溢出在美人蕉输入系统允许远程攻击者执行任意命令通过一个SR_INIT命令具有悠久的用户名或组名称。修改:ADDREF XF: canna-bin-execute-bo推断行动:- 2000 - 0584能接受(3接受,2 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Magdych修改(1)(3)墙,勒布朗,科尔选民的评论:弗雷希> XF: canna-bin-execute-bo(4912) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0585网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0585最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000624根利用ISC DHCP客户端。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html参考:OPENBSD: 20000624一个严重的错误在dhclient(8)可以从恶意dhcp服务器允许字符串作为根用户在shell中执行。参考网址:http://www.openbsd.org/errata.html dhclient参考:DEBIAN: 20000628 dhcp客户端:远程根利用dhcp客户端参考:网址:http://www.debian.org/security/2000/20000628参考:FREEBSD: FreeBSD-SA-00:34参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:34.dhclient.asc参考:BUGTRAQ: 20000702[安全]宣布dhcp更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html参考:SUSE: 20000711安全漏洞在dhclient < 2.0参考:网址:http://www.suse.de/de/support/security/suse_security_announce_56.txt参考:NETBSD: NETBSD - sa2000 - 008参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——008.参考:报价:1388参考:网址:http://www.securityfocus.com/bid/1388参考:XF: openbsd-isc-dhcp参考:网址:http://xforce.iss.net/static/4772.phpISC DHCP客户端程序dhclient允许远程攻击者通过shell元字符执行任意命令。修改:DELREF XF: openbsd-isc-dhcp-bo ADDREF XF: openbsd-isc-dhcp ADDREF FREEBSD: FreeBSD-SA-00:34推断行动:- 2000 - 0585能接受(4,5 ack, 0评论)目前投票:接受(3)征税,Magdych,科尔弗伦奇等待修改(1)(3)墙,勒布朗,Christey选民的评论:弗雷希> DELREF: XF: openbsd-isc-dhcp-bo ADDREF: XF: openbsd-isc-dhcp (4772) Christey > ADDREF FREEBSD: FreeBSD-SA-00:34 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0586网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0586最终决定:阶段性裁决:20001011修改:建议:20000719分配:20000719类别:科幻参考:VULN-DEV: 20000628 dalnet 4.6.5远程漏洞参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html参考:XF: ircd-dalnet-summon-bo参考:报价:1404参考:网址:http://www.securityfocus.com/bid/1404缓冲区溢出在Dalnet IRC服务器4.6.5允许远程攻击者造成拒绝服务或通过召唤命令执行任意命令。推断行动:- 2000 - 0586能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,抑郁症,Magdych等待(3)墙,勒布朗,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0587网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0587最终决定:阶段性裁决:20001011修改:建议:20000719分配:20000719类别:科幻参考:XF: glftpd-privpath-directive参考:BUGTRAQ: 20000626 Glftpd privpath虫子……+修复参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.10006261041360.31907 - 200000 @twix.thrijswijk.nl参考:BUGTRAQ: 20000627 Re: Glftpd privpath虫子……+修复参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html参考:报价:1401参考:网址:http://www.securityfocus.com/bid/1401privpath指令在glftpd 1.18允许远程攻击者绕过访问限制目录使用文件名完成能力。推断行动:- 2000 - 0587能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,抑郁症,Magdych等待(3)墙,勒布朗,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0588网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0588最终决定:阶段性裁决:20001011修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626 sawmill5.0.21旧路径错误与弱散列算法参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html参考:BUGTRAQ: 20000706 Flowerfire锯木厂漏洞的补丁可用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html参考:报价:1402参考:网址:http://www.securityfocus.com/bid/1402参考:XF: sawmill-file-access锯木厂5.0.21 CGI程序允许远程攻击者读取任意文件的第一行rfcf参数清单的文件,其内容锯木厂试图解析配置命令。推断行动:- 2000 - 0588 ACCEPT_ACK_REV(2接受,1 ack, 1审查)目前投票:接受(2)征税,弗雷希无操作(3)墙,勒布朗,科尔回顾(1)Magdych = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0591网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0591最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000705 Novell BorderManager 3.0 EE - URL编码规则绕过参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0075.html参考:报价:1432参考:网址:http://www.securityfocus.com/bid/1432参考:XF: bordermanager-bypass-url-restriction Novell BorderManager 3.0和3.5允许远程攻击者绕过URL编码字符的过滤请求的URL。修改:ADDREF XF: bordermanager-bypass-url-restriction推断行动:- 2000 - 0591 ACCEPT_REV(3接受,1 ack, 1审查)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(2)墙,勒布朗回顾(1)Magdych选民的评论:弗雷希> XF: bordermanager-bypass-url-restriction(4906) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0594网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0594最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:VULN-DEV: 20000704 BitchX /忽略错误引用:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html参考:BUGTRAQ: 20000704 BitchX利用可能即将发生,某些DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html参考:REDHAT: RHSA-2000:042-01参考:网址:http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D2383参考:FREEBSD: FreeBSD-SA-00:32参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html参考:火山口:综援- 2000 - 022.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 022.0.txt参考:BUGTRAQ: 20000707 BitchX更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html参考:BUGTRAQ: 20000707 CONECTIVA LINUX安全公告——BitchX参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html参考:报价:1436参考:网址:http://www.securityfocus.com/bid/1436参考:XF: irc-bitchx-invite-dos参考:网址:http://xforce.iss.net/static/4897.phpBitchX IRC客户端不正确清洁一个不可信的格式字符串,它允许远程攻击者导致拒绝服务通过一个邀请一个通道的名字包括特殊格式化字符。修改:ADDREF XF: irc-bitchx-invite-dos推断行动:- 2000 - 0594能接受(4接受,3 ack, 0评论)目前投票:接受(3)征税,Magdych,科尔弗伦奇等待修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: irc-bitchx-invite-dos(4897)火山口的咨询http://www.calderasystems.com/support/security/advisories/cssa - 2000 022.0.txt。在此期间,红帽咨询上市http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D2383。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0595网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0595最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:FREEBSD: FreeBSD-SA-00:24参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html参考:报价:1437参考:网址:http://www.securityfocus.com/bid/1437参考:XF: bsd-libedit-editrc libedit搜索.editrc文件在当前目录,而不是用户的主目录,这可能允许本地用户执行任意命令通过安装一个修改.editrc在另一个目录。修改:ADDREF XF: bsd-libedit-editrc推断行动:- 2000 - 0595 ACCEPT_REV(3接受,1 ack, 1审查)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(2)墙,勒布朗回顾(1)Magdych选民的评论:弗雷希> XF: bsd-libedit-editrc(4911) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0596网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0596最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000627 IE 5和访问2000漏洞——执行程序参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg参考:BUGTRAQ: 20000627弗兰克-威廉姆斯:即2000和访问漏洞——执行程序参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb f59b0 418美元96217 aa8@src.bu.edu参考:女士:ms00 - 049参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 049. - asp参考:CERT: ca - 2000 - 16参考:网址:http://www.cert.org/advisories/ca - 2000 - 16. - html参考:XF: ie-access-vba-code-execute参考:报价:1398参考:网址:http://www.securityfocus.com/bid/1398Internet Explorer 5。x不警告用户在打开一个Microsoft Access数据库文件中引用ActiveX对象标签在HTML文档中,这可能允许远程攻击者执行任意命令,又名“IE脚本”的弱点。修改:ADDREF CERT: ca - 2000 - 16的行动:- 2000 - 0596能接受(6接受,2 ack, 0评论)目前投票:接受(6)征税,墙,勒布朗,抑郁症,Magdych,科尔等待(1)Christey选民的评论:Christey > ADDREF CERT: ca - 2000 - 16 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0597网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0597最终决定:阶段性裁决:20001011修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000627 IE 5和Excel 2000, PowerPoint 2000漏洞,执行程序参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg参考:女士:ms00 - 049参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 049. - asp参考:报价:1399参考:网址:http://www.securityfocus.com/bid/1399参考:XF: ie-powerpoint-activex-object-execute微软Office 2000 (Excel和PowerPoint)和PowerPoint 97被标记为安全的脚本,它允许远程攻击者强迫Internet Explorer或保存文件到任意位置的电子邮件客户端通过Visual Basic应用程序(VBA) SaveAs函数,又名“办公室HTML脚本”的弱点。推断行动:- 2000 - 0597能接受(6接受,1 ack, 0评论)目前投票:接受(6)征税,墙,勒布朗,抑郁症,Magdych,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0598网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0598最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626 + Telnet代理网关问题参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html参考:MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm参考:报价:1395参考:网址:http://www.securityfocus.com/bid/1395参考:XF: fortech-proxy-telnet-gateway Fortech代理+允许远程攻击者绕过访问限制为管理服务通过重定向连接通过telnet代理。修改:DELREF XF: proxyplus-telnet-gateway ADDREF MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm推断行动:- 2000 - 0598 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(4)征税,墙,布莱克,弗伦奇等待Ozancin修改(1)(4)阿姆斯特朗,勒布朗,Christey,科尔回顾(1)Magdych选民的评论:弗雷希> DELREF XF: proxyplus-telnet-gateway改变>[墙投票从等待接受]墙>包含在X-Force和苏联实验室报告。Christey >可能的供应商确认在更改日志日期为2000年7月7日http://www.proxyplus.cz/faq/articles/EN/art01002.htm“2.40版# 184 07.07.2000”一节说:解决错误可能导致不正确的不安全接口检测。解决错误与评估访问列表ClientIP和InterfaceIP对象。在某些情况下参数对象的不当与客户机/接口的IP地址。不知道产品,很难判断这可能是解决问题或不确定的揭露者。这些修复似乎发生在2周的原文,所以也许这* *修复这个问题。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0599网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0599最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000629 iMesh 1.02脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html参考:MISC:http://www.imesh.com/download/download.html参考:XF: imesh-tcp-port-overflow参考:报价:1407参考:网址:http://www.securityfocus.com/bid/1407缓冲区溢出iMesh 1.02允许远程攻击者执行任意命令通过一个长字符串iMesh端口。修改:ADDREF MISC:http://www.imesh.com/download/download.html推断行动:- 2000 - 0599 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(5)征税,墙,布莱克,抑郁症,科尔等待(4)阿姆斯特朗,勒布朗,Ozancin, Christey回顾(1)Magdych选民的评论:改变>[墙投票从等待接受]墙> SecuriTeam perl开发。还包括在X-Force和苏联实验室。改变>[科尔投票从等待接受]Christey >可能确认:http://www.imesh.com/download/download.html新闻万博下载包专栏说1.02版本构建118被释放;因为大参考说1.02构建116年和117年受到影响,这可能是一个修复。选择“新特性”链接http://www.imesh.com/download/download.html发布日期被列为6月20日,但大参考的文章是6月29日。所以,供应商提供了补丁与揭露者表示,他们被告知什么?在“客户端:“部分新功能,评论说“关键已知问题已经解决了。”Not certain if these refer to security, and/or if they refer to discloser's vulnerability. Timing is interesting since discloser said the vendor was notified on June 18. ====================================================== Candidate: CAN-2000-0601 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0601最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000625 LeafChat拒绝服务引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsf.4.10.10006252056110.74551 - 100000 @unix.za.net参考:确认:http://www.leafdigital.com/Software/leafChat/history.html参考:XF: irc-leafchat-dos参考:报价:1396参考:网址:http://www.securityfocus.com/bid/1396LeafChat 1.7 IRC客户机允许远程IRC服务器导致拒绝服务迅速发送大量的错误消息。修改:ADDREF确认:http://www.leafdigital.com/Software/leafChat/history.html推断行动:- 2000 - 0601 ACCEPT_REV(5接受,1 ack, 1审查)目前投票:接受(5)征税,墙,布莱克,抑郁症,科尔等待(4)阿姆斯特朗,勒布朗,Ozancin, Christey回顾(1)Magdych选民的评论:改变>[墙投票从等待接受]墙在SecuriTeam > Java开发代码。其他多个引用。改变>[科尔投票从等待接受]Christey >确认:http://www.leafdigital.com/Software/leafChat/history.html在更改日志声明说:“固定(希望)消息处理一些安全缺陷;无效的数据从服务器收到现在应该只是显示给用户(MDMA船员)”大参考识别自我MDMA的摄制组成员,这是一个确认。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0602网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0602最终决定:阶段性裁决:20001011修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000621 rh 6.2 - gid妥协,等参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006211209500.22969 - 100000 @nimue.tpi.pl参考:XF: redhat-secure-locate-path参考:报价:1385参考:网址:http://www.securityfocus.com/bid/1385安全定位(slocate)在Red Hat Linux允许本地用户获得特权通过畸形LOCATE_PATH环境变量中指定的配置文件。推断行动:- 2000 - 0602能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,抑郁症,Magdych等待(3)墙,勒布朗,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0603网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0603最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:女士:ms00 - 048参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 048. - asp参考:报价:1444参考:网址:http://www.securityfocus.com/bid/1444参考:XF: mssql-procedure-perms参考:网址:http://xforce.iss.net/static/4921.phpMicrosoft SQL Server 7.0允许本地用户绕过权限存储过程通过引用通过一个临时存储过程,又名“存储过程权限”的弱点。修改:ADDREF XF: mssql-procedure-perms推断行动:- 2000 - 0603能接受(6接受,1 ack, 0评论)目前投票:接受(5)征税,墙,勒布朗,Magdych,科尔弗伦奇选民的评论修改(1):法国人> XF: mssql-procedure-perms(4921) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0604网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0604最终决定:阶段性裁决:20001011修改:建议:20000719分配:20000719类别:CF参考:BUGTRAQ: 20000621 rh 6.2 - gid妥协,等参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006211209500.22969 - 100000 @nimue.tpi.pl参考:报价:1383参考:网址:http://www.securityfocus.com/bid/1383参考:XF: redhat-gkermit gkermit在Red Hat Linux安装setgid uucp不当,它允许本地用户属于uucp修改文件。推断行动:- 2000 - 0604能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,抑郁症,Magdych等待(3)墙,勒布朗,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0610网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0610最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000623 NetWin dMailWeb无限制的邮件传递引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000623203007.00944760@qlink.queensu.ca参考:报价:1390参考:网址:http://www.securityfocus.com/bid/1390参考:XF: netwin-dmailweb-newline参考:网址:http://xforce.iss.net/static/4770.phpNetWin dMailWeb cwMail 2.6 g和早些时候允许远程攻击者绕过身份验证,并使用服务器进行邮件中继通过用户名包含一个回车。修改:ADDREF XF: netwin-dmailweb-newline推断行动:- 2000 - 0610能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Magdych修改(1)(3)墙,勒布朗,科尔选民的评论:弗雷希> XF: netwin-dmailweb-newline(4770) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0611网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0611最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:CF参考:BUGTRAQ: 20000623 NetWin dMailWeb无限制的邮件传递引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html参考:报价:1391参考:网址:http://www.securityfocus.com/bid/1391参考:XF: netwin-dmailweb-auth参考:网址:http://xforce.iss.net/static/4771.php的默认配置NetWin dMailWeb和cwMail信托所有流行的服务器,它允许攻击者绕过正常的认证和导致拒绝服务。修改:ADDREF XF: netwin-dmailweb-auth推断行动:- 2000 - 0611能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Magdych修改(1)(3)墙,勒布朗,科尔选民的评论:弗雷希> XF: netwin-dmailweb-auth(4771) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0613网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0613最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000320焦油DMZ拒绝服务- TCP重置参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net参考:思科:20000711思科安全PIX防火墙TCP重置脆弱性参考:网址:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml参考:报价:1454参考:网址:http://www.securityfocus.com/bid/1454参考:XF: cisco-pix-firewall-tcp参考:网址:http://xforce.iss.net/static/4928.php思科安全PIX防火墙不正确识别伪造TCP重置(RST)数据包,它允许远程攻击者强迫合法连接防火墙关闭。修改:ADDREF XF: cisco-pix-firewall-tcp推断行动:- 2000 - 0613能接受(4接受,1 ack, 0评论)目前投票:接受(3)征税,Magdych,科尔弗伦奇等待修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: cisco-pix-firewall-tcp(4928) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0616网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0616最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000719分配:20000719类别:科幻参考:惠普:hpsbmp0006 - 007参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html参考:报价:1405参考:网址:http://www.securityfocus.com/bid/1405参考:XF: hp-turboimage-dbutil脆弱性在惠普TurboIMAGE DBUTIL通过DBUTIL.PUB.SYS允许本地用户获得更多的特权。修改:ADDREF XF: hp-turboimage-dbutil推断行动:- 2000 - 0616 ACCEPT_ACK_REV(2接受,1 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,科尔回顾(1)Magdych选民的评论:弗雷希> XF: hp-turboimage-dbutil (4943)
- 上一页的日期:(临时)最近接受80候选人最后(10/13)
- 下一个按日期:(临时)最近接受81候选人最后(10/13)
- Prev线程:(临时)最近接受80候选人最后(10/13)
- 下一个线程:(临时)最近接受81候选人最后(10/13)
- 指数(es):
