(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(临时)最近接受81候选人最后(10/13)
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(临时):最近接受81候选人最后(10/13)
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:-0400年结婚,2000年10月11日01:18:49(美国东部时间)
- 交货日期:2000年10月11日01:21:57结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我做了一个临时决定接受以下81名候选人通过RECENT-35从RECENT-28集群。这些集群包含候选人之间的公开宣布7月7日,2000年和2000年8月31日。我将在10月13日做出最终决定。感谢所有董事会成员获得了他们的选票!10月1日以来的15个不同的成员投票。选民:墙接受(10)等待(37)征收接受(67)修改(1)勒布朗接受(3)修改(1)等待(41)Ozancin接受(19)等待(9)科尔接受(19)无操作(12)Dik接受(1)法国人接受(10)修改(58)Christey等待(37)阿姆斯特朗接受(1)等待(7)评论(1)Magdych接受(16)审核(10)普罗塞接受布莱克(2)接受(4)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0621网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0621最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000726类别:科幻参考:女士:ms00 - 046参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 046. - asp参考:CERT: ca - 2000 - 14参考:网址:http://www.cert.org/advisories/ca - 2000 - 14. - html参考:报价:1501参考:网址:http://www.securityfocus.com/bid/1501参考:XF: outlook-cache-bypass参考:网址:http://xforce.iss.net/static/5013.phpMicrosoft Outlook 98年和2000年,Outlook Express 4.0倍和5.0倍,允许远程攻击者读取客户机的文件系统通过一个畸形的HTML消息存储文件缓存之外,又名“缓存搭桥”的弱点。修改:ADDREF XF: outlook-cache-bypass推断行动:- 2000 - 0621能接受(5接受,2 ack, 0评论)目前投票:接受(4)征税,墙,勒布朗,科尔弗伦奇选民的评论修改(1):法国人> XF: outlook-cache-bypass(5013) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0624网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0624最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000720 Winamp M3U播放列表解析器缓冲区溢位安全漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html参考:确认:http://www.winamp.com/getwinamp/newfeatures.jhtml参考:报价:1496参考:网址:http://www.securityfocus.com/bid/1496参考:XF: winamp-playlist-parser-bo参考:网址:http://xforce.iss.net/static/4956.php早些时候在Winamp 2.64和缓冲区溢出允许远程攻击者执行任意命令通过一个长# EXTINF:扩展M3U播放列表。修改:ADDREF XF: winamp-playlist-parser-bo ADDREF确认:http://www.winamp.com/getwinamp/newfeatures.jhtmlDESC正确拼写Winamp推断行动:- 2000 - 0624 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)墙,勒布朗,Christey,科尔选民的评论:弗雷希> XF: winamp-playlist-parser-bo(4956)的描述,Nullsoft法术产品作为“Winamp。”Christey> CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml2.65版本中评论:“解决ex-m3u bug /安全漏洞。”====================================================== Candidate: CAN-2000-0627 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0627最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000718黑板Courseinfo v4.0用户身份验证参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html参考:BUGTRAQ: 20000719安全修复黑板CourseInfo 4.0参考:网址:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com参考:报价:1486参考:网址:http://www.securityfocus.com/bid/1486参考:XF: blackboard-courseinfo-dbase-modification参考:网址:http://xforce.iss.net/static/4946.php黑板CourseInfo 4.0不恰当地对用户进行身份验证,它允许本地用户修改CourseInfo数据库信息和获得特权通过直接调用user_update_passwd等支持CGI程序。pl和user_update_admin.pl。修改:ADDREF XF: blackboard-courseinfo-dbase-modification ADDREF BUGTRAQ: 20000719安全修复黑板CourseInfo推断行动:4.0 - 2000 - 0627能接受(4接受,1 ack, 0评论)目前投票:接受(3)征税,墙,布莱克弗伦奇等待修改(1)(5)阿姆斯特朗,勒布朗,Ozancin, Christey,科尔选民的评论:弗雷希> XF: blackboard-courseinfo-dbase-modification (4946) Christey >供应商确认:BUGTRAQ: 20000719安全修复黑板CourseInfo 4.0网址:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com改变>[墙投票从等待接受]墙>供应商发布了这个漏洞的补丁。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0628网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0628最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000710宣布Apache:: ASP v1.95 -安全漏洞固定参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html参考:确认:http://www.nodeworks.com/asp/changes.html参考:报价:1457参考:网址:http://www.securityfocus.com/bid/1457参考:XF: apache-source-asp-file-write参考:网址:http://xforce.iss.net/static/4931.php源。asp脚本示例Apache asp模块Apache:: 1.93和更早的asp允许远程攻击者修改文件。修改:ADDREF XF: apache-source-asp-file-write推断行动:- 2000 - 0628 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,科尔选民的评论:弗雷希> XF: apache-source-asp-file-write(4931) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0630网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0630最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:女士:ms00 - 044参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 044. - asp参考:报价:1488参考:网址:http://www.securityfocus.com/bid/1488参考:XF: iis-htr-obtain-code参考:网址:http://xforce.iss.net/static/5104.phpIIS 4.0和5.0允许远程攻击者获得的源代码片段通过附加一个+。htr URL,一个变种“通过.HTR文件片段阅读”的漏洞。修改:ADDREF XF: iis-htr-obtain-code推断行动:- 2000 - 0630能接受(5接受,1 ack, 0评论)目前投票:接受(4)征税,墙,勒布朗,科尔弗伦奇选民的评论修改(1):法国人> XF: iis-htr-obtain-code(5104) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0631网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0631最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000718 ISBASE安全顾问(SA2000-02)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2参考:女士:ms00 - 044参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 044. - asp参考:报价:1476参考:网址:http://www.securityfocus.com/bid/1476参考:XF: iis-absent-directory-dos参考:网址:http://xforce.iss.net/static/4951.php从IIS 3.0管理脚本,后来在IIS 4.0和5.0,包括允许远程攻击者通过访问脚本导致拒绝服务没有一个特定的参数,即“没有目录浏览器参数”的弱点。修改:ADDREF BUGTRAQ: 20000718 ISBASE安全顾问(SA2000-02) ADDREF XF: iis-absent-directory-dos推断行动:- 2000 - 0631能接受(5接受,1 ack, 0评论)目前投票:接受(4)征税,墙,勒布朗,科尔弗伦奇等待修改(1)(1)Christey选民的评论:弗雷希> XF: iis-absent-directory-dos (4951) Christey > ADDREF BUGTRAQ: 20000718 ISBASE安全顾问(SA2000-02)网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0632网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0632最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:奈:20000717[秘密- 2000 - 07]LISTSERV Web Archive远程溢出参考:网址:http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp参考:确认:http://www.lsoft.com/万博下载包news/default.asp?item=Advisory1参考:报价:1490参考:网址:http://www.securityfocus.com/bid/1490参考:XF: lsoft-listserv-querystring-bo参考:网址:http://xforce.iss.net/static/4952.php缓冲区溢出的web存档组件L-Soft其实早1.8 d和允许远程攻击者执行任意命令通过一个查询字符串。修改:DESC修复错误:改变“不””“ADDREF XF: lsoft-listserv-querystring-bo推断行动:- 2000 - 0632能接受(3接受,2 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(3)墙,勒布朗,Christey选民的评论:Christey >修复错误:"不"弗雷希> XF: lsoft-listserv-querystring-bo(4952)表明,坐落在规范奈参考http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0633网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0633最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:REDHAT: RHSA-2000:053-01参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 053 - 02. - html参考:BUGTRAQ: 20000718 MDKSA-2000:020 usermode更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html参考:BUGTRAQ: 20000812 Conectiva Linux安全公告——usermode参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html参考:报价:1489参考:网址:http://www.securityfocus.com/bid/1489参考:XF: linux-usermode-dos参考:网址:http://xforce.iss.net/static/4944.php脆弱性在Mandrake Linux usermode包允许本地用户重新启动或停止系统。修改:ADDREF XF: linux-usermode-dos ADDREF BUGTRAQ: 20000812 Conectiva Linux安全公告——usermode ADDREF REDHAT: RHSA-2000:053-01推断行动:- 2000 - 0633 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)墙,勒布朗,Christey,科尔选民的评论:弗雷希> XF: linux-usermode-dos (4944) Christey > ADDREF BUGTRAQ: 20000812 Conectiva Linux安全公告——usermodehttp://archives.neohapsis.com/archives/bugtraq/2000-08/0117.htmlADDREF REDHAT: RHSA-2000:053-01http://www.redhat.com/support/errata/rhsa - 2000 - 053 - 02. - html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0634网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0634最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000717 s21sec - 003:漏洞在CommuniGate Pro v3.2.4参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html参考:报价:1493参考:网址:http://www.securityfocus.com/bid/1493参考:XF: communigate-pro-file-read参考:网址:http://xforce.iss.net/static/5105.php早些时候CommuniGate Pro 3.2.5 web管理界面,允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: communigate-pro-file-read推断行动:- 2000 - 0634能接受(5接受0 ack, 0评论)目前投票:接受(4)征税,墙,布莱克,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,勒布朗,Ozancin选民的评论:弗雷希> XF: communigate-pro-file-read改变(5105)>(墙投票从等待接受)墙> SecuriTeam bugtraq似乎唯一来源;首次发现由一个日本人。改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0635网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0635最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000711 Akopia MiniVend管道命令执行漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html参考:确认:http://www.zdnet.com/zdnn/stories/万博下载包news/0, 4586, 2600258, 00. . html参考:报价:1449参考:网址:http://www.securityfocus.com/bid/1449参考:XF: minivend-viewpage-sample参考:网址:http://xforce.iss.net/static/4880.phpview_page。html示例页面MiniVend购物车程序允许远程攻击者通过shell元字符执行任意命令。修改:ADDREF XF: minivend-viewpage-sample ADDREF确认:http://www.zdnet.com/zdnn/stories/万博下载包news/0, 4586, 2600258, 00. . html推断行动:- 2000 - 0635 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)墙,勒布朗,Christey,科尔选民的评论:弗雷希> XF: minivend-viewpage-sample (4880) Christey >确认:http://www.zdnet.com/zdnn/stories/万博下载包news/0, 4586, 2600258, 00. . html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0636网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0636最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000719惠普Jetdirect——无效的FTP命令DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html参考:报价:1491参考:网址:http://www.securityfocus.com/bid/1491参考:XF: hp-jetdirect-quote-dos参考:网址:http://xforce.iss.net/static/4947.php惠普打印机JetDirect版本G.08.20和H.08.20早些时候,允许远程攻击者造成拒绝服务通过一个畸形的FTP引用命令。修改:ADDREF hp-jetdirect-quote-dos(4947)推断行动:- 2000 - 0636 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(4)征税,墙,布莱克,科尔弗伦奇等待修改(1)(2)勒布朗,Ozancin回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: hp-jetdirect-quote-dos改变(4947)>(墙投票从审查接受)墙> ISS和SecuriTeam包括这是一个漏洞。改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0637网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0637最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000711 Excel 2000漏洞——执行程序参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg参考:女士:ms00 - 051参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 051. - asp参考:报价:1451参考:网址:http://www.securityfocus.com/bid/1451参考:XF: excel-register-function参考:网址:http://xforce.iss.net/static/5016.phpMicrosoft Excel 97和2000年允许攻击者执行任意命令通过指定一个恶意使用寄存器. dll。标识功能,又名“Excel登记。ID功能”的弱点。修改:ADDREF XF: excel-register-function推断行动:- 2000 - 0637能接受(5接受,1 ack, 0评论)目前投票:接受(4)征税,墙,勒布朗,科尔弗伦奇选民的评论修改(1):法国人> XF: excel-register-function(5016) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0638网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0638最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000711老大哥利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html参考:BUGTRAQ: 20000711远程利用在所有当前版本的老大哥参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html参考:确认:http://bb4.com/README.CHANGES参考:报价:1455参考:网址:http://www.securityfocus.com/bid/1455参考:XF: http-cgi-bigbrother-bbhostsvc参考:网址:http://xforce.iss.net/static/4879.php哥哥早1.4 h1和允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: http-cgi-bigbrother-bbhostsvc推断行动:- 2000 - 0638能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: http-cgi-bigbrother-bbhostsvc(4879) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0639网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0639最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:CF参考:BUGTRAQ: 20000711老大哥文件名扩展脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html参考:报价:1494参考:网址:http://www.securityfocus.com/bid/1494参考:XF: big-brother-filename-extension参考:网址:http://xforce.iss.net/static/5103.php老大哥的默认配置不包括早1.4 h2和适当的访问限制,允许远程攻击者通过使用bdd执行任意命令上传文件的扩展将导致它作为一个CGI脚本执行的web服务器。修改:ADDREF XF: big-brother-filename-extension推断行动:- 2000 - 0639 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,科尔选民的评论:弗雷希> XF: big-brother-filename-extension(5103) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0640网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0640最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000708 gnu-pop3d (FTGate问题),莎凡特网络服务器,公会FTPd参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html参考:报价:1452参考:网址:http://www.securityfocus.com/bid/1452参考:XF: guild-ftpd-disclosure参考:网址:http://xforce.iss.net/static/4922.php公会FTPd允许远程攻击者决定文件的存在之外的FTP根通过. .(点点)攻击,它提供了不同的错误消息取决于该文件是否存在。修改:ADDREF XF: guild-ftpd-disclosure推断行动:- 2000 - 0640能接受(6接受0 ack 0审查)目前投票:接受(4)征税,布莱克,Ozancin,科尔修改(2)墙,弗雷希无操作(2)阿姆斯特朗,勒布朗选民的评论:弗雷希> XF: guild-ftpd-disclosure(4922)改变>(墙投票从等待修改)墙>“公会FTPd Windows 98和Windows NT 4.0允许”……改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0641网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0641最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000708 gnu-pop3d (FTGate问题),莎凡特网络服务器,公会FTPd参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html参考:报价:1453参考:网址:http://www.securityfocus.com/bid/1453参考:XF: savant-get-bo参考:网址:http://xforce.iss.net/static/4901.php莎凡特web服务器允许远程攻击者执行任意命令通过一个GET请求。修改:ADDREF XF: savant-get-bo推断行动:- 2000 - 0641能接受(5接受0 ack, 0评论)目前投票:接受(4)征税,墙,布莱克,弗伦奇等待Ozancin修改(1)(3)阿姆斯特朗,勒布朗,科尔选民的评论:弗雷希> XF: savant-get-bo改变(4901)>(墙投票从等待接受)墙>苏联实验室和多个引用。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0642网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0642最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:CF参考:BUGTRAQ: 20000711的DoS WEBactive win65 / NT服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org参考:报价:1497参考:网址:http://www.securityfocus.com/bid/1497参考:XF: webactive-active-log参考:网址:http://xforce.iss.net/static/5184.phpWebActive HTTP服务器的默认配置1.00存储web访问日志活动。登录文档根,它允许远程攻击者通过直接请求页面查看日志。修改:ADDREF XF: webactive-active-log推断行动:- 2000 - 0642能接受(5接受0 ack, 0评论)目前投票:接受(4)征税,墙,布莱克,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,勒布朗,Ozancin选民的评论:弗雷希> XF: webactive-active-log(5184)改变>[墙投票从审查接受]变化>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0643网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0643最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000711的DoS WEBactive win65 / NT服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org参考:报价:1470参考:网址:http://www.securityfocus.com/bid/1470参考:XF: webactive-long-get-dos参考:网址:http://xforce.iss.net/static/4949.php缓冲区溢出WebActive HTTP Server 1.00允许远程攻击者通过一个长URL引起拒绝服务。修改:ADDREF XF: webactive-long-get-dos推断行动:- 2000 - 0643能接受(4接受,0 ack, 0评论)目前投票:接受(3)征税,墙,布莱克弗伦奇等待修改(1)(4)阿姆斯特朗,勒布朗,Ozancin,科尔选民的评论:弗雷希> XF: webactive-long-get-dos改变(4949)>(墙投票从等待接受)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0644网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0644最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000721 WFTPD / WFTPD Pro 2.41 RC11漏洞。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html参考:报价:1506参考:网址:http://www.securityfocus.com/bid/1506参考:XF: wftpd-stat-dos参考:网址:http://xforce.iss.net/static/5003.phpWFTPD和WFTPD Pro 2.41允许远程攻击者造成拒绝服务通过执行STAT命令在命令列表仍执行。修改:ADDREF XF: wftpd-stat-dos推断行动:- 2000 - 0644 ACCEPT_REV(6接受0 ack 1审查)目前投票:接受(5)征税,墙,布莱克,Ozancin,科尔弗伦奇等待修改(1)(2)勒布朗,Christey回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: wftpd-stat-dos(5003)改变>[墙投票从等待接受]变化>[科尔投票从等待接受]Christey >http://www.wftpd.com/bugpage.htm错误细节RC12识别其他vuln发现揭露者,但不包括这一个。供应商忘了修理它,或者他们忘了文件修复了吗?= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0651网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0651最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000707 Novell边境经理——任何人都可以冒充一个身份验证的用户参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com参考:报价:1440参考:网址:http://www.securityfocus.com/bid/1440参考:XF: novell-bordermanager-verification参考:网址:http://xforce.iss.net/static/5186.php在Novell BorderManager ClientTrust项目不正确验证身份验证请求的起源,这可能允许远程攻击者冒充重演另一个用户的身份验证请求和响应端口3024的受害者的机器。修改:ADDREF XF: novell-bordermanager-verification推断行动:- 2000 - 0651 ACCEPT_REV(4接受,0 ack, 1审查)目前投票:接受(3)征税,布莱克,科尔弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: novell-bordermanager-verification(5186)改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0652网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0652最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000723 IBM WebSphere默认servlet处理程序showcode脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html参考:报价:1500参考:网址:http://www.securityfocus.com/bid/1500参考:XF: websphere-showcode参考:网址:http://xforce.iss.net/static/5012.phpIBM WebSphere允许远程攻击者读取源代码执行web文件通过直接调用默认InvokerServlet使用URL包含“/ servlet /文件”字符串。修改:ADDREF XF: websphere-showcode推断行动:- 2000 - 0652能接受(4接受,1 ack, 0评论)目前投票:接受(3)征税,Bollinger,布莱克弗伦奇等待修改(1)(6)阿姆斯特朗,墙,勒布朗,Ozancin, Christey,科尔选民的评论:弗雷希> F: websphere-showcode (5012) Christey >发现者声称APAR PQ39857修复这个问题,但它无法找到:http://www - 4. ibm.com/software/webservers/appserv/efix.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0654网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0654最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:女士:ms00 - 041参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 041. - asp参考:报价:1466参考:网址:http://www.securityfocus.com/bid/1466参考:XF: mssql-dts-reveal-passwords参考:网址:http://xforce.iss.net/static/4582.php微软企业管理器允许本地用户获取数据库密码通过数据转换服务(DTS)包注册服务器对话框对话框,又名“DTS密码”的一种变体的弱点。修改:ADDREF XF: mssql-dts-reveal-passwords推断行动:- 2000 - 0654能接受(5接受,1 ack, 0评论)目前投票:接受(4)征税,墙,勒布朗,科尔弗伦奇等待修改(1)(1)Christey选民的评论:弗雷希> XF: mssql-dts-reveal-passwords(4582)我们显示复制- 2000 - 0485;这可能是一个贷款的问题。Christey >有两个不同的对话框允许您获得数据库密码;一个捕获- 2000 - 0485,和其他可以- 2000 - 0654。CD: SF-LOC表明保持这些分裂。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0655网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0655最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000724 JPEG COM标记处理漏洞在网景浏览器参考:网址:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com参考:REDHAT: RHSA-2000:046-02参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 046 - 02. - html参考:SUSE: 20000823安全漏洞在Netscape,版本4。x,可能其他人参考:网址:http://www.suse.de/de/support/security/suse_security_announce_60.txt参考:涡轮:TLSA2000017-1参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html参考:NETBSD: NETBSD - sa2000 - 011参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——011.参考:FREEBSD: FreeBSD-SA-00:39参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc参考:BUGTRAQ: 20000801 MDKSA-2000:027-1网景更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html参考:BUGTRAQ: 20000810 Conectiva Linux安全公告——netscape参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html参考:报价:1503参考:网址:http://www.securityfocus.com/bid/1503参考:XF: netscape-jpg-comment Netscape 4.73和更早的沟通者允许远程攻击者造成拒绝服务或执行任意命令通过一个JPEG图像包含注释的非法字段长度1。修改:ADDREF XF: netscape-jpg-comment ADDREF FREEBSD: FreeBSD-SA-00:39 ADDREF SUSE: 20000823安全漏洞在Netscape,版本4。x,可能别人ADDREF NETBSD:NetBSD-SA2000-011 ADDREF TURBO:TLSA2000017-1 ADDREF BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update ADDREF BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape INFERRED ACTION: CAN-2000-0655 ACCEPT (4 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Levy, Wall, Cole MODIFY(1) Frech NOOP(2) LeBlanc, Christey Voter Comments: Frech> XF:netscape-jpg-comment(5014) Christey> ADDREF FREEBSD:FreeBSD-SA-00:39 ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly othershttp://www.suse.de/de/support/security/suse_security_announce_60.txtADDREF涡轮:TLSA2000017-1网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.htmlADDREF BUGTRAQ: 20000801 MDKSA-2000:027-1网景更新网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.htmlADDREF NETBSD: NETBSD - sa2000 - 011网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——011.ADDREF BUGTRAQ: 20000810 Conectiva Linux安全公告——netscape URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0660网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0660最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000712 Infosec.20000712.worldclient.2.1参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html参考:确认:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt参考:报价:1462参考:网址:http://www.securityfocus.com/bid/1462参考:XF: worldclient-dir-traverse参考:网址:http://xforce.iss.net/static/4913.phpWDaemon web服务器WorldClient 2.1允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: worldclient-dir-traverse ADDREF确认:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt推断行动:- 2000 - 0660 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)墙,勒布朗,Christey,科尔选民的评论:弗雷希> XF: worldclient-dir-traverse (4913) Christey >确认:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0661网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0661最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000710远程DoS攻击WircSrv Irc服务器v5.07s脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html参考:报价:1448参考:网址:http://www.securityfocus.com/bid/1448参考:XF: wircsrv-character-flood-dos参考:网址:http://xforce.iss.net/static/4914.phpWircSrv IRC服务器5.07年代允许远程攻击者造成拒绝服务通过一个长字符串到服务器的端口。修改:ADDREF XF: wircsrv-character-flood-dos推断行动:- 2000 - 0661能接受(5接受0 ack, 0评论)目前投票:接受(4)征税,墙,布莱克,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,勒布朗,Ozancin选民的评论:弗雷希> XF: wircsrv-character-flood-dos(4914)改变>[墙投票从等待接受]变化>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0663网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0663最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:女士:ms00 - 052参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 052. - asp参考:MSKB: Q269049参考:网址:http://www.microsoft.com/technet/support/kb.asp?ID=269049参考:报价:1507参考:网址:http://www.securityfocus.com/bid/1507参考:XF: explorer-relative-path-name参考:网址:http://xforce.iss.net/static/5040.phpWindows的注册表项壳可执行(资源管理器)在Windows NT和Windows 2000使用相对路径名称,本地用户可以执行任意命令插入一个特洛伊木马探险家命名。exe % Systemdrive %目录,即“相对外壳路径”的漏洞。修改:ADDREF XF: explorer-relative-path-name推断行动:- 2000 - 0663能接受(5接受,2 ack, 0评论)目前投票:接受(4)征税,墙,勒布朗,科尔弗伦奇选民的评论修改(1):法国人> XF: explorer-relative-path-name(5040) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0664网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0664最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000726 AnalogX“SimpleServer: WWW”点点错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html参考:确认:http://www.analogx.com/contents/download/network/sswww.htm参考:报价:1508参考:网址:http://www.securityfocus.com/bid/1508参考:XF: analogx-simpleserver-directory-path参考:网址:http://xforce.iss.net/static/4999.phpAnalogX SimpleServer: WWW 1.06和更早的允许远程攻击者读取任意文件通过修改. .(点点)攻击,使用% 2 e URL编码的点。修改:ADDREF XF: analogx-simpleserver-directory-path推断行动:- 2000 - 0664 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,科尔选民的评论:弗雷希> XF: analogx-simpleserver-directory-path(4999) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0665网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0665最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:NTBUGTRAQ: 20000717 DoS Gamsoft TelSrv telnet服务器Windows 95/98 / NT / 2 k女士。参考网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html参考:NTBUGTRAQ: 20000729 TelSrv DoS攻击参考后显示用户名&密码:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html参考:报价:1478参考:网址:http://www.securityfocus.com/bid/1478参考:XF: gamsoft-telsrv-dos参考:网址:http://xforce.iss.net/static/4945.phpGAMSoft TelSrv telnet服务器1.5和更早的允许远程攻击者通过长导致拒绝服务用户名。修改:ADDREF XF: gamsoft-telsrv-dos ADDREF NTBUGTRAQ: 20000729 TelSrv DoS攻击后显示用户名&密码DESC供应商名称更改为“GAMSoft”推断行动:- 2000 - 0665能接受(4接受,0 ack, 0评论)目前投票:接受(3)征税,布莱克,科尔弗伦奇等待修改(1)(5)阿姆斯特朗,墙,勒布朗,Ozancin, Christey选民的评论:弗雷希> XF: gamsoft-telsrv-dos (4945) Christey >供应商名称更改为“GAMSoft”ADDREF NTBUGTRAQ: 20000729 TelSrv DoS攻击后显示用户名和密码http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html这是一个额外的影响相同的DoS NTBUGTRAQ早些时候所描述的职位。改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0666网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0666最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000716很多很多乐趣与rpc。statd参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html参考:DEBIAN: 20000715 rpc。statd:远程根利用参考:网址:http://www.debian.org/security/2000/20000719a参考:REDHAT: RHSA-2000:043-03参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 043 - 03. - html参考:BUGTRAQ: 20000717 CONECTIVA LINUX安全公告——nfs-utils参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html参考:BUGTRAQ: 20000718 Trustix安全顾问——nfs-utils参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html参考:BUGTRAQ: 20000718[安全]宣布MDKSA-2000:021 nfs-utils更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html参考:火山口:综援- 2000 - 025.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 025.0.txt参考:CERT: ca - 2000 - 17参考:网址:http://www.cert.org/advisories/ca - 2000 - 17. - html参考:报价:1480参考:网址:http://www.securityfocus.com/bid/1480参考:XF: linux-rpcstatd-format-overwrite参考:网址:http://xforce.iss.net/static/4939.phprpc。statd nfs-utils包中在不同的Linux发行版本不正确清洁不可信的格式字符串,它允许远程攻击者获得根权限。修改:ADDREF CERT: ca - 2000 - 17 ADDREF XF: linux-rpcstatd-format-overwrite推断行动:- 2000 - 0666能接受(3,4 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(3)墙,勒布朗,Christey选民的评论:Christey > ADDREF CERT: ca - 2000 - 17弗雷希> XF: linux-rpcstatd-format-overwrite(4939) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0668网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0668最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:REDHAT: RHSA-2000:044-02参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 044 - 02. - html参考:BUGTRAQ: 20000727 CONECTIVA LINUX安全公告- PAM参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html参考:BUGTRAQ: 20000801 MDKSA-2000:029 pam更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html参考:报价:1513参考:网址:http://www.securityfocus.com/bid/1513参考:XF: linux-pam-console参考:网址:http://xforce.iss.net/static/5001.phppam_console PAM模块在Linux系统允许用户访问系统控制台和重新启动系统时显示经理如gdm或kdm XDMCP启用。修改:ADDREF XF: linux-pam-console ADDREF BUGTRAQ: 20000727 CONECTIVA LINUX安全公告- PAM ADDREF BUGTRAQ: 20000801 MDKSA-2000:029 PAM更新推断行动:- 2000 - 0668能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(3)墙,勒布朗,Christey选民的评论:弗雷希> XF: linux-pam-console (5001) Christey > ADDREF BUGTRAQ: 20000727 CONECTIVA LINUX安全公告- PAMhttp://archives.neohapsis.com/archives/bugtraq/2000-07/0398.htmlADDREF BUGTRAQ: 20000801 MDKSA-2000:029 pam更新http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0669网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0669最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000711远程拒绝服务——网络5.0 SP 5参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5 c3d0 9330美元d801a8c0@dimuthu.baysidegrp.com.au参考:报价:1467参考:网址:http://www.securityfocus.com/bid/1467参考:XF: netware-port40193-dos网络操作系统5.0允许远程攻击者因洪水导致拒绝服务与随机数据端口40193。修改:ADDREF XF: netware-port40193-dos DESC改变拼写“网络”的行动:- 2000 - 0669 ACCEPT_REV(4接受,0 ack, 1审查)目前投票:接受(3)征税,布莱克,科尔弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: netware-port40193-dos(4932)的描述,正确的拼写是网络。改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0670网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0670最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000712 cvsweb:远程shell cvs提交者参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html参考:BUGTRAQ: 20000714 MDKSA-2000:019 cvsweb更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html参考:DEBIAN: 20000716参考:网址:http://www.debian.org/security/2000/20000719b参考:FREEBSD: FreeBSD-SA-00:37参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.asc参考:涡轮:TLSA2000016-1参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html参考:报价:1469参考:网址:http://www.securityfocus.com/bid/1469参考:XF: cvsweb-shell-access参考:网址:http://xforce.iss.net/static/4925.phpcvsweb 1.80中的cvsweb CGI脚本允许远程攻击者以写模式访问CVS存储库执行任意命令通过shell元字符。修改:ADDREF XF: cvsweb-shell-access ADDREF涡轮:TLSA2000016-1推断行动:- 2000 - 0670能接受(3接受,2 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(3)墙,勒布朗,Christey选民的评论:弗雷希> XF: cvsweb-shell-access (4925) Christey > ADDREF FREEBSD:http://archives.neohapsis.com/archives/freebsd/2000-08/0096.htmlADDREF涡轮:TLSA2000016-1http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0671网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0671最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000721 Roxen安全警报:url包含空字符的问题。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html参考:BUGTRAQ: 20000721 Roxen Web服务器漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html参考:报价:1510参考:网址:http://www.securityfocus.com/bid/1510参考:XF: roxen-null-char-url参考:网址:http://xforce.iss.net/static/4965.phpRoxen web服务器比2.0.69允许允许远程攻击者绕过访问限制,列出目录的内容,阅读源代码中插入一个空字符(% 00)的URL。修改:DESC澄清问题ADDREF XF: roxen-null-char-url推断行动:- 2000 - 0671 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:修改(2)征税,弗雷希无操作(3)墙,勒布朗,科尔选民的评论:征收>真的是有这个问题不仅仅是能够列出一个目录的内容。Roxen使用派克。派克可以处理与null字符串,但底层操作系统在第一个空的字符串截断。因此Roxen和操作系统不同意真正指向文件的字符串。症状是能够列出一个目录。更危险的是能够绕过访问限制通过发送一个查询,该查询将web服务器的acl但有效传递给底层操作系统。你也可以用它来下载源代码脚本发送请求web服务器不会认为是一种文件类型,应该解析或执行死刑的可能性,但这将使底层操作系统打开阅读脚本。弗雷希> XF: roxen-null-char-url(4965) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0673网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0673最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:奈:20000727 Windows NetBIOS名称冲突参考:网址:http://www.pgp.com/research/covert/advisories/044.asp参考:女士:ms00 - 047参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 047. - asp参考:报价:1514参考:网址:http://www.securityfocus.com/bid/1514参考:报价:1515参考:网址:http://www.securityfocus.com/bid/1515参考:XF: netbios-name-server-spoofing参考:网址:http://xforce.iss.net/static/5035.phpNetBIOS名称服务器(nbn公司禁止)协议不执行身份验证,它允许远程攻击者造成拒绝服务通过发送一个欺骗名称冲突或名称发布数据报,又名“NetBIOS名称服务器协议欺骗”的弱点。修改:ADDREF XF: netbios-name-server-spoofing推断行动:- 2000 - 0673能接受(5接受,2 ack, 0评论)目前投票:接受(3)墙,勒布朗,科尔修改(2)征税,弗雷希无操作(1)Christey选民的评论:征收>看来你是结合这两个问题,因为他们有相同的根本问题:NetBIOS信任每个人都和它不经过身份验证的。但如果这是你的推理就可以把这作为一个软件故障(SF),它应该是一个设计缺陷。弗雷希> XF: netbios-name-server-spoofing (5035) Christey >没有“设计缺陷”范畴,虽然也许应该有。“科幻”(软件故障)范畴包括实现缺陷和设计缺陷。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0674网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0674最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000712 ftp。pl脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html参考:报价:1471参考:网址:http://www.securityfocus.com/bid/1471参考:XF: virtualvision-ftp-browser参考:网址:http://xforce.iss.net/static/5187.phpftp。pl CGI程序虚拟幻想FTP浏览器允许远程攻击者读取目录以外的文档根通过. .(点点)攻击。修改:ADDREF XF: virtualvision-ftp-browser推断行动:- 2000 - 0674能接受(6接受0 ack 0审查)目前投票:接受(5)征税,墙,布莱克,Ozancin,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,勒布朗,Christey选民的评论:弗雷希> XF: virtualvision-ftp-browser(5187)改变>[墙投票从等待接受]变化>[科尔投票从等待接受]Christey >我验证这个通过代码检查ftp。pl的下载http://www.arc-s.com/virtual_visions/files/ftp.zip2000年10月5日。脆弱的线:114行:check_dir =美元FORM_DATA {“dir”};116行:$ full_path =“full_path / check_dir美元”;128行:opendir (DIR, full_path美元);129行:@allfiles = readdir (DIR);看来feartech供应商不再是维护代码,feartech网站(http://www.feartech.com/vv/ftp.shtml我只是引用)指向www.arc-s.com网站。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0675网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0675最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000713 MDMA船员的看门人利用参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2 e1ec4@kungphusion a52cbd80 367美元参考:报价:1477参考:网址:http://www.securityfocus.com/bid/1477参考:XF: gatekeeper-long-string-bo参考:网址:http://xforce.iss.net/static/4948.php早些时候在Infopulse看门人3.5和缓冲区溢出允许远程攻击者执行任意命令通过一个长字符串。修改:ADDREF XF: gatekeeper-long-string-bo推断行动:- 2000 - 0675能接受(5接受0 ack, 0评论)目前投票:接受(4)征税,墙,布莱克,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,勒布朗,Ozancin选民的评论:弗雷希> XF: gatekeeper-long-string-bo(4948)改变>[墙投票从等待接受]变化>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0676网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0676最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000811类别:科幻参考:BUGTRAQ: 20000804危险的Java / Netscape安全漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html参考:REDHAT: RHSA-2000:054-01参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 054 - 01. - html参考:火山口:综援- 2000 - 027.1参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 027.1.txt参考:FREEBSD: FreeBSD-SA-00:39参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc参考:SUSE: 20000823安全漏洞在Netscape,版本4。x,可能其他人参考:网址:http://www.suse.de/de/support/security/suse_security_announce_60.txt参考:BUGTRAQ: 20000810 MDKSA-2000:033网景Java脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html参考:BUGTRAQ: 20000821 MDKSA-2000:036——netscape更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html参考:BUGTRAQ: 20000818 Conectiva Linux安全公告——netscape参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html参考:CERT: ca - 2000 - 15参考:网址:http://www.cert.org/advisories/ca - 2000 - 15. - html参考:报价:1546参考:网址:http://www.securityfocus.com/bid/1546网景的沟通者和导航器4.04 4.74允许远程攻击者读取任意文件通过使用Java applet来打开一个连接到一个URL使用“文件”,“http”、“https”,和“ftp协议,证明了棕色的孔。修改:ADDREF BUGTRAQ: 20000804危险的Java / Netscape安全漏洞ADDREF REDHAT: RHSA-2000:054-01 ADDREF火山口:综援- 2000 - 027.1 ADDREF FREEBSD: FreeBSD-SA-00:39 ADDREF SUSE: 20000823安全漏洞在Netscape,版本4。x,可能别人ADDREF BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability ADDREF BUGTRAQ:20000821 MDKSA-2000:036 - netscape update ADDREF BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape INFERRED ACTION: CAN-2000-0676 ACCEPT (3 accept, 5 ack, 0 review) Current Votes: ACCEPT(3) Levy, Wall, Cole NOOP(1) Christey Voter Comments: Christey> ADDREF BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.htmlADDREF BUGTRAQ: 20000821 MDKSA-2000:036——netscape更新网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.htmlADDREF BUGTRAQ: 20000818 Conectiva Linux安全公告——netscape URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.htmlADDREF REDHAT: RHSA-2000:054-01 ADDREF火山口:综援- 2000 - 027.1 Christey > ADDREF FREEBSD: FreeBSD-SA-00:39 ADDREF SUSE: 20000823安全漏洞在Netscape,版本4。x,可能别人http://www.suse.de/de/support/security/suse_security_announce_60.txtADDREF BUGTRAQ: 20000810 MDKSA-2000:033网景Java脆弱性网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.htmlChristey > ADDREF BUGTRAQ: 20000805危险的Java / Netscape安全漏洞URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0677网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0677最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000823类别:科幻参考:国际空间站:20000907在IBM净缓冲区溢出。db2www CGI程序的数据。参考网址:http://xforce.iss.net/alerts/advise60.php参考:XF: ibm-netdata-db2www-bo参考:网址:http://xforce.iss.net/static/4976.php在IBM净缓冲区溢出。数据db2www CGI程序允许远程攻击者执行任意命令通过一个长PATH_INFO环境变量。修改:ADDREF XF: ibm-netdata-db2www-bo推断行动:- 2000 - 0677能接受(4接受,1 ack, 0评论)目前投票:接受(3)Bollinger,布莱克,科尔弗伦奇等待修改(1)(3)阿姆斯特朗,墙,Ozancin选民的评论:弗雷希> XF: ibm-netdata-db2www-bo(4976)改变ISS URLhttp://xforce.iss.net/alerts/advise60.php= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0678网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0678最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000825类别:科幻参考:CERT: ca - 2000 - 18参考:网址:http://www.cert.org/advisories/ca - 2000 - 18. - html参考:报价:1606参考:网址:http://www.securityfocus.com/bid/1606PGP 5.5。x通过6.5.3不正确检查是否一个额外的解密密钥(理应)是存储在公共证书的签名部分,它允许攻击者可以修改一个受害者的公共证书解密加密的任何数据和修改后的证书。推断行动:- 2000 - 0678能接受(3接受,1 ack, 0评论)目前投票:接受(3)征税,墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0681网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0681最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000815 BEA Weblogic server代理库漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html参考:报价:1570参考:网址:http://www.securityfocus.com/bid/1570参考:XF: weblogic-plugin-bo缓冲区溢出在BEA WebLogic server代理插件允许远程攻击者执行任意命令通过一个长URL以. jsp扩展名。修改:ADDREF XF: weblogic-plugin-bo推断行动:- 2000 - 0681能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: weblogic-plugin-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0682网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0682最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000728 BEA WebLogic力量处理程序显示代码漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html参考:确认:http://developer.bea.com/alerts/security_000731.html参考:报价:1518参考:网址:http://www.securityfocus.com/bid/1518参考:XF: weblogic-fileservlet-show-code BEA WebLogic 5.1。x允许远程攻击者读取源代码解析/ ConsoleHelp /插入页面的URL,它调用FileServlet。修改:ADDREF XF: weblogic-fileservlet-show-code推断行动:- 2000 - 0682能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: weblogic-fileservlet-show-code = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0683网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0683最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000728 BEA WebLogic力量处理程序显示代码漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html参考:确认:http://developer.bea.com/alerts/security_000728.html参考:报价:1517参考:网址:http://www.securityfocus.com/bid/1517BEA WebLogic 5.1。x允许远程攻击者读取源代码解析页面插入/ *。shtml / URL,调用SSIServlet。推断行动:- 2000 - 0683 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)征税,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0684网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0684最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000731 BEA WebLogic * / * . jsp。jhtml远程命令执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html参考:确认:http://developer.bea.com/alerts/security_000731.html参考:报价:1525参考:网址:http://www.securityfocus.com/bid/1525参考:XF: html-malicious-tags BEA WebLogic 5.1。x不适当限制访问JSPServlet,这可能允许远程攻击者编译和执行Java JSP代码在任何源文件通过直接调用servlet。修改:ADDREF XF: html-malicious-tags推断行动:- 2000 - 0684能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: html-malicious-tags = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0685网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0685最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000731 BEA WebLogic * / * . jsp。jhtml远程命令执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html参考:确认:http://developer.bea.com/alerts/security_000731.html参考:报价:1525参考:网址:http://www.securityfocus.com/bid/1525参考:XF: html-malicious-tags BEA WebLogic 5.1。x不适当限制访问PageCompileServlet,这可能允许远程攻击者编译和执行Java JHTML代码通过直接调用servlet的任何源文件。修改:ADDREF XF: html-malicious-tags推断行动:- 2000 - 0685能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: html-malicious-tags = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0700网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0700最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:思科:20000803可能绕过访问控制和拒绝服务的千兆交换机路由器使用千兆以太网和快速以太网卡参考:网址:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml参考:报价:1541参考:网址:http://www.securityfocus.com/bid/1541思科的千兆交换机路由器(GSR)和快速以太网/千兆以太网卡,从IOS版本11.2 (15)GS1A 11.2 (19) GS0.2和一些版本12.0,不妥善处理线卡失败,它允许远程攻击者绕过acl或强迫停止转发数据包的接口。修改:DESC扩展版本信息推断行动:- 2000 - 0700能接受(3接受,1 ack, 0评论)目前投票:接受(2)科尔,利维修改(1)Balinsky等待(1)墙选民的评论:Balinsky >修改描述说“从11.2 (15)GS1A 11.2 (19) GS0.2和一些版本的12.0”= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0703网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0703最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000805 sperl 5.00503(和更新;)利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html参考:SUSE: 20000810安全漏洞在perl,所有版本参考:网址:http://www.suse.de/de/support/security/suse_security_announce_59.txt参考:火山口:综援- 2000 - 026.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 026.0.txt参考:DEBIAN: 20000808 mailx:当地利用参考:网址:http://www.debian.org/security/2000/20000810参考:REDHAT: RHSA-2000:048-03参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 048 - 03. - html参考:涡轮:TLSA2000018-1参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html参考:BUGTRAQ: 20000814 Trustix安全顾问——perl和mailx参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html参考:BUGTRAQ: 20000808 MDKSA-2000:031 perl更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html参考:BUGTRAQ: 20000810 Conectiva Linux安全announcemente——PERL参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html参考:报价:1547参考:网址:http://www.securityfocus.com/bid/1547参考:XF: perl-shell-escape suidperl(又名sperl)不正确清洁转义序列“~ !”在调用/bin/mail之前发送错误报告,它允许本地用户获得特权通过设置“互动”环境变量和调用suidperl文件名包含转义序列。修改:ADDREF XF: perl-shell-escape推断行动:- 2000 - 0703能接受(3,4 ack, 0评论)目前投票:接受(2)科尔,莱维弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: perl-shell-escape = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0705网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0705最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (Hackerslab bug_paper] ntop web模式vulnerabliity参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html参考:REDHAT: RHSA-2000:049-02参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0065.html参考:报价:1550参考:网址:http://www.securityfocus.com/bid/1550参考:XF: ntop-remote-file-access ntop运行在web模式允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: ntop-remote-file-access推断行动:- 2000 - 0705能接受(3接受,1 ack, 0评论)目前投票:接受(2)科尔,莱维弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: ntop-remote-file-access = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0706网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0706最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:FREEBSD: FreeBSD-SA-00:36参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc参考:DEBIAN: 20000830 ntop:仍然使用缓冲区溢出远程利用参考:网址:http://www.debian.org/security/2000/20000830参考:报价:1576参考:网址:http://www.securityfocus.com/bid/1576参考:XF: ntop-bo缓冲区溢出ntop运行在web模式允许远程攻击者执行任意命令。修改:ADDREF XF: ntop-bo推断行动:- 2000 - 0706能接受(3接受,2 ack, 0评论)目前投票:接受(2)科尔,莱维弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: ntop-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0707网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0707最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000804 pcc MySQL数据库管理工具v1.2.3 -咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html参考:确认:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324参考:报价:1557参考:网址:http://www.securityfocus.com/bid/1557参考:XF: pccs-mysql-admin-tool pcc MySQLDatabase管理工具经理1.2.4 dbconnect早些时候,安装文件。公司内的web根,它允许远程攻击者获得管理密码等敏感信息。修改:ADDREF XF: pccs-mysql-admin-tool推断行动:- 2000 - 0707能接受(3接受,1 ack, 0评论)目前投票:接受(2)科尔,莱维弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: pccs-mysql-admin-tool = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0708网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0708最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000921分配:20000919类别:科幻参考:NTBUGTRAQ: 20000824远程DoS攻击在编译指示TelnetServer 2000(远程执行守护进程)脆弱性参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247参考:确认:http://www.pragmasys.com/TelnetServer/参考:报价:1605参考:网址:http://www.securityfocus.com/bid/1605参考:XF: telnetserver-rpc-bo编译指示系统中的缓冲区溢出TelnetServer 2000 4.0版允许远程攻击者造成拒绝服务通过一系列的空字符rexec端口。修改:ADDREF XF: telnetserver-rpc-bo ADDREF确认:http://www.pragmasys.com/TelnetServer/推断行动:- 2000 - 0708能接受(3接受,1 ack, 0评论)目前投票:接受(2)科尔,莱维弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: telnetserver-rpc-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0711网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0711最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000816 JDK 1.1。x监听套接字脆弱性(Re: BrownOrifice可以突破防火墙!)参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp参考:BUGTRAQ: 20000805危险的Java / Netscape安全漏洞参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com参考:CERT: ca - 2000 - 15参考:网址:http://www.cert.org/advisories/ca - 2000 - 15. - html参考:报价:1545参考:网址:http://www.securityfocus.com/bid/1545网景沟通者没有妥善防止考察对象由不可信实体,它允许远程攻击者创建一个服务器在受害者的系统通过恶意applet,布朗所展示的孔。推断行动:- 2000 - 0711能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0712网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0712最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:MISC:http://www.egroups.com/message/lids/1038参考:BUGTRAQ: 2000803盖子严重错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html参考:确认:http://www.lids.org/changelog.html参考:报价:1549参考:网址:http://www.securityfocus.com/bid/1549Linux入侵检测系统(盖子)0.9.7允许本地用户获得根权限时盖子通过安全= 0启动选项是禁用的。推断行动:- 2000 - 0712 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0718网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0718最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000812 MDKSA-2000:034 MandrakeUpdate更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html参考:报价:1567参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=1567竞态条件MandrakeUpdate允许本地用户修改RPM文件时在/ tmp目录中安装。推断行动:- 2000 - 0718 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0725网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0725最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:确认:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert参考:REDHAT: RHSA-2000:052-02参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0131.html参考:DEBIAN: 20000821 zope:未经授权的升级特权(更新)参考:网址:http://www.debian.org/security/2000/20000821参考:BUGTRAQ: 20000821 Conectiva Linux安全公告——Zope参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html参考:BUGTRAQ: 20000816 MDKSA-2000:035 Zope更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html参考:报价:1577参考:网址:http://www.securityfocus.com/bid/1577Zope 2.2.1之前不适当的限制将getRoles方法,它允许用户可以编辑DTML添加或修改角色通过修改角色列表包含在请求。推断行动:- 2000 - 0725 ACCEPT_ACK (2, 3 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0727网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0727最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000829 MDKSA-2000:041 xpdf——更新参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2参考:BUGTRAQ: 20000913 Conectiva Linux安全公告,xpdf参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2xpdf参考:DEBIAN: 20000910:当地利用参考:网址:http://www.debian.org/security/2000/20000910a参考:REDHAT: RHSA-2000:060-03参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 060 - 03. - html参考:火山口:综援- 2000 - 031.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 031.0.txt参考:报价:1624参考:网址:http://www.securityfocus.com/bid/1624xpdf PDF查看器端早于0.91不正常启动一个web浏览器为嵌入式URL,它允许攻击者执行任意命令通过一个URL包含shell元字符。推断行动:- 2000 - 0727 ACCEPT_ACK (2, 3 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0728网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0728最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000829 MDKSA-2000:041 xpdf——更新参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2参考:BUGTRAQ: 20000913 Conectiva Linux安全公告,xpdf参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2xpdf参考:DEBIAN: 20000910:当地利用参考:网址:http://www.debian.org/security/2000/20000910a参考:REDHAT: RHSA-2000:060-03参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 060 - 03. - html参考:火山口:综援- 2000 - 031.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 031.0.txt参考:报价:1624参考:网址:http://www.securityfocus.com/bid/1624xpdf PDF查看器端早于0.91允许本地用户覆盖任意文件通过一个符号链接攻击。推断行动:- 2000 - 0728 ACCEPT_ACK (2, 3 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0730网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0730最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:惠普:hpsbux0008 - 118参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html参考:报价:1580参考:网址:http://www.securityfocus.com/bid/1580脆弱性newgrp命令在hp - ux 11.0允许本地用户获得特权。推断行动:- 2000 - 0730 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0733网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0733最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000814 (LSD) IRIX telnetd远程漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html参考:SGI: 20000801 - 02 - p参考:网址:ftp://sgigate.sgi.com/security/20000801-02-P参考:报价:1572参考:网址:http://www.securityfocus.com/bid/1572Telnetd telnet服务器IRIX 5.2到6.1不正确清洁user-injected格式字符串,它允许远程攻击者执行任意命令通过一个长行变量IAC-SB-TELOPT_ENVIRON请求。推断行动:- 2000 - 0733 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0737网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0737最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 053参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 053. - asp参考:报价:1535参考:网址:http://www.securityfocus.com/bid/1535服务控制管理器(SCM)在Windows 2000创建可预测的命名管道,它允许本地用户控制台访问获得管理员权限,又名“服务控制管理器命名管道模拟”的弱点。推断行动:- 2000 - 0737能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0743网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0743最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000810远程漏洞Gopherd 2。x参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html参考:报价:1569参考:网址:http://www.securityfocus.com/bid/1569缓冲区溢出在明尼苏达大学(学院)gopherd 2。x允许远程攻击者执行任意命令通过一个DES密钥生成请求(GDESkey)包含一个长票价值。推断行动:- 2000 - 0743 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0744网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0744最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000810远程漏洞Gopherd 2。x参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html参考:报价:1569参考:网址:http://www.securityfocus.com/bid/1569缓冲区溢出在明尼苏达大学(学院)gopherd 2。x允许远程攻击者执行任意命令通过一个DES密钥生成请求(GDESkey)包含一个长票价值。推断行动:- 2000 - 0744 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0745网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0745最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000821 Vuln。在所有网站使用PHP-Nuke版本小于3参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html参考:报价:1592参考:网址:http://www.securityfocus.com/bid/1592管理。php3 PHP-Nuke不正确验证PHP-Nuke管理员密码,远程攻击者可以通过请求URL获得特权,不指定援助或pwd参数。推断行动:- 2000 - 0745 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0750网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0750最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html参考:FREEBSD: FreeBSD-SA-00:40参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html参考:OPENBSD: 20000705 Mopd包含缓冲区溢出。参考网址:http://www.openbsd.org/errata.html mopd参考:REDHAT: rhsa - 2000 - 050 - 01参考:网址:http://www.redhat.com/support/errata/powertools/rhsa - 2000 - 050 - 01. - html参考:MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h参考:报价:1558参考:网址:http://www.securityfocus.com/bid/1558在mopd缓冲区溢出(维护操作协议装载机守护进程)允许远程攻击者执行任意命令通过一个长文件名。推断行动:- 2000 - 0750 ACCEPT_ACK (2, 3 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0751网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0751最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html参考:FREEBSD: FreeBSD-SA-00:40参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html参考:OPENBSD: 20000705 Mopd包含缓冲区溢出。参考网址:http://www.openbsd.org/errata.html mopd参考:REDHAT: rhsa - 2000 - 050 - 01参考:网址:http://www.redhat.com/support/errata/powertools/rhsa - 2000 - 050 - 01. - html参考:MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h参考:报价:1559参考:网址:http://www.securityfocus.com/bid/1559mopd(维护操作协议加载器守护程序)不正确清洁user-injected格式字符串,它允许远程攻击者执行任意命令。推断行动:- 2000 - 0751 ACCEPT_ACK (2, 3 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0754网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0754最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:惠普:hpsbux0008 - 119参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html参考:报价:1581参考:网址:http://www.securityfocus.com/bid/1581脆弱性在惠普OpenView网络节点管理器(NMM) 6.1版本相关的密码。推断行动:- 2000 - 0754 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0758网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0758最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000811 Lyris列表管理器管理洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html参考:确认:http://www.lyris.com/lm/lm_updates.html参考:报价:1584参考:网址:http://www.securityfocus.com/bid/1584Lyris列表管理器3和4的web界面允许用户列表获取管理权限通过修改list_admin隐藏表单字段的值。推断行动:- 2000 - 0758 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0761网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0761最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000815 OS / 2经4.5 FTP服务器DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0166.html参考:确认:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README参考:报价:1582参考:网址:http://www.securityfocus.com/bid/1582OS2 /经4.5 FTP服务器允许远程攻击者造成拒绝服务通过用户名。推断行动:- 2000 - 0761 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0763网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0763最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000816 xlock脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net参考:DEBIAN: 20000816 xlockmore:可能的影子文件妥协引用:网址:http://www.debian.org/security/2000/20000816参考:FREEBSD: FreeBSD-SA-00:44。xlockmore参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html参考:BUGTRAQ: 20000817 Conectiva Linux安全公告——xlockmore参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html参考:BUGTRAQ: 20000823 MDKSA-2000:038——xlockmore更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html参考:报价:1585参考:网址:http://www.securityfocus.com/bid/1585xlockmore和xlockf不正确清洁user-injected格式字符串,它允许本地用户通过- d选项获得根权限。推断行动:- 2000 - 0763 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0765网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0765最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 056参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 056. - asp参考:报价:1561参考:网址:http://www.securityfocus.com/bid/1561缓冲区溢出在HTML解释器在微软Office 2000允许攻击者执行任意命令通过一个长嵌入对象标签,又名“Microsoft Office HTML对象标记”的弱点。推断行动:- 2000 - 0765能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0767网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0767最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 055参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 055. - asp参考:报价:1564参考:网址:http://www.securityfocus.com/bid/1564ActiveX控件的调用的脚本在Internet Explorer 4。x和5。x渲染任意文件类型而不是HTML,这允许攻击者读取任意文件,又名“小脚本呈现”的弱点。推断行动:- 2000 - 0767能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0768网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0768最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 055参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 055. - asp参考:报价:1564参考:网址:http://www.securityfocus.com/bid/1564一个函数在Internet Explorer 4。x和5。x不正确验证的领域框架在一个浏览器窗口,它允许远程攻击者读取客户端文件,又名“帧域验证”的一种变体的弱点。推断行动:- 2000 - 0768能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0770网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0770最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 057参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 057. - asp参考:报价:1565参考:网址:http://www.securityfocus.com/bid/1565IIS 4.0和5.0不适当限制某些类型的文件当父文件夹权限限制较少,这可能允许远程攻击者绕过访问限制一些文件,又名“文件权限规范化”的弱点。推断行动:- 2000 - 0770能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0771网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0771最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 062参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 062. - asp参考:报价:1613参考:网址:http://www.securityfocus.com/bid/1613微软Windows 2000允许本地用户腐蚀导致拒绝服务的本地安全策略通过RPC交通畸形,又名“本地安全策略腐败”的弱点。推断行动:- 2000 - 0771能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0777网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0777最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 061参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 061. - asp参考:报价:1615参考:网址:http://www.securityfocus.com/bid/1615微软钱的密码保护功能可以在明文存储密码,它允许攻击者与物理访问系统获取密码,又名“金钱密码”的弱点。推断行动:- 2000 - 0777能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0778网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0778最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:女士:ms00 - 058参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 058. - asp参考:BUGTRAQ: 20000815翻译:f总结历史和思想参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz参考:NTBUGTRAQ: 20000816翻译:f参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212参考:报价:1578参考:网址:http://www.securityfocus.com/bid/1578IIS 5.0允许远程攻击者获得asp的源代码文件和其他脚本通过HTTP GET请求“翻译:f”头,又名“专业头”的弱点。推断行动:- 2000 - 0778能接受(3接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0779网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0779最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:确认:http://www.checkpoint.com/techsupport/alerts/list_vun.html Improper_stderr参考:报价:1534参考:网址:http://www.securityfocus.com/bid/1534检查点防火墙1与RSH / REXEC设置启用允许远程攻击者绕过访问限制和连接到RSH /通过畸形REXEC客户连接请求。推断行动:- 2000 - 0779 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待(2)Christey,墙选民的评论:Christey >看起来这是经检查确认点:http://www.checkpoint.com/techsupport/alerts/list_vun.html Improper_stderr= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0780网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0780最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000830脆弱性报告IPSWITCH IMail参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96767207207553&w=2参考:确认:http://www.ipswitch.com/Support/IMail/万博下载包news.html参考:报价:1617参考:网址:http://www.securityfocus.com/bid/16176.04和更早的web服务器在IPSWITCH IMail允许远程攻击者读取和删除任意文件通过一个. .(点点)攻击。推断行动:- 2000 - 0780 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0782网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0782最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000817 Netauth:基于Web的电子邮件管理系统参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NEBBJCLKGNOGCOIOBJNAGEHLCPAA.marc@eeye.com参考:确认:http://netwinsite.com/netauth/updates.htm参考:报价:1587参考:网址:http://www.securityfocus.com/bid/1587netauth。cgi程序在Netwin Netauth早4.2 e和允许远程攻击者读取任意文件通过一个. .(点点)攻击。推断行动:- 2000 - 0782 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0786网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0786最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000726 userv安全边界工具1.0.1(安全修复)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html参考:DEBIAN: 20000727 userv:当地利用参考:网址:http://www.debian.org/security/2000/20000727参考:确认:http://marc.theaimsgroup.com/?l=bugtraq&m=96473640717095&w=2参考:报价:1516参考:网址:http://www.securityfocus.com/bid/1516GNU userv 1.0.0和早些时候不正确执行文件描述符交换,可以腐败USERV_GROUPS USERV_GIDS环境变量和允许本地用户绕过一些访问限制。推断行动:- 2000 - 0786 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0787网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0787最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000817 XChat URL处理器vulnerabilty参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html参考:报价:1601参考:网址:http://www.securityfocus.com/bid/1601参考:REDHAT: RHSA-2000:055-03参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 055 - 03. - html参考:BUGTRAQ: 20000824 MDKSA-2000:039——xchat更新参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html参考:BUGTRAQ: 20000825 Conectiva Linux安全公告——xchat参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.htmlIRC客户机版本1.4.2 Xchat早些时候,允许远程攻击者执行任意命令shell元字符编码到一个URL Xchat用来启动一个web浏览器。推断行动:- 2000 - 0787 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0792网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0792最终决定:阶段性裁决:20001011修改:建议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000819安全更新Gnome-Lokkit参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0252.html参考:报价:1590参考:网址:http://www.securityfocus.com/bid/1590Gnome Lokkit防火墙包之前0.41不适当限制访问某些港口,即使用户不提供任何服务。推断行动:- 2000 - 0792 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,利维等待(1)墙
- 上一页的日期:(临时)最近接受68候选人最后(10/13)
- 下一个按日期:33[最终]接受遗产的候选人
- Prev线程:(临时)最近接受68候选人最后(10/13)
- 下一个线程:33[最终]接受遗产的候选人
- 指数(es):
