(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-37 - 27的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-37 - 27的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年结婚,2000年10月18日15:59:25(美国东部时间)
- 交货日期:2000年10月18日16:07:51结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含27个候选人在9月1日至9月8日宣布,2000年。注意,投票网站将不会更新这个集群,直到今晚晚些时候。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0847 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0847最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000901 UW c-client库漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html参考:BUGTRAQ: 20000901更多关于华盛顿大学c-client库参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html参考:FREEBSD: FreeBSD-SA-00:47。松参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html参考:报价:1646参考:网址:http://www.securityfocus.com/bid/1646参考:报价:1687参考:网址:http://www.securityfocus.com/bid/1687缓冲区溢位在华盛顿大学c-client图书馆(松树和其他程序使用的)允许远程攻击者执行任意命令通过一个长X-Keywords头。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0847 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0849网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0849最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:女士:ms00 - 064参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 064. - asp参考:报价:1655参考:网址:http://www.securityfocus.com/bid/1655竞争条件在微软Windows媒体服务器允许远程攻击者在Windows媒体引起拒绝服务单播服务通过一个畸形的请求,又名“单播服务竞争条件”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0849 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0851网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0851最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:ATSTAKE: A090700-1参考:网址:http://www.atstake.com/research/advisories/2000/a090700 - 1. - txt参考:女士:ms00 - 065参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 065. - asp参考:报价:1651参考:网址:http://www.securityfocus.com/bid/1651参考:XF: w2k-still-image-service参考:网址:http://xforce.iss.net/static/5203.php缓冲区溢出静态图像服务在Windows 2000允许本地用户获得更多特权通过长WM_USER消息,又名“静态图像服务特权升级”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0851 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0858网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0858最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000906警员- 2000009:“无效的URL”DoS参考:网址:http://www.securityfocus.com/archive/1/80413参考:女士:ms00 - 063参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html参考:报价:1642参考:网址:http://www.securityfocus.com/bid/1642参考:XF: iis-invald-url-dos参考:网址:http://xforce.iss.net/static/5202.php脆弱性在Microsoft Windows NT 4.0允许远程攻击者在IIS引起拒绝服务发送一系列的畸形导致INETINFO请求。EXE失败,又名“无效的URL”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0858 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0861网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0861最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000907邮差1.1 +外部存储服务器漏洞引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html参考:FREEBSD: FreeBSD-SA-00:51参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html参考:报价:1667参考:网址:http://www.securityfocus.com/bid/1667邮差1.1允许管理员执行任意命令列表通过shell元字符% (listname)宏扩展。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0861 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0868网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0868最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:参考:ATSTAKE: A090700-2参考:网址:http://www.atstake.com/research/advisories/2000/a090700 - 2. - txt参考:SUSE: 20000907参考:网址:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html参考:报价:1658参考:网址:http://www.securityfocus.com/bid/1658参考:XF: suse-apache-cgi-source-code参考:网址:http://xforce.iss.net/static/5197.php的默认配置Apache 1.3.12在SuSE Linux 6.4允许远程攻击者读取源代码替换/目录/ CGI脚本的请求的URL / cgi-bin-sdb /。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0868 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0869网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0869最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:参考:ATSTAKE: A090700-3参考:网址:http://www.atstake.com/research/advisories/2000/a090700 - 3. - txt参考:SUSE: 20000907参考:网址:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html参考:报价:1656参考:网址:http://www.securityfocus.com/bid/1656参考:XF: apache-webdav-directory-listings参考:网址:http://xforce.iss.net/static/5204.php的默认配置Apache 1.3.12 SuSE Linux 6.4中支持WebDAV,它允许远程攻击者通过PROPFIND列表任意diretories HTTP请求方法。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0869 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0844网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0844最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000904 UNIX地区格式字符串漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html参考:报价:1634参考:网址:http://www.securityfocus.com/bid/1634一些函数,实现区域子系统在Unix不正确清洁user-injected格式字符串,它允许本地攻击者执行任意命令通过函数gettext和catopen等。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0844 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0860网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0860最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:参考:BUGTRAQ: 20000903 (SRADV00001)任意文件披露通过PHP文件上传参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html参考:BUGTRAQ: 20000904 Re: [PHP-DEV] Re: (SRADV00001)任意文件披露通过PHP文件上传参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html参考:确认:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u参考:曼德拉草:MDKSA-2000:048参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html参考:报价:1649参考:网址:http://www.securityfocus.com/bid/1649参考:XF: php-file-upload参考:网址:http://xforce.iss.net/static/5190.phpPHP版本3和4中的文件上传功能允许远程攻击者读取任意文件通过设置隐藏表单字段的名字匹配内部PHP脚本变量的名字。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0860 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0873网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0873最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000903 aix允许清理接口数据引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html参考:报价:1660参考:网址:http://www.securityfocus.com/bid/1660参考:XF: aix-clear-netstat参考:网址:http://xforce.iss.net/static/5214.phpnetstat在AIX 4. x。x不适当限制子选项,它允许本地用户明确网络接口数据和可能隐藏的证据不寻常的网络活动。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0873 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0826网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0826最终决定:阶段性裁决:修改:建议:20001018分配:20001015类别:科幻参考:ATSTAKE: A090800-1参考:网址:http://www.atstake.com/research/advisories/2000/a090800 - 1. - txt参考:报价:1657参考:网址:http://www.securityfocus.com/bid/1657参考:XF: documentdirect-get-bo参考:网址:http://xforce.iss.net/static/5210.php在ddicgi缓冲区溢出。exe程序在莫比乌斯DocumentDirect互联网1.2允许远程攻击者执行任意命令通过一个GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0826 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0827网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0827最终决定:阶段性裁决:修改:建议:20001018分配:20001015类别:科幻参考:ATSTAKE: A090800-1参考:网址:http://www.atstake.com/research/advisories/2000/a090800 - 1. - txt参考:报价:1657参考:网址:http://www.securityfocus.com/bid/1657参考:XF: documentdirect-username-bo参考:网址:http://xforce.iss.net/static/5211.php缓冲区溢出在web授权形式的莫比乌斯DocumentDirect互联网1.2允许远程攻击者造成拒绝服务或执行任意命令通过一个用户名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0827 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0828网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0828最终决定:阶段性裁决:修改:建议:20001018分配:20001015类别:科幻参考:ATSTAKE: A090800-1参考:网址:http://www.atstake.com/research/advisories/2000/a090800 - 1. - txt参考:报价:1657参考:网址:http://www.securityfocus.com/bid/1657参考:XF: documentdirect-user-agent-bo参考:网址:http://xforce.iss.net/static/5212.php在ddicgi缓冲区溢出。exe在莫比乌斯DocumentDirect互联网1.2允许远程攻击者通过很长的用户代理执行任意命令参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0828 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0840网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0840最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000906(新闻)XMail容易受到远程利用缓冲区溢出(APOP、用户)参考:网址:万博下载包http://archives.neohapsis.com/archives/bugtraq/2000-09/0001.html参考:报价:1652参考:网址:http://www.securityfocus.com/bid/1652参考:XF: xmail-long-user-bo参考:网址:http://xforce.iss.net/static/5192.php缓冲区溢出在XMail POP3服务器0.59版允许远程攻击者通过长用户命令执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0840 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0841网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0841最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000906(新闻)XMail容易受到远程利用缓冲区溢出(APOP、用户)参考:网址:万博下载包http://archives.neohapsis.com/archives/bugtraq/2000-09/0001.html参考:报价:1652参考:网址:http://www.securityfocus.com/bid/1652参考:XF: xmail-long-apop-bo参考:网址:http://xforce.iss.net/static/5191.php缓冲区溢出在XMail POP3服务器0.59版允许远程攻击者通过长APOP命令执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0841 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0855网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0855最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000901 [EXPL] SunFTP容易受到两个拒绝服务攻击(长缓冲区,半开的)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html参考:报价:1637参考:网址:http://www.securityfocus.com/bid/1637SunFTP构建9(1)允许远程攻击者造成拒绝服务通过连接到服务器并断开之前发送一个换行符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0855 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0856网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0856最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000901 [EXPL] SunFTP容易受到两个拒绝服务攻击(长缓冲区,半开的)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html参考:报价:1638参考:网址:http://www.securityfocus.com/bid/1638缓冲区溢出SunFTP构建9(1)允许远程攻击者造成拒绝服务或执行任意命令通过一个GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0856 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0859网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0859最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000904警员- 2000008:NTMail配置服务DoS引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0471.html参考:报价:1640参考:网址:http://www.securityfocus.com/bid/1640参考:XF: ntmail-incomplete-http-requests参考:网址:http://xforce.iss.net/static/5182.php网络配置服务器NTMail V5和V6允许远程攻击者通过一系列导致拒绝服务部分的HTTP请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0859 3供应商确认:未知声称投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0866网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0866最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000907段错误数据库6党卫军Linux参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0027.html参考:报价:1654参考:网址:http://www.securityfocus.com/bid/1654参考:XF: interbase-query-dos参考:网址:http://xforce.iss.net/static/5205.php视觉6 SuperServer Linux允许攻击者造成拒绝服务通过一个查询包含0字节。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0866 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0872网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0872最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000906 PhotoAlbum 0.9.9探险家。php脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0015.html参考:报价:1650参考:网址:http://www.securityfocus.com/bid/1650参考:XF: phpphoto-dir-traverse参考:网址:http://xforce.iss.net/static/5198.php探险家。php在PhotoAlbum 0.9.9允许远程攻击者读取任意文件通过一个. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0872 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0874网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0874最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:参考:报价:1653参考:网址:http://www.securityfocus.com/bid/1653参考:BUGTRAQ: 20000907 Eudora披露参考:网址:http://www.securityfocus.com/archive/1/80888参考:XF: eudora-path-disclosure参考:网址:http://xforce.iss.net/static/5206.phpEudora邮件客户端包括绝对路径发送方的主机在虚拟卡(VCF)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0874 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0875网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0875最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:参考:BUGTRAQ: 20000905 WFTPD / WFTPD Pro 2.41 RC12漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html参考:XF: wftpd-long-string-dos参考:网址:http://xforce.iss.net/static/5194.phpWFTPD和WFTPD Pro 2.41 RC12允许远程攻击者造成拒绝服务发送一长串不能打印的字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0875 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0876网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0876最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:参考:BUGTRAQ: 20000905 WFTPD / WFTPD Pro 2.41 RC12漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html参考:XF: wftpd-path-disclosure参考:网址:http://xforce.iss.net/static/5196.phpWFTPD和WFTPD Pro 2.41 RC12允许远程攻击者获得服务器的完整路径名通过“% C”命令,生成一个错误消息,包括路径名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0876 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0879网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0879最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000906多个安全漏洞LPPlus参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html参考:报价:1643参考:网址:http://www.securityfocus.com/bid/1643参考:XF: lpplus-permissions-dos参考:网址:http://xforce.iss.net/static/5199.phpLPPlus项目dccsched、dcclpdser dccbkst、dccshut dcclpdshut,安装和dccbkstshut setuid root和世界可执行文件,它允许任意本地用户启动和停止各种LPD服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0879 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0880网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0880最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000906多个安全漏洞LPPlus参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html参考:报价:1643参考:网址:http://www.securityfocus.com/bid/1643参考:XF: lpplus-process-perms-dos参考:网址:http://xforce.iss.net/static/5200.phpLPPlus创建lpdprocess文件,对外公开权限,这允许本地用户杀死任意进程通过指定一个替代进程ID和使用setuid dcclpdshut计划杀死lpdprocess文件中指定的过程。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0880 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0881网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0881最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000906多个安全漏洞LPPlus参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html参考:报价:1644参考:网址:http://www.securityfocus.com/bid/1644参考:XF: lpplus-dccscan-file-read参考:网址:http://xforce.iss.net/static/5201.php在LPPlus dccscan setuid项目不正确检查用户是否有权限dccscan打印指定的文件,它允许本地用户打印任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0881 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0882网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0882最终决定:阶段性裁决:修改:建议:20001018分配:20001018类别:科幻参考:BUGTRAQ: 20000906警员- 2000010:英特尔表达开关系列500 DoS # 2参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0533.html参考:报价:1647参考:网址:http://www.securityfocus.com/bid/1647英特尔表达500系列交换机允许远程攻击者造成拒绝服务通过一个ICMP数据包畸形,导致CPU崩溃。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0882 3供应商确认:未知声称补丁抽象:这看起来类似于- 2000 - 0764,除了ICMP协议在这里而不是IP。然而,这个标识不同的补丁的大参考比- 2000 - 0764,这是证据,这个错误不是在同一个库。因此,这些应该保持分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群RECENT-36 - 15的候选人
- 下一个按日期:(提案)集群RECENT-38 - 26的候选人
- Prev线程:(提案)集群RECENT-36 - 15的候选人
- 下一个线程:(提案)集群RECENT-38 - 26的候选人
- 指数(es):
