(提案)集群RECENT-39 - 29的候选人

下面的集群包含29候选人宣布8月10日至9月24日,2000年。注意,投票网站将不会更新这个集群,直到周三的某个时候。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0901 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0901最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000906 Screen-3.7.6当地妥协参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html参考:BUGTRAQ: 20000905屏幕3.9.5根脆弱参考:网址:http://www.securityfocus.com/archive/1/80178参考:DEBIAN: 20000902屏幕:当地利用参考:网址:http://www.debian.org/security/2000/20000902a参考:曼德拉草:MDKSA-2000:044参考:网址:http://www.linux mandrake.com/en/updates/mdksa - 2000 - 044. - php3参考:SUSE: 20000906屏幕格式字符串解析参考安全问题:网址:http://www.suse.com/de/support/security/adv6_draht_screen_txt.txt参考:REDHAT: RHSA-2000:058-03参考:网址:http://www.redhat.com参考:FREEBSD: FreeBSD-SA-00:46参考:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc参考:报价:1641参考:网址:http://www.securityfocus.com/bid/1641参考:XF: screen-format-string参考:网址:http://xforce.iss.net/static/5188.php早些时候在屏幕3.9.5和格式字符串漏洞允许本地用户获得根权限通过格式字符vbell_msg初始化变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0901 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0909网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0909最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000922(无标题)参考:网址:http://www.securityfocus.com/archive/1/84901参考:BUGTRAQ: 20001031弗兰克-威廉姆斯:松木4.30现在可用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html参考:FREEBSD: FreeBSD-SA-00:59参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc参考:REDHAT: rhsa - 2000 - 102 - 04参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 102. - html参考:报价:1709参考:网址:http://www.securityfocus.com/bid/1709参考:XF: pine-check-mail-bo参考:网址:http://xforce.iss.net/static/5283.php缓冲区溢出的自动邮件检查组件松4.21和更早的允许远程攻击者执行任意命令通过一个长:头。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0909 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0910网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0910最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000908部落图书馆错误不从地址参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html参考:DEBIAN: 20000910小鬼:远程妥协参考:网址:http://www.debian.org/security/2000/20000910参考:确认:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch参考:报价:1674参考:网址:http://www.securityfocus.com/bid/1674参考:XF: horde-imp-sendmail-command参考:网址:http://xforce.iss.net/static/5278.php部落图书馆1.02允许攻击者通过执行任意命令shell元字符的“从”地址。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0910 1供应商确认:是的补丁投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0934网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0934最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:REDHAT: RHSA-2000:062-03参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0250.html参考:报价:1703参考:网址:http://www.securityfocus.com/bid/1703参考:XF: glint-symlink参考:网址:http://xforce.iss.net/static/5271.php在Red Hat Linux 5.2闪耀允许本地用户覆盖任意文件并通过符号链接导致拒绝服务攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0934 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1022网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1022最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000919思科PIX防火墙(smtp内容过滤攻击)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html参考:BUGTRAQ: 20000920 Re:思科PIX防火墙(smtp内容过滤攻击)版本4.2(1)不是可利用的参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html参考:思科:20001005思科安全PIX防火墙Mailguard脆弱性参考:网址:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml参考:报价:1698参考:网址:http://www.securityfocus.com/bid/1698参考:XF: cisco-pix-smtp-filtering参考:网址:http://xforce.iss.net/static/5277.phpmailguard特性在思科安全PIX防火墙5.2(2)早些时候不适当限制SMTP命令,远程攻击者可以通过发送一个数据命令执行限制命令之前发送限制命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1022 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1031网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1031最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000810 Re:可能的漏洞HPUX(增加漏洞列表)参考:网址:http://www.securityfocus.com/archive/1/75188参考:惠普:hpsbux0011 - 128参考:网址:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html参考:报价:1889参考:网址:http://www.securityfocus.com/bid/1889缓冲区溢出在hp - ux 11.0 dtterm允许本地用户获得特权通过长tn的选择。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1031 1供应商确认:是的咨询参考:惠普:hpsbux0011 - 128并没有提供足够的细节来确定这地址在8月10日Bugtraq邮报描述的脆弱性。抽象:dtterm缓冲区溢出发生cve - 1999 - 0112中描述通过不同的选择,这可能不是一样的溢出。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1054网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1054最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:思科:20000921多个漏洞CiscoSecure ACS的Windows NT服务器参考:网址:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml参考:报价:1705参考:网址:http://www.securityfocus.com/bid/1705参考:XF: ciscosecure-csadmin-bo参考:网址:http://xforce.iss.net/static/5272.php缓冲区溢出在CSAdmin模块CiscoSecure ACS Server 2.4(2)早些时候,允许远程攻击者可能导致拒绝服务和执行任意命令通过一个大的数据包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1054 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1055网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1055最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:思科:20000921多个漏洞CiscoSecure ACS的Windows NT服务器参考:网址:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml参考:报价:1706参考:网址:http://www.securityfocus.com/bid/1706参考:XF: ciscosecure-tacacs-dos参考:网址:http://xforce.iss.net/static/5273.php缓冲区溢出在CiscoSecure ACS Server 2.4(2)早些时候,允许远程攻击者可能导致拒绝服务和执行任意命令通过一个大型TACACS +包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1055 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1056网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1056最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:思科:20000921多个漏洞CiscoSecure ACS的Windows NT服务器参考:网址:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml参考:报价:1708参考:网址:http://www.securityfocus.com/bid/1708参考:XF: ciscosecure-ldap-bypass-authentication参考:网址:http://xforce.iss.net/static/5274.phpCiscoSecure ACS服务器2.4(2)早些时候,允许远程攻击者绕过LDAP身份验证服务器上如果LDAP服务器允许空密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1056 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1057网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1057最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:未知参考:惠普:hpsbux0009 - 120参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html参考:报价:1682参考:网址:http://www.securityfocus.com/bid/1682参考:XF: hp-openview-nnm-scripts参考:网址:http://xforce.iss.net/static/5229.php漏洞数据库配置脚本在惠普OpenView网络节点管理器(NNM) 6.1和更早的允许本地用户获得特权,可能通过不安全的权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1057 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0908网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0908最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000921 DST2K0031: DoS在BrowseGate(家)v2.80 (H)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96956211605302&w=2参考:WIN2KSEC: 20000921 DST2K0031: DoS BrowseGate(家)v2.80 (H)参考:网址:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html参考:确认:http://www.netcplus.com/browsegate.htm BGLatest参考:XF: browsegate-http-dos参考:网址:http://xforce.iss.net/static/5270.php参考:报价:1702参考:网址:http://www.securityfocus.com/bid/1702BrowseGate 2.80允许远程攻击者可能导致拒绝服务和执行任意命令通过长期授权或推荐人MIME HTTP请求头。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0908 2供应商确认:是的changelog承认:这是承认在更改日志“v2.80.1后来”一节。供应商声明:“请求缓冲问题已经解决。”However, Delphis is not directly credited, so the vendor may have fixed a different buffer problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0911 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0911最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000912 (SRADV00003)任意文件披露通过IMP参考:网址:http://www.securityfocus.com/archive/1/82088参考:报价:1679参考:网址:http://www.securityfocus.com/bid/1679参考:XF: imp-attach-file参考:网址:http://xforce.iss.net/static/5227.php2.2和更早的小鬼允许攻击者读取和删除任意文件通过修改attachment_name隐藏表单变量,导致小孩向攻击者发送文件作为附件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0911 2供应商确认:是的补丁投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0912网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0912最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000913 MultiHTML脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html参考:XF: http-cgi-multihtml参考:网址:http://xforce.iss.net/static/5285.phpMultiHTML CGI脚本可能允许远程攻击者读取任意文件和执行任意命令通过指定文件名“多”参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0912 2供应商确认:是的、最初的报告说,一个叫打开(文件,“多美元”)使用。如果$多变量不洁净的shell元字符,然后,攻击者可能会执行命令。我没有源代码分析软件。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1016网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1016最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:CF参考:BUGTRAQ: 20000921 httpd。会议在Suse 6.4参考:网址:http://www.securityfocus.com/archive/1/84360参考:报价:1707参考:网址:http://www.securityfocus.com/bid/1707参考:XF: suse-installed-packages-exposed参考:网址:http://xforce.iss.net/static/5276.php的默认配置Apache (httpd . conf) SuSE 6.4 /usr/doc目录包含一个别名,它允许远程攻击者读取包文档和获得系统配置信息通过一个HTTP请求的URL / doc /包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1016 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1038网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1038最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:AIXAPAR: SA90544参考:确认:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument参考:XF: as400-firewall-dos参考:网址:http://xforce.iss.net/static/5266.phpIBM AS / 400的web管理界面防火墙允许远程攻击者造成拒绝服务通过一个空的GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1038 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1079网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1079最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:奈:20000829 Windows NetBIOS主动缓存腐败参考:网址:http://www.pgp.com/research/covert/advisories/045.asp参考:NTBUGTRAQ: 20000829 Re:[秘密- 2000 - 10]视窗NetBIOS主动缓存腐败参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0116.html参考:报价:1620参考:网址:http://www.securityfocus.com/bid/1620参考:XF: win-netbios-corrupt-cache参考:网址:http://xforce.iss.net/static/5168.php之间的相互作用中实现的浏览器CIFS协议和NetBIOS Microsoft Windows 95, 98元,2000允许远程攻击者通过欺骗浏览修改动态NetBIOS名称缓存条目的请求帧单播或UDP广播数据报。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1079 2供应商确认:未知的有争议的描述:在一个帖子,拉斯•库珀说,脆弱性本身不是一个实现缺陷,但在NetBIOS / CIFS设计缺陷。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0902网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0902最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000907 Re: PhotoAlbum 0.9.9探险家。php脆弱性参考:网址:http://www.securityfocus.com/archive/1/80858参考:XF: phpphotoalbum-getalbum-directory-traversal参考:网址:http://xforce.iss.net/static/5209.phpgetalbum。php在PhotoAlbum 0.9.9允许远程攻击者读取任意文件通过一个. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0902 3供应商确认:内容决定:SF-EXEC - 2000 - 0872是一场势均力敌的比赛。这一次,getalbum。php在早期版本。CD: SF-EXEC可能建议分裂,但该计划只是重命名?投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0903网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0903最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000901多个QNX旅行者问题参考:网址:http://www.securityfocus.com/archive/1/79956参考:报价:1648参考:网址:http://www.securityfocus.com/bid/1648目录遍历漏洞在“航行者”号web server 2.01 b在QNX的演示光盘405允许远程攻击者读取任意文件通过一个. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0903 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0904网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0904最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000901多个QNX旅行者问题参考:网址:http://www.securityfocus.com/archive/1/79956参考:报价:1648参考:网址:http://www.securityfocus.com/bid/1648旅行者web服务器2.01 b演示磁盘的QNX 405家门店.photon敏感的web客户端信息的web文档根目录,它允许远程攻击者获取信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0904 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0905网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0905最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000901多个QNX旅行者问题参考:网址:http://www.securityfocus.com/archive/1/79956参考:报价:1648参考:网址:http://www.securityfocus.com/bid/1648QNX嵌入式web服务器资源管理器在“航行者”号2.01 b在演示中磁盘QNX 405允许远程攻击者读取敏感系统通过嵌入的统计信息。html web页面。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0905 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0918网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0918最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:报价:1700参考:网址:http://www.securityfocus.com/bid/1700参考:BUGTRAQ: 20000919 kvt格式错误引用:网址:http://www.securityfocus.com/archive/1/83914格式字符串漏洞在KDE kvt 1.1.2可能允许本地用户执行任意命令通过一个显示环境变量包含格式化字符。包含:它没有证明这只虫子是可利用的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0918 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1020网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1020最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000917警员- 2000012:Mdaemon Web服务堆溢出DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96925269716274&w=2参考:报价:1689参考:网址:http://www.securityfocus.com/bid/1689参考:XF: mdaemon-url-dos参考:网址:http://xforce.iss.net/static/5250.php堆溢出在Worldclient Mdaemon 3.1.1早些时候,允许远程攻击者可能导致拒绝服务和通过一个长URL执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1020 3供应商确认:未知声称内容决定:SF-EXEC这似乎是一个可以复制——1999 - 0844年乍看之下,但警员说咨询的情况并非如此。CD: SF-EXEC也表明,单独的条目可能需要创建WorldClient WebConfig。由于董事会成员投票重塑可以- 1999 - 0844(结合WorldClient和WebConfig),这也表明,单独的项目应记录WorldClient和WebConfig。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1021网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1021最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000917警员- 2000012:Mdaemon Web服务堆溢出DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96925269716274&w=2参考:报价:1689参考:网址:http://www.securityfocus.com/bid/1689参考:XF: mdaemon-url-dos参考:网址:http://xforce.iss.net/static/5250.php堆溢出在WebConfig Mdaemon 3.1.1早些时候,允许远程攻击者可能导致拒绝服务和通过一个长URL执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1021 3供应商确认:未知声称内容决定:SF-EXEC这似乎是一个可以复制——1999 - 0844年乍看之下,但警员说咨询的情况并非如此。CD: SF-EXEC也表明,单独的条目可能需要创建WorldClient WebConfig。由于董事会成员投票重塑可以- 1999 - 0844(结合WorldClient和WebConfig),这也表明,单独的项目应记录WorldClient和WebConfig。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1023网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1023最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000924重大漏洞Alabanza控制面板参考:网址:http://www.securityfocus.com/archive/1/84766参考:报价:1710参考:网址:http://www.securityfocus.com/bid/1710参考:XF: alabanza-unauthorized-access参考:网址:http://xforce.iss.net/static/5284.phpAlabanza控制面板不需要密码访问行政命令,它允许远程攻击者通过nsManager修改域名信息。cgi cgi程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1023 3供应商确认:内容决定:EX-ONLINE-SVC包含:目前还不清楚如果Alabanza是一个在线服务/ ASP的服务器集中,尽管一个页面http://www.alabanza.com说:“东西是自动管理和在线没有政府要求你或者你的员工。”If a single fix at Alabanza could solve the problem without client intervention, then CD:EX-ONLINE-SVC suggests that this item should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1035 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1035最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000912 TYPSoft FTP服务器远程DoS问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96879389027478&w=2参考:MISC:http://www.synnergy.net/Archives/Advisories/dethy/typsoft-ftpd.txt参考:报价:1690参考:网址:http://www.securityfocus.com/bid/1690早些时候在TYPSoft FTP Server 0.78和缓冲区溢位允许远程攻击者可能导致拒绝服务和执行任意命令通过一个长期用户,通过,或慢性消耗病命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1035 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1036网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1036最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:苏格兰皇家银行目录横向BUGTRAQ: 20000920程度。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html参考:报价:1704参考:网址:http://www.securityfocus.com/bid/1704参考:XF: rbs-isp-directory-traversal参考:网址:http://xforce.iss.net/static/5275.php目录遍历脆弱性程度RBS ISP web服务器允许远程攻击者读取敏感信息通过. .(点点)攻击图像参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1036 3供应商确认:未知声称投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1037网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1037最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000815防火墙1会话剂3.0 - > 4.1,dictionnary和蛮力攻击参考:网址:http://www.securityfocus.com/archive/1/76389参考:报价:1662参考:网址:http://www.securityfocus.com/bid/1662检查防火墙1会话在3.0到4.1之间生成不同的错误消息代理无效的用户名和密码无效,它允许远程攻击者,以确定有效的用户名和密码猜通过蛮力攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1037 3供应商确认:未知的模糊的咨询包括:这是可能的,这是一个重复的可以- 2000 - 0808。然而,可以检查咨询——2000 - 0808年7月被释放,它似乎错S /关键的种子产生机制。这个项目在8月中旬宣布,似乎没有相关S /关键。与FW1专家咨询或供应商将有助于解决这个问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1046网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1046最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20000911咨询代码:治安维持会成员- 2000011 Lotus Domino ESMTP服务缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html缓冲区溢出早些时候在Lotus Domino 5.0.2c和ESMTP服务允许远程攻击者可能导致拒绝服务和执行任意命令通过一个长“收件人”,“SAML,”或“SOML”命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1046 3供应商确认:未知声称CD: SF-LOC表明这个项目可能需要分裂,因为可能有多个错误在一个单一的项目。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1047网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1047最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001103[安全]缓冲区溢出在Lotus Domino SMTP服务器参考:网址:http://www.securityfocus.com/archive/1/143071参考:报价:1905参考:网址:http://www.securityfocus.com/bid/1905缓冲区溢出早些时候在Lotus Domino 5.0.4和SMTP服务允许远程攻击者可能导致拒绝服务和执行任意命令通过一个长ENVID关键字在“邮件”命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1047 3供应商确认:未知声称投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: