(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-41 - 42的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-41 - 42的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0500年:星期二,2000年11月28日22:26:06(美国东部时间)
- 交货日期:2000年11月28日22:26:10星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含42个候选人宣布10月5日至10月12日,2000年。注意,投票网站将不会更新这个集群,直到周三的某个时候。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0816 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0816最终决定:阶段性裁决:修改:建议:20001129分配:20000929类别:科幻参考:国际空间站:20001006不安全调用外部程序在Red Hat Linux tmpwatch参考:网址:http://xforce.iss.net/alerts/advise64.php参考:REDHAT: RHSA-2000:080-01参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 080 - 01. - html参考:曼德拉草:MDKSA-2000:056参考:网址:http://www.linux mandrake.com/en/security/mdksa - 2000 - 056. - php3?dis=7.1参考:报价:1785参考:网址:http://www.securityfocus.com/bid/1785Linux tmpwatch——熔化炉选项允许本地用户执行任意命令创建文件的名字包含shell元字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0816 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0916网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0916最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:FREEBSD: FreeBSD-SA-00:52参考:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc参考:报价:1766参考:网址:http://www.securityfocus.com/bid/1766FreeBSD以下4.4.1早些时候,可能其他基于bsd的操作系统,使用一个随机数生成器来生成初始TCP序列号不足(是),它允许远程攻击者恶搞TCP连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0916 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0920网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0920最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001006漏洞在web服务器BOA v0.94.8.2参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html参考:FREEBSD: FreeBSD-SA-00:60参考:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc参考:DEBIAN: 20001009美国银行:公开本地文件的内容参考:网址:http://www.debian.org/security/2000/20001009参考:报价:1770参考:网址:http://www.securityfocus.com/bid/1770参考:XF: boa-webserver-get-dir-traversal参考:网址:http://xforce.iss.net/static/5330.php目录遍历早些时候在web服务器BOA 0.94.8.2和漏洞允许远程攻击者读取任意文件通过修改. .(点点)袭击GET HTTP请求,使用“% 2 e”而不是“。”Analysis ---------------- ED_PRI CAN-2000-0920 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0965 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0965最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:XF: hp-virtualvault-nsapi-dos参考:网址:http://xforce.iss.net/static/5361.php参考:惠普:hpsbux0010 - 124参考:网址:http://archives.neohapsis.com/archives/hp/2000-q4/0012.htmlNSAPI插件TGA和Java Servlet代理hp - ux VVOS 10.24和11.04允许攻击者造成拒绝服务(高CPU利用率)分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0965 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0967网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0967最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:ATSTAKE: A101200-1参考:网址:http://www.atstake.com/research/advisories/2000/a101200 - 1. - txt参考:曼德拉草:MDKSA-2000:062参考:网址:http://www.linux mandrake.com/en/security/mdksa - 2000 - 062. - php3?dis=7.1参考:DEBIAN: 20001014 php3:可能的远程利用参考:网址:http://www.debian.org/security/2000/20001014a参考:DEBIAN: 20001014 php4:可能的远程利用参考:网址:http://www.debian.org/security/2000/20001014b参考:火山口:综援- 2000 - 037.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 037.0.txt参考:BUGTRAQ: 20001012 Conectiva Linux安全公告——mod_php3参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html参考:报价:1786参考:网址:http://www.securityfocus.com/bid/1786参考:XF: php-logging-format-string参考:网址:http://xforce.iss.net/static/5359.phpPHP 3和4不正确清洁user-injected格式字符串,它允许远程攻击者执行任意命令通过触发错误消息不正确写入错误日志。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0967 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0974网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0974最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001011 GPG 1.0.3不检测修改文件与多个签名参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html参考:REDHAT: RHSA-2000:089-04参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 089 - 04. - html参考:火山口:综援- 2000 - 038.0参考:曼德拉草:MDKSA-2000:063-1参考:CONECTIVA: CLSA-2000:334参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334参考:BUGTRAQ: 20001025 Immunix OS的安全更新gnupg包参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html参考:XF: gnupg-message-modify参考:网址:http://xforce.iss.net/static/5386.php参考:报价:1797参考:网址:http://www.securityfocus.com/bid/1797GnuPG (gpg) 1.0.3不正确检查所有签名的文件包含多个文件,攻击者可以修改所有文件的内容但第一没有检测。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0974 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0979网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0979最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001012 NSFOCUS SA2000-05: Microsoft Windows 9 x NETBIOS密码参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97147777618139&w=2参考:女士:ms00 - 072参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 072. - asp参考:报价:1780参考:网址:http://www.securityfocus.com/bid/1780参考:XF: win9x-share-level-password参考:网址:http://xforce.iss.net/static/5395.php文件和打印共享服务在Windows 95, Windows 98, Windows我不正确检查一个文件共享的密码,它允许远程攻击者绕过共享访问控制通过发送一个字节密码相匹配的第一个字符的密码,又名“共享级别密码”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0979 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0980网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0980最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:女士:ms00 - 073参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 073. - asp参考:报价:1781参考:网址:http://www.securityfocus.com/bid/1781参考:XF: win-nmpi-packet-dos参考:网址:http://xforce.iss.net/static/5357.phpNMPI (IPX名称管理协议)侦听器在微软NWLink从广播地址不正确过滤数据包,它允许远程攻击者造成网络广播风暴和洪水。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0980 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0982网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0982最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:女士:ms00 - 076参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 076. - asp参考:报价:1793参考:网址:http://www.securityfocus.com/bid/1793参考:XF: ie-cache-info参考:网址:http://xforce.iss.net/static/5367.phpInternet Explorer 5.5之前转发缓存用户凭证为一个安全的网站不安全页面在同一个网站,这可能允许远程攻击者获取凭证通过监测连接到web服务器,又名“缓存web凭证”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0982 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1061网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1061最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:参考:女士:ms00 - 075参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 075. - asp微软Internet Explorer 4中虚拟机(VM)。x和5。x允许未签名的applet创建和使用ActiveX控件,它允许远程攻击者绕过ie浏览器的安全设置和执行任意命令通过恶意网页或电子邮件,又名“微软VM ActiveX组件”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1061 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0946网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0946最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:NTBUGTRAQ: 20001012安全问题与康柏轻松访问键盘软件参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html参考:确认:http://www5.compaq.com/support/files/desktops/us/revision/1723.html康柏轻松访问键盘软件1.3不正确禁用访问自定义按钮锁定屏幕时,这可能允许攻击者获得特权或擅自执行程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0946 2供应商确认:是的、确认:1.51版本的更新日志:“这个补丁提供了增强的安全性,通过锁定键盘按钮”的便捷访问投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0978网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0978最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001010“老大哥”系统和网络监控漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html参考:报价:1779参考:网址:http://www.securityfocus.com/bid/1779在老大哥bdd服务器系统和网络监控之前1.5 c2允许远程攻击者通过“&”执行任意命令shell元字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0978 2供应商确认:是的email-announce投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1005网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1005最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001009安全顾问:eXtropia WebStore (web_store.cgi)目录遍历脆弱性参考:网址:http://www.securityfocus.com/archive/1/138495参考:报价:1774参考:网址:http://www.securityfocus.com/bid/1774参考:XF: extropia-webstore-fileread参考:网址:http://xforce.iss.net/static/5347.php目录遍历html_web_store脆弱性。cgi和web_store。cgi cgi程序在eXtropia WebStore允许远程攻击者读取任意文件通过一个. .(点点)攻击页面上的参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1005 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1010网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1010最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001006 talkd(是:Re: OpenBSD安全顾问)参考:网址:http://www.securityfocus.com/archive/1/137890参考:报价:1764参考:网址:http://www.securityfocus.com/bid/1764参考:XF: linux-talkd-overwrite-root参考:网址:http://xforce.iss.net/static/5344.php格式字符串漏洞在talkd OpenBSD和其他可能基于bsd的操作系统允许远程攻击者执行任意命令通过一个包含格式字符的用户名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1010 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0914网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0914最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001005 obsd_fun。c参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html参考:报价:1759参考:网址:http://www.securityfocus.com/bid/1759参考:XF: bsd-arp-request-dos参考:网址:http://xforce.iss.net/static/5340.phpOpenBSD 2.6和更早的允许远程攻击者因洪水导致拒绝服务的服务器ARP请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0914 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0919网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0919最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001007 PHPix咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html参考:报价:1773参考:网址:http://www.securityfocus.com/bid/1773参考:XF: phpix-dir-traversal参考:网址:http://xforce.iss.net/static/5331.php目录遍历脆弱性PHPix相册1.0.2早些时候,允许远程攻击者读取任意文件通过一个. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0919 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0921网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0921最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001007安全顾问:哈桑咨询的商店。cgi目录遍历的脆弱性。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html参考:报价:1777参考:网址:http://www.securityfocus.com/bid/1777参考:XF: hassan-shopping-cart-dir-traversal参考:网址:http://xforce.iss.net/static/5342.php在哈桑咨询商店目录遍历的脆弱性。cgi购物车程序允许远程攻击者读取任意文件通过一个. .(点点)攻击页面上的参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0921 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0922网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0922最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001008安全顾问:字节互动的网络购物者(shopper.cgi)目录遍历脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html参考:报价:1776参考:网址:http://www.securityfocus.com/bid/1776参考:XF: web-shopper-directory-traversal参考:网址:http://xforce.iss.net/static/5351.php目录遍历脆弱性字节交互式Web顾客购物车程序(shopper.cgi) 2.0和更早的允许远程攻击者读取任意文件通过一个. .(点点)攻击newpage参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0922 3供应商确认:没有投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0923网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0923最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ:前轮驱动:20001006 APlio PRO web壳参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html参考:XF: uclinux-apliophone-bin-execute参考:网址:http://xforce.iss.net/static/5333.php参考:报价:1784参考:网址:http://www.securityfocus.com/bid/1784身份验证。cgi Aplio PRO cgi程序允许远程攻击者通过执行任意命令shell元字符的密码参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0923 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0924网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0924最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001009主指数遍历咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html参考:报价:1772参考:网址:http://www.securityfocus.com/bid/1772目录遍历搜索漏洞。cgi cgi脚本在舰队主索引允许远程攻击者读取任意文件通过一个. .(点点)攻击“catigory”参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0924 3供应商确认:有可能受影响的参数是拼写“类别”和大参考不准确的报告。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0928网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0928最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001006 DST2K0040: QuotaAdvisor 4.1 WQuinn容易受到任何用户贝ng能够列表(未读)QuotaAdvisor运行所有文件在任何服务器。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html参考:报价:1765参考:网址:http://www.securityfocus.com/bid/1765WQuinn QuotaAdvisor 4.1允许用户列出目录和文件通过运行报告目标股票。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0928 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0953网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0953最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001009香巴拉4.5脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html参考:报价:1778参考:网址:http://www.securityfocus.com/bid/1778参考:XF: shambala-connection-dos参考:网址:http://xforce.iss.net/static/5345.php香巴拉服务器4.5允许远程攻击者造成拒绝服务通过打开然后关闭连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0953 3供应商确认:未知声称投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0954网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0954最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001009香巴拉4.5脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html参考:报价:1771参考:网址:http://www.securityfocus.com/bid/1771参考:XF: shambala-password-plaintext参考:网址:http://xforce.iss.net/static/5346.php香巴拉Server 4.5在明文存储密码,这可能允许本地用户获取密码和服务器妥协。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0954 3供应商确认:未知声称内容决定:DESIGN-NO-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0960网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0960最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001011网景通讯服务器4.15可怜的错误字符串引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97138100426121&w=2参考:报价:1787参考:网址:http://www.securityfocus.com/bid/1787参考:XF: netscape-messaging-email-verify参考:网址:http://xforce.iss.net/static/5364.php网景的POP3服务器消息传递服务器4.15 p1生成不同的错误消息不正确的用户名和正确的密码,它允许远程攻击者确定有效用户对系统和收获虐待垃圾邮件的电子邮件地址。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0960 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0961网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0961最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20000928商业产品和安全(+新的bug)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html参考:报价:1721参考:网址:http://www.securityfocus.com/bid/1721参考:XF: netscape-messaging-list-dos参考:网址:http://xforce.iss.net/static/5292.php缓冲区溢出在网景IMAP服务器消息传递服务器4.15补丁2允许本地用户执行任意命令通过一长串的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0961 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0963网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0963最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001009 ncurses缓冲区溢位参考:网址:http://www.securityfocus.com/archive/1/138550参考:火山口:综援- 2000 - 036.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 036.0.txt参考:报价:1142参考:网址:http://www.securityfocus.com/bid/1142缓冲区溢出ncurses库允许本地用户执行任意命令通过长词或TERMINFO_DIRS等环境信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0963 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0975网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0975最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001012蟒蛇咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html目录遍历apexec脆弱性。pl在蟒蛇基础目录允许远程攻击者读取任意文件通过一个. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0975 3供应商确认:未知声称投票通知部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0976网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0976最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001012另一个Xlib缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0211.html参考:报价:1805参考:网址:http://www.securityfocus.com/bid/1805缓冲区溢出在xlib XFree 3.3。x可能允许本地用户执行任意命令通过一个长显示环境变量或显示命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0976 3供应商确认:包含:这可能不是可利用的,一篇由罗伯特·范德Meulen说,“显示号码只能包含数字值。”Seehttp://archives.neohapsis.com/archives/bugtraq/2000-10/0237.html投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0977网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0977最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001011邮件文件发布漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html参考:报价:1807参考:网址:http://www.securityfocus.com/bid/1807mailfile。cgi cgi程序MailFile 1.10允许远程攻击者读取任意文件通过指定的目标文件的名字“文件名”参数在一个POST请求,然后通过电子邮件发送到指定的地址在“电子邮件”参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0977 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0985网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0985最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:ATSTAKE: A101200-2参考:网址:http://www.atstake.com/research/advisories/2000/a101200 - 2. - txt参考:报价:1789参考:网址:http://www.securityfocus.com/bid/1789缓冲区溢出在所有邮件1.1允许远程攻击者执行任意命令通过一个漫长的“邮件”或“收件人”命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0985 3供应商确认:未知unsopported投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1002网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1002最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001012 Re:网景通讯服务器4.15可怜的错误字符串引用:网址:http://www.securityfocus.com/archive/1/139523参考:XF: communigate-email-verify参考:网址:http://xforce.iss.net/static/5363.php参考:报价:1792参考:网址:http://www.securityfocus.com/bid/1792POP3守护进程的跟踪狂CommuniGate Pro 3.3.2生成不同的错误消息无效的用户名和密码无效,它允许远程攻击者,以确定有效的电子邮件地址在服务器上的垃圾邮件攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1002 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1003网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1003最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001012 NSFOCUS SA2000-04:微软都客户机驱动程序类型比较脆弱引用:网址:http://www.securityfocus.com/archive/1/139511参考:报价:1794参考:网址:http://www.securityfocus.com/bid/1794参考:XF: win-netbios-driver-type-dos参考:网址:http://xforce.iss.net/static/5370.phpNETBIOS客户在Windows 95, Windows 98允许远程攻击者造成拒绝服务通过改变一个文件共享服务返回一个未知的驱动程序类型,导致客户端崩溃。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1003 3供应商确认:未知声称投票通知部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1018网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1018最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001010分解1.0错误报告参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97119799515246&w=2参考:BUGTRAQ: 20001011分解v1.0修复参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97131166004145&w=2参考:报价:1788参考:网址:http://www.securityfocus.com/bid/1788分解1.0文件擦拭工具不正确地打开一个文件覆盖或刷新缓冲区,这可以防止分解正确替换文件的数据,并允许本地用户恢复该文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1018 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1062网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1062最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001010警员- 2000014:惠普Jetdirect多个DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97119729613778&w=2参考:报价:1775参考:网址:http://www.securityfocus.com/bid/1775参考:XF: hp-jetdirect-firmware-dos参考:网址:http://xforce.iss.net/static/5353.php缓冲区溢出的FTP服务惠普JetDirect打印机卡固件x.08.20早些时候,允许远程攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1062 3供应商确认:未知discloser-claimed内容决定:SF-LOC CD: SF-LOC显示拥有单独的CVE条目单独的缓冲区溢出。而治安维持会成员咨询表明多个服务受到影响,目前尚不完全清楚每个服务都有一个单独的缓冲区溢出,或者如果有一个溢出在图书馆所使用的所有服务。如果是后者,那么CD: SF-LOC建议合并这个项目与其他Telnet和LPD服务。然而,在缺乏完整信息的情况下,默认动作是保持这些东西分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1063网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1063最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001010警员- 2000014:惠普Jetdirect多个DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97119729613778&w=2参考:报价:1775参考:网址:http://www.securityfocus.com/bid/1775参考:XF: hp-jetdirect-firmware-dos参考:网址:http://xforce.iss.net/static/5353.php缓冲区溢出的Telnet服务惠普JetDirect打印机卡固件x.08.20早些时候,允许远程攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1063 3供应商确认:未知discloser-claimed内容决定:SF-LOC CD: SF-LOC显示拥有单独的CVE条目单独的缓冲区溢出。而治安维持会成员咨询表明多个服务受到影响,目前尚不完全清楚每个服务都有一个单独的缓冲区溢出,或者如果有一个溢出在图书馆所使用的所有服务。如果是后者,那么CD: SF-LOC表明这个项目结合FTP和LPD服务他人。然而,在缺乏完整信息的情况下,默认动作是保持这些东西分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1064网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1064最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001010警员- 2000014:惠普Jetdirect多个DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97119729613778&w=2参考:报价:1775参考:网址:http://www.securityfocus.com/bid/1775参考:XF: hp-jetdirect-firmware-dos参考:网址:http://xforce.iss.net/static/5353.php缓冲区溢出的LPD服务惠普JetDirect打印机卡固件x.08.20早些时候,允许远程攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1064 3供应商确认:未知discloser-claimed内容决定:SF-LOC CD: SF-LOC显示拥有单独的CVE条目单独的缓冲区溢出。而治安维持会成员咨询表明多个服务受到影响,目前尚不完全清楚每个服务都有一个单独的缓冲区溢出,或者如果有一个溢出在图书馆所使用的所有服务。如果是后者,那么CD: SF-LOC表明这个项目结合FTP、Telnet服务他人。然而,在缺乏完整信息的情况下,默认动作是保持这些东西分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1065网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1065最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001010警员- 2000014:惠普Jetdirect多个DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97119729613778&w=2参考:报价:1775参考:网址:http://www.securityfocus.com/bid/1775参考:XF: hp-jetdirect-ip-implementation参考:网址:http://xforce.iss.net/static/5354.php脆弱的IP实现惠普JetDirect打印机卡固件x.08.20早些时候,允许远程攻击者造成拒绝服务(打印机崩溃)通过一个畸形的包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1065 3供应商确认:未知discloser-claimed内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1071网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1071最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:CF参考:ATSTAKE: A100900-1参考:网址:http://www.atstake.com/research/advisories/2000/a100900 - 1. - txt参考:报价:1767参考:网址:http://www.securityfocus.com/bid/1767GUI安装iCal 2.1补丁2禁用访问控制的X服务器使用一个“xhost +”命令,远程攻击者可以监视X Windows事件并获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1071 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1072网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1072最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:CF参考:ATSTAKE: A100900-1参考:网址:http://www.atstake.com/research/advisories/2000/a100900 - 1. - txt参考:报价:1768参考:网址:http://www.securityfocus.com/bid/1768iCal 2.1补丁2安装许多对外公开权限的文件,它允许本地用户修改iCal取代iplncal配置和执行任意命令。sh与特洛伊木马程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1072 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1073网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1073最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:ATSTAKE: A100900-1参考:网址:http://www.atstake.com/research/advisories/2000/a100900 - 1. - txt参考:报价:1769参考:网址:http://www.securityfocus.com/bid/1769csstart项目iCal 2.1补丁2搜索cshttpd程序在当前工作目录中,它允许本地用户获得根权限通过创建一个特洛伊木马cshttpd程序目录和调用csstart从目录中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1073 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1074网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1074最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:ATSTAKE: A100900-1参考:网址:http://www.atstake.com/research/advisories/2000/a100900 - 1. - txt参考:报价:1769参考:网址:http://www.securityfocus.com/bid/1769csstart项目iCal 2.1补丁2使用相对路径名安装libsocket和libnsl库,这可能允许icsuser账户获得根权限通过创建一个特洛伊木马库在当前或父目录。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1074 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1078网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1078最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001007 ICQ WebFront HTTPd DoS参考:网址:http://www.securityfocus.com/archive/1/138332参考:XF: icq-webfront-url-dos参考:网址:http://xforce.iss.net/static/5332.phpICQ Web前端HTTPd允许远程攻击者造成拒绝服务请求的URL包含一个“?”字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1078 3供应商确认:内容决定:EX-CLIENT-DOS包含:虽然这可能被视为一个客户端DoS,原因有2 CD: EX-CLIENT-DOS *不*应用:(a)攻击者可能导致DoS没有强迫客户端触发;和(b)脆弱的组件是有效的,一个web服务器。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群近40 - 42的候选人
- 下一个按日期:(提案)集群RECENT-42 - 37的候选人
- Prev线程:(提案)集群近40 - 42的候选人
- 下一个线程:(提案)集群RECENT-42 - 37的候选人
- 指数(es):
