(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-43 - 40的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-43 - 40的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0500年:星期二,2000年11月28日22:46:01(美国东部时间)
- 交货日期:2000年11月28日22:46:06星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
以下集群包含40个候选人宣布10月26日至11月7日,2000年。注意,投票网站将不会更新这个集群,直到周三的某个时候。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0886 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0886最终决定:阶段性裁决:修改:建议:20001129分配:20001102类别:科幻参考:BUGTRAQ: 20001107 NSFOCUS SA2000-07: Microsoft IIS 4.0/5.0 CGI文件名检查漏洞参考:网址:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&;参考:女士:ms00 - 086参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 086. - asp参考:报价:1912参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=1912IIS 5.0允许远程攻击者执行任意命令通过一个畸形的可执行文件,他的名字叫附加请求操作系统命令,又名“Web服务器文件请求解析”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0886 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0887网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0887最终决定:阶段性裁决:修改:建议:20001129分配:20001114类别:科幻参考:BUGTRAQ: 20001107绑定8.2.2-P5可能的DOS参考:网址:http://www.securityfocus.com/archive/1/143843参考:CERT: ca - 2000 - 20参考:网址:http://www.cert.org/advisories/ca - 2000 - 20. - html参考:REDHAT: RHSA-2000:107-01参考:曼德拉草:MDKSA-2000:067参考:CONECTIVA: CLSA-2000:338参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338参考:CONECTIVA: CLSA-2000:339参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339参考:报价:1923参考:网址:http://www.securityfocus.com/bid/1923命名绑定8.2通过8.2.2-P6允许远程攻击者造成拒绝服务通过一个压缩区转移(ZXFR)上执行名称服务查询请求和一个权威记录不缓存,又称“ZXFR bug”。Analysis ---------------- ED_PRI CAN-2000-0887 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0888 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0888最终决定:阶段性裁决:修改:建议:20001129分配:20001114类别:科幻参考:CERT: ca - 2000 - 20参考:网址:http://www.cert.org/advisories/ca - 2000 - 20. - html参考:REDHAT: RHSA-2000:107-01参考:曼德拉草:MDKSA-2000:067参考:CONECTIVA: CLSA-2000:338参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338参考:CONECTIVA: CLSA-2000:339参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339通过8.2.2-P6命名绑定8.2允许远程攻击者造成拒绝服务通过发送一个SRV记录到服务器,又称“SRV错误。”Analysis ---------------- ED_PRI CAN-2000-0888 1 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0942 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0942最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001028 IIS 5.0跨站脚本漏洞——使用.htw参考:网址:http://www.securityfocus.com/archive/1/141903参考:女士:ms00 - 084参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 084. - asp参考:报价:1861参考:网址:http://www.securityfocus.com/bid/1861参考:XF: iis-htw-cross-scripting参考:网址:http://xforce.iss.net/static/5441.phpCiWebHitsFile组件在微软的Windows 2000索引服务允许远程攻击者进行跨站脚本攻击(CSS)通过CiRestriction .htw请求参数,又名“索引服务”跨站脚本漏洞。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0942 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0952网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0952最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:NETBSD: NETBSD - sa2000 - 014参考:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——014.参考:XF: global-execute-remote-commands参考:网址:http://xforce.iss.net/static/5424.php全球。3.55和更早的cgi cgi程序在全球在NetBSD允许远程攻击者通过shell元字符执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0952 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0956网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0956最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:REDHAT: RHSA-2000:094-01参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 094. - html参考:报价:1875参考:网址:http://www.securityfocus.com/bid/1875参考:XF: cyrus-sasl-gain-access参考:网址:http://xforce.iss.net/static/5427.phpcyrus-sasl 1.5.24在Red Hat Linux 7.0不正确验证本地用户的授权,从而让用户绕开指定的访问限制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0956 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1006网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1006最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:女士:ms00 - 082参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 082. - asp参考:XF: ms-exchange-mime-dos参考:网址:http://xforce.iss.net/static/5448.php参考:报价:1869参考:网址:http://www.securityfocus.com/bid/1869Microsoft Exchange Server 5.5不妥善处理指定MIME头和一个空白的字符集,它允许远程攻击者造成拒绝服务通过一个字符集= "命令,又名“畸形的MIME头”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1006 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1026网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1026最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:FREEBSD: FreeBSD-SA-00:61参考:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc参考:报价:1870参考:网址:http://www.securityfocus.com/bid/1870多个缓冲区溢出LBNL tcpdump允许远程攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1026 1供应商确认:是的咨询CD: SF-LOC建议为每个缓冲区溢出有单独的条目,但是不清楚如何区分CVE描述中没有一个广泛的源代码分析。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1034网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1034最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001106系统监视器ActiveX缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97349782305448&w=2参考:女士:ms00 - 085参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 085. - asp参考:报价:1899参考:网址:http://www.securityfocus.com/bid/1899缓冲区溢出在Windows 2000系统监控ActiveX控件允许远程攻击者执行任意命令通过一个长LogFileName参数在HTML源代码,又名“ActiveX参数验证”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1034 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1045网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1045最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:REDHAT: RHSA-2000:024参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 024. - html参考:曼德拉草:mdksa - 2000 - 066参考:网址:http://www.linux mandrake.com/en/security/mdksa - 2000 - 066 - 1. - php3参考:报价:1863参考:网址:http://www.securityfocus.com/bid/1863参考:XF: nssldap-nscd-dos参考:网址:http://xforce.iss.net/static/5449.phpnss_ldap早于121年,当运行nscd(名称服务缓存守护进程),允许远程攻击者造成拒绝服务通过大量的LDAP请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1045 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1049网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1049最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001101阿莱尔的JRUN DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97310314724964&w=2参考:阿莱尔:asb00 - 030参考:网址:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full参考:XF: allaire-jrun-servlet-dos参考:网址:http://xforce.iss.net/static/5452.php阿莱尔JRun http servlet 3.0服务器允许远程攻击者造成拒绝服务通过一个URL包含一长串“。”字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1049 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1066网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1066最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:FREEBSD: FreeBSD-SA-00:63参考:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:63.getnameinfo.asc参考:报价:1894参考:网址:http://www.securityfocus.com/bid/1894FreeBSD以下4.4.1 getnameinfo函数和早些时候,可能还有其他操作系统,允许远程攻击者造成拒绝服务通过DNS主机名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1066 1供应商确认:是的咨询抽象:FreeBSD补丁应用于3线分离,因此CD: SF-LOC建议为每一行有单独的项目。然而,它是不容易区分这三个问题没有广泛的源代码分析的所有其他Unix风格,可能这个问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0941网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0941最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001029远程命令执行通过千瓦1.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html参考:BUGTRAQ: 20001029 Re:远程命令执行通过千瓦1.0(加法)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html参考:MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt参考:报价:1883参考:网址:http://www.securityfocus.com/bid/1883参考:XF: kw-whois-meta参考:网址:http://xforce.iss.net/static/5438.php库特奈人Web 1.0千瓦Whois CGI程序允许远程攻击者通过执行任意命令shell元字符“域名查询服务”参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0941 2供应商确认:是的补丁投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0944网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0944最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001027 CGI-Bug:新闻更新1.1管理密码错误引用:网址:万博下载包http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html参考:报价:1881参考:网址:http://www.securityfocus.com/bid/1881参考:XF: news-up万博下载包date-bypass-password参考:网址:http://xforce.iss.net/static/5433.phpCGI脚本中心新闻更新1.1不正确验万博下载包证原始新闻管理密码在密码更改操作,远程攻击者可以修改密码,不知道原始密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0944 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1080网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1080最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001102 dos quake1服务器上参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97318797630246&w=2参考:确认:http://proquake.ai.mit.edu/参考:报价:1900参考:网址:http://www.securityfocus.com/bid/19001.01和更早的地震1 (quake1)和ProQuake允许远程攻击者通过畸形引起拒绝服务(空的)UDP数据包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1080 2供应商确认:是的、确认:在“当前状态”部分ProQuake网站http://proquake.ai.mit.edu/,输入日期2000年11月18日说:“Proquake v1.02修复一个严重的bug已经存在自成立以来,地震,但最近才发现,缺陷允许任何人造成任何服务器停止接受新连接”。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0817网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0817最终决定:阶段性裁决:修改:建议:20001129分配:20001004类别:科幻参考:国际空间站:20001101缓冲区溢出在Microsoft Windows NT 4.0和Windows 2000网络监控参考:网址:http://xforce.iss.net/alerts/index.php参考:女士:ms00 - 083参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 083. - asp缓冲区溢出的HTTP协议解析器对微软网络监视器(因而Netmon)允许远程攻击者通过畸形数据执行任意命令,又名“Netmon正在协议解析”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0817 3供应商确认:是的内容决定:SF-EXEC抽象:这是密切相关——2000 - 0885。候选人确定不同的缓冲区溢位解析器是解决同样的安全公告。CD: SF-EXEC表明这些应该分开。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0885网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0885最终决定:阶段性裁决:修改:建议:20001129分配:20001028类别:科幻参考:奈:20001101多个网络监控溢出参考:女士:ms00 - 083参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 083. - asp缓冲区溢出在微软网络监视器(因而Netmon)允许远程攻击者执行任意命令通过一个长长的浏览器的名字CIFS浏览框,长SNMP社区名称、或很长的用户名或文件名SMB会话,又名“Netmon正在协议解析”的弱点。注意:很有可能,这个候选人将分成多个候选人。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0885 3供应商确认:是的内容决定:SF-EXEC抽象:这是密切相关——2000 - 0817。候选人确定不同的缓冲区溢出发生同样的安全公告,因此CD: SF-EXEC表明这两个候选人应该分开。此外,这个候选人应该分成独立的候选人,每个溢出,一个由CD: SF-EXEC。这个候选人不是在CVE的抽象级别,因为它是留给使用前首次公开宣布。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0935网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0935最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001030 Samba 2.0.7 SWAT漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html参考:报价:1872参考:网址:http://www.securityfocus.com/bid/1872参考:XF: samba-swat-logging-sym-link参考:网址:http://xforce.iss.net/static/5443.phpSamba Web管理工具(SWAT)在Samba 2.0.7允许本地用户覆盖任意文件通过一个符号链接攻击cgi。日志文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0935 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0936网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0936最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001030 Samba 2.0.7 SWAT漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html参考:报价:1874参考:网址:http://www.securityfocus.com/bid/1874参考:XF: samba-swat-logfile-info参考:网址:http://xforce.iss.net/static/5445.phpSamba Web管理工具(SWAT)在Samba 2.0.7安装cgi。日志日志文件与世界可读权限,允许本地用户读取用户名和密码等敏感信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0936 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0937网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0937最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001030 Samba 2.0.7 SWAT漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html参考:报价:1873参考:网址:http://www.securityfocus.com/bid/1873参考:XF: samba-swat-brute-force参考:网址:http://xforce.iss.net/static/5442.phpSamba Web管理工具(SWAT)在Samba 2.0.7不登录尝试登录的用户名是正确的,但密码是错误的,它允许远程攻击者进行暴力破解密码猜测攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0937 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0938网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0938最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001030 Samba 2.0.7 SWAT漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.htmlSamba Web管理工具(SWAT)在Samba 2.0.7供应不同的错误消息提供了一个有效的用户名和一个无效的名字,它允许远程攻击者识别有效用户在服务器上。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0938 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0939网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0939最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001030 Samba 2.0.7 SWAT漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html参考:XF: samba-swat-url-filename-dos参考:网址:http://xforce.iss.net/static/5444.phpSamba Web管理工具(SWAT)在Samba 2.0.7允许远程攻击者造成拒绝服务多次提交非标准URL的HTTP请求,并迫使它重启。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0939 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0940网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0940最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:在Pagelog BUGTRAQ: 20001029小虫子。cgi参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0422.html参考:报价:1864参考:网址:http://www.securityfocus.com/bid/1864参考:XF: pagelog-cgi-dir-traverse参考:网址:http://xforce.iss.net/static/5451.php目录遍历脆弱性Metertek pagelog。cgi允许远程攻击者读取任意文件通过一个. .(点点)攻击“名称”或“显示”参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0940 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0943网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0943最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001027潜在的安全问题在bftpd-1.0.11参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html参考:XF: bftpd-user-bo参考:网址:http://xforce.iss.net/static/5426.php缓冲区溢出在bftp守护进程(bftpd) 1.0.11允许远程攻击者可能导致拒绝服务和执行任意命令通过用户命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0943 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0945网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0945最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001026咨询def - 2000 - 02: Cisco Catalyst远程命令执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html参考:XF: cisco-catalyst-remote-commands参考:网址:http://xforce.iss.net/static/5415.phpweb配置接口催化剂3500 XL开关允许远程攻击者执行任意命令没有通过URL包含身份验证/执行/目录中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0945 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0950网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0950最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001026 FWTK x-gw安全顾问(GSA2000-01)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0376.html参考:XF: tisfwtk-xgw-execute-code参考:网址:http://xforce.iss.net/static/5420.php格式字符串漏洞在x-gw TIS防火墙工具包(FWTK)允许本地用户执行任意命令通过一个畸形的显示名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0950 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0955网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0955最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:ATSTAKE: A102600-1参考:网址:http://www.atstake.com/research/advisories/2000/a102600 - 1. - txt参考:报价:1885参考:网址:http://www.securityfocus.com/bid/1885参考:XF: cisco-vco-snmp-passwords参考:网址:http://xforce.iss.net/static/5425.php思科虚拟中央Office 4000 (VCO / 4 k)使用弱加密存储用户名和密码在SNMP MIB,它允许攻击者谁知道社区名破解密码,获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0955 3供应商确认:是的内容决定:DESIGN-WEAK-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0957网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0957最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001026 (SRADV00004)远程和本地漏洞pam_mysql参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html参考:XF: pammysql-auth-input参考:网址:http://xforce.iss.net/static/5447.phpmsql pluggable authentication module (pam_mysql) 0.4.7不正确清洁用户输入构造SQL语句时,攻击者可以获得明文密码或散列。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0957 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1009网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1009最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001030 Redhat 6.2转储命令执行外部程序suid特权。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0438.html参考:报价:1871参考:网址:http://www.securityfocus.com/bid/1871参考:XF: linux-dump-execute-code参考:网址:http://xforce.iss.net/static/5437.php倾倒在Red Hat Linux 6.2信托RSH环境变量所指定的路径名,它允许本地用户获得根权限通过修改RSH变量指向一个特洛伊木马程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1009 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1019网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1019最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001030 Ultraseek 3.1。x远程DoS脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97301487015664&w=2参考:报价:1866参考:网址:http://www.securityfocus.com/bid/1866参考:XF: ultraseek-malformed-url-dos参考:网址:http://xforce.iss.net/static/5439.php搜索引擎在Ultraseek 3.1和3.1.10(又名Inktomi搜索)允许远程攻击者通过畸形引起拒绝服务的URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1019 3供应商确认:未知声称投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1024网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1024最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:参考:BUGTRAQ: 20001101统一eWave ServletExec上传参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97306581513537&w=2参考:报价:1876参考:网址:http://www.securityfocus.com/bid/1876参考:XF: ewave-servletexec-file-upload参考:网址:http://xforce.iss.net/static/5450.phpeWave ServletExec 3.0 c和早不限制访问UploadServlet Java servlet / JSP,它允许远程攻击者上传文件和执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1024 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1025网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1025最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001030统一eWave ServletExec DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97295224226042&w=2参考:报价:1868参考:网址:http://www.securityfocus.com/bid/1868参考:XF: ewave-servletexec-dos参考:网址:http://xforce.iss.net/static/5435.phpeWave ServletExec JSP / Java servlet引擎,版本3.0 c和之前,允许远程攻击者造成拒绝服务通过一个URL包含“/ servlet /”字符串,调用ServletExec servlet,并导致异常如果servlet已经运行。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1025 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1028网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1028最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001102 HPUX铜- l选项缓冲区溢出vulnerabilit参考:网址:http://www.securityfocus.com/archive/1/142792参考:报价:1886参考:网址:http://www.securityfocus.com/bid/1886铜项目缓冲区溢出在hp - ux 11.0允许本地用户获得特权通过长- l命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1028 3供应商确认:包含:现在还不确定如果这是可利用的。只提供利用造成了事故,但事故发生在程序操作权限提升?投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1029网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1029最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001027旧版本的主机命令vulnearbility参考:网址:http://www.securityfocus.com/archive/1/141660参考:报价:1887参考:网址:http://www.securityfocus.com/bid/1887缓冲区溢出在主机命令允许远程攻击者执行任意命令通过一个长回应AXFR查询。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1029 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1030网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1030最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001031 Re: Samba 2.0.7 SWAT漏洞参考:网址:http://www.securityfocus.com/archive/1/142672参考:报价:1888参考:网址:http://www.securityfocus.com/bid/1888CS&T CorporateTime为网络不同的错误信息返回无效的用户名和密码无效,它允许远程攻击者来确定服务器上有效的用户名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1030 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1032网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1032最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001101 Re: Samba 2.0.7 SWAT漏洞参考:网址:http://www.securityfocus.com/archive/1/142808参考:报价:1890参考:网址:http://www.securityfocus.com/bid/1890客户端身份验证接口检查防火墙1 4.0和更早的为无效的用户名和无效的密码生成不同的错误消息,它允许远程攻击者识别有效用户名的防火墙。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1032 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1033网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1033最终决定:阶段性裁决:修改:建议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001029蛮干FTP服务器启用anti-hammering(抗强力)方法参考:网址:http://www.securityfocus.com/archive/1/141905参考:报价:1860参考:网址:http://www.securityfocus.com/bid/1860参考:XF: ftp-servu-brute-force参考:网址:http://xforce.iss.net/static/5436.phpServ-U FTP服务器允许远程攻击者绕过其anti-hammering特性首先作为一个有效的用户登录(可能是匿名),然后试图猜测其他用户的密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1033 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1075网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1075最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001026(核心SDI咨询)iPlanet证书管理系统4.2路径遍历错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html参考:报价:1839参考:网址:http://www.securityfocus.com/bid/1839参考:XF: iplanet-netscape-directory-traversal参考:网址:http://xforce.iss.net/static/5421.php目录遍历脆弱性iPlanet证书管理系统4.2和4.12目录服务器允许远程攻击者读取任意文件通过一个. .(点点)攻击代理,终端实体,或管理员的服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1075 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1076网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1076最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001026(核心SDI咨询)iPlanet证书管理系统4.2路径遍历错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html参考:XF: iplanet-netscape-plaintext-password参考:网址:http://xforce.iss.net/static/5422.php网景(iPlanet)证书管理系统4.2和4.12目录服务器存储管理在明文密码,这可能允许本地和远程攻击者获得管理权限在服务器上。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1076 3供应商确认:内容决定:DESIGN-NO-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1077网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1077最终决定:阶段性裁决:修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001026缓冲区溢出iPlanet Web服务器4服务器端SHTML解析模块参考:网址:http://www.securityfocus.com/archive/1/141435参考:XF: iplanet-web-server-shtml-bo参考:网址:http://xforce.iss.net/static/5446.php缓冲区溢出iPlanet SHTML日志记录功能的Web服务器4。x允许远程攻击者执行任意命令通过一个长文件名.shtml扩展。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1077 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群RECENT-42 - 37的候选人
- 下一个按日期:再保险:[CVEPRI]水平CVE增加信心
- Prev线程:(提案)集群RECENT-42 - 37的候选人
- 指数(es):
