(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-48 - 37的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-48 - 37的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:星期五,2001年2月2 11:50:02 -0500(美国东部时间)
- 交货日期:2001年2月2 11:50:18星期五
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含37个候选人之间宣布10月25日,2000年和2000年12月9日。通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。这种集群的投票网站将更新今天晚些时候。新增编辑部也会通知他们的帐户信息。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。 References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0889 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0889最终决定:阶段性裁决:修改:建议:20010202分配:20001114类别:科幻/ CF / MP / SA / /未知参考:CERT: ca - 2000 - 19参考:网址:http://www.cert.org/advisories/ca - 2000 - 19. - html参考:太阳:00198参考:网址:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/198&type=0&nav=sec.sba两个太阳安全证书已经受损,这可能允许攻击者插入恶意代码如applet和让它看起来是由太阳签名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0889 1供应商确认:是的咨询这可能不属于CVE。此外,这个候选人可能是在较高的抽象级别。然而,据报道在一些漏洞数据库。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0041网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0041最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:思科:20001206 CISCO Catalyst内存泄漏脆弱性参考:网址:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml参考:报价:2072参考:网址:http://www.securityfocus.com/bid/2072参考:XF: cisco-catalyst-telnet-dos参考:网址:http://xforce.iss.net/static/5656.php内存泄漏在Cisco Catalyst 4000、5000和6000系列交换机允许远程攻击者通过一系列导致拒绝服务失败的telnet认证尝试。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0041 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0050网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0050最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001207 BitchX DNS溢出补丁参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html参考:BUGTRAQ: 20001207 bitchx / ircd DNS溢出示范参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html参考:REDHAT: RHSA-2000:126-03参考:网址:http://www.redhat.com/support/errata/powertools/rhsa - 2000 - 126. - html参考:曼德拉草:MDKSA-2000:079参考:网址:http://www.linux mandrake.com/en/security/2000/mdksa - 2000 - 079. - php3参考:FREEBSD: FreeBSD-SA-00:78参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc参考:CONECTIVA: CLA-2000:364参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364参考:报价:2087参考:网址:http://www.securityfocus.com/bid/2087参考:XF: irc-bitchx-dns-bo参考:网址:http://xforce.iss.net/static/5701.php缓冲区溢出BitchX IRC客户端允许远程攻击者可能导致拒绝服务和执行任意命令通过解决长DNS主机名的IP地址或域名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0050 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0055网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0055最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:思科:20001204多个漏洞在当地参考:网址:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml参考:XF: cisco-cbos-syn-packets参考:网址:http://xforce.iss.net/static/5627.php当地2.4.1早些时候,600年思科路由器允许远程攻击者通过缓慢导致拒绝服务的TCP SYN包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0055 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0056网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0056最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:思科:20001204多个漏洞在当地参考:网址:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml参考:XF: cisco-cbos-invalid-login参考:网址:http://xforce.iss.net/static/5628.php思科网络管理接口的路由器运行是个2.4.1和不早些时候日志无效的登录,它允许远程攻击者猜测密码没有检测。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0056 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0057网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0057最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:思科:20001204多个漏洞在当地参考:网址:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml参考:XF: cisco-cbos-icmp-echo参考:网址:http://xforce.iss.net/static/5629.php600年思科路由器运行是个2.4.1早些时候,允许远程攻击者造成拒绝服务通过一个大型ICMP回应(ping)包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0057 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0058网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0058最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:思科:20001204多个漏洞在当地参考:网址:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml参考:XF: cisco-cbos-web-access参考:网址:http://xforce.iss.net/static/5626.php600年思科路由器运行的Web界面是个2.4.1早些时候,允许远程攻击者造成拒绝服务通过一个URL,不以一个空格字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0058 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0066网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0066最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001126 (MSY)年代(ecure)定位堆腐败漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html参考:DEBIAN: dsa - 005 - 1参考:网址:http://www.debian.org/security/2000/20001217a参考:曼德拉草:MDKSA-2000:085参考:网址:http://www.linux mandrake.com/en/security/2000/mdksa - 2000 - 085. - php3参考:REDHAT: RHSA-2000:128-02参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 128. - html参考:CONECTIVA: CLA-2001:369参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369参考:报价:2004参考:网址:http://www.securityfocus.com/bid/2004安全定位(slocate)通过畸形允许本地用户腐败内存数据库文件,指定一个抵消值访问目的以外的内存缓冲区。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0066 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0089网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0089最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:女士:ms00 - 093参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 093. - asp参考:XF: ie-form-file-upload参考:网址:http://xforce.iss.net/static/5615.phpInternet Explorer 5.0到5.5允许远程攻击者从客户端读取任意文件通过HTML表单中的输入类型元素,即“通过表单文件上传”漏洞。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0089 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0090网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0090最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:女士:ms00 - 093参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 093. - asp打印模板功能在Internet Explorer 5.5执行任意自定义打印模板没有提示用户,这可能允许攻击者执行任意ActiveX控件,又名“浏览器打印模板”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0090 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0091网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0091最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:女士:ms00 - 093参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 093. - aspActiveX控件的调用的脚本在Internet Explorer 5.0 5.5呈现任意文件类型而不是HTML,它允许攻击者读取任意文件,又名“小脚本呈现”的一种变体的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0091 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0092网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0092最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:女士:ms00 - 093参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 093. - asp一个函数在Internet Explorer 5.0 5.5不正确验证框架的领域在一个浏览器窗口,它允许远程攻击者读取客户端文件,即“帧域验证”的新变体的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0092 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0021网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0021最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001206 (SRADV00005)远程命令执行漏洞邮差邮件参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html参考:确认:http://www.endymion.com/products/mailman/history.htm参考:报价:2063参考:网址:http://www.securityfocus.com/bid/2063参考:XF: mailman-alternate-templates参考:网址:http://xforce.iss.net/static/5649.php邮差邮箱3.0.25早些时候,允许远程攻击者通过执行任意命令shell元字符alternate_template参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0021 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0033网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0033最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001208漏洞在Kerberos k IV参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html参考:BUGTRAQ: 20001210 k升级和修复参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html参考:XF: kerberos4-user-config参考:网址:http://xforce.iss.net/static/5738.phpKerberos k IV允许本地用户更改的配置Kerberos服务器运行在一个高特权通过指定另一个目录使用KRBCONFDIR环境变量,它允许用户获得更多的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0033 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0034网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0034最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001208漏洞在Kerberos k IV参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html参考:BUGTRAQ: 20001210 k升级和修复参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html参考:XF: kerberos4-arbitrary-proxy参考:网址:http://xforce.iss.net/static/5733.phpKerberos k IV允许本地用户指定一个替代代理使用krb4_proxy变量,它允许用户生成错误的代理反应和可能获得的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0034 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0035网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0035最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001208漏洞在Kerberos k IV参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html参考:BUGTRAQ: 20001210 k升级和修复参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html参考:XF: kerberos4-auth-packet-overflow参考:网址:http://xforce.iss.net/static/5734.php缓冲区溢出的Kerberos kdc_reply_cipher函数k IV允许远程攻击者可能导致拒绝服务和执行任意命令通过一个身份验证请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0035 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0036网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0036最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001208漏洞在Kerberos k IV参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html参考:BUGTRAQ: 20001210 k升级和修复参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html参考:XF: kerberos4-tmpfile-dos参考:网址:http://xforce.iss.net/static/5754.phpKerberos k IV允许本地用户覆盖任意文件通过一个符号链接攻击一个票文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0036 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0039网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0039最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001206 DoS的SMTP AUTH命令IPSwitch IMail服务器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html参考:报价:2083参考:网址:http://www.securityfocus.com/bid/2083参考:确认:http://www.ipswitch.com/Support/IMail/万博下载包news.html参考:XF: imail-smtp-auth-dos参考:网址:http://xforce.iss.net/static/5674.phpIPSwitch IMail 6.0.5允许remore攻击者造成拒绝服务使用SMTP AUTH命令发送的base64编码的用户密码长度是80到136字节。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0039 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0040网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0040最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:CF参考:BUGTRAQ: 20001206 apcupsd 3.7.2章拒绝服务引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html参考:曼德拉草:MDKSA-2000:077参考:网址:http://www.linux mandrake.com/en/security/mdksa - 2000 - 077. - php3参考:报价:2070参考:网址:http://www.securityfocus.com/bid/2070参考:XF: apc-apcupsd-dos参考:网址:http://xforce.iss.net/static/5654.phpAPC UPS守护进程,apcupsd,节省对外公开文件的进程ID,它允许本地用户杀死任意过程通过指定目标apcupsd进程ID。pid文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0040 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0054网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0054最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001205 Serv-U FTP目录遍历vunerability(所有版本)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97604119024280&w=2参考:BUGTRAQ: 20001205(无主题)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html参考:报价:2052参考:网址:http://www.securityfocus.com/bid/2052参考:XF: ftp-servu-homedir-travers参考:网址:http://xforce.iss.net/static/5639.php目录遍历脆弱性在FTP Serv-U 2.5我允许远程攻击者逃避FTP根,等附加字符串读取任意文件“/ . . % 20。”CD命令,一个变种的. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0054 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0890网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0890最终决定:阶段性裁决:修改:建议:20010202分配:20001114类别:科幻/ CF / MP / SA / /未知参考:CERT-VN: VU # 626919参考:网址:http://www.kb.cert.org/vuls/id/626919定期在FreeBSD和可能的其他操作系统允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0890 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0893网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0893最终决定:阶段性裁决:修改:建议:20010202分配:20001114类别:科幻/ CF / MP / SA / /未知参考:CERT-VN: VU # 28027参考:网址:http://www.kb.cert.org/vuls/id/28027分布式GL的存在守护进程(dgld)服务在端口5232上在SGI IRIX系统允许远程攻击者识别目标主机作为SGI系统。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0893 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0030网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0030最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:参考:报价:2089参考:网址:http://www.securityfocus.com/bid/2089参考:XF: foolproof-security-bypass参考:网址:http://xforce.iss.net/static/5758.php万无一失的3.9允许本地用户绕过程序执行限制通过下载限制从另一个源和可执行文件重命名它们。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0030 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0031网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0031最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001207 BroadVision一对一企业路径披露漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0074.html参考:XF: broadvision-bv1to1-reveal-path参考:网址:http://xforce.iss.net/static/5661.phpBroadVision一对一企业允许远程攻击者确定服务器文件的物理路径通过请求jsp文件名称不存在。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0031 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0032网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0032最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001208在ssl转储格式字符串引用:网址:http://www.securityfocus.com/archive/1/149917参考:报价:2096参考:网址:http://www.securityfocus.com/bid/2096参考:XF: ssldump-format-strings参考:网址:http://xforce.iss.net/static/5717.php格式字符串漏洞ssldump可能允许远程攻击者可能导致拒绝服务和获得根权限通过恶意URL格式说明符的字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0032 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0037网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0037最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001207 HomeSeer目录遍历脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0082.html参考:报价:2085参考:网址:http://www.securityfocus.com/bid/2085参考:MISC:http://www.keware.com/hsbetachanges.htm参考:XF: homeseer-directory-traversal参考:网址:http://xforce.iss.net/static/5663.php目录遍历脆弱性在HomeSeer 1.4.29允许远程攻击者读取任意文件通过一个URL包含. .(点点)说明符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0037 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0038网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0038最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001207 MetaProducts离线浏览器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0078.html参考:报价:2084参考:网址:http://www.securityfocus.com/bid/2084参考:XF: offline-explorer-reveal-files参考:网址:http://xforce.iss.net/static/5728.php离线浏览器1.4之前服务发布2允许远程攻击者读取任意文件指定驱动器(例如,C:)请求的URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0038 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0042网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0042最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001206 CHINANSL安全顾问(csa - 200011)参考:网址:http://www.securityfocus.com/archive/1/149210参考:报价:2060参考:网址:http://www.securityfocus.com/bid/2060参考:XF: apache-php-disclose-files参考:网址:http://xforce.iss.net/static/5659.phpPHP3运行在Apache 1.3.6允许远程攻击者读取任意文件通过修改. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0042 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0043网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0043最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:XF: phpgroupware-include-files参考:网址:http://xforce.iss.net/static/5650.php参考:BUGTRAQ: 20001206 (SRADV00006)远程命令执行漏洞在phpGroupWare参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html参考:报价:2069参考:网址:http://www.securityfocus.com/bid/2069参考:MISC:http://sourceforge.net/project/shownotes.php?release_id=17604phpGroupWare之前0.9.7 PHP允许远程攻击者执行任意命令通过指定一个恶意文件包含在phpgw_info phpgw.inc的参数。php程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0043 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0044网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0044最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001206 (SRADV00007)当地根妥协通过利盟MarkVision打印机驱动程序参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0064.html参考:报价:2075参考:网址:http://www.securityfocus.com/bid/2075参考:XF: markvision-printer-driver-bo参考:网址:http://xforce.iss.net/static/5651.php多个缓冲区溢出利盟MarkVision打印机驱动程序允许本地用户获得特权通过长参数cat_network cat_paraller, cat_serial命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0044 3供应商确认:未知discloser-claimed内容决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0045网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0045最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:CF参考:女士:ms00 - 095参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 095. - asp参考:报价:2064参考:网址:http://www.securityfocus.com/bid/2064参考:XF: nt-ras-reg-perms参考:网址:http://xforce.iss.net/static/5671.phpRAS的默认权限管理关键在Windows NT 4.0允许本地用户执行任意命令通过改变价值指向一个恶意的DLL,又名“注册表权限”的漏洞之一。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0045 3供应商确认:对咨询内容的决定:CF-REGISTRY投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0046网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0046最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:CF参考:女士:ms00 - 095参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 095. - asp参考:报价:2066参考:网址:http://www.securityfocus.com/bid/2066参考:XF: nt-snmp-reg-perms参考:网址:http://xforce.iss.net/static/5672.phpSNMP参数的默认权限注册表键在Windows NT 4.0允许远程攻击者读取并可能修改SNMP社区字符串获取敏感信息或修改网络配置,又名“注册表权限”的漏洞之一。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0046 3供应商确认:对咨询内容的决定:CF-REGISTRY投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0047网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0047最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:CF参考:女士:ms00 - 095参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 095. - asp参考:报价:2065参考:网址:http://www.securityfocus.com/bid/2065参考:XF: nt-mts-reg-perms参考:网址:http://xforce.iss.net/static/5673.phpMTS包的默认权限管理注册表键在Windows NT 4.0允许本地用户安装或修改任意微软事务服务器(MTS)包和获得特权,又名“注册表权限”的漏洞之一。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0047 3供应商确认:对咨询内容的决定:CF-REGISTRY投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0049网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0049最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001207沃奇卫士SOHO v2.2.1 DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0079.html参考:报价:2082参考:网址:http://www.securityfocus.com/bid/2082参考:XF: watchguard-soho-get-dos参考:网址:http://xforce.iss.net/static/5665.php沃奇卫士SOHO防火墙2.2.1和早些时候允许远程攻击者造成拒绝服务通过大量的GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0049 3供应商确认:未知discloser-claimed存在:沃奇卫士发送后续的电子邮件说,他们“rie繁殖[是]观察到的症状,”但没有额外的信息在1月29日,2001年。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0051网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0051最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:CF参考:BUGTRAQ: 20001205 IBM DB2默认帐号和密码漏洞参考:网址:http://www.securityfocus.com/archive/1/149222参考:报价:2068参考:网址:http://www.securityfocus.com/bid/2068参考:XF: ibm-db2-gain-access参考:网址:http://xforce.iss.net/static/5662.phpIBM DB2 Universal Database version 6.1中创建一个帐号和一个默认的用户名和密码,远程攻击者可以访问databasse。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0051 3供应商确认:内容决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0052网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0052最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001205 IBM DB2 SQL DOS参考:网址:http://www.securityfocus.com/archive/1/149207参考:报价:2067参考:网址:http://www.securityfocus.com/bid/2067参考:XF: ibm-db2-dos参考:网址:http://xforce.iss.net/static/5664.phpIBM DB2 Universal Database version 6.1允许用户通过查询畸形导致拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0052 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0088网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0088最终决定:阶段性裁决:修改:建议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001202绕过管理身份验证在phpWebLog参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0025.html参考:报价:2047参考:网址:http://www.securityfocus.com/bid/2047参考:XF: phpweblog-bypass-authentication参考:网址:http://xforce.iss.net/static/5625.phpcommon.inc。php在phpWebLog 0.4.2美元不适当的初始化配置阵列,不经意间将密码设置为一个字符,允许远程攻击者很容易猜SiteKey和phpWebLog获得管理权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0088 3供应商确认:CD: EX-BETA表明测试版软件不应包括在CVE,除非它被广泛部署。大参考说这个版本是常用的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(董事会)约翰·罗兹加入编辑部
- 下一个按日期:(提案)集群RECENT-49 - 33的候选人
- Prev线程:(董事会)约翰·罗兹加入编辑部
- 下一个线程:(提案)集群RECENT-49 - 33的候选人
- 指数(es):
