(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群RECENT-52 - 21的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群RECENT-52 - 21的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2001年2月13日,星期二20:55:24 -0500(美国东部时间)
- 交货日期:2001年2月13日20:56:10星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含21个候选人发布在1月11日,2001年和2001年2月13日。(除了几个候选人,保留最公布1月11日至1月17日)。通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0015 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0015最终决定:阶段性裁决:修改:建议:20010214分配:20010127类别:科幻参考:女士:ms01 - 007参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 007. - asp参考:ATSTAKE: A020501-1参考:网址:http://www.atstake.com/research/advisories/2001/a020501 - 1. - txt网络动态数据交换(DDE)在Windows 2000允许本地用户获得系统权限通过“WM_COPYDATA消息到一个看不见的窗口运行的权限登录过程。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0015 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0016网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0016最终决定:阶段性裁决:修改:建议:20010214分配:20010127类别:科幻/ CF / MP / SA / /未知参考:BINDVIEW: 20010207当地推广脆弱性NT4 NTLM安全支持供应商参考:网址:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html参考:女士:ms01 - 008参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 008. - aspNTLM安全支持提供者(NTLMSSP)服务不正确检查函数的LPC的请求数量,这可能允许本地用户管理员级别的访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0016 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0017网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0017最终决定:阶段性裁决:修改:建议:20010214分配:20010127类别:科幻参考:女士:ms01 - 009参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 009. - asp内存泄漏PPTP服务器在Windows NT 4.0允许远程攻击者造成拒绝服务通过一个数据包畸形,又名“畸形PPTP数据包流”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0017 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0110网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0110最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:在jaZip BUGTRAQ: 20010114漏洞。参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html参考:DEBIAN: dsa - 017 - 1参考:网址:http://www.debian.org/security/2001/dsa - 017参考:报价:2209参考:网址:http://www.securityfocus.com/bid/2209缓冲区溢出jaZip Zip / Jaz驱动管理器允许本地用户获得根权限通过长显示环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0110 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0111网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0111最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010114 (MSY)多个漏洞splitvt参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2参考:DEBIAN: dsa - 014 - 1参考:网址:http://www.debian.org/security/2001/dsa - 014参考:报价:2210参考:网址:http://www.securityfocus.com/bid/2210格式字符串漏洞在splitvt 1.6.5允许本地用户执行任意命令通过-rcfile命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0111 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0115网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0115最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010111 Solaris Arp脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97934312727101&w=2参考:BUGTRAQ: 20010112 arp利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97957435729702&w=2参考:太阳:00200参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba参考:报价:2193参考:网址:http://www.securityfocus.com/bid/2193早些时候在Solaris 7和缓冲区溢出在arp命令允许本地用户执行任意命令通过一个长- f参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0115 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0129网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0129最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010117 (pkc)远程堆溢出在tinyproxy参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97975486527750&w=2参考:DEBIAN: dsa - 018 - 1参考:网址:http://www.debian.org/security/2001/dsa - 018参考:FREEBSD: FreeBSD-SA-01:15参考:报价:2217参考:网址:http://www.securityfocus.com/bid/2217缓冲区溢出在Tinyproxy HTTP代理1.3.3早些时候,允许远程攻击者可能导致拒绝服务和执行任意命令通过一个长连接请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0129 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0144网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0144最终决定:阶段性裁决:修改:建议:20010214分配:20010208类别:科幻参考:BINDVIEW: 20010208远程漏洞在SSH守护进程crc32补偿攻击探测器参考:网址:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html参考:BUGTRAQ: 20010208(核心SDI咨询)SSH1 crc补偿32攻击探测器参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98168366406903&w=2参考:报价:2347参考:网址:http://www.securityfocus.com/bid/2347核心SDI SSH1 crc补偿32探测器允许远程攻击者攻击SSH服务器或客户机上执行任意命令通过一个整数溢出。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0144 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0130网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0130最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻/ CF / MP / SA / /未知参考:MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html缓冲区溢出在Lotus Domino R5服务器的HTML解析器在5.06之前,和Domino客户机在5.05之前,允许远程攻击者可能导致拒绝服务和执行任意命令通过一个畸形的字体大小说明符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0130 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0107网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0107最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010115 Veritas BackupExec(远程DoS)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97958921407182&w=2参考:报价:2204参考:网址:http://www.securityfocus.com/bid/2204Veritas备份代理在Linux上允许远程攻击者造成拒绝服务建立连接没有发送任何数据,导致流程挂。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0107 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0108网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0108最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010112 PHP安全顾问——Apache模块错误引用:网址:http://www.securityfocus.com/archive/1/156202参考:报价:2206参考:网址:http://www.securityfocus.com/bid/2206PHP Apache模块4.0.4允许远程攻击者绕过. htaccess早些时候访问限制通过HTTP请求在一个无限制的畸形导致的PHP页面上使用这些访问控制请求下一个页面。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0108 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0109网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0109最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010113 SuSE rctab参考的严重的安全缺陷:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html参考:报价:2207参考:网址:http://www.securityfocus.com/bid/2207早些时候在SuSE 7.0和rctab允许本地用户创建或覆盖任意文件通过一个符号链接攻击rctmp临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0109 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0112网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0112最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010114 (MSY)多个漏洞splitvt参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2参考:DEBIAN: dsa - 014 - 2参考:网址:http://www.debian.org/security/2001/dsa - 014参考:报价:2210参考:网址:http://www.securityfocus.com/bid/2210多个缓冲区溢出在splitvt 1.6.5允许本地用户执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0112 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0113网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0113最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010116漏洞OmniHTTPd默认安装参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html参考:报价:2211参考:网址:http://www.securityfocus.com/bid/2211statsconfig。pl OmniHTTPd 2.07允许远程攻击者通过mostbrowsers执行任意命令参数,其值用作生成的Perl脚本的一部分。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0113 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0114网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0114最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010116漏洞OmniHTTPd默认安装参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html参考:报价:2211参考:网址:http://www.securityfocus.com/bid/2211statsconfig。pl OmniHTTPd 2.07允许远程攻击者通过cgidir参数覆盖任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0114 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0127网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0127最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010115 Flash插件write-overflow参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0236.html参考:报价:2214参考:网址:http://www.securityfocus.com/bid/2214缓冲区溢出的Olivier Debon Flash插件(不是Macromedia插件)允许远程攻击者可能导致拒绝服务和执行任意代码通过一个长DefineSound标签。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0127 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0132网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0132最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: Trend Micro VirusWall: 20010114多个vunerabilities参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html参考:报价:2213参考:网址:http://www.securityfocus.com/bid/2213内扫描VirusWall 3.6。x是在卸载时,符号链接的早些时候,它允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0132 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0133网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0133最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: Trend Micro VirusWall: 20010114多个vunerabilities参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html参考:报价:2212参考:网址:http://www.securityfocus.com/bid/22123.6的web管理界面内扫描VirusWall。x和早些时候不使用加密,这可能允许远程攻击者获得管理员密码嗅探通过setpasswd管理员密码。cgi程序或其他HTTP GET请求包含base64编码的用户名和密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0133 3供应商确认:内容决定:DESIGN-NO-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0134网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0134最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010116 iXsecurity.20001120.compaq-authbo.a参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97967435023835&w=2参考:康柏:SSRT0705参考:网址:http://www5.compaq.com/products/servers/management/agentsecurity.html参考:报价:2200参考:网址:http://www.securityfocus.com/bid/2200在cpqlogin缓冲区溢出。htm在网络代理等各种康柏管理软件产品洞察力经理和管理代理允许远程攻击者执行任意命令通过一个用户名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0134 3供应商确认:对咨询内容的决定:SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0135网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0135最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:CF参考:BUGTRAQ: 20010112 UltraBoard cgi目录权限问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97933458505857&w=2参考:报价:2197参考:网址:http://www.securityfocus.com/bid/2197默认安装Ultraboard 2000 2.11创建皮肤,数据库,备份目录和对外公开权限,这可能允许本地用户修改敏感信息或插入和CGI程序执行。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0135 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0137网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0137最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010115 Windows媒体播放器IE 7和java漏洞执行任意程序参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97958100816503&w=2参考:报价:2203参考:网址:http://www.securityfocus.com/bid/2203Windows媒体播放器7允许远程攻击者恶意执行Java applet在Internet Explorer客户通过封闭applet皮肤文件命名。wmz,然后引用的皮肤代码库参数applet标签。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0137 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群RECENT-51 - 20的候选人
- 下一个按日期:(提案)集群misc - 99 - 29遗留的候选人
- Prev线程:(提案)集群RECENT-51 - 20的候选人
- 下一个线程:(提案)集群misc - 99 - 29遗留的候选人
- 指数(es):
