(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群misc - 99 - 29遗留的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群misc - 99 - 29遗留的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2001年2月13日,星期二21:09:27 -0500(美国东部时间)
- 交货日期:2001年2月13日21:09:31星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
下面的集群包含29候选人相关安全问题,于1999年公布。正如您将看到的,候选人人数在1999年和2000年被分配给这些问题;然而,我从不为这些候选人创建集群,所以他们从来没有伤口被提出。注意,其他问题从1999年仍即将到来。大多数候选人在冷聚变相关问题,基于bsd的像FreeBSD操作系统,或SCO Unix。很明显,传统集群我*计划*创建大约一年前;-)最近要求额外的遗留的候选人,我认为这是合理的,包括现在这些候选人,而不是等待下一批遗留的候选人。还有几十个候选人被分配,但尚未提出。他们是受到争议的内容决定相关风险敞口或配置问题,在某些情况下,更多的分析是必要的。这样,他们才能提出后,可能直到遗留积压后解决。通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。 The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-0729 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0729最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:国际空间站:19990823拒绝服务攻击Lotus Notes Domino服务器4.6参考:网址:http://xforce.iss.net/alerts/advise34.php参考:CIAC: j - 061参考:网址:http://www.ciac.org/ciac/bulletins/j - 061. shtml参考:报价:601参考:网址:http://www.securityfocus.com/bid/601参考:XF: lotus-ldap-bo缓冲区溢出在Lotus Notes LDAP (NLDAP)允许攻击者通过ldap_search进行拒绝服务请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0729 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0756网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0756最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:阿莱尔:ASB99-07参考:网址:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full参考:XF: coldfusion-admin-dos参考:网址:http://xforce.iss.net/static/2207.phpColdFusion管理员启用了先进的安全允许远程用户通过启动/停止停止ColdFusion服务器实用程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0756 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0758网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0758最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:阿莱尔:ASB99-06参考:XF: netscape-space-view网景企业3.5.1和FastTrack 3.01服务器允许远程攻击者查看源代码,通过添加% 20脚本,脚本的URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0758 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0760网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0760最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:阿莱尔:ASB99-10参考:网址:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full参考:报价:550参考:网址:http://www.securityfocus.com/bid/550参考:XF: coldfusion-server-cfml-tags参考:网址:http://xforce.iss.net/static/3288.php非法ColdFusion标记语言(CFML)标记和功能在ColdFusion管理员允许用户获得更多的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0760 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0800网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0800最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:阿莱尔:ASB99-05参考:网址:http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full参考:NTBUGTRAQ: 19990211 ACFUG列表:警告:阿莱尔论坛GetFile错误引用:网址:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.htmlGetFile。cfm文件在阿莱尔论坛允许远程攻击者通过参数GetFile.cfm阅读文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0800 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0922网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0922最终决定:阶段性裁决:修改:建议:20010214分配:19991208类别:科幻参考:阿莱尔:ASB99-02参考:网址:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full参考:XF: coldfusion-sourcewindow ColdFusion的示例应用程序服务器4.0允许远程攻击者通过sourcewindow查看源代码。cfm文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0922 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0924网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0924最终决定:阶段性裁决:修改:建议:20010214分配:19991208类别:科幻参考:阿莱尔:ASB99-02参考:网址:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full语法检查器在ColdFusion服务器4.0允许远程攻击者进行拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0924 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0945网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0945最终决定:阶段性裁决:修改:建议:20010214分配:19991208类别:科幻参考:国际空间站:19980724拒绝服务攻击Microsoft Exchange 5.0到5.5参考:网址:http://xforce.iss.net/alerts/advise4.php参考:CIAC:我- 080参考:网址:http://www.ciac.org/ciac/bulletins/i - 080. shtml参考:MSKB: Q169174缓冲区溢出在互联网邮件服务(IMS) Microsoft Exchange 5.5和5.0允许远程攻击者进行拒绝服务通过身份验证或AUTHINFO命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0945 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0306网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0306最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:科幻参考:上海合作组织:某人- 99.02参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.02 a参考:BUGTRAQ: 19981229本地/远程利用SCO UNIX。参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su缓冲区溢出在上海合作组织calserver OpenServer允许远程攻击者获得root访问通过消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0306 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0307网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0307最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:科幻参考:上海合作组织:某人- 99.07参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.07 b脆弱性在上海合作组织xserver UnixWare 2.1。5.05和更早的x和OpenServer允许攻击者造成拒绝服务禁止访问保留端口号1024以下。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0307 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0308网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0308最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:CF参考:上海合作组织:某人- 99.08参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.08 a不安全的文件权限为网景FastTrack服务器2。2.0 x,企业服务器,代理服务器2.5在上海合作组织UnixWare 7.0。x和2.1.3允许攻击者获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0308 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0309网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0309最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:科幻参考:OPENBSD: 19990212 i386追踪捕获处理当DDB配置可能会导致系统崩溃。参考网址:http://www.openbsd.org/errata24.html trctrap启用了DDB的i386追踪捕获处理在OpenBSD 2.4允许本地用户造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0309 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0310网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0310最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:科幻参考:OPENBSD: 19990217 IP碎片组装沼泽机器过度,会引起问题。参考网址:http://www.openbsd.org/errata24.html maxqueueIP碎片组装在OpenBSD 2.4允许远程攻击者造成拒绝服务通过发送大量分散的数据包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0310 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0312网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0312最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:科幻参考:OPENBSD: 19990830在cron(8),确保argv[]是假空终止popen()和sendmail作为用户运行,没有根。参考网址:http://www.openbsd.org/errata25.html croncron OpenBSD 2.5允许本地用户获得根权限通过argv[]这不是零终止,这是通过cron的假popen函数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0312 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0313网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0313最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:科幻参考:OPENBSD: 19991109任何用户都可以改变界面媒体配置。参考网址:http://www.openbsd.org/errata.html ifmedia脆弱性在OpenBSD 2.6允许本地用户更改接口媒体配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0313 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0314网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0314最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:科幻参考:BUGTRAQ: 19990213 traceroute洪水参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2参考:NETBSD: NETBSD - sa1999 - 004参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa1999 txt.asc——004.traceroute NetBSD 1.3.3和Linux系统允许本地用户与大洪水其他系统通过提供traceroute waittime (- w)选项,这不是正确解析并设置时间延迟发送数据包为零。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0314 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0315网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0315最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:科幻参考:BUGTRAQ: 19990213 traceroute洪水参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2参考:NETBSD: NETBSD - sa1999 - 004参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa1999 txt.asc——004.在NetBSD 1.3.3 traceroute和Linux系统允许当地无特权的用户修改数据包的源地址,可用于欺骗攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0315 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0348网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0348最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:CF参考:上海合作组织:某人- 99.10参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.10 aSendmail Sendmail配置文件中的一个漏洞。cf是安装在上海合作组织UnixWare 7.1.0早些时候,允许攻击者获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0348 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0349网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0349最终决定:阶段性裁决:修改:建议:20010214分配:20000511类别:未知参考:上海合作组织:某人- 99.13参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.13 a脆弱性passthru司机在上海合作组织UnixWare 7.1.0允许攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0349 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0351网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0351最终决定:阶段性裁决:修改:建议:20010214分配:20000523类别:未知参考:上海合作组织:某人- 99.09参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.09 b在上海合作组织一些包装命令UnixWare 7.1.0不安全的特权,它允许本地用户添加或删除软件包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0351 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0368网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0368最终决定:阶段性裁决:修改:建议:20010214分配:20000523类别:科幻参考:思科:19981014思科IOS命令历史版本登录提示参考:网址:http://www.cisco.com/warp/public/770/ioshist-pub.shtml参考:CIAC: j - 009参考:网址:http://www.ciac.org/ciac/bulletins/j - 009. shtml经典思科IOS 9.1,后来允许攻击者访问日志提示获得部分命令历史之前的用户,这可能允许攻击者访问敏感数据。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0368 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0375网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0375最终决定:阶段性裁决:修改:建议:20010214分配:20000523类别:科幻参考:FREEBSD: FreeBSD-SA-99:04参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-99:04.core.asc在FreeBSD内核3.2遵循符号链接创建核心转储文件,它允许本地攻击者修改任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0375 1供应商确认:是的,这似乎是类似于UnixWare核心转储问题记录在cve - 1999 - 0864。这两个问题可能源于同一个代码库。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0359网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0359最终决定:阶段性裁决:修改:建议:20010214分配:19990607类别:科幻参考:BUGTRAQ: 19990127 UNIX shell调制解调器访问漏洞参考:XF: ptylogin-dos ptylogin在UNIX系统允许用户执行拒绝服务通过锁定调制解调器,拨号调制解调器,或者获得密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0359 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0681网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0681最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:远程BUGTRAQ: 19990807崩溃首页…参考网址:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html参考:XF: frontpage-pws-dos参考:网址:http://xforce.iss.net/static/3117.php参考:报价:568参考:网址:http://www.securityfocus.com/bid/568缓冲区溢出在网页制作服务器扩展(PWS) 3.0.2.926 Windows 95,可能还有其他版本,允许远程攻击者通过一个长URL引起拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0681 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0718网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0718最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:未知参考:NTBUGTRAQ: 19990823 IBM吉娜安全警告参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534参考:报价:608参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=608参考:XF: ibm-gina-group-add参考:网址:http://xforce.iss.net/static/3166.phpIBM吉娜,当用于OS / 2的Windows NT域身份验证用户,允许本地用户获得管理员权限通过改变groupmap注册表键。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0718 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0757网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0757最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:阿莱尔:ASB99-08参考:网址:http://www.allaire.com/handlers/index.cfm?ID=10969&Method=Full参考:XF: coldfusion-encryption参考:网址:http://xforce.iss.net/static/2208.phpColdFusion CFCRYPT计划弱加密,加密CFML模板允许攻击者对模板进行解密。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0757 3供应商确认:是的内容决定:DESIGN-WEAK-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0784网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0784最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:NTBUGTRAQ: 19980827 NERP DoS攻击可能在Oracle参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/1998/msg00536.html参考:BUGTRAQ: 19990104 Re:弗兰克-威廉姆斯:“NERP DoS攻击可能在Oracle参考:网址:http://archives.neohapsis.com/archives/bugtraq/1999_1/0056.html参考:BUGTRAQ: 19981228 Oracle8 TNSLSNR DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/1998_4/0764.html拒绝服务在Oracle TNSLSNR SQL *净侦听器端口侦听器通过一个畸形的字符串,即NERP。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0784 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0805网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0805最终决定:阶段性裁决:修改:建议:20010214分配:19991125类别:科幻参考:BUGTRAQ: 19990512 DoS Netware 4。x的TTS参考:网址:http://archives.neohapsis.com/archives/bugtraq/1999_2/0439.html参考:XF: novell-tts-dos参考:网址:http://xforce.iss.net/static/2184.php在Novell网络操作系统事务跟踪系统(TTS) 4.11和更早的允许远程攻击者造成拒绝服务通过大量的请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0805 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0923网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0923最终决定:阶段性裁决:修改:建议:20010214分配:19991208类别:科幻参考:阿莱尔:ASB99-02参考:网址:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full样品可运行代码片段在ColdFusion Server 4.0允许远程攻击者读取文件,进行拒绝服务,或者使用服务器代理其他HTTP调用。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0923 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群RECENT-52 - 21的候选人
- 下一个按日期:(董事会)大卫Balenson编辑部
- Prev线程:(提案)集群RECENT-52 - 21的候选人
- 下一个线程:(董事会)大卫Balenson编辑部
- 指数(es):
