(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近- 63 - 32的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):最近集群- 63 - 32的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年:星期五,2001年7月27日03:00:07(美国东部时间)
- 交货日期:2001年7月27日03:00:20星期五
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出了集群——63年由编辑委员会审查和投票。CVE投票网站将更新早期周五下午。名称:最近- 63描述:候选人宣布1/22/2001和3/30/2001之间尺寸:32通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0560 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0560最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010210根妥协使得cron可能当地参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html参考:AIX-APAR: IY17048参考:AIX-APAR: IY17261参考:曼德拉草:MDKSA-2001:022参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 022. - php3参考:REDHAT: rhsa - 2001 - 014参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 014. - html参考:BUGTRAQ: 20010220 Immunix OS的安全更新vixie-cron参考:网址:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html参考:XF: vixie-crontab-bo(6098)参考:网址:http://xforce.iss.net/static/6098.php早些时候在使得cron 3.0.1-56和缓冲区溢出可能允许本地攻击者获得更多特权通过很长的用户名(> 20个字符)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0560 1供应商确认:未知的有一个问题,是否这是可利用的。创建一个名称超过20个字符可能需要root特权。然而,许多厂商已经发布了安全警告,有可能是一些非root用户可以分配权限或功能来添加用户。其他场景进行Bugtraq长线程。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0606网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0606最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:惠普:hpsbux0102 - 139参考:网址:http://archives.neohapsis.com/archives/hp/2001-q1/0041.html脆弱性iPlanet Web服务器4。在hp - ux 11.04 X (VVOS) VirtualVault A.04.00允许远程攻击者创建一个通过HTTPS拒绝服务服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0606 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0607网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0607最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:CF参考:惠普:hpsbux0103 - 145参考:网址:http://archives.neohapsis.com/archives/hp/2001-q1/0080.htmlasecure包含在hp - ux 10.01到11.00可以允许本地攻击者创建一个拒绝服务并获得更多特权通过不安全的权限asecure程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0607 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0608网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0608最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:惠普:hpsbmp0103 - 011参考:网址:http://archives.neohapsis.com/archives/hp/2001-q1/0087.html惠普架构接口设备(AIF)包括与MPE / iX 5.5到6.5上运行HP3000允许攻击者获得更多的特权和获得通过AIF AIFCHANGELOGON程序数据库。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0608 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0589网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0589最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010326防火墙:DMZ网络接收一些“否认”交通参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html参考:报价:2523参考:网址:http://www.securityfocus.com/bid/2523网屏ScreenOS之前2.5 r6 NetScreen-10和防火墙- 100可以允许本地攻击者绕过DMZ“否认”政策通过特定的交通模式。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0589 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0591网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0591最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:WIN2KSEC: 20010122 Oracle JSP / sqlj处理程序允许查看文件和执行JSP web根外参考:网址:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q1/0028.html参考:BUGTRAQ: 20010212潜在漏洞的补丁外执行jsp doc_root参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html参考:报价:2286参考:网址:http://www.securityfocus.com/bid/2286目录遍历漏洞在Oracle JSP 1.0。通过1.1.1 x和Oracle 8.1.7 iAS版本1.0.2可以允许远程攻击者通过“读或执行任意. jsp文件。”(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0591 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0631网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0631最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010221一等的Internetgateway“愚蠢”参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html参考:BUGTRAQ: 20010226 Re: [Fwd:一流的Internetgateway "愚蠢"]参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.htmlCentrinity一流的互联网服务5.50允许绕过默认的垃圾邮件过滤器通过“< @ >”的存在“:”字段,它允许远程攻击者发送欺诈邮件与本地用户的身份。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0631 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0634网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0634最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:CF参考:BUGTRAQ: 20010220咨询:辣椒!软ASP多个漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html参考:BUGTRAQ: 20010226 Re:咨询:辣椒!软ASP多个漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html太阳辣椒!软ASP在多个unix系统已经疲软的权限在不同的配置文件,它允许本地攻击者获得更多的特权和创建一个拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0634 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0357网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0357最终决定:阶段性裁决:修改:建议:20010727分配:20010524类别:科幻参考:BUGTRAQ: 20010310修正代码:FormMail。pl可以用来发送匿名邮件参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98433523520344&w=2参考:XF: formmail-anonymous-flooding参考:网址:http://xforce.iss.net/static/6242.phpFormMail。早些时候在FormMail 1.6和pl允许远程攻击者发送匿名邮件(垃圾邮件)通过修改收件人和消息参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0357 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0394网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0394最终决定:阶段性裁决:修改:建议:20010727分配:20010524类别:科幻参考:BUGTRAQ: 20010328 def - 2001 - 15:网站专业远程经理DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html参考:XF: website-pro-remote-dos参考:网址:http://xforce.iss.net/static/6295.php远程管理服务网站Pro 3.0.37允许远程攻击者通过一系列畸形引起拒绝服务的HTTP请求/直流发电机目录。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0394 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0556网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0556最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010428更多nedit问题?(Re:后代- sa - 2001 - 10…)参考网址:http://www.securityfocus.com/archive/1/180237参考:确认:http://www.nedit.org/archives/develop/2001-Feb/0391.html参考:SUSE: SuSE-SA: 2001:14参考:网址:http://www.suse.de/de/support/security/2001_014_nedit.txt参考:曼德拉草:MDKSA-2001:042参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 042. - php3参考:DEBIAN: dsa - 053参考:网址:http://www.debian.org/security/2001/dsa - 053参考:REDHAT: RHSA-2001:061参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 061. - html参考:报价:2667参考:网址:http://www.securityfocus.com/bid/2667涅槃编辑器(NEdit)早些时候5.1.1和允许本地攻击者通过符号链接攻击覆盖其他用户的文件(1)备份文件或(2)临时文件时使用NEdit打印一个文件或文件的一部分。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0556 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0564网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0564最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010225 APC web / snmp / telnet管理卡片dos参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.htmlAPC Web / SNMP管理卡固件310只支持一个telnet连接之前,它允许远程攻击者创建一个拒绝服务通过重复失败的登录尝试,暂时锁卡。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0564 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0568网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0568最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:确认:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23参考:曼德拉草:MDKSA-2001:025参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 025. - php3参考:DEBIAN: dsa - 043参考:网址:http://www.debian.org/security/2001/dsa - 043参考:REDHAT: RHSA-2001:021参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 021. - html参考:CONECTIVA: CLA-2001:382参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382数字作品Zope 2.3.1 b1和允许本地攻击者(Zope用户)早些时候通过web脚本功能改变zclass类属性。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0568 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0569网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0569最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:确认:http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23参考:曼德拉草:MDKSA-2001:025参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 025. - php3参考:DEBIAN: dsa - 043参考:网址:http://www.debian.org/security/2001/dsa - 043参考:REDHAT: RHSA-2001:021参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 021. - html参考:CONECTIVA: CLA-2001:382参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382数字作品Zope 2.3.1 b1和早些时候在方法返回值包含一个问题相关的类(1)ObjectManager PropertyManager (2), (3) PropertySheet。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0569 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0571网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0571最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010323 Elron IM产品漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98538867727489&w=2参考:BUGTRAQ: 20010326http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98567864203963&w=2参考:BUGTRAQ: 20010406http://archives.neohapsis.com/archives/bugtraq/2001-03/0345.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0382.html参考:报价:2519参考:网址:http://www.securityfocus.com/bid/2519参考:报价:2520参考:网址:http://www.securityfocus.com/bid/2520目录遍历脆弱性的web服务器(1)Elron网络经理(IM)消息检查器之前,(2)杀毒3.0.4允许远程攻击者读取任意文件通过一个. .(点点)请求的URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0571 3供应商确认:是的后续内容决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0572网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0572最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010318被动分析SSH (Secure Shell)交通参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0225.html参考:CONECTIVA: CLA-2001:391参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000391参考:REDHAT: RHSA-2001:033参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 033. - html参考:曼德拉草:MDKSA-2001:033参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 033. - php3SSH协议1和2(又名SSH-2)作为实现OpenSSH和其他包有各种各样的弱点,可以允许远程攻击者通过嗅探获取以下信息:(1)密码长度和长度范围,简化了暴力破解密码猜测,(2)是否使用RSA和DSA认证,(3)的authorized_keys RSA认证,或(4)shell命令的长度。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0572 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0575网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0575最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010327上海合作组织5.0.6问题(lpshut)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0404.html参考:XF: sco-openserver-lpshut-bo(6290)参考:网址:http://xforce.iss.net/static/6290.php缓冲区溢出在上海合作组织lpshut OpenServer 5.0.6可以允许本地攻击者获得更多特权lpshut通过长时间的第一个参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0575 3供应商确认:未知的内容决定:SF-LOC lpshut以来,lpadmin, lpforms, lpusers所有出现在同一个包在同一版本,它是可能的漏洞是在图书馆,和CD: SF-LOC建议结合这些到相同的候选人;如果他们是固定在同一版本,那么即使问题不出现在相同的库,然后CD: SF-LOC建议相结合。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0576网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0576最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010327上海合作组织5.0.6问题(lpusers)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html参考:XF: sco-openserver-lpusers-bo(6292)参考:网址:http://xforce.iss.net/static/6292.phplpusers 5.0包含在上海合作组织OpenServer通过5.0.6允许本地攻击者获得更多特权通过缓冲区溢出攻击的命令行参数- u。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0576 3供应商确认:未知的内容决定:SF-LOC lpshut以来,lpadmin, lpforms, lpusers所有出现在同一个包在同一版本,它是可能的漏洞是在图书馆,和CD: SF-LOC建议结合这些到相同的候选人;如果他们是固定在同一版本,那么即使问题不出现在相同的库,然后CD: SF-LOC建议相结合。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0577网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0577最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010327上海合作组织5.0.6问题(侦察)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html参考:XF: sco-openserver-recon-bo(6289)参考:网址:http://xforce.iss.net/static/6289.php侦察在上海合作组织OpenServer 5.0通过5.0.6可以允许本地攻击者获得更多特权通过缓冲区溢出攻击的第一个命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0577 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0578网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0578最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010327上海合作组织5.0.6问题(lpforms)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0416.html参考:XF: sco-openserver-lpforms-bo(6293)参考:网址:http://xforce.iss.net/static/6293.php缓冲区溢出在上海合作组织lpforms OpenServer 5.0 5.0.6可以允许本地攻击者获得更多特权通过第一个参数lpforms命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0578 3供应商确认:未知的内容决定:SF-LOC lpshut以来,lpadmin, lpforms, lpusers所有出现在同一个包在同一版本,它是可能的漏洞是在图书馆,和CD: SF-LOC建议结合这些到相同的候选人;如果他们是固定在同一版本,那么即使问题不出现在相同的库,然后CD: SF-LOC建议相结合。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0579网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0579最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010327上海合作组织5.0.6问题(lpadmin)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0421.html参考:XF: sco-openserver-lpadmin-bo(6291)参考:网址:http://xforce.iss.net/static/6291.phplpadmin在上海合作组织OpenServer 5.0.6可以允许本地攻击者获得更多特权通过缓冲区溢出攻击的第一个参数的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0579 3供应商确认:未知lpshut以来,lpadmin, lpforms, lpusers所有出现在同一个包在同一版本,它是可能的漏洞是在图书馆,和CD: SF-LOC建议结合这些到相同的候选人;如果他们是固定在同一版本,那么即使问题不出现在相同的库,然后CD: SF-LOC建议相结合。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0583网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0583最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010315 def - 2001 - 11: MDaemon 3.5.4 Dos-Device DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0188.html参考:XF: mdaemon-webservices-dos(6240)参考:网址:http://xforce.iss.net/static/6240.phpAlt-N技术MDaemon 3.5.4允许远程攻击者创建一个拒绝服务的URL请求通过一个ms - dos的设备(如GET /辅助)(1)Worldclient服务端口3000,或(2)Webconfig服务端口3001。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0583 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0584网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0584最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010325 MDaemon IMAP拒绝服务引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0365.html参考:报价:2508参考:网址:http://www.securityfocus.com/bid/2508参考:XF: mdaemon-imap-command-dos(6279)参考:网址:http://xforce.iss.net/static/6279.phpIMAP服务器Alt-N技术MDaemon 3.5.6允许本地用户造成拒绝服务(挂)通过长(1)选择或(2)检查命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0584 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0585网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0585最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010320 def - 2001 - 13: NTMail Web服务DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html参考:报价:2494参考:网址:http://www.securityfocus.com/bid/2494参考:XF: ntmail-long-url-dos(6249)参考:网址:http://xforce.iss.net/static/6249.phpGordano NTMail 6.0.3c允许远程攻击者创建一个拒绝服务通过一个长(> = 255字符)URL请求端口8000和9000端口。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0585 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0586网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0586最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010330 STAT安全顾问:趋势科技的ScanMail交换年代密码存储在注册表保护参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.htmlTrendMicro ScanMail汇率3.5评价允许本地攻击者恢复ScanMail行政凭证通过无保护的注册表键的组合和弱加密的密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0586 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0587网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0587最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010327上海合作组织5.0.6 MMDF问题(交付)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0418.html参考:XF: sco-openserver-deliver-bo(6302)参考:网址:http://xforce.iss.net/static/6302.php在上海合作组织提供项目MMDF 2.43.3b OpenServer 5.0.6可以允许本地攻击者获得更多特权通过缓冲区溢出的第一个参数的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0587 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0588网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0588最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010327上海合作组织5.0.6 MMDF问题(sendmail 8.9.3)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0417.htmlsendmail 8.9.3,附带MMDF 2.43.3b包在上海合作组织OpenServer 5.0.6,可以允许本地攻击者获得更多特权通过缓冲区溢出的第一个参数的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0588 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0593网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0593最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010327咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html参考:报价:2512参考:网址:http://www.securityfocus.com/bid/2512参考:XF: anaconda-clipper-directory-traversal(6286)参考:网址:http://xforce.iss.net/static/6286.phpAnanconda伙伴快船3.3和更早的允许远程攻击者读取任意文件通过一个“. .(点点)攻击的模板参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0593 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0605网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0605最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010226我Getright无监督文件下载漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98321819112158&w=2大灯软件MyGetright 1.0 b允许远程攻击者上传之前和/或覆盖任意文件通过一个恶意.dld (skins-data)文件包含长串的随机数据。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0605 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0626网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0626最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010316网络服务器支持所有版本漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html参考:报价:2488参考:网址:http://www.securityfocus.com/bid/2488O ' reilly的网站专业2.5.4早些时候,允许远程攻击者确定物理路径通过URL请求包含一个根目录”:“性格。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0626 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0632网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0632最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:CF参考:BUGTRAQ: 20010220咨询:辣椒!软ASP多个漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html参考:BUGTRAQ: 20010224 Re:咨询:辣椒!软ASP多个漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html太阳辣椒!软3.5.2在Linux和AIX 3.6创建一个默认管理员用户名和密码在默认安装,可以允许远程攻击者获得更多的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0632 3供应商确认:是的后续内容决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0633网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0633最终决定:阶段性裁决:修改:建议:20010727分配:20010727类别:科幻参考:BUGTRAQ: 20010220咨询:辣椒!软ASP多个漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html参考:BUGTRAQ: 20010224 Re:咨询:辣椒!软ASP多个漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html目录遍历脆弱性在太阳辣椒!软ASP在多个unix允许远程攻击者读取任意文件在web根通过“. .(点点)攻击的示例脚本的codebrws.asp”。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0633 3供应商确认:是的后续内容决定:SF-CODEBASE一个名为codebrws的文件。asp曾经附带IIS和SiteServer(- 1999 - 0739),它听起来像一个目录遍历问题相关的基于asp文件。这是同一个codebrws.asp吗?如果是这样,那么CD: SF-CODEBASE说把这个项目与- 1999 - 0739。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:再保险:充分披露与负责任的披露
- 下一个按日期:(提案)集群最近- 64 - 21的候选人
- Prev线程:再保险:充分披露与负责任的披露
- 下一个线程:(提案)集群最近- 64 - 21的候选人
- 指数(es):
