(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近25 - 67的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题最近的集群(建议):25 - 67的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年结婚,2001年8月29日04:33:14(美国东部时间)
- 交货日期:2001年8月29日04:33:41结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出集群——67年由编辑委员会审查和投票。投票网站周三下午将更新,东部时间。名称:最近- 67描述:候选人宣布1/4/2001和5/29/2001之间尺寸:25通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0541 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0541最终决定:阶段性裁决:修改:建议:20010829分配:20010710类别:科幻参考:BUGTRAQ: 20010527微软Windows媒体播放器缓冲区溢出漏洞参考:网址:http://www.securityfocus.com/archive/1/187001参考:女士:ms01 - 042参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 042. - asp7.1和更早的缓冲区溢出在微软Windows媒体播放器允许远程攻击者执行任意命令通过一个畸形的Windows媒体站(.NSC)文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0541 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0641网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0641最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:BUGTRAQ: 20010513 RH 7.0: / usr / bin /男人利用:gid人+更多参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html参考:BUGTRAQ: 20010612人1.5 h10 + 1.5我利用参考:网址:http://www.securityfocus.com/archive/1/190136参考:REDHAT: RHSA-2001:069参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 069. - html参考:SUSE: SuSE-SA: 2001:019参考:网址:http://www.suse.de/de/support/security/2001_019_man_txt.txt参考:XF: man-s-bo(6530)参考:网址:http://xforce.iss.net/static/6530.php参考:报价:2711参考:网址:http://www.securityfocus.com/bid/2711缓冲区溢出的人在各种Linux发行版计划允许本地用户执行任意代码组人通过s选项。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0641 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0650网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0650最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:思科:20010510思科IOS边界网关协议属性腐败漏洞参考:网址:http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml参考:CERT-VN: VU # 106392参考:网址:http://www.kb.cert.org/vuls/id/106392参考:CIAC: l - 082参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 082. shtml参考:XF: cisco-ios-bgp-dos(6566)参考:网址:http://xforce.iss.net/static/6566.php12.0和更早的思科IOS设备允许远程攻击者造成事故,或坏的路由更新,通过与未被畸形的边界网关协议更新信息传递属性。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0650 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0710网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0710最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:参考:FREEBSD: FreeBSD-SA-01:52参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:52.fragment.asc参考:NETBSD: NETBSD - sa2001 - 006参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2001 txt.asc——006.参考:XF: bsd-ip fragments-dos(6636)参考:网址:http://xforce.iss.net/static/6636.php参考:报价:2799参考:网址:http://www.securityfocus.com/bid/2799NetBSD 1.5和4.3,FreeBSD和早些时候允许远程攻击者造成拒绝服务通过发送大量的IP fragements机器,耗尽mbuf池。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0710 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0648网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0648最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:BUGTRAQ: 20010508安全漏洞在os组件套件PHProjekt参考:网址:http://www.securityfocus.com/archive/1/184215参考:报价:2702参考:网址:http://www.securityfocus.com/bid/2702参考:XF: phprojekt-dot-directory-traversal(6522)参考:网址:http://xforce.iss.net/static/6522.php目录遍历脆弱性PHProjekt 2.1和更早的允许远程攻击者进行未经授权的活动通过点点(. .)攻击文件模块。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0648 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0675网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0675最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010418安全。NNOV:蝙蝠!< cr >错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0345.html参考:BUGTRAQ: 20010421 Re:安全。NNOV:蝙蝠!< cr >错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0381.html参考:BUGTRAQ: 20010423 Re:安全。NNOV:蝙蝠!< cr >错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0410.html参考:XF: thebat-pop3-dos(6423)参考:网址:http://xforce.iss.net/static/6423.php罗切斯特理工学院的航拍研究实验室蝙蝠!1.51为Windows允许远程攻击者造成拒绝服务通过发送电子邮件用户的账户包含carrage返回< CR >这不是后跟换行<低频>。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0675 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0642网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0642最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:BUGTRAQ: 20010511 [eyeonsecurity.net] Incredimail允许自动在硬盘上写offiles参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0078.html参考:XF: incredimail-dot-overwrite-files(6529)参考:网址:http://xforce.iss.net/static/6529.php目录遍历脆弱性IncrediMail 1400185和更早的版本上,允许本地用户覆盖文件在本地硬盘通过添加. .(点点)序列中列出文件名的内容。ini文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0642 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0643网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0643最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:BUGTRAQ: 20010416双击无辜的看文件可能是危险的引用:网址:http://www.securityfocus.com/archive/1/176909参考:MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048参考:MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html参考:XF: ie-clsid-execute-files(6426)参考:网址:http://xforce.iss.net/static/6426.php类型检查缺陷在Internet Explorer 5.5不显示类ID (CLSID)文件名的末尾时,这可能允许攻击者诱骗用户执行危险的程序,使其出现的文档安全的文件类型。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0643 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0644网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0644最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:BUGTRAQ: 20010515喧闹FTP DoS参考:网址:http://www.securityfocus.com/archive/1/184751参考:报价:2718参考:网址:http://www.securityfocus.com/bid/2718参考:XF: rumpus-plaintext-passwords(6543)参考:网址:http://xforce.iss.net/static/6543.phpMaxum喧闹FTP服务器1.3.3 2.0.3 dev 3密码明文存储在首选项中的“喧闹用户数据库”文件的文件夹,这可能允许攻击者获得服务器上的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0644 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0645网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0645最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:BUGTRAQ: 20010510海盗裤有限的安全顾问——赛门铁克/ Axent NetProwler 3。5。x密码限制参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0097.html参考:BUGTRAQ: 20010510海盗裤有限的安全顾问——赛门铁克/ Axent NetProwler 3。5。x数据库配置参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0098.html参考:XF: netprowler-default-odbc-password(6539)参考:网址:http://xforce.iss.net/static/6539.php参考:XF: netprowler-default-management-password(6537)参考:网址:http://xforce.iss.net/static/6537.php赛门铁克/ AXENT NetProwler 3.5。x包含几个默认的密码,这可能允许远程攻击者(1)访问管理层通过“admin”密码,或(2)连接到一个MySQL的ODBC管理层使用一个空白的密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0645 3供应商确认:是的内容决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0646网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0646最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:BUGTRAQ: 20010515喧闹FTP DoS参考:网址:http://www.securityfocus.com/archive/1/184751参考:报价:2716参考:网址:http://www.securityfocus.com/bid/2716参考:XF: rumpus-long-directory-dos(6542)参考:网址:http://xforce.iss.net/static/6542.phpMaxum喧闹FTP服务器1.3.3 2.0.3 dev 3允许远程攻击者执行拒绝服务(挂)通过创建一个目录名称的一个特定的长度。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0646 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0649网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0649最终决定:阶段性裁决:修改:建议:20010829分配:20010806类别:科幻参考:BUGTRAQ: 20010510个人网络共享远程停止参考:网址:http://www.securityfocus.com/archive/1/184548参考:XF: macos-web-sharing-dos(6536)参考:网址:http://xforce.iss.net/static/6536.php个人网络共享1.5.5允许远程攻击者造成拒绝服务通过一个HTTP请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0649 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0674网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0674最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010417维京参考咨询:网址:http://www.securityfocus.com/archive/1/177231参考:确认:http://www.robtex.com/viking/bugs.htm参考:XF: viking-hex-directory-traversal(6394)参考:网址:http://xforce.iss.net/static/6394.php目录遍历脆弱性RobTex维京Web服务器-381年1.07之前允许远程攻击者读取任意文件通过hexidecimal圆点攻击(如编码。http://www.server.com/%2e%2e/%2e%2e在一个HTTP URL请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0674 3供应商确认:对咨询内容的决定:SF-LOC CD: SF-LOC适用于- 2001 - 0467。这些应该是杰出的,因为可以- 2001 - 0467出现在一个版本(-382),这个不(-381)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0676网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0676最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010104安全。NNOV咨询——蝙蝠!目录遍历(公开)参考:网址:http://www.securityfocus.com/archive/1/154359参考:XF: thebat-attachment-directory-traversal(5871)参考:网址:http://xforce.iss.net/static/5871.php目录遍历脆弱性在罗切斯特理工学院的航拍研究实验室蝙蝠!早1.48 f和允许远程攻击者创建任意文件通过一个“点点”攻击在附件的文件名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0676 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0677网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0677最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010418尤朵拉(仍然)参考文件泄漏问题:网址:http://www.securityfocus.com/archive/1/177369参考:XF: eudora-plain-text-attachment(6431)参考:网址:http://xforce.iss.net/static/6431.phpEudora 5.0.2允许远程攻击者读取任意文件通过电子邮件与目标文件的路径在“附件转换”MIME标头,它发送文件时,用户的电子邮件转发给攻击者。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0677 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0678网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0678最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010519 TrendMicro内扫描VirusWall RegGo。dll转炉参考:网址:http://www.securityfocus.com/archive/1/185383参考:XF: interscan-reggo-bo(6575)参考:网址:http://xforce.iss.net/static/6575.phpreggo缓冲区溢出。趋势科技使用的dll文件内扫描VirusWall之前为Windows NT 3.5和3.51构建1349内扫描WebManager 1.2允许本地攻击者执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0678 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0680网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0680最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010413 QPC FTPd目录遍历和转炉漏洞参考:网址:http://www.securityfocus.com/archive/1/176712参考:XF: qpc-ftpd-directory-traversal(6375)参考:网址:http://xforce.iss.net/static/6375.php目录遍历脆弱性在QPC ftpd QVT / Net 4.0和AVT /学期5.0允许远程攻击者在网上遍历目录服务器列表中通过“点点”攻击(ls)命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0680 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0681网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0681最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010413 QPC FTPd目录遍历和转炉漏洞参考:网址:http://www.securityfocus.com/archive/1/176712参考:XF: qpc-ftpd-bo(6376)参考:网址:http://xforce.iss.net/static/6376.php缓冲区溢出在QPC ftpd QVT / Net 5.0和QVT /学期5.0允许远程攻击者造成拒绝服务通过一个长(1)用户名和密码(2)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0681 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0683网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0683最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010226 def - 2001 - 08:网景Collabra DoS参考:网址:http://www.securityfocus.com/archive/1/165516参考:XF: netscape-collabra-kernel-dos(6158)参考:网址:http://xforce.iss.net/static/6158.php早些时候在Netscape Collabra服务器3.5.4和内存泄漏允许远程攻击者造成拒绝服务(内存耗尽)反复发送大约5 k的数据TCP端口5238。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0683 3供应商确认:未知的内容决定:SF-LOC CD: SF-LOC表明分离问题,描述不同的根本问题。内存泄漏在端口5238上通过大量的数据是不同的足够的CPU“飙升”基于只有几个字节的数据。因此这两个问题应该分开。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0684网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0684最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010226 def - 2001 - 08:网景Collabra DoS参考:网址:http://www.securityfocus.com/archive/1/165516参考:XF: netscape-collabra-cpu-dos(6159)参考:网址:http://xforce.iss.net/static/6159.php网景Collabra服务器3.5.4早些时候,允许远程攻击者造成拒绝服务通过发送7个或更多字符TCP端口5239。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0684 3供应商确认:未知的内容决定:SF-LOC CD: SF-LOC表明分离问题,描述不同的根本问题。内存泄漏在端口5238上通过大量的数据是不同的足够的CPU“飙升”基于只有几个字节的数据。因此这两个问题应该分开。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0694网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0694最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:VULN-DEV: 20010525 WFTPD 32位(X86) 3.00 R5目录遍历/缓冲区溢出/ DoS参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0454.html目录遍历脆弱性WFTPD 3.00 R5,远程攻击者可以查看任意文件通过点点CD命令攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0694 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0695网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0695最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010503潜在的DOS漏洞在WFTPD参考:网址:http://www.securityfocus.com/archive/1/182054参考:XF: wftpd-cd-dos(6496)参考:网址:http://xforce.iss.net/static/6496.phpWFTPD 3.00 R5允许远程攻击者造成拒绝服务通过重复请求cd到软盘驱动器(\)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0695 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0697网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0697最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010228 SurgeFTP拒绝服务引用:网址:http://www.securityfocus.com/archive/1/165816参考:WIN2KSEC: 20010301 SurgeFTP 1.0 b拒绝服务引用:网址:http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200参考:XF: surgeftp-listing-dos(6168)参考:网址:http://xforce.iss.net/static/6168.phpNetWin SurgeFTP之前1.1 h允许远程攻击者造成拒绝服务(崩溃)通过一个' ls . .”命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0697 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0707网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0707最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010503 Denicomp REXECD / RSHD拒绝服务漏洞参考:网址:http://www.securityfocus.com/archive/1/183911参考:XF: denicomp-rshd-dos(6523)参考:网址:http://xforce.iss.net/static/6523.phpDenicomp RSHD 2.18和更早的允许远程攻击者将导致拒绝服务(崩溃)通过一个长字符串端口514。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0707 3供应商确认:未知的内容决定:SF-CODEBASE REXECD和RSHD多个包同样的问题,但包分别分布(供应商的下载页面所显示的那样)。因此CD: SF-CODEBASE表明,这些应该被分开的结论。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0708网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0708最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010503 Denicomp REXECD / RSHD拒绝服务漏洞参考:网址:http://www.securityfocus.com/archive/1/183911参考:XF: denicomp-rexecd-dos(6524)参考:网址:http://xforce.iss.net/static/6524.php1.05和更早的Denicomp REXECD允许远程攻击者造成拒绝服务(崩溃)通过一个长字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0708 3供应商确认:未知的内容决定:SF-CODEBASE REXECD和RSHD多个包同样的问题,但包分别分布(供应商的下载页面所显示的那样)。因此CD: SF-CODEBASE表明,这些应该被分开的结论。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(CVEPRI)最近和即将到来的活动
- 下一个按日期:集群主体(建议):最近- 68 - 35的候选人
- Prev线程:(CVEPRI)最近和即将到来的活动
- 下一个线程:集群主体(建议):最近- 68 - 35的候选人
- 指数(es):
