(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
集群主体(建议):最近- 68 - 35的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题集群:主题:[计划]最近- 68 - 35的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年结婚,2001年8月29日04:36:28(美国东部时间)
- 交货日期:2001年8月29日04:36:31结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
集群主体(建议):最近35 - 68候选人我最近提出集群——68年由编辑委员会审查和投票。投票网站周三下午将更新,东部时间。名称:最近- 68描述:候选人宣布6/3/2001与8/27/2001大小:35通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0341 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0341最终决定:阶段性裁决:修改:建议:20010829分配:20010510类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20010625 NSFOCUS SA2001-03:网页制作2000服务器扩展缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2参考:女士:ms01 - 035参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 035. - asp参考:报价:2906参考:网址:http://www.securityfocus.com/bid/2906缓冲区溢出在微软Visual Studio RAD支持首页的子组件服务器扩展允许远程攻击者执行任意命令通过一个长fp30reg.dll注册请求(URL)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0341 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0346网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0346最终决定:阶段性裁决:修改:建议:20010829分配:20010516类别:科幻/ CF / MP / SA / /未知参考:女士:ms01 - 031参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 031. - asp处理泄漏2000年微软Windows telnet服务允许攻击者造成拒绝服务开始大量的会话和终止。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0346 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0506网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0506最终决定:阶段性裁决:修改:建议:20010829分配:20010608类别:科幻参考:BUGTRAQ: 20010817 NSFOCUS SA2001-06: Microsoft IIS ssinc。dll缓冲区溢出漏洞参考:女士:ms01 - 044参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 044. - asp参考:报价:3190参考:网址:http://www.securityfocus.com/bid/3190缓冲区溢出在IIS 5.0和4.0允许本地用户获得系统权限通过服务器端包含(SSI)指令,包含一个目录下的文件具有悠久的名字,又名“SSI特权海拔”漏洞。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0506 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0507网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0507最终决定:阶段性裁决:修改:建议:20010829分配:20010608类别:科幻参考:女士:ms01 - 044参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 044. - aspIIS 5.0使用相对路径来找到系统文件,将进程内运行,它允许本地用户获得特权通过木马文件,又名“系统文件清单特权海拔”漏洞。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0507 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0508网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0508最终决定:阶段性裁决:修改:建议:20010829分配:20010608类别:科幻参考:女士:ms01 - 044参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 044. - asp脆弱性在IIS 5.0允许远程攻击者造成拒绝服务(重启)通过一个长,无效的WebDAV请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0508 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0543网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0543最终决定:阶段性裁决:修改:建议:20010829分配:20010710类别:科幻参考:女士:ms01 - 043参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 043. - asp内存泄漏NNTP服务在Windows NT 4.0和Windows 2000允许远程攻击者造成拒绝服务(内存耗尽)通过大量的畸形的帖子。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0543 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0546网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0546最终决定:阶段性裁决:修改:建议:20010829分配:20010710类别:科幻参考:女士:01 - 045参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 045. - asp内存泄漏在H.323看门人在微软互联网安全服务和加速度(ISA) Server 2000允许远程攻击者造成拒绝服务(资源枯竭)通过大量的畸形H.323数据。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0546 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0547网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0547最终决定:阶段性裁决:修改:建议:20010829分配:20010710类别:科幻参考:女士:01 - 045参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 045. - asp内存泄漏在微软互联网安全代理服务和加速度(ISA)服务器2000允许本地攻击者造成拒绝服务(资源耗尽)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0547 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0658网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0658最终决定:阶段性裁决:修改:建议:20010829分配:20010815类别:科幻参考:女士:ms01 - 045参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 045. - asp跨站点脚本(CSS)在微软互联网安全脆弱性和加速度(ISA) Server 2000允许远程攻击者造成其他客户通过恶意脚本执行特定的脚本或读取cookie在一个无效的URL引用不当的错误消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0658 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0659网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0659最终决定:阶段性裁决:修改:建议:20010829分配:20010815类别:科幻参考:女士:ms01 - 046参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 046. - asp缓冲区溢出的IrDA司机提供红外数据交换在Windows 2000允许攻击者身体靠近机器导致拒绝服务(重启)通过一个畸形数据包的发送。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0659 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0668网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0668最终决定:阶段性裁决:修改:建议:20010829分配:20010823类别:科幻参考:国际空间站:20010827远程缓冲区溢出漏洞在hp - ux行式打印机守护程序参考:网址:http://xforce.iss.net/alerts/advise93.php参考:惠普:hpsbux0108 - 163缓冲区溢出行式打印机守护进程(rlpdaemon)在HP - ux 10.01 11.11允许远程攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0668 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0690网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0690最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010606 lil '进出口格式错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html参考:DEBIAN: dsa - 058参考:网址:http://www.debian.org/security/2001/dsa - 058参考:CONECTIVA: CLA-2001:402参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402参考:REDHAT: RHSA-2001:078参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 078. - html格式字符串漏洞在进出口(在Debian 3.22 -10年红帽,3.12和3.16 Conectiva)在成批的SMTP模式允许远程攻击者执行任意代码通过在SMTP邮件标题格式字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0690 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0653网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0653最终决定:阶段性裁决:修改:建议:20010829分配:20010814类别:科幻参考:BUGTRAQ: 3163 *警报*更新报价20010821(6.58)紧迫性:Sendmail调试器任意代码执行漏洞(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=99841063100516&w=2参考:确认:http://www.sendmail.org/8.11.html参考:报价:3163参考:网址:http://www.securityfocus.com/bid/3163通过8.11.5 Sendmail 8.10.0, 8.12.0β,允许本地用户修改进程内存并可能获得特权通过一个较大的值在“类别”调试器命令行参数(- d)的一部分,这是解释为一个负数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0653 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0685网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0685最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010228 fcron 0.9.5是容易被攻击一个符号链接参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98339581702282&w=2参考报价:2835参考:URL:网址:http://www.securityfocus.com/bid/2835蒂博Godouet FCron 1.1.1之前允许本地用户腐败的另一个用户crontab文件通过一个符号链接攻击fcrontab临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0685 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0692网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0692最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010608沃奇卫士SMTP代理问题参考:网址:http://www.securityfocus.com/archive/1/189783参考:BUGTRAQ: 20010628 RE:沃奇卫士SMTP代理问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=99379787421319&w=2参考:XF: firebox-smtp-bypass-filter(6682)参考:网址:http://xforce.iss.net/static/6682.php参考:报价:2855参考:网址:http://www.securityfocus.com/bid/2855SMTP代理沃奇卫士燃烧室(2500和4500)4.5和4.6允许远程攻击者绕过防火墙过滤通过边界的base64编码的MIME邮件附件名称以两个破折号。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0692 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0700网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0700最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010621 (SNS咨询No.32) w3m畸形MIME头缓冲区溢出漏洞参考:网址:http://www.securityfocus.com/archive/1/192371参考:确认:http://mi.med.tohoku.ac.jp/ satodai w3m-dev-en / 200106. /月/ 537. html参考:XF: w3m-mime-header-bo(6725)参考:网址:http://xforce.iss.net/static/6725.php参考:报价:2895参考:网址:http://www.securityfocus.com/bid/2895缓冲区溢出在w3m 0.2.1早些时候,允许远程攻击者执行任意代码通过一个长base64编码的MIME标头。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0700 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0509网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0509最终决定:阶段性裁决:修改:建议:20010829分配:20010608类别:科幻参考:女士:ms01 - 041参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 041. - aspRPC服务器中的安全漏洞(1)Microsoft Exchange Server 2000和之前,(2)微软SQL Server 2000和早些时候,Windows NT 4.0 (3), (4) Windows 2000允许远程攻击者通过畸形的输入导致拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0509 3供应商确认:对咨询内容的决定:SF-LOC, SF-EXEC顾问说,“在特定的输入值问题从RPC服务器RPC服务器不同,“这可能意味着有不同类型的漏洞在每个服务器,如超出范围整数的一个RPC服务器,和一个不能处理一长串在另一个空字符。另一方面,可能有一个“中央”位置/代码部分,叫做以不同的方式在每个服务器,CD: SF-LOC建议结合所有项目到一个候选人。但CD: SF-EXEC建议为每个单独的包创建单独的候选人。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0552网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0552最终决定:阶段性裁决:修改:建议:20010829分配:20010718类别:科幻参考:BUGTRAQ: 20010608惠普Openview NNM6.1 ovactiond本利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=99201278704545&w=2参考:CERT: ca - 2001 - 24参考:网址:http://www.cert.org/advisories/ca - 2001 - 24. - html参考:惠普:hpsbux0106 - 154参考:CERT-VN: VU # 952171参考:网址:http://www.kb.cert.org/vuls/id/952171参考:报价:2845参考:网址:http://www.securityfocus.com/bid/2845在惠普ovactiond OpenView网络节点管理器(NNM) 6.1和Tivoli网络检视软件5。x和6。通过x允许远程攻击者执行任意命令shell元字符在一定SNMP陷阱消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0552 3供应商确认:对咨询内容的决定:SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0636网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0636最终决定:阶段性裁决:修改:建议:20010829分配:20010727类别:科幻参考:国际空间站:20010806多个缓冲区溢出漏洞在雷神SilentRunner参考:网址:http://xforce.iss.net/alerts/advise91.php缓冲区溢出在雷神SilentRunner允许远程攻击者(1)引起拒绝服务的收集器(cle.exe)组件SilentRunner长2.0通过交通包含密码,或(2)执行任意命令通过长HTTP查询知识SilentRunner 2.0浏览器组件和2.0.1。注意:很有可能,这个候选人将分成多个候选人。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0636 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0686网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0686最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010604 $ HOME缓冲区溢出在SunOS 5.8 x86参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-06/0000.html参考:报价:2819参考:网址:http://www.securityfocus.com/bid/2819缓冲区溢位在5.8邮件附带SunOS x86允许本地用户提升特权通过长家里环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0686 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0687网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0687最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010610代理FTP服务器5.9.5.0缓冲区溢出/ DoS /目录遍历参考:网址:http://www.securityfocus.com/archive/1/190032参考:XF: broker-ftp-cd-directory-traversal(6674)参考:网址:http://xforce.iss.net/static/6674.php参考:报价:2853参考:网址:http://www.securityfocus.com/bid/2853代理FTP服务器5.9.5 Windows NT和9 x允许远程攻击者获取特权的web服务器系统信息(1)CD命令(CD C:)其次是LS命令,(2)在UNC格式中指定任意路径(\ \ computername \ sharename)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0687 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0688网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0688最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010610代理FTP服务器5.9.5.0缓冲区溢出/ DoS /目录遍历参考:网址:http://www.securityfocus.com/archive/1/190032参考:报价:2851参考:网址:http://www.securityfocus.com/bid/2851代理FTP服务器5.9.5.0允许远程攻击者造成拒绝服务通过不断发出一个无效的CD或慢性消耗病(CD。。)命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0688 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0689网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0689最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010607 (SNS咨询No.29) Trend Micro病毒控制系统(VCS)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-06/0065.html脆弱性TrendMicro病毒控制系统1.8允许远程攻击者查看配置文件通过一定的CGI程序和更改配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0689 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0691网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0691最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:曼德拉草:MDKSA-2001:054参考:网址:http://www.securityfocus.com/advisories/3352参考:报价:2856参考:网址:http://www.securityfocus.com/bid/2856缓冲区溢位在华盛顿大学imapd 2000年通过2000 c可以允许本地用户没有执行shell访问代码作为自己在某些配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0691 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0693网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0693最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010603 Webtrends HTTP服务器% 20错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=99166905208903&w=2参考:报价:2812参考:网址:http://www.securityfocus.com/bid/2812参考:XF: webtrends-unicode-reveal-source(6639)参考:网址:http://xforce.iss.net/static/6639.phpWebTrends HTTP服务器3.1度和3.5允许远程攻击者查看脚本源代码通过文件名后面跟着一个编码空间(% 20)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0693 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0696网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0696最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010619 SurgeFTP漏洞参考:网址:http://www.securityfocus.com/archive/1/191916参考:报价:2891参考:网址:http://www.securityfocus.com/bid/2891参考:XF: surgeftp-concon-dos(6712)参考:网址:http://xforce.iss.net/static/6712.phpNetWin SurgeFTP 2.0和1.0 b允许远程攻击者造成拒绝服务(崩溃)通过CD命令一个目录和一个ms - dos设备名称如场骗局分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0696 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0698网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0698最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010619 SurgeFTP漏洞参考:网址:http://www.securityfocus.com/archive/1/191916参考:报价:2892参考:网址:http://www.securityfocus.com/bid/2892参考:XF: surgeftp-nlist-directory-traversal(6711)参考:网址:http://xforce.iss.net/static/6711.php目录遍历脆弱性NetWin SurgeFTP 2.0和1.0 b允许远程攻击者通过“nlist任意的文件和目录列表…”命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0698 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0699网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0699最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010620 Solaris / opt / SUNWssp / bin / cb_reset脆弱性参考:网址:http://www.securityfocus.com/archive/1/192299参考:报价:2893参考:网址:http://www.securityfocus.com/bid/2893参考:XF: sun-cbreset-bo(6726)参考:网址:http://xforce.iss.net/static/6726.php缓冲区溢出的cb_reset系统服务处理器(SSP)的一揽子SunOS 5.8允许本地用户执行任意代码通过一个长期的观点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0699 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0701网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0701最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010621 Solaris / opt / SUNWvts / bin / ptexec脆弱性参考:网址:http://www.securityfocus.com/archive/1/192667参考:报价:2898参考:网址:http://www.securityfocus.com/bid/2898参考:XF: sunvts-ptexec-bo(6736)参考:网址:http://xforce.iss.net/static/6736.php缓冲区溢出在ptexec 4.3和更早的在阳光下验证测试套件允许本地用户获得特权通过长- o参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0701 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0702网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0702最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010621 Cerberus FTP服务器1。x远程DoS攻击漏洞参考:网址:http://www.securityfocus.com/archive/1/192655参考:BUGTRAQ: 20010704 CesarFTPd, Cerberus FTPd参考:网址:http://www.securityfocus.com/archive/1/194914参考:报价:2901参考:网址:http://www.securityfocus.com/bid/2901参考:XF: cerberus-ftp-bo(6728)参考:网址:http://xforce.iss.net/static/6728.phpCerberus FTP 1.5和更早的允许远程攻击者导致拒绝服务,并可能执行任意代码,通过一个长(1)用户名、密码(2)或(3)PASV命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0702 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0703网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0703最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ:勒夫咨询# 2 - 1 c: 20010621多个vulnerablilities世外桃源。参考网址:http://www.securityfocus.com/archive/1/192651参考:XF: arcadia-tradecli-dos(6739)参考:网址:http://xforce.iss.net/static/6739.php参考:报价:2905参考:网址:http://www.securityfocus.com/bid/2905tradecli。dll在世外桃源互联网商店1.0允许远程攻击者造成拒绝服务通过一个URL请求的ms - dos模板参数的设备名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0703 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0704网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0704最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ:勒夫咨询# 2 - 1 c: 20010621多个vulnerablilities世外桃源。参考网址:http://www.securityfocus.com/archive/1/192651参考:XF: arcadia-tradecli-reveal-path(6738)参考:网址:http://xforce.iss.net/static/6738.php参考:报价:2904参考:网址:http://www.securityfocus.com/bid/2904tradecli。dll在世外桃源互联网商店1.0允许远程攻击者发现工作目录的完整路径通过一个URL,使用一个模板参数的文件不存在。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0704 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0705网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0705最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ:勒夫咨询# 2 - 1 c: 20010621多个vulnerablilities世外桃源。参考网址:http://www.securityfocus.com/archive/1/192651参考:XF: arcadia-tradecli-directory-traversal(6737)参考:网址:http://xforce.iss.net/static/6737.php参考:报价:2902参考:网址:http://www.securityfocus.com/bid/2902目录遍历tradecli脆弱性。dll在世外桃源互联网商店1.0允许远程攻击者读取任意文件在web服务器上通过一个URL“点点”序列的模板参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0705 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0706网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0706最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010612喧闹FTP DoS卷。2引用:网址:http://www.securityfocus.com/archive/1/190932参考:XF: rumpus-ftp-directory-dos(6699)参考:网址:http://xforce.iss.net/static/6699.php参考:报价:2864参考:网址:http://www.securityfocus.com/bid/2864最大的骚动FTP服务器2.0.3 dev之前,允许攻击者造成拒绝服务(崩溃)通过mkdir命令指定了一个大量的子文件夹。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0706 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0709网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0709最终决定:阶段性裁决:修改:建议:20010829分配:20010829类别:科幻参考:BUGTRAQ: 20010622(义务警员- 2001001)ASP源代码检索与Unicode extens离子参考:网址:http://www.securityfocus.com/archive/1/192802参考:报价:2909参考:网址:http://www.securityfocus.com/bid/2909参考:XF: iis-unicode-asp-disclosure(6742)参考:网址:http://xforce.iss.net/static/6742.phpMicrosoft IIS 4.0之前,当安装在一个FAT分区,允许远程攻击者获得源代码的ASP文件通过一个URL和Unicode编码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0709 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近25 - 67的候选人
- 下一个按日期:[CVEPRI] CVE高级顾问委员会公布
- Prev线程:(提案)集群最近25 - 67的候选人
- 下一个线程:[CVEPRI] CVE高级顾问委员会公布
- 指数(es):
