(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
最后(临时)接受98名候选人(9/14)
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(临时):接受98名候选人(最后的9/14)
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:妈,9月10日2001 21:19:11 -0400(美国东部时间)
- 交货日期:我9月10 21:19:24 2001
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我做了一个临时决定接受以下98名候选人,其中大多数是来自各种RECENT-XX集群。我将在9月14日做出最终决定。我不认为我见过如此大的不同的选民。感谢大家的贡献!选民:Renaud接受(18)等待(8)Ozancin等待(4)勒布朗等待(4)Magdych接受(11)等待(7)科尔接受(71)无操作(19)Balinsky接受(13)修改(1)无操作(3)布雷克接受(2)Foat接受(6)无操作(1)威廉姆斯接受(25)修改(1)奥利弗接受(11)无操作(6)Christey等待(17)墙接受(23)等待(61)Ziese接受(65)无操作(20)征收接受(6)Dik接受弗伦奇接受(25)(3)修改(69)干预接受(2)Stracener接受(7)Bollinger接受(1)无操作(1)贝克接受柯林斯(81)接受(5)Lawler接受(10)无操作(1)主教接受(2)普罗塞接受(2)阿姆斯特朗接受(2)无操作(6)接受——> 94 ACCEPT_ACK——> 4 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0756网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0756最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010214分配:19991125类别:科幻参考:阿莱尔:ASB99-07参考:网址:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full参考:XF: coldfusion-admin-dos(2207)参考:网址:http://xforce.iss.net/static/2207.phpColdFusion管理员启用了先进的安全允许远程用户通过启动/停止停止ColdFusion服务器实用程序。修改:CHANGEREF(规范化)XF推断行动:- 1999 - 0756 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)贝克,弗雷希无操作(1)科尔选民的评论:弗雷希> XF: coldfusion-admin-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0243网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0243最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000324 AnalogX SimpleServer 1.03远程崩溃”:参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web - 5645555 @post2.rnci.com参考:MISC:http://www.analogx.com/contents/download/network/sswww.htm参考:XF: simpleserver-exception-dos(4189)参考:网址:http://xforce.iss.net/static/4189.php参考:报价:1076参考:网址:http://www.securityfocus.com/bid/1076AnalogX SimpleServer: WWW HTTP服务器1.03允许远程攻击者造成拒绝服务通过一个简短的GET请求目录。修改:DESC删除“缓冲区溢出”CHANGEREF(规范化)XF: simpleserver-exception-dos(4189)推断行动:- 2000 - 0243能接受(3接受0 ack, 0评论)目前投票:接受(3)抑郁症,Levy贝克等待(3)科尔,Magdych, Christey选民的评论:Christey >改变描述:这是一个缓冲*下溢*,现在溢出。改变> [Magdych改变投票从审查到等待]= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0568网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0568最终决定:阶段性裁决:20010911修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000630多个漏洞Sybergen安全桌面参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se参考:XF: sybergen-routing-table-modify参考:报价:1417参考:网址:http://www.securityfocus.com/bid/1417Sybergen安全桌面2.1不正确防范虚假路由器广告(ICMP类型9),它允许远程攻击者修改默认路由。推断行动:- 2000 - 0568能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,贝克,弗雷希无操作(6)墙,科尔,阿姆斯特朗,Magdych,勒布朗,Ozancin选民的评论:改变>[阿姆斯特朗改变投票从审查到等待]变化> [Magdych改变投票从审查到等待]= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0569网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0569最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20000719分配:20000719类别:科幻参考:WIN2KSEC: 20000630任何局域网用户可以Sygate参考:网址:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html参考:报价:1420参考:网址:http://www.securityfocus.com/bid/1420参考:XF: sygate-udp-packet-dos(5049)参考:网址:http://xforce.iss.net/static/5049.phpSybergen Sygate允许远程攻击者造成拒绝服务通过发送一个畸形的DNS UDP包的内部接口。修改:CHANGEREF改变MISC参考WIN2KSEC ADDREF XF: sygate-udp-packet-dos(5049)推断行动:- 2000 - 0569能接受(4接受,0 ack, 0评论)目前投票:接受(3)征税,贝克,科尔弗伦奇等待修改(1)(5)墙,阿姆斯特朗,Magdych,勒布朗,Ozancin选民的评论:弗雷希> XF: sygate-udp-packet-dos(5049)改变>(科尔从等待接受改变投票)改变>[阿姆斯特朗改变投票从审查到等待]变化> [Magdych改变投票从审查到等待]= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0576网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0576最终决定:阶段性裁决:20010911修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000704 Oracle Web侦听器AIX DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html参考:报价:1427参考:网址:http://www.securityfocus.com/bid/1427Oracle Web侦听器的AIX版本4.0.7.0.0和4.0.8.1.0允许远程攻击者通过畸形引起拒绝服务的URL。推断行动:- 2000 - 0576能接受(6接受0 ack 0审查)目前投票:接受(5)征税,贝克,科尔,布莱克,柯林斯弗伦奇等待修改(1)(6)墙,Bollinger,阿姆斯特朗,Magdych,勒布朗,Ozancin选民的评论:弗雷希> XF: oracle-web-listener-dos(4874)改变>(科尔从等待接受改变投票)改变> [Magdych改变投票从审查到等待]= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0620网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0620最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000619 XFree86:各种肮脏libX11洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96146116627474&w=2参考:报价:1409参考:网址:http://www.securityfocus.com/bid/1409参考:XF: libx11-infinite-loop-dos(4996)参考:网址:http://xforce.iss.net/static/4996.phplibX11 X库允许远程攻击者通过资源导致拒绝服务的面具0,这导致libX11进入一个无限循环。修改:ADDREF BUGTRAQ: 20000619 XFree86:各种肮脏libX11洞ADDREF XF: libx11-infinite-loop-dos(4996)推断行动:- 2000 - 0620能接受(7接受0 ack, 0评论)目前投票:接受(6)征税,贝克,科尔,阿姆斯特朗,布莱克,柯林斯弗伦奇等待修改(1)(4)墙,Magdych,勒布朗,Ozancin选民的评论:弗雷希> XF: libx11-infinite-loop-dos(4996)参见http://www.securityfocus.com/frames/?content=/templates/archive.pike%3flist%3d1%26date%3d2000 - 07 - 22% - 26 - msg%3dpine.lnx.4.21.0006192251480.9945 - 100000 @ferret.lmh.ox.ac.uk# 2,特别是缺陷。改变>(科尔从等待接受改变投票)改变>[阿姆斯特朗投票从审查接受]变化> [Magdych改变投票从审查到等待]= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0799网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0799最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20000921分配:20000919类别:科幻参考:BUGTRAQ: 20000802 (LSD)一些未发表的LSD利用代码参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl参考:SGI: 20001101 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I参考:报价:1530参考:网址:http://www.securityfocus.com/bid/1530参考:XF: irix-inpview-symlink(5065)参考:网址:http://xforce.iss.net/static/5065.phpinpview本人亲自在SGI IRIX 5.3通过IRIX 6.5.10允许本地用户获得特权通过一个符号链接攻击.ilmpAAA临时文件。修改:ADDREF XF: irix-inpview-symlink ADDREF SGI(5065): 20001101 - 01 -我添加“线下”促进搜索;为受影响的文件添加细节。推断行动:- 2000 - 0799 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)征税,贝克等待(3)墙,科尔,Christey选民的评论:Christey > XF: irix-inpview-symlinkhttp://xforce.iss.net/static/5065.phpChristey > ADDREF SGI: 20001101 - 01 -我网址:http://archives.neohapsis.com/archives/vendor/2000-q4/0072.htmlChristey >添加“线下”来描述方便搜索,并描述为“受影响的文件。ilmpAAA”也在简要提及这个问题:BUGTRAQ: 19970507 Irix:混杂http://www.securityfocus.com/archive/1/6702= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0877网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0877最终决定:阶段性裁决:20010911修改:建议:20001018分配:20001018类别:科幻参考:mailform BUGTRAQ: 20000911安全传递的变量。pl MailForm V2.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html参考:报价:1670参考:网址:http://www.securityfocus.com/bid/1670参考:XF: mailform-attach-file参考:网址:http://xforce.iss.net/static/5224.phpmailform。pl CGI脚本MailForm 2.0允许远程攻击者读取任意文件指定文件名的XX-attach_file参数,然后MailForm发送给攻击者。推断行动:- 2000 - 0877能接受(3接受0 ack, 0评论)目前投票:接受(3)抑郁症,柯林斯,贝克等待(4)墙,科尔,阿姆斯特朗,Magdych = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0897网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0897最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20001219分配:20001114类别:科幻参考:BUGTRAQ: 20001114措施SmallHTTP服务器参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2参考:确认:http://home.lanck.net/mf/srv/index.htm参考:报价:1941参考:网址:http://www.securityfocus.com/bid/1941参考:XF: small-http-nofile-dos(5524)参考:网址:http://xforce.iss.net/static/5524.php2.03和更早的小型HTTP服务器允许远程攻击者造成拒绝服务通过多次请求URL引用目录不包含一个索引。html文件,不消耗内存请求完成后发布。修改:ADDREF XF: small-http-nofile-dos (5524) ADDREF确认:http://home.lanck.net/mf/srv/index.htmDESC改变版本“2.03”之前基于供应商确认。推断行动:- 2000 - 0897能接受(3接受,1 ack, 0评论)目前投票:接受(2)贝克,弗伦奇等待Balinsky修改(1)(3)墙,科尔,阿姆斯特朗选民的评论:弗雷希> XF: small-http-nofile-dos (5524) Balinsky >供应商承认问题在这个URL 2.03版本的评论:http://home.lanck.net/mf/srv/index.htm= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0945网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0945最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20001129分配:20001124类别:科幻参考:BUGTRAQ: 20001026咨询def - 2000 - 02: Cisco Catalyst远程命令执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html参考:BUGTRAQ: 20001113 Re: 3500 xl参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html参考:XF: cisco-catalyst-remote-commands(5415)参考:网址:http://xforce.iss.net/static/5415.php参考:报价:1846参考:网址:http://www.securityfocus.com/bid/1846web配置接口催化剂3500 XL开关允许远程攻击者执行任意命令没有身份验证时,启用密码没有设置,通过一个URL包含/执行/目录中。修改:CHANGEREF(规范化)XF: cisco-catalyst-remote-commands ADDREF报价:1846 ADDREF BUGTRAQ: 20001113 Re: 3500 xl DESC补充说“当启用密码没有设置“基于思科跟踪推断行动:- 2000 - 0945能接受(6接受,1 ack, 0评论)目前投票:接受(6)科尔,抑郁症,Ziese,雷纳德干预,贝克等待(2)Christey, Balinsky选民的评论:Christey >看思科的反应:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html它还引用出价:1846更改> [Balinsky改变投票从审查到等待]= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1047网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1047最终决定:阶段性裁决:20010911修改:建议:20001129分配:20001129类别:科幻参考:BUGTRAQ: 20001103[安全]缓冲区溢出在Lotus Domino SMTP服务器参考:网址:http://www.securityfocus.com/archive/1/143071参考:报价:1905参考:网址:http://www.securityfocus.com/bid/1905缓冲区溢出早些时候在Lotus Domino 5.0.4和SMTP服务允许远程攻击者可能导致拒绝服务和执行任意命令通过一个长ENVID关键字在“邮件”命令。推断行动:- 2000 - 1047能接受(3接受,1 ack, 0评论)目前投票:接受(3)干预,贝克,柯林斯等待(2)科尔,墙选民的评论:柯林斯> SPR CDOY4GFP35 @http://www.notes.net/r5fixlist.nsf/Search ! SearchView&Query = CDOY4GFP35&SearchMax = 0开始= 1数= 25= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0004网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0004最终决定:阶段性裁决:20010911修改:20010910 - 02年提出:20010202分配:20010104类别:科幻参考:BUGTRAQ: 20010108使用% 3 f + IIS 5.0允许查看文件。htr参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97897954625305&w=2参考:女士:ms01 - 004参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 004. - asp参考:报价:2313参考:网址:http://www.securityfocus.com/bid/2313参考:XF: iis-read-files(5903)参考:网址:http://xforce.iss.net/static/5903.phpIIS 5.0和4.0允许远程攻击者阅读源代码的可执行的web服务器程序通过添加“% 3 f +。htr”请求的URL,这导致文件被解析.HTR ISAPI扩展,即一个变种的“文件片段阅读通过.HTR”漏洞。修改:ADDREF XF: iis-read-files (5903) ADDREF报价:2313年的行动:- 2001 - 0004能接受(6接受,1 ack, 0评论)目前投票:接受(5)贝克,科尔,柯林斯Ziese,弗伦奇等待墙修改(1)(1)Christey选民的评论:弗雷希> XF: microsoft-iis-read-files (5903) Christey >改变XF: microsoft-iis-read-files XF: iis-read-files Christey > XF: iis-read-files(5903)报价:2313 Christey > XF: iis-isapi-obtain-code URL:http://xforce.iss.net/static/6032.phpChristey >好的,适当的XF参考使用iis-read-files (5903)。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0020网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0020最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010202分配:20010131类别:科幻参考:ATSTAKE: A013101-1参考:网址:http://www.atstake.com/research/advisories/2001/a013101 - 1. - txt参考:思科:20010131思科内容服务开关脆弱性参考:网址:http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml参考:XF: cisco-ccs-file-access(6031)参考:网址:http://xforce.iss.net/static/6031.php参考:报价:2331参考:网址:http://www.securityfocus.com/bid/2331目录遍历脆弱性Arrowpoint(又名思科内容服务,或CSS)允许当地无特权的用户读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: cisco-ccs-file-access (6031) ADDREF报价:2331年的行动:- 2001 - 0020能接受(4接受,1 ack, 0评论)目前投票:接受(3)贝克,科尔,弗伦奇等待Ziese修改(1)(2)Christey,墙选民的评论:弗雷希> XF: cisco-ccs-file-access (6031) Christey > XF: cisco-ccs-file-access Christey >报价:2331网址:http://www.securityfocus.com/bid/2331= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0077网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0077最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010202分配:20010201类别:参考:BUGTRAQ: 20001212太阳集群2中两个洞。x参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html参考:XF: clustmon-no-authentication(6123)参考:网址:http://xforce.iss.net/static/6123.php太阳clustmon服务集群2。x不需要身份验证,它允许远程攻击者获取敏感信息,比如系统日志和集群配置。修改:ADDREF XF: clustmon-no-authentication(6123)推断行动:- 2001 - 0077能接受(3接受,1 ack, 0评论)目前投票:接受(2)贝克,弗伦奇等待Dik修改(1)(3)科尔,Ziese,墙选民的评论:弗雷希> XF: clustmon-no-authentication(6123) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0078网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0078最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010202分配:20010201类别:科幻参考:BUGTRAQ: 20001212太阳集群2中两个洞。x参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html参考:XF: ha-nfs-symlink(6125)参考:网址:http://xforce.iss.net/static/6125.php在。蒙德在集群太阳2。x允许本地用户读取任意文件通过一个符号链接攻击状态文件运行HA-NFS的主机。修改:ADDREF XF: ha-nfs-symlink(6125)推断行动:- 2001 - 0078能接受(3接受,1 ack, 0评论)目前投票:接受(2)贝克,弗伦奇等待Dik修改(1)(3)科尔,Ziese,墙选民的评论:弗雷希> XF: ha-nfs-symlink(6125) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0095网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0095最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010202分配:20010201类别:科幻参考:成员BUGTRAQ: 20001218猫文件痛击脆弱性Solaris 2。x参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html参考:SUNBUG: 4392144参考:XF: solaris-catman-symlink(5788)参考:网址:http://xforce.iss.net/static/5788.phpcatman Solaris 2.7和2.8允许本地用户覆盖任意文件通过一个符号链接攻击sman_PID临时文件。修改:ADDREF SUNBUG: 4392144 CHANGEREF(规范化)XF: solaris-catman-symlink(5788)推断行动:- 2001 - 0095能接受(3接受,1 ack, 0评论)目前投票:接受(3)贝克,抑郁症,Dik等待(3)科尔,Ziese,墙选民的评论:Dik >太阳bug 4392144 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0108网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0108最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010112 PHP安全顾问——Apache模块错误引用:网址:http://www.securityfocus.com/archive/1/156202参考:曼德拉草:MDKSA-2001:013参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 013. - php3参考:CONECTIVA: CLA-2001:373参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373参考:DEBIAN: dsa - 020参考:网址:http://www.debian.org/security/2001/dsa - 020参考:XF: php-htaccess-unauth-access(5940)参考:网址:http://xforce.iss.net/static/5940.php参考:报价:2206参考:网址:http://www.securityfocus.com/bid/2206PHP Apache模块4.0.4允许远程攻击者绕过. htaccess早些时候访问限制通过HTTP请求在一个无限制的畸形导致的PHP页面上使用这些访问控制请求下一个页面。修改:ADDREF曼德拉草:MDKSA-2001:013 ADDREF CONECTIVA: CLA-2001:373 ADDREF DEBIAN: dsa - 020 ADDREF XF: php-htaccess-unauth-access(5940)推断行动:- 2001 - 0108能接受(3接受,1 ack, 0评论)目前投票:接受(2)贝克,奥利弗·弗伦奇等待修改(1)(3)墙,科尔,Christey选民的评论:Christey > ADDREF曼德拉草:MDKSA-2001:013http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 013. - php3注意,第二个PHP这里描述的问题是,但我不认为这是还可以。CONECTIVA: CLA-2001:373 DEBIAN: dsa - 020http://www.debian.org/security/2001/dsa - 020XF: php-htaccess-unauth-accesshttp://xforce.iss.net/static/5940.php弗雷希> XF: php-htaccess-unauth-access奥利弗(5940)>多个供应商确认= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0121网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0121最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010108 def - 2001 - 01: ImageCast IC3控制中心DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html参考:XF: storagesoft-imagecast-dos(5901)参考:网址:http://xforce.iss.net/static/5901.php参考:报价:2174参考:网址:http://www.securityfocus.com/bid/2174ImageCast控制中心4.1.0允许远程攻击者造成拒绝服务(资源耗尽或系统崩溃)通过一个长字符串端口12002。修改:ADDREF XF: storagesoft-imagecast-dos(5901)推断行动:- 2001 - 0121能接受(3接受,1 ack, 0评论)目前投票:接受(2)贝克,奥利弗·弗伦奇等待修改(1)(4)墙,科尔,Magdych, Christey选民的评论:弗雷希> XF: storagesoft-imagecast-dos (5901) Christey > XF: storagesoft-imagecast-dos URL:http://xforce.iss.net/static/5901.php贝克>电子邮件Storagesoft技术支持导致了一个答案,确认存在的脆弱性,而且它还没有修补,它是未知的,如果新版本4.5,由于将发布地址。主题:ImageCast IC3 v 4.1(主要事件:010420年- 0020年)时间:星期五,2001年4月20日15:42:55 -0600(山夏令时):support@storagesoft.com: bakerd@mitre.org最近你请求的个人援助从我们的在线支持中心。下面是总结你的请求和响应。如果我们不收到你的3个工作日内我们会认为您的问题已经解决了。谢谢你允许我们的服务给你。- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -总结:ImageCast IC3 v 4.1建议的解决方案:在04/20/2001 03:38 PM我们写道——这个被固定在4.2版本了吗?不,4.2控制台非常类似(代码)至4.1。我们正在发布4.5版本——这是重写代码。它可用于评价我们的下载部分,附上链接:http://www.storagesoft.com/support/updates.asp这(安全问题)但是没有测试4.5。基思·j·STorageSoft技术服务事件细节:参考号:010420 - 0020产品(R): ImageCast型态:控制中心类别(R):一般联系:bakerd@mitre.org创建日期:04/20/2001 10:15我最后更新:04/20/2001 03:42点运行时间:5小时,27分钟状态:未解决的描述:ImageCast IC3受到拒绝服务。通过发送不同寻常的长字符串ICCC服务监听端口12002,程序将使用所有可用的CPU使用率拒绝任何新的连接。此外,发送多个数据包包含长字符串8081端口将导致ICCC服务(ICCC.exe)完全崩溃。需要重新启动应用程序以获得正常的功能。这个被固定在4.2版本了吗?我已经回顾了改变记录在你的网站上:http://www.storagesoft.com/support/docs/currentversion/ReleaseNotes.htm但是它也没提到的解决这些问题。你能确认这是修复或告诉我的问题什么时候被修复在发布版本的产品?= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0136网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0136最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20001220 ProFTPD 1.2.0内存泄漏——拒绝服务引用:网址:http://www.securityfocus.com/archive/1/152206参考:BUGTRAQ: 20010109内存泄漏ProFTPd导致偏远DoS (FTP)大小;(利用代码)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html参考:BUGTRAQ: 20010110 Re:内存泄漏ProFTPd导致偏远DoS (FTP)大小;(利用代码)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html参考:曼德拉草:MDKSA-2001:021参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 021. - php3参考:DEBIAN: dsa - 029参考:网址:http://www.debian.org/security/2001/dsa - 029参考:CONECTIVA: CLA-2001:380参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380参考:BUGTRAQ: 20010213 Trustix安全顾问——proftpd内核参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html参考:XF: proftpd-size-memory-leak参考:网址:http://xforce.iss.net/static/5801.php内存泄漏在ProFTPd 1.2.0rc2允许远程攻击者通过一系列导致拒绝服务用户命令,并可能大小命令如果服务器已经安装不当。修改:ADDREF曼德拉草:MDKSA-2001:021 ADDREF DEBIAN: dsa - 029 ADDREF CONECTIVA: CLA-2001:380 ADDREF BUGTRAQ: 20010213 Trustix安全顾问——proftpd内核推断行动:- 2001 - 0136能接受(3接受,1 ack, 0评论)目前投票:接受(3)贝克,Magdych,弗雷希无操作(3)墙,科尔,Christey选民的评论:Christey > ADDREF曼德拉草:MDKSA-2001:021 ADDREF DEBIAN: dsa - 029 ADDREF CONECTIVA: CLA-2001:380 Christey > BUGTRAQ: 20010213 Trustix安全顾问——proftpd内核网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0155网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0155最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010309分配:20010216类别:科幻参考:ATSTAKE: A021601-1参考:网址:http://www.atstake.com/research/advisories/2001/a021601 - 1. - txt参考:确认:http://www.vandyke.com/products/vshell/security102.html早些时候在VShell SSH网关1.0.1和格式字符串漏洞允许远程攻击者通过用户名包含执行任意命令格式说明符字符串。修改:ADDREF确认:http://www.vandyke.com/products/vshell/security102.htmlDESC改变“长的用户名”,这意味着一个溢出。推断行动:- 2001 - 0155能接受(3接受,1 ack, 0评论)目前投票:接受(2)Lawler,贝克弗伦奇等待修改(1)(2)科尔,Ziese选民的评论:弗雷希> XF: vshell-username-bo(6146)确认:http://www.vandyke.com/products/vshell/security102.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0164网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0164最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010309分配:20010307类别:科幻参考:ATSTAKE: A030701-1参考:网址:http://www.atstake.com/research/advisories/2001/a030701 - 1. - txt参考:XF: netscape-directory-server-bo(6233)参考:网址:http://xforce.iss.net/static/6233.php缓冲区溢出早些时候在Netscape 4.12目录服务器,允许远程攻击者造成拒绝服务或执行任意命令通过一个畸形的收件人。修改:ADDREF XF: netscape-directory-server-bo(6233)推断行动:- 2001 - 0164能接受(5接受,1 ack, 0评论)目前投票:接受(4)Lawler,贝克,科尔,Ziese修改(1)弗雷希选民的评论:改变>[弗雷希改变投票从审查修改]弗雷希> XF: netscape-directory-server-bo(6233) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0174网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0174最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010309分配:20010308类别:科幻参考:BUGTRAQ: 20010130安全漏洞2001年病毒克星参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0500.html参考:XF: virusbuster-mua-bo(6034)参考:网址:http://xforce.iss.net/static/6034.php缓冲区溢出2001年Trend Micro病毒克星8.00允许远程攻击者导致拒绝服务,并可能执行任意命令,通过大”“地址。修改:CHANGEREF(规范化)XF: virusbuster-mua-bo(6034)推断行动:- 2001 - 0174能接受(3接受0 ack, 0评论)目前投票:接受(3)Lawler,贝克,弗雷希无操作(1)Ziese选民的评论:Lawler >升级到8.01或更高版本。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0175网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0175最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010309分配:20010308类别:科幻参考:BUGTRAQ: 20010122 def - 2001 - 05:网景Fasttrack服务器缓存DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98021351718874&w=2参考:BUGTRAQ: 20010124 iPlanet FastTrack / Enterprise 4.1 DoS澄清参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2参考:报价:2273参考:网址:http://www.securityfocus.com/bid/2273参考:XF: netscape-fasttrack-cache-dos(5985)参考:网址:http://xforce.iss.net/static/5985.php缓存模块网景Fasttrack服务器4.1允许远程攻击者造成拒绝服务(资源枯竭)通过请求大量的不存在的url。修改:DESC修复错误:“URL”应该是“URL”CHANGEREF(规范化)XF: netscape-fasttrack-cache-dos(5985)推断行动:- 2001 - 0175能接受(3接受0 ack, 0评论)目前投票:接受(3)Lawler,贝克,弗雷希无操作(1)Ziese选民的评论:弗雷希>中描述,考虑改变占有“URL”复数“URL”。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0176网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0176最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010309分配:20010308类别:科幻参考:BUGTRAQ: 20001218更多的奏鸣曲会议软件漏洞。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html参考:报价:2125参考:网址:http://www.securityfocus.com/bid/2125参考:XF: sonata-command-execute(5787)参考:网址:http://xforce.iss.net/static/5787.phpVoyant奏鸣曲中的setuid doroot程序3。x执行任意命令行参数,它允许本地用户获得根权限。修改:ADDREF XF: sonata-command-execute(5787)推断行动:- 2001 - 0176能接受(3接受0 ack, 0评论)目前投票:接受(2)Lawler,贝克弗伦奇等待修改(1)(1)Ziese选民的评论:Lawler >这doroot命令似乎是一个“特性”的供应商。弗雷希> XF: sonata-command-execute(5787) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0182网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0182最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010309分配:20010308类别:科幻参考:BUGTRAQ: 20010117许可防火墙1 DoS攻击参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html参考:XF: fw1-limited-license-dos参考:网址:http://xforce.iss.net/static/5966.php参考:报价:2238参考:网址:http://www.securityfocus.com/bid/2238防火墙1 4.1与limited-IP许可允许远程攻击者造成拒绝服务通过发送大量的欺骗与各种源地址到内部接口IP数据包,洪水控制台警告消息和消耗的CPU资源。修改:DESC修复错误推断行动:- 2001 - 0182能接受(3接受0 ack, 0评论)目前投票:接受(3)Lawler,贝克,弗雷希无操作(1)Ziese选民的评论:Lawler >检查点是修复这在接下来的服务发布。工作是可用的。弗雷希>中描述,产品名称是防火墙1。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0189网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0189最终决定:阶段性裁决:20010911修改:建议:20010309分配:20010308类别:科幻参考:BUGTRAQ: 20010119 LocalWEB2000目录遍历脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html参考:报价:2268参考:网址:http://www.securityfocus.com/bid/2268参考:XF: localweb2k-directory-traversal参考:网址:http://xforce.iss.net/static/5982.php目录遍历脆弱性LocalWEB2000 HTTP服务器允许远程攻击者读取任意命令通过一个. .(点点)袭击一个HTTP GET请求。推断行动:- 2001 - 0189能接受(3接受0 ack, 0评论)目前投票:接受(3)Lawler,贝克,弗雷希无操作(1)Ziese选民的评论:Lawler >将固定在将来的版本。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0203网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0203最终决定:阶段性裁决:20010911修改:建议:20010309分配:20010308类别:科幻参考:BUGTRAQ: 20010120沃奇卫士防火墙高特权脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html参考:报价:2284参考:网址:http://www.securityfocus.com/bid/2284参考:XF: watchguard-firebox-obtain-passphrase参考:网址:http://xforce.iss.net/static/5979.php沃奇卫士燃烧室二世与只读访问防火墙允许用户获得读写访问和管理权限,访问一个文件,其中包含散列密码,使用散列在身份验证。推断行动:- 2001 - 0203能接受(3接受,1 ack, 0评论)目前投票:接受(3)Lawler,抑郁症,奥利弗等待(1)Ziese选民的评论:奥利弗>供应商承认和评论在热修复补丁= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0207网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0207最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010309分配:20010308类别:科幻参考:BUGTRAQ: 20010119缓冲区溢出在必应参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0333.html参考:XF: linux-bing-bo参考:网址:http://xforce.iss.net/static/6036.php参考:报价:2279参考:网址:http://www.securityfocus.com/bid/2279缓冲区溢出在bing允许远程攻击者通过主机名,执行任意命令复制到一个小的缓冲后反向DNS查找使用gethostbyaddr函数。修改:DESC修复错误:“脚趾xecute”推断行动:- 2001 - 0207 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)抑郁症,奥利弗等待(2)Lawler, Ziese选民的评论:弗雷希>中描述,标准化拼写“脚趾xecute”= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0215网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0215最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010309分配:20010308类别:科幻参考:BUGTRAQ: 20010212道路搜索系统“显示文件”脆弱性与“空咬”错误参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html参考:确认:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html参考:XF: roads-search-view-files(6097)参考:网址:http://xforce.iss.net/static/6097.php参考:报价:2371参考:网址:http://www.securityfocus.com/bid/2371道路搜索。pl程序允许远程攻击者读取任意文件指定文件名的形式参数和终止null字节的文件名。修改:ADDREF XF: roads-search-view-files (6097) ADDREF确认:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html推断行动:- 2001 - 0215能接受(3接受,1 ack, 0评论)目前投票:接受(2)Lawler,贝克弗伦奇等待修改(1)(3)科尔,Christey, Ziese选民的评论:弗雷希> XF: roads-search-view-files(6097)确认:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.htmlChristey >确认:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0235网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0235最终决定:阶段性裁决:20010911修改:20010430 - 01提议:20010309分配:20010308类别:科幻参考:DEBIAN: dsa - 024参考:网址:http://www.debian.org/security/2001/dsa - 024参考:FREEBSD: FreeBSD-SA-01:09参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc参考:XF: crontab-read-files crontab(6225)漏洞允许本地用户阅读的crontab文件取代的临时文件,其他用户crontab运行时编辑。修改:ADDREF XF: crontab-read-files(6225)推断行动:- 2001 - 0235能接受(4接受,2 ack, 0评论)目前投票:接受(3)Lawler,贝克,Ziese修改(1)弗雷希选民的评论:Lawler >推荐维护引用cve - 2000 - 0972弗雷希> XF: crontab-read-files(6225) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0237网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0237最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010319类别:科幻参考:BUGTRAQ: 20010509 def - 2001 - 24: Windows 2000 Kerberos DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98942093221908&w=2参考:女士:ms01 - 024参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 024. - asp参考:CIAC: l - 079参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 079. shtml参考:XF: win2k-kerberos-dos(6506)参考:网址:http://xforce.iss.net/static/6506.php参考:报价:2707参考:网址:http://www.securityfocus.com/bid/2707内存泄漏2000年微软域控制器允许远程攻击者造成拒绝服务通过反复连接到Kerberos服务然后断开没有发送任何数据。修改:ADDREF XF: win2k-kerberos-dos (6506) ADDREF CIAC: l - 079 ADDREF报价:2707年的行动:- 2001 - 0237能接受(9接受,2 ack, 0评论)目前投票:接受(8)墙,Renaud,贝克,Balinsky,科尔,Magdych,威廉姆斯,弗伦奇等待Ziese修改(1)(1)Christey选民的评论:Balinsky >尽管微软没有指定的内存泄漏LSA子系统,他们描述的行为是相同的,在Bugtraq职位。弗雷希> XF: win2k-kerberos-dos (6506) Christey >报价:2707网址:http://www.securityfocus.com/bid/2707= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0238网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0238最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010319类别:科幻参考:女士:ms01 - 022参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 022. - asp参考:CIAC: l - 074参考:网址:http://www.ciac.org/ciac/bulletins/l - 074. shtml参考:XF: ms-dacipp-webdav-access(6405)参考:网址:http://xforce.iss.net/static/6405.php微软的数据访问组件网络出版提供者8.103.2519.0早些时候,允许远程攻击者绕过安全区域限制通过WebDAV请求。修改:ADDREF XF: ms-dacipp-webdav-access (6405) ADDREF CIAC: l - 074的行动:- 2001 - 0238能接受(7接受,2 ack, 0评论)目前投票:接受(6)墙,Renaud,贝克,科尔,威廉姆斯,Ziese修改(1)弗雷希选民的评论:弗雷希> XF: ms-dacipp-webdav-access(6405) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0239网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0239最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010319类别:科幻参考:BUGTRAQ: 20010416 (sx - 20010320 - 2) -微软ISA服务器拒绝服务引用:网址:http://www.securityfocus.com/archive/1/176912参考:BUGTRAQ: 20010427微软ISA服务器漏洞参考:网址:http://www.securityfocus.com/archive/1/179986参考:BUGTRAQ: 20010417 (sx - 20010320 - 2 b),后续再保险。微软ISA服务器拒绝服务引用:网址:http://www.securityfocus.com/archive/1/177160参考:女士:ms01 - 021参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 021. - asp参考:CIAC: l - 073参考:网址:http://www.ciac.org/ciac/bulletins/l - 073. shtml参考:报价:2600参考:网址:http://www.securityfocus.com/bid/2600参考:XF: isa-web-proxy-dos(6383)参考:网址:http://xforce.iss.net/static/6383.php微软互联网安全2000和加速度(ISA)服务器Web代理允许远程攻击者造成拒绝服务通过一个长Web请求与特定的类型。修改:DESC删除“可能执行任意命令”ADDREF XF: isa-web-proxy-dos (6383) ADDREF CIAC: l - 073的行动:- 2001 - 0239能接受(7接受,2 ack, 0评论)目前投票:接受(5)墙,Renaud,贝克,科尔,Ziese修改(2)威廉姆斯,弗雷希选民的评论:弗雷希> XF: isa-web-proxy-dos威廉姆斯(6383)>摆脱“执行任意命令”描述的一部分。初步analyis最初建议一个可利用的溢出可能是礼物。微软随后的源代码分析表明,只有一堆溢出,因此这个漏洞不超出利用DoS。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0240网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0240最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010319类别:科幻参考:女士:ms01 - 028参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 028. - asp参考:XF: word-rtf-macro-execution(6571)参考:网址:http://xforce.iss.net/static/6571.php参考:报价:2753参考:网址:http://www.securityfocus.com/bid/2753Microsoft Word 2002年词之前允许攻击者自动执行宏没有警告用户通过一个富文本格式(RTF)文档链接到一个模板与嵌入的宏。修改:ADDREF XF: word-rtf-macro-execution (6571) ADDREF报价:2753年的行动:- 2001 - 0240能接受(7接受,1 ack, 0评论)目前投票:接受(6)墙,贝克,科尔,Magdych,威廉姆斯,弗伦奇等待Ziese修改(1)(2)Renaud, Christey选民的评论:弗雷希> XF: word-rtf-macro-execution (6571) Christey >报价:2753网址:http://www.securityfocus.com/bid/2753= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0241网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0241最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010319类别:科幻参考:BUGTRAQ: 20010501 Windows 2000 IIS 5.0远程缓冲区溢出漏洞(远程系统级访问)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2参考:女士:ms01 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 023. - asp参考:CERT: ca - 2001 - 10参考:网址:http://www.cert.org/advisories/ca - 2001 - 10. - html参考:报价:2674参考:网址:http://www.securityfocus.com/bid/2674参考:XF: iis-isapi-printer-bo(6485)参考:网址:http://xforce.iss.net/static/6485.php缓冲区溢出在Windows 2000网络印刷ISAPI扩展允许远程攻击者获得根权限通过长时间打印请求传递通过IIS 5.0的扩展。修改:ADDREF XF: iis-isapi-printer-bo (6485) ADDREF CERT: ca - 2001 - 10的行动:- 2001 - 0241能接受(9接受,2 ack, 0评论)目前投票:接受(8)墙,Renaud,贝克,Balinsky,科尔,Magdych,威廉姆斯,Ziese修改(1)弗雷希选民的评论:Balinsky >咨询作者参考供应商确认,并同意其准确性。弗雷希> XF: iis-isapi-printer-bo(6485) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0243网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0243最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010319类别:科幻参考:女士:ms01 - 029参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 029. - asp参考:XF: mediaplayer-html-shortcut(6584)参考:网址:http://xforce.iss.net/static/6584.php参考:报价:2765参考:网址:http://www.securityfocus.com/bid/2765Windows媒体播放器7和早期互联网快捷键存储在用户的临时文件的文件夹与固定文件名,而不是ie缓存,导致这些快捷键的HTML运行在本地计算机区而不是互联网的区域,它允许远程攻击者读取某些文件。修改:ADDREF XF: mediaplayer-html-shortcut (6584) ADDREF报价:2765年的行动:- 2001 - 0243能接受(7接受,1 ack, 0评论)目前投票:接受(6)墙,贝克,科尔,Magdych,威廉姆斯,弗伦奇等待Ziese修改(1)(2)Renaud, Christey选民的评论:弗雷希> XF: mediaplayer-html-shortcut (6584) Christey >报价:2765网址:http://www.securityfocus.com/bid/2765= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0244网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0244最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010319类别:科幻参考:女士:ms01 - 025参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 025. - asp参考:报价:2709参考:网址:http://www.securityfocus.com/bid/2709参考:XF: winnt-indexserver-search-bo(6517)参考:网址:http://xforce.iss.net/static/6517.php缓冲区溢出在微软索引服务器2.0允许远程攻击者执行任意命令通过一个长时间的搜索参数。修改:ADDREF XF: winnt-indexserver-search-bo (6517) ADDREF报价:2709年的行动:- 2001 - 0244能接受(9接受,1 ack, 0评论)目前投票:接受(8)墙,Renaud,贝克,Balinsky,科尔,Magdych,威廉姆斯,Ziese修改(1)弗雷希选民的评论:弗雷希> XF: winnt-indexserver-search-bo(6517) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0245网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0245最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010319类别:科幻参考:女士:ms01 - 025参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 025. - asp参考:XF: win-indexserver-view-files(6518)参考:网址:http://xforce.iss.net/static/6518.php微软在Windows NT 4.0 2.0索引服务器,在Windows 2000和索引服务,允许远程攻击者读取服务器端包含文件通过一个搜索请求畸形,又名“畸形Hit-Highlighting”的新变体的弱点。修改:ADDREF XF: win-indexserver-view-files(6518)推断行动:- 2001 - 0245能接受(9接受,1 ack, 0评论)目前投票:接受(8)墙,Renaud,贝克,Balinsky,科尔,Magdych,威廉姆斯,Ziese修改(1)弗雷希选民的评论:弗雷希> XF: win-indexserver-view-files(6518) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0248网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0248最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010322类别:科幻参考:奈:20010409 Globbing漏洞在多个FTP守护进程参考:网址:http://www.pgp.com/research/covert/advisories/048.asp参考:CERT: ca - 2001 - 07年参考:网址:http://www.cert.org/advisories/ca - 2001 - 07. - html参考:报价:2552参考:网址:http://www.securityfocus.com/bid/2552参考:XF: ftp-glob-expansion(6332)参考:网址:http://xforce.iss.net/static/6332.php缓冲区溢出在FTP服务器HPUX 11允许远程攻击者执行任意命令通过创建一个长路径名和调用STAT命令,它使用水珠生成长的字符串。修改:ADDREF XF: ftp-glob-expansion(6332)内容判定:SF-LOC, SF-CODEBASE推断行动:- 2001 - 0248能接受(5接受,2 ack, 0评论)HAS_CDS目前投票:接受(4)Renaud,贝克,科尔,弗伦奇等待Ziese修改(1)(1)墙选民的评论:弗雷希> XF: ftp-glob-expansion(6332) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0249网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0249最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010322类别:科幻参考:奈:20010409 Globbing漏洞在多个FTP守护进程参考:网址:http://www.pgp.com/research/covert/advisories/048.asp参考:CERT: ca - 2001 - 07年参考:网址:http://www.cert.org/advisories/ca - 2001 - 07. - html参考:报价:2550参考:网址:http://www.securityfocus.com/bid/2550参考:XF: ftp-glob-expansion(6332)参考:网址:http://xforce.iss.net/static/6332.php堆溢出在Solaris 8 FTP守护进程中允许远程攻击者执行任意命令通过创建一个长路径名和调用命令列表,它使用水珠生成长字符串。修改:ADDREF XF: ftp-glob-expansion(6332)内容判定:SF-LOC, SF-CODEBASE推断行动:- 2001 - 0249能接受(5接受,2 ack, 0评论)HAS_CDS目前投票:接受(4)Renaud,贝克,科尔,弗伦奇等待Ziese修改(1)(1)墙选民的评论:弗雷希> XF: ftp-glob-expansion(6332) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0330网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0330最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010427类别:科幻参考:ATSTAKE: A043001-1参考:网址:http://www.atstake.com/research/advisories/2001/a043001 - 1. - txt参考:报价:2671参考:网址:http://www.securityfocus.com/bid/2671参考:XF: bugzilla-gobalpl-gain-information(6489)参考:网址:http://xforce.iss.net/static/6489.phpBugzilla 2.10允许远程攻击者访问敏感信息,包括数据库用户名和密码,通过一个全局的HTTP请求。pl文件,它通常是由web服务器返回而不被执行。修改:ADDREF XF: bugzilla-gobalpl-gain-information(6489)推断行动:- 2001 - 0330能接受(5接受0 ack, 0评论)目前投票:接受(4)Renaud,贝克,科尔,威廉姆斯弗伦奇等待修改(1)(3)Ziese,墙,奥利弗选民的评论:弗雷希> XF: bugzilla-gobalpl-gain-information(6489) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0331网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0331最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010508类别:科幻参考:国际空间站:20010509远程缓冲区溢出漏洞在IRIX嵌入式支持合作伙伴基础设施参考:网址:http://xforce.iss.net/alerts/advise76.php参考:SGI: 20010501 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P参考:XF: irix-espd-bo(6502)参考:网址:http://xforce.iss.net/static/6502.php缓冲区溢出在嵌入式支持合作伙伴(ESP)守护进程(rpc.espd)早些时候在IRIX 6.5.8及允许远程攻击者执行任意命令。修改:ADDREF XF: irix-espd-bo(6502)推断行动:- 2001 - 0331能接受(6接受,2 ack, 0评论)目前投票:接受(6)Ziese Renaud,贝克,科尔,Magdych,威廉姆斯弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: irix-espd-bo(6502) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0333网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0333最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010510类别:科幻参考:BUGTRAQ: 20010515 NSFOCUS SA2001-02: Microsoft IIS CGI文件名解码错误漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2参考:女士:ms01 - 026参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 026. - asp参考:CERT: ca - 2001 - 12参考:网址:http://www.cert.org/advisories/ca - 2001 - 12. - html参考:XF: iis-url-decoding(6534)参考:网址:http://xforce.iss.net/static/6534.php参考:报价:2708参考:网址:http://www.securityfocus.com/bid/2708目录遍历脆弱性在IIS 5.0和更早的允许远程攻击者执行任意命令编码. .(点点)和两次“\”的角色。修改:ADDREF XF: iis-url-decoding (6534) ADDREF报价:2708 ADDREF CERT: ca - 2001 - 12的行动:- 2001 - 0333能接受(8接受,2 ack, 0评论)目前投票:接受(7)Ziese,墙,Renaud,贝克,科尔,Magdych,威廉姆斯弗伦奇等待修改(1)(1)Christey选民的评论:弗雷希> XF: iis-url-decoding (6534) Christey >报价:2708网址:http://www.securityfocus.com/bid/2708= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0334网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0334最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010510类别:科幻参考:女士:ms01 - 026参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 026. - asp参考:XF: iis-ftp-wildcard-dos(6535)参考:网址:http://xforce.iss.net/static/6535.php早些时候在IIS 5.0和FTP服务允许远程攻击者造成拒绝服务通过一个通配符序列生成一个长字符串时扩大。修改:ADDREF XF: iis-ftp-wildcard-dos(6535)推断行动:- 2001 - 0334能接受(8接受,1 ack, 0评论)目前投票:接受(7)Ziese,墙,Renaud,贝克,科尔,Magdych,威廉姆斯修改(1)弗雷希选民的评论:弗雷希> XF: iis-ftp-wildcard-dos(6535) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0335网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0335最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010510类别:科幻参考:女士:ms01 - 026参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 026. - asp参考:XF: iis-ftp-domain-authentication(6545)参考:网址:http://xforce.iss.net/static/6545.php参考:报价:2719参考:网址:http://www.securityfocus.com/bid/2719早些时候在IIS 5.0和FTP服务允许远程攻击者列举前客人信任域的账户用户名与一个特殊的字符序列。修改:ADDREF XF: iis-ftp-domain-authentication(6545)推断行动:- 2001 - 0335能接受(8接受,1 ack, 0评论)目前投票:接受(7)Ziese,墙,Renaud,贝克,科尔,Magdych,威廉姆斯弗伦奇等待修改(1)(1)Christey选民的评论:弗雷希> XF: iis-ftp-domain-authentication (6545) Christey >报价:2719网址:http://www.securityfocus.com/bid/2719= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0336网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0336最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010510类别:科幻参考:女士:ms01 - 026参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 026. - asp参考:XF: iis-crosssitescripting-patch-dos(6858)参考:网址:http://xforce.iss.net/static/6858.php微软ms00 - 060块的IIS 5.0和更早的引入了一个错误,允许攻击者通过畸形引起拒绝服务请求。修改:ADDREF XF: iis-crosssitescripting-patch-dos(6858)推断行动:- 2001 - 0336能接受(7接受,1 ack, 0评论)目前投票:接受(6)Ziese,墙,Renaud,贝克,科尔,威廉姆斯修改(1)弗雷希选民的评论:弗雷希> XF: iis-crosssitescripting-patch-dos(6858) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0338网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0338最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010510类别:科幻参考:女士:ms01 - 027参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 027. - asp参考:CIAC: l - 087参考:网址:http://www.ciac.org/ciac/bulletins/l - 087. shtml参考:XF: ie-crl-certificate-spoofing(6555)参考:网址:http://xforce.iss.net/static/6555.php参考:报价:2735参考:网址:http://www.securityfocus.com/bid/2735Internet Explorer 5.5和更早的版本不正确验证数字证书启用证书撤销列表(CRL)检查时,这可能允许远程攻击者欺骗信任网站,又称“服务器证书验证漏洞。”Modifications: ADDREF XF:ie-crl-certificate-spoofing(6555) ADDREF BID:2735 ADDREF CIAC:L-087 INFERRED ACTION: CAN-2001-0338 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Wall, Baker, Balinsky, Cole, Williams MODIFY(1) Frech NOOP(2) Ziese, Renaud Voter Comments: Frech> XF:ie-crl-certificate-spoofing(6555) ====================================================== Candidate: CAN-2001-0339 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0339最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010510类别:科幻参考:女士:ms01 - 027参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 027. - asp参考:CIAC: l - 087参考:网址:http://www.ciac.org/ciac/bulletins/l - 087. shtml参考:XF: ie-html-url-spoofing(6556)参考:网址:http://xforce.iss.net/static/6556.php参考:报价:2737参考:网址:http://www.securityfocus.com/bid/2737Internet Explorer 5.5和更早的版本允许远程攻击者在地址栏中显示的URL是不同URL实际上是显示,这可能是用于网站欺骗攻击,又称“网页欺骗漏洞。”Modifications: ADDREF XF:ie-html-url-spoofing(6556) ADDREF BID:2737 ADDREF CIAC:L-087 INFERRED ACTION: CAN-2001-0339 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Wall, Baker, Balinsky, Williams MODIFY(1) Frech NOOP(3) Ziese, Renaud, Cole Voter Comments: Frech> XF:ie-html-url-spoofing(6556) ====================================================== Candidate: CAN-2001-0340 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0340最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010727分配:20010510类别:科幻参考:女士:ms01 - 030参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 030. - asp参考:CIAC: l - 091参考:网址:http://www.ciac.org/ciac/bulletins/l - 091. shtml参考:XF: exchange-owa-script-execution(6652)参考:网址:http://xforce.iss.net/static/6652.php之间的交互Outlook Web Access (OWA)服务在2000年微软交换服务器和Internet Explorer允许攻击者执行恶意脚本代码对用户的邮箱附件包含HTML代码通过一个消息,这是自动执行的。修改:ADDREF XF: exchange-owa-script-execution (6652) ADDREF CIAC: l - 091的行动:- 2001 - 0340能接受(8接受,2 ack, 0评论)目前投票:接受(7)Ziese,普罗塞,Stracener,墙,Balinsky, Foat,科尔弗伦奇选民的评论修改(1):法国人> XF: exchange-owa-script-execution普罗瑟(6652)> ms01 - 030 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0341网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0341最终决定:阶段性裁决:20010911修改:建议:20010829分配:20010510类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20010625 NSFOCUS SA2001-03:网页制作2000服务器扩展缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2参考:女士:ms01 - 035参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 035. - asp参考:报价:2906参考:网址:http://www.securityfocus.com/bid/2906缓冲区溢出在微软Visual Studio RAD支持首页的子组件服务器扩展允许远程攻击者执行任意命令通过一个长fp30reg.dll注册请求(URL)。推断行动:- 2001 - 0341能接受(4接受,1 ack, 0评论)目前投票:接受(4)主教,Ziese,墙,科尔等待(1)阿姆斯特朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0344网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0344最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010727分配:20010516类别:科幻参考:女士:ms01 - 032参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 032. - asp参考:CIAC: l - 095参考:网址:http://www.ciac.org/ciac/bulletins/l - 095. shtml参考:XF: mssql-cached-connection-access(6684)参考:网址:http://xforce.iss.net/static/6684.phpMicrosoft SQL Server 2000黄金一个SQL查询方法和7.0使用混合模式允许本地数据库用户获得特权通过重用一个缓存连接sa的管理员帐户。修改:ADDREF XF: mssql-cached-connection-access (6684) ADDREF CIAC: l - 095的行动:- 2001 - 0344能接受(7接受,2 ack, 0评论)目前投票:接受(6)Ziese Stracener,墙,Balinsky, Foat,科尔弗伦奇选民的评论修改(1):法国人> XF: mssql-cached-connection-access(6684) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0345网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0345最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010727分配:20010516类别:科幻参考:女士:ms01 - 031参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 031. - asp参考:报价:2843参考:网址:http://www.securityfocus.com/bid/2843参考:XF: win2k-telnet-idle-sessions-dos(6667)参考:网址:http://xforce.iss.net/static/6667.php微软Windows 2000 telnet服务允许攻击者为了防止闲置telnet会话超时,导致拒绝服务通过创建大量的闲置会话。修改:ADDREF XF: win2k-telnet-idle-sessions-dos (6667) ADDREF报价:2843年的行动:- 2001 - 0345能接受(7接受,1 ack, 0评论)目前投票:接受(6)Ziese Stracener,墙,Balinsky, Foat,科尔弗伦奇选民的评论修改(1):法国人> XF: win2k-telnet-idle-sessions-dos(6667) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0346网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0346最终决定:阶段性裁决:20010911修改:建议:20010829分配:20010516类别:科幻参考:女士:ms01 - 031参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 031. - asp处理泄漏2000年微软Windows telnet服务允许攻击者造成拒绝服务开始大量的会话和终止。推断行动:- 2001 - 0346能接受(5接受,1 ack, 0评论)目前投票:接受(5)主教,Ziese,墙,科尔,阿姆斯特朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0347网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0347最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010727分配:20010516类别:科幻参考:女士:ms01 - 031参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 031. - asp参考:CIAC: l - 092参考:网址:http://www.ciac.org/ciac/bulletins/l - 092. shtml参考:报价:2847参考:网址:http://www.securityfocus.com/bid/2847参考:XF: win2k-telnet-domain-authentication(6665)参考:网址:http://xforce.iss.net/static/6665.php信息披露漏洞在2000年微软Windows telnet服务允许远程攻击者来决定用户帐户,如客人的存在,或登录到服务器不指定域名,通过一个畸形的userid。修改:ADDREF XF: win2k-telnet-domain-authentication (6665) DESC添加细节。推断行动:- 2001 - 0347能接受(7接受,2 ack, 0评论)目前投票:接受(5)Ziese Stracener,墙,Foat,科尔修改(2)Balinsky弗雷希选民的评论:Balinsky >而不是“确定客人账户”说“访问账户,如客人,他们知道密码”弗雷希> XF: win2k-telnet-domain-authentication(6665) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0348网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0348最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010727分配:20010516类别:科幻参考:BINDVIEW: 20010608范围检查故障情况在2000年微软Windows Telnet服务器参考:网址:http://razor.bindview.com/publish/advisories/adv_mstelnet.html参考:女士:ms01 - 031参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 031. - asp参考:CIAC: l - 092参考:网址:http://www.ciac.org/ciac/bulletins/l - 092. shtml参考:XF: win2k-telnet-username-dos(6666)参考:网址:http://xforce.iss.net/static/6666.phpMicrosoft Windows 2000 telnet服务允许攻击者造成拒绝服务(崩溃)通过登录命令包含一个退格。修改:ADDREF XF: win2k-telnet-username-dos (6666) ADDREF BINDVIEW: 20010608范围检查故障情况在2000年微软Windows Telnet服务器ADDREF CIAC: l - 092的行动:- 2001 - 0348能接受(7接受,3 ack, 0评论)目前投票:接受(6)Ziese Stracener,墙,Balinsky, Foat,科尔弗伦奇选民的评论修改(1):法国人> XF: win2k-telnet-username-dos(6666) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0351网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0351最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010727分配:20010516类别:科幻参考:女士:ms01 - 031参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 031. - asp参考:CIAC: l - 092参考:网址:http://www.ciac.org/ciac/bulletins/l - 092. shtml参考:XF: win2k-telnet-system-call-dos(6669)参考:网址:http://xforce.iss.net/static/6669.php参考:报价:2846参考:网址:http://www.securityfocus.com/bid/2846Microsoft Windows 2000 telnet服务允许本地用户做出某些系统调用允许用户终止telnet会话,导致拒绝服务。修改:ADDREF XF: win2k-telnet-system-call-dos (6669) ADDREF报价:2846 ADDREF CIAC: l - 092的行动:- 2001 - 0351能接受(7接受,2 ack, 0评论)目前投票:接受(6)Ziese Stracener,墙,Balinsky, Foat,科尔弗伦奇选民的评论修改(1):法国人> XF: win2k-telnet-system-call-dos(6669) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0353网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0353最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010727分配:20010523类别:科幻参考:国际空间站:20010619远程缓冲区溢出漏洞在Solaris中打印协议守护程序参考:网址:http://xforce.iss.net/alerts/advise80.php参考:太阳:00206参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/206参考:CERT: ca - 2001 - 15参考:网址:http://www.cert.org/advisories/ca - 2001 - 15. - html参考:XF: solaris-lpd-bo(6718)参考:网址:http://xforce.iss.net/static/6718.php参考:报价:2894参考:网址:http://www.securityfocus.com/bid/2894缓冲区溢出的行式打印机守护进程(in.lpd) Solaris早8和允许本地和远程攻击者获得根权限通过“转移工作”程序。修改:ADDREF XF: solaris-lpd-bo (6718) ADDREF报价:2894 ADDREF CERT: ca - 2001 - 15 ADDREF太阳:推断行动:00206 - 2001 - 0353能接受(3接受,3 ack, 0评论)目前投票:接受(3)Ziese Stracener,科尔弗伦奇等待修改(1)(3)墙,Foat, Christey选民的评论:弗雷希> XF: solaris-lpd-bo (6718) Christey >报价:2894http://www.securityfocus.com/bid/2894Christey > CERT: ca - 2001 - 15 URL:http://www.cert.org/advisories/ca - 2001 - 15. - html太阳:00206 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0361网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0361最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010207(核心SDI咨询)SSH1会话密钥恢复脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98158450021686&w=2参考:CIAC: l - 047参考:网址:http://www.ciac.org/ciac/bulletins/l - 047. shtml参考:FREEBSD: FreeBSD-SA-01:24参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc参考:DEBIAN: dsa - 027参考:网址:http://www.debian.org/security/2001/dsa - 027参考:思科:20010627多个SSH漏洞参考:网址:http://www.cisc.com/warp/public/707/SSH-multiple-pub.html参考:SUSE: SuSE-SA: 2001:04参考:网址:http://www.suse.de/de/support/security/adv004_ssh.txt参考:XF: ssh-session-key-recovery(6082)参考:网址:http://xforce.iss.net/static/6082.php参考:报价:2344参考:网址:http://www.securityfocus.com/bid/2344SSH 1.5版本的实现,包括(1)OpenSSH版本tripwire, (2) AppGate,和(3)ssh-1 1.2.31版本,在某些配置,允许远程攻击者解密和/或改变交通通过“Bleichenbacher攻击”PKCS # 1 1.5版本。修改:DESC缩短(略)ADDREF XF: ssh-session-key-recovery (6082) CHANGEREF(修复)BUGTRAQ ADDREF DEBIAN: dsa - 027 ADDREF CIAC: l - 047 ADDREF FREEBSD: FreeBSD-SA-01:24 ADDREF思科:20010627多个SSH漏洞ADDREF SUSE: SuSE-SA: 2001:04推断行动:- 2001 - 0361能接受(4,5 ack, 0评论)目前投票:接受(3)Ziese,科尔,奥利弗·弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: ssh-session-key-recovery(6082) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0368网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0368最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010430中发现一个严重的安全漏洞BearShare(目录遍历)参考:网址:http://www.securityfocus.com/archive/1/180644参考:报价:2672参考:网址:http://www.securityfocus.com/bid/2672参考:XF: bearshare-dot-download-files(6481)参考:网址:http://xforce.iss.net/static/6481.php目录遍历早些时候在2.2.2 BearShare和漏洞允许远程攻击者读取某些文件通过一个包含一系列的URL。的角色,一个变化. .(点点)攻击。修改:ADDREF XF: bearshare-dot-download-files(6481)推断行动:- 2001 - 0368能接受(5接受0 ack, 0评论)目前投票:接受(4)Renaud,贝克,科尔,威廉姆斯弗伦奇等待修改(1)(3)Ziese,墙,奥利弗选民的评论:弗雷希> XF: bearshare-dot-download-files(6481) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0377网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0377最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010328 Inframail拒绝服务漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html参考:XF: inframail-post-dos(6297)参考:网址:http://xforce.iss.net/static/6297.php3.98 Infradig Inframail之前允许远程攻击者创建一个拒绝服务通过一个畸形的POST请求包括空间紧随其后的是一个大的字符串。修改:CHANGEREF(规范化)XF: inframail-post-dos(6297)推断行动:- 2001 - 0377能接受(3接受,1 ack, 0评论)目前投票:接受(3)Ziese,科尔,弗雷希等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0378网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0378最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:确认:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch参考:XF: bsd-readline-permissions(6586)参考:网址:http://xforce.iss.net/static/6586.phpreadline 4.1之前,在OpenBSD 2.8及之前,与不安全的权限创建历史文件,它允许本地攻击者潜在的敏感信息通过readline历史文件中恢复过来。修改:DELREF BUGTRAQ ADDREF XF: bsd-readline-permissions(6586)推断行动:- 2001 - 0378能接受(3接受,1 ack, 0评论)目前投票:接受(2)Ziese,科尔弗伦奇等待修改(1)(2)墙,奥利弗选民的评论:弗雷希> XF: bsd-readline-permissions (6586) BUGTRAQ引用实际上是OpenBSD-Security邮件列表。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0379网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0379最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:惠普:hpsbux0103 - 147参考:网址:http://archives.neohapsis.com/archives/hp/2001-q1/0101.html参考:XF: hp-newgrp-additional-privileges(6282)参考:网址:http://xforce.iss.net/static/6282.php脆弱性newgrp程序中附带HP9000服务器运行hp - ux 11.11允许本地攻击者获得更高的访问权限。修改:ADDREF XF: hp-newgrp-additional-privileges(6282)推断行动:- 2001 - 0379能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: hp-newgrp-additional-privileges(6282) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0383网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0383最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010401 Php-nuke利用…参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html参考:确认:http://phpnuke.org/download.php?dcategory=Fixes参考:XF: php-nuke-url-redirect(6342)参考:网址:http://xforce.iss.net/static/6342.php参考:报价:2544参考:网址:http://www.securityfocus.com/bid/2544横幅。早些时候在PHP-Nuke 4.4和php允许远程攻击者修改横幅广告通过直接调用url更改操作,而不需要身份验证。修改:DESC修复错误:“URL”ADDREF XF: php-nuke-url-redirect (6342) ADDREF报价:2544年的行动:- 2001 - 0383能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(2)墙,Christey选民的评论:弗雷希> XF: php-nuke-url-redirect(6342)在描述,URL应该URL(不是所有格)。Christey >我将“自己的”URL的错误(双关语)。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0387网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0387最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010412 HylaFAX脆弱性参考:网址:http://www.securityfocus.com/archive/1/175963参考:BUGTRAQ: 20010415 * * * *安全顾问——HylaFAX格式字符串漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0236.html参考:FREEBSD: FreeBSD-SA-01:34参考:网址:http://archives.neohapsis.com/archives/freebsd/2001-04/0606.html参考:SUSE: SuSE-SA: 2001:15参考:网址:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0005.html参考:曼德拉草:MDKSA-2001:041参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 041. - php3参考:报价:2574参考:网址:http://www.securityfocus.com/bid/2574参考:XF: hylafax-hfaxd-format-string(6377)参考:网址:http://xforce.iss.net/static/6377.php格式字符串漏洞在hfaxd HylaFAX之前4.1。通过q b2_2允许本地用户获得特权命令行参数。修改:ADDREF XF: hylafax-hfaxd-format-string(6377)推断行动:- 2001 - 0387能接受(5接受,2 ack, 0评论)目前投票:接受(4)Ziese,贝克,科尔,威廉姆斯弗伦奇等待修改(1)(2)墙,Renaud选民的评论:弗雷希> XF: hylafax-hfaxd-format-string(6377) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0388网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0388最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:FREEBSD: FreeBSD-SA-01:28参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc参考:曼德拉草:MDKSA-2001:034参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 034. - php3参考:SUSE: SuSE-SA: 2001:07参考:网址:http://www.suse.de/de/support/security/2001_007_nkitserv.txt参考:XF: timed-remote-dos(6228)参考:网址:http://xforce.iss.net/static/6228.php时间服务器守护进程时间允许远程攻击者通过畸形数据包导致拒绝服务。修改:CHANGEREF(规范化)XF: timed-remote-dos(6228)推断行动:- 2001 - 0388能接受(5接受,2 ack, 0评论)目前投票:接受(5)Ziese,贝克,科尔,抑郁症,奥利弗等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0402网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0402最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010408碎片攻击IP过滤参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98679734015538&w=2参考:FREEBSD: FreeBSD-SA-01:32参考:网址:http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html参考:XF: ipfilter-access-ports(6331)参考:网址:http://xforce.iss.net/static/6331.phpIPFilter 3.4.16早些时候,不包括足够的会话信息的缓存,它允许远程攻击者绕过访问限制通过发送支离破碎后限制端口发送数据包unfragmented包一个无限制的端口。修改:ADDREF XF: ipfilter-access-ports(6331)推断行动:- 2001 - 0402能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: ipfilter-access-ports(6331) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0405网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0405最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010416风暴安全科技,Adivsory # 01/2001——Linux IPTables参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html参考:REDHAT: RHSA-2001:052参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 052. - html参考:曼德拉草:MDKSA-2001:071参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 071. - php3参考:报价:2602参考:网址:http://www.securityfocus.com/bid/2602参考:XF: linux-netfilter-iptables(6390)参考:网址:http://xforce.iss.net/static/6390.phpip_conntrack_ftp IPTables防火墙的Linux 2.4允许远程攻击者绕过访问限制为一个FTP服务器通过一个端口的命令列表任意IP地址和端口号,这是添加到相关的表和允许通过防火墙。修改:ADDREF XF: linux-netfilter-iptables (6390) ADDREF曼德拉草:MDKSA-2001:071推断行动:- 2001 - 0405能接受(6接受,1 ack, 0评论)目前投票:接受(5)Ziese,普罗塞,贝克,科尔,威廉姆斯弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: linux-netfilter-iptables普罗瑟(6390)>http://www.linux-mandrake.com/en/security/mdk-updates.php3?dis=8.0额外的参考:http://www.tempest.com.br/advisories/01 - 2001. - html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0408网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0408最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:曼德拉草:MDKSA-2001:035参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 035. - php3参考:REDHAT: RHSA-2001:008参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 008. - html参考:SUSE: SuSE-SA: 2001:12参考:网址:http://www.suse.de/de/support/security/2001_012_vim.txt参考:火山口:综援- 2001 - 014.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2001 014.0.txt参考:BUGTRAQ: 20010329 Immunix操作系统安全更新vim参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98593106111968&w=2参考:报价:2510参考:网址:http://www.securityfocus.com/bid/2510参考:XF: vim-elevate-privileges(6259)参考:网址:http://xforce.iss.net/static/6259.phpvim(又名gvim)流程vim控制代码嵌入到一个文件,它可以让攻击者执行任意命令当另一个用户打开包含恶意vim控制代码的文件。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0408能接受(4接受,3 ack, 0评论)目前投票:接受(4)抑郁症,Ziese,贝克,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0409网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0409最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:SUSE: SuSE-SA: 2001:12参考:网址:http://www.suse.de/de/support/security/2001_012_vim.txt参考:火山口:综援- 2001 - 014.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2001 014.0.txt参考:XF: vim-tmp-symlink(6628)参考:网址:http://xforce.iss.net/static/6628.phpvim(又名gvim)允许本地用户修改其他用户正在编辑的文件通过一个符号链接攻击备份和交换文件,当受害者是人人可写的目录中编辑文件。修改:ADDREF XF: vim-tmp-symlink (6628) DESC修复错误推断行动:- 2001 - 0409能接受(4接受,2 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: vim-tmp-symlink(6628)在描述,可写应该是可写的。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0412网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0412最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:思科:20010404思科内容服务切换用户帐户脆弱性参考:网址:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml参考:报价:2559参考:网址:http://www.securityfocus.com/bid/2559参考:XF: cisco-css-elevate-privileges(6322)参考:网址:http://xforce.iss.net/static/6322.php思科内容服务(CSS)开关产品11800年和前,又名Arrowpoint,允许本地用户获得特权进入调试模式。修改:ADDREF XF: cisco-css-elevate-privileges (6322) ADDREF报价:2559年的行动:- 2001 - 0412能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: cisco-css-elevate-privileges(6322) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0413网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0413最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010404 BinTec X4000访问路由器DoS脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98644414226344&w=2参考:BUGTRAQ: 20010406 X4000 DoS:细节和方法参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98659862317070&w=2参考:BUGTRAQ: 20010410 BinTec路由器DoS:解决方案和细节参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html参考:BUGTRAQ: 20010409 BINTEC X1200参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98697054804197&w=2参考:XF: bintec-x4000-nmap-dos(6323)参考:网址:http://xforce.iss.net/static/6323.phpBinTec X4000访问路由器,可能还有其他版本,允许远程攻击者通过SYN引起拒绝服务端口扫描,导致路由器挂。修改:ADDREF XF: bintec-x4000-nmap-dos(6323)推断行动:- 2001 - 0413能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: bintec-x4000-nmap-dos(6323) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0414网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0414最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010404 ntpd = < 4.0.99k远程缓冲区溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98642418618512&w=2参考:BUGTRAQ: 20010405 Re: ntpd = < 4.0.99k远程缓冲区溢出)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98654963328381&w=2参考:REDHAT: RHSA-2001:045参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 045. - html参考:火山口:综援- 2001 - 013参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2001 013.0.txt参考:曼德拉草:MDKSA-2001:036参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 036. - php3参考:DEBIAN: dsa - 045参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98651866104663&w=2参考:NETBSD: NETBSD - sa2001 - 004参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2001 txt.asc——004.参考:SUSE: SuSE-SA: 2001:10参考:网址:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html参考:CONECTIVA: CLA-2001:392参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392参考:FREEBSD: FreeBSD-SA-01:31参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc参考:上海合作组织:SSE073参考:网址:ftp://ftp.sco.com/SSE/sse073.ltr参考:上海合作组织:SSE074参考:网址:ftp://ftp.sco.com/SSE/sse074.ltr参考:BUGTRAQ: 20010408 (slackware-security)缓冲区溢位修复国家结核控制规划参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98679815917014&w=2参考:BUGTRAQ: 20010409后代- sa - 2001 - 02: ntpd远程缓冲区溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98684202610470&w=2参考:BUGTRAQ: 20010409 ntpd——新的Debian 2.2(马铃薯)版本也是脆弱的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98684532921941&w=2参考:BUGTRAQ: 20010406 Immunix OS的安全更新国家结核控制规划和xntp3参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98659782815613&w=2国家结核控制规划- 4.99 k23.tar参考:BUGTRAQ: 20010409。广州可参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98683952401753&w=2参考:BUGTRAQ: 20010418 IBM MSS外部顾问分配:IBM AIX:缓冲区溢出漏洞(x)国家结核控制规划参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html参考:BUGTRAQ: 20010409 (esa - 20010409 - 01) xntp缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html参考:BUGTRAQ: 20010413后代- sa - 2001 - 02 a:【更新】ntpd远程缓冲区溢出参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html参考:报价:2540参考:网址:http://www.securityfocus.com/bid/2540参考:XF: ntpd-remote-bo(6321)参考:网址:http://xforce.iss.net/static/6321.php早些时候在国家结核控制规划守护进程4.0.99k ntpd,缓冲区溢出(又名xntpd和xntp3)允许远程攻击者可能导致拒绝服务和执行任意命令通过一个长readvar论点。修改:ADDREF XF: ntpd-remote-bo(6321)推断行动:- 2001 - 0414能接受(5接受,6 ack, 0评论)目前投票:接受(4)Ziese,贝克•博林格,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: ntpd-remote-bo(6321) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0427网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0427最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:思科:20010328 VPN3000集中器TELNET脆弱性参考:网址:http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml参考:XF: cisco-vpn-telnet-dos(6298)参考:网址:http://xforce.iss.net/static/6298.php思科VPN 3000系列集中器之前2.5.2 (F)允许远程攻击者造成拒绝服务通过大量无效的登录请求(1)SSL服务,或(2)telnet服务,不正确断开用户经过几次失败的登录尝试。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0427能接受(4接受,1 ack, 0评论)目前投票:接受(4)抑郁症,Ziese,贝克,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0428网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0428最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:思科:3000 VPN 20010412集中器IP选项脆弱性参考:网址:http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml参考:报价:2573参考:网址:http://www.securityfocus.com/bid/2573参考:XF: cisco-vpn-ip-dos(6360)参考:网址:http://xforce.iss.net/static/6360.php思科VPN 3000系列集中器之前2.5.2 (F)允许远程攻击者造成拒绝服务通过一个IP包无效IP选项。修改:ADDREF XF: cisco-vpn-ip-dos(6360)推断行动:- 2001 - 0428能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: cisco-vpn-ip-dos(6360) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0429网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0429最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:思科:20010416 5000系列催化剂802.1 x脆弱性参考:网址:http://www.cisco.com/warp/public/707/cat5k - 8021 x - vuln pub.shtml参考:CIAC: l - 072参考:网址:http://www.ciac.org/ciac/bulletins/l - 072. shtml参考:报价:2604参考:网址:http://www.securityfocus.com/bid/2604参考:XF:思科催化剂- 8021 x - dos(6379)参考:网址:http://xforce.iss.net/static/6379.phpCisco Catalyst 5000系列交换机6.1(2)早些时候提出802.1 x框架生成树协议(STP)阻塞端口,导致网络风暴,拒绝服务。修改:ADDREF XF:思科催化剂- 8021 x - dos (6379) ADDREF CIAC: l - 072的行动:- 2001 - 0429能接受(4接受,2 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF:思科催化剂- 8021 x - dos(6379) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0430网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0430最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:DEBIAN: dsa - 046参考:网址:http://archives.neohapsis.com/archives/vendor/2001-q2/0005.html参考:XF: exuberant-ctags-symlink(6388)参考:网址:http://xforce.iss.net/static/6388.php脆弱性在exuberant-ctags 3.2.4-0.1不安全地创建临时文件。修改:ADDREF XF: exuberant-ctags-symlink (6388) DESC轻微的说辞推断行动:- 2001 - 0430能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: exuberant-ctags-symlink(6388)的描述,一个更恰当的语法是不安全地创建临时文件。====================================================== Candidate: CAN-2001-0434 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0434最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:康柏:SSRT0716参考:网址:http://ftp.support.compaq.com/patches/.new/html/ssrt0716 - 01. shtml参考:XF: compaq-activex-dos(6355)参考:网址:http://xforce.iss.net/static/6355.phpLogDataListToFile ActiveX函数用于(1)知识中心和(2)的web组件的康柏电脑允许远程攻击者修改任意文件,造成拒绝服务。修改:ADDREF XF: compaq-activex-dos(6355)推断行动:- 2001 - 0434能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: compaq-activex-dos(6355) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0436网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0436最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010416 qDefense咨询:DCForum允许远程读/写/执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html参考:确认:http://www.dcscripts.com/FAQ/sec_2001_03_31.html参考:XF: dcforum-az-expr(6392)参考:网址:http://xforce.iss.net/static/6392.php参考:报价:2611参考:网址:http://www.securityfocus.com/bid/2611dcboard。2000年DCForum cgi 1.0允许远程攻击者执行任意命令通过上传一个Perl程序到服务器并使用. .(点点)AZ参数参考程序。修改:ADDREF XF: dcforum-az-expr(6392)内容判定:SF-LOC推断行动:- 2001 - 0436 ACCEPT_ACK(2接受,1 ack, 0评论)HAS_CDS目前投票:接受(1)贝克弗伦奇等待修改(1)(3)Ziese,墙,科尔选民的评论:弗雷希> XF: dcforum-az-expr(6392) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0437网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0437最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010416 qDefense咨询:DCForum允许远程读/写/执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0269.html参考:确认:http://www.dcscripts.com/FAQ/sec_2001_03_31.html参考:报价:2611参考:网址:http://www.securityfocus.com/bid/2611参考:XF: dcforum-az-file-upload(6393)参考:网址:http://xforce.iss.net/static/6393.phpupload_file。pl 2000年DCForum 1.0允许远程攻击者上传任意文件没有身份验证通过设置upload_file az参数。修改:ADDREF XF: dcforum-az-file-upload(6393)内容判定:SF-LOC推断行动:- 2001 - 0437能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: dcforum-az-file-upload(6393) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0439网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0439最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:CONECTIVA: CLA-2001:389参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389参考:曼德拉草:MDKSA-2001:032参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 032. - php3参考:FREEBSD: FreeBSD-SA-01:35参考:网址:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html参考:XF: licq-url-execute-commands(6261)参考:网址:http://xforce.iss.net/static/6261.phplicq 1.0.3之前允许远程攻击者通过执行任意命令shell元字符的URL。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0439能接受(4接受,1 ack, 0评论)目前投票:接受(4)抑郁症,Ziese,贝克,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0440网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0440最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:CONECTIVA: CLA-2001:389参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389参考:曼德拉草:MDKSA-2001:032参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 032. - php3参考:FREEBSD: FreeBSD-SA-01:35参考:网址:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html参考:REDHAT: RHSA-2001:022参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 022. - html参考:XF: licq-logging-bo(6645)参考:网址:http://xforce.iss.net/static/6645.php缓冲区溢出的日志功能之前licq 1.0.3允许远程攻击者引起拒绝服务,并可能执行任意命令。修改:ADDREF XF: licq-logging-bo (6645) ADDREF REDHAT: RHSA-2001:022推断行动:- 2001 - 0440能接受(4接受,2 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: licq-logging-bo(6645) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0455网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0455最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:思科:20010307访问Aironet思科340系列无线桥通过Web接口参考:网址:http://www.cisco.com/warp/public/707/Aironet340-pub.shtml参考:XF: cisco-aironet-web-access(6200)参考:网址:http://xforce.iss.net/static/6200.phpAironet思科340系列无线桥之前8.55不正确禁用访问web接口,它允许远程攻击者修改其配置。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0455能接受(4接受,1 ack, 0评论)目前投票:接受(4)抑郁症,Ziese,贝克,科尔等待(2)奥利弗,墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0456网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0456最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:CF参考:DEBIAN: dsa - 032参考:网址:http://www.debian.org/security/2001/dsa - 032参考:XF: proftpd-postinst-root(6208)参考:网址:http://xforce.iss.net/static/6208.phppostinst安装脚本Proftpd的Debian 2.2不适当改变“uid / gid根”运行配置当用户允许匿名访问,导致服务器运行在一个比预期更高的特权。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0456能接受(5接受,1 ack, 0评论)目前投票:接受(5)抑郁症,奥利弗Ziese,贝克,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0457网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0457最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:参考:DEBIAN: dsa - 035参考:网址:http://www.debian.org/security/2001/dsa - 035参考:XF: man2html-remote-dos(6211)参考:网址:http://xforce.iss.net/static/6211.phpman2html -22年1.5之前允许远程攻击者造成拒绝服务(内存耗尽)。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0457能接受(5接受,1 ack, 0评论)目前投票:接受(5)抑郁症,奥利弗Ziese,贝克,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0462网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0462最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010424为perl的网络参考咨询:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html参考:XF: perl-webserver-directory-traversal(6451)参考:网址:http://xforce.iss.net/static/6451.php参考:报价:2648参考:网址:http://www.securityfocus.com/bid/2648早些时候在Perl 0.3 web服务器和目录遍历漏洞允许远程攻击者读取任意文件通过一个. .(点点)的URL。修改:ADDREF XF: perl-webserver-directory-traversal(6451)推断行动:- 2001 - 0462能接受(3接受0 ack, 0评论)目前投票:接受(2)科尔,威廉姆斯弗伦奇等待修改(1)(3)Ziese,墙,Balinsky选民的评论:弗雷希> XF: perl-webserver-directory-traversal(6451) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0465网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0465最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010405参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98653594732053&w=2参考:确认:http://www.turbotax.com/atr/update/参考:XF: turbotax-save-passwords(6622)参考:网址:http://xforce.iss.net/static/6622.phptutbotax将密码保存在一个临时文件当用户导入从金融机构投资的税收信息,从而允许本地用户获取敏感信息。修改:ADDREF XF: turbotax-save-passwords(6622)推断行动:- 2001 - 0465能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: turbotax-save-passwords(6622) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0467网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0467最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:参考:BUGTRAQ: 20010423漏洞在维京Web服务器参考:网址:http://www.securityfocus.com/archive/1/178935参考:确认:http://www.robtex.com/files/viking/beta/chglog.txt参考:报价:2643参考:网址:http://www.securityfocus.com/bid/2643参考:XF: viking-dot-directory-traversal(6450)参考:网址:http://xforce.iss.net/static/6450.php目录遍历脆弱性RobTex维京Web服务器-381年1.07之前允许远程攻击者读取任意文件通过\…(修改点点)在HTTP URL请求。修改:ADDREF确认:http://www.robtex.com/files/viking/beta/chglog.txtADDREF XF: viking-dot-directory-traversal(6450)推断行动:- 2001 - 0467能接受(4接受,1 ack, 0评论)目前投票:接受(3)贝克,Balinsky,威廉姆斯弗伦奇等待修改(1)(3)Ziese,墙,科尔选民的评论:Balinsky >http://www.robtex.com/files/viking/beta/chglog.txtβ改变日志承认利用(作者)。弗雷希> XF: viking-dot-directory-traversal(6450)确认:http://www.robtex.com/files/viking/beta/chglog.txt(明确:“-382 \…\利用修复(由于乔介壳http://hogs.rit.edu/ joet)”)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0469网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0469最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:FREEBSD: FreeBSD-SA-01:29参考:网址:http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html参考:报价:2473参考:网址:http://www.securityfocus.com/bid/2473参考:XF: rwhod-remote-dos(6229)参考:网址:http://xforce.iss.net/static/6229.phprwho守护进程在FreeBSD 4.2 rwhod和早些时候,可能其他操作系统,允许远程攻击者通过畸形引起拒绝服务包长度短。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0469能接受(4接受,1 ack, 0评论)目前投票:接受(4)抑郁症,Ziese,贝克,科尔等待(2)奥利弗,墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0473网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0473最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:曼德拉草:mdksa - 2001 - 031参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 031. - php3参考:REDHAT: RHSA-2001:029参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 029. - html参考:BUGTRAQ: 20010315 Immunix OS的安全更新马特参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98473109630421&w=2参考:CONECTIVA: CLA-2001:385参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385参考:BUGTRAQ: 20010320 Trustix安全顾问——马特参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html参考:XF: mutt-imap-format-string(6235)参考:网址:http://xforce.iss.net/static/6235.php格式字符串漏洞在杂种狗1.2.5允许远程恶意IMAP服务器执行任意命令。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0473能接受(5接受,1 ack, 0评论)目前投票:接受(5)抑郁症,奥利弗Ziese,贝克,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0474网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0474最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:曼德拉草:MDKSA-2001:029参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 029. - php3参考:XF: mesa-utahglx-symlink(6231)参考:网址:http://xforce.iss.net/static/6231.phpUtah-glx在台面Mandrake Linux 3.3 -14 7.2允许本地用户覆盖任意文件通过一个符号链接攻击/ tmp / glxmemory文件。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0474能接受(4接受,1 ack, 0评论)目前投票:接受(4)抑郁症,Ziese,贝克,科尔等待(2)奥利弗,墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0475网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0475最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010315链入页面允许任意代码执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html参考:报价:2474参考:网址:http://www.securityfocus.com/bid/2474参考:确认:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839参考:XF: vbulletin-php-elevate-privileges(6237)参考:网址:http://xforce.iss.net/static/6237.php索引。php在杰软链入页面不正确初始化一个php变量用于存储模板信息,远程攻击者可以执行任意的php代码通过特殊字符templatecache参数。修改:CHANGEREF(规范化)XF推断行动:- 2001 - 0475能接受(4接受,1 ack, 0评论)目前投票:接受(4)抑郁症,奥利弗Ziese,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0481网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0481最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:曼德拉草:MDKSA-2001:043参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 043. - php3参考:XF: linux-rpmdrake-temp-file(6494)参考:网址:http://xforce.iss.net/static/6494.php脆弱性rpmdrake Mandrake Linux 8.0中有关不安全的临时文件处理。修改:ADDREF XF: linux-rpmdrake-temp-file(6494)推断行动:- 2001 - 0481能接受(6接受,1 ack, 0评论)目前投票:接受(5)Ziese Renaud,贝克,科尔,威廉姆斯弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: linux-rpmdrake-temp-file(6494) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0482网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0482最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:CF参考:BUGTRAQ: 20010330严重的斗牛犬LX脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2001-03/0485.html参考:XF: pitbull-lx-modify-kernel(6623)参考:网址:http://xforce.iss.net/static/6623.php配置错误Argus斗牛犬LX允许root用户绕过指定访问控制限制,造成拒绝服务或执行任意命令通过修改内核变量如MaxFiles MaxInodes, ModProbePath /proc/sys通过调用sysctl。修改:ADDREF XF: pitbull-lx-modify-kernel(6623)推断行动:- 2001 - 0482能接受(3接受,1 ack, 0评论)目前投票:接受(2)Ziese,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: pitbull-lx-modify-kernel(6623) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0486网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0486最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:VULN-DEV: 20010402(无主题)参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0020.html参考:BUGTRAQ: 20010420 Novell BorderManager 3.5 VPN拒绝服务引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98779821207867&w=2参考:确认:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm参考:BUGTRAQ: 20010429概念证明DoS对novell边境管理企业参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98865027328391&w=2参考:BUGTRAQ: 20010501 Re:概念证明DoS对novell边境经理enterprise edition 3.5参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-05/0000.html参考:报价:2623参考:网址:http://www.securityfocus.com/bid/2623参考:XF: bordermanager-vpn-syn-dos(6429)参考:网址:http://xforce.iss.net/static/6429.php远程攻击者可以造成拒绝服务Novell BorderManager 3.6和更早的通过发送TCP SYN洪水端口353。修改:ADDREF XF: bordermanager-vpn-syn-dos(6429)推断行动:- 2001 - 0486能接受(4接受,1 ack, 0评论)目前投票:接受(3)Ziese,贝克,科尔弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: bordermanager-vpn-syn-dos(6429) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0488网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0488最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:惠普:hpsbux0104 - 149参考:网址:http://archives.neohapsis.com/archives/hp/2001-q2/0018.html参考:报价:2646参考:网址:http://www.securityfocus.com/bid/2646参考:XF: hp-pcltotiff-insecure-permissions(6447)参考:网址:http://xforce.iss.net/static/6447.php在hp - ux pcltotiff 10。x不必要的组id设置权限,允许本地用户造成拒绝服务。修改:ADDREF XF: hp-pcltotiff-insecure-permissions(6447)推断行动:- 2001 - 0488能接受(5接受,1 ack, 0评论)目前投票:接受(4)Ziese,贝克,科尔,威廉姆斯弗伦奇等待修改(1)(3)墙,雷纳德Balinsky选民的评论:Balinsky > Ziese已经投票支持思科,但bugtraq联系供应商确认。弗雷希> XF: hp-pcltotiff-insecure-permissions(6447) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0489网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0489最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:VULN-DEV: 20010417 gftp可利用的?参考网址:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html参考:REDHAT: RHSA-2001:053参考:网址:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html参考:曼德拉草:mdksa - 2001 - 044参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0509.html参考:DEBIAN: dsa - 057参考:网址:http://www.debian.org/security/2001/dsa - 057参考:报价:2657参考:网址:http://www.securityfocus.com/bid/2657参考:XF: gftp-format-string(6478)参考:网址:http://xforce.iss.net/static/6478.php格式字符串漏洞之前gftp 2.0.8允许远程恶意FTP服务器执行任意命令。修改:ADDREF XF: gftp-format-string (6478) ADDREF DEBIAN: dsa - 057 ADDREF报价:2657 ADDREF VULN-DEV: 20010417 gftp可利用的?推断行动:- 2001 - 0489能接受(5接受,2 ack, 0评论)目前投票:接受(4)Ziese,贝克,科尔,威廉姆斯弗伦奇等待修改(1)(3)墙,雷纳德Christey选民的评论:Christey >添加VULN-DEV引用?http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html弗雷希> XF: gftp-format-string(6478) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0494网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0494最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010424 IPSwitch IMail 6.06 SMTP远程系统访问漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html参考:确认:http://ipswitch.com/Support/IMail/万博下载包news.html参考:XF: ipswitch-imail-smtp-bo(6445)参考:网址:http://xforce.iss.net/static/6445.php缓冲区溢出在IPSwitch IMail SMTP服务器6.06之前,可能版本允许远程攻击者执行任意代码通过一个长:头。修改:ADDREF XF: ipswitch-imail-smtp-bo(6445)推断行动:- 2001 - 0494能接受(5接受,1 ack, 0评论)目前投票:接受(4)奥利弗,Renaud,贝克,威廉姆斯弗伦奇等待修改(1)(3)Ziese,墙,科尔选民的评论:奥利弗>中确定的新闻部分供应商的主页。万博下载包弗雷希> XF: ipswitch-imail-smtp-bo(6445) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0495网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0495最终决定:阶段性裁决:20010911修改:20010910 - 01提议:20010524分配:20010524类别:科幻参考:BUGTRAQ: 20010426脆弱性WebXQ服务器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html参考:报价:2660参考:网址:http://www.securityfocus.com/bid/2660参考:XF: webxq-dot-directory-traversal(6466)参考:网址:http://xforce.iss.net/static/6466.php目录遍历DataWizard WebXQ server 1.204允许远程攻击者查看文件之外的web根通过. .(点点)攻击。修改:ADDREF XF: webxq-dot-directory-traversal(6466)推断行动:- 2001 - 0495能接受(5接受0 ack, 0评论)目前投票:接受(4)Ziese,贝克,科尔,威廉姆斯弗伦奇等待修改(1)(2)墙,Renaud选民的评论:弗雷希> XF: webxq-dot-directory-traversal (6466)
- 上一页的日期:[CVEPRI] CVE编辑委员会的角色、任务和资历
- 下一个按日期:(提案)集群LEGACY-CERT - 53年的候选人
- Prev线程:[CVEPRI] CVE编辑委员会的角色、任务和资历
- 下一个线程:(提案)集群LEGACY-CERT - 53年的候选人
- 指数(es):
