(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群遗产- misc - 1997 - 59的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群的遗产- misc - 1997 - 59岁的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年结婚,2001年9月12日16:52:16(美国东部时间)
- 交货日期:2001年9月12日16:52:20结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我提出集群遗产- misc - 1997,供编辑部评论和投票。名称:遗产- misc - 1997描述:遗产候选人宣布在1997年早些时候,大小:59通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1099 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1099最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961122 L0pht Kerberos咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420184&w=2参考:XF: kerberos-user-grab(65)参考:网址:http://xforce.iss.net/static/65.phpKerberos 4允许远程攻击者获取敏感信息通过一个畸形的UDP数据包生成一个错误字符串,无意中包括域名和最后一个用户。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1099 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1208网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1208最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970721 AIX萍,lchangelv, xlock修复参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419337&w=2参考:BUGTRAQ: 19970721 AIX萍(利用)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419330&w=2参考:XF: ping-bo(803)参考:网址:http://xforce.iss.net/static/803.php缓冲区溢出萍在AIX 4.2和更早的允许本地用户获得根权限通过命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1208 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1263网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1263最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:BUGTRAQ: 19971024漏洞在metamail参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87773365324657&w=2参考:XF: metamail-file-creation(1677)参考:网址:http://xforce.iss.net/static/1677.phpMetamail前2.7 - -7.2允许远程攻击者覆盖任意文件通过电子邮件附件包含一种编码的程式,指定要修改的文件的完整路径名,是由一种编码的程式处理如sun-audio-file Metamail脚本。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1263 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1326网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1326最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970104严重安全漏洞wu-ftpd v2.4参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420401&w=2参考:BUGTRAQ: 19970105 BoS:严重的安全漏洞在wu-ftpd v2.4——补丁参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420408&w=2wu-ftpd 2.4 FTP服务器不正常下降特权当一个劳动(中止文件传输)命令执行文件传输,导致一个信号处理错误,并允许本地和远程攻击者读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1326 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1402网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1402最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970517 UNIX域套接字(Solarisx86 2.5)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418317&w=2参考:BUGTRAQ: 19971003 Solaris 2.6和套接字参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248718482&w=2参考:报价:456参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=456UNIX域套接字的访问权限被忽略在Solaris中2。x和SunOS 4。x,和其他基于bsd操作系统在4.4之前,这可能允许本地用户连接到插座,并可能会影响或控制程序的操作使用该套接字。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1402 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1022网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1022最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19941002参考:网址:http://www.securityfocus.com/archive/1/930参考:XF: sgi-serialports(2111)参考:网址:http://xforce.iss.net/static/2111.php参考:报价:464参考:网址:http://www.securityfocus.com/bid/464serial_ports IRIX 4中行政程序。x和5。x信任用户的PATH环境变量来查找和执行ls程序,它允许本地用户获得根权限通过木马程序ls。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1022 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1026网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1026最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961220 Solaris 2.5 x86 aspppd (semi-exploitable-hole)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420343&w=2参考:报价:292参考:网址:http://www.securityfocus.com/bid/292aspppd在Solaris 2.5 x86允许本地用户修改任意文件并获得根权限通过一个符号链接/ tmp / .asppp攻击。先进先出文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1026 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1061网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1061最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19971004惠普激光打印机4 m + DirectJet问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248518480&w=2参考:XF: laserjet-unpassworded(1876)参考:网址:http://xforce.iss.net/static/1876.php惠普激光打印机与JetDirect卡片打印机,当配置TCP / IP,可以配置没有密码,它允许远程攻击者连接到打印机和改变其IP地址或禁用日志记录。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1061 3供应商确认:内容决定:设计、CF-PASS最初的帖子似乎暗示缺省配置没有使用一个密码。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1062网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1062最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971004惠普激光打印机4 m + DirectJet问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602248518480&w=2参考:XF: laserjet-unpassworded(1876)参考:网址:http://xforce.iss.net/static/1876.php惠普激光打印机与JetDirect卡片打印机,当配置TCP / IP,允许远程攻击者绕过过滤器通过直接发送PostScript文档打印到TCP端口9099和9100。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1062 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1067网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1067最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970507 Re: SGI安全咨询19970501 - 01 - webdist脆弱性。cgi参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420919&w=2参考:XF: sgi-machineinfo SGI MachineInfo CGI程序,安装在默认情况下在某些web服务器,打印可能敏感的系统状态信息,远程攻击者可以使用的信息收集活动。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1067 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1068网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1068分配最终决定:阶段性裁决:修改:建议:20010912:20010831类别:科幻参考:BUGTRAQ: 19970723 DoS对Oracle PL / SQL存储过程引用网络服务器2.1:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419366&w=2Oracle 2.1网络服务器,当服务PL / SQL存储过程,允许远程攻击者造成拒绝服务通过一个HTTP GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1068 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1069网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1069最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971108安全漏洞iCat套件版本3.0参考:网址:http://www.securityfocus.com/archive/1/7943参考:报价:2126参考:网址:http://www.securityfocus.com/bid/2126参考:XF: icat-carbo-server-vuln(1620)参考:网址:http://xforce.iss.net/static/1620.php目录遍历脆弱性在碳水化合物。dll的iCat碳水化合物服务器3.0.0允许远程攻击者读取任意文件通过一个. .(点点)icatcommand参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1069 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1081网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1081最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://www.w3.org/Security/Faq/wwwsf8.html Q87参考:MISC:http://www.roxanne.org/faqs/www-secure/wwwsf4.html Q35参考:XF: http-nov-files(2054)参考:网址:http://xforce.iss.net/static/2054.php漏洞在文件中。pl脚本在Novell网络服务器示例中工具包2允许远程攻击者读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1081 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1091网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1091最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19960903 (BUG)脆弱性锡参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419835&w=2参考:BUGTRAQ: 19960903 Re: BoS:[错误]漏洞在锡参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419839&w=2参考:BUGTRAQ: 19970329在锡/ rtin参考符号链接错误:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420726&w=2参考:XF: tin-tmpfile(431)参考:网址:http://xforce.iss.net/static/431.phpUNIX新万博下载包闻读者锡和rtin创建/ tmp /。tin_log文件与不安全的权限和跟随符号链接,攻击者可以修改文件可写的权限由用户通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1091 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1095网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1095最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971006 KSR [T]咨询# 3:更新资料库/ crontab中参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87619953510834&w=2参考:BUGTRAQ: 19980303更新资料库内容参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88890116304676&w=2参考:BUGTRAQ: 19980303更新资料库:补丁参考:BUGTRAQ: 19980302覆盖任何文件更新资料库参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88886870129518&w=2创建临时文件和符号链接,它允许本地用户修改用户任意文件可写的运行,观察到在更新资料库和其他程序使用。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1095 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1125网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1125最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ:甲骨文(Oracle网络服务器)的19970919名实践参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019796&w=2Oracle 2.1和更早的网络服务器运行setuid root,但配置文件由Oracle账户,它允许任何本地或远程攻击者获得访问Oracle帐户获得特权或修改任意文件通过修改配置文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1125 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1128网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1128最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://oliver.efri.hr/的crv /安全/错误/ NT / ie3.html参考:MISC:http://members.tripod.com/ ~ unibyte / iebug3.htmInternet Explorer 3.01 Windows 95允许远程恶意网站上执行任意命令通过.isp文件,这是在没有提示的情况下自动下载并执行用户。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1128 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1141网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1141最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970515 MicroSolved发现洞Ascom Timeplex路由器安全参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420981&w=2参考:XF: ascom-timeplex-debug(1824)参考:网址:http://xforce.iss.net/static/1824.phpAscom Timeplex路由器允许远程攻击者获取敏感信息或进行未经授权的活动进入调试模式通过ctrl - d字符的序列。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1141 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1165网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1165最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990721老gnu手指bug参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93268249021561&w=2参考:GNU手指BUGTRAQ: 19950317 1.37 ~ /执行。fingerrc gid根参考:网址:http://www.securityfocus.com/archive/1/2478参考:报价:535参考:网址:http://www.securityfocus.com/bid/535GNU fingerd 1.37不适当放弃特权访问用户信息之前,这可能允许本地用户(1)获得根权限通过恶意程序在.fingerrc文件中,或通过符号链接(2)读取任意文件从.plan forward格式,或者. project文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1165 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1182网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1182最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970717 KSR [T]咨询# 2:ld.so参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419318&w=2参考:BUGTRAQ: 19970722 ld.so脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419351&w=2参考:BUGTRAQ: 19980204老ld-linux。所以洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88661732807795&w=2缓冲区溢出在运行时链接器(1)或(2)ld-linux ld.so。对于Linux系统允许本地用户获得特权通过调用setuid项目有着悠久项目名称(argv[0]),迫使ld.so / ld-linux。所以报告一个错误。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1182 3供应商确认:是的后续内容决定:SF-EXEC, SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1184网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1184最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970513参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420967&w=2参考:BUGTRAQ: 19970514 Re:榆树溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420970&w=2早些时候在榆树2.4和缓冲区溢出允许本地用户获得特权通过长期的环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1184 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1186网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1186最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19960102 rxvt安全漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418966&w=2rxvt,当编译PRINT_PIPE选项在各种Linux操作系统,包括Linux Slackware 3.0和2.1 RedHat,允许本地用户获得根权限通过指定一个恶意程序使用-print-pipe命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1186 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1187网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1187最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19960826 (BUG)脆弱性松树参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419803&w=2参考:XF: pine-tmpfile(416)参考:网址:http://xforce.iss.net/static/416.php松前3.94版允许本地用户获得特权通过创建一个符号链接攻击lockfile当用户接收新邮件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1187 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1210网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1210最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971112数字Unix安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87936891504885&w=2参考:XF: dec-xterm(613)参考:网址:http://xforce.iss.net/static/613.phpxterm数字UNIX 4.0 b * *补丁包5允许本地用户覆盖任意文件通过一个符号链接攻击核心转储文件,这是xterm叫做时创建的显示环境变量设置为显示xterm不能访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1210 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1217网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1217最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19970725 Re: NT安全性,何苦呢?参考网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319435&w=2参考:NTBUGTRAQ: 19970723 NT安全性,何苦呢?参考网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602726319426&w=2参考:XF: nt-path(526)参考:网址:http://xforce.iss.net/static/526.php在Windows NT包括当前工作目录的路径(。),这可能允许本地用户获得特权将具有相同名称的特洛伊木马程序常用的系统程序到特定目录。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1217 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1220网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1220最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970824漏洞在总监参考:网址:http://www.securityfocus.com/archive/1/7527参考:XF: majordomo-advertise(502)参考:网址:http://xforce.iss.net/static/502.php总监1.94.3早些时候,允许远程攻击者执行任意命令时,广告或noadvertise指令中使用一个配置文件,通过shell元字符的应答头。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1220 3供应商确认:这似乎是不同的cve - 1999 - 0207,其描述不匹配的引用。cve - 1999 - 0207需要重塑或者弃用。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1221网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1221最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961117数字Unix v3。x (v4.x ?)安全漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420141&w=2参考:XF: dgux-chpwd(399)参考:网址:http://xforce.iss.net/static/399.phpdxchpwd数字Unix (OSF / 1) 3。x允许本地用户修改任意文件通过一个符号链接dxchpwd攻击。日志文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1221 3供应商确认:未知的后续声称投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1224网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1224最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971008 L0pht咨询:IMAP4rev1 imapd服务器参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87635124302928&w=2参考:XF: imapd-core(349)参考:网址:http://xforce.iss.net/static/349.phpIMAP 4.1测试版,可能还有其他版本,不妥善处理SIGABRT(中止)信号,它允许本地用户在服务器崩溃(imapd)通过特定的命令序列,导致核心转储,可能包含敏感的密码信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1224 3供应商确认:内容决定:EX-BETA投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1225网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1225最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:rpc BUGTRAQ: 19970824严重的安全缺陷。mountd在几个操作系统。参考网址:http://www.securityfocus.com/archive/1/7526参考:XF: mountd-file-exists(347)参考:网址:http://xforce.iss.net/static/347.phprpc。Ultrix mountd在Linux上,可能是其他操作系统,允许远程攻击者来确定一个文件在服务器上的存在试图挂载这个文件,生成不同的错误消息取决于文件存在与否。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1225 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1230网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1230最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971224地震II远程拒绝服务引用:网址:http://www.securityfocus.com/archive/1/8282参考:XF: quake2-dos(698)参考:网址:http://xforce.iss.net/static/698.php地震2服务器允许远程攻击者通过欺骗导致拒绝服务UDP数据包的源地址127.0.0.1,导致尝试连接到的服务器本身。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1230 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1232网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1232最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970516 Irix和WWW参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420994&w=2参考:XF: sgi-day5datacopier(3316)参考:网址:http://xforce.iss.net/static/3316.phpday5datacopier在SGI IRIX 6.2信托PATH环境变量找到“cp”程序,它允许本地用户执行任意命令通过修改路径指向一个特洛伊木马cp程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1232 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1240网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1240最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961126重大安全漏洞远程CD数据库引用:网址:http://www.securityfocus.com/archive/1/5784参考:XF: cddbd-bo(2203)参考:网址:http://xforce.iss.net/static/2203.php缓冲区溢出cddbd CD数据库服务器允许远程攻击者执行任意命令通过一个日志消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1240 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1250网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1250最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970819套索CGI安全漏洞(fwd)参考:网址:http://www.securityfocus.com/archive/1/7506参考:XF: http-cgi-lasso(2044)参考:网址:http://xforce.iss.net/static/2044.php在CGI程序漏洞套索应用蓝色世界,用于WebSTAR和其他服务器,允许远程攻击者读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1250 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1257网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1257最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971126 Xyplex终端服务器错误引用:网址:http://www.securityfocus.com/archive/1/8134参考:XF: xyplex-controlz-login(1825)参考:网址:http://xforce.iss.net/static/1825.php参考:XF: xyplex-question-login(1826)参考:网址:http://xforce.iss.net/static/1826.phpXyplex终端服务器6.0.1S1,可能还有其他版本,允许远程攻击者绕过密码提示通过输入ctrl - z(1)字符,或(2)一个吗?(问号)。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1257 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1266网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1266最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970613 rshd赠送用户名参考:网址:http://www.securityfocus.com/archive/1/6978参考:XF: rsh-username-leaks(1660)参考:网址:http://xforce.iss.net/static/1660.phprsh守护进程(rshd)生成不同的错误消息时提供了一个有效的用户名和一个无效的名字,它允许远程攻击者,以确定有效用户系统上。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1266 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1267网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1267最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970505洞KDE桌面参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420906&w=2参考:XF: kde-flawed-ipc(1646)参考:网址:http://xforce.iss.net/static/1646.phpKDE文件管理器(kfm)使用TCP服务器对于某些文件操作,远程攻击者可以修改任意文件通过发送命令复制到服务器。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1267 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1274网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1274最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971229 iPass RoamServer 3.1参考:网址:http://www.securityfocus.com/archive/1/8307参考:XF: ipass-temporary-files(1625)参考:网址:http://xforce.iss.net/static/1625.phpiPass RoamServer 3.1创建临时文件,人人可写的权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1274 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1275网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1275最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970908密码联合国cc:邮件发布8参考:网址:http://www.securityfocus.com/archive/1/9478参考:XF: lotus-ccmail-passwords(1619)参考:网址:http://xforce.iss.net/static/1619.phpLotus抄送邮件发布8的邮局密码明文存储在一个隐藏的文件已不安全的权限,它允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1275 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1286网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1286最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970509 Re: Irix: misc参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2参考:XF: irix-addnetpr(1433)参考:网址:http://xforce.iss.net/static/1433.php早些时候在SGI IRIX 6.2和addnetpr允许本地用户修改任意文件通过一个符号链接并可能获得root访问攻击一个临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1286 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1296网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1296最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:BUGTRAQ: 19970429漏洞在kerberos参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420878&w=2缓冲区溢出在Kerberos IV兼容库中使用Kerberos V允许本地用户获得根权限通过Kerberos配置文件中,这可以通过KRB_CONF指定环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1296 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1299网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1299最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970203 Linux rcp错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420509&w=2rcp在不同的Linux系统包括Red Hat 4.0允许一个“没有人”的用户或其他用户的UID 65535覆盖任意文件,自65535年以来由乔恩解释为1,其他系统调用,导致电话无法修改文件的所有权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1299 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1380网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1380最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://www.net-security.sk/bugs/NT/nu20.html参考:MISC:http://mlarchive.ima.com/win95/1997/May/0342.html参考:MISC:s206551万博下载包8, http://news.zdnet.co.uk/story/0 00.的html赛门铁克诺顿工具为Windows 95标志着TUNEOCX 2.0。OCX ActiveX控制安全的脚本,它允许远程攻击者通过运行选项执行任意命令通过浏览器访问恶意网页,如Internet Explorer 3.0。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1380 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1383网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1383最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19960913 t看到壳问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419868&w=2参考:BUGTRAQ: 19960919漏洞在bash PS1的扩张和tcsh参考:网址:http://www.dataguard.no/bugtraq/1996_3/0503.html1.14.7之前bash (1), (2) tcsh 6.05允许本地用户权限通过目录名称包含shell元字符(“back-tick),这可能导致执行命令包含在目录名称当shell扩展文件名中使用\ w选项PS1变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1383 3供应商确认:对咨询内容的决定:SF-CODEBASE似乎tcsh, bash共享一个公共代码库,因此CD: SF-CODEBASE建议结合成一个单一的入口。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1387网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1387最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970402 NT 4.0服务器引用的致命缺陷:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420731&w=2参考:BUGTRAQ: 19970403致命错误在NT 4.0服务器(更多的评论)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420732&w=2参考:BUGTRAQ: 19970407的NT系统崩溃转储参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420741&w=2Windows NT 4.0 SP2允许远程攻击者造成拒绝服务(崩溃),可能通过输入或数据包畸形,如由Linux smbmount生成命令编译Linux内核2.0.29但Linux 2.0.25上执行。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1387 3供应商确认:有可能崩溃与SMB实现无关。例如,它可能是低级畸形数据包被触发的不寻常的smbmount端生成一些错误在WinNT 4.0 SP2 TCP / IP水平。这是重要的,这可以将描述问题的征兆,已经有一个可以或与之关联的CVE。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1388网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1388最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19940513 (8 lgm)咨询- 7. unix.passwd。11 - 1994年5月——参考:网址:http://www2.dataguard.no/bugtraq/1994_2/0197.html参考:BUGTRAQ: 19940514 (8 lgm)咨询- 7. - unix.passwd.11 - 5 - 1994。NEWFIX参考:网址:http://www2.dataguard.no/bugtraq/1994_2/0207.html参考:BUGTRAQ: 19941218太阳补丁Id # 102060 - 01参考:网址:http://www.dataguard.no/bugtraq/1994_4/0755.htmlpasswd SunOS 4.1。x允许本地用户覆盖任意文件通过一个符号链接攻击和- f命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1388 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1398网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1398最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970507 Irix: misc参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420921&w=2参考:MISC:http://www.insecure.org/sploits/irix.xfsdump.html参考:报价:472参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=472脆弱性在SGI xfsdump IRIX可能允许本地用户通过井底油嘴获得根权限。日志的日志文件,可能通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1398 3供应商确认:楼主表明可能存在问题,但没有提供细节。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1399网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1399最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970820 SpaceWare 7.3 v1.0参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719552&w=2参考:报价:471参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=471spaceball项目SpaceWare 7.3 v1.0 IRIX 6.2允许本地用户获得根权限通过设置主机名环境变量包含要执行的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1399 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1408网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1408最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970305错误连接为aix 4.1.4 () ?参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420641&w=2参考:报价:352参考:网址:http://www.securityfocus.com/bid/352漏洞在AIX 4.1.4和hp - ux 10.01和9.05允许本地用户造成拒绝服务(崩溃)通过一个套接字连接到本地主机上的一个端口,要求关闭套接字,然后使用相同的套接字连接到本地主机上的另一个端口。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1408 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1410网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1410最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970509 Re: Irix: misc参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2参考:MISC:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX参考:报价:330参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=330addnetpr IRIX 5.3和6.2允许本地用户覆盖任意文件,并可能获得根权限通过一个符号链接攻击打印机临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1410 3供应商确认:未知的模糊咨询SGI: 19961203 - 02 - px可能解决这个问题,但咨询太模糊,不确定是否这是固定的。addnetpr不是特别命名的咨询,没有指定名称netprint,原Bugtraq职位。此外,咨询上的日期提前一天比Bugtraq帖子,尽管这可能是一个不同的时区。看来似是而非的问题已经被修补(研究人员说“* *[一]竞争条件”)也许SGI咨询发布后,问题是宣传。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1413网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1413最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19960803利用Zolaris 2.4 ? ?:参考):网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419549&w=2参考:报价:296参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=296Solaris 2.4内核的补丁前-35允许set-gid程序转储核心即使真正的用户id不是set-gid组,它允许本地用户覆盖在更高的特权或创建文件,造成核心转储,例如通过dmesg命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1413 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1446网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1446最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19970805 Re:奇怪的行为对目录参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602837719654&w=2参考:NTBUGTRAQ: 19970806 Re:奇怪的行为对于目录参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=87602837719655&w=2ie 3记录历史的所有URL的用户访问的DAT文件位于Internet临时文件和历史文件夹,不清除当用户选择“清除历史”选项,并是不可见的,因为当用户浏览文件夹的显示。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1446 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1449网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1449最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970519 /dev/tcx0崩溃SunOS 4.1.4 Sparc 20参考:网址:http://oamk.fi/ jukkao / bugtraq / before-971202/0498.html参考:MISC:http://www.insecure.org/sploits/sunos.dev.tcx0.write.wierd.shit.to.device.bug.htmlSunOS 4.1.4 Sparc 20台机器上允许本地用户造成拒绝服务(内核恐慌)通过阅读从/dev/tcx0 TCX设备。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1449 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1463网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1463最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970710新的碎片攻击引用:网址:http://www.securityfocus.com/archive/1/7219参考:XF: nt-frag(528)参考:网址:http://xforce.iss.net/static/528.phpWindows NT 4.0之前SP3允许远程攻击者绕过防火墙限制或引起拒绝服务(崩溃)通过发送不适当分散的IP数据包没有第一个片段,TCP / IP堆栈错误地将成一个有效的会话。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1463 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1483网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1483最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970619 svgalib / zgv参考:网址:http://www.securityfocus.com/archive/1/7041缓冲区溢出在zgv svgalib 1.2.10早些时候,允许本地用户执行任意代码通过一个长期的家庭环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1483 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1489网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1489最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970304 Linux SuperProbe利用参考:网址:http://www.securityfocus.com/archive/1/6384参考:报价:364参考:网址:http://www.securityfocus.com/bid/364缓冲区溢出在TestChip函数XFree86 SuperProbe Slackware Linux 3.1允许本地用户获得根权限通过长-nopr论点。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1489 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1491网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1491最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19960202滥用Red Hat 2.1安全漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418994&w=2参考:报价:354参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=354滥用。控制台在Red Hat 2.1使用相对路径名来查找和执行undrv程序,它允许本地用户执行任意命令通过一个指向一个特洛伊木马程序的路径。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1491 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1525网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1525最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970314冲击波安全警报参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420670&w=2参考:XF: shockwave-internal-access(1585)参考:网址:http://xforce.iss.net/static/1585.php参考:XF: shockwave-file-read-vuln(1586)参考:网址:http://xforce.iss.net/static/1586.php参考:XF: http-ns-shockwave(460)参考:网址:http://xforce.iss.net/static/460.phpMacromedia冲击波前6.0允许恶意网站管理员阅读用户的邮箱并可能通过GetNextText命令访问内部web服务器在冲击波的电影。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1525 3供应商确认:未知的内容决定:SF-LOC抽象:利用包括创建文件或一个CGI脚本的URL加上它的参数。虽然多功能利用,它似乎源于同样的基本安全问题,即GetNextText。看到讨论的问题:http://www.webcomics.com/shockwave——豌豆投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1526网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1526最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990311 (Fwd:冲击波7安全漏洞)参考:网址:http://www.securityfocus.com/archive/1/12842参考:XF: shockwave-updater(1931)参考:网址:http://xforce.iss.net/static/1931.php自动更新Macromedia冲击波7传递用户的密码和回Macromedia硬盘信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1526 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1552网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1552最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19940720 xnews和一棵树参考:URL: xnews和一棵树参考:报价:358参考:网址:万博下载包http://www.securityfocus.com/bid/358dpsexec (DPS服务器)早些时候运行在IBM AIX 3.2.5一棵树下和不正确检查特权,它允许本地用户覆盖任意文件并获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1552 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群LEGACY-CERT - 53年的候选人
- 下一个按日期:(提案)集群遗留- misc - 1998 - 44的候选人
- Prev线程:(提案)集群LEGACY-CERT - 53年的候选人
- 下一个线程:(提案)集群遗留- misc - 1998 - 44的候选人
- 指数(es):
