(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群LEGACY-UNIX-ADV - 79的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群LEGACY-UNIX-ADV - 79的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年结婚,2001年9月12日17:00:05(美国东部时间)
- 交货日期:2001年9月12日17:00:24结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我提出集群LEGACY-UNIX-ADV供编辑部评论和投票。名称:LEGACY-UNIX-ADV描述:候选人在Unix供应商报告,宣布1999年早些时候,大小:79年通过修改这封邮件你可能候选人投票投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1040 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1040最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980408 SGI O2 ipx安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=89217373930054&w=2参考:SGI: 19980501 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980501-01-P2869参考:CIAC:我- 055参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 055. shtml漏洞(2)和(1)ipxchk ipxlink在网络端1.0 IRIX 6.3和6.4允许本地用户获得root访问通过修改IFS环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1040 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1044网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1044最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:康柏:SSRT0495U参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 050. shtml参考:CIAC:我- 050参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 050. shtml脆弱性在先进的文件系统实用程序(advfs)在数字UNIX V4.0 V4.0d允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1044 1供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1048网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1048最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980905 BASH缓冲区溢出,LiNUX x86利用参考:网址:http://www.securityfocus.com/archive/1/10542参考:BUGTRAQ: 19970821缓冲区溢出/bin/bash参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602746719555&w=2参考:DEBIAN: 19980909问题很长路径名参考:网址:http://www.debian.org/security/1998/19980909参考:XF: linux-bash-bo(3414)参考:网址:http://xforce.iss.net/static/3414.php在bash 2.0.0缓冲区溢出、1.4.17和其他版本允许本地攻击者获得特权通过创建一个非常大的目录名称,这是插入到密码提示通过环境变量PS1 \ w选项当另一个用户更改到该目录。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1048 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1114网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1114最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: H-15A参考:网址:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml参考:AUSCERT: aa - 96.17参考:网址:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul参考:SGI: 19980405 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I参考:XF: ksh-suid_exec(2100)参考:网址:http://xforce.iss.net/static/2100.php参考:报价:467参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=467缓冲区溢出在Korn Shell (ksh) suid_exec计划IRIX 6。x和,和可能的其他操作系统,允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1114 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1116网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1116最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SGI: 19970503 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX参考:报价:462参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=462参考:XF: sgi-runpriv(2108)参考:网址:http://xforce.iss.net/static/2108.php脆弱性在runpriv靛蓝魔力SGI IRIX 6.3和6.4的系统管理子系统允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1116 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1118网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1118最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00165参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba参考:报价:433参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=433参考:XF: sun-ndd(817)参考:网址:http://xforce.iss.net/static/817.phpndd在Solaris 2.6允许本地用户造成拒绝服务通过修改某些TCP / IP参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1118 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1120网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1120最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970104 Irix: netprint故事参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420403&w=2参考:SGI: 19961203 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX参考:SGI: 19961203 - 02 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX参考:报价:395参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=395参考:XF: sgi-netprint(2107)参考:网址:http://xforce.iss.net/static/2107.phpnetprint早些时候在SGI IRIX 6.4和信托PATH环境变量寻找和执行禁用程序,它允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1120 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1133网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1133最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9709 - 069参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019776&w=2参考:XF: hp-vue / dt(499)参考:网址:http://xforce.iss.net/static/499.phphp - ux 9。x和10。运行x windows允许本地攻击者获得通过(1)vuefile特权,(2)vuepad, (3) dtfile,或(4)dtpad不验证用户身份。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1133 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1134网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1134最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9404 - 008参考:网址:http://packetstorm.securify.com/advisories/hpalert/008参考:CIAC: E-23参考:网址:http://ciac.llnl.gov/ciac/bulletins/e - 23. shtml脆弱性在惠普Vue 3.0 9。x允许本地用户获得根权限,根据PHSS_4038固定,PHSS_4055, PHSS_4066。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1134 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1135网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1135最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9504 - 027参考:网址:http://packetstorm.securify.com/advisories/hpalert/027参考:XF: hp-vue(2284)参考:网址:http://xforce.iss.net/static/2284.php脆弱性在惠普VUE 3.0 9。x允许本地用户获得根权限,固定PHSS_4994和PHSS_5438。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1135 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1136网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1136最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9807 - 081参考:网址:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807 - 081. - html参考:惠普:hpsbmp9807 - 005参考:网址:http://cert.ip-plus.net/bulletin-archive/msg00040.html参考:BUGTRAQ: 19980729 hp - ux预测和Netscape SSL漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526177&w=2参考:CIAC:我- 081参考:网址:http://www.ciac.org/ciac/bulletins/i - 081. shtml参考:XF: mpeix-predictive(1413)参考:网址:http://xforce.iss.net/static/1413.php早些时候在预测在hp - ux 11.0和脆弱性,MPE / iX 5.5及之前,允许攻击者妥协为预测消息数据传输(使用电子邮件或调制解调器)之间的客户和响应中心预测系统。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1136 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1137网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1137最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:CIAC: E-01参考:网址:http://www.ciac.org/ciac/bulletins/e - 01. shtml参考:太阳:00122参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba参考:XF: sun-audio(549)参考:网址:http://xforce.iss.net/static/549.php的权限/dev/audio设备在Solaris 2.2和更早的,和SunOS 4.1。x,允许任何本地用户从设备读取,这可能被攻击者利用监控对话附近发生的机器有一个麦克风。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1137 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1139网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1139最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9801 - 074参考:网址:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801 - 074. - html参考:BUGTRAQ: 19980121 hp - ux线索、反刍和土地漏洞参考:网址:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html参考:BUGTRAQ: 19970901惠普用户体验错误:)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602880019745&w=2字符终端用户环境(提示)早些时候在hp - ux 11.0和允许本地用户覆盖任意文件并获得根权限通过一个符号链接攻击IOERROR。那么mytty文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1139 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1143网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1143最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: h - 065参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 65. shtml参考:SGI: 19970504 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX参考:XF: sgi-rld(2109)参考:网址:http://xforce.iss.net/static/2109.php脆弱性在程序运行时链接器在SGI IRIX 6行。x和早些时候允许本地用户获得特权通过setuid和setgid程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1143 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1144网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1144最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:惠普:hpsbux9701 - 051参考:网址:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701 - 051. - html参考:XF: hp-mpower(2056)参考:网址:http://xforce.iss.net/static/2056.php某些文件在hp - ux 10 MPower。x安装不安全的权限,允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1144 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1145网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1145最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9701 - 044参考:网址:http://www.securityfocus.com/templates/advisory.html?id=1514参考:CIAC: H-21参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 21. shtml参考:XF: hp-glanceplus(2059)参考:网址:http://xforce.iss.net/static/2059.php脆弱性一眼项目GlancePlus hp - ux 10.20和更早的允许本地用户访问任意文件并获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1145 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1146网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1146最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9405 - 011参考:网址:http://www.securityfocus.com/advisories/1555参考:XF: hp-glanceplus-gpm(2060)参考:网址:http://xforce.iss.net/static/2060.php脆弱性的目光和流量项目在GlancePlus hp - ux 9。x和早些时候允许本地用户访问任意文件并获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1146 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1158网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1158最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:AUSCERT: aa - 97.09参考:网址:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.09.Solaris.passwd.buffer.overrun.vul参考:太阳:00139参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/139&type=0&nav=sec.sba缓冲区溢出(1)可插入的身份验证模块(PAM)在Solaris 2.5.1和2.5 (2)unix_scheme在Solaris 2.4和2.3允许本地用户获得根权限通过使用这些模块的程序,如passwd yppasswd, nispasswd。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1158 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1160网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1160最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9702 - 055参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420581&w=2参考:CIAC: H-33参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 33. shtml脆弱性ftpd / kftpd hp - ux 10。x和9。x允许本地和远程用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1160 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1161网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1161最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961103 Re: Untitled参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420102&w=2参考:BUGTRAQ: 19961104 ppl bug参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420103&w=2参考:惠普:hpsbux9704 - 057参考:网址:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704 - 057. - html参考:CIAC: H-32参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 32. shtml参考:AUSCERT: aa - 10在hp - ux 97.07脆弱性ppl。x和允许本地用户获得根权限早些时候迫使ppl核心转储。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1161 1供应商确认:是的咨询AUSCERT顾问明确指出,这是不同于另一个hp - ux ppl脆弱,cve - 1999 - 0324。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1163网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1163最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9911 - 105参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94347039929958&w=2脆弱性惠普系列800 S / X / V类服务器允许远程攻击者获得S / X / V类控制台通过服务支持处理器(SSP) Teststation。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1163 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1181网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1181最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CIAC: j - 003参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 003. shtml参考:SGI: 19980901 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX在线顾客注册软件脆弱性IRIX 6.2到6.4允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1181 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1183网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1183最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SGI: 19980403 - 02 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980403-02-PX参考:SGI: 19980403 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980403-01-PX在SGI系统经理sysmgr GUI IRIX 6.4和6.3允许远程攻击者执行命令通过提供一个特洛伊木马(1)或(2)runexec runtask描述符文件,用于执行系统管理任务时,用户的支持x-sgi-task Mailcap条目或x-sgi-exec类型。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1183 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1191网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1191最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970519 Re:最后,一个Solaris 2.5.1利用大部分的ps。参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167418335&w=2参考:AUSCERT: aa - 97.18参考:网址:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul参考:太阳:00144参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144参考:报价:207参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=207缓冲区溢出在早些时候在Solaris 2.5.1和chkey允许本地用户获得根权限通过命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1191 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1192网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1192最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00143参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143参考:报价:206参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=206缓冲区溢出在早些时候在Solaris 2.5.1和eepm允许本地用户获得根权限通过命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1192 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1205网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1205最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19960607 hp - ux B.10.01脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419195&w=2参考:惠普:hpsbux9607 - 035参考:网址:http://packetstormsecurity.org/advisories/ibm-ers/96-08参考:CIAC: G-34参考:XF: hp-nettune(414)安装在hp - ux 10.01和10.00 nettune setuid root,它允许本地用户造成拒绝服务通过修改网络配置信息至关重要。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1205 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1213网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1213最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9710 - 070参考:网址:http://www2.dataguard.no/bugtraq/1997_4/0001.html参考:XF: hp-telnetdos(571)参考:网址:http://xforce.iss.net/static/571.php脆弱性telnet服务在hp - ux 10.30允许攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1213 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1214网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1214最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:OPENBSD: 19970915漏洞在I / O信号处理参考:网址:http://www.openbsd.com/advisories/signals.txt参考:XF: openbsd-iosig(556)参考:网址:http://xforce.iss.net/static/556.php脆弱性在异步I / O设备4.4 BSD内核初始化时不检查用户凭证I / O通知,它允许本地用户造成拒绝服务通过指定任意进程ID通过一个套接字或设备文件描述符表示它通过一定的ioctl和fcntl调用分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1214 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1238网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1238最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9409 - 017参考:网址:http://www.securityfocus.com/advisories/1531参考:XF: hp-core-diag-fileset(2262)参考:网址:http://xforce.iss.net/static/2262.php脆弱性CORE-DIAG早些时候在HP - ux 9.05和惠普信息目录中的文件集允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1238 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1239网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1239最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9407 - 015参考:网址:http://www.securityfocus.com/advisories/1559参考:XF: hp-xauthority(2261)参考:网址:http://xforce.iss.net/static/2261.phphp - ux 9。x不正确启用Xauthority机制在一定条件下,可以允许本地用户访问x显示即使他们没有明确被授权这样做。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1239 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1242网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1242最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9402 - 003参考:网址:http://packetstormsecurity.org/advisories/hpalert/003参考:XF: hp-subnet-config(2162)参考:网址:http://xforce.iss.net/static/2162.php脆弱性在hp - ux 9.01和9.0 subnetconfig允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1242 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1243网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1243最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CIAC: f - 16参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 16. shtml参考:SGI: 19950301 - 01 - p373参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373参考:XF: sgi-permissions(2113)参考:网址:http://xforce.iss.net/static/2113.phpSGI桌面权限工具IRIX 6.0.1中早些时候,允许本地用户修改权限任意文件并获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1243 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1247网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1247最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9402 - 006参考:网址:http://packetstormsecurity.org/advisories/hpalert/006参考:XF: hp-dce9000(2061)参考:网址:http://xforce.iss.net/static/2061.php脆弱性在惠普摄像头组件的惠普在HP - ux DCE / 9000 9。x允许攻击者获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1247 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1248网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1248最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9411 - 019参考:网址:http://packetstormsecurity.org/advisories/hpalert/019参考:XF: hp-supportwatch(2058)参考:网址:http://xforce.iss.net/static/2058.php脆弱性支持观看(又名SupportWatch)在hp - ux 8.0 9.0允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1248 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1249网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1249最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:惠普:hpsbux9701 - 047参考:网址:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701 - 047. - html参考:XF: hp-movemail(2057)参考:网址:http://xforce.iss.net/static/2057.php在hp - ux 10.20 movemail不安全的权限,允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1249 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1251网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1251最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9612 - 043参考:网址:http://packetstormsecurity.org/advisories/hpalert/043参考:XF: hp-audio-panic(2010)参考:网址:http://xforce.iss.net/static/2010.php脆弱性直接在hp - ux 10.20和10.10音频用户空间代码允许本地用户造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1251 1供应商确认:是的咨询惠普顾问,1996年12月24日,隐约提到一个邮件列表发布;它可能是指BUGTRAQ: 19961126重大安全漏洞远程CD数据库在这种情况下,它可能是在hp - ux 10.10 / .20 XMCD;如果是这样的话,那么可能会有重复的可以/ CVE这个问题。然而,Bugtraq职位描述一个“系统恐慌”的结果不像惠普的咨询,但提到任意代码执行的可能性,与惠普咨询。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1258网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1258最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00102参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102参考:XF: sun-pwdauthd(1782)参考:网址:http://xforce.iss.net/static/1782.phprpc。pwdauthd早些时候在SunOS以下4.4.1和不适当的防止远程访问守护进程,它允许远程攻击者获得敏感的系统信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1258 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1276网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1276最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:DEBIAN: 19981207 fte-console:不放弃根特权,都参考:网址:http://www.debian.org/security/1998/19981207参考:XF: fte-console-privileges(1609)参考:网址:http://xforce.iss.net/static/1609.phpfte-console前fte包0.46 b - 4.1不掉根特权,它允许本地用户通过虚拟控制台设备获得根访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1276 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1288网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1288最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981119脆弱性在RedHat Samba,火山口和PHT拓林思参考:网址:http://www.securityfocus.com/archive/1/11397参考:火山口:sa - 1998.35参考:网址:http://www.caldera.com/support/security/advisories/SA-1998.35.txt参考:XF: samba-wsmbconf(1406)参考:网址:http://xforce.iss.net/static/1406.phpwsmbconf Samba 1.9.18无意中包括一个原型应用程序,这是安装不正确的权限包括setgid位,它允许本地用户读写文件和通过程序中的bug可能获得的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1288 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1298网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1298最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:FREEBSD: FreeBSD-SA-97:03参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.ascSysinstall在FreeBSD 2.2.1和早些时候,当配置匿名FTP,创建FTP用户没有密码和/bin/date壳,这可能允许攻击者访问特定的系统资源。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1298 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1301网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1301最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: G-31参考:网址:http://ciac.llnl.gov/ciac/bulletins/g - 31. shtml参考:FREEBSD: FreeBSD-SA-96:17参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc的设计缺陷Z-Modem协议允许远程文件的发送方在客户机上执行任意程序,rz在rzsz模块实现的FreeBSD 2.1.5之前,和可能的其他程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1301 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1302网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1302最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-05参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml参考:上海合作组织:94:001参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml脆弱性在pt_chmod SCO UNIX 4.2和更早的允许本地用户获得根访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1302 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1303网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1303最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-05参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml参考:上海合作组织:94:001参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml脆弱性在prwarn SCO UNIX 4.2和更早的允许本地用户获得根访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1303 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1304网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1304最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-05参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml参考:上海合作组织:94:001参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml4.2和更早的脆弱性在SCO UNIX登录允许本地用户获得根访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1304 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1305网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1305最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-05参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml参考:上海合作组织:94:001参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml“脆弱性”项目在SCO UNIX 4.2和更早的允许本地用户获得根访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1305 1供应商确认:是的咨询这可能是一样可以- 1999 - 0033,但是,CERT咨询3年后和引用上交所:sse007,这些很可能不同。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1308网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1308最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9611 - 041参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 91. shtml参考:CIAC: h - 91参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 91. shtml某些程序在hp - ux 10.20不妥善处理庞大的用户id (UID)和组id (GID)超过60000,这可能允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1308 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1310网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1310最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CIAC: F-01参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 01. shtml参考:SGI: 19941001 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19941001-01-P参考:MISC:http://www.netsys.com/firewalls/firewalls-9410/0019.html/usr/lib/vadmin/serial_ports SGI IRIX 5。x和信托公司早些时候PATH环境变量找到ls程序,它允许本地用户获得根访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1310 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1311网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1311最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9701 - 046参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 21. shtml参考:CIAC: H-21参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 21. shtml脆弱性dtlogin和dtsession hp - ux 10.20和10.10允许本地用户绕过身份验证和获得的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1311 1供应商确认:是的顾问由于惠普认证的咨询问题发表在1997年,前2年cve - 1999 - 0713(康柏dtlogin,没有细节)以及独立dtsession缓冲区溢位描述的cve - 1999 - 0693 - 2001 - 0426,这是一个合理的猜测,这确实是一个不同的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1313网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1313最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: G-24参考:网址:http://ciac.llnl.gov/ciac/bulletins/g - 24. shtml参考:FREEBSD: FreeBSD-SA-96:11参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:11.man.asc手册页读者(人)早些时候在FreeBSD 2.2和允许本地用户获得特权通过一系列命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1313 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1314网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1314最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: G-24参考:网址:http://ciac.llnl.gov/ciac/bulletins/g - 24. shtml参考:FREEBSD: FreeBSD-SA-96:10参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:10.mount_union.asc脆弱性在FreeBSD 2.2和更早的工会文件系统,可能还有其他操作系统,允许本地用户造成拒绝服务(系统重载)通过一系列的某些mount_union命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1314 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1319网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1319最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SGI: 19960101 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19960101-01-PX脆弱性在对象服务器程序在SGI IRIX 5.2 6.1允许远程攻击者获得根权限在某些配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1319 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1384网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1384最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961030(另一个)漏洞在新SGIs参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420095&w=2参考:AUSCERT: aa - 96.08参考:网址:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul参考:SGI: 19961101 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I参考:报价:470参考:网址:http://www.securityfocus.com/bid/470靛蓝魔力系统旅游在SGI系统旅游包(systour) IRIX 5。x通过6.3允许本地用户获得根权限通过木马.exitops计划,即由本月RemoveSystemTour程序执行的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1384 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1385网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1385最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961219利用购买力平价bug (FreeBSD魅惑。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420332&w=2参考:FREEBSD: FreeBSD-SA-96:20参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc早些时候在FreeBSD 2.1和缓冲区溢出在ppp项目允许本地用户获得特权通过长期的家庭环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1385 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1401网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1401最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SGI: 19961201 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19961201-01-PX参考:报价:463参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=463脆弱性在桌面searchbook IRIX 5.0程序。6.2 x通过设置安全权限(iconbook和searchbook)某些用户文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1401 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1409网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1409最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980703更多关于“在”参考:网址:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html参考:BUGTRAQ: 19980805 irix - 6.2“- f”漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90233906612929&w=2参考:NETBSD: NETBSD - sa1998 - 004参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa1998 txt.asc——004.参考:报价:331参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=3316.2项目IRIX和NetBSD 1.3.2早些时候允许本地用户阅读部分的任意文件提交的文件与- f参数,生成错误消息,在通过电子邮件发送给用户。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1409 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1411网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1411最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:DEBIAN: 19981126新版本的fsp修复安全漏洞参考:网址:http://lists.debian.org/debian-security-announce/1998/debian-security-announce-1998/msg00033.html参考:BUGTRAQ: 19981128 Debian: FSP参考的安全缺陷:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91228908407679&w=2参考:BUGTRAQ: 19981130 Debian: FSP参考的安全缺陷:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91244712808780&w=2参考:BUGTRAQ: 19990217 Debian GNU / Linux 2.0 r5发布(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91936850009861&w=2参考:报价:316参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=316fsp包2.71的安装-10在Debian Linux 2.0添加了匿名FTP用户没有通知管理员,可以自动启用anounymous FTP wu-ftp等一些服务器。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1411 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1419网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1419最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00148参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148参考:报价:219参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=219在nss_nisplus.so缓冲区溢出。1图书馆NIS +在Solaris 2.3和2.4允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1419 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1423网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1423最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970626 Solaris萍bug (DoS)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319160&w=2参考:BUGTRAQ: 19970627简介:Solaris萍bug (DoS)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319171&w=2参考:BUGTRAQ: 19970627 Solaris萍bug (inetsvc)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319181&w=2参考:BUGTRAQ: 19971005 Solaris萍Bug和其他(bc)奇怪参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602558319180&w=2参考:太阳:00146参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146参考:报价:209参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=209萍在Solaris 2.3 2.6允许本地用户造成拒绝服务(崩溃)通过ping请求一个多播地址通过环回接口,例如通过ping -我。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1423 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1457网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1457最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SUSE: 19991116 thttpd参考:网址:http://www.suse.de/de/support/security/suse_security_announce_30.txt缓冲区溢出在thttpd HTTP服务器2.04 -31年允许远程攻击者执行任意命令通过一个长字符串,日期不正确处理tdate_parse函数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1457 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1461网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1461最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19970507 Irix: misc参考:网址:http://www.securityfocus.com/archive/1/6702参考:SGI: 20001101 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I参考:报价:381参考:网址:http://www.securityfocus.com/bid/381inpview在线下IRIX 5.3 IRIX 6.5.10信托PATH环境变量找到并执行ttsession程序,它允许本地用户获得root访问通过修改路径指向一个特洛伊木马ttsession程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1461 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1494网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1494最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19940809 Re: IRIX 5.2安全咨询参考:网址:http://www.securityfocus.com/archive/1/675参考:BUGTRAQ: 19950307叹息。另一个Irix 5.2孔。参考网址:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html参考:SGI: 19950209 - 00 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P参考:XF: sgi-colorview(2112)参考:网址:http://xforce.iss.net/static/2112.php参考:报价:336参考:网址:http://www.securityfocus.com/bid/336在硅谷图形colorview IRIX 5.1, 5.2和6.0允许本地攻击者通过语境参数读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1494 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1079网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1079最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990506 AIX安全补丁更新参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92601792420088&w=2参考:BUGTRAQ: 19990825 AIX安全总结参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93587956513233&w=2参考:AIXAPAR: IX80470参考:网址:http://www - 1. ibm.com/servlet/support/manager?rs=0&rt=0&org=apars&doc=08e0b1a1b85472a1852567c90031bb36参考:报价:439参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=439脆弱性ptrace在AIX 4.3允许本地用户获得特权通过附加一个setgid程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1079 2供应商确认:是的补丁没有详细的信息,它是不确定的,知道这是有关cve - 1999 - 0694(没有列出此APAR)。然而,cve - 1999 - 0694宣布1999年7月,一段时间后,这份报告被公开(7/17/1998)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1297网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1297最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SUNBUG: 1077164参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20cmdtool在SunOS OpenWindows 3.0和3.0 XView 4.1.4早些时候,允许攻击者与物理访问系统显示unechoed字符(比如从密码提示)通过L2 /同样关键。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1297 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1318网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1318最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SUNBUG: 1121935参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20/usr/5bin/su早些时候在SunOS 4.1.3和使用一个搜索路径,包括当前工作目录(.),它允许本地用户获得特权通过木马程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1318 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1486网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1486最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:报价:408参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=408参考:AIXAPAR: IX75554参考:AIXAPAR: IX76853参考:AIXAPAR: IX76330南共体在IBM AIX 4.1到4.3允许本地用户覆盖文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1486 2供应商确认:是的补丁抽象:这可能与南部非洲发展共同体的问题在其他unix系统所发现的8 1994年,但是有足够的细节来确保。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1487网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1487最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:AIXAPAR: IX74599参考:网址:http://www - 1. ibm.com/servlet/support/manager?rt=0&rs=0&org=apars&doc=41d8b61d1e1c4fab852567c9002c546c参考:报价:405参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=405脆弱性消化在AIX 4.3允许printq用户获得根权限通过创建和/或修改系统上的任何文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1487 2供应商确认:是的补丁投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1025网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1025最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981012恼人的Solaris / CDE / NIS +错误引用:URL:参考:SUNBUG: 4115685参考:网址:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F106027&zone_32=411568%2A%20参考:报价:294参考:网址:http://www.securityfocus.com/bid/294CDE屏幕锁程序(screenlock)在Solaris 2.6不正确锁非特权用户控制台会话当主持人是NIS +客户端,它允许别人与物理访问登录任何字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1025 3供应商确认:是的SUNBUG: 4115685内容决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1039网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1039最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SGI: 19980502 - 01 - p3030参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980502-01-P3030脆弱性(2)和(1)diskalign diskperf IRIX 6.4补丁2291和2848年允许本地用户创建的文件设置成导致根妥协。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1039 3供应商确认:是的在引用bugtraq公告内容决定:SF-EXEC抽象:CD: SF-EXEC说使用相同的条目为多个可执行文件和版本相同的包中。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1088网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1088最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9701 - 050参考:CIAC: H-21参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 21. shtml参考:XF: hp-chsh(2012)参考:网址:http://xforce.iss.net/static/2012.php在hp - ux 9脆弱性chsh命令。通过X 10.20允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1088 3供应商确认:对咨询内容的决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1089网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1089最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961209惠普本周错误!参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420285&w=2参考:惠普:hpsbux9701 - 049参考:CIAC: H-21参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 21. shtml参考:CIAC:犯参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 16. shtml参考:AUSCERT: aa - 96.18参考:XF: hp-chfn(2008)缓冲区溢出在hp - ux chfn命令9。通过X 10.20允许本地用户获得特权通过命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1089 3供应商确认:对咨询内容的决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1272网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1272最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SGI: 19980301 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX参考:XF: irix-cdrom-confidence(1635)参考:网址:http://xforce.iss.net/static/1635.php缓冲区溢出CDROM信心测试程序(光盘)允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1272 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1424网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1424最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00145参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145参考:报价:208参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=208Solaris冬至AdminSuite (AdminSuite) 2.1时使用不安全的权限将新用户添加到NIS +密码表,它允许本地用户获得root访问通过修改密码表条目。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1424 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1425网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1425最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00145参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145参考:报价:208参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=208Solaris冬至AdminSuite (AdminSuite) 2.1不正确设置NIS映射源文件的写权限,可以通过修改/etc/passwd.允许本地用户权限分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1425 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1426网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1426最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00145参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145参考:报价:208参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=208Solaris冬至AdminSuite (AdminSuite) 2.1是符号链接更新NIS数据库时,它允许本地用户覆盖任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1426 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1427网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1427最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00145参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145参考:报价:208参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=208Solaris冬至AdminSuite (AdminSuite) 2.1和2.2创建不安全地锁文件,它允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1427 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1428网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1428最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:太阳:00145参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/145参考:报价:208参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=208Solaris冬至AdminSuite (AdminSuite) 2.1和2.2允许本地用户获得特权通过选项保存在数据库管理器与setgid运行本特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1428 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1450网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1450最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:上海合作组织:某人- 99.03 b参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.03 b参考:上海合作组织:某人- 99.06 b参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.06 b参考:上海合作组织:SSE020参考:网址:ftp://ftp.sco.COM/SSE/sse020.ltr参考:上海合作组织:(1)远程登录命令守护进程rshd SSE023漏洞,(2)计划在SCO UNIX OpenServer 5.0.5早些时候,和上海合作组织UnixWare 7.0.1之前,允许远程攻击者获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1450 3供应商确认:对咨询内容的决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1458网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1458最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990125数字Unix 4.0利用缓冲区溢位参考:网址:http://www.securityfocus.com/archive/1/12121参考:上海合作组织:SSRT0583U参考:网址:http://ftp1.support.compaq.com/public/dunix/v4.0d/ssrt0583u.README参考:XF:时的du(3138)参考:网址:http://xforce.iss.net/static/3138.php缓冲区溢出的项目数字UNIX 4.0允许本地用户获得根权限通过命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1458 3供应商确认:对咨询内容的决定:SF-CODEBASE Bugtraq邮报中观察到,这可能是讨论CERT的漏洞一样:ca - 1997 - 18 (- 1999 - 0033)。然而,有足够的细节在CERT咨询确定。康柏咨询不引用CERT咨询,。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1492网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1492最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:SGI: 19980502 - 01 - p3030参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980502-01-P3030参考:XF: sgi-diskalign(2104)参考:网址:http://xforce.iss.net/static/2104.php参考:XF: sgi-diskperf(2103)参考:网址:http://xforce.iss.net/static/2103.php参考:报价:348参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=348脆弱性(2)和(1)diskperf diskalign IRIX 6.4允许本地攻击者创建任意根所有文件,导致根特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1492 3供应商确认:对咨询内容的决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群遗产- misc - 1999 - c - 77的候选人
- 下一个按日期:(提案)集群LEGACY-MS-ADV - 35的候选人
- Prev线程:(提案)集群遗产- misc - 1999 - c - 77的候选人
- 下一个线程:(提案)集群LEGACY-MS-ADV - 35的候选人
- 指数(es):
