(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群LEGACY-MISC-ADV - 43的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群LEGACY-MISC-ADV - 43的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年结婚,2001年9月12日17:06:10(美国东部时间)
- 交货日期:2001年9月12日17:06:15结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我提出集群LEGACY-MISC-ADV供编辑部评论和投票。名称:LEGACY-MISC-ADV描述:候选人在杂项公告,证实1999年早些时候,大小:43通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1100 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1100最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:思科:19980616焦油私有链接密钥处理和加密问题参考:网址:http://www.cisco.com/warp/public/770/pixkey-pub.shtml参考:XF: cisco-pix-parse-error(1579)参考:网址:http://xforce.iss.net/static/1579.php思科焦油私人4.1.6和早期不正确的联系过程中的某些命令配置文件,这样可以减少的有效密钥长度DES 48位而不是56位的关键,这使得攻击者更容易找到正确的钥匙通过蛮力攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1100 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1102网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1102最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr参考:BUGTRAQ: 19940307 8 lgm咨询发布参考:网址:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm参考:CIAC: E-25a参考:网址:http://ciac.llnl.gov/ciac/bulletins/e - 25. shtmllpr在SunOS以下4.4.1,4.3 BSD / UX 2.0.1,和其他基于BSD操作系统允许本地用户创建或覆盖任意文件通过一个符号链接攻击后触发调用lpr 1000倍。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1102 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1117网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1117最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19961124参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&w=2&r=1&s=lquerypv&q=b参考:BUGTRAQ: 19961125 lquerypv修复参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420195&w=2参考:BUGTRAQ: 19961125 AIX lquerypv参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420196&w=2参考:CIAC: H-13参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 13. shtml参考:报价:455参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=455参考:XF: ibm-lquerypv(1752)参考:网址:http://xforce.iss.net/static/1752.phplquerypv在AIX 4.1和4.2允许本地用户读取任意文件通过指定的文件- h命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1117 1供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1175网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1175最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:思科:19980513思科网络缓存控制协议路由器脆弱性参考:网址:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml参考:CIAC:我- 054参考:网址:http://www.ciac.org/ciac/bulletins/i - 054. shtmlWeb缓存控制协议(WCCP)早些时候在思科缓存引擎思科IOS 11.2和不使用身份验证,它允许远程攻击者将HTTP流量重定向到任意主机通过WCCP数据包UDP端口2048。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1175 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1300网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1300最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: B-31参考:网址:http://ciac.llnl.gov/ciac/bulletins/b - 31. shtml脆弱性在克雷智邦科技整合6.1和6.0允许本地用户读取任意文件和修改系统会计配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1300 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1307网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1307最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:未知参考:BUGTRAQ: 19941209 Novell安全顾问在南部非洲发展共同体,urestore suid_exec功能参考:网址:http://www.dataguard.no/bugtraq/1994_4/0676.html参考:CIAC: F-06参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 06. shtml脆弱性在Novell urestore UnixWare 1.1允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1307 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1315网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1315最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-04参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 04. shtml漏洞数据/ OSI的OpenVMS之前5.8 DEC Alpha AXP和VAX / VMS系统允许本地用户获得特权或引起拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1315 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1320网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1320最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: D-01参考:网址:http://ciac.llnl.gov/ciac/bulletins/d - 01. shtml漏洞在网络操作系统3。x和早些时候通过数据包欺骗允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1320 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1324网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1324最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CIAC: D-06参考:网址:http://ciac.llnl.gov/ciac/bulletins/d - 06. shtmlVAXstations开放运行vm 5.3通过与vm DECwindows 5.5 - 2或图案不正确禁用访问用户帐户超过磨合失败的登录尝试限制阈值,这使得它更容易进行暴力破解密码猜测攻击者。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1324 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1325网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1325最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: C-19参考:网址:http://ciac.llnl.gov/ciac/bulletins/c - 19. shtmlSAS系统5.18在VAX / VMS安装不安全的权限的目录和启动文件,它允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1325 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1379网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1379最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990730可能的拒绝服务使用DNS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93348057829957&w=2参考:BUGTRAQ: 19990810可能的拒绝服务使用DNS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93433758607623&w=2参考:AUSCERT: al - 1999.004参考:网址:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos参考:CIAC: j - 063参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 063. shtmlDNS服务器允许远程攻击者使用DNS名称作为通过UDP流量放大器DNS查询的源地址,生产更多的流量比攻击者发送的受害者。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1379 1供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1488网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1488最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:报价:371参考:网址:http://www.securityfocus.com/bid/371参考:CIAC: i - 079 -一个参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 079 a.shtmlsdrd守护进程在IBM SP2系统数据存储库(SDR)允许没有身份验证的远程攻击者读取文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1488 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1074网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1074最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980501警告!Webmin安全咨询参考:网址:http://www.securityfocus.com/archive/1/9138参考:确认:http://www.webmin.com/webmin/changes.html参考:报价:98参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=98Webmin之前0.5不限制无效的数量为一个有效的输入用户名密码,这可能允许远程攻击者获得特权通过暴力破解密码破解。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1074 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1105网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1105最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:确认:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html参考:MISC:http://www.net-security.sk/bugs/NT/netware1.htmlWindows 95,当启用Netware网络远程管理和文件共享,创建一个共享(加元)当管理员远程登录,它允许远程攻击者读取任意文件映射网络驱动器。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1105 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1177网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1177最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://www.w3.org/Security/Faq/wwwsf4.html参考:确认:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish目录遍历脆弱性在nph-publish 1.2允许远程攻击者覆盖任意文件通过一个. .(点点)路径名的一个上传操作。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1177 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1287网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1287最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:确认:http://www.statslab.cam.ac.uk/ sret1 /模拟/ security.html参考:XF: analog-remote-file(1410)参考:网址:http://xforce.iss.net/static/1410.php3.0和更早的脆弱性模拟允许远程攻击者通过表单界面读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1287 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1290网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1290最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981117 nftp脆弱性(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91127951426494&w=2参考:确认:http://www.ayukov.com/nftp/history.html参考:XF: nftp-bo(1397)参考:网址:http://xforce.iss.net/static/1397.php缓冲区溢出在nftp FTP客户端1.40版允许远程恶意FTP服务器导致拒绝服务,并可能执行任意命令,通过响应字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1290 2供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1293网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1293最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980106 Apache安全咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88413292830649&w=2参考:确认:http://www.apache.org/info/security_bulletin_1.2.5.htmlmod_proxy早些时候在Apache 1.2.5和允许远程攻击者通过FTP命令畸形,造成拒绝服务导致Apache转储核心。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1293 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1327网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1327最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980601 Re:安全:Red Hat Linux 5.1 linuxdonf错误(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221103125826&w=2参考:确认:http://www.redhat.com/support/errata/rh51-errata-general.html linuxdonf缓冲区溢出在Red Hat Linux 5.1 1.11 linuxdonf r11-rh2允许本地用户获得根权限通过长朗环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1327 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1328网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1328最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980826 (djb@redhat.com:不明身份的主题!)参考:BUGTRAQ: 19980823安全问题在linuxdonf运w / RedHat 5.1参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90383955231511&w=2参考:确认:http://www.redhat.com/support/errata/rh51-errata-general.html linuxdonf则在1.11之前。r11-rh3在Red Hat Linux 5.1允许本地用户覆盖任意文件通过一个符号链接并获得root访问攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1328 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1329网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1329最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:确认:http://www.redhat.com/support/errata/rh50-errata-general.html SysVinit缓冲区溢出在Red Hat Linux 5.1和更早的SysVInit允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1329 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1330网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1330最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:BUGTRAQ: 19970709[安全]所谓snprintf () db-1.85.4 (fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602661419259&w=2参考:确认:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html参考:确认:http://www.redhat.com/support/errata/rh42-errata-general.htmlsnprintf函数在db图书馆1.85.4忽略了尺寸参数,这可能允许攻击者利用缓冲区溢出,将阻止snprintf正确实现。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1330 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1331网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1331最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:确认:http://www.redhat.com/support/errata/rh42-errata-general.html netcfgnetcfg 2.16 - 1在Red Hat Linux 4.2以太网接口可以控制用户重新启动时设置一个选项,它允许本地用户关闭导致拒绝服务的接口。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1331 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1332网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1332最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980128 GZEXE -大问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88603844115233&w=2参考:确认:http://www.redhat.com/support/errata/rh50-errata-general.html gzipgzexe gzip包在Red Hat Linux 5.0和更早的允许本地用户覆盖文件的其他用户通过一个符号链接攻击一个临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1332 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1333网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1333最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980319 ncftp 2.4.2 mkdir错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=89042322924057&w=2参考:确认:http://www.redhat.com/support/errata/rh50-errata-general.html ncftp自动下载选项在ncftp 2.4.2早些时候在Red Hat Linux 5.0和FTP客户端允许远程攻击者通过执行任意命令shell元字符在下载的文件的名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1333 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1334网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1334最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980129 KSR [T]咨询# 7:过滤器参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88609666024181&w=2参考:确认:http://www.redhat.com/support/errata/rh50-errata-general.html榆树多个缓冲区溢出过滤器命令在榆树2.4允许攻击者执行任意命令通过(1)长:头,(2)长应答:标题,或(3)通过一个长- f (filterfile)命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1334 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1335网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1335最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:确认:http://www.redhat.com/support/errata/rh40-errata-general.html cmu-snmpsnmpd服务器cmu-snmp SNMP软件包在Red Hat Linux 4.0 3.3 - 1之前被配置为允许远程攻击者读取和写入敏感信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1335 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1339网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1339最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990722 Re: ping - r导致内核恐慌转发机器上(2.2.5 2 nd .2.10)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93277766505061&w=2参考:BUGTRAQ: 19990722 Linux + ipchains + ping - r参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93277426802802&w=2参考:确认:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz脆弱性启用网络地址转换(NAT)时,在Linux中2.2.10与ipchains早些时候,允许远程攻击者或FreeBSD 3.2 andy downs表示,造成拒绝服务(内核恐慌)通过一个ping - r(记录路线)命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1339 2供应商确认:是的补丁投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1382网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1382最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980108 NetWare NFS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88427711321769&w=2参考:BUGTRAQ: 19980812 Re: Netware NFS (fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90295697702474&w=2参考:确认:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551NetWare NFS模式1和2在UNIX中实现了“只读”标记根通过改变一个文件的所有权,它允许本地用户通过创建一个setuid root特权程序和设置为“只读”,这NetWare-NFS setuid root程序的变化。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1382 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1386网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1386最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980308另一个/ tmp的比赛:“perl - e”打开临时文件不是安全参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88932165406213&w=2参考:确认:http://www.redhat.com/support/errata/rh50-errata-general.html perlPerl 5.004 _04和遵循符号链接早些时候使用- e选项,它允许本地用户覆盖任意文件通过一个符号链接攻击/ tmp / perl-eaXXXXX文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1386 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1456网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1456最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980819 thttpd 2.04发布(fwd)参考:网址:http://www.securityfocus.com/archive/1/10368参考:确认:http://www.acme.com/software/thttpd/thttpd.html releasenotes参考:XF: thttpd-file-read(1809)参考:网址:http://xforce.iss.net/static/1809.phpthttpd 2.03和更早的HTTP服务器允许远程攻击者通过GET请求读取任意文件与多个领先/(削减)字符的文件名。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1456 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1462网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1462最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990426弗兰克-威廉姆斯:安全注意:老大哥1.09 b / c参考:网址:http://www.securityfocus.com/archive/1/13440参考:确认:http://bb4.com/README.CHANGES参考:报价:142参考:网址:http://www.securityfocus.com/bid/142参考:XF: http-cgi-bigbrother-bbhist(3755)参考:网址:http://xforce.iss.net/static/3755.php在bb-hist脆弱性。sh CGI历史模块老大哥1.09 1.09 b和c允许远程攻击者读取任意文件的部分。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1462 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1474网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1474最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:确认:http://www.microsoft.com/windows/ie/security/powerpoint.asp参考:XF: nt-ppt-patch(179)参考:网址:http://xforce.iss.net/static/179.phpPowerPoint 95年和97年允许远程攻击者会自动运行应用程序没有提示用户,可能通过幻灯片,当浏览器中打开文档如Internet Explorer。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1474 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1481网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1481最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19991025(鱿鱼)利用外部身份验证问题参考:网址:http://www.securityfocus.com/archive/1/33295参考:BUGTRAQ: 19991103(鱿鱼)利用外部身份验证问题参考:网址:http://www.securityfocus.com/archive/1/33295参考:确认:http://www.squid-cache.org/Versions/v2/2.2/bugs/参考:报价:741参考:网址:http://www.securityfocus.com/bid/741参考:XF: squid-proxy-auth-access(3433)参考:网址:http://xforce.iss.net/static/3433.php鱿鱼2.2。STABLE5下面,当使用外部认证,允许攻击者绕过访问控制通过一个换行符的用户/密码对。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1481 2供应商确认:是的、确认:http://www.squid-cache.org/Versions/v2/2.2/bugs/有一节题为“换行密码混淆了身份验证程序”解决这个问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1512网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1512最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990716 AMaViS病毒扫描器为Linux -根利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93219846414732&w=2参考:确认:http://www.amavis.org/ChangeLog.txt参考:报价:527参考:网址:http://www.securityfocus.com/bid/527参考:XF: amavis-command-execute(2349)参考:网址:http://xforce.iss.net/static/2349.phpAMaViS病毒扫描器0.2.0-pre4早些时候,允许远程攻击者执行任意命令作为根通过受感染的邮件消息应答shell元字符的字段。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1512 2供应商确认:是的readme确认:1999-07-17项更改日志说“固定可能利用BugTraq发表。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0808网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0808最终决定:阶段性裁决:修改:建议:20010912分配:19991125类别:科幻参考:BUGTRAQ: 19980518 DHCP 1.0和2.0安全警报!(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101925960&w=2参考:CIAC:我- 053参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 053. shtml参考:MISC:ftp://ftp.isc.org/isc/dhcp/dhcp - 1.0 - 1.0 history/dhcp - 1.0.0 pl1.diff.gz多个缓冲区溢出ISC DHCP服务器分布(了dhcpd) 1.0和2.0允许远程攻击者可能导致拒绝服务(崩溃)和执行任意命令通过长时间的选择。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0808 3供应商确认:对咨询内容的决定:SF-LOC公告没有提供细节,分析源在dhcp diff - 1.0.0 pl1.diff——1.0。广州显然表明,问题是长缓冲区和期权相关处理。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1042网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1042最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:思科:19980813 CRM临时文件脆弱性参考:网址:http://www.cisco.com/warp/public/770/crmtmp-pub.shtml思科的资源管理器(CRM) 1.0和1.1创建全局日志文件和临时文件,这可能会暴露敏感信息,本地用户,如用户id、密码和SNMP社区字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1042 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1126网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1126最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:思科:19980813 CRM临时文件脆弱性参考:网址:http://www.cisco.com/warp/public/770/crmtmp-pub.shtml参考:CIAC:我- 086参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 086. shtml参考:XF: cisco-crm-file-vuln(1575)参考:网址:http://xforce.iss.net/static/1575.php思科1.1和更早的资源管理器(CRM)创建某些不安全的文件权限,允许本地用户配置获取敏感信息,包括用户名、密码,和SNMP社区字符串,从(1)swim_swd。(2)swim_debug日志。(3)dbi_debug日志。日志,和(4)临时文件的名字从“DPR_”开始。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1126 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1167网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1167最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:确认:http://www.wired.com/万博下载包news/technology/0, 1282、20677、00. html参考:MISC:http://www.wired.com/万博下载包news/technology/0, 1282、20636、00. html跨站点脚本漏洞在第三语音Web注解实用程序允许远程用户读取敏感数据并生成假网页为其他第三声音用户通过注入恶意Javascript注释。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1167 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1206网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1206最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990729新的ActiveX安全问题在Windows 98 pc参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93336970231857&w=2参考:确认:http://www.systemsoft.com/l-2/l-3/support-systemwizard.htm参考:报价:555参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=555SystemSoft SystemWizard包与Windows 98惠普馆PC,可能还有其他平台和操作系统,安装两个ActiveX控件标记为安全的脚本,它允许远程攻击者执行任意命令通过一个恶意网页引用(1)发射控制,或(2)RegObj控制。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1206 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1355网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1355最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990817康柏PFCUser账户参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93542118727732&w=2参考:NTBUGTRAQ: 19990905例ID SSRT0620—PFCUser账户通信参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93654336516711&w=2参考:NTBUGTRAQ: 19990915(我)更新- PFCUser帐户,参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93759822430801&w=2参考:NTBUGTRAQ: 19991105更新:SSRT0620康柏基金会代理v4.40B PFCUser问题参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94183795025294&w=2参考:确认:http://www.compaq.com/products/servers/management/advisory.html参考:XF: management-pfcuser(3231)参考:网址:http://xforce.iss.net/static/3231.phpBMC巡逻组件,安装后与康柏洞察管理代理4.23和更早的,或管理代理服务器4.40及之前,创建一个默认PFCUser帐号和密码和有潜在危险的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1355 3供应商确认:对咨询内容的决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1464网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1464最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:思科:19981105思科IOS DFS访问列表漏参考:网址:http://www.cisco.com/warp/public/770/iosdfsacl-pub.shtml参考:CIAC: j - 016参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 016. shtml参考:XF: cisco-acl-leakage(1401)参考:网址:http://xforce.iss.net/static/1401.php脆弱性在思科IOS 11.1 cc和11.1 ct与分布式快速交换(DFS)启用允许远程攻击者绕过某些访问控制列表,当路由器交换机流量DFS-enabled接口,一个接口,没有启用DFS,像思科bug CSCdk35564所描述的那样。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1464 3供应商确认:对咨询内容的决定:SF-LOC思科咨询是模糊的细节问题,但明确表示,有两个独立的问题。因为问题出现在不同版本的IOS, CD: SF-LOC认为创建单独的CVE物品的两个问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1465网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1465最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:思科:19981105思科IOS DFS访问列表漏参考:网址:http://www.cisco.com/warp/public/770/iosdfsacl-pub.shtml参考:CIAC: j - 016参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 016. shtml参考:XF: cisco-acl-leakage(1401)参考:网址:http://xforce.iss.net/static/1401.php脆弱性在思科IOS 11.1 11.3与分布式快速交换(DFS)启用允许远程攻击者绕过某些访问控制列表当路由器交换机流量DFS-enabled输入接口,输出接口与一个逻辑识别码。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1465 3供应商确认:对咨询内容的决定:SF-LOC思科咨询是模糊的细节问题,但明确表示,有两个独立的问题。因为问题出现在不同版本的IOS, CD: SF-LOC认为创建单独的CVE物品的两个问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群老- 2000 - 20的候选人
- 下一个按日期:(CVEPRI)董事会电话会议9月27日举行
- Prev线程:(提案)集群老- 2000 - 20的候选人
- 下一个线程:(CVEPRI)董事会电话会议9月27日举行
- 指数(es):
