(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近- 74 - 29的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):最近集群- 74 - 29的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0500年:星期四,2001年11月22日00:10:48(美国东部时间)
- 交货日期:2001年11月22日00:10:53星期四
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出集群——74年由编辑委员会审查和投票。名称:最近- 74描述:候选人宣布11/1/2001和11/20/2001之间尺寸:29日通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0719 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0719最终决定:阶段性裁决:修改:建议:20011122分配:20010927类别:科幻参考:女士:ms01 - 056参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 056. - asp缓冲区溢出在微软Windows媒体播放器6.4允许远程攻击者执行任意代码通过一个畸形的先进的流媒体格式(ASF)文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0719 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0722网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0722最终决定:阶段性裁决:修改:建议:20011122分配:20010927类别:科幻参考:BUGTRAQ: 20011108微软IE饼干可读通过:URL引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100527618108521&w=2参考:BUGTRAQ: 20011019小IE漏洞::URL引用:网址:http://www.securityfocus.com/archive/1/221612参考:女士:ms01 - 055参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 055. - aspInternet Explorer 5.5和6.0允许远程攻击者读取和修改用户通过Javascript的饼干:URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0722 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0801网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0801最终决定:阶段性裁决:修改:建议:20011122分配:20011025类别:科幻参考:MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2参考:SGI: 20011003 - 02 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P早些时候在IRIX 6.5.13f及作业允许本地用户获得根权限通过指定一个特洛伊木马nettype共享库分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0801 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0803网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0803最终决定:阶段性裁决:修改:建议:20011122分配:20011029类别:科幻参考:国际空间站:20011112多厂家的缓冲区溢出漏洞的CDE子流程控制服务引用:网址:http://xforce.iss.net/alerts/advise101.php参考:CERT: ca - 2001 - 31参考:网址:http://www.cert.org/advisories/ca - 2001 - 31. - html参考:CERT-VN: VU # 172583参考:网址:http://www.kb.cert.org/vuls/id/172583参考:惠普:hpsbux0111 - 175参考:网址:http://www.securityfocus.com/advisories/3651参考:火山口:综援- 2001上海合作组织。30参考:网址:ftp://stage.caldera.com/pub/security/openunix/cssa - 2001 sco.30/参考:报价:3517参考:网址:http://www.securityfocus.com/bid/3517客户端连接程序的缓冲区溢出libDtSvc.so。1 CDE子流程控制服务(dtspcd)允许远程攻击者执行任意命令分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0803 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0817网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0817最终决定:阶段性裁决:修改:建议:20011122分配:20011115类别:科幻参考:国际空间站:20011120远程漏洞在hp - ux行式打印机守护进程引用逻辑缺陷:网址:http://xforce.iss.net/alerts/advise102.php参考:惠普:hpsbux0111 - 176参考:网址:http://archives.neohapsis.com/archives/hp/2001-q4/0047.html参考:XF: hpux-rlpdaemon-logic-flaw(7234)参考:网址:http://xforce.iss.net/static/7234.php脆弱性在hp - ux行式打印机守护进程(rlpdaemon)在hp - ux 10.01 11.11允许远程攻击者修改任意文件并获得根权限通过一定的印刷要求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0817 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0850网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0850最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:火山口:综援- 2001 - 037.0参考:网址:http://www.caldera.com/support/security/advisories/cssa - 2001 037.0.txt配置错误在OpenLinux libdb1包3.1 snprintf和vsnprintf功能的使用不安全的版本,这可能允许本地或远程用户缓冲区溢出的利用这些功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0850 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0851网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0851最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:ENGARDE: esa - 20011106 - 01参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 1683. - html参考:火山口:综援- 2001 - 38.0参考:网址:http://www.caldera.com/support/security/advisories/cssa - 2001 038.0.txt参考:SUSE: SuSE-SA: 2001:039参考:网址:http://www.suse.de/de/support/security/2001_039_kernel2_txt.txtLinux内核2.0,2.2和2.4启用了syncookies允许远程攻击者绕过防火墙规则通过蛮力猜测饼干。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0851 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0852网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0852最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011105 RH Linux晚礼服HTTPD DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100498100112191&w=2参考:确认:http://marc.theaimsgroup.com/?l=tux-list&m=100584714702328&w=2参考:REDHAT: RHSA-2001:142参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 142. - html晚礼服HTTP服务器2.1.0-2在Red Hat Linux允许远程攻击者造成拒绝服务通过发送一个难看的头。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0852 1供应商确认:是的咨询确认:在REDHAT: RHSA-2001:142似乎集中在syncookie问题,一段说“这些包解决远程晚礼服web服务器的拒绝服务攻击”和信贷Bugtraq研究员张贴。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0859网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0859最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:REDHAT: RHSA-2001:148参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 148. - html2.4.3-12韩国在Red Hat Linux 7.1内核安装程序将默认umask设置初始化设置为000,与对外公开权限,安装文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0859 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0861网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0861最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:思科:20011114 ICMP遥不可及的脆弱性在思科12000系列网络路由器参考:网址:http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml思科12000年与IOS 12.0和线卡基于引擎2和早些时候允许远程攻击者造成拒绝服务(CPU消耗)通过向路由器流量产生大量的ICMP遥不可及的回答。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0861 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0862网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0862最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:思科:20011114多个漏洞为思科12000系列网络路由器访问控制列表实现参考:网址:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml思科12000年与IOS 12.0和线卡基于发动机2不non-initial包块碎片,它允许远程攻击者绕过ACL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0862 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0863网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0863最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:思科:20011114多个漏洞为思科12000系列网络路由器访问控制列表实现参考:网址:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml思科12000年与IOS 12.0和线卡基于发动机2不处理“片段”关键字在编译前交叉韧带(ACL)涡轮数据包被发送到路由器,它允许远程攻击者造成拒绝服务通过大量的碎片。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0863 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0864网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0864最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:思科:20011114多个漏洞为思科12000系列网络路由器访问控制列表实现参考:网址:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml思科12000年与IOS 12.0和线卡基于发动机2不妥善处理隐式“否认任何任何ip”规则在一个外向ACL ACL包含448项,可以允许一些外向的数据包绕过访问限制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0864 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0865网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0865最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:思科:20011114多个漏洞为思科12000系列网络路由器访问控制列表实现参考:网址:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml思科12000年与IOS 12.0和基于发动机2线卡不支持“片段”关键字在一个即将离任的ACL,这可能允许分散数据包目的违反访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0865 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0866网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0866最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:思科:20011114多个漏洞为思科12000系列网络路由器访问控制列表实现参考:网址:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml思科12000年与IOS 12.0基于引擎和线卡2不妥善处理出站ACL当输入ACL不是一个多端口的所有接口上配置线卡,这可能允许远程攻击者绕过访问控制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0866 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0867网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0867最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:思科:20011114多个漏洞为思科12000系列网络路由器访问控制列表实现参考:网址:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml思科12000年与IOS 12.0和线卡基于发动机2不适当过滤不适当过滤包碎片即使在ACL中使用关键字“片段”,它允许远程攻击者绕过访问控制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0867 1供应商确认:是的咨询抽象:这听起来像一个复制的其他几个问题包含在这个咨询,但思科使用一个不同的错误ID (CSCdt69741)比其他人,影响IOS版本略有不同,这是一个不同的问题,应该分开。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0857网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0857最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011109 Imp邮箱会话劫持漏洞引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100535679608486&w=2参考:BUGTRAQ: 20011110 IMP 2.2.7(安全)公布的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100540578822469&w=2跨站点脚本漏洞的地位。2.2.6 php3 Imp的邮箱。早些时候,允许远程攻击者获取其他用户的电子邮件通过消息参数通过劫持会话cookie。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0857 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0721网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0721最终决定:阶段性裁决:修改:建议:20011122分配:20010927类别:科幻参考:BUGTRAQ: 20011101三个“Windows XP DOS攻击参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100467787323377&w=2参考:BUGTRAQ: 20011109重要信息关于ms01 - 054和WindowsME参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100528449024158&w=2参考:女士:ms01 - 054参考:网址:http://www.microsoft.com/technet/security/bulletin/ms01 - 054. - asp“通用即插即用()在Windows 98中,98年,我,XP允许远程攻击者造成拒绝服务(内存消耗或崩溃)通过一个“畸形”的要求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0721 3供应商确认:对咨询内容的决定:SF-LOC抽象:几种不同类型的DoS问题都包含在原始Bugtraq帖子,这应该可以分裂。至少一个问题处理头畸形,和另一个处理处理大量传入的请求。从CVE的角度来看,这些都是至少两个不同类型的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0799网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0799最终决定:阶段性裁决:修改:建议:20011122分配:20011025类别:科幻参考:MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2参考:SGI: 20011003 - 02 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P缓冲区溢出在lpsched IRIX 6.5.13f早些时候,允许远程攻击者执行任意命令通过一个长期的观点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0799 3供应商确认:对咨询内容的决定:SF-LOC CD: SF-LOC说区分不同类型的漏洞,所以分开shell元字符缓冲区溢出的问题(可以- 2001 - 0800)。此外,SGI咨询和LSD描述都暗示涉及多个缓冲区溢出。自修复问题在同一版本,CD: SF-LOC说结合溢出到单个项目。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0800网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0800最终决定:阶段性裁决:修改:建议:20011122分配:20011025类别:科幻/ CF / MP / SA / /未知参考:MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpsched2参考:SGI: 20011003 - 02 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P早些时候在IRIX 6.5.13f及lpsched允许远程攻击者通过shell元字符执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0800 3供应商确认:对咨询内容的决定:SF-LOC CD: SF-LOC说区分不同类型的漏洞,所以shell元字符的问题是分开的缓冲区溢出(- 2001 - 0799)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0815网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0815最终决定:阶段性裁决:修改:建议:20011122分配:20011113类别:科幻参考:BUGTRAQ: 20011115 NSFOCUS SA2001-07: ActivePerl玻璃市。dll远程缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100583978302585&w=2参考:确认:http://bugs.activestate.com/show_bug.cgi?id=18062参考:报价:3526参考:网址:http://www.securityfocus.com/bid/3526在玻璃市缓冲区溢出。dll在Activestate ActivePerl 5.6.1.629早些时候,允许远程攻击者exute任意代码通过一个HTTP请求长文件名”中结束. pl扩展。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0815 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0848网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0848最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011101保险丝脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100463832209281&w=2加入。cfm e-Zone媒体融合和允许本地用户执行任意SQL代码通过一个分号(;)形式变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0848 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0849网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0849最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011101脆弱性Viralator代理扩展参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100463639800515&w=2参考:MISC:http://viralator.loddington.com/changes.htmlviralator早些时候在viralator 0.9 pre1和CGI脚本允许远程攻击者通过一个URL执行任意代码文件被下载,这是不可靠地传递给调用wget。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0849 3供应商确认:未知的模糊的确认:在更改日志http://viralator.loddington.com/changes.html0.9“0.9 pre1 pre2”一节说“安全与污染修复——viralator现在运行检查打开,“这将解决这个问题在这里描述。然而,它还不够具体。在http://viralator.loddington.com/about.html0.9 pre2 05/11/2001约会,可能是11月5日(5月11日),这是后不久Bugtraq的日期。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0853网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0853最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:CF参考:BUGTRAQ: 20011105新getAccess (tm)脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100498111712723&w=2参考:BUGTRAQ: 20011105委托公报e01 - 005: GetAccess访问服务漏洞引用:网址:http://archives.neohapsis.com/archives/bugtraq/2001-11/0022.html目录遍历脆弱性委托GetAccess允许远程攻击者读取任意文件通过一个. .(点点)(1)helpwin.gas区域参数。蝙蝠或(2)AboutBox.gas.bat。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0853 3供应商确认:对咨询内容的决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0854网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0854最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011105复制和删除文件使用PHP-Nuke参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100525739116093&w=2PHP-Nuke 5.2允许远程攻击者通过调用case.filemanager复制和删除任意文件。php与管理。php作为一个参数,它集$ PHP_SELF变量case.filemanager并使它出现。php是被称为admin。php,而不是用户。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0854 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0855网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0855最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011109 ClearCase环境变量db_loader词缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100528623328037&w=2缓冲区溢出在db_loader ClearCase 4.2和更早的允许本地用户获得根权限通过长期的环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0855 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0856网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0856最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011109提取3 des密钥从IBM 4758参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100533053219673&w=2参考:MISC:http://www.cl.cam.ac.uk/ rnc1 / descrack /参考:MISC:http://www.cl.cam.ac.uk/ rnc1 / descrack / attack.html常见的加密体系结构(CCA)在IBM 4758允许攻击者与物理和Combine_Key_Parts权限访问系统,窃取DES和3 DES密钥通过使用蛮力攻击键创建一个3 DES出口国。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0856 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0858网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0858最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011113安全更新:[综援- 2001上海合作组织。32)开放的UNIX, UnixWare 7:缓冲区溢出在购买力平价实用程序参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100562386012917&w=2参考:火山口:综援- 2001上海合作组织。32个参考:网址:ftp://stage.caldera.com/pub/security/openunix/cssa - 2001 sco.32/缓冲区溢出pppattach和其他有关PPP Unix实用程序在火山口开放8.0和UnixWare 7.1.0和安装7.1.1允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0858 3供应商确认:对咨询内容的决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0860网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0860最终决定:阶段性裁决:修改:建议:20011122分配:20011122类别:科幻参考:BUGTRAQ: 20011114 Xato咨询:Win2k / XP终端服务IP欺骗参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100578220002083&w=2终端服务经理MMC在Windows 2000和XP信任客户端地址(IP地址),是由客户提供的而不是获取数据包报头,它允许客户欺骗他们的公共IP地址,例如通过一个网络地址转换(NAT)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0860 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近24 - 73的候选人
- 下一个按日期:(兼容)CVE 0.8.1兼容性要求——版本
- Prev线程:(提案)集群最近24 - 73的候选人
- 下一个线程:(兼容)CVE 0.8.1兼容性要求——版本
- 指数(es):
