[技术]CD:模糊对46名候选人及其影响

46个候选人有足够的接受票是搬到临时决定,最终被提升到CVE条目。然而,他们却由于受到阻碍问题CD:模糊。罐的总数是真的* *受到CD:模糊不确定。我只是标签的罐头,我正在考虑临时的决定,这是所有活动的一个子集罐(别人没有足够的选票,已经与其他光盘标签,等等)。一些CVE条目也可能受到影响。当我回顾了候选人,我遇到了几个问题:1)如何模糊也是* *模糊?一些漏洞报告给你的攻击向量没有描述潜在的脆弱性,反之亦然。例子:可以- 1999 - 1287,- 1999 - 1308 - 1999 - 1313,- 1999 - 1314,- 1999 - 1362,- 1999 - 1391,- 1999 - 1392,- 1999 - 1554。- 2001 - 0101 2)我并不是最初意识到CD:模糊是一个问题,直到一些董事会成员将在投票评论。事实上,许多CD出现由于投票评论。 This led me to realize that Board members who vote on candidates can drive the creation of content decisions, because they question the assumptions of CVE, or they indirectly reinforce them. Non-voting members are implicitly trusting that voting members will find any CD-related issues that the non-voting members care about. 3) To illuminate #2, here are the voters for the 46 CANs that could be ACCEPTed today were it not for CD:VAGUE: Green ACCEPT(3) Cole ACCEPT(46) Balinsky ACCEPT(2) Foat ACCEPT(40) NOOP(5) Williams ACCEPT(2) Wall ACCEPT(2) NOOP(27) Ziese ACCEPT(3) Dik ACCEPT(1) Frech ACCEPT(17) MODIFY(24) Stracener ACCEPT(37) Bollinger MODIFY(1) Baker ACCEPT(8) Bishop ACCEPT(4) Armstrong ACCEPT(14) Prosser ACCEPT(1) These voters have implicitly agreed to some portion of CD:VAGUE. They may wish to review the candidates below to see if they still agree. 4) Following is a summary of the major CVE reference sources whose associated CANs are affected by CD:VAGUE. 3 AIXAPAR 13 CERT 2 CERT-VN 17 CIAC 2 CISCO 1 COMPAQ 5 CONFIRM 1 FREEBSD 13 HP 1 ISS 1 REDHAT 6 SCO 1 SGI 1 TURBO e.g., 13 candidates are associated with vague CERT advisories. "CONFIRM" is used for acknowledgement by other, non-major vendors. This issue was a little broader than I thought. I was a little surprised to see some open source vendors, for example. Board members are encouraged to consider these statistics while reviewing CD:VAGUE. The specific (pardon the pun) candidates are listed below. - Steve ====================================================== Candidate: CAN-1999-1079 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1079最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990506 AIX安全补丁更新参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92601792420088&w=2参考:BUGTRAQ: 19990825 AIX安全总结参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93587956513233&w=2参考:AIXAPAR: IX80470参考:网址:http://www - 1. ibm.com/servlet/support/manager?rs=0&rt=0&org=apars&doc=08e0b1a1b85472a1852567c90031bb36参考:报价:439参考:网址:http://www.securityfocus.com/bid/439脆弱性ptrace在AIX 4.3允许本地用户获得特权通过附加一个setgid程序。内容判定:模糊推断行动:- 1999 - 1079能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: aix-ptrace-setgid(7487) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1213网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1213最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9710 - 070参考:网址:http://www2.dataguard.no/bugtraq/1997_4/0001.html参考:XF: hp-telnetdos(571)参考:网址:http://xforce.iss.net/static/571.php脆弱性telnet服务在hp - ux 10.30允许攻击者造成拒绝服务。内容判定:模糊推断行动:- 1999 - 1213能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1216网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1216最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1993 - 07年参考:网址:http://www.cert.org/advisories/ca - 1993 - 07. - html参考:CIAC: D-15参考:网址:http://ciac.llnl.gov/ciac/bulletins/d - 15. shtml参考:XF: cisco-sourceroute(541)参考:网址:http://xforce.iss.net/static/541.php9.17和更早的Cisco路由器允许远程攻击者绕过安全限制通过某些IP源路由数据包,通常应该否认使用“没有IP source-route”命令。内容判定:模糊推断行动:- 1999 - 1216能接受(4接受,2 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1218网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1218最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1993 - 04参考:网址:http://www.cert.org/advisories/ca - 1993 - 04. - html参考:XF: amiga-finger(522)参考:网址:http://xforce.iss.net/static/522.php脆弱的手指Commodore Amiga UNIX 2.1 p2a早些时候,允许本地用户读取任意文件。内容判定:模糊推断行动:- 1999 - 1218能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1238网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1238最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9409 - 017参考:网址:http://www.securityfocus.com/advisories/1531参考:XF: hp-core-diag-fileset(2262)参考:网址:http://xforce.iss.net/static/2262.php脆弱性CORE-DIAG早些时候在HP - ux 9.05和惠普信息目录中的文件集允许本地用户获得特权。内容判定:模糊推断行动:- 1999 - 1238能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1239网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1239最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9407 - 015参考:网址:http://www.securityfocus.com/advisories/1559参考:XF: hp-xauthority(2261)参考:网址:http://xforce.iss.net/static/2261.phphp - ux 9。x不正确启用Xauthority机制在一定条件下,可以允许本地用户访问x显示即使他们没有明确被授权这样做。内容判定:模糊推断行动:- 1999 - 1239能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1242网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1242最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9402 - 003参考:网址:http://packetstormsecurity.org/advisories/hpalert/003参考:XF: hp-subnet-config(2162)参考:网址:http://xforce.iss.net/static/2162.php脆弱性在hp - ux 9.01和9.0 subnetconfig允许本地用户获得特权。内容判定:模糊推断行动:- 1999 - 1242能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1247网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1247最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9402 - 006参考:网址:http://packetstormsecurity.org/advisories/hpalert/006参考:XF: hp-dce9000(2061)参考:网址:http://xforce.iss.net/static/2061.php脆弱性在惠普摄像头组件的惠普在HP - ux DCE / 9000 9。x允许攻击者获得根权限。内容判定:模糊推断行动:- 1999 - 1247能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1248网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1248最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9411 - 019参考:网址:http://packetstormsecurity.org/advisories/hpalert/019参考:XF: hp-supportwatch(2058)参考:网址:http://xforce.iss.net/static/2058.php脆弱性支持观看(又名SupportWatch)在hp - ux 8.0 9.0允许本地用户获得特权。内容判定:模糊推断行动:- 1999 - 1248能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1251网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1251最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9612 - 043参考:网址:http://packetstormsecurity.org/advisories/hpalert/043参考:XF: hp-audio-panic(2010)参考:网址:http://xforce.iss.net/static/2010.php脆弱性直接在hp - ux 10.20和10.10音频用户空间代码允许本地用户造成拒绝服务。内容判定:模糊推断行动:- 1999 - 1251能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1252网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1252最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: vb - 96.15参考:网址:http://www.cert.org/vendor_bulletins/VB-96.15.sco参考:上海合作组织:96:002参考:网址:ftp://ftp.sco.COM/SSE/security_bulletins/SB.96:02a参考:XF: sco-system-call(1966)参考:网址:http://xforce.iss.net/static/1966.php脆弱性在一定系统调用在上海合作组织UnixWare 2.0。x和魅惑允许本地用户访问任意文件并获得根权限。内容判定:模糊推断行动:- 1999 - 1252能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1253网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1253最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: vb - 96.10参考:网址:http://www.cert.org/vendor_bulletins/VB-96.10.sco参考:上海合作组织:96:001参考:网址:ftp://ftp.sco.com/SSE/security_bulletins/SB.96:01a参考:XF: sco-kernel(1965)参考:网址:http://xforce.iss.net/static/1965.php脆弱性在上海合作组织OpenServer 5.0.2内核错误处理例程和之前,和上海合作组织互联网1.0由于“快速上手”项目,允许本地用户获得根权限。内容判定:模糊推断行动:- 1999 - 1253能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,抑郁症,Stracener等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1287网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1287最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:确认:http://www.statslab.cam.ac.uk/ sret1 /模拟/ security.html参考:XF: analog-remote-file(1410)参考:网址:http://xforce.iss.net/static/1410.php3.0和更早的脆弱性模拟允许远程攻击者通过表单界面读取任意文件。内容判定:模糊推断行动:- 1999 - 1287能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(5)Foat,科尔,阿姆斯特朗,抑郁症,Stracener等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1293网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1293最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980106 Apache安全咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88413292830649&w=2参考:确认:http://www.apache.org/info/security_bulletin_1.2.5.htmlmod_proxy早些时候在Apache 1.2.5和允许远程攻击者通过FTP命令畸形,造成拒绝服务导致Apache转储核心。内容判定:模糊推断行动:- 1999 - 1293能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,阿姆斯特朗,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF: apache-mod-proxy-dos(7249)确认参考似乎不再存在。BugTraq消息似乎是一个确认/咨询。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1295网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1295最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:CERT: vb - 96.16参考:网址:http://www.cert.org/vendor_bulletins/VB-96.16.transarc参考:XF: dfs-login-groups(7154)参考:网址:http://xforce.iss.net/static/7154.phpTransarc DCE分布式文件系统(DFS) 1.1为Solaris 2.4和2.5的用户没有正确初始化grouplist属于大量的组织,这可能允许用户获取资源,受到DFS的保护。修改:ADDREF XF: dfs-login-groups(7154)内容判定:模糊推断行动:- 1999 - 1295能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF: dfs-login-groups(7154) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1300网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1300最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: B-31参考:网址:http://ciac.llnl.gov/ciac/bulletins/b - 31. shtml脆弱性在克雷智邦科技整合6.1和6.0允许本地用户读取任意文件和修改系统会计配置。内容判定:模糊推断行动:- 1999 - 1300能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,阿姆斯特朗,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF: unicos-accton-read-files(7210) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1302网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1302最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-05参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml参考:上海合作组织:94:001参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml脆弱性在pt_chmod SCO UNIX 4.2和更早的允许本地用户获得根访问。内容判定:模糊推断行动:- 1999 - 1302能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: sco-pt_chmod(7586) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1303网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1303最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-05参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml参考:上海合作组织:94:001参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml脆弱性在prwarn SCO UNIX 4.2和更早的允许本地用户获得根访问。内容判定:模糊推断行动:- 1999 - 1303能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: sco-prwarn(7587) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1304网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1304最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-05参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml参考:上海合作组织:94:001参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml4.2和更早的脆弱性在SCO UNIX登录允许本地用户获得根访问。内容判定:模糊推断行动:- 1999 - 1304能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: sco-login(7588) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1305网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1305最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-05参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml参考:上海合作组织:94:001参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 05. shtml“脆弱性”项目在SCO UNIX 4.2和更早的允许本地用户获得根访问。内容判定:模糊推断行动:- 1999 - 1305能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: sco-at(7589) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1307网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1307最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:未知参考:BUGTRAQ: 19941209 Novell安全顾问在南部非洲发展共同体,urestore suid_exec功能参考:网址:http://www.dataguard.no/bugtraq/1994_4/0676.html参考:CIAC: F-06参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 06. shtml脆弱性在Novell urestore UnixWare 1.1允许本地用户获得根权限。内容判定:模糊推断行动:- 1999 - 1307能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,阿姆斯特朗,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF; novell-unixware-urestore-root(7211) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1308网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1308最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9611 - 041参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 91. shtml参考:CIAC: H-09参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 09. shtml参考:CIAC: h - 91参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 91. shtml参考:XF: hp-large-uid-gid(7594)参考:网址:http://www.iss.net/security_center/static/7594.php某些程序在hp - ux 10.20不妥善处理庞大的用户id (UID)和组id (GID)超过60000,这可能允许本地用户获得特权。修改:ADDREF XF: hp-large-uid-gid ADDREF (7594)http://ciac.llnl.gov/ciac/bulletins/h - 09. shtml内容判定:模糊推断行动:- 1999 - 1308能接受(4接受,2 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: hp-large-uid-gid(7594) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1311网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1311最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:惠普:hpsbux9701 - 046参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 21. shtml参考:CIAC: H-21参考:网址:http://ciac.llnl.gov/ciac/bulletins/h - 21. shtml脆弱性dtlogin和dtsession hp - ux 10.20和10.10允许本地用户绕过身份验证和获得的特权。内容判定:模糊推断行动:- 1999 - 1311能接受(3接受,2 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1313网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1313最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:CIAC: G-24参考:网址:http://ciac.llnl.gov/ciac/bulletins/g - 24. shtml参考:FREEBSD: FreeBSD-SA-96:11参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:11.man.asc参考:XF: bsd-man-command-sequence(7348)参考:网址:http://xforce.iss.net/static/7348.php手册页读者(人)早些时候在FreeBSD 2.2和允许本地用户获得特权通过一系列命令。修改:ADDREF XF: bsd-man-command-sequence(7348)内容判定:模糊推断行动:- 1999 - 1313能接受(4接受,2 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: bsd-man-command-sequence(7348) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1315网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1315最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: F-04参考:网址:http://ciac.llnl.gov/ciac/bulletins/f - 04. shtml漏洞数据/ OSI的OpenVMS之前5.8 DEC Alpha AXP和VAX / VMS系统允许本地用户获得特权或引起拒绝服务。内容判定:模糊推断行动:- 1999 - 1315能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,阿姆斯特朗,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF: openvms-decnetosi-gain-privileges(7212) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1319网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1319最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:SGI: 19960101 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19960101-01-PX参考:XF: irix-object-server(7430)参考:网址:http://www.iss.net/security_center/static/7430.php脆弱性在对象服务器程序在SGI IRIX 5.2 6.1允许远程攻击者获得根权限在某些配置。修改:ADDREF XF: irix-object-server(7430)内容判定:模糊推断行动:- 1999 - 1319能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: irix-object-server(7430) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1391网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1391最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 06年参考:网址:http://www.cert.org/advisories/ca - 1990 - 06. - html参考:CIAC: B-01参考:网址:http://ciac.llnl.gov/ciac/bulletins/b - 01. shtml参考报价:10参考:网址:http://www.securityfocus.com/bid/10参考:XF: nextstep-npd-root-access(7143)参考:网址:http://www.iss.net/security_center/static/7143.php脆弱性在接下来的1.0和1.0公开访问打印机允许本地用户获得特权通过npd项目和弱目录权限。修改:ADDREF XF: nextstep-npd-root-access(7143)内容判定:模糊推断行动:- 1999 - 1391能接受(4接受,2 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF: nextstep-npd-root-access(7143) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1395网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1395最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:CERT: ca - 1992 - 18参考:网址:http://www.cert.org/advisories/ca - 1992 - 18. - html参考:CERT: ca - 92.16参考:网址:http://www.cert.org/advisories/CA-92.16.VMS.Monitor.vulnerability参考报价:51参考:网址:http://www.securityfocus.com/bid/51参考:XF: vms-monitor-gain-privileges(7136)参考:网址:http://www.iss.net/security_center/static/7136.php脆弱性监控工具(SYS $共享:SPISHR.EXE)在vm 5.0 5.4 - 2允许本地用户获得特权。修改:ADDREF XF: vms-monitor-gain-privileges(7136)内容判定:模糊推断行动:- 1999 - 1395能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,弗伦奇等待Stracener修改(1)(2)Christey,墙选民的评论:弗雷希> XF: vms-monitor-gain-privileges(7136) - 1999 - 1056可以复制?如果没有,说明为什么在分析评论。Christey >注意可以- 1999 - 1056 Christey > - 1999 - 1056实际上是重复的。这个候选人将保留,并能- 1999 - 1056将被拒绝,因为这个候选人有更多的引用。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1415网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1415最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 91.13参考:网址:http://www.cert.org/advisories/CA-91.13.Ultrix.mail.vulnerability参考报价:27个参考:网址:http://www.securityfocus.com/bid/27脆弱性在12月之前ULTRIX /usr/bin/mail 4.2允许本地用户获得特权。内容判定:模糊推断行动:- 1999 - 1415能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,弗伦奇等待Stracener修改(1)(2)Christey,墙选民的评论:弗雷希> XF: bsd-binmail (515) ca - 1991 - 13被ca - 1995 - 02年所取代。Christey >有重叠可以- 1999 - 1415 - 1999 - 1438 ?证书报告都是模糊的。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1462网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1462最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990426弗兰克-威廉姆斯:安全注意:老大哥1.09 b / c参考:网址:http://www.securityfocus.com/archive/1/13440参考:确认:http://bb4.com/README.CHANGES参考:报价:142参考:网址:http://www.securityfocus.com/bid/142参考:XF: http-cgi-bigbrother-bbhist(3755)参考:网址:http://xforce.iss.net/static/3755.php在bb-hist脆弱性。sh CGI历史模块老大哥1.09 1.09 b和c允许远程攻击者读取任意文件的部分。内容判定:模糊推断行动:- 1999 - 1462能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(5)Foat,科尔,阿姆斯特朗,抑郁症,Stracener等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1464网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1464最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:思科:19981105思科IOS DFS访问列表漏参考:网址:http://www.cisco.com/warp/public/770/iosdfsacl-pub.shtml参考:CIAC: j - 016参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 016. shtml参考:XF: cisco-acl-leakage(1401)参考:网址:http://xforce.iss.net/static/1401.php脆弱性在思科IOS 11.1 cc和11.1 ct与分布式快速交换(DFS)启用允许远程攻击者绕过某些访问控制列表,当路由器交换机流量DFS-enabled接口,一个接口,没有启用DFS,像思科bug CSCdk35564所描述的那样。内容判定:SF-LOC,模糊推断行动:- 1999 - 1464能接受(6接受,2 ack, 0评论)HAS_CDS目前投票:接受(6)Balinsky Foat,科尔,阿姆斯特朗,抑郁症,Stracener等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1465网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1465最终决定:阶段性裁决:修改:20020228 - 01提议:20010912分配:20010831类别:科幻参考:思科:19981105思科IOS DFS访问列表漏参考:网址:http://www.cisco.com/warp/public/770/iosdfsacl-pub.shtml参考:CIAC: j - 016参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 016. shtml参考:XF: cisco-acl-leakage(1401)参考:网址:http://xforce.iss.net/static/1401.php脆弱性在思科IOS 11.1 11.3与分布式快速交换(DFS)启用允许远程攻击者绕过某些访问控制列表当路由器交换机流量DFS-enabled输入接口输出接口逻辑子接口,所述思科bug CSCdk43862。修改:DESC添加错误ID内容判定:SF-LOC,模糊推断行动:- 1999 - 1465能接受(6接受,2 ack, 0评论)HAS_CDS目前投票:接受(6)Balinsky Foat,科尔,阿姆斯特朗,抑郁症,Stracener等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1474网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1474最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:确认:http://www.microsoft.com/windows/ie/security/powerpoint.asp参考:XF: nt-ppt-patch(179)参考:网址:http://xforce.iss.net/static/179.phpPowerPoint 95年和97年允许远程攻击者会自动运行应用程序没有提示用户,可能通过幻灯片,当浏览器中打开文档如Internet Explorer。内容判定:模糊推断行动:- 1999 - 1474能接受(6接受,1 ack, 0评论)HAS_CDS目前投票:接受(6)墙,Foat,科尔,阿姆斯特朗,抑郁症,Stracener选民的评论:弗雷希>看起来像确认URL太老了对微软(目前缓存http://www.google.com/search?q=cache: 86 lohcrhal4:www.microsoft.com/ie/安全/幻灯片。htm + % 22 powerpoint +浏览+安全+ % 22 hl = en)问题。相同的信息在BugTraq可用http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=6724= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1487网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1487最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:AIXAPAR: IX74599参考:网址:http://www - 1. ibm.com/servlet/support/manager?rt=0&rs=0&org=apars&doc=41d8b61d1e1c4fab852567c9002c546c参考:报价:405参考:网址:http://www.securityfocus.com/bid/405参考:XF: aix-digest(7477)参考:网址:http://www.iss.net/security_center/static/7477.php脆弱性消化在AIX 4.3允许printq用户获得根权限通过创建和/或修改系统上的任何文件。修改:ADDREF XF: aix-digest(7477)内容判定:模糊推断行动:- 1999 - 1487能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,Stracener修改(1)弗雷希选民的评论:弗雷希> XF: aix-digest(7477) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1506网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1506最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 01参考:网址:http://www.cert.org/advisories/CA-90.01.sun.sendmail.vulnerability参考报价:6参考:网址:http://www.securityfocus.com/bid/6早些时候在重度Sendmail 4.0和脆弱性,在SunOS 4.0.3,允许远程攻击者访问用户本。内容判定:模糊推断行动:- 1999 - 1506能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)Foat,科尔,Dik,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF: sunos-sendmail-bin-access (7161) Dik >太阳bug 1028173 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1554网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1554最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 08年参考:网址:http://www.cert.org/advisories/ca - 1990 - 08. - html参考报价:13参考:网址:http://www.securityfocus.com/bid/13参考:XF: sgi-irix-reset(3164)参考:网址:http://www.iss.net/security_center/static/3164.php/usr/sbin/Mail在SGI IRIX 3.3和3.3.1不正确设置组ID的组ID的用户开始邮件,它允许本地用户阅读其他用户的邮件。修改:ADDREF XF: sgi-irix-reset(3164)内容判定:模糊推断行动:- 1999 - 1554能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF: sgi-irix-reset(3164) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1558网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1558最终决定:阶段性裁决:修改:20020218 - 01提议:20010912分配:20010831类别:科幻参考:CIAC: i - 071 -一个参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 071 a.shtml参考:CERT: vb - 98.07参考:报价:161参考:网址:http://www.securityfocus.com/bid/161参考:XF: openvms-loginout-unauth-access(7151)参考:网址:http://www.iss.net/security_center/static/7151.phploginout脆弱性数字7.1和更早的OpenVMS启用外部认证时允许未经授权的访问。修改:ADDREF XF: openvms-loginout-unauth-access(7151)内容判定:模糊推断行动:- 1999 - 1558能接受(4接受,2 ack, 0评论)HAS_CDS目前投票:接受(3)Foat,科尔,弗伦奇等待Stracener修改(1)(1)墙选民的评论:弗雷希> XF: openvms-loginout-unauth-access(7151) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1560网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1560最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990720虎脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93252050203589&w=2参考:XF: tiger-script-execute(2369)参考:网址:http://xforce.iss.net/static/2369.php脆弱性在脚本在德州农工大学(TAMU)老虎允许本地用户执行任意命令作为老虎用户,通常根。内容判定:模糊推断行动:- 1999 - 1560 ACCEPT_ACK(2接受,1 ack, 0评论)HAS_CDS目前投票:接受(2)Foat,科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0101网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0101最终决定:阶段性裁决:修改:20020222 - 01提议:20010202分配:20010201类别:参考:涡轮:TLSA2000024-1参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-December/000027.html参考:REDHAT: RHBA-2000:106-04参考:网址:http://www.redhat.com/support/errata/rhba - 2000 - 106. - html参考:XF: fetchmail-authenticate-gssapi(7455)参考:网址:http://xforce.iss.net/static/7455.phpfetchmail 5.5.0-2脆弱性和早些时候GSSAPI命令进行身份验证。修改:ADDREF XF: fetchmail-authenticate-gssapi(7455)内容判定:模糊推断行动:- 2001 - 0101能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)贝克,科尔,Ziese,普罗塞弗伦奇等待修改(1)(1)墙选民的评论:普罗塞>涡轮:TLSA2000024-1http://www.turbolinux.com/pipermail/tl-security-announce/2000-December/000027.html改变>[弗雷希改变投票从审查修改]弗雷希> XF: fetchmail-authenticate-gssapi(7455) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0606网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0606最终决定:阶段性裁决:修改:20020225 - 01提议:20010727分配:20010727类别:科幻参考:惠普:hpsbux0102 - 139参考:网址:http://archives.neohapsis.com/archives/hp/2001-q1/0041.html参考:XF: hp-virtualvault-iws-dos(6110)参考:网址:http://xforce.iss.net/static/6110.php脆弱性iPlanet Web服务器4。在hp - ux 11.04 X (VVOS) VirtualVault A.04.00允许远程攻击者创建一个通过HTTPS拒绝服务服务。修改:ADDREF XF: hp-virtualvault-iws-dos(6110)内容判定:模糊推断行动:- 2001 - 0606能接受(7接受,1 ack, 0评论)HAS_CDS目前投票:接受(6)威廉姆斯,墙,贝克,科尔,主教,弗伦奇等待Ziese修改(1)(1)Foat选民的评论:弗雷希> XF: hp-virtualvault-iws-dos(6110)改变>(威廉姆斯改变投票从审查接受)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0608网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0608最终决定:阶段性裁决:修改:20020225 - 01提议:20010727分配:20010727类别:科幻参考:惠普:hpsbmp0103 - 011参考:网址:http://archives.neohapsis.com/archives/hp/2001-q1/0087.html参考:XF: hp-aif-gain-privileges(6951)参考:网址:http://xforce.iss.net/static/6951.php参考:CERT-VN: VU # 895496参考:网址:http://www.kb.cert.org/vuls/id/895496惠普架构接口设备(AIF)包括与MPE / iX 5.5到6.5上运行HP3000允许攻击者获得更多的特权和获得通过AIF AIFCHANGELOGON程序数据库。修改:ADDREF XF: hp-aif-gain-privileges (6951) ADDREF CERT-VN: VU # 895496内容判定:模糊推断行动:- 2001 - 0608能接受(6接受,2 ack, 0评论)HAS_CDS目前投票:接受(5)威廉姆斯,贝克,科尔,主教,弗伦奇等待Ziese修改(1)(2)墙,Foat选民的评论:弗雷希> XF: hp-aif-gain-privileges(6951) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0817网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0817最终决定:阶段性裁决:修改:20020226 - 01提议:20011122分配:20011115类别:科幻参考:国际空间站:20011120远程漏洞在hp - ux行式打印机守护进程引用逻辑缺陷:网址:http://xforce.iss.net/alerts/advise102.php参考:惠普:hpsbux0111 - 176参考:网址:http://archives.neohapsis.com/archives/hp/2001-q4/0047.html参考:CERT: ca - 2001 - 32参考:网址:http://www.cert.org/advisories/ca - 2001 - 32. - html参考:CERT-VN: VU # 638011参考:网址:http://www.kb.cert.org/vuls/id/638011参考:CIAC: m - 021参考:网址:http://www.ciac.org/ciac/bulletins/m - 021. shtml参考:报价:3561参考:网址:http://www.securityfocus.com/bid/3561参考:XF: hpux-rlpdaemon-logic-flaw(7234)参考:网址:http://xforce.iss.net/static/7234.php脆弱性在hp - ux行式打印机守护进程(rlpdaemon)在hp - ux 10.01 11.11允许远程攻击者修改任意文件并获得根权限通过一定的印刷要求。修改:ADDREF CERT: ca - 2001 - 32 ADDREF CERT-VN: VU # 638011 ADDREF报价:3561 ADDREF CIAC: m - 021内容判定:模糊推断行动:- 2001 - 0817能接受(5接受,5 ack, 0评论)HAS_CDS目前投票:接受(6)贝克,Foat,科尔,阿姆斯特朗,抑郁症,等待主教(2)Christey,墙选民的评论:Christey > CERT: ca - 2001 - 32 URL:http://www.cert.org/advisories/ca - 2001 - 32. - htmlCERT-VN: VU # 638011网址:http://www.kb.cert.org/vuls/id/638011Christey >报价:3561网址:http://www.securityfocus.com/bid/3561CIAC: m - 021http://www.ciac.org/ciac/bulletins/m - 021. shtml= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0845网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0845最终决定:阶段性裁决:修改:20020226 - 01提议:20011122分配:20011122类别:参考:康柏:SSRT0738参考:网址:http://ftp.support.compaq.com/patches/.new/html/SSRT0738.shtml参考:XF: openvms-dms-unauthorized-access(7425)参考:网址:http://xforce.iss.net/static/7425.php参考:报价:3492参考:网址:http://online.securityfocus.com/bid/3492脆弱性DECwindows主题服务器OpenVMS VAX或α为6.2到7.3,和SEVMS VAX或6.2 Alpha,允许本地用户访问未经授权的资源。修改:ADDREF XF: openvms-dms-unauthorized-access (7425) ADDREF报价:3492内容判定:模糊推断行动:- 2001 - 0845能接受(6接受,1 ack, 0评论)HAS_CDS目前投票:接受(5)贝克,Foat,科尔,阿姆斯特朗,主教弗伦奇等待修改(1)(1)墙选民的评论:弗雷希> XF: openvms-dms-unauthorized-access(7425) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0976网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0976最终决定:阶段性裁决:修改:建议:20020131分配:20020131类别:科幻参考:惠普:hpsbux0108 - 165参考:网址:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html脆弱性在惠普过程中资源管理器(人口、难民和移民事务局)C.01.08.2和前,用HP - ux工作负载管理器(WLM),允许本地用户获得根权限通过修改库或环境变量。内容判定:模糊推断行动:- 2001 - 0976能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)绿色,贝克,科尔,阿姆斯特朗等待(2)墙,Foat = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1061网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1061最终决定:阶段性裁决:修改:建议:20020131分配:20020131类别:科幻参考:AIXAPAR: IY22255参考:网址:http://archives.neohapsis.com/archives/aix/2001-q3/0003.html脆弱性在lsmcode未知版本的AIX,可能相关的用法错误。内容判定:模糊推断行动:- 2001 - 1061能接受(5接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)贝克,科尔,阿姆斯特朗,绿色修改(1)Bollinger等待(2)墙,Foat选民的评论:Bollinger >影响与bos.diag AIX 4.3。util bos.diag不到4.3.3.75和AIX 5.1版本。不到5.1.0.10 util版本。4.3 IY22266 APAR IY22255和5.1。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1082网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1082最终决定:阶段性裁决:修改:建议:20020131分配:20020131类别:科幻参考:确认:http://freshmeat.net/releases/52020/目录遍历脆弱性2.1.va之前在利文斯顿/朗讯半径。5月1日允许攻击者读取任意文件通过一个. .(点点)攻击。内容判定:模糊推断行动:- 2001 - 1082能接受(4接受,1 ack, 0评论)HAS_CDS目前投票:接受(4)贝克,科尔,阿姆斯特朗,绿色无操作(2)墙,Foat