(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近40 - 84的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群最近40 - 84的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:2002年3月15日,星期五01:22:02 -0500(美国东部时间)
- 交货日期:2002年3月15日01:22:07星期五
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出集群——84年由编辑委员会审查和投票。名称:最近- 84描述:保留候选人宣布1/30/2002与3/11/2002大小:40通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0018 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0018最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:女士:ms02 - 001参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 001. - asp在Microsoft Windows NT和Windows 2000,信任域接收授权信息从可信域不验证信任域是所有上市SIDs的权威,这可能允许远程攻击者获得域管理员权限在信任域注入SIDs的不可信域的授权数据来自受信任域。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0018 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0020网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0020最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:女士:ms02 - 004参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 004. - asp参考:报价:4061参考:网址:http://www.securityfocus.com/bid/4061参考:XF: ms-telnet-option-bo(8094)参考:网址:http://www.iss.net/security_center/static/8094.php缓冲区溢出的telnet服务器在Windows 2000和Interix 2.2允许远程攻击者通过畸形协议选项执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0020 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0021网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0021最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:女士:ms02 - 002参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 002. - asp网络产品标识(PID)检查在Microsoft Office诉X Mac允许远程攻击者造成拒绝服务(崩溃)通过一个畸形的产品公告。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0021 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0022网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0022最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:BUGTRAQ: 20020213 dH和安全。在[NNOV:缓冲区溢出。dll的引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101362984930597&w=2参考:女士:ms02 - 005参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 005. - asp参考:CERT: ca - 2002 - 04参考:网址:http://www.cert.org/advisories/ca - 2002 - 04. - html参考:XF: ie-html-directive-bo(8116)参考:网址:http://www.iss.net/security_center/static/8116.php缓冲区溢出在[HTML指令的实现。dll在Internet Explorer 5.5和6.0允许远程攻击者通过一个web页面,指定执行任意代码嵌入ActiveX控件的方式导致2 Unicode字符串连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0022 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0023网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0023最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:BUGTRAQ: 20020101 IE GetObject()问题参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html参考:女士:ms02 - 005参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 005. - asp参考:报价:3767参考:网址:http://www.securityfocus.com/bid/3767Internet Explorer 5.01、5.5和6.0允许远程攻击者读取任意文件通过请求GetObject函数畸形,绕过一些GetObject的安全检查。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0023 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0024网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0024最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:女士:ms02 - 005参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 005. - asp文件下载框在Internet Explorer 5.01, 5.5和6.0允许攻击者使用的附加和内容类型HTML头字段修改文件的名称是如何显示的,这可能会诱骗用户相信下载一个文件是安全的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0024 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0025网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0025最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:女士:ms02 - 005参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 005. - aspInternet Explorer 5.01、5.5和6.0不妥善处理HTML头字段内容类型,它允许远程攻击者修改哪个应用程序用于处理一个文档。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0025 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0026网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0026最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:女士:ms02 - 005参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 005. - aspInternet Explorer 5.5和6.0允许远程攻击者绕过限制执行脚本通过一个对象处理异步事件在最初的安全检查。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0026 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0027网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0027最终决定:阶段性裁决:修改:建议:20020315分配:20020114类别:科幻参考:BUGTRAQ: 20011219 ie Document.Open没有关闭()()饼干偷窃、文件阅读,网站欺骗错误引用:网址:http://www.securityfocus.com/archive/1/246522参考:女士:ms02 - 005参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 005. - asp参考:报价:3721参考:网址:http://www.securityfocus.com/bid/3721Internet Explorer 5.5和6.0允许远程攻击者读取某些文件和恶搞的URL地址栏使用文档。打开函数从不同的领域,两帧之间传递信息的一个新变种“帧域验证”漏洞描述:女士ms01 - 058 / - 2001 - 0874。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0027 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0049网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0049最终决定:阶段性裁决:修改:建议:20020315分配:20020202类别:CF参考:女士:ms02 - 003参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 003. - asp参考:报价:4053参考:网址:http://www.securityfocus.com/bid/4053Microsoft Exchange Server 2000系统服务员让“每个人”组特权WinReg键,这可能允许远程攻击者读取或修改注册表键值。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0049 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0050网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0050最终决定:阶段性裁决:修改:建议:20020315分配:20020202类别:科幻参考:女士:ms02 - 010参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 010. - asp参考:报价:4157参考:网址:http://online.securityfocus.com/bid/4157缓冲区溢出2000年微软商业服务器上AuthFilter ISAPI过滤器允许远程攻击者通过长身份验证数据执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0050 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0052网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0052最终决定:阶段性裁决:修改:建议:20020315分配:20020202类别:科幻参考:女士:ms02 - 009参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 009. - asp参考:报价:4158参考:网址:http://online.securityfocus.com/bid/4158Internet Explorer 6.0和更早的不妥善处理VBScript在某些领域安全检查,它允许远程攻击者读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0052 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0054网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0054最终决定:阶段性裁决:修改:建议:20020315分配:20020202类别:科幻参考:女士:ms02 - 011参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 011. - asp(1)微软Windows 2000和SMTP服务(2)互联网邮件连接器(IMC) Exchange服务器5.5不妥善处理反应NTLM认证,它允许远程攻击者通过服务器进行邮件传送。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0054 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0055网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0055最终决定:阶段性裁决:修改:建议:20020315分配:20020202类别:科幻参考:BUGTRAQ: 20020306漏洞细节ms02 - 012参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101558498401274&w=2参考:女士:ms02 - 012参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 012. - aspSMTP服务在Microsoft Windows 2000, Windows XP专业,Exchange 2000引起拒绝服务通过一个命令一个畸形的数据传输(BDAT)请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0055 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0059网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0059最终决定:阶段性裁决:修改:建议:20020315分配:20020207类别:科幻参考:BUGTRAQ: 20020311安全问题固定在zlib 1.1.4参考:CERT: ca - 2002 - 07年参考:DEBIAN: dsa - 122参考:BUGTRAQ: 20020212利用zlib openssh引用错误:VULNWATCH: 20020212利用zlib openssh引用错误:VULNWATCH: 20020311 [VULNWATCH] zlibscan:脚本找到suid二进制文件可能受到zlib脆弱性参考:REDHAT: RHSA-2002:026参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 026. - html参考:REDHAT: RHSA-2002:027参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 027. - html参考:SUSE: SuSE-SA: 2002:010参考:SUSE: SuSE-SA: 2002:011参考:ENGARDE: esa - 20020311 - 008参考:曼德拉草:MDKSA-2002:022参考:曼德拉草:MDKSA-2002:023参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 023. - php关于zlib脆弱性参考参考:BUGTRAQ: 20020314: BUGTRAQ: 20020314 zlib双重自由错误:Windows NT潜在影响参考:CERT-VN: VU # 368819参考:网址:http://www.kb.cert.org/vuls/id/368819参考:报价:4267参考:网址:http://online.securityfocus.com/bid/4267早些时候在zlib 1.1.3和压缩算法,使用许多不同的工具和包,导致inflateEnd释放某些记忆不止一次(一个“双重自由”),这可能允许本地和远程攻击者执行任意代码通过一块难看的压缩数据。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0059 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0060网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0060最终决定:阶段性裁决:修改:建议:20020315分配:20020213类别:科幻参考:BUGTRAQ: 20020227安全咨询linux 2.4。x ip_conntrack_irc参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101483396412051&w=2参考:VULN-DEV: 20020227 Fwd(宣布):安全咨询关于IRC DCC连接跟踪参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=101486352429653&w=2参考:确认:http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html参考:REDHAT: RHSA-2002:028参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 028. - htmlIRC连接跟踪辅助模块在netfilter子系统为Linux 2.4.18-pre9早些时候不正确设置的面具conntrack预期传入DCC连接,这可能允许远程攻击者绕过防火墙的限制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0060 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0062网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0062最终决定:阶段性裁决:修改:建议:20020315分配:20020213类别:科幻参考:REDHAT: RHSA-2002:020参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 020. - html参考:DEBIAN: dsa - 113参考:网址:http://www.debian.org/security/2002/dsa - 113缓冲区溢出ncurses 5.0, ncurses4兼容包为基础,允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0062 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0063网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0063最终决定:阶段性裁决:修改:建议:20020315分配:20020217类别:科幻参考:确认:http://www.cups.org/relnotes.html参考:DEBIAN: dsa - 110参考:网址:http://www.debian.org/security/2002/dsa - 110参考:曼德拉草:MDKSA-2002:015参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 015. - php缓冲区溢出在ippRead功能杯1.1.14可能允许攻击者通过长期执行任意代码属性名称或语言值。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0063 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0067网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0067最终决定:阶段性裁决:修改:建议:20020315分配:20020219类别:科幻参考:确认:http://www.squid-cache.org/Versions/v2/2.4/bugs/参考:REDHAT: REDHAT: RHSA-2002:029参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 029. - html鱿鱼2.4 STABLE2不恰当地禁用HTCP早些时候,即使“htcp_port 0”中指定的鱿鱼。相依,这可能允许远程攻击者绕过访问限制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0067 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0068网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0068最终决定:阶段性裁决:修改:建议:20020315分配:20020219类别:科幻参考:确认:http://www.squid-cache.org/Versions/v2/2.4/bugs/参考:REDHAT: REDHAT: RHSA-2002:029参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 029. - html鱿鱼2.4 STABLE3早些时候,允许远程攻击者造成拒绝服务(核心转储),可能与畸形的ftp:// URL执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0068 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0069网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0069最终决定:阶段性裁决:修改:建议:20020315分配:20020219类别:科幻参考:确认:http://www.squid-cache.org/Versions/v2/2.4/bugs/参考:REDHAT: REDHAT: RHSA-2002:029参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 029. - html内存泄漏在SNMP鱿鱼STABLE2早些时候,允许远程攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0069 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0070网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0070最终决定:阶段性裁决:修改:建议:20020315分配:20020221类别:科幻参考:VULNWATCH: 20020311 (VULNWATCH)咨询:Windows Shell溢出参考:NTBUGTRAQ: 20020311咨询:Windows Shell溢出参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404参考:女士:ms02 - 014参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 014. - asp缓冲区溢出在Windows Shell(用作Windows桌面)允许本地和远程攻击者通过一个定制的URL执行任意代码处理程序没有删除一个应用程序,该应用程序卸载不当。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0070 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0080网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0080最终决定:阶段性裁决:修改:建议:20020315分配:20020221类别:科幻参考:REDHAT: RHSA-2002:026参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 026. - html参考:曼德拉草:MDKSA-2002:024参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 024. - php3rsync不正确调用setgroups之前放弃特权,这可能为当地用户提供补充组特权,可以读某些文件,否则是不允许的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0080 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0081网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0081最终决定:阶段性裁决:修改:建议:20020315分配:20020227类别:科幻参考:VULN-DEV: 20020225 Re:谣言Apache 1.3.22利用参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=101468694824998&w=2参考:BUGTRAQ: 20020227咨询012002:PHP远程漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101484705523351&w=2参考:NTBUGTRAQ: 20020227 PHP远程漏洞参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101484975231922&w=2参考:确认:http://www.php.net/downloads.php参考:MISC:http://security.e-matters.de/advisories/012002.html参考:REDHAT: RHSA-2002:035参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 035. - html参考:DEBIAN: dsa - 115参考:网址:http://www.debian.org/security/2002/dsa - 115参考:CERT: ca - 2002 - 05参考:网址:http://www.cert.org/advisories/ca - 2002 - 05. - html参考:CERT-VN: VU # 297363参考:网址:http://www.kb.cert.org/vuls/id/297363参考:ENGARDE: esa - 20020301 - 006参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 1924. - html参考:惠普:hpsbtl0203 - 028参考:网址:http://online.securityfocus.com/advisories/3911参考:CONECTIVA: CLA-2002:468参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468参考:XF: php-file-upload-overflow(8281)参考:网址:http://www.iss.net/security_center/static/8281.php参考:报价:4183参考:网址:http://www.securityfocus.com/bid/4183缓冲区溢出(1)php_mime_split PHP 4.1.0,以下4.4.1,4.0.6和早些时候,在PHP 3.0 (2) php3_mime_split。x允许远程攻击者执行任意代码通过一个多部分/格式HTTP POST请求file_uploads时启用。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0081 1供应商确认:是的咨询抽象:混合这些不同版本之间的重叠,所提供的补丁。有人会说,这些缺陷在不同版本不同,因此CD: SF-LOC状态,这些应该被分开的结论。然而,在撰写本文时需要做一些候选人公开尽管缺乏完整、清晰的细节。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0082网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0082最终决定:阶段性裁决:修改:建议:20020315分配:20020301类别:科幻参考:BUGTRAQ:对mod_ssl进行20020227缓冲区溢出条件(更新)参考:网址:http://online.securityfocus.com/archive/1/258646参考:BUGTRAQ: 20020301 Apache-SSL缓冲区溢出(修复)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101518491916936&w=2参考:BUGTRAQ: 20020304 Apache-SSL 1.3.22 + 1.47 -更新安全修复参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101528358424306&w=2参考:确认:http://www.apacheweek.com/issues/02-03-01的安全参考:BUGTRAQ: 20020228 tslsa - 2002 - 0034 - apache参考:ENGARDE: esa - 20020301 - 005参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 1923. - html参考:CONECTIVA: CLA-2002:465参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465参考:REDHAT: RHSA-2002:041参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 041. - html参考:曼德拉草:MDKSA-2002:020参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 020. - php参考:REDHAT: RHSA-2002:042参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 042. - html参考:报价:4189参考:网址:http://online.securityfocus.com/bid/4189参考:XF: apache-modssl-bo(8308)参考:网址:http://www.iss.net/security_center/static/8308.phpdbm和单孔位微吹气扰动对mod_ssl进行会话缓存代码2.8.7-1.3.23之前,和Apache-SSL 1.3.22 + 1.46之前,没有正确初始化内存使用i2d_SSL_SESSION函数,它允许远程攻击者使用缓冲区溢出来执行任意代码通过一个大型客户端证书是由受信任的证书颁发机构(CA)签署,产生大量序列化的会话。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0082 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0083网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0083最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:VULNWATCH: 20020307 [VULNWATCH][松- cert - 20020301] OpenSSH这些参考:- URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html参考:BUGTRAQ: 20020307 OpenSSH安全顾问(adv.channelalloc)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101553908201861&w=2参考:BUGTRAQ: 20020307[松- cert - 20020301] OpenSSH这些参考:- URL:http://marc.theaimsgroup.com/?l=bugtraq&m=101552065005254&w=2参考:BUGTRAQ: 20020308 [OpenPKG - sa - 2002.002] OpenPKG安全顾问(openssh)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101561384821761&w=2参考:确认:http://www.openbsd.org/advisories/ssh_channelalloc.txt参考:ENGARDE: esa - 20020307 - 007参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 1937. - html参考:SUSE: SuSE-SA: 2002:009参考:网址:http://www.suse.de/de/support/security/2002_009_openssh_txt.html参考:CONECTIVA: CLA-2002:467参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467参考:DEBIAN: dsa - 119参考:网址:http://www.debian.org/security/2002/dsa - 119参考:REDHAT: RHSA-2002:043参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 043. - html参考:火山口:综援- 2002上海合作组织。11频道代码中的错误OpenSSH 2.0通过3.0.2允许本地用户和远程恶意服务器获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0083 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0092网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0092最终决定:阶段性裁决:修改:建议:20020315分配:20020308类别:科幻参考:VULN-DEV: 20020220帮助需要在cvs bufferoverflow参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=101422243817321&w=2参考:VULN-DEV: 20020220 Re: [Fwd:帮助需要bufferoverflow cvs)参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=101433077724524&w=2参考:DEBIAN: dsa - 117参考:网址:http://www.debian.org/security/2002/dsa - 117参考:REDHAT: rhsa - 2002 - 026参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 026. - htmlCVS 1.10.8之前没有正确初始化全局变量,它允许远程攻击者造成拒绝服务(服务器崩溃)通过差异的能力。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0092 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0012网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0012最终决定:阶段性裁决:修改:建议:20020315分配:20020110类别:科幻参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html参考:CERT: ca - 2002 - 03年参考:网址:http://www.cert.org/advisories/ca - 2002 - 03. - html参考:国际空间站:20020212原型远程SNMP攻击工具参考:网址:http://www.iss.net/security_center/alerts/advise110.php参考:CERT-VN: VU # 107186参考:网址:http://www.kb.cert.org/vuls/id/107186参考:REDHAT: RHSA-2001:163参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 163. - html参考:火山口:综援- 2002上海合作组织。4参考:SGI: 20020201 - 01 -参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A参考:女士:ms02 - 006参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 006. - asp漏洞在大量的SNMP实现允许远程攻击者造成拒绝服务或通过SNMPv1陷阱处理,获得特权所展示的原型c06-SNMPv1测试套件中。注意:很有可能,这个候选人将分成多个候选人,每个供应商的一个或多个。这和其他snmp相关候选人将被更新更准确的信息是可用的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0012 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0013网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0013最终决定:阶段性裁决:修改:建议:20020315分配:20020110类别:科幻参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html参考:CERT: ca - 2002 - 03年参考:网址:http://www.cert.org/advisories/ca - 2002 - 03. - html参考:国际空间站:20020212原型远程SNMP攻击工具参考:网址:http://www.iss.net/security_center/alerts/advise110.php参考:CERT-VN: VU # 854306参考:网址:http://www.kb.cert.org/vuls/id/854306参考:REDHAT: RHSA-2001:163参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 163. - html参考:火山口:综援- 2002上海合作组织。4参考:SGI: 20020201 - 01 -参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-A参考:女士:ms02 - 006参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 006. - asp漏洞SNMPv1请求处理的大量的SNMP实现允许远程攻击者造成拒绝服务或通过(1)GetRequest获得特权,(2)GetNextRequest,和(3)SetRequest消息,展示的原型c06-SNMPv1测试套件中。注意:很有可能,这个候选人将分成多个候选人,每个供应商的一个或多个。这和其他snmp相关候选人将被更新更准确的信息是可用的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0013 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0053网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0053最终决定:阶段性裁决:修改:建议:20020315分配:20020202类别:科幻参考:MISC:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0012参考:MISC:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0013参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/snmpv1/index.html参考:女士:ms02 - 006参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 006. - asp参考:CERT: ca - 2002 - 03年参考:网址:http://www.cert.org/advisories/ca - 2002 - 03. - html参考:CERT-VN: VU # 854306参考:网址:http://www.kb.cert.org/vuls/id/854306参考:CERT-VN: VU # 107186参考:网址:http://www.kb.cert.org/vuls/id/107186缓冲区溢出在Windows 95/98/98SE SNMP代理服务,Windows NT 4.0, Windows 2000, Windows XP允许远程攻击者造成拒绝服务或执行任意代码通过一个畸形的管理要求。注意:这个候选人可能会分裂或合并其他候选人。这和其他PROTOS-related候选人,特别是可以- 2002 - 0012 - 2002 - 0013,将被更新时更准确的信息是可用的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0053 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0056网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0056最终决定:阶段性裁决:修改:建议:20020315分配:20020202类别:科幻参考:女士:ms02 - 007参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 007. - asp参考:BUGTRAQ: 20020219 MSDE, Sql Server 2000 & Adhoc网络异构查询缓冲区溢出和DOS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101422555428036&w=2参考:VULN-DEV: 20020219 MSDE, Sql Server 2000 & Adhoc网络异构查询缓冲区溢出和DOS参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=101413924631329&w=2缓冲区溢出在SQL Server 7.0和2000年允许远程攻击者执行任意代码通过一个长OLE DB提供者名称(1)或(2)OpenRowset OpenDataSource临时连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0056 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0058网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0058最终决定:阶段性裁决:修改:建议:20020315分配:20020202类别:科幻参考:BUGTRAQ: 20020305 Java HTTP代理脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101534535304228&w=2参考:太阳:00216参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/216参考:女士:ms02 - 013参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 013. - asp脆弱性在Java运行时环境(JRE)允许远程恶意网站劫持或嗅web客户端的会话,当使用HTTP代理,通过一个Java applet,重定向会话到另一台服务器,如(1)通过6.1和4.79和更早的Netscape 6.0,(2)微软虚拟机建立3802年早些时候,用于Internet Explorer 4。x和5。x,并可能使用脆弱的JDK版本的SDK或其他实现。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0058 3供应商确认:对咨询内容的决定:SF-CODEBASE抽象:CD: SF-CODEBASE州问题源于一个问题应该合并在同一个代码库。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0084网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0084最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:MISC:http://www.esecurityonline.com/advisories/eSO4198.asp缓冲区溢出在Solaris 2.6 cachefsd 7和8在船底本地用户获得根权限通过长山的论点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0084 3供应商确认:是的咨询/跟踪/是的更新日志/是的/未知discloser-claimed /未知的模糊/未知的有争议/不/没有内容决策:SF-LOC抽象:CD: SF-LOC指出,不同类型的问题,在相同的可执行文件,应该分开。缓冲区溢出和DoS问题因此分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0085网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0085最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:MISC:http://www.esecurityonline.com/advisories/eSO4197.aspcachefsd在Solaris 2.6 7和8允许远程攻击者造成拒绝服务(崩溃)通过一个无效的过程调用RPC请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0085 3供应商确认:是的咨询/跟踪/是的更新日志/是的/未知discloser-claimed /未知的模糊/未知的有争议/不/没有内容决策:SF-LOC抽象:CD: SF-LOC指出,不同类型的问题,在相同的可执行文件,应该分开。缓冲区溢出和DoS问题因此分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0086网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0086最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:MISC:http://www.esecurityonline.com/advisories/eSO4126.asp参考:MISC:http://www.esecurityonline.com/advisories/eSO4124.asp缓冲区溢出在Linux上的Lotus Domino 5.0.4和5.0.7 bindsock允许本地用户获得根权限通过长(1)Notes_ExecDirectory或(2)PATH环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0086 3供应商确认:是的咨询/跟踪/是的更新日志/是的/未知discloser-claimed /未知的模糊/未知的有争议/不/没有内容决策:SF-LOC抽象:CD: SF-LOC州相同类型的问题,在同一版本的单一可执行文件,应该合并;不同类型的问题应该分开。因此,2溢出应该合并,但他们应该分开文件创建的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0087网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0087最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:MISC:http://www.esecurityonline.com/advisories/eSO4125.asp在Lotus Domino 5.07 bindsock Solaris允许本地用户创建任意文件通过一个符号链接攻击临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0087 3供应商确认:是的咨询/跟踪/是的更新日志/是的/未知discloser-claimed /未知的模糊/未知的有争议/不/没有内容决策:SF-LOC抽象:CD: SF-LOC州相同类型的问题,在同一版本的单一可执行文件,应该合并;不同类型的问题应该分开。因此,2溢出应该合并,但他们应该分开文件创建的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0088网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0088最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:MISC:http://www.esecurityonline.com/advisories/eSO4123.asp缓冲区溢出在Solaris 2.6 admintool 7和8允许本地用户获得根权限通过长媒体安装路径。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0088 3供应商确认:是的咨询/跟踪/是的更新日志/是的/未知discloser-claimed /未知的模糊/未知的有争议/不/没有内容决策:SF-LOC抽象:CD: SF-LOC州相同类型的问题在同一个可执行应该分开,如果他们出现在不同的版本。- d和PRODVERS溢出出现在Solaris 2.5(和其他人),而没有出现在Solaris 2.5长媒体路径。因此,长媒体路径溢出应该分开- d / PRODVERS溢出。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0089网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0089最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:MISC:http://www.esecurityonline.com/advisories/eSO2397.asp缓冲区溢出在admintool在Solaris 2.5 8允许本地用户获得根权限通过长参数(1)- d命令行选项,或(2)PRODVERS论点.cdtoc文件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0089 3供应商确认:是的补丁内容决定:SF-LOC抽象:CD: SF-LOC州相同类型的问题在同一个可执行应该分开,如果他们出现在不同的版本。- d和PRODVERS溢出出现在Solaris 2.5(和其他人),而没有出现在Solaris 2.5长媒体路径。因此,长媒体路径溢出应该分开- d / PRODVERS溢出。CD: SF-LOC也指出,相同类型的问题,在同一版本,应该合并。因此,应该在同一CVE - d和PRODVERS溢出。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0090网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0090最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:MISC:http://www.esecurityonline.com/advisories/eSO3761.asp缓冲区溢出在Solaris lbxproxy 8允许本地用户执行任意代码通过一个长显示命令行选项。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0090 3供应商确认:是的咨询/跟踪/是的更新日志/是的/未知discloser-claimed /未知的模糊/未知的有争议/不/没有投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0091网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0091最终决定:阶段性裁决:修改:建议:20020315分配:20020306类别:科幻参考:MISC:http://www.esecurityonline.com/advisories/eSO2408.asp苹果酒中的多个CGI脚本影子1.5和1.6允许远程攻击者执行任意命令通过特定的表单字段。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0091 3供应商确认:是的咨询/跟踪/是的更新日志/是的/未知discloser-claimed /未知的模糊/未知的有争议/不/没有投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近- 83 - 52的候选人
- 下一个按日期:(董事会)马克·考克斯已经加入了编辑部
- Prev线程:(提案)集群最近- 83 - 52的候选人
- 下一个线程:(董事会)马克·考克斯已经加入了编辑部
- 指数(es):
