(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近- 88 - 54的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):最近集群- 88 - 54的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年:星期四,2002年5月2日01:34:27(美国东部时间)
- 交货日期:2002年5月2日01:34:32星期四
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出集群——88年由编辑委员会审查和投票。名称:最近- 88描述:候选人(大部分)保留3/1/2002与4/30/2002大小:54通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0017 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0017最终决定:阶段性裁决:修改:建议:20020502分配:20020111类别:科幻参考:国际空间站:20020403远程缓冲区溢出漏洞在IRIX SNMP守护进程参考:网址:http://www.iss.net/security_center/alerts/advise113.php参考:SGI: 20020201 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P缓冲区溢出在SGI IRIX SNMP守护进程(snmpd) 6.5通过6.5.15m允许远程攻击者通过SNMP请求执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0017 1供应商确认:是的咨询抽象:虽然这个问题可能似乎一样可以- 2002 - 0012或2002 - 0013年,它是由一个不同的补丁,所以CD: SF-LOC建议保持这个分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0040网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0040最终决定:阶段性裁决:修改:建议:20020502分配:20020116类别:科幻参考:SGI: 20020306 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P脆弱性在SGI IRIX 6.5.11 6.5.15f允许本地用户造成特权应用程序转储核心通过HOSTALIASES环境变量,这可能允许用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0040 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0051网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0051最终决定:阶段性裁决:修改:建议:20020502分配:20020202类别:科幻参考:BUGTRAQ: 20011205安全。NNOV:文件锁定和安全(在Windows 2000域组策略DoS)参考:网址:http://online.securityfocus.com/archive/1/244329参考:女士:ms02 - 016参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 016. - aspWindows 2000允许本地用户防止新的组策略设置的应用程序通过打开组策略文件exclusive-read访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0051 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0064网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0064最终决定:阶段性裁决:修改:建议:20020502分配:20020219类别:CF参考:BINDVIEW: 20020408未经授权的远程访问控制系统运行困境软件的代理v3。x参考:网址:http://razor.bindview.com/publish/advisories/adv_FunkProxy.htmlFunk软件代理主机3。x是安装不安全的注册表和文件系统的权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0064 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0065网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0065最终决定:阶段性裁决:修改:建议:20020502分配:20020219类别:科幻参考:BINDVIEW: 20020408未经授权的远程访问控制系统运行困境软件的代理v3。x参考:网址:http://razor.bindview.com/publish/advisories/adv_FunkProxy.htmlFunk软件代理主机3。x使用弱加密的代理主机密码,它允许本地用户获得特权由PHOST恢复密码。INI文件或Windows注册表。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0065 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0066网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0066最终决定:阶段性裁决:修改:建议:20020502分配:20020219类别:科幻参考:BINDVIEW: 20020408未经授权的远程访问控制系统运行困境软件的代理v3。x参考:网址:http://razor.bindview.com/publish/advisories/adv_FunkProxy.htmlFunk软件代理主机3。3.09 x之前创建一个命名管道,不需要身份验证,安装不安全的访问控制,它允许本地和远程用户使用代理主机的配置实用程序和获得的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0066 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0071网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0071最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻参考:ATSTAKE: A041002-1参考:网址:http://www.atstake.com/research/advisories/2002/a041002 - 1. - txt毕马威参考:BUGTRAQ: 20020411 - 2002010: Microsoft IIS .htr ISAPI缓冲区溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101854087828265&w=2参考:VULNWATCH: 20020411 [VULNWATCH]毕马威- 2002010:Microsoft IIS .htr ISAPI缓冲区溢出参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - html在ism缓冲区溢出。dll实现HTR ISAPI扩展脚本在互联网信息服务器(IIS) 4.0和5.0允许攻击者造成拒绝服务或执行任意代码通过HTR请求长变量名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0071 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0072网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0072最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻参考:BUGTRAQ:毕马威20020411 - 2002009:Microsoft IIS W3SVC拒绝服务引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101853851025208&w=2参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - htmlw3svc。dll ISAPI过滤器在头版服务器扩展和ASP。净的Internet Information Server (IIS) 4.0, 5.0,和5.1不妥善处理错误条件提供了一个长URL时,它允许远程攻击者造成拒绝服务(崩溃)当URL解析器访问空指针。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0072 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0073网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0073最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻/ CF / MP / SA / /未知参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - htmlFTP服务的Internet Information Server (IIS) 4.0, 5.0和5.1允许攻击者已经建立了一个FTP会话造成拒绝服务通过精雕细琢状态请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0073 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0074网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0074最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻/ CF / MP / SA / /未知参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - html跨站点脚本漏洞帮助文件搜索工具的Internet Information Server (IIS) 4.0, 5.0和5.1允许远程攻击者脚本嵌入到另一个用户的会话。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0074 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0075网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0075最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻参考:BUGTRAQ: 20020411 (SNS咨询No.49)可能性的互联网信息服务器/服务跨站脚本参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101854677802990&w=2参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - html跨站点脚本漏洞Internet Information Server (IIS) 4.0、5.0和5.1允许远程攻击者执行任意脚本和其他网络用户通过一个URL中使用的错误消息重定向(302年”“对象”)移动消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0075 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0076网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0076最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻/ CF / MP / SA / /未知参考:女士:ms02 - 013参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 013. - asp参考:太阳:00218参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218Java运行时环境(JRE)字节码校验器允许远程攻击者逃避Java沙箱和执行命令通过一个小应用程序,其中包含一个非法操作,如(1)微软虚拟机建立3802年早些时候,用于Internet Explorer 4。x和5。x, (2) Netscape 6.2.1和早些时候,并可能使用脆弱的JDK版本的SDK或其他实现,即“虚拟机验证器”的一种变体的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0076 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0078网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0078最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻参考:女士:ms02 - 015参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 015. - asp区确定函数在微软Internet Explorer 5.5和6.0允许远程攻击者在本地计算机上运行脚本区域通过嵌入一个cookie中的脚本,即“基于cookie的脚本执行”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0078 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0079网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0079最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20020410 Windows 2000和NT4 IIS asp远程缓冲区溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101846993304518&w=2参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - html缓冲区溢出分块编码传输机制的Internet Information Server (IIS) 4.0和5.0活动服务器页面允许攻击者造成拒绝服务或执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0079 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0147网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0147最终决定:阶段性裁决:修改:建议:20020502分配:20020319类别:科幻/ CF / MP / SA / /未知参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - html缓冲区溢出的ASP数据传输机制在Internet Information Server (IIS) 4.0, 5.0,和5.1允许远程攻击者造成拒绝服务或执行代码,又名“Microsoft-discovered分块编码缓冲区溢出”的变体。Analysis ---------------- ED_PRI CAN-2002-0147 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0148 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0148最终决定:阶段性裁决:修改:建议:20020502分配:20020319类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20020410 IIS允许通用CrossSiteScripting参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - html跨站点脚本漏洞在Internet Information Server (IIS) 4.0, 5.0和5.1允许远程攻击者执行任意脚本和其他用户通过HTTP错误页面。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0148 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0149网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0149最终决定:阶段性裁决:修改:建议:20020502分配:20020319类别:科幻参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - html缓冲区溢出在ASP服务器端函数包含在IIS 4.0, 5.0和5.1允许远程攻击者造成拒绝服务并通过长文件名可能执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0149 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0150网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0150最终决定:阶段性裁决:修改:建议:20020502分配:20020319类别:科幻/ CF / MP / SA / /未知参考:女士:ms02 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 018. - asp参考:CERT: ca - 2002 - 09年参考:网址:http://www.cert.org/advisories/ca - 2002 - 09. - html缓冲区溢出的Internet Information Server (IIS) 4.0, 5.0和5.1允许远程攻击者恶搞的安全检查HTTP header和引起拒绝服务或通过HTTP报头字段值执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0150 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0151网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0151最终决定:阶段性裁决:修改:建议:20020502分配:20020319类别:科幻参考:BUGTRAQ: 20020404 NSFOCUS SA2002-02: Microsoft Windows不能太长的请求内核溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101793727306282&w=2参考:VULNWATCH: 20020404 NSFOCUS SA2002-02: Microsoft Windows不能太长的请求内核溢出参考:女士:ms02 - 017参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 017. - asp缓冲区溢出在多个UNC提供者(中)在Microsoft Windows操作系统允许本地用户造成拒绝服务或可能获得系统权限通过长UNC请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0151 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0152网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0152最终决定:阶段性裁决:修改:建议:20020502分配:20020319类别:科幻参考:BUGTRAQ: 20020416 w00w00微软IE / Mac OS办公室参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101897994314015&w=2参考:女士:ms02 - 019参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 019. - asp在各种微软应用程序缓冲区溢出Macintosh允许远程攻击者造成拒绝服务(崩溃)或通过调用中执行任意代码文件:/ /指令与大量的字符,这影响到Internet Explorer 5.1, Outlook Express 5.0通过5.0.2,随从诉2001 X和,PowerPoint诉X, 2001年到98年,和Excel 2001 v . X和麦金塔。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0152 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0153网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0153最终决定:阶段性裁决:修改:建议:20020502分配:20020319类别:科幻/ CF / MP / SA / /未知参考:女士:ms02 - 019参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 019. - aspInternet Explorer 5.1 Macintosh允许远程攻击者绕过安检和调用本地Applescript在一个特定的HTML元素,即“地方Applescript调用”漏洞。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0153 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0154网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0154最终决定:阶段性裁决:修改:建议:20020502分配:20020319类别:科幻参考:BUGTRAQ: 20020305另一个Sql Server 7缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101535353331625&w=2参考:BUGTRAQ: 20020312很多,许多Sql Server 2000 &缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=100891252317406&w=2参考:女士:ms02 - 020参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 020. - asp缓冲区溢出的Microsoft SQL Server 7.0和2000年的扩展存储过程允许远程攻击者造成拒绝服务或执行任意代码通过一个数据库查询与某些长参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0154 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0159网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0159最终决定:阶段性裁决:修改:建议:20020502分配:20020327类别:科幻参考:BUGTRAQ: 20020403 iXsecurity.20020314.csadmin_fmt。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101787248913611&w=2参考:思科:20020403 Web界面的漏洞在思科安全ACS Windows参考:网址:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml格式字符串漏洞在思科安全访问控制服务器管理功能(ACS)对于Windows, 2.6。x和早些时候和3。通过3.01 x(建立40),只允许远程攻击者崩溃CSADMIN模块(拒绝服务管理功能)或通过格式化字符串URL中执行任意代码2002端口分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0159 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0160网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0160最终决定:阶段性裁决:修改:建议:20020502分配:20020327类别:科幻参考:BUGTRAQ: 20020403 iXsecurity.20020316.csadmin_dir。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101786689128667&w=2参考:思科:20020403 Web界面的漏洞在思科安全ACS Windows参考:网址:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml思科安全访问控制服务器的管理功能(ACS)对于Windows, 2.6。x和早些时候和3。通过3.01 x(建立40),允许远程攻击者读取HTML、Java类和图像文件在web根通过. . \ . .(. .)修改URL到端口2002。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0160 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0163网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0163最终决定:阶段性裁决:修改:建议:20020502分配:20020328类别:科幻参考:确认:http://www.squid cache.org/advisories/squid - 2002 _2.txt参考:FREEBSD: FreeBSD-SA-02:19参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101717809709222参考:曼德拉草:MDKSA-2002:027参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 027. - php2.4 STABLE4前堆溢出的鱿鱼,鱿鱼2.5和2.6,直到3月12日,2002年发行版,允许远程攻击者引起拒绝服务,并可能执行任意代码,通过压缩DNS的反应。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0163 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0164网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0164最终决定:阶段性裁决:修改:建议:20020502分配:20020402类别:科幻参考:火山口:综援- 2002 - 009.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2002 009.0.txt脆弱性MIT-SHM扩展的Linux上的X服务器允许本地用户任意读写共享内存,可能导致拒绝服务或获得的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0164 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0166网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0166最终决定:阶段性裁决:修改:建议:20020502分配:20020409类别:科幻参考:DEBIAN: dsa - 125参考:网址:http://www.debian.org/security/2002/dsa - 125跨站点脚本漏洞在模拟5.22允许远程攻击者通过一个HTTP请求包含执行Javascript脚本,这是进入一个web日志文件,而不是正确过滤期间,模拟显示。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0166 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0167网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0167最终决定:阶段性裁决:修改:建议:20020502分配:20020410类别:科幻参考:REDHAT: RHSA-2002:048参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 048. - html参考:CONECTIVA: CLA-2002:470参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470参考:报价:4339参考:网址:http://online.securityfocus.com/bid/4339Imlib 1.9.13之前有时会使用NetPBM包加载信任图像,这可能允许攻击者造成拒绝服务(崩溃)和可能通过某些弱点的NetPBM执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0167 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0168网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0168最终决定:阶段性裁决:修改:建议:20020502分配:20020410类别:科幻参考:REDHAT: RHSA-2002:048参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 048. - html参考:CONECTIVA: CLA-2002:470参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470参考:报价:4336参考:网址:http://online.securityfocus.com/bid/4336脆弱性在Imlib 1.9.13允许攻击者可能导致拒绝服务(崩溃)和执行任意代码通过操纵参数传递给malloc,结果在一堆腐败。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0168 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0170网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0170最终决定:阶段性裁决:修改:建议:20020502分配:20020411类别:科幻参考:BUGTRAQ: 20020301 (matt@zope.com: [Zope-Annce] Zope热修复补丁2002-03-01(所有权角色执行)]参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101503023511996&w=2参考:确认:http://www.zope.org/Products/Zope/hotfixes/Zope 2.2.0通过2.5.1不正确验证对象的访问代理的角色,这将允许一些用户访问文件违反计划配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0170 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0171网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0171最终决定:阶段性裁决:修改:建议:20020502分配:20020411类别:科幻参考:SGI: 20020406 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020406-01-PIRISconsole 2.0可能允许用户登录到icadmin账户的口令不正确在某些情况下,这可能允许用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0171 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0172网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0172最终决定:阶段性裁决:修改:建议:20020502分配:20020411类别:CF参考:SGI: 20020408 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I/dev/MAKEDEV /dev/ipfilter SGI IRIX 6.5安装的不安全的默认权限(644),这可能允许本地用户造成拒绝服务(交通中断)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0172 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0173网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0173最终决定:阶段性裁决:修改:建议:20020502分配:20020411类别:科幻参考:SGI: 20020409 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I缓冲区溢出eoe.sw在心肺复苏。cpr SGI检查点再启动软件包在SGI IRIX 6.5.10早些时候,可能允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0173 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0175网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0175最终决定:阶段性裁决:修改:建议:20020502分配:20020415类别:科幻参考:BUGTRAQ: 20020320绕过libsafe格式字符串保护参考:网址:http://online.securityfocus.com/archive/1/263121参考:曼德拉草:MDKSA-2002:026参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 026. - php参考:报价:4326参考:网址:http://online.securityfocus.com/bid/4326libsafe 2.0 -11年早些时候,允许攻击者绕过保护格式字符串漏洞通过格式字符串,使用“”和“我”字,libc但不是libsafe中实现。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0175 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0176网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0176最终决定:阶段性裁决:修改:建议:20020502分配:20020415类别:科幻参考:BUGTRAQ: 20020320绕过libsafe格式字符串保护参考:网址:http://online.securityfocus.com/archive/1/263121参考:曼德拉草:MDKSA-2002:026参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 026. - php参考:报价:4327参考:网址:http://online.securityfocus.com/bid/4327libsafe 2.0中的printf包装-11年早些时候,不妥善处理参数索引说明符,这可能允许攻击者利用特定的函数调用通过未被libsafe验证参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0176 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0179网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0179最终决定:阶段性裁决:修改:建议:20020502分配:20020417类别:科幻参考:DEBIAN: dsa - 127参考:网址:http://www.debian.org/security/2002/dsa - 127缓冲区溢出的xpilot-server XPilot 4.5.0早些时候,允许远程攻击者执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0179 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0180网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0180最终决定:阶段性裁决:修改:建议:20020502分配:20020417类别:科幻参考:BUGTRAQ: 20020415远程缓冲区溢出在Webalizer参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101888467527673&w=2参考:确认:http://www.mrunix.net/webalizer/万博下载包news.html缓冲区溢出Webalizer 2.01 -06年,配置为使用反向DNS查找,允许远程攻击者执行任意代码通过连接到被监视web服务器的IP地址解析为主机名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0180 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0181网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0181最终决定:阶段性裁决:修改:建议:20020502分配:20020417类别:科幻参考:BUGTRAQ: 20020406 IMP 2.2.8(安全)公布的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101828033830744&w=2参考:DEBIAN: dsa - 126参考:网址:http://www.debian.org/security/2002/dsa - 126参考:火山口:综援- 2002 - 016.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2002 016.0.txt跨站点脚本漏洞在部落1.2.8和IMP 2.2.8允许远程攻击者执行脚本,并窃取其他用户的cookie。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0181 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0184网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0184最终决定:阶段性裁决:修改:建议:20020502分配:20020419类别:科幻参考:BUGTRAQ: 20020425(全球InterSec 2002041701) Sudo密码提示参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101974610509912&w=2参考:BUGTRAQ: 20020425 Sudo 1.6.6版本现在可用(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101975443619600&w=2参考:曼德拉草:MDKSA-2002:028参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 028. - php3参考:DEBIAN: dsa - 128参考:网址:http://www.debian.org/security/2002/dsa - 128参考:REDHAT: RHSA-2002:072参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 072. - html参考:REDHAT: RHSA-2002:071参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 071. - html参考:ENGARDE: esa - 20020429 - 010参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 2040. - html参考:BUGTRAQ: 20020425 [slackware-security] sudo升级修复潜在的脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101979472822196&w=2参考:CONECTIVA: CLA-2002:475参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475参考:TRUSTIX: tslsa - 2002 - 0046参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102010164413135&w=2堆溢出在sudo 1.6.6可能允许本地用户获得根权限通过特殊字符- p(提示)参数,不适当的扩大。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0184 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1056网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1056最终决定:阶段性裁决:修改:建议:20020502分配:20020426类别:科幻参考:女士:ms02 - 021参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 021. - asp参考:报价:4397参考:网址:http://online.securityfocus.com/bid/4397参考:BUGTRAQ: 20020331更多的Office XP问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101760380418890&w=2Microsoft Outlook 2000年和2002年,当电子邮件编辑器配置为使用Microsoft Word,并不阻止脚本编辑邮件在HTML或使用富文本格式(RTF),这可能允许远程攻击者执行任意脚本通过电子邮件用户转发或回复。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1056 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0037网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0037最终决定:阶段性裁决:修改:建议:20020502分配:20020116类别:科幻Lotus Domino服务器5。4.6 x, x,和4.5 x允许攻击者绕过目标读者和作者访问列表通过Notes文档的对象直接访问对象的API调用。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0037 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0039网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0039最终决定:阶段性裁决:修改:建议:20020502分配:20020116类别:科幻参考:SGI: 20020306 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P通过6.5.15f rpcbind在SGI IRIX 6.5,可能是早期版本,允许远程攻击者造成拒绝服务(崩溃)通过RPC畸形数据包与无效的长度。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0039 3供应商确认:对咨询内容的决定:模糊的抽象:虽然这咨询清楚问题的根源,惠普:hpsbux0110 - 169(- 2001 - 1124)还讨论了DoS核心转储的畸形的RPC请求。然而,咨询是如此模糊,它并不完全清楚解决相同的漏洞。CD:模糊的表明,模糊的警告(在这种情况下,一个来自HP)应该得到自己的候选人时,由于模糊不确定性。然而,在这种情况下,离线咨询SGI表明可以- 2002 - 0039和2001 - 1124年确实是相同的问题。因此他们应该合并。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0041网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0041最终决定:阶段性裁决:修改:建议:20020502分配:20020116类别:科幻参考:SGI: 20020401 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020401-01-P通过6.5.15f脆弱性在SGI IRIX 6.5的邮件,可能是早期版本,允许本地和远程攻击者造成核心转储。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0041 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0077网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0077最终决定:阶段性裁决:修改:建议:20020502分配:20020221类别:科幻参考:BUGTRAQ: 20020113 ie浏览器弹出对象标签错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101103188711920&w=2参考:女士:ms02 - 015参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 015. - asp微软Internet Explorer 5.01, 5.5和6.0处理对象上调用一个HTML页面的代码库属性作为本地计算机区域的一部分,它允许远程攻击者通过对象调用可执行文件现在在本地系统上,如弹出对象,又名“本地可执行通过对象调用标签”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0077 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0158网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0158最终决定:阶段性裁决:修改:建议:20020502分配:20020327类别:科幻参考:BUGTRAQ: 20020402 NSFOCUS SA2002-01: Sun Solaris Xsun“有限公司”堆溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101776858410652&w=2参考:VULNWATCH: 20020402 NSFOCUS SA2002-01: Sun Solaris Xsun“有限公司”堆溢出参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html缓冲区溢出在Solaris 2.6通过8 Xsun允许本地用户获得根权限通过长有限公司(颜色数据库)命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0158 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0162网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0162最终决定:阶段性裁决:修改:建议:20020502分配:20020328类别:科幻参考:BUGTRAQ: 20020327根妥协通过LogWatch 2.1.1参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101724766216872参考:VULN-DEV: 20020327根妥协通过LogWatch 2.1.1参考:网址:http://online.securityfocus.com/archive/82/264233参考:确认:http://list.kaybee.org/archives/logwatch-announce/2002-March/000002.html参考:REDHAT: RHSA-2002:053参考:REDHAT: RHSA-2002:054 LogWatch之前2.5允许本地用户执行任意代码通过一个符号链接攻击LogWatch临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0162 3供应商确认:对咨询内容的决定:SF-LOC抽象:CD: SF-LOC表明当一个人比另一个漏洞出现在一个不同的版本,应该有单独的CVE物品,即使同一类型的问题。- 2002 - 0165可以出现在2.5;- 2002 - 0162不可以。因此这些东西应该保持分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0165网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0165最终决定:阶段性裁决:修改:建议:20020502分配:20020404类别:科幻参考:BUGTRAQ: 20020403 LogWatch 2.5仍然脆弱的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101787227513000&w=2参考:REDHAT: RHSA-2002:053参考:REDHAT: RHSA-2002:054 LogWatch 2.5允许本地用户获得根权限通过一个符号链接攻击,不同的漏洞比- 2002 - 0162。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0165 3供应商确认:对咨询内容的决定:SF-LOC抽象:CD: SF-LOC表明当一个人比另一个漏洞出现在一个不同的版本,应该有单独的CVE物品,即使同一类型的问题。- 2002 - 0165可以出现在2.5;- 2002 - 0162不可以。因此这些东西应该保持分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0177网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0177最终决定:阶段性裁决:修改:建议:20020502分配:20020416类别:科幻参考:BUGTRAQ: 20020402 icecast 1.3.11远程shell /根利用- #临时参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101780890326179&w=2参考:BUGTRAQ: 20020403 Icecast临时补丁(或:补丁?我们需要讨厌的补丁! ! @ $ !)参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101786838300906&w=2参考:BUGTRAQ: 20020404全面分析多个远程可利用的漏洞Icecast 1.3.11参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101793704306035&w=2参考:确认:http://www.xiph.org/archives/icecast/2616.html参考:报价:4415参考:网址:http://online.securityfocus.com/bid/4415缓冲区溢出在icecast 1.3.11早些时候,允许远程攻击者执行任意代码通过一个长从MP3端HTTP GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0177 3供应商确认:是的内容决定:SF-LOC承认:一篇供应商邮件列表includesd声明“修复安全漏洞(icx.c)”- and icx.c is the exploit provided in the Bugtraq post. ABSTRACTION: the vendor patches indicate that multiple issues of the same type (buffer overflow) may exist, so CD:SF-LOC recommends combining them. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0185 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0185最终决定:阶段性裁决:修改:建议:20020502分配:20020419类别:科幻/ CF / MP / SA / /未知参考:MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html参考:MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.htmlmod_python 2.7.6和更早的版本允许发布模块的模块间接进口然后通过出版商访问,它允许远程攻击者从导入的模块调用可能危险的函数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0185 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0350网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0350最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20020301 DoS惠普ProCurve 4000开关(可能)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101500123900612&w=2参考:报价:4212参考:网址:http://online.securityfocus.com/bid/4212参考:XF: hp-procurve-portscan-dos(8329)参考:网址:http://www.iss.net/security_center/static/8329.php惠普Procurve开关4000米跑步固件C.08.22和C.09.09允许远程攻击者通过端口扫描引起拒绝服务的管理IP地址,禁用telnet服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0350 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0351网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0351最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:DEBIAN: dsa - 116参考:网址:http://www.debian.org/security/2002/dsa - 116参考:XF: cfs-bo(8330)参考:网址:http://www.iss.net/security_center/static/8330.php参考:报价:4219参考:网址:http://online.securityfocus.com/bid/4219缓冲区溢出在CFS守护进程(cfsd) 1.3.3-8.1之前,和1.4 x 1.4.1-5之前,允许远程攻击者可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0351 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0352网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0352最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20020302 Phorum讨论板安全缺陷(电子邮件披露)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101508207206900&w=2参考:报价:4226参考:网址:http://online.securityfocus.com/bid/4226参考:XF: phorum-admin-users-information(8344)参考:网址:http://www.iss.net/security_center/static/8344.phpPhorum 3.3.2允许远程攻击者的电子邮件地址来确定十大最活跃用户通过直接HTTP请求的统计数据。php程序,不需要身份验证。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0352 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0353网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0353最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻/ CF / MP / SA / /未知参考:CONECTIVA: CLA-2002:474参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000474参考:确认:http://www.ethereal.com/appnotes/enpa - sa - 00003. - html早些时候在爽朗0.9.2 asn . 1解析器允许远程攻击者造成拒绝服务(崩溃)通过某种畸形数据包,导致的分配内存错误,可能由于零长度字段。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0353 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0354网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0354最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20020430阅读本地文件在Netscape 6和Mozilla (GM # 001 - ns)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102017952204097&w=2参考:NTBUGTRAQ: 20020430阅读本地文件在Netscape 6和Mozilla (GM # 001 - ns)参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=102020343728766&w=2XMLHttpRequest对象(XMLHTTP)在Netscape 6.1和Mozilla 0.9.7允许远程攻击者读取任意客户端系统上的文件和目录列表打开URL重定向浏览器到文件在客户端,然后使用responseText属性读取结果。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0354 3供应商确认:是的内容决定:SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近- 87 - 58候选人
- 下一个按日期:再保险(CVEPRI):越来越多的候选人和及时性
- Prev线程:(提案)集群最近- 87 - 58候选人
- 指数(es):
