(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近45 - 93的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题最近集群(建议):45 - 93的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年:星期二,2002年6月11日01:29:18(美国东部时间)
- 交货日期:2002年6月11日01:29:24星期二
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出集群——93年由编辑委员会审查和投票。名称:最近- 93描述:候选人宣布5/1/2002和6/6/2002之间尺寸:45通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0032 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0032最终决定:阶段性裁决:修改:建议:20020611分配:20020116类别:科幻参考:BUGTRAQ: 20020527雅虎信使——多个漏洞参考:网址:http://online.securityfocus.com/archive/1/274223参考:CERT: ca - 2002 - 16参考:网址:http://www.cert.org/advisories/ca - 2002 - 16. - html参考:CERT-VN: VU # 172315参考:网址:http://www.kb.cert.org/vuls/id/172315参考:报价:4838参考:网址:http://www.securityfocus.com/bid/4838雅虎信使5 0 0,1064年早些时候,允许远程攻击者执行任意脚本的其他用户通过addview参数ymsgr URI。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0032 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0033网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0033最终决定:阶段性裁决:修改:建议:20020611分配:20020116类别:科幻参考:BUGTRAQ: 20020505 (LSD) Solaris cachefsd远程缓冲区溢出漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html参考:CERT: ca - 2002 - 11参考:网址:http://www.cert.org/advisories/ca - 2002 - 11. - html参考:确认:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309参考:CERT-VN: VU # 635811参考:网址:http://www.kb.cert.org/vuls/id/635811参考:报价:4674参考:网址:http://www.securityfocus.com/bid/4674堆溢出在Solaris cachefsd cfsd_calloc函数允许远程攻击者通过请求与执行任意代码目录和缓存名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0033 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0146网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0146最终决定:阶段性裁决:修改:建议:20020611分配:20020318类别:科幻参考:REDHAT: RHSA-2002:047参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 047. - htmlfetchmail 5.9.10之前电子邮件客户端没有正确限制可用信息的最大数量,它允许远程IMAP服务器覆盖内存通过消息计数超过数组的边界。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0146 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0155网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0155最终决定:阶段性裁决:修改:建议:20020611分配:20020319类别:科幻参考:BUGTRAQ: 20020508咨询:MSN Messenger OCX缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102089960531919&w=2参考:VULNWATCH: 20020508 (VULNWATCH)咨询:MSN Messenger OCX缓冲区溢位参考:女士:ms02 - 022参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 022. - asp参考:CERT: ca - 2002 - 13参考:网址:http://www.cert.org/advisories/ca - 2002 - 13. - html缓冲区溢出在微软MSN聊天ActiveX控件,用于MSN Messenger 4.5和4.6,4.5和4.6交易即时通讯,允许远程攻击者执行任意代码通过一个长MSNChat OCX ResDLL参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0155 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0157网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0157最终决定:阶段性裁决:修改:建议:20020611分配:20020325类别:科幻参考:BUGTRAQ: 20020502 r7 - 0003:鹦鹉螺符号链接漏洞参考:网址:http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0参考:报价:4373参考:网址:http://www.securityfocus.com/bid/4373参考:REDHAT: RHSA-2002:064参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 064. - html鹦鹉螺的1.0.4早些时候,允许本地用户覆盖通过符号链接攻击.nautilus-metafile任意文件。xml元数据文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0157 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0169网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0169最终决定:阶段性裁决:修改:建议:20020611分配:20020411类别:CF参考:REDHAT: RHSA-2002:062参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 062. - htmlDocBook的默认样式表在Red Hat Linux 6.2到7.2安装启用了一个不安全的选项,这将允许用户覆盖文件在当前目录从一个不可信的文档使用完整路径名作为元素标识符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0169 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0174网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0174最终决定:阶段性裁决:修改:建议:20020611分配:20020411类别:科幻参考:SGI: 20020501 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020501-01-Insd在SGI IRIX 6.5.11允许本地用户覆盖任意文件并获得通过一个符号链接攻击nsd root特权。转储文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0174 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0188网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0188最终决定:阶段性裁决:修改:建议:20020611分配:20020420类别:科幻参考:女士:ms02 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 023. - asp微软Internet Explorer 5.01和6.0允许远程攻击者执行任意代码通过畸形的附加和内容类型头字段被欺骗的文件类型,导致应用程序通过文件的操作系统来处理,而不是引发一个错误消息,又名“内容性格”的第二个变体脆弱性。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0188 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0190网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0190最终决定:阶段性裁决:修改:建议:20020611分配:20020420类别:科幻参考:女士:ms02 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 023. - asp微软Internet Explorer 5.01, 5.5和6.0允许远程攻击者执行任意代码通过一个畸形的web页面,需要更少的安全限制NetBIOS连接,又名“区欺骗通过web页面畸形”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0190 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0191网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0191最终决定:阶段性裁决:修改:建议:20020611分配:20020420类别:科幻参考:BUGTRAQ: 20020402阅读部分本地文件在IE中,根据结构(GM # 004 - IE)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=101778302030981&w=2参考:女士:ms02 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 023. - asp参考:XF: ie-css-read-files(8740)参考:网址:http://www.iss.net/security_center/static/8740.php参考:报价:4411参考:网址:http://online.securityfocus.com/bid/4411微软Internet Explorer 5.01、5.5和6.0,远程攻击者可以查看任意文件包含“{”字符通过样式表的脚本包含cssText属性对象,又名“本地信息披露通过HTML对象”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0191 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0192网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0192最终决定:阶段性裁决:修改:建议:20020611分配:20020420类别:科幻参考:女士:ms02 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 023. - asp微软Internet Explorer 5.01和6.0允许远程攻击者执行任意代码通过修改附加项和的Content - type报头字段为欺骗导致应用程序文件类型文件传递回操作系统来处理,而不是引发一个错误消息,又名“内容性格”的第一个变体脆弱性。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0192 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0193网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0193最终决定:阶段性裁决:修改:建议:20020611分配:20020420类别:科幻参考:女士:ms02 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 023. - asp微软Internet Explorer 5.01和6.0允许远程攻击者执行任意代码通过畸形的附加和内容类型头字段被欺骗的文件类型,导致应用程序通过文件的操作系统来处理,而不是引发一个错误消息,又名“内容性格”的第一个变体脆弱性。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0193 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0355网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0355最终决定:阶段性裁决:修改:建议:20020611分配:20020502类别:科幻参考:SGI: 20020503 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020503-01-I参考:报价:4682参考:网址:http://www.securityfocus.com/bid/4682参考:XF: irix-netstat-file-existence(9023)参考:网址:http://www.iss.net/security_center/static/9023.phpnetstat在SGI IRIX 6.5.12允许本地用户确定文件系统上的存在,即使用户没有适当的权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0355 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0356网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0356最终决定:阶段性裁决:修改:建议:20020611分配:20020502类别:科幻参考:SGI: 20020504 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020504-01-I脆弱性XFS文件系统重组(fsr_xfs)早些时候在SGI IRIX 6.5.10及允许本地用户获得根权限覆盖关键系统文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0356 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0357网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0357最终决定:阶段性裁决:修改:建议:20020611分配:20020502类别:科幻参考:SGI: 20020601 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P在rpc漏洞。passwd nfs.sw。nis子系统的SGI IRIX 6.5.15早些时候,允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0357 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0358网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0358最终决定:阶段性裁决:修改:建议:20020611分配:20020502类别:科幻参考:SGI: 20020602 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020602-01-IMediaMail MedialMail Pro在SGI IRIX 6.5.16早些时候,允许本地用户强制程序转储核心通过特定的参数,这将允许用户读取敏感数据或获得的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0358 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0368网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0368最终决定:阶段性裁决:修改:建议:20020611分配:20020508类别:科幻/ CF / MP / SA / /未知参考:女士:ms02 - 025参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 025. - asp商店服务在微软Exchange 2000允许远程攻击者造成拒绝服务(CPU消耗)通过邮件与畸形的RFC消息属性,又名“畸形的邮件属性会导致交换2000耗尽CPU资源。”Analysis ---------------- ED_PRI CAN-2002-0368 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0369 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0369最终决定:阶段性裁决:修改:建议:20020611分配:20020508类别:科幻参考:女士:ms02 - 026参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 026. - asp缓冲区溢出在ASP。净工作进程允许远程攻击者可能导致拒绝服务(重启)和执行任意代码通过一个常规处理cookie在StateServer模式。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0369 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0374网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0374最终决定:阶段性裁决:修改:建议:20020611分配:20020508类别:科幻参考:BUGTRAQ: 20020506 ldap漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102070762606525&w=2参考:VULNWATCH: 20020506 [VULNWATCH] ldap漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html参考:REDHAT: RHSA-2002:084参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 084. - html格式字符串漏洞的日志功能pam_ldap PAM LDAP模块144年版本之前允许攻击者在配置文件中执行任意代码通过格式化字符串的名字。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0374 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0377网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0377最终决定:阶段性裁决:修改:建议:20020611分配:20020514类别:科幻参考:BUGTRAQ: 20020512 Gaim abritary电子邮件阅读参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102130733815285&w=2参考:确认:http://gaim.sourceforge.net/ChangeLogGaim 0.57敏感信息存储在全局和group-writable文件在/ tmp目录中,它允许本地用户访问其他用户运行MSN网络电子邮件帐户Gaim通过阅读身份验证信息的文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0377 1供应商确认:是的确认:Gaim 0.58版本的更改日志,5月13日说“Tempfiles用于安全MSN / HotMail登录(0.57)中添加现在自己创建的安全。”In addition to a statement on the vendor's News page, dated May 14, regarding "the fix to the recent BugTraq posting about Gaim," this is sufficient acknowledgement. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0379 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0379最终决定:阶段性裁决:修改:建议:20020611分配:20020517类别:科幻参考:BUGTRAQ: 20020510 wu-imap缓冲区溢出条件参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529&w=2参考:REDHAT: RHSA-2002:092参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 092. - html华盛顿大学的imap服务器的缓冲区溢出(uw-imapd) imap - 2001 (imapd 2001.315)和imap - 2001 a (imapd 2001.315)与遗留RFC 1730的支持,和imapd 2000.287和更早的,允许远程经过身份验证的用户通过长邮箱属性请求执行代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0379 1供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0380网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0380最终决定:阶段性裁决:修改:建议:20020611分配:20020517类别:科幻参考:REDHAT: RHSA-2001:089参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 089. - html缓冲区溢出的tcpdump操作和早些时候允许远程攻击者可能导致拒绝服务和执行任意代码通过一个NFS包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0380 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0388网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0388最终决定:阶段性裁决:修改:建议:20020611分配:20020523类别:科幻/ CF / MP / SA / /未知参考:确认:http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html跨站点脚本漏洞在邮差)允许远程攻击者执行脚本通过(1)管理员登录页面,或(2)Pipermail索引摘要。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0388 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0400网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0400最终决定:阶段性裁决:修改:建议:20020611分配:20020603类别:科幻参考:CERT: ca - 2002 - 15参考:网址:http://www.cert.org/advisories/ca - 2002 - 15. - html参考:CERT-VN: VU # 739123参考:网址:http://www.kb.cert.org/vuls/id/739123参考:REDHAT: RHSA-2002:105参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 105. - html参考:国际空间站:20020604远程拒绝服务漏洞在ISC绑定ISC BIND 9 9.2.1允许远程攻击者造成拒绝服务(关闭)通过一个畸形的DNS数据包,触发一个错误条件,不是dns_message_findtype rdataset时妥善处理参数()函数的信息。c不是零。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0400 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0401网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0401最终决定:阶段性裁决:修改:建议:20020611分配:20020603类别:科幻参考:确认:http://www.ethereal.com/appnotes/enpa - sa - 00004. - html参考:DEBIAN: dsa - 130参考:网址:http://www.debian.org/security/2002/dsa - 130参考:BUGTRAQ: 20020529潜在的安全问题在飘渺的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2参考:报价:4806参考:网址:http://online.securityfocus.com/bid/4806SMB解剖器在飘渺的0.9.3允许远程攻击者造成拒绝服务(崩溃)或执行任意代码通过畸形数据包导致的间接引用一个空指针。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0401 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0402网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0402最终决定:阶段性裁决:修改:建议:20020611分配:20020603类别:科幻参考:确认:http://www.ethereal.com/appnotes/enpa - sa - 00004. - html参考:DEBIAN: dsa - 130参考:网址:http://www.debian.org/security/2002/dsa - 130参考:BUGTRAQ: 20020529潜在的安全问题在飘渺的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2参考:报价:4805参考:网址:http://online.securityfocus.com/bid/4805缓冲区溢出在X11解剖器在飘渺的0.9.3允许远程攻击者可能导致拒绝服务(崩溃),而飘渺的解析并执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0402 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0403网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0403最终决定:阶段性裁决:修改:建议:20020611分配:20020603类别:科幻参考:确认:http://www.ethereal.com/appnotes/enpa - sa - 00004. - html参考:DEBIAN: dsa - 130参考:网址:http://www.debian.org/security/2002/dsa - 130参考:BUGTRAQ: 20020529潜在的安全问题在飘渺的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2参考:报价:4807参考:网址:http://online.securityfocus.com/bid/4807DNS解剖器在飘渺的0.9.3允许远程攻击者造成拒绝服务(CPU消耗)通过一个畸形导致的包进入一个无限循环。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0403 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0404网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0404最终决定:阶段性裁决:修改:建议:20020611分配:20020603类别:科幻参考:确认:http://www.ethereal.com/appnotes/enpa - sa - 00004. - html参考:DEBIAN: dsa - 130参考:网址:http://www.debian.org/security/2002/dsa - 130参考:BUGTRAQ: 20020529潜在的安全问题在飘渺的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102268626526119&w=2参考:报价:4808参考:网址:http://online.securityfocus.com/bid/4808脆弱性GIOP解剖器在飘渺的0.9.3允许远程攻击者造成拒绝服务(内存消耗)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0404 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0605网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0605最终决定:阶段性裁决:修改:建议:20020611分配:20020611类别:科幻参考:BUGTRAQ: 20020503 Macromedia Flash Activex缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102039374017185&w=2参考:VULN-DEV: 20020503 Macromedia Flash Activex缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102038919414726&w=2参考:VULNWATCH: 20020502 [VULNWATCH] Macromedia Flash Activex缓冲区溢位参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html参考:NTBUGTRAQ: 20020503 Macromedia Flash Activex缓冲区溢位参考:确认:http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm参考:XF: flash-activex-movie-bo(8993)参考:网址:http://www.iss.net/security_center/static/8993.php参考:报价:4664参考:网址:http://online.securityfocus.com/bid/4664缓冲区溢出在Flash OCX Macromedia Flash 6修订23(23岁的6 0 0)允许远程攻击者通过很长的电影参数执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0605 1供应商确认:是的咨询确认:在网上咨询5月6日,2002年,Macromedia州“Macromedia核实参数中的一个漏洞处理Macromedia Flash Player ActiveX控制,版本6中,0,23日0”和包括一个参考大参考最初的咨询。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0393网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0393最终决定:阶段性裁决:修改:建议:20020611分配:20020530类别:科幻参考:ATSTAKE: A060502-1参考:网址:http://www.atstake.com/research/advisories/2002/a060502 - 1. - txt1050年红色m缓冲区溢出(蓝牙访问点)管理web接口允许远程攻击者可能导致拒绝服务,执行任意代码通过一个长管理密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0393 2供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0394网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0394最终决定:阶段性裁决:修改:建议:20020611分配:20020530类别:科幻参考:ATSTAKE: A060502-1参考:网址:http://www.atstake.com/research/advisories/2002/a060502 - 1. - txt红色m 1050(蓝牙访问点)使用不分大小写密码,这使得攻击者更容易进行暴力破解密码猜测攻击由于小空间的可能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0394 2供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0395网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0395最终决定:阶段性裁决:修改:建议:20020611分配:20020530类别:科幻/ CF / MP / SA / /未知参考:ATSTAKE: A060502-1参考:网址:http://www.atstake.com/research/advisories/2002/a060502 - 1. - txtTFTP服务器1050年红色m(蓝牙访问点)不能被禁用,使远程攻击者更容易通过蛮力破解密码管理方法。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0395 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0396网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0396最终决定:阶段性裁决:修改:建议:20020611分配:20020530类别:科幻参考:ATSTAKE: A060502-1参考:网址:http://www.atstake.com/research/advisories/2002/a060502 - 1. - txt1050年红色m网络管理服务器(蓝牙访问点)不使用基于会话的凭据进行身份验证的用户,攻击者可以从相同的IP地址连接到服务器的用户已经建立一个会话。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0396 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0397网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0397最终决定:阶段性裁决:修改:建议:20020611分配:20020530类别:科幻参考:ATSTAKE: A060502-1参考:网址:http://www.atstake.com/research/advisories/2002/a060502 - 1. - txt红色m 1050(蓝牙访问点)宣传其名称、IP地址和其他信息在UDP数据包广播地址,它允许网络上的任何系统获得潜在的敏感的信息接入点设备通过监测UDP端口8887。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0397 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0398网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0398最终决定:阶段性裁决:修改:建议:20020611分配:20020530类别:科幻参考:ATSTAKE: A060502-1参考:网址:http://www.atstake.com/research/advisories/2002/a060502 - 1. - txt红色m 1050(蓝牙访问点)购买力平价服务器允许保税用户造成拒绝服务并通过很长的用户名可能执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0398 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0031网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0031最终决定:阶段性裁决:修改:建议:20020611分配:20020116类别:科幻参考:BUGTRAQ: 20020527雅虎信使——多个漏洞参考:网址:http://online.securityfocus.com/archive/1/274223参考:CERT: ca - 2002 - 16参考:网址:http://www.cert.org/advisories/ca - 2002 - 16. - html参考:CERT-VN: VU # 137115参考:网址:http://www.kb.cert.org/vuls/id/137115参考:报价:4837参考:网址:http://www.securityfocus.com/bid/4837缓冲区溢出在雅虎信使5 0 0,1064年早些时候,允许远程攻击者执行任意代码通过ymsgr URI长参数(1),(2)sendim, getimv(3),(4)聊天,(5)addview或(6)加入朋友。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0031 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0189网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0189最终决定:阶段性裁决:修改:建议:20020611分配:20020420类别:科幻参考:女士:ms02 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 023. - asp跨站点脚本漏洞在Internet Explorer 6.0允许远程攻击者在本地计算机上执行脚本区通过一个URL,利用本地HTML资源文件,又名“本地HTML资源跨站点脚本编制”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0189 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0360网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0360最终决定:阶段性裁决:修改:建议:20020611分配:20020502类别:科幻参考:VULNWATCH: 20020520 [VULNWATCH] eSecurityOnline咨询5063 -太阳AnswerBook2 gettransbitmap缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=vulnwatch&m=102194510509450&w=2参考:BUGTRAQ: 20020520 eSecurityOnline咨询5063 -太阳AnswerBook2 gettransbitmap缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102198846905064&w=2参考:MISC:http://www.eSecurityOnline.com/advisories/eSO5063.asp缓冲区溢出在太阳AnswerBook2 1.4 3通过允许远程攻击者执行任意代码通过一个长文件名参数gettransbitmap CGI程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0360 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0362网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0362最终决定:阶段性裁决:修改:建议:20020611分配:20020506类别:科幻参考:VULNWATCH: 20020506 [VULNWATCH] w00w00 AOL的即时通讯远程溢出# 2上参考:BUGTRAQ: 20020506 w00w00 AOL的即时通讯远程溢出# 2上参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102071080509955&w=2参考:报价:4677参考:网址:http://www.securityfocus.com/bid/4677缓冲区溢出在AOL的即时通讯(AIM) 4.2,后来允许远程攻击者执行任意代码通过一个长AddExternalApp请求和电磁阀类型大于0 x2711。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0362 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0405网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0405最终决定:阶段性裁决:修改:建议:20020611分配:20020607类别:参考:BUGTRAQ: 20020527各种windows FTP服务器的问题参考:网址:http://online.securityfocus.com/archive/1/274279参考:XF: broker-ftp-dot-bo(6673)参考:网址:http://xforce.iss.net/static/6673.php参考:报价:4864参考:网址:http://online.securityfocus.com/bid/4864缓冲区溢出Transsoft Broker FTP服务器5.0评价允许远程攻击者可能导致拒绝服务和执行任意代码通过一个命令与大量的慢性消耗性疾病。(点)字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0405 3供应商确认:内容决定:SF-LOC抽象:这看起来非常类似于可以- 2001 - 0688也是一个溢出在慢性消耗病,但也有一些关键的差异:(a)”。“慢性消耗病的问题出现在5.9.5.0和必须执行一系列的时间,和(b)“……”CWD issue appears in 5.0/evaluation. Since the attack vectors are slightly different, and the versions are also different, then CD:SF-LOC suggests that these issues should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0578 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0578最终决定:阶段性裁决:修改:建议:20020611分配:20020611类别:科幻参考:BUGTRAQ: 20020502 iXsecurity.20020404.4d_webserver。参考网址:http://archives.neohapsis.com/archives/bugtraq/2002-05/0013.html参考:报价:4665参考:网址:http://www.securityfocus.com/bid/4665缓冲区溢出的4 d网络服务器6.7.3允许远程攻击者可能导致拒绝服务和执行任意代码通过一个HTTP请求与含有长(1)的基本身份验证用户名或密码(2)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0578 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0585网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0585最终决定:阶段性裁决:修改:建议:20020611分配:20020611类别:科幻参考:惠普:hpsbux0205 - 192参考:网址:http://archives.neohapsis.com/archives/hp/2002-q2/0034.html参考:报价:4680参考:网址:http://www.securityfocus.com/bid/4680脆弱性与某些运输ndd hp - ux 11.11补丁允许攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0585 3供应商确认:对咨询内容的决定:模糊的抽象:有可能,这是同样的问题作为cve - 1999 - 1118,但惠普咨询不提供足够的细节来确定。此外,cve - 1999 - 1118前4年宣布惠普咨询。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0602网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0602最终决定:阶段性裁决:修改:建议:20020611分配:20020611类别:科幻参考:BUGTRAQ:毕马威20020502 - 2002017:Snapgear Lite +防火墙拒绝服务引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2参考:VULNWATCH: 20020502 [VULNWATCH]毕马威- 2002017:Snapgear Lite +防火墙拒绝服务引用:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html参考:确认:http://www.snapgear.com/releases.html参考:XF: snapgear-vpn-pptp-dos(8986)参考:报价:4658参考:报价:4657参考:XF: snapgear-vpn-http-dos (8985) Snapgear Lite +防火墙1.5.4和1.5.3允许远程攻击者更正导致拒绝服务(崩溃)通过大量的连接(1)HTTP web管理端口,或(2)PPTP端口。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0602 3供应商确认:是的更新日志内容决定:SF-LOC, SF-EXEC确认:供应商的网上发布说明包含一个条目3月8日,2002年,国家“杂项安全程式及修复由于彼得Grundl和安德烈亚斯•桑德尔毕马威的丹麦(原Bugtraq海报)。”ABSTRACTION: CD:SF-LOC and CD:SF-EXEC suggest MERGING problems of the same type that appear in the same version. Since the same basic issue appears in both HTTP and PPTP (50+ connections cause DoS), these issues have been MERGED. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-0603 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0603最终决定:阶段性裁决:修改:建议:20020611分配:20020611类别:科幻参考:BUGTRAQ:毕马威20020502 - 2002017:Snapgear Lite +防火墙拒绝服务引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2参考:VULNWATCH: 20020502 [VULNWATCH]毕马威- 2002017:Snapgear Lite +防火墙拒绝服务引用:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html参考:确认:http://www.snapgear.com/releases.html参考:XF: snapgear-vpn-ipsec-dos(8987)参考:网址:http://www.iss.net/security_center/static/8987.php参考:报价:4659参考:网址:http://online.securityfocus.com/bid/4659Snapgear Lite +防火墙1.5.3允许远程攻击者更正导致拒绝服务(IPSEC崩溃)通过一个零长度数据包UDP端口500。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0603 3供应商确认:是的更新日志内容决定:SF-LOC确认:供应商的网上发布说明包含一个条目3月8日,2002年,国家“杂项安全程式及修复由于彼得Grundl和安德烈亚斯•桑德尔毕马威的丹麦(原Bugtraq海报)。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0604网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0604最终决定:阶段性裁决:修改:建议:20020611分配:20020611类别:科幻参考:BUGTRAQ:毕马威20020502 - 2002017:Snapgear Lite +防火墙拒绝服务引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102035583114759&w=2参考:VULNWATCH: 20020502 [VULNWATCH]毕马威- 2002017:Snapgear Lite +防火墙拒绝服务引用:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0050.html参考:确认:http://www.snapgear.com/releases.html参考:XF: snapgear-vpn-ipoptions-dos(8988)参考:网址:http://www.iss.net/security_center/static/8988.php参考:报价:4660参考:网址:http://online.securityfocus.com/bid/4660Snapgear Lite +防火墙1.5.3和更正1.5.4允许远程攻击者造成拒绝服务(崩溃)通过大量的数据包与畸形的IP选项。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0604 3供应商确认:是的更新日志内容决定:SF-LOC确认:供应商的网上发布说明包含一个条目3月8日,2002年,国家“杂项安全程式及修复由于彼得Grundl和安德烈亚斯•桑德尔毕马威的丹麦(原Bugtraq海报)。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近- 92 - 57的候选人
- 下一个按日期:(临时)接受191名候选人(最后的6月21日)
- Prev线程:(提案)集群最近- 92 - 57的候选人
- 下一个线程:(临时)接受191名候选人(最后的6月21日)
- 指数(es):
