(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群最近- 102 - 53年的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):最近集群- 102 - 53年的候选人
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期-0400年:星期四,2002年8月29日23:47:43(美国东部时间)
- 交货日期:2002年8月29日23:47:47星期四
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我最近提出集群——102年由编辑委员会审查和投票。名称:最近- 102描述:罐2002/07/18和2002/07/31大小之间宣布:53通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0391 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0391最终决定:阶段性裁决:修改:建议:20020830分配:20020528类别:科幻参考:国际空间站:20020731远程缓冲区溢出漏洞在太阳RPC参考:网址:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823参考:BUGTRAQ: 20020731远程缓冲区溢出漏洞在太阳RPC参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102813809232532&w=2参考:BUGTRAQ: 20020801 RPC分析参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102821785316087&w=2参考:BUGTRAQ: 20020802 mitkrb5 - sa - 2002 - 001:远程根漏洞在麻省理工学院krb5管理参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102831443208382&w=2参考:CERT: ca - 2002 - 25参考:网址:http://www.cert.org/advisories/ca - 2002 - 25. - html参考:CERT-VN: VU # 192995参考:网址:http://www.kb.cert.org/vuls/id/192995参考:DEBIAN: dsa - 142参考:网址:http://www.debian.org/security/2002/dsa - 142参考:DEBIAN: dsa - 143参考:网址:http://www.debian.org/security/2002/dsa - 143参考:DEBIAN: dsa - 146参考:网址:http://www.debian.org/security/2002/dsa - 146参考:DEBIAN: dsa - 149参考:网址:http://www.debian.org/security/2002/dsa - 149参考:FREEBSD: FreeBSD-SA-02:34。rpc参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102821928418261&w=2参考:SGI: 20020801 - 01 -参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A参考:SGI: 20020801 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A参考:NETBSD: NETBSD - sa2002 - 011参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——011.参考:REDHAT: RHSA-2002:166参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 166. - html参考:REDHAT: RHSA-2002:172参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 172. - html整数溢出xdr_array函数中使用libc的RPC服务器操作系统,glibc,或其他代码基于SunRPC包括dietlibc、允许远程攻击者执行任意代码通过大量的参数通过RPC服务xdr_array如RPC。cmsd dmispd。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0391 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0638网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0638最终决定:阶段性裁决:修改:建议:20020830分配:20020627类别:科幻参考:VULNWATCH: 20020729 [VULNWATCH]剃刀咨询:Linux util-linux chfn本地根脆弱参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html参考:BUGTRAQ: 20020729剃须刀咨询:Linux util-linux chfn本地根脆弱参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102795787713996&w=2参考:CERT-VN: VU # 405955参考:网址:http://www.kb.cert.org/vuls/id/405955参考:REDHAT: RHSA-2002:132参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 132. - html参考:曼德拉草:MDKSA-2002:047参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 047. - php参考:BUGTRAQ: 20020730 tslsa - 2002 - 0064 - util-linux参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html参考:惠普:hpsbtl0207 - 054参考:网址:http://online.securityfocus.com/advisories/4320参考:XF: utillinux-chfn-race-condition(9709)参考:网址:http://www.iss.net/security_center/static/9709.php参考:报价:5344参考:网址:http://www.securityfocus.com/bid/5344setpwnam。c util-linux包中,包括在Red Hat Linux 7.3,前,和其他操作系统,不适当的锁定一个临时文件,修改/ etc / passwd,这可能允许本地用户权限通过一个复杂的竞争条件,使用一个打开的文件描述符在chfn, chsh等实用程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0638 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0655网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0655最终决定:阶段性裁决:修改:建议:20020830分配:20020702类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20020730 OpenSSL安全Altert——远程缓冲区溢出参考:REDHAT: RHSA-2002:155参考:DEBIAN: dsa - 136参考:BUGTRAQ: 20020730 [OpenPKG - SA - 2002.008] OpenPKG安全顾问(OpenSSL)参考:BUGTRAQ: 20020730 tslsa - 2002 - 0063 - OpenSSL参考:BUGTRAQ: 20020730 OpenSSL参考其他版本的补丁:ENGARDE: esa - 20020730 - 019参考:BUGTRAQ: 20020730 GLSA: OpenSSL参考:SUSE: SuSE-SA: 2002:027参考:CERT: ca - 2002 - 23参考:网址:http://www.cert.org/advisories/ca - 2002 - 23. - html参考:CERT-VN: VU # 308891参考:网址:http://www.kb.cert.org/vuls/id/308891参考:火山口:综援- 2002 - 033.0参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 033.0.txt参考:火山口:综援- 2002 - 033.1参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 033.1.txt参考:FREEBSD: FreeBSD-SA-02:33参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc参考:曼德拉草:MDKSA-2002:046参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 046. - php参考:CONECTIVA: CLA-2002:513参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513参考:报价:5364参考:网址:http://www.securityfocus.com/bid/5364OpenSSL 0.9.6d早些时候,0.9.7-beta2和早些时候,不妥善处理ASCII表示整数在64位平台上,这可能允许攻击者可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0655 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0656网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0656最终决定:阶段性裁决:修改:建议:20020830分配:20020702类别:科幻参考:BUGTRAQ: 20020730 OpenSSL安全Altert——远程缓冲区溢出参考:REDHAT: RHSA-2002:155参考:DEBIAN: dsa - 136参考:BUGTRAQ: 20020730 [OpenPKG - sa - 2002.008] OpenPKG安全顾问(OpenSSL)参考:BUGTRAQ: 20020730 tslsa - 2002 - 0063 - OpenSSL参考:BUGTRAQ: 20020730 OpenSSL参考其他版本的补丁:ENGARDE: esa - 20020730 - 019参考:BUGTRAQ: 20020730 GLSA: OpenSSL参考:SUSE: SuSE-SA: 2002:027参考:CERT: ca - 2002 - 23参考:网址:http://www.cert.org/advisories/ca - 2002 - 23. - html参考:CERT-VN: VU # 102795参考:网址:http://www.kb.cert.org/vuls/id/102795参考:CERT-VN: VU # 258555参考:网址:http://www.kb.cert.org/vuls/id/258555参考:火山口:综援- 2002 - 033.0参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 033.0.txt参考:火山口:综援- 2002 - 033.1参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 033.1.txt参考:FREEBSD: FreeBSD-SA-02:33参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc参考:曼德拉草:MDKSA-2002:046参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 046. - php参考:CONECTIVA: CLA-2002:513参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513参考:XF: openssl-ssl2-masterkey-bo(9714)参考:网址:http://www.iss.net/security_center/static/9714.php参考:报价:5362参考:网址:http://www.securityfocus.com/bid/5362参考:报价:5363参考:网址:http://www.securityfocus.com/bid/5363在OpenSSL 0.9.6d缓冲区溢出,早些时候,0.9.7-beta2早些时候,允许远程攻击者执行任意代码通过(1)大客户主键SSL2或(2)一个大SSL3会话ID。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0656 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0658网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0658最终决定:阶段性裁决:修改:建议:20020830分配:20020702类别:科幻参考:曼德拉草:MDKSA-2002:045参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 045. - php参考:REDHAT: RHSA-2002:164参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 164. - html参考:REDHAT: RHSA-2002:154参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 154. - html参考:REDHAT: RHSA-2002:153参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 153. - html参考:火山口:综援- 2002 - 032.0参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 032.0.txt参考:DEBIAN: dsa - 137参考:网址:http://www.debian.org/security/2002/dsa - 137参考:BUGTRAQ: 20020730 [OpenPKG - sa - 2002.007] OpenPKG安全顾问(毫米)参考:惠普:hpsbtl0208 - 056参考:网址:http://online.securityfocus.com/advisories/4392参考:FREEBSD: FreeBSD-SN-02:05参考:网址:http://online.securityfocus.com/advisories/4431参考:SUSE: SuSE-SA: 2002:028参考:网址:http://www.suse.com/de/security/2002_028_mod_ssl.html参考:XF: mm-tmpfile-symlink(9719)参考:网址:http://www.iss.net/security_center/static/9719.php参考:报价:5352参考:网址:http://online.securityfocus.com/bid/5352OSSP mm库(libmm)之前1.2.0允许本地Apache用户获得特权通过临时文件,可能通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0658 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0659网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0659最终决定:阶段性裁决:修改:建议:20020830分配:20020702类别:科幻参考:BUGTRAQ: 20020730 OpenSSL安全Altert——远程缓冲区溢出参考:DEBIAN: dsa - 136参考:BUGTRAQ: 20020730 [OpenPKG - sa - 2002.008] OpenPKG安全顾问(OpenSSL)参考:BUGTRAQ: 20020730 tslsa - 2002 - 0063 - OpenSSL参考:BUGTRAQ: 20020730 OpenSSL参考其他版本的补丁:ENGARDE: esa - 20020730 - 019参考:BUGTRAQ: 20020730 GLSA: OpenSSL参考:CERT: ca - 2002 - 23参考:网址:http://www.cert.org/advisories/ca - 2002 - 23. - html参考:CERT-VN: VU # 748355参考:网址:http://www.kb.cert.org/vuls/id/748355参考:REDHAT: RHSA-2002:164参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 164. - html参考:REDHAT: RHSA-2002:161参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 161. - html参考:REDHAT: RHSA-2002:160参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 160. - html参考:火山口:综援- 2002 - 033.0参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 033.0.txt参考:火山口:综援- 2002 - 033.1参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 033.1.txt参考:FREEBSD: FreeBSD-SA-02:33参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc参考:CONECTIVA: CLA-2002:516参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000516参考:报价:5366参考:网址:http://www.securityfocus.com/bid/5366参考:XF: openssl-asn1-parser-dos(9718)参考:网址:http://www.iss.net/security_center/static/9718.phpOpenSSL的ASN1图书馆0.9.6d早些时候,0.9.7-beta2早些时候,允许远程攻击者通过无效编码导致拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0659 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0695网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0695最终决定:阶段性裁决:修改:建议:20020830分配:20020712类别:科幻参考:女士:ms02 - 040参考:网址:http://www.microsoft.com/technet/security/bulletin/ms02 - 040. - asptransact - SQL缓冲区溢出(t - SQL) OpenRowSet组件微软的数据访问组件(MDAC) 2.5 2.7通过SQL Server 7.0或2000允许远程攻击者通过一个查询执行任意代码调用OpenRowSet命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0695 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0710网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0710最终决定:阶段性裁决:修改:建议:20020830分配:20020718类别:科幻参考:BUGTRAQ: 20020730目录遍历sendform脆弱性。cgi参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102809084218422&w=2参考:VULNWATCH: 20020731 (VULNWATCH)目录遍历sendform脆弱性。cgi参考:确认:http://www.scn.org/ bb615 /脚本/ sendform.html目录遍历sendform脆弱性。1.44和更早的cgi允许远程攻击者读取任意文件在BlurbFilePath参数通过指定所需的文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0710 1供应商确认:是的、确认:供应商的主页,一个项目7月22日,2002年,说“新:安全解决办法:这限制阅读公开的“广告”文件(可以使用HTML表单使用这个脚本)对特定目录中定义的脚本由网络管理员”。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0813网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0813最终决定:阶段性裁决:修改:建议:20020830分配:20020730类别:科幻参考:BUGTRAQ: 20020727 Phenoelit咨询,0815 + + * - Cisco_tftp参考:网址:http://online.securityfocus.com/archive/1/284634参考:思科:20020730 TFTP长文件名脆弱性参考:网址:http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml参考:BUGTRAQ: 20020822思科IOS开发PoC参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103002169829669&w=2参考:XF: cisco-tftp-filename-bo(9700)参考:网址:http://www.iss.net/security_center/static/9700.php参考:报价:5328参考:网址:http://www.securityfocus.com/bid/5328基于堆的缓冲区溢出在TFTP服务器能力思科IOS 11.1, 11.2和11.3允许远程攻击者造成拒绝服务(重置)或修改配置通过长文件名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0813 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0814网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0814最终决定:阶段性裁决:修改:建议:20020830分配:20020730类别:科幻参考:BUGTRAQ: 20020724 VMware GSX服务器远程缓冲区溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102752511030425&w=2参考:BUGTRAQ: 20020726 Re: VMware GSX服务器远程缓冲区溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102765223418716&w=2参考:NTBUGTRAQ: 20020805 VMware GSX服务器2.0.1版本和安全警报参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html参考:确认:http://www.vmware.com/download/gsx_security.html参考:XF: vmware-gsx-auth-bo(9663)参考:网址:http://www.iss.net/security_center/static/9663.php参考:报价:5294参考:网址:http://www.securityfocus.com/bid/5294缓冲区溢出的VMware授权服务服务器VMware GSX 2.0.0构建- 2050远程经过身份验证的用户可以执行任意代码通过一个长期的全球观点。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0814 1供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0816网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0816最终决定:阶段性裁决:修改:建议:20020830分配:20020731类别:科幻参考:BUGTRAQ: 20020719 tru64概念证明/bin/su非执行绕过参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102709593117171&w=2参考:康柏:SSRT2257参考:网址:http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html参考:报价:5272参考:网址:http://online.securityfocus.com/bid/5272参考:XF: tru64-su-bo(9640)参考:网址:http://www.iss.net/security_center/static/9640.php缓冲区溢出在苏Tru64 Unix 5。x允许本地用户获得根权限通过很长的用户名和参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0816 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0817网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0817最终决定:阶段性裁决:修改:建议:20020830分配:20020801类别:科幻参考:BUGTRAQ: 20020731超级错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102812622416695&w=2参考:DEBIAN: dsa - 139参考:网址:http://www.debian.org/security/2002/dsa - 139格式字符串漏洞在超级Linux允许本地用户获得根权限通过命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0817 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0820网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0820最终决定:阶段性裁决:修改:建议:20020830分配:20020801类别:科幻参考:VULNWATCH: 20020731 [VULNWATCH] FreeBSD < = 4.6内核问题,然而Linux和BSD比Windows参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0047.html参考:BUGTRAQ: 20020819 Freebsd FD利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102979180524452&w=2参考:FREEBSD: FreeBSD-SA-02:23参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:23.stdio.asc参考:MISC:http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&frame=right&th=d429cd2ef1d3a2b7&seekm=ai6c0q%242289%241%40FreeBSD.csie.NCTU.edu.tw link16FreeBSD内核4.6和早些时候关闭文件描述符0、1和2之后,他们已经被分配到/ dev / null描述符引用procfs或linprocfs时,这可能允许本地用户重用文件描述符在一个setuid和setgid程序修改关键数据,并获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0820 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0824网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0824最终决定:阶段性裁决:修改:建议:20020830分配:20020803类别:科幻参考:FREEBSD: FreeBSD-SA-02:32。pppd参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102812546815606&w=2参考:NETBSD: NETBSD - sa2002 - 010参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——010.pppd允许本地用户改变任意文件的权限通过一个符号链接攻击一个被指定为tty设备文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0824 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0825网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0825最终决定:阶段性裁决:修改:建议:20020830分配:20020805类别:科幻参考:确认:http://www.padl.com/Articles/PotentialBufferOverflowin.html缓冲区溢出的DNS SRV代码之前nss_ldap nss_ldap - 198允许远程攻击者可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0825 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1049网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1049最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020729 HylaFAX -各种漏洞固定参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html参考:DEBIAN: dsa - 148参考:网址:http://www.debian.org/security/2002/dsa - 148参考:确认:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300参考:报价:5348参考:网址:http://www.securityfocus.com/bid/5348参考:XF: hylafax-faxgetty-tsi-dos(9728)参考:网址:http://www.iss.net/security_center/static/9728.php格式字符串漏洞在HylaFAX faxgetty 4.1.3之前允许远程攻击者造成拒绝服务(崩溃)通过TSI数据元素。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1049 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1050网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1050最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020729 HylaFAX -各种漏洞固定参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html参考:DEBIAN: dsa - 148参考:网址:http://www.debian.org/security/2002/dsa - 148参考:确认:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312参考:报价:5349参考:网址:http://www.securityfocus.com/bid/5349参考:XF: hylafax-faxgetty-image-bo(9729)参考:网址:http://www.iss.net/security_center/static/9729.php缓冲区溢出在HylaFAX faxgetty 4.1.3之前允许远程攻击者造成拒绝服务(并可能通过一长串图像数据执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1050 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1054网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1054最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020722 Pablo FTP服务器软件解决方案目录遍历脆弱性参考:网址:http://online.securityfocus.com/archive/1/283665参考:VULNWATCH: 20020722 [VULNWATCH] Pablo FTP服务器软件解决方案目录遍历脆弱性参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html参考:确认:http://www.pablovandermeer.nl/ftpserversrc.zip参考:报价:5283参考:网址:http://www.securityfocus.com/bid/5283参考:XF: pablo-ftp-directory-traversal(9647)参考:网址:http://www.iss.net/security_center/static/9647.php目录遍历早些时候在Pablo FTP服务器1.0构建9和漏洞允许远程经过身份验证的用户通过“任意目录列表。\”(圆点反斜杠)怎么样在命令列表。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1054 1供应商确认:是的、确认:发布/ whatsnew。txt文件的源代码包含一个条目日期[07/21/2002],1.10版本,州“固定安全漏洞GetDirectoryList(列表\ . . \)(感谢:http://www.securiteinfo.com)[大参考]“投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION,或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1059网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1059最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020723任意代码执行漏洞范戴克SecureCRT 3.4 & 4.0 beta参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102744150718462&w=2参考:BUGTRAQ: 20020723 Re:任意代码执行漏洞在氧化铁SecureCRT参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102746007908689&w=2参考:确认:http://www.vandyke.com/products/securecrt/security07 25 - 02. - html参考:XF: securecrt-ssh1-identifier-bo(9650)参考:网址:http://www.iss.net/security_center/static/9650.php参考:报价:5287参考:网址:http://www.securityfocus.com/bid/5287在范戴克SecureCRT的SSH客户端缓冲区溢出3.4.6之前,和4。x 4.0 beta 3之前,允许SSH服务器执行任意代码通过一个长SSH1协议版本字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1059 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1060网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1060最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020724 CacheFlow CacheOS跨站点脚本漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html参考:确认:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm参考:报价:5305参考:网址:http://www.securityfocus.com/bid/5305参考:XF: cacheos-unresolved-error-xss(9674)参考:网址:http://www.iss.net/security_center/static/9674.php跨站点脚本漏洞在CacheFlow CacheOS 4.1.06早些时候,允许远程攻击者插入任意的HTML,包括脚本,通过一个URL来一个不存在的主机名,包括HTML、插入生成的错误消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1060 1供应商确认:是的、确认:更新日志,07/15/2002约会,包括以下项V4.1.07(18110年建):“修改默认用户配置错误页面消除跨站点脚本攻击。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1076网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1076最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020725 IPSwitch IMail咨询/开发/补丁参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html参考:BUGTRAQ: 20020729骗局利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html参考:BUGTRAQ: 20020729 Re:恶作剧利用(2 c79cbe14ac7d0b8472d3f129fa1df55返回)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html参考:确认:http://support.ipswitch.com/kb/im dm02.htm——20020731参考:确认:http://support.ipswitch.com/kb/im dm01.htm——20020729参考:报价:5323参考:网址:http://www.securityfocus.com/bid/5323参考:XF: imail-web-messaging-bo(9679)参考:网址:http://www.iss.net/security_center/static/9679.php缓冲区溢出的Web消息传递守护进程Ipswitch IMail之前7.12允许远程攻击者执行任意代码通过一个HTTP GET请求的HTTP / 1.0。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1076 1供应商确认:是的、确认:7.12版本的发布说明说“固定缓冲区延期导致漏洞(bugtraq id 5323)。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1088网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1088最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020725 Novell GroupWise 6.0.1中支持包1 Bufferoverflow参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html参考:确认:http://support.novell.com/servlet/tidfinder/2963273参考:报价:5313参考:网址:http://www.securityfocus.com/bid/5313参考:XF: groupwise-rcpt-bo(9671)参考:网址:http://www.iss.net/security_center/static/9671.php缓冲区溢出在Novell GroupWise 6.0.1中支持Pack 1允许远程攻击者通过长收件人命令执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1088 1供应商确认:是的确认:虽然Novell TID本身不包含供应商确认,供应商的安全咨询页面链接的TID短语“缓冲区溢出在Novell GroupWise 6.0.1中支持Pack 1。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1057网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1057最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020723 MailMax安全顾问/开发/补丁参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html参考:报价:5285参考:网址:http://www.securityfocus.com/bid/5285参考:XF: mailmax-pop3max-user-bo(9651)参考:网址:http://www.iss.net/security_center/static/9651.php缓冲区溢出在SmartMax MailMax POP3守护进程(popmax) 4.8允许远程攻击者通过很长的用户命令执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1057 2供应商确认:是的领域相符确认:电子邮件调查8月28日,2002年,通过接口https://supportcenteronline.com/ics/support/default.asp?deptID=468。供应商承认这个问题在8月29日:“这报告是准确的,我们有一个补丁修复问题供我们的客户。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0657网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0657最终决定:阶段性裁决:修改:建议:20020830分配:20020702类别:科幻参考:BUGTRAQ: 20020730 OpenSSL安全Altert——远程缓冲区溢出:参考:DEBIAN: dsa - 136参考:BUGTRAQ: 20020730 [OpenPKG - sa - 2002.008] OpenPKG安全顾问(OpenSSL)参考:BUGTRAQ: 20020730 OpenSSL参考其他版本的补丁:SUSE: SuSE-SA: 2002:027参考:CERT: ca - 2002 - 23参考:网址:http://www.cert.org/advisories/ca - 2002 - 23. - html参考:CERT-VN: VU # 561275参考:网址:http://www.kb.cert.org/vuls/id/561275参考:火山口:综援- 2002 - 033.0参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 033.0.txt参考:火山口:综援- 2002 - 033.1参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 033.1.txt参考:FREEBSD: FreeBSD-SA-02:33参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc参考:曼德拉草:MDKSA-2002:046参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 046. - php参考:CONECTIVA: CLA-2002:513参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000513参考:XF: openssl-ssl3-masterkey-bo(9715)参考:网址:http://www.iss.net/security_center/static/9715.php参考:报价:5361参考:网址:http://online.securityfocus.com/bid/5361缓冲区溢出在OpenSSL 0.9.7 0.9.7-beta3,启用Kerberos,允许攻击者通过长主密钥执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0657 3供应商确认:对咨询内容的决定:EX-BETA投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0815网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0815最终决定:阶段性裁决:修改:建议:20020830分配:20020730类别:科幻参考:BUGTRAQ: 20020729 XWT基金会顾问:防火墙规避可能的与所有浏览器参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102796732924658&w=2参考:BUGTRAQ: 20020729 RE: XWT基金会咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102798282208686&w=2Javascript“同源策略”(SOP),在(1)中实现网景,Mozilla,(2)和(3)Internet Explorer,允许远程web服务器访问HTTP和SOAP / XML内容映射从限制网站的恶意服务器的母公司DNS域名限制站点,从限制站点页面加载到一帧,attacker-controlled框架和传递信息,这是可以做到的,因为文档。两个帧匹配父域的域。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0815 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0993网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0993最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:惠普:hpsbux0207 - 201参考:网址:http://archives.neohapsis.com/archives/hp/2002-q3/0023.html参考:报价:5267参考:网址:http://www.securityfocus.com/bid/5267参考:XF: hp-isee-unauth-access(9620)参考:网址:http://www.iss.net/security_center/static/9620.php未知的漏洞在惠普即时支持Enterprise Edition (ISEE)产品U2512A HP - ux 11.00和11.11允许经过身份验证的用户访问访问受限制的文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0993 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1016网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1016最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-July/000559.html参考:XF: adobe-ebook-bypass-restrictions(9634)参考:网址:http://www.iss.net/security_center/static/9634.php参考:报价:5273参考:网址:http://www.securityfocus.com/bid/5273Adobe电子书阅读器允许用户绕过限制复制,打印,放贷,并给出操作通过备份关键数据文件,执行操作,恢复原来的数据文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1016 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1017网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1017最终决定:阶段性裁决:修改:建议:20020830分配:20020827类别:科幻参考:BUGTRAQ: 20020730漏洞:保护Adobe电子书可以在计算机之间复制参考:网址:http://online.securityfocus.com/archive/1/285093参考:XF: adobe-ebook-bypass-activation(9740)参考:网址:http://www.iss.net/security_center/static/9740.php参考:报价:5358参考:网址:http://www.securityfocus.com/bid/5358Adobe电子书阅读器2.1和2.2允许用户将电子书复制到其他系统通过使用备份功能,获取加密挑战,使用适当的哈希函数生成激活码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1017 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1048网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1048最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020727 Phenoelit咨询# 0815 + - +参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0345.html参考:报价:5331参考:网址:http://www.securityfocus.com/bid/5331惠普JetDirect打印机允许远程攻击者获得的管理密码(1)网络和(2)通过SNMP telnet服务请求的变量(.iso.3.6.1.4.1.11.2.3.9.4.2.1.3.9.1.1.0。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1048 3供应商确认:未知的模糊的确认:确认这个问题是不确定的,如惠普:hpsbux0207 - 204太模糊,知道它的解决这个问题,此前宣布,或没有。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1055网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1055最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020727 phenoelit咨询、兄弟打印机+ + / -参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0353.html参考:报价:5339参考:网址:http://www.securityfocus.com/bid/5339参考:XF: brother-nc-password-bo(9701)参考:网址:http://www.iss.net/security_center/static/9701.php缓冲区溢出的弟弟nc - 3100 h行政web服务器打印机允许远程攻击者通过长密码导致拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1055 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1058网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1058最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020723钴Qube 3管理页面参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0261.html参考:XF: cobalt-qube-admin-access(9669)参考:网址:http://www.iss.net/security_center/static/9669.php参考:报价:5297参考:网址:http://www.securityfocus.com/bid/5297目录遍历splashAdmin脆弱性。php 3.0钴Qube允许本地用户和远程攻击者,获得特权Qube管理通过. .(点点)序列的sessionId会话cookie指向另一个文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1058 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1061网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1061最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020726安全。NNOV:多个漏洞JanaServer参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html参考:XF: jana-pop3-logging-bo(9685)参考:网址:http://www.iss.net/security_center/static/9685.php参考:XF: jana-smtp-logging-bo(9686)参考:网址:http://www.iss.net/security_center/static/9686.php参考:报价:5320参考:网址:http://www.securityfocus.com/bid/5320参考:报价:5322参考:网址:http://www.securityfocus.com/bid/5322参考:XF: jana-http-proxy-bo(9683)参考:网址:http://www.iss.net/security_center/static/9683.php参考:报价:5324参考:网址:http://www.securityfocus.com/bid/5324参考:报价:5319参考:网址:http://www.securityfocus.com/bid/5319参考:XF: jana-http-logging-bo(9682)参考:网址:http://www.iss.net/security_center/static/9682.php多个缓冲区溢出托马斯·豪Jana服务器2。通过2.2.1 x, 1.4.6早些时候,允许远程攻击者可能导致拒绝服务和执行任意代码通过(1)一个HTTP GET请求长主版本号,(2)一个HTTP GET请求的HTTP代理在端口3128上长主版本号,(3)很长好的回复从POP3服务器,和(4)SMTP服务器响应。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1061 3供应商确认:未知discloser-claimed内容决定:SF-LOC, SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1062网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1062最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020726安全。NNOV:多个漏洞JanaServer参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html参考:XF: jana-socks5-bo(9684)参考:网址:http://www.iss.net/security_center/static/9684.php参考:报价:5321参考:网址:http://www.securityfocus.com/bid/5321托马斯·豪Signedness错误Jana服务器2。通过2.2.1 x, 1.4.6早些时候,允许远程攻击者通过长期执行任意代码(1)用户名、密码(2)或(3)主机条目。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1062 3供应商确认:未知discloser-claimed内容决定:SF-LOC, SF-EXEC抽象:*利用*是缓冲区溢出,问题是明确报道作为signedness错误使溢出;因此,这是作为一个不同的问题比Jana溢出,依照CD: SF-LOC。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1063网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1063最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020726安全。NNOV:多个漏洞JanaServer参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html参考:XF: jana-ftp-pasv-dos(9687)参考:网址:http://www.iss.net/security_center/static/9687.php参考:报价:5325参考:网址:http://www.securityfocus.com/bid/5325托马斯·豪Jana服务器2。通过2.2.1 x, 1.4.6早些时候,允许远程攻击者造成拒绝服务(资源枯竭)通过大量的FTP PASV请求,这消耗所有可用FTP端口。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1063 3供应商确认:未知discloser-claimed内容决定:SF-LOC, SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1064网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1064最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020726安全。NNOV:多个漏洞JanaServer参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html参考:XF: jana-pop3-bruteforce(9688)参考:网址:http://www.iss.net/security_center/static/9688.php参考:报价:5326参考:网址:http://www.securityfocus.com/bid/5326托马斯·豪Jana服务器2。通过2.2.1 x, 1.4.6早些时候,有效和无效的用户名会产生不同的反应,允许远程攻击者识别有效用户在服务器上。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1064 3供应商确认:未知discloser-claimed内容决定:SF-LOC, SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1065网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1065最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020726安全。NNOV:多个漏洞JanaServer参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html参考:XF: jana-pop3-bruteforce(9688)参考:网址:http://www.iss.net/security_center/static/9688.php托马斯·豪Jana服务器2。通过2.2.1 x, 1.4.6早些时候,不限制登录失败尝试的数量,这使得它更容易为远程攻击者通过蛮力获得特权的用户名和密码猜测。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1065 3供应商确认:未知discloser-claimed内容决定:SF-LOC, SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1066网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1066最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020726安全。NNOV:多个漏洞JanaServer参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0329.html参考:XF: jana-pop3-index-bo(9689)参考:网址:http://www.iss.net/security_center/static/9689.php参考:报价:5327参考:网址:http://www.securityfocus.com/bid/5327托马斯·豪Jana服务器1.4.6早些时候,允许远程攻击者可能导致拒绝服务和执行任意代码通过一个大消息索引值(1)RETR或POP3服务器(2)删除命令,这超过了数组的限制,并允许一个缓冲区溢出攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1066 3供应商确认:未知discloser-claimed内容决定:SF-LOC, SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1067网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1067最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020727 0815 + + * / SEH_Web参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0336.html参考:报价:5329参考:网址:http://www.securityfocus.com/bid/5329参考:XF: seh-ic9-password-bo(9702)参考:网址:http://www.iss.net/security_center/static/9702.php管理web接口集成电路口袋打印服务器固件7.1.30 7.1.36f允许远程攻击者造成拒绝服务(启动和复位)通过一个长密码,可能由于缓冲区溢出。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1067 3供应商确认:没有争议的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1068网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1068最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020727 Phenoelit咨询# 0815 + + - + dp_300 (DLINK)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0341.html参考:VULN-DEV: 20020727 Phenoelit咨询# 0815 + + - + dp_300 (DLINK)参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=102779425117680&w=2参考:XF: dlink-dp-post-dos(9703)参考:网址:http://www.iss.net/security_center/static/9703.php参考:报价:5330参考:网址:http://www.securityfocus.com/bid/5330友讯科技dp - 300打印服务器的web服务器允许远程攻击者造成拒绝服务(挂)通过一个HTTP POST请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1068 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1072网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1072最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:VULNWATCH: 20020724 (VULNWATCH)拒绝服务合勤科技声望642 r w / ZyNOS v2.50 (FA.1)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0036.html参考:BUGTRAQ: 20020724拒绝服务642年合勤科技威望r w / ZyNOS v2.50 (FA.1)参考:网址:http://online.securityfocus.com/archive/1/283999参考:报价:5292参考:网址:http://www.securityfocus.com/bid/5292参考:XF: zyxel-jolt-dos(9655)参考:网址:http://www.iss.net/security_center/static/9655.php合勤科技声望642 r 2.50 (FA.1)和声望310 V3.25 (M.01),允许远程攻击者造成拒绝服务通过一个超大号的,支离破碎的“震动”风格ICMP数据包。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1072 3供应商确认:内容决定:包含抽象:这有可能重叠- 2001 - 1194 (2)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1073网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1073最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020717 MERCUR服务器咨询/远程利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0195.html参考:XF: mercur-control-service-bo(9618)参考:网址:http://www.iss.net/security_center/static/9618.php参考:报价:5261参考:网址:http://www.securityfocus.com/bid/5261缓冲区溢出的控制服务MERCUR服务器4.2允许远程攻击者通过长密码执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1073 3供应商确认:确认:2002年8月29日,电子邮件查询发送到support@atrium-software.com。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1075网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1075最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020724飞马邮件DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0277.html参考:报价:5302参考:网址:http://www.securityfocus.com/bid/5302参考:XF: pegasus-message-header-bo(9673)参考:网址:http://www.iss.net/security_center/static/9673.php缓冲区溢出在飞马座4.01和更早的邮件客户端允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码通过长(1)或(2)标题。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1075 3供应商确认:确认:电子邮件调查送到tech-support@pmail.gen。2002年8月29日,新西兰。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1077网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1077最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020730 IPSwitch IMail咨询# 2参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html参考:报价:5365参考:网址:http://www.securityfocus.com/bid/5365参考:XF: imail-iwebcal-content-length-dos(9722)参考:网址:http://www.iss.net/security_center/static/9722.phpIPSwitch IMail日历Web服务(iwebcal)允许远程攻击者造成拒绝服务(崩溃)通过一个HTTP POST请求没有内容长度字段。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1077 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1078网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1078最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:BUGTRAQ: 20020729深渊Web服务器1.0.3版本显示文件和目录内容参考:网址:http://online.securityfocus.com/archive/1/284904参考:VULNWATCH: 20020729 [VULNWATCH]深渊Web服务器1.0.3版本显示文件和目录内容参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0043.html参考:报价:5345参考:网址:http://www.securityfocus.com/bid/5345参考:XF: abyss-slash-directory-traversal(9721)参考:网址:http://www.iss.net/security_center/static/9721.php深渊Web服务器1.0.3允许远程攻击者通过HTTP GET请求列出目录的内容,以大量的/(削减)字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1078 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1082网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1082最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:VULNWATCH: 20020725 [VULNWATCH] ezContents多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html参考:BUGTRAQ: 20020725 ezContents多个漏洞参考:网址:http://online.securityfocus.com/archive/1/284229参考:XF: ezcontents-image-file-upload(9698)参考:网址:http://www.iss.net/security_center/static/9698.php1.40和更早的图像上传功能ezContents允许远程攻击者使ezContents上执行操作如果他们上传本地文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1082 3供应商确认:未知discloser-claimed内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1083网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1083最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:VULNWATCH: 20020725 [VULNWATCH] ezContents多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html参考:BUGTRAQ: 20020725 ezContents多个漏洞参考:网址:http://online.securityfocus.com/archive/1/284229参考:XF: ezcontents-dotdot-directory-traversal(9710)参考:网址:http://www.iss.net/security_center/static/9710.php目录遍历早些时候在ezContents 1.41和漏洞允许远程攻击者使ezContents(1)创建目录使用维护图片:添加新:创建子目录项,或(2)列表目录使用保持图像文件清单,通过. .(点点)序列。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1083 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1084网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1084最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:VULNWATCH: 20020725 [VULNWATCH] ezContents多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html参考:BUGTRAQ: 20020725 ezContents多个漏洞参考:网址:http://online.securityfocus.com/archive/1/284229参考:XF: ezcontents-verifylogin-post-data(9711)参考:网址:http://www.iss.net/security_center/static/9711.phpVerifyLogin函数ezContents 1.41和更早的不适当的停止程序的执行如果用户不能正常登录,远程攻击者可以修改和查看限制信息通过HTTP POST请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1084 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1085网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1085最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:VULNWATCH: 20020725 [VULNWATCH] ezContents多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html参考:BUGTRAQ: 20020725 ezContents多个漏洞参考:网址:http://online.securityfocus.com/archive/1/284229参考:XF: ezcontents-diary-entry-xss(9712)参考:网址:http://www.iss.net/security_center/static/9712.php早些时候在ezContents 1.41和多个跨站点脚本漏洞允许远程攻击者执行脚本和偷饼干通过日记和其他功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1085 3供应商确认:内容决定:SF-LOC, SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1086网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1086最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:VULNWATCH: 20020725 [VULNWATCH] ezContents多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html参考:BUGTRAQ: 20020725 ezContents多个漏洞参考:网址:http://online.securityfocus.com/archive/1/284229参考:XF: ezcontents-sql-injection(9713)参考:网址:http://www.iss.net/security_center/static/9713.php早些时候在ezContents 1.41和多个SQL注入漏洞允许远程攻击者进行未经授权的活动。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1086 3供应商确认:内容决定:SF-LOC, SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1087网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1087最终决定:阶段性裁决:修改:建议:20020830分配:20020830类别:科幻参考:VULNWATCH: 20020725 [VULNWATCH] ezContents多个漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html参考:BUGTRAQ: 20020725 ezContents多个漏洞参考:网址:http://online.securityfocus.com/archive/1/284229(1)createdir的脚本。(2)removedir php。php和(3)还是。php 1.41 ezContents和之前不检查凭证,它允许远程攻击者创建或删除目录和上传文件通过一个HTTP POST请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1087 3供应商确认:内容决定:SF-LOC, SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群最近- 101 - 53年的候选人
- 下一个按日期:(提案)集群最近- 103 - 41的候选人
- Prev线程:(提案)集群最近- 101 - 53年的候选人
- 下一个线程:(提案)集群最近- 103 - 41的候选人
- 指数(es):
