(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群思科- 2003 - 28候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群思科- 2003 - 28候选人
- 从:“史蒂文·m·Christey " <coley@LINUS.mitre.org>
- 日期:2003年3月17日,星期一,-0500年18:10:26(美国东部时间)
- 交货日期:2003年3月17日18:10:31星期一
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我提出集群思科- 2003 a,供编辑部评论和投票。名称:思科- 2003描述:罐在思科警告大小:28日通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-1092 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1092最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml3000年思科VPN集中器3.6 (Rel)和前,和2. x。x,当配置为使用内部认证组帐户和没有任何用户帐户,允许远程VPN客户端登录使用PPTP或IPSEC用户身份验证。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1092 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1093网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1093最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml参考:XF: cisco-vpn-html-parser-dos(10018)参考:网址:http://www.iss.net/security_center/static/10018.php参考:报价:5615参考:网址:http://www.securityfocus.com/bid/5615HTML界面思科VPN 3000集中器2. x。倍和3.倍。x之前3.0.3 (B)允许远程攻击者造成拒绝服务(CPU消耗)通过一个长URL请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1093 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1095网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1095最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml参考:XF: cisco-vpn-pptp-dos(10021)参考:网址:http://www.iss.net/security_center/static/10021.php参考:报价:5625参考:网址:http://www.securityfocus.com/bid/56252.5.2之前3000年思科VPN集中器(F),启用加密后,允许远程攻击者造成拒绝服务(重载)通过一个基于windows的PPTP客户“没有加密”选项组。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1095 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1096网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1096最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml参考:报价:5611参考:网址:http://www.securityfocus.com/bid/5611参考:XF: cisco-vpn-user-passwords(10019)参考:网址:http://www.iss.net/security_center/static/10019.php3000年思科VPN集中器2.2。x,和3。x 3.5.1之前,允许限制管理员获取用户密码明文存储在HTML源代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1096 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1097网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1097最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml参考:XF: cisco-vpn-certificate-passwords(10022)参考:网址:http://www.iss.net/security_center/static/10022.php参考:报价:5612参考:网址:http://www.securityfocus.com/bid/56123000年思科VPN集中器2.2。x,和3。x 3.5.2之前,允许限制管理员获得证书的密码存储在明文在证书管理页面的HTML源代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1097 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1098网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1098最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml参考:XF: cisco-vpn-xml-filter(10023)参考:网址:http://www.iss.net/security_center/static/10023.php参考:报价:5614参考:网址:http://www.securityfocus.com/bid/56143000年思科VPN集中器2.2。x,和3。x 3.5.3之前,增加了一个“HTTPS公共入站(XML-Auto)(前进/)“规则但协议设置为“任何”启用XML过滤器配置时,最终允许任意交通通过集中器。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1098 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1099网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1099最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml参考:XF: cisco-vpn-web-access(10024)参考:网址:http://www.iss.net/security_center/static/10024.php参考:报价:5616参考:网址:http://www.securityfocus.com/bid/56163000年思科VPN集中器2.2。x,和3。x 3.5.3之前,允许远程攻击者获得潜在的敏感信息而无需身份验证通过直接访问特定的HTML页面。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1099 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1100网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1100最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻/ CF / MP / SA / /未知参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml参考:XF: cisco-vpn-html-interface-dos(10025)参考:网址:http://www.iss.net/security_center/static/10025.php参考:报价:5617参考:网址:http://www.securityfocus.com/bid/56173000年思科VPN集中器2.2。x,和3。x 3.5.3之前,允许远程攻击者造成拒绝服务(崩溃)通过一个长(1)用户名或(2)密码登录界面的HTML。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1100 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1101网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1101最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻/ CF / MP / SA / /未知参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml3000年思科VPN集中器2.2。x, 3.6 (Rel) 3。x 3.5.5之前,允许远程攻击者造成拒绝服务通过用户名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1101 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1102网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1102最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtmlLAN-to-LAN IPSEC能力2.2 3000年思科VPN集中器。x,和3。x在3.5.4之前,允许远程攻击者通过传入LAN-to-LAN引起拒绝服务与现有安全协会与另一个设备在远程网络上,导致集中器删除之前的连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1102 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1104网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1104最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020905思科VPN客户端多个漏洞——第二组参考:网址:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml思科虚拟专用网(VPN)客户端软件2. x。x和3。x之前3.0.5允许远程攻击者造成拒绝服务(崩溃)通过TCP数据包源和目标端口137 (NETBIOS)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1104 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1105网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1105最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻/ CF / MP / SA / /未知参考:思科:20020905思科VPN客户端多个漏洞——第二组参考:网址:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml思科虚拟专用网(VPN)客户端软件2. x。x,和3。x 3.5.1C之前,允许攻击者使用一个实用程序来获取密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1105 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1106网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1106最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻/ CF / MP / SA / /未知参考:思科:20020905思科VPN客户端多个漏洞——第二组参考:网址:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml思科虚拟专用网(VPN)客户端软件2. x。x,和3。x 3.5.1C之前,不正确验证证书DN字段匹配的证书从VPN集中器,它允许远程攻击者进行的中间人攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1106 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1107网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1107最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020905思科VPN客户端多个漏洞——第二组参考:网址:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml思科虚拟专用网(VPN)客户端软件2. x。x,和3。x 3.5.2B之前,不会产生足够的随机数,这可能使它容易受到某些攻击如欺骗。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1107 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1108网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1108最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020905思科VPN客户端多个漏洞——第二组参考:网址:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml思科虚拟专用网(VPN)客户端软件2. x。x,和3。x 3.6 (Rel)之前,当配置了所有隧道模式,可以被迫承认TCP包之外的隧道。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1108 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1189网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1189最终决定:阶段性裁决:修改:建议:20030317分配:20021004类别:科幻参考:思科:20021004表允许调用预定义的限制国际运营商参考:网址:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml参考:XF: cisco-unity-insecure-configuration(10282)参考:网址:http://www.iss.net/security_center/static/10282.php参考:报价:5896参考:网址:http://www.securityfocus.com/bid/5896思科统一2的默认配置。x和3。x不阻止国际运营商调用预定义的限制表,这可能允许经过身份验证的用户使用国际电话呼叫转移。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1189 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1222网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1222最终决定:阶段性裁决:修改:建议:20030317分配:20021017类别:科幻参考:思科:20021016思科卡托嵌入式HTTP服务器的缓冲区溢出参考:网址:http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml参考:XF: cisco-catalyst-ciscoview-bo(10382)参考:网址:http://www.iss.net/security_center/static/10382.php参考:报价:5976参考:网址:http://www.securityfocus.com/bid/5976缓冲区溢出的嵌入式HTTP服务器思科交换机运行卡托5.4催化剂通过7.3允许远程攻击者造成拒绝服务(重置)通过一个HTTP请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1222 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1447网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1447最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:BUGTRAQ: 20020619 (AP)思科vpnclient缓冲区溢位参考:网址:http://online.securityfocus.com/archive/1/277653参考:思科:20020619缓冲区溢出在UNIX VPN客户端参考:网址:http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml参考:MISC:http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt参考:XF: ciscovpn-profile-name-bo(9376)参考:网址:http://www.iss.net/security_center/static/9376.php参考:报价:5056参考:网址:http://www.securityfocus.com/bid/5056缓冲区溢出vpnclient项目为UNIX VPN客户端之前3.5.2允许本地用户获得管理权限通过长连接参数配置文件名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1447 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1491网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1491分配最终决定:阶段性裁决:修改:建议:20030317:20030205类别:科幻参考:思科:20020918 5000年思科VPN客户端多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml参考:XF: cisco-vpn5000-defaultconnection-password(10129)参考:网址:http://www.iss.net/security_center/static/10129.php参考:报价:5736参考:网址:http://www.securityfocus.com/bid/57365000年思科VPN客户端MacOS在5.2.2记录最近使用登录密码明文保存“默认连接”时设置,这可能允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1491 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1094网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1094最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:思科:20020903 3000年思科VPN集中器多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml参考:XF: cisco-vpn-banner-information(10020)参考:网址:http://www.iss.net/security_center/static/10020.php参考:报价:5621参考:网址:http://www.securityfocus.com/bid/5621参考:报价:5623参考:网址:http://www.securityfocus.com/bid/5623参考:报价:5624参考:网址:http://www.securityfocus.com/bid/5624信息泄露3000年思科VPN集中器2. x。倍和3.倍。x在3.5.4可能允许远程攻击者获取敏感信息通过(1)SSH横幅,(2)FTP旗帜,或(3)一个不正确的HTTP请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1094 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1190网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1190最终决定:阶段性裁决:修改:建议:20030317分配:20021004类别:科幻参考:思科:20021004表允许调用预定义的限制国际运营商参考:网址:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml参考:XF: cisco-unity-insecure-configuration(10282)参考:网址:http://www.iss.net/security_center/static/10282.php思科统一2。x和3。x使用众所周知的默认用户帐户,这可能允许远程攻击者获得和地点任意调用。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1190 3供应商确认:对咨询内容的决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1492网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1492分配最终决定:阶段性裁决:修改:建议:20030317:20030205类别:科幻参考:思科:20020918 5000年思科VPN客户端多个漏洞参考:网址:http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml参考:报价:5734参考:网址:http://www.securityfocus.com/bid/5734参考:XF: cisco-vpn5000-binary-bo(10131)参考:网址:http://www.iss.net/security_center/static/10131.php缓冲区溢位5000年思科VPN客户端之前5.2.7 Linux, 5000 VPN客户端之前5.2.8 Solaris,允许本地用户获得根权限通过(1)close_tunnel和(2)open_tunnel。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1492 3供应商确认:对咨询内容的决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1553网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1553最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:思科:20021031思科ONS15454和思科ONS15327漏洞参考:网址:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml参考:报价:6076参考:网址:http://www.securityfocus.com/bid/6076参考:XF: cisco-ons-ftp-no-account(10505)参考:网址:http://www.iss.net/security_center/static/10505.php思科ONS15454和ONS15327 ONS之前3.4允许远程攻击者修改系统配置和删除文件通过建立FTP连接到太极拳,太极拳+或XTC使用一个不存在的用户名和密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1553 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1554网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1554最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:思科:20021031思科ONS15454和思科ONS15327漏洞参考:网址:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml参考:XF: cisco-ons-plaintext-accounts(10506)参考:网址:http://www.iss.net/security_center/static/10506.php参考:报价:6078参考:网址:http://www.securityfocus.com/bid/6078思科ONS15454和ONS15327运行ONS之前3.4存储用户名和密码的明文图像数据库的太极拳,太极拳+或XTC可能允许攻击者获得特权获得图像数据库的密码或备份。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1554 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1555网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1555最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:思科:20021031思科ONS15454和思科ONS15327漏洞参考:网址:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml参考:报价:6081参考:网址:http://www.securityfocus.com/bid/6081参考:XF: cisco-ons-snmp-public(10507)参考:网址:http://www.iss.net/security_center/static/10507.php思科ONS15454和ONS15327运行ONS之前3.4使用SNMP社区“公共”字符串,不能改变,它允许远程攻击者获取敏感信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1555 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1556网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1556最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:思科:20021031思科ONS15454和思科ONS15327漏洞参考:网址:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml参考:报价:6084参考:网址:http://www.securityfocus.com/bid/6084参考:XF: cisco-ons-corba-dos(10508)参考:网址:http://www.iss.net/security_center/static/10508.php思科ONS15454和ONS15327运行ONS之前3.4允许攻击者造成拒绝服务(重置)通过一个HTTP请求到太极拳,太极拳+或XTC,请求包含无效的CORBA互操作对象引用(IOR)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1556 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1557网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1557最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:思科:20021031思科ONS15454和思科ONS15327漏洞参考:网址:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml参考:报价:6082参考:网址:http://www.securityfocus.com/bid/6082参考:XF: cisco-ons-http-dos(10509)参考:网址:http://www.iss.net/security_center/static/10509.php思科ONS15454和ONS15327运行ONS之前3.4允许攻击者造成拒绝服务(重置为太极拳,太极拳+ TCCi或XTC)通过一个畸形的HTTP请求,不包含一个主要/(削减)字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1557 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1558网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1558最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:思科:20021031思科ONS15454和思科ONS15327漏洞参考:网址:http://www.cisco.com/warp/public/707/ons-multiple-vuln-pub.shtml参考:XF: cisco-ons-default-vsworks-account(10510)参考:网址:http://www.iss.net/security_center/static/10510.php参考:报价:6083参考:网址:http://www.securityfocus.com/bid/6083思科ONS15454和ONS15327运行ONS之前3.4有一个账户的操作系统VxWorks太极拳,太极拳+和XTC无法改变或禁用,它允许远程攻击者获得特权通过Telnet连接到账户。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1558 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群cert - 2003 - 40的候选人
- 下一个按日期:(提案)集群确认- 2002 - 51候选人
- Prev线程:(提案)集群cert - 2003 - 40的候选人
- 下一个线程:(提案)集群确认- 2002 - 51候选人
- 指数(es):
