(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群确认- 2003 - 51候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群确认- 2003 - 51的候选人
- 从:“史蒂文·m·Christey " <coley@LINUS.mitre.org>
- 日期:2003年3月17日,星期一,-0500年18:18:47(美国东部时间)
- 交货日期:2003年3月17日18:18:51星期一
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我提出集群确认- 2003 a为审查和编辑委员会的投票。名称:确认- 2003描述:罐装明确供应商ack。从2003年1月到2003年3月大小:51通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2003-0016 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0016最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:确认:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2Apache 2.0.44之前,当运行在应用补丁的Windows 9 x和我操作系统,允许远程攻击者造成拒绝服务或执行任意代码通过一个HTTP请求包含ms - dos的设备名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0016 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0017网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0017最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:确认:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=104313442901017&w=2Apache 2.0之前2.0.44在Windows平台上允许远程攻击者获得某些文件通过一个HTTP请求,以某些非法字符,如“>”,导致一个不同的文件名要处理和服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0017 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0022网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0022最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:REDHAT: RHSA-2003:054参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 054. - html参考:XF: terminal-emulator-screen-dump(11413)参考:网址:http://www.iss.net/security_center/static/11413.php“屏幕转储”功能rxvt 2.7.8允许攻击者通过某些字符转义序列覆盖任意文件回应用户的终端,例如当用户视图包含恶意的文件序列。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0022 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0023网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0023最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:REDHAT: RHSA-2003:054参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 054. - html参考:XF: terminal-emulator-menu-modification(11416)参考:网址:http://www.iss.net/security_center/static/11416.php菜单条特性在rxvt 2.7.8允许攻击者修改菜单选项和执行任意命令通过一个特定的字符转义序列,将命令插入菜单。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0023 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0038网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0038最终决定:阶段性裁决:修改:建议:20030317分配:20030127类别:科幻参考:BUGTRAQ: 20030124邮差:跨站点脚本漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104342745916111参考:确认:http://telia.dl.sourceforge.net/sourceforge/mailman/xss-2.1.0-patch.txt跨站点脚本(XSS)脆弱性选项。py邮差2.1允许远程攻击者注入脚本或HTML网页通过邮件(1)或(2)语言参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0038 1供应商确认:是的补丁投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0045网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0045最终决定:阶段性裁决:修改:建议:20030317分配:20030127类别:科幻参考:确认:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txtJakarta Tomcat在3.3.1a某些Windows系统允许远程攻击者可能会导致拒绝服务(线程挂起和资源消耗)通过请求JSP页面包含一个ms - dos设备名称,如aux.jsp。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0045 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0049网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0049最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:确认:http://docs.info.apple.com/article.html?artnum=61798参考:确认:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt参考:XF: macos-afp-unauthorized-access(11333)参考:网址:http://www.iss.net/security_center/static/11333.php法新社在Mac OS X 10.2.4允许管理员以其他用户通过使用管理员登录密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0049 1供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0050网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0050最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:ATSTAKE: A032403-1参考:BUGTRAQ: 20030224 QuickTime /达尔文流管理服务器多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2参考:确认:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt参考:XF: quicktime-darwin-command-execution(11401)参考:网址:http://www.iss.net/security_center/static/11401.phpparse_xml。达尔文流管理服务器4.1.2和cgi苹果QuickTime流媒体服务器以下4.4.1允许远程攻击者通过shell元字符执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0050 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0051网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0051最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:ATSTAKE: A032403-1参考:BUGTRAQ: 20030224 QuickTime /达尔文流管理服务器多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2参考:确认:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt参考:XF: quicktime-darwin-path-disclosure(11402)参考:网址:http://www.iss.net/security_center/static/11402.phpparse_xml。达尔文流管理服务器4.1.2和cgi苹果QuickTime流媒体服务器以下4.4.1允许远程攻击者获得服务器的安装路径的物理路径通过一个空文件参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0051 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0052网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0052最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:ATSTAKE: A032403-1参考:BUGTRAQ: 20030224 QuickTime /达尔文流管理服务器多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2参考:确认:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt参考:XF: quicktime-darwin-directory-disclosure(11403)参考:网址:http://www.iss.net/security_center/static/11403.phpparse_xml。达尔文流管理服务器4.1.2和cgi苹果QuickTime流媒体服务器以下4.4.1允许远程攻击者任意目录列表。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0052 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0053网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0053最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:ATSTAKE: A032403-1参考:BUGTRAQ: 20030224 QuickTime /达尔文流管理服务器多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2参考:确认:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt参考:XF: quicktime-darwin-parsexml-xss(11404)参考:网址:http://www.iss.net/security_center/static/11404.php跨站点脚本(XSS)在parse_xml脆弱性。达尔文流管理服务器4.1.2和cgi苹果QuickTime流媒体服务器以下4.4.1允许远程攻击者通过插入任意脚本文件名参数,这是插入一条错误消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0053 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0054网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0054最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:ATSTAKE: A032403-1参考:BUGTRAQ: 20030224 QuickTime /达尔文流管理服务器多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2参考:确认:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt参考:XF: quicktime-darwin-describe-xss(11405)参考:网址:http://www.iss.net/security_center/static/11405.php苹果达尔文流管理服务器4.1.2和QuickTime流媒体服务器以下4.4.1允许远程攻击者执行某些代码通过一个请求端口7070 rtsp和脚本参数描述方法,这是插入到日志文件和执行日志时通过浏览器查看。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0054 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0055网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0055最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:ATSTAKE: A032403-1参考:BUGTRAQ: 20030224 QuickTime /达尔文流管理服务器多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104618904330226&w=2参考:确认:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt参考:XF: quicktime-darwin-mp3-bo(11406)参考:网址:http://www.iss.net/security_center/static/11406.php缓冲区溢出的MP3播放模块苹果达尔文流管理服务器4.1.2和QuickTime流媒体服务器以下4.4.1允许远程攻击者执行任意代码通过一个长文件名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0055 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0066网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0066最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:REDHAT: RHSA-2003:054参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 054. - html参考:XF: terminal-emulator-window-title(11414)参考:网址:http://www.iss.net/security_center/static/11414.phprxvt终端模拟器2.7.8允许攻击者修改窗口标题通过一个特定的字符转义序列,然后插入的命令行用户的终端,例如当用户视图包含恶意的文件序列,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0066 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0088网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0088最终决定:阶段性裁决:修改:建议:20030317分配:20030210类别:科幻参考:ATSTAKE: A021403-1参考:网址:http://www.atstake.com/research/advisories/2003/a021403 - 1. - txt参考:确认:http://docs.info.apple.com/article.html?artnum=61798参考:确认:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt参考:XF: macos-trublueenvironment-gain-privileges(11332)参考:网址:http://www.iss.net/security_center/static/11332.phpTruBlueEnvironment MacOS 10.2.3和早些时候允许本地用户覆盖或创建任意文件并获得根权限通过设置一定的环境变量,用于编写调试信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0088 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0097网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0097最终决定:阶段性裁决:修改:建议:20030317分配:20030218类别:科幻参考:BUGTRAQ: PHP安全咨询:20030217 CGI漏洞在安装PHP版本4.3.0参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104550977011668&w=2参考:VULNWATCH: 20030217 PHP安全顾问:CGI漏洞在安装PHP版本4.3.0参考:BUGTRAQ: 20030219 GLSA: mod_php(200302 - 09.1)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104567137502557&w=2参考:BUGTRAQ: 20030219 GLSA: mod_php php参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104567042700840&w=2参考:确认:http://www.slackware.com/changelog/current.php?cpu=i386参考:XF: php-cgi-sapi-access(11343)参考:网址:http://www.iss.net/security_center/static/11343.php未知的漏洞在CGI模块安装PHP 4.3.0允许攻击者访问任意文件作为PHP用户,并可能执行PHP代码,通过绕过CGI力重定向设置(CGI。force_redirect或——enable-force-cgi-redirect)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0097 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0103网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0103最终决定:阶段性裁决:修改:建议:20030317分配:20030225类别:科幻参考:ATSTAKE: A022503-1参考:XF:诺基亚- 6210 -名片- dos(11421)参考:网址:http://www.iss.net/security_center/static/11421.php诺基亚6210手机格式字符串漏洞允许远程攻击者造成拒绝服务(崩溃,锁定期,或重启)通过一个多部分名片包含大量的字段的格式说明符字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0103 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0122网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0122最终决定:阶段性裁决:修改:建议:20030317分配:20030310类别:科幻参考:BUGTRAQ: 20030313 r7 - 0010:缓冲区溢出在Lotus Notes协议验证参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104757319829443&w=2r7参考:VULNWATCH: 20030313 - 0010:缓冲区溢出在Lotus Notes协议验证参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html参考:MISC:http://www.rapid7.com/advisories/r7 - 0010. - html参考:确认:http://www - 1. ibm.com/support/docview.wss?rs=482&q=domino&uid=swg21105101参考:报价:7037缓冲区溢出在Notes服务器之前的Lotus Notes R4, R5 5.0.11之前,和早期R6允许远程攻击者执行任意代码通过一个长专有名称(DN)在NotesRPC身份验证和外部字段长度小于的DN字段。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0122 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0123网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0123最终决定:阶段性裁决:修改:建议:20030317分配:20030310类别:科幻参考:BUGTRAQ: 20030313 r7 - 0011: Lotus Notes / Domino Web猎犬HTTP状态缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104757545500368&w=2参考:MISC:http://www.rapid7.com/advisories/r7 - 0011. - html参考:确认:http://www - 1. ibm.com/support/docview.wss?rs=482&q=domino&uid=swg21105060参考报价:7038年Web猎犬客户端缓冲区溢出为Lotus Notes / Domino R4.5通过R6允许远程恶意Web服务器导致拒绝服务(崩溃)通过HTTP状态行。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0123 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0125网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0125最终决定:阶段性裁决:修改:建议:20030317分配:20030312类别:科幻参考:MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt参考:VULNWATCH: 20030311 SOHO Routefinder 550 VPN, DoS和缓冲区溢出参考:确认:ftp://ftp.multitech.com/Routers/RF550VPN.TXT缓冲区溢出的web界面SOHO Routefinder 550固件4.63允许远程攻击者之前引起拒绝服务(重启)和执行任意代码通过一个长GET /选项值。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0125 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0145网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0145最终决定:阶段性裁决:修改:建议:20030317分配:20030314类别:科幻参考:确认:http://www.tcpdump.org/tcpdump-changes.txt未知的漏洞在tcpdump 3.7.2章有关无法妥善处理未知的半径属性,“允许远程攻击者造成拒绝服务(无限循环),不同的漏洞比- 2003 - 0093。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0145 1供应商确认:是的、准确性:通过电子邮件3月14日,2003年,马丁·舒尔茨证实,这是一个不同的问题比- 2003 - 0093。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0387网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0387最终决定:阶段性裁决:修改:建议:20030317分配:20020522类别:科幻参考:ATSTAKE: A031303-1参考:网址:http://www.atstake.com/research/advisories/2003/a031303 - 1. - txt在gxnsapi6缓冲区溢出。dll NSAPI插件连接器模块的太阳前一个应用程序服务器6.5允许远程攻击者执行任意代码通过一个长URL的HTTP请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0387 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1252网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1252最终决定:阶段性裁决:修改:建议:20030317分配:20021101类别:科幻参考:国际空间站:20030120仁科XML外部实体引用脆弱性:网址:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811参考:XF: peoplesoft-xxe-read-files(10520)参考:网址:http://www.iss.net/security_center/static/10520.php应用程序消息网关PeopleTools 8.1 x 8.19之前,用于各种PeopleSoft产品,允许远程攻击者通过某些XML读取任意文件外部实体(XXE)字段在一个HTTP POST请求SimpleFileHandler处理的处理程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1252 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0021网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0021最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:BUGTRAQ: 20030303 GLSA: eterm(200303 - 1)参考:XF: terminal-emulator-screen-dump(11413)参考:网址:http://www.iss.net/security_center/static/11413.phpEterm 0.9.1“屏幕转储”功能,允许攻击者在早些时候覆盖任意文件通过一个特定的字符转义序列时回应用户的终端,例如当用户视图包含恶意的文件序列。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0021 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0074网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0074最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:BUGTRAQ: 20030129当地根vuln SuSE 8.0 plptools包参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104385772908969&w=2参考:BUGTRAQ: 20030129 Re:当地根vuln SuSE 8.0 plptools包参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104386699725019&w=2参考:XF: plptools-plpnsfd-format-string(11193)参考:网址:http://www.iss.net/security_center/static/11193.php在mpmain格式字符串漏洞。c的plpnfsd plptools包允许远程攻击者执行任意代码通过函数(1)debuglog errorlog (2), (3) infolog。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0074 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0075网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0075最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:BUGTRAQ: 20030202 Bladeenc 0.94.2代码执行参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104428700106672&w=2参考:MISC:http://www.pivx.com/luigi/adv/blade942-adv.txt参考:BUGTRAQ: 20030205 GLSA: bladeenc参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104446346127432&w=2参考:XF: bladeenc-myfseek-code-execution(11227)参考:网址:http://www.iss.net/security_center/static/11227.php整数signedness错误myFseek samplein的函数。c叶片编码器0.94.2早些时候,允许远程攻击者执行任意代码通过一个负的偏移值后“fmt”波块。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0075 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0100网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0100最终决定:阶段性裁决:修改:建议:20030317分配:20030224类别:科幻参考:BUGTRAQ: 20030220思科IOS OSPF利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104576100719090&w=2参考:BUGTRAQ: 20030221 Re:思科IOS OSPF利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104587206702715&w=2参考:XF: cisco-ios-ospf-bo(11373)参考:网址:http://www.iss.net/security_center/static/11373.php在思科IOS 11.2缓冲区溢出。12.0 x。x允许远程攻击者可能导致拒绝服务和执行命令通过大量的OSPF邻居公告。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0100 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0104网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0104最终决定:阶段性裁决:修改:建议:20030317分配:20030225类别:科幻参考:国际空间站:20030310仁科PeopleTools远程命令执行漏洞参考:网址:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999参考:XF: peoplesoft-schedulertransfer-create-files(10962)参考:网址:http://www.iss.net/security_center/static/10962.php目录遍历脆弱性PeopleTools 8.10到8.18,8.40,和8.41允许远程攻击者通过SchedulerTransfer servlet覆盖任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0104 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0137网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0137最终决定:阶段性裁决:修改:建议:20030317分配:20030313类别:科幻参考:ATSTAKE: A031303-2参考:网址:http://www.atstake.com/research/advisories/2003/a031303 - 2. - txt基于SNMP守护进程在DX200网络元素对诺基亚服务GPRS支持节点(SGSN)允许远程攻击者读取SNMP选项通过任意社区字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0137 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0147网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0147最终决定:阶段性裁决:修改:建议:20030317分配:20030314类别:科幻参考:BUGTRAQ: 20030313漏洞在OpenSSL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104766550528628&w=2参考:VULNWATCH: 20030313 OpenSSL私钥信息披露参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html参考:BUGTRAQ: 20030317(咨询)计时攻击OpenSSL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104792570615648&w=2参考:MISC:http://crypto.stanford.edu/达博/论文/ ssl-timing.pdfOpenSSL不使用RSA致盲默认情况下,它允许本地和远程攻击者获得服务器的私钥通过确定因素(1)上使用时间差异减少额外的削减在蒙哥马利的数量,和(2)使用不同的整数乘法算法(“Karatsuba”和正常)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0147 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0020网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0020最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: apache-esc-seq-injection(11412)参考:网址:http://www.iss.net/security_center/static/11412.phpApache不过滤终端转义序列错误日志,这使得攻击者更容易将这些序列插入终端模拟器,它包含转义序列相关的漏洞。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0020 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0024网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0024最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-menu-modification(11416)参考:网址:http://www.iss.net/security_center/static/11416.php0.42允许攻击者修改菜单条特性在个词叫“轻描淡写”菜单选项和执行任意命令通过一个特定的字符转义序列,将命令插入菜单。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0024 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0046网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0046最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:BUGTRAQ: 20030129 iDEFENSE安全顾问01.28.03:SSH2客户不安全地存储密码参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2参考:MISC:http://www.idefense.com/advisory/01.28.03.txt参考:确认:http://www.celestialsoftware.net/telnet/beta_software.htmlAbsoluteTelnet SSH2客户机并不清晰的登录凭证从内存,包括明文密码,这可能允许攻击者访问内存窃取SSH的凭证。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0046 3供应商确认:未知的内容决定:包容、DESIGN-WEAK-ENCRYPTION承认:测试版发布2.12 RC9包括“修复密码以明文出现在内存。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0047网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0047最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:BUGTRAQ: 20030129 iDEFENSE安全顾问01.28.03:SSH2客户不安全地存储密码参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2参考:MISC:http://www.idefense.com/advisory/01.28.03.txtSSH2客户范戴克(1)SecureCRT 4.0.2 3.4.7, (2) SecureFX 2.1.2 2.0.4,和(3)Entunnel 1.0.2,早些时候,不从记忆清晰的登录凭证,包括明文密码,这可能允许攻击者访问内存窃取SSH的凭证。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0047 3供应商确认:未知的内容决定:包容、DESIGN-WEAK-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0048网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0048最终决定:阶段性裁决:修改:建议:20030317分配:20030128类别:科幻参考:BUGTRAQ: 20030129 iDEFENSE安全顾问01.28.03:SSH2客户不安全地存储密码参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104386492422014&w=2参考:MISC:http://www.idefense.com/advisory/01.28.03.txt腻子早0.53 b和不清晰的登录凭证从内存,包括明文密码,这可能允许攻击者访问内存窃取SSH的凭证。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0048 3供应商确认:未知的内容决定:包容、DESIGN-WEAK-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0057网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0057最终决定:阶段性裁决:修改:建议:20030317分配:20030130类别:科幻参考:BUGTRAQ: 20030127 Hypermail缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104369136703903&w=2多个缓冲区溢出Hypermail 2之前2.1.6允许远程攻击者可能导致拒绝服务和执行任意代码(1)通过一个长Hypermail附件文件名不妥善处理的可执行文件,或(2)连接到邮件CGI程序从一个IP地址,reverse-resolves主机名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0057 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0062网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0062最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:BUGTRAQ: 20030210 iDEFENSE安全顾问02.10.03:缓冲区溢出在NOD32杀毒软件对于Unix参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104490777824360&w=2参考:MISC:http://www.idefense.com/advisory/02.10.03.txt参考:XF: nod32-pathname-bo(11282)参考:网址:http://www.iss.net/security_center/static/11282.php缓冲区溢位软件Eset NOD32的UNIX 1.013允许本地用户执行任意代码之前通过一个长路径名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0062 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0063网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0063最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-window-title(11414)参考:网址:http://www.iss.net/security_center/static/11414.phpxterm终端模拟器XFree86 4.2.0允许攻击者修改窗口标题通过一个特定的字符转义序列,然后插入的命令行用户的终端,例如当用户视图包含恶意的文件序列,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0063 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0064网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0064最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-window-title(11414)参考:网址:http://www.iss.net/security_center/static/11414.phpdtterm终端模拟器允许攻击者修改窗口标题通过一个特定的字符转义序列,然后插入的命令行用户的终端,例如当用户视图包含恶意的文件序列,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0064 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0065网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0065最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-window-title(11414)参考:网址:http://www.iss.net/security_center/static/11414.phpuxterm终端模拟器允许攻击者修改窗口标题通过一个特定的字符转义序列,然后插入的命令行用户的终端,例如当用户视图包含恶意的文件序列,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0065 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0067网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0067最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-window-title(11414)参考:网址:http://www.iss.net/security_center/static/11414.php终端模拟器0.42允许一个词叫“轻描淡写”攻击者修改窗口标题通过一个特定的字符转义序列,然后插入它回到命令行用户的终端,例如当用户视图包含恶意的文件序列,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0067 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0068网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0068最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:BUGTRAQ: 20030303 GLSA: eterm(200303 - 1)参考:XF: terminal-emulator-window-title(11414)参考:网址:http://www.iss.net/security_center/static/11414.phpEterm终端模拟器0.9.1允许攻击者修改窗口标题早些时候通过一个特定的字符转义序列,然后插入的命令行用户的终端,例如当用户视图包含恶意的文件序列,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0068 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0069网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0069最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-window-title(11414)参考:网址:http://www.iss.net/security_center/static/11414.php腻子终端模拟器0.53允许攻击者修改窗口标题通过一个特定的字符转义序列,然后插入它回到命令行用户的终端,例如当用户视图包含恶意的文件序列,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0069 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0071网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0071最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-dec-udk(11415)参考:网址:http://www.iss.net/security_center/static/11415.php12月UDK处理特性在XFree86 4.2.99.4 xterm终端模拟器,早些时候允许攻击者造成拒绝服务通过一个特定的字符转义序列,使终端进入紧密的循环。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0071 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0076网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0076最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:确认:http://dc.ketelhot.de/pipermail/dc/2003-January/000094.html参考:BUGTRAQ: 20030204 GLSA: qt-dcgui参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104437720116243&w=2参考:XF: qtdcgui-directory-download-files(11246)参考:网址:http://www.iss.net/security_center/static/11246.php未知的漏洞在目录解析器直接连接4 Linux (dcgui)之前0.2.2 sharelist外允许远程攻击者读取文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0076 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0077网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0077最终决定:阶段性裁决:修改:建议:20030317分配:20030210类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-window-title(11414)参考:网址:http://www.iss.net/security_center/static/11414.phphanterm (hanterm-xf)终端模拟器2.0.5允许攻击者修改窗口标题之前通过一个特定的字符转义序列,然后插入的命令行用户的终端,例如当用户视图包含恶意的文件序列,这可能允许攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0077 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0079网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0079最终决定:阶段性裁决:修改:建议:20030317分配:20030210类别:科幻参考:VULNWATCH: 20030224终端模拟器安全问题参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html参考:BUGTRAQ: 20030224终端模拟器安全问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2参考:XF: terminal-emulator-dec-udk(11415)参考:网址:http://www.iss.net/security_center/static/11415.php12月UDK处理功能hanterm (hanterm-xf)终端模拟器之前2.0.5允许攻击者造成拒绝服务通过一个特定的字符转义序列,导致终端进入紧密的循环。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0079 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0107网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0107最终决定:阶段性裁决:修改:建议:20030317分配:20030226类别:科幻参考:BUGTRAQ: 20030222缓冲区溢出zlib 1.1.4参考:网址:http://online.securityfocus.com/archive/1/312869参考:BUGTRAQ: 20030223 poc zlib sploit只是为了好玩:)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104610337726297&w=2参考:BUGTRAQ: 20030224 Re:缓冲区溢出的zlib 1.1.4参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104610536129508&w=2参考:BUGTRAQ: 20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104620610427210&w=2参考:报价:6913参考:网址:http://online.securityfocus.com/bid/6913参考:XF: zlib-gzprintf-bo(11381)参考:网址:http://www.iss.net/security_center/static/11381.phpgzprintf函数zlib 1.1.4缓冲区溢出,当zlib编译没有vsnprintf或长输入使用vsnprintf截断时,允许攻击者造成拒绝服务或可能执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0107 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0124网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0124最终决定:阶段性裁决:修改:建议:20030317分配:20030312类别:科幻参考:BUGTRAQ: 20030311漏洞在人< 1.5 l参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2人之前1.51允许攻击者执行任意代码通过一个畸形的人以不恰当的引用文件,导致my_xsprintf函数返回一个字符串的值“不安全”,然后执行一个程序通过系统调用。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0124 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0126网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0126最终决定:阶段性裁决:修改:建议:20030317分配:20030312类别:科幻参考:MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt参考:VULNWATCH: 20030311 SOHO Routefinder 550 VPN, DoS和缓冲区溢出的web界面SOHO Routefinder 550固件4.63和更早的,可能以后版本中,有一个默认的“admin”账户和一个空白的密码,这可能允许攻击者在局域网方面进行未经授权的活动。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0126 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2003 - 0146网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2003 - 0146最终决定:阶段性裁决:修改:建议:20030317分配:20030314类别:科幻参考:BUGTRAQ: 20030228 NetPBM,多个漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104644687816522&w=2参考:DEBIAN: dsa - 263参考:网址:http://www.debian.org/security/2003/dsa - 263早些时候在NetPBM 9.20和多个漏洞,可能还有其他版本,允许远程攻击者可能导致拒绝服务或执行任意代码通过“数学溢出错误”,如(1)整数signedness错误或(2)整数溢出。分析- - - - - - - - - - - - - - - - - ED_PRI - 2003 - 0146 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群确认- 2002 b - 59岁的候选人
- 下一个按日期:(提案)集群misc - 2002 - 39的候选人
- Prev线程:(提案)集群确认- 2002 b - 59岁的候选人
- 下一个线程:(提案)集群misc - 2002 - 39的候选人
- 指数(es):
