(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群unix - 2002 - 52的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群unix - 2002 - 52的候选人
- 从:“史蒂文·m·Christey " <coley@LINUS.mitre.org>
- 日期:2003年3月17日,星期一,-0500年18:21:24(美国东部时间)
- 交货日期:2003年3月17日18:21:32星期一
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我提出集群unix - 2002 a,供编辑部评论和投票。名称:Unix - 2002描述:罐在Linux / Unix报告从2002年7月到2002年9月尺寸:52通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-0384 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0384最终决定:阶段性裁决:修改:建议:20030317分配:20020522类别:科幻参考:REDHAT: RHSA-2002:107参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 107. - html参考:REDHAT: RHSA-2002:098参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 098. - html参考:曼德拉草:MDKSA-2002:054参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 054. - php参考:惠普:hpsbtl0208 - 057参考:网址:http://online.securityfocus.com/advisories/4358参考:XF: gaim-jabber-module-bo(9766)参考:网址:http://www.iss.net/security_center/static/9766.php参考:报价:5406参考:网址:http://www.securityfocus.com/bid/5406缓冲区溢位在0.58前Jabber Gaim客户机插件允许远程攻击者执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0384 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0662网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0662最终决定:阶段性裁决:修改:建议:20030317分配:20020702类别:科幻参考:BUGTRAQ: 20020902 ScrollKeeper根陷阱参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103098575826031&w=2参考:DEBIAN: dsa - 160参考:网址:http://www.debian.org/security/2002/dsa - 160参考:REDHAT: RHSA-2002:186参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 186. - html参考:BUGTRAQ: 20020904 GLSA: scrollkeeper参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103115387102294&w=2scrollkeeper-get-cl ScrollKeeper 0.3 0.3.11允许本地用户创建和覆盖文件通过一个符号链接scrollkeeper-tempfile攻击。x临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0662 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0835网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0835最终决定:阶段性裁决:修改:建议:20030317分配:20020808类别:科幻参考:REDHAT: RHSA-2002:162参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 162. - html参考:REDHAT: RHSA-2002:165参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 165. - html参考:火山口:综援- 2002 - 044.0参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 044.0.txt参考:惠普:hpsbtl0209 - 066参考:网址:http://online.securityfocus.com/advisories/4449参考:报价:5596参考:网址:http://www.securityfocus.com/bid/5596参考:XF: pxe-dhcp-dos(10003)参考:网址:http://www.iss.net/security_center/static/10003.phpPreboot执行环境(PXE)服务器允许远程攻击者造成拒绝服务(崩溃)通过某些DHCP数据包从ip电话(VOIP)手机。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0835 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1091网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1091最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:BUGTRAQ: 20020906任意gif:利用PoC NS6.2.3(固定在7.0)[:gif参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103134051120770&w=2参考:MISC:http://crash.ihug.co.nz/ Sneuro / zerogif /参考:确认:http://bugzilla.mozilla.org/show_bug.cgi?id=157989参考:REDHAT: RHSA-2002:192参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 192. - html参考:曼德拉草:MDKSA-2002:075参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:075参考:XF: netscape-zero-gif-bo(10058)参考:网址:http://www.iss.net/security_center/static/10058.php参考:报价:5665参考:网址:http://www.securityfocus.com/bid/5665网景6.2.3和早些时候,Mozilla 1.0.1,允许远程攻击者腐败的堆内存和执行任意代码通过一个GIF图像以零宽度。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1091 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1111网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1111最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20020819(螳螂咨询/ 2002 - 02)限制输出对记者可以绕过参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102978873620491&w=2参考:DEBIAN: dsa - 153参考:网址:http://www.debian.org/security/2002/dsa - 153参考:报价:5515参考:网址:http://www.securityfocus.com/bid/5515print_all_bug_page。早些时候在螳螂0.17.3和php不验证limit_reporters选项,它允许远程攻击者查看错误总结错误,否则将受到限制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1111 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1112网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1112最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:BUGTRAQ: 20020819(螳螂咨询/ 2002 - 03)私人项目的缺陷清单可以通过cookie操作参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102978673018271&w=2参考:DEBIAN: dsa - 153参考:网址:http://www.debian.org/security/2002/dsa - 153参考:报价:5514参考:网址:http://www.securityfocus.com/bid/5514螳螂在0.17.4允许远程攻击者列出项目缺陷没有身份验证通过修改使用cookie,“查看错误”页面。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1112 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1113网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1113最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:BUGTRAQ: 20020813 mantisbt参考安全缺陷:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102927873301965&w=2参考:BUGTRAQ: 20020819(螳螂咨询/ 2002 - 04)任意代码执行参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102978924821040&w=2参考:DEBIAN: dsa - 153参考:网址:http://www.debian.org/security/2002/dsa - 153参考:报价:5504参考:网址:http://www.securityfocus.com/bid/5504summary_graph_functions。早些时候在螳螂0.17.3和php允许远程攻击者执行任意的php代码通过修改g_jpgraph_path参数参考php代码的位置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1113 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1114网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1114最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:BUGTRAQ: 20020819(螳螂咨询/ 2002 - 05)任意代码执行和文件阅读漏洞在螳螂参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102978711618648&w=2参考:DEBIAN: dsa - 153参考:网址:http://www.debian.org/security/2002/dsa - 153参考:XF: mantis-configinc-var-include(9900)参考:网址:http://www.iss.net/security_center/static/9900.php参考:报价:5509参考:网址:http://www.securityfocus.com/bid/5509config_inc2。php在螳螂0.17.4允许远程攻击者执行任意代码或读取任意文件通过参数(1)g_bottom_include_page g_top_include_page (2), (3) g_css_include_file, (4) g_meta_include_file或(5)饼干。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1114 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1115网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1115最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻参考:BUGTRAQ: 20020823(螳螂咨询/ 2002 - 06)私人访问螳螂引用的错误:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103013249211164&w=2参考:DEBIAN: dsa - 161参考:网址:http://www.debian.org/security/2002/dsa - 161螳螂0.17.4a早些时候,允许远程攻击者查看私人bug修改f_id错误(1)bug_update_advanced_page ID参数。(2)bug_update_page php。(3)view_bug_advanced_page php。php,或(4)view_bug_page.php。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1115 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1116网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1116最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20020823[螳螂咨询/ 2002 - 07]bug的私人项目上市的观点错误的引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103014152320112&w=2参考:DEBIAN: dsa - 161参考:网址:http://www.debian.org/security/2002/dsa - 161“查看错误”页面(view_all_bug_page.php)早些时候在螳螂0.17.4a和包括私人bug的摘要为用户没有访问任何项目。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1116 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1119网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1119最终决定:阶段性裁决:修改:建议:20030317分配:20020909类别:科幻参考:MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html参考:DEBIAN: dsa - 159参考:网址:http://www.debian.org/security/2002/dsa - 159参考:CONECTIVA: CLA-2002:527参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527参考:火山口:综援- 2002 - 045.0参考:曼德拉草:MDKSA-2002:082参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 082. - php参考:REDHAT: RHSA-2002:202参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 202. - html参考:BUGTRAQ: 20030123 [OpenPKG - sa - 2003.006] OpenPKG安全顾问(python)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2参考:XF: python-execvpe-tmpfile-symlink(10009)参考:网址:http://www.iss.net/security_center/static/10009.php参考:报价:5581参考:网址:http://www.securityfocus.com/bid/5581操作系统。_execvpe从操作系统。早些时候在Python 2.2.1和py创建临时文件和可预测的名称,这将允许本地用户执行任意代码通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1119 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1126网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1126最终决定:阶段性裁决:修改:建议:20030317分配:20020917类别:科幻参考:BUGTRAQ: 20020911隐私泄漏在mozilla参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103176760004720&w=2参考:确认:http://bugzilla.mozilla.org/show_bug.cgi?id=145579参考:REDHAT: RHSA-2002:192参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 192. - html参考:曼德拉草:MDKSA-2002:075参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:075参考:XF: mozilla-onunload-url-leak(10084)参考:网址:http://www.iss.net/security_center/static/10084.php参考:报价:5694参考:网址:http://www.securityfocus.com/bid/5694Mozilla 1.1和更早的,基于Mozilla的浏览器Netscape和Galeon等设置文档引用过快在某些情况下被加载一个新页面时,它允许web页面来确定下一个页面,该页面被访问,包括手动输入url,使用onunload处理程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1126 1供应商确认:是的补丁投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1131网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1131最终决定:阶段性裁决:修改:建议:20030317分配:20020920类别:科幻参考:BUGTRAQ: 20020919松鼠邮件1.2.7 XSS漏洞编写参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html参考:确认:http://sourceforge.net/project/shownotes.php?group_id=311&release_id=110774参考:REDHAT: RHSA-2002:204参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 204. - html参考:DEBIAN: dsa - 191参考:网址:http://www.debian.org/security/2002/dsa - 191参考:XF: squirrelmail-php-xss(10145)参考:网址:http://www.iss.net/security_center/static/10145.php参考:报价:5763参考:网址:http://www.securityfocus.com/bid/5763跨站点脚本漏洞在SquirrelMail 1.2.7早些时候,允许远程攻击者编写执行脚本和其他网络用户通过(1)addressbook。php,(2)选项。php,(3)搜索。php,或(4)help.php。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1131 1供应商确认:是的、确认:供应商的变更版本1.2.8,2002年9月14日说:“修复多个XXS利用addressbook,搜索,帮助,和选项页面。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1132网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1132最终决定:阶段性裁决:修改:建议:20030317分配:20020920类别:科幻参考:BUGTRAQ: 20020919松鼠邮件1.2.7 XSS漏洞编写参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html参考:REDHAT: RHSA-2002:204参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 204. - html参考:DEBIAN: dsa - 191参考:网址:http://www.debian.org/security/2002/dsa - 191参考:XF: squirrelmail-options-path-disclosure(10345)参考:网址:http://www.iss.net/security_center/static/10345.phpSquirrelMail 1.2.7早些时候编写,可能以后的版本,允许远程攻击者决定的绝对路径名的选择。php脚本通过畸形optpage文件参数,生成一个错误消息,当文件不能被包含在脚本。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1132 1供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1147网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1147最终决定:阶段性裁决:修改:建议:20030317分配:20020924类别:科幻参考:MISC:http://www.tech - serve.com/research/advisories/2002/a092302 - 1. - txt参考:BUGTRAQ: 20020924 4000惠普Procurve堆叠开关HTTP重置脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103287951910420&w=2参考:惠普:hpsbux0209 - 219参考:网址:http://online.securityfocus.com/advisories/4501参考:报价:5784参考:网址:http://www.securityfocus.com/bid/5784参考:XF: hp-procurve-http-reset-dos(10172)参考:网址:http://www.iss.net/security_center/static/10172.phpHTTP管理界面为惠普Procurve 4000开关固件C.09.16之前,启用了叠加特性和远程管理,不进行身份验证请求重置设备,远程攻击者可以通过直接导致拒绝服务请求device_reset CGI程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1147 1供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1148网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1148最终决定:阶段性裁决:修改:建议:20030317分配:20020924类别:科幻参考:BUGTRAQ: 20020924暴露在Tomcat 4 JSP源代码。x参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103288242014253&w=2参考:DEBIAN: dsa - 170参考:网址:http://www.debian.org/security/2002/dsa - 170参考:惠普:hpsbux0212 - 229参考:网址:http://online.securityfocus.com/advisories/4758参考:报价:5786参考:网址:http://www.securityfocus.com/bid/5786参考:XF: tomcat-servlet-source-code(10175)参考:网址:http://www.iss.net/security_center/static/10175.php默认的Tomcat servlet (org.apache.catalina.servlets.DefaultServlet) 4.0.4 4.1.10和早些时候允许远程攻击者读取源代码服务器文件通过一个直接请求的servlet。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1148 1供应商确认:未知的模糊的准确性:“dsa - 169”号无意中发表了两个独立的问题。Debian通过电子邮件确认dsa - 169是用于htcheck问题(可以- 2002 - 1195),和dsa - 170是用于Tomcat的问题(可以- 2002 - 1148)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1151网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1151最终决定:阶段性裁决:修改:建议:20030317分配:20020924类别:科幻参考:BUGTRAQ: 20020910 KDE安全顾问:Konqueror跨站脚本漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103175850925395&w=2参考:确认:http://www.kde.org/info/security/advisory - 20020908 - 2. - txt参考:CONECTIVA: CLA-2002:525参考:DEBIAN: dsa - 167参考:网址:http://www.debian.org/security/2002/dsa - 167参考:曼德拉草:MDKSA-2002:064参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 064. - php参考:火山口:综援- 2002 - 047.0参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 047.0.txt参考:REDHAT: RHSA-2002:220参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 220. - html参考:报价:5689参考:网址:http://online.securityfocus.com/bid/5689参考:XF: ie-sameoriginpolicy-bypass(10039)参考:网址:http://www.iss.net/security_center/static/10039.php2.2.2 Konqueror的跨站点脚本保护KDE和3.0通过3.0.3不正确初始化域子框架构成和sub-iframes可允许远程攻击者从子帧执行脚本,并窃取cookie在其他领域。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1151 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1152网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1152最终决定:阶段性裁决:修改:建议:20030317分配:20020924类别:科幻参考:BUGTRAQ: 20020910 KDE安全顾问:安全Cookie脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103175827225044&w=2参考:确认:http://www.kde.org/info/security/advisory - 20020908 - 1. - txt参考:REDHAT: RHSA-2002:220参考:XF: kde-konqueror-cookie-hijacking(10083)参考:网址:http://www.iss.net/security_center/static/10083.php参考:报价:5691参考:网址:http://www.securityfocus.com/bid/5691Konqueror KDE 3.0通过3.0.2不正确检测到“安全”的旗帜HTTP cookie,这可能导致Konqueror发送cookie在未加密的通道,可以通过嗅探允许远程攻击者窃取cookie。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1152 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1336网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1336最终决定:阶段性裁决:修改:建议:20030317分配:20021202类别:科幻参考:BUGTRAQ: 20020724 VNC认证弱点参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102753170201524&w=2参考:BUGTRAQ: 20020726 RE: VNC认证弱点参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102769183913594&w=2参考:确认:http://www.tightvnc.com/WhatsNew.txt参考:曼德拉草:MDKSA-2003:022参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:022参考:报价:5296参考:网址:http://online.securityfocus.com/bid/5296TightVNC之前生成同样的挑战相对于1.2.6多个连接字符串,它允许远程攻击者绕过VNC认证通过嗅探的挑战和应对其他用户。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1336 1供应商确认:是的、确认:说它相对于1.2.6的更新日志”固定重复挑战再现攻击的脆弱性,bugtraq id 5296。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1405网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1405最终决定:阶段性裁决:修改:建议:20030317分配:20030204类别:科幻参考:BUGTRAQ: 20020819猞猁CRLF注入参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102978118411977&w=2参考:BUGTRAQ: 20020822猞猁CRLF注入,两个引用部分:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103003793418021&w=2参考:DEBIAN: dsa - 210参考:网址:http://www.debian.org/security/2002/dsa - 210参考:火山口:综援- 2002 - 049.0参考:网址:ftp://ftp.caldera.com/pub/security/openlinux/cssa - 2002 049.0.txt参考:REDHAT: RHSA-2003:029参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 029. - html参考:BUGTRAQ: 20021219 tslsa - 2002 - 0085 - lynx-ssl参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104033235506549&w=2参考:曼德拉草:MDKSA-2003:023参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:023参考:XF: lynx-crlf-injection(9887)参考:网址:http://www.iss.net/security_center/static/9887.php猞猁2.8.4 CRLF注入漏洞,允许远程攻击者早些时候注入假HTTP头一个HTTP请求,是在命令行上提供的,通过一个URL包含编码回车,换行和其他空格字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1405 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1412网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1412最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:BUGTRAQ: 20020801代码注入在画廊参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html参考:确认:http://gallery.menalto.com/modules.php?op=modload&name=万博下载包News&file=article&sid=50&mode=thread&order=0&thold=0参考:DEBIAN: dsa - 138参考:网址:http://www.debian.org/security/2002/dsa - 138画廊相册包之前1.3.1允许本地和远程攻击者执行任意代码通过修改GALLERY_BASEDIR变量指向一个目录包含一个特洛伊木马init或URL。php脚本。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1412 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1419网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1419最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:SGI: 20020805 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I参考:报价:5467参考:网址:http://www.securityfocus.com/bid/5467参考:XF: irix-origin-bypass-filtering(9868)参考:网址:http://www.iss.net/security_center/static/9868.php的升级IRIX起源3000通过6.5.16 6.5.13改变系统的MAC地址,可以修改计划基于MAC地址的访问限制。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1419 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1424网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1424最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:DEBIAN: dsa - 141参考:网址:http://www.debian.org/security/2002/dsa - 141参考:报价:5385参考:网址:http://www.securityfocus.com/bid/5385参考:XF: munpack-mime-bo(9747)参考:网址:http://www.iss.net/security_center/static/9747.php1.5和更早的缓冲区溢出在munpack mpack允许远程攻击者可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1424 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1425网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1425最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:DEBIAN: dsa - 141参考:网址:http://www.debian.org/security/2002/dsa - 141参考:报价:5386参考:网址:http://www.securityfocus.com/bid/5386参考:XF: munpack-dotdot-directory-traversal(9748)参考:网址:http://www.iss.net/security_center/static/9748.php目录遍历脆弱性在munpack mpack 1.5和更早的允许远程攻击者在父目录中创建新的文件通过一个. ./(圆点)序列中提取文件名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1425 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1472网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1472最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:CONECTIVA: CLA-2002:529参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529参考:SUSE: SuSE-SA: 2002:032参考:网址:http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html参考:报价:5735参考:网址:http://www.securityfocus.com/bid/5735参考:XF: xfree86-x11-program-execution(10137)参考:网址:http://www.iss.net/security_center/static/10137.phplibX11。所以在xfree86允许本地用户获得根权限通过修改LD_PRELOAD环境变量指向一个恶意的模块。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1472 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1476网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1476最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:NETBSD: NETBSD - sa2002 - 012参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——012.参考:报价:5724参考:网址:http://www.securityfocus.com/bid/5724参考:XF: netbsd-libc-setlocale-bo(10159)参考:网址:http://www.iss.net/security_center/static/10159.php缓冲区溢出setlocale libc NetBSD 1.4。通过1.6 x,可能其他操作系统,称为LC_ALL类别时,允许本地攻击者执行任意代码通过一个用户控制地区拥有超过6个元素的字符串,这超过了new_categories类别数组的边界,通过项目如xterm和zsh是可利用的。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1476 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1477网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1477最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:BUGTRAQ: 20020903仙人掌安全问题参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html参考:DEBIAN: dsa - 164参考:网址:http://www.debian.org/security/2002/dsa - 164参考:MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt参考:XF: cacti-graph-label-commands(10048)参考:网址:http://www.iss.net/security_center/static/10048.php参考:报价:5627参考:网址:http://www.securityfocus.com/bid/5627图表。php在仙人掌0.6.8允许远程认证仙人掌管理员执行任意命令通过shell元字符在标题编辑模式。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1477 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1490网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1490最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:NETBSD: NETBSD - sa2002 - 007参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——007.参考:XF: netbsd-tiocsctty-ioctl-bo(10115)参考:网址:http://www.iss.net/security_center/static/10115.php参考:报价:5722参考:网址:http://www.securityfocus.com/bid/5722NetBSD 1.4到1.6 beta允许本地用户造成拒绝服务(内核恐慌)通过一系列TIOCSCTTY ioctl调用,导致一个整数溢出的结构计数器,计数器设置为零,从而释放内存,由其他进程仍在使用。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1490 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1513网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1513最终决定:阶段性裁决:修改:建议:20030317分配:20030223类别:科幻参考:BUGTRAQ: 20020927 OpenVMS POP服务器本地漏洞参考:网址:http://online.securityfocus.com/archive/1/293070参考:BUGTRAQ: 20021001[安全公告]SSRT2371惠普OpenVMS潜在流行服务器本地漏洞(fwd)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html参考:康柏:SSRT2371参考:网址:http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html参考:报价:5790参考:网址:http://www.securityfocus.com/bid/5790参考:XF: openvms-pop-gain-privileges(10236)参考:网址:http://www.iss.net/security_center/static/10236.phpUCX流行在惠普服务器的TCP / IP服务的OpenVMS 4.2到5.3允许本地用户截断通过日志文件命令行选项任意文件,覆盖文件系统权限,因为服务器运行SYSPRV和旁路的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1513 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1468网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1468最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:AIXAPAR: IY31997参考:网址:http://archives.neohapsis.com/archives/aix/2002-q3/0007.html缓冲区溢出在errpt在AIX 4.3.3了未知的攻击向量和未知的后果。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1468 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0399网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0399最终决定:阶段性裁决:修改:建议:20030317分配:20020602类别:科幻参考:BUGTRAQ: 20020928 GNU tar (Re:分配Netenforcer问题,GNU tar缺陷)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2参考:REDHAT: RHSA-2002:096参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 096. - html参考:曼德拉草:MDKSA-2002:066参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:066参考:CONECTIVA: CLA-2002:538参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538参考:ENGARDE: esa - 20021003 - 022参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 2400. - html参考:XF: archive-extraction-directory-traversal(10224)参考:网址:http://www.iss.net/security_center/static/10224.php目录遍历脆弱性在GNU tar 1.13.19 1.13.25,甚至后来的版本,允许攻击者覆盖任意文件档案中提取通过(1)“/ . .”或(2)”。/ . .”字符串,删除领先的削减,但离开“. .”的变体可以- 2001 - 1267。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0399 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0837网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0837最终决定:阶段性裁决:修改:建议:20030317分配:20020808类别:科幻参考:BUGTRAQ: 20020908 Guardent客户咨询:多个wordtrans-web漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103158607631137&w=2参考:MISC:http://www.guardent.com/comp_万博下载包news_wordtrans-web.html参考:REDHAT: RHSA-2002:188参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 188. - html参考:XF: wordtrans-web-php-xss(10059)参考:网址:http://www.iss.net/security_center/static/10059.php参考:XF: wordtrans-web-code-execution(10063)参考:网址:http://www.iss.net/security_center/static/10063.php参考:报价:5674参考:网址:http://www.securityfocus.com/bid/5674参考:报价:5671参考:网址:http://www.securityfocus.com/bid/5671wordtrans 1.1 pre8和早些时候wordtrans-web包允许远程攻击者(1)或(2)中执行任意代码通过某些参数进行跨站点脚本攻击wordtrans(可能是“东西”)。php脚本。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0837 3供应商确认:对咨询内容的决定:SF-LOC抽象:Guardent咨询不清楚足以确定这里有一个或两个不同的漏洞类型,尽管有一些暗示“多个”漏洞。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1110网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1110最终决定:阶段性裁决:修改:建议:20030317分配:20020906类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20020819(螳螂咨询/ 2002 - 01)SQL中毒漏洞在螳螂参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102978728718851&w=2参考:DEBIAN: dsa - 153参考:网址:http://www.debian.org/security/2002/dsa - 153参考:报价:5510参考:网址:http://www.securityfocus.com/bid/5510早些时候在螳螂0.17.2和多个SQL注入漏洞,没有magic_quotes_gpc启用运行时,允许远程攻击者获得特权或通过修改表单字段执行未经授权的数据库操作,如account_update.php。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1110 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1124网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1124最终决定:阶段性裁决:修改:建议:20030317分配:20020913类别:科幻参考:DEBIAN: dsa - 166参考:网址:http://www.debian.org/security/2002/dsa - 166参考:XF: linux-purity-bo(10100)参考:网址:http://www.iss.net/security_center/static/10100.php参考:报价:5702参考:网址:http://www.securityfocus.com/bid/5702多个缓冲区溢位纯洁1 - 16允许本地用户获得特权和修改高分表。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1124 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1125网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1125最终决定:阶段性裁决:修改:建议:20030317分配:20020916类别:科幻参考:VULNWATCH: 20020916 iDEFENSE安全顾问09.16.2002:FreeBSD港口libkvm安全漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0115.html参考:BUGTRAQ: 20020916 iDEFENSE安全顾问09.16.2002:FreeBSD港口libkvm安全漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103228135413310&w=2参考:FREEBSD: FreeBSD-SA-02:39参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:39.libkvm.asc参考:XF: bsd-libkvm-descriptor-leak(10109)参考:网址:http://www.iss.net/security_center/static/10109.php参考:报价:5714参考:网址:http://www.securityfocus.com/bid/5714参考:报价:5716参考:网址:http://www.securityfocus.com/bid/5716参考:报价:5718参考:网址:http://www.securityfocus.com/bid/5718参考:报价:5719参考:网址:http://www.securityfocus.com/bid/5719参考:报价:5720参考:网址:http://www.securityfocus.com/bid/5720FreeBSD端口的程序使用libkvm FreeBSD 4.6.2-RELEASE和前,包括(1)asmon ascpu (2), (3) bubblemon, wmmon (4), (5) wmnet2,离开/dev/mem和/dev/kmem打开的文件描述符,它允许本地用户阅读内核内存。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1125 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1134网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1134最终决定:阶段性裁决:修改:建议:20030317分配:20020923类别:科幻参考:康柏:SSRT2362参考:网址:http://online.securityfocus.com/advisories/4497参考:BUGTRAQ: 20020923[安全公告]SSRT2362 web服务工具(惠普Tru64 UNIX,惠普参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103280973718587&w=2参考:XF: webes-unauth-file-access(10167)参考:网址:http://www.iss.net/security_center/static/10167.php参考:报价:5773参考:网址:http://www.securityfocus.com/bid/5773未知的漏洞在康柏web服务工具2.0通过web 4.0(服务包5)允许本地用户读取特权文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1134 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1174网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1174最终决定:阶段性裁决:修改:建议:20030317分配:20020930类别:科幻参考:VULNWATCH: 20020929咨询03/2002:Fetchmail远程漏洞参考:BUGTRAQ: 20020929咨询03/2002:Fetchmail远程漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2参考:曼德拉草:MDKSA-2002:063参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 063. - php参考:DEBIAN: dsa - 171参考:网址:http://www.debian.org/security/2002/dsa - 171参考:CONECTIVA: CLA-2002:531参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531参考:REDHAT: RHSA-2002:215参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 215. - html参考:ENGARDE: esa - 20021003 - 023参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 2402. - html参考:XF: fetchmail-multidrop-bo(10203)参考:网址:http://www.iss.net/security_center/static/10203.php参考:报价:5825参考:网址:http://www.securityfocus.com/bid/5825参考:报价:5827参考:网址:http://www.securityfocus.com/bid/5827缓冲区溢出在Fetchmail 6.0.0早些时候,允许远程攻击者造成拒绝服务(崩溃)或执行任意代码通过(1)长标题不正确处理readheaders函数,或(2)通过长了:头,不正确地解析parse_received函数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1174 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1175网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1175最终决定:阶段性裁决:修改:建议:20030317分配:20020930类别:科幻参考:VULNWATCH: 20020929咨询03/2002:Fetchmail远程漏洞参考:BUGTRAQ: 20020929咨询03/2002:Fetchmail远程漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103340148625187&w=2参考:曼德拉草:MDKSA-2002:063参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 063. - php参考:DEBIAN: dsa - 171参考:网址:http://www.debian.org/security/2002/dsa - 171参考:CONECTIVA: CLA-2002:531参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000531参考:REDHAT: RHSA-2002:215参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 215. - html参考:ENGARDE: esa - 20021003 - 023参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 2402. - html参考:XF: fetchmail-multidrop-bo(10203)参考:网址:http://www.iss.net/security_center/static/10203.php参考:报价:5826参考:网址:http://www.securityfocus.com/bid/58260 Fetchmail中的getmxrecord函数和早些时候不正确检查一个特定的边界畸形的DNS数据包从一个恶意的DNS服务器,远程攻击者可以引起拒绝服务(崩溃)当Fetchmail试图读取数据超出预期的边界。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1175 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1216网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1216最终决定:阶段性裁决:修改:建议:20030317分配:20021015类别:科幻参考:BUGTRAQ: 20020928 GNU tar (Re:分配Netenforcer问题,GNU tar缺陷)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2参考:REDHAT: RHSA-2002:096参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 096. - html参考:XF: archive-extraction-directory-traversal(10224)参考:网址:http://www.iss.net/security_center/static/10224.phpGNU tar 1.13.19和其他版本之前1.13.25允许远程攻击者通过符号链接攻击覆盖任意文件,修改的结果,有效地禁用安全检查。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1216 3供应商确认:是的内容决定:SF-LOC抽象:这个问题是re-introduction脆弱性影响的早期版本的软件。似乎合适,因为不同版本影响re-introduction, CD: SF-LOC应该建议保持分裂的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1226网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1226最终决定:阶段性裁决:修改:建议:20030317分配:20021017类别:科幻参考:SUSE: SuSE-SA: 2002:034参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103341355708817&w=2参考:BUGTRAQ: 20021014 GLSA: heimdal参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103462479621246&w=2参考:DEBIAN: dsa - 178参考:网址:http://www.debian.org/security/2002/dsa - 178未知的漏洞在Heimdal 0.5与未知的影响,可能在kadmind(1)和(2)kdc服务器、允许远程或本地攻击者获得根或其他访问,但不是通过缓冲区溢出(- 2002 - 1225)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1226 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1397网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1397最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:BUGTRAQ: 20020819 @(#)莫德雷德实验室咨询0 x0001:缓冲区溢出在PostgreSQL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102977465204357&w=2参考:MISC:http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/backend/utils/adt/cash.c.diff?r1=1.51&r2=1.52参考:CONECTIVA: CLA-2002:524参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524脆弱性cash_words()函数PostgreSQL 7.2和更早的允许本地用户可能导致拒绝服务和执行任意代码通过一个大的负面观点,可能触发一个整数signedness错误或缓冲区溢出。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1397 3供应商确认:未知的内容决定:SF-LOC抽象:大量的缓冲区溢出等问题在PostgreSQL 7.2中被发现。在2002年8月x。解决这些不同的问题的过程是相当艰巨的。CD: SF-LOC可能建议结合大多数溢出到单个项目,一些安全警告是含糊不清,似乎适合创建独立的候选人单独的报告,以便供应商可能澄清他们的客户哪些问题(或没有)修复。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1398网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1398最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:BUGTRAQ: 20020819 Re: @(#)莫德雷德实验室咨询0 x0001:缓冲区溢出在PostgreSQL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102978152712430&w=2参考:BUGTRAQ: 20020821 Re: @(#)莫德雷德实验室咨询0 x0003:缓冲区溢出在PostgreSQL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102996089613404&w=2参考:BUGTRAQ: 20020824 Fwd(通用):PostgreSQL 7.2.2:安全发布参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2参考:确认:http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644参考:确认:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php参考:DEBIAN: dsa - 165参考:网址:http://www.debian.org/security/2002/dsa - 165参考:SUSE: SuSE-SA: 2002:038参考:网址:http://www.suse.de/de/security/2002_038_postgresql.html参考:BUGTRAQ: 20020826 GLSA: PostgreSQL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2缓冲区溢出的日期解析器之前PostgreSQL 7.2.2允许攻击者可能导致拒绝服务和执行任意代码通过一个长日期字符串,也就是一个漏洞”在处理长datetime输入。”Analysis ---------------- ED_PRI CAN-2002-1398 3 Vendor Acknowledgement: unknown Content Decisions: SF-LOC ABSTRACTION: A large number of buffer overflows and other issues were discovered in PostgreSQL 7.2.x during August 2002. The process of sorting out these different issues was quite arduous. While CD:SF-LOC might suggest combining most of the overflows into a single item, some security advisories are vague enough that it seems appropriate to create separate candidates for the separate reports, so that vendors may clarify to their customers which problems they did (or did not) fix. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1400 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1400最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:BUGTRAQ: 20020820 @(#)莫德雷德实验室咨询0 x0003:缓冲区溢出在PostgreSQL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=102987306029821&w=2参考:BUGTRAQ: 20020824 Fwd(通用):PostgreSQL 7.2.2:安全发布参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2参考:确认:http://marc.theaimsgroup.com/?l=postgresql-announce&m=103062536330644参考:确认:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php参考:CONECTIVA: CLA-2002:524参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524参考:SUSE: SuSE-SA: 2002:038参考:网址:http://www.suse.de/de/security/2002_038_postgresql.html参考:曼德拉草:MDKSA-2002:062参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:062参考:BUGTRAQ: 20020826 GLSA: PostgreSQL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2基于堆的缓冲区溢出的重复()函数之前PostgreSQL 7.2.2允许攻击者执行任意代码,导致重复()生成一个大的字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1400 3供应商确认:未知的内容决定:SF-LOC抽象:大量的缓冲区溢出等问题在PostgreSQL 7.2中被发现。在2002年8月x。解决这些不同的问题的过程是相当艰巨的。CD: SF-LOC可能建议结合大多数溢出到单个项目,一些安全警告是含糊不清,似乎适合创建独立的候选人单独的报告,以便供应商可能澄清他们的客户哪些问题(或没有)修复。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1401网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1401最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg02047.php参考:MISC:http://archives.postgresql.org/pgsql-hackers/2002-08/msg02081.php参考:DEBIAN: dsa - 165参考:网址:http://www.debian.org/security/2002/dsa - 165参考:CONECTIVA: CLA-2002:524参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524(1)circle_poly缓冲区溢出,(2)path_encode和(3)path_add (PostgreSQL 7.2.3也错误地认定为path_addr)早些时候,允许攻击者可能导致拒绝服务和运行任意代码的情况,可能是由于一个整数溢出。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1401 3供应商确认:未知的内容决定:SF-LOC抽象:大量的缓冲区溢出等问题在PostgreSQL 7.2中被发现。在2002年8月x。解决这些不同的问题的过程是相当艰巨的。CD: SF-LOC可能建议结合大多数溢出到单个项目,一些安全警告是含糊不清,似乎适合创建独立的候选人单独的报告,以便供应商可能澄清他们的客户哪些问题(或没有)修复。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1406网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1406最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:惠普:hpsbux0208 - 210参考:网址:http://archives.neohapsis.com/archives/hp/2002-q3/0049.html参考:报价:5454参考:网址:http://www.securityfocus.com/bid/5454参考:XF: hp-vvos-passwd(9847)参考:网址:http://www.iss.net/security_center/static/9847.phppasswd VVOS hp - ux 11.04未知的漏洞,未知的影响,相关的“异常行为”。Analysis ---------------- ED_PRI CAN-2002-1406 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ABSTRACTION: this could be a duplicate of CAN-2002-0577, but the HP advisory is too vague to be certain. However, CAN-2002-0577 is covered by HP:HPSBUX0204-191, and that advisory recommends a different patch for VVOS 11.04. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1408 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1408最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:惠普:hpsbux0208 - 208参考:网址:http://online.securityfocus.com/advisories/4360参考:XF: hp-emanate-default-snmp(9814)参考:网址:http://www.iss.net/security_center/static/9814.php参考:报价:5428参考:网址:http://www.securityfocus.com/bid/5428未知的漏洞或缺陷在惠普OpenView发出14.2 snmpModules允许SNMP读写社区名暴露,与(1)““只读”社区访问和/或(2)一个容易可推测的社区的名字。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1408 3供应商确认:对咨询内容的决定:模糊,SF-LOC抽象:咨询是如此模糊,很难识别比在CVE漏洞更精确地描述。然而,可能有两个不同的问题,因为咨询说,一个问题是固定的,另一个需要配置更改。但咨询不提供足够的信息来确定。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1409网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1409最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:惠普:hpsbux0208 - 206参考:网址:http://archives.neohapsis.com/archives/hp/2002-q3/0041.html参考:报价:5425参考:网址:http://www.securityfocus.com/bid/5425参考:XF: hp-ptrace-dos(9818)参考:网址:http://www.iss.net/security_center/static/9818.phpptrace在hp - ux 11.00到11.11允许本地用户造成拒绝服务(数据页面错误恐慌)通过“一个不正确的引用线程寄存器的状态。”Analysis ---------------- ED_PRI CAN-2002-1409 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE ACCURACY: the advisory is too vague to understand the real nature of the vulnerability, so the description has to quote the words from the advisory. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1439 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1439最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:惠普:hpsbux0208 - 211参考:网址:http://archives.neohapsis.com/archives/hp/2002-q3/0050.html参考:XF: hp-vvos-tga-corruption(9846)参考:网址:http://www.iss.net/security_center/static/9846.php参考:报价:5459参考:网址:http://www.securityfocus.com/bid/5459未知的漏洞与堆栈腐败TGA守护进程的hp - ux 11.04 (VVOS) Virtualvault 4.0, 4.5和4.6可能允许攻击者获得对系统文件访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1439 3供应商确认:对咨询内容的决定:模糊的准确性:咨询太模糊,理解的本质脆弱性,这可能是一个经典的缓冲区溢出,整数signedness错误,界外数组索引等。也没有咨询状态是否远程或本地开发的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1473网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1473最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:惠普:hpsbux0208 - 213参考:网址:http://archives.neohapsis.com/archives/hp/2002-q3/0064.html参考:XF: hp-lp-dos(9992)参考:网址:http://www.iss.net/security_center/static/9992.php多个缓冲区溢出的lp子系统hp - ux 10.20到11.11(11)允许本地用户可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1473 3供应商确认:对咨询内容的决定:SF-LOC, SF-EXEC,模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1474网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1474最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:康柏:ssrt - 547参考:网址:http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html未知的漏洞或缺陷在TCP / IP组件为惠普Tru64 UNIX 4.0 f, 4.0克,5.0允许远程攻击者造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1474 3供应商确认:对咨询内容的决定:模糊,SF-LOC准确性:咨询没有说是否有一个或两个漏洞,但是有两个单独的引用(SSRT0756U和SSRT0776U)这可能是多个问题的一项指标。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1475网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1475最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:康柏:ssrt - 547参考:网址:http://archives.neohapsis.com/archives/tru64/2002-q3/0017.html未知的漏洞在ARP组件惠普Tru64 UNIX 4.0 f, 4.0克,5.0允许远程攻击者接管另一个主机发送的数据包,导致拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1475 3供应商确认:对咨询内容的决定:模糊的准确性:咨询中使用的术语是不澄清攻击的性质,所以咨询引用的文本描述。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1500网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1500最终决定:阶段性裁决:修改:建议:20030317分配:20030205类别:科幻参考:NETBSD: NETBSD - sa2002 - 014参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——014.参考:报价:5727参考:网址:http://www.securityfocus.com/bid/5727参考:XF: netbsd-fdset-bo(10114)参考:网址:http://www.iss.net/security_center/static/10114.php(1)mrinfo缓冲区溢出,(2)mtrace,和(3)pppd NetBSD 1.4。x通过1.6允许本地用户获得特权执行灌装后的程序文件描述符表、生产文件描述符大于FD_SETSIZE,不检查FD_SET ()。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1500 3供应商确认:对咨询内容的决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群ms - 2002 - 47的候选人
- 下一个按日期:(提案)集群unix - 2002 b - 58候选人
- Prev线程:(提案)集群ms - 2002 - 47的候选人
- 下一个线程:(提案)集群unix - 2002 b - 58候选人
- 指数(es):
