(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群unix - 2002 b - 58候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群unix - 2002 b - 58候选人
- 从:“史蒂文·m·Christey " <coley@LINUS.mitre.org>
- 日期:2003年3月17日,星期一,-0500年18:21:44(美国东部时间)
- 交货日期:2003年3月17日18:21:49星期一
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我提出集群unix - 2002 b,供编辑部评论和投票。名称:unix - 2002 b描述:罐在Linux中报告从2002年10月到2002年11月大小:58通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-1157 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1157最终决定:阶段性裁决:修改:建议:20030317分配:20020926类别:科幻参考:DEBIAN: dsa - 181参考:网址:http://www.debian.org/security/2002/dsa - 181参考:曼德拉草:MDKSA-2002:072参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 072. - php参考:ENGARDE: esa - 20021029 - 027参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 2512. - html参考:CONECTIVA: CLA-2002:541参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541参考:BUGTRAQ: 20021023 [OpenPKG - sa - 2002.010] OpenPKG安全顾问(apache)参考:网址:http://online.securityfocus.com/archive/1/296753对mod_ssl进行参考:BUGTRAQ: 20021026 GLSA:参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html参考:报价:6029参考:网址:http://www.securityfocus.com/bid/6029参考:XF: apache-modssl-host-xss(10457)参考:网址:http://www.iss.net/security_center/static/10457.php对mod_ssl进行跨站点脚本漏洞在Apache模块2.8.9和早些时候,当UseCanonicalName启用和通配符DNS,允许远程攻击者执行脚本和其他网站访客,通过HTTPS响应的服务器名称SSL端口,用于一个URL,科学家将不同的漏洞比- 2002 - 0840。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1157 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1170网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1170最终决定:阶段性裁决:修改:建议:20030317分配:20020930类别:科幻参考:BUGTRAQ: 20021002 iDEFENSE安全顾问10.02.2002:- snmp DoS脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103359362020365&w=2参考:BUGTRAQ: 20021014 GLSA: - snmp参考:MISC:http://www.idefense.com/advisory/10.02.02.txt参考:确认:http://sourceforge.net/forum/forum.php?forum_id=216532参考:REDHAT: RHSA-2002:228参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 228. - html在snmp_agent handle_var_requests函数。c - SNMP的SNMP守护进程(原名ucd-snmp)包5.0.1通过5.0.5允许远程攻击者造成拒绝服务(崩溃)通过零废弃。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1170 1供应商确认:未知的准确性:虽然最初iDEFENSE报告说5.0.5是固定的,一个跟踪与开发人员表示,磋商解决是不正确的,和5.0.6是第一个固定版本。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1193网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1193最终决定:阶段性裁决:修改:建议:20030317分配:20021008类别:科幻参考:DEBIAN: dsa - 172参考:网址:http://www.debian.org/security/2002/dsa - 172参考:XF: tkmail-tmp-file-symlink(10307)参考:网址:http://www.iss.net/security_center/static/10307.php参考:报价:5911参考:网址:http://www.securityfocus.com/bid/5911tkmail之前4.0 beta9 - 8.1允许本地用户创建或覆盖文件,用户通过一个符号链接攻击临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1193 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1195网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1195最终决定:阶段性裁决:修改:建议:20030317分配:20021009类别:科幻参考:BUGTRAQ: 20020912 ht: / /检查XSS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103184269605160&w=2参考:DEBIAN: dsa - 169参考:网址:http://www.debian.org/security/2002/dsa - 169参考:XF: htcheck-server-header-xss(10089)参考:网址:http://www.iss.net/security_center/static/10089.php跨站点脚本漏洞ht (XSS)在PHP接口:/ /检查1.1允许远程web服务器中插入任意的HTML,包括脚本,通过一个web页面。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1195 1供应商确认:是的咨询准确性:“dsa - 169”号无意中发表了两个独立的问题。Debian通过电子邮件确认dsa - 169是用于htcheck问题(可以- 2002 - 1195),和dsa - 170是用于Tomcat的问题(可以- 2002 - 1148)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1196网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1196最终决定:阶段性裁决:修改:建议:20030317分配:20021009类别:科幻参考:BUGTRAQ: 20021001 (BUGZILLA)安全咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103349804226566&w=2参考:确认:http://bugzilla.mozilla.org/show_bug.cgi?id=167485 c12参考:DEBIAN: dsa - 173参考:网址:http://www.debian.org/security/2002/dsa - 173参考:XF: bugzilla-usebuggroups-permissions-leak(10233)参考:网址:http://www.iss.net/security_center/static/10233.phpeditproducts。cgi Bugzilla 2.14。2.16 x 2.14.4之前,。x 2.16.1之前,当启用了“usebuggroups”功能,超过47组指定,不正确地计算大量位的值,授予额外的权限用户通过Perl数学的特点,设置多个比特。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1196 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1200网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1200最终决定:阶段性裁决:修改:建议:20030317分配:20021011类别:科幻参考:确认:http://www.balabit.hu/static/zsa/zsa - 2002 - 014 - en.txt参考:BUGTRAQ: 20021010 syslog-ng缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103426595021928&w=2参考:DEBIAN: dsa - 175参考:网址:http://www.debian.org/security/2002/dsa - 175参考:ENGARDE: esa - 20021016 - 025参考:ENGARDE: esa - 20021029 - 028参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 2513. - html参考:CONECTIVA: CLA-2002:547参考:SUSE: SuSE-SA: 2002:039参考:网址:http://www.suse.com/de/security/2002_039_syslog_ng.html参考:报价:5934参考:网址:http://www.securityfocus.com/bid/5934参考:XF: syslogng-macro-expansion-bo(10339)参考:网址:http://www.iss.net/security_center/static/10339.phpBalabit Syslog-NG 1.4。1.5 x 1.4.15之前,。x 1.5.20之前,使用模板文件名或输出时,不恰当地跟踪缓冲区的大小当遇到常量字符在宏扩展,它允许远程攻击者可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1200 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1223网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1223最终决定:阶段性裁决:修改:建议:20030317分配:20021017类别:科幻参考:BUGTRAQ: 20021009 KDE安全顾问:KGhostview任意代码执行参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html参考:确认:http://www.kde.org/info/security/advisory - 20021008 - 1. - txt参考:REDHAT: RHSA-2002:220参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 220. - html参考:曼德拉草:MDKSA-2002:071参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:071参考:XF: gsview-dsc-ps-bo(11319)参考:网址:http://www.iss.net/security_center/static/11319.php从GSview缓冲区溢出在DSC 3.0解析器,用于KGhostView KDE 1.1和KDE 3.0.3a,允许攻击者可能导致拒绝服务或通过修改每分钟执行任意代码(后记)输入文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1223 1供应商确认:是的咨询抽象:- 2002 - 0838和2002 - 1223年不同溢出源于不同的包。KDE安全顾问明确这。因此CD: SF-LOC建议让他们分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1224网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1224最终决定:阶段性裁决:修改:建议:20030317分配:20021017类别:科幻参考:确认:http://www.kde.org/info/security/advisory - 20021008 - 2. - txt参考:REDHAT: RHSA-2002:220参考:BUGTRAQ: 20021009 KDE安全顾问:kpf目录遍历参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html参考:BUGTRAQ: 20021011安全漏洞kpf - KDE个人服务器。参考网址:http://online.securityfocus.com/archive/1/294991参考:XF: kpf-icon-view-files(10347)参考:网址:http://www.iss.net/security_center/static/10347.php参考:报价:5951参考:网址:http://www.securityfocus.com/bid/5951目录遍历脆弱性kpf通过KDE KDE 3.0.1 3.0.3a允许远程攻击者读取任意文件作为kpf用户通过一个URL参数修改图标。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1224 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1227网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1227最终决定:阶段性裁决:修改:建议:20030317分配:20021017类别:科幻参考:DEBIAN: dsa - 177参考:网址:http://www.debian.org/security/2002/dsa - 177参考:XF: pam-disabled-bypass-authentication(10405)参考:网址:http://www.iss.net/security_center/static/10405.php参考:报价:5994参考:网址:http://www.securityfocus.com/bid/5994PAM 0.76将禁用密码,如果它是一个空(null)密码,它允许本地和远程攻击者获得特权为残疾用户。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1227 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1231网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1231最终决定:阶段性裁决:修改:建议:20030317分配:20021021类别:科幻参考:火山口:综援- 2002上海合作组织。41参考:网址:ftp://ftp.sco.com/pub/updates/openunix/cssa - 2002 sco.41参考:XF: openunix-unixware-rcp-dos(10425)参考:网址:http://www.iss.net/security_center/static/10425.php参考:报价:6025参考:网址:http://www.securityfocus.com/bid/6025上海合作组织安装7.1.1 UnixWare和开放的UNIX 8.0.0允许本地用户造成拒绝服务通过一个rcp / proc。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1231 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1232网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1232最终决定:阶段性裁决:修改:建议:20030317分配:20021022类别:科幻参考:DEBIAN: dsa - 180参考:网址:http://www.debian.org/security/2002/dsa - 180参考:REDHAT: RHSA-2002:223参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 223. - html参考:CONECTIVA: CLA-2002:539参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539参考:曼德拉草:MDKSA-2002:078参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 078. - php参考:火山口:综援- 2002 - 054.0参考:惠普:hpsbtl0210 - 074参考:网址:http://online.securityfocus.com/advisories/4605参考:BUGTRAQ: 20021028 GLSA: ypserv参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103582692228894&w=2参考:报价:6016参考:网址:http://www.securityfocus.com/bid/6016参考:XF: ypserv-map-memory-leak(10423)参考:网址:http://www.iss.net/security_center/static/10423.php内存泄漏在yp_db ypdb_open。c ypserv之前早些时候在NIS包3.9和2.5允许远程攻击者造成拒绝服务(内存消耗)通过大量的请求一个不存在的地图。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1232 1供应商确认:是的咨询准确性:通过电子邮件,托尔斯滕Kukuk(开发人员)澄清这是一个基本的内存泄漏,而不是一个信息泄漏的老域名/地图名称,建议在一些供应商报告。准确性:曼德拉草的一个早期版本:MDKSA-2002:078包括一个描述,讨论了ypserv问题,但其引用是其他问题。曼德拉草证实MDKSA-2002:078适用于只能- 2002 - 1232。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1245网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1245最终决定:阶段性裁决:修改:建议:20030317分配:20021101类别:科幻参考:MISC:http://www.idefense.com/advisory/11.06.02.txt参考:BUGTRAQ: 20021106 iDEFENSE安全顾问11.06.02:Non-Explicit LuxMan参考路径的弱点:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103660334009855&w=2参考:VULNWATCH: 20021106 iDEFENSE安全顾问11.06.02:Non-Explicit LuxMan参考路径的弱点:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html参考:DEBIAN: dsa - 189参考:网址:http://www.debian.org/security/2002/dsa - 189参考:XF: luxman-maped-read-memory(10549)参考:网址:http://www.iss.net/security_center/static/10549.php参考:报价:6113参考:网址:http://www.securityfocus.com/bid/6113马培德LuxMan 0.41中使用用户提供的搜索路径来找到并执行gzip程序,它允许本地用户修改/dev/mem并获得特权通过修改path环境变量指向一个特洛伊木马程序gzip。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1245 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1251网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1251最终决定:阶段性裁决:修改:建议:20030317分配:20021101类别:科幻参考:DEBIAN: dsa - 186参考:网址:http://www.debian.org/security/2002/dsa - 186参考:XF: log2mail-log-file-bo(10527)参考:网址:http://www.iss.net/security_center/static/10527.php参考:报价:6089参考:网址:http://www.securityfocus.com/bid/6089缓冲区溢出在log2mail 0.2.5.1允许远程攻击者执行任意代码通过一个日志消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1251 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1271网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1271最终决定:阶段性裁决:修改:建议:20030317分配:20021105类别:科幻参考:SUSE: SuSE-SA: 2002:041参考:网址:http://www.suse.de/de/security/2002_041_perl_mailtools.html参考:BUGTRAQ: 20021106 GLSA: MailTools参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103659723101369&w=2参考:曼德拉草:MDKSA-2002:076参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 076. - php参考:BUGTRAQ: 20021108(安全宣布)Re: MDKSA-2002:076——perl-MailTools更新参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103679569705086&w=2参考:XF: mail-mailer-command-execution(10548)参考:网址:http://www.iss.net/security_center/static/10548.php参考:报价:6104参考:网址:http://www.securityfocus.com/bid/6104邮件:梅勒早些时候在perl-MailTools包1.47和Perl模块使用mailx作为默认的梅勒,它允许远程攻击者执行任意命令将它们插入到邮件的身体,然后由mailx处理。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1271 1供应商确认:是的顾问注意:Debian已经表示,他们并不脆弱。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1277网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1277最终决定:阶段性裁决:修改:建议:20030317分配:20021108类别:科幻参考:DEBIAN: dsa - 190参考:网址:http://www.debian.org/security/2002/dsa - 190参考:CONECTIVA: CLA-2002:548参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548参考:曼德拉草:MDKSA-2002:085参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 085. - php参考:REDHAT: RHSA-2003:009参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 009. - html参考:REDHAT: RHSA-2003:043参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 043. - html参考:XF: window-maker-image-bo(10560)参考:网址:http://www.iss.net/security_center/static/10560.php参考:报价:6119参考:网址:http://www.securityfocus.com/bid/6119缓冲区溢出可能早些时候在窗户制造商(wmaker) 0.80.0和允许远程攻击者执行任意代码通过一个特定的图像文件时不妥善处理窗口制造商使用宽度和高度信息分配一个缓冲区。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1277 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1278网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1278最终决定:阶段性裁决:修改:建议:20030317分配:20021108类别:CF参考:CONECTIVA: CLA-2002:544参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544参考:XF: linuxconf-sendmail-mail-relay(10554)参考:网址:http://www.iss.net/security_center/static/10554.php参考:报价:6118参考:网址:http://www.securityfocus.com/bid/61181.24 mailconf模块在linuxdonf Conectiva Linux 6.0通过8生成Sendmail配置文件(sendmail.cf)的方式配置Sendmail运行作为一个开放的邮件中继,它允许远程攻击者发送垃圾邮件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1278 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1285网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1285最终决定:阶段性裁决:修改:建议:20030317分配:20021112类别:科幻参考:SUSE: SuSE-SA: 2002:040参考:网址:http://www.suse.de/de/security/2002_040_lprng_html2ps.html参考:XF: lprng-runlpr-gain-privileges(10525)参考:网址:http://www.iss.net/security_center/static/10525.php参考:报价:6077参考:网址:http://www.securityfocus.com/bid/6077runlpr LPRng包中允许本地lp用户获得根权限通过特定的命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1285 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1307网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1307最终决定:阶段性裁决:修改:建议:20030317分配:20021115类别:科幻参考:DEBIAN: dsa - 199参考:网址:http://www.debian.org/security/2002/dsa - 199参考:确认:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com参考:报价:6204参考:网址:http://online.securityfocus.com/bid/6204跨站点脚本漏洞(XSS) MHonArc 2.5.12早些时候,允许远程攻击者通过电子邮件消息插入脚本或HTML和脚本MIME标题名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1307 1供应商确认:是的咨询确认:电子邮件作者mhonarc-users邮件列表发布的10月21日,2002表示确认。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1311网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1311最终决定:阶段性裁决:修改:建议:20030317分配:20021116类别:科幻参考:DEBIAN: dsa - 197参考:网址:http://www.debian.org/security/2002/dsa - 197之前快递sqwebmail 0.40.0不会在启动后迅速下降的特权在某些情况下,这可能允许本地用户读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1311 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1313网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1313最终决定:阶段性裁决:修改:建议:20030317分配:20021118类别:科幻参考:DEBIAN: dsa - 198参考:网址:http://www.debian.org/security/2002/dsa - 198nullmailer 1.00 rc5和早些时候允许本地用户造成拒绝服务通过电子邮件到本地用户不存在,它会生成一个错误导致nullmailer停止向所有用户发送邮件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1313 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1318网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1318最终决定:阶段性裁决:修改:建议:20030317分配:20021125类别:科幻参考:确认:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html参考:REDHAT: RHSA-2002:266参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 266. - html参考:CONECTIVA: CLA-2002:550参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550参考:涡轮:tslsa - 2002 - 0080参考:SUSE: SuSE-SA: 2002:045参考:网址:http://www.suse.de/de/security/2002_045_samba.html参考:曼德拉草:MDKSA-2002:081参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 081. - php参考:DEBIAN: dsa - 200参考:网址:http://www.debian.org/security/2002/dsa - 200参考:SGI: 20021204 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I参考:BUGTRAQ: 20021121 GLSA: samba参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103801986818076&w=2参考:BUGTRAQ: 20021129 [OpenPKG - sa - 2002.012] OpenPKG安全顾问(samba)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103859045302448&w=22.2.6缓冲区溢出在2.2.2 samba。允许远程攻击者可能导致拒绝服务和执行任意代码通过一个加密的密码导致溢出在DOS代码页的解密字符串转换为低位优先UCS2 unicode字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1318 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1319网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1319最终决定:阶段性裁决:修改:建议:20030317分配:20021125类别:科幻参考:BUGTRAQ: 20021111 i386 Linux内核DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103714004623587&w=2参考:BUGTRAQ: 20021114 Re: Linux内核i386 DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103737292709297&w=2参考:REDHAT: RHSA-2002:262参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 262. - html参考:REDHAT: RHSA-2002:264参考:网址:http://rhn.redhat.com/errata/rhsa - 2002 - 264. - html参考:CONECTIVA: CLA-2002:553参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553Linux内核2.4.20早些时候,2.5。x,当运行在x86系统上,允许本地用户造成拒绝服务(挂)通过模拟模式,不正确清晰的特遣部队和NT EFLAGs。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1319 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1320网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1320最终决定:阶段性裁决:修改:建议:20030317分配:20021125类别:科幻参考:BUGTRAQ: 20021107远程松拒绝服务引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103668430620531&w=2参考:SUSE: SuSE-SA: 2002:046参考:网址:http://www.suse.de/de/security/2002_046_pine.html参考:ENGARDE: esa - 20021127 - 032参考:网址:http://www.linuxsecurity.com/advisories/engarde_advisory - 2614. - html参考:曼德拉草:MDKSA-2002:084参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 084. - php参考:CONECTIVA: CLA-2002:551参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551参考:REDHAT: RHSA-2002:270参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 270. - html参考:BUGTRAQ: 20021202 GLSA:松树参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103884988306241&w=2参考:XF: pine-from-header-dos(10555)参考:网址:http://www.iss.net/security_center/static/10555.php参考:报价:6120参考:网址:http://www.securityfocus.com/bid/61204.44和更早的松树允许远程攻击者造成拒绝服务(核心转储和重启失败)通过电子邮件消息>从头,其中包含大量的引号(“)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1320 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1323网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1323最终决定:阶段性裁决:修改:建议:20030317分配:20021126类别:科幻参考:确认:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744参考:确认:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5参考:DEBIAN: dsa - 208参考:网址:http://www.debian.org/security/2002/dsa - 208参考:BUGTRAQ: 20021216 [OpenPKG - sa - 2002.014] OpenPKG安全顾问(perl)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104005919814869&w=2参考:BUGTRAQ: 20021219 tslsa - 2002 - 0087 - perl参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104033126305252&w=2参考:BUGTRAQ: 20021220 GLSA: perl参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104040175522502&w=2参考:VULNWATCH: 20021105 [VULNWATCH] Perl的安全。点间重用vuln参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html参考:报价:6111参考:网址:http://www.securityfocus.com/bid/6111参考:XF: safe-pm-bypass-restrictions(10574)参考:网址:http://www.iss.net/security_center/static/10574.php安全的。2.0.7下午早些时候,当用于Perl 5.8.0和早些时候,可能允许攻击者打破安全车厢(1)安全:瑞威尔或(2)安全::rdo使用重新定义@ _变量,这不是重置的两次调用之间。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1323 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1335网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1335最终决定:阶段性裁决:修改:建议:20030317分配:20021202类别:科幻参考:确认:http://mi.med.tohoku.ac.jp/%7Esatodai/w3m-dev-en/200211.month/838.html参考:确认:http://sourceforge.net/project/shownotes.php?release_id=124484参考:REDHAT: RHSA-2003:044参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 044. - html参考:DEBIAN: dsa - 250参考:网址:http://www.debian.org/security/2003/dsa - 250参考:DEBIAN: dsa - 251参考:网址:http://www.debian.org/security/2003/dsa - 251w3m 0.3.2不逃避一个HTML标签在一个框架,它允许远程攻击者访问文件或饼干。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1335 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1364网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1364最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:SUSE: SuSE-SA: 2002:043参考:网址:http://www.suse.de/de/security/2002_043_traceroute_nanog_nkitb.html参考:BUGTRAQ: 20021129利用traceroute-nanog溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103858895600963&w=2参考:报价:6166参考:网址:http://www.securityfocus.com/bid/6166缓冲区溢出在traceroute-nanog get_origin函数允许攻击者通过长域名查询服务响应执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1364 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1394网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1394最终决定:阶段性裁决:修改:建议:20030317分配:20030106类别:科幻参考:BUGTRAQ: 20021015 GLSA: tomcat参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103470282514938&w=2参考:确认:http://marc.theaimsgroup.com/?l=tomcat-dev&m=103417249325526&w=2参考:确认:http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13365参考:DEBIAN: dsa - 225参考:网址:http://www.debian.org/security/2003/dsa - 225Apache Tomcat你早些时候,当使用servlet调用程序和默认servlet,允许远程攻击者读取服务器的源代码文件或绕过某些保护,的一个变体可以- 2002 - 1148。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1394 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1403网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1403最终决定:阶段性裁决:修改:建议:20030317分配:20030110类别:科幻参考:CONECTIVA: CLA-2002:549参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000549参考:DEBIAN: dsa - 219参考:网址:http://www.debian.org/security/2002/dsa - 219参考:BUGTRAQ: 20030105 GLSA: dhcpcd参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104189546709447&w=2参考:曼德拉草:MDKSA-2003:003参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:003参考:报价:6200参考:网址:http://online.securityfocus.com/bid/6200dhcpcd DHCP客户端守护进程1.3.22早些时候,允许本地用户执行任意代码通过shell元字符是美联储从脚本中了dhcpd . info . exe脚本。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1403 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1510网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1510最终决定:阶段性裁决:修改:建议:20030317分配:20030219类别:科幻参考:CONECTIVA: CLA-2002:533参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533参考:MISC:http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG参考:XF: xfree86-xdm-unauth-access(11389)参考:网址:http://www.iss.net/security_center/static/11389.php一棵树,authComplain变量设置为false,允许任意攻击者连接到X服务器如果一棵树认证目录不存在。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1510 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1511网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1511最终决定:阶段性裁决:修改:建议:20030317分配:20030219类别:科幻参考:REDHAT: RHSA-2003:041参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 041. - html参考:确认:http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog参考:曼德拉草:MDKSA-2003:022参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:022参考:XF: vnc-rand-weak-cookie(11384)参考:网址:http://www.iss.net/security_center/static/11384.phpvnc的vncserver包装之前3.3.3r2-21使用rand()函数,而不是将srand(),导致vncserver产生弱的饼干。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1511 1供应商确认:是的changelog投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1516网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1516最终决定:阶段性裁决:修改:建议:20030317分配:20030223类别:科幻参考:CIAC: n - 004参考:网址:http://www.ciac.org/ciac/bulletins/n - 004. shtml参考:SGI: 20020903 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P参考:XF: irix-rpcbind-w-symlink(10272)参考:网址:http://www.iss.net/security_center/static/10272.php参考:报价:5889参考:网址:http://online.securityfocus.com/bid/5889在SGI IRIX rpcbind,使用- w命令行开关,允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1516 1供应商确认:是的咨询抽象:这很可能是一个不同于cve漏洞因为cve - 1999 - 0190 - 1999 - 0190远程利用,和符号链接问题,通过自然,只有当地可利用的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1517网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1517最终决定:阶段性裁决:修改:建议:20030317分配:20030223类别:科幻参考:CIAC: n - 004参考:网址:http://www.ciac.org/ciac/bulletins/n - 004. shtml参考:SGI: 20020903 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P参考:XF: irix-fsr-efs-symlink(10275)参考:网址:http://www.iss.net/security_center/static/10275.php参考:报价:5897参考:网址:http://www.securityfocus.com/bid/5897fsr_efs IRIX 6.5允许本地用户进行未经授权的文件活动通过一个符号链接攻击,可能通过.fsrlast文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1517 1供应商确认:是的咨询准确性:唯一来源,特别提到了”。fsrlast”文件是电脑,现在还不清楚这些知识是从哪里来的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1518网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1518最终决定:阶段性裁决:修改:建议:20030317分配:20030223类别:科幻参考:CIAC: n - 004参考:网址:http://www.ciac.org/ciac/bulletins/n - 004. shtml参考:SGI: 20020903 - 01 - p参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P参考:报价:5893参考:网址:http://www.securityfocus.com/bid/5893参考:XF: irix-mv-directory-insecure(10276)参考:网址:http://www.iss.net/security_center/static/10276.phpmv IRIX 6.5中创建了一个与人人可写的目录权限而移动目录,这将允许本地用户修改文件和目录。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1518 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1543网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1543最终决定:阶段性裁决:修改:建议:20030317分配:20030225类别:科幻参考:NETBSD: NETBSD - sa2002 - 025参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——025.参考:XF: trek-keyboard-input-bo(10458)参考:网址:http://www.iss.net/security_center/static/10458.php参考:报价:6036参考:网址:http://www.securityfocus.com/bid/6036缓冲区溢出在跋涉在NetBSD 1.5 1.5.3允许本地用户获得特权更正通过键盘输入。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1543 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1548网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1548最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:AIXAPAR: IY31934参考:网址:http://archives.neohapsis.com/archives/aix/2002-q4/0002.htmlautofs未知的漏洞,当使用可执行映射,允许攻击者执行任意命令作为根用户,可能相关的不当“字符串处理。”Analysis ---------------- ED_PRI CAN-2002-1548 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1550 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1550最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:AIXAPAR: IY34617参考:网址:http://archives.neohapsis.com/archives/aix/2002-q4/0002.htmldump_smutil。sh在IBM AIX允许本地用户执行未经授权的文件操作通过一个符号链接攻击临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1550 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1551网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1551最终决定:阶段性裁决:修改:建议:20030317分配:20030304类别:科幻参考:AIXAPAR: IY34670参考:网址:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html缓冲区溢出在IBM AIX网路资讯查询允许攻击者可能导致拒绝服务或执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1551 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0711网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0711最终决定:阶段性裁决:修改:建议:20030317分配:20020719类别:未知参考:康柏:SSRT2265参考:网址:http://www.securityfocus.com/advisories/4633参考:XF: hp-trucluster-interconnect-dos(10551)参考:网址:http://www.iss.net/security_center/static/10551.php参考:BUGTRAQ: 20021105 RE:[安全公告]SSRT2265惠普TruCluster服务器互连参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103651974926272&w=2参考:报价:6102参考:网址:http://www.securityfocus.com/bid/6102未知的漏洞在集群互联惠普TruCluster服务器5.0,5.1,5.1允许本地和远程攻击者可能会导致拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0711 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0839网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0839最终决定:阶段性裁决:修改:建议:20030317分配:20020808类别:科幻参考:VULNWATCH: 20021003 iDEFENSE安全顾问10.03.2002:Apache 1.3。x共享内存记分牌漏洞参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0012.html参考:确认:http://www.apacheweek.com/issues/02-10-04参考:确认:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2参考:CONECTIVA: CLA-2002:530参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530参考:ENGARDE: esa - 20021007 - 024参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 2414. - html参考:曼德拉草:MDKSA-2002:068参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 068. - php参考:DEBIAN: dsa - 187参考:网址:http://www.debian.org/security/2002/dsa - 187参考:DEBIAN: dsa - 188参考:网址:http://www.debian.org/security/2002/dsa - 188参考:DEBIAN: dsa - 195参考:网址:http://www.debian.org/security/2002/dsa - 195参考:BUGTRAQ: 20021003 [OpenPKG - sa - 2002.009] OpenPKG安全顾问(apache)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2参考:SGI: 20021105 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I参考:惠普:hpsbux0210 - 224参考:网址:http://online.securityfocus.com/advisories/4617参考:BUGTRAQ: 20021015 GLSA: apache参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-10/0195.html参考:BUGTRAQ: 20021017 tslsa - 2002 - 0069 - apache参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html参考:报价:5884参考:网址:http://www.securityfocus.com/bid/5884参考:XF: apache-scorecard-memory-overwrite(10280)参考:网址:http://www.iss.net/security_center/static/10280.php共享内存记分板为Apache 1.3 HTTP守护进程。x之前1.3.27允许任何用户运行Apache UID SIGUSR1信号发送到任何过程作为根,导致拒绝服务(过程杀死)或其他行为通常不会被允许,通过修改父[]。pid和家长[]。在记分牌last_rtime段。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0839 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 0843网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 0843最终决定:阶段性裁决:修改:建议:20030317分配:20020808类别:科幻参考:确认:http://www.apacheweek.com/issues/02-10-04参考:确认:http://marc.theaimsgroup.com/?l=apache-httpd-announce&m=103367938230488&w=2参考:CONECTIVA: CLA-2002:530参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530参考:ENGARDE: esa - 20021007 - 024参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 2414. - html参考:曼德拉草:MDKSA-2002:068参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 068. - php参考:DEBIAN: dsa - 187参考:网址:http://www.debian.org/security/2002/dsa - 187参考:DEBIAN: dsa - 188参考:网址:http://www.debian.org/security/2002/dsa - 188参考:DEBIAN: dsa - 195参考:网址:http://www.debian.org/security/2002/dsa - 195参考:惠普:hpsbux0210 - 224参考:网址:http://online.securityfocus.com/advisories/4617参考:SGI: 20021105 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I参考:BUGTRAQ: 20021003 [OpenPKG - sa - 2002.009] OpenPKG安全顾问(apache)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103376585508776&w=2参考:BUGTRAQ: 20021017 tslsa - 2002 - 0069 - apache参考:网址:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html缓冲区溢出ApacheBench基准支持项目(ab.c) Apache 1.3.27之前,和Apache 2。x 2.0.43之前,允许web服务器恶意导致拒绝服务,并可能通过长响应执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 0843 3供应商确认:对咨询内容的决定:SF-LOC包含:虽然这个问题可能是非常罕见的,利用场景溢出不过跨越特权边界。因此这是一个漏洞,应该包括在CVE(等待支持董事会成员的选票)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1165网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1165最终决定:阶段性裁决:修改:建议:20030317分配:20020927类别:科幻参考:BUGTRAQ: 20021001 iDEFENSE安全顾问10.01.02:Sendmail smrsh绕过漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103350914307274&w=2参考:确认:http://www.sendmail.org/smrsh.adv.txt参考:NETBSD: NETBSD - sa2002 - 023参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——023.参考:CONECTIVA: CLA-2002:532参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000532参考:FREEBSD: FreeBSD-SA-02:41参考:火山口:综援- 2002 - 052.0参考:曼德拉草:MDKSA-2002:083参考:SGI: 20030101 - 01 - p参考:REDHAT: RHSA-2003:073参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 073. - html参考:XF: sendmail-forward-bypass-smrsh(10232)参考:网址:http://www.iss.net/security_center/static/10232.php参考:报价:5845参考:网址:http://www.securityfocus.com/bid/5845Sendmail财团的限制Shell (SMRSH)在Sendmail 8.12.6 8.11.6-15,可能还有其他版本从5/19/1998 8.11后,允许攻击者绕过目标限制SMRSH通过插入额外的命令后(1)“| |”序列或(2)“/”字符,不适当的过滤或验证。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1165 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1167网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1167最终决定:阶段性裁决:修改:建议:20030317分配:20020927类别:科幻参考:VULNWATCH: 20021023 r7 - 0008: IBM WebSphere边缘服务器缓存代理跨站点脚本问题参考:AIXAPAR: IY24527参考:报价:6000参考:网址:http://online.securityfocus.com/bid/6000参考:XF: ibm-wte-html-xss(10453)参考:网址:http://www.iss.net/security_center/static/10453.php跨站点脚本(XSS)脆弱性在IBM Web流量表达缓存代理服务器3.6和4。x 4.0.1.26允许远程攻击者执行脚本之前其他用户通过HTTP GET请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1167 3供应商确认:未知的内容决定:SF-LOC抽象:位置:头CSS是分开的“标准”XSS,因为地点:另一个组件——CRLF注入头问题。因此这些都是非常相似的,但不同类型的问题,和CD: SF-LOC表明他们是分成多个项目。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1168网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1168最终决定:阶段性裁决:修改:建议:20030317分配:20020927类别:科幻参考:VULNWATCH: 20021023 r7 - 0008: IBM WebSphere边缘服务器缓存代理跨站点脚本问题参考:AIXAPAR: IY35139参考:报价:6001参考:网址:http://online.securityfocus.com/bid/6001参考:XF: ibm-wte-header-injection(10454)参考:网址:http://www.iss.net/security_center/static/10454.php跨站点脚本(XSS)脆弱性在IBM Web流量表达缓存代理服务器3.6和4。x 4.0.1.26允许远程攻击者执行脚本之前其他用户通过HTTP请求包含一个位置:标题用“% % 0 d”(CRLF)序列,这回声位置服务器响应的HTTP头。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1168 3供应商确认:未知的内容决定:SF-LOC抽象:位置:头CSS是分开的“标准”XSS,因为地点:另一个组件——CRLF注入头问题。因此这些都是非常相似的,但不同类型的问题,和CD: SF-LOC表明他们是分成多个项目。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1169网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1169最终决定:阶段性裁决:修改:建议:20030317分配:20020927类别:科幻参考:MISC:http://www.rapid7.com/advisories/r7 - 0007. - txtr7参考:VULNWATCH: 20021023 - 0007: IBM WebSphere边缘服务器缓存代理拒绝服务引用:AIXAPAR: IY35970参考:报价:6002参考:网址:http://online.securityfocus.com/bid/6002参考:XF: ibm-wte-helpout-dos(10452)参考:网址:http://www.iss.net/security_center/static/10452.phpIBM Web流量表达缓存代理服务器3.6和4。x之前4.0.1.26允许远程攻击者造成拒绝服务(崩溃)通过一个HTTP请求helpout。exe和一个HTTP版本号失踪了,这导致ibmproxy。exe崩溃。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1169 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1192网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1192最终决定:阶段性裁决:修改:建议:20030317分配:20021008类别:科幻参考:BUGTRAQ: 20020928当地可利用的溢出流氓/ FreeBSD参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103342413220529&w=2参考:NETBSD: NETBSD - sa2002 - 021参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——021.参考:XF: freebsd-rogue-bo(10261)参考:网址:http://www.iss.net/security_center/static/10261.php参考:报价:5837参考:网址:http://www.securityfocus.com/bid/5837多个缓冲区溢出在NetBSD 1.6和更早的流氓,FreeBSD 4.6,可能还有其他操作系统,允许本地用户获得“游戏”组特权通过畸形的条目在一个游戏保存文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1192 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1194网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1194最终决定:阶段性裁决:修改:建议:20030317分配:20021008类别:科幻参考:NETBSD: NETBSD - sa2002 - 019参考:网址:ftp://ftp.netbsd.org/pub/netbsd/security/advisories/netbsd sa2002 txt.asc——019.参考:XF: netbsd-talkd-bo(10303)参考:网址:http://www.iss.net/security_center/static/10303.php参考:报价:5910参考:网址:http://www.securityfocus.com/bid/59101.6和更早的缓冲区溢出在talkd NetBSD,可能还有其他操作系统,允许远程攻击者通过长时间的入站消息执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1194 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1202网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1202最终决定:阶段性裁决:修改:建议:20030317分配:20021011类别:科幻参考:康柏:SSRT2208参考:网址:http://archives.neohapsis.com/archives/tru64/2002-q4/0002.html参考:XF: tru64-routed-file-access(10316)参考:网址:http://www.iss.net/security_center/static/10316.php参考:报价:5913参考:网址:http://www.securityfocus.com/bid/5913未知的漏洞在路由惠普Tru64 UNIX V4.0F通过V5.1A允许本地和远程攻击者读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1202 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1215网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1215最终决定:阶段性裁决:修改:建议:20030317分配:20021015类别:科幻参考:确认:http://linux-ha.org/security/sec01.txt参考:SUSE: SuSE-SA: 2002:037参考:网址:http://www.suse.de/de/security/2002_037_heartbeat.html参考:DEBIAN: dsa - 174参考:网址:http://www.debian.org/security/2002/dsa - 174参考:CONECTIVA: CLA-2002:540参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000540参考:XF: linuxha-heartbeat-bo(10357)参考:网址:http://www.iss.net/security_center/static/10357.php参考:报价:5955参考:网址:http://www.securityfocus.com/bid/5955早些时候在心跳0.4.9和多个格式字符串漏洞(有消息声称,缓冲区溢出)允许远程攻击者执行任意代码通过某些数据包UDP端口694(错误地声称TCP在某些来源)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1215 3供应商确认:对咨询内容的决定:SF-LOC准确性:Debian通过电子邮件确认Debian: dsa - 174和SuSE解决同样的问题。的原始版本Debian咨询说hearbeat提到“缓冲区溢出”,但Debian证实,他们真的意味着“缓冲区溢出利用通过格式化字符串”——即格式字符串漏洞。此外,Debian的提到TCP是一个错误。所以,Debian和SuSE报告正在讨论同样的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1225网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1225最终决定:阶段性裁决:修改:建议:20030317分配:20021017类别:科幻参考:SUSE: SuSE-SA: 2002:034参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103341355708817&w=2参考:BUGTRAQ: 20021014 GLSA: heimdal参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103462479621246&w=2参考:DEBIAN: dsa - 178参考:网址:http://www.debian.org/security/2002/dsa - 178参考:XF: heimdal-kf-kfd-bo(10116)参考:网址:http://www.iss.net/security_center/static/10116.php参考:报价:5729参考:网址:http://www.securityfocus.com/bid/5729多个缓冲区溢出Heimdal 0.5之前,可能在kadmind(1)和(2)kdc服务器,允许远程攻击者获得根访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1225 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1233网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1233最终决定:阶段性裁决:修改:建议:20030317分配:20021022类别:科幻参考:BUGTRAQ: 20021016 Apache 1.3.26参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103480856102007&w=2参考:DEBIAN: dsa - 187参考:网址:http://www.debian.org/security/2002/dsa - 187参考:DEBIAN: dsa - 188参考:网址:http://www.debian.org/security/2002/dsa - 188参考:DEBIAN: dsa - 195参考:网址:http://www.debian.org/security/2002/dsa - 195参考:XF: apache-htdigest-tmpfile-race(10413)参考:网址:http://www.iss.net/security_center/static/10413.php回归错误的Debian发行版apache-ssl包(在Debian 2.2就开始之前,和在1.3.26 Debian 3.0),对于Apache 1.3.27和早些时候,允许本地用户读取或修改Apache密码文件通过一个符号链接攻击临时文件管理员运行时(1)htpasswd或(2)htdigest re-introduction漏洞,最初是由可以识别和解决- 2001 - 0131。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1233 3供应商确认:对咨询内容的决定:SF-LOC,回归ABSRACTION:这是一个Debian-specific回归误差可以- 2001 - 0131;他们发布了一个补丁,但修复没有进入上游版本。马克·考克斯指出,这个问题从来没有固定的Apache组;相反,各种分布固定它当它第一次出来了。应该有一个单独的人选这个回归错误呢?投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1247网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1247最终决定:阶段性裁决:修改:建议:20030317分配:20021101类别:科幻参考:BUGTRAQ: 20021111 iDEFENSE安全顾问11.11.02:缓冲区溢出在KDE resLISa参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103704823501757&w=2参考:VULNWATCH: 20021111 iDEFENSE安全顾问11.11.02:缓冲区溢出在KDE resLISa参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0068.html参考:BUGTRAQ: 20021112 KDE安全顾问:resLISa / LISa漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103712329102632&w=2参考:MISC:http://www.idefense.com/advisory/11.11.02.txt参考:DEBIAN: dsa - 193参考:网址:http://www.debian.org/security/2002/dsa - 193参考:REDHAT: RHSA-2002:220参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 220. - html参考:曼德拉草:MDKSA-2002:080参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:080参考:CIAC: n - 020参考:网址:http://www.ciac.org/ciac/bulletins/n - 020. shtml参考:BUGTRAQ: 20021114 GLSA: kdelibs参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2参考:报价:6157参考:网址:http://www.securityfocus.com/bid/6157参考:XF: kde-kdenetwork-reslisa-bo(10592)参考:网址:http://www.iss.net/security_center/static/10592.php缓冲区溢出丽莎允许本地用户访问原始套接字通过长LOGNAME resLISa守护进程的环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1247 3供应商确认:对咨询内容的决定:SF-LOC抽象:- 2002 - 1247 (resLISA / LOGNAME溢出)的不同可以- 2002 - 1306 (lisa守护进程溢出,局域网:/ /溢出),因为有证据表明,这两个候选人分别对待,因此一些丽莎包可能固定一个问题而不是其他。因此这些问题应该保持分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1275网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1275最终决定:阶段性裁决:修改:建议:20030317分配:20021108类别:科幻参考:SUSE: SuSE-SA: 2002:040参考:网址:http://www.suse.de/de/security/2002_040_lprng_html2ps.html参考:DEBIAN: dsa - 192参考:网址:http://www.debian.org/security/2002/dsa - 192参考:XF: lprng-html2ps-command-execution(10526)参考:网址:http://www.iss.net/security_center/static/10526.php参考:报价:6079参考:网址:http://www.securityfocus.com/bid/6079未知的漏洞在html2ps HTML 1.0 / PostScript转换器,LPRng内使用时,允许远程攻击者执行任意代码通过“unsanitized输入。”Analysis ---------------- ED_PRI CAN-2002-1275 3 Vendor Acknowledgement: yes advisory Content Decisions: VAGUE Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1276 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1276最终决定:阶段性裁决:修改:建议:20030317分配:20021108类别:科幻参考:确认:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=167471参考:DEBIAN: dsa - 191参考:网址:http://www.debian.org/security/2002/dsa - 191参考:REDHAT: RHSA-2003:042参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 042. - html一个不完整的解决跨站点脚本(XSS)脆弱性的SquirrelMail 1.2.8调用strip_tags函数PHP_SELF价值但不保存结果回变量,让它跨站点脚本攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1276 3供应商确认:对咨询内容的决定:包含投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1279网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1279最终决定:阶段性裁决:修改:建议:20030317分配:20021112类别:科幻参考:DEBIAN: dsa - 194参考:网址:http://www.debian.org/security/2002/dsa - 194参考:确认:http://lists.masqmail.cx/pipermail/masqmail/2002-November/000040.html参考:确认:http://lists.masqmail.cx/pipermail/masqmail/2002-November/000041.html参考:XF: masqmail-bo(10605)参考:网址:http://www.iss.net/security_center/static/10605.php参考:报价:6164参考:网址:http://www.securityfocus.com/bid/6164多个缓冲区溢出conf.c Masqmail 0.1。0.2 x 0.1.17之前,。x 0.2.15之前,允许本地用户权限通过配置文件中的某些条目(- c选项)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1279 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1281网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1281最终决定:阶段性裁决:修改:建议:20030317分配:20021112类别:科幻参考:BUGTRAQ: 20021112 KDE安全顾问:远程登录命令。协议和telnet。协议URL克钦独立组织脆弱参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103712550205730&w=2参考:确认:http://www.kde.org/info/security/advisory - 20021111 - 1. - txt参考:曼德拉草:MDKSA-2002:079参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 079. - php参考:REDHAT: RHSA-2002:220参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 220. - html参考:DEBIAN: dsa - 204参考:网址:http://www.debian.org/security/2002/dsa - 204参考:BUGTRAQ: 20021114 GLSA: kdelibs参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2参考:XF: kde-rlogin-command-execution(10602)参考:网址:http://www.iss.net/security_center/static/10602.php参考:报价:6182参考:网址:http://www.securityfocus.com/bid/6182未知的漏洞在KDE的远程登录命令克钦独立组织子系统(rlogin.protocol) 2。x 2.1及以后,KDE 3。x 3.0.4之前,允许本地和远程攻击者通过一个特定的URL执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1281 3供应商确认:对咨询内容的决定:模糊,SF-LOC抽象:自从telnet。协议问题只出现在KDE 2。x,但远程登录命令。协议问题出现在2。x *和* 3。x, CD: SF-LOC表明创建单独的标识符,因为远程登录命令。比telnet.protocol协议问题出现在一个不同的版本。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1282网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1282最终决定:阶段性裁决:修改:建议:20030317分配:20021112类别:科幻参考:BUGTRAQ: 20021112 KDE安全顾问:远程登录命令。协议和telnet。协议URL克钦独立组织脆弱参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103712550205730&w=2参考:曼德拉草:MDKSA-2002:079参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 079. - php参考:REDHAT: RHSA-2002:220参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 220. - html参考:DEBIAN: dsa - 204参考:网址:http://www.debian.org/security/2002/dsa - 204参考:确认:http://www.kde.org/info/security/advisory - 20021111 - 1. - txt参考:BUGTRAQ: 20021114 GLSA: kdelibs参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2参考:XF: kde-telnet-command-execution(10603)参考:网址:http://www.iss.net/security_center/static/10603.php参考:报价:6182参考:网址:http://www.securityfocus.com/bid/6182未知的漏洞在KDE的telnet克钦独立组织子系统(telnet.protocol) 2。x 2.1,后来允许本地和远程攻击者通过一个特定的URL执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1282 3供应商确认:对咨询内容的决定:模糊,SF-LOC抽象:自从telnet。协议问题只出现在KDE 2。x,但远程登录命令。协议问题出现在2。x *和* 3。x, CD: SF-LOC表明创建单独的标识符,因为远程登录命令。比telnet.protocol协议问题出现在一个不同的版本。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1306网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1306最终决定:阶段性裁决:修改:建议:20030317分配:20021114类别:科幻参考:BUGTRAQ: 20021112 KDE安全顾问:resLISa / LISa漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103712329102632&w=2参考:SUSE: SuSE-SA: 2002:042参考:网址:http://www.suse.de/de/security/2002_042_kdenetwork.html参考:曼德拉草:MDKSA-2002:080参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 080. - php参考:REDHAT: RHSA-2002:220参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 220. - html参考:确认:http://www.kde.org/info/security/advisory - 20021111 - 2. - txt参考:DEBIAN: dsa - 214参考:网址:http://www.debian.org/security/2002/dsa - 214参考:BUGTRAQ: 20021114 GLSA: kdelibs参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103728981029342&w=2参考:CIAC: n - 020参考:网址:http://www.ciac.org/ciac/bulletins/n - 020. shtml参考:XF: kde-kdenetwork-lisa-bo(10597)参考:网址:http://www.iss.net/security_center/static/10597.php参考:XF: kde-kdenetwork-lan-bo(10598)参考:网址:http://www.iss.net/security_center/static/10598.php丽莎在KDE 2多个缓冲区溢出。x 2.1,后来,KDE 3。x 3.0.4之前,允许(1)本地和远程攻击者通过“丽莎”守护进程执行任意代码,和(2)远程攻击者执行任意代码通过一个特定的“局域网:/ / URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1306 3供应商确认:对咨询内容的决定:SF-LOC抽象:- 2002 - 1247 (resLISA / LOGNAME溢出)的不同可以- 2002 - 1306 (lisa守护进程溢出,局域网:/ /溢出),因为有证据表明,这两个候选人分别对待,因此一些丽莎包可能固定一个问题而不是其他。因此这些问题应该保持分裂。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1402网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1402最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:BUGTRAQ:前轮驱动:20020824(一般)PostgreSQL 7.2.2:安全发布参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103021186622725&w=2参考:确认:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php参考:SUSE: SuSE-SA: 2002:038参考:确认:http://archives.postgresql.org/pgsql-announce/2002-08/msg00004.php参考:CONECTIVA: CLA-2002:524参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000524参考:曼德拉草:MDKSA-2002:062参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2002:062参考:BUGTRAQ: 20020826 GLSA: PostgreSQL参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103036987114437&w=2缓冲区溢出(1)TZ和(2)对于环保也是有益的时区变量设置PostgreSQL 7.2.1和早些时候允许本地用户可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1402 3供应商确认:未知的内容决定:SF-LOC抽象:大量的缓冲区溢出等问题在PostgreSQL 7.2中被发现。在2002年8月x。解决这些不同的问题的过程是相当艰巨的。CD: SF-LOC可能建议结合大多数溢出到单个项目,一些安全警告是含糊不清,似乎适合创建独立的候选人单独的报告,以便供应商可能澄清他们的客户哪些问题(或没有)修复。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群unix - 2002 - 52的候选人
- 下一个按日期:(提案)集群unix - 2002 c - 36的候选人
- Prev线程:(提案)集群unix - 2002 - 52的候选人
- 下一个线程:(提案)集群unix - 2002 c - 36的候选人
- 指数(es):
