(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(提案)集群unix - 2002 c - 36的候选人
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(建议):集群unix - 2002 c - 36的候选人
- 从:“史蒂文·m·Christey " <coley@LINUS.mitre.org>
- 日期:2003年3月17日,星期一,-0500年18:22:12(美国东部时间)
- 交货日期:2003年3月17日18:22:17星期一
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我提出集群unix - 2002 c,供编辑部评论和投票。名称:unix - 2002 c描述:罐在Linux中报告从2002年12月大小:36通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2002-1158 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1158最终决定:阶段性裁决:修改:建议:20030317分配:20020926类别:科幻参考:REDHAT: RHSA-2002:246参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 246. - html早些时候在美人蕉3.5 b2和缓冲区溢出允许本地用户作为本用户执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1158 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1159网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1159最终决定:阶段性裁决:修改:建议:20030317分配:20020926类别:科幻参考:REDHAT: RHSA-2002:246参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 246. - html3.6和更早的美人蕉不正确验证请求,它允许远程攻击者造成拒绝服务或信息泄漏。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1159 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1160网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1160最终决定:阶段性裁决:修改:建议:20030317分配:20020926类别:CF参考:BUGTRAQ: 20021214 BDT_AV200212140001:不安全的默认值:使用pam_xauth苏从sh-utils包参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104431622818954&w=2参考:REDHAT: RHSA-2003:035参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 035. - html参考:曼德拉草:MDKSA-2003:017参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:017参考:XF: linux-pamxauth-gain-privileges(11254)参考:网址:http://www.iss.net/security_center/static/11254.phppam_xauth模块的缺省配置将MIT-Magic-Cookies转发到新的X会话,这可能允许本地用户获得根权限从临时.xauth文件偷了饼干,这是创建与原始用户的凭证后根本使用su。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1160 1供应商确认:未知的准确性:尽管Andreas贝克的文章似乎是12月14日,2002年,它实际上并没有公布,直到2月3日,2002年,反映在供应商响应部分。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1341网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1341最终决定:阶段性裁决:修改:建议:20030317分配:20021205类别:科幻参考:BUGTRAQ: 20021203 SquirrelMail v1.2.9 XSS漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103893844126484&w=2参考:MISC:http://f0kp.iplus.ru/bz/008.txt参考:BUGTRAQ: 20021203 Re: SquirrelMail v1.2.9 XSS漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103911130503272&w=2参考:BUGTRAQ: 20021215 GLSA: squirrelmail参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104004924002662&w=2参考:DEBIAN: dsa - 220参考:网址:http://www.debian.org/security/2002/dsa - 220参考:REDHAT: RHSA-2003:042参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 042. - html跨站点脚本(XSS)在read_body脆弱性。php为SquirrelMail 1.2.10 1.2.9,允许远程攻击者插入脚本和HTML早些时候通过邮箱(1)和(2)passed_id参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1341 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1344网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1344最终决定:阶段性裁决:修改:建议:20030317分配:20021209类别:科幻参考:BUGTRAQ: 20021211目录遍历漏洞在FTP客户参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103962838628940&w=2参考:REDHAT: RHSA-2002:229参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 229. - html参考:CONECTIVA: CLA-2002:552参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000552参考:DEBIAN: dsa - 209参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103973388702700&w=2参考:曼德拉草:MDKSA-2002:086参考:网址:http://www.linux mandrake.com/en/security/2002/mdksa - 2002 - 086. - php参考:BUGTRAQ: 20021219 tslsa - 2002 - 0089 - wget参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104033016703851&w=2参考:报价:6352参考:网址:http://www.securityfocus.com/bid/6352目录遍历脆弱性在wget 1.8.2-4允许远程FTP服务器创建或覆盖文件作为wget用户通过文件名包含(1)/绝对路径或(2). .(点点)序列。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1344 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1348网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1348最终决定:阶段性裁决:修改:建议:20030317分配:20021210类别:科幻参考:确认:http://sourceforge.net/project/shownotes.php?release_id=126233参考:REDHAT: RHSA-2003:044参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 044. - html参考:BUGTRAQ: 20030217 GLSA: w3m参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104552193927323&w=2参考:XF: w3m-img-alt-xss(11266)参考:网址:http://www.iss.net/security_center/static/11266.phpw3m 0.3.2.2之前不正确地转义HTML标记一个IMG标记的ALT属性,从而允许远程攻击者访问文件或饼干。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1348 1供应商确认:是的咨询确认:0.3.2.2描述了“另一个安全漏洞的changelog w3m 0.3.2。x w3m将错过转义html标签在img alt属性,因此恶意html框架可能欺骗你来访问本地文件,饼干等等。”NOTE: CAN-2002-1404 was also assigned to this issue. However, it is being rejected in favor of CAN-2002-1348. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2002-1350 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1350最终决定:阶段性裁决:修改:建议:20030317分配:20021213类别:科幻参考:DEBIAN: dsa - 206参考:网址:http://www.debian.org/security/2002/dsa - 206参考:BUGTRAQ: 20021219 tslsa - 2002 - 0084 - tcpdump参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104032975103398&w=2边界网关协议解码例程在tcpdump 3.6.2-2.2不正确复制数据,它允许远程攻击者可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1350 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1362网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1362最终决定:阶段性裁决:修改:建议:20030317分配:20021214类别:科幻参考:DEBIAN: dsa - 211参考:网址:http://www.debian.org/security/2002/dsa - 211mICQ 0.4.9早些时候,允许远程攻击者造成拒绝服务(崩溃)通过畸形ICQ消息类型没有以0 xfe分隔符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1362 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1363网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1363最终决定:阶段性裁决:修改:建议:20030317分配:20021214类别:科幻参考:DEBIAN: dsa - 213参考:网址:http://www.debian.org/security/2002/dsa - 213参考:REDHAT: RHSA-2003:006参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 006. - html便携式网络图形(PNG)库(1)libpng 1.2.1和早些时候,和(2)libpng3 1.2.5早些时候,不正确地计算偏移量,它允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码通过一个缓冲区溢出攻击行缓冲。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1363 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1365网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1365最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021213咨询05/2002:另一个远程漏洞Fetchmail参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103979751818638&w=2参考:MISC:http://security.e-matters.de/advisories/052002.html参考:BUGTRAQ: 20021215 GLSA: fetchmail参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104004858802000&w=2参考:CONECTIVA: CLA-2002:554参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554参考:REDHAT: RHSA-2002:293参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 293. - html参考:SUSE: SuSE-SA: 2003:001参考:火山口:综援- 2003 - 001.0参考:曼德拉草:MDKSA-2003:011参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:011参考:ENGARDE: esa - 20030127 - 002基于堆的缓冲区溢出在Fetchmail 6.1.3早些时候,不占“@”字符为本地地址确定缓冲区的长度时,它允许远程攻击者执行任意代码通过一个头与大量的本地地址。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1365 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1366网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1366最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2参考:VULNWATCH: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html参考:MISC:http://www.idefense.com/advisory/12.19.02.txt参考:REDHAT: RHSA-2002:295参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 295. - html常见的Unix印刷系统(杯)1.1.14通过与lp 1.1.17允许本地用户权限来创建或覆盖任意文件通过文件竞态条件,证明了冰淇淋。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1366 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1367网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1367最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2参考:VULNWATCH: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html参考:MISC:http://www.idefense.com/advisory/12.19.02.txt参考:REDHAT: RHSA-2002:295参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 295. - html常见的Unix印刷系统(杯)1.1.14通过1.1.17允许远程攻击者添加打印机没有认证通过一定的UDP数据包,然后可以用来执行未经授权的活动,比如偷窃的地方根证书管理服务器通过一个“需要授权”页面,新可口可乐做了演示。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1367 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1368网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1368最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2参考:VULNWATCH: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html参考:MISC:http://www.idefense.com/advisory/12.19.02.txt参考:REDHAT: RHSA-2002:295参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 295. - html常见的Unix印刷系统(杯)1.1.14通过1.1.17允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,导致负参数送入memcpy()调用通过HTTP请求与(1)消极的内容长度值或(2)负分块传输编码长度。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1368 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1369网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1369最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2参考:VULNWATCH: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html参考:MISC:http://www.idefense.com/advisory/12.19.02.txt参考:REDHAT: RHSA-2002:295参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 295. - html就业机会。c在常见的Unix印刷系统(杯)1.1.14通过1.1.17不正确使用strncat函数调用在处理选项字符串,它允许远程攻击者通过缓冲区溢出攻击执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1369 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1371网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1371最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2参考:VULNWATCH: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html参考:MISC:http://www.idefense.com/advisory/12.19.02.txt参考:REDHAT: RHSA-2002:295参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 295. - html过滤器/ image-gif。c在常见的Unix印刷系统(杯)1.1.14通过1.1.17不正确检查长度为零的GIF图像,它允许远程攻击者通过修改执行任意代码块头,nogif做了演示。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1371 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1372网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1372最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2参考:VULNWATCH: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html参考:MISC:http://www.idefense.com/advisory/12.19.02.txt参考:REDHAT: RHSA-2002:295参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 295. - html常见的Unix印刷系统(杯)1.1.14通过1.1.17不正确检查各种文件和套接字操作的返回值,这可能允许远程攻击者造成拒绝服务(资源枯竭)导致文件描述符被分配,而不是释放,证明了芬达。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1372 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1373网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1373最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021212咨询04/2002:多个MySQL漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2参考:MISC:http://security.e-matters.de/advisories/042002.html参考:BUGTRAQ: 20021219 tslsa - 2002 - 0086 - mysql参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104033188706000&w=2参考:REDHAT: RHSA-2002:288参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 288. - html参考:ENGARDE: esa - 20030127 - 001带符号整数的脆弱性为MySQL 3.23 COM_TABLE_DUMP包。x之前3.23.54允许远程攻击者造成拒绝服务(崩溃或挂起)在mysqld造成大负整数memcpy调用提供。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1373 1供应商确认:未知的准确性:MySQL开发人员(Sergei Golubchik)通过电子邮件确认唯一的3.23分支的影响。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1374网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1374最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021212咨询04/2002:多个MySQL漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2参考:MISC:http://security.e-matters.de/advisories/042002.html参考:ENGARDE: esa - 20021213 - 033参考:网址:http://www.linuxsecurity.com/advisories/engarde_advisory - 2660. - html参考:BUGTRAQ: 20021215 GLSA: mysql参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2参考:BUGTRAQ: 20021216 [OpenPKG - sa - 2002.013] OpenPKG安全顾问(mysql)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2参考:BUGTRAQ: 20021219 tslsa - 2002 - 0086 - mysql参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104033188706000&w=2参考:REDHAT: RHSA-2002:288参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 288. - html在MySQL 3 COM_CHANGE_USER命令。x 3.23.54之前,4。x 4.0.6之前,允许远程攻击者获得特权使用字符密码通过蛮力攻击,导致MySQL只比较所提供的密码和第一个字符的密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1374 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1375网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1375最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021212咨询04/2002:多个MySQL漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2参考:MISC:http://security.e-matters.de/advisories/042002.html参考:ENGARDE: esa - 20021213 - 033参考:网址:http://www.linuxsecurity.com/advisories/engarde_advisory - 2660. - html参考:BUGTRAQ: 20021215 GLSA: mysql参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2参考:BUGTRAQ: 20021216 [OpenPKG - sa - 2002.013] OpenPKG安全顾问(mysql)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2参考:BUGTRAQ: 20021219 tslsa - 2002 - 0086 - mysql参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104033188706000&w=2参考:REDHAT: RHSA-2002:288参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 288. - html在MySQL 3 COM_CHANGE_USER命令。x 3.23.54之前,4。x 4.0.6,允许远程攻击者通过很长的响应执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1375 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1376网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1376最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:BUGTRAQ: 20021212咨询04/2002:多个MySQL漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103971644013961&w=2参考:MISC:http://security.e-matters.de/advisories/042002.html参考:ENGARDE: esa - 20021213 - 033参考:网址:http://www.linuxsecurity.com/advisories/engarde_advisory - 2660. - html参考:BUGTRAQ: 20021215 GLSA: mysql参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104004857201968&w=2参考:BUGTRAQ: 20021216 [OpenPKG - sa - 2002.013] OpenPKG安全顾问(mysql)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104005886114500&w=2参考:BUGTRAQ: 20021219 tslsa - 2002 - 0086 - mysql参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104033188706000&w=2参考:REDHAT: RHSA-2002:288参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 288. - html在MySQL 3 libmysqlclient客户端库。x 3.23.54, 4。x 4.0.6,不正确验证字段长度对某些反应(1)或(2)read_one_row read_rows例程,它允许远程攻击者可能导致拒绝服务和执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1376 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1377网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1377最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:MISC:http://lists.netsys.com/pipermail/full-disclosure/2002-December/003330.html参考:MISC:http://www.guninski.com/vim1.html参考:REDHAT: RHSA-2002:297参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 297. - html参考:曼德拉草:MDKSA-2003:012参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:012vim 6.0和6.1,可能还有其他版本,允许攻击者执行任意命令使用modeline libcall特性,时不沙箱但可能执行vim作为一个编辑用于杂种狗等其他产品。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1377 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1383网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1383最终决定:阶段性裁决:修改:建议:20030317分配:20021218类别:科幻参考:BUGTRAQ: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104032149026670&w=2参考:VULNWATCH: 20021219 iDEFENSE安全顾问12.19.02:多个安全漏洞在常见的Unix印刷系统(杯)参考:网址:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html参考:MISC:http://www.idefense.com/advisory/12.19.02.txt参考:REDHAT: RHSA-2002:295参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 295. - html多个整数溢出常见的Unix印刷系统(杯)1.1.14通过1.1.17允许远程攻击者执行任意代码通过(1)CUPSd HTTP接口,vanilla-coke的经验显示,和(2)图像处理代码杯过滤器,mksun做了演示。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1383 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1384网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1384最终决定:阶段性裁决:修改:建议:20030317分配:20021218类别:科幻参考:VULNWATCH: 20021223 iDEFENSE安全顾问12.23.02:整数溢出pdftops参考:MISC:http://www.idefense.com/advisory/12.23.02.txt参考:DEBIAN: dsa - 222参考:网址:http://www.debian.org/security/2003/dsa - 222参考:DEBIAN: dsa - 226参考:网址:http://www.debian.org/security/2003/dsa - 226参考:BUGTRAQ: 20030102 GLSA: xpdf参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104152282309980&w=2参考:REDHAT: RHSA-2002:295参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 295. - html参考:REDHAT: RHSA-2003:037参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 037. - htmlXpdf pdftops整数溢出,用2.01和早些时候,xpdf-i,和杯子1.1.18之前,允许本地用户执行任意代码通过一个色彩条目与大量的元素,cups-pdf做了演示。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1384 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1388网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1388最终决定:阶段性裁决:修改:建议:20030317分配:20021230类别:科幻参考:确认:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com参考:DEBIAN: dsa - 221参考:网址:http://www.debian.org/security/2002/dsa - 221跨站点脚本(XSS)脆弱性在MHonArc 2.5.14允许远程攻击者注入任意HTML web存档页面通过HTML邮件消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1388 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1389网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1389最终决定:阶段性裁决:修改:建议:20030317分配:20021230类别:科幻参考:DEBIAN: dsa - 217参考:网址:http://www.debian.org/security/2002/dsa - 217缓冲区溢出在typespeed 0.4.2早些时候通过长输入允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1389 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1390网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1390最终决定:阶段性裁决:修改:建议:20030317分配:20030106类别:科幻参考:确认:http://cristal.inria.fr/ ddr GeneWeb / en /版本/ 4.09.html参考:DEBIAN: dsa - 223参考:网址:http://www.debian.org/security/2003/dsa - 223这个守护进程之前GeneWeb 4.09不妥善处理请求的路径,它允许远程攻击者通过精心读取任意文件的URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1390 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1396网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1396最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:BUGTRAQ: 20021227缓冲区溢出在PHP中“自动换行”函数参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104102689503192&w=2参考:确认:http://bugs.php.net/bug.php?id=20927参考:REDHAT: RHSA-2003:017参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 017. - html参考:ENGARDE: esa - 20030219 - 003参考:SUSE: SuSE-SA: 2003:0009参考:曼德拉草:MDKSA-2003:019参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:019基于堆的缓冲区溢出后的自动换行功能在PHP 4.1.2安装之前,4.3.0允许攻击者可能导致拒绝服务或执行任意代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1396 1供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1342网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1342最终决定:阶段性裁决:修改:建议:20030317分配:20021205类别:科幻/ CF / MP / SA / /未知参考:DEBIAN: dsa - 203参考:网址:http://www.debian.org/security/2002/dsa - 203早些时候在smb2www 980804 - 16和未知漏洞允许远程攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1342 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1347网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1347最终决定:阶段性裁决:修改:建议:20030317分配:20021210类别:科幻参考:BUGTRAQ: 20021209居鲁士SASL库缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=103946297703402&w=2参考:REDHAT: RHSA-2002:283参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 283. - html早些时候在塞勒斯SASL图书馆2.1.9和缓冲区溢位允许远程攻击者可能导致拒绝服务和执行任意代码通过(1)输入用户名规范化期间,(2)字符需要使用saslauthd逃在LDAP身份验证,或(3)中的一个错误日志作家,不为null字符分配空间,终止一个字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1347 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1355网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1355最终决定:阶段性裁决:修改:建议:20030317分配:20021213类别:科幻参考:确认:http://www.ethereal.com/appnotes/enpa - sa - 00007. - html参考:确认:http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-bgp.c.diff?r1=1.68&r2=1.69参考:REDHAT: RHSA-2002:290参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 290. - html多个整数signedness错误在飘渺的边界网关协议解剖器0.9.7早些时候,允许远程攻击者造成拒绝服务(无限循环)通过畸形的消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1355 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1356网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1356最终决定:阶段性裁决:修改:建议:20030317分配:20021213类别:科幻参考:确认:http://www.ethereal.com/appnotes/enpa - sa - 00007. - html参考:确认:http://www.ethereal.com/cgi-bin/viewcvs.cgi/ethereal/packet-lmp.c rev1.13参考:REDHAT: RHSA-2002:290参考:网址:http://www.redhat.com/support/errata/rhsa - 2002 - 290. - html飘渺的0.9.7早些时候,允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码通过(1)LMP畸形数据包,(2)购买力平价,或(3)TDS解剖器,可能缺少相关领域EndVerifyAck消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1356 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1378网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1378最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:SUSE: SuSE-SA: 2002:047参考:网址:http://www.suse.de/de/security/2002_047_openldap2.html参考:DEBIAN: dsa - 227参考:网址:http://www.debian.org/security/2003/dsa - 227参考:REDHAT: RHSA-2003:040参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 040. - html参考:曼德拉草:MDKSA-2003:006参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006多个缓冲区溢出OpenLDAP2 (OpenLDAP 2) 2.2.0早些时候,允许远程攻击者执行任意代码通过(1)- t - r参数slurpd提供,(2)一个恶意ldapfilter。配置文件,不是由getfilter妥善处理函数,(3)恶意ldaptemplates。配置导致libldap溢出,(4)特定的访问控制列表,导致一个在slapd溢出,或(5)生成的文件名复制日志拒绝请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1378 3供应商确认:对咨询内容的决定:SF-LOC,模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1379网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1379最终决定:阶段性裁决:修改:建议:20030317分配:20021216类别:科幻参考:SUSE: SuSE-SA: 2002:047参考:网址:http://www.suse.de/de/security/2002_047_openldap2.html参考:DEBIAN: dsa - 227参考:网址:http://www.debian.org/security/2003/dsa - 227参考:REDHAT: RHSA-2003:040参考:曼德拉草:MDKSA-2003:006参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006OpenLDAP2 (OpenLDAP 2) 2.2.0早些时候,允许远程或本地攻击者执行任意代码当libldap读取.ldaprc文件在运行的应用程序提供额外的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1379 3供应商确认:对咨询内容的决定:SF-LOC,模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1393网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1393最终决定:阶段性裁决:修改:建议:20030317分配:20030106类别:科幻参考:BUGTRAQ: 20021221 KDE安全顾问:多个漏洞在KDE参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104049734911544&w=2参考:BUGTRAQ: 20021222 GLSA: kde - 3.0。x参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=104066520330397&w=2参考:确认:http://www.kde.org/info/security/advisory - 20021220 - 1. - txt参考:DEBIAN: dsa - 237参考:网址:http://www.debian.org/security/2003/dsa - 237参考:DEBIAN: dsa - 238参考:网址:http://www.debian.org/security/2003/dsa - 238参考:DEBIAN: dsa - 239参考:网址:http://www.debian.org/security/2003/dsa - 239参考:DEBIAN: dsa - 240参考:网址:http://www.debian.org/security/2003/dsa - 240参考:DEBIAN: dsa - 241参考:网址:http://www.debian.org/security/2003/dsa - 241参考:DEBIAN: dsa - 242参考:网址:http://www.debian.org/security/2003/dsa - 242参考:DEBIAN: dsa - 243参考:网址:http://www.debian.org/security/2003/dsa - 243参考:CONECTIVA: CLA-2003:569参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000569多个漏洞KDE 2和KDE 3。x通过3.0.5不引用某些参数插入一个shell命令,这可能允许远程攻击者执行任意命令通过url(1)、(2)文件名,或(3)的电子邮件地址。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1393 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1395网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1395最终决定:阶段性裁决:修改:建议:20030317分配:20030107类别:科幻参考:DEBIAN: dsa - 202参考:网址:http://www.debian.org/security/2002/dsa - 202参考:报价:6307参考:网址:http://online.securityfocus.com/bid/6307互联网消息(IM) 141 - 18和早期使用可预测的文件和目录名称,本地用户可以(1)获得授权通过impwagent使用的临时目录,目录权限,(2)通过immknmz覆盖并创建任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1395 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2002 - 1508网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2002 - 1508最终决定:阶段性裁决:修改:建议:20030317分配:20030206类别:科幻参考:SUSE: SuSE-SA: 2002:047参考:网址:http://www.suse.de/de/security/2002_047_openldap2.html参考:REDHAT: RHSA-2003:040参考:网址:http://www.redhat.com/support/errata/rhsa - 2003 - 040. - html参考:DEBIAN: dsa - 227参考:网址:http://www.debian.org/security/2003/dsa - 227参考:曼德拉草:MDKSA-2003:006参考:网址:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:006参考:XF: openldap-acl-slapd-bo(11288)参考:网址:http://www.iss.net/security_center/static/11288.phpslapd在OpenLDAP2 (OpenLDAP 2) 2.2.0早些时候,允许本地用户覆盖任意文件通过竞争条件在拒绝复制请求创建一个日志文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2002 - 1508 3供应商确认:对咨询内容的决定:模糊的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:
- 上一页的日期:(提案)集群unix - 2002 b - 58候选人
- 下一个按日期:(提案)集群unix - 2003 - 35的候选人
- Prev线程:(提案)集群unix - 2002 b - 58候选人
- 下一个线程:(提案)集群unix - 2003 - 35的候选人
- 指数(es):
