[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[OOB] Out-of-band candidates for August 11, 2000
The following candidate number has been *assigned* to a highly publicized security problem. This "out-of-band" candidate is being posted to the Editorial Board list so that candidate numbers can be made available as soon as possible for the most serious security issues. As a reminder, Board members can request out-of-band candidates for recently publicized security issues that have a broad effect. This out-of-band candidate is *not* being proposed for votes at this time. It will be included in the next round of RECENT-XX clusters. As we begin to work more closely with software vendors, we may be able to identify a more appropriate way to make such candidates more widely and rapidly available, e.g. by annotating advisories with candidate numbers. However, out-of-band assignment (and candidate reservation, aka pre-publication candidate assignment) are currently the best approaches available. Out-of-band assignment will be discussed in more detail at the upcoming Board meeting. - Steve ================================= Candidate: CAN-2000-0676 Published: Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20000811 Category: SF Reference: CERT:CA-2000-15 Reference: URL:http://www.cert.org/advisories/CA-2000-15.html Reference: BID:1546 Reference: URL:http://www.securityfocus.com/bid/1546 Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.