[技术]候选人有足够的选票——但没有供应商确认!

,以下26候选人有足够的选票成为官方的条目。然而,供应商似乎并没有证实,它们的存在。上周在董事会会议上,与会者认为,选民们不应该接受一个候选人,除非他们是合理确定问题是真实的。鉴于没有明显的供应商确认,这些26候选人将需要从其他来源的支持。谁能确认这些问题吗?你信任的来源吗?如果是这样,请使用一个接受的候选人投票,包括你为什么你认为这个问题的原因是真实的。注意,这些26候选人代表33%的78名候选人,准备搬到临时决定不投票确认。其他52候选人供应商确认,所以我熟悉移动他们临时决定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。 If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the moderator to determine whether or not a candidate is added to CVE. Where there is disagreement, the moderator must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ================================= Candidate: CAN-1999-0676 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990808 stdcm_convert Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org参考:XF: sun-stdcm-convert参考:报价:575 stdcm_convert在Solaris 2.6允许本地用户覆盖敏感文件通过一个符号链接攻击。推断行动:- 1999 - 0676能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener,弗伦奇等待Ozancin修改(1)(1)Christey评论:弗雷希> CHGREF XF:弗伦奇> CHGREF sun-sdtcm-convert BUGTRAQ: 19990808 sdtcm_convert弗雷希>描述需要更改sdtcm_convert Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0711:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990430 *大*安全漏洞与人性化智能代理安装Oracle 8.0.5参考:网址:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1参考:XF: oracle-oratclsh oratclsh解释器在Oracle 8。x智能代理Unix允许本地用户执行Tcl命令作为根。修改:CHANGEREF BUGTRAQ[添加日期]推断行动:- 1999 - 0711能接受(3接受0 ack, 0评论)目前投票:接受(3)Stracener Ozancin,弗雷希无操作(1)Christey评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey > Bugtraq多个验证。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0720:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD /猞猁/ vlock / mc / glibc 2.0。x参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355 - 300000 @nimue.ids.pl参考报价:597参考:XF: linux-pt-chown pt_chown命令在Linux中允许本地用户修改遥控终端设备,属于其他用户。修改:ADDREF BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD /猞猁/ vlock / mc / glibc 2.0。x ADDREF网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355 - 300000 @nimue.ids.pl推断行动:- 1999 - 0720能接受(3接受0 ack, 0评论)目前投票:接受(2)Ozancin,弗雷希修改(1)Stracener等待(1)Christey评论:Stracener >添加裁判:BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD Stracener > /猞猁/ Stracener > vlock / mc / glibc 2.0。x Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0747:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990816对称多处理(SMP) Vulnerbility BSDi 4.0.1参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsi.4.10.9908170253560.19291 - 100000 @saturn.psn.net参考报价:589参考:XF: bsdi-smp-dos拒绝服务在BSDi对称多处理(SMP)当一个函数调用时,系统具有较高的CPU负载。修改:CHANGEREF BUGTRAQ[添加日期]推断行动:- 1999 - 0747能接受(3接受0 ack, 0评论)目前投票:接受(2)Ozancin,弗雷希修改(1)Stracener等待(1)Christey评论:Stracener >添加日期裁判上图:BUGTRAQ: 19990817对称…由供应商Christey >这个候选人是未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0773:最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990511 Solaris2.6和2.7 lpset溢出参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017参考:XF: sol-lpset-bo缓冲区溢出在Solaris lpset程序允许本地用户获得根访问。推断行动:- 1999 - 0773能接受(3接受0 ack, 0评论)目前投票:接受(3)Stracener Ozancin,弗雷希无操作(1)Christey评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey >影子企鹅UNYUN发布的安全。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0776:最终决定:阶段性裁决:修改:建议:19991214分配:19991125类别:科幻参考:NTBUGTRAQ: 19990506“. .”洞在阿里巴巴2.0参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533参考:XF: http-alibaba-dotdot阿里巴巴HTTP服务器允许远程攻击者读取文件通过一个. .(点点)攻击。推断行动:- 1999 - 0776能接受(3接受0 ack, 0评论)目前投票:接受(3)布莱克,Stracener,弗雷希无操作(2)科尔,Christey评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey > Arne Vidstrom代传。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0780:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19981118多个KDE安全漏洞(根妥协)参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457参考:XF: kde-klock-process-kill KDE klock纽约允许本地用户杀死任意进程通过指定任意.kss PID。pid文件。修改:ADDREF XF: kde-klock-process-kill推断行动:- 1999 - 0780能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener,弗伦奇等待Ozancin修改(1)(1)Christey评论:弗雷希> XF: kde-klock-process-kill Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0781:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19981118多个KDE安全漏洞(根妥协)参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457参考:XF: kde-klock-bindir-trojans KDE允许本地用户执行任意命令通过设置环境变量KDEDIR修改KDE使用定位其可执行文件的搜索路径。修改:ADDREF XF: kde-klock-bindir-trojans推断行动:- 1999 - 0781能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener,弗伦奇等待Ozancin修改(1)(1)Christey评论:弗雷希> XF: kde-klock-bindir-trojans Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0782:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19981118多个KDE安全漏洞(根妥协)参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457参考:XF: kde-kppp-directory-create KDE kppp允许本地用户在任意位置创建一个目录通过家庭环境变量。修改:ADDREF XF: kde-kppp-directory-create推断行动:- 1999 - 0782能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener,弗伦奇等待Ozancin修改(1)(1)Christey评论:弗雷希> kde-kppp-directory-create Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0803:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990525 IBM AIX参考eNetwork防火墙:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2参考:XF: ibm-enfirewall-tmpfiles fwluser脚本在AIX eNetwork防火墙允许本地用户编写任意文件通过一个符号链接攻击。修改:CHANGEREF BUGTRAQ[添加日期]ADDREF XF: ibm-enfirewall-tmpfiles推断行动:- 1999 - 0803能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener,弗伦奇等待Ozancin修改(1)(1)Christey评论:弗雷希> XF:弗伦奇> ibm-efirewall-tmpfiles BUGTRAQ:添加19990525 Christey >这个候选人是由供应商未经证实的。Christey > Christey >海报声称APAR (IR39562)创建。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0816:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19980510安全漏洞在摩托罗拉CableRouters参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621参考:XF: motorola-cable-default-pass摩托罗拉CableRouter允许任何远程用户连接和配置路由器在端口1024上。修改:ADDREF XF: motorola-cable-default-pass内容判定:CF-DEF-PASS推断行动:- 1999 - 0816能接受(3接受0 ack, 0评论)HAS_CDS目前投票:接受(2)科尔,弗伦奇等待Stracener修改(1)(1)Christey评论:弗雷希> XF: motorola-cable-default-pass Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0885:最终决定:阶段性裁决:修改:20000313 - 01提议:19991214分配:19991208类别:科幻参考:BUGTRAQ: 19991103更多阿里巴巴Web服务器的问题……参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-11-01&msg=01BF261F.928821E0.kerb@fnusa.com参考报价:770参考:XF: alibaba-url-file-manipulation阿里巴巴web服务器允许远程攻击者执行命令通过一个管道字符在一个畸形的URL。修改:ADDREF XF: alibaba-url-file-manipulation推断行动:- 1999 - 0885能接受(3接受0 ack, 0评论)目前投票:接受(2)布莱克,弗伦奇等待Stracener修改(1)(2)科尔,Christey评论:弗雷希> XF: alibaba-url-file-manipulation Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0895:最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991020检查点防火墙1 V4.0:可能的错误在LDAP身份验证参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net防火墙1不适当限制访问LDAP属性。推断行动:- 1999 - 0895能接受(3接受0 ack, 0评论)目前投票:接受(2)科尔,弗伦奇等待Stracener修改(1)(1)Christey评论:弗雷希> XF: checkpoint-ldap-auth Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0897:最终决定:阶段性裁决:修改:20000313 - 01提议:19991214分配:19991208类别:科幻参考:BUGTRAQ: 19990908错误iChat 3.0(可能)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2参考:XF: ichat-file-read-vuln iChat房间网络服务器允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: ichat-file-read-vuln推断行动:- 1999 - 0897能接受(3接受0 ack, 0评论)目前投票:接受(2)布莱克,弗伦奇等待Stracener修改(1)(2)科尔,Christey评论:弗雷希> XF: ichat-file-read-vuln Christey >这个候选人是由供应商未经证实的。Christey > Christey >两个Bugtraq后续索赔问题已经解决。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0913:最终决定:阶段性裁决:修改:建议:19991214分配:19991208类别:科幻参考:BUGTRAQ: 19990804新南威尔士州龙火被淹死的参考:http://marc.theaimsgroup.com/?l=bugtraq&m=93383593909438&w=2参考报价:564 dfire。cgi脚本Dragon-Fire IDS允许远程用户通过执行命令shell元字符。推断行动:- 1999 - 0913 SMC_REVIEW(3接受,1审查)目前投票:接受(2)布莱克,弗伦奇等待Stracener修改(1)(1)科尔回顾(1)Christey评论:弗雷希> XF: dragon-fire-ids-metachar Christey >一些选民应该使用投弃权票。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0919:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19980510安全漏洞在摩托罗拉CableRouters参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621参考:XF: motorola-cable-crash内存泄漏在摩托罗拉CableRouter允许远程攻击者进行拒绝服务通过大量的telnet连接。修改:ADDREF XF: motorola-cable-crash推断行动:- 1999 - 0919 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(2)Stracener, Christey评论:弗雷希> XF: motorola-cable-crash Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0958:最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19980112 Re:洞MP-RAS sudo。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=2sudo 1.5。x允许本地用户执行任意命令通过一个. .(点点)攻击。推断行动:- 1999 - 0958能接受(3接受0 ack, 0评论)目前投票:接受(3)Stracener Ozancin,默无操作(1)Christey评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey >独立确认Bugtraq跟踪和一个海报Christey >声称一个补丁已经发布。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0961:最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19960921在惠普sysdiag Vunerability吗?参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2HPUX sysdiag允许本地用户获得根权限通过日志文件创建符号链接攻击。推断行动:- 1999 - 0961能接受(3接受0 ack, 0评论)目前投票:接受(3)Stracener Ozancin,默无操作(1)Christey评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey > Bugtraq跟踪验证了两个海报。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0997:最终决定:阶段性裁决:修改:建议:19991222分配:19991221类别:未知参考:BUGTRAQ: 19991220安全漏洞在某些wu-ftpd(导数)配置(fwd) wu-ftp启用了FTP转换允许攻击者执行命令通过一个畸形的文件名作为参数解释的程序执行转换,如焦油或解压。推断行动:- 1999 - 0997能接受(4接受,0 ack, 0评论)目前投票:接受(3)墙,科尔,弗伦奇等待Stracener修改(1)(1)Christey评论:弗雷希> XF: wuftp-ftp-conversion Christey >这个候选人是由供应商未经证实的。Christey > XF: wuftp-ftp-conversion并不存在。Christey > Christey >发布通过suid@suid.kg。看到http://www.suid.edu/advisories/001.txtChristey >详情。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 1005:最终决定:阶段性裁决:修改:建议:19991222分配:19991221类别:科幻参考:BUGTRAQ: 19991219 Groupewise Web界面参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2GWWEB Groupwise web服务器。EXE与. htm扩展允许远程攻击者读取任意文件通过一个. .(点点)攻击使用参数的帮助。推断行动:- 1999 - 1005能接受(3接受0 ack, 0评论)目前投票:接受(2)科尔,弗伦奇等待Stracener修改(1)(2)墙,Christey评论:弗雷希> XF: groupwise-web-read-files Christey >这个候选人是由供应商未经证实的。Christey > XF: groupwise-web-read-files并不存在。Christey > Christey >多个Bugtraq跟踪显示问题可能比当前更Christey >严重CVE描述说明。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 1007:最终决定:阶段性裁决:修改:建议:19991222分配:19991221类别:科幻参考:BUGTRAQ: 19991213 VDO生活玩家3.02缓冲区溢位参考:http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2参考报价:872缓冲区溢出VDO生活玩家允许远程攻击者通过畸形.vdo VDO客户机上执行命令文件。推断行动:- 1999 - 1007能接受(4接受,0 ack, 0评论)目前投票:接受(3)墙,科尔,弗伦奇等待Stracener修改(1)(1)Christey评论:弗雷希> XF: vdolive-bo-execute Christey >这个候选人是由供应商未经证实的。Christey > XF: vdolive-bo-execute并不存在。Christey > Christey >影子企鹅UNYUN发布的安全。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 1008:最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991221类别:科幻参考:BUGTRAQ: 19991215 FreeBSD 3.3 xsoldier根利用参考:MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2参考:报价:871 xsoldier程序允许本地用户获得root访问通过很长一段的论点。推断行动:- 1999 - 1008能接受(3接受0 ack, 0评论)目前投票:接受(2)科尔,弗伦奇等待Stracener修改(1)(2)墙,Christey评论:弗雷希> XF: unix-xsoldier-overflow Christey >在freebsd-security确认邮件列表。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 1010:最终决定:阶段性裁决:修改:建议:19991222分配:19991221类别:科幻参考:BUGTRAQ: 19991214 sshd1允许加密会话不管服务器策略引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2SSH 1.2.27服务器允许客户端使用“没有”密码,即使它是服务器不允许的政策。推断行动:- 1999 - 1010能接受(3接受0 ack, 0评论)目前投票:接受(2)科尔,弗伦奇等待Stracener修改(1)(2)墙,Christey评论:弗雷希> XF: ssh-policy-bypass Christey >这个候选人是由供应商未经证实的。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0139:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2参考:报价:982参考:网址:http://www.securityfocus.com/bid/982互联网在任何地方POP3邮件服务器允许本地用户造成拒绝服务通过一个畸形RETR命令。推断行动:- 2000 - 0139能接受(3接受0 ack, 0评论)目前投票:接受(3)主教,布莱克,科尔等待(2)勒布朗,Christey评论:Christey >这个候选人是由供应商未经证实的。田中伸男(Nobuo Miwa Christey > Christey >报道,主持人BUGTRAQ-JP。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0140:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2参考:NTBUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:报价:980参考:网址:http://www.securityfocus.com/bid/980互联网在任何地方POP3邮件服务器允许远程攻击者通过大量导致拒绝服务的连接。推断行动:- 2000 - 0140能接受(3接受0 ack, 0评论)目前投票:接受(3)主教,布莱克,科尔等待(2)勒布朗,Christey评论:Christey >这个候选人是由供应商未经证实的。田中伸男(Nobuo Miwa Christey > Christey >报道,主持人BUGTRAQ-JP。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0144:最终决定:阶段性裁决:修改:建议:20000216分配:20000216类别:科幻参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html参考:BUGTRAQ: 20000207 Infosec.20000207.axis700。参考:报价:971参考:网址:http://www.securityfocus.com/bid/971轴700网络扫描仪不适当限制对管理员的访问的url,它允许用户绕过密码保护通过. .(点点)攻击。推断行动:- 2000 - 0144能接受(3接受0 ack, 0评论)目前投票:接受(3)主教,布莱克,科尔等待(2)勒布朗,Christey评论:Christey >海报声称厂商已经发布了一个补丁。投票: