(日期:][下一个日期][线程:][线程下][日期索引][线程索引]

31[最终]接受候选人从各种集群



我做出了最后决定接受以下候选人。这些候选人现在分配CVE名称如下表示。所得的CVE条目将在不久的将来公布CVE的一个新版本。投票和评论细节的末尾提供了这份报告。——史蒂夫候选人CVE的名字- - - - - - - - - - - - - - - - - - - - - - - - 1999 - 0676 CVE - 1999 - 0676 - 1999 - 0711 CVE - 1999 - 0711 - 1999 - 0720 CVE - 1999 - 0720 - 1999 - 0747 CVE - 1999 - 0747 - 1999 - 0773 CVE - 1999 - 0773 - 1999 - 0790 CVE - 1999 - 0790 - 1999 - 0799 CVE - 1999 - 0799 - 1999 - 0813 CVE - 1999 - 0813 - 1999 - 0888 CVE - 1999 - 0888 - 1999 - 0903 CVE - 1999 - 0903 - 1999 - 0906 CVE - 1999 - 0906 - 1999 - 0958 CVE - 1999 - 0958 - 1999 - 0961 CVE - 1999 - 0961 - 1999 - 1008 CVE - 1999 - 1008 - 2000 - 0044 CVE - 2000 - 0044 - 2000 - 0052 CVE - 2000 - 0052 - 2000 - 0053 CVE - 2000 - 0053 - 2000 - 0057 CVE - 2000 - 0057 - 2000 - 0062 CVE - 2000 - 0062 - 2000 - 0073 CVE - 2000 - 0073 - 2000 - 0083 CVE - 2000 - 0083 - 2000 - 0091 CVE - 2000 - 0091 - 2000 - 0095 CVE - 2000 - 0095 - 2000 - 0099 CVE - 2000 - 0099 - 2000 - 0100 CVE - 2000 - 0100 - 2000 - 0107 CVE - 2000 - 0107 - 2000 - 0131 CVE - 2000 - 0131 - 2000 - 0140 CVE - 2000 - 0140 - 2000 - 0144 CVE - 2000 - 0144 - 2000 - 0159 CVE - 2000 - 0159 - 2000 - 0183 CVE - 2000 - 0183 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0676:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990808 sdtcm_convert参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org参考:XF: sun-sdtcm-convert参考:报价:575参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=575sdtcm_convert在Solaris 2.6允许本地用户覆盖敏感文件通过一个符号链接攻击。修改:修改DESC和XF / Bugtraq REF stdcm_convert sdtcm_convert。推断行动:- 1999 - 0676能接受(3接受,1 ack, 0评论)目前投票:接受(2)Stracener,弗伦奇等待Ozancin修改(1)(1)勒布朗评论:弗雷希> CHGREF XF: sun-sdtcm-convert弗雷希> CHGREF BUGTRAQ: 19990808 sdtcm_convert弗雷希>描述需要更改sdtcm_convert = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0711:最终决定:20000418阶段性裁决:20000411修改:20000410 - 02年提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990430 *大*安全漏洞与人性化智能代理安装Oracle 8.0.5参考:网址:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1参考:BUGTRAQ: 19990506甲骨文安全后续补丁和FAQ: setuid oratclsh参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92609807906778&w=2参考:XF: oracle-oratclsh oratclsh解释器在Oracle 8。x智能代理Unix允许本地用户执行Tcl命令作为根。修改:CHANGEREF BUGTRAQ[添加日期]ADDREF BUGTRAQ: 19990506甲骨文安全后续补丁和FAQ: setuid oratclsh推断行动:- 1999 - 0711能接受(3接受,1 ack, 0评论)目前投票:接受(3)Stracener Ozancin,弗雷希无操作(2)Christey,勒布朗评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey > Bugtraq多个验证。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0720:最终决定:20000418阶段性裁决:20000411修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD /猞猁/ vlock / mc / glibc 2.0。x参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355 - 300000 @nimue.ids.pl参考:报价:597参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=597参考:XF: linux-pt-chown pt_chown命令在Linux中允许本地用户修改遥控终端设备,属于其他用户。修改:ADDREF BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD /猞猁/ vlock / mc / glibc 2.0。x ADDREF网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355 - 300000 @nimue.ids.pl推断行动:- 1999 - 0720能接受(3接受,1 ack, 0评论)目前投票:接受(2)Ozancin,弗雷希修改(1)Stracener等待(1)勒布朗评论:Stracener >添加裁判:BUGTRAQ: 19990823 (Linux) glibc 2.1。x / wu-ftpd < = 2.5 / BeroFTPD Stracener > /猞猁/ Stracener > vlock / mc / glibc 2.0。x = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0747:最终决定:20000418阶段性裁决:20000411修改:20000313 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990816对称多处理(SMP) Vulnerbility BSDi 4.0.1参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsi.4.10.9908170253560.19291 - 100000 @saturn.psn.net参考:报价:589参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=589参考:XF: bsdi-smp-dos拒绝服务在BSDi对称多处理(SMP)当一个函数调用时,系统有较高的CPU负载。修改:CHANGEREF BUGTRAQ[添加日期]推断行动:- 1999 - 0747能接受(3接受0 ack, 0评论)目前投票:接受(2)Ozancin,弗雷希修改(1)Stracener等待(2)Christey,勒布朗评论:Stracener >添加日期裁判上图:BUGTRAQ: 19990817对称…由供应商Christey >这个候选人是未经证实的。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0773:最终决定:20000418阶段性裁决:20000411修改:建议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990511 Solaris2.6和2.7 lpset溢出参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017参考:XF: sol-lpset-bo缓冲区溢出在Solaris lpset程序允许本地用户获得根访问。推断行动:- 1999 - 0773能接受(3接受0 ack, 0评论)目前投票:接受(3)Stracener Ozancin,弗雷希无操作(2)Christey,勒布朗评论:Christey >这个候选人是由供应商未经证实的。发布的UNYUN Christey >影子企鹅安全。Christey > Christey >跟踪表明,利用有限的范围Christey >组14。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0790:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:19991214分配:19991125类别:科幻参考:MISC:http://home.netscape.com/security/notes/jscachebrowsing.html参考:XF:从网景netscape-javascript远程攻击者可以读取信息用户的缓存通过JavaScript。修改:ADDREF XF: netscape-javascript ADDREF MISC:http://home.netscape.com/security/notes/jscachebrowsing.html推断行动:- 1999 - 0790能接受(4接受,1 ack, 0评论)目前投票:接受(2)布莱克,Stracener修改(2)科尔,弗雷希无操作(1)Christey评论:科尔>被剥削是什么?Christey >http://home.netscape.com/security/notes/jscachebrowsing.html弗雷希> XF: netscape-javascript弗雷希>网景公司:http://home.netscape.com/security/notes/jscachebrowsing.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0799:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19970725可利用的缓冲区溢出在bootpd(大多数尤尼克公司)参考:XF: bootpd-bo bootpd 2.4.3缓冲区溢出,早些时候通过引导文件位置。修改:ADDREF XF: bootpd-bo推断行动:- 1999 - 0799能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener Ozancin修改(1)法国人评论:弗雷希> XF: bootpd-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0813:最终决定:20000418阶段性裁决:20000411修改:20000410 - 02年提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990810严重bug在cfingerd 1.4.0参考:BUGTRAQ: 19980724 cfingerd根安全漏洞参考:DEBIAN: 19990814参考:XF: cfingerd-privileges cfingerd启用了ALLOW_EXECUTION不适当放弃特权时执行一个程序代表用户,允许本地用户获得根权限。修改:ADDREF DEBIAN: 19990814 ADDREF BUGTRAQ: 19980724 CFINGERD根安全漏洞DESC添加ALLOW_EXECUTION预选赛ADDREF XF: cfingerd-privileges推断行动:- 1999 - 0813 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Ozancin评论:弗雷希> XF: cfingerd-privileges = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0888:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990817安全漏洞在Oracle参考:XF: oracle-dbsnmp参考:报价:585参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=585dbsnmp在Oracle智能代理允许本地用户获得特权通过设置ORACLE_HOME环境变量,找到nmiconf dbsnmp使用。tcl脚本。修改:ADDREF XF: oracle-dbsnmp推断行动:- 1999 - 0888能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener Ozancin修改(1)法国人评论:弗雷希> XF: oracle-dbsnmp = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0903:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991025 IBM AIX包过滤模块参考:BUGTRAQ: 19991027 Re: IBM AIX包过滤模块(后续)参考:XF: aix-genfilt-filtering genfilt在AIX信息包过滤模块不正确过滤目的地端口流量大于32767。修改:ADDREF XF: aix-genfilt-filtering推断行动:- 1999 - 0903能接受(3接受0 ack, 0评论)目前投票:接受(2)Stracener Ozancin修改(1)法国人评论:弗雷希> XF: aix-genfilt-filtering = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0906:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990923 SuSE 6.2 sccw溢出利用参考:SuSE: 19990926安全漏洞sccw(第二部分)参考:报价:656参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=656参考:XF: linux-sccw-bo缓冲区溢出sccw允许本地用户获得root访问通过家庭环境变量。修改:ADDREF SUSE: 19990926安全漏洞sccw(第二部分)ADDREF XF: linux-sccw-bo推断行动:- 1999 - 0906能接受(3接受,1 ack, 0评论)目前投票:接受(1)Ozancin修改(2)Stracener弗雷希无操作(1)Christey评论:Stracener >添加裁判:SUSE:安全漏洞sccw(第二部分)26.09.1999 Christey > ADDREF SUSE: 19990926安全漏洞sccw(第二部分)弗雷希> XF: linux-sccw-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0958:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19980112 Re:洞MP-RAS sudo。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=21.5参考:XF: sudo-dot-dot-attack sudo。x允许本地用户执行任意命令通过一个. .(点点)攻击。修改:ADDREF XF: sudo-dot-dot-attack推断行动:- 1999 - 0958能接受(4接受,1 ack, 0评论)目前投票:接受(3)Stracener Ozancin,贝弗伦奇等待修改(1)(2)Christey,勒布朗评论:Christey > Bugtraq跟踪确认。弗雷希> XF: sudo-dot-dot-attack = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0961:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19960921在惠普sysdiag Vunerability吗?参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2参考:CIAC: H-03参考:XF: hp-sysdiag-symlink HPUX sysdiag允许本地用户获得根权限通过日志文件创建符号链接攻击。修改:ADDREF CIAC: H-03 ADDREF XF: hp-sysdiag-symlink推断行动:- 1999 - 0961能接受(4接受,1 ack, 0评论)目前投票:接受(3)Stracener Ozancin,贝弗伦奇等待修改(1)(2)Christey,勒布朗评论:Christey >这个候选人是由供应商未经证实的。Christey > Christey > Bugtraq跟踪验证了两个海报。弗雷希> XF: hp-sysdiag-symlink弗雷希>描述与hp - ux应该开始,不是HPUX。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 1008:最终决定:20000418阶段性裁决:20000411修改:20000410 - 02年提议:19991222分配:19991221类别:科幻参考:BUGTRAQ: 19991215 FreeBSD 3.3 xsoldier根利用参考:MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2参考:报价:871参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=871参考:XF: unix-xsoldier-overflow xsoldier程序允许本地用户获得root访问通过很长一段的论点。修改:ADDREF XF: unix-xsoldier-overflow推断行动:- 1999 - 1008能接受(4接受,0 ack, 0评论)目前投票:接受(3)科尔,Stracener,布莱克弗伦奇等待修改(1)(3)墙,Christey,勒布朗评论:弗雷希> XF: unix-xsoldier-overflow Christey >在freebsd-security确认邮件列表。布莱克>确认邮件列表上相当于供应商确认在我布莱克>。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0044:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000105安全警报——战争FTP守护进程所有版本参考:报价:919参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=919参考:XF: warftp-macro-access-files宏在战争中FTP 1.70和1.67 b2允许本地或远程攻击者读取任意文件或执行命令。修改:ADDREF XF: warftp-macro-access-files推断行动:- 2000 - 0044能接受(3接受,1 ack, 0评论)目前投票:接受(2)Ozancin,科尔修改(1)法国人评论:弗雷希> XF: warftp-macro-access-files = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0052:最终决定:20000418阶段性裁决:20000411修改:20000204 - 01提议:20000125分配:20000122类别:科幻参考:L0PHT: 20000104 PamSlam参考:网址:http://www.l0pht.com/advisories/pam_advisory参考:REDHAT: RHSA-2000:001-01参考:网址:http://www.redhat.com/support/errata/rhsa2000001 - 03. - html参考:XF: linux-pam-userhelper参考:网址:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper参考:报价:913参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=913Red Hat userhelper项目usermode包允许本地用户获得root访问通过PAM和. .(点点)攻击。修改:ADDREF XF: linux-pam-userhelper推断行动:- 2000 - 0052能接受(3接受,1 ack, 0评论)目前投票:接受(2)Ozancin,科尔修改(1)法国人评论:弗雷希> XF: linux-pam-userhelper = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0053:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:女士:ms00 - 001参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 001. - asp参考:MSKB: Q246731参考:报价:912参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=912参考:XF: mcis-malformed-imap微软商业网络系统(mci) IMAP服务器允许远程攻击者通过IMAP畸形引起拒绝服务请求。修改:ADDREF XF: mcis-malformed-imap推断行动:- 2000 - 0053 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(1)普罗塞修改(1)法国人评论:弗雷希> XF: mcis-malformed-imap = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0057:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:阿莱尔:ASB00-03参考:网址:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full参考:XF: coldfusion-cfcache参考:报价:917参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=917冷聚变CFCACHE标记的地方临时缓存文件在web文档根,允许远程攻击者获得敏感的系统信息。修改:ADDREF XF: coldfusion-cfcache推断行动:- 2000 - 0057 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Ozancin弗伦奇等待修改(1)(1)科尔评论:弗雷希> XF: coldfusion-cfcache = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0062:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000104 (petrilli@digicool.com: [Zope]安全警报)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net参考:报价:922参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=922参考:XF: zope-dtml DTML实现Z对象发布环境(Zope)允许远程攻击者进行未经授权的活动。修改:ADDREF XF: zope-dtml推断行动:- 2000 - 0062 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Ozancin弗伦奇等待修改(1)(1)科尔评论:弗雷希> XF: zope-dtml = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0073:最终决定:20000418阶段性裁决:20000411修改:20000204 - 01提议:20000125分配:20000122类别:科幻参考:女士:ms00 - 005参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 005. - asp参考:MSKB: Q249973参考:XF: win-malformed-rtf-control-word参考:网址:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word缓冲区溢出在微软富文本格式(RTF)阅读器允许攻击者通过畸形引起拒绝服务控制字。修改:ADDREF XF: win-malformed-rtf-control-word推断行动:- 2000 - 0073能接受(3接受,2 ack, 0评论)目前投票:接受(2)Ozancin,科尔修改(1)法国人评论:弗雷希> ADDREF XF: win-malformed-rtf-control-word = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0083:最终决定:20000418阶段性裁决:20000411修改:20000410 - 01提议:20000125分配:20000122类别:科幻参考:惠普:hpsbux0001 - 109参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2031参考:XF: hp-audio-security-perms惠普asecure创建音频安全文件音频。证交会与不安全的权限,允许本地用户造成拒绝服务或获得更多的特权。修改:ADDREF XF: hp-audio-security-perms推断行动:- 2000 - 0083能接受(3接受,1 ack, 0评论)目前投票:接受(2)Ozancin,科尔修改(1)法国人评论:弗雷希> XF: hp-audio-security-perms = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0091:最终决定:20000418阶段性裁决:20000411修改:20000403 - 01提议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000122远程根qmail-pop vpopmail咨询和开发补丁参考:BUGTRAQ: 20000123 Re: vpopmail / vchkpw远程根利用参考:报价:942参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=942参考:MISC:http://www.inter7.com/vpopmail/ChangeLog参考:MISC:http://www.inter7.com/vpopmail/缓冲区溢出在vchkpw / vpopmail流行身份验证包允许远程攻击者获得根权限通过很长的用户名或密码。修改:ADDREF MISC:http://www.inter7.com/vpopmail/ChangeLogADDREF MISC:http://www.inter7.com/vpopmail/推断行动:- 2000 - 0091 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0095:最终决定:20000418阶段性裁决:20000411修改:建议:20000208分配:20000202类别:科幻参考:惠普:hpsbux0001 - 110参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2041参考:报价:944参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=944hp - ux 10.30和11.00使用的PMTU发现过程来确定最优MTU生成大量的交通在应对小数据包,允许远程攻击者使系统用作包放大器。推断行动:- 2000 - 0095 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0099:最终决定:20000418阶段性裁决:20000411修改:建议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000119 Unixware ppptalk参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94840959614790&w=2缓冲区溢出在UnixWare ppptalk命令允许本地用户获得特权通过长提示参数。推断行动:- 2000 - 0099 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0100:最终决定:20000418阶段性裁决:20000411修改:20000321 - 01提议:20000208分配:20000202类别:CF参考:NTBUGTRAQ: 20000115安全漏洞与2.0短信远程控制参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html参考:女士:ms00 - 012参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 012. - asp手机短信远程控制的程序安装不安全的权限,它允许本地用户获得特权通过修改或替换程序。修改:ADDREF女士:ms00 - 012的行动:- 2000 - 0100 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0107:最终决定:20000418阶段性裁决:20000411修改:建议:20000208分配:20000208类别:科幻参考:DEBIAN: 20000201参考:网址:http://www.debian.org/security/2000/20000201参考:报价:958参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=958Linux成人计划允许本地攻击者修改任意文件通过一个符号链接攻击。推断行动:- 2000 - 0107 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0131:最终决定:20000418阶段性裁决:20000411修改:建议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000201 war-ftpd 1.6 x DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2参考:报价:966参考:网址:http://www.securityfocus.com/bid/966在战争中缓冲区溢出FTPd 1.6 x允许用户通过长MKD和慢性消耗病引起拒绝服务的命令。推断行动:- 2000 - 0131 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待(2)墙,Christey评论:Christey >供应商承认,这是一个DoShttp://war.jgaa.com/alert/= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0140:最终决定:20000418阶段性裁决:20000411修改:建议:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2参考:NTBUGTRAQ: 20000210远程网上DoS任何邮件服务器Ver.3.1.3参考:报价:980参考:网址:http://www.securityfocus.com/bid/980互联网在任何地方POP3邮件服务器允许远程攻击者通过大量导致拒绝服务的连接。推断行动:- 2000 - 0140能接受(3接受0 ack, 0评论)目前投票:接受(3)主教,科尔,布莱克等待(2)勒布朗,Christey评论:Christey >这个候选人是由供应商未经证实的。田中伸男(Nobuo Miwa Christey > Christey >报道,主持人BUGTRAQ-JP。布莱克>一样可以- 2000 - 0139。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0144:最终决定:20000418阶段性裁决:20000411修改:建议:20000216分配:20000216类别:科幻参考:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html参考:BUGTRAQ: 20000207 Infosec.20000207.axis700。参考:报价:971参考:网址:http://www.securityfocus.com/bid/971轴700网络扫描仪不适当限制对管理员的访问的url,它允许用户绕过密码保护通过. .(点点)攻击。推断行动:- 2000 - 0144能接受(3接受0 ack, 0评论)目前投票:接受(3)主教,科尔,布莱克等待(2)勒布朗,Christey评论:Christey >海报声称厂商已经发布了一个补丁。布莱克>其实,海报表明,他们忽略了这个问题。然而,布雷克>非常简单,似乎不太可能被搞砸了布莱克>。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0159:最终决定:20000418阶段性裁决:20000411修改:建议:20000223分配:20000223类别:科幻参考:惠普:hpsbux0002 - 111参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org惠普Ignite-UX不拯救/ etc / passwd当它创建一个可信的形象系统,可以将密码字段设置为空白,让攻击者获得特权。推断行动:- 2000 - 0159 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)科尔,Ozancin等待(2)墙,勒布朗= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0183:最终决定:20000418阶段性裁决:20000411修改:20000412 - 01提议:20000322分配:20000322类别:科幻参考:FREEBSD: FreeBSD-SA-00:11参考:BUGTRAQ:前轮驱动:20000310 ircii - 4.4:缓冲区溢出参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html参考:FREEBSD: FreeBSD-SA-00:11参考:报价:1046参考:网址:http://www.securityfocus.com/bid/1046缓冲区溢出ircII 4.4 IRC客户机允许远程攻击者执行命令通过DCC聊天功能。修改:ADDREF FREEBSD: FreeBSD-SA-00:11推断行动:- 2000 - 0183能接受(3接受,1 ack, 0评论)目前投票:接受(3)布莱克,Ozancin,科尔等待(2)墙,勒布朗

页面最后更新或审查:2007年5月22日,