[VOTEPRI] 13 5/24/2000高优先级的候选人

以下13名候选人都是由供应商确认。他们只需要一个投票被接受。——史蒂夫= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0118:最终决定:阶段性裁决:修改:20000106 - 02年提议:19990714分配:19990607类别:科幻参考:BUGTRAQ: 19981119 rsi.0011.11 aix - 09 - 98.。INFOD参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91158980826979&w=2参考:XF: aix-infod AIX infod允许本地用户获得root访问通过X显示。修改:ADDREF XF: aix-infod ADDREF BUGTRAQ: 19981119 rsi.0011.11 aix - 09 - 98.。INFOD推断行动:- 1999 - 0118 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:弗伦奇等待修改(1)(4)Northcutt Shostack,墙,Christey评论:弗雷希> XF: aix-infod Christey >看到BUGTRAQ: 19981119 rsi.0011.11 aix - 09 - 98.。INFOD Christey > AIX APAR的证实了这个问题:IX84642, IX89281,和IX84642 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0225:最终决定:阶段性裁决:修改:20000524 - 02年提议:19990630分配:19990607类别:科幻参考:奈:19980214 Windows NT登录拒绝服务引用:网址:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp参考:MSKB: Q180963参考:网址:http://www.microsoft.com/technet/support/kb.asp?ID=180963Windows NT 4.0允许远程攻击者通过畸形引起拒绝服务SMB登录请求的实际数据大小不匹配指定的大小。修改:ADDREF MSKB: Q180963重述规范化描述奈咨询推断行动:- 1999 - 0225 MOREVOTES-1 (1, 2 ack, 0评论)目前投票:接受(1)希尔弗伦奇等待修改(1)(1)墙评论:弗雷希> XF: nt-logondos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0323:最终决定:阶段性裁决:修改:20000524 - 01提议:19990630分配:19990607类别:科幻参考:FreeBSD: FreeBSD-SA-98:04参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-98:04.mmap.asc参考:NETBSD: 1998 - 003参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa1998 txt.asc——003.FreeBSD mmap函数允许用户修改扩展或不变的文件。修改:ADDREF NETBSD: 1998 - 003年的行动:- 1999 - 0323 MOREVOTES-1 (1, 2 ack, 1审查)目前投票:接受(2)山,Northcutt回顾(1)法国人评论:弗雷希>可能XF: bsd-mmap = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0407:最终决定:阶段性裁决:修改:19991203 - 01提议:19990728分配:19990607类别:科幻参考:BUGTRAQ: 19990209警报:IIS4允许代理密码攻击NetBIOS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91983486431506&w=2参考:BUGTRAQ: 19990209 Re: IIS4允许代理密码攻击NetBIOS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92000623021036&w=2参考:MSKB: Q184619参考:网址:http://www.microsoft.com/technet/support/kb.asp?ID=184619参考:XF: iis-iisadmpwd默认情况下,IIS 4.0的虚拟目录/ IISADMPWD包含文件可以用作密码暴力破解攻击,代理或识别有效用户系统上。修改:修改Bugtraq ref KB文章和空间站ref推断行动:- 1999 - 0407 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:弗伦奇等待修改(1)(1)Christey评论:弗雷希> ADDREF XF: iis-iisadmpwd Christey > Q184619不出现来描述这个问题。然而,Christey > Russ库珀确认后续邮件。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0464:最终决定:阶段性裁决:修改:19991205 - 01提议:19990728分配:19990607类别:科幻参考:BUGTRAQ: 19990104 Tripwire混乱. .参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91553066310826&w=2参考:确认:http://marc.theaimsgroup.com/?l=bugtraq&m=91592136122066&w=2本地用户可以执行拒绝服务Tripwire 1.2和更早使用长文件名。修改:ADDREF BUGTRAQ: 19990104 Tripwire混乱. .推断行动:- 1999 - 0464 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:弗伦奇等待修改(1)(1)Christey评论:弗雷希> XF: tripwire-long-filename-dos Christey > XF: tripwire-long-filename-dos不存在。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0233:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:SUSE: 20000327安全漏洞在SUSE Linux IMAP服务器参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.htmlSuSE Linux IMAP服务器允许远程攻击者绕过IMAP认证并获得特权。推断行动:- 2000 - 0233 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:弗伦奇等待修改(1)(1)科尔评论:弗雷希> XF: linux-imap-remote-unauthorized-access = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0234:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:CF参考:BUGTRAQ: 20000330钴apache配置暴露. htaccess参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com参考:确认:http://www.securityfocus.com/templates/advisory.html?id=2150参考:报价:1083参考:网址:http://www.securityfocus.com/bid/1083钴RaQ2和RaQ3的默认配置中指定的访问。配置允许远程攻击者查看敏感一个. htaccess文件的内容。推断行动:- 2000 - 0234 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:弗伦奇等待修改(1)(1)科尔评论:弗雷希> XF: cobalt-raq-remote-access = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0235:最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:FREEBSD: FreeBSD-SA-00:10参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc参考:报价:1070参考:网址:http://www.securityfocus.com/bid/1070缓冲区溢出orville-write包中哈项目允许本地用户获得根权限。推断行动:- 2000 - 0235 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:弗伦奇等待修改(1)(1)科尔评论:弗雷希> XF: freebsd-orvillewrite-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0267:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:思科:20000419 CISCO Catalyst启用密码绕过漏洞参考:网址:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml参考:报价:1122参考:网址:http://www.securityfocus.com/bid/1122思科催化剂5.4。x允许用户访问“启用”模式没有密码。推断行动:- 2000 - 0267 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0268:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:思科:20000420思科IOS软件远程登录选项处理漏洞参考:网址:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml参考:报价:1123参考:网址:http://www.securityfocus.com/bid/1123思科IOS 11。x和12。x允许远程攻击者造成拒绝服务通过发送环境选项Telnet守护进程之前准备好接受它,导致系统重新启动。推断行动:- 2000 - 0268 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0274:最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000410 linux受托人1.5长路径名脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html参考:确认:http://www.braysystems.com/linux/trustees.html参考:报价:1096参考:网址:http://www.securityfocus.com/bid/1096Linux内核补丁允许攻击者造成受托人拒绝服务通过访问一个文件或目录的名称。推断行动:- 2000 - 0274 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(2)墙,Christey评论:Christey >这个问题在新闻部分确认为3月31日,2000年,Christey >所提及的“修复”额外的长目录名称的问题。”万博下载包================================= Candidate: CAN-2000-0294 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: FREEBSD:FreeBSD-SA-00:12 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162参考:报价:1107参考:网址:http://www.securityfocus.com/bid/1107缓冲区溢出的healthd FreeBSD允许本地用户获得根权限。推断行动:- 2000 - 0294 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(1)墙