[最终]接受34最近的候选人

我做出了最后决定接受以下候选人。这些候选人现在分配CVE名称如下表示。所得的CVE条目将在不久的将来公布CVE的一个新版本。投票和评论细节的末尾提供了这份报告。——史蒂夫候选人CVE的名字- - - - - - - - - - - - - - - - - - - - - - - - 1999 - 0819 CVE - 1999 - 0819 - 1999 - 0832 CVE - 1999 - 0832 - 1999 - 0836 CVE - 1999 - 0836 - 1999 - 0838 CVE - 1999 - 0838 - 1999 - 0842 CVE - 1999 - 0842 - 1999 - 0854 CVE - 1999 - 0854 - 1999 - 0856 CVE - 1999 - 0856 - 1999 - 0859 CVE - 1999 - 0859 - 1999 - 0864 CVE - 1999 - 0864 - 1999 - 0865 CVE - 1999 - 0865 - 1999 - 0866 CVE - 1999 - 0866 - 1999 - 0976 CVE - 1999 - 0976 - 2000 - 0004 CVE - 2000 - 0004 - 2000 - 0113 CVE - 2000 - 0113 - 2000 - 0169 CVE - 2000 - 0169 - 2000 - 0171 CVE - 2000 - 0171 - 2000 - 0226 CVE - 2000 - 0226 - 2000 - 0228 CVE - 2000 - 0228 - 2000 - 0229 CVE - 2000 - 0229 - 2000 - 0230 CVE - 2000 - 0230 - 2000 - 0231 CVE - 2000 - 0231 - 2000 - 0232 CVE - 2000 - 0232 - 2000 - 0233 CVE - 2000 - 0233 - 2000 - 0234 CVE - 2000 - 0234 - 2000 - 0235 CVE - 2000 - 0235 - 2000 - 0245 CVE - 2000 - 0245 - 2000 - 0246 CVE - 2000 - 0246 - 2000 - 0258 CVE - 2000 - 0258 - 2000 - 0260 CVE - 2000 - 0260 - 2000 - 0267 CVE - 2000 - 0267 - 2000 - 0268 CVE - 2000 - 0268 - 2000 - 0274 CVE - 2000 - 0274 - 2000 - 0277 CVE - 2000 - 0277 - 2000 - 0294 CVE - 2000 - 0294 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0819:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:19991208分配:19991207类别:科幻参考:NTBUGTRAQ: 19991130 NTmail VRFY参考:BUGTRAQ: 19991130 NTmail VRFY参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94398141118586&w=2参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94407764018739&w=2参考:XF: nt-mail-vrfy NTMail没有禁用VRFY命令,即使管理员已经明确禁用它。修改:ADDREF XF: nt-mail-vrfy推断行动:- 1999 - 0819最后(20000602)最终决定当前票:接受(2)Stracener,普罗塞修改(2)科尔,弗雷希无操作(2)阿姆斯特朗,Christey评论:科尔>引用错了。报价是856和完整的ID是科尔> 19991129不是30年前。科尔>我想补充,NTMail并不ESMTP科尔>服务器上禁用VRFY命令,甚至……这可以用于收集用户邮件科尔>地址信息。弗雷希> XF: nt-mail-vrfy Christey >迈克普罗塞的评审投票5月8日到期2000 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0832:最终决定:20000602阶段性裁决:20000530修改:20000526 - 02年提议:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991109非法bug - nfsd参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.20.9911091058140.12964 - 100000 @mail.zigzag.pl参考:DEBIAN: 19991111缓冲区溢出在nfs服务器参考:网址:http://www.debian.org/security/1999/19991111参考:SUSE: 19991110安全漏洞在nfs服务器< 2.2内beta47 nkita参考:网址:http://www.suse.de/de/support/security/suse_security_announce_29.txt参考:火山口:综援- 1999 - 033.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 033.0.txt参考:REDHAT: RHSA-1999:053-01参考:网址:http://www.redhat.com/support/errata/rh42-errata-general.html NFS参考:BUGTRAQ: 19991130 (david@slackware.com:新的Slackware 4.0补丁可用)参考:XF: linux-nfs-maxpath-bo参考:报价:782参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=782缓冲区溢出在NFS服务器上的Linux允许攻击者执行命令通过一个长路径名。修改:ADDREF BUGTRAQ: 19991109未登记错误——nfsd ADDREF DEBIAN: 19991111在nfs服务器ADDREF SUSE缓冲区溢位:19991111安全漏洞在nfs服务器< 2.2内beta47 nkita ADDREF火山口:综援- 1999 - 033.0 ADDREF红帽:RHSA-1999:053-01 ADDREF报价:782 ADDREF XF: linux-nfs-maxpath-bo DESC删除Slackware,说它是Linux系统。最后推断行动:- 1999 - 0832(20000602)最终决定当前投票:接受(3)阿姆斯特朗,科尔,普罗塞修改(2)Stracener弗雷希无操作(1)Christey评论:Stracener >建议删除“Slackware 7.0”的描述Stracener >添加裁判:综援- 1999 - 033.0 Stracener >添加裁判:DEBIAN: nfs服务器:缓冲区溢出在nfs服务器11/11/99 Stracener >添加裁判:SuSE安全声明“nfs服务器在Stracener > < 2.2 beta47 nkita”11/12/99弗雷希> XF: linux-nfs-maxpath-bo Christey > ADDREF DEBIAN: 19991111缓冲区溢出在nfs服务器Christey > ADDREF SuSE: 19991110安全漏洞在nfs服务器内< 2.2 beta47 nkita Christey > ADDREF火山口:综援- 1999 - 033.0 Christey > ADDREF RHSA-1999:053-01 Christey > ADDREF吗?报价:782 Christey > ADDREF ?BUGTRAQ: 19991109未登记错误——nfsd普罗塞>同意描述应该通用副Slackware Linux普罗塞>只因为影响多个版本= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0836:最终决定:20000602阶段性裁决:20000530修改:20000501 - 01提议:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991202 UnixWare 7 uidadmin利用+讨论参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net参考:上海合作组织:某人- 99.22参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.22 a参考:报价:842参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=842参考:XF: unixware-uid-admin UnixWare uidadmin允许本地用户修改任意文件通过一个符号链接攻击。修改:ADDREF报价:842 ADDREF XF: unixware-uid-admin ADDREF上海合作组织:某人- 99.22 a推断行动:可以最终- 1999 - 0836(20000602)最终决定当前投票:接受(3)Stracener,阿姆斯特朗,普罗塞修改(2)科尔,弗雷希无操作(1)Christey评论:科尔>的报价是842。弗雷希> unixware-uid-admin Christey > ADDREFftp://ftp.sco.com/sse/security_bulletins/sb - 99.22 a= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0838:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991202远程DoS攻击Serv-U FTP服务器v2.5a脆弱性参考:XF: servu-ftp-site-bo缓冲区溢出在Serv-U FTP 2.5允许远程用户通过网站进行拒绝服务命令。修改:ADDREF XF: servu-ftp-site-bo推断行动:- 1999 - 0838最后(20000602)最终决定当前票:接受(4)阿姆斯特朗,科尔,Stracener,普罗塞修改(1)法国人评论:弗雷希> XF: servu-ftp-site-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0842:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:19991208分配:19991207类别:科幻参考:NTBUGTRAQ: 19991129赛门铁克Mail-Gear 1.0 Web接口服务器目录遍历脆弱性参考:BUGTRAQ: 19991129赛门铁克Mail-Gear 1.0 Web接口服务器目录遍历脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com参考:报价:827参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=827参考:XF: symantec-mail-dir-traversal赛门铁克Mail-Gear 1.0 web接口服务器允许远程用户读取任意文件通过一个. .(点点)攻击。修改:ADDREF XF: symantec-mail-dir-traversal推断行动:- 1999 - 0842最后(20000602)最终决定当前票:接受(4)阿姆斯特朗,科尔,Stracener,普罗塞修改(1)法国人评论:弗雷希> XF: symantec-mail-dir-traversal = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0854:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:19991208分配:19991207类别:未知参考:BUGTRAQ: 19991130终极公告板v5.3x ?)错误引用:BUGTRAQ: 20000225弗兰克-威廉姆斯:重要UBB新闻为授权用户参考:确认:万博下载包http://www.ultimatebb.com/home/versions.shtml参考:XF: http-ultimate-bbs终极公告板存储数据目录中的文件目录,允许远程攻击者查看数据,如果一个错误发生在HTTP服务器试图执行该文件。修改:ADDREF BUGTRAQ: 20000225弗兰克-威廉姆斯:重要的对授权用户ADDREF UBB消息证万博下载包实:http://www.ultimatebb.com/home/versions.shtml最后推断行动:- 1999 - 0854(20000602)最终决定当前投票:接受(2)阿姆斯特朗,科尔弗伦奇等待修改(1)(3)Stracener, Christey,普罗塞评论:弗雷希> XF: http-ultimate-bbs Christey >以下可以确认UBB: Christey > BUGTRAQ: 20000225弗兰克-威廉姆斯:重要UBB新闻为授权用户Christey >也看到条目5.44版本2月18日2000 Christey >万博下载包http://www.ultimatebb.com/home/versions.shtml= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0856:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991202 Slackware 7.0 -登录错误引用:XF: slackware-remote-login登录Slackware 7.0允许远程攻击者识别有效用户系统上通过报告一个加密错误当一个帐户被锁定或不存在。修改:ADDREF XF: slackware-remote-login推断行动:- 1999 - 0856最后(20000602)最终决定当前票:接受(3)阿姆斯特朗,科尔,Stracener弗伦奇审查修改(1)(1)普罗塞评论:弗雷希> XF: slackware-remote-login = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0859:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:19991208分配:19991207类别:科幻参考:Solaris BUGTRAQ: 19991130 2。x chkperm / arp漏洞参考:SUNBUG: 4296166参考:报价:837参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=837参考:XF: sol-arp-parse Solaris arp允许本地用户通过- f参数,读取文件,文件中列出一行不正确解析。修改:ADDREF SUNBUG: 4296166 ADDREF XF: sol-arp-parse推断行动:可以最终- 1999 - 0859(20000602)最终决定当前投票:接受(3)阿姆斯特朗,Stracener,普罗塞修改(3)科尔,科尔Dik评论:法国人? >这种攻击可以阅读本·科尔>读访问和所有文件是不允许本地用户通过利用微妙的科尔> vulenrabilties arp和chkperm。弗雷希> XF: sol-arp-parse Dik >包括参考太阳bug 4296166 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0864:最终决定:20000602阶段性裁决:20000530修改:20000526 - 02年提议:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991202 UnixWare coredumps遵循符号链接参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net参考:BUGTRAQ: 19991215最近的帖子关于上海合作组织UnixWare 7参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2参考:BUGTRAQ: 19991223通知你,上海合作组织安全补丁。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2参考:BUGTRAQ: 19991220上海合作组织OpenServer安全状态参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2参考:XF: sco-coredump-symlink参考:报价:851参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=851UnixWare程序转储核心允许本地用户修改文件通过一个符号链接攻击。/核心。pid文件。修改:ADDREF BUGTRAQ: 19991223通知你,上海合作组织安全补丁。ADDREF BUGTRAQ: 19991220上海合作组织OpenServer安全状态ADDREF XF: sco-coredump-symlink推断行动:可以最终- 1999 - 0864(20000602)最终决定当前投票:接受(4)阿姆斯特朗,科尔,Stracener,普罗塞修改(1)法国人评论:弗雷希> XF: sco-coredump-symlink普罗塞>通知你,修复这个问题的ptf 7016 UnixWare 7.0是普罗塞>仍然可用。然而,似乎(至少我还没能把普罗塞>)7.0.1 7096 n, 7413 j 7.1.0, 7626安装7.1.1不再普罗塞>可以从上海合作组织安全网站。不知道他们正在努力修复普罗塞>自预发布或包括在其他学生或升级。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0865:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991203 3.1 CommuniGatePro NT DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94426440413027&w=2参考:NTBUGTRAQ: 19991203 3.1 CommuniGatePro NT缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94454565726775&w=2参考报价:860参考:XF: communigate-pro-bo缓冲区溢出在通过一个长字符串CommuniGatePro HTTP配置端口。修改:ADDREF报价:860 ADDREF XF: communigate-pro-bo推断行动:可以最终- 1999 - 0865(20000602)最终决定当前投票:接受(4)阿姆斯特朗,科尔,Stracener,普罗塞修改(1)法国人评论:弗雷希> XF: communigate-pro-bo普罗塞>增加出价860,http://www.securityfocus.com/bid/860= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0866:最终决定:20000602阶段性裁决:20000530修改:20000501 - 02年提议:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991203 UnixWare获得根non-su / gid二进制文件参考:BUGTRAQ: 19991215最近的帖子关于上海合作组织UnixWare 7参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2参考:BUGTRAQ: 19991223通知你,上海合作组织安全补丁。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2参考:BUGTRAQ: 19991220上海合作组织OpenServer安全状态参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2参考:上海合作组织:某人- 99.24参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 99.24 a参考:XF: sco-xauto-bo参考:报价:848参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=848缓冲区溢出在UnixWare xauto程序允许本地用户获得根权限。修改:ADDREF BUGTRAQ: 19991223通知你,上海合作组织安全补丁。ADDREF BUGTRAQ: 19991220上海合作组织OpenServer安全状态ADDREF XF: sco-xauto-bo ADDREF上海合作组织:某人- 99.24 a推断行动:可以最终- 1999 - 0866(20000602)最终决定当前投票:接受(3)阿姆斯特朗,Stracener,普罗塞修改(2)科尔,弗雷希无操作(1)Christey评论:科尔>我会拿出这个词的地方。弗雷希> XF: sco-xauto-bo Christey > ADDREFftp://ftp.sco.com/sse/security_bulletins/sb - 99.24 a= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0976:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:19991214分配:19991214类别:科幻参考:OPENBSD: 19991204参考:BUGTRAQ: 19991207 (Debian)发布的新版本的sendmail参考:XF: sendmail-bi-alias参考:报价:857参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=857Sendmail允许本地用户别名通过newaliases数据库初始化命令,然后由打断Sendmail引起拒绝服务。修改:ADDREF OPENBSD: 19991204 ADDREF XF: sendmail-bi-alias推断行动:可以最终- 1999 - 0976(20000602)最终决定当前投票:接受(2)科尔,弗伦奇等待Stracener修改(1)(1)Christey重塑布莱克(1)评论:布莱克> *定义这个问题不够。我不能明白为什么它应该布莱克>局限于Debian,事实上,我只是跑newaliases freebsd - 3.2作为布莱克>普通用户,跑。也许可以扩大到包括布莱克>条目不正确的权限在newaliases二进制……弗雷希> XF: sendmail-bi-alias Christey > ADDREF OPENBSD: 19991204 Christey >http://www.openbsd.org/errata.html sendmail= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0004:最终决定:20000602阶段性裁决:20000530修改:20000526 - 02年提议:20000111分配:20000111类别:科幻参考:NTBUGTRAQ: 19991223本地/远程缓冲区溢出漏洞在ZBServer 1.5 Pro版的Win98 / NT参考:BUGTRAQ: 19991223 Re:本地/远程缓冲区溢出漏洞在ZBServer 1.5 Pro版的Win98 / NT参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2参考:XF: zbserver-url-dot ZBServer Pro允许远程攻击者读取源代码供插入一个可执行文件。(点)的URL。修改:ADDREF XF: zbserver-url-dot推断行动:- 2000 - 0004最后(20000602)最终决定当前票:接受(1)阿姆斯特朗修改(2)Stracener弗雷希无操作(1)Christey评论:Stracener >引用不讨论中提到的(点)攻击Stracener >描述。建议更改描述或引用相关Stracener >来源。另一个可能的错误提到Christey >电子邮件跟踪。Christey >看到http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2Christey弗伦奇> > XF: zbserver-url-dot = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0113:最终决定:20000602阶段性裁决:20000530修改:20000419 - 01提议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000128 SyGate 3.11端口7323 /远程管理洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94934808714972&w=2参考:BUGTRAQ: 20000202 SV: SyGate 3.11端口7323 /远程管理洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94952641025328&w=2参考:BUGTRAQ: 20000203更新:Sygate 3.11端口7323 Telnet洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94973281714994&w=2参考:确认:http://www.sybergen.com/support/fix.htm参考:报价:952参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=952SyGate远程管理程序不适当限制其管理服务,它允许远程攻击者导致拒绝服务,或访问网络流量统计。最后推断行动:- 2000 - 0113(20000602)最终决定当前投票:接受(2)科尔,利维等待(2)Christey,墙评论:Christey > Sygate证实了这种563年01/2000——构建(β)Christey >评论:“修复阻止外部telnet端口7323 Christey >没有增强的安全。”================================= Candidate: CAN-2000-0169 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html参考:报价:1053参考:网址:http://www.securityfocus.com/bid/1053参考:XF: oracle-weblistener-remote-attack Oracle web侦听器ows-bin目录中的批处理文件允许远程攻击者通过一个畸形的URL,包括执行命令吗? &。修改:ADDREF XF: oracle-weblistener-remote-attack推断行动:- 2000 - 0169最后(20000602)最终决定当前票:接受(2)Ozancin,科尔弗伦奇等待修改(1)(3)墙,布莱克,勒布朗评论:弗雷希> XF: oracle-weblistener-remote-attack = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0171:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000311咨询都是——atsadc参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html参考:XF: atsar-root-access参考:报价:1048参考:网址:http://www.securityfocus.com/bid/1048atsadc atsar包中为Linux不正确检查输出文件的权限,它允许本地用户获得根权限。修改:ADDREF XF: atsar-root-access推断行动:- 2000 - 0171最后(20000602)最终决定当前票:接受(2)Ozancin,科尔弗伦奇等待修改(1)(3)墙,布莱克,勒布朗评论:弗雷希> XF: atsar-root-access = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0226:最终决定:20000602阶段性裁决:20000530修改:建议:20000412分配:20000412类别:科幻参考:女士:ms00 - 018参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 018. - asp参考:报价:1066参考:网址:http://www.securityfocus.com/bid/1066参考:XF: iis-chunked-encoding-dos IIS 4.0允许攻击者造成拒绝服务请求较大的缓冲在POST或PUT命令消耗内存,又称“分块传输编码的缓冲区溢出漏洞。”INFERRED ACTION: CAN-2000-0226 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Frech, Cole, Wall ================================= Candidate: CAN-2000-0228 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 016. - asp参考:报价:1058参考:网址:http://www.securityfocus.com/bid/1058参考:XF: mwmt-malformed-media-license微软Windows媒体许可管理器允许远程攻击者造成拒绝服务发送一个请求导致经理停止畸形,又名“畸形的媒体许可请求”的弱点。修改:ADDREF XF: mwmt-malformed-media-license推断行动:- 2000 - 0228最后(20000602)最终决定当前票:接受(2)科尔,墙修改(1)法国人评论:弗雷希> XF: mwmt-malformed-media-license = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0229:最终决定:20000602阶段性裁决:20000530修改:20000424 - 01提议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000322 gpm-root参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000322182143.4498.qmail@securityfocus.com参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html参考:SUSE: 20000405安全漏洞在流量< 1.18.1参考:网址:http://www.suse.de/de/support/security/suse_security_announce_45.txt参考:REDHAT: RHSA-2000:009-02参考:网址:http://www.redhat.com/support/errata/rhsa - 2000009 - 02. - html参考:报价:1069参考:网址:http://www.securityfocus.com/bid/1069参考:XF: linux-gpm-root gpm-root流量包中不适当的放弃特权,它允许本地用户获得特权,开始从gpm-root效用。修改:ADDREF SUSE: 20000405安全漏洞在流量< 1.18.1 ADDREF REDHAT: RHSA-2000:009-02推断行动:可以最终- 2000 - 0229(20000602)最终决定当前投票:接受(2)抑郁症,利维等待(2)科尔,墙= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0230:最终决定:20000602阶段性裁决:20000530修改:20000526 - 02年提议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000316 & c开发咨询——都是imwheel参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html参考:REDHAT: RHSA-2000:016-02参考:网址:http://www.redhat.com/support/errata/rhsa - 2000016 - 02. - html参考:XF: linux-imwheel-bo参考:报价:1060参考:网址:http://www.securityfocus.com/bid/1060缓冲区溢出imwheel允许本地用户获得根权限通过imwheel-solo脚本和长家里环境变量。修改:ADDREF红帽:RHSA-2000:016-02 ADDREF XF: linux-imwheel-bo推断行动:可以最终- 2000 - 0230(20000602)最终决定当前投票:接受(1)征收弗伦奇等待修改(1)(2)科尔,墙评论:弗雷希> XF: linux-imwheel-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0231:最终决定:20000602阶段性裁决:20000530修改:20000421 - 01提议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000316“开发咨询——kreatecd & c都是”:参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html参考:SUSE: 20000405安全漏洞在kreatecd < 0.3.8b参考:网址:http://www.suse.de/de/support/security/suse_security_announce_46.txt参考:XF: linux-kreatecd-path参考:报价:1061参考:网址:http://www.securityfocus.com/bid/1061Linux kreatecd信托使用用户提供的路径,找到cdrecord程序,允许本地用户获得根权限。修改:ADDREF SUSE: 20000405安全漏洞在kreatecd < 0.3.8b推断行动:- 2000 - 0231最后(20000602)最终决定当前票:接受(2)抑郁症,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0232:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000412分配:20000412类别:科幻参考:女士:ms00 - 021参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 021. - asp参考:BUGTRAQ: 20000330远程DoS攻击在Windows 2000 / NT 4.0 TCP / IP打印请求服务器漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html参考:报价:1082参考:网址:http://www.securityfocus.com/bid/1082参考:XF: win-tcpip-printing-dos微软TCP / IP印刷服务,即为Unix打印服务,允许攻击者造成拒绝服务通过一个畸形的TCP / IP打印请求。修改:ADDREF XF: win-tcpip-printing-dos推断行动:- 2000 - 0232最后(20000602)最终决定当前票:接受(2)科尔,墙修改(1)法国人评论:弗雷希> XF: win-tcpip-printing-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0233:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000412分配:20000412类别:科幻参考:SUSE: 20000327安全漏洞在SUSE Linux IMAP服务器参考:网址:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html参考:XF: linux-imap-remote-unauthorized-access SuSE Linux IMAP服务器允许远程攻击者绕过IMAP认证并获得特权。修改:ADDREF XF: linux-imap-remote-unauthorized-access推断行动:- 2000 - 0233最后(20000602)最终决定当前票:接受(3)Stracener Northcutt,阿姆斯特朗弗伦奇等待修改(1)(2)科尔,勒布朗评论:弗雷希> XF: linux-imap-remote-unauthorized-access = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0234:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000412分配:20000412类别:CF参考:BUGTRAQ: 20000330钴apache配置暴露. htaccess参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com参考:确认:http://www.securityfocus.com/templates/advisory.html?id=2150参考:报价:1083参考:网址:http://www.securityfocus.com/bid/1083参考:XF: cobalt-raq-remote-access钴RaQ2和RaQ3的默认配置中指定的访问。配置允许远程攻击者查看敏感一个. htaccess文件的内容。修改:ADDREF XF: cobalt-raq-remote-access推断行动:- 2000 - 0234最后(20000602)最终决定当前票:接受(2)Stracener,弗伦奇等待Northcutt修改(1)(3)科尔,勒布朗,阿姆斯特朗评论:弗雷希> XF: cobalt-raq-remote-access = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0235:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000412分配:20000412类别:科幻参考:FREEBSD: FreeBSD-SA-00:10参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc参考:报价:1070参考:网址:http://www.securityfocus.com/bid/1070参考:XF: freebsd-orvillewrite-bo缓冲区溢出orville-write包中哈项目允许本地用户获得根权限。修改:ADDREF XF: freebsd-orvillewrite-bo推断行动:- 2000 - 0235最后(20000602)最终决定当前票:接受(3)Stracener Northcutt,阿姆斯特朗弗伦奇等待修改(1)(2)科尔,勒布朗评论:弗雷希> XF: freebsd-orvillewrite-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0245:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000328 Objectserver脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil参考:SGI: 20000303 - 01 - px参考:网址:ftp://sgigate.sgi.com/security/20000303-01-PX参考:XF: irix-objectserver-create-accounts参考:报价:1079参考:网址:http://www.securityfocus.com/bid/1079脆弱性在SGI IRIX objectserver守护进程允许远程攻击者创建用户帐户。修改:ADDREF XF: irix-objectserver-create-accounts推断行动:- 2000 - 0245最后(20000602)最终决定当前票:接受科尔(1)修改(1)法国人评论:弗雷希> XF: irix-objectserver-create-accounts = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0246:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000412分配:20000412类别:科幻参考:女士:ms00 - 019参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 019. - asp参考:MSKB: Q249599参考:网址:http://www.microsoft.com/technet/support/kb.asp?ID=249599参考:报价:1081参考:网址:http://www.securityfocus.com/bid/1081参考:XF: iis-virtual-unc-share IIS 4.0和5.0不正确执行ISAPI扩展处理如果虚拟目录映射到一个UNC份额,它允许远程攻击者读取ASP的源代码和其他文件,又名“虚拟UNC份额”的弱点。修改:ADDREF XF: iis-virtual-unc-share DESC包括“虚拟UNC分享”短语。最后推断行动:- 2000 - 0246(20000602)最终决定当前投票:接受(2)科尔,弗伦奇等待墙修改(1)(1)Christey评论:弗雷希> XF: iis-virtual-unc-share Christey >修改desc包括“虚拟UNC分享”短语。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0258:最终决定:20000602阶段性裁决:20000530修改:建议:20000426分配:20000426类别:科幻参考:女士:ms00 - 023参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 023. - asp参考:报价:1101参考:网址:http://www.securityfocus.com/bid/1101IIS 4.0和5.0允许远程攻击者造成拒绝服务通过发送很多url与大量的转义字符,又名“无数逃脱字符”的弱点。最后推断行动:- 2000 - 0258(20000602)最终决定当前投票:接受(2)墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0260:最终决定:20000602阶段性裁决:20000530修改:建议:20000426分配:20000426类别:科幻参考:女士:ms00 - 025参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 025. - asp参考:报价:1109参考:网址:http://www.securityfocus.com/bid/1109dvwssr缓冲区溢出。dll dll在微软Visual Interdev 1.0允许用户造成拒绝服务或执行命令,又名“链接视图服务器端组件”的弱点。最后推断行动:- 2000 - 0260(20000602)最终决定当前投票:接受(2)墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0267:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000426分配:20000426类别:科幻参考:思科:20000419 CISCO Catalyst启用密码绕过漏洞参考:网址:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml参考:XF: cisco-catalyst-password-bypass参考:报价:1122参考:网址:http://www.securityfocus.com/bid/1122思科催化剂5.4。x允许用户访问“启用”模式没有密码。修改:ADDREF XF: cisco-catalyst-password-bypass推断行动:- 2000 - 0267最后(20000602)最终决定当前票:接受(3)科尔,Stracener,弗伦奇等待Northcutt修改(1)(3)墙,勒布朗,阿姆斯特朗评论:弗雷希> XF: cisco-catalyst-password-bypass = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0268:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000426分配:20000426类别:科幻参考:思科:20000420思科IOS软件远程登录选项处理漏洞参考:网址:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml参考:报价:1123参考:网址:http://www.securityfocus.com/bid/1123参考:XF: cisco-ios-option-handling思科IOS 11。x和12。x允许远程攻击者造成拒绝服务通过发送环境选项Telnet守护进程之前准备好接受它,导致系统重新启动。修改:ADDREF XF: cisco-ios-option-handling推断行动:- 2000 - 0268最后(20000602)最终决定当前票:接受(3)科尔,Stracener,弗伦奇等待Northcutt修改(1)(3)墙,勒布朗,阿姆斯特朗评论:弗雷希> ADDREF XF: cisco-ios-option-handling = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0274:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000410 linux受托人1.5长路径名脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html参考:确认:http://www.braysystems.com/linux/trustees.html参考:XF: linux-trustees-patch-dos参考:报价:1096参考:网址:http://www.securityfocus.com/bid/1096Linux内核补丁允许攻击者造成受托人拒绝服务通过访问一个文件或目录的名称。修改:ADDREF XF: linux-trustees-patch-dos推断行动:- 2000 - 0274最后(20000602)最终决定当前票:接受(3)科尔,Stracener,弗伦奇等待Northcutt修改(1)(4)墙,Christey,勒布朗,阿姆斯特朗评论:Christey >这个问题在新闻部分确认为3月31日,2000年,Christey >所提及的“修复”额外的长目录名称的问题。”万博下载包Frech> XF:linux-trustees-patch-dos ================================= Candidate: CAN-2000-0277 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: MS:MS00-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00 - 022. - asp参考:报价:1087参考:网址:http://www.securityfocus.com/bid/1087Microsoft Excel 97和2000不警告用户在执行Excel宏语言(XLM)宏在外部文本文件,这可能允许攻击者执行一个宏观的病毒,又名“XLM文本”宏观脆弱性。最后推断行动:- 2000 - 0277(20000602)最终决定当前投票:接受(2)墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0294:最终决定:20000602阶段性裁决:20000530修改:20000526 - 01提议:20000426分配:20000426类别:科幻参考:FREEBSD: FreeBSD-SA-00:12参考:网址:http://www.securityfocus.com/templates/advisory.html?id=2162参考:报价:1107参考:网址:http://www.securityfocus.com/bid/1107参考:XF: freebsd-healthd缓冲区溢出在healthd FreeBSD允许本地用户获得根权限。修改:ADDREF XF: freebsd-healthd推断行动:- 2000 - 0294最后(20000602)最终决定当前票:接受(3)科尔,Stracener,弗伦奇等待Northcutt修改(1)(3)墙,勒布朗,阿姆斯特朗评论:弗雷希> XF: freebsd-healthd