再保险(建议):集群近20 - 31的候选人

* Steven m . Christey (coley@LINUS.MITRE.ORG)[000615 02:55]: >以下集群包含31个候选人,宣布> 5/11/2000和5/19/2000之间。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0305 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000509 > Category: SF > Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x > Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240>参考:女士:ms00 - 029 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 029. - asp>参考:报价:1236 >参考:网址:http://www.securityfocus.com/bid/1236>参考:XF: ip-fragment-reassembly-dos > > Windows 95, Windows 98, Windows 2000, Windows NT 4.0,和终端>服务器系统允许远程攻击者造成拒绝服务>发送大量相同的支离破碎的IP数据包,即jolt2 >或IP碎片重组的脆弱性。> > > ED_PRI - 2000 - 0305 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0389 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516缓冲区溢出漏洞在KERBEROS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html>参考:CERT: ca - 2000 - 06年>参考:网址:http://www.cert.org/advisories/ca - 2000 - 06. - html>参考:FREEBSD: FreeBSD-SA-00:20 >参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html>参考:XF: kerberos-krb-rd-req-bo >参考:报价:1220 >参考:网址:http://www.securityfocus.com/bid/1220> >缓冲区溢出在Kerberos 4和5 krb_rd_req函数允许远程攻击者获得根权限>。> > > ED_PRI - 2000 - 0389 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0390 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516缓冲区溢出漏洞在KERBEROS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html>参考:CERT: ca - 2000 - 06年>参考:网址:http://www.cert.org/advisories/ca - 2000 - 06. - html>参考:FREEBSD: FreeBSD-SA-00:20 >参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html>参考:报价:1220 >参考:网址:http://www.securityfocus.com/bid/1220>参考:XF: kerberos-krb425-conv-principal-bo > >缓冲区溢出在Kerberos 5 krb425_conv_principal函数允许远程攻击者获得根权限>。> > > ED_PRI - 2000 - 0390 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0391 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516缓冲区溢出漏洞在KERBEROS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html>参考:CERT: ca - 2000 - 06年>参考:网址:http://www.cert.org/advisories/ca - 2000 - 06. - html>参考:FREEBSD: FreeBSD-SA-00:20 >参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html>参考:报价:1220 >参考:网址:http://www.securityfocus.com/bid/1220> >缓冲区溢出在Kerberos 5 krshd允许远程攻击者获得>根特权。> > > ED_PRI - 2000 - 0391 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0392 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516缓冲区溢出漏洞在KERBEROS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html>参考:CERT: ca - 2000 - 06年>参考:网址:http://www.cert.org/advisories/ca - 2000 - 06. - html>参考:FREEBSD: FreeBSD-SA-00:20 >参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html>参考:XF: kerberos-ksu-bo >参考:报价:1220 >参考:网址:http://www.securityfocus.com/bid/1220> >缓冲区溢位已经在Kerberos 5根>允许本地用户获得特权。> > > ED_PRI - 2000 - 0392 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0393 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516 kscd脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html>参考:SUSE: 20000529 kmulti < = 1.1.2 >参考:网址:http://www.suse.de/de/support/security/suse_security_announce_50.txt>参考:XF: kscd-shell-env-variable >参考:报价:1206 >参考:网址:http://www.securityfocus.com/bid/1206> > KDE kscd程序也不删除权限时执行一个程序>中指定用户的SHELL环境变量,它允许通过指定一个替代>用户获得特权程序执行。> > > ED_PRI - 2000 - 0393 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0405 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:L0PHT: 20000515 AntiSniff version 1.01和研究者版本1 DNS溢出>参考:网址:http://www.l0pht.com/advisories/asniff_advisory.txt>参考:报价:1207 >参考:网址:http://www.securityfocus.com/bid/1207>参考:XF: antisniff-dns-overflow > >缓冲区溢出L0pht AntiSniff允许远程攻击者执行>任意命令通过一个畸形的DNS响应包。> > > ED_PRI - 2000 - 0405 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0406 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:XF: netscape-invalid-ssl-sessions >参考:CERT: ca - 2000 - 05年>参考:网址:http://www.cert.org/advisories/ca - 2000 - 05. - html>参考:REDHAT: RHSA-2000:028-02 >参考:网址:http://www.redhat.com/support/errata/rhsa - 2000 - 028. - html>参考:报价:1188 >参考:网址:http://www.securityfocus.com/bid/1188> >网景沟通者之前版本4.73和4.07导航不>正确验证SSL证书,它允许远程攻击者>窃取信息从一个合法的web服务器>自己的恶意服务器,又名“Acros-Suencksen SSL”>脆弱性。> > > ED_PRI - 2000 - 0406 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0408 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:MISC:http://www.ussrback.com/labs40.html>参考:女士:ms00 - 030 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 030. - asp>参考:XF: iis-malformed-information-extension >参考:XF: iis-url-extension-data-dos >参考:报价:1190 >参考:网址:http://www.securityfocus.com/bid/1190> > IIS 4.05和5.0允许远程攻击者造成拒绝服务>通过长,复杂的URL,似乎包含大量文件>扩展,又名“畸形的扩展数据URL”漏洞。> > > ED_PRI - 2000 - 0408 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0419 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:女士:ms00 - 034 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 034. - asp>参考:报价:1197 >参考:网址:http://www.securityfocus.com/bid/1197> > Office 2000 UA ActiveX控件被标记为"安全的脚本、" >允许远程攻击者进行未经授权的活动通过>“给我”功能在办公室帮忙,又名“Office 2000 UA >控制”的弱点。> > > ED_PRI - 2000 - 0419 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0464 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:XF: ie-malformed-component-attribute >参考:女士:ms00 - 033 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 033. - asp>参考:报价:1223 >参考:网址:http://www.securityfocus.com/bid/1223> > Internet Explorer 4。x和5。x允许远程攻击者>执行任意命令通过一个缓冲区溢出的ActiveX参数>解析能力,又名“畸形的组件属性“>脆弱性。> > > ED_PRI - 2000 - 0464 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0465 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:XF: ie-frame-domain-verification >参考:女士:ms00 - 033 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 033. - asp>参考:报价:1224 >参考:网址:http://www.securityfocus.com/bid/1224> > Internet Explorer 4。x和5。x并正确验证域>框架在一个浏览器窗口,它允许远程攻击者通过帧读取>客户端文件,又名“帧域验证”>脆弱性。> > > ED_PRI - 2000 - 0465 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0394 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000519 RFP2K05: NetProwler vs RFProwler >参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2>参考:BUGTRAQ: 20000522 RFP2K05——NetProwler“碎片化”问题>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com>参考:XF: axent-netprowler-ipfrag-dos >参考:报价:1225 >参考:网址:http://www.securityfocus.com/bid/1225> > NetProwler 3.0允许远程攻击者造成拒绝服务>发送畸形的IP数据包,触发NetProwler >中间人签名。> > > ED_PRI - 2000 - 0394 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0407 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000512新Solaris根利用/usr/lib/lp/bin/netpr >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html>参考:XF: sol-netpr-bo >参考:报价:1200 >参考:网址:http://www.securityfocus.com/bid/1200> >缓冲区溢出在Solaris netpr程序允许本地用户>执行任意命令通过一个长—p选项。> > > ED_PRI - 2000 - 0407 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0436 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000522 MetaProducts离线浏览器目录遍历脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html>参考:确认:http://www.metaproducts.com/mpOE-HY.html>参考:报价:1231 >参考:网址:http://www.securityfocus.com/bid/1231> > MetaProducts 1.2和更早的离线浏览器允许远程攻击者>访问任意文件通过一个. .(点点)攻击。> > > ED_PRI - 2000 - 0436 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0395 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516成为CProxy v3.3 SP 2 DoS >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48 e44f0e40 01美元dc11ac@peopletel.org>参考:XF: cproxy-http-dos >参考:报价:1213 >参考:网址:http://www.securityfocus.com/bid/1213> >缓冲区溢出CProxy 3.3允许远程用户原因拒绝>服务通过一个HTTP请求。> > > ED_PRI - 2000 - 0395 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0397 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000515脆弱性EMURL-based电子邮件提供商>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html>参考:XF: emurl-account-access >参考:报价:1203 >参考:网址:http://www.securityfocus.com/bid/1203> > EMURL基于网络的电子邮件帐户的软件编码预测>在用户会话标识符的url,它允许远程攻击者>访问用户的电子邮件帐户。> > > ED_PRI - 2000 - 0397 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0400 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516微软安全缺陷吗?>参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95868514521257&w=2>参考:报价:1221 >参考:网址:http://www.securityfocus.com/bid/1221>参考:XF: ie-active-movie-control > > Microsoft Active电影ActiveX控件在Internet Explorer 5 >不限制,可以下载文件类型,它允许一个>攻击者任何类型的文件下载到用户的系统编码>在电子邮件消息或新闻文章。万博下载包> > > ED_PRI - 2000 - 0400 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0415 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000512 Outlook Express 4中溢出。*——太长文件名与扩展图形格式>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0140.html>参考:报价:1195 >参考:网址:http://www.securityfocus.com/bid/1195> >在Outlook Express 4缓冲区溢出。x允许攻击者造成>拒绝服务通过邮件或消息,jpg或bmp格式>附件长文件名。万博下载包> > > ED_PRI - 2000 - 0415 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0416 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000511 NTMail代理利用>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net>参考:报价:1196 >参考:网址:http://www.securityfocus.com/bid/1196> > NTMail 5。x允许网络用户绕过NTMail代理>限制通过重定向请求NTMail web >配置的服务器。> > > ED_PRI - 2000 - 0416 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0420 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:CF >参考:NTBUGTRAQ: 20000511国际空间站专家咨询00/26 >参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0112.html>参考:报价:1198 >参考:网址:http://www.securityfocus.com/bid/1198> > SYSKEY在Windows 2000家门店的默认配置启动>键在注册表中,这可能允许攻击者艾克佛公司的产品tor和>使用解密加密文件系统(EFS)数据。> > > ED_PRI - 2000 - 0420 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0421 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000510咨询:检查系统(blaat $ var blaat)调用Bugzilla 2.8 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html>参考:报价:1199 >参考:网址:http://www.securityfocus.com/bid/1199> > process_bug。cgi脚本在Bugzilla允许远程攻击者通过sehll元字符>执行任意命令。> > > ED_PRI - 2000 - 0421 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0424 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000514 >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil>参考:报价:1202 >参考:网址:http://www.securityfocus.com/bid/1202> > CGI柜台4.0.7乔治·Burgyan允许远程攻击者通过shell元字符>执行任意命令。> > > ED_PRI - 2000 - 0424 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0432 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516 Vuln日历。pl脚本(马特·克鲁斯压延)>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html>参考:报价:1215 >参考:网址:http://www.securityfocus.com/bid/1215> >日历。pl和calendar_admin。pl脚本由马特·>日历克鲁斯允许远程攻击者通过执行任意命令shell元字符。> > > ED_PRI - 2000 - 0432 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0434 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:CF >参考:BUGTRAQ: 20000516 Allmanage。pl漏洞>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html>参考:报价:1217 >参考:网址:http://www.securityfocus.com/bid/1217> > Allmanage网站的管理密码管理>软件存储在明文文件中可以访问远程攻击者>。> > > ED_PRI - 2000 - 0434 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0435 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000516 Allmanage。pl漏洞>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html>参考:报价:1217 >参考:网址:http://www.securityfocus.com/bid/1217> > allmanageup。pl文件上传的CGI脚本Allmanage网站>管理软件2.6可以直接调用远程攻击者>,它允许修改用户帐户或web页面。> > > ED_PRI - 2000 - 0435 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0450 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000518弗兰克-威廉姆斯:安全注意:老大哥系统和网络监控>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0216.html>参考:报价:1257 >参考:网址:http://www.securityfocus.com/bid/1257> >在老大哥bdd服务器系统漏洞和网络监控>允许攻击者执行任意命令。> > > ED_PRI - 2000 - 0450 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0451 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000518远程Dos攻击英特尔表达8100路由器>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html>参考:报价:1228 >参考:网址:http://www.securityfocus.com/bid/1228> > 8100年英特尔表达ISDN路由器允许远程攻击者造成>拒绝服务通过超大号的或分散的ICMP数据包。> > > ED_PRI - 2000 - 0451 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0452 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000518 Lotus ESMTP服务(Lotus Domino版本5.0.1(国际))>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html>参考:XF: lotus-domino-esmtp-bo >参考:报价:1229 >参考:网址:http://www.securityfocus.com/bid/1229> >缓冲区溢出的Lotus Domino服务器5.0.1 ESMTP服务>允许远程攻击者造成拒绝服务通过一个长的邮件>命令。> > > ED_PRI - 2000 - 0452 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0453 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000518肮脏XFree Xserver DoS >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html>参考:报价:1235 >参考:网址:http://www.securityfocus.com/bid/1235> > XFree86 3.3。4.0 x和允许用户通过>引起拒绝服务负计数器值的畸形TCP包发送到端口> 6000。> > > ED_PRI - 2000 - 0453 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0463 >发表:>最终决定:>阶段性裁决::>修改>提出:20000615 >分配:20000614 >类别:科幻小说>参考:BUGTRAQ: 20000517辅助安全顾问/ OS 5.0 (DoS) >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html>参考:XF: beos-tcp-frag-dos >参考:报价:1222 >参考:网址:http://www.securityfocus.com/bid/1222> > BeOS 5.0允许远程攻击者通过>分散导致拒绝服务TCP数据包。> > > ED_PRI - 2000 - 0463 3 > > >投票:接受,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船