(日期:][下一个日期][线程:][线程下][日期索引][线程索引]

(临时)接受22遗留候选人最后(7/12)



我临时决定接受以下22遗留候选人从不同的集群。我将在7月12日做出最终决定。其中大部分来自Linux集群- 99(1999报告来自Linux供应商)和与供应商确认最小2接受投票。集群的故障如下:2乘2 VERIFY-BUGTRAQ 1 VERIFY-TOOL 1 CERT2 20 linux - 99选民:墙等待(1)征收接受(1)Ozancin接受(1)科尔接受(1)无操作(1)默接受(1)Stracener接受(21)弗雷希接受(6)修改(16)Christey修改(2)等待(7)Northcutt等待(1)阿姆斯特朗等待(1)普罗塞接受(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0247:最终决定:阶段性裁决:20000707修改:20000706 - 02年提议:19990728分配:19990607类别:科幻参考:奈:19970721酒店新闻服务器漏洞参考:网址:万博下载包http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp参考:XF: inn-bo缓冲区溢出在旅店nnrpd项目多达1.6版允许远程用户执行任意命令。修改:ADDREF奈:17添加版本号CHANGEREF奈:17(规范化)ADDREF XF: inn-bo推断行动:- 1999 - 0247 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Northcutt评论:弗雷希> XF: inn-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0378:最终决定:阶段性裁决:20000707修改:20000106 - 01提议:19990728分配:19990607类别:科幻参考:BUGTRAQ: 19990222而言,咨询——内扫描VirusWall参考:BUGTRAQ: 19990225块的内扫描VirusWall Unix可以参考:XF: viruswall-http-request内扫描VirusWall Solaris不文件进行病毒扫描当一个HTTP请求包含两个命令。修改:ADDREF XF: viruswall-http-request ADDREF BUGTRAQ: 19990225块的内扫描VirusWall为Unix可以推断行动:- 1999 - 0378 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: viruswall-http-request = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0387:最终决定:阶段性裁决:20000707修改:20000626 - 02年提议:19990728分配:19990607类别:科幻参考:女士:ms99 - 052参考:网址:http://www.microsoft.com/technet/security/bulletin/ms99 - 052. - asp参考:MSKB: Q168115参考:报价:829参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=829参考:XF: 9 x-plaintext-pwd遗留凭证缓存机制用于Windows 95, Windows 98系统允许攻击者读取明文网络密码。修改:ADDREF女士:ms99 - 052 ADDREF MSKB: Q168115 ADDREF报价:829 ADDREF XF: 9 x-plaintext-pwd推断行动:- 1999 - 0387 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)Christey,墙,科尔评论:弗雷希>术语“遗产”是模糊的,可以解释。需要建立这个漏洞的引用。Christey >添加参考文献。有趣的是,这个候选人是安排6月7日,1999年,但没有引用到微软咨询11月下旬。我失去了原来的参考。弗雷希> XF: 9 x-plaintext-pwd = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0415:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:19990623分配:19990607类别:科幻参考:国际空间站:19990311远程重构和拒绝服务漏洞700年思科ISDN路由器参考:思科:19990311思科7 xx TCP和HTTP漏洞参考:网址:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml参考:CIAC: j - 034参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 034. shtml参考:XF: cisco-router-commands参考:XF: cisco-web-config思科7中的HTTP服务器xx系列路由器3.2到4.2在缺省情况下是启用的,它允许远程攻击者改变路由器的配置。修改:ADDREF思科:19990311思科7 xx TCP和HTTP漏洞ADDREF CIAC: j - 034 ADDREF XF: cisco-router-commands ADDREF XF: cisco-web-config CHANGEREF ISS(规范化)DESC重述推断行动:- 1999 - 0415 ACCEPT_ACK (2, 3 ack, 0评论)目前投票:接受(1)Stracener修改(2)抑郁症,Christey评论:弗雷希>参考:国际空间站:March11, 1999(符合集群1 - 1999 - 0008)XF: cisco-router-commands XF: cisco-web-config Christey > ADDREF思科:19990311思科7 xx TCP和HTTP URL漏洞:http://www.cisco.com/warp/public/770/7xxconn-pub.shtmlADDREF CIAC: j - 034 ADDREF URL:http://ciac.llnl.gov/ciac/bulletins/j - 034. shtml考虑这样的描述:HTTP服务器在思科7 xx系列路由器3.2到4.2在缺省情况下是启用的,它允许远程攻击者改变路由器的配置。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0416:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:19990623分配:19990607类别:科幻参考:国际空间站:19990311远程重构和拒绝服务漏洞700年思科ISDN路由器参考:思科:19990311思科7 xx TCP和HTTP漏洞参考:网址:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml参考:CIAC: j - 034参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 034. shtml参考:XF: cisco-web-crash脆弱性在思科7 xx系列路由器允许远程攻击者导致系统重新加载通过TCP连接到路由器的TELNET端口。修改:ADDREF思科:19990311思科7 xx TCP和HTTP漏洞ADDREF CIAC: j - 034 ADDREF XF: cisco-web-crash CHANGEREF ISS(规范化)DESC重述推断行动:- 1999 - 0416 ACCEPT_ACK (2, 3 ack, 0评论)目前投票:接受(1)Stracener修改(2)抑郁症,Christey评论:弗雷希>参考:国际空间站:March11, 1999 XF: cisco-web-crash Christey > ADDREF思科:19990311思科7 xx TCP和HTTP的漏洞http://www.cisco.com/warp/public/770/7xxconn-pub.shtmlADDREF CIAC: j - 034http://ciac.llnl.gov/ciac/bulletins/j - 034. shtml考虑这样的描述:脆弱性在思科7 xx系列路由器允许远程攻击者导致系统重新加载通过TCP连接到路由器的TELNET端口。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0959:最终决定:阶段性裁决:20000707修改:20000626 - 01提议:19991208分配:19991208类别:科幻参考:AUSCERT: aa - 97 - 05参考:SGI: 19980301 - 01 - px参考:XF: irix-startmidi-file-creation IRIX startmidi程序允许本地用户修改任意文件通过一个符号链接攻击。修改:ADDREF XF: irix-startmidi-file-creation DESC删除stopmidi推断行动:- 1999 - 0959能接受(6接受,2 ack, 0评论)目前投票:接受(5)科尔,Ozancin,普罗塞,Stracener,贝弗伦奇等待修改(1)(2)阿姆斯特朗,Christey评论:弗雷希> XF: irix-startmidi-file-creation Christey >看来CD: SF-EXEC应用在这里,但错误只是在startmidi stopmidi。所以摆脱stopmidi描述。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0352:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:BUGTRAQ: 19991117松:扩大env var URL(似乎是固定的4.21)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.9911171818220.12375 - 100000 @ray.compu aid.com参考:火山口:综援- 1999 - 036.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 036.0.txt参考:SUSE: 19991227安全漏洞在松树< 4.21参考:网址:http://www.suse.de/de/support/security/suse_security_announce_36.txt参考:XF: pine-remote-exe参考:报价:810参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=810松前4.21版本不正确过滤shell元字符的URL,它允许远程攻击者执行任意命令通过一个畸形的URL。修改:ADDREF XF: pine-remote-exe推断行动:- 2000 - 0352 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: pine-remote-exe = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0353:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html参考:SUSE: 19990628松4中执行的命令。x参考:网址:http://www.suse.de/de/support/security/suse_security_announce_6.txt参考:SUSE: 19990911更新松(固定IMAP支持)参考资料:网址:http://www.suse.de/de/support/security/pine_update_announcement.txt参考报价:1247参考:XF: pine-lynx-execute-commands松4。x允许远程攻击者通过索引执行任意命令。html文件执行猞猁和获得一个uudecoded文件从一个恶意的web服务器,然后执行的松树。修改:ADDREF报价:1247 ADDREF XF: pine-lynx-execute-commands推断行动:- 2000 - 0353 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Christey评论:Christey > ADDREF报价:1247法国人> XF: pine-lynx-execute-commands = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0354:最终决定:阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:BUGTRAQ: 19990928镜子2.9孔参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru参考:DEBIAN: 19991018错误的目录名称处理在镜子参考:网址:http://www.debian.org/security/1999/19991018参考:SUSE: 19991001安全漏洞在镜子参考:网址:http://www.suse.de/de/support/security/suse_security_announce_22.txt参考:报价:681参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=6812.8参考:XF: mirror-perl-remote-file-creation镜子。x在Linux系统允许远程攻击者创建文件一个级别高于当地的目标目录。推断行动:- 2000 - 0354 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0356:最终决定:阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:REDHAT: RHSA-1999:040参考:网址:http://www.securityfocus.com/templates/advisory.html?id=1789参考:XF: linux-pam-nis-login参考:报价:697参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=697可插入的身份验证模块(PAM)在Red Hat Linux 6.1不正确锁禁用NIS账户的访问权限。推断行动:- 2000 - 0356 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0359:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:BUGTRAQ: 19991113 thttpd 2.04堆栈溢出(VD # 6)参考:网址:http://archives.neohapsis.com/archives/bugtraq/1626.html参考:SUSE: 19991116安全漏洞thttpd 1.90 - 2.04参考:网址:http://www.suse.de/de/support/security/suse_security_announce_30.txt参考:XF: thttpd-ifmodifiedsince-header-dos参考:报价:1248缓冲区溢出在琐碎的HTTP (THTTPd)允许远程攻击者造成拒绝服务或执行任意命令通过一个if - modified - since头。修改:ADDREF报价:1248 ADDREF XF: thttpd-ifmodifiedsince-header-dos推断行动:- 2000 - 0359 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Christey评论:Christey > ADDREF报价:1248法国人> XF: thttpd-ifmodifiedsince-header-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0360:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:SUSE: 19991124安全漏洞在旅店< = 2.2.1参考:网址:http://www.suse.de/de/support/security/suse_security_announce_34.txt参考:火山口:综援- 1999 - 038.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 038.0.txt参考:XF: inn-remote-dos参考:报价:1249在客栈2.2.1缓冲区溢出,早些时候允许远程攻击者通过恶意格式化导致拒绝服务。修改:ADDREF报价:1249 ADDREF XF: inn-remote-dos推断行动:- 2000 - 0360 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Christey评论:Christey > ADDREF报价:1249法国人> XF: inn-remote-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0361:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:SUSE: 19991214安全漏洞在wvdial < = 1.4参考:网址:http://www.suse.de/de/support/security/suse_security_announce_35.txt参考:XF: wvdial-gain-dialup-info PPP wvdial。lxdialog早些时候在wvdial 1.4和脚本创建一个. config文件与世界可读权限,dialout组的本地攻击者可以访问登录和密码信息。修改:ADDREF XF: wvdial-gain-dialup-info推断行动:- 2000 - 0361 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: wvdial-gain-dialup-info = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0362:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:SUSE: 19991019安全漏洞在cdwtools < 093参考:网址:http://www.suse.de/de/support/security/suse_security_announce_25.txt参考:报价:738参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=738参考:XF:早在093年Linux cdwtools linux-cdda2cdr缓冲区溢出,允许本地用户获得根权限。修改:ADDREF XF: linux-cdda2cdr推断行动:- 2000 - 0362 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: linux-cdda2cdr = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0363:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:SUSE: 19991019安全漏洞在cdwtools < 093参考:网址:http://www.suse.de/de/support/security/suse_security_announce_25.txt参考:报价:738参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=738参考:XF: linux-cdda2cdr Linux cdwtools 093年早些时候,允许本地用户获得根权限通过/ tmp目录。修改:ADDREF XF: linux-cdda2cdr推断行动:- 2000 - 0363 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: linux-cdda2cdr = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0366:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:DEBIAN: 19991202问题恢复符号链接参考:网址:http://www.debian.org/security/1999/19991202参考:XF: debian-dump-modify-ownership转储在Debian Linux 2.1不正确恢复符号链接,它允许本地用户修改任意文件的所有权。修改:ADDREF XF: debian-dump-modify-ownership推断行动:- 2000 - 0366 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: debian-dump-modify-ownership = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0367:最终决定:阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:DEBIAN: 19990218根利用eterm参考:网址:http://www.debian.org/security/1999/19990218参考:XF: linux-eterm脆弱性eterm 0.8.8在Debian Linux允许攻击者获得根权限。推断行动:- 2000 - 0367 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0370:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 001.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 001.0.txt参考报价:1268参考:XF: caldera-smail-rmail-command火山口Linux简讯邮件中的调试选项允许远程攻击者通过shell元字符执行命令的- d选项rmail命令。修改:ADDREF报价:1268 ADDREF XF: caldera-smail-rmail-command推断行动:- 2000 - 0370 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Christey评论:Christey > ADDREF报价:1268网址:http://www.securityfocus.com/bid/1268弗雷希> XF: caldera-smail-rmail-command = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0371:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 005.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 005.0.txt参考报价:1269参考:XF: kde-mediatool libmediatool库用于KDE mediatool允许本地用户创建任意文件通过一个符号链接攻击。修改:ADDREF报价:1269推断行动:- 2000 - 0371 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)Stracener,弗雷希无操作(1)Christey评论:Christey >报价:1269 ADDREF网址:http://www.securityfocus.com/bid/1269= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0372:最终决定:阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 014.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 014.0.txt参考:XF: linux-rmt参考:网址:http://xforce.iss.net/static/2268.php脆弱性在火山口rmt在转储命令包0.4 b4允许本地用户获得根权限。推断行动:- 2000 - 0372 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0373:最终决定:阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 015.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 015.0.txt参考:REDHAT: RHSA-1999:015-01参考:网址:http://www.redhat.com/support/errata/RHSA1999015_01.html参考:XF: kde-kvt参考:网址:http://xforce.iss.net/static/2266.php在KDE kvt终端程序漏洞允许本地用户获得根权限。推断行动:- 2000 - 0373 ACCEPT_ACK(2接受,2 ack, 0评论)目前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0374:最终决定:阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:CF参考:火山口:综援- 1999 - 021.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 021.0.txt参考:XF: caldera-kdm-default-configuration股在火山口的默认配置Linux允许从任何主机XDMCP连接,允许远程攻击者获取敏感信息或绕过额外的访问限制。修改:ADDREF XF: caldera-kdm-default-configuration推断行动:- 2000 - 0374 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: caldera-kdm-default-configuration

页面最后更新或审查:2007年5月22日,