(提案)集群RECENT-23 - 34的候选人

下面的集群包含34个候选人宣布6/6/2000和6/13/2000之间。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0472 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html参考:火山口:综援- 2000 - 016.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 016.0.txt参考:报价:1316参考:网址:http://www.securityfocus.com/bid/1316缓冲区溢出在2.2.2 innd允许远程攻击者通过取消执行任意命令请求包含一个长消息ID。ED_PRI - 2000 - 0472 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0525:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609 OpenSSH UseLogin选项允许远程访问与根特权。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html参考:OPENBSD: 20000606非默认UseLogin特性/etc/sshd_config坏了,不应该被使用。参考网址:http://www.openbsd.org/errata.html uselogin参考:报价:1334参考:网址:http://www.securityfocus.com/bid/1334OpenSSH不适当放弃特权UseLogin选项启用时,它允许本地用户提供命令执行任意命令ssh守护进程。ED_PRI - 2000 - 0525 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0532:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:CF参考:FREEBSD: FreeBSD-SA-00:21参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html参考:报价:1323参考:网址:http://www.securityfocus.com/bid/1323SSH的FreeBSD补丁2000-01-14配置SSH监听端口722端口22,这可能允许远程攻击者通过端口722访问SSH即使端口22否则过滤。ED_PRI - 2000 - 0532 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0534:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:FREEBSD: FreeBSD-SA-00:22安全咨询参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html参考:报价:1325参考:网址:http://www.securityfocus.com/bid/1325FreeBSD的apsfilter软件端口包没有正确读取用户过滤配置,它允许本地用户作为lpd用户执行命令。ED_PRI - 2000 - 0534 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0538:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000607新阿莱尔ColdFusion DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2参考:阿莱尔:ASB00-14参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full参考:报价:1314参考:网址:http://www.securityfocus.com/bid/1314ColdFusion管理员ColdFusion 4.5.1和早些时候允许远程攻击者造成拒绝服务通过登录密码。ED_PRI - 2000 - 0538 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0548:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt参考:CERT: ca - 2000 - 11参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html参考:CIAC: k - 051参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml参考:报价:1338参考:网址:http://www.securityfocus.com/bid/1338缓冲区溢出在第4 Kerberos KDC程序允许远程攻击者造成拒绝服务通过kerb_err_reply e_msg变量函数。ED_PRI - 2000 - 0548 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0549:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt参考:CERT: ca - 2000 - 11参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html参考:CIAC: k - 051参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml4 Kerberos KDC程序不正确检查空终止AUTH_MSG_KDC_REQUEST请求,它允许远程攻击者通过畸形引起拒绝服务请求。ED_PRI - 2000 - 0549 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0550:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt参考:CERT: ca - 2000 - 11参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html参考:CIAC: k - 051参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml4 Kerberos KDC程序不当释放内存的两倍(又名“双重释放”),它允许远程攻击者造成拒绝服务。ED_PRI - 2000 - 0550 1投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0497:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000612 IBM WebSphere JSP showcode脆弱性参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html参考:确认:http://www - 4. ibm.com/software/webservers/appserv/efix.html参考:报价:1328参考:网址:http://www.securityfocus.com/bid/1328IBM WebSphere服务器3.0.2允许远程攻击者视图JSP程序的源代码通过请求URL提供大写的JSP扩展。ED_PRI - 2000 - 0497 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0506:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609 Sendmail & procmail当地根利用Linux内核2.2.16pre5参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006090852340.3475 - 300000 @alfa.elzabsoft.pl参考:BUGTRAQ: 20000609 Trustix安全咨询参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html参考:BUGTRAQ: 20000608 CONECTIVA LINUX内核安全公告——参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html参考:报价:1322参考:网址:http://www.securityfocus.com/bid/1322参考:涡轮:TLSA2000013-1参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-June/000012.html之前的“能力”功能在Linux 2.2.16允许本地用户造成拒绝服务或获得特权通过设置功能,可以防止一个setuid项目放弃特权,又名的“Linux内核setuid / setcap漏洞。”ED_PRI CAN-2000-0506 2 VOTE: ================================= Candidate: CAN-2000-0515 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: CF Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org参考:BUGTRAQ: 20000608 Re: hp - ux SNMP守护进程脆弱性参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com参考:报价:1327参考:网址:http://www.securityfocus.com/bid/1327snmpd。conf配置文件为SNMP守护进程(snmpd)在hp - ux 11.0是人人可写的,它允许本地用户修改SNMP配置或获得的特权。ED_PRI - 2000 - 0515 2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0482:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000605 FW-1 IP碎片脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html参考:报价:1312参考:网址:http://www.securityfocus.com/bid/1312检查防火墙1允许远程攻击者造成拒绝服务通过发送大量的畸形的支离破碎的IP数据包。ED_PRI - 2000 - 0482 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0498:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608潜在脆弱性统一eWave ServletExec参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html参考:报价:1328参考:网址:http://www.securityfocus.com/bid/1328统一eWave ServletExec允许远程攻击者查看源代码的JSP程序请求URL提供的JSP扩展大写。ED_PRI - 2000 - 0498 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0499:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000612 BEA WebLogic JSP showcode脆弱性参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm参考:报价:1328参考:网址:http://www.securityfocus.com/bid/1328BEA WebLogic允许远程攻击者视图JSP程序的源代码通过请求URL提供大写的JSP扩展。ED_PRI - 2000 - 0499 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0502:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000607 Mcafee提醒DOS脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html参考:报价:1326参考:网址:http://www.securityfocus.com/bid/1326Mcafee VirusScan 4.03不适当限制警告文本文件发送到中央警报服务器之前,它允许本地用户以任意方式修改警报。ED_PRI - 2000 - 0502 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0503:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000606 IE 5满足安全漏洞使用IFRAME和WebBrowser控制参考:网址:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0154.html参考:报价:1311参考:网址:http://www.securityfocus.com/bid/1311IFRAME的浏览器Internet Explorer 5.01允许远程攻击者违反十字框架通过NavigateComplete2事件安全政策。ED_PRI - 2000 - 0503 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0508:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000608远程linux中DOS rpc。lockd参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html参考:报价:1372参考:网址:http://www.securityfocus.com/bid/1372rpc。lockd在Red Hat Linux 6.1和6.2允许远程攻击者通过畸形引起拒绝服务请求。ED_PRI - 2000 - 0508 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0516:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000606为Access Manager 5.0.0明文LDAP根密码。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html参考:报价:1329参考:网址:http://www.securityfocus.com/bid/1329当配置为配置信息存储在LDAP目录中,湿婆Access Manager 5.0.0存储根DN(专有名称)名和密码明文世界可读的文件,它允许本地用户妥协LDAP服务器。ED_PRI - 2000 - 0516 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0520:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000630 CONECTIVA LINUX安全公告——转储参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96240393814071&w=2参考:MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11880参考:报价:1330参考:网址:http://www.securityfocus.com/bid/1330缓冲区溢出在早些时候恢复程序0.4 b17和转储包允许本地用户执行任意命令通过一个长带子的名字。ED_PRI - 2000 - 0520 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0522:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000608潜在的DoS攻击RSA的ACE /服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c 3 c206960 050010美元ac@xtranet.co.uk参考:报价:1332参考:网址:http://www.securityfocus.com/bid/1332RSA ACE /服务器允许远程攻击者因洪水导致拒绝服务服务器的身份验证请求端口与UDP数据包,导致服务器崩溃。ED_PRI - 2000 - 0522 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0523:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000606 MDMA咨询# 6:EServ日志堆溢出漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html参考:报价:1315参考:网址:http://www.securityfocus.com/bid/1315缓冲区溢出的日志功能EServ 2.9.2早些时候,允许攻击者通过长MKD命令执行任意命令。ED_PRI - 2000 - 0523 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0526:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609 (S0ftPj Mailstudio2000 CGI漏洞。4)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html参考:报价:1335参考:网址:http://www.securityfocus.com/bid/1335mailview。2.0和更早的2000年MailStudio cgi cgi程序允许远程攻击者读取任意文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0526 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0527:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609 (S0ftPj Mailstudio2000 CGI漏洞。4)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html参考:报价:1335参考:网址:http://www.securityfocus.com/bid/1335userreg。2.0和更早的2000年MailStudio cgi cgi程序允许远程攻击者通过shell元字符执行任意命令。ED_PRI - 2000 - 0527 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0535:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:FREEBSD: FreeBSD-SA-00:25参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html参考:报价:1340参考:网址:http://www.securityfocus.com/bid/1340OpenSSL 0.9.4和OpenSSH FreeBSD不正确检查/dev/random或/dev/urandom设备的存在,FreeBSD Alpha系统上的缺席,导致他们产生弱键可能更容易破碎。ED_PRI - 2000 - 0535 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0542:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000612 ACC /爱立信底格里斯河会计失败参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html参考:报价:1345参考:网址:http://www.securityfocus.com/bid/1345底格里斯河远程访问服务器之前11.5.4.22半径不正确记录会计信息用户失败时初始登录认证,但随后成功。ED_PRI - 2000 - 0542 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0546:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt参考:CERT: ca - 2000 - 11参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html参考:CIAC: k - 051参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml参考:报价:1338参考:网址:http://www.securityfocus.com/bid/1338缓冲区溢出在第4 Kerberos KDC程序允许远程攻击者造成拒绝服务通过set_tgtkey lastrealm变量函数。ED_PRI - 2000 - 0546 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0547:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt参考:CERT: ca - 2000 - 11参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html参考:CIAC: k - 051参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml参考:报价:1338参考:网址:http://www.securityfocus.com/bid/1338缓冲区溢出在第4 Kerberos KDC程序允许远程攻击者造成拒绝服务通过process_v4 localrealm变量函数。ED_PRI - 2000 - 0547 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0552:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000606 ICQ2000A ICQmail temparary互联网链接vulnearbility参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html参考:报价:1307参考:网址:http://www.securityfocus.com/bid/1307ICQwebmail客户机ICQ 2000创建一个世界可读期间临时文件登录,不删除它,它允许本地用户获取敏感信息。ED_PRI - 2000 - 0552 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0554:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0010: DoS &路径暴露弱点同乐会v2.60a参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html参考:报价:1320参考:网址:http://www.securityfocus.com/bid/1320同乐会允许远程攻击者获得的真实路径通过translated_path同乐会目录隐藏表单字段。ED_PRI - 2000 - 0554 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0555:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0010: DoS &路径暴露弱点同乐会v2.60a参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html参考:报价:1320参考:网址:http://www.securityfocus.com/bid/1320同乐会允许远程攻击者造成拒绝服务通过大量的POST请求。ED_PRI - 2000 - 0555 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0558:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0012:在惠普BufferOverrun Openview网络节点经理v6.1参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html参考:报价:1317参考:网址:http://www.securityfocus.com/bid/1317缓冲区溢出在惠普Openview网络节点管理器6.1允许远程攻击者执行任意命令通过报警服务(OVALARMSRV)在端口2345上。ED_PRI - 2000 - 0558 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0559:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000607 SessionWall-3纸+(链接)代码参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bso.4.21.0006072124320.28062 - 100000 @bearclaw.bogus.net参考:报价:1341参考:网址:http://www.securityfocus.com/bid/1341入侵检测系统(原SessionWall-3)使用弱加密(XOR)来存储管理密码在注册表中,它允许本地用户轻松地解密密码。ED_PRI - 2000 - 0559 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0563:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000609安全漏洞中发现URLConnection MRJ和IE的Mac OS (Re:再现老IE安全漏洞)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html参考:BUGTRAQ: 20000513 Re:再现老IE安全缺陷参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-8&msg=391C95DE2DA.5E3BTAKAGI@java-house.etl.go.jp参考:报价:1336参考:网址:http://www.securityfocus.com/bid/1336在MacOS URLConnection函数运行时Java (MRJ) 2.1和更早的和微软虚拟机(VM) MacOS允许恶意网站运营商连接到任意主机使用HTTP重定向,违反Java安全模型。ED_PRI - 2000 - 0563 3投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0565:最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000613 SmartFTP守护进程v0.2 Beta 9 -远程利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html参考:报价:1344参考:网址:http://www.securityfocus.com/bid/1344SmartFTP守护进程0.2允许本地用户访问任意文件上传并指定另一个用户配置文件通过一个. .(点点)攻击。ED_PRI - 2000 - 0565 3投票: