再保险(建议):集群RECENT-22 - 33的候选人

* Steven m . Christey (coley@LINUS.MITRE.ORG)[000712 02:06]: >以下集群包含33个候选人,宣布> 5/21/2000和6/5/2000之间。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0467 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000614 Splitvt exploit > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html>参考:DEBIAN: 20000605根利用splitvt >参考:网址:http://www.debian.org/security/2000/20000605a>参考:报价:1346 >参考:网址:http://www.securityfocus.com/bid/1346> >缓冲区溢出在Linux splitvt 1.6.3早些时候,允许本地用户>获得根权限通过长期在屏幕锁定密码>函数。> > > ED_PRI - 2000 - 0467 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0495 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:女士:ms00 - 038 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 038. - asp>参考:报价:1282 >参考:网址:http://www.securityfocus.com/bid/1282> >微软Windows媒体编码器允许远程攻击者通过畸形导致>拒绝服务请求,又名“畸形的Windows >媒体编码器请求”的弱点。> > > ED_PRI - 2000 - 0495 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0517 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:CERT: ca - 2000 - 08年>参考:网址:http://www.cert.org/advisories/ca - 2000 - 08. - html>参考:报价:1260 >参考:网址:http://www.securityfocus.com/bid/1260> > Netscape 4.73和更早的不适当的警告用户>可能无效的证书如果用户此前接受>不同网站的证书,这可能允许远程攻击者>恶搞一个合法的网站,网站> DNS信息的影响。> > > ED_PRI - 2000 - 0517 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0518 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:女士:ms00 - 039 >参考:http://www.microsoft.com/technet/security/bulletin/ms00 - 039. - asp>参考:报价:1309 >参考:网址:http://www.securityfocus.com/bid/1309> > Internet Explorer 4.0和5.0不正确验证所有内容> SSL证书如果连接到服务器通过一个图像>或框架,即两种不同的“SSL证书验证”>漏洞。> > > ED_PRI - 2000 - 0518 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0519 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:女士:ms00 - 039 >参考:http://www.microsoft.com/technet/security/bulletin/ms00 - 039. - asp>参考:报价:1309 >参考:网址:http://www.securityfocus.com/bid/1309> > Internet Explorer 4.0和5.0不正确re-validate SSL证书>如果用户建立了一个新的具有相同> SSL会话服务器在同一ie浏览器会话,即两种不同> SSL证书验证漏洞。> > > ED_PRI - 2000 - 0519 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0530 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000531 KDE:: KApplication特性?>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html>参考:火山口:综援- 2000 - 015.0 >参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 015.0.txt>参考:报价:1291 >参考:网址:http://www.securityfocus.com/bid/1291> >在KDE 1.1.2 KApplication类配置文件管理>功能允许本地用户覆盖任意文件。> > > ED_PRI - 2000 - 0530 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0537 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000606 BRU脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html>参考:火山口:综援- 2000 - 018.0 >参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 018.0.txt>参考:报价:1321 >参考:网址:http://www.securityfocus.com/bid/1321> > BRU备份软件允许本地用户附加数据任意>文件通过指定一个替代> BRUEXECLOG环境变量配置文件。> > > ED_PRI - 2000 - 0537 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0545 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000602 /usr/bin/Mail利用Slackware 7.0 (mail-slack.c) >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0435.html>参考:DEBIAN: 20000605 mailx:邮件组利用mailx >参考:网址:http://www.debian.org/security/2000/20000605>参考:报价:1305 >参考:网址:http://www.securityfocus.com/bid/1305> >在mailx邮件命令缓冲区溢出(又名邮件)在Linux系统>允许本地用户获得特权通过长- c(副本)>参数。> > > ED_PRI - 2000 - 0545 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0474 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000601远程DoS攻击在真正的网络服务器(罢工# 2)脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html>参考:BUGTRAQ: 20000601远程RealServer DoS攻击:苏联- 2000043 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html>参考:报价:1288 >参考:网址:http://www.securityfocus.com/bid/1288> >真正的网络RealServer 7。x允许远程攻击者通过畸形引起拒绝服务>请求一个页面在viewsource >目录。> > > ED_PRI - 2000 - 0474 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0486 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000530 TACACS +协议及其实现的分析>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html>参考:确认:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html>参考:报价:1293 >参考:网址:http://www.securityfocus.com/bid/1293> >缓冲区溢出在思科TACACS + tac_plus服务器允许远程攻击者>引起拒绝服务通过一个畸形数据包长度>字段。> > > ED_PRI - 2000 - 0486 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0505 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000603 Re: IBM HTTP SERVER或APACHE >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsf.4.20.0006031912360.45740 - 100000 @alive.znep.com>参考:报价:1284 >参考:网址:http://www.securityfocus.com/bid/1284> > Apache 1.3。x HTTP服务器在Windows平台允许远程攻击者>列出目录的内容通过请求的URL包含>大量/字符。> > > ED_PRI - 2000 - 0505 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0536 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:确认:http://www.synack.net/xinetd/>参考:报价:1381 >参考:网址:http://www.securityfocus.com/bid/1381> > xinetd 2.1.8。如果主机名> x不适当限制连接用于访问控制和连接主机没有>反向DNS条目。> > > ED_PRI - 2000 - 0536 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0468 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000601惠普安全漏洞的人命令>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.sol.4.02.10006021014400.4779 - 100000 @nofud.nwest.attws.com>参考:报价:1302 >参考:网址:http://www.securityfocus.com/bid/1302> >人在hp - ux 10.20和11允许本地攻击者覆盖文件>通过一个符号链接攻击。> > > ED_PRI - 2000 - 0468 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0470 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000601硬件开发,得到网络>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html>参考:报价:1290 >参考:网址:http://www.securityfocus.com/bid/1290> >快板RomPager HTTP服务器允许远程攻击者通过畸形引起拒绝服务>身份验证请求。> > > ED_PRI - 2000 - 0470 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0476 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000601 [rootshell.com] Xterm DoS攻击>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html>参考:报价:1298 >参考:网址:http://www.securityfocus.com/bid/1298> > xterm、Eterm rxvt允许攻击者造成拒绝服务>通过嵌入特定的转义字符,迫使窗口>调整大小。> > > ED_PRI - 2000 - 0476 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0481 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:VULN-DEV: 20000601 Kmail堆溢出>参考:网址:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez>参考:报价:1380 >参考:网址:http://www.securityfocus.com/bid/1380> >缓冲区溢出在KDE Kmail允许远程攻击者造成>拒绝服务通过附件长文件名。> > > ED_PRI - 2000 - 0481 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0487 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:女士:ms00 - 032 >参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 032. - asp>参考:报价:1295 >参考:网址:http://www.securityfocus.com/bid/1295> >保护存储在Windows 2000不正确选择>最强的加密可用时,导致它使用默认> 40位加密而不是56位DES加密,又名>“受保护的存储关键长度”的弱点。> > > ED_PRI - 2000 - 0487 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0488 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000601 DST2K0007:缓冲区溢出在ITHouse邮件服务器v1.04 >参考:网址:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html>参考:报价:1285 >参考:网址:http://www.securityfocus.com/bid/1285> >缓冲区溢出ITHouse邮件服务器1.04允许远程攻击者>执行任意命令通过一个长收件人邮件命令。> > > ED_PRI - 2000 - 0488 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0489 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 19990826当地DoS在FreeBSD >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.9908270039010.16315 - 100000 @thetis.deor.org>参考:BUGTRAQ: 20000601当地FreeBSD, Openbsd, NetBSD, DoS漏洞- Mac OS X的影响>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com>参考:报价:622 >参考:网址:http://www.securityfocus.com/bid/622> > FreeBSD, NetBSD, OpenBSD允许攻击者造成拒绝服务>通过创建大量的套接字对使用> socketpair函数,通过setsockopt设置大型缓冲区大小,然后>写大的缓冲区。> > > ED_PRI - 2000 - 0489 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0490 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000601 Netwin Dmail包>引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html>参考:报价:1297 >参考:网址:http://www.securityfocus.com/bid/1297> >中的缓冲区溢出NetWin DSMTP 2.7 q NetWin dmail包>允许远程攻击者执行任意命令通过一个长ETRN >请求。> > > ED_PRI - 2000 - 0490 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0491 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000521“gdm”远程洞>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html>参考:SUSE: 20000524安全漏洞在gdm < = 2.0 beta4-25 >参考:网址:http://www.suse.de/de/support/security/suse_security_announce_49.txt>参考:BUGTRAQ: 20000607 Conectiva Linux安全公告- gdm >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html>参考:火山口:综援- 2000 - 013.0 >参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 013.0.txt>参考:报价:1233 >参考:网址:http://www.securityfocus.com/bid/1233>参考:报价:1279 >参考:网址:http://www.securityfocus.com/bid/1279>参考:报价:1370 >参考:网址:http://www.securityfocus.com/bid/1370> > XDMCP解析代码缓冲区溢出的GNOME gdm, KDE kdm, > wdm允许远程攻击者执行任意命令或导致>通过长FORWARD_QUERY拒绝服务请求。> > > ED_PRI - 2000 - 0491 3 > > >投票:修改出价1233 vulns与其他的不同。出价1233使用FORWARD_QUERY请求溢出in_addr结构通过memmove守护进程/ xdmcp。c, gdm_xdmcp_handle_forward_query ()。1370年收购的缓冲区溢出xdmcp sprintf。c, send_failed ()。> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0492 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609不安全的加密密码v1.2 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0450.html>参考:报价:1300 >参考:网址:http://www.securityfocus.com/bid/1300> > PassWD 1.2使用弱加密(简单编码)来存储密码,>允许攻击者可以读取密码文件easliy >解密密码。> > > ED_PRI - 2000 - 0492 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0493 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:VULN-DEV: 20000601脆弱性SNTS >参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html>参考:报价:1289 >参考:网址:http://www.securityfocus.com/bid/1289> >缓冲区溢出在简单网络时间同步(smt)守护进程允许>远程攻击者通过长命令导致拒绝服务。> > > ED_PRI - 2000 - 0493 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0507 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000601 DST2K0006:拒绝服务可能在实践上邮箱服务器>参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2>参考:报价:1286 >参考:网址:http://www.securityfocus.com/bid/1286> >上邮箱服务器2.5允许远程攻击者引起的否定>服务通过一个长直升机命令。> > > ED_PRI - 2000 - 0507 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0509 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000601 DST2K0008:缓冲区溢出的水鹿Server 4.3 >参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95990103207665&w=2>参考:报价:1287 >参考:网址:http://www.securityfocus.com/bid/1287> >缓冲区溢出在手指和域名查询服务示范脚本>水鹿Server 4.3允许远程攻击者执行任意命令>通过主机名。> > > ED_PRI - 2000 - 0509 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0521 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000605 MDMA咨询# 5:阅读专家网络服务器下的CGI脚本>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html>参考:报价:1313 >参考:网址:http://www.securityfocus.com/bid/1313莎凡特> > web服务器允许远程攻击者阅读源代码的CGI >脚本通过GET请求,不包括HTTP版本>号。> > > ED_PRI - 2000 - 0521 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0524 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000604 Microsoft Outlook(表达)错误. .>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0045.html>参考:报价:1333 >参考:网址:http://www.securityfocus.com/bid/1333> >微软Outlook和Outlook Express允许远程攻击者造成>拒绝服务通过发送电子邮件消息等> BCC空白字段,应答,回传)或从。> > > ED_PRI - 2000 - 0524 3 > > >投票:有很多人,虽然有些也不能重现问题。更多的研究(如实际测试)可能是必需的。> = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0544 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000604匿名SMBwriteX DoS >参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0231.html>参考:报价:1304 >参考:网址:http://www.securityfocus.com/bid/1304> > Windows NT和Windows 2000主机允许远程攻击者通过畸形导致>拒绝服务DCE / RPC SMBwriteX请求包含无效数据长度>。> > > ED_PRI - 2000 - 0544 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0551 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000523我想>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html>参考:报价:1263 >参考:网址:http://www.securityfocus.com/bid/1263> >中的文件传输机制Danware朋友6.0没有提供>认证,远程攻击者可以访问和修改>任意文件。> > > ED_PRI - 2000 - 0551 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0553 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:未知>参考:BUGTRAQ: 20000525安全漏洞IPFilter 3.3.15和3.4.3 >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html>参考:报价:1308 >参考:网址:http://www.securityfocus.com/bid/1308> >早些时候在IPFilter防火墙3.4.3和竞争条件,当配置>重叠的“return-rst”和“保持状态”规则,允许远程攻击者绕过访问限制。> > > ED_PRI - 2000 - 0553 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0556 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000608 DST2K0011: DoS & BufferOverrun CMail v2.4.7邮箱>参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html>参考:确认:http://www.computalynx.net/万博下载包news/Jun2000/news0806200001.html>参考:报价:1319 >参考:网址:http://www.securityfocus.com/bid/1319> >缓冲区溢出的web界面Cmail 2.4.7允许远程攻击者>引起拒绝服务通过发送大量用户名>用户对话框运行在端口8002上。> > > ED_PRI - 2000 - 0556 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0557 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000608 DST2K0011: DoS & BufferOverrun CMail v2.4.7邮箱>参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html>参考:报价:1318 >参考:网址:http://www.securityfocus.com/bid/1318> >缓冲区溢出的web界面Cmail 2.4.7允许远程攻击者>执行任意命令通过一个GET请求。> > > ED_PRI - 2000 - 0557 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0564 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000529 ICQ Web前端远程DoS攻击弱点>参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0218.html> >留言板CGI程序在ICQ Web服务ICQ 2000面前,99 b、>和其他允许远程攻击者造成拒绝服务通过一个URL >长名称参数。> > > ED_PRI - 2000 - 0564 3 > > >投票:回顾,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船