再保险(建议):集群RECENT-23 - 34的候选人

* Steven m . Christey (coley@LINUS.MITRE.ORG)[000712 02:12]: >以下集群包含34个候选人,宣布> 6/6/2000和6/13/2000之间。> >中所列出的候选人优先秩序。优先级1和优先级> 2的候选人都应对不同层次的供应商>确认,所以他们应该易于检查和可以信任的>,问题是真实的。> >如果你发现任何RECENT-XX集群与尊重>是不完整的过程中发现的问题相关的时间框架,请>信息发送给我,这样候选人可以转让。> > -史蒂夫> > >总结的选票使用(“严重程度”的按升序)> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > >接受——选民接受候选人提出>等待-选民对候选人没有意见>修改-选民想要改变一些小细节(例如参考/描述)>回顾-选民正在审查/研究候选人,或需要更多信息>重塑-候选人必须大幅修改,如分割或合并>拒绝候选人不是“漏洞”,或重复等。> > 1)请写你的投票在直线上,从“投票:”开始。如果>你想添加评论或细节,将它们添加到行>后投票:行。> > 2)如果你看到任何失踪的引用,请提及他们,使他们>可以包括在内。在映射引用帮助极大。> > 3)请注意,“修改”被视为一个“接受”当计算选票。>如果你没有足够的信息对候选人但你>不想等待,使用一个回顾。 > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0472 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html>参考:火山口:综援- 2000 - 016.0 >参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 016.0.txt>参考:报价:1316 >参考:网址:http://www.securityfocus.com/bid/1316> >缓冲区溢出在2.2.2 innd允许远程攻击者>执行任意命令通过取消请求包含一个长消息ID。> > > ED_PRI - 2000 - 0472 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0525 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609 OpenSSH的UseLogin选项允许远程访问根特权。>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html>参考:OPENBSD: 20000606非默认UseLogin特性/etc/sshd_config坏了,不应该被使用。>参考:网址:http://www.openbsd.org/errata.html uselogin>参考:报价:1334 >参考:网址:http://www.securityfocus.com/bid/1334> > OpenSSH不适当放弃特权> UseLogin选项启用时,它允许本地用户执行任意命令通过>提供ssh守护进程的命令。> > > ED_PRI - 2000 - 0525 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0532 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:CF >参考:FREEBSD: FreeBSD-SA-00:21 >参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html>参考:报价:1323 >参考:网址:http://www.securityfocus.com/bid/1323> > 2000-01-14配置SSH的FreeBSD补丁监听端口> 722端口22,这可能允许远程攻击者通过端口722访问> SSH即使端口22否则过滤。> > > ED_PRI - 2000 - 0532 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0534 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:FREEBSD: FreeBSD-SA-00:22安全咨询>参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html>参考:报价:1325 >参考:网址:http://www.securityfocus.com/bid/1325> > apsfilter软件在FreeBSD港口包不正确>阅读用户过滤配置,它允许本地用户执行>命令lpd用户。> > > ED_PRI - 2000 - 0534 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0538 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000607新阿莱尔ColdFusion DoS >参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2>参考:阿莱尔:ASB00-14 >参考:网址:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full>参考:报价:1314 >参考:网址:http://www.securityfocus.com/bid/1314> > ColdFusion管理员ColdFusion 4.5.1和早些时候允许远程攻击者>引起拒绝服务通过一个长>登录密码。> > > ED_PRI - 2000 - 0538 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0548 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html>参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt>参考:CERT: ca - 2000 - 11 >参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html>参考:CIAC: k - 051 >参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml>参考:报价:1338 >参考:网址:http://www.securityfocus.com/bid/1338> >缓冲区溢出在第4 Kerberos KDC程序允许远程攻击者>引起拒绝服务通过kerb_err_reply > e_msg变量函数。> > > ED_PRI - 2000 - 0548 1 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0549 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html>参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt>参考:CERT: ca - 2000 - 11 >参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html>参考:CIAC: k - 051 >参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml4 > > Kerberos KDC程序不正确检查空终止> AUTH_MSG_KDC_REQUEST请求,它允许远程攻击者通过一个畸形的原因>拒绝服务请求。> > > ED_PRI - 2000 - 0549 1 > > >投票:回顾> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0550 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html>参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt>参考:CERT: ca - 2000 - 11 >参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html>参考:CIAC: k - 051 >参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml4 > > Kerberos KDC程序不当释放内存的两倍(又名>“双重释放”),它允许远程攻击者造成拒绝服务>。> > > ED_PRI - 2000 - 0550 1 > > >投票:REVIWEING > > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0497 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000612 IBM WebSphere JSP showcode脆弱性>参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html>参考:确认:http://www - 4. ibm.com/software/webservers/appserv/efix.html>参考:报价:1328 >参考:网址:http://www.securityfocus.com/bid/1328> > IBM WebSphere服务器3.0.2允许远程攻击者查看源代码> JSP程序的代码通过请求URL提供JSP >扩展在大写。> > > ED_PRI - 2000 - 0497 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0506 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609 Sendmail & procmail当地根利用Linux内核2.2.16pre5 >参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0006090852340.3475 - 300000 @alfa.elzabsoft.pl>参考:BUGTRAQ: 20000609 Trustix安全咨询>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html>参考:BUGTRAQ: 20000608 CONECTIVA LINUX内核安全公告——>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html>参考:报价:1322 >参考:网址:http://www.securityfocus.com/bid/1322>参考:涡轮:TLSA2000013-1 >参考:网址:http://www.turbolinux.com/pipermail/tl-security-announce/2000-June/000012.html> >“能力”功能在Linux 2.2.16允许本地用户>引起拒绝服务或获得特权通过设置>功能防止setuid计划放弃特权,又名>的“Linux内核setuid / setcap漏洞。”>>>ED_PRI CAN-2000-0506 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0515 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: CF > Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org>参考:BUGTRAQ: 20000608 Re: hp - ux SNMP守护进程脆弱性>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com>参考:报价:1327 >参考:网址:http://www.securityfocus.com/bid/1327> > snmpd。conf配置文件在hp - ux SNMP守护进程(snmpd) > 11.0是人人可写的,它允许本地用户修改SNMP >配置或获得的特权。> > > ED_PRI - 2000 - 0515 2 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0482 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000605 FW-1 IP碎片脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html>参考:报价:1312 >参考:网址:http://www.securityfocus.com/bid/1312> >查看防火墙1点允许远程攻击者导致拒绝>服务通过发送大量畸形支离破碎的IP数据包。> > > ED_PRI - 2000 - 0482 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0498 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000608潜在脆弱性统一eWave ServletExec >参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html>参考:报价:1328 >参考:网址:http://www.securityfocus.com/bid/1328> >统一eWave ServletExec允许远程攻击者查看源代码> JSP程序的请求URL提供JSP扩展>大写。> > > ED_PRI - 2000 - 0498 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0499 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000612 BEA WebLogic JSP showcode脆弱性>参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm>参考:报价:1328 >参考:网址:http://www.securityfocus.com/bid/1328> > BEA WebLogic允许远程攻击者视图JSP >程序的源代码通过请求URL提供JSP扩展上>的情况。> > > ED_PRI - 2000 - 0499 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0502 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000607 Mcafee提醒DOS脆弱性>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html>参考:报价:1326 >参考:网址:http://www.securityfocus.com/bid/1326> > Mcafee VirusScan 4.03不适当限制警报>文本文件发送到中央警报服务器之前,它允许>本地用户以任意方式修改警报。> > > ED_PRI - 2000 - 0502 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0503 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000606 IE 5满足安全漏洞使用IFRAME和WebBrowser控制>参考:网址:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0154.html>参考:报价:1311 >参考:网址:http://www.securityfocus.com/bid/1311> > IFRAME的浏览器Internet Explorer 5.01允许远程攻击者>违反十字架架安全策略通过> NavigateComplete2事件。> > > ED_PRI - 2000 - 0503 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0508 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000608远程linux中DOS rpc。lockd >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html>参考:报价:1372 >参考:网址:http://www.securityfocus.com/bid/1372> > rpc。lockd在Red Hat Linux 6.1和6.2允许远程攻击者>引起拒绝服务通过一个畸形的请求。> > > ED_PRI - 2000 - 0508 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0516 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000606湿婆Access Manager 5.0.0明文LDAP根密码。>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html>参考:报价:1329 >参考:网址:http://www.securityfocus.com/bid/1329> >当配置配置信息存储在LDAP >目录,湿婆Access Manager 5.0.0存储根DN >(专有名称)名和密码明文>世界可读的文件,它允许本地用户妥协LDAP服务器>。> > > ED_PRI - 2000 - 0516 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0520 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000630 CONECTIVA LINUX安全公告-转储>参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96240393814071&w=2>参考:MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11880>参考:报价:1330 >参考:网址:http://www.securityfocus.com/bid/1330> >缓冲区溢出在早些时候恢复程序0.4 b17和转储包>允许本地用户执行任意命令通过一个长带子的名字。> > > ED_PRI - 2000 - 0520 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0522 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000608潜在的DoS攻击RSA的ACE /服务器>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c 3 c206960 050010美元ac@xtranet.co.uk>参考:报价:1332 >参考:网址:http://www.securityfocus.com/bid/1332> > RSA ACE /服务器允许远程攻击者通过>洪水导致拒绝服务服务器的身份验证请求端口与UDP数据包,>导致服务器崩溃。> > > ED_PRI - 2000 - 0522 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0523 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻/ CF / MP / SA / /未知>参考:BUGTRAQ: 20000606 MDMA咨询# 6:EServ日志堆溢出漏洞>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html>参考:报价:1315 >参考:网址:http://www.securityfocus.com/bid/1315> >缓冲区溢出的日志功能EServ 2.9.2 >早些时候允许攻击者通过长MKD >命令执行任意命令。> > > ED_PRI - 2000 - 0523 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0526 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609 (S0ftPj Mailstudio2000 CGI漏洞。4]>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html>参考:报价:1335 >参考:网址:http://www.securityfocus.com/bid/1335> > mailview。2.0和更早的2000年MailStudio cgi cgi程序允许远程攻击者读取任意文件>通过. .(点点)攻击。> > > ED_PRI - 2000 - 0526 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0527 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609 (S0ftPj Mailstudio2000 CGI漏洞。4]>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html>参考:报价:1335 >参考:网址:http://www.securityfocus.com/bid/1335> > userreg。cgi cgi程序2.0和更早的2000年MailStudio允许远程攻击者通过shell执行任意命令> >元字符。> > > ED_PRI - 2000 - 0527 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0535 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:FREEBSD: FreeBSD-SA-00:25 >参考:网址:http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html>参考:报价:1340 >参考:网址:http://www.securityfocus.com/bid/1340> > OpenSSL 0.9.4和OpenSSH FreeBSD不正确检查> /dev/random或/dev/urandom设备的存在,这是缺席>在FreeBSD Alpha系统中,导致他们产生弱键>可能更容易破碎。> > > ED_PRI - 2000 - 0535 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0542 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000612 ACC /爱立信底格里斯河会计失败>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html>参考:报价:1345 >参考:网址:http://www.securityfocus.com/bid/1345> >底格里斯河远程访问服务器之前11.5.4.22不正确记录>半径会计信息用户失败时最初的登录>认证但随后成功。> > > ED_PRI - 2000 - 0542 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0546 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html>参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt>参考:CERT: ca - 2000 - 11 >参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html>参考:CIAC: k - 051 >参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml>参考:报价:1338 >参考:网址:http://www.securityfocus.com/bid/1338> >缓冲区溢出在第4 Kerberos KDC程序允许远程攻击者>引起拒绝服务通过set_tgtkey > lastrealm变量函数。> > > ED_PRI - 2000 - 0546 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0547 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609安全顾问:多个拒绝服务漏洞KRB4 KDC >参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html>参考:确认:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt>参考:CERT: ca - 2000 - 11 >参考:网址:http://www.cert.org/advisories/ca - 2000 - 11. - html>参考:CIAC: k - 051 >参考:网址:http://ciac.llnl.gov/ciac/bulletins/k - 051. shtml>参考:报价:1338 >参考:网址:http://www.securityfocus.com/bid/1338> >缓冲区溢出在第4 Kerberos KDC程序允许远程攻击者>引起拒绝服务通过> process_v4 localrealm变量函数。> > > ED_PRI - 2000 - 0547 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0552 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000606 ICQ2000A ICQmail temparary互联网链接vulnearbility >参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html>参考:报价:1307 >参考:网址:http://www.securityfocus.com/bid/1307> > ICQwebmail客户机ICQ 2000创建一个世界可读期间临时>文件登录,不删除它,它允许本地用户>获取敏感信息。> > > ED_PRI - 2000 - 0552 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0554 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000608 DST2K0010: DoS &路径暴露弱点同乐会v2.60a >参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html>参考:报价:1320 >参考:网址:http://www.securityfocus.com/bid/1320> >同乐会允许远程攻击者获得的真实路径同乐会>目录通过translated_path隐藏表单字段。> > > ED_PRI - 2000 - 0554 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0555 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000608 DST2K0010: DoS &路径暴露弱点同乐会v2.60a >参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html>参考:报价:1320 >参考:网址:http://www.securityfocus.com/bid/1320> >同乐会允许远程攻击者通过>引起拒绝服务大量的POST请求。> > > ED_PRI - 2000 - 0555 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0558 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:NTBUGTRAQ: 20000608 DST2K0012: BufferOverrun在惠普Openview网络节点管理器v6.1 >参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html>参考:报价:1317 >参考:网址:http://www.securityfocus.com/bid/1317> >缓冲区溢出在惠普Openview网络节点管理器6.1允许远程攻击者> >执行任意命令通过报警服务(OVALARMSRV)在端口2345上。> > > ED_PRI - 2000 - 0558 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0559 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000607 SessionWall-3纸+(链接)代码>引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bso.4.21.0006072124320.28062 - 100000 @bearclaw.bogus.net>参考:报价:1341 >参考:网址:http://www.securityfocus.com/bid/1341> >入侵检测系统(原SessionWall-3)使用弱>加密(XOR)来存储管理密码在注册表中,>本地用户可以轻松地解密密码。> > > ED_PRI - 2000 - 0559 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0563 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000609安全漏洞中发现URLConnection MRJ和IE的Mac OS (Re:再现老IE安全漏洞)>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html>参考:BUGTRAQ: 20000513 Re:再现老IE安全缺陷>参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-8&msg=391C95DE2DA.5E3BTAKAGI@java-house.etl.go.jp>参考:报价:1336 >参考:网址:http://www.securityfocus.com/bid/1336> >在MacOS URLConnection函数运行时Java (MRJ) 2.1和更早>和MacOS微软虚拟机(VM)允许恶意>网站操作符连接到任意主机使用HTTP重定向,违反Java安全模型。> > > ED_PRI - 2000 - 0563 3 > > >投票:接受> > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = >候选人:- 2000 - 0565 >发表:>最终决定:>阶段性裁决::>修改>提出:20000712 >分配:20000711 >类别:科幻小说>参考:BUGTRAQ: 20000613 SmartFTP守护进程v0.2 Beta 9 -远程利用>参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html>参考:报价:1344 >参考:网址:http://www.securityfocus.com/bid/1344> > SmartFTP守护进程0.2允许本地用户访问>上传任意文件,指定另一个用户配置文件通过> . .(点点)攻击。> > > ED_PRI - 2000 - 0565 3 > > >投票:接受,以利亚利维SecurityFocus.comhttp://www.securityfocus.com/如果那么,对位小独木船