19[最终]接受遗产的候选人

我做出了最后决定接受以下候选人。这些候选人现在分配CVE名称如下表示。所得的CVE条目将在不久的将来公布CVE的一个新版本。投票和评论细节的末尾提供了这份报告。——史蒂夫候选人CVE的名字- - - - - - - - - - - - - - - - - - - - - - - - 1999 - 0378 CVE - 1999 - 0378 - 1999 - 0387 CVE - 1999 - 0387 - 1999 - 0415 CVE - 1999 - 0415 - 1999 - 0416 CVE - 1999 - 0416 - 1999 - 0959 CVE - 1999 - 0959 - 2000 - 0352 CVE - 2000 - 0352 - 2000 - 0353 CVE - 2000 - 0353 - 2000 - 0354 CVE - 2000 - 0354 - 2000 - 0356 CVE - 2000 - 0356 - 2000 - 0359 CVE - 2000 - 0359 - 2000 - 0360 CVE - 2000 - 0360 - 2000 - 0361 CVE - 2000 - 0361 - 2000 - 0362 CVE - 2000 - 0362 - 2000 - 0363 CVE - 2000 - 0363 - 2000 - 0367 CVE - 2000 - 0367 - 2000 - 0370 CVE - 2000 - 0370 - 2000 - 0371 CVE - 2000 - 0371 - 2000 - 0372 CVE - 2000 - 0372 - 2000 - 0373 CVE - 2000 - 0373 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0378:最终决定:20000712阶段性裁决:20000707修改:20000106 - 01提议:19990728分配:19990607类别:科幻参考:BUGTRAQ: 19990222而言,咨询——内扫描VirusWall参考:BUGTRAQ: 19990225块的内扫描VirusWall Unix可以参考:XF: viruswall-http-request内扫描VirusWall Solaris不文件进行病毒扫描当一个HTTP请求包含两个命令。修改:ADDREF XF: viruswall-http-request ADDREF BUGTRAQ: 19990225块的内扫描VirusWall为Unix可以推断行动:可以最终- 1999 - 0378(20000712)最终决定当前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: viruswall-http-request = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0387:最终决定:20000712阶段性裁决:20000707修改:20000626 - 02年提议:19990728分配:19990607类别:科幻参考:女士:ms99 - 052参考:网址:http://www.microsoft.com/technet/security/bulletin/ms99 - 052. - asp参考:MSKB: Q168115参考:报价:829参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=829参考:XF: 9 x-plaintext-pwd遗留凭证缓存机制用于Windows 95, Windows 98系统允许攻击者读取明文网络密码。修改:ADDREF女士:ms99 - 052 ADDREF MSKB: Q168115 ADDREF报价:829 ADDREF XF: 9 x-plaintext-pwd推断行动:可以最终- 1999 - 0387(20000712)最终决定当前投票:接受(1)征收弗伦奇等待修改(1)(3)Christey,墙,科尔评论:弗雷希>术语“遗产”是模糊的,可以解释。需要建立这个漏洞的引用。Christey >添加参考文献。有趣的是,这个候选人是安排6月7日,1999年,但没有引用到微软咨询11月下旬。我失去了原来的参考。弗雷希> XF: 9 x-plaintext-pwd = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0415:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:19990623分配:19990607类别:科幻参考:国际空间站:19990311远程重构和拒绝服务漏洞700年思科ISDN路由器参考:思科:19990311思科7 xx TCP和HTTP漏洞参考:网址:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml参考:CIAC: j - 034参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 034. shtml参考:XF: cisco-router-commands参考:XF: cisco-web-config思科7中的HTTP服务器xx系列路由器3.2到4.2在缺省情况下是启用的,它允许远程攻击者改变路由器的配置。修改:ADDREF思科:19990311思科7 xx TCP和HTTP漏洞ADDREF CIAC: j - 034 ADDREF XF: cisco-router-commands ADDREF XF: cisco-web-config CHANGEREF ISS(规范化)DESC重述推断行动:可以最终- 1999 - 0415(20000712)最终决定当前投票:接受(1)Stracener修改(2)抑郁症,Christey评论:弗雷希>参考:国际空间站:March11, 1999(符合集群1 - 1999 - 0008)XF: cisco-router-commands XF: cisco-web-config Christey > ADDREF思科:19990311思科7 xx TCP和HTTP URL漏洞:http://www.cisco.com/warp/public/770/7xxconn-pub.shtmlADDREF CIAC: j - 034 ADDREF URL:http://ciac.llnl.gov/ciac/bulletins/j - 034. shtml考虑这样的描述:HTTP服务器在思科7 xx系列路由器3.2到4.2在缺省情况下是启用的,它允许远程攻击者改变路由器的配置。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0416:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:19990623分配:19990607类别:科幻参考:国际空间站:19990311远程重构和拒绝服务漏洞700年思科ISDN路由器参考:思科:19990311思科7 xx TCP和HTTP漏洞参考:网址:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml参考:CIAC: j - 034参考:网址:http://ciac.llnl.gov/ciac/bulletins/j - 034. shtml参考:XF: cisco-web-crash脆弱性在思科7 xx系列路由器允许远程攻击者导致系统重新加载通过TCP连接到路由器的TELNET端口。修改:ADDREF思科:19990311思科7 xx TCP和HTTP漏洞ADDREF CIAC: j - 034 ADDREF XF: cisco-web-crash CHANGEREF ISS(规范化)DESC重述推断行动:可以最终- 1999 - 0416(20000712)最终决定当前投票:接受(1)Stracener修改(2)抑郁症,Christey评论:弗雷希>参考:国际空间站:March11, 1999 XF: cisco-web-crash Christey > ADDREF思科:19990311思科7 xx TCP和HTTP的漏洞http://www.cisco.com/warp/public/770/7xxconn-pub.shtmlADDREF CIAC: j - 034http://ciac.llnl.gov/ciac/bulletins/j - 034. shtml考虑这样的描述:脆弱性在思科7 xx系列路由器允许远程攻击者导致系统重新加载通过TCP连接到路由器的TELNET端口。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 1999 - 0959:最终决定:20000712阶段性裁决:20000707修改:20000626 - 01提议:19991208分配:19991208类别:科幻参考:AUSCERT: aa - 97 - 05参考:SGI: 19980301 - 01 - px参考:XF: irix-startmidi-file-creation IRIX startmidi程序允许本地用户修改任意文件通过一个符号链接攻击。修改:ADDREF XF: irix-startmidi-file-creation DESC删除stopmidi推断行动:可以最终- 1999 - 0959(20000712)最终决定当前投票:接受(5)科尔,Ozancin,普罗塞,Stracener,贝弗伦奇等待修改(1)(2)阿姆斯特朗,Christey评论:弗雷希> XF: irix-startmidi-file-creation Christey >看来CD: SF-EXEC应用在这里,但错误只是在startmidi stopmidi。所以摆脱stopmidi描述。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0352:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:BUGTRAQ: 19991117松:扩大env var URL(似乎是固定的4.21)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.9911171818220.12375 - 100000 @ray.compu aid.com参考:火山口:综援- 1999 - 036.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 036.0.txt参考:SUSE: 19991227安全漏洞在松树< 4.21参考:网址:http://www.suse.de/de/support/security/suse_security_announce_36.txt参考:XF: pine-remote-exe参考:报价:810参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=810松前4.21版本不正确过滤shell元字符的URL,它允许远程攻击者执行任意命令通过一个畸形的URL。修改:ADDREF XF: pine-remote-exe推断行动:- 2000 - 0352最后(20000712)最终决定当前票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: pine-remote-exe = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0353:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html参考:SUSE: 19990628松4中执行的命令。x参考:网址:http://www.suse.de/de/support/security/suse_security_announce_6.txt参考:SUSE: 19990911更新松(固定IMAP支持)参考资料:网址:http://www.suse.de/de/support/security/pine_update_announcement.txt参考报价:1247参考:XF: pine-lynx-execute-commands松4。x允许远程攻击者通过索引执行任意命令。html文件执行猞猁和获得一个uudecoded文件从一个恶意的web服务器,然后执行的松树。修改:ADDREF报价:1247 ADDREF XF: pine-lynx-execute-commands推断行动:可以最终- 2000 - 0353(20000712)最终决定当前投票:接受(2)Stracener,莱维弗伦奇等待修改(1)(2)Christey,科尔评论:Christey > ADDREF报价:1247法国人> XF: pine-lynx-execute-commands = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0354:最终决定:20000712阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:BUGTRAQ: 19990928镜子2.9孔参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru参考:DEBIAN: 19991018错误的目录名称处理在镜子参考:网址:http://www.debian.org/security/1999/19991018参考:SUSE: 19991001安全漏洞在镜子参考:网址:http://www.suse.de/de/support/security/suse_security_announce_22.txt参考:报价:681参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=6812.8参考:XF: mirror-perl-remote-file-creation镜子。x在Linux系统允许远程攻击者创建文件一个级别高于当地的目标目录。最后推断行动:- 2000 - 0354(20000712)最终决定当前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0356:最终决定:20000712阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:REDHAT: RHSA-1999:040参考:网址:http://www.securityfocus.com/templates/advisory.html?id=1789参考:XF: linux-pam-nis-login参考:报价:697参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=697可插入的身份验证模块(PAM)在Red Hat Linux 6.1不正确锁禁用NIS账户的访问权限。最后推断行动:- 2000 - 0356(20000712)最终决定当前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0359:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:BUGTRAQ: 19991113 thttpd 2.04堆栈溢出(VD # 6)参考:网址:http://archives.neohapsis.com/archives/bugtraq/1626.html参考:SUSE: 19991116安全漏洞thttpd 1.90 - 2.04参考:网址:http://www.suse.de/de/support/security/suse_security_announce_30.txt参考:XF: thttpd-ifmodifiedsince-header-dos参考:报价:1248缓冲区溢出在琐碎的HTTP (THTTPd)允许远程攻击者造成拒绝服务或执行任意命令通过一个if - modified - since头。修改:ADDREF报价:1248 ADDREF XF: thttpd-ifmodifiedsince-header-dos推断行动:可以最终- 2000 - 0359(20000712)最终决定当前投票:接受(3)Stracener, Levy科尔弗伦奇等待修改(1)(1)Christey评论:Christey > ADDREF报价:1248法国人> XF: thttpd-ifmodifiedsince-header-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0360:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:SUSE: 19991124安全漏洞在旅店< = 2.2.1参考:网址:http://www.suse.de/de/support/security/suse_security_announce_34.txt参考:火山口:综援- 1999 - 038.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 038.0.txt参考:XF: inn-remote-dos参考:报价:1249在客栈2.2.1缓冲区溢出,早些时候允许远程攻击者通过恶意格式化导致拒绝服务。修改:ADDREF报价:1249 ADDREF XF: inn-remote-dos推断行动:可以最终- 2000 - 0360(20000712)最终决定当前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Christey评论:Christey > ADDREF报价:1249法国人> XF: inn-remote-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0361:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:SUSE: 19991214安全漏洞在wvdial < = 1.4参考:网址:http://www.suse.de/de/support/security/suse_security_announce_35.txt参考:XF: wvdial-gain-dialup-info PPP wvdial。lxdialog早些时候在wvdial 1.4和脚本创建一个. config文件与世界可读权限,dialout组的本地攻击者可以访问登录和密码信息。修改:ADDREF XF: wvdial-gain-dialup-info推断行动:- 2000 - 0361最后(20000712)最终决定当前票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: wvdial-gain-dialup-info = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0362:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:SUSE: 19991019安全漏洞在cdwtools < 093参考:网址:http://www.suse.de/de/support/security/suse_security_announce_25.txt参考:报价:738参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=738参考:XF:早在093年Linux cdwtools linux-cdda2cdr缓冲区溢出,允许本地用户获得根权限。修改:ADDREF XF: linux-cdda2cdr推断行动:- 2000 - 0362最后(20000712)最终决定当前票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: linux-cdda2cdr = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0363:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:SUSE: 19991019安全漏洞在cdwtools < 093参考:网址:http://www.suse.de/de/support/security/suse_security_announce_25.txt参考:报价:738参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=738参考:XF: linux-cdda2cdr Linux cdwtools 093年早些时候,允许本地用户获得根权限通过/ tmp目录。修改:ADDREF XF: linux-cdda2cdr推断行动:- 2000 - 0363最后(20000712)最终决定当前票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: linux-cdda2cdr = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0367:最终决定:20000712阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:DEBIAN: 19990218根利用eterm参考:网址:http://www.debian.org/security/1999/19990218参考:XF: linux-eterm脆弱性eterm 0.8.8在Debian Linux允许攻击者获得根权限。最后推断行动:- 2000 - 0367(20000712)最终决定当前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0370:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 001.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 001.0.txt参考报价:1268参考:XF: caldera-smail-rmail-command火山口Linux简讯邮件中的调试选项允许远程攻击者通过shell元字符执行命令的- d选项rmail命令。修改:ADDREF报价:1268 ADDREF XF: caldera-smail-rmail-command推断行动:可以最终- 2000 - 0370(20000712)最终决定当前投票:接受(2)Stracener,莱维弗伦奇等待修改(1)(2)Christey,科尔评论:Christey > ADDREF报价:1268网址:http://www.securityfocus.com/bid/1268弗雷希> XF: caldera-smail-rmail-command = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0371:最终决定:20000712阶段性裁决:20000707修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 005.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 005.0.txt参考报价:1269参考:XF: kde-mediatool libmediatool库用于KDE mediatool允许本地用户创建任意文件通过一个符号链接攻击。修改:ADDREF报价:1269推断行动:- 2000 - 0371最后(20000712)最终决定当前票:接受(2)Stracener,弗雷希无操作(1)Christey评论:Christey >报价:1269 ADDREF网址:http://www.securityfocus.com/bid/1269= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0372:最终决定:20000712阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 014.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 014.0.txt参考:XF: linux-rmt参考:网址:http://xforce.iss.net/static/2268.php脆弱性在火山口rmt在转储命令包0.4 b4允许本地用户获得根权限。最后推断行动:- 2000 - 0372(20000712)最终决定当前投票:接受(2)Stracener,法国人= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:可以发表- 2000 - 0373:最终决定:20000712阶段性裁决:20000707修改:建议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 015.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 015.0.txt参考:REDHAT: RHSA-1999:015-01参考:网址:http://www.redhat.com/support/errata/RHSA1999015_01.html参考:XF: kde-kvt参考:网址:http://xforce.iss.net/static/2266.php在KDE kvt终端程序漏洞允许本地用户获得根权限。最后推断行动:- 2000 - 0373(20000712)最终决定当前投票:接受(2)Stracener,抑郁症