【投票】morevotes - 1999 a:候选人从1999年需要一个投票

以下候选人23只需要一个接受投票。如果你能帮忙,感谢。有4个其他消息类似于这个,用不同的候选人。随意选择一个随机,如果你没有时间进行投票。强烈喜欢得到你的票,10月9日。谢谢你,史蒂夫的总结票使用(按升序的“严重性”)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-1999-0114 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0114最终决定:阶段性裁决:修改:20000106 - 01提议:19990714分配:19990607类别:科幻参考:BUGTRAQ: 19990912榆树过滤程序参考:BUGTRAQ: 19951226过滤器(榆树包)安全漏洞参考:XF: elm-filter2本地用户可以像其他用户执行命令,并阅读其他用户的文件,通过过滤器命令榆榆- 2.4邮件包中使用符号链接攻击。修改:ADDREF XF: elm-filter2 ADDREF BUGTRAQ: 19951226(榆树包)的安全漏洞ADDREF BUGTRAQ过滤:19990912榆树过滤程序的行动:- 1999 - 0114 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Shostack弗伦奇等待修改(1)(2)墙,Northcutt评论:弗雷希> XF: elm-filter2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0193网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0193最终决定:阶段性裁决:修改:建议:19990714分配:19990607类别:科幻拒绝服务提升和3 com的路由器,可以通过发送一个零长度的TCP选项重新启动。推断行动:- 1999 - 0193 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(2)Shostack Northcutt等待弗伦奇评论(1):法国人>可能XF: ascend-kill我找不到参考列出两个路由器在同一参考。改变>[弗雷希改变投票从审查到等待]弗雷希>不能调和我们的数据库没有进一步引用。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0213网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0213最终决定:阶段性裁决:修改:建议:19990630分配:19990607类别:科幻libnsl在Solaris中允许攻击者rpcbind执行拒绝服务。推断行动:- 1999 - 0213 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)希尔弗伦奇等待修改(1)(1)默评论:弗雷希> XF: sun-libnsl投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0248网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0248最终决定:阶段性裁决:修改:建议:19990728分配:19990607类别:科幻sshd 1.2.17可以通过SSH妥协协议。推断行动:- 1999 - 0248 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Northcutt修改(1)Shostack等待(1)法国人评论:Shostack >http://oliver.efri.hr/的crv /安全/错误/ mUNIXes / ssh2.html我看起来是正确的信息,来自俄罗斯少女组合。有评论的更新日志:*改进的安全auth_input_request_forwarding ()。我不赞成这种前进没有额外的细节,但想我添加一个确认URL和评论。我们有足够的细节来作为CVE接受它。弗雷希>试http://www.uni-karlsruhe.de/ ~ ig25 / ssh-faq html / ssh -常见问题- 6. # ss6.1;智慧(见星号部分):……* * * * *之前版本的ssh 1.2.17身份验证代理处理一些机器上的问题。有机会(竞争条件),恶意用户可能会偷另一个用户的凭证。这应该是固定在1.2.17。* * * * *投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0253网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0253最终决定:阶段性裁决:修改:2000106 - 01提议:19990623分配:19990607类别:科幻参考:XF: http-iis-2e参考:L0PHT: 19970319 IIS 3.0 iis-fix热修复补丁安装允许远程入侵者阅读源代码ASP程序通过使用% 2 e代替。(点)的URL。推断行动:- 1999 - 0253 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(2)抑郁症,Northcutt等待(2)普罗塞,Christey评论:Christey >这是一个问题后,介绍了与以前的点缺陷与iis-fix热补丁修补(见可以- 1999 - 0154)。由于引入的热修复补丁问题,这应该被视为一个seaprate问题。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0283网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0283最终决定:阶段性裁决:修改:19991203 - 01提议:19990623分配:19990607类别:科幻参考:BUGTRAQ: 19970716可视.jhtml源与JavaWebServer Java Web服务器将允许远程用户获得CGI程序的源代码。修改:ADDREF BUGTRAQ: 19970716可视.jhtml源与JavaWebServer DESC增加描述包括.jhtml推断行动:- 1999 - 0283 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)布莱克,Northcutt等待(1)普罗塞回顾(1)弗雷希投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0286网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0286最终决定:阶段性裁决:修改:建议:19990714分配:19990607类别:科幻小说在某些NT web服务器,一个URL的末尾附加空间可能允许攻击者阅读活动页面的源代码。推断行动:- 1999 - 0286 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)Shostack修改(1)墙无操作(2)Christey, Northcutt回顾(1)法国人评论:墙>在某些NT web服务器,添加一个点一个URL的末尾可能允许攻击者阅读活动页面的源代码。来源:知识库文章Q163485女士——“活动服务器页面脚本出现在浏览器”弗雷希>同时,重述描述为“Windows NT”(商标问题)Christey > Q163485并不指空间,它指一个点。然而,我没有其他的引用。点附加的阅读源代码可以- 1999 - 0154,将提出。后续的错误类似于点缺陷可以- 1999 - 0253。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0345网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0345最终决定:阶段性裁决:修改:建议:19990728分配:19990607类别:科幻震动ICMP引起拒绝服务攻击在Windows 95和Windows NT系统。推断行动:- 1999 - 0345 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:修改(2)抑郁症,墙壁无操作(2)Northcutt, Christey评论:墙>无效ICMP数据报碎片引起拒绝服务在Windows 95和Windows NT系统。参考:Q154174。震动也被称为春,ICMP错误,Icenewk,萍的死亡。这是一个修改过的泪珠2攻击。弗雷希> XF: nt-ssping ADDREF XF: ping-death ADDREF XF: teardrop-mod ADDREF XF: mpeix-echo-request-dos Christey >我不能告诉震动是否利用:http://www.securityfocus.com/templates/archive.pike?list=1&date=1997 - 06 - 28 - &msg=pine.bsf.3.95q.970629163422.3264a - 200000 @apollo.tomco.net利用任何不同的缺陷比泪珠。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0360网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0360最终决定:阶段性裁决:修改:20000530 - 01提议:19990623分配:19990607类别:科幻参考:BUGTRAQ: 19990130安全顾问Internet Information Server 4网站参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91763097004101&w=2参考:NTBUGTRAQ: Jan29, 1999 MS网站服务器与IIS 2.0 4可以允许用户上传的内容,包括ASP,目标网站,从而让他们远程执行命令。修改:CHANGEREF BUGTRAQ(规范化)推断行动:- 1999 - 0360 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)Northcutt,墙壁无操作(2)普罗塞,Christey回顾(1)法国人评论:Christey >我找不到原始BUGTRAQ发布(mnemonix似乎发现了问题)。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0380网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0380最终决定:阶段性裁决:修改:建议:19990726分配:19990607类别:科幻参考:BUGTRAQ: 19990225警报:SLMail 3.2(3.1)与远程管理服务引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91996412724720&w=2参考:报价:497参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=497SLMail 3.2或3.1允许本地用户访问任何文件在NTFS文件系统启用远程管理服务(RAS)时。推断行动:- 1999 - 0380 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)Ozancin,墙回顾(1)弗雷希投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0381网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0381最终决定:阶段性裁决:修改:建议:19990726分配:19990607类别:科幻参考:BUGTRAQ: 19990225超级缓冲区溢位参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.3.96.990225011801.12757a @eleet——100000参考:XF: linux-super-logging-bo参考:报价:342参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=342超级3.11.6和其他版本有一个缓冲区溢出的syslog工具允许本地用户获得根访问。(过时的)修改:DELREF SEKURE CHANGEREF BUGTRAQ(规范化)推断行动:- 1999 - 0381 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(2)Ozancin,弗雷希无操作(2)Christey,墙评论:Christey >这是cve - 1999 - 0373的一样吗?他们都有相同的X-Force参考。报价:342表明有两个女人。http://www.debian.org/security/1999/19990215a表明,有两个女人。然而,cve - 1999 - 0373写的太一般的时尚;和XF: linux-super-bo和XF: linux-super-logging-bo指cve - 1999 - 0373。cve - 1999 - 0373可能需要分裂。弗雷希>我可以推测,空间站原咨询(附加linux-super-bo)发布,Sekure SDI扩大通过释放另一个相关的溢出syslog (linux-super-logging-bo)。当我最初分配这些问题,我把XF引用和空间站顾问在-0373年的候选人,因为没有其他可用的。根据上面的信息,我要求XF: linux-super-logging-bo被删除从cve - 1999 - 0373。Christey >给安德烈的反馈,这些都是不同的问题。CVE - 1999 - 0373不需要分裂,因为国际空间站参考足以区分,从这个候选人CVE;然而,cve - 1999 - 0373的描述应该被修改。 VOTE: ====================================================== Candidate: CAN-1999-0393 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0393最终决定:阶段性裁决:修改:20000106 - 01提议:19990728分配:19990607类别:科幻参考:BUGTRAQ: 19981212 * * Sendmail 8.9.2 DoS——利用* *得到你想要的!参考:XF: sendmail-parsing-redirection远程攻击者可以在Sendmail 8.8中引起拒绝服务。x和8.9.2通过与大量的发送消息头。修改:ADDREF XF: sendmail-parsing-redirection CHANGEREF BUGTRAQ[日期更改为19981212]ADDREF BUGTRAQ: 19990121 Sendmail 8.8.x / 8.9。x bugware推断行动:- 1999 - 0393 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:弗伦奇等待修改(1)(1)Christey评论:弗雷希>我假设参考:BUGTRAQ: Dec12 1999不是证明的CVE预见到未来的事件。这个引用应该12/12/98。ADDREF XF: sendmail-parsing-redirection Christey >这个问题在BUGTRAQ承认:19990121 Sendmail 8.8.x / 8.9。x bugware网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0429网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0429最终决定:阶段性裁决:修改:建议:19990726分配:19990607类别:CF参考:BUGTRAQ: Mar23, 1999参考:XF: lotus-client-encryption Lotus Notes 4.5客户机可以发送加密邮件的副本的清晰的在网络中如果用户不设置“加密保存邮件”的偏好。推断行动:- 1999 - 0429 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(2)Ozancin,弗雷希无操作(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0440网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0440最终决定:阶段性裁决:修改:建议:19990726分配:19990607类别:科幻参考:BUGTRAQ: Apr4, 1999参考:XF: java-unverified-code字节码校验器组件的Java虚拟机(JVM)允许通过恶意网页远程执行。推断行动:- 1999 - 0440 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)Ozancin,弗雷希回顾(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0492网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0492最终决定:阶段性裁决:修改:建议:19990726分配:19990607类别:科幻参考:BUGTRAQ: Apr23 1999 ffingerd 1.19允许远程攻击者识别用户在目标系统上基于其反应。推断行动:- 1999 - 0492 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)Northcutt修改(1)Shostack回顾(1)法国人评论:Shostack >不是手指应该做什么?投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0495网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0495最终决定:阶段性裁决:修改:建议:19990728分配:19990607类别:科幻远程攻击者可以访问一个文件系统使用. .(点点)当访问SMB股票。推断行动:- 1999 - 0495 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Northcutt修改(1)法国人评论:弗雷希> XF: nb-dotdotknown(837)参考,我们将不胜感激。我们没有参考这个问题;信心评级结果低。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0671网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0671最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:报价:572参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=572缓冲区溢出在ToxSoft NextFTP客户机通过命令慢性消耗性疾病。推断行动:- 1999 - 0671 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:修改(2)抑郁症,Stracener评论:Stracener > AddRef: ShadowPenguinSecurity: PenguinToolbox,没有。035年法国人> XF: toxsoft-nextftp-cwd-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0672网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0672最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:报价:573参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=573缓冲区溢出在富士通Chocoa IRC客户机通过IRC频道主题。推断行动:- 1999 - 0672 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:修改(2)抑郁症,Stracener评论:Stracener > AddRef: ShadowPenguinSecurity: PenguinToolbox,没有。036年法国人> XF: fujitsu-topic-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0673网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0673最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:报价:574参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=574通过从缓冲区溢出在ALMail32 POP3客户:或:头。推断行动:- 1999 - 0673 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:修改(2)抑郁症,Stracener评论:Stracener > AddRef: ShadowPenguinSecurity: PenguinToolbox,没有。037年法国人> XF: almail-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0675网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0675最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:报价:576参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=576防火墙1可以受到拒绝服务通过UDP数据包发送VPN-1主机的端口0。推断行动:- 1999 - 0675 MOREVOTES-1(2接受0 ack, 1审查)目前投票:修改(2)弗雷希科尔等待(1)Christey回顾(1)Stracener评论:科尔>这只发生在VPN用于传输的数据包支持ISAKMP加密。弗雷希> XF: checkpoint-port修改描述改为“检查防火墙1……”Christey >http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.9908051851320.8871 @area51——100000投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0679网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0679最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990813 w00w00 efnet的ircd咨询(包括利用)参考:报价:581参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=581缓冲区溢出在hybrid-6 IRC服务器常用EFnet允许远程攻击者通过m_invite邀请选项执行命令。推断行动:- 1999 - 0679 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: hybrid-ircd-minvite-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0697网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0697最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990908上海合作组织5.0.5 /bin/doctor噩梦参考:报价:621参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=621上海合作组织医生允许本地用户通过一个工具选项获得根权限。推断行动:- 1999 - 0697 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Ozancin评论:弗雷希> XF: sco-doctor-execute投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0698网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0698最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻拒绝服务的IP协议日志记录器(ippl) Red Hat和Debian Linux。推断行动:- 1999 - 0698 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)Ozancin弗伦奇等待修改(1)(1)Christey回顾(1)Stracener评论:Stracener >是指的候选人拒绝服务问题中提到的以前版本的更新日志1.4.3-1还是属于一些问题或1.4.8-1吗?弗雷希>根据版本,这可能是任意数量的剂量与ippl有关。从http://www.larve.net/ippl/:1999年4月9日:3版本发布,正确地解决一个潜在的拒绝服务攻击。1999年4月7日:版本1.4.2释放,解决潜在的拒绝服务攻击。XF: linux-ippl-dos Christey >更新日志:http://pltplp.net/ippl/docs/HISTORY见注释3版本1.4.2和另一个来源:http://freshmeat.net/万博下载包news/1999/04/08/923586598.html投票: