【投票】morevotes - 1999 b:候选人从1999年需要一个投票

以下20个候选人更需要一个接受投票。如果你能帮忙,感谢。有4个其他消息类似于这个,用不同的候选人。随意选择一个随机,如果你没有时间进行投票。强烈喜欢得到你的票,10月9日。谢谢你,史蒂夫的总结票使用(按升序的“严重性”)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-1999-0759 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0759最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990913许多窗户的POP3 / SMTP服务器软件缓冲区溢出缺陷参考:报价:634参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=634缓冲区溢出通过长FuseMAIL流行服务用户和通过命令。推断行动:- 1999 - 0759 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: fuseware-popmail-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0776网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0776最终决定:阶段性裁决:修改:建议:19991214分配:19991125类别:科幻参考:NTBUGTRAQ: 19990506“. .”洞在阿里巴巴2.0参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533参考:XF: http-alibaba-dotdot阿里巴巴HTTP服务器允许远程攻击者读取文件通过一个. .(点点)攻击。推断行动:- 1999 - 0776 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(2)Stracener,弗雷希无操作(4)布莱克,勒布朗,Christey,科尔评论:Christey >这个候选人是由供应商未经证实的。阿恩Vidstrom代传。布莱克>我想改变我的这个从接受到等待投票。我做了一些挖掘厂商似乎已经停止了产品,所以没有信息可以超越阿恩的文章。除非安德烈的存档一份,可以测试它,我认为我们必须离开它。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0787网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0787最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:报价:660参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=660SSH身份验证代理遵循符号链接通过UNIX域套接字。推断行动:- 1999 - 0787 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:修改(2)Stracener弗雷希无操作(1)Ozancin评论:Stracener >添加裁判:BUGTRAQ: 19990924 (Fwd真相ssh 1.2.27脆弱性):法国人> XF: ssh-socket-auth-symlink-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0788网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0788最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:报价:662参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=662Arkiea nlservd允许远程攻击者进行拒绝服务。推断行动:- 1999 - 0788 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:修改(2)Stracener,法国人评论:Stracener >添加裁判:BUGTRAQ: 19990923多个供应商诺克斯Arkiea本地根/远程DoS弗雷希> XF: arkiea-backup-nlserverd-remote-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0791网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0791最终决定:阶段性裁决:修改:20000202 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19991006 KSR [T]报告# 012:混合网络的电缆调制解调器参考:KSRT: 012混合网络电缆调制解调器不包括政府的认证机制,允许远程攻击者妥协系统通过HSMP协议。修改:ADDREF BUGTRAQ: 19991006 KSR [T]报告# 012:混合网络的电缆调制解调器的行动:- 1999 - 0791 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:修改(2)Stracener弗雷希无操作(1)Christey评论:Stracener >添加裁判:BUGTRAQ: 19991006 KSR [T]报告# 012:混合网络的电缆调制解调器弗雷希> XF: hybrid-anon-cable-modem-reconfig Christey > ADDREF报价:695网址:http://www.securityfocus.com/vdb/bottom.html?vid=695投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0801网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0801最终决定:阶段性裁决:修改:建议:19991222分配:19991125类别:科幻参考:XF: bmc-patrol-frames参考:BUGTRAQ: 19990409巡逻安全漏洞BMC巡逻允许远程攻击者获得一个代理欺骗帧。推断行动:- 1999 - 0801 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(2)Stracener,法国人投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0873网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0873最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:报价:759参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=759缓冲区溢出在Skyfull通过邮件从邮件服务器命令。推断行动:- 1999 - 0873 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: skyfull-mail-from-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0904网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0904最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991103远程DoS攻击BFTelnet服务器v1.1 Windows NT参考:报价:771参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=771缓冲区溢出BFTelnet允许远程攻击者造成拒绝服务通过用户名。推断行动:- 1999 - 0904 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: bftelnet-username-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0912网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0912最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990921 FreeBSD-specific拒绝服务引用:报价:653参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=653FreeBSD VFS缓存(vfs_cache)允许本地用户造成拒绝服务通过开放大量的文件。推断行动:- 1999 - 0912 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Ozancin评论:弗雷希> XF: freebsd-vfscache-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0919网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0919最终决定:阶段性裁决:修改:20000313 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19980510安全漏洞在摩托罗拉CableRouters参考:网址:http://www.netspace.org/cgi-bin/wa?A2=ind9805B&L=bugtraq&P=R1621参考:XF: motorola-cable-crash内存泄漏在摩托罗拉CableRouter允许远程攻击者进行拒绝服务通过大量的telnet连接。修改:ADDREF XF: motorola-cable-crash推断行动:- 1999 - 0919 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(3)Christey,勒布朗,Stracener评论:Christey >这个候选人是由供应商未经证实的。弗雷希> XF: motorola-cable-crash投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0921网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0921最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990409巡逻安全漏洞BMC巡逻允许任何远程攻击者淹没了UDP端口,导致拒绝服务。推断行动:- 1999 - 0921 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: bmc-patrol-udp-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0927网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0927最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:达:AD05261999 NTMail允许远程攻击者读取任意文件通过一个. .(点点)攻击。推断行动:- 1999 - 0927 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: ntmail-fileread投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0928网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0928最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990525缓冲区溢出SmartDesk WebSuite v2.1缓冲区溢出在SmartDesk WebSuite允许远程攻击者通过一个长URL引起拒绝服务。推断行动:- 1999 - 0928 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: websuite-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0930网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0930最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19980903 wwwboard。pl脆弱性wwwboard允许远程攻击者删除留言板文章通过一个畸形的论点。推断行动:- 1999 - 0930 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: http-cgi-wwwboard投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0942网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0942最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991005上海合作组织UnixWare 7.1本地根利用UnixWare dos7utils允许本地用户获得根权限使用STATICMERGE环境变量来找到一个脚本执行。推断行动:- 1999 - 0942 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Ozancin评论:弗雷希> XF: sco-unixware-dos7utils-root-privs投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0946网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0946最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991102一些漏洞赢/ UNIX软件参考:报价:760参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=760通过文本缓冲区溢出在雅马哈MidiPlug变量一个嵌入标记。推断行动:- 1999 - 0946 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: yamaha-midiplug-embed投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0954网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0954最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:CF参考:BUGTRAQ: 19990916更多的乐趣与WWWBoard参考:报价:649参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=649WWWBoard有一个默认的用户名和默认密码。推断行动:- 1999 - 0954 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: http-cgi-wwwboard-default投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0968网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0968最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19981226 bnc利用缓冲区溢出bnc IRC代理允许远程攻击者获得特权。推断行动:- 1999 - 0968 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener修改(1)法国人评论:弗雷希> XF: bnc-proxy-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0971网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0971最终决定:阶段性裁决:修改:建议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19970722安全漏洞进出口1.62:本地根利用缓冲区溢出进出口允许本地用户获得根权限通过长:包括:选择在forward格式文件。推断行动:- 1999 - 0971 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)Ozancin评论:弗雷希> XF: exim-include-overflow投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1004网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1004最终决定:阶段性裁决:修改:建议:19991222分配:19991221类别:科幻参考:BUGTRAQ: 19991217 NAV2000邮件保护DoS参考:诺顿BUGTRAQ: 19991220电子邮件保护远程溢出(附录)缓冲区溢出的POP服务器POProxy诺顿反病毒保护NAV2000程序通过一个庞大的用户命令。推断行动:- 1999 - 1004 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(2)墙,科尔评论:弗雷希> XF: nav-pop-user投票: