【投票】morevotes - 2000 a:候选人从2000年需要一个投票

以下候选人30只需要一个接受投票。如果你能帮忙,感谢。有4个其他消息类似于这个,用不同的候选人。随意选择一个随机,如果你没有时间进行投票。强烈喜欢得到你的票,10月9日。谢谢你,史蒂夫的总结票使用(按升序的“严重性”)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-2000-0002 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0002最终决定:阶段性裁决:修改:20000501 - 01提议:20000111分配:20000111类别:科幻参考:NTBUGTRAQ: 19991223本地/远程缓冲区溢出漏洞在ZBServer 1.5 Pro版的Win98 / NT参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556参考:BUGTRAQ: 19991223本地/远程缓冲区溢出漏洞在ZBServer 1.5 Pro版的Win98 / NT参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2参考:BUGTRAQ: 20000128 1.50 ZBServer -r1x利用(WinNT)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es缓冲区溢出ZBServer Pro允许远程攻击者执行命令通过一个GET请求。修改:ADDREF BUGTRAQ: 20000128 1.50 ZBServer -r1x利用(WinNT)推断行动:- 2000 - 0002 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)阿姆斯特朗评论:弗雷希> XF: zbserver-get-bo改变>[阿姆斯特朗改变投票从审查到等待]投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0006网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0006最终决定:阶段性裁决:修改:建议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991225 strace可以撒谎strace允许本地用户读取任意文件通过内存映射文件的名字。推断行动:- 2000 - 0006 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Stracener弗伦奇等待修改(1)(1)阿姆斯特朗评论:弗雷希> XF: linux-strace投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0009网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0009最终决定:阶段性裁决:修改:建议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991230 bna, sh参考:报价:907参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=907bna_pass项目Optivity NETarchitect允许本地用户获得特权通过一个符号链接攻击。推断行动:- 2000 - 0009 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:修改(2)Stracener弗雷希无操作(1)阿姆斯特朗评论:Stracener >不是一个符号链接攻击。Descritpion应该重写。缩略图草图:1)脚本cd的/ tmp, 2)创建”。logincheck”(bna_pass试图删除这个文件通过调用“rm”), 3)“路径=。:" where the (dot) causes the PATH to first execute in the local environment, 4) "export PATH" resets the environment to the local dir (to /tmp via step 1), 5) a trojaned version of "rm" is created in /tmp such that when executed (due to the corrupted path environment) creates a setuid csh, 6) script executes "bna_pass". As a result of the ".:PATH" and its export,"bna_pass" uses /tmp and calls the trojaned "rm" = execution of code. Perhaps this description: "bna_pass program in Optivity NETarchitect allows local users to gain privileges via a trojaned version of rm." Frech> XF:netarchitect-path-vulnerability CHANGE> [Armstrong changed vote from REVIEWING to NOOP] VOTE: ====================================================== Candidate: CAN-2000-0027 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0027最终决定:阶段性裁决:修改:建议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991227 IBM NetStation / UnixWare本地根利用参考:报价:900参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=900IBM网络电台经理NetStation允许本地用户获得特权通过一个符号链接攻击。推断行动:- 2000 - 0027 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)Stracener,阿姆斯特朗回顾(1)弗雷希投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0056网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0056最终决定:阶段性裁决:修改:建议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000105本地/远程原产。年代袭击IMail WinNT IMONITOR服务器5.08版参考:报价:914参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=914IMail IMONITOR地位。cgi cgi脚本允许远程攻击者造成拒绝服务和许多status.cgi。推断行动:- 2000 - 0056 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受布莱克(1)修改(1)法国人评论:弗雷希> XF: imail-imonitor-status-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0090网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0090最终决定:阶段性裁决:修改:建议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000124 VMware 1.1.2符号链接漏洞参考:XF: linux-vmware-symlink参考:报价:943参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=943VMWare 1.1.2允许本地用户通过一个符号链接导致拒绝服务攻击。推断行动:- 2000 - 0090 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(2)抑郁症,科尔等待(1)墙投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0116网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0116最终决定:阶段性裁决:修改:建议:20000208分配:20000208类别:科幻参考:NTBUGTRAQ: 20000129“带脚本标记”FW-1可以绕过参考:BUGTRAQ: 20000129“带脚本标记”FW-1可以绕过防火墙1不适当过滤脚本标记,它允许远程攻击者绕过限制的“脱衣舞脚本标记”包括一个额外的<脚本标记的前面。推断行动:- 2000 - 0116 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(2)Christey,墙评论:Christey > ADDREF报价:954法国人> XF: http-script-bypass投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0127网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0127最终决定:阶段性裁决:修改:建议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000203 Webspeed安全问题参考:报价:969参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=969Webspeed配置程序不恰当地禁用访问WSMadmin实用程序,它允许远程攻击者获得特权。推断行动:- 2000 - 0127 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(2)Christey,墙评论:弗雷希> XF: webspeed-adminutil-auth Christey >网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003a01bf6ebf e867a0 $ 0 a1a90d8@eniac 25美元投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0128网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0128最终决定:阶段性裁决:修改:建议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000204“手指服务器”手指服务器0.82允许远程攻击者通过shell元字符执行命令。推断行动:- 2000 - 0128 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(1)墙评论:弗雷希> XF: finger-server-input同时,主人的网站(http://www.glazed.org/finger/)表明,版本0.83 beta是脆弱的。你应该做适当的修改描述。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0129网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0129最终决定:阶段性裁决:修改:建议:20000208分配:20000208类别:科幻参考:NTBUGTRAQ: 20000204本地/远程原产。年代袭击Serv-U ftp服务器v2.5b都/ WinNT脆弱性参考:BUGTRAQ: 20000204本地/远程原产。年代袭击Serv-U FTP服务器v2.5b都/ WinNT脆弱性参考:NTBUGTRAQ: 20000204 Windows Api SHGetPathFromIDList缓冲区溢位参考:BUGTRAQ: 20000204 Windows Api SHGetPathFromIDList缓冲区溢出缓冲区溢出的SHGetPathFromIDList函数Serv-U FTP服务器允许攻击者造成拒绝服务通过执行命令在畸形.lnk文件列表。推断行动:- 2000 - 0129 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)科尔弗伦奇审查修改(1)(1)墙评论:弗雷希> XF: win-shortcut-api-bo真正的问题似乎与Windows API调用,而不是Serv-U FTP应用。随着“Windows API SHGetPathFromIDList缓冲区溢出”参考,[错误可以]“导致任何处理快捷方式崩溃。”As a suggestion, rephrase the description from Windows's context, and state that the Serv-U FTP server is an example of an app that exhibits this problem. VOTE: ====================================================== Candidate: CAN-2000-0164 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0164最终决定:阶段性裁决:修改:20000321 - 01提议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000220太阳互联网邮件服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000 - 02 - 15 - &msg=pine.sol.4.21.0002200031320.22675 - 100000 @klayman.hq.formus.pl参考:报价:1004参考:网址:http://www.securityfocus.com/bid/1004太阳的安装互联网邮件服务器(SIMS)创建一个全局文件,允许本地用户获取密码。修改:ADDREF报价:1004推断行动:- 2000 - 0164 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(2)墙,勒布朗评论:弗雷希> XF: sims-temp-world-readable投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0166网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0166最终决定:阶段性裁决:修改:建议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000221本地/远程Exploiteable缓冲区溢出漏洞InterAccess TelnetD Server 4.0的Windows NT参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com参考:报价:995参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=995缓冲区溢出的InterAccess telnet服务器TelnetD允许远程攻击者执行命令通过一个漫长的登录名。推断行动:- 2000 - 0166 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(3)Christey,墙,勒布朗评论:Christey > BUGTRAQ: 20000223 USSRLabs报告编译指示系统响应是一个后续的供应商承认,这可能是一个问题在旧的构建,但不是现在。苏联的反应这一结论的问题。还看到:BUGTRAQ: 20000223本地/远程Exploiteable缓冲区溢出漏洞在InterAccess TelnetD (fwd)弗雷希> XF: interaccess-telnet-login-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0191网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0191最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000229 Infosec.20000229.axisstorpointcd。参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se参考:报价:1025参考:网址:http://www.securityfocus.com/bid/1025轴StorPoint CD允许远程攻击者访问管理员url没有身份验证通过。(点点)攻击。推断行动:- 2000 - 0191 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Ozancin弗伦奇等待修改(1)(4)墙,科尔,布莱克,勒布朗评论:弗雷希> XF: axis-storpoint-auth(4078)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0193网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0193最终决定:阶段性裁决:修改:建议:20000322分配:20000322类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000302 Corel Linux 1.0 dosemu默认配置:本地根vuln参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au参考:报价:1030参考:网址:http://www.securityfocus.com/bid/1030默认配置的Dosemu Corel Linux 1.0允许本地用户执行system.com程序和获得的特权。推断行动:- 2000 - 0193 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Ozancin弗伦奇等待修改(1)(4)墙,科尔,布莱克,勒布朗评论:弗雷希> XF: linux-dosemu-config(4066)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0227网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0227最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000323当地拒绝服务攻击Linux参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000323175509.A23709@clearway.com参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0254.html参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0272.html参考:报价:1072参考:网址:http://www.securityfocus.com/bid/1072参考:XF: linux-domain-socket-dos Linux 2.2。x内核并没有限制数量的Unix域套接字所定义的wmem_max paremeter,它允许本地用户造成拒绝服务通过请求大量的套接字。推断行动:- 2000 - 0227 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)抑郁症,科尔等待(1)Christey回顾(1)Magdych评论:Christey >修复错误:“paremeter”Magdych >我记得这个了…似乎有一些广泛利用的好坏参半的结果。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0237网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0237最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1参考:报价:1075参考:网址:http://www.securityfocus.com/bid/1075网景Enterprise Server启用了Web发布允许远程攻击者任意目录列表/出版商目录通过GET请求,它提供了一个Java小程序,允许攻击者浏览目录。推断行动:- 2000 - 0237 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)Magdych弗伦奇等待修改(1)(1)科尔评论:弗雷希> XF: netscape-webpublisher-invalid-access投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0238网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0238最终决定:阶段性裁决:修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000317 DoS NAVIEG参考:网址:http://www.securityfocus..com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us参考:XF: nav-email-gateway-dos参考:报价:1064参考:网址:http://www.securityfocus.com/bid/1064缓冲区溢出的web服务器诺顿杀毒软件对网络电子邮件网关允许远程攻击者通过一个长URL引起拒绝服务。推断行动:- 2000 - 0238 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(2)抑郁症,Magdych等待(2)Christey,科尔评论:Christey >删除额外的点在URL电脑. . com投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0257网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0257最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000418网络操作系统5.1 (server 5.00 h, 1999年12月11日)…参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0004171825340.10088 - 100000 @nimue.tpi.pl参考:报价:1118参考:网址:http://www.securityfocus.com/bid/1118缓冲区溢出的网络远程web管理实用程序允许远程攻击者造成拒绝服务或通过一个长URL执行命令。推断行动:- 2000 - 0257能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(1)墙评论:弗雷希> XF: netware-remote-admin-overflow描述,Novell的产品是网络。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0263网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0263最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 xfs参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html参考:报价:1111参考:网址:http://www.securityfocus.com/bid/1111X字体服务器xfs在Red Hat Linux 6。x允许攻击者通过畸形引起拒绝服务请求。推断行动:- 2000 - 0263能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(2)Christey,墙评论:弗雷希> XF: redhat-fontserver-dos潜在的欺骗:- 2000 - 0286:X fontserver xfs允许本地用户通过畸形引起拒绝服务输入到服务器。Christey >就像安德烈所观察到的那样,这是一个重复的可以- 2000 - 0286。- 2000 - 0286已经将被拒绝。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0273网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0273最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000409一个有趣的DOS pcANYWHERE8.0和9.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html参考:报价:1095参考:网址:http://www.securityfocus.com/bid/1095PCAnywhere允许远程攻击者造成拒绝服务之前终止连接PCAnywhere提供一个登录提示。推断行动:- 2000 - 0273 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)科尔弗伦奇等待修改(1)(1)Christey回顾(1)墙评论:Christey > ADDREF XF: pcanywhere-login-dos弗雷希> XF: pcanywhere-login-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0285网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0285最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 XFree86服务器溢出参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html缓冲区溢位XFree86 3.3。x允许本地用户执行任意命令通过一个长-xkbmap参数。推断行动:- 2000 - 0285能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(2)Christey,墙评论:Christey > ADDREF报价:1306法国人> XF: xfree86-xkbmap-parameter-bo(4867)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0289网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0289最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000327与Linux 2.2的安全问题。x IP伪装参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html参考:报价:1078参考:网址:http://www.securityfocus.com/bid/1078在Linux 2.2 IP伪装。x允许远程攻击者通过内部接口路由UDP数据包通过修改外部源IP地址和端口号匹配建立连接。推断行动:- 2000 - 0289 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(2)Christey,墙评论:Christey > ADDREF XF: linux-masquerading-dos ADDREF SUSE: 20000520安全漏洞在内核< 2.2.15http://www.suse.de/de/support/security/suse_security_announce_48.txt弗雷希> XF: linux-ip-masquerading投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0290网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0290最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000331 Webstar 4.0缓冲区溢出漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html缓冲区溢出Webstar HTTP服务器允许远程攻击者造成拒绝服务通过一个GET请求。推断行动:- 2000 - 0290 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(1)墙评论:弗雷希> XF: macos-webstar-get-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0298网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0298最终决定:阶段性裁决:修改:建议:20000426分配:20000426类别:CF参考:NTBUGTRAQ: 20000407所有用户启动文件夹左开如果无人值守安装和OEMP重新安装= 1参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html无人值守安装Windows 2000 OEMPreinstall选项集的不安全的所有用户和默认用户目录的权限。推断行动:- 2000 - 0298 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)墙弗伦奇等待修改(1)(2)Christey,科尔评论:Christey > ADDREF XF: win2k-unattended-install弗雷希> XF: win2k-unattended-install投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0318网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0318最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:NTBUGTRAQ: 20000413安全问题与心房Mercur服务器3.20参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html参考:报价:1144参考:网址:http://www.securityfocus.com/bid/1144心房Mercur邮件服务器3.2允许本地攻击者读取其他用户的电子邮件和通过点点创建任意文件(. .)攻击。推断行动:- 2000 - 0318 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,勒布朗评论:弗雷希> XF: mercur-remote-dot-attack投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0320网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0320最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000421不安全fgets () qpopper参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU参考:报价:1133参考:网址:http://www.securityfocus.com/bid/1133Qpopper 2.53和3.0不正确识别\ n弦标识消息文本,它允许远程攻击者造成拒绝服务或腐败的邮箱通过消息行1023个字符长,以\ n。推断行动:- 2000 - 0320 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)Christey,墙,科尔,勒布朗评论:弗雷希> XF: qpopper-fgets-spoofing Christey >确认:http://marc.theaimsgroup.com/?l=bugtraq&m=95715275707934&w=2投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0322网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0322最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000424食人鱼默认密码/利用参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=enip.bso.23.0004241601140.28851 - 100000 @www.whitehats.com参考:报价:1149参考:网址:http://www.securityfocus.com/bid/1149passwd。php3 CGI脚本在Red Hat食人鱼虚拟服务器包允许本地用户execure任意命令通过shell元字符。推断行动:- 2000 - 0322 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)Christey,墙,科尔,勒布朗评论:弗雷希> XF: piranha-passwd-execute Christey >确认:http://www.redhat.com/support/errata/rhsa - 2000014 - 10. - htmlCD: SF-LOC说区分这- 2000 - 0248。- 2000 - 0248是默认密码,允许任何人成为食人鱼的管理。这是一个shell元字符只访问一个食人鱼的问题管理,默认密码只是让这个bug可以任意攻击者。然而,如果有人需要管理员运行水虎鱼首先,这个候选人不给任何人任何额外的特权,所以它应该被拒绝。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0332网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0332最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000502玩UltraBoard V1.6X参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com参考:报价:1164参考:网址:http://www.securityfocus.com/bid/1164UltraBoard。pl或UltraBoard。cgi cgi脚本UltraBoard 1.6允许远程攻击者读取任意文件通过一个路径名字符串包含一个点点(. .)和结尾空字节。推断行动:- 2000 - 0332 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,阿姆斯特朗评论:弗雷希> XF: ultraboard-printabletopic-fileread投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0335网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0335最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000502 glibc解析器弱点参考:报价:1166参考:网址:http://www.securityfocus.com/bid/1166glibc 2.1.3中的解析器使用可预测的id,它允许本地攻击者恶搞DNS查询结果。推断行动:- 2000 - 0335 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,阿姆斯特朗评论:弗雷希> XF: glibc-resolver-id-predictable投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0338网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0338最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:报价:1136参考:网址:http://www.securityfocus.com/bid/1136并发版本软件(CVS)使用可预测的临时文件名称锁定,它允许本地用户通过创建锁导致拒绝服务目录之前创建一个合法使用CVS用户。推断行动:- 2000 - 0338 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,勒布朗评论:弗雷希> XF: cvs-tempfile-dos投票: