【投票】morevotes - 2000 b:候选人从2000年需要一个投票

以下25候选人更需要一个接受投票。如果你能帮忙,感谢。有4个其他消息类似于这个,用不同的候选人。随意选择一个随机,如果你没有时间进行投票。强烈喜欢得到你的票,10月9日。谢谢你,史蒂夫的总结票使用(按升序的“严重性”)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-2000-0340 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0340最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000428 SuSE 6.3 Gnomelib缓冲区溢位参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub参考:报价:1155参考:网址:http://www.securityfocus.com/bid/1155缓冲区溢出在Gnomelib SuSE Linux 6.3允许本地用户执行任意命令通过显示环境变量。推断行动:- 2000 - 0340 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,阿姆斯特朗评论:弗雷希> XF: linux-gnomelib-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0341网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0341最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:NTBUGTRAQ: 20000501远程DoS攻击在卡桑德拉NNTPServer v1.10从心房参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2参考:报价:1156参考:网址:http://www.securityfocus.com/bid/1156心房卡桑德拉NNTP服务器1.10允许远程攻击者通过长导致拒绝服务登录名。推断行动:- 2000 - 0341 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,阿姆斯特朗评论:弗雷希> XF: nntpserver-cassandra-bo投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0344网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0344最终决定:阶段性裁决:修改:建议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000501 Linux knfsd DoS问题参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0005012042550.6419 - 100000 @ferret.lmh.ox.ac.uk参考:报价:1160参考:网址:http://www.securityfocus.com/bid/1160在Linux内核2.2 knfsd NFS服务器。x允许远程攻击者造成拒绝服务通过一个负面的价值大小。推断行动:- 2000 - 0344 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)Christey,墙,科尔,阿姆斯特朗评论:Christey > ADDREF XF: linux-knfsd-dos弗雷希> XF: linux-knfsd-dos投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0458网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0458最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000424两个问题在小鬼2参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2参考:XF: imp-tmpfile-view IMP中的MSWordView应用程序创建全局文件在/ tmp目录中,它允许其他本地用户阅读可能敏感信息。推断行动:- 2000 - 0458能接受(3接受0 ack, 0评论)目前投票:接受(3)抑郁症,Levy Ozancin等待(4)普罗塞,Christey,科尔,Stracener评论:Christey > ADDREF报价:1360年变化>[利维投票从审查接受]投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0459网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0459最终决定:阶段性裁决:修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000424两个问题在小鬼2参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2参考:XF: imp-wordfile-dos小鬼不正确如果MSWordView应用程序退出删除文件,它允许本地用户造成拒绝服务由填满磁盘空间要求大量的文档和过早停止请求。推断行动:- 2000 - 0459能接受(3接受0 ack, 0评论)目前投票:接受(3)抑郁症,Levy Ozancin等待(4)普罗塞,Christey,科尔,Stracener评论:Christey > ADDREF报价:1361年变化>[利维投票从审查接受]投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0470网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0470最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601硬件开发,得到网络参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html参考:报价:1290参考:网址:http://www.securityfocus.com/bid/1290快板RomPager HTTP服务器允许远程攻击者通过畸形引起拒绝服务身份验证请求。推断行动:- 2000 - 0470 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin评论:弗雷希> XF: rompager-malformed-dos(4588)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0471网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0471最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614漏洞在Solaris ufsrestore参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html参考:报价:1348参考:网址:http://www.securityfocus.com/bid/1348缓冲区溢出在Solaris ufsrestore早8和允许本地用户获得根权限通过长路径名。推断行动:- 2000 - 0471 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey评论:Christey > XF: sol-ufsrestore-bo弗雷希> XF: sol-ufsrestore-bo(4711)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0484网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0484最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000616远程DoS攻击小HTTP服务器版本。1.212脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2参考:NTBUGTRAQ: 20000616远程DoS攻击小HTTP服务器版本。1.212脆弱性参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2参考:报价:1355参考:网址:http://www.securityfocus.com/bid/1355缓冲区溢出的小型HTTP服务器允许远程攻击者造成拒绝服务通过GET请求。推断行动:- 2000 - 0484 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey评论:Christey > XF: small-http-get-overflow-dos弗雷希> XF: small-http-get-overflow-dos(4692)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0488网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0488最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 DST2K0007:缓冲区溢出在ITHouse邮件服务器v1.04参考:网址:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html参考:报价:1285参考:网址:http://www.securityfocus.com/bid/1285缓冲区溢出ITHouse邮件服务器1.04允许远程攻击者执行任意命令通过一个长收件人邮件命令。推断行动:- 2000 - 0488 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin评论:弗雷希> XF: ithouse-rcpt-overflow(4580)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0490网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0490最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 Netwin Dmail方案参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html参考:报价:1297参考:网址:http://www.securityfocus.com/bid/1297缓冲区溢出的NetWin DSMTP 2.7 q NetWin dmail包允许远程攻击者通过长ETRN请求执行任意命令。推断行动:- 2000 - 0490 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin评论:弗雷希> XFdmail-etrn-dos(4579)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0494网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0494最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000616 Veritas卷管理器3.0。x洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html参考:报价:1356参考:网址:http://www.securityfocus.com/bid/1356Veritas卷管理器创建一个人人可写的.server_pids文件,它允许本地用户任意命令添加到这个文件,然后由vmsa_server执行脚本。推断行动:- 2000 - 0494 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收修改(1)法国人评论:弗雷希> XF: veritas-volume-manager(5009)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0498网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0498最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608潜在脆弱性统一eWave ServletExec参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html参考:报价:1328参考:网址:http://www.securityfocus.com/bid/1328统一eWave ServletExec允许远程攻击者查看源代码的JSP程序请求URL提供的JSP扩展大写。推断行动:- 2000 - 0498 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin评论:弗雷希> XF: ewave-servletexec-jsp-source-read(4649)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0501网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0501最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000616 mdaemon 2.8.5.0 WinNT和都远程DoS参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html参考:报价:1366参考:网址:http://www.securityfocus.com/bid/1366竞争条件在MDaemon 2.8.5.0 POP服务器允许本地用户造成拒绝服务通过输入UIDL命令并迅速退出服务器。推断行动:- 2000 - 0501 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey评论:Christey > XF: mdaemon-pass-dos弗雷希> XF: mdaemon-pass-dos(4745)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0504网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0504最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000619 XFree86: libICE DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html参考:报价:1369参考:网址:http://www.securityfocus.com/bid/1369libICE XFree86允许远程攻击者造成拒绝服务通过指定一个较大的值不正确检查SKIP_STRING宏。推断行动:- 2000 - 0504 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey评论:Christey > XF: linux-libice-dos弗雷希> XF: linux-libice-dos(4761)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0507网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0507最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 DST2K0006:拒绝服务可能在实践上邮箱服务器参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2参考:报价:1286参考:网址:http://www.securityfocus.com/bid/1286上邮箱服务器2.5允许远程攻击者通过长直升机造成拒绝服务命令。推断行动:- 2000 - 0507 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin评论:弗雷希> XF: nt-webmail-dos(4586)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0523网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0523最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻/ CF / MP / SA / /未知参考:BUGTRAQ: 20000606 MDMA咨询# 6:EServ日志堆溢出漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html参考:报价:1315参考:网址:http://www.securityfocus.com/bid/1315缓冲区溢出的日志功能EServ 2.9.2早些时候,允许攻击者通过长MKD命令执行任意命令。推断行动:- 2000 - 0523 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin评论:弗雷希> XF: eserv-logging-overflow(4614)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0541网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0541最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000617 Infosec.20000617.panda。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html参考:报价:1359参考:网址:http://www.securityfocus.com/bid/1359在端口2001上熊猫卫士控制台允许本地用户通过CMD命令执行任意命令没有认证。推断行动:- 2000 - 0541 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey评论:Christey > XF: panda-antivirus-remote-admin弗雷希> XF: panda-antivirus-remote-admin(4707)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0542网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0542最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000612 ACC /爱立信底格里斯河会计失败参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html参考:报价:1345参考:网址:http://www.securityfocus.com/bid/1345底格里斯河远程访问服务器之前11.5.4.22半径不正确记录会计信息用户失败时初始登录认证,但随后成功。推断行动:- 2000 - 0542 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)Christey,墙,勒布朗,Ozancin评论:Christey > XF: tigris-radius-login-failure弗雷希> XF: tigris-radius-login-failure(4705)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0543网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0543最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614远程DoS攻击网络伙伴PGP证书服务器版本2.5脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0107.html参考:报价:1343参考:网址:http://www.securityfocus.com/bid/1343PGP证书服务器的命令端口2.5.0 2.5.1允许远程攻击者造成拒绝服务如果他们的主机名没有反向DNS条目,它们连接到端口4000。推断行动:- 2000 - 0543 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey评论:Christey > XF: pgp-cert-server-dos弗雷希> XF: pgp-cert-server-dos(4695)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0557网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0557最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0011: DoS & BufferOverrun CMail v2.4.7邮箱参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html参考:报价:1318参考:网址:http://www.securityfocus.com/bid/1318缓冲区溢出的web界面Cmail 2.4.7允许远程攻击者执行任意命令通过一个GET请求。推断行动:- 2000 - 0557 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin评论:弗雷希> XF: cmail-get-overflow-execute(4626)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0561网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0561最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620 DST2K0018:多个BufferOverruns WebBBS HTTP服务器v1.15参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html参考:报价:1365参考:网址:http://www.securityfocus.com/bid/1365缓冲区溢出WebBBS 1.15允许远程攻击者执行任意命令通过一个HTTP GET请求。推断行动:- 2000 - 0561 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey评论:Christey > XF: webbbs-get-request-overflow弗雷希> XF: webbbs-get-request-overflow(4742)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0562网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0562最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000620我回冰集团网络脆弱性对孔1.2参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html我2.1和更早的后卫,我不管Pro 2.0.23早些时候,不适当的块回口交通安全设置时紧张或更低。推断行动:- 2000 - 0562 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(1)Christey评论:征收>别人怎么想?这应该是一个vuln吗?我能看到一些特性的参数不可以,除非你使用的最大安全设置。Christey >至少,这需要修改状态,这个问题/关注适用于港口一般高,不仅孔。Bugtraq海报称我“关闭”港口,但只有* *后一些初始交通“泄漏”。这可能是通过设计,但这的确意味着,有一个小的机会,我可能不会工作”就像广告上说的,“即使在较低的安全设置。Christey > XF: blackice-security-level-nervous报价:1389法国人> XF: blackice-security-level-nervous改变(4777)> (Levy投票从审查接受)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0565网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0565最终决定:阶段性裁决:修改:建议:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000613 SmartFTP守护进程v0.2 Beta 9 -远程利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html参考:报价:1344参考:网址:http://www.securityfocus.com/bid/1344SmartFTP守护进程0.2允许本地用户访问任意文件上传并指定另一个用户配置文件通过一个. .(点点)攻击。推断行动:- 2000 - 0565 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)Christey,墙,勒布朗,Ozancin评论:Christey > XF: smartftp-directory-traversal弗雷希> XF: smartftp-directory-traversal(4706)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0568网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0568最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000630多个漏洞Sybergen安全桌面参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se参考:XF: sybergen-routing-table-modify参考:报价:1417参考:网址:http://www.securityfocus.com/bid/1417Sybergen安全桌面2.1不正确防范虚假路由器广告(ICMP类型9),它允许远程攻击者修改默认路由。推断行动:- 2000 - 0568 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)抑郁症,利维等待(3)墙,科尔,勒布朗回顾(1)Magdych投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0569网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0569最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:MISC:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html参考:报价:1420参考:网址:http://www.securityfocus.com/bid/1420Sybergen Sygate允许远程攻击者造成拒绝服务通过发送一个畸形的DNS UDP包的内部接口。推断行动:- 2000 - 0569 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,勒布朗回顾(1)Magdych评论:弗雷希> XF: sygate-udp-packet-dos(5049)投票: