【投票】morevotes - 2000 c:候选人从2000年需要一个投票

以下24候选人更需要一个接受投票。如果你能帮忙,感谢。有4个其他消息类似于这个,用不同的候选人。随意选择一个随机,如果你没有时间进行投票。强烈喜欢得到你的票,10月9日。谢谢你,史蒂夫的总结票使用(按升序的“严重性”)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-2000-0576 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0576最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000704 Oracle Web侦听器AIX DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html参考:报价:1427参考:网址:http://www.securityfocus.com/bid/1427Oracle Web侦听器的AIX版本4.0.7.0.0和4.0.8.1.0允许远程攻击者通过畸形引起拒绝服务的URL。推断行动:- 2000 - 0576 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,勒布朗回顾(1)Magdych评论:弗雷希> XF: oracle-web-listener-dos(4874)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0578网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0578最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000621可预测性问题IRIX Cron和编译器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html参考:报价:1412参考:网址:http://www.securityfocus.com/bid/1412SGI MIPSPro编译器C, c++, F77和法郎生成临时文件在/ tmp可预测的文件名,这可能允许本地用户恶意内容插入到这些文件被另一个用户编译。推断行动:- 2000 - 0578 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,勒布朗回顾(1)Magdych评论:弗雷希> XF: sgi-mipspro-modify-files(5007)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0579网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0579最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000621可预测性问题IRIX Cron和编译器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html参考:报价:1413参考:网址:http://www.securityfocus.com/bid/1413IRIX crontab创建临时文件的umask与可预见的文件名和用户,这可能允许本地用户修改其他用户的crontab文件正在编辑。推断行动:- 2000 - 0579 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,勒布朗回顾(1)Magdych评论:弗雷希> XF: irix-cron-modify-crontab(5008)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0598网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0598最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000626 + Telnet代理网关问题参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html参考:报价:1395参考:网址:http://www.securityfocus.com/bid/1395参考:XF: fortech-proxy-telnet-gateway参考:XF: proxyplus-telnet-gateway Fortech代理+允许远程攻击者绕过访问限制为管理服务通过重定向连接通过telnet代理。推断行动:- 2000 - 0598 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,科尔,勒布朗回顾(1)Magdych评论:弗雷希> DELREF XF: proxyplus-telnet-gateway投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0599网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0599最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000629 iMesh 1.02脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html参考:XF: imesh-tcp-port-overflow参考:报价:1407参考:网址:http://www.securityfocus.com/bid/1407缓冲区溢出iMesh 1.02允许远程攻击者执行任意命令通过一个长字符串iMesh端口。推断行动:- 2000 - 0599 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)抑郁症,利维等待(3)墙,科尔,勒布朗回顾(1)Magdych投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0601网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0601最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:BUGTRAQ: 20000625 LeafChat拒绝服务引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsf.4.10.10006252056110.74551 - 100000 @unix.za.net参考:XF: irc-leafchat-dos参考:报价:1396参考:网址:http://www.securityfocus.com/bid/1396LeafChat 1.7 IRC客户机允许远程IRC服务器导致拒绝服务迅速发送大量的错误消息。推断行动:- 2000 - 0601 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(2)抑郁症,利维等待(3)勒布朗,墙,科尔回顾(1)Magdych投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0620网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0620最终决定:阶段性裁决:修改:建议:20000719分配:20000719类别:科幻参考:报价:1409参考:网址:http://www.securityfocus.com/bid/1409libX11 X库允许远程攻击者通过资源导致拒绝服务的面具0,这导致libX11进入一个无限循环。推断行动:- 2000 - 0620 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔回顾(1)Magdych评论:弗雷希> XF: libx11-infinite-loop-dos(4996)参见http://www.securityfocus.com/frames/?content=/templates/archive.pike%3flist%3d1%26date%3d2000 - 07 - 22% - 26 - msg%3dpine.lnx.4.21.0006192251480.9945 - 100000 @ferret.lmh.ox.ac.uk# 2,特别是缺陷。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0626网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0626最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000718多个bug在阿里巴巴2.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html参考:报价:1482参考:网址:http://www.securityfocus.com/bid/1482缓冲区溢位在阿里巴巴web服务器允许远程攻击者造成拒绝服务通过一个GET请求。推断行动:- 2000 - 0626 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)勒布朗,Christey,墙,科尔评论:弗雷希> XF: alibaba-get-dos (4934) Christey >这是在一个相对老Nessus插件,虽然利用使用POST而不是GET。这可能是比引用表示早发现。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0627网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0627最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000718黑板Courseinfo v4.0用户身份验证参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html参考:报价:1486参考:网址:http://www.securityfocus.com/bid/1486黑板CourseInfo 4.0不恰当地对用户进行身份验证,它允许本地用户修改CourseInfo数据库信息和获得特权通过直接调用user_update_passwd等支持CGI程序。pl和user_update_admin.pl。推断行动:- 2000 - 0627 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)勒布朗,Christey,墙,科尔评论:弗雷希> XF: blackboard-courseinfo-dbase-modification (4946) Christey >供应商确认:BUGTRAQ: 20000719安全修复黑板CourseInfo 4.0网址:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0634网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0634最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000717 s21sec - 003:漏洞在CommuniGate Pro v3.2.4参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html参考:报价:1493参考:网址:http://www.securityfocus.com/bid/1493早些时候CommuniGate Pro 3.2.5 web管理界面,允许远程攻击者读取任意文件通过一个. .(点点)攻击。推断行动:- 2000 - 0634 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: communigate-pro-file-read(5105)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0636网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0636最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000719惠普Jetdirect——无效的FTP命令DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html参考:报价:1491参考:网址:http://www.securityfocus.com/bid/1491惠普打印机JetDirect版本G.08.20和H.08.20早些时候,允许远程攻击者造成拒绝服务通过一个畸形的FTP引用命令。推断行动:- 2000 - 0636 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(2)勒布朗,科尔回顾(1)墙评论:弗雷希> XF: hp-jetdirect-quote-dos(4947)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0640网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0640最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000708 gnu-pop3d (FTGate问题),莎凡特网络服务器,公会FTPd参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html参考:报价:1452参考:网址:http://www.securityfocus.com/bid/1452公会FTPd允许远程攻击者决定文件的存在之外的FTP根通过. .(点点)攻击,它提供了不同的错误消息取决于该文件是否存在。推断行动:- 2000 - 0640 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: guild-ftpd-disclosure(4922)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0641网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0641最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000708 gnu-pop3d (FTGate问题),莎凡特网络服务器,公会FTPd参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html参考:报价:1453参考:网址:http://www.securityfocus.com/bid/1453莎凡特web服务器允许远程攻击者执行任意命令通过一个GET请求。推断行动:- 2000 - 0641 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: savant-get-bo(4901)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0642网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0642最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:CF参考:BUGTRAQ: 20000711的DoS WEBactive win65 / NT服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org参考:报价:1497参考:网址:http://www.securityfocus.com/bid/1497WebActive HTTP服务器的默认配置1.00存储web访问日志活动。登录文档根,它允许远程攻击者通过直接请求页面查看日志。推断行动:- 2000 - 0642 MOREVOTES-1(2接受0 ack, 1审查)目前投票:接受(1)征收弗伦奇等待修改(1)(2)勒布朗,科尔回顾(1)墙评论:弗雷希> XF: webactive-active-log(5184)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0643网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0643最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000711的DoS WEBactive win65 / NT服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org参考:报价:1470参考:网址:http://www.securityfocus.com/bid/1470缓冲区溢出WebActive HTTP Server 1.00允许远程攻击者通过一个长URL引起拒绝服务。推断行动:- 2000 - 0643 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: webactive-long-get-dos(4949)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0644网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0644最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000721 WFTPD / WFTPD Pro 2.41 RC11漏洞。参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html参考:报价:1506参考:网址:http://www.securityfocus.com/bid/1506WFTPD和WFTPD Pro 2.41允许远程攻击者造成拒绝服务通过执行STAT命令在命令列表仍执行。推断行动:- 2000 - 0644 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: wftpd-stat-dos(5003)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0651网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0651最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000707 Novell边境经理——任何人都可以冒充一个身份验证的用户参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com参考:报价:1440参考:网址:http://www.securityfocus.com/bid/1440在Novell BorderManager ClientTrust项目不正确验证身份验证请求的起源,这可能允许远程攻击者冒充重演另一个用户的身份验证请求和响应端口3024的受害者的机器。推断行动:- 2000 - 0651 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: novell-bordermanager-verification(5186)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0652网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0652最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000723 IBM WebSphere默认servlet处理程序showcode脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html参考:报价:1500参考:网址:http://www.securityfocus.com/bid/1500IBM WebSphere允许远程攻击者读取源代码执行web文件通过直接调用默认InvokerServlet使用URL包含“/ servlet /文件”字符串。推断行动:- 2000 - 0652 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)勒布朗,Christey,墙,科尔评论:弗雷希> F: websphere-showcode (5012) Christey >发现者声称APAR PQ39857修复这个问题,但它无法找到:http://www - 4. ibm.com/software/webservers/appserv/efix.html投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0661网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0661最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000710远程DoS攻击WircSrv Irc服务器v5.07s脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html参考:报价:1448参考:网址:http://www.securityfocus.com/bid/1448WircSrv IRC服务器5.07年代允许远程攻击者造成拒绝服务通过一个长字符串到服务器的端口。推断行动:- 2000 - 0661 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: wircsrv-character-flood-dos(4914)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0665网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0665最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:NTBUGTRAQ: 20000717 DoS Gamsoft TelSrv telnet服务器Windows 95/98 / NT / 2 k女士。参考网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html参考:报价:1478参考:网址:http://www.securityfocus.com/bid/1478AMSoft TelSrv telnet服务器1.5和更早的允许远程攻击者通过长导致拒绝服务用户名。推断行动:- 2000 - 0665 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)勒布朗,Christey,墙,科尔评论:弗雷希> XF: gamsoft-telsrv-dos (4945) Christey >供应商名称更改为“GAMSoft”ADDREF NTBUGTRAQ: 20000729 TelSrv DoS攻击后显示用户名和密码http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html这是一个额外的影响相同的DoS NTBUGTRAQ早些时候所描述的职位。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0669网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0669最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000711远程拒绝服务——网络5.0 SP 5参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5 c3d0 9330美元d801a8c0@dimuthu.baysidegrp.com.au参考:报价:1467参考:网址:http://www.securityfocus.com/bid/1467网络操作系统5.0允许远程攻击者因洪水导致拒绝服务与随机数据端口40193。推断行动:- 2000 - 0669 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: netware-port40193-dos(4932)的描述,正确的拼写是网络。投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0674网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0674最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000712 ftp。pl脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html参考:报价:1471参考:网址:http://www.securityfocus.com/bid/1471ftp。pl CGI程序虚拟幻想FTP浏览器允许远程攻击者读取目录以外的文档根通过. .(点点)攻击。推断行动:- 2000 - 0674 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: virtualvision-ftp-browser(5187)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0675网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0675最终决定:阶段性裁决:修改:建议:20000803分配:20000802类别:科幻参考:BUGTRAQ: 20000713 MDMA船员的看门人利用参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2 e1ec4@kungphusion a52cbd80 367美元参考:报价:1477参考:网址:http://www.securityfocus.com/bid/1477早些时候在Infopulse看门人3.5和缓冲区溢出允许远程攻击者执行任意命令通过一个长字符串。推断行动:- 2000 - 0675 MOREVOTES-1(2接受,0 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)勒布朗,墙,科尔评论:弗雷希> XF: gatekeeper-long-string-bo(4948)投票:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0677网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0677最终决定:阶段性裁决:修改:建议:20000921分配:20000823类别:科幻参考:国际空间站:20000907在IBM净缓冲区溢出。db2www CGI程序的数据。参考网址:http://xforce.iss.net/alerts/在IBM净缓冲区溢出。数据db2www CGI程序允许远程攻击者执行任意命令通过一个长PATH_INFO环境变量。推断行动:- 2000 - 0677 MOREVOTES-1(1接受,1 ack, 0评论)目前投票:接受(1)科尔等待(1)墙投票: