(临时)接受33遗留候选人最后(10/13)

我做了一个临时决定接受以下33遗留候选人从不同的集群。这些候选人在1999年提出的。我将在10月13日做出最终决定。感谢所有董事会成员获得了他们的选票!10月1日以来的15个不同的成员投票。选民:Shostack接受(1)修改(1)征收接受(19)修改(2)Landfield接受(15)等待(8)科尔接受(20)修改(2)等待(5)接受主教(3)修改(1)无操作(3)贝克修改(5)Stracener接受(20)修改(5)弗伦奇接受审查(1)(2)修改(30)无操作(1)代理人接受(1)山接受(3)Christey等待(14)Northcutt接受(3)无操作(2)反对(1)普罗塞接受(1)修改(2)审查(2)墙接受(10)等待(13)Ozancin接受(5)等待(17)阿姆斯特朗接受(5)等待(8)评论(2)Balinsky接受布莱克(1)接受(10)修改(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0145网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0145最终决定:阶段性裁决:20001011修改:20001010 - 1提出:19990630分配:19990607类别:科幻参考:CERT: ca - 1990 - 11参考:网址:http://www.cert.org/advisories/ca - 1990 - 11. - html参考:CERT: ca - 1993 - 14参考:网址:http://www.cert.org/advisories/ca - 1993 - 14. - html参考:BUGTRAQ: 19950206 sendmail向导的事情……参考网址:http://www2.dataguard.no/bugtraq/1995_1/0332.html参考网址:http://www2.dataguard.no/bugtraq/1995_1/0350.html参考:FarmerVenema:提高你的网站的安全通过闯入参考:网址:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.htmlSendmail奇才命令启用,允许根访问。修改:ADDREF CERT: ca - 1990 - 11 ADDREF CERT: ca - 1993 - 14 ADDREF BUGTRAQ: 19950206 sendmail向导的事情……ADDREF MISC: FarmerVenema:提高你的网站的安全通过闯入推断行动:可以- 1999 - 0145拒绝(1拒绝接受6 0评论)HAS_CONFLICT目前投票:接受(4)山,布莱克,学监,Balinsky修改(2)普罗塞,弗雷希无操作(1)Christey拒绝(1)Northcutt选民的评论:弗雷希> XF: smtp-wiz Northcutt >我也投票反对过。这引发了历史的情况下,但不再existant脆弱性。或有任何数据,奇才依然存在在任何操作系统?普罗塞>额外来源Bugtraq“sendmail向导的事情”http://securityfocus/CERT咨询ca - 93.14http://www.cert.orgChristey >,这可能不是活跃的地方(我们希望),它仍然是古迹和潜在有用的学术研究。因此,应包括在内。Balinsky >思科的安全性配置文件评估小组还发现这个客户的网站。Christey >我也发送一个帖子笔试名单问如果人们仍然看到这个,和我有一些积极的响应。上看到:笔试:20000914 Re:调试命令Sendmail URL:http://www.securityfocus.com/archive/101/82783URL:http://www.securityfocus.com/archive/101/83102URL:http://www.securityfocus.com/archive/101/82978ADDREF MISC: FarmerVenema:提高安全进入你的网站的网址:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.htmlADDREF CERT: ca - 1990 - 11 URL:http://www.cert.org/advisories/ca - 1990 - 11. - htmlADDREF BUGTRAQ: 19950206 sendmail向导的事情……URL:http://www2.dataguard.no/bugtraq/1995_1/0332.htmlURL:http://www2.dataguard.no/bugtraq/1995_1/0350.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0247网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0247最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19990728分配:19990607类别:科幻参考:奈:19970721酒店新闻服务器漏洞参考:网址:万博下载包http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp参考报价:1443参考:XF: inn-bo缓冲区溢出nnrpd项目在酒店1.6版允许远程用户执行任意命令。修改:ADDREF奈:17添加版本号CHANGEREF奈:17(规范化)ADDREF XF: inn-bo ADDREF报价:1443年的行动:- 1999 - 0247能接受(3接受,1 ack, 0评论)目前投票:接受(2)Stracener,莱维弗伦奇等待修改(1)(2)Christey, Northcutt选民的评论:弗雷希> XF: inn-bo Christey >报价:1443网址:http://www.securityfocus.com/bid/1443= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0248网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0248最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19990728分配:19990607类别:科幻参考:MISC:http://oliver.efri.hr/的crv /安全/错误/ mUNIXes / ssh2.html参考:确认:http://www.uni-karlsruhe.de/ ~ ig25 / ssh-faq html / ssh -常见问题- 6. # ss6.1竞态条件的身份验证代理机制sshd 1.2.17允许攻击者窃取其他用户的凭证。修改:ADDREF MISC:http://oliver.efri.hr/的crv /安全/错误/ mUNIXes / ssh2.htmlADDREF确认:http://www.uni-karlsruhe.de/ ~ ig25 / ssh-faq html / ssh -常见问题- 6. # ss6.1DESC[添加细节]推断行动:- 1999 - 0248能接受(8接受,1 ack, 0评论)目前投票:接受(4)科尔,Northcutt,阿姆斯特朗,Landfield修改(4)贝克,主教,Shostack,布莱克等待(3)抑郁症,墙,Ozancin选民的评论:Shostack >http://oliver.efri.hr/的crv /安全/错误/ mUNIXes / ssh2.html我看起来是正确的信息,来自俄罗斯少女组合。有评论的更新日志:*改进的安全auth_input_request_forwarding ()。我不赞成这种前进没有额外的细节,但想我添加一个确认URL和评论。我们有足够的细节来作为CVE接受它。弗雷希>试http://www.uni-karlsruhe.de/ ~ ig25 / ssh-faq html / ssh -常见问题- 6. # ss6.1;智慧(见星号部分):……* * * * *之前版本的ssh 1.2.17身份验证代理处理一些机器上的问题。有机会(竞争条件),恶意用户可能会偷另一个用户的凭证。这应该是固定在1.2.17。* * * * *布莱克>我同意亚当需要额外的参考。一种或两种参考建议和我都很好。主教>贝克(需要更多细节)>http://oliver.efri.hr/的crv /安全/错误/ mUNIXes / ssh2.htmlMisc防御信息错误只关注SSH协议版本1.5中实现1.2.17 SSH服务器版本。后来版本的服务器或应用程序使用SSH协议版本2的不受影响的缺陷。攻击者有能力做活跃的网络级攻击可以妥协的安全方面的SSH协议SSH-1.2.17实现。虽然一些攻击是相当严重的,即使在最坏的情况下安全仍比远程登录命令或telnet。能够成功地打破SSH安全协议和实现需要亲密知识,获得大量的处理能力和专业知识在TCP / IP网络。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0358网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0358最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19990617分配:19990607类别:科幻参考:BUGTRAQ: 19990125数字Unix 4.0利用缓冲区溢位参考:康柏:SSRT0583U参考:XF: du-inc参考:CIAC: j - 027数字Unix 4.0有一个缓冲区溢出在mh公司程序包。修改:ADDREF XF: du-inc ADDREF CIAC: j - 027的行动:- 1999 - 0358能接受(5接受,2 ack, 0评论)目前投票:接受(3)山,Northcutt, Shostack修改(2)弗雷希普罗塞无操作(1)Christey选民的评论:普罗塞>裁判会SSRT有一个“在”脆弱以及固定的补丁。这难道不应该作为一个独立的CVE集群。裁判:BugTraq“数字Unix缓冲区溢出:利用”拉蒙特Granquist两种。弗雷希>参考:XF: du-inc Christey > ADDREF CIAC: j - 027 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0393网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0393最终决定:阶段性裁决:20001011修改:20001009 - 02年提出:19990728分配:19990607类别:科幻参考:BUGTRAQ: 19981212 * * Sendmail 8.9.2 DoS——利用* *得到你想要的!参考:BUGTRAQ: 19990121 Sendmail 8.8.x / 8.9。x bugware参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2参考:XF: sendmail-parsing-redirection远程攻击者可以在Sendmail 8.8中引起拒绝服务。x和8.9.2通过与大量的发送消息头。修改:ADDREF XF: sendmail-parsing-redirection CHANGEREF BUGTRAQ[日期更改为19981212]ADDREF BUGTRAQ: 19990121 Sendmail 8.8.x / 8.9。x bugware推断行动:- 1999 - 0393可以接受(6接受,1 ack, 0评论)目前投票:接受(4)布莱克,Ozancin, Landfield,科尔修改(2)弗雷希贝克等待(3)Christey,主教,墙选民的评论:弗雷希>我假设参考:BUGTRAQ: Dec12 1999不是证明的CVE预见到未来的事件。这个引用应该12/12/98。ADDREF XF: sendmail-parsing-redirection Christey >这个问题在BUGTRAQ承认:19990121 Sendmail 8.8.x / 8.9。x bugware网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91694391227372&w=2Landfield与抑郁症的修改变化> >[科尔投票从等待接受]贝克>脆弱性参考(HTML)引用类型http://www.securityfocus.com/archive/1/11556Misc防御信息http://xforce.iss.net/static/2300.phpMisc防御信息Christey > cve - 1999 - 0478看起来可能是重复的,但惠普的咨询很模糊,你不能确定。唯一关闭提示是:“公共领域现在修复sendmail 8.9.3已经移植到hp - ux sendmail 8.8.6发布补丁。”However, the HP advisory only says that HP 8.8.6 Sendmails "accept connections sub-optimally." CAN-1999-0393 clearly has nothing to do with mishandling connections. ====================================================== Candidate: CAN-1999-0395 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0395最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19990630分配:19990607类别:科幻参考:国际空间站:19990118脆弱性BackWeb礼貌代理协议参考:网址:http://xforce.iss.net/alerts/advise17.php参考:XF: backweb-polite-agent-protocol BackWeb礼貌的竞态条件代理协议允许攻击者恶搞BackWeb服务器。修改:CHANGEREF ISS(规范化)ADDREF XF: backweb-polite-agent-protocol推断行动:- 1999 - 0395能接受(3接受,1 ack, 0评论)目前投票:接受(2)山,弗伦奇等待Stracener修改(1)(2)Landfield, Northcutt选民的评论:弗雷希> XF: backweb-polite-agent-protocol = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0403网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0403最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19990728分配:19990607类别:科幻参考:BUGTRAQ: 19990204新瑞仕bug:冻结在地狱,它参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91821080015725&w=2参考:XF: cyrix-hang bug在Linux上新瑞仕cpu允许本地用户执行拒绝服务。修改:CHANGEREF BUGTRAQ(规范化)推断行动:- 1999 - 0403能接受(3接受0 ack, 0评论)目前投票:接受(2)布莱克,弗伦奇等待Northcutt修改(1)(1)墙选民的评论:弗雷希> XF: cyrix-hang(1716)的描述,正确的复数使用cpu。====================================================== Candidate: CAN-1999-0429 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0429最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19990726分配:19990607类别:CF参考:BUGTRAQ: 19990323参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92221437025743&w=2参考:BUGTRAQ: 19990324 Re: LNotes加密参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92241547418689&w=2参考:BUGTRAQ: 19990326 Lotus Notes加密错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92246997917866&w=2参考:BUGTRAQ: 19990326 Re: Lotus Notes安全咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92249282302994&w=2参考:XF: lotus-client-encryption Lotus Notes 4.5客户机可以发送加密邮件的副本的清晰的在网络中如果用户不设置“加密保存邮件”的偏好。修改:CHANGEREF BUGTRAQ(规范化)ADDREF BUGTRAQ: 19990324 Re: LNotes加密ADDREF BUGTRAQ: 19990326 Lotus Notes加密错误ADDREF BUGTRAQ: 19990326 Re: Lotus Notes安全顾问推断行动:- 1999 - 0429能接受(6接受,1 ack, 0评论)目前投票:接受(5)布莱克,Ozancin, Landfield,抑郁症,科尔贝克等待修改(1)(2)墙,主教选民的评论:贝克>脆弱性参考(HTML)引用类型http://www.securityfocus.com/archive/1/12943Misc防御信息http://xforce.iss.net/static/2047.phpMisc防御信息= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0440网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0440最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19990726分配:19990607类别:科幻参考:BUGTRAQ: 19990405安全漏洞在Java 2 (JDK提升)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92333596624452&w=2参考:确认:http://java.sun.com/pr/1999/03/pr990329 - 01. - html参考:XF: java-unverified-code字节码校验器组件的Java虚拟机(JVM)允许通过恶意网页远程执行。修改:CHANGEREF BUGTRAQ(规范化)ADDREF确认:http://java.sun.com/pr/1999/03/pr990329 - 01. - html推断行动:- 1999 - 0440能接受(8接受,1 ack, 0评论)目前投票:接受(7)墙,布莱克,Ozancin, Landfield,抑郁症,科尔,主教修改(1)贝克选民的评论:改变>[墙投票从审查接受]贝克>脆弱性参考(HTML)引用类型http://www.microsoft.com/java/vm/dl_vm31.htm补丁信息http://www.microsoft.com/windows/ie/download/jvm.htm补丁信息http://www.damnation/net/iecrash/Iecrash.zipMisc进攻信息http://hackersclub.com/km/library/hack/iecrashMisc进攻信息http://xforce.iss.net/static/2025.phpMisc防御信息= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0671网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0671最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991125类别:科幻参考:报价:572参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=572参考:XF: toxsoft-nextftp-cwd-bo缓冲区溢出在ToxSoft NextFTP客户机通过命令慢性消耗性疾病。修改:ADDREF XF: toxsoft-nextftp-cwd-bo推断行动:- 1999 - 0671能接受(4接受,0 ack, 0评论)目前投票:接受(2)征税,布莱克修改(2)抑郁症,Stracener等待(5)主教,墙,Ozancin, Landfield,科尔选民的评论:Stracener > ADDREF: ShadowPenguinSecurity: PenguinToolbox,没有。035年法国人> XF: toxsoft-nextftp-cwd-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0672网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0672最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991125类别:科幻参考:XF: fujitsu-topic-bo参考:报价:573参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=573缓冲区溢出在富士通Chocoa IRC客户机通过IRC频道主题。修改:ADDREF XF: fujitsu-topic-bo推断行动:- 1999 - 0672能接受(4接受,0 ack, 0评论)目前投票:接受(2)征税,布莱克修改(2)抑郁症,Stracener等待(4)墙,Ozancin, Landfield,科尔选民的评论:Stracener > ADDREF: ShadowPenguinSecurity: PenguinToolbox,没有。036年法国人> XF: fujitsu-topic-bo = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0675网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0675最终决定:阶段性裁决:20001011修改:20001010 - 1提出:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990809 FW1 UDP端口0 DoS参考:网址:http://www.securityfocus.com/archive/1/23615参考:报价:576参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=576参考:XF: checkpoint-port检查防火墙1可以受到拒绝服务通过UDP数据包发送VPN-1主机的端口0。修改:ADDREF XF: checkpoint-port DESC添加检查点ADDREF BUGTRAQ: 19990809 FW1 UDP端口0 DoS推断行动:- 1999 - 0675 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(3)征税,布莱克,Landfield修改(2)弗雷希科尔等待(3)墙,Ozancin, Christey回顾(1)Stracener选民的评论:科尔>这只发生在VPN用于传输的数据包支持ISAKMP加密。弗雷希> XF: checkpoint-port修改描述改为“检查防火墙1……”Christey>http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.9908051851320.8871 @area51——100000与修改Landfield > = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0679网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0679最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990813 w00w00 efnet的ircd咨询(包括利用)参考:确认:http://www.efnet.org/archive/servers/hybrid/ChangeLog参考:报价:581参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=581参考:XF: hybrid-ircd-minvite-bo缓冲区溢出在hybrid-6 IRC服务器常用EFnet允许远程攻击者通过m_invite邀请选项执行命令。修改:ADDREF XF: hybrid-ircd-minvite-bo ADDREF确认:http://www.efnet.org/archive/servers/hybrid/ChangeLog推断行动:- 1999 - 0679能接受(9接受,1 ack, 0评论)目前投票:接受(8)主教,Levy墙,布莱克,Ozancin, Landfield,科尔,弗伦奇等待Stracener修改(1)(1)Christey选民的评论:弗雷希> XF: hybrid-ircd-minvite-bo改变>[科尔投票从等待接受]Christey >可能的供应商确认;看到http://www.efnet.org/archive/servers/hybrid/ChangeLog直到β58大参考说存在的问题。报价由Dianora hybrid-6-b57“固定mtrie_conf说。c克莱恩代码,“但这不能肯定如果是与此相关的bug。部分“hybrid-6-b75”包括Dianora这句话:“纠正可能在m_knock缓冲区溢出,m_invite”。听起来像它,但是不能确定,尤其是考虑到揭露者说,这是固定在β58岁,有独立的确认声明。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0697网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0697最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990908上海合作组织5.0.5 /bin/doctor噩梦参考:报价:621参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=621参考:XF:上海合作组织sco-doctor-execute医生允许本地用户通过一个工具选项获得根权限。修改:ADDREF XF: sco-doctor-execute推断行动:- 1999 - 0697能接受(7接受0 ack, 0评论)目前投票:接受(6)主教,征税,布莱克,Landfield,科尔,弗伦奇等待Stracener修改(1)(2)墙,Ozancin选民的评论:弗雷希> XF: sco-doctor-execute改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0759网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0759最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990913许多窗户的POP3 / SMTP服务器软件缓冲区溢出缺陷参考:确认:http://www.crosswinds.net/ ~ fuseware / faq.html # 8参考:报价:634参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=634参考:XF: fuseware-popmail-bo缓冲区溢出通过长FuseMAIL流行服务用户和通过命令。修改:ADDREF XF: fuseware-popmail-bo ADDREF确认:http://www.crosswinds.net/ ~ fuseware / faq.html # 8推断行动:- 1999 - 0759能接受(7接受,1 ack, 0评论)目前投票:接受(6)Stracener, Levy墙,Ozancin, Landfield,科尔弗伦奇等待修改(1)(2)阿姆斯特朗,Christey选民的评论:弗雷希> XF: fuseware-popmail-bo墙>还我检测的一部分。改变>[科尔投票从等待接受]Christey >确认:http://www.crosswinds.net/ ~ fuseware / faq.html # 8原本脆弱的版本被报道为2.7这FAQ表示:“虽然安全漏洞被报道在version 2.7中,也存在于早期版本,那个洞一直固定在后来的版本。必须要强调的一点是,潜在的安全风险只有在本地端。到目前为止没有受到互联网的安全风险方面的报道,尽管许多黑客试图找到一个。”====================================================== Candidate: CAN-1999-0787 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0787最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990917几个虫子……参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93760201002154&w=2参考:BUGTRAQ: 19990924 (Fwd:真相ssh 1.2.27脆弱性)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93832856804415&w=2参考:XF: ssh-socket-auth-symlink-dos参考:报价:660参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=660SSH身份验证代理遵循符号链接通过UNIX域套接字。修改:ADDREF BUGTRAQ: 19990917几个虫子……ADDREF BUGTRAQ: 19990924 (Fwd:真相ssh 1.2.27脆弱性)ADDREF XF: ssh-socket-auth-symlink-dos推断行动:- 1999 - 0787能接受(5接受0 ack, 0评论)目前投票:接受(3)阿姆斯特朗,Levy Landfield修改(2)Stracener弗雷希无操作(3)墙,Ozancin,科尔选民的评论:Stracener >添加裁判:BUGTRAQ: 19990924 (Fwd真相ssh 1.2.27脆弱性):法国人> XF: ssh-socket-auth-symlink-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0788网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0788最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19990924多个供应商诺克斯Arkiea本地根/远程DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93837184228248&w=2参考:报价:662参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=662参考:XF: arkiea-backup-nlserverd-remote-dos Arkiea nlservd允许远程攻击者进行拒绝服务。修改:ADDREF BUGTRAQ: 19990924多个供应商诺克斯Arkiea本地根/远程DoS ADDREF XF: arkiea-backup-nlserverd-remote-dos推断行动:- 1999 - 0788能接受(6接受,1 ack, 0评论)目前投票:接受(4)征税,墙,Landfield,科尔修改(2)Stracener弗雷希无操作(2)阿姆斯特朗,Ozancin选民的评论:Stracener >添加裁判:BUGTRAQ: 19990923多个供应商诺克斯Arkiea本地根/远程DoS弗雷希> XF: arkiea-backup-nlserverd-remote-dos墙packetstorm变化> >利用代码(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0791网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0791最终决定:阶段性裁决:20001011修改:20001009 - 02年提出:19991222分配:19991125类别:科幻参考:BUGTRAQ: 19991006 KSR [T]报告# 012:混合网络的电缆调制解调器参考:KSRT: 012参考:报价:695参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=695参考:XF: hybrid-anon-cable-modem-reconfig混合网络电缆调制解调器不包括政府的认证机制,允许远程攻击者通过HSMP协议系统的妥协。修改:ADDREF BUGTRAQ: 19991006 KSR [T]报告# 012:混合网络的电缆调制解调器ADDREF报价:695 ADDREF XF: hybrid-anon-cable-modem-reconfig推断行动:- 1999 - 0791 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(3)征税,普罗塞,科尔修改(2)Stracener弗雷希无操作(4)墙,Ozancin, Landfield, Christey回顾(1)阿姆斯特朗选民的评论:Stracener >添加裁判:BUGTRAQ: 19991006 KSR [T]报告# 012:混合网络的电缆调制解调器弗雷希> XF: hybrid-anon-cable-modem-reconfig Christey > ADDREF报价:695网址:http://www.securityfocus.com/vdb/bottom.html?vid=695改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0823网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0823最终决定:阶段性裁决:20001011修改:20001010 - 1提出:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991130几个freebsd - 3.3漏洞参考:报价:839参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=839参考:XF: freebsd-xmindpath缓冲区溢出在FreeBSD xmindpath允许本地用户获得特权通过- f参数。修改:ADDREF XF: freebsd-xmindpath推断行动:- 1999 - 0823 ACCEPT_REV(4接受,0 ack, 1审查)目前投票:接受(2)Stracener,阿姆斯特朗修改(2)科尔,弗雷希无操作(1)Christey回顾(1)普罗塞选民的评论:科尔>这是通过缓冲区溢出攻击。弗雷希> XF: freebsd-xmindpath Christey >迈克普罗塞的回顾投票将于7月17日到期,2000 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0826网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0826最终决定:阶段性裁决:20001011修改:20001010 - 1提出:19991208分配:19991207类别:科幻参考:BUGTRAQ: 19991130几个freebsd - 3.3漏洞参考:报价:840参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=840参考:XF: angband-bo缓冲区溢出在FreeBSD angband允许本地用户获得特权。修改:ADDREF XF: angband-bo推断行动:- 1999 - 0826 ACCEPT_REV(4接受,0 ack, 1审查)目前投票:接受(3)科尔,Stracener,阿姆斯特朗弗伦奇等待修改(1)(1)Christey回顾(1)普罗塞选民的评论:弗雷希> XF: angband-bo Christey >迈克普罗塞的回顾投票将于7月17日到期,2000 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0873网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0873最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:科幻参考:报价:759参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=759参考:XF: skyfull-mail-from-bo缓冲区溢出在Skyfull通过邮件从邮件服务器命令。修改:ADDREF XF: skyfull-mail-from-bo推断行动:- 1999 - 0873能接受(6接受0 ack 0审查)目前投票:接受(5)科尔,Stracener, Levy墙,弗伦奇等待Landfield修改(1)(2)阿姆斯特朗,Ozancin选民的评论:弗雷希> XF: skyfull-mail-from-bo墙>利用c代码packetstorm = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0904网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0904最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991103远程DoS攻击BFTelnet服务器v1.1 Windows NT参考:XF: bftelnet-username-dos参考:报价:771参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=771缓冲区溢出BFTelnet允许远程攻击者造成拒绝服务通过用户名。修改:ADDREF XF: bftelnet-username-dos推断行动:- 1999 - 0904能接受(6接受0 ack 0审查)目前投票:接受(5)科尔,Stracener, Levy墙,弗伦奇等待Landfield修改(1)(1)Ozancin选民的评论:弗雷希> XF: bftelnet-username-dos墙>发现苏联实验室变化>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0912网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0912最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990921 FreeBSD-specific拒绝服务引用:报价:653参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=653参考:XF: freebsd-vfscache-dos FreeBSD VFS缓存(vfs_cache)允许本地用户造成拒绝服务通过开放大量的文件。修改:ADDREF XF: freebsd-vfscache-dos推断行动:- 1999 - 0912 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(4)科尔,Stracener, Levy Landfield弗伦奇等待修改(1)(2)墙,Ozancin回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: freebsd-vfscache-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0927网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0927最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:科幻参考:达:AD05261999参考:报价:279参考:XF: ntmail-fileread NTMail允许远程攻击者读取任意文件通过一个. .(点点)攻击。修改:ADDREF报价:279 ADDREF XF: ntmail-fileread推断行动:- 1999 - 0927能接受(6接受0 ack 0审查)目前投票:接受(4)科尔,Stracener,墙,Landfield修改(2)抑郁症,利维等待(2)阿姆斯特朗,Ozancin选民的评论:弗雷希> XF: ntmail-fileread改变> (Levy投票从审查修改)征收>出价279 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0928网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0928最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19990525缓冲区溢出SmartDesk WebSuite v2.1参考:XF: websuite-dos参考:报价:278缓冲区溢出SmartDesk WebSuite允许远程攻击者通过一个长URL引起拒绝服务。修改:ADDREF XF: websuite-dos ADDREF报价:278推断行动:- 1999 - 0928能接受(5接受0 ack, 0评论)目前投票:接受(3)科尔,Stracener,墙修改(2)抑郁症,利维等待(4)Christey,阿姆斯特朗,Ozancin, Landfield选民的评论:弗雷希> XF: websuite-dos利维>出价278 Christey >http://www.securityfocus.com/frames/?content=/vdb/bottom.html%3Fvid%3D278看来,产品已经被中断,并共享。改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0932网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0932最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:CF参考:BUGTRAQ: 19990930安全缺陷Mediahouse统计服务器v4.28 & 5.01参考:报价:735参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=735参考:XF: mediahouse-stats-adminpw-cleartext Mediahouse统计服务器允许远程攻击者读取管理员密码,这是存储在ss.cfg明文文件中。修改:ADDREF XF: mediahouse-stats-adminpw-cleartext推断行动:- 1999 - 0932能接受(3接受,1 ack, 0评论)目前投票:接受(2)Stracener,利维修改(1)弗雷希选民的评论:弗雷希> XF: mediahouse-stats-adminpw-cleartext = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0942网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0942最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991005上海合作组织UnixWare 7.1本地根利用参考:XF: sco-unixware-dos7utils-root-privs UnixWare dos7utils允许本地用户获得根权限使用STATICMERGE环境变量来找到一个脚本执行。修改:ADDREF XF: sco-unixware-dos7utils-root-privs推断行动:- 1999 - 0942能接受(3接受0 ack, 0评论)目前投票:接受(2)科尔,弗伦奇等待Stracener修改(1)(4)阿姆斯特朗,墙,Ozancin, Landfield选民的评论:弗雷希> XF: sco-unixware-dos7utils-root-privs改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0946网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0946最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19991102一些漏洞赢/ UNIX软件参考:XF: yamaha-midiplug-embed参考:报价:760参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=760通过文本缓冲区溢出在雅马哈MidiPlug变量一个嵌入标记。修改:ADDREF XF: yamaha-midiplug-embed推断行动:- 1999 - 0946能接受(5接受0 ack, 0评论)目前投票:接受(4)Stracener,阿姆斯特朗,Levy墙弗伦奇等待修改(1)(3)科尔,Ozancin, Landfield选民的评论:弗雷希> XF: yamaha-midiplug-embed = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0954网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0954最终决定:阶段性裁决:20001011修改:建议:19991222分配:19991208类别:CF参考:BUGTRAQ: 19990916更多的乐趣与WWWBoard参考:报价:649参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=649WWWBoard有一个默认的用户名和默认密码。内容判定:CF-PASS推断行动:- 1999 - 0954能接受(5接受0 ack, 0评论)HAS_CDS目前投票:接受(4)科尔,Stracener, Levy墙弗伦奇等待修改(1)(3)阿姆斯特朗,Ozancin, Landfield选民的评论:弗雷希> XF: http-cgi-wwwboard-default改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0971网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0971最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991208类别:科幻参考:BUGTRAQ: 19970722安全漏洞进出口1.62:本地根利用参考:网址:http://www.securityfocus.com/archive/1/7301参考:XF: exim-include-overflow缓冲区溢出进出口允许本地用户获得根权限通过长:包括:选择在forward格式文件。修改:ADDREF XF: exim-include-overflow推断行动:- 1999 - 0971能接受(5接受0 ack, 0评论)目前投票:接受(3)科尔,Stracener, Landfield修改(2)弗雷希贝克等待(3)阿姆斯特朗,墙,Ozancin选民的评论:弗雷希> XF: exim-include-overflow贝克>http://www.securityfocus.com/archive/1/7301= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0366网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0366最终决定:阶段性裁决:20001011修改:20001009 - 02年提出:20000524分配:20000523类别:科幻参考:DEBIAN: 19991202问题恢复符号链接参考:网址:http://www.debian.org/security/1999/19991202参考:XF: debian-dump-modify-ownership参考:报价:1442转储在Debian Linux 2.1不正确恢复符号链接,它允许本地用户修改任意文件的所有权。修改:ADDREF XF: debian-dump-modify-ownership ADDREF报价:1442推断行动:- 2000 - 0366能接受(4接受,1 ack, 0评论)目前投票:接受(3)科尔,Stracener,莱维弗伦奇等待修改(1)(1)Christey选民的评论:弗雷希> XF: debian-dump-modify-ownership Christey > ADDREF报价:1442网址:http://www.securityfocus.com/bid/1442= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0369网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0369最终决定:阶段性裁决:20001011修改:20000706 - 01提议:20000524分配:20000523类别:科幻参考:火山口:综援- 1999 - 029.1参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 029.1.txt参考报价:1266参考:XF: caldera-ident-server-dos在火山口识别服务器的Linux 2.3为每个识别请求创建多个线程,它允许远程攻击者造成拒绝服务。修改:ADDREF报价:1266 ADDREF XF: caldera-ident-server-dos推断行动:- 2000 - 0369能接受(4接受,1 ack, 0评论)目前投票:接受(3)科尔,Stracener,莱维弗伦奇等待修改(1)(1)Christey选民的评论:Christey > ADDREF报价:1266法国人> XF: caldera-ident-server-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0374网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0374最终决定:阶段性裁决:20001011修改:20001009 - 02年提出:20000524分配:20000523类别:CF参考:火山口:综援- 1999 - 021.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 1999 021.0.txt参考报价:1446参考:XF: caldera-kdm-default-configuration股在火山口的默认配置Linux允许从任何主机XDMCP连接,允许远程攻击者获取敏感信息或绕过额外的访问限制。修改:ADDREF XF: caldera-kdm-default-configuration ADDREF报价:1446推断行动:- 2000 - 0374能接受(3接受,1 ack, 0评论)目前投票:接受(2)Stracener,莱维弗伦奇等待修改(1)(2)Christey,科尔选民的评论:弗雷希> XF: caldera-kdm-default-configuration Christey >报价:1446网址:http://www.securityfocus.com/bid/1446