(日期:][下一个日期][线程:][线程下][日期索引][线程索引]
(临时)最近接受80候选人最后(10/13)
- 来:cve-editorial-board-list@lists.mitre.org
- 主题(临时):最近接受80候选人最后(10/13)
- 从:“史蒂文·m·Christey " <coley@linus.mitre.org>
- 日期:-0400年结婚,2000年10月11日01:00:07(美国东部时间)
- 交货日期:2000年10月11日01:02:59结婚
- 发送方:owner-cve-editorial-board-list@lists.mitre.org
我做了一个临时决定接受以下80名候选人通过RECENT-22从RECENT-03集群。这些集群包含候选人之间的公开宣布12月13日,1999年和2000年6月5日。我将在10月13日做出最终决定。感谢所有董事会成员获得了他们的选票!10月1日以来的15个不同的成员投票。选民:墙接受(12)修改(3)无操作(54)征收接受(68)修改(2)勒布朗接受(3)无操作(33)Ozancin接受(34)等待(23)Landfield等待(1)科尔接受(44)等待(18)主教接受贝克(2)修改(4)Stracener接受(16)修改(1)无操作(2)Dik接受(1)法国人接受(10)修改(70)Christey等待(37)Magdych接受(2)评论(1)阿姆斯特朗接受(9)等待(19)审核(6)普罗塞接受(2)无操作(4)布雷克接受(24)无操作(4)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1004网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1004最终决定:阶段性裁决:20001011修改:20001009 - 01提议:19991222分配:19991221类别:科幻参考:BUGTRAQ: 19991217 NAV2000邮件保护DoS参考:网址:http://www.securityfocus.com/archive/1/38970参考:BUGTRAQ: 19991220诺顿邮件保护远程溢出(附录)参考:网址:http://www.securityfocus.com/archive/1/39194参考:确认:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0 poproxy缓冲区溢出的POP服务器POProxy诺顿反病毒保护NAV2000程序通过一个庞大的用户命令。修改:ADDREF确认:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0 poproxy推断行动:- 1999 - 1004能接受(6接受,1 ack, 0评论)目前投票:接受(4)科尔,Stracener,阿姆斯特朗,墙修改(2)弗雷希贝克等待(3)Ozancin, Landfield, Christey选民的评论:弗雷希> XF: nav-pop-user改变>[墙投票从等待接受]变化>[科尔投票从等待接受]Christey >确认:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0 poproxy文档ID是2000011400475506。贝克>http://www.securityfocus.com/archive/1/38970http://www.securityfocus.com/archive/1/39194供应商确认,http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0002网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0002最终决定:阶段性裁决:20001011修改:20001009 - 02年提出:20000111分配:20000111类别:科幻参考:NTBUGTRAQ: 19991223本地/远程缓冲区溢出漏洞在ZBServer 1.5 Pro版的Win98 / NT参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556参考:BUGTRAQ: 19991223本地/远程缓冲区溢出漏洞在ZBServer 1.5 Pro版的Win98 / NT参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2参考:BUGTRAQ: 20000128 1.50 ZBServer -r1x利用(WinNT)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es参考报价:889参考:XF: zbserver-get-bo缓冲区溢出ZBServer Pro允许远程攻击者执行命令通过一个GET请求。修改:ADDREF BUGTRAQ: 20000128 1.50 ZBServer -r1x利用(WinNT) ADDREF报价:889 ADDREF XF: zbserver-get-bo推断行动:- 2000 - 0002能接受(6接受0 ack 0审查)目前投票:接受(4)科尔,Stracener,墙,布莱克修改(2)征税,弗雷希无操作(2)阿姆斯特朗,Ozancin选民的评论:弗雷希> XF: zbserver-get-bo墙> UssrLabs证实了他们利用代码。墙>发现苏联实验室。利维>裁判:出价889改变>(阿姆斯特朗改变投票从审查到等待)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0009网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0009最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000111分配:20000111类别:科幻参考:BUGTRAQ: 19991230 bna, sh参考:XF: netarchitect-path-vulnerability参考:报价:907参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=907bna_pass项目Optivity NETarchitect使用PATH环境变量寻找“rm”程序,它允许本地用户执行任意命令。修改:ADDREF XF: netarchitect-path-vulnerability DESC(提供正确的漏洞细节)推断行动:- 2000 - 0009能接受(4接受,0 ack, 0评论)目前投票:接受(2)征税,布莱克修改(2)Stracener弗雷希无操作(4)科尔,阿姆斯特朗,墙,Ozancin选民的评论:Stracener >不是一个符号链接攻击。Descritpion应该重写。缩略图草图:1)脚本cd的/ tmp, 2)创建”。logincheck”(bna_pass试图删除这个文件通过调用“rm”), 3)“路径=。:" where the (dot) causes the PATH to first execute in the local environment, 4) "export PATH" resets the environment to the local dir (to /tmp via step 1), 5) a trojaned version of "rm" is created in /tmp such that when executed (due to the corrupted path environment) creates a setuid csh, 6) script executes "bna_pass". As a result of the ".:PATH" and its export,"bna_pass" uses /tmp and calls the trojaned "rm" = execution of code. Perhaps this description: "bna_pass program in Optivity NETarchitect allows local users to gain privileges via a trojaned version of rm." Frech> XF:netarchitect-path-vulnerability CHANGE> [Armstrong changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0056 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0056最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000105本地/远程原产。年代袭击IMail WinNT IMONITOR服务器5.08版参考:报价:914参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=914参考:XF: imail-imonitor-status-dos IMail IMONITOR地位。cgi cgi脚本允许远程攻击者造成拒绝服务和许多status.cgi。修改:ADDREF XF: imail-imonitor-status-dos推断行动:- 2000 - 0056能接受(6接受,1 ack, 0评论)目前投票:接受(5)科尔,Levy墙,布莱克,弗伦奇等待Ozancin修改(1)(2)Christey,阿姆斯特朗选民的评论:弗雷希> XF: imail-imonitor-status-dos墙>发现达变化>[科尔投票从等待接受]Christey >可能承认“在6.04版本是什么改变”KB文章http://support.ipswitch.com/kb/im dm02.htm——20000801。在“IMail监控”部分,看:“纠正负载较重的情况下,内存泄漏。防止拒绝服务(DoS)攻击时连接脚本。”====================================================== Candidate: CAN-2000-0063 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0063最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000118北电Contivity脆弱性参考:XF: http-cgi-cgiproc-file-read参考:报价:938参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=938cgiproc CGI脚本在北电Contivity HTTP服务器允许远程攻击者读取任意文件指定文件名参数的脚本。修改:ADDREF XF: http-cgi-cgiproc-file-read推断行动:- 2000 - 0063能接受(4接受,0 ack, 0评论)目前投票:接受(3)科尔,Stracener,利维修改(1)弗雷希选民的评论:弗雷希> XF: http-cgi-cgiproc-file-read = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0064网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0064最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000125分配:20000122类别:科幻参考:BUGTRAQ: 20000118北电Contivity脆弱性参考:报价:938参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=938参考:XF: http-cgi-cgiproc-dos cgiproc CGI脚本在北电Contivity HTTP服务器允许远程攻击者通过畸形引起拒绝服务URL,包括shell元字符。修改:ADDREF XF: http-cgi-cgiproc-dos推断行动:- 2000 - 0064能接受(4接受,0 ack, 0评论)目前投票:接受(3)科尔,Stracener,利维修改(1)弗雷希选民的评论:弗雷希> XF: http-cgi-cgiproc-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0065网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0065最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000125分配:20000122类别:科幻参考:NTBUGTRAQ: 20000117远程缓冲区利用- InetServ 3.0参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94820747229579&w=2参考:XF: inetserv-get-bo缓冲区溢出InetServ 3.0允许远程攻击者执行命令通过一个GET请求。修改:ADDREF XF: inetserv-get-bo DESC[添加版本号]推断行动:- 2000 - 0065能接受(3接受0 ack, 0评论)目前投票:接受(2)科尔,弗伦奇等待墙修改(1)(1)Christey选民的评论:Christey >添加“邮箱”术语描述,便于搜索。弗雷希> XF: inetserv-get-bo墙在Packetstorm >利用脚本。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0075网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0075最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000125分配:20000122类别:科幻参考:NTBUGTRAQ: 20000113本地/远程原产。在超级攻击邮件传输包(SMTP)服务器WinNT版本1.9 x参考:BUGTRAQ: 20000113本地/远程原产。在超级攻击邮件传输包(SMTP)服务器WinNT版本1.9 x参考:报价:930参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=930参考:XF: supermail-memleak-dos超级邮件传输包(SMTP),后来被称为MsgCore,有一个内存泄漏,允许远程攻击者造成拒绝服务通过重复多个直升机,邮件,收件人和数据在同一个会话的命令。修改:ADDREF XF: supermail-memleak-dos推断行动:- 2000 - 0075能接受(3接受0 ack, 0评论)目前投票:接受科尔(1)修改(2)墙,弗雷希选民的评论:弗雷希> XF: supermail-memleak-dos墙>我相信这是MsgCore ZetaMail 2.0 (Windows NT)邮件POP3 / SMTP服务器和DoS的早些时候。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0076网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0076最终决定:阶段性裁决:20001011修改:20001009 - 02年提出:20000125分配:20000122类别:科幻参考:BUGTRAQ: 19991230 vibackup。sh参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2参考:DEBIAN: 20000109 nvi:不正确的引导脚本参考文件删除:网址:http://www.debian.org/security/2000/20000108参考:XF: nvi-delete-files参考:报价:1439 nviboot引导脚本在Debian nvi包允许本地用户删除文件通过在vi.recover畸形的条目。修改:ADDREF XF: nvi-delete-files ADDREF报价:1439推断行动:- 2000 - 0076能接受(3接受,1 ack, 0评论)目前投票:接受(2)Stracener,莱维弗伦奇等待修改(1)(3)Christey,科尔,墙选民的评论:弗雷希> XF: nvi-delete-files Christey > ADDREF报价:1439年征收> BID1439 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0090网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0090最终决定:阶段性裁决:20001011修改:建议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000124 VMware 1.1.2符号链接漏洞参考:XF: linux-vmware-symlink参考:报价:943参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=943VMWare 1.1.2允许本地用户通过一个符号链接导致拒绝服务攻击。推断行动:- 2000 - 0090能接受(6接受0 ack 0审查)目前投票:接受(6)抑郁症,科尔,阿姆斯特朗,征税,布莱克,Ozancin等待墙(1)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0094网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0094最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000208分配:20000202类别:科幻参考:BUGTRAQ: 20000121 * BSD procfs脆弱性参考:FREEBSD: FreeBSD-SA-00:02参考:NETBSD: NETBSD - sa2000 - 001参考:XF: netbsd-procfs参考:报价:940参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=940procfs在BSD系统允许本地用户获得根权限通过修改/proc/pid/mem接口通过修改文件描述符stderr。修改:ADDREF NETBSD: NETBSD - sa2000 - 001 ADDREF XF: netbsd-procfs推断行动:- 2000 - 0094能接受(3接受,2 ack, 0评论)目前投票:接受(2)科尔,莱维弗伦奇等待修改(1)(2)Christey,墙选民的评论:Christey >报价:987和NETBSD: 2000 - 001指NETBSD procfs mem的问题,可能是相同的问题。弗雷希> XF: netbsd-procfs Christey >报价:987已经被删除,所以我猜他们同意;-)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0116网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0116最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000208分配:20000208类别:科幻参考:NTBUGTRAQ: 20000129“带脚本标记”FW-1可以绕过参考:BUGTRAQ: 20000129“带脚本标记”FW-1可以绕过参考:报价:954参考:XF: http-script-bypass防火墙1不适当过滤脚本标记,它允许远程攻击者绕过限制的“脱衣舞脚本标记”包括一个额外的<脚本标记的前面。修改:ADDREF报价:954 ADDREF XF: http-script-bypass推断行动:- 2000 - 0116能接受(4接受,0 ack, 0评论)目前投票:接受(2)科尔,布莱克修改(2)弗雷希贝克等待(4)Christey,阿姆斯特朗,墙,Ozancin选民的评论:Christey > ADDREF报价:954法国人> XF: http-script-bypass贝克>脆弱性参考(HTML)引用类型Buqtraq数据库www.securityfocus.com/bid/954 Misc防御信息Bugtraq首次发布http://www.securityfocus.com/archive/1/44250Misc进攻信息X-Force条目http://xforce.iss.net/static/3905.phpMisc防御信息= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0117网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0117最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000127 RaQ2钴-用户我的改变了我的管理员密码. .参考:BUGTRAQ: 20000131(钴)安全顾问——01.31.2000参考:XF: http-cgi-cobalt-passwords参考:siteUserMod报价:951。cgi程序在钴RaQ2服务器允许任何站点管理员修改密码对于其他用户来说,网站的管理员,可能管理(根)。修改:ADDREF XF: http-cgi-cobalt-passwords ADDREF报价:951推断行动:- 2000 - 0117能接受(3接受,1 ack, 0评论)目前投票:接受科尔(1)修改(2)抑郁症,利维等待(1)墙选民的评论:弗雷希> XF: http-cgi-cobalt-passwords利维>参考:出价951 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0127网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0127最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000203 Webspeed安全问题参考:确认:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed参考:报价:969参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=969参考:XF: webspeed-adminutil-auth Webspeed配置程序不正确禁用访问WSMadmin实用程序,它允许远程攻击者获得特权。修改:ADDREF确认:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20WebspeedADDREF XF: webspeed-adminutil-auth推断行动:- 2000 - 0127能接受(5接受,1 ack, 0评论)目前投票:接受(4)科尔,Levy墙,布莱克弗伦奇等待修改(1)(3)Christey,阿姆斯特朗,Ozancin选民的评论:弗雷希> XF: webspeed-adminutil-auth Christey >网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003a01bf6ebf e867a0 $ 0 a1a90d8@eniac 25美元改变>[墙投票从等待接受]Christey >确认:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0128网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0128最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000208分配:20000208类别:科幻参考:BUGTRAQ: 20000204“手指服务器”引用:确认:http://www.glazed.org/finger/changelog.txt参考:XF: finger-server-input手指服务器0.82允许远程攻击者通过shell元字符执行命令。修改:ADDREF XF: finger-server-input ADDREF确认:http://www.glazed.org/finger/changelog.txt推断行动:- 2000 - 0128能接受(5接受,1 ack, 0评论)目前投票:接受(3)科尔,布莱克,Ozancin修改(2)弗雷希贝克等待(3)Christey,阿姆斯特朗,墙选民的评论:弗雷希> XF: finger-server-input同时,主人的网站(http://www.glazed.org/finger/)表明,版本0.83 beta是脆弱的。你应该做适当的修改描述。Christey >确认:http://www.glazed.org/finger/changelog.txt承认”诺姆市议会厅,“不是大参考,并描述了相同的底层编程缺陷,但不直接提及Bugtraq /他人。然而,源代码分析表明,他们做了一些很基本的修复。贝克>脆弱性参考(HTML)引用类型初始Bugtraq发布http://www.securityfocus.com/archive/1/45139Misc防御信息X-Force条目http://xforce.iss.net/static/4006.phpMisc防御信息供应商的确认http://www.glazed.org/finger/changelog.txt供应商信息= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0130网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0130最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000208分配:20000208类别:科幻参考:上海合作组织BUGTRAQ: 20000127新补丁…参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2参考:上海合作组织:某人- 00.02参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 00.02 a参考:XF: sco-help-bo缓冲区溢出在上海合作组织scohelp程序允许远程攻击者执行命令。修改:ADDREF XF: sco-help-bo ADDREF上海合作组织:某人- 00.02 a推断行动:- 2000 - 0130 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)科尔弗伦奇等待修改(1)(2)Christey,墙选民的评论:Christey > Bugtraq发帖只提到这个问题。上海合作组织的网站并不提供了许多细节。看到ftp://ftp.sco.com/SSE/sse060.ltr这是和下面的一样,指责网景但提到scohelp利用?BUGTRAQ: 20001231网景FastTrack httpd远程利用http://marc.theaimsgroup.com/?l=bugtraq&m=94666184914653&w=2弗雷希> XF: sco-help-bo Christey >确认:ftp://ftp.sco.com/sse/security_bulletins/sb - 00.02 a= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0141网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0141最终决定:阶段性裁决:20001011修改:20001009 - 02年提出:20000216分配:20000216类别:科幻参考:BUGTRAQ: 20000211 perl cgi洞UltimateBB Infopop corp .)参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru参考:BUGTRAQ: 20000225弗兰克-威廉姆斯:重要UBB新闻为授权用户参考:网址万博下载包:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl参考:报价:991参考:网址:http://www.securityfocus.com/bid/991参考:MISC:http://www.ultimatebb.com/home/versions.shtml参考:XF: http-cgi-ultimatebb Infopop终极公告板(UBB)允许远程攻击者通过shell元字符执行命令的主题隐藏字段。修改:ADDREF MISC:http://www.ultimatebb.com/home/versions.shtmlADDREF BUGTRAQ: 20000225弗兰克-威廉姆斯:重要UBB新闻为授万博下载包权用户ADDREF报价:991 ADDREF XF: http-cgi-ultimatebb推断行动:- 2000 - 0141能接受(4接受,1 ack, 0评论)目前投票:接受(3)科尔,主教,布莱克弗伦奇等待修改(1)(2)Christey,勒布朗选民的评论:Christey > ADDREF报价:991 ADDREF网址:http://www.securityfocus.com/bid/991以下可以确认UBB: BUGTRAQ: 20000225弗兰克-威廉姆斯:重要UBB新闻为授权用户弗雷希> XF: http-cgi-ultimatebb = =万博下载包 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0146网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0146最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000216分配:20000216类别:科幻参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html参考:BUGTRAQ: 20000207 Novell GroupWise 5.5增强包Web Access拒绝、e参考:报价:972参考:网址:http://www.securityfocus.com/bid/972参考:XF: novell-groupwise-url-dos Java服务器在Novell GroupWise Web访问增强包允许远程攻击者造成拒绝服务通过一个长URL servlet。修改:ADDREF XF: novell-groupwise-url-dos推断行动:- 2000 - 0146能接受(4接受,0 ack, 0评论)目前投票:接受(3)科尔,主教,布莱克弗伦奇等待修改(1)(1)勒布朗选民的评论:弗雷希> XF: novell-groupwise-url-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0164网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0164最终决定:阶段性裁决:20001011修改:20001009 - 02年提出:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000220太阳互联网邮件服务器参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000 - 02 - 15 - &msg=pine.sol.4.21.0002200031320.22675 - 100000 @klayman.hq.formus.pl参考:SUNBUG: 4316521参考:报价:1004参考:网址:http://www.securityfocus.com/bid/1004参考:XF: sims-temp-world-readable太阳互联网邮件服务器的安装(SIMS)创建一个全局文件,允许本地用户获取密码。修改:ADDREF报价:1004 ADDREF SUNBUG: 4316521 ADDREF XF: sims-temp-world-readable推断行动:- 2000 - 0164 ACCEPT_REV(6接受,1 ack, 1审查)目前投票:接受(5)Dik,科尔,征税,布莱克,Ozancin弗伦奇等待修改(1)(2)墙,勒布朗回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: sims-temp-world-readable Dik >错误4316521 = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0166网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0166最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000223分配:20000223类别:科幻参考:BUGTRAQ: 20000221本地/远程Exploiteable缓冲区溢出漏洞InterAccess TelnetD Server 4.0的Windows NT参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95171674614819&w=2参考:BUGTRAQ: 20000223编译指示系统应对USSRLabs报告参考:报价:995参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=995参考:XF: interaccess-telnet-login-bo InterAccess telnet服务器中的缓冲区溢出TelnetD允许远程攻击者执行命令通过一个漫长的登录名。修改:ADDREF BUGTRAQ: 20000223编译指示系统应对USSRLabs报告ADDREF XF: interaccess-telnet-login-bo推断行动:- 2000 - 0166能接受(4接受,1 ack, 0评论)目前投票:接受(3)科尔,Levy布莱克弗伦奇等待修改(1)(5)Christey,阿姆斯特朗,墙,勒布朗,Ozancin选民的评论:Christey > BUGTRAQ: 20000223 USSRLabs报告编译指示系统响应是一个后续的供应商承认,这可能是一个问题在旧的构建,但不是现在。苏联的反应这一结论的问题。还看到:BUGTRAQ: 20000223本地/远程Exploiteable缓冲区溢出漏洞在InterAccess TelnetD (fwd)弗雷希> XF: interaccess-telnet-login-bo Christey >确认:http://marc.theaimsgroup.com/?l=bugtraq&m=95142498000781&w=2= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0179网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0179最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000322分配:20000322类别:未知参考:BUGTRAQ: 20000228惠普Omniback远程DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html参考:惠普:hpsbux0006 - 115参考:报价:1015参考:网址:http://www.securityfocus.com/bid/1015参考:XF: omniback-connection-dos惠普OpenView OmniBack 2.55允许远程攻击者造成拒绝服务通过大量的连接到端口5555。修改:ADDREF惠普:hpsbux0006 - 115 ADDREF XF: omniback-connection-dos推断行动:- 2000 - 0179能接受(3接受,1 ack, 0评论)目前投票:接受(2)科尔,弗伦奇等待Ozancin修改(1)(4)Christey,墙,布莱克,勒布朗选民的评论:Christey > ADDREF惠普:hpsbux0006弗伦奇> XF - 115: omniback-connection-dos(4022) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0191网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0191最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000229 Infosec.20000229.axisstorpointcd。参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se参考:XF: axis-storpoint-auth参考:报价:1025参考:网址:http://www.securityfocus.com/bid/1025轴StorPoint CD允许远程攻击者访问管理员url没有身份验证通过。(点点)攻击。修改:ADDREF XF: axis-storpoint-auth推断行动:- 2000 - 0191能接受(5接受0 ack, 0评论)目前投票:接受(4)科尔,征税,布莱克,弗伦奇等待Ozancin修改(1)(3)阿姆斯特朗,墙,勒布朗选民的评论:弗雷希> XF: axis-storpoint-auth改变(4078)>(布莱克从等待接受改变投票)改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0193网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0193最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000322分配:20000322类别:CF参考:BUGTRAQ: 20000302 Corel Linux 1.0 dosemu默认配置:本地根vuln参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au参考:报价:1030参考:网址:http://www.securityfocus.com/bid/1030参考:XF: linux-dosemu-config Dosemu Corel Linux 1.0的默认配置允许本地用户执行system.com程序并获得特权。修改:ADDREF XF: linux-dosemu-config推断行动:- 2000 - 0193 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(4)科尔,征税,布莱克,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: linux-dosemu-config改变(4066)>(布莱克从等待接受改变投票)改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0225网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0225最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000322分配:20000322类别:科幻参考:BUGTRAQ: 20000303 Pocsag远程访问客户端不能被禁用。参考网址:a8c0@firewalker a090 http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b 6893美元0100美元参考:报价:1032参考:网址:http://www.securityfocus.com/bid/1032参考:XF: telnet-pocsag Pocsag POC32程序不正确阻止远程用户访问服务器端口,即使已经禁用的选项。修改:ADDREF XF: telnet-pocsag推断行动:- 2000 - 0225能接受(3接受0 ack, 0评论)目前投票:接受(2)Ozancin,科尔弗伦奇等待修改(1)(3)勒布朗,墙,布莱克选民的评论:弗雷希> XF: telnet-pocsag(4171) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0237网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0237最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000412分配:20000412类别:科幻参考:MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1参考:报价:1075参考:网址:http://www.securityfocus.com/bid/1075参考:XF: netscape-webpublisher-invalid-access网景Enterprise Server启用了Web发布允许远程攻击者任意目录列表/出版商目录通过GET请求,它提供了一个Java小程序,允许攻击者浏览目录。修改:ADDREF XF: netscape-webpublisher-invalid-access推断行动:- 2000 - 0237能接受(6接受0 ack 0审查)目前投票:接受(5)Magdych,科尔,Levy墙,布莱克弗伦奇等待修改(1)(2)Ozancin,阿姆斯特朗选民的评论:弗雷希> XF: netscape-webpublisher-invalid-access改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0238网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0238最终决定:阶段性裁决:20001011修改:建议:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000317 DoS NAVIEG参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us参考:XF: nav-email-gateway-dos参考:报价:1064参考:网址:http://www.securityfocus.com/bid/1064缓冲区溢出的web服务器诺顿杀毒软件对网络电子邮件网关允许远程攻击者通过一个长URL引起拒绝服务。推断行动:- 2000 - 0238能接受(7接受0 ack, 0评论)目前投票:接受(7)Ozancin Magdych,法国人?阿姆斯特朗,Levy墙,布莱克等待(2)Christey,科尔选民的评论:Christey >删除额外的点电脑. . com的URL = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0240网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0240最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000412分配:20000412类别:科幻参考:BUGTRAQ: 20000321 vqserver / ........../参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net参考:确认:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html参考:XF: vqserver-dir-traverse参考:报价:1067参考:网址:http://www.securityfocus.com/bid/1067vqSoft vqServer程序允许远程攻击者通过/ ..........读取任意文件/在URL中,变异的. .(点点)攻击。修改:ADDREF确认:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html推断行动:- 2000 - 0240 ACCEPT_REV(3接受,1 ack, 1审查)目前投票:接受(3)抑郁症,科尔,利维等待(1)Christey回顾(1)Magdych选民的评论:Christey >确认:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html但是请注意,供应商说这是纠正在1999年初。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0257网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0257最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000418网络操作系统5.1 (server 5.00 h, 1999年12月11日)…参考网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0004171825340.10088 - 100000 @nimue.tpi.pl参考:报价:1118参考:网址:http://www.securityfocus.com/bid/1118参考:XF: netware-remote-admin-overflow缓冲区溢出的网络远程web管理实用程序允许远程攻击者造成拒绝服务或通过一个长URL执行命令。修改:ADDREF XF: netware-remote-admin-overflow DESC[改变Netware网络]推断行动:- 2000 - 0257 ACCEPT_REV(4接受,0 ack, 1审查)目前投票:接受(3)布莱克,科尔,莱维弗伦奇等待修改(1)(2)Ozancin,墙回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: netware-remote-admin-overflow描述,Novell的产品是网络。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0263网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0263最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 xfs参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html参考:XF: redhat-fontserver-dos参考:报价:1111参考:网址:http://www.securityfocus.com/bid/1111X字体服务器xfs在Red Hat Linux 6。x允许攻击者通过畸形引起拒绝服务请求。修改:ADDREF XF: redhat-fontserver-dos推断行动:- 2000 - 0263能接受(4接受,0 ack, 0评论)目前投票:接受(3)科尔,阿姆斯特朗,莱维弗伦奇等待修改(1)(3)布莱克,Christey,墙选民的评论:弗雷希> XF: redhat-fontserver-dos潜在的欺骗:- 2000 - 0286:X fontserver xfs允许本地用户通过畸形引起拒绝服务输入到服务器。Christey >就像安德烈所观察到的那样,这是一个重复的可以- 2000 - 0286。- 2000 - 0286已经将被拒绝。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0265网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0265最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000417 bug的熊猫安全3.0参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es参考:确认:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip参考:报价:1119参考:网址:http://www.securityfocus.com/bid/1119参考:XF: panda-uninstall-program熊猫安全3.0允许用户卸载熊猫软件通过添加/删除程序applet。修改:ADDREF确认:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zipADDREF XF: panda-uninstall-program推断行动:- 2000 - 0265能接受(3接受,1 ack, 0评论)目前投票:接受(2)Stracener,莱维弗伦奇等待修改(1)(3)Christey,科尔,墙选民的评论:Christey >确认:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip弗雷希> XF: panda-uninstall-program(4865) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0272网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0272最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000420远程DoS攻击真正的网络服务器漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2参考:确认:http://service.real.com/help/faq/servg270.html参考:XF: realserver-remote-dos参考:报价:1128参考:网址:http://www.securityfocus.com/bid/1128RealNetworks RealServer的允许远程攻击者造成拒绝服务通过发送畸形的输入到服务器在端口7070上。修改:ADDREF确认:http://service.real.com/help/faq/servg270.htmlADDREF XF: realserver-remote-dos推断行动:- 2000 - 0272能接受(3接受,1 ack, 0评论)目前投票:接受(2)科尔,莱维弗伦奇等待修改(1)(2)Christey,墙选民的评论:Christey > ADDREF确认:http://service.real.com/help/faq/servg270.html弗雷希> XF: realserver-remote-dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0273网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0273最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000409一个有趣的DOS pcANYWHERE8.0和9.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html参考:报价:1095参考:网址:http://www.securityfocus.com/bid/1095参考:XF: pcanywhere-login-dos PCAnywhere允许远程攻击者造成拒绝服务之前终止连接PCAnywhere提供一个登录提示。修改:ADDREF XF: pcanywhere-login-dos推断行动:- 2000 - 0273能接受(6接受0 ack 0审查)目前投票:接受(5)布莱克,科尔,阿姆斯特朗,Levy墙弗伦奇等待修改(1)(2)Ozancin, Christey选民的评论:Christey > ADDREF XF: pcanywhere-login-dos弗雷希> XF: pcanywhere-login-dos改变>(墙投票从审查接受)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0282网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0282最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000412 TalentSoft Web +输入验证错误漏洞参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html参考:确认:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html参考:报价:1102参考:网址:http://www.securityfocus.com/bid/1102参考:XF: talentsoft-web-input TalentSoft webpsvr守护进程在Web +购物车应用程序允许远程攻击者读取任意文件通过一个. .(点点)攻击webplus CGI程序。修改:ADDREF确认:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.htmlADDREF XF: talentsoft-web-input推断行动:- 2000 - 0282 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)Christey,科尔,墙选民的评论:Christey > ADDREF确认:ftp://ftp.talentsoft.com/Download/Webplus/Unix/webplus46p%20Read%20me.html弗雷希> XF: talentsoft-web-input Christey > URL确认显然已经改变了。现在用这个:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0285网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0285最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000416 XFree86服务器溢出参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html参考报价:1306参考:XF: xfree86-xkbmap-parameter-bo XFree86 3.3中缓冲区溢出。x允许本地用户执行任意命令通过一个长-xkbmap参数。修改:ADDREF报价:1306 ADDREF XF: xfree86-xkbmap-parameter-bo推断行动:- 2000 - 0285能接受(6接受0 ack 0审查)目前投票:接受(5)布莱克,Ozancin,科尔,阿姆斯特朗,莱维弗伦奇等待修改(1)(2)Christey,墙选民的评论:Christey > ADDREF报价:1306法国人> XF: xfree86-xkbmap-parameter-bo(4867) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0289网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0289最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000327与Linux 2.2的安全问题。x IP伪装参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html参考:SUSE: 20000520安全漏洞在内核< 2.2.15参考:网址:http://www.suse.de/de/support/security/suse_security_announce_48.txt参考:报价:1078参考:网址:http://www.securityfocus.com/bid/1078参考:在Linux 2.2 XF: linux-masquerading-dos IP伪装。x允许远程攻击者通过内部接口路由UDP数据包通过修改外部源IP地址和端口号匹配建立连接。修改:ADDREF XF: linux-masquerading-dos ADDREF SUSE: 20000520安全漏洞在内核< 2.2.15推断行动:- 2000 - 0289能接受(6接受,1 ack, 0评论)目前投票:接受(5)布莱克,Ozancin,科尔,阿姆斯特朗,莱维弗伦奇等待修改(1)(2)Christey,墙选民的评论:Christey > ADDREF XF: linux-masquerading-dos ADDREF SUSE: 20000520安全漏洞在内核< 2.2.15http://www.suse.de/de/support/security/suse_security_announce_48.txt弗雷希> XF: linux-ip-masquerading = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0301网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0301最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000426分配:20000426类别:科幻参考:BUGTRAQ: 20000405 Re: IMAIL (Ipswitch) DoS尤朵拉(高通)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95507019226096&w=2参考:确认:http://support.ipswitch.com/kb/im dm02.htm——20000208参考:报价:1094参考:网址:http://www.securityfocus.com/bid/1094参考:XF: ipswitch-imail-dos Ipswitch IMAIL server 6.02和更早的允许远程攻击者通过身份验证cram -导致拒绝服务命令。修改:ADDREF确认:http://support.ipswitch.com/kb/im dm02.htm——20000208ADDREF XF: ipswitch-imail-dos推断行动:- 2000 - 0301 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,Christey,科尔选民的评论:Christey >这个描述可能需要修改。看来,问题是在尤朵拉的SMTP登录功能。还看到一个确认http://support.ipswitch.com/kb/im dm02.htm——20000208弗雷希> XF: ipswitch-imail-dos Christey >进一步审查供应商的承认,他们为他们的软件,提供修复,Eudora提供解决方案。IMail所以这是一个问题。顾问说,“解决方案后,Eudora不会使用cram -身份验证方案,但将使用登录,工作与IMail服务器。”====================================================== Candidate: CAN-2000-0318 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0318最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:NTBUGTRAQ: 20000413安全问题与心房Mercur服务器3.20参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html参考:报价:1144参考:网址:http://www.securityfocus.com/bid/1144参考:XF: mercur-remote-dot-attack心房Mercur邮件服务器3.2允许本地攻击者读取其他用户的电子邮件和通过点点创建任意文件(. .)攻击。修改:ADDREF XF: mercur-remote-dot-attack推断行动:- 2000 - 0318能接受(3接受0 ack, 0评论)目前投票:接受(2)布雷克,莱维弗伦奇等待修改(1)(5)墙,勒布朗,Ozancin,科尔,阿姆斯特朗选民的评论:弗雷希> XF: mercur-remote-dot-attack = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0319网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0319最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000424不安全fgets()发送邮件的邮件。本地引用:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU参考:XF: sendmail-maillocal-dos参考:报价:1146参考:网址:http://www.securityfocus.com/bid/1146邮件。当地在Sendmail 8.10。x不正确识别。\ n字符串标识消息文本,它允许远程攻击者造成拒绝服务或腐败的邮箱通过消息2047个字符长,以线。\ n。修改:ADDREF XF: sendmail-maillocal-dos推断行动:- 2000 - 0319 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(4)墙,勒布朗,Christey,科尔选民的评论:弗雷希> XF: sendmail-maillocal-dos Christey >格雷格·夏皮罗在一份回应一个顾问为Linux“能力”错误,指出:“没有不安全fgets()在sendmail或mail.local。”However, there was no response related to this particular candidate. Seehttp://archives.neohapsis.com/archives/bugtraq/2000-06/0311.htmlChristey >后续邮件讨论格雷格•夏皮罗表示,他是在谈论Sendmail当讨论以后的版本的功能缺陷。确认这个问题是在Sendmail 8.10.0发行说明= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0320网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0320最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000421不安全fgets () qpopper参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95715275707934&w=2参考:报价:1133参考:网址:http://www.securityfocus.com/bid/1133参考:XF: qpopper-fgets-spoofing Qpopper 2.53和3.0不正确识别\ n弦标识消息文本,它允许远程攻击者造成拒绝服务或腐败的邮箱通过消息行1023个字符长,以\ n。修改:ADDREF XF: qpopper-fgets-spoofing推断行动:- 2000 - 0320能接受(6接受,1 ack, 0评论)目前投票:接受(4)布莱克,Ozancin,阿姆斯特朗,利维修改(2)弗雷希贝克等待(4)墙,勒布朗,Christey,科尔选民的评论:弗雷希> XF: qpopper-fgets-spoofing Christey >确认:http://marc.theaimsgroup.com/?l=bugtraq&m=95715275707934&w=2Christey >承认的供应商在后续文章。贝克>http://www.securityfocus.com/archive/1/56400http://www.securityfocus.com/archive/1/57788确认通过Qualcom Bugtraq = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0322网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0322最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000424食人鱼默认密码/利用参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=enip.bso.23.0004241601140.28851 - 100000 @www.whitehats.com参考:REDHAT: rhsa - 2000014 - 16参考:网址:http://www.redhat.com/support/errata/rhsa - 2000014 - 16. - html参考:报价:1149参考:网址:http://www.securityfocus.com/bid/1149参考:XF: piranha-passwd-execute passwd。php3 CGI脚本在Red Hat食人鱼虚拟服务器包允许本地用户execure任意命令通过shell元字符。修改:ADDREF红帽:rhsa - 2000014 - 10 ADDREF XF: piranha-passwd-execute推断行动:- 2000 - 0322能接受(3接受,1 ack, 0评论)目前投票:接受(2)科尔,莱维弗伦奇等待修改(1)(6)墙,布莱克,勒布朗,Ozancin, Christey,阿姆斯特朗选民的评论:弗雷希> XF: piranha-passwd-execute Christey >确认:http://www.redhat.com/support/errata/rhsa - 2000014 - 10. - htmlCD: SF-LOC说区分这- 2000 - 0248。- 2000 - 0248是默认密码,允许任何人成为食人鱼的管理。这是一个shell元字符只访问一个食人鱼的问题管理,默认密码只是让这个bug可以任意攻击者。然而,如果有人需要管理员运行水虎鱼首先,这个候选人不给任何人任何额外的特权,所以它应该被拒绝。改变>[科尔投票从等待接受]Christey >确认:http://www.redhat.com/support/errata/rhsa - 2000014 - 10. - html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0332网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0332最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000502玩UltraBoard V1.6X参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com参考:报价:1164参考:网址:http://www.securityfocus.com/bid/1164参考:XF: ultraboard-printabletopic-fileread UltraBoard。pl或UltraBoard。cgi cgi脚本UltraBoard 1.6允许远程攻击者读取任意文件通过一个路径名字符串包含一个点点(. .)和结尾空字节。修改:ADDREF XF: ultraboard-printabletopic-fileread推断行动:- 2000 - 0332能接受(4接受,0 ack, 0评论)目前投票:接受(3)布莱克,科尔,莱维弗伦奇等待修改(1)(3)墙,Ozancin,阿姆斯特朗选民的评论:弗雷希> XF: ultraboard-printabletopic-fileread改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0335网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0335最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000502 glibc解析器弱点参考:报价:1166参考:网址:http://www.securityfocus.com/bid/1166参考:XF: glibc-resolver-id-predictable glibc 2.1.3中的解析器使用可预测的id,它允许本地攻击者恶搞DNS查询结果。修改:ADDREF XF: glibc-resolver-id-predictable推断行动:- 2000 - 0335能接受(5接受,1 ack, 0评论)目前投票:接受(4)布莱克,Ozancin,科尔,莱维弗伦奇等待修改(1)(3)墙,Christey,阿姆斯特朗选民的评论:弗雷希> XF: glibc-resolver-id-predictable改变>[科尔投票从等待接受]Christey >的帖子,史蒂夫Bellovin说:“这段代码编写的时候,保罗使得我有很多讨论做什么……你看到的是一个工程判断,考虑到其他(非常严重)DNS漏洞,这一切在这里呼吁至少使其达到相同级别的保护。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0338网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0338最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000423 CVS DoS参考:网址:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl参考:报价:1136参考:网址:http://www.securityfocus.com/bid/1136参考:XF: cvs-tempfile-dos并发版本软件(CVS)使用可预测的临时文件名称锁定,它允许本地用户通过创建锁导致拒绝服务目录之前创建一个合法使用CVS用户。修改:ADDREF XF: cvs-tempfile-dos ADDREF BUGTRAQ: 20000423 CVS DoS推断行动:- 2000 - 0338 ACCEPT_REV(5接受0 ack 1审查)目前投票:接受(4)布莱克,Ozancin,科尔,莱维弗伦奇等待修改(1)(2)墙,勒布朗回顾(1)阿姆斯特朗选民的评论:弗雷希> XF: cvs-tempfile-dos改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0340网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0340最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000428 SuSE 6.3 Gnomelib缓冲区溢位参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub参考:确认:http://www.suse.com/us/support/download/updates/axp_63.html参考:报价:1155参考:网址:http://www.securityfocus.com/bid/1155参考:XF: linux-gnomelib-bo缓冲区溢出在Gnomelib SuSE Linux 6.3允许本地用户执行任意命令通过显示环境变量。修改:ADDREF XF: linux-gnomelib-bo ADDREF确认:http://www.suse.com/us/support/download/updates/axp_63.html推断行动:- 2000 - 0340能接受(3接受,1 ack, 0评论)目前投票:接受(2)Ozancin,莱维弗伦奇等待修改(1)(4)墙,Christey,科尔,阿姆斯特朗选民的评论:弗雷希> XF: linux-gnomelib-bo Christey >确认:http://www.suse.com/us/support/download/updates/axp_63.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0344网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0344最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000518分配:20000511类别:科幻参考:BUGTRAQ: 20000501 Linux knfsd DoS问题参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.21.0005012042550.6419 - 100000 @ferret.lmh.ox.ac.uk参考:报价:1160参考:网址:http://www.securityfocus.com/bid/1160参考:XF: linux-knfsd-dos knfsd NFS服务器的Linux内核2.2。x允许远程攻击者造成拒绝服务通过一个负面的价值大小。修改:ADDREF XF: linux-knfsd-dos推断行动:- 2000 - 0344能接受(4接受,0 ack, 0评论)目前投票:接受(3)Ozancin,科尔,莱维弗伦奇等待修改(1)(3)墙,Christey,阿姆斯特朗选民的评论:Christey > ADDREF XF: linux-knfsd-dos弗雷希> XF: linux-knfsd-dos改变>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0347网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0347最终决定:阶段性裁决:20001011修改:20000706 - 01提议:20000518分配:20000511类别:科幻参考:NTBUGTRAQ: 20000501 el8.org咨询——赢得95/98 DoS (RFParalyze.c)参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2参考:报价:1163参考:网址:http://www.securityfocus.com/bid/1163参考:XF: win-netbios-source-null Windows 95, Windows 98允许远程攻击者通过NetBIOS引起拒绝服务会话请求包和一个零源名称。修改:ADDREF XF: win-netbios-source-null DESC改变拼写NetBIOS推断行动:- 2000 - 0347能接受(5接受,1 ack, 0评论)目前投票:接受(4)墙,科尔,阿姆斯特朗,莱维弗伦奇等待修改(1)(1)Christey选民的评论:弗雷希> XF: win-netbios-source-null考虑NetBIOS描述正确的拼写。Christey >承认通过个人通信与微软人员,他们认为这个问题很模糊。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0378网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0378最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000502 pam_console错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html参考:报价:1176参考:网址:http://www.securityfocus.com/bid/1176参考:XF: linux-pam-sniff-activities pam_console PAM模块在Linux系统上执行一个乔恩各种设备在一个用户登录,但这些设备的打开的文件描述符可以保持在用户注销后,该用户可以嗅活动在这些设备后续用户登录。修改:ADDREF XF: linux-pam-sniff-activities DESC[使细节更加准确]推断行动:- 2000 - 0378能接受(4接受,0 ack, 0评论)目前投票:接受(3)Ozancin Stracener,莱维弗伦奇等待修改(1)(2)普罗塞,科尔选民的评论:征收>请注意其所有权不重置。其程序可以维持一个打开的文件描述符,而其他人使用他们的设备。弗雷希> XF: linux-pam-sniff-activities(4869) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0426网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0426最终决定:阶段性裁决:20001011修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000505 Re:玩UltraBoard V1.6X参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html参考:报价:1175参考:网址:http://www.securityfocus.com/bid/1175参考:XF: ultraboard-cgi-dos UltraBoard 1.6和其他版本允许远程攻击者造成拒绝服务通过引用UltraBoard会话中的参数,从而导致UltraBoard叉本身的副本。推断行动:- 2000 - 0426能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,抑郁症,Stracener等待(3)Ozancin,普罗塞,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0430网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0430最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000503另一个有趣的Cart32命令参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2参考:XF: cart32-expdate参考:报价:1358 Cart32允许远程攻击者访问敏感的调试/ expdate附加到URL请求的信息。修改:ADDREF报价:1358推断行动:- 2000 - 0430能接受(5接受0 ack, 0评论)目前投票:接受(5)征税,Ozancin,抑郁症,普罗塞,Stracener等待(2)Christey,科尔选民的评论:Christey > ADDREF报价:1358 ADDREF网址:http://www.securityfocus.com/bid/1358改变> (Levy投票从审查接受)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0440网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0440最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000615分配:20000614类别:科幻参考:NETBSD: NETBSD - sa2000 - 002参考:网址:ftp://ftp.netbsd.org/pub/netbsd/misc/security/advisories/netbsd sa2000 txt.asc——002.参考:FREEBSD: FreeBSD-SA-00:23参考:[NHC20000504a BUGTRAQ: 20000506。0:NetBSD恐慌当发送对齐IP选项]参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html参考:报价:1173参考:网址:http://www.securityfocus.com/bid/1173参考:XF: netbsd-unaligned-ip-options NetBSD 1.4.2早些时候,允许远程攻击者造成拒绝服务通过发送一个包和一个对齐的IP时间戳选项。修改:ADDREF FREEBSD: FreeBSD-SA-00:23 ADDREF XF: netbsd-unaligned-ip-options推断行动:- 2000 - 0440能接受(6接受,2 ack, 0评论)目前投票:接受(5)征税,Ozancin,普罗塞,科尔,弗伦奇等待Stracener修改(1)(1)Christey选民的评论:弗雷希> XF: netbsd-unaligned-ip-options (4868) Christey > ADDREF FREEBSD: FreeBSD-SA-00:23http://archives.neohapsis.com/archives/freebsd/2000-06/0193.html= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0443网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0443最终决定:阶段性裁决:20001011修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000524惠普Web JetAdmin 5.6版本的Web接口服务器目录遍历脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html参考:XF: hp-jetadmin-directory-traversal参考:报价:1243参考:网址:http://www.securityfocus.com/bid/1243惠普的web接口服务器web 5.6 JetAdmin允许远程攻击者读取任意文件通过一个. .(点点)攻击。推断行动:- 2000 - 0443能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,抑郁症,Stracener等待(2)墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0445网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0445最终决定:阶段性裁决:20001011修改:20001009 - 01提议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000523键生成安全缺陷在PGP 5.0参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html参考:CERT: ca - 2000 - 09年参考:网址:http://www.cert.org/advisories/ca - 2000 - 09. - html参考:报价:1251参考:网址:http://www.securityfocus.com/bid/1251参考:XF: pgp-key-predictable pgpk命令PGP 5。x在Unix系统上使用一个随机数据来源不足非交互式生成密钥对,这可能产生可预见的钥匙。修改:ADDREF CERT: ca - 2000 - 09年ADDREF XF: pgp-key-predictable推断行动:- 2000 - 0445能接受(4接受,1 ack, 0评论)目前投票:接受(3)征税,科尔,弗伦奇等待Stracener修改(1)(2)墙,Christey选民的评论:弗雷希> XF: pgp-key-predictable Christey > ADDREF CERT: ca - 2000 - 09 ADDREFhttp://www.securityfocus.com/templates/advisory.html?id=2296= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0446网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0446最终决定:阶段性裁决:20001011修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000524远程xploit MDBMS中参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html参考:XF: mdbms-bo参考:报价:1252参考:网址:http://www.securityfocus.com/bid/1252缓冲区溢出MDBMS中数据库服务器允许远程攻击者执行任意命令通过一个长字符串。推断行动:- 2000 - 0446能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,抑郁症,Stracener等待(2)墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0447网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0447最终决定:阶段性裁决:20001011修改:建议:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000525 DST2K0003:缓冲区溢出在奈WebShield SMTP v4.5.44 Managem ent工具参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net参考:XF: nai-webshield-bo参考:报价:1254参考:网址:http://www.securityfocus.com/bid/1254缓冲区溢出WebShield SMTP 4.5.44允许远程攻击者执行任意命令通过一个长WebShield远程管理服务的配置参数。推断行动:- 2000 - 0447能接受(3接受0 ack, 0评论)目前投票:接受(3)征税,抑郁症,Stracener等待(2)墙,科尔= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0448网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0448最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000525 DST2K0003:缓冲区溢出在奈WebShield SMTP v4.5.44 Managem ent工具参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net参考:XF: nai-webshield-getconfig参考:报价:1253参考:网址:http://www.securityfocus.com/bid/1253WebShield SMTP管理工具版本4.5.44不适当限制管理端口不决心当一个IP地址的主机名,它允许远程攻击者访问配置通过GET_CONFIG命令。修改:DELREF XF: nai-webshield-config-mod ADDREF XF: nai-webshield-getconfig推断行动:- 2000 - 0448能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Stracener修改(1)(3)墙,Christey,科尔选民的评论:弗雷希> DELREF XF: nai-webshield-config-mod(过时的)ADDREF XF: nai-webshield-getconfig评论:德尔福顾问描述了两个错误。看到XF: nai-webshield-setconfig或delphi咨询:其次如果你通过一个超大号的208字节的缓冲区在一个或更多的配置参数(可能有多个)服务将覆盖堆栈崩溃但是和EIP(208 + 4)内的参数传递。SET_CONFIG < CR > Quarantine_Path = ' Ax208 + EIP Christey >对安德烈的缓冲区溢出是指,这是可以- 2000 - 0447。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0451网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0451最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000518远程Dos攻击英特尔表达8100路由器参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html参考:XF: intel - 8100 -远程- dos参考:报价:1228参考:网址:http://www.securityfocus.com/bid/12288100年英特尔表达ISDN路由器允许远程攻击者通过超大或引起拒绝服务分散的ICMP数据包。修改:ADDREF XF: intel - 8100 -远程- dos的行动:- 2000 - 0451能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Stracener修改(1)(4)墙,勒布朗,Ozancin,科尔选民的评论:弗雷希> XF: intel - 8100 -远程- dos = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0458网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0458最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000424两个问题在小鬼2参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2参考报价:1360参考:XF: imp-tmpfile-view IMP中的MSWordView应用程序创建全局文件在/ tmp目录中,它允许其他本地用户阅读可能敏感信息。修改:ADDREF报价:1360推断行动:- 2000 - 0458 ACCEPT_REV(4接受,1 ack, 1审查)目前投票:接受(4)征税,Ozancin,抑郁症,科尔等待(3)普罗塞,Christey, Stracener回顾(1)阿姆斯特朗选民的评论:Christey > ADDREF报价:1360更改> (Levy投票从审查接受)改变>[科尔投票从等待接受]Christey >看到imp-2.2.2 / docs /变化ftp://ftp.horde.org/pub/imp/tarballs/imp-2.2.2.tar.gzv2.2.0-pre11下部分,唯一明显的修复可能“将umask设置(默认- > umask美元)为当前过程。”This is confirmed in imp-2.2.2/config/defaults.php3.dist ====================================================== Candidate: CAN-2000-0459 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0459最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000615分配:20000614类别:科幻参考:BUGTRAQ: 20000424两个问题在小鬼2参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2参考:报价:1361参考:XF: imp-wordfile-dos小鬼不正确如果MSWordView应用程序退出删除文件,它允许本地用户造成拒绝服务由填满磁盘空间要求大量的文档和过早停止请求。修改:ADDREF报价:1361推断行动:- 2000 - 0459 ACCEPT_REV(4接受,1 ack, 1审查)目前投票:接受(4)征税,Ozancin,抑郁症,科尔等待(3)普罗塞,Christey, Stracener回顾(1)阿姆斯特朗选民的评论:Christey > ADDREF报价:1361更改> (Levy投票从审查接受)改变>[科尔投票从等待接受]Christey >看到imp-2.2.2 / docs /变化ftp://ftp.horde.org/pub/imp/tarballs/imp-2.2.2.tar.gzv2.2.1下部分,供应商说“修复文件上传漏洞。”This is probably acknowledgement of this problem. ====================================================== Candidate: CAN-2000-0467 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0467最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000614 Splitvt利用参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html参考:DEBIAN: 20000605根利用splitvt参考:网址:http://www.debian.org/security/2000/20000605a参考:报价:1346参考:网址:http://www.securityfocus.com/bid/1346参考:splitvt-screen-lock-bo缓冲区溢出在Linux splitvt 1.6.3早些时候,允许本地用户获得根权限通过长密码屏幕锁定功能。修改:ADDREF splitvt-screen-lock-bo推断行动:- 2000 - 0467能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: splitvt-screen-lock-bo(4977) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0468网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0468最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601惠普安全漏洞的男人命令参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.sol.4.02.10006021014400.4779 - 100000 @nofud.nwest.attws.com参考:报价:1302参考:网址:http://www.securityfocus.com/bid/1302参考:hp-man-file-overwrite男人在hp - ux 10.20和11允许本地攻击者通过符号链接攻击覆盖文件。修改:ADDREF hp-man-file-overwrite推断行动:- 2000 - 0468能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: hp-man-file-overwrite(4590) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0470网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0470最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601硬件开发,得到网络参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html参考:报价:1290参考:网址:http://www.securityfocus.com/bid/1290引用:引用rompager-malformed-dos:网址:http://xforce.iss.net/static/4588.php快板RomPager HTTP服务器允许远程攻击者通过畸形引起拒绝服务身份验证请求。修改:ADDREF rompager-malformed-dos推断行动:- 2000 - 0470能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(4)阿姆斯特朗,墙,勒布朗,Ozancin选民的评论:弗雷希> XF: rompager-malformed-dos改变(4588)>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0474网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0474最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601远程DoS攻击在真正的网络服务器(罢工# 2)脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html参考:BUGTRAQ: 20000601远程RealServer DoS攻击:苏联- 2000043参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html参考:报价:1288参考:网址:http://www.securityfocus.com/bid/1288参考:XF: realserver-malformed-remote-dos参考:网址:http://xforce.iss.net/static/4587.php真正的网络RealServer 7。x允许远程攻击者通过畸形引起拒绝服务请求一个页面在viewsource目录中。修改:ADDREF realserver-malformed-remote-dos推断行动:- 2000 - 0474 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin选民的评论:弗雷希> XF: realserver-malformed-remote-dos(4587) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0481网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0481最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:VULN-DEV: 20000601 Kmail堆溢出参考:网址:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez参考:报价:1380参考:网址:http://www.securityfocus.com/bid/1380参考:XF: kde-kmail-attachment-dos参考:网址:http://xforce.iss.net/static/4993.php缓冲区溢出在KDE Kmail允许远程攻击者通过附件导致拒绝服务长文件名。修改:ADDREF XF: kde-kmail-attachment-dos推断行动:- 2000 - 0481能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: kde-kmail-attachment-dos() = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0486网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0486最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000530 TACACS +协议及其实现的分析参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html参考:确认:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html参考:报价:1293参考:网址:http://www.securityfocus.com/bid/1293参考:XF: tacacsplus-packet-length-dos参考:网址:http://xforce.iss.net/static/4985.php缓冲区溢出在思科TACACS + tac_plus服务器允许远程攻击者通过畸形引起拒绝服务包长度字段。修改:ADDREF XF: tacacsplus-packet-length-dos推断行动:- 2000 - 0486能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: tacacsplus-packet-length-dos(4985) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0489网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0489最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 19990826当地DoS在FreeBSD参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.lnx.4.10.9908270039010.16315 - 100000 @thetis.deor.org参考:BUGTRAQ: 20000601当地FreeBSD, Openbsd NetBSD, DoS漏洞- Mac OS X的影响参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com参考:报价:622参考:网址:http://www.securityfocus.com/bid/622参考:XF: bsd-setsockopt-dos参考:网址:http://xforce.iss.net/static/3298.phpFreeBSD, NetBSD, OpenBSD允许攻击者造成拒绝服务通过创建大量的套接字对使用socketpair函数,通过setsockopt设置大型缓冲区大小,然后写大的缓冲区。修改:ADDREF XF: bsd-setsockopt-dos推断行动:- 2000 - 0489能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: bsd-setsockopt-dos(3298) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0490网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0490最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 Netwin Dmail方案参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html参考:确认:http://netwinsite.com/dmail/security.htm参考:报价:1297参考:网址:http://www.securityfocus.com/bid/1297参考:XF: dmail-etrn-dos参考:网址:http://xforce.iss.net/static/4579.php缓冲区溢出的NetWin DSMTP 2.7 q NetWin dmail包允许远程攻击者通过长ETRN请求执行任意命令。修改:ADDREF确认:http://netwinsite.com/dmail/security.htmADDREF XF: dmail-etrn-dos推断行动:- 2000 - 0490能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(5)阿姆斯特朗,墙,勒布朗,Ozancin, Christey选民的评论:弗雷希> XFdmail-etrn-dos(4579)改变>[科尔投票从等待接受]Christey >确认:http://netwinsite.com/dmail/security.htm确认:在常见问题/ howto是一种“安全邮寄广告页面”http://netwinsite.com/dmail/security.htm看到“DMAIL安全故障注意到2000年6月5日。”部分,表示:“报道错误,允许根访问。”Since the initial disclosure was on June 1, this is probably the issue. More confirmation is in the following statement: On Linux to find out if your system has been attacked do this: grep "etrn" /usr/local/dmail/dwatch/*.ded ====================================================== Candidate: CAN-2000-0493 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0493最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:VULN-DEV: 20000601漏洞在SNTS参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html参考:报价:1289参考:网址:http://www.securityfocus.com/bid/1289参考:XF: timesync-bo-execute参考:网址:http://xforce.iss.net/static/4602.php缓冲区溢出在简单网络时间同步(smt)守护进程允许远程攻击者可能导致拒绝服务和执行任意命令通过一个长字符串。修改:ADDREF XF: timesync-bo-execute DESC[添加执行命令可能]推断行动:- 2000 - 0493能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: timesync-bo-execute(4602)描述不匹配的引用;请考虑修改。从所有引用,这似乎更像是一个缓冲区溢出和远程运行任意代码的能力,而不是一个DoS,推断异常终止的结果,而不是后续行动。= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0495网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0495最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:女士:ms00 - 038参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 038. - asp参考:报价:1282参考:网址:http://www.securityfocus.com/bid/1282参考:XF: ms-malformed-media-dos参考:网址:http://xforce.iss.net/static/4585.php微软Windows媒体编码器允许远程攻击者通过畸形引起拒绝服务请求,又名“畸形的Windows媒体编码器请求”的弱点。修改:ADDREF XF: ms-malformed-media-dos推断行动:- 2000 - 0495能接受(4接受,1 ack, 0评论)目前投票:接受(3)征税,墙,勒布朗弗伦奇等待修改(1)(1)Ozancin选民的评论:弗雷希> XF: ms-malformed-media-dos(4585) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0505网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0505最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000603 Re: IBM HTTP SERVER或APACHE参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=pine.bsf.4.20.0006031912360.45740 - 100000 @alive.znep.com参考:报价:1284参考:网址:http://www.securityfocus.com/bid/1284参考:XF: ibm-http-file-retrieve参考:网址:http://xforce.iss.net/static/4575.phpApache 1.3。x HTTP服务器在Windows平台允许远程攻击者列出目录的内容通过请求的URL包含大量的/字符。修改:ADDREF XF: ibm-http-file-retrieve推断行动:- 2000 - 0505能接受(4接受,1 ack, 0评论)目前投票:接受(3)征税,墙,弗伦奇等待Ozancin修改(1)(1)勒布朗选民的评论:弗雷希> XF: ibm-http-file-retrieve(4575) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0507网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0507最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000601 DST2K0006:拒绝服务可能在实践上邮箱服务器参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2参考:报价:1286参考:网址:http://www.securityfocus.com/bid/1286参考:XF: nt-webmail-dos参考:网址:http://xforce.iss.net/static/4586.php上邮箱服务器2.5允许远程攻击者通过长直升机造成拒绝服务命令。修改:ADDREF XF: nt-webmail-dos推断行动:- 2000 - 0507能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(4)阿姆斯特朗,墙,勒布朗,Ozancin选民的评论:弗雷希> XF: nt-webmail-dos改变(4586)>(科尔从等待接受改变投票)= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0517网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0517最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:CERT: ca - 2000 - 08年参考:网址:http://www.cert.org/advisories/ca - 2000 - 08. - html参考:报价:1260参考:网址:http://www.securityfocus.com/bid/1260参考:XF: netscape-ssl-certificate参考:网址:http://xforce.iss.net/static/4550.phpNetscape 4.73和更早的不适当的警告用户可能无效的证书如果用户此前接受证书一个不同的网站,这可能允许远程攻击者欺骗一个合法的网站,网站的DNS信息的影响。修改:ADDREF XF: netscape-ssl-certificate推断行动:- 2000 - 0517能接受(4接受,1 ack, 0评论)目前投票:接受(3)征税,墙,弗伦奇等待Ozancin修改(1)(1)勒布朗选民的评论:弗雷希> XF: netscape-ssl-certificate(4550) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0518网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0518最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:女士:ms00 - 039参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 039. - asp参考:报价:1309参考:网址:http://www.securityfocus.com/bid/1309参考:XF: ie-invalid-frame-image-certificate参考:网址:http://xforce.iss.net/static/4624.phpInternet Explorer 4。x和5。x不正确验证SSL证书的所有内容,如果连接到服务器通过一个图像或一个框架,即两种不同的“SSL证书验证”的漏洞。修改:ADDREF XF: ie-invalid-frame-image-certificate DESC概括包括其他版本的行动:- 2000 - 0518能接受(4接受,1 ack, 0评论)目前投票:接受(2)征税,勒布朗修改(2)墙,弗雷希无操作(1)Ozancin选民的评论:墙弗伦奇> >包括IE 4.01和IE 5.01 XF: ie-invalid-frame-image-certificate(4624) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0519网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0519最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:女士:ms00 - 039参考:网址:http://www.microsoft.com/technet/security/bulletin/ms00 - 039. - asp参考:报价:1309参考:网址:http://www.securityfocus.com/bid/1309参考:XF: ie-revalidate-certificate参考:网址:http://xforce.iss.net/static/4627.phpInternet Explorer 4。x和5。x不正确re-validate SSL证书如果用户建立一个新的SSL会话期间与同一个服务器相同的ie浏览器会话,即两种不同的“SSL证书验证”的漏洞。修改:ADDREF XF: ie-revalidate-certificate DESC概括包括其他版本的行动:- 2000 - 0519能接受(4接受,1 ack, 0评论)目前投票:接受(2)征税,勒布朗修改(2)墙,弗雷希无操作(1)Ozancin选民的评论:墙弗伦奇> >包括IE 4.01和IE 5.01 XF: ie-revalidate-certificate(4627) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0521网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0521最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000605 MDMA咨询# 5:阅读专家网络服务器下的CGI脚本参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html参考:报价:1313参考:网址:http://www.securityfocus.com/bid/1313参考:XF: savant-source-read参考:网址:http://xforce.iss.net/static/4616.php莎凡特web服务器允许远程攻击者阅读源代码的CGI脚本通过GET请求,不包括HTTP版本号。修改:ADDREF savant-source-read(4616)推断行动:- 2000 - 0521能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: savant-source-read(4616) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0530网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0530最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000531 KDE:: KApplication特性?参考网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html参考:火山口:综援- 2000 - 015.0参考:网址:ftp://ftp.calderasystems.com/pub/openlinux/security/cssa - 2000 015.0.txt参考:报价:1291参考:网址:http://www.securityfocus.com/bid/1291参考:XF: kde-configuration-file-creation参考:网址:http://xforce.iss.net/static/4583.php在KDE 1.1.2 KApplication类配置文件管理能力允许本地用户覆盖任意文件。修改:ADDREF XF: kde-configuration-file-creation推断行动:- 2000 - 0530能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: kde-configuration-file-creation(4583) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0536网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0536最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:确认:http://www.synack.net/xinetd/参考:DEBIAN: 20000619 xinetd: bug在访问控制机制参考:网址:http://www.debian.org/security/2000/20000619参考:报价:1381参考:网址:http://www.securityfocus.com/bid/1381参考:XF: xinetd-improper-restrictions参考:网址:http://xforce.iss.net/static/4986.phpxinetd 2.1.8。如果x不适当限制连接主机名用于访问控制和连接主机没有反向DNS条目。修改:ADDREF XF: xinetd-improper-restrictions推断行动:- 2000 - 0536能接受(3接受,2 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(3)墙,勒布朗,Christey选民的评论:弗雷希> XF: xinetd-improper-restrictions (4986) Christey >http://www.debian.org/security/2000/20000619= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0537网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0537最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:BUGTRAQ: 20000606 BRU脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html参考:火山口:综援- 2000 - 018.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2000 018.0.txt参考:报价:1321参考:网址:http://www.securityfocus.com/bid/1321参考:XF: bru-execlog-env-variable参考:网址:http://xforce.iss.net/static/4644.php无条件转移备份软件允许本地用户把数据添加到任意文件,通过指定一个替代BRUEXECLOG环境变量配置文件。修改:ADDREF XF: bru-execlog-env-variable推断行动:- 2000 - 0537能接受(3接受,1 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: bru-execlog-env-variable(4644) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0553网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0553最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:未知参考:BUGTRAQ: 20000525安全漏洞IPFilter 3.3.15和3.4.3参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html参考:报价:1308参考:网址:http://www.securityfocus.com/bid/1308参考:XF: ipfilter-firewall-race-condition参考:网址:http://xforce.iss.net/static/4994.php早些时候在IPFilter防火墙3.4.3和竞争条件,当配置重叠“return-rst”和“保持状态”规则,允许远程攻击者绕过访问限制。修改:ADDREF XF: ipfilter-firewall-race-condition推断行动:- 2000 - 0553能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,弗伦奇等待Ozancin修改(1)(2)墙,勒布朗选民的评论:弗雷希> XF: ipfilter-firewall-race-condition(4994) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0556网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0556最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0011: DoS & BufferOverrun CMail v2.4.7邮箱参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html参考:确认:http://www.computalynx.net/万博下载包news/Jun2000/news0806200001.html参考:报价:1319参考:网址:http://www.securityfocus.com/bid/1319参考:XF: cmail-long-username-dos参考:网址:http://xforce.iss.net/static/4625.php缓冲区溢出的web界面Cmail 2.4.7允许远程攻击者造成拒绝服务通过发送大量用户名用户对话框运行在端口8002上。修改:ADDREF cmail-long-username-dos(4625)推断行动:- 2000 - 0556 ACCEPT_ACK(2接受,1 ack, 0评论)目前投票:接受(1)征收弗伦奇等待修改(1)(3)墙,勒布朗,Ozancin选民的评论:弗雷希> XF: cmail-long-username-dos(4625) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0557网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0557最终决定:阶段性裁决:20001011修改:20001010 - 1提出:20000712分配:20000711类别:科幻参考:NTBUGTRAQ: 20000608 DST2K0011: DoS & BufferOverrun CMail v2.4.7邮箱参考:网址:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html参考:报价:1318参考:网址:http://www.securityfocus.com/bid/1318参考:XF: cmail-get-overflow-execute参考:网址:http://xforce.iss.net/static/4626.php缓冲区溢出的web界面Cmail 2.4.7允许远程攻击者执行任意命令通过一个GET请求。修改:ADDREF XF: cmail-get-overflow-execute推断行动:- 2000 - 0557能接受(3接受0 ack, 0评论)目前投票:接受(2)征税,科尔弗伦奇等待修改(1)(4)阿姆斯特朗,墙,勒布朗,Ozancin选民的评论:弗雷希> XF: cmail-get-overflow-execute (4626)
- 上一页的日期:(临时)接受33遗留候选人最后(10/13)
- 下一个按日期:(临时)最近接受68候选人最后(10/13)
- Prev线程:(临时)接受33遗留候选人最后(10/13)
- 下一个线程:(临时)最近接受68候选人最后(10/13)
- 指数(es):
