(提案)集群RECENT-51 - 20的候选人

以下集群包含20个候选人之间发布12月16日2000年1月10日,2001年。通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。这种集群的投票网站将更新今天晚些时候。新增编辑部也会通知他们的帐户信息。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。如果你发现任何RECENT-XX集群是不完整的对过程中发现的问题相关的时间框架,请发送信息给我,这样候选人可以被指定。——史蒂夫总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。 References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-0125 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0125最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20001231咨询:exmh符号链接漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97846489313059&w=2参考:BUGTRAQ: 20010112 exmh安全漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97958594330100&w=2参考:确认:http://www.beedub.com/exmh/symlink.html参考:FREEBSD: FreeBSD-SA-01:17参考:网址:http://archives.neohapsis.com/archives/freebsd/2001-01/0543.html参考:曼德拉草:MDKSA-2001:015参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 015. - php3参考:DEBIAN: dsa - 022 - 1参考:网址:http://www.debian.org/security/2001/dsa - 022参考:XF: exmh-error-symlink参考:网址:http://xforce.iss.net/static/5829.php2.2和更早的exmh允许本地用户覆盖任意文件通过一个符号链接攻击exmhErrorMsg临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0125 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0128网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0128最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:曼德拉草:mdksa - 2000 - 083参考:网址:http://www.linux mandrake.com/en/updates/2000/mdksa - 2000 - 083. - php3参考:CONECTIVA: CLA-2000:365参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365参考:REDHAT: RHSA-2000:127-06参考:网址:http://www.redhat.com/support/errata/powertools/rhsa - 2000 - 127. - html参考:DEBIAN: dsa - 006 - 1参考:网址:http://www.debian.org/security/2000/20001219参考:FREEBSD: FreeBSD-SA-01:06参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc参考:XF: zope-calculate-roles参考:网址:http://xforce.iss.net/static/5777.phpZope 2.2.4之前不正确计算当地的角色,这将允许用户绕过指定的访问限制,获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0128 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0131网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0131最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:DEBIAN: dsa - 021参考:网址:http://www.debian.org/security/2001/dsa - 021参考:报价:2182参考:网址:http://www.securityfocus.com/bid/2182htpasswd htdigest在Apache 2.0 a9, 1.3.14等允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0131 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0139网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0139最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:010参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 010. - php3参考:火山口:综援- 2001 - 001.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2001 001.0.txt参考:报价:2190参考:网址:http://www.securityfocus.com/bid/2190客栈2.2.3允许本地用户覆盖任意文件通过一个符号链接攻击在某些配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0139 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0141网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0141最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:009参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 009. - php3参考:DEBIAN: dsa - 011参考:网址:http://www.debian.org/security/2001/dsa - 011参考:火山口:综援- 2001 - 002.0参考:网址:http://www.calderasystems.com/support/security/advisories/cssa - 2001 002.0.txt参考:报价:2187参考:网址:http://www.securityfocus.com/bid/2187mgetty 1.1.22允许本地用户覆盖任意文件通过一个符号链接攻击在某些配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0141 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0116网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0116最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:006参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 006. - php3参考:报价:2188参考:网址:http://www.securityfocus.com/bid/2188gpm 1.19.3允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0116 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0117网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0117最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:008-1参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 008. - php3参考:报价:2191参考:网址:http://www.securityfocus.com/bid/2191sdiff 2.7你要包允许本地用户覆盖文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0117 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0118网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0118最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:mdksa - 2001 - 005参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 005. - php3参考:报价:2195参考:网址:http://www.securityfocus.com/bid/2195rdist 6.1.5允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0118 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0119网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0119最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:004参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 004. - php3参考:报价:2194参考:网址:http://www.securityfocus.com/bid/2194getty_ps 2.0.7j允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0119 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0120网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0120最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:007参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 007. - php3参考:报价:2196参考:网址:http://www.securityfocus.com/bid/2196useradd shadow-utils项目计划可能允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0120 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0123网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0123最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010107 Cgisecurity.com咨询# 3.1参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97905792214999&w=2参考:报价:2177参考:网址:http://www.securityfocus.com/bid/2177目录遍历脆弱性eXtropia bbs_forum。cgi 1.0允许远程攻击者读取任意文件通过一个. .(点点)攻击文件参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0123 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0124网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0124最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010109 Solaris /usr/lib/exrecover缓冲区溢位参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97908386502156&w=2参考:SUNBUG: 4161925参考:报价:2179参考:网址:http://www.securityfocus.com/bid/2179缓冲区溢出在早些时候在Solaris 2.6和exrecover可能允许本地用户获得特权通过命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0124 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0126网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0126最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010109甲骨文XSQL servlet和xml样式表允许在web服务器上执行java引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97906670012796&w=2参考:BUGTRAQ: 20010123块潜在脆弱性在Oracle XSQL Servlet引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=98027700625521&w=2甲骨文XSQL servlet 1.0.3.0早些时候,允许远程攻击者执行任意Java代码通过重定向XSQL服务器到另一个通过xslt样式表的xml样式表参数来源。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0126 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0138网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0138最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0010.html参考:报价:2189参考:网址:http://www.securityfocus.com/bid/2189privatepw程序在wu-ftpd 2.6.1-6允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0138 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0140网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0140最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:002参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 002. - php3参考:报价:2183参考:网址:http://www.securityfocus.com/bid/2183arpwatch 2.1 a4允许本地用户覆盖任意文件通过一个符号链接攻击在某些配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0140 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0142网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0142最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010112 Trustix安全顾问——你要鱿鱼参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:003参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 003. - php3参考:报价:2184参考:网址:http://www.securityfocus.com/bid/21842.3和更早的鱿鱼允许本地用户覆盖任意文件通过一个符号链接攻击在某些配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0142 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0143网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0143最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010110 Immunix OS的安全更新引用大量的临时文件问题:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2参考:曼德拉草:MDKSA-2001:011参考:网址:http://www.linux mandrake.com/en/security/2001/mdksa - 2001 - 011. - php3参考:报价:2186参考:网址:http://www.securityfocus.com/bid/2186vpop3d项目则早1.23 r和允许本地用户覆盖任意文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0143 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0121网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0121最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010108 def - 2001 - 01: ImageCast IC3控制中心DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html参考:报价:2174参考:网址:http://www.securityfocus.com/bid/2174ImageCast控制中心4.1.0允许远程攻击者造成拒绝服务(资源耗尽或系统崩溃)通过一个长字符串端口12002。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0121 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0122网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0122最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20010108 def - 2001 - 02: IBM Websphere 3.52内核泄漏DoS参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0079.html参考:报价:2175参考:网址:http://www.securityfocus.com/bid/2175内存泄漏在ApfaCache模块在IBM HTTP Server和Websphere 3.52允许远程攻击者通过一系列畸形引起拒绝服务的HTTP请求。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0122 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0136网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0136最终决定:阶段性裁决:修改:建议:20010214分配:20010206类别:科幻参考:BUGTRAQ: 20001220 ProFTPD 1.2.0内存泄漏——拒绝服务引用:网址:http://www.securityfocus.com/archive/1/152206参考:BUGTRAQ: 20010109内存泄漏ProFTPd导致偏远DoS (FTP)大小;(利用代码)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html参考:BUGTRAQ: 20010110 Re:内存泄漏ProFTPd导致偏远DoS (FTP)大小;(利用代码)参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html参考:XF: proftpd-size-memory-leak参考:网址:http://xforce.iss.net/static/5801.php内存泄漏在ProFTPd 1.2.0rc2允许远程攻击者通过一系列导致拒绝服务用户命令,并可能大小命令如果服务器已经安装不当。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0136 3供应商确认:这个项目的细节非常粗略。跟踪,迈克尔Zalewski发现了利用不加回车,因此产生一个非常大的行。这反过来可能是DoS的来源。看到的:http://www.securityfocus.com/archive/1/152404投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: