(提案)集群LEGACY-CERT - 53年的候选人

我提出集群LEGACY-CERT供编辑部评论和投票。名称:LEGACY-CERT描述:候选人在CERT报告宣布从1998年早些时候,大小:53通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1021 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1021最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1992 - 15参考:网址:http://www.cert.org/advisories/ca - 1992 - 15. - html参考:太阳:00117参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba参考报价:47参考:网址:http://www.securityfocus.com/bid/47NFS在SunOS 4.1通过4.1.2忽略了高阶16位32位UID,它允许本地用户获得root访问如果低16位设置为0,固定的NFS巨型补丁升级。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1021 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1032网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1032最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: ca - 1991 - 11参考:网址:http://www.cert.org/advisories/ca - 1991 - 11. - html参考报价:26参考:网址:http://www.securityfocus.com/bid/26脆弱性在纬度/ Telnet网关Ultrix 4.1和4.2允许攻击者获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1032 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1034网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1034最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1991 - 08年参考:网址:http://www.cert.org/advisories/ca - 1991 - 08. - html参考报价:23参考:网址:http://www.securityfocus.com/bid/23漏洞登录在AT&T System V版本4允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1034 1供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1041网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1041最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:上海合作组织mscreen vul BUGTRAQ: 19980827。参考网址:http://www.securityfocus.com/archive/1/10420参考:上海合作组织OpenServer BUGTRAQ: 19980926根利用。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90686250717719&w=2参考:上海合作组织:某人- 98.05参考:网址:ftp://ftp.sco.com/sse/security_bulletins/sb - 98.05 a参考:CERT: vb - 98.10参考:网址:http://www.cert.org/vendor_bulletins/VB-98.10.sco.mscreen缓冲区溢出在上海合作组织mscreen OpenServer 5.0和SCO UNIX 3.2 v4允许本地用户获得通过(1)根访问长期环境变量和(2)一个长.mscreenrc文件中的条目。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1041 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1056网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1056最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1992 - 18参考:网址:http://www.cert.org/advisories/ca - 1992 - 18. - html脆弱性在vm 5.0 5.4 - 2允许本地用户获得特权通过监视实用程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1056 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1057网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1057最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 07年参考:网址:http://www.cert.org/advisories/ca - 1990 - 07. - html参考:CIAC: B-04参考:网址:http://ciac.llnl.gov/ciac/bulletins/b - 04. shtml参考报价:12参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=12vm 4.0到5.3允许本地用户获得特权通过分析/ PROCESS_DUMP dcl命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1057 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1059网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1059最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1992 - 04参考:网址:http://www.cert.org/advisories/ca - 1992 - 04. - html参考报价:36参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=36脆弱性rexec守护进程(rexecd) AT&T TCP / IP 4.0各种SVR4系统允许远程攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1059 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1090网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1090最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1991 - 15参考:网址:http://www.cert.org/advisories/ca - 1991 - 15. - html参考:XF: ftp-ncsa(1844)参考:网址:http://xforce.iss.net/static/1844.php机子的默认配置为mac和PC支持FTP、Telnet包即使它不包括一个“FTP = yes”线,它允许远程攻击者读取和修改任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1090 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1098网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1098最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1995 - 03年参考:网址:http://www.cert.org/advisories/ca - 1995 - 03. - html参考:CIAC: F-12参考:网址:http://www.ciac.org/ciac/bulletins/f - 12. shtml脆弱性在BSD Telnet客户机与加密4和Kerberos身份验证允许远程攻击者通过嗅探解密会话。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1098 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1103网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1103最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: vb - 96.05参考:网址:http://www.cert.org/vendor_bulletins/VB-96.05.dec参考:CIAC: G-18参考:网址:http://ciac.llnl.gov/ciac/bulletins/g - 18. shtml参考:MISC:http://www.tao.ca/fire/bos/0209.htmldxconsole早些时候在12月OSF / 1 3.2 c和允许本地用户读取任意文件- file参数通过指定的文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1103 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1115网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1115最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 04参考:网址:http://www.cert.org/advisories/ca - 1990 - 04. - html参考报价:7参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=7脆弱性在惠普阿波罗/etc/suid_exec程序域/ OS sr10.2 sr10.3β,Korn Shell (ksh)有关。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1115 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1119网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1119最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:CERT: ca - 1992 - 09年参考:网址:http://www.cert.org/advisories/ca - 1992 - 09. - html参考报价:41参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=41参考:XF: aix-anon-ftp(3154)参考:网址:http://xforce.iss.net/static/3154.phpFTP安装脚本anon.ftp在AIX不安全地配置匿名FTP,它允许远程攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1119 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1121网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1121最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:CERT: ca - 1992 - 06年参考:网址:http://www.cert.org/advisories/ca - 1992 - 06. - html参考报价:38参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=38参考:XF: ibm-uucp(554)参考:网址:http://xforce.iss.net/static/554.php的默认配置UUCP在AIX 3.2允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1121 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1122网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1122最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1989 - 02年参考:网址:http://www.cert.org/advisories/ca - 1989 - 02. - html参考报价:3参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=3漏洞在SunOS 4.0.3的恢复和早些时候允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1122 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1131网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1131最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: vb - 97.12参考:网址:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup参考:CIAC:我- 060参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 060. shtml参考:SGI: 19980601 - 01 - px参考:网址:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX参考:XF: sgi-osf-dce-dos(1123)参考:网址:http://xforce.iss.net/static/1123.php缓冲区溢出在OSF分布式计算环境(DCE)安全恶魔(secd) IRIX 6.4和更早的允许攻击者通过长主要引起拒绝服务,集团或组织。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1131 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1138网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1138最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:CERT: ca - 1993 - 13参考:网址:http://www.cert.org/advisories/ca - 1993 - 13. - html参考:XF: sco-homedir(546)参考:网址:http://xforce.iss.net/static/546.phpSCO UNIX系统V / 386 3.2版,上海合作组织和其他产品,安装的主目录(1)/ tmp dos用户,和(2)/usr/tmp asg用户,其他用户可以访问这些账户自/ tmp和/usr/tmp是人人可写的。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1138 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1140网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1140最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971214 cracklib缓冲区溢位? !参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88209041500913&w=2参考:CERT: vb - 97.16参考:网址:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib参考:XF: cracklib-bo(1539)参考:网址:http://xforce.iss.net/static/1539.php缓冲区溢出CrackLib 2.5允许本地用户获得根权限通过长GECOS字段中。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1140 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1142网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1142最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1992 - 11参考:网址:http://www.cert.org/advisories/ca - 1992 - 11. - html参考:XF: sun-env(3152)参考:网址:http://xforce.iss.net/static/3152.phpSunOS 4.1.2早些时候,允许本地用户获得特权在某些动态链接setuid和setgid程序改变真实有效用户id相同的用户,通过“LD_ *”环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1142 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1162网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1162最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1993 - 08年参考:网址:http://www.cert.org/advisories/ca - 1993 - 08. - html4.0和更早的脆弱性在SCO UNIX密码允许攻击者造成拒绝服务通过阻止用户能够登录到系统。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1162 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1193网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1193最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1991 - 06年参考:网址:http://www.cert.org/advisories/ca - 1991 - 06. - html参考:XF: next-me(581)参考:网址:http://xforce.iss.net/static/581.php参考报价:20参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=20“我”用户在下NeXTstep 2.1和更早的车轮组特权,这能让我成为根用户使用su命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1193 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1194网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1194最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: ca - 1991 - 05参考:网址:http://www.cert.org/advisories/ca - 1991 - 05. - html参考报价:17参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=17参考:XF: dec-chroot(577)参考:网址:http://xforce.iss.net/static/577.phpchroot数字Ultrix 4.1和4.0是不可靠地安装,它允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1194 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1197网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1197最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 12参考:网址:http://www.cert.org/advisories/ca - 1990 - 12. - html参考报价:14参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=14在SunOS TIOCCONS以下4.4.1不正确检查用户的权限试图将控制台输出和输入重定向,这可能允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1197 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1198网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1198最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 06年参考:网址:http://www.cert.org/advisories/ca - 1990 - 06. - html参考:CIAC: B-01参考:网址:http://ciac.llnl.gov/ciac/bulletins/b - 01. shtml参考报价:11参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=11BuildDisk节目下一个系统之前2.0不提示用户根密码,它允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1198 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1209网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1209最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19971204 scoterm利用参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=88131151000069&w=2参考:CERT: vb - 97.14参考:网址:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm参考:XF: sco-scoterm(690)脆弱性在上海合作组织scoterm OpenServer 5.0和上海合作组织打开桌面/打开服务器3.0允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1209 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1215网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1215最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC:维21参考:网址:http://ciac.llnl.gov/ciac/bulletins/d - 21. shtml参考:CERT: ca - 1993 - 12参考:网址:http://www.cert.org/advisories/ca - 1993 - 12. - html参考:XF: novell-login(545)参考:网址:http://xforce.iss.net/static/545.php登录。EXE程序在网络操作系统4.0和4.01暂时写到磁盘上的用户名和密码信息,从而允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1215 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1216网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1216最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1993 - 07年参考:网址:http://www.cert.org/advisories/ca - 1993 - 07. - html参考:CIAC: D-15参考:网址:http://ciac.llnl.gov/ciac/bulletins/d - 15. shtml参考:XF: cisco-sourceroute(541)参考:网址:http://xforce.iss.net/static/541.php9.17和更早的Cisco路由器允许远程攻击者绕过安全限制通过某些IP源路由数据包,通常应该否认使用“没有IP source-route”命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1216 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1218网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1218最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1993 - 04参考:网址:http://www.cert.org/advisories/ca - 1993 - 04. - html参考:XF: amiga-finger(522)参考:网址:http://xforce.iss.net/static/522.php脆弱的手指Commodore Amiga UNIX 2.1 p2a早些时候,允许本地用户读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1218 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1219网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1219最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: ca - 1994 - 13参考:网址:http://www.cert.org/advisories/ca - 1994 - 13. - html参考:AUSCERT: aa - 94.04 -参考:CIAC: E-33参考:网址:http://ciac.llnl.gov/ciac/bulletins/e - 33. shtml参考:XF: sgi-prn-mgr(511)参考:网址:http://xforce.iss.net/static/511.php参考:报价:468参考:网址:http://www.securityfocus.com/bid/468脆弱性在sgihelp SGI帮助系统和打印经理IRIX 5.2和更早的允许本地用户获得根权限,可能通过clogin命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1219 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1252网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1252最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: vb - 96.15参考:网址:http://www.cert.org/vendor_bulletins/VB-96.15.sco参考:上海合作组织:96:002参考:网址:ftp://ftp.sco.COM/SSE/security_bulletins/SB.96:02a参考:XF: sco-system-call(1966)参考:网址:http://xforce.iss.net/static/1966.php脆弱性在一定系统调用在上海合作组织UnixWare 2.0。x和魅惑允许本地用户访问任意文件并获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1252 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1253网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1253最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: vb - 96.10参考:网址:http://www.cert.org/vendor_bulletins/VB-96.10.sco参考:上海合作组织:96:001参考:网址:ftp://ftp.sco.com/SSE/security_bulletins/SB.96:01a参考:XF: sco-kernel(1965)参考:网址:http://xforce.iss.net/static/1965.php脆弱性在上海合作组织OpenServer 5.0.2内核错误处理例程和之前,和上海合作组织互联网1.0由于“快速上手”项目,允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1253 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1295网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1295最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: vb - 96.16参考:网址:http://www.cert.org/vendor_bulletins/VB-96.16.transarcTransarc DCE分布式文件系统(DFS) 1.1为Solaris 2.4和2.5的用户没有正确初始化grouplist属于大量的组织,这可能允许用户获取资源,受到DFS的保护。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1295 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1306网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1306最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: ca - 1992 - 20参考:网址:http://www.cert.org/advisories/ca - 1992 - 20. - html思科IOS 9.1和更早的不妥善处理扩展IP访问列表,当IP路由缓存启用和设置了“建立”关键字,这可能允许攻击者绕过过滤器。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1306 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1309网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1309最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19940314 sendmail - d问题(旧但仍然)参考:网址:http://www.dataguard.no/bugtraq/1994_1/0040.html参考:BUGTRAQ: 19940315所以…参考网址:http://www.dataguard.no/bugtraq/1994_1/0043.html参考:BUGTRAQ: 19940315谁知道细节吗?参考网址:http://www.dataguard.no/bugtraq/1994_1/0042.html参考:BUGTRAQ: 19940315安全问题在sendmail版本8. x。x参考:网址:http://www.dataguard.no/bugtraq/1994_1/0048.html参考:BUGTRAQ: 19940327 sendmail利用脚本-重发参考:网址:http://www.dataguard.no/bugtraq/1994_1/0078.html参考:CERT: ca - 1994 - 12参考:网址:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilitiesSendmail 8.6.7允许本地用户获得root访问之前通过一个较大的值在debug命令行选项(- d)分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1309 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1312网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1312最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1993 - 05参考:网址:http://www.cert.org/advisories/ca - 1993 - 05. - html脆弱性在12月OpenVMS VAX 5.5 2到5.0,1.0和OpenVMS AXP,允许本地用户获得系统权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1312 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1391网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1391最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 06年参考:网址:http://www.cert.org/advisories/ca - 1990 - 06. - html参考:CIAC: B-01参考:网址:http://ciac.llnl.gov/ciac/bulletins/b - 01. shtml参考报价:10参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=10脆弱性在接下来的1.0和1.0公开访问打印机允许本地用户获得特权通过npd项目和弱目录权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1391 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1392网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1392最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 06年参考:网址:http://www.cert.org/advisories/ca - 1990 - 06. - html参考:CIAC: B-01参考:网址:http://ciac.llnl.gov/ciac/bulletins/b - 01. shtml参考报价:9参考:网址:http://www.securityfocus.com/bid/9脆弱性restore0.9安装脚本在未来1.0和1.0允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1392 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1395网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1395最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1992 - 18参考:网址:http://www.cert.org/advisories/ca - 1992 - 18. - html参考:CERT: ca - 92.16参考:网址:http://www.cert.org/advisories/CA-92.16.VMS.Monitor.vulnerability参考报价:51参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=51脆弱性监控工具(SYS $共享:SPISHR.EXE)在vm 5.0 5.4 - 2允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1395 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1396网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1396最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1992 - 15参考:网址:http://www.cert.org/advisories/ca - 1992 - 15. - html参考报价:49参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=49在整数乘法在SPARC体系结构仿真代码漏洞SunOS 4.1通过4.1.2允许本地用户获得root访问或引起拒绝服务(崩溃)。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1396 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1415网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1415最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 91.13参考:网址:http://www.cert.org/advisories/CA-91.13.Ultrix.mail.vulnerability参考报价:27个参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=27脆弱性在12月之前ULTRIX /usr/bin/mail 4.2允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1415 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1438网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1438最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1991 - 01参考:网址:http://www.cert.org/advisories/ca - 91.01 a.sunos.mail.vulnerability参考:太阳:00105参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/105参考报价:15参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=15脆弱性在SunOS /bin/mail以下4.4.1早些时候,允许本地用户获得根权限通过特定的命令行参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1438 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1467网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1467最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1989 - 07年参考:网址:http://www.cert.org/advisories/ca - 1989 - 07. - html参考报价:5参考:网址:http://www.securityfocus.com/bid/5参考:XF: sun-rcp(3165)参考:网址:http://xforce.iss.net/static/3165.php在rcp脆弱性SunOS 4.0。x允许远程攻击者从受信任的主机执行任意命令作为根用户,可能没有人用户的配置有关。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1467 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1468网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1468最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://www.unix.geek.org.uk/ arny /www.8lgm.org/1.unix.rdist.23 - 4月- 1991参考:CERT: ca - 91.20参考:网址:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability参考报价:31参考:网址:http://www.securityfocus.com/bid/31rdist在各种UNIX系统使用popen执行sendmail,它允许本地用户获得根权限通过修改IFS变量(内部字段分隔符)。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1468 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1471网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1471最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:CERT: ca - 1989 - 01参考:网址:http://www.cert.org/advisories/ca - 1989 - 01. - html参考报价:4参考:网址:http://www.securityfocus.com/bid/4缓冲区溢出的passwd基于BSD操作系统4.3和更早的允许本地用户获得根权限通过指定一个长壳或GECOS字段中。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1471 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1506网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1506最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 01参考:网址:http://www.cert.org/advisories/CA-90.01.sun.sendmail.vulnerability参考报价:6参考:网址:http://www.securityfocus.com/bid/6早些时候在重度Sendmail 4.0和脆弱性,在SunOS 4.0.3,允许远程攻击者访问用户本。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1506 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1507网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1507最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:CERT: ca - 1993 - 03年参考:网址:http://www.cert.org/advisories/ca - 1993 - 03. - html参考报价:59参考:网址:http://www.securityfocus.com/bid/59太阳SunOS 4.1通过4.1.3允许通过不安全的本地攻击者获得root访问权限等文件和目录。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1507 1供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1554网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1554最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1990 - 08年参考:网址:http://www.cert.org/advisories/ca - 1990 - 08. - html参考报价:13参考:网址:http://www.securityfocus.com/bid/13/usr/sbin/Mail在SGI IRIX 3.3和3.3.1不正确设置组ID的组ID的用户开始邮件,它允许本地用户阅读其他用户的邮件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1554 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1558网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1558最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CIAC: i - 071 -一个参考:网址:http://ciac.llnl.gov/ciac/bulletins/i - 071 a.shtml参考:CERT: vb - 98.07参考:报价:161参考:网址:http://www.securityfocus.com/bid/161loginout脆弱性数字7.1和更早的OpenVMS启用外部认证时允许未经授权的访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1558 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1123网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1123最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:CERT: ca - 1991 - 07年参考:网址:http://www.cert.org/advisories/ca - 1991 - 07. - html参考:太阳:00107参考:网址:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/107&type=0&nav=sec.sba参考报价:21参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=21参考报价:22参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=22参考:XF: sun-sourcetapes(582)参考:网址:http://xforce.iss.net/static/582.php太阳的安装源(sunsrc)磁带允许本地用户获得根权限通过setuid root程序(1)或(2)winstall makeinstall。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1123 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1185网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1185最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:上海合作组织mscreen vul BUGTRAQ: 19980827。参考:上海合作组织OpenServer BUGTRAQ: 19980926根利用。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90686250717719&w=2参考:CERT: vb - 98.10参考:上海合作组织:98.05参考:XF: sco-openserver-mscreen-bo(1379)缓冲区溢出在上海合作组织mscreen允许本地用户获得根权限通过长终端入口(术语).mscreenrc文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1185 3供应商确认:对咨询内容的决定:SF-LOC多个问题隐含在上海合作组织咨询,但只有这个词问题似乎已经公布。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1211网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1211最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1991 - 02年参考:网址:http://www.cert.org/advisories/ca - 1991 - 02. - html参考:XF: sun-intelnetd(574)参考:网址:http://xforce.iss.net/static/574.php脆弱性。早些时候在SunOS以下4.4.1和telnetd允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1211 3供应商确认:对咨询内容的决定:SF-EXEC CD: SF-LOC说分离。telnetd和。因为在rlogind问题。出现在4.0.3 rlogind问题,但不是4.1。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1212网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1212最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1991 - 02年参考:网址:http://www.cert.org/advisories/ca - 1991 - 02. - html参考:XF: sun-intelnetd(574)参考:网址:http://xforce.iss.net/static/574.php脆弱性。在SunOS 4.0.3 rlogind 4.0.3c允许本地用户获得根权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1212 3供应商确认:对咨询内容的决定:SF-EXEC CD: SF-EXEC说分离。telnetd和。因为在rlogind问题。出现在4.0.3 rlogind问题,但不是4.1。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1466网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1466最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:CERT: ca - 1992 - 20参考:网址:http://www.cert.org/advisories/ca - 1992 - 20. - html参考报价:53参考:网址:http://www.securityfocus.com/bid/53脆弱性在Cisco路由器版本8.2 9.1允许远程攻击者绕过访问控制列表当扩展IP访问列表是用于特定的接口,IP路由缓存启用,并访问列表中使用关键字“建立”。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1466 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1493网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1493最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:CERT: ca - 1991 - 23参考:网址:http://www.cert.org/advisories/ca - 1991 - 23. - html参考报价:34参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=34阿波罗域操作系统漏洞crp在惠普SR10通过SR10.3允许远程攻击者获得根权限通过不安全的系统调用,(1)pad_ dm_cmd和(2)pad_ def_pfk美元()。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1493 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: