(提案)集群遗产- misc - 1998 b - 54的候选人

我提出集群遗产- misc - 1998 b,供编辑部评论和投票。名称:遗产- misc - 1998 b描述:遗产候选人宣布7/3/1998与12/29/1998大小:54通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1147 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1147最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981204(安全- 981204. dos.1.3)缓冲区溢出铂PCM 7.0参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91273739726314&w=2参考:BUGTRAQ: 19981207 Re:安全- 981204. dos.1.3缓冲区溢出在铂PCM 7.0参考:XF: pcm-dos-execute(1430)参考:网址:http://xforce.iss.net/static/1430.php缓冲区溢出铂政策合规经理(PCM) 7.0允许远程攻击者执行任意命令通过一个长字符串到代理端口(1827),这是由smaxagent.exe处理。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1147 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1159网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1159最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981229 ssh2安全问题(补丁)(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91495920911490&w=2参考:XF: ssh-privileged-port-forward(1471)参考:网址:http://xforce.iss.net/static/1471.phpSSH)早些时候,允许本地用户请求远程转发特权端口没有根。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1159 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1188网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1188最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981227 mysql: mysqld创建世界可读日志. .参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91479159617803&w=2参考:XF: mysql-readable-log-files(1568)参考:网址:http://xforce.iss.net/static/1568.phpmysqld MySQL 3.21中创建日志文件与全局权限,允许本地用户获取密码的用户被添加到用户数据库。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1188 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1199网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1199最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980807丫Apache DoS攻击参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90252779826784&w=2参考:BUGTRAQ: 19980808 Debian Apache安全更新参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90276683825862&w=2参考:BUGTRAQ: 19980810 Apache DoS攻击参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90286768232093&w=2参考:BUGTRAQ: 19980811 Apache的苏族DOS修复拓林思参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90280517007869&w=2Apache WWW服务器1.3.1早些时候,允许远程攻击者造成拒绝服务(资源枯竭)通过大量的MIME标头名称相同的,即“苏族”的弱点。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1199 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1265网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1265最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980922 Re:警告!SMTP拒绝服务在SLmail版本3.1参考:BUGTRAQ: 19980922警告!SMTP拒绝服务在SLmail版本3.1参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90649892424117&w=2参考:NTBUGTRAQ: 19980922警告!SMTP拒绝服务在SLmail版本3.1参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90650438826447&w=2参考:XF: slmail-parens-overload(1664)参考:网址:http://xforce.iss.net/static/1664.php早些时候在SLmail 3.1和SMTP服务器允许远程攻击者通过畸形引起拒绝服务命令的参数开始”(“(括号)字符,如(1)发送,(2)VRFY, EXPN(3),(4)邮件,(5)收件人。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1265 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1292网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1292最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:国际空间站:19980901远程缓冲区溢出的Kolban Webcam32程序参考:网址:http://xforce.iss.net/alerts/advise7.php参考:XF: webcam32-buffer-overflow(1366)参考:网址:http://xforce.iss.net/static/1366.php缓冲区溢出的web管理功能Kolban Webcam32 4.8.3早些时候,允许远程攻击者通过一个长URL执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1292 2供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1321网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1321最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981105安全补丁ssh-1.2.26 kerberos代码参考:网址:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814缓冲区溢出的ssh客户机使用Kerberos 1.2.26 V启用允许远程攻击者可能导致拒绝服务或执行任意命令通过一个长DNS主机名不妥善处理期间TGT票通过。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1321 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1432网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1432最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980716安全风险与powermanagemnet Solaris 2.6参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525997&w=2参考:报价:160参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=160电源管理(电源管理)在Solaris 2.4到2.6不启动xlock过程直到sys-suspend完成后,它允许攻击者与物理访问从键盘上输入字符最后活动应用程序在短时间内恢复系统后,这可能导致增加的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1432 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1433网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1433最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980715 JetAdmin软件参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525988&w=2参考:BUGTRAQ: 19980722 Re: JetAdmin软件参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526067&w=2参考:报价:157参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=157惠普JetAdmin D.01.09在Solaris允许本地用户改变任意文件的权限通过一个符号链接/ tmp / JetAdmin攻击。日志文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1433 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1437网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1437最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980707 ePerl:坏处理ISINDEX查询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525890&w=2参考:BUGTRAQ: 19980710 ePerl安全更新可用的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525927&w=2参考:报价:151参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=151ePerl 2.2.12允许远程攻击者读取任意文件,可能执行某些命令通过指定目标文件的完整路径名作为参数bar.phtml。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1437 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1447网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1447最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980728对象标签崩溃Internet Explorer 4.0参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526169&w=2Internet Explorer 4.0允许远程攻击者造成拒绝服务(崩溃)通过HTML代码包含一个长CLASSID参数对象标签。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1447 2供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1020网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1020最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19980918 NMRC咨询-默认NDS权利参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90613355902262&w=2参考:报价:484参考:网址:http://www.securityfocus.com/bid/484参考:XF: novell-nds(1364)参考:网址:http://xforce.iss.net/static/1364.php安装网络操作系统NDS 5.99提供了一个未经身份验证的客户端与读访问树,它允许远程攻击者访问敏感信息如用户、组和可读的对象通过残雪。EXE和NLIST.EXE。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1020 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1054网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1054最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19980925世界观光旅行家特征码的lmdown bogosity参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90675672323825&w=2默认配置特征码许可证管理器6.0 d,和可能的其他版本,允许远程攻击者通过lmdown命令关闭服务器。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1054 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1070网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1070最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980725附件DoS参考:网址:http://www.securityfocus.com/archive/1/10021在萍CGI程序缓冲区溢出Xylogics附件终端服务允许远程攻击者造成拒绝服务通过查询参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1070 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1071网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1071最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981130安全漏洞在激发Web服务器1.1参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2参考:XF: excite-world-write(1417)参考:网址:http://xforce.iss.net/static/1417.php激发对Web服务器(EWS) 1.1安装Architext。conf认证文件与对外公开权限,这允许本地用户访问激活账户通过修改该文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1071 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1072网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1072最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981130安全漏洞在激发Web服务器1.1参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2激发对Web服务器(EWS) 1.1允许本地用户获得特权从全局Architext获取加密的密码。配置身份验证文件和重放AT-generated HTTP请求的加密密码。cgi或AT-admin.cgi。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1072 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1073网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1073最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981130安全漏洞在激发Web服务器1.1参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91248445931140&w=2激发对Web服务器(EWS) 1.1记录的前两个字符中明文密码加密的密码,这使得攻击者更容易猜测的密码通过蛮力或字典攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1073 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1107网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1107最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981118多个KDE安全漏洞(根妥协)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2参考:XF: kde-kppp-path-bo(1650)参考:网址:http://xforce.iss.net/static/1650.php缓冲区溢出在KDE kppp允许本地用户获得root访问通过PATH环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1107 3供应商确认:内容决定:SF-LOC kppp /长路径和kppp / - c参数可能需要合并/ CD: SF-LOC,但是他们发现了6个月,可能是临时的修补。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1108网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1108最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981118多个KDE安全漏洞(根妥协)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91141486301691&w=2参考:XF: kde-kppp-path-bo(1650)参考:网址:http://xforce.iss.net/static/1650.php缓冲区溢出在KDE kppp允许本地用户获得root访问通过PATH环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1108 3供应商确认:内容决定:SF-LOC kppp /长路径和kppp / - c参数可能需要合并/ CD: SF-LOC,但是他们发现了6个月,可能是临时的修补。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1124网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1124最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://packetstorm.securify.com/mag/phrack/phrack54/P54-08HTTP客户机应用程序在ColdFusion允许远程攻击者绕过访问限制web页面在其他港口通过提供mainframeset目标页面。cfm应用程序从服务器请求的页面,使它看起来像请求来自本地主机。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1124 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1149网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1149最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980716 S.A.F.E.R.安全公告980708. dos.1.1参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525993&w=2参考:XF: csm-proxy-dos(1422)参考:网址:http://xforce.iss.net/static/1422.php缓冲区溢出在CSM代理4.1允许远程攻击者造成拒绝服务(崩溃)通过一个长字符串到FTP端口。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1149 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1153网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1153最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981109几个新CGI漏洞参考:网址:http://www.securityfocus.com/archive/1/11175参考:XF: cgi-perl-mail-programs(1400)参考:网址:http://xforce.iss.net/static/1400.phpHAMcards明信片CGI脚本1.0允许远程攻击者通过执行任意命令shell元字符在收件人的电子邮件地址。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1153 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1154网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1154最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981109几个新CGI漏洞参考:网址:http://www.securityfocus.com/archive/1/11175参考:MISC:http://lakeweb.com/scripts/参考:XF: cgi-perl-mail-programs(1400)参考:网址:http://xforce.iss.net/static/1400.phpLakeWeb Filemail CGI脚本允许远程攻击者通过执行任意命令shell元字符在收件人的电子邮件地址。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1154 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1155网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1155最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981109几个新CGI漏洞参考:网址:http://www.securityfocus.com/archive/1/11175参考:MISC:http://lakeweb.com/scripts/参考:XF: cgi-perl-mail-programs(1400)参考:网址:http://xforce.iss.net/static/1400.phpLakeWeb邮件列表CGI脚本允许远程攻击者通过执行任意命令shell元字符在收件人的电子邮件地址。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1155 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1173网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1173最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981218完美文书8为linux安全参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91404045014047&w=2Corel词完美8 Linux创建一个临时的工作目录和人人可写的权限,它允许本地用户(1)修改文字完美的行为通过修改工作目录中的文件,或(2)修改其他用户的文件通过一个符号链接攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1173 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1174网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1174最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://www.counterpane.com/crypto -克- 9812. - html #犬舍ZIP驱动器艾美加ZIP - 100磁盘物理访问驱动器允许攻击者绕过密码保护通过磁盘插入一个已知的已知密码,等待ZIP驱动器断电,手动替换与目标磁盘,使用已知的密码和访问目标磁盘。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1174 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1200网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1200最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19980720在Vintra DOS系统服务器软件。参考网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=90222454131610&w=2参考:XF: vintra-mail-dos(1617)参考:网址:http://xforce.iss.net/static/1617.phpVintra SMTP服务器允许远程攻击者通过畸形引起拒绝服务“EXPN * @”命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1200 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1202网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1202最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980703 Windows95代理DoS措施参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525873&w=2参考:XF: startech-pop3-overflow(2088)参考:网址:http://xforce.iss.net/static/2088.phpStarTech (1) POP3代理服务器和(2)telnet服务器允许远程攻击者造成拒绝服务通过用户命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1202 3供应商确认:内容决定:SF-EXEC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1228网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1228最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980927 1 + 2 = 3, + + + ATH0 =老学校DoS参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90695973308453&w=2参考:MISC:http://www.macintouch.com/modemsecurity.html参考:XF: global-village-modem-dos(3320)参考:网址:http://xforce.iss.net/static/3320.php各种调制解调器没有实现一个保安,或配置保护时间为0,可以允许远程攻击者执行任意调制解调器命令,如ATH ATH0,等等,通过“+ + +”出现在ICMP数据包序列,电子邮件的主题,IRC命令等等。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1228 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1270网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1270最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://lists.kde.org/?l=kde-devel&m=90221974029738&w=2参考:XF: kde-kmail-passphrase-leak(1639)参考:网址:http://xforce.iss.net/static/1639.phpKMail在KDE 1.0提供了PGP密码,其他程序的命令行参数,这将允许本地用户获取密码和妥协PGP键查看其他用户的参数通过程序处理信息列表,如ps。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1270 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1277网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1277最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19981224 BackWeb -密码问题(用奈为企业客户通知)。参考网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91487886514546&w=2参考:XF: backweb-cleartext-passwords(1565)参考:网址:http://xforce.iss.net/static/1565.phpBackWeb客户端存储用户名和密码明文通信代理身份验证的注册表键,可以允许其他本地用户获得特权通过阅读密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1277 3供应商确认:跟踪表明,不同的人是不能够复制问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1278网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1278最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981225 Re: Nlog v1.0发布- Nmap 2。x日志管理/分析工具参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91470326629357&w=2参考:BUGTRAQ: 19981226 Nlog 1.1 b -安全漏洞发布固定参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91471400632145&w=2参考:XF: http-cgi-nlog-netbios(1550)参考:网址:http://xforce.iss.net/static/1550.php参考:XF: http-cgi-nlog-metachars (1549) nlog CGI脚本从IP地址不正确过滤shell元字符参数,这可能允许远程攻击者通过(1)nlog-smb执行特定的命令。pl或(2)rpc-nlog.pl。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1278 3供应商确认:是的后续内容决定:SF-EXEC, SF-LOC notes 1.1版本说“固定所有的IP检查例程调用checkip(),“但后续海报描述一个不完整的清洗操作,不过滤”;“字符;如果代码出现在checkip()和checkip()是新创建的1.1版本,然后可以说1.1包含一个不完全固定的缺陷,所以问题固定在1.1 b是一样的1.1。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1280网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1280最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981203远程工具w /超过v.6.0.1.0拿来95参考:网址:http://www.securityfocus.com/archive/1/11512参考:XF: exceed-cleartext-passwords(1547)参考:网址:http://xforce.iss.net/static/1547.php蜂鸟超过6.0.1.0无意中包含一个DLL,用于开发和测试,记录用户名和密码的明文的测试。日志文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1280 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1281网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1281最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981226风网络服务器远程重启和其他bogosity。参考网址:http://www.securityfocus.com/archive/1/11720参考:XF: breeze-remote-reboot(1544)参考:网址:http://xforce.iss.net/static/1544.php开发版本的微风网络服务器允许远程攻击者通过访问导致系统重启configbreeze CGI程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1281 3供应商确认:内容决定:EX-BETA供应商的跟踪表明,受影响的版本的产品是在一个有限的释放在开发和测试周期。因此,它实际上是一个测试版的产品没有达到广泛分布。因此CD: EX-BETA说这个项目不应包含在CVE。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1282网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1282最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981210 RealSystem密码参考:网址:http://www.securityfocus.com/archive/1/11543参考:XF: realsystem-readable-conf-file(1542)参考:网址:http://xforce.iss.net/static/1542.phpRealSystem G2服务器管理员密码明文存储在一个全局配置文件,它允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1282 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1283网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1283最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980814 URL利用崩溃Opera浏览器参考:网址:http://www.securityfocus.com/archive/1/10320参考:XF: opera-slash-crash(1541)参考:网址:http://xforce.iss.net/static/1541.php歌剧3.2.1允许远程攻击者造成拒绝服务(应用程序崩溃)通过一个URL中包含一个额外的/ http://标签。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1283 3供应商确认:内容决定:EX-CLIENT-DOS CD: EX-CLIENT-DOS州一个拒绝服务的问题,只有延伸到客户端本身,这就需要一个被动攻击,不应该包括在CVE。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1284网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1284最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981105各种*的* DoS攻击参考:网址:http://www.securityfocus.com/archive/1/11131参考:XF: nukenabber-timeout-dos(1540)参考:网址:http://xforce.iss.net/static/1540.phpNukeNabber允许远程攻击者造成拒绝服务通过连接到NukeNabber端口(1080)没有发送任何数据,导致CPU使用率上升到100%的报告。exe程序执行连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1284 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1285网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1285最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981227(补丁)解决urandom阅读(2)不是可中断参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91495921611500&w=2参考:XF: linux-random-read-dos(1472)参考:网址:http://xforce.iss.net/static/1472.phpLinux 2.1.132早些时候,允许本地用户造成拒绝服务(资源枯竭)通过阅读大量从一个随机的缓冲装置(例如/dev/urandom),不能中断,直到完成阅读。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1285 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1289网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1289最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981111警告:另一个脆弱性ICQ IP地址参考:网址:http://www.securityfocus.com/archive/1/11233参考:XF: icq-ip-info(1398)参考:网址:http://xforce.iss.net/static/1398.phpICQ 98 beta在Windows NT泄漏客户的内部IP地址的TCP数据段ICQ包而不是公共地址(例如通过NAT),它提供了远程攻击者与潜在的敏感信息的客户或内部网络配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1289 3供应商确认:内容决定:EX-BETA投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1291网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1291最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981005新的Windows脆弱性参考:网址:http://www.securityfocus.com/archive/1/10789参考:XF: nt-brkill(1383)参考:网址:http://xforce.iss.net/static/1383.phpTCP / IP实现在Microsoft Windows 95, Windows NT 4.0,甚至别人,允许远程攻击者重置连接通过强制重置(RST)通过PSH ACK或其他手段,获得目标的最后生成的包序列号,然后欺骗一个重置为目标。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1291 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1322网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1322最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19981112 exchverify。日志参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91096758513985&w=2参考:NTBUGTRAQ: 19981117 Re: exchverify。日志- update # 1参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91133714919229&w=2参考:NTBUGTRAQ: 19981125 Re: exchverify。日志,更新# 2参考:NTBUGTRAQ: 19981216 Arcserve交换客户端安全问题被固定参考:NTBUGTRAQ: 19990305夏延InocuLAN交换纯文本密码仍有参考:NTBUGTRAQ: 19990426 Arcserve交换客户端安全问题仍然悬而未决的安装1 Arcserve备份和InocuLAN AV客户机模块创建一个日志文件交换,exchverify。日志,其中包含用户名和密码明文。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1322 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1381网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1381最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981008缓冲区溢出dbadmin参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90786656409618&w=2缓冲区溢出在dbadmin CGI程序在Linux上1.0.1允许远程攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1381 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1403网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1403最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981002几个潜在的安全问题在IBM Tivoli OPC /跟踪年龄nt参考:网址:http://www.securityfocus.com/archive/1/10771参考:报价:382参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=382IBM Tivoli OPC /跟踪器代理发布版本2 1创建文件,目录,和IPC消息队列与不安全的权限(全局可读、全局可写的),这可能允许本地用户中断操作并可能获得特权通过修改或删除文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1403 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1404网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1404最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19981002几个潜在的安全问题在IBM Tivoli OPC /跟踪年龄nt参考:网址:http://www.securityfocus.com/archive/1/10771参考:报价:382参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=382IBM Tivoli OPC /跟踪器代理发布版本2 1允许远程攻击者造成拒绝服务(资源枯竭)通过向localtracker畸形数据客户端端口(5011),它可以防止连接被正确地关闭。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1404 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1406网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1406最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980729崩溃redhat linux 5.1盒参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526185&w=2参考:BUGTRAQ: 19980730 FD的0 . .2,suid / sgid效果(是:5.1 redhat linux机器崩溃)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526192&w=2参考:报价:372参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=372在Red Hat Linux 5.1打开/dev/mem dumpreg O_RDWR访问,它允许本地用户造成拒绝服务(崩溃)重定向fd 1 (stdout)的内核。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1406 3供应商确认:OpenBSD解决setuid / setgid程序的一般风险天主教文件描述符;看到MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.3/common/fdalloc.patch这是一个特定的实例。哪一个是“正确”,应该在CVE吗?投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1416网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1416最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980823 Solaris ab2 web服务器垃圾参考:网址:http://www.securityfocus.com/archive/1/10383参考:报价:253参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=253AnswerBook2 (AB2) web服务器dwhttpd 3.1 a4允许远程攻击者造成拒绝服务(资源枯竭)通过一个HTTP POST请求内容长度大。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1416 3供应商确认:从《华盛顿邮报》是否不确定的MIME内容长度头仅仅有大量,或者如果帖子必须发送大量的数据。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1417网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1417最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980823 Solaris ab2 web服务器垃圾参考:网址:http://www.securityfocus.com/archive/1/10383参考:报价:253参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=253格式字符串漏洞AnswerBook2 (AB2) web服务器dwhttpd 3.1 a4允许远程攻击者可能导致拒绝服务和执行任意命令通过编码%字符在一个HTTP请求,记录不当。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1417 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1420网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1420最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980720 N-Base脆弱性咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2参考:BUGTRAQ: 19980722 N-Base脆弱性咨询跟踪参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2参考:报价:212参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=212NBase开关NH2012, NH2012R、NH2015 NH2048后门密码不能被禁用,它允许远程攻击者修改交换机的配置。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1420 3供应商确认:是的后续内容决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1421网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1421最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19980720 N-Base脆弱性咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526016&w=2参考:BUGTRAQ: 19980722 N-Base脆弱性咨询跟踪参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526065&w=2参考:报价:212参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=212NBase开关NH208和NH215运行一个TFTP服务器,允许远程攻击者发送软件更新修改开关或引起拒绝服务(崩溃)猜测目标文件名,缺省名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1421 3供应商确认:是的后续内容决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1434网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1434最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980713 Slackware影子不安全感参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525951&w=2参考:报价:155参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=155登录Slackware Linux 3.2到3.5不正确检查一个错误当所属文件丢失,这就避免了放弃特权,使其根权限分配给任何本地用户登录到服务器。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1434 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1435网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1435最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980710 socks5 1.0 r5缓冲区溢位. .参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525933&w=2参考:报价:154参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=154缓冲区溢出libsocks5图书馆的袜子5 (socks5) 1.0 r5允许本地用户获得特权通过环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1435 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1436网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1436最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980708 WWW授权网关参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525905&w=2参考:报价:152参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=152雷陈WWW授权网关0.1 CGI程序允许远程攻击者通过执行任意命令shell元字符的“用户”参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1436 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1448网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1448最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980729 Eudora利用(是微软安全公告(ms98 - 008)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104526168&w=2尤朵拉和尤朵拉光之前3.05允许远程攻击者导致崩溃和腐败的用户的邮箱通过电子邮件与某些日期,如(1)日期在1970年之前,导致除以零错误,或(2)100年之后当前日期的日期,导致段错误。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1448 3供应商确认:虽然这个问题相关的大部分客户端DoS,在某些情况下损坏的邮筒里。因此这个问题超出了CD的范围:EX-CLIENT-DOS,仅覆盖DoS重启的问题,可以解决应用程序。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1459网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1459最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:国际空间站:19981102 BMC巡逻文件创建脆弱性参考:网址:http://xforce.iss.net/alerts/advise10.php参考:XF: bmc-patrol-file-create(1388)参考:网址:http://xforce.iss.net/static/1388.php参考:报价:534参考:网址:http://www.securityfocus.com/bid/534BMC巡逻代理之前3.2.07允许本地用户获得根权限通过一个符号链接攻击一个临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1459 3供应商确认:是的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: