(提案)集群遗留- misc - 1999 - 52的候选人

我提出集群遗留- misc - 1999,供编辑部评论和投票。名称:遗留- misc - 1999描述:遗产候选人宣布1/1/1999和4/27/1999之间尺寸:52通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1203 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1203最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990210安全问题在ISDN设备认证参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91868964203769&w=2参考:BUGTRAQ: 19990212 PPP / ISDN多链路安全问题-总结参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91888117502765&w=2多链路为ISDN拨号用户购买力平价在提升4.6允许远程攻击者通过欺骗导致拒绝服务端点标识符。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1203 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1567网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1567最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990308密码和DOS脆弱性Testrack (bug跟踪软件)参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9903&L=NTBUGTRAQ&P=R1215参考:NTBUGTRAQ: 19990616密码和DOS脆弱性Testrack (bug跟踪软件)参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9906&L=NTBUGTRAQ&P=R1680Seapine软件TestTrack服务器允许远程攻击者造成拒绝服务通过(1)TestTrackWeb(高CPU)。exe和(2)ttcgi。exe连接到端口99和断开没有发送任何数据。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1567 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1568网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1568最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990223 NcFTPd远程缓冲区溢出参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91981352617720&w=2参考:BUGTRAQ: 19990223评论NcFTPd“理论根妥协”参考:网址:http://www.securityfocus.com/archive/1/12699参考:XF: ncftpd-port-bo(1833)参考:网址:http://xforce.iss.net/static/1833.php错误在NcFTPd FTP服务器2.4.1允许远程攻击者造成拒绝服务(崩溃)通过一个长端口的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1568 2供应商确认:是的跟踪包括:这是一个基于UNIX的服务器。崩溃的过程是一个孩子的过程适当的资源被释放,据报道。因为它也是一个错误,而不是缓冲区溢出,也许这并不是“可采”,因此不应该被包括在CVE。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 0418网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 0418最终决定:阶段性裁决:修改:建议:20010912分配:19990607类别:科幻参考:BUGTRAQ: 19990308 SMTP服务器帐户调查参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92100018214316&w=2拒绝服务在SMTP Sendmail等应用程序,当一个远程攻击者(如垃圾信息散布者)使用了很多“收件人”命令相同的连接。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 0418 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1046网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1046最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990302多个IMail措施参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92038879607336&w=2参考:报价:504参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=504参考:XF: imail-imonitor-overflow(1897)参考:网址:http://xforce.iss.net/static/1897.php缓冲区溢出在IMonitor IMail 5.0允许远程攻击者导致拒绝服务,并可能执行任意命令,通过一个长字符串端口8181。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1046 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1049网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1049最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990222严重安全漏洞ARCserve NT代理(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91972006211238&w=2ARCserve NT代理使用弱密码加密(XOR),它允许远程攻击者嗅身份验证请求端口6050和解密的密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1049 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1060网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1060最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990217 Tetrix 1.13.16脆弱参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91937090211855&w=2参考:报价:340参考:网址:http://www.securityfocus.com/bid/340缓冲区溢出在Tetrix TetriNet守护进程1.13.16允许远程攻击者可能导致拒绝服务和执行任意命令从一个主机连接到端口31457长DNS主机名。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1060 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1101网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1101最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990219另一个密码存储问题(可能是:Re:网景加密安全漏洞)参考:网址:http://www.securityfocus.com/archive/1/12618丽迪雅Kabsoftware实用程序使用弱加密存储用户密码的丽迪雅。ini文件,它允许本地用户方便地解密密码和获得的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1101 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1168网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1168最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990220国际空间站安装。国际空间站安全漏洞参考:网址:http://www.securityfocus.com/archive/1/12640安装。空间站安装脚本为网络安全扫描器(iss) Linux 5.3版本,允许本地用户改变任意文件的权限通过一个符号链接攻击一个临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1168 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1169网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1169最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990204 NOBO拒绝服务引用:网址:http://www.securityfocus.com/archive/1/12284nobo 1.2允许远程攻击者造成拒绝服务(崩溃)通过一系列的大型UDP数据包。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1169 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1170网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1170最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990204 WS FTP服务器远程DoS攻击参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91816507920544&w=2参考:报价:218参考:网址:http://www.securityfocus.com/bid/218IPswitch IMail允许本地用户获得更多的特权和修改或添加邮件帐户通过设置注册表键- 1920“旗帜”。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1170 3供应商确认:内容决定:SF-EXEC WS_FTP IMail由同一供应商提供,但他们属于不同的包。因此CD: SF-EXEC说创建单独的项IMail /旗帜问题与WS_FTP /标志的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1171网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1171最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990204 WS FTP服务器远程DoS攻击参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91816507920544&w=2参考:报价:218参考:网址:http://www.securityfocus.com/bid/218IPswitch WS_FTP允许本地用户获得更多的特权和修改或添加邮件帐户通过设置注册表键- 1920“旗帜”。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1171 3供应商确认:内容决定:SF-EXEC WS_FTP IMail由同一供应商提供,但他们属于不同的包。因此CD: SF-EXEC说创建单独的项IMail /旗帜问题与WS_FTP /标志的问题。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1172网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1172最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990114安全漏洞达到极大参考:网址:http://www.securityfocus.com/archive/1/11947通过设计,达到极大企业4日历和地址簿程序允许任意用户修改其他用户的日历,日历共享。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1172 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1180网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1180最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://oliver.efri.hr/的crv /安全/错误/ NT / buffer.html参考:BUGTRAQ: 19990216网站Pro v2.0 (NT)配置问题参考:网址:http://www.tryc.on.ca/archives/bugtraq/1999_1/0612.htmlO ' reilly网站1.1 e和Pro 2.0允许远程攻击者通过执行任意命令shell元字符在一个参数(1)参数。cmd或(2)args.bat。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1180 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1196网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1196最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990427元/超过D.O.S.参考:网址:http://www.securityfocus.com/archive/1/13451参考:报价:158参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=158蜂鸟超过X版本5允许远程攻击者通过畸形引起拒绝服务数据端口6000。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1196 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1201网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1201最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990206新的Windows 9 x Bug: TCP齐鸣参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91849617221319&w=2参考:报价:225参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=225Windows 95, Windows 98系统,配置了多个TCP / IP栈时绑定到相同的MAC地址,允许远程攻击者造成拒绝服务(通过一个ICMP流量放大)回波(ping)数据包,导致所有栈发送萍反应,即TCP齐鸣。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1201 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1235网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1235最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990331小错误在IE5.0参考:网址:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind9904&L=NTBUGTRAQ&P=R179参考:NTBUGTRAQ: 19990825 IE5 FTP密码暴露&索引。dat零ACL问题参考:网址:http://packetderm.cotse.com/mailing-lists/ntbugtraq/1999/0364.html参考:XF: nt-ie5-user-ftp-password(3289)参考:网址:http://xforce.iss.net/static/3289.phpInternet Explorer 5.0记录用户名和密码的FTP服务器URL的历史,这将允许(1)本地用户阅读信息从另一个用户的索引。dat,或(2)物理观察的人(“肩冲浪”)另一个用户阅读状态栏中的信息,当用户的鼠标滑过链接。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1235 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1244网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1244最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990415 fsa - 99.04 - ipfilter v3.2.10参考:网址:http://www.securityfocus.com/archive/1/13303参考:XF: ipfilter-temp-file(2087)参考:网址:http://xforce.iss.net/static/2087.php通过3.2.10 IPFilter 3.2.3允许本地用户修改任意文件通过一个符号链接攻击输出文件保存。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1244 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1245网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1245最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:XF: ucd-snmpd-community(2086)参考:网址:http://xforce.iss.net/static/2086.phpvacm ucd-snmp SNMP服务器,3.52版本,不恰当地禁用访问公共社区字符串,这可能允许远程攻击者获取敏感信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1245 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1254网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1254最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990308 Winfreeze利用都/ NT参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92099515709467&w=2参考:XF: win-redirects-freeze(1947)参考:网址:http://xforce.iss.net/static/1947.phpWindows 95、98和NT 4.0允许远程攻击者通过欺骗ICMP重定向消息引起拒绝服务从一个路由器,导致窗口来改变它的路由表。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1254 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1255网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1255最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:MISC:http://www.rootshell.com/archive-j457nxiqi3gq59dv/199902/hyperseek.txt.html参考:XF: hyperseek-modify(1914)参考:网址:http://xforce.iss.net/static/1914.phpHyperseek允许远程攻击者修改Hyperseek配置通过直接调用admin。cgi程序edit_file操作参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1255 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1256网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1256最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990304甲骨文明文密码参考:网址:http://www.securityfocus.com/archive/1/12744参考:NTBUGTRAQ: 19990304甲骨文明文密码参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92056752115116&w=2参考:XF: oracle-passwords(1902)参考:网址:http://xforce.iss.net/static/1902.phpOracle数据库助理1.0在Oracle 8.0.3企业版数据库主密码存储在spoolmain明文。日志文件创建一个新的数据库时,它允许本地用户获取密码的文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1256 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1260网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1260最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990215 KSR [T]咨询# 10:mSQL ServerStats参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91910115718150&w=2参考:XF: msql-serverstats(1777)参考:网址:http://xforce.iss.net/static/1777.phpmSQL(迷你SQL) 2.0.6允许远程攻击者获得敏感的服务器信息,如登录用户,数据库名称,通过ServerStats查询服务器版本。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1260 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1261网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1261最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990211彩虹六号缓冲区溢位.....参考网址:http://www.securityfocus.com/archive/1/12433参考:XF: rainbowsix-nick-bo(1772)参考:网址:http://xforce.iss.net/static/1772.php缓冲区溢出的彩虹六号多人允许远程攻击者引起拒绝服务,并可能执行任意命令,通过漫长的昵称(尼克)命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1261 3供应商确认:内容决定:SF-CODEBASE海报提到溢出类似于地震。如果彩虹六号是基于地震代码库(如许多视频游戏),然后CD: SF-CODEBASE建议结合成一个单一的项目所有受影响的产品。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1262网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1262最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990202无担保服务器在applet网景参考:网址:http://www.securityfocus.com/archive/1/12231参考:XF: java-socket-open(1727)参考:网址:http://xforce.iss.net/static/1727.phpJava在Netscape 4.5不适当限制applet从连接到其他主机之外的一个小应用程序被加载,这违反了Java安全模型和允许远程攻击者进行未经授权的活动。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1262 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1264网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1264最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990121 WebRamp M3远程网络访问错误引用:网址:http://www.securityfocus.com/archive/1/12048参考:BUGTRAQ: 19990203 WebRamp M3被错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91815321510224&w=2参考:XF: webramp-remote-access(1670)参考:网址:http://xforce.iss.net/static/1670.phpWebRamp M3路由器没有禁用远程telnet或HTTP访问本身,即使访问expliticly禁用。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1264 3供应商确认:没有争议的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1268网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1268最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://lists.kde.org/?l=kde-devel&m=91560433413263&w=2参考:XF: kde-konsole-hijack(1645)参考:网址:http://xforce.iss.net/static/1645.php脆弱性在KDE konsole允许本地用户劫持或观察到的其他用户通过访问特定设备。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1268 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1323网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1323最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990409 NAV女士交换与互联网电子邮件网关参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92370067416739&w=2诺顿杀毒软件对网络电子邮件网关(NAVIEG) 1.0.1.7和早些时候,女士交流和诺顿杀毒(NAVMSE) 1.5和更早的,管理员密码明文存储在(1)NAVIEG。NAVIEG ini文件,(2)ModifyPassword NAVMSE注册表键。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1323 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1369网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1369最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990414真正的媒体服务器密码存储在纯文本参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92411181619110&w=2真正的媒体RealServer (rmserver) 6.0.3.353在全局rmserver明文存储密码。cfg文件,它允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1369 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1370网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1370最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990323 MSIE 5安装程序禁用屏幕保护程序参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92220197414799&w=2Internet Explorer 5.0的安装向导(ie5setup.exe)禁用(1)屏幕保护程序,这可能会让系统用户的物理访问,如果故障发生在一个无人值守安装,和(2)任务调度程序服务,这可能防止重要的计划执行安全程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1370 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1371网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1371最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990308 Solaris“/ usr / bin /写”错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92100752221493&w=2参考:MISC:http://www.securiteam.com/exploits/5ZP0O1P35O.html缓冲区溢出在/usr/bin/write Solaris 2.6和7允许本地用户获得特权通过一个长字符串在终端名称参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1371 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1372网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1372最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990219明文密码在牵引的远程管理软件参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91966339502073&w=2Triactive远程管理器启用了基本身份验证的用户名和密码存储在明文在注册表键值,这可能允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1372 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1373网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1373最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990105 Re:网络扫描漏洞[摘要]参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91651770130771&w=2前前PowerHub 5.0.1允许远程攻击者造成拒绝服务(挂)通过TCP SYN扫描与TCP / IP操作系统指纹识别,例如通过nmap。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1373 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1374网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1374最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990427 Re:购物车暴露CC数据参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92523159819402&w=2perlshop。cgi购物车程序敏感客户信息存储在web根目录下的目录和文件,它允许远程攻击者通过一个HTTP请求来获取这些信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1374 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1375网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1375最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990211使用无线光通信在ASP查看任何参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91877455626320&w=2参考:报价:230参考:网址:http://www.securityfocus.com/bid/230showfile FileSystemObject(无线光通信)。asp活动服务器页面(asp)允许远程攻击者读取任意文件通过指定文件中的名称参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1375 3供应商确认:目前尚不清楚showfile。asp是利用,或脆弱的项目。此外,它是未知的无线光通信是否会这样做(类似于一个open()调用)。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1376网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1376最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990114 MS IIS 4.0安全咨询参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91632724913080&w=2参考:BUGTRAQ: 19990114 MS IIS 4.0安全咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91638375309890&w=2在fpcount缓冲区溢出。exe在IIS 4.0首页服务器扩展允许远程攻击者执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1376 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1397网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1397最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990323索引服务器2.0和注册表参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92242671024118&w=2参考:NTBUGTRAQ: 19990323索引服务器2.0和注册表参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92223293409756&w=2参考:报价:476参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=4762.0索引服务器IIS 4.0物理路径信息存储在AllowedPaths ContentIndex \目录中注册表子项的注册表键,其权限允许本地和远程用户获得的物理路径的目录索引。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1397 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1405网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1405最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990217提前为AIX实用程序。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91936783009385&w=2参考:BUGTRAQ: 19990220 Re:提前为AIX实用程序。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91954824614013&w=2参考:报价:375参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=3754.3.2之前提前命令在AIX创建/ tmp / ibmsupt目录全局权限,不删除或清晰的目录执行提前——时,这可能允许本地用户访问跟踪密码文件通过创建/ tmp / ibmsupt /一般/ passwd根运行之前提前一。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1405 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1422网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1422最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19990102路径变量zip-slackware 2.0.35参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91540043023167&w=2参考:报价:211参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=211Slackware 3.4的默认配置,可能还有其他版本,包括。(点,当前目录)在PATH环境变量,这可能允许本地用户创建特洛伊木马程序无意中执行的其他用户。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1422 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1430网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1430最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990102安全问题与皇家达芬奇参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91540043723185&w=2参考:报价:185参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=185为皇家达芬奇PIM软件不正确password-protext访问数据存储在. mdb文件(Microsoft access),它允许本地用户读取数据没有密码通过直接访问文件与不同的应用程序,比如访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1430 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1431网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1431最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990107 WinNT, ZAK和Office 97参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91576100022688&w=2参考:NTBUGTRAQ: 19990109 WinNT, ZAK和Office 97参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91606260910008&w=2参考:报价:181参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=181ZAK Appstation模式允许用户绕过“只允许运行应用程序”政策由探险家从办公室97年开始应用程序(如文字),安装软件到临时目录,并改名为允许应用程序,比如Winword.exe。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1431 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1440网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1440最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 98 Win32 ICQ 19990101引用一个缺陷:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91522424302962&w=2参考:报价:132参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=132Win32 ICQ 98 1.30,可能其他版本,不显示整个长文件名的一部分,它可以让攻击者发送一个可执行文件长名字,其中包含很多空间,. exe扩展不显示,可以让用户相信来自客户机的文件是安全的打开。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1440 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1453网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1453最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990222新它的脆弱性:剪贴板。参考网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91979439932341&w=2参考:报价:215参考:网址:http://www.securityfocus.com/bid/215Internet Explorer 4允许远程攻击者(恶意网站运营商)读取剪贴板的内容通过互联网浏览器ActiveX对象。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1453 3供应商确认:未知这非常类似于cve - 1999 - 0384,但这一处理表单的脆弱性。这个问题和固定在1月21日宣布,但这个问题是2月21日宣布,所以CD: SF-LOC建议让他们分开。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1482网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1482最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990219安全漏洞:“zgv”参考:网址:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999 - 02 - 15 - &msg=pine.lnx.3.96.990219175605.9622a - 100000 @ferret.lmh.ox.ac.ukSVGAlib zgv 3.0 7,早些时候通过特权允许本地用户获得root访问泄漏的iopl子进程(3)特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1482 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1495网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1495最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19990218 xtvscreen和suse 6参考:网址:http://www.securityfocus.com/archive/1/12580参考:XF: xtvscreen-overwrite(1792)参考:网址:http://xforce.iss.net/static/1792.php参考:报价:325参考:网址:http://www.securityfocus.com/bid/325xtvscreen在SuSE Linux 6.0允许本地用户覆盖通过符号链接攻击pic000任意文件。pnm文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1495 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1538网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1538最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990114 MS IIS 4.0安全咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91638375309890&w=2参考:NTBUGTRAQ: 19990114 MS IIS 4.0安全咨询参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=91632724913080&w=2参考:报价:189参考:网址:http://www.securityfocus.com/bid/189当IIS 2或3升级到IIS 4,供应管理协会(ism)。dll是无意中在/脚本/ iisadmin,不限制访问本地计算机和服务器允许未经授权的用户访问敏感信息,包括管理员的密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1538 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1544网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1544最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990124咨询:IIS FTP利用/ DoS攻击参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=91722115016183&w=2缓冲区溢出在微软的FTP服务器IIS 3.0和4.0有时允许本地和远程攻击者通过长NLST引起拒绝服务(ls)命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1544 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1546网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1546最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990129木马:netstation.navio-comm。rte 1.1.0.1参考:网址:http://www.securityfocus.com/archive/1/12217参考:XF: navionc-config-script(1724)参考:网址:http://xforce.iss.net/static/1724.phpnetstation.navio-com。rte 1.1.0.1配置脚本Navio数控在IBM AIX NFS / tmp /出口全局可读、全局可写的。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1546 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1551网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1551最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990302多个IMail措施参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92038879607336&w=2参考:报价:505参考:网址:http://www.securityfocus.com/bid/505参考:XF: imail-websvc-overflow(1898)参考:网址:http://xforce.iss.net/static/1898.php缓冲区溢出在Ipswitch IMail服务5.0允许攻击者可能导致拒绝服务(崩溃)和通过一个长URL执行任意命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1551 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1553网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1553最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990301 [0 z0n3] XCmail远程利用的脆弱性参考:网址:http://www.securityfocus.com/archive/1/12730参考:报价:311参考:网址:http://www.securityfocus.com/bid/311参考:XF: xcmail-reply-overflow(1859)参考:网址:http://xforce.iss.net/static/1859.php缓冲区溢出在XCmail 0.99.6启用了autoquote允许远程攻击者执行任意命令通过一个主题。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1553 3供应商确认:未知discloser-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1557网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1557最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990301多个IMail措施参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92038879607336&w=2参考:XF: imail-imap-overflow(1895)参考:网址:http://xforce.iss.net/static/1895.php缓冲区溢出在IMAP服务器登录功能(imapd) Ipswitch IMail 5.0和更早的允许远程攻击者可能导致拒绝服务和执行任意代码通过(1)长用户名或(2)一个密码。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1557 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1559网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1559最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990331木聚糖OmniSwitch“特性”参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92299263017061&w=2参考:XF: xylan-omniswitch-login(2064)参考:网址:http://xforce.iss.net/static/2064.php木聚糖OmniSwitch 3.2.6允许远程攻击者绕过登录提示符之前通过ctrl - d (d)控制字符,其他用户锁的开关,因为它只支持一个会话。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1559 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: