(提案)集群遗产- misc - 1999 b - 67的候选人

我提出集群遗产- misc - 1999 b,供编辑部评论和投票。名称:遗产- misc - 1999 b描述:遗产候选人宣布5/1/1999与8/31/1999大小:67年通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。所以如果你没有足够的信息对候选人但你不想等待,使用一个回顾。 ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-1999-1019 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1019最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990623 Cabletron谱安全漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398713491&w=2参考:BUGTRAQ: 19990624 Re: Cabletron谱安全漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93024398513475&w=2参考:报价:495参考:网址:http://www.securityfocus.com/bid/495SpectroSERVER Cabletron谱企业管理器5.0安装不安全的权限的目录树,它允许本地用户特权执行(processd)替换为一个特洛伊木马,促进根或管理员妥协。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1019 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1156网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1156最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990517漏洞BisonWare FTP服务器3.5参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R2698参考:XF: bisonware-port-crash(2254)参考:网址:http://xforce.iss.net/static/2254.phpBisonWare 4.1和更早的FTP服务器上允许远程攻击者通过畸形引起拒绝服务端口的命令包含一个非数字字符和大量的回车。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1156 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1336网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1336最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:[hiperbomb BUGTRAQ: 19990812 3 com hiperarch缺陷。c]参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93458364903256&w=2参考:BUGTRAQ: 19990816 Re: 3 com (hiperbomb hiperarch缺陷。c]参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93492615408725&w=23 com HiPer接入路由器卡(HiperARC) 4.0通过4.2.29允许远程攻击者造成拒绝服务(重启)通过大量的IAC数据包的telnet端口。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1336 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1337网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1337最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990801午夜指挥官脆弱性(?)(fwd)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93370073207984&w=2FTP客户端在午夜指挥官(mc) 4.5.11访问站点的用户名和密码明文存储在全局历史文件,它允许其他本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1337 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1354网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1354最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990830 SoftArc一流的电子邮件客户端引用:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93637687305327&w=2参考:NTBUGTRAQ: 19990909 SoftArc一流的电子邮件客户端引用:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93698283309513&w=25.506和更早的电子邮件客户端在Softarc一流的互联网服务器上存储用户名和密码的明文文件(1)回家。俱乐部为5.506版本,(2)网络。fc 3.5版本,或(3)FCCLIENT。当启用日志记录日志。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1354 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1414网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1414最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990525安全泄漏与IBM Netfinity远程控制软件参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92765856706547&w=2参考:NTBUGTRAQ: 19990609 IBM的反应“安全泄漏与IBM Netfinity远程控制软件参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92902484317769&w=2参考:报价:284参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=284IBM Netfinity远程控制允许本地用户获得管理员权限启动项目的进程管理器,运行与系统级权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1414 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1478网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1478最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990706错误在SUN的Hotspot VM参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827429589&w=2参考:NTBUGTRAQ: 19990716弗兰克-威廉姆斯:(评论ID: 85125)热点崩溃降低网络服务器参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93240220324183&w=2参考:报价:522参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=522参考:XF: sun-hotspot-vm(2348)参考:网址:http://xforce.iss.net/static/2348.php太阳HotSpot VM性能引擎允许远程攻击者造成拒绝服务运行在任何服务器通过一个URL,包括热点[性格。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1478 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1490网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1490最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19980528警报:烦人的安全漏洞在“xosview”, RedHat5.1吗?参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926021&w=2参考:BUGTRAQ: 19980529 Re:烦人的安全漏洞在“xosview”(xosexp.c)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=90221101926034&w=2参考:报价:362参考:网址:http://www.securityfocus.com/bid/362xosview 1.5.1在Red Hat 5.1允许本地用户获得root访问通过长家里环境变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1490 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1535网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1535最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990720缓冲区溢出AspUpload 1.4参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93256878011447&w=2参考:NTBUGTRAQ: 19990818 AspUpload缓冲区溢位固定参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93501427820328&w=2参考:报价:592参考:网址:http://www.securityfocus.com/bid/592参考:XF: http-aspupload-bo(3291)参考:网址:http://xforce.iss.net/static/3291.php在AspUpload缓冲区溢出。dll在Persits软件AspUpload 1.4.0.2允许远程攻击者引起拒绝服务,并可能执行任意命令,通过在HTTP请求参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1535 2供应商确认:是的跟踪投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1560网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1560最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990720虎脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93252050203589&w=2参考:XF: tiger-script-execute(2369)参考:网址:http://xforce.iss.net/static/2369.php脆弱性在脚本在德州农工大学(TAMU)老虎允许本地用户执行任意命令作为老虎用户,通常根。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1560 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1565网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1565最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990820(安全)的新版本man2html修复postinst故障参考:网址:http://www.securityfocus.com/archive/1/247842.1和更早的Man2html允许本地用户覆盖任意文件通过一个符号链接攻击一个临时文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1565 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1012网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1012最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:BUGTRAQ: 19990504 / 400参考:网址:http://www.securityfocus.com/archive/1/13527参考:报价:173参考:网址:http://www.securityfocus.com/bid/173Lotus Domino的SMTP组件4.6.1 AS / 400,可能还有其他操作系统,允许远程攻击者崩溃邮件服务器通过一个长字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1012 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1016网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1016最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990827 HTML代码崩溃IE5和Outlook Express 5参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93578772920970&w=2参考:报价:606参考:网址:http://www.securityfocus.com/bid/606微软HTML控件用于Internet Explorer 5.0(1),(2)首页表达,(3)Outlook Express 5,和(4)尤朵拉,甚至别人,允许远程恶意网站或HTML电子邮件引起拒绝服务(100% CPU消耗)等大型HTML表单字段通过文本输入表中的细胞分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1016 3供应商确认:内容决定:EX-CLIENT-DOS, SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1017网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1017最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990728西雅图实验室EMURL脆弱性参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93316253431588&w=2参考:报价:544参考:网址:http://www.securityfocus.com/bid/544西雅图实验室Emurl 2.0,可能是早期版本,电子邮件附件存储在一个特定的目录中启用脚本后,它允许一个恶意的ASP文件附件执行当收件人打开消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1017 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1018网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1018最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990727 Linux 2.2.10 ipchains咨询参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93312523904591&w=2参考:报价:543参考:网址:http://www.securityfocus.com/bid/543IPChains不早些时候在Linux内核2.2.10和IP碎片重组之前检查的标题信息,它允许远程攻击者绕过过滤规则使用几个片段为0的偏移量。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1018 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1023网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1023最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990610太阳Useradd程序过期日期错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92904175406756&w=2参考:报价:426参考:网址:http://www.securityfocus.com/bid/426useradd在Solaris 7.0不正确解释特定日期格式中指定的“e”(到期日)参数,这将允许用户登录后他们的账户已经过期。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1023 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1024网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1024最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:BUGTRAQ: 19990616 tcpdump 3.4错误?参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92955903802773&w=2参考:BUGTRAQ: 19990617 Re: tcpdump 3.4错误?参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92963447601748&w=2参考:BUGTRAQ: 19990620 Re: tcpdump 3.4错误?(最终)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92989907627051&w=2参考:报价:313参考:网址:http://www.securityfocus.com/bid/313ip_print程序Tcpdump 3.4允许远程攻击者造成拒绝服务通过一个包和一个零长度的头,导致无限循环和核心转储Tcpdump输出数据包。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1024 3供应商确认:内容决定:SF-LOC - 2000 - 0333,这个候选人似乎是两个不同的细菌在不同的地方在tcpdump。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1028网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1028最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990528 DoS攻击个人电脑在任何地方引用:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92807524225090&w=2参考:报价:288参考:网址:http://www.securityfocus.com/bid/288赛门铁克pcAnywhere 8.0允许远程攻击者造成拒绝服务(CPU利用率)通过大量数据端口5631。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1028 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1029网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1029最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990513 - J.J.F. /黑客团队为SSHD 2警告。x暴力破解密码破解工具参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92663402004280&w=2参考:报价:277参考:网址:http://www.securityfocus.com/bid/277参考:XF: ssh2-bruteforce(2193)参考:网址:http://xforce.iss.net/static/2193.phpSSH服务器(sshd2)之前2.0.12不正确记录登录尝试,如果连接关闭之前尝试的最大数量,允许远程攻击者猜测密码没有出现在审计日志。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1029 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1030网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1030最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:BUGTRAQ: 19990519拒绝服务柜台。exe 2.70版本参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92713790426690&w=2参考:NTBUGTRAQ: 19990519拒绝服务柜台。exe 2.70版本参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92707671717292&w=2参考:报价:267参考:网址:http://www.securityfocus.com/bid/267计数器。exe 2.70允许远程攻击者造成拒绝服务(挂)通过一个HTTP请求,以% 0 a(换行符),导致畸形的条目在计数器日志产生一个访问违例。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1030 3供应商确认:内容决定:SF-LOC抽象:% 0 a可能和“长字符串”剂量都是有关一个问题(也许他们都产生一个日志文件畸形,计数器。exe进程吗?)然而,利用的性质似乎显示不同的根本问题,因此CD: SF-LOC表明分离成单独的条目。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1031网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1031最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:BUGTRAQ: 19990519拒绝服务柜台。exe 2.70版本参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92713790426690&w=2参考:NTBUGTRAQ: 19990519拒绝服务柜台。exe 2.70版本参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92707671717292&w=2参考:报价:267参考:网址:http://www.securityfocus.com/bid/267计数器。exe 2.70允许远程攻击者造成拒绝服务(挂)通过一个长期的观点。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1031 3供应商确认:内容决定:SF-LOC抽象:% 0 a可能和“长字符串”剂量都是有关一个问题(也许他们都产生一个日志文件畸形,计数器。exe进程吗?)然而,利用的性质似乎显示不同的根本问题,因此CD: SF-LOC表明分离成单独的条目。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1033网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1033最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990511 Outlook Express的Win98错误引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407427342&w=2参考:BUGTRAQ: 19990512 Outlook Express Win98 bug,加法。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92663402004275&w=2参考:报价:252参考:网址:http://www.securityfocus.com/bid/252前微软Outlook Express 4.72.3612.1700允许恶意用户发送一条消息,其中包含一个. .,无意中导致前景重新POP3命令模式和引起POP3会话挂。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1033 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1052网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1052最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:参考:BUGTRAQ: 19990824首页form_results参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93582550911564&w=2网页制作形式的结果存储在/ _private / form_results默认位置。txt是全局和访问文档中的根,它允许远程攻击者读取其他用户提交的敏感信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1052 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1063网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1063最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990601 whois_raw。cgi问题参考:网址:http://www.securityfocus.com/archive/1/14019参考:报价:304参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=304参考:XF: http-cgi-cdomain(2251)参考:网址:http://xforce.iss.net/static/2251.phpCDomain whois_raw。cgi whois cgi脚本允许远程攻击者通过执行任意命令shell元字符的fqdn参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1063 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1064网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1064最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990822参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93555317429630&w=2参考:BUGTRAQ: 19990824 Re: WindowMaker bug(子:没有)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93582070508957&w=2参考:报价:596参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=596多个缓冲区溢出WindowMaker 0.52通过0.60.0允许攻击者可能导致拒绝服务和执行任意命令通过执行WindowMaker长程序名(argv [0])。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1064 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1078网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1078最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990729 WS_FTP Pro 6.0弱密码加密漏洞参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9907&L=ntbugtraq&D=0&P=10370&F=P参考:报价:547参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=547WS_FTP Pro 6.0使用弱加密密码的初始化文件,它允许远程攻击者轻易解密密码和获得的特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1078 3供应商确认:揭露者指Bugtraq后从1997年开始,他们说的是解密程序的早期版本,但是这真的是相同的算法和程序的影响?ws_ftp BUGTRAQ: 19970811程序解密密码。ini投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1080网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1080最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990510 SunOS 5.7 rmmount,没有nosuid。参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92633694100270&w=2参考:BUGTRAQ: 19991011参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93971288323395&w=2参考:报价:250参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=250rmmount SunOS 5.7可以挂载文件系统没有设置nosuid标志,与以前版本的文档和使用SunOS,这可能允许本地用户与物理访问获得根权限安装软盘或光盘包含volcheck setuid程序并运行,当文件系统没有在rmmount.conf nosuid选项指定。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1080 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1086网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1086最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990715 NMRC咨询:Netware 5端劫持参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93214475111651&w=2参考:报价:528参考:网址:http://www.securityfocus.com/bid/528Novell 5和早些时候,当运行在IPX包签名小于3级,允许远程攻击者获得管理员权限的MAC地址欺骗IPC支离破碎的数据包,使网络核心协议(NCP)调用。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1086 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1097网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1097最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990504微软网络会议洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92586457816446&w=2参考:XF: netmeeting-clipboard(2187)参考:网址:http://xforce.iss.net/static/2187.php微软网络会议2.1允许一个客户阅读另一个客户的剪贴板的内容通过ctrl - c在聊天框的时候盒子是空的。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1097 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1130网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1130最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19990730网景Enterprise Server让步JHTML参考来源:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93346448121208&w=2参考:NTBUGTRAQ: 19990730网景Enterprise Server让步JHTML参考来源:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93337389603117&w=2参考:报价:559参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=559搜索引擎在网景企业服务器的默认配置3.5.1,可能还有其他版本,允许远程攻击者读取JHTML源文件使用HTML-tocrec-demo1通过指定一个搜索命令。帕特模式文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1130 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1164网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1164最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990625前景拒绝服务引用:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93041631215856&w=2Microsoft Outlook客户机允许远程攻击者造成拒绝服务通过发送多个邮件X-UIDL相同的标题,使前景挂。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1164 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1166网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1166最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990711 Linux 2.0.37段限制错误引用:网址:http://www.securityfocus.com/archive/1/18156参考:报价:523参考:网址:http://www.securityfocus.com/bid/523Linux 2.0.37不正确编码自定义段极限,它允许本地用户获得根权限访问和修改内核内存。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1166 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1195网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1195最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990505奈杀毒更新问题参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92587579032534&w=2参考:BUGTRAQ: 19990505奈杀毒更新问题参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92588169005196&w=2参考:报价:169参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=169奈麦咖啡NT 4.0.2不适当修改扫描。dat在更新病毒定义文件通过FTP,但报告,更新成功,这可能导致系统管理员认为正确的定义已经更新。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1195 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1227网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1227最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://www.ethereal.com/lists/ethereal-dev/199907/msg00126.html参考:MISC:http://www.ethereal.com/lists/ethereal-dev/199907/msg00130.html参考:XF: ethereal-dev-capturec-root(3334)参考:网址:http://xforce.iss.net/static/3334.php飘渺的允许本地用户覆盖任意文件通过一个符号链接攻击数据包捕获文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1227 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1231网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1231最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990609 ssh advirsory参考:网址:http://www.securityfocus.com/archive/1/14758参考:XF: ssh-leak(2276)参考:网址:http://xforce.iss.net/static/2276.phpssh 2.0.12,可能还有其他版本,允许有效用户名试图多次输入正确的密码,但只有提示无效的用户名的密码,它允许远程攻击者,以确定服务器上的用户帐户名。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1231 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1237网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1237最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990606缓冲区溢出smbval图书馆参考:网址:http://www.securityfocus.com/archive/1/14384参考:XF: smbvalid-bo(2272)参考:网址:http://xforce.iss.net/static/2272.php多个缓冲区溢出smbvalid / smbval SMB身份验证库,用于Apache:: AuthenSmb和可能的其他模块,允许远程攻击者执行任意命令通过(1)用户名,(2)一个长的密码,(3)其他未详细说明的方法。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1237 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1241网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1241最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://oliver.efri.hr/的crv /安全/错误/ NT / activex4.html参考:XF: ie-filesystemobject(2173)参考:网址:http://xforce.iss.net/static/2173.phpInternet Explorer,安全设置低于中等,允许远程攻击者执行任意命令通过一个恶意网页,使用FileSystemObject ActiveX对象。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1241 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1338网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1338最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990721委托为任何人引用创建目录可写:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93259112204664&w=2委托代理5.9.3和早些时候创建文件和目录在DGROOT人人可写的权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1338 3供应商确认:内容决定:SF-LOC补丁显示多行源代码中坏的权限设置,例如通过各种mkdir()调用。CD: SF-LOC建议把它们结合成一个条目的问题是相同的类型。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1348网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1348最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990630则似乎没有正确处理/etc/pam.d /重启参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93220073515880&w=2则在Red Hat Linux 6.0和更早的不恰当地禁用PAM-based关闭命令,这可能允许本地用户造成拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1348 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1365网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1365最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990628 NT Explorer运行。exe,任务管理器。exe等从错误的位置参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93069418400856&w=2参考:NTBUGTRAQ: 19990630更新:NT explorer运行。exe等等……参考网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93127894731200&w=2Windows NT搜索用户的主目录(默认% systemroot %)在其他目录找到NDDEAGNT等关键项目。EXE,探险家。EXE, USERINIT。EXE或任务管理器。EXE,允许本地用户绕过访问限制或获得特权通过将一个特洛伊木马程序根目录,默认情况下是可写的。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1365 3供应商确认:% systemroot %被用户可写的是与微软推荐配置。所以,这只是其中的一个含义是坏配置问题?投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1366网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1366最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990515飞马邮件弱加密参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92714118829880&w=23.0和更早的飞马电子邮件客户端使用弱加密存储POP3 pmail密码。ini文件,它允许本地用户方便地解密密码和阅读电子邮件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1366 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1367网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1367最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:00. http://www.pcworld.万博下载包com/news/article/0,援助,10842年,aspInternet Explorer 5.0不正确的用户名/密码重置缓存不使用标准的Web站点缓存控件,可以让用户在同一个系统上访问限制其他用户访问的网站。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1367 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1368网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1368最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990512 InoculateIT 4.53实时交换扫描仪有缺陷的参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92652152723629&w=2参考:NTBUGTRAQ: 20001116 InoculateIT AV选择Exchange服务器引用女士:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=97439568517355&w=2AV选择女士InoculateIT Exchange服务器选择4.53,可能还有其他版本,只有扫描收件箱文件夹树的Microsoft Exchange服务器,这样能让病毒不会被检测,如果用户的规则导致消息移动到不同的邮箱。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1368 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1378网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1378最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990917 dbmlparser chroot不当。exe参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93250710625956&w=2dbmlparser。exe CGI留言板程序不执行chroot操作得当,它允许远程攻击者读取任意文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1378 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1393网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1393最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://freaky.staticusers.net/macsec/data/powerbooksecurity-data.html参考:报价:532参考:网址:http://www.securityfocus.com/bid/532控制面板“密码安全”选项为苹果powerbook允许攻击者对机器的物理访问绕过安全通过启动紧急启动盘,使用磁盘编辑器修改开/关开关或aaaaaaaAPWD密码文件,通常无法访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1393 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1394网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1394最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990702 BSD-fileflags参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93094058620450&w=2参考:报价:510参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=510基于BSD 4.4操作系统,运行时安全1级,允许root用户明确文件的不可变的和扩展旗帜卸载文件系统并使用文件系统编辑器如fsdb通过装置直接对文件进行修改。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1394 3供应商确认:由达伦·里德跟踪表明,这个问题可能是缺乏明确的文档的特定的安全设置。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1400网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1400最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990603巨大的利用NT 4.0 SP5启用了密码保护的屏幕保护程序参考:网址:http://archives.indenial.com/hypermail/ntbugtraq/1999/June1999/0007.html参考:NTBUGTRAQ: 19990603 Re:巨大的利用NT 4.0 SP5与密码Protecti屏幕保护程序启用。参考网址:http://archives.indenial.com/hypermail/ntbugtraq/1999/June1999/0009.html参考:NTBUGTRAQ: 19990604《经济学人》官方回应re: 1999屏幕保护程序参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92851653600852&w=2参考:报价:466参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=4661999年经济学家屏幕保护程序启用了“密码保护”选项允许用户与物理访问绕过屏保和读取文件的机器通过运行Internet Explorer时屏幕仍然是锁着的。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1400 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1412网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1412最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990603 MacOS X系统恐慌与CGI参考:网址:http://www.securityfocus.com/archive/1/14215参考:报价:306参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=306可能苹果MacOS X 1.0版本之间的交互和Apache HTTP服务器允许远程攻击者造成拒绝服务(崩溃)通过大量的HTTP GET请求CGI程序,产生大量的过程。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1412 3供应商确认:抽象:问题可能是特有MacOS X和因此可能不是与Apache。其他的描述这个问题可能不包括Apache。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1418网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1418最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990501更新:安全漏洞ICQ-Webserver参考:网址:http://www.securityfocus.com/archive/1/13508参考:报价:246参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=246ICQ99 ICQ web服务器启用了“积极主页”的建造1701生成允许远程攻击者决定存在的文件在服务器上通过比较服务器响应文件存在时(“404禁止”)与当一个文件不存在(“404 not found”)。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1418 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1444网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1444最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:MISC:http://catless.ncl.ac.uk/Risks/20.41.html subj4genkey效用在阿里巴巴2.0生成RSA密钥对和一个指数,导致交易都以明文发送。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1444 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1460网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1460最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990713根烫发了巡逻SNMP代理3.2(所有其他的方法吗?)参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93198293132463&w=2参考:BUGTRAQ: 19990801 Re:根烫发了巡逻SNMP代理3.2(所有其他的方法吗?)参考网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93372579004129&w=2参考:报价:525参考:网址:http://www.securityfocus.com/bid/525BMC巡逻SNMP代理之前3.2.07允许本地用户创建任意对外公开文件作为根用户通过指定目标文件作为第二个参数snmpmagt程序。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1460 3供应商确认:是的后续内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1470网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1470最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990624伊士曼软件工作管理3.21参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93034788412494&w=2参考:XF: eastman-cleartext-passwords(2303)参考:网址:http://xforce.iss.net/static/2303.php参考:报价:485参考:网址:http://www.securityfocus.com/bid/485伊士曼工作管理3.21将密码明文存储在通用和定位器注册表键值,这可能允许本地用户获得特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1470 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1485网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1485最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990531 IRIX 6.5 nsd虚拟文件系统脆弱性参考:网址:http://www.securityfocus.com/archive/1/13999参考:XF: sgi-nsd-view(2246)参考:网址:http://xforce.iss.net/static/2246.php参考:XF: sgi-nsd-create(2247)参考:网址:http://xforce.iss.net/static/2247.php参考:报价:412参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=412nsd IRIX 6.5通过UDP端口6.5.2出口一个虚拟文件系统,它允许远程攻击者查看文件和可能导致拒绝服务安装nsd虚拟文件系统。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1485 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1496网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1496最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990608不必要的信息在sudo参考:网址:http://www.securityfocus.com/archive/1/14665参考:报价:321参考:网址:http://www.securityfocus.com/bid/321参考:XF: sudo-file-exists(2277)参考:网址:http://xforce.iss.net/static/2277.phpSudo 1.5在Debian Linux 2.1和Red Hat 6.0允许本地用户决定任意文件的存在试图执行目标文件名作为程序,生成一个不同的文件不存在时的错误消息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1496 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1510网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1510最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990517漏洞BisonWare FTP服务器3.5参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=92697301706956&w=2参考:XF: bisonware-command-bo(3234)参考:网址:http://xforce.iss.net/static/3234.php缓冲区溢出在Bisonware FTP服务器4.1允许远程攻击者导致拒绝服务,并可能执行任意命令,通过长(1)用户,(2)列表,或者(3)命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1510 3供应商确认:是的内容决定:SF-LOC拉斯·库珀NTBugraq编辑邮件的副本Arne Vidstrom BisonWare的观察。尼克·巴恩斯的BisonWare回答Vidstrom的每个问题的答案。拉斯总结了交换。尼克·巴恩斯承认4.1版本中修复所有缓冲区溢出的命令参数。——豌豆投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1513网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1513最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990830一个3 com SNMP脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93616983223090&w=2管理信息库(MIB) 3 com SuperStack II枢纽运行软件2.10版包含一个对象标识符(.1.3.6.1.4.1.43.10.4.2)是由一个只读访问社区字符串,但社区字符串列表整个表,这可能允许攻击者进行未经授权的活动。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1513 3供应商确认:不,我认为这是一个多违约或弱密码的问题。如果我没记错的话,从几年前的一些工作我需要我读一些MIB规格,我发现MIB定义一个对象作为密码只编写对象,这样就没有人能读懂它。3 com enterprise MIB可能没有这样做。影响读写社区字符串允许攻击者修改路由器或交换机配置信息是非常严重的。在这种情况下攻击者会使用一个默认的社区字符串或一个已知攻击者访问读写字符串。我已经分类这个软件问题,因为一个bugtraq消息线程提到它是固定的2.12版。——豌豆投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1514网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1514最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:NTBUGTRAQ: 19990729 ExpressFS 2。远程x FTPServer可利用的缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94130292519646&w=2参考:BUGTRAQ: 19990729 ExpressFS 2。远程x FTPServer可利用的缓冲区溢出漏洞参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=94121377716133&w=2参考:报价:749参考:网址:http://www.securityfocus.com/bid/749参考:XF: expressfs-command-bo(3401)参考:网址:http://xforce.iss.net/static/3401.php缓冲区溢出在Celtech ExpressFS FTP服务器2。x允许远程攻击者造成拒绝服务,以及可能执行任意命令,通过用户命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1514 3供应商确认:没有投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1515网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1515最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:报价:613参考:网址:http://www.securityfocus.com/bid/613参考:XF: tfs-gateway-dos(3290)参考:网址:http://xforce.iss.net/static/3290.phpTenFour TFS的非默认配置网关4.0允许攻击者造成拒绝服务通过消息发送者和接受者与不正确的地址,导致通往不断试图返回消息每10秒。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1515 3供应商确认:未知的内容决定:CF投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1518网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1518最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990715共享内存DoS的参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93207728118694&w=2参考:报价:526参考:网址:http://www.securityfocus.com/bid/526参考:XF: bsd-shared-memory-dos(2351)参考:网址:http://xforce.iss.net/static/2351.php4.4操作系统共享内存实现基于BSD代码允许用户进行拒绝服务,绕过内存限制(例如,指定rlimits)使用mmap或shmget来分配内存并导致页面错误。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1518 3供应商确认:未知的内容决定:SF-CODEBASE利用代码包含在BugTraq题为“共享内存DoS”7月15日,1999年发布的迈克·佩里在这个网址:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990715003612.A18130@mikepery.linuxos.org——豌豆投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1520网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1520最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19990511[警告]网站服务器3.0可能暴露的SQL id和私人养老院工作人员参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=92647407227303&w=2参考:报价:256参考:网址:http://www.securityfocus.com/bid/256参考:XF: siteserver-site-csc(2270)参考:网址:http://xforce.iss.net/static/2270.php3.0在微软网站服务器配置问题存在于广告服务器示例目录(AdSamples)允许攻击者检索网站。CSC,暴露敏感SQL数据库信息。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1520 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1524网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1524最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990807 Re: FlowPoint DSL路由器脆弱性参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93424680430460&w=2FlowPoint DSL路由器固件版本之前3.0.8允许远程攻击者利用一个密码恢复功能从网络,进行暴力破解密码猜测,而不是限制串行控制台端口的功能。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1524 3供应商确认:未知模糊咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1536网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1536最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:CF参考:BUGTRAQ: 19990730人人可写的根在SalesBuilder拥有脚本(RedHat 6.0)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93347785827287&w=2参考:报价:560参考:网址:http://www.securityfocus.com/bid/560.sbstart启动脚本在AcuShop Salesbuilder人人可写的,它允许本地用户获得特权命令添加到该文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1536 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1537网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1537最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:SSL和IIS NTBUGTRAQ: 19990707。参考网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93138827329577&w=2参考:报价:521参考:网址:http://www.securityfocus.com/bid/521参考:XF: ssl-iis-dos(2352)参考:网址:http://xforce.iss.net/static/2352.phpIIS 3。x和4。x不区分页面需要加密和那些不这样做,它允许远程攻击者造成拒绝服务(资源枯竭)通过SSL请求正常的HTTPS端口未加密的文件,这将导致IIS通过SSL执行额外的工作来发送文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1537 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1543网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1543最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990710 MacOS系统加密算法参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93188174906513&w=2参考:BUGTRAQ: 19990914 MacOS系统加密算法3参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93736667813924&w=2参考:报价:519参考:网址:http://www.securityfocus.com/bid/519MacOS使用弱加密的密码存储在数据文件的用户和组。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1543 3供应商确认:未知的内容决定:DESIGN-WEAK-ENCRYPTION投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1545网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1545最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990714参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93216103027827&w=2参考:BUGTRAQ: 19990717乔2.8使全局DEADJOE参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=93226771401036&w=2乔自己的编辑器(乔)2.8 crash-save文件设置全局权限,DEADJOE,允许本地用户阅读其他用户正在编辑的文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1545 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1561网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1561最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990820 Winamp SHOUTcast服务器:获得管理员密码参考:网址:http://www.securityfocus.com/archive/1/24852Nullsoft SHOUTcast服务器的管理密码明文存储在一个配置文件(sc_serv.conf),这可能允许本地用户在服务器上获得管理权限。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1561 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 1999 - 1566网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 1999 - 1566最终决定:阶段性裁决:修改:建议:20010912分配:20010831类别:科幻参考:BUGTRAQ: 19990508 iParty守护程序漏洞w /利用代码(比想法吗?)参考网址:http://www.securityfocus.com/archive/1/13600缓冲区溢出iParty server 1.2和更早的允许远程攻击者造成拒绝服务(崩溃)连接到默认的6004端口和发送重复扩展字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 1999 - 1566 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: