(提案)集群老- 2000 - 20的候选人

我提出集群旧- 2000 a由编辑委员会审查和投票。虽然它可能被命名为好,它包括从2001年的一些问题。没有“老- 2000 b”集群,但我预计在未来可能会有。名称:老- 2000描述:年长的候选人宣布2/1/2000与2/27/2001大小:20你可能通过修改这封邮件投票表决候选人,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-1190 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1190最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:BUGTRAQ: 20000531 Re:罢工# 2参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95984116811100&w=2参考:REDHAT: RHSA-2000:016-03参考:网址:http://www.redhat.com/support/errata/powertools/rhsa - 2000 - 016 - 03. - htmlimwheel-solo imwheel包允许本地用户修改任意文件通过一个符号链接攻击从.imwheelrc文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1190 1供应商确认:是的咨询cve - 2000 - 0230描述了一个缓冲区溢出;Red Hat后来修改原来的顾问来描述符号链接的问题,尽管它看起来不像Red Hat的“官方”位置网站包括更新咨询。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1195网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1195最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:火山口:综援- 2000 - 008.0参考:网址:http://www.caldera.com/support/security/advisories/cssa - 2000 008.0.txttelnet守护进程(telnetd)从Linux netkit包之前netkit - telnet 0.16允许远程攻击者绕过身份验证时telnetd运行- l命令行选项。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1195 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0615网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0615最终决定:阶段性裁决:修改:建议:分配:20000719类别:科幻参考:BUGTRAQ: 20000709 LPRng lpd不应该SETUID root参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0117.html参考:报价:1447参考:网址:http://www.securityfocus.com/bid/1447LPRng 3.6。x不当安装lpd setuid root,允许本地用户lpd跟踪和日志消息附加到文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0615 2供应商确认:是的developer-post投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0891网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0891最终决定:阶段性裁决:修改:建议:分配:20001114类别:CF参考:CERT-VN: VU # 5962参考:网址:http://www.kb.cert.org/vuls/id/5962参考:确认:http://www.notes.net/R5FixList.nsf/Search ! SearchView&Query = CBAT45TU9S一个默认的发射极耦合逻辑在Lotus Notes 5.02允许远程攻击者执行任意命令通过附加一个恶意程序在电子邮件消息时自动执行用户打开邮件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0891 2供应商确认:是的补丁投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1196网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1196最终决定:阶段性裁决:修改:建议:分配:20010831类别:参考:确认:http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html参考:MISC:http://packetstormsecurity.org/0004-exploits/ooo1.txtPSCOErrPage。htm网景PublishingXpert 2.5 SP2之前允许远程攻击者读取任意文件通过指定的目标文件errPagePath参数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1196 2供应商确认:是的投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0619网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0619最终决定:阶段性裁决:修改:建议:分配:20000719类别:科幻参考:VULN-DEV: 20000520代表7层开关咨询参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html参考:VULN-DEV: 20000614更新事务顾问参考:网址:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html参考:报价:1258参考:网址:http://www.securityfocus.com/bid/1258播放2500层7开关允许远程攻击者通过ICMP数据包畸形引起拒绝服务。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0619 3供应商确认:未知poster-claimed投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 0892网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 0892最终决定:阶段性裁决:修改:建议:分配:20001114类别:科幻参考:CERT-VN: VU # 22404参考:网址:http://www.kb.cert.org/vuls/id/22404一些telnet客户允许远程telnet服务器请求从客户端环境变量,可能包含敏感信息,或远程web服务器获取信息通过telnet: URL。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 0892 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1191网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1191最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:MISC:http://www.securiteam.com/exploits/htDig_reveals_web_server_configuration_paths.html3.1.5 htsearch htDig 3.2测试版程序,允许远程攻击者决定早些时候服务器的物理路径的请求不存在配置文件使用配置参数,生成一个错误消息,包括完整的路径。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1191 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1192网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1192最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:MISC:http://www.securiteam.com/windowsntfocus/5ZP0C000KC.html参考:MISC:http://www.bttsoftware.co.uk/snmptrap.html参考:XF: snmp-trapwatcher-string-dos参考:报价:985参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=985缓冲区溢出在井下电视软件SNMP陷阱观察家1.16允许远程攻击者导致拒绝服务,并可能执行任意命令,通过一个长字符串的陷阱。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1192 3供应商确认:未知ack-vague投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1193网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1193最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:BUGTRAQ: 20000412性能副驾驶员IRIX 6.5参考:网址:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html参考:XF: irix-pmcd-dos(4284)参考:网址:http://xforce.iss.net/static/4284.php性能指标收集器守护进程(PMCD) IRIX 6副驾驶性能。x允许远程攻击者造成拒绝服务(资源枯竭)通过一个非常长的字符串PMCD端口。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1193 3供应商确认:cve - 2000 - 0283是一个不同的缺陷被发现,同时公布。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1194网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1194最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:MISC:http://www.mdma.za.net/fk/FK9.zip参考:报价:1227参考:网址:http://www.securityfocus.com/bid/1227Argosoft玻璃钢server 1.0允许远程攻击者引起拒绝服务,并可能执行任意命令,通过一个长字符串(1)用户或(2)慢性消耗病的命令。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1194 3供应商确认:内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1197网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1197最终决定:阶段性裁决:修改:建议:分配:20010831类别:参考:BUGTRAQ: 20000420 pop3d / imap DOS(虽然我们在这个问题上)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95624629924545&w=2参考:FREEBSD: FreeBSD-SA-00:15参考:网址:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:15.imap-uw.asc参考:报价:1132参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=1132POP2在imap-uw IMAP或POP3服务器(pop3d)包在FreeBSD和其他操作系统上创建锁文件和可预测的名称,它允许本地用户造成拒绝服务(缺乏邮件访问)为其他用户通过创建其他邮箱的锁文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1197 3供应商确认:对咨询内容的决定:SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1198网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1198最终决定:阶段性裁决:修改:建议:分配:20010831类别:参考:BUGTRAQ: 20000420 pop3参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95634229925906&w=2参考:BUGTRAQ: 20000420 pop3d / imap DOS(虽然我们在这个问题上)参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95624629924545&w=2参考:报价:1132参考:网址:http://www.securityfocus.com/vdb/bottom.html?vid=1132qpopper POP服务器创建锁文件和可预测的名称,它允许本地用户对其他用户造成拒绝服务(缺乏邮件访问)通过创建为其他邮箱锁文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1198 3供应商确认:对咨询内容的决定:SF-CODEBASE如果imap-uw POP服务器和qpopper源自相同的代码库,然后CD: SF-CODEBASE认为结合。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1199网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1199最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:BUGTRAQ: 20000423 Postgresql明文密码存储参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=95659987018649&w=2参考:XF: postgresql-plaintext-passwords(4364)参考:网址:http://xforce.iss.net/static/4364.php参考:报价:1139参考:网址:http://www.securityfocus.com/bid/1139PostgreSQL的明文存储用户名和密码(1)pg_shadow和(2)pg_pwd,它允许攻击者具有足够权限访问数据库。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1199 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1200网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1200最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:BUGTRAQ: 20000201 Windows NT和帐户列表泄漏!一个新的SID使用参考:网址:http://www.securityfocus.com/archive/1/44430参考:XF: nt-lsa-domain-sid(4015)参考:网址:http://xforce.iss.net/static/4015.php参考:报价:959参考:网址:http://www.securityfocus.com/bid/959Windows NT允许远程攻击者列出所有用户在域获取域SID LsaQueryInformationPolicy政策通过空会话功能和使用SID用户列表。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1200 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1201网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1201最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:BUGTRAQ: 20000707 Re:检查点FW1错误引用:网址:http://archives.neohapsis.com/archives/bugtraq/2000-07/0085.html检查防火墙1允许远程攻击者造成拒绝服务(高CPU)通过大量的数据包到端口264。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1201 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2000 - 1202网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2000 - 1202最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:BUGTRAQ: 20000405小问题与IBM HTTPD和/usr/bin/ikeyman参考:网址:http://www.securityfocus.com/archive/1/54073参考:报价:1092参考:网址:http://www.securityfocus.com/bid/1092参考:XF: ibm-ikeyman(4235)参考:网址:http://xforce.iss.net/static/4235.phpikeyman IBM IBMHSSSB 1.0中设置CLASSPATH环境变量包括用户自己的类路径目录系统的目录之前,一个恶意的本地用户可以执行任意代码通过一个特洛伊木马ikeyman类作为根。分析- - - - - - - - - - - - - - - - - ED_PRI - 2000 - 1202 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0647网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0647最终决定:阶段性裁决:修改:建议:分配:20010806类别:科幻参考:BUGTRAQ: 20010227橙色Web服务器v2.1 DoS参考:网址:http://www.securityfocus.com/archive/1/165658参考:报价:20010227橙色Web服务器DoS脆弱性参考:网址:http://www.securityfocus.com/bid/2432橙色2.1 Web服务器,基于有进取心的,允许远程攻击者执行拒绝服务通过一个HTTP GET请求,不包括HTTP版本。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0647 3供应商确认:未知的内容决定:SF-CODEBASE投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0682网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0682最终决定:阶段性裁决:修改:建议:分配:20010829类别:科幻参考:NTBUGTRAQ: 20001230 (DiamondCS咨询)ZoneAlarm和ZoneAlarm Pro可以阻止加载通过设置一个互斥对象在内存中参考:网址:http://marc.theaimsgroup.com/?l=ntbugtraq&m=97818917222992&w=2参考:XF: zonealarm-mutex-dos(5821)参考:网址:http://xforce.iss.net/static/5821.phpZoneAlarm ZoneAlarm Pro允许本地攻击者造成拒绝服务通过运行木马来初始化一个ZoneAlarm互斥对象,防止ZoneAlarm开始。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0682 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 0711网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 0711最终决定:阶段性裁决:修改:建议:分配:20010831类别:科幻参考:思科:20010207思科IOS软件SNMP读写ILMI社区字符串漏洞参考:网址:http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml思科IOS 11。12.0 x和ATM支持允许攻击者造成拒绝服务通过非法临时本地管理接口(ILMI) SNMP社区字符串。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 0711 3供应商确认:对咨询内容的决定:CF-PASS投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: