(提案)集群misc - 2001 - 002 - 42的候选人

我提出集群misc - 2001 - 002,供编辑部评论和投票。名称:Misc - 2001 - 002描述:混杂。候选人宣布与7/3/2001 7/30/2001大小:42通过修改这封邮件你可能投票的候选人投票,将它寄回给我,或通过使用CVE投票网站。中列出的候选人优先秩序。优先级1和优先级2的候选人都应对不同层次的供应商确认,所以他们应该易于检查和可以信任的,是真实的问题。总结的选票使用(“严重程度”的按升序)- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -接受——选民接受候选人提出的等待——选民对候选人没有意见修改选民想要改变一些小细节(例如参考/描述)审查-选民正在审查/研究候选人,或需要更多的信息,重塑候选人必须大幅修改,如分割或合并拒绝候选人不是“漏洞”,或重复等。1)请写你的投票在直线上,从“投票:”开始。如果你想添加评论或细节,在投票后将它们添加到线:线。2)如果你看到任何失踪的引用,请提及他们,使他们可以包括在内。在映射引用帮助极大。3)请注意,“修改”被视为一个“接受”当计算选票。 So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2001-1237 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1237最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20011002半自动源代码审计结果参考:网址:http://www.securityfocus.com/archive/1/218000参考:确认:http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz参考:报价:3393参考:网址:http://www.securityfocus.com/bid/3393参考:XF: php-includedir-code-execution(7215)参考:网址:http://xforce.iss.net/static/7215.php参考:CERT-VN: VU # 847803参考:网址:http://www.kb.cert.org/vuls/id/847803Phormation PHP脚本0.9.1早些时候,允许远程攻击者执行任意代码,包括文件从远程web网站,使用一个HTTP请求修改phormationdir变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1237 1供应商确认:是的、确认:Ack / phormation-0.9.2 / phormation /的更新日志:——“改变了$ phormationdir变量是一个常数。这关闭一个巨大的安全漏洞:客户端可以设置该变量的http://his_site.com”。那么你的脚本将包括http://his_site.com/form.php和执行他的代码!(假设你没有关掉某些php选项)”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1240网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1240最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:CF参考:ENGARDE: esa - 20010711 - 02年参考:网址:http://www.linuxsecurity.com/advisories/other_advisory - 1493. - html的默认配置sudo Engarde安全Linux 1.0.1允许任何用户在管理组运行某些命令,可以利用获得完整的根访问。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1240 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1266网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1266最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:确认:http://dnhttpd.sourceforge.net/changelog.html参考:MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html目录遍历脆弱性在道格尼尔的HTTPD守护进程(DNHTTPD) 0.4.1允许远程攻击者查看任意文件通过一个. .(点点)攻击使用点% 2 e的十六进制代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1266 1供应商确认:是的、确认:版本的更改日志0.4.1说:“只是一个bug /安全修复。我错误地把一些检查的. .之前的URL中* *翻译十六进制编码的位ASCII URL,所以你可以使用% 2 e % 2 e的. .并查看任何目录清单的文件系统或文件服务器的读访问权。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1267网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1267最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010712安全。NNOV:目录遍历和路径全球多个文档参考:网址:http://online.securityfocus.com/archive/1/196445参考:确认:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz目录遍历早些时候在GNU tar 1.13.19和漏洞允许本地用户覆盖任意文件在档案提取通过tar文件的文件名包含一个. .(点点)。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1267 1供应商确认:是的、确认:1.13.25更新日志文件中,输入日期为2001-08-27说“绝对路径名(extract_archive):解决测试和/或‘…’。”投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1279网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1279最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:REDHAT: RHSA-2001:089参考:网址:http://www.redhat.com/support/errata/rhsa - 2001 - 089. - html参考:FREEBSD: FreeBSD-SA-01:48参考:网址:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc参考:报价:3065参考:网址:http://online.securityfocus.com/bid/3065在print-rx缓冲区溢出。tcpdump 3 c。x(大概3.6 x)允许远程攻击者可能导致拒绝服务和执行任意代码通过AFS RPC包触发一个整数signedness错误的无效的长度,不同的漏洞比cve - 2000 - 1026。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1279 1供应商确认:是的咨询投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1235网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1235最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20011002半自动源代码审计结果参考:网址:http://www.securityfocus.com/archive/1/21800参考:CERT-VN: VU # 847803参考:网址:http://www.kb.cert.org/vuls/id/847803参考:XF: php-includedir-code-execution(7215)参考:网址:http://xforce.iss.net/static/7215.php参考:报价:3395参考:网址:http://www.securityfocus.com/bid/3395pSlash 0.7和更早的PHP脚本允许远程攻击者执行任意代码,包括文件从远程web网站,使用一个HTTP请求修改includedir变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1235 2供应商确认:未知的确认:找不到ACK和软件没有更新sourceforge自6月5日2001年,5个月前宣布了这个漏洞。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1236网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1236最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20011002半自动源代码审计结果参考:网址:http://www.securityfocus.com/archive/1/218000参考:CERT-VN: VU # 847803参考:网址:http://www.kb.cert.org/vuls/id/847803参考:报价:3394参考:网址:http://www.securityfocus.com/bid/3394参考:XF: php-includedir-code-execution(7215)参考:网址:http://xforce.iss.net/static/7215.phpmyphpPagetool PHP脚本0.4.3-1早些时候,允许远程攻击者执行任意代码,包括文件从远程web网站,使用一个HTTP请求修改includedir变量。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1236 2供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1238网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1238最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010716能:无法终止应用程序参考:网址:http://www.securityfocus.com/archive/1/197195参考:XF: win2k-taskmanager-unkillable-process(6919)参考:网址:http://xforce.iss.net/static/6919.php参考:报价:3033参考:网址:http://www.securityfocus.com/bid/3033任务管理器在Windows 2000不允许本地用户结束进程和大写字母命名为(1)进程。exe, (2) csr。exe,(3)短信。exe和(4)服务。exe通过进程选项卡允许本地用户安装木马,不能停止的任务管理器。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1238 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1241网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1241最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010717多个漏洞un-cgi参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html参考:BUGTRAQ: 20010718 Re: [Khamba盯着< purrcat@edoropolis.org >]多个参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html参考:确认:http://www.midwinter.com/ ~ koreth / uncgi.html参考:确认:http://www.midwinter.com/ ~ koreth / uncgi-changes.html参考:报价:3057参考:网址:http://online.securityfocus.com/bid/3057参考:XF: uncgi-unexecutable-cgi(6847)参考:网址:http://www.iss.net/security_center/static/6847.phpUn-CGI 1.9和更早的不确认一个CGI脚本已经在执行之前执行位元组,它允许远程攻击者执行任意命令通过指导Un-CGI文档,始于“# !”和所需的程序名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1241 3供应商确认:对咨询内容的决定:SF-LOC承认:首页描述Un-CGI 1.10包括一个安全部分,说“EXECUTABLES_ONLY——如果设置,Un-CGI执行shell脚本的能力,开始“# !但没有执行权限设置在文件系统中是禁用的。”The change log for version 1.10 says "Add security-related compile-time option EXECUTABLES_ONLY," which would address the problem being described here. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1242 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1242最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010717多个漏洞un-cgi参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html参考:BUGTRAQ: 20010718 Re: [Khamba盯着< purrcat@edoropolis.org >]多个漏洞un-cgi参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-07/0349.html参考:确认:http://www.midwinter.com/ ~ koreth / uncgi-changes.html参考:报价:3056参考:网址:http://online.securityfocus.com/bid/3056参考:XF: uncgi-dot-directory-traversal(6846)参考:网址:http://www.iss.net/security_center/static/6846.php目录遍历脆弱性Un-CGI 1.9和更早的允许远程攻击者执行任意代码通过一个. .(点点)在一个HTML表单。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1242 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1243网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1243最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ:勒夫咨询20010704 # 4:女士IIS本地和远程DoS参考:网址:http://www.securityfocus.com/archive/1/194919参考:报价:2973参考:网址:http://www.securityfocus.com/bid/2973参考:XF: iis-device-asp-dos(6800)参考:网址:http://www.iss.net/security_center/static/6800.php脚本。FileSystemObject asp。dll Microsoft IIS 4.0和5.0允许本地或远程攻击者造成拒绝服务(崩溃)通过(1)创建一个ASP程序,使用脚本。FileSystemObject与ms - dos设备打开一个文件的名字,或(2)远程注入设备名Scripting.FileSystemObject ASP程序内部使用。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1243 3供应商确认:未知的内容决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1244网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1244最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:CF参考:BUGTRAQ: 20010708小TCP包= = = = DoS非常大的开销吗?参考网址:http://www.securityfocus.com/archive/1/195457参考:报价:2997参考:网址:http://www.securityfocus.com/bid/2997参考:XF: tcp-mss-dos(6824)参考:网址:http://xforce.iss.net/static/6824.php多个TCP实现允许远程攻击者可能导致拒绝服务(带宽和CPU疲惫)通过设置最大段大小(MSS)一个非常小的数量和要求大量数据,生成更多的数据包TCP-level较少数据放大网络流量和消耗更多的服务器CPU处理。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1244 3供应商确认:未知的内容决定:SF-CODEBASE, SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1245网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1245最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010712 Re: Opera浏览器堆溢出(会话再现攻击)参考:网址:http://online.securityfocus.com/archive/1/196980参考:XF: opera-browser-header-bo(6838)参考:网址:http://www.iss.net/security_center/static/6838.php参考:报价:3012参考:网址:http://www.securityfocus.com/bid/3012Opera 5.0 Linux不妥善处理HTTP头畸形,它允许远程攻击者导致拒绝服务,可能与一个头的值是一样的MIME标题名称。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1245 3供应商确认:未知的内容决定:EX-CLIENT-DOS细节:Bugtraq发布是一个响应消息,据说是张贴在里面http://www.securiteam.com/security万博下载包news/5MP0B004UW.htmlURL不再存在,但是,没有SecuriTeam网站上的信息。Bugtraq文章没有提供具体细节了解是什么原因导致这个问题,但它使用“X”作为价值和可能的标题名称。当结合声称问题是由于“新/删除[]对不匹配,可以猜测的原因。包含:CD: EX-CLIENT-DOS建议剂量只影响到客户端,可以通过重新启动,可以从CVE被排除在外。然而,CD: EX-CLIENT-DOS不是最终的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1257网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1257最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010721 2.2.6小鬼。(安全)公布的参考:网址:http://online.securityfocus.com/archive/1/198495参考:火山口:综援- 2001 - 027.0参考:网址:http://www.caldera.com/support/security/advisories/cssa - 2001 027.0.txt参考:DEBIAN: dsa - 073参考:网址:http://www.debian.org/security/2001/dsa - 073参考:确认:http://online.securityfocus.com/archive/1/198495参考:CONECTIVA: CLA-2001:410参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410参考:报价:3082参考:网址:http://www.securityfocus.com/bid/3082参考:XF: imp-cross-site-scripting(6905)参考:网址:http://www.iss.net/security_center/static/6905.php跨站点脚本漏洞在部落互联网消息传递程序(IMP) 2.2.6之前。和允许远程攻击者相对于1.2.6执行任意Javascript嵌入到电子邮件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1257 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1258网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1258最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010721 2.2.6小鬼。(安全)公布的参考:网址:http://online.securityfocus.com/archive/1/198495参考:火山口:综援- 2001 - 027.0参考:网址:http://www.caldera.com/support/security/advisories/cssa - 2001 027.0.txt参考:CONECTIVA: CLA-2001:410参考:网址:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410参考:确认:http://online.securityfocus.com/archive/1/198495参考:DEBIAN: dsa - 073参考:网址:http://www.debian.org/security/2001/dsa - 073参考:XF: imp-prefslang-gain-privileges(6906)参考:网址:http://www.iss.net/security_center/static/6906.php参考:报价:3083参考:网址:http://www.securityfocus.com/bid/30832.2.6部落互联网消息传递程序(IMP)之前。允许本地用户阅读IMP配置文件和偷部落数据库密码通过将首选项。lang文件包含在服务器上的PHP代码。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1258 3供应商确认:对咨询内容的决定:SF-LOC投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1264网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1264最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:惠普:hpsbux0107 - 161参考:网址:http://www.securityfocus.com/advisories/3459参考:CIAC: l - 119参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 119. shtml参考:CERT-VN: VU # 420475参考:网址:http://www.kb.cert.org/vuls/id/420475参考:XF: hp-virtualvault-mkacct-privilege-elevation(6867)参考:网址:http://xforce.iss.net/static/6867.php参考:报价:3072参考:网址:http://www.securityfocus.com/bid/3072脆弱性mkacct在hp - ux 11.04运行Virtualvault操作系统(VVOS) 4.0和4.5允许攻击者提升特权。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1264 3供应商确认:对咨询内容的决定:模糊包含:虽然有关于这个问题的信息非常的少,CD:含糊不清说的问题被模糊的供应商报告应该包含在CVE。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1265网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1265最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010720 IBM Java TFTP服务器漏洞参考:网址:http://online.securityfocus.com/archive/1/198297参考:报价:3076参考:网址:http://www.securityfocus.com/bid/3076参考:XF: ibm-tftp-directory-traversal(6864)参考:网址:http://xforce.iss.net/static/6864.php目录遍历脆弱性在IBM alphaWorks Java TFTP服务器1.21允许远程攻击者进行未经授权的操作任意文件通过一个. .(点点)攻击。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1265 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1268网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1268最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010712安全。NNOV:目录遍历和路径全球多个文档参考:网址:http://online.securityfocus.com/archive/1/196445参考:确认:http://www.info-zip.org/pub/infozip/UnZip.html目录遍历脆弱性Info-ZIP解压5.42和更早的允许攻击者覆盖任意文件档案中提取通过. .(点点)中提取文件名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1268 3供应商确认:是的更新日志内容决定:SF-LOC确认:供应商页面上著名的橙色盒子里,供应商声明:“所有版本的解压之前5.50(即。,5.42和更早的)有一个解压缩文件的路径遍历的弱点,让他们意想不到的地方。具体来说,如果一个归档文件包含文件主要“/”字符(即。相对于根目录)或“. .“组件…这个bug是固定在5.50及以后。”The statement includes a link to the Bugtraq reference. ABSTRACTION: CD:SF-LOC suggests doing a SPLIT for different issues. While some people use "directory traversal" to refer to both .. and leading-slash problems, if a programmer fixes one problem, there is still a strong possibility that they have not fixed the other issue. Therefore, the problems are different enough that they should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1269 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1269最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010712安全。NNOV:目录遍历和路径全球多个文档参考:网址:http://online.securityfocus.com/archive/1/196445参考:确认:http://www.info-zip.org/pub/infozip/UnZip.htmlInfo-ZIP解压5.42和更早的允许攻击者通过文件名覆盖在档案提取任意文件的存档开始“/”(削减)字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1269 3供应商确认:是的更新日志内容决定:SF-LOC确认:供应商页面上著名的橙色盒子里,供应商声明:“所有版本的解压之前5.50(即。,5.42和更早的)有一个解压缩文件的路径遍历的弱点,让他们意想不到的地方。具体来说,如果一个归档文件包含文件主要“/”字符(即。相对于根目录)或“. .“组件…这个bug是固定在5.50及以后。”The statement includes a link to the Bugtraq reference. ABSTRACTION: CD:SF-LOC suggests doing a SPLIT for different issues. While some people use "directory traversal" to refer to both .. and leading-slash problems, if a programmer fixes one problem, there is still a strong possibility that they have not fixed the other issue. Therefore, the problems are different enough that they should be SPLIT. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2001-1270 URL:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1270最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010712安全。NNOV:目录遍历和路径全球多个文档参考:网址:http://online.securityfocus.com/archive/1/196445参考:MISC:http://www.security.nnov.ru/advisories/archdt.asp目录遍历脆弱性在控制台版本的压缩程序(pkzipc) 4.00和更早的期间允许攻击者覆盖任意文件档案提取与矩形(递归)选项通过. .(点点)攻击存档文件。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1270 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1271网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1271最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010712安全。NNOV:目录遍历和路径全球多个文档参考:网址:http://online.securityfocus.com/archive/1/196445参考:MISC:http://www.security.nnov.ru/advisories/archdt.asp目录遍历脆弱性rar 2.02和更早的允许攻击者覆盖任意文件档案中提取通过. .(点点)攻击存档文件名。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1271 3供应商确认:未知投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1288网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1288最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010727错误能参考:网址:http://online.securityfocus.com/archive/1/200118参考:BUGTRAQ: 20010801 F7-Enter错误细节和方法参考:网址:http://online.securityfocus.com/archive/1/201151参考:VULN-DEV: 20010730 RE:错误能参考:网址:http://marc.theaimsgroup.com/?l=vuln-dev&m=99651044701417&w=2参考:BUGTRAQ: 20010729 Re:能正常dos参考:网址:http://marc.theaimsgroup.com/?l=bugtraq&m=99640583014377&w=2参考:BUGTRAQ: 20010731 NT TS /赢得2 k和F7 -输入错误引用:网址:http://online.securityfocus.com/archive/1/200985参考:报价:3115参考:网址:http://online.securityfocus.com/bid/3115Windows 2000和Windows NT允许本地用户造成拒绝服务(重启)通过执行一个命令在命令提示符处,按F7和输入键几次命令执行,在csrss.exe可能都涉及到一个异常处理错误。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1288 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1289网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1289最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010730跋涉地震3竞技场1.29 f / g脆弱性参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-07/0748.html参考:报价:3123参考:网址:http://online.securityfocus.com/bid/3123地震3竞技场1.29度和1.29 g允许远程攻击者造成拒绝服务(崩溃)通过一个畸形的连接包,开始和几个字符- 255字符。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1289 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1291网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1291最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010712 3 com TelnetD参考:网址:http://www.securityfocus.com/archive/1/196957参考:XF: 3 com-telnetd-brute-force(6855)参考:网址:http://xforce.iss.net/static/6855.php参考:报价:3034参考:网址:http://www.securityfocus.com/bid/30343 com的telnet服务器等硬件PS40 SuperStack二世不延迟或断开远程攻击者提供一个错误的用户名或密码,这使得它更容易进入服务器通过暴力破解密码猜测。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1291 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1302网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1302最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:NTBUGTRAQ: 20010718改变NT / 2000账户密码从命令行参考:网址:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911参考:报价:3063参考:网址:http://www.securityfocus.com/bid/3063参考:XF: win2k-change-network-passwords(6876)参考:网址:http://xforce.iss.net/static/6876.php更改密码选项为Windows 2000 Windows安全接口允许攻击者使用的选项尝试在其他系统上的其他用户更改密码或确认有效账户通过监测错误消息,可能由于问题NetuserChangePassword函数。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1302 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1303网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1303最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:CF参考:BUGTRAQ: 20010718防火墙1信息泄漏参考:网址:http://www.securityfocus.com/archive/1/197566参考:报价:3058参考:网址:http://online.securityfocus.com/bid/3058参考:XF: fw1-securemote-gain-information(6857)参考:网址:http://xforce.iss.net/static/6857.phpSecuRemote的默认配置检查防火墙1配置允许远程攻击者获得敏感信息保护网络没有认证。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1303 3供应商确认:投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1306网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1306最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:CERT-VN: VU # 276944参考:网址:http://www.kb.cert.org/vuls/id/276944参考:SGI: 20011102 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I参考:MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/iPlanet目录服务器4.1.4 (LDAP)早些时候,允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码通过无效的比特长度字段的长度,所展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1306 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1307网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1307最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CERT-VN: VU # 276944参考:网址:http://www.kb.cert.org/vuls/id/276944参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:SGI: 20011102 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I参考:MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:XF: iplanet-ldap-protos-bo(6893)参考:网址:http://xforce.iss.net/static/6893.php参考:报价:3038参考:网址:http://www.securityfocus.com/bid/3038早些时候在iPlanet目录服务器4.1.4和缓冲区溢出(LDAP)允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1307 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1308网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1308最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:CERT-VN: VU # 276944参考:网址:http://www.kb.cert.org/vuls/id/276944参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:SGI: 20011102 - 01 -我参考:网址:ftp://patches.sgi.com/support/free/security/advisories/20011102-01-I参考:MISC:http://www.kb.cert.org/vuls/id/JPLA-4WESMM参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:报价:3039参考:网址:http://www.securityfocus.com/bid/3039参考:XF: iplanet-ldap-protos-format-string(6898)参考:网址:http://xforce.iss.net/static/6898.php早些时候在iPlanet目录服务器4.1.4和格式字符串漏洞(LDAP)允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1308 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1309网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1309最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:CERT-VN: VU # 505564参考:网址:http://www.kb.cert.org/vuls/id/505564参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:MISC:http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y参考:报价:3040参考:网址:http://www.securityfocus.com/bid/3040参考:XF: secureway-ldap-protos-dos(6894)参考:网址:http://xforce.iss.net/static/6894.php缓冲区溢出在IBM SecureWay 3.2.1允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1309 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1310网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1310最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:CERT-VN: VU # 505564参考:网址:http://www.kb.cert.org/vuls/id/505564参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:MISC:http://www.kb.cert.org/vuls/id/CFCR-4YQ33Y参考:报价:3040参考:网址:http://www.securityfocus.com/bid/3040参考:XF: secureway-ldap-protos-dos(6894)参考:网址:http://xforce.iss.net/static/6894.phpIBM SecureWay 3.2.1允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,通过为L字段无效编码的误码率编码,所展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1310 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1311网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1311最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT-VN: VU # 583184参考:网址:http://www.kb.cert.org/vuls/id/583184参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:确认:http://www.notes.net/r5fixlist.nsf/Search ! SearchView&Query = DWUU4W6NC8参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:XF: domino-ldap-protos-bo(6895)参考:网址:http://xforce.iss.net/static/6895.php参考:报价:3041参考:网址:http://www.securityfocus.com/bid/3041缓冲区溢出在Lotus Domino R5 R5.0.7a允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1311 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1312网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1312最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT-VN: VU # 583184参考:网址:http://www.kb.cert.org/vuls/id/583184参考:确认:http://www.notes.net/r5fixlist.nsf/Search ! SearchView&Query = DWUU4W6NC8参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:XF: domino-ldap-protos-format-string(6896)参考:网址:http://xforce.iss.net/static/6896.php参考:报价:3042参考:网址:http://www.securityfocus.com/bid/3042在Lotus Domino R5格式字符串漏洞R5.0.7a允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1312 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1313网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1313最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT-VN: VU # 583184参考:网址:http://www.kb.cert.org/vuls/id/583184参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:确认:http://www.notes.net/r5fixlist.nsf/Search ! SearchView&Query = DWUU4W6NC8参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/Lotus Domino R5 R5.0.7a之前允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码通过杂项semi-valid BER编码数据包,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1313 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1314网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1314最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010731 RE: CERT咨询ca - 2001 - 18,关键路径目录产品ar e脆弱参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html参考:CERT-VN: VU # 657547参考:网址:http://www.kb.cert.org/vuls/id/657547参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:确认:http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:报价:3124参考:网址:http://www.securityfocus.com/bid/3124缓冲区溢出的关键路径(1)InJoin目录服务器或(2)LiveContent目录允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1314 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1315网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1315最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:BUGTRAQ: 20010731 RE: CERT咨询ca - 2001 - 18,关键路径目录产品ar e脆弱参考:网址:http://archives.neohapsis.com/archives/bugtraq/2001-07/0770.html参考:CERT-VN: VU # 657547参考:网址:http://www.kb.cert.org/vuls/id/657547参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:确认:http://www.kb.cert.org/vuls/id/JPLA-4ZKLEM参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/关键路径(1)InJoin目录服务器或(2)LiveContent目录允许远程攻击者可能导致拒绝服务(崩溃)和通过畸形BER编码执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1315 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1316网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1316最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CERT-VN: VU # 688960参考:网址:http://www.kb.cert.org/vuls/id/688960参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:确认:http://www.kb.cert.org/vuls/id/JPLA-4WESNA参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:XF: teamware-ldap-protos-bo(6897)参考:网址:http://xforce.iss.net/static/6897.php参考:报价:3044参考:网址:http://www.securityfocus.com/bid/3044缓冲区溢位组件办公室各个企业目录允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1316 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1317网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1317最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CERT-VN: VU # 688960参考:网址:http://www.kb.cert.org/vuls/id/688960参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:确认:http://www.kb.cert.org/vuls/id/JPLA-4WESNA参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/组件办公室各个企业目录允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,通过无效编码对某些误码率对象类型,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1317 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1318网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1318最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CERT-VN: VU # 717380参考:网址:http://www.kb.cert.org/vuls/id/717380参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:确认:http://www.kb.cert.org/vuls/id/JPLA-4WESNA参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:报价:3043参考:网址:http://www.securityfocus.com/bid/3043在高通Eudora WorldMail服务器漏洞可能允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1318 3供应商确认:未知的内容决定:SF-LOC, SF-CODEBASE,模糊的抽象:抽象中很难保持一致的LDAP许多问题被发现的原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1319网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1319最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:CERT-VN: VU # 763400参考:网址:http://www.kb.cert.org/vuls/id/763400参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:确认:http://www.kb.cert.org/vuls/id/CFCN-4YAQC7参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:报价:3045参考:网址:http://www.securityfocus.com/bid/3045参考:XF: exchange-ldap-protos-dos(6899)参考:网址:http://xforce.iss.net/static/6899.phpMicrosoft Exchange 5.5 2000年允许远程攻击者造成拒绝服务(挂)通过LDAP的特殊BER编码过滤器类型字段,展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1319 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE抽象:抽象很难保持一致的LDAP许多问题的结果发现原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1320网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1320最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:CERT-VN: VU # 765256参考:网址:http://www.kb.cert.org/vuls/id/765256参考:确认:http://www.kb.cert.org/vuls/id/JPLA-4WESNK参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/参考:报价:3046参考:网址:http://www.securityfocus.com/bid/3046参考:XF: pgp-keyserver-ldap-bo(6900)参考:网址:http://xforce.iss.net/static/6900.php网络伙伴PGP Keyserver 7.0允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码通过特殊BER编码(可能是缓冲区溢出),所展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1320 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE,模糊的抽象:抽象中很难保持一致的LDAP许多问题被发现的原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论:= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =候选人:- 2001 - 1321网址:http://cve.mitre.org/cgi - bin/cvename.cgi?name=can - 2001 - 1321最终决定:阶段性裁决:修改:建议:20020502分配:20020501类别:科幻参考:CIAC: l - 116参考:网址:http://ciac.llnl.gov/ciac/bulletins/l - 116. shtml参考:CERT-VN: VU # 869184参考:网址:http://www.kb.cert.org/vuls/id/869184参考:CERT: ca - 2001 - 18参考:网址:http://www.cert.org/advisories/ca - 2001 - 18. - html参考:确认:http://www.kb.cert.org/vuls/id/JPLA-4WESNV参考:MISC:http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/2.1.1甲骨文互联网目录服务器。x和3.0.1允许远程攻击者可能导致拒绝服务(崩溃)和执行任意代码通过对象标识符无效编码的误码率值,所展示的原型LDAPv3测试套件中。分析- - - - - - - - - - - - - - - - - ED_PRI - 2001 - 1321 3供应商确认:对咨询内容的决定:SF-LOC, SF-CODEBASE,模糊的抽象:抽象中很难保持一致的LDAP许多问题被发现的原型LDAP项目。然而,CD: SF-LOC和CD: SF-CODEBASE提供指导。创建单独的CVE项目根据5个不同的“特殊元素”类别中所描述的原型。假设每个供应商使用不同的代码库,除非关系是明确的。投票部分- - - - - - - - - - - - - - - -可能的选票:接受/修改/等待/审查/重塑/拒绝如果接受或修改,包括接受的理由:VERIFIED-BY-MY-ORG ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST HAS-INDEPENDENT-CONFIRMATION或提供其他原因。投票:ACCEPT_REASON:评论: