|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 26 - VERIFY-BUGTRAQ (23 candidates)
See my email on "When is a vulnerability sufficiently verified to exist?" for background information regarding this cluster. - Steve VERIFY-BUGTRAQ (23 candidates) -------------------- Scheduled Proposed: 7/27 Scheduled Interim Decision: 8/23 Scheduled Final Decision: 8/27 Problems discussed on Bugtraq but not seen in VDB's, or not confirmed Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0378 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb22,1999 InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands. VOTE: ================================= Candidate: CAN-1999-0387 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allowed attackers to read plaintext network passwords. VOTE: ================================= Candidate: CAN-1999-0393 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Dec12,1999 Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers. VOTE: ================================= Candidate: CAN-1999-0394 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan15,1999 DPEC Online Courseware allows an attacker to change another user's password without knowing the original password. VOTE: ================================= Candidate: CAN-1999-0398 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan23,1999 In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will allow users with expired accounts to login. VOTE: ================================= Candidate: CAN-1999-0399 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan24,1999 The DCC server command in the Mirc 5.5 client doesn't filter characters from file names properly, allowing remote attackers to place a malicious file in a different location, possibly allowing the attacker to execute commands. VOTE: ================================= Candidate: CAN-1999-0400 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Denial of service in Linux 2.2.0 running the ldd command on a core file. VOTE: ================================= Candidate: CAN-1999-0401 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb2,1999 A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files. VOTE: ================================= Candidate: CAN-1999-0406 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb19,1999 Reference: XF:digital-networker-bo Digital Unix Networker program nsralist has a buffer overflow which allows local users to obtain root privilege. VOTE: ================================= Candidate: CAN-1999-0407 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb19,1999 By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system. VOTE: ================================= Candidate: CAN-1999-0419 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar17,1999 When the Microsoft SMTP service attempts to send a message to a server and receives a 4xx error code, it quickly and repeatedly attempts to redeliver the message, causing a denial of service. VOTE: ================================= Candidate: CAN-1999-0426 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar19,1999 The default permissions of /dev/kmem in Linux versions before 2.0.36 allows IP spoofing. VOTE: ================================= Candidate: CAN-1999-0427 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar20,1999 Reference: XF:eudora-long-attachments Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names. VOTE: ================================= Candidate: CAN-1999-0431 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar24,1999 Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service. VOTE: ================================= Candidate: CAN-1999-0434 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar31,1999 Reference: SF:359 XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service. VOTE: ================================= Candidate: CAN-1999-0443 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Apr9,1999 Reference: XF:bmc-patrol-replay Patrol management software allows a remote attacker to conduct a replay attack to steal the administrator password. VOTE: ================================= Candidate: CAN-1999-0444 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Apr12,1999 Remote attackers can perform a denial of service in Windows machines using malicious ARP packets, forcing a message box display for each packet or filling up log files. VOTE: ================================= Candidate: CAN-1999-0461 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address. VOTE: ================================= Candidate: CAN-1999-0462 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan14,1999 Reference: SF:339 suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk. VOTE: ================================= Candidate: CAN-1999-0464 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames. VOTE: ================================= Candidate: CAN-1999-0480 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Apr15,1999 Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. VOTE: ================================= Candidate: CAN-1999-0486 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Apr20,1999 Denial of service in AOL Instant Messenger when a remote attacker sends a malicious hyperlink to the receiving client, potentially causing a system crash. VOTE: ================================= Candidate: CAN-1999-0491 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990728 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Apr20,1999 Reference: SF:119 The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute. VOTE:
|
||||
