|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] INTERIM DECISION: ACCEPT 50 various candidates (Final 9/28)
I have made an Interim Decision to ACCEPT the following 50 candidates. These candidates did not have sufficient votes a week ago, so the Board's response on their tailored ballots allowed these candidates to be ACCEPTed. I will make a Final Decision on Tuesday, September 28, which will bring the total number of candidates to around 320. - Steve ================================= Candidate: CAN-1999-0009 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: XF:bind-bo Reference: SUN:00180 Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. VOTES: ACCEPT(6) Frech, Northcutt, Blake, Prosser, Balinsky, Levy ================================= Candidate: CAN-1999-0010 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: XF:bind-dos Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. VOTES: ACCEPT(4) Frech, Blake, Northcutt, Prosser ================================= Candidate: CAN-1999-0011 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-98.05.bind_problems Reference: SGI:19980603-01-PX Reference: HP:HPSBUX9808-083 Reference: SUN:00180 Reference: XF:bind-axfr-dos Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. Modifications: CHANGEREF XF:bind-dos XF:bind-axfr-dos VOTES: ACCEPT(2) Blake, Northcutt MODIFY(1) Frech COMMENTS: Frech> Change XF reference to: Frech> XF:bind-axfr-dos ================================= Candidate: CAN-1999-0016 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-02 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.28.Teardrop_Land Reference: FreeBSD:FreeBSD-SA-98:01 Reference: HP:HPSBUX9801-076 Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml Reference: XF:cisco-land Reference: XF:land Reference: XF:95-verv-tcp Reference: XF:land-patch Reference: XF:ver-tcpip-sys Land IP denial of service Modifications: ADDREF HP:HPSBUX9801-076 ADDREF XF:ver-tcpip-sys DELREF XF:land-exploit VOTES: ACCEPT(4) Northcutt, Blake, Balinsky, Ozancin MODIFY(1) Frech COMMENTS: Frech> XF:ver-tcpip-sys (applies to a check, not a vulnerability, and is thus not Frech> listed on website) Frech> XF:land-exploit (obsolete, replaced by land) ================================= Candidate: CAN-1999-0025 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul Reference: XF:df-bo root privileges via buffer overflow in df command on SGI IRIX systems. VOTES: ACCEPT(2) Frech, Ozancin ================================= Candidate: CAN-1999-0026 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul Reference: XF:pset-bo root privileges via buffer overflow in pset command on SGI IRIX systems. VOTES: ACCEPT(3) Frech, Prosser, Ozancin ================================= Candidate: CAN-1999-0027 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul Reference: XF:eject-bo root privileges via buffer overflow in eject command on SGI IRIX systems. VOTES: ACCEPT(2) Frech, Ozancin ================================= Candidate: CAN-1999-0028 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul Reference: XF:sgi-schemebo root privileges via buffer overflow in login/scheme command on SGI IRIX systems. Modifications: ADDREF XF:sgi-schemebo VOTES: ACCEPT(1) Prosser MODIFY(2) Frech, Ozancin COMMENTS: Frech> XF:sgi-schemebo Ozancin> => login/scheme ================================= Candidate: CAN-1999-0029 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-97.21.sgi_buffer_overflow Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul Reference: XF:ordist-bo root privileges via buffer overflow in ordist command on SGI IRIX systems. VOTES: ACCEPT(2) Frech, Ozancin ================================= Candidate: CAN-1999-0037 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: CERT:CA-97.14.metamail Reference: XF:metamail-header-commands Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail. Modifications: ADDREF XF:metamail-header-commands VOTES: ACCEPT(4) Hill, Prosser, Landfield, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:metamail-header-commands ================================= Candidate: CAN-1999-0059 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: NAI:NAI-16 Reference: XF:irix-fam IRIX fam service allows an attacker to obtain a list of all files on the server. VOTES: ACCEPT(3) Hill, Northcutt, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:irix-fam ================================= Candidate: CAN-1999-0068 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-php-mylog Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts CGI PHP mylog script allows an attacker to read any file on the target server. Modifications: ADDREF BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts VOTES: ACCEPT(2) Frech, Northcutt MODIFY(1) Prosser COMMENTS: Prosser> add source Prosser> Bugtraq Prosser> "Vulnerability in PHP Example Logging Scripts" Prosser> http://www.securityfocus.com/bugtraq/1997_3/0560.html ================================= Candidate: CAN-1999-0075 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd Reference: XF:pasvcore PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password. Modifications: ADDREF BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd DESC make more explicit to distinguish from CAN-1999-0076 VOTES: MODIFY(2) Frech, Prosser COMMENTS: Frech> There is no pasvcore record; delete and add Frech> XF:ftp-pasvcore Prosser> additional sources Prosser> Various BUGTRAQ messages Prosser> http://www.securityfocus.com/ Prosser> http://oliver.efri.hr/~crv/security/bugs/SunOS/wuftpd7.html Prosser> http://www.insecure.org/sploits ================================= Candidate: CAN-1999-0084 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:nfs-mknod NFS mknod bug VOTES: ACCEPT(5) Hill, Frech, Northcutt, Proctor, Balinsky ================================= Candidate: CAN-1999-0087 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:ibm-telnetdos Reference: ERS:ERS-SVA-E01-1998:003.1 Denial of service in AIX telnet can freeze a system and prevent users from accessing the server. Modifications: ADDREF XF:ibm-telnetdos VOTES: ACCEPT(1) Hill MODIFY(3) Meunier, Frech, Landfield NOOP(2) Northcutt, Christey COMMENTS: Meunier> Add "STD0011: Incorrect or incomplete address field found and ignored" to Meunier> distinguish from other vulnerabilities resulting in DOS on AIX telnet that Meunier> might be discovered in the future. Frech> XF:ibm-telnetdos Christey> To keep the description as short and simple as possible, we Christey> should avoid this specific detail until there is a second AIX Christey> telnet DoS ================================= Candidate: CAN-1999-0095 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: CERT:CA-88.01 Reference: CERT:CA-93.14 Reference: XF:smtp-debug The debug command in Sendmail is enabled, allowing attackers to execute commands as root. Modifications: ADDREF CERT:CA-88.01 ADDREF CERT:CA-93.14 DESC change to reflect that it's a config problem VOTES: ACCEPT(7) Hill, Frech, Blake, Northcutt, Proctor, Balinsky, Ozancin NOOP(1) Christey RECAST(1) Prosser COMMENTS: Northcutt> (I swear I have voted for this before, this is how I got into Northcutt> computer security, someone broke into my SUN WS doing this) Prosser> There is an sendmail 8.6.7 debug vulnerability :source Prosser> CERT Advisory CA-94.12 Prosser> http://www.cert.org Prosser> as well as an older BSD sendmail 5.59 debug vulnerability Prosser> CERT Advisory CA-88.01,96.20, 24 and 25 Prosser> which one are we talking about here Christey> Some of Steve's votes got lost somehow. I found them and Christey> re-entered them, using his latest votes where conflicts Christey> occurred. Christey> Christey> With respect to CERT advisories, some of the advisories Christey> mentioned by Mike are superseded by others, and not available Christey> on the CERT web site. However, this entry is referencing Christey> when Sendmail is configured with the Debug option enabled, Christey> as referred to in CA-88.01 and CA-93.14. ================================= Candidate: CAN-1999-0096 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: CERT:CA-93.16 Reference: CERT:CA-95.05 Reference: CIAC:A-13 Reference: CIAC:A-14 Reference: SUN:00122 Reference: XF:smtp-dcod Sendmail decode alias can be used to overwrite sensitive files Modifications: ADDREF CERT:CA-93.16 ADDREF CERT:CA-95.05 ADDREF CIAC:A-13 ADDREF CIAC:A-14 ADDREF SUN:00122 VOTES: ACCEPT(7) Hill, Frech, Blake, Northcutt, Proctor, Balinsky, Ozancin MODIFY(1) Prosser COMMENTS: Prosser> additional sources Prosser> CERT Advisory CA-93:16, CA-95.05 Prosser> http://www.cert.org Prosser> Sun Security Bulletin 00122 Prosser> http://www.sunsolve.sun.com ================================= Candidate: CAN-1999-0126 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:VB-98.04.xterm.Xaw Reference: CIAC:J-010 Reference: XF:xfree86-xterm-xaw Reference: XF:xfree86-xaw SGI IRIX buffer overflow in xterm and Xaw allows root access. Modifications: ADDREF XF:xfree86-xterm-xaw ADDREF XF:xfree86-xaw VOTES: ACCEPT(3) Northcutt, Prosser, Ozancin MODIFY(1) Frech COMMENTS: Frech> XF:xfree86-xterm-xaw Frech> XF:xfree86-xaw ================================= Candidate: CAN-1999-0138 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: CERT:CA-96.12.suidperl_vul Reference: XF:sperl-suid The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access. Modifications: ADDREF XF:sperl-suid VOTES: ACCEPT(1) Prosser MODIFY(1) Frech COMMENTS: Frech> XF:sperl-suid ================================= Candidate: CAN-1999-0150 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:perl-fingerd The Perl fingerd program allows arbitrary command execution from remote users. Modifications: ADDREF XF:perl-fingerd VOTES: ACCEPT(3) Hill, Northcutt, Proctor MODIFY(1) Frech COMMENTS: Frech> XF:perl-fingerd ================================= Candidate: CAN-1999-0152 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability Reference: XF:dgux-fingerd The DG/UX finger daemon allows remote command execution through shell metacharacters. Modifications: ADDREF BUGTRAQ:19970811 dgux in.fingerd vulnerability VOTES: ACCEPT(5) Hill, Frech, Northcutt, Proctor, Balinsky MODIFY(1) Prosser COMMENTS: Prosser> additional resource Prosser> Bugtraq Prosser> "dgux in.fingerd vulnerability" Prosser> http://www.securityfocus.com/ ================================= Candidate: CAN-1999-0167 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:nfs-guess Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. Modifications: ADDREF CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand VOTES: ACCEPT(6) Hill, Frech, Blake, Northcutt, Proctor, Balinsky MODIFY(1) Prosser COMMENTS: Prosser> sort of an oldie source Prosser> CERT Security Alert CA-91:21 Prosser> http://www.cert.org ================================= Candidate: CAN-1999-0175 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:http-nov-convert The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server. VOTES: ACCEPT(4) Hill, Frech, Blake, Northcutt ================================= Candidate: CAN-1999-0183 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:linux-tftp Linux implementations of TFTP would allow access to files outside the restricted directory. VOTES: ACCEPT(3) Hill, Frech, Landfield NOOP(1) Northcutt ================================= Candidate: CAN-1999-0202 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:ftp-exectar The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands. VOTES: ACCEPT(4) Hill, Frech, Northcutt, Proctor ================================= Candidate: CAN-1999-0204 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:ident-bo Sendmail 8.6.9 allows remote attackers to execute root commands, using ident. Modifications: ADDREF XF:ident-bo VOTES: ACCEPT(3) Hill, Balinsky, Landfield NOOP(1) Northcutt REVIEWING(1) Frech COMMENTS: Frech> probably XF:ident-bo ================================= Candidate: CAN-1999-0245 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix Reference: XF:linux-plus Some configurations of NIS+ in Linux allowed attackers to log in as the user "+" Modifications: REFERENCE ADDREF BUGTRAQ:19950907 Linux NIS security problem hole and fix VOTES: ACCEPT(3) Hill, Frech, Northcutt MODIFY(1) Prosser COMMENTS: Prosser> source Prosser> BUGTRAQ Prosser> "Linux NIS security problem hole and fix" Prosser> http://www.securityfocus.com/ ================================= Candidate: CAN-1999-0260 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19961224 jj cgi Reference: XF:http-cgi-jj The jj CGI program allows command execution via shell metacharacters. Modifications: ADDREF XF:http-cgi-jj ADDREF BUGTRAQ:19961224 jj cgi VOTES: ACCEPT(2) Hill, Ozancin MODIFY(1) Frech NOOP(2) Northcutt, Landfield COMMENTS: Frech> XF:http-cgi-jj ================================= Candidate: CAN-1999-0273 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:sun-telnet-kill Denial of service through Solaris 2.5.1 telnet by sending ^D characters. Modifications: ADDREF XF:sun-telnet-kill VOTES: ACCEPT(3) Hill, Blake, Northcutt MODIFY(1) Frech NOOP(1) Meunier COMMENTS: Frech> XF:sun-telnet-kill ================================= Candidate: CAN-1999-0281 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:http-iis-longurl Denial of service in IIS using long URLs. Modifications: ADDREF XF:http-iis-longurl VOTES: ACCEPT(6) Hill, Blake, Wall, Balinsky, Ozancin, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:http-iis-longurl ================================= Candidate: CAN-1999-0289 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL. VOTES: ACCEPT(4) Hill, Blake, Landfield, Ozancin NOOP(1) Northcutt REVIEWING(1) Frech ================================= Candidate: CAN-1999-0346 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: XF:http-cgi-php-mlog CGI PHP mlog script allows an attacker to read any file on the target server. Modifications: ADDREF XF:http-cgi-php-mlog VOTES: ACCEPT(2) Northcutt, Proctor MODIFY(1) Frech COMMENTS: Frech> XF:http-cgi-php-mlog ================================= Candidate: CAN-1999-0348 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: NTBUGTRAQ:Jan27,1999 Reference: MSKB:Q197003 IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory. Modifications: ADDREF MSKB:Q197003 VOTES: ACCEPT(4) Northcutt, Prosser, Wall, Levy REVIEWING(1) Frech COMMENTS: Prosser> additional source Prosser> MS KnowledgeBase Article Q197003 Prosser> http://support.microsoft.com/support/kb/articles/q197/0/03.asp ================================= Candidate: CAN-1999-0350 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: L0PHT:Feb8,1999 Reference: XF:clearcase-temp-race Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits. Modifications: ADDREF XF:clearcase-temp-race VOTES: ACCEPT(3) Hill, Prosser, Northcutt MODIFY(1) Frech COMMENTS: Frech> XF:clearcase-temp-race ================================= Candidate: CAN-1999-0362 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: EEYE:AD02021999 Reference: XF:wsftp-remote-dos Reference: SF:217 WS_FTP server remote denial of service through cwd command. VOTES: ACCEPT(4) Ozancin, Frech, Northcutt, Levy NOOP(1) Wall ================================= Candidate: CAN-1999-0368 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990623 Assigned: 19990607 Category: SF Reference: NETECT:palmetto.ftpd Reference: CERT:CA-99.03 Reference: XF:palmetto-ftpd-bo Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto. Modifications: ADDREF XF:palmetto-ftpd-bo VOTES: ACCEPT(2) Northcutt, Prosser MODIFY(1) Frech COMMENTS: Frech> XF:palmetto-ftpd-bo ================================= Candidate: CAN-1999-0383 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb02,1999 Reference: XF:acc-tigris-login ACC Tigris allows public access without a login. Modifications: DESC change allowed to allows for consistency VOTES: ACCEPT(1) Ozancin MODIFY(1) Frech NOOP(3) Wall, Northcutt, Landfield COMMENTS: Frech> Change allowed to allows. ================================= Candidate: CAN-1999-0388 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:datalynx-suguard-relative-paths Reference: L0PHT:Jan3,1999 DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root. VOTES: ACCEPT(4) Hill, Frech, Prosser, Northcutt ================================= Candidate: CAN-1999-0391 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: L0PHT:Jan. 5, 1999 The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 is reused, allowing an attacker to replay the response and inpersonate a user. VOTES: ACCEPT(4) Hill, Northcutt, Landfield, Levy REVIEWING(1) Frech ================================= Candidate: CAN-1999-0412 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb19,1999 Reference: XF:iis-isapi-execute Reference: SF:501 In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. VOTES: ACCEPT(2) Frech, Wall NOOP(1) Ozancin ================================= Candidate: CAN-1999-0424 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-overwrite talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes. VOTES: ACCEPT(3) Ozancin, Frech, Prosser REVIEWING(1) Wall COMMENTS: Prosser> source should be Prosser> SuSE Security Announcements Prosser> "Security hole in Netscape Communicator's 4.5 'talkback' function" Prosser> http://www.suse.de/security ================================= Candidate: CAN-1999-0425 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-kill talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. VOTES: ACCEPT(3) Ozancin, Frech, Prosser REVIEWING(1) Wall COMMENTS: Prosser> again source should be Prosser> SuSE Security Announcements Prosser> "Security hole in Netscape Communicator's 4.5 'talkback' function" Prosser> http://www.suse.de/security ================================= Candidate: CAN-1999-0437 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-device-crash Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port. Modifications: ADDREF XF:webramp-device-crash VOTES: ACCEPT(2) Hill, Meunier MODIFY(1) Frech NOOP(2) Northcutt, Landfield COMMENTS: Frech> XF:webramp-device-crash Landfield> - really should specify versions ================================= Candidate: CAN-1999-0438 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: ISS:WebRamp Denial of Service Attacks Reference: XF:webramp-ipchange Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address. Modifications: ADDREF XF:webramp-ipchange VOTES: ACCEPT(2) Hill, Meunier MODIFY(1) Frech NOOP(2) Northcutt, Landfield COMMENTS: Frech> XF:webramp-ipchange Landfield> - really should specify versions ================================= Candidate: CAN-1999-0448 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: XF:iis-http-request-logging IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. VOTES: ACCEPT(3) Frech, Wall, Levy NOOP(2) Ozancin, Landfield ================================= Candidate: CAN-1999-0449 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan26,1999 Reference: XF:iis-exair-dos Reference: SF:193 Denial of service in IIS 4 with scripts from the ExAir sample site. VOTES: ACCEPT(4) Wall, Frech, Northcutt, Levy ================================= Candidate: CAN-1999-0458 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan6,1999 Reference: XF:l0phtcrack-temp-files L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information. Modifications: ADDREF XF:l0phtcrack-temp-files VOTES: ACCEPT(3) Hill, Prosser, Northcutt MODIFY(1) Frech NOOP(2) Landfield, Levy COMMENTS: Frech> XF:l0phtcrack-temp-files ================================= Candidate: CAN-1999-0494 Published: Final-Decision: Interim-Decision: 19990925 Modified: Proposed: 19990630 Assigned: 19990607 Category: SF Reference: XF:wingate-pop3-user-bo Denial of service in WinGate proxy through a buffer overflow in POP3. VOTES: ACCEPT(5) Hill, Frech, Northcutt, Landfield, Ozancin ================================= Candidate: CAN-1999-0514 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: XF:fraggle UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target. Modifications: ADDREF XF:fraggle DESC clarified at Landfield's prompting VOTES: ACCEPT(2) Hill, Northcutt MODIFY(1) Frech REVIEWING(1) Landfield COMMENTS: Frech> XF:fraggle Landfield> System ? General Stack issue ? This is not clear. ================================= Candidate: CAN-1999-0526 Published: Final-Decision: Interim-Decision: 19990925 Modified: 19990925-01 Proposed: 19990630 Assigned: 19990607 Category: CF Reference: XF:xcheck-keystroke An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server. Modifications: ADDREF XF:xcheck-keystroke DESC Rephrase per Northcutt's suggestion VOTES: ACCEPT(4) Hill, Blake, Proctor, Balinsky MODIFY(2) Frech, Northcutt COMMENTS: Frech> XF:xcheck-keystroke Northcutt> X does have some access control as long as a user (insider) doesn't type Northcutt> "xhost +". I don't think an outsider can disable the access. Northcutt> Suggested phrasing "An X server's access control can be disabled e.g. Northcutt> through an "xhost +" command and allows anyone to connect to the server."
|
||||
