[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 49 - MISC-01 (35 candidates)



This cluster deals with miscellaneous issues in "obscure" software,
where "obscure" is approximately defined as "not having a distribution
as wide as HP, Sun, or Microsoft."

Proposed: 12/21
Scheduled Proposed: 12/20
Scheduled Interim Decision: 1/3
Scheduled Final Decision: 1/7


- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-1999-0671
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:572

Buffer overflow in ToxSoft NextFTP client through CWD command.

VOTE:

=================================
Candidate: CAN-1999-0672
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:573

Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.

VOTE:

=================================
Candidate: CAN-1999-0673
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:574

Buffer overflow in ALMail32 POP3 client via From: or To: headers.

VOTE:

=================================
Candidate: CAN-1999-0679
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included)
Reference: BID:581

Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows
remote attackers to execute commands via m_invite invite option.

VOTE:

=================================
Candidate: CAN-1999-0719
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:563

The Guile plugin for Gnumeric allows attackers to execute arbitrary code.

VOTE:

=================================
Candidate: CAN-1999-0741
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990818 QMS 2060 printer security hole
Reference: BID:593
Reference: XF:qms-2060-no-root-password

QMS CrownNet Unix Utilities for 2060 allows root to log on without a
password.

VOTE:

=================================
Candidate: CAN-1999-0750
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990913 Hotmail security vulnerability - injecting JavaScript using 'STYLE' tag
Reference: BID:630

Hotmail allows Javascript to be executed via the HTML STYLE tag,
allowing remote attackers to execute commands on the user's Hotmail
account.

VOTE:

=================================
Candidate: CAN-1999-0759
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug
Reference: BID:634

Buffer overflow in FuseMAIL POP service via long USER and PASS
commands.

VOTE:

=================================
Candidate: CAN-1999-0778
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: KSRT:011
Reference: XF:accelx-bo

Buffer overflow in Xi Graphics Accelerated-X server allows local
users to gain root access via a long display or query parameter.

VOTE:

=================================
Candidate: CAN-1999-0788
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BID:662

Arkiea nlservd allows remote attackers to conduct a denial of service.

VOTE:

=================================
Candidate: CAN-1999-0791
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: KSRT:012

Hybrid Network cable modems do not include an authentication mechanism
for administration, allowing remote attackers to compromise the system
through the HSMP protocol.

VOTE:

=================================
Candidate: CAN-1999-0792
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: CF
Reference: ROOTSHELL:23

ROUTERmate has a default SNMP community name which allows remote
attackers to modify its configuration.

VOTE:

=================================
Candidate: CAN-1999-0801
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: XF:bmc-patrol-frames
Reference: BUGTRAQ:19990409 Patrol security bugs

BMC Patrol allows remote attackers to gain access to an agent by
spoofing frames.

VOTE:

=================================
Candidate: CAN-1999-0873
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BID:759

Buffer overflow in Skyfull mail server via MAIL FROM command.

VOTE:

=================================
Candidate: CAN-1999-0890
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities

iHTML Merchant allows remote attackers to obtain sensitive information
or execute commands via a code parsing error.

VOTE:

=================================
Candidate: CAN-1999-0896
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow.
Reference: BID:767

Buffer overflow in RealNetworks RealServer administration utility
allows remote attackers to execute arbitrary commands via a long
username and password.

VOTE:

=================================
Candidate: CAN-1999-0904
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT
Reference: BID:771

Buffer overflow in BFTelnet allows remote attackers to cause a denial
of service via a long username.

VOTE:

=================================
Candidate: CAN-1999-0916
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software

WebTrends software stores account names and passwords in a file which
does not have restricted access permissions.

VOTE:

=================================
Candidate: CAN-1999-0921
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990409 Patrol security bugs

BMC Patrol allows any remote attacker to flood its UDP port, causing a
denial of service.

VOTE:

=================================
Candidate: CAN-1999-0925
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990903 Web servers / possible DOS Attack / mime header flooding

UnityMail allows remote attackers to conduct a denial of service via a
large number of MIME headers.

VOTE:

=================================
Candidate: CAN-1999-0927
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: EEYE:AD05261999

NTMail allows remote attackers to read arbitrary files via a .. (dot
dot) attack.

VOTE:

=================================
Candidate: CAN-1999-0928
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1

Buffer overflow in SmartDesk WebSuite allows remote attackers to cause
a denial of service via a long URL.

VOTE:

=================================
Candidate: CAN-1999-0930
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability

wwwboard allows a remote attacker to delete message board articles via
a malformed argument.

VOTE:

=================================
Candidate: CAN-1999-0931
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: BID:734

Buffer overflow in Mediahouse Statistics Server allows remote
attackers to execute commands.

VOTE:

=================================
Candidate: CAN-1999-0932
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: BID:735

Mediahouse Statistics Server allows remote attackers to read the
administrator password which is stored in cleartext in the ss.cfg
file.

VOTE:

=================================
Candidate: CAN-1999-0941
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980728 mutt x.x

Mutt mail client allows a remote attacker to execute commands via
shell metacharacters.

VOTE:

=================================
Candidate: CAN-1999-0944
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991024 password leak in IBM WebSphere / HTTP Server / ikeyman

IBM WebSphere ikeyman tool uses weak encryption to store
a password for a key database that is used for SSL connections.

VOTE:

=================================
Candidate: CAN-1999-0946
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: BID:760

Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED
tag.

VOTE:

=================================
Candidate: CAN-1999-0948
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BID:757
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares

Buffer overflow in uum program for Canna input system allows local
users to gain root privileges.

VOTE:

=================================
Candidate: CAN-1999-0949
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BID:757
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares

Buffer overflow in canuum program for Canna input system allows local
users to gain root privileges.

VOTE:

=================================
Candidate: CAN-1999-0950
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Reference: BID:747

Buffer overflow in WFTPD FTP server allows remote attackers to gain
root access via	a series of MKD and CWD commands that create nested
directories.

VOTE:

=================================
Candidate: CAN-1999-0954
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: CF
Reference: BUGTRAQ:19990916 More fun with WWWBoard
Reference: BID:649

WWWBoard has a default username and default password.

VOTE:

=================================
Candidate: CAN-1999-0957
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3

MajorCool mj_key_cache program allows local users to modify files via
a symlink attack.

VOTE:

=================================
Candidate: CAN-1999-0968
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19981226 bnc exploit

Buffer overflow in BNC IRC proxy allows remote attackers to gain
privileges.

VOTE:

=================================
Candidate: CAN-1999-0970
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990605 Remote Exploit (Bug) in OmniHTTPd Web Server

The OmniHTTPD visadmin.exe program allows a remote attacker to conduct
a denial of service via a malformed URL which causes a large number of
temporary files to be created.

VOTE:

 
Page Last Updated: May 22, 2007