[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster 52 - RECENT-03 (19 candidates)



This cluster includes recently announced problems from 12/13/1999
through 12/20/1999.  "Recent" clusters will be proposed on a weekly
basis for the foreseeable future as we consider issues related to
going live with candidate assignment.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

Proposed: 12/21
Scheduled Proposed: 12/20
Scheduled Interim Decision: 1/3
Scheduled Final Decision: 1/7


- Steve



Summary of votes to use (in ascending order of "severity"):

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-1999-0992
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: HP:HPSBUX9912-107

HP VirtualVault with the PHSS_17692 patch allows unprivileged
processes to bypass access restrictions via the Trusted Gateway Proxy
(TGP).

VOTE:

=================================
Candidate: CAN-1999-0993
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: unknown
Reference: NTBUGTRAQ:19991213 Changing ACL's in Exchange Server

Modifications to ACLs (Access Control Lists) in Microsoft Exchange
5.5 do not take effect until the directory store cache is refreshed.

VOTE:

=================================
Candidate: CAN-1999-0994
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature
Reference: MS:MS99-056
Reference: MSKB:Q248183
Reference: BID:873

Windows NT with SYSKEY reuses the keystream that is used for
encrypting SAM password hashes, allowing an attacker to crack
passwords.

VOTE:

=================================
Candidate: CAN-1999-0995
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: NAI:19991216 Windows NT LSA Remote Denial of Service
Reference: MS:MS99-057
Reference: MSKB:Q248185

Windows NT Local Security Authority (LSA) allows remote attackers to
cause a denial of service via malformed arguments to the LsaLookupSids
function which looks up the SID, aka "Malformed Security Identifier
Request."

VOTE:

=================================
Candidate: CAN-1999-0996
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: EEYE:AD19991215
Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow

Buffer overflow in Infoseek Ultraseek search engine allows remote
attackers to execute commands via a long GET request.

VOTE:

=================================
Candidate: CAN-1999-0997
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: unknown
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)

wu-ftp with FTP conversion enabled allows an attacker to execute
commands via a malformed file name that is interpreted as an argument
to the program that does the conversion, e.g. tar or uncompress.

VOTE:

=================================
Candidate: CAN-1999-0998
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities

Cisco Cache Engine allows an attacker to replace content in the cache.

VOTE:

=================================
Candidate: CAN-1999-0999
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: MS:MS99-059
Reference: MSKB:Q248749

Microsoft SQL server allows a remote attacker to cause a denial of
service via a malformed TDS packet.

VOTE:

=================================
Candidate: CAN-1999-1000
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities

The web administration interface for Cisco Cache Engine allows remote
attackers to view performance statistics.

VOTE:

=================================
Candidate: CAN-1999-1001
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities

Cisco Cache Engine allows a remote attacker to gain access via a null
username and password.

VOTE:

=================================
Candidate: CAN-1999-1002
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: http://www.rstcorp.com/news/bad-crypto.html
Reference: BUGTRAQ:19991216 Reinventing the wheel (aka "Decoding Netscape Mail passwords")
Reference: BUGTRAQ:19991220 Netscape password scrambling

Netscape Navigator uses weak encryption for storing a user's Netscape
mail password.

VOTE:

=================================
Candidate: CAN-1999-1003
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991214 Local / Remote D.o.S Attack in War FTP Daemon 1.70 Vulnerability
Reference: BUGTRAQ:19991216 Statement: Local / Remote D.o.S Attack in War FTP Daemon 1.70

War FTP Daemon 1.70 allows remote attackers to cause a denial of
service by flooding it with connections.

VOTE:

=================================
Candidate: CAN-1999-1004
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS
Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum)

Buffer overflow in the POP server POProxy for the Norton Anti-Virus
protection NAV2000 program via a large USER command.

VOTE:

=================================
Candidate: CAN-1999-1005
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991219 Groupewise Web Interface

Groupwise web server GWWEB.EXE allows remote attackers to read
arbitrary files with .htm extensions via a .. (dot dot) attack using
the HELP parameter.

VOTE:

=================================
Candidate: CAN-1999-1006
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991219 Groupewise Web Interface

Groupwise web server GWWEB.EXE allows remote attackers to determine
the real path of the web server via the HELP parameter.

VOTE:

=================================
Candidate: CAN-1999-1007
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: BID:872

Buffer overflow in VDO Live Player allows remote attackers to execute
commands on the VDO client via a malformed .vdo file.

VOTE:

=================================
Candidate: CAN-1999-1008
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit
Reference: BID:871

xsoldier program allows local users to gain root access via a
long argument.

VOTE:

=================================
Candidate: CAN-1999-1009
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: unknown
Reference: BUGTRAQ:19991213 Privacy hole in Go Express Search

The Disney Go Express Search allows remote attackers to access and
modify search information for users by connecting to an HTTP server on
the user's system.

VOTE:

=================================
Candidate: CAN-1999-1010
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy

An SSH 1.2.27 server allows a client to use the "none" cipher, even if
it is not allowed by the server policy.

VOTE:

 
Page Last Updated: May 22, 2007