|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 53 (RECENT-04) - 43 candidates
The following cluster contains 43 candidates, all of which were announced between 12/20/1999 and 1/1/2000. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. Proposed: 1/10/00 Scheduled Interim Decision: 1/24/00 Scheduled Final Decision: 1/28/00 Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0001 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c) RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. VOTE: ================================= Candidate: CAN-2000-0002 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Buffer overflow in ZBServer Pro allows remote attackers to execute commands via a long GET request. VOTE: ================================= Candidate: CAN-2000-0003 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. VOTE: ================================= Candidate: CAN-2000-0004 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL. VOTE: ================================= Candidate: CAN-2000-0005 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 aserver.sh Reference: BUGTRAQ:20000102 HPUX Aserver revisited. Reference: HP:HPSBUX0001-108 HP-UX aserver program allows local users to gain privileges via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0006 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991225 strace can lie strace allows local users to read arbitrary files via memory mapped file names. VOTE: ================================= Candidate: CAN-2000-0007 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack Trend Micro PC-Cillin does not restrict access to its to its internal proxy port, allowing remote attackers to conduct a denial of service. VOTE: ================================= Candidate: CAN-2000-0008 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:19991227 FTPPro insecuities FTPPro allows local users to read sensitive information, which is stored in plain text. VOTE: ================================= Candidate: CAN-2000-0009 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 bna,sh Reference: BID:907 bna_pass program in Optivity NETarchitect allows local users to gain privileges via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0010 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991226 WebWho+ ADVISORY WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. VOTE: ================================= Candidate: CAN-2000-0011 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1 Reference: BID:906 Buffer overflow in AnalogX SimpleServer:WWW allows remote attackers to execute commands via a long GET request. VOTE: ================================= Candidate: CAN-2000-0012 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL Reference: BID:898 Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. VOTE: ================================= Candidate: CAN-2000-0013 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991231 irix-soundplayer.sh Reference: BID:909 IRIX midikeys program allows local users to gain privileges via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0014 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K Reference: BID:897 Denial of service in Savant web server via a null character in the requested URL. VOTE: ================================= Candidate: CAN-2000-0015 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991231 tftpserv.sh Reference: BID:910 CascadeView TFTP server allows local users to gain privileges via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0016 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991001 Vulnerabilities in the Internet Anywhere Mail Server Reference: BUGTRAQ:19991227 Remote DoS/Access Attack in Internet Anywhere Mail Server(POP 3) v2.3.1 Reference: BID:730 Buffer overflow in Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service or execute commands via a long username. VOTE: ================================= Candidate: CAN-2000-0017 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991221 (Possible) Linuxconf Remote Buffer Overflow Vulnerability Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter. VOTE: ================================= Candidate: CAN-2000-0018 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991221 Wmmon under FreeBSD wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. VOTE: ================================= Candidate: CAN-2000-0019 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991221 [w00giving '99 #11] IMail's password encryption scheme IMail POP3 daemon uses weak encryption, which allows local users to read files. VOTE: ================================= Candidate: CAN-2000-0020 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. VOTE: ================================= Candidate: CAN-2000-0021 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Lotus Domino HTTP server allows remote attackers to determine the real path of the server via a request to a non-existent script in /cgi-bin. VOTE: ================================= Candidate: CAN-2000-0022 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. VOTE: ================================= Candidate: CAN-2000-0023 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. VOTE: ================================= Candidate: CAN-2000-0024 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: MS:MS99-061 Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability) IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. VOTE: ================================= Candidate: CAN-2000-0025 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: MS:MS99-058 IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. VOTE: ================================= Candidate: CAN-2000-0026 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. VOTE: ================================= Candidate: CAN-2000-0027 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit Reference: BID:900 IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0028 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 IE 5.01 vulnerabilities in external.NavigateAndFind() Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. VOTE: ================================= Candidate: CAN-2000-0029 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 UnixWare local pis exploit Reference: BID:901 UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0030 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. VOTE: ================================= Candidate: CAN-2000-0031 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1 Reference: REDHAT:RHSA-1999:052-04 The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0032 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. VOTE: ================================= Candidate: CAN-2000-0033 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug Reference: BID:899 InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. VOTE: ================================= Candidate: CAN-2000-0034 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 More Netscape Passwords Available. Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." VOTE: ================================= Candidate: CAN-2000-0035 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991228 majordomo local exploit Reference: BID:902 resend command in Majordomo allows local users to gain privileges via shell metacharacters. VOTE: ================================= Candidate: CAN-2000-0036 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: MS:MS99-060 Reference: MSKB:Q249082 Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. VOTE: ================================= Candidate: CAN-2000-0037 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991228 majordomo local exploit Reference: BID:903 Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. VOTE: ================================= Candidate: CAN-2000-0038 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: CF Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions) glFtpD includes a default glftpd user account with a default password and a UID of 0. VOTE: ================================= Candidate: CAN-2000-0039 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991229 AltaVista Reference: BUGTRAQ:19991230 Follow UP AltaVista Reference: BUGTRAQ:19991229 AltaVista followup and monitor script Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability Reference: BID:896 AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query program. VOTE: ================================= Candidate: CAN-2000-0040 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions) glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. VOTE: ================================= Candidate: CAN-2000-0041 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections Reference: BID:890 Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. VOTE: ================================= Candidate: CAN-2000-0042 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A Reference: BID:895 Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. VOTE: ================================= Candidate: CAN-2000-0043 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT Reference: BID:905 Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. VOTE:
|
||||
