|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [VOTES] Vote details for other recently proposed clusters
This "LEGACY-RECENT-OTHER" meta-cluster contains voting details for all other recently proposed clusters that deal with legacy candidates. NET-01 UNIX-UNCONF MISC-01 WEB - Steve --------------------- CLUSTER NET-01 --------------------- NET-01 (12 candidates) -------------------- Proposed: 12/21 Scheduled Proposed: 12/20 Scheduled Interim Decision: 1/3 Scheduled Final Decision: 1/7 Various problems in network devices and protocols Voters: Cole ACCEPT(9) MODIFY(3) Stracener ACCEPT(9) MODIFY(1) NOOP(1) REVIEWING(1) <INTERIM> --> 6 <PROPOSED> --> 6 ACCEPT --> 8 MODIFY --> 3 REVIEWING --> 1 ================================= Candidate: CAN-1999-0667 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991008 Category: SF The ARP protocol allows any host to spoof ARP replies and poison the ARP cache to conduct IP address spoofing or a denial of service. INFERRED ACTION: CAN-1999-0667 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Stracener Comments: Stracener> Add Ref: BUGTRAQ:19970919 Playing redir games with ARP and ICMP ================================= Candidate: CAN-1999-0675 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:576 Firewall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host. INFERRED ACTION: CAN-1999-0675 MOREVOTES (1 accept, 0 ack, 1 review) Current Votes: MODIFY(1) Cole REVIEWING(1) Stracener Comments: Cole> This only occurs when the VPN being used for the transport of the packet Cole> supports ISAKMP encryption. ================================= Candidate: CAN-1999-0683 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:gauntlet-dos Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0 Reference: BID:556 Denial of service in Gauntlet Firewall via a malformed ICMP packet. INFERRED ACTION: CAN-1999-0683 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Cole Comments: Cole> The BUGTRAQ number is 19990730 and the BID is 556. This also occurs when an Cole> ICMP Protocol Problem packet's (ICMP_PARAMPROB) encapsulated IP packet has a Cole> random protocol field and certain IP options set. ================================= Candidate: CAN-1999-0734 Published: Final-Decision: Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991125 Category: CF Reference: CISCO: CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability Reference: XF:ciscosecure-read-write A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication. INFERRED ACTION: CAN-1999-0734 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0770 Published: Final-Decision: Interim-Decision: 20000111 Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1 Reference: BID:549 Reference: CHECKPOINT:ACK DOS ATTACK Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems. INFERRED ACTION: CAN-1999-0770 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0775 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error Reference: XF:cisco-gigaswitch Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list. Modifications: ADDREF XF:cisco-gigaswitch INFERRED ACTION: CAN-1999-0775 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0816 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters The Motorola CableRouter allows any remote user to connect to and configure the router on port 1024. INFERRED ACTION: CAN-1999-0816 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0875 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991208 Category: CF Reference: L0PHT:19990811 Reference: MSKB:Q216141 Reference: BID:578 Reference: XF:irdp-gateway-spoof DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes. Modifications: ADDREF XF:irdp-gateway-spoof INFERRED ACTION: CAN-1999-0875 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0889 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990810 Cisco 675 password nonsense Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. INFERRED ACTION: CAN-1999-0889 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0895 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Firewall-1 does not properly restrict access to LDAP attributes. INFERRED ACTION: CAN-1999-0895 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener ================================= Candidate: CAN-1999-0905 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0 Reference: BID:736 Reference: XF:raptor-ipoptions-dos Denial of service in Axent Raptor firewall via malformed zero-length IP options. Modifications: ADDREF BID:736 ADDREF XF:raptor-ipoptions-dos INFERRED ACTION: CAN-1999-0905 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Cole Comments: Cole> This occurs when the SECURITY and TIMESTAMP IP options length is set to 0 ================================= Candidate: CAN-1999-0919 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980510 Security Vulnerability in Motorola CableRouters A memory leak in a Motorola CableRouter allows remote attackers to conduct a denial of service via a large number of telnet connections. INFERRED ACTION: CAN-1999-0919 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(1) Stracener --------------------- CLUSTER UNIX-UNCONF --------------------- UNIX-UNCONF (42 candidates) -------------------- Proposed: 12/21 Scheduled Proposed: 12/20 Scheduled Interim Decision: 1/3 Scheduled Final Decision: 1/7 Various Unix problems that may not be confirmed by vendor Voters: Ozancin ACCEPT(34) NOOP(8) Christey NOOP(1) Stracener ACCEPT(35) MODIFY(6) REVIEWING(1) <MODIFIED> --> 2 <PROPOSED> --> 40 ACCEPT --> 35 MODIFY --> 6 REVIEWING --> 1 ================================= Candidate: CAN-1999-0189 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19990607 Category: SF Reference: SUN:00142 Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. INFERRED ACTION: CAN-1999-0189 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0389 Published: Final-Decision: Interim-Decision: Modified: 19991207-01 Proposed: 19991222 Assigned: 19990607 Category: SF Reference: DEBIAN:19990104 Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows Reference: BID:324 Buffer overflow in the bootp server in the Debian Linux netstd package. INFERRED ACTION: CAN-1999-0389 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin NOOP(1) Christey Comments: Christey> Is this the same line of code as CVE-1999-0914? Both are in Christey> the netstd package, it could look like a library problem. Christey> Christey> However, deep in the changelog in the Christey> netstd_3.07-7slink.3.diff on Debian, Herbert Xu includes Christey> the following entry: Christey> Christey> +netstd (3.07-7slink.1) frozen; urgency=high Christey> + Christey> + * bootpd: Applied patch from Redhat as well as a fix for the overflow in Christey> + report() (fixes #30675). Christey> + * netkit-ftp: Applied patch from RedHat that fixes some obscure overflow Christey> + bugs. Christey> + Christey> + -- Herbert Xu <herbert@debian.org> Sat, 19 Dec 1998 14:36:48 +1100 Christey> Christey> This tells me that two separate bugs are involved. ================================= Candidate: CAN-1999-0390 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit Reference: BID:187 Buffer overflow in Dosemu Slang library in Linux. INFERRED ACTION: CAN-1999-0390 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0676 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:sun-stdcm-convert Reference: BID:575 Reference: BUGTRAQ:19990808 stdcm_convert stdcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. INFERRED ACTION: CAN-1999-0676 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0678 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: CF Reference: XF:apache-debian-usrdoc Reference: BUGTRAQ: An issue with Apache on Debian A default configuration of Apache on Debian Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. INFERRED ACTION: CAN-1999-0678 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0697 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare Reference: BID:621 SCO Doctor allows local users to gain root privileges through a Tools option. INFERRED ACTION: CAN-1999-0697 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener NOOP(1) Ozancin ================================= Candidate: CAN-1999-0698 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Denial of service in IP protocol logger (ippl) on Red Hat and Debian Linux. INFERRED ACTION: CAN-1999-0698 MOREVOTES (1 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Ozancin REVIEWING(1) Stracener Comments: Stracener> Is the candidate referring to the denial of service problem mentioned in Stracener> the Stracener> changelogs for versions previous to 1.4.3-1 or does it pertain to some Stracener> problem with or Stracener> 1.4.8-1? ================================= Candidate: CAN-1999-0711 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ: *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed Reference: XF:oracle-oratclsh The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root. INFERRED ACTION: CAN-1999-0711 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0720 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:597 Reference: XF:linux-pt-chown The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users. INFERRED ACTION: CAN-1999-0720 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Ozancin MODIFY(1) Stracener Comments: Stracener> Add Ref: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD Stracener> / lynx / Stracener> vlock / mc / glibc 2.0.x ================================= Candidate: CAN-1999-0727 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. INFERRED ACTION: CAN-1999-0727 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Ozancin MODIFY(1) Stracener Comments: Stracener> Add Ref: OPENBSD:19990608 Packets that should have been handled by Stracener> IPsec maybe transmitted as cleartext. PF_KEY SA expirations may leak Stracener> kernel resources. ================================= Candidate: CAN-1999-0733 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows Reference: XF:linux-vmware-buffer-overflows Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. INFERRED ACTION: CAN-1999-0733 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0740 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:594 Reference: XF:linux-telnetd-term Reference: CALDERA:CSSA-1999:022 Reference: REDHAT:RHSA1999029_01 Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. INFERRED ACTION: CAN-1999-0740 ACCEPT_ACK (2 accept, 3 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0746 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: CF Reference: BUGTRAQ:19990814 DOS against SuSE's identd Reference: BID:587 Reference: XF:suse-identd-dos A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. INFERRED ACTION: CAN-1999-0746 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0747 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ: Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1 Reference: BID:589 Reference: XF:bsdi-smp-dos Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load. INFERRED ACTION: CAN-1999-0747 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Ozancin MODIFY(1) Stracener Comments: Stracener> Add a date to the Ref above: BUGTRAQ:19990817 Symmetric... ================================= Candidate: CAN-1999-0754 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:inn-innconf-env Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable. INFERRED ACTION: CAN-1999-0754 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener NOOP(1) Ozancin ================================= Candidate: CAN-1999-0773 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow Reference: XF:sol-lpset-bo Buffer overflow in Solaris lpset program allows local users to gain root access. INFERRED ACTION: CAN-1999-0773 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0780 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. INFERRED ACTION: CAN-1999-0780 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0781 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. INFERRED ACTION: CAN-1999-0781 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0782 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. INFERRED ACTION: CAN-1999-0782 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0785 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential Reference: XF:inn-pathrun The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. INFERRED ACTION: CAN-1999-0785 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0786 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6 Reference: BID:659 The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. INFERRED ACTION: CAN-1999-0786 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0787 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:660 The SSH authentication agent follows symlinks via a UNIX domain socket. INFERRED ACTION: CAN-1999-0787 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener NOOP(1) Ozancin Comments: Stracener> Add Ref: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability] ================================= Candidate: CAN-1999-0795 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: NAI:NAI-27 The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches. CONTENT-DECISIONS: SF-LOC INFERRED ACTION: CAN-1999-0795 MOREVOTES (1 accept, 1 ack, 0 review) HAS_CDS Current Votes: ACCEPT(1) Stracener NOOP(1) Ozancin ================================= Candidate: CAN-1999-0797 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: CIAC:I-070 NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. INFERRED ACTION: CAN-1999-0797 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0798 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981204 bootpd remote vulnerability Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via a malformed header type. INFERRED ACTION: CAN-1999-0798 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0799 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices) Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location. INFERRED ACTION: CAN-1999-0799 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0803 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ: IBM eNetwork Firewall for AIX The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. INFERRED ACTION: CAN-1999-0803 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0806 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:cde-dtprintinfo Buffer overflow in Solaris dtprintinfo program. INFERRED ACTION: CAN-1999-0806 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Ozancin MODIFY(1) Stracener Comments: Stracener> Add Ref: BUGTRAQ:19990510:Solaris2.6,2.7 dtprintinfo exploits ================================= Candidate: CAN-1999-0813 Published: Final-Decision: Interim-Decision: Modified: 20000106-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0 Reference: BUGTRAQ:19980724 CFINGERD root security hole Reference: DEBIAN:19990814 Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges. Modifications: ADDREF DEBIAN:19990814 ADDREF BUGTRAQ:19980724 CFINGERD root security hole DESC add ALLOW_EXECUTION qualifier INFERRED ACTION: CAN-1999-0813 MOREVOTES (1 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Stracener NOOP(1) Ozancin ================================= Candidate: CAN-1999-0888 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990817 Security Bug in Oracle Reference: BID:585 dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script. INFERRED ACTION: CAN-1999-0888 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0893 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. INFERRED ACTION: CAN-1999-0893 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0903 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup) genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767. INFERRED ACTION: CAN-1999-0903 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0906 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit Reference: BID:656 Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable. INFERRED ACTION: CAN-1999-0906 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Ozancin MODIFY(1) Stracener Comments: Stracener> Add Ref:SUSE: Security hole in sccw (Part II) 26.09.1999 ================================= Candidate: CAN-1999-0908 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990921 solaris DoS Reference: BID:655 Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. INFERRED ACTION: CAN-1999-0908 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0912 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service Reference: BID:653 FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files. INFERRED ACTION: CAN-1999-0912 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener NOOP(1) Ozancin ================================= Candidate: CAN-1999-0920 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. INFERRED ACTION: CAN-1999-0920 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0942 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes. INFERRED ACTION: CAN-1999-0942 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener NOOP(1) Ozancin ================================= Candidate: CAN-1999-0952 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990126 Buffer overflow in Solaris 2.6/2.7 /usr/bin/lpstat Buffer overflow in Solaris lpstat via class argument allows local users to gain root access. INFERRED ACTION: CAN-1999-0952 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0958 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS. sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack. INFERRED ACTION: CAN-1999-0958 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0961 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ? HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation. INFERRED ACTION: CAN-1999-0961 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0966 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: L0PHT:19970127 Solaris libc - getopt(3) Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0]. INFERRED ACTION: CAN-1999-0966 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0971 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file. INFERRED ACTION: CAN-1999-0971 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener NOOP(1) Ozancin --------------------- CLUSTER MISC-01 --------------------- MISC-01 (35 candidates) -------------------- Proposed: 12/21 Scheduled Proposed: 12/20 Scheduled Interim Decision: 1/3 Scheduled Final Decision: 1/7 Miscellaneous issues in "obscure" software Voters: Stracener ACCEPT(27) MODIFY(8) <PROPOSED> --> 35 ACCEPT --> 27 MODIFY --> 8 ================================= Candidate: CAN-1999-0671 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:572 Buffer overflow in ToxSoft NextFTP client through CWD command. INFERRED ACTION: CAN-1999-0671 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener Comments: Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.035 ================================= Candidate: CAN-1999-0672 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:573 Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. INFERRED ACTION: CAN-1999-0672 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener Comments: Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.036 ================================= Candidate: CAN-1999-0673 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:574 Buffer overflow in ALMail32 POP3 client via From: or To: headers. INFERRED ACTION: CAN-1999-0673 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener Comments: Stracener> AddRef: ShadowPenguinSecurity:PenguinToolbox,No.037 ================================= Candidate: CAN-1999-0679 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included) Reference: BID:581 Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option. INFERRED ACTION: CAN-1999-0679 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0719 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:563 The Guile plugin for Gnumeric allows attackers to execute arbitrary code. INFERRED ACTION: CAN-1999-0719 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener Comments: Stracener> Add Ref: BUGTRAQ:19990803 Gnumeric Potential Security Hole Stracener> Add Ref: REDHAT:RHSA-1999:023-01 ================================= Candidate: CAN-1999-0741 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990818 QMS 2060 printer security hole Reference: BID:593 Reference: XF:qms-2060-no-root-password QMS CrownNet Unix Utilities for 2060 allows root to log on without a password. INFERRED ACTION: CAN-1999-0741 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0750 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990913 Hotmail security vulnerability - injecting JavaScript using 'STYLE' tag Reference: BID:630 Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account. INFERRED ACTION: CAN-1999-0750 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener Comments: Stracener> Many sites are vulnerable to this problem. I recommend removing the Stracener> explicit references to Hotmail and making the description more generic. Stracener> Suggest: Javascript can be injected using the STYLE tag in an HTML Stracener> formatted e-mail, allowing remote attackers to execute commands on user Stracener> accounts. ================================= Candidate: CAN-1999-0759 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug Reference: BID:634 Buffer overflow in FuseMAIL POP service via long USER and PASS commands. INFERRED ACTION: CAN-1999-0759 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0778 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: KSRT:011 Reference: XF:accelx-bo Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. INFERRED ACTION: CAN-1999-0778 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0788 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:662 Arkiea nlservd allows remote attackers to conduct a denial of service. INFERRED ACTION: CAN-1999-0788 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener Comments: Stracener> Add Ref:BUGTRAQ:19990923 Multiple vendor Knox Arkiea local root/remote Stracener> DoS ================================= Candidate: CAN-1999-0791 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: KSRT:012 Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol. INFERRED ACTION: CAN-1999-0791 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener Comments: Stracener> Add Ref: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Stracener> Modems ================================= Candidate: CAN-1999-0792 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: CF Reference: ROOTSHELL:23 ROUTERmate has a default SNMP community name which allows remote attackers to modify its configuration. INFERRED ACTION: CAN-1999-0792 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: MODIFY(1) Stracener Comments: Stracener> Change the Ref to read: ROOTSHELL: Osicom Technologies ROUTERmate Stracener> Security Stracener> Advisory ================================= Candidate: CAN-1999-0801 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: XF:bmc-patrol-frames Reference: BUGTRAQ:19990409 Patrol security bugs BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. INFERRED ACTION: CAN-1999-0801 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0873 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BID:759 Buffer overflow in Skyfull mail server via MAIL FROM command. INFERRED ACTION: CAN-1999-0873 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0890 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. INFERRED ACTION: CAN-1999-0890 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0896 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow. Reference: BID:767 Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password. INFERRED ACTION: CAN-1999-0896 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0904 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT Reference: BID:771 Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username. INFERRED ACTION: CAN-1999-0904 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0916 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: CF Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software WebTrends software stores account names and passwords in a file which does not have restricted access permissions. INFERRED ACTION: CAN-1999-0916 MOREVOTES (1 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0921 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990409 Patrol security bugs BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. INFERRED ACTION: CAN-1999-0921 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0925 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990903 Web servers / possible DOS Attack / mime header flooding UnityMail allows remote attackers to conduct a denial of service via a large number of MIME headers. CONTENT-DECISIONS: SF-CODEBASE INFERRED ACTION: CAN-1999-0925 MOREVOTES (1 accept, 0 ack, 0 review) HAS_CDS Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0927 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: EEYE:AD05261999 NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-1999-0927 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0928 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1 Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. INFERRED ACTION: CAN-1999-0928 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0930 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability wwwboard allows a remote attacker to delete message board articles via a malformed argument. INFERRED ACTION: CAN-1999-0930 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0931 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01 Reference: BID:734 Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands. INFERRED ACTION: CAN-1999-0931 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0932 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: CF Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01 Reference: BID:735 Mediahouse Statistics Server allows remote attackers to read the administrator password which is stored in cleartext in the ss.cfg file. INFERRED ACTION: CAN-1999-0932 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0941 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980728 mutt x.x Mutt mail client allows a remote attacker to execute commands via shell metacharacters. INFERRED ACTION: CAN-1999-0941 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0944 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991024 password leak in IBM WebSphere / HTTP Server / ikeyman IBM WebSphere ikeyman tool uses weak encryption to store a password for a key database that is used for SSL connections. CONTENT-DECISIONS: DESIGN-WEAK-ENCRYPTION INFERRED ACTION: CAN-1999-0944 MOREVOTES (1 accept, 0 ack, 0 review) HAS_CDS Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0946 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: BID:760 Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. INFERRED ACTION: CAN-1999-0946 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0948 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BID:757 Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Buffer overflow in uum program for Canna input system allows local users to gain root privileges. CONTENT-DECISIONS: SF-LOC, SF-EXEC INFERRED ACTION: CAN-1999-0948 MOREVOTES (1 accept, 0 ack, 0 review) HAS_CDS Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0949 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BID:757 Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Buffer overflow in canuum program for Canna input system allows local users to gain root privileges. CONTENT-DECISIONS: SF-LOC, SF-EXEC INFERRED ACTION: CAN-1999-0949 MOREVOTES (1 accept, 0 ack, 0 review) HAS_CDS Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0950 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Reference: BID:747 Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. INFERRED ACTION: CAN-1999-0950 MOREVOTES (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0954 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: CF Reference: BUGTRAQ:19990916 More fun with WWWBoard Reference: BID:649 WWWBoard has a default username and default password. INFERRED ACTION: CAN-1999-0954 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0957 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3 MajorCool mj_key_cache program allows local users to modify files via a symlink attack. INFERRED ACTION: CAN-1999-0957 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0968 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19981226 bnc exploit Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. INFERRED ACTION: CAN-1999-0968 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener ================================= Candidate: CAN-1999-0970 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990605 Remote Exploit (Bug) in OmniHTTPd Web Server The OmniHTTPD visadmin.exe program allows a remote attacker to conduct a denial of service via a malformed URL which causes a large number of temporary files to be created. INFERRED ACTION: CAN-1999-0970 MOREVOTES (1 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener --------------------- CLUSTER WEB --------------------- WEB (35 candidates) -------------------- Proposed: 12/13 Scheduled Proposed: 12/13 Scheduled Interim Decision: 12/27 Scheduled Final Decision: 12/31 Problems in WWW servers and clients Voters: Christey NOOP(1) Cole ACCEPT(2) MODIFY(2) NOOP(6) Stracener ACCEPT(9) REVIEWING(1) Blake ACCEPT(10) <FINAL> --> 25 <INTERIM> --> 3 <MODIFIED> --> 1 <PROPOSED> --> 6 ACCEPT --> 8 MODIFY --> 1 REVIEWING --> 1 ================================= Candidate: CAN-1999-0677 Published: Final-Decision: Interim-Decision: Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: CF Reference: BUGTRAQ:19990802 [LoWNOISE] Password hunting with webramp Reference: BID:577 The WebRamp web administration utility has a default password. CONTENT-DECISIONS: CF-PASS INFERRED ACTION: CAN-1999-0677 ACCEPT (3 accept, 0 ack, 0 review) HAS_CDS Current Votes: ACCEPT(2) Blake, Stracener MODIFY(1) Cole Comments: Cole> I would add that is is not forced to be changed. ================================= Candidate: CAN-1999-0753 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991125 Category: unknown Reference: BUGTRAQ:19990817 Stupid bug in W3-msql Reference: XF:mini-sql-w3-msql-cgi Reference: BID:591 The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories. Modifications: ADDREF XF:mini-sql-w3-msql-cgi INFERRED ACTION: CAN-1999-0753 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Blake, Stracener NOOP(1) Christey Comments: Christey> May be a configuration error and not a software flaw. See Christey> BUGTRAQ:19990820 Re: Stupid bug in W3-msql (David J. Hughes) ================================= Candidate: CAN-1999-0776 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: NTBUGTRAQ:19990506 ".."-hole in Alibaba 2.0 Reference: XF:http-alibaba-dotdot Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack. INFERRED ACTION: CAN-1999-0776 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener NOOP(1) Cole ================================= Candidate: CAN-1999-0790 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991125 Category: SF A remote attacker can read information from a Netscape user's cache via JavaScript. INFERRED ACTION: CAN-1999-0790 MOREVOTES (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Blake MODIFY(1) Cole REVIEWING(1) Stracener Comments: Cole> What is being exploited? Stracener> need reference ================================= Candidate: CAN-1999-0881 Published: Final-Decision: Interim-Decision: 20000111 Modified: 20000111-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991025 Falcon Web Server Reference: BINDVIEW:Falcon Web Server Reference: BID:743 Reference: XF:falcon-path-parsing Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:falcon-path-parsing ADDREF BID:743 INFERRED ACTION: CAN-1999-0881 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener NOOP(1) Cole ================================= Candidate: CAN-1999-0882 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991025 Falcon Web Server Reference: BINDVIEW:Falcon Web Server Falcon web server allows remote attackers to determine the absolute path of the web root via long file names. CONTENT-DECISIONS: DESIGN-REAL-PATH INFERRED ACTION: CAN-1999-0882 ACCEPT_ACK (2 accept, 2 ack, 0 review) HAS_CDS Current Votes: ACCEPT(2) Blake, Stracener NOOP(1) Cole ================================= Candidate: CAN-1999-0885 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991103 More Alibaba Web Server problems... Reference: BID:770 Alibaba web server allows remote attackers to execute commands via a pipe character in a malformed URL. INFERRED ACTION: CAN-1999-0885 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener NOOP(1) Cole ================================= Candidate: CAN-1999-0897 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990908 bug in iChat 3.0 (maybe others) iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-1999-0897 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener NOOP(1) Cole ================================= Candidate: CAN-1999-0913 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990804 NSW Dragon Fire gets drowned Reference: BID:564 dfire.cgi script in Dragon-Fire IDS allows remote users to execute commands via shell metacharacters. INFERRED ACTION: CAN-1999-0913 MOREVOTES (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener NOOP(1) Cole ================================= Candidate: CAN-1999-0929 Published: Final-Decision: Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990616 Novell NetWare webservers DoS Novell NetWare with Novell-HTTP-Server or YAWN web servers allows remote attackers to conduct a denial of service via a large number of HTTP GET requests. CONTENT-DECISIONS: SF-CODEBASE INFERRED ACTION: CAN-1999-0929 ACCEPT (3 accept, 0 ack, 0 review) HAS_CDS Current Votes: ACCEPT(3) Cole, Blake, Stracener
|
||||
