|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-07 - 23 candidates
The following cluster contains 23 candidates, all of which were announced between 1/15/2000 and 1/31/2000. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0088 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: MS:MS00-002 Reference: XF:office-malformed-convert Reference: BID:946 Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. VOTE: ================================= Candidate: CAN-2000-0089 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition Reference: MS:MS00-004 Reference: MSKB:Q249108 Reference: BID:947 Reference: XF:nt-rdisk-enum-file The rdisk utility in Microsoft Terminal Server Edition stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. VOTE: ================================= Candidate: CAN-2000-0090 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability Reference: XF:linux-vmware-symlink Reference: BID:943 VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0091 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit Reference: BID:942 Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. VOTE: ================================= Candidate: CAN-2000-0092 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: FREEBSD:FreeBSD-SA-00:01 Reference: BID:939 The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. VOTE: ================================= Candidate: CAN-2000-0093 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000122 NIS security advisory : password method downgrade Reference: BUGTRAQ:20000121 Rh 6.1 initial root password encryption An installation of Red Hat uses DES password encryption with crypt() for the initial password, instead of md5. VOTE: ================================= Candidate: CAN-2000-0094 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000121 *BSD procfs vulnerability Reference: FREEBSD:FreeBSD-SA-00:02 Reference: BID:940 procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. VOTE: ================================= Candidate: CAN-2000-0095 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: HP:HPSBUX0001-110 Reference: BID:944 The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier. VOTE: ================================= Candidate: CAN-2000-0096 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000126 Qpopper security bug Reference: BID:948 Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command. VOTE: ================================= Candidate: CAN-2000-0097 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Reference: MS:MS00-006 Reference: BID:950 Reference: XF:http-indexserver-dirtrans The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. VOTE: ================================= Candidate: CAN-2000-0098 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: MS:MS00-006 Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. VOTE: ================================= Candidate: CAN-2000-0099 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000119 Unixware ppptalk Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. VOTE: ================================= Candidate: CAN-2000-0100 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: CF Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. VOTE: ================================= Candidate: CAN-2000-0111 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2 Reference: BID:953 The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. VOTE: ================================= Candidate: CAN-2000-0113 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole Reference: BID:952 The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics. VOTE: ================================= Candidate: CAN-2000-0115 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: NTBUGTRAQ:20000121 Strange behaviour IIS and RegExp IIS allows local users to cause a denial of service via invalid regular expressions in a Visual Basic script in an ASP page. VOTE: ================================= Candidate: CAN-2000-0116 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. VOTE: ================================= Candidate: CAN-2000-0117 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password.. Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000 The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). VOTE: ================================= Candidate: CAN-2000-0118 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000130 RedHat 6.1 /and others/ PAM The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. VOTE: ================================= Candidate: CAN-2000-0119 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: CF Reference: BUGTRAQ:20000130 Bypass Virus Checking The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. VOTE: ================================= Candidate: CAN-2000-0120 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: ALLAIRE:ASB00-04 Reference: BID:955 The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. VOTE: ================================= Candidate: CAN-2000-0130 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000127 New SCO patches... Buffer overflow in SCO scohelp program allows remote attackers to execute commands. VOTE: ================================= Candidate: CAN-2000-0132 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000201 `Microsoft VM for Java' allows reading local files using `getSystemResourceAsStream'. Reference: BID:957 Microsoft Java Virtual Machine allows remote attackers to read files via the getSystemResourceAsStream function. VOTE:
|
||||
