|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-10 - 15 candidates
The following cluster contains 15 candidates that were announced between February 15 and February 21, 2000. As with the last cluster, this one includes URLs for the references. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0153 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000216 Doubledot bug in FrontPage FrontPage Personal Web Server. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000801bf780a$9ad4b2e0$0100007f@localhost Reference: BID:989 Reference: URL:http://www.securityfocus.com/bid/989 FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. VOTE: ================================= Candidate: CAN-2000-0154 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: NAI:20000215 ARCserve symlink vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com Reference: BID:988 Reference: URL:http://www.securityfocus.com/bid/988 The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0155 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000218 AUTORUN.INF Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000701bf79cd$fdb5a620$4c4342a6@mightye.org Reference: BID:993 Reference: URL:http://www.securityfocus.com/bid/993 Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. VOTE: ================================= Candidate: CAN-2000-0156 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: MS:MS00-009 Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-009.asp Internet Explorer 4.x and 5.x allow a remote web server to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. VOTE: ================================= Candidate: CAN-2000-0157 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: NETBSD:1999-012 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. VOTE: ================================= Candidate: CAN-2000-0158 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: NAI:20000215 Remote Vulnerability in the MMDF SMTP Daemon Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000001bf78af$6d0d47a0$4d2f45a1@jmagdych.na.nai.com Reference: BUGTRAQ:20000218 MMDF Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=200002181449.JAA03436@dragonfly.corp.home.net Reference: BID:997 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=997 Buffer overflow in MMDF server allows remote attackers to gain privileges via a long MAIL FROM command to the SMTP daemon. VOTE: ================================= Candidate: CAN-2000-0159 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: HP:HPSBUX0002-111 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. VOTE: ================================= Candidate: CAN-2000-0160 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000221 Microsoft signed software can be install software without prompting users Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000221103938.T21312@securityfocus.com The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. VOTE: ================================= Candidate: CAN-2000-0161 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: MS:MS00-010 Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-010.asp Reference: BID:994 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=994 Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. VOTE: ================================= Candidate: CAN-2000-0162 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: MS:MS00-011 Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-011.asp The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. VOTE: ================================= Candidate: CAN-2000-0163 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: FREEBSD:FreeBSD-SA-00:03 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2092 Reference: BID:996 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=996 asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file. VOTE: ================================= Candidate: CAN-2000-0164 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000220 Sun Internet Mail Server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. VOTE: ================================= Candidate: CAN-2000-0165 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000210 Re: application proxies? Reference: FREEBSD:FreeBSD-SA-00:04 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. VOTE: ================================= Candidate: CAN-2000-0166 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com Reference: BID:995 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=995 Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. VOTE: ================================= Candidate: CAN-2000-0167 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: NTBUGTRAQ:20000215 Crashing Inetinfo.exe by using a longfilename in the \mailroot\pickup directory Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0002&L=ntbugtraq&F=&S=&P=8800 IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. VOTE:
|
||||
