|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-11 - 19 candidates
The following cluster contains 19 candidates that were announced between February 3 and February 26, 2000. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0211 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS00-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-013.asp Reference: XF:win-media-dos Reference: BID:1000 Reference: URL:http://www.securityfocus.com/bid/1000 The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. ED_PRI CAN-2000-0211 1 VOTE: ================================= Candidate: CAN-2000-0215 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: SCO:SB-00.05 Reference: URL:ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.05a Reference: BID:1019 Reference: URL:http://www.securityfocus.com/bid/1019 Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. ED_PRI CAN-2000-0215 1 VOTE: ================================= Candidate: CAN-2000-0218 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: SUSE:20000210 util < 2.10f Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_39.txt Reference: CALDERA:CSSA-2000-002.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-002.0.txt Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. ED_PRI CAN-2000-0218 1 VOTE: ================================= Candidate: CAN-2000-0224 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: NAI:20000215 ARCserve symlink vulnerability Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/37_ARCserve.asp Reference: SCO:SSE063 Reference: URL:ftp://ftp.sco.com/SSE/sse063.ltr Reference: XF:sco-openserver-arc-symlink ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. ED_PRI CAN-2000-0224 1 VOTE: ================================= Candidate: CAN-2000-0170 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0348.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0078.html Reference: BID:1011 Reference: URL:http://www.securityfocus.com/bid/1011 Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. ED_PRI CAN-2000-0170 2 VOTE: ================================= Candidate: CAN-2000-0212 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPEELFCCAA.labs@ussrback.com Reference: BID:1001 Reference: URL:http://www.securityfocus.com/bid/1001 InterAccess TelnetID Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. ED_PRI CAN-2000-0212 2 VOTE: ================================= Candidate: CAN-2000-0182 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0276.html iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. ED_PRI CAN-2000-0182 3 VOTE: ================================= Candidate: CAN-2000-0194 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html Reference: BID:1007 Reference: URL:http://www.securityfocus.com/bid/1007 buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. ED_PRI CAN-2000-0194 3 VOTE: ================================= Candidate: CAN-2000-0195 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html Reference: BID:1008 Reference: URL:http://www.securityfocus.com/bid/1008 setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file. ED_PRI CAN-2000-0195 3 VOTE: ================================= Candidate: CAN-2000-0203 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 Re: TrendMicro OfficeScan tmlisten.exe DoS Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D@srvnt04.previnet.it Reference: BUGTRAQ:20000315 Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com Reference: MISC:http://www.antivirus.com/download/ofce_patch_35.htm Reference: BID:1013 Reference: URL:http://www.securityfocus.com/bid/1013 The Trend Micro OfficeScan client tmlisten.exe allows remote attackers to cause a denial of service via malformed data to port 12345. ED_PRI CAN-2000-0203 3 VOTE: ================================= Candidate: CAN-2000-0204 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000226 DOS in Trendmicro OfficeScan Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html Reference: BUGTRAQ:20000315 Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com Reference: MISC:http://www.antivirus.com/download/ofce_patch_35.htm Reference: BID:1013 Reference: URL:http://www.securityfocus.com/bid/1013 The Trend Micro OfficeScan client allows remote attackers to cause a denial of service by making 5 connections to port 12345, which raises CPU utilization to 100%. ED_PRI CAN-2000-0204 3 VOTE: ================================= Candidate: CAN-2000-0210 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0267.html Reference: BID:998 Reference: URL:http://www.securityfocus.com/bid/998 The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. ED_PRI CAN-2000-0210 3 VOTE: ================================= Candidate: CAN-2000-0213 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000223 Sambar Server alert! Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3@cybcom.net Reference: CONFIRM:http://www.sambar.com/session/highlight?url=/syshelp/history.htm&words=security+&color=red Reference: XF:sambar-batfiles Reference: BID:1002 Reference: URL:http://www.securityfocus.com/bid/1002 The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the CGI directory, which allow remote attackers to execute commands via shell metacharacters. ED_PRI CAN-2000-0213 3 VOTE: ================================= Candidate: CAN-2000-0214 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000224 How the password could be recover using FTP Explorer's registry! Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10002242035500.30645-100000@unreal.sekure.org Reference: BID:1003 Reference: URL:http://www.securityfocus.com/bid/1003 FTP Explorer uses weak encryption for storing the username, password, and profile of FTP sites. ED_PRI CAN-2000-0214 3 VOTE: ================================= Candidate: CAN-2000-0217 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 SSH & xauth Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0317.html Reference: BID:1006 Reference: URL:http://www.securityfocus.com/bid/1006 The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. ED_PRI CAN-2000-0217 3 VOTE: ================================= Candidate: CAN-2000-0219 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000223 redhat 6.0: single user boot security hole Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200002230248.NAA19185@cairo.anu.edu.au Reference: BID:1005 Reference: URL:http://www.securityfocus.com/bid/1005 Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. ED_PRI CAN-2000-0219 3 VOTE: ================================= Candidate: CAN-2000-0220 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000225 Zonealarm exports sensitive data ZoneAlarm sends sensitive system and network information in cleartext to the Zone Labs server if a user requests more information about an event. ED_PRI CAN-2000-0220 3 VOTE: ================================= Candidate: CAN-2000-0221 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000225 Scorpion Marlin Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0324.html Reference: BID:1009 Reference: URL:http://www.securityfocus.com/bid/1009 The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. ED_PRI CAN-2000-0221 3 VOTE: ================================= Candidate: CAN-2000-0222 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr Reference: BID:990 Reference: URL:http://www.securityfocus.com/bid/990 The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. ED_PRI CAN-2000-0222 3 VOTE:
|
||||
