|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-12 - 20 candidates
The following cluster contains 20 candidates that were announced between February 27 and March 3, 2000. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0172 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000303 Potential security problem with mtr Reference: DEBIAN:20000309 mtr Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0032.html Reference: FREEBSD:FreeBSD-SA-00:09 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2131 Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0072.html Reference: BID:1038 Reference: URL:http://www.securityfocus.com/bid/1038 The mtr program does not properly drop privileges, which could allow local users to gain privileges. ED_PRI CAN-2000-0172 1 VOTE: ================================= Candidate: CAN-2000-0196 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: DEBIAN:20000228 remote exploit in nmh Reference: URL:http://www.debian.org/security/2000/20000229 Reference: URL: Reference: BID:1018 Reference: URL:http://www.securityfocus.com/bid/1018 Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. ED_PRI CAN-2000-0196 1 VOTE: ================================= Candidate: CAN-2000-0208 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 ht://Dig remote information exposure Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10002281422420.30728-100000@wso.williams.edu Reference: FREEBSD:FreeBSD-SA-00:06 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2107 Reference: DEBIAN:20000226 remote users can read files with webserver uid Reference: URL:http://www.debian.org/security/2000/20000227 Reference: TURBO:TLSA200005-1 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2113 Reference: BID:1026 Reference: URL:http://www.securityfocus.com/bid/1026 The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. ED_PRI CAN-2000-0208 1 VOTE: ================================= Candidate: CAN-2000-0209 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0002271629490.15796-100000@dione.ids.pl Reference: FREEBSD:FreeBSD-SA-00:08 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2127 Reference: BID:1012 Reference: URL:http://www.securityfocus.com/bid/1012 Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. ED_PRI CAN-2000-0209 1 VOTE: ================================= Candidate: CAN-2000-0178 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability Reference: MISC:http://www.foundrynet.com/bugTraq.html Reference: BID:1017 Reference: URL:http://www.securityfocus.com/bid/1017 ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. ED_PRI CAN-2000-0178 2 VOTE: ================================= Candidate: CAN-2000-0186 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0375.html Reference: TURBO:TLSA200007-1 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2130 Reference: BID:1020 Reference: URL:http://www.securityfocus.com/bid/1020 Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. ED_PRI CAN-2000-0186 2 VOTE: ================================= Candidate: CAN-2000-0189 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0178.html Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0033.html Reference: BID:1021 Reference: URL:http://www.securityfocus.com/bid/1021 ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. ED_PRI CAN-2000-0189 2 VOTE: ================================= Candidate: CAN-2000-0191 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se Reference: BID:1025 Reference: URL:http://www.securityfocus.com/bid/1025 Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. ED_PRI CAN-2000-0191 2 VOTE: ================================= Candidate: CAN-2000-0176 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 Serv-U FTP-Server v2.4a showing real path Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0417.html Reference: SecurityFocus, February 20, 2000 Reference: BID:1016 Reference: URL:http://www.securityfocus.com/bid/1016 The default configuration of Serv-U 2.5d and earlier allows remote attackers to determine the real pathname of the server by requesting a URL for a directory or file that does not exist. ED_PRI CAN-2000-0176 3 VOTE: ================================= Candidate: CAN-2000-0177 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000302 DNSTools v1.08 has no input validation Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0000.html Reference: BID:1028 Reference: URL:http://www.securityfocus.com/bid/1028 DNSTools CGI applications allow remote attackers to execute arbitrary commands via shell metacharacters. ED_PRI CAN-2000-0177 3 VOTE: ================================= Candidate: CAN-2000-0179 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 HP Omniback remote DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html Reference: BID:1015 Reference: URL:http://www.securityfocus.com/bid/1015 HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. ED_PRI CAN-2000-0179 3 VOTE: ================================= Candidate: CAN-2000-0187 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000227 EZ Shopper 3.0 shopping cart CGI remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0356.html Reference: BID:1014 Reference: URL:http://www.securityfocus.com/bid/1014 EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. ED_PRI CAN-2000-0187 3 VOTE: ================================= Candidate: CAN-2000-0188 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000227 EZ Shopper 3.0 shopping cart CGI remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0356.html Reference: BID:1014 Reference: URL:http://www.securityfocus.com/bid/1014 EZShopper 3.0 search.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters. ED_PRI CAN-2000-0188 3 VOTE: ================================= Candidate: CAN-2000-0190 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000303 Aol Instant Messenger DoS vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0016.html AOL Instant Messenger (AIM) client allows remote attackers to cause a denial of service via a message with a malformed ASCII value. ED_PRI CAN-2000-0190 3 VOTE: ================================= Candidate: CAN-2000-0193 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au Reference: BID:1030 Reference: URL:http://www.securityfocus.com/bid/1030 The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges. ED_PRI CAN-2000-0193 3 VOTE: ================================= Candidate: CAN-2000-0201 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0408.html Reference: BID:1033 Reference: URL:http://www.securityfocus.com/bid/1033 The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. ED_PRI CAN-2000-0201 3 VOTE: ================================= Candidate: CAN-2000-0205 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000303 TrendMicro OfficeScan, numerous security holes, remote files modification. Reference: http://archives.neohapsis.com/archives/bugtraq/2000-03/0015.html Reference: BUGTRAQ:20000315 Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com Reference: MISC:http://www.antivirus.com/download/ofce_patch_35.htm Reference: BID:1013 Reference: URL:http://www.securityfocus.com/bid/1013 Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients. ED_PRI CAN-2000-0205 3 VOTE: ================================= Candidate: CAN-2000-0207 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10003021059360.21162-100000@inetarena.com Reference: BID:1031 Reference: URL:http://www.securityfocus.com/bid/1031 SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. ED_PRI CAN-2000-0207 3 VOTE: ================================= Candidate: CAN-2000-0216 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: NTBUGTRAQ:20000229 mailbombing DoS easily exploitable against mail systems using MS mail clients. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0176.html Microsoft email clients in Outlook, Exchange, and Windows Messaging automatically respond to Read Receipt and Delivery Receipt tags, which could allow an attacker to flood a mail system with responses by forging a Read Receipt request that is redirected to a large distribution list. ED_PRI CAN-2000-0216 3 VOTE: ================================= Candidate: CAN-2000-0225 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER Reference: BID:1032 Reference: URL:http://www.securityfocus.com/bid/1032 The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled. ED_PRI CAN-2000-0225 3 VOTE:
|
||||
