|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 23 candidates from RECENT clusters (Final 4/7)
I have made an Interim Decision to ACCEPT the following 23 candidates from the RECENT-11, RECENT-12, and RECENT-13 clusters. There are still 35 candidates from these clusters that need more votes or are being held back by content decisions. I will make a Final Decision on these candidates on Friday, April 7. The candidates come from the following clusters: 12 RECENT-11 9 RECENT-12 2 RECENT-13 Voters: Wall ACCEPT(6) NOOP(17) LeBlanc ACCEPT(5) NOOP(18) Ozancin ACCEPT(17) MODIFY(1) NOOP(5) Cole ACCEPT(15) NOOP(6) Armstrong ACCEPT(12) Blake ACCEPT(19) NOOP(4) - Steve ================================= Candidate: CAN-2000-0170 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0348.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0078.html Reference: BID:1011 Reference: URL:http://www.securityfocus.com/bid/1011 Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. INFERRED ACTION: CAN-2000-0170 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Blake, Cole, Armstrong, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0172 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000303 Potential security problem with mtr Reference: DEBIAN:20000309 mtr Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0032.html Reference: FREEBSD:FreeBSD-SA-00:09 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2131 Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0072.html Reference: BID:1038 Reference: URL:http://www.securityfocus.com/bid/1038 The mtr program does not properly drop privileges, which could allow local users to gain privileges. INFERRED ACTION: CAN-2000-0172 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Blake MODIFY(1) Ozancin NOOP(3) Wall, Cole, LeBlanc Comments: Ozancin> Description does not give enough information ================================= Candidate: CAN-2000-0178 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability Reference: MISC:http://www.foundrynet.com/bugTraq.html Reference: BID:1017 Reference: URL:http://www.securityfocus.com/bid/1017 ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. INFERRED ACTION: CAN-2000-0178 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Blake, Ozancin NOOP(3) Wall, Cole, LeBlanc ================================= Candidate: CAN-2000-0182 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0276.html iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. INFERRED ACTION: CAN-2000-0182 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Ozancin NOOP(3) Wall, Blake, LeBlanc ================================= Candidate: CAN-2000-0186 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0375.html Reference: TURBO:TLSA200007-1 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2130 Reference: BID:1020 Reference: URL:http://www.securityfocus.com/bid/1020 Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. INFERRED ACTION: CAN-2000-0186 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Ozancin NOOP(3) Wall, Blake, LeBlanc ================================= Candidate: CAN-2000-0189 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0178.html Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0033.html Reference: BID:1021 Reference: URL:http://www.securityfocus.com/bid/1021 ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. INFERRED ACTION: CAN-2000-0189 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Blake, Cole, Ozancin NOOP(1) LeBlanc ================================= Candidate: CAN-2000-0194 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html Reference: BID:1007 Reference: URL:http://www.securityfocus.com/bid/1007 buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. INFERRED ACTION: CAN-2000-0194 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Ozancin NOOP(3) Wall, Blake, LeBlanc ================================= Candidate: CAN-2000-0196 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: DEBIAN:20000228 remote exploit in nmh Reference: URL:http://www.debian.org/security/2000/20000229 Reference: URL: Reference: BID:1018 Reference: URL:http://www.securityfocus.com/bid/1018 Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. INFERRED ACTION: CAN-2000-0196 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0200 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS00-015 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-015.asp Reference: BID:1034 Reference: URL:http://www.securityfocus.com/bid/1034 Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability. INFERRED ACTION: CAN-2000-0200 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Blake, LeBlanc, Ozancin ================================= Candidate: CAN-2000-0201 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0408.html Reference: BID:1033 Reference: URL:http://www.securityfocus.com/bid/1033 The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. INFERRED ACTION: CAN-2000-0201 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Wall, Blake, Cole, LeBlanc NOOP(1) Ozancin ================================= Candidate: CAN-2000-0202 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: MS:MS00-014 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-014.asp Reference: BID:1041 Reference: URL:http://www.securityfocus.com/bid/1041 Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. INFERRED ACTION: CAN-2000-0202 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Blake, LeBlanc, Ozancin ================================= Candidate: CAN-2000-0207 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10003021059360.21162-100000@inetarena.com Reference: BID:1031 Reference: URL:http://www.securityfocus.com/bid/1031 SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. INFERRED ACTION: CAN-2000-0207 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0208 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 ht://Dig remote information exposure Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10002281422420.30728-100000@wso.williams.edu Reference: FREEBSD:FreeBSD-SA-00:06 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2107 Reference: DEBIAN:20000226 remote users can read files with webserver uid Reference: URL:http://www.debian.org/security/2000/20000227 Reference: TURBO:TLSA200005-1 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2113 Reference: BID:1026 Reference: URL:http://www.securityfocus.com/bid/1026 The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. INFERRED ACTION: CAN-2000-0208 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0209 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0002271629490.15796-100000@dione.ids.pl Reference: FREEBSD:FreeBSD-SA-00:08 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2127 Reference: BID:1012 Reference: URL:http://www.securityfocus.com/bid/1012 Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. INFERRED ACTION: CAN-2000-0209 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0210 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0267.html Reference: BID:998 Reference: URL:http://www.securityfocus.com/bid/998 The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. INFERRED ACTION: CAN-2000-0210 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Armstrong, Ozancin NOOP(3) Wall, LeBlanc, Cole ================================= Candidate: CAN-2000-0211 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS00-013 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-013.asp Reference: XF:win-media-dos Reference: BID:1000 Reference: URL:http://www.securityfocus.com/bid/1000 The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. INFERRED ACTION: CAN-2000-0211 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Blake, LeBlanc, Cole, Armstrong NOOP(1) Ozancin ================================= Candidate: CAN-2000-0212 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPEELFCCAA.labs@ussrback.com Reference: BID:1001 Reference: URL:http://www.securityfocus.com/bid/1001 InterAccess TelnetID Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. INFERRED ACTION: CAN-2000-0212 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Armstrong NOOP(4) Wall, Blake, LeBlanc, Ozancin ================================= Candidate: CAN-2000-0215 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: SCO:SB-00.05 Reference: URL:ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.05a Reference: BID:1019 Reference: URL:http://www.securityfocus.com/bid/1019 Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. INFERRED ACTION: CAN-2000-0215 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Blake, Armstrong NOOP(4) Wall, LeBlanc, Cole, Ozancin ================================= Candidate: CAN-2000-0217 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 SSH & xauth Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0317.html Reference: BID:1006 Reference: URL:http://www.securityfocus.com/bid/1006 The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. INFERRED ACTION: CAN-2000-0217 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Blake, Cole, Armstrong, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0218 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: SUSE:20000210 util < 2.10f Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_39.txt Reference: CALDERA:CSSA-2000-002.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-002.0.txt Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. INFERRED ACTION: CAN-2000-0218 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Blake, Cole, Armstrong, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0221 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000225 Scorpion Marlin Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0324.html Reference: BID:1009 Reference: URL:http://www.securityfocus.com/bid/1009 The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. INFERRED ACTION: CAN-2000-0221 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Armstrong, Ozancin NOOP(3) Wall, LeBlanc, Cole ================================= Candidate: CAN-2000-0222 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr Reference: BID:990 Reference: URL:http://www.securityfocus.com/bid/990 The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. INFERRED ACTION: CAN-2000-0222 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(6) Wall, Blake, LeBlanc, Cole, Armstrong, Ozancin ================================= Candidate: CAN-2000-0224 Published: Final-Decision: Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: NAI:20000215 ARCserve symlink vulnerability Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/37_ARCserve.asp Reference: SCO:SSE063 Reference: URL:ftp://ftp.sco.com/SSE/sse063.ltr Reference: XF:sco-openserver-arc-symlink ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. INFERRED ACTION: CAN-2000-0224 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Blake, Armstrong NOOP(4) Wall, LeBlanc, Cole, Ozancin
|
||||
