|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [VOTES] 19 High Priority Candidates - Need 1 More Vote
All, Below is the first in a regular series of prioritized lists which will identify candidates that are (a) high priority and (b) are close to being ACCEPTed. The following active candidates have all been acknowledged by the software vendor. They need just 1 more ACCEPT vote. If you have a chance to vote on these, please send your votes to me. Thanks, - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the moderator to determine whether or not a candidate is added to CVE. Where there is disagreement, the moderator must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ================================= Candidate: CAN-2000-0024 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: MS:MS99-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability) IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. INFERRED ACTION: CAN-2000-0024 MOREVOTES-1 (1 accept, 1 ack, 1 review) Current Votes: MODIFY(1) Stracener REVIEWING(1) Armstrong Comments: Stracener> Add Ref: MSKB:Q246401 VOTE: ================================= Candidate: CAN-2000-0044 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS Reference: BID:919 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=919 Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. INFERRED ACTION: CAN-2000-0044 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> XF:warftp-macro-access-files VOTE: ================================= Candidate: CAN-2000-0050 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:915 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=915 Reference: ALLAIRE:ASB00-01 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. INFERRED ACTION: CAN-2000-0050 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> XF:allaire-webtop-access VOTE: ================================= Candidate: CAN-2000-0051 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:916 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=916 Reference: ALLAIRE:ASB00-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. INFERRED ACTION: CAN-2000-0051 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> XF:allaire-spectra-config-dos VOTE: ================================= Candidate: CAN-2000-0052 Published: Final-Decision: Interim-Decision: Modified: 20000204-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: L0PHT:20000104 PamSlam Reference: URL:http://www.l0pht.com/advisories/pam_advisory Reference: REDHAT:RHSA-2000:001-01 Reference: URL:http://www.redhat.com/support/errata/RHSA2000001-03.html Reference: XF:linux-pam-userhelper Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper Reference: BID:913 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=913 Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. Modifications: ADDREF XF:linux-pam-userhelper INFERRED ACTION: CAN-2000-0052 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> XF:linux-pam-userhelper VOTE: ================================= Candidate: CAN-2000-0057 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: ALLAIRE:ASB00-03 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full Reference: BID:917 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=917 Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. INFERRED ACTION: CAN-2000-0057 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> XF:coldfusion-cfcache VOTE: ================================= Candidate: CAN-2000-0062 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:922 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=922 Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. INFERRED ACTION: CAN-2000-0062 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> XF:zope-dtml VOTE: ================================= Candidate: CAN-2000-0070 Published: Final-Decision: Interim-Decision: Modified: 20000204-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4 Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html Reference: MS:MS00-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp Reference: MSKB:Q247869 Reference: XF:nt-spoofed-lpc-port Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." Modifications: ADDREF XF:nt-spoofed-lpc-port INFERRED ACTION: CAN-2000-0070 MOREVOTES-1 (1 accept, 3 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> ADDREF XF:nt-spoofed-lpc-port VOTE: ================================= Candidate: CAN-2000-0073 Published: Final-Decision: Interim-Decision: Modified: 20000204-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: MS:MS00-005 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-005.asp Reference: MSKB:Q249973 Reference: XF:win-malformed-rtf-control-word Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. Modifications: ADDREF XF:win-malformed-rtf-control-word INFERRED ACTION: CAN-2000-0073 MOREVOTES-1 (1 accept, 2 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> ADDREF XF:win-malformed-rtf-control-word VOTE: ================================= Candidate: CAN-2000-0083 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: HP:HPSBUX0001-109 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031 HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. INFERRED ACTION: CAN-2000-0083 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: MODIFY(1) Frech Comments: Frech> XF:hp-audio-security-perms VOTE: ================================= Candidate: CAN-2000-0091 Published: Final-Decision: Interim-Decision: Modified: 20000403-01 Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit Reference: BID:942 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=942 Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog Reference: MISC:http://www.inter7.com/vpopmail/ Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password. Modifications: ADDREF MISC:http://www.inter7.com/vpopmail/ChangeLog ADDREF MISC:http://www.inter7.com/vpopmail/ INFERRED ACTION: CAN-2000-0091 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(1) Wall VOTE: ================================= Candidate: CAN-2000-0095 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: HP:HPSBUX0001-110 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041 Reference: BID:944 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=944 The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier. INFERRED ACTION: CAN-2000-0095 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(1) Wall VOTE: ================================= Candidate: CAN-2000-0099 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000119 Unixware ppptalk Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94840959614790&w=2 Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument. INFERRED ACTION: CAN-2000-0099 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(1) Wall VOTE: ================================= Candidate: CAN-2000-0107 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: DEBIAN:20000201 Reference: URL:http://www.debian.org/security/2000/20000201 Reference: BID:958 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=958 Linux apcd program allows local attackers to modify arbitrary files via a symlink attack. INFERRED ACTION: CAN-2000-0107 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(1) Wall VOTE: ================================= Candidate: CAN-2000-0112 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: CF Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952030018431&w=2 Reference: BID:960 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=960 The default installation of Debian Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. INFERRED ACTION: CAN-2000-0112 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(1) Wall VOTE: ================================= Candidate: CAN-2000-0131 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2 Reference: BID:966 Reference: URL:http://www.securityfocus.com/bid/966 Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands. INFERRED ACTION: CAN-2000-0131 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(1) Wall VOTE: ================================= Candidate: CAN-2000-0159 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: HP:HPSBUX0002-111 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges. INFERRED ACTION: CAN-2000-0159 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(2) Wall, LeBlanc VOTE: ================================= Candidate: CAN-2000-0165 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000210 Re: application proxies? Reference: FREEBSD:FreeBSD-SA-00:04 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. INFERRED ACTION: CAN-2000-0165 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole NOOP(2) Wall, LeBlanc VOTE: ================================= Candidate: CAN-2000-0173 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: SCO:SB-00.08a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.08a Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote attackers to cause a denial of service. INFERRED ACTION: CAN-2000-0173 MOREVOTES-1 (1 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Blake NOOP(3) Wall, LeBlanc, Ozancin VOTE:
|
||||
