|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 23 candidates from various clusters
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-2000-0170 CVE-2000-0170 CAN-2000-0172 CVE-2000-0172 CAN-2000-0178 CVE-2000-0178 CAN-2000-0182 CVE-2000-0182 CAN-2000-0186 CVE-2000-0186 CAN-2000-0189 CVE-2000-0189 CAN-2000-0194 CVE-2000-0194 CAN-2000-0196 CVE-2000-0196 CAN-2000-0200 CVE-2000-0200 CAN-2000-0201 CVE-2000-0201 CAN-2000-0202 CVE-2000-0202 CAN-2000-0207 CVE-2000-0207 CAN-2000-0208 CVE-2000-0208 CAN-2000-0209 CVE-2000-0209 CAN-2000-0210 CVE-2000-0210 CAN-2000-0211 CVE-2000-0211 CAN-2000-0212 CVE-2000-0212 CAN-2000-0215 CVE-2000-0215 CAN-2000-0217 CVE-2000-0217 CAN-2000-0218 CVE-2000-0218 CAN-2000-0221 CVE-2000-0221 CAN-2000-0222 CVE-2000-0222 CAN-2000-0224 CVE-2000-0224 ================================= Candidate: CAN-2000-0170 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes) Reference: BID:1011 Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable. INFERRED ACTION: CAN-2000-0170 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Blake, Cole, Armstrong, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0172 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: 20000410-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000303 Potential security problem with mtr Reference: DEBIAN:20000309 mtr Reference: FREEBSD:FreeBSD-SA-00:09 Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd) Reference: BID:1038 The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. Modifications: Add details to description INFERRED ACTION: CAN-2000-0172 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Blake MODIFY(1) Ozancin NOOP(3) Wall, Cole, LeBlanc Comments: Ozancin> Description does not give enough information ================================= Candidate: CAN-2000-0178 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability Reference: MISC:http://www.foundrynet.com/bugTraq.html Reference: BID:1017 ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions. INFERRED ACTION: CAN-2000-0178 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Blake, Ozancin NOOP(3) Wall, Cole, LeBlanc ================================= Candidate: CAN-2000-0182 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1 iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic. INFERRED ACTION: CAN-2000-0182 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Ozancin NOOP(3) Wall, Blake, LeBlanc ================================= Candidate: CAN-2000-0186 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow Reference: TURBO:TLSA200007-1 Reference: BID:1020 Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. INFERRED ACTION: CAN-2000-0186 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Ozancin NOOP(3) Wall, Blake, LeBlanc ================================= Candidate: CAN-2000-0189 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path Reference: BID:1021 ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files. INFERRED ACTION: CAN-2000-0189 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Blake, Cole, Ozancin NOOP(1) LeBlanc ================================= Candidate: CAN-2000-0194 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: BID:1007 buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters. INFERRED ACTION: CAN-2000-0194 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Ozancin NOOP(3) Wall, Blake, LeBlanc ================================= Candidate: CAN-2000-0196 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: DEBIAN:20000228 remote exploit in nmh Reference: BID:1018 Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message. INFERRED ACTION: CAN-2000-0196 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0200 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS00-015 Reference: BID:1034 Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability. INFERRED ACTION: CAN-2000-0200 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Blake, LeBlanc, Ozancin, Cole ================================= Candidate: CAN-2000-0201 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files Reference: BID:1033 The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking. INFERRED ACTION: CAN-2000-0201 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Wall, Blake, Cole, LeBlanc NOOP(1) Ozancin ================================= Candidate: CAN-2000-0202 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: MS:MS00-014 Reference: BID:1041 Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query. INFERRED ACTION: CAN-2000-0202 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Blake, LeBlanc, Ozancin, Cole ================================= Candidate: CAN-2000-0207 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5) Reference: BID:1031 SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters. INFERRED ACTION: CAN-2000-0207 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0208 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000228 ht://Dig remote information exposure Reference: FREEBSD:FreeBSD-SA-00:06 Reference: DEBIAN:20000226 remote users can read files with webserver uid Reference: TURBO:TLSA200005-1 Reference: BID:1026 The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch. INFERRED ACTION: CAN-2000-0208 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0209 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;) Reference: FREEBSD:FreeBSD-SA-00:08 Reference: BID:1012 Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page. INFERRED ACTION: CAN-2000-0209 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0210 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name... Reference: BID:998 The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files. INFERRED ACTION: CAN-2000-0210 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Armstrong, Ozancin NOOP(3) Wall, LeBlanc, Cole ================================= Candidate: CAN-2000-0211 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: MS:MS00-013 Reference: XF:win-media-dos Reference: BID:1000 The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability. INFERRED ACTION: CAN-2000-0211 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Wall, Blake, LeBlanc, Cole, Armstrong NOOP(1) Ozancin ================================= Candidate: CAN-2000-0212 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability Reference: BID:1001 InterAccess TelnetID Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information. INFERRED ACTION: CAN-2000-0212 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Armstrong NOOP(4) Wall, Blake, LeBlanc, Ozancin ================================= Candidate: CAN-2000-0215 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: SCO:SB-00.05 Reference: BID:1019 Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges. INFERRED ACTION: CAN-2000-0215 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Blake, Armstrong NOOP(4) Wall, LeBlanc, Cole, Ozancin ================================= Candidate: CAN-2000-0217 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000224 SSH & xauth Reference: BID:1006 The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program. INFERRED ACTION: CAN-2000-0217 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Blake, Cole, Armstrong, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0218 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: SUSE:20000210 util < 2.10f Reference: CALDERA:CSSA-2000-002.0 Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname. INFERRED ACTION: CAN-2000-0218 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Blake, Cole, Armstrong, Ozancin NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0221 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000225 Scorpion Marlin Reference: BID:1009 The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port. INFERRED ACTION: CAN-2000-0221 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Armstrong, Ozancin NOOP(3) Wall, LeBlanc, Cole ================================= Candidate: CAN-2000-0222 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr Reference: BID:990 The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs. INFERRED ACTION: CAN-2000-0222 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(6) Wall, Blake, LeBlanc, Cole, Armstrong, Ozancin ================================= Candidate: CAN-2000-0224 Published: Final-Decision: 20000410 Interim-Decision: 20000404 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: NAI:20000215 ARCserve symlink vulnerability Reference: SCO:SSE063 Reference: XF:sco-openserver-arc-symlink ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack. INFERRED ACTION: CAN-2000-0224 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Blake, Armstrong NOOP(4) Wall, LeBlanc, Cole, Ozancin
|
||||
