|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 34 candidates from various clusters (Final 4/24)
I have made an Interim Decision to ACCEPT the following 34 candidates from various clusters. I will make a Final Decision on Monday, April 24, 2000. The candidates come from the following clusters: 1 RESTLOW 1 RECENT-01 1 WEB 2 MISC-01 4 UNIX-UNCONF 2 NET-01 4 RECENT-03 8 RECENT-04 1 RECENT-05 2 RECENT-06 1 RECENT-08 1 RECENT-10 6 RECENT-13 Voters: Wall ACCEPT(2) NOOP(10) LeBlanc NOOP(17) Ozancin ACCEPT(12) NOOP(5) Cole ACCEPT(18) NOOP(2) Meunier ACCEPT(1) Stracener ACCEPT(21) MODIFY(1) Frech MODIFY(28) Hill ACCEPT(1) Northcutt ACCEPT(1) Christey NOOP(11) Armstrong ACCEPT(9) Balinsky ACCEPT(1) Prosser ACCEPT(6) Blake ACCEPT(12) NOOP(1) ================================= Candidate: CAN-1999-0203 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-02 Proposed: 19990630 Assigned: 19990607 Category: SF Reference: CERT:CA-95.08 Reference: CIAC:E-03 Reference: XF:smtp-sendmail-version5 In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program. Modifications: ADDREF CERT:CA-95.08 ADDREF CIAC:E-03 ADDREF XF:smtp-sendmail-version5 INFERRED ACTION: CAN-1999-0203 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Hill, Blake, Balinsky, Ozancin, Northcutt MODIFY(1) Frech NOOP(1) Christey Comments: Christey> Description needs to be more specific to distinguish between Christey> this and CAN-1999-0163, as alluded to by Adam Shostack Frech> XF:smtp-sendmail-version5 ================================= Candidate: CAN-1999-0780 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457 Reference: XF:kde-klock-process-kill KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file. Modifications: ADDREF XF:kde-klock-process-kill INFERRED ACTION: CAN-1999-0780 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(2) Christey, LeBlanc Comments: Frech> XF:kde-klock-process-kill Christey> This candidate is unconfirmed by the vendor. ================================= Candidate: CAN-1999-0781 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457 Reference: XF:kde-klock-bindir-trojans KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. Modifications: ADDREF XF:kde-klock-bindir-trojans INFERRED ACTION: CAN-1999-0781 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(2) Christey, LeBlanc Comments: Frech> XF:kde-klock-bindir-trojans Christey> This candidate is unconfirmed by the vendor. ================================= Candidate: CAN-1999-0782 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise) Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457 Reference: XF:kde-kppp-directory-create KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable. Modifications: ADDREF XF:kde-kppp-directory-create INFERRED ACTION: CAN-1999-0782 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(2) Christey, LeBlanc Comments: Frech> kde-kppp-directory-create Christey> This candidate is unconfirmed by the vendor. ================================= Candidate: CAN-1999-0803 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2 Reference: XF:ibm-enfirewall-tmpfiles The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack. Modifications: CHANGEREF BUGTRAQ [add date] ADDREF XF:ibm-enfirewall-tmpfiles INFERRED ACTION: CAN-1999-0803 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech NOOP(2) Christey, LeBlanc Comments: Frech> XF:ibm-efirewall-tmpfiles Frech> BUGTRAQ: add 19990525 Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Poster claims that APAR (IR39562) was created. ================================= Candidate: CAN-1999-0824 Published: Final-Decision: Interim-Decision: 20000418 Modified: Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BID:833 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=833 Reference: NTBUGTRAQ:19991130 SUBST problem Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd) A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users. INFERRED ACTION: CAN-1999-0824 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Prosser, Armstrong MODIFY(1) Frech NOOP(1) Cole Comments: Frech> XF:nt-subst ================================= Candidate: CAN-1999-0889 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990810 Cisco 675 password nonsense Reference: XF:cisco-cbos-telnet Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set. Modifications: ADDREF XF:cisco-cbos-telnet INFERRED ACTION: CAN-1999-0889 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech Comments: Frech> XF:cisco-cbos-telnet ================================= Candidate: CAN-1999-0895 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net Reference: BID:725 Reference: XF:checkpoint-ldap-auth Firewall-1 does not properly restrict access to LDAP attributes. Modifications: ADDREF BID:725 ADDREF XF:checkpoint-ldap-auth INFERRED ACTION: CAN-1999-0895 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(2) Christey, LeBlanc Comments: Christey> This candidate is unconfirmed by the vendor. Frech> XF:checkpoint-ldap-auth ================================= Candidate: CAN-1999-0897 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-02 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2 Reference: XF:ichat-file-read-vuln iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:ichat-file-read-vuln CHANGEREF BUGTRAQ [correct date] INFERRED ACTION: CAN-1999-0897 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Stracener MODIFY(1) Frech NOOP(3) Cole, Christey, LeBlanc Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Two Bugtraq followups claim the problem has been fixed. Frech> XF:ichat-file-read-vuln Frech> BUGTRAQ: reference date may be wrong. verify that it is not 199_8_0908. ================================= Candidate: CAN-1999-0950 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability Reference: BID:747 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=747 Reference: XF:wftpd-mkd-bo Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories. Modifications: ADDREF XF:wftpd-mkd-bo INFERRED ACTION: CAN-1999-0950 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:wftpd-mkd-bo ================================= Candidate: CAN-1999-0957 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3 Reference: XF:majorcool-file-overwrite-vuln MajorCool mj_key_cache program allows local users to modify files via a symlink attack. Modifications: ADDREF XF:majorcool-file-overwrite-vuln INFERRED ACTION: CAN-1999-0957 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Meunier MODIFY(1) Frech Comments: Frech> XF:majorcool-file-overwrite-vuln ================================= Candidate: CAN-1999-0997 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 19991222 Assigned: 19991221 Category: CF Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) Reference: XF:wuftp-ftp-conversion wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress. Modifications: ADDREF XF:wuftp-ftp-conversion INFERRED ACTION: CAN-1999-0997 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Stracener MODIFY(1) Frech NOOP(2) Christey, LeBlanc Comments: Frech> XF:wuftp-ftp-conversion Christey> This candidate is unconfirmed by the vendor. Christey> XF:wuftp-ftp-conversion does not exist. Christey> Christey> Posted by suid@suid.kg. See http://www.suid.edu/advisories/001.txt Christey> for details. ================================= Candidate: CAN-1999-1005 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991219 Groupewise Web Interface Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2 Reference: XF:groupwise-web-read-files Reference: BID:879 Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter. Modifications: ADDREF XF:groupwise-web-read-files ADDREF BID:879 INFERRED ACTION: CAN-1999-1005 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(3) Wall, Christey, LeBlanc Comments: Frech> XF:groupwise-web-read-files Christey> This candidate is unconfirmed by the vendor. Christey> XF:groupwise-web-read-files does not exist. Christey> Christey> Multiple Bugtraq followups indicate the problem may be more Christey> severe than the current CVE description indicates. ================================= Candidate: CAN-1999-1007 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2 Reference: XF:vdolive-bo-execute Reference: BID:872 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=872 Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file. Modifications: ADDREF XF:vdolive-bo-execute INFERRED ACTION: CAN-1999-1007 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Stracener MODIFY(1) Frech NOOP(2) Christey, LeBlanc Comments: Frech> XF:vdolive-bo-execute Christey> This candidate is unconfirmed by the vendor. Christey> XF:vdolive-bo-execute does not exist. Christey> Christey> Posted by UNYUN of Shadow Penguin Security. ================================= Candidate: CAN-1999-1010 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2 Reference: XF:ssh-policy-bypass An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy. Modifications: ADDREF XF:ssh-policy-bypass INFERRED ACTION: CAN-1999-1010 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(3) Wall, Christey, LeBlanc Comments: Frech> XF:ssh-policy-bypass Christey> This candidate is unconfirmed by the vendor. ================================= Candidate: CAN-2000-0010 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991226 WebWho+ ADVISORY Reference: XF:http-cgi-webwhoplus WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter. Modifications: ADDREF XF:http-cgi-webwhoplus INFERRED ACTION: CAN-2000-0010 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> http-cgi-webwhoplus ================================= Candidate: CAN-2000-0012 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL Reference: BID:898 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=898 Reference: XF:w3-msql-scanf-bo Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands. Modifications: ADDREF XF:w3-msql-scanf-bo INFERRED ACTION: CAN-2000-0012 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:w3-msql-scanf-bo ================================= Candidate: CAN-2000-0014 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K Reference: BID:897 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=897 Reference: XF:savant-server-null-dos Denial of service in Savant web server via a null character in the requested URL. Modifications: ADDREF XF:savant-server-null-dos INFERRED ACTION: CAN-2000-0014 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:savant-server-null-dos ================================= Candidate: CAN-2000-0020 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability Reference: XF:dnspro-flood-dos DNS PRO allows remote attackers to conduct a denial of service via a large number of connections. Modifications: ADDREF XF:dnspro-flood-dos INFERRED ACTION: CAN-2000-0020 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:dnspro-flood-dos ================================= Candidate: CAN-2000-0024 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: MS:MS99-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability) Reference: XF:iis-badescapes Reference: MSKB:Q246401 IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability. Modifications: ADDREF XF:iis-badescapes ADDREF MSKB:Q246401 INFERRED ACTION: CAN-2000-0024 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Ozancin, Armstrong, Cole MODIFY(2) Stracener, Frech Comments: Stracener> Add Ref: MSKB:Q246401 Ozancin> with Stracenr's addition Frech> XF:iis-badescapes ================================= Candidate: CAN-2000-0033 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug Reference: BID:899 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=899 Reference: XF:interscan-viruswall-bypass InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments. Modifications: ADDREF XF:interscan-viruswall-bypass INFERRED ACTION: CAN-2000-0033 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:interscan-viruswall-bypass ================================= Candidate: CAN-2000-0042 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A Reference: XF:csm-server-bo Reference: BID:895 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=895 Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command. Modifications: ADDREF XF:csm-server-bo INFERRED ACTION: CAN-2000-0042 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:csm-server-bo ================================= Candidate: CAN-2000-0043 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT Reference: BID:905 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=905 Reference: XF:camshot-http-get-overflow Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request. Modifications: ADDREF XF:camshot-http-get-overflow INFERRED ACTION: CAN-2000-0043 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:camshot-http-get-overflow ================================= Candidate: CAN-2000-0050 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: ALLAIRE:ASB00-01 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full Reference: XF:allaire-webtop-access Reference: BID:915 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=915 The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. Modifications: ADDREF XF:allaire-webtop-access INFERRED ACTION: CAN-2000-0050 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Blake, Prosser, Cole MODIFY(1) Frech NOOP(1) Ozancin Comments: Frech> XF:allaire-webtop-access ================================= Candidate: CAN-2000-0051 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: ALLAIRE:ASB00-02 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full Reference: BID:916 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=916 Reference: XF:allaire-spectra-config-dos The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. Modifications: ADDREF XF:allaire-spectra-config-dos INFERRED ACTION: CAN-2000-0051 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Blake, Prosser, Cole MODIFY(1) Frech NOOP(1) Ozancin Comments: Frech> XF:allaire-spectra-config-dos ================================= Candidate: CAN-2000-0070 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-02 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4 Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html Reference: MS:MS00-003 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp Reference: MSKB:Q247869 Reference: XF:nt-spoofed-lpc-port Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port Reference: BID:934 NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." Modifications: ADDREF XF:nt-spoofed-lpc-port ADDREF BID:934 INFERRED ACTION: CAN-2000-0070 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Blake, Prosser, Cole MODIFY(1) Frech NOOP(1) Ozancin Comments: Frech> ADDREF XF:nt-spoofed-lpc-port ================================= Candidate: CAN-2000-0112 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000208 Assigned: 20000208 Category: CF Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952030018431&w=2 Reference: BID:960 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=960 Reference: XF:debian-mbr-bypass-security The default installation of Debian Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation. Modifications: ADDREF XF:debian-mbr-bypass-security INFERRED ACTION: CAN-2000-0112 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Prosser MODIFY(1) Frech NOOP(3) Wall, Ozancin, Blake Comments: Prosser> Add BID 934 Frech> XF:debian-mbr-bypass-security ================================= Candidate: CAN-2000-0165 Published: Final-Decision: Interim-Decision: 20000418 Modified: 20000418-01 Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000210 Re: application proxies? Reference: FREEBSD:FreeBSD-SA-00:04 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net Reference: CIAC:K-023 Reference: XF:delegate-proxy-bo The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands. Modifications: ADDREF CIAC:K-023 ADDREF XF:delegate-proxy-bo INFERRED ACTION: CAN-2000-0165 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Cole, Blake, Prosser MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Comments: Frech> XF:delegate-proxy-bo Frech> Also consider Reference:CIAC:K-023 ================================= Candidate: CAN-2000-0181 Published: Final-Decision: Interim-Decision: 20000418 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000311 Our old friend Firewall-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html Reference: BID:1054 Reference: URL:http://www.securityfocus.com/bid/1054 Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection. INFERRED ACTION: CAN-2000-0181 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Ozancin, Cole NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0184 Published: Final-Decision: Interim-Decision: 20000418 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000309 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html Reference: BID:1037 Reference: URL:http://www.securityfocus.com/bid/1037 Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. INFERRED ACTION: CAN-2000-0184 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Ozancin, Cole NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0185 Published: Final-Decision: Interim-Decision: 20000418 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html Reference: BID:1049 Reference: URL:http://www.securityfocus.com/bid/1049 RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private. INFERRED ACTION: CAN-2000-0185 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Ozancin, Cole NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0192 Published: Final-Decision: Interim-Decision: 20000418 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html Reference: BID:1036 Reference: URL:http://www.securityfocus.com/bid/1036 The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system. INFERRED ACTION: CAN-2000-0192 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Ozancin, Cole NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0206 Published: Final-Decision: Interim-Decision: 20000418 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000305 Oracle installer problem Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html Reference: BID:1035 Reference: URL:http://www.securityfocus.com/bid/1035 The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges. INFERRED ACTION: CAN-2000-0206 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Ozancin, Cole NOOP(2) Wall, LeBlanc ================================= Candidate: CAN-2000-0223 Published: Final-Decision: Interim-Decision: 20000418 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html Reference: BID:1047 Reference: URL:http://www.securityfocus.com/bid/1047 Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter. INFERRED ACTION: CAN-2000-0223 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Ozancin, Cole NOOP(2) Wall, LeBlanc
|
||||
