|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-18 - 14 candidates
The following cluster contains 14 candidates that were announced between April 27 and May 17, 2000. Note that this cluster does not include all new issues between these dates; those will be added in a future posting. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0303 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000503 Category: SF Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature Reference: URL:http://xforce.iss.net/alerts/advise50.php3 Reference: CONFIRM:http://www.quake3arena.com/news/index.html Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. ED_PRI CAN-2000-0303 1 VOTE: ================================= Candidate: CAN-2000-0304 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000508 Category: SF Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack Reference: URL:http://xforce.iss.net/alerts/advise52.php3 Reference: MS:MS00-031 Reference: URL:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905 Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of servoce via a malformed request to the inetinfo.exe program ED_PRI CAN-2000-0304 1 VOTE: ================================= Candidate: CAN-2000-0342 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077 Reference: BID:1157 Reference: URL:http://www.securityfocus.com/bid/1157 Eudora 4.x allows remote attackers to bypass the user warning for executable attachments by using a .lnk file that refers to the attachment. ED_PRI CAN-2000-0342 2 VOTE: ================================= Candidate: CAN-2000-0346 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670 Reference: BID:1162 Reference: URL:http://www.securityfocus.com/bid/1162 AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server ED_PRI CAN-2000-0346 2 VOTE: ================================= Candidate: CAN-2000-0350 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000516 Category: SF Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220 Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/ A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events. ED_PRI CAN-2000-0350 2 VOTE: ================================= Candidate: CAN-2000-0332 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com Reference: BID:1164 Reference: URL:http://www.securityfocus.com/bid/1164 UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. ED_PRI CAN-2000-0332 3 VOTE: ================================= Candidate: CAN-2000-0333 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 Denial of service attack against tcpdump Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca Reference: BID:1165 Reference: URL:http://www.securityfocus.com/bid/1165 tcpdump, Ethereal, and other sniffer packages allow remote attackers to cause a denial of service via malformed DNS packets in which a jump offset refers to itself, which causes tcpdump to enter an infinite loop while decompressing the packet. ED_PRI CAN-2000-0333 3 VOTE: ================================= Candidate: CAN-2000-0335 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 glibc resolver weakness Reference: BID:1166 Reference: URL:http://www.securityfocus.com/bid/1166 The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. ED_PRI CAN-2000-0335 3 VOTE: ================================= Candidate: CAN-2000-0340 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub Reference: BID:1155 Reference: URL:http://www.securityfocus.com/bid/1155 Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable. ED_PRI CAN-2000-0340 3 VOTE: ================================= Candidate: CAN-2000-0341 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2 Reference: BID:1156 Reference: URL:http://www.securityfocus.com/bid/1156 ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. ED_PRI CAN-2000-0341 3 VOTE: ================================= Candidate: CAN-2000-0343 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 spj-003-000 - S0ftPj Advisory Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005021736.TAA01991@ALuSSi Reference: BID:1158 Reference: URL:http://www.securityfocus.com/bid/1158 Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header. ED_PRI CAN-2000-0343 3 VOTE: ================================= Candidate: CAN-2000-0344 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000501 Linux knfsd DoS issue Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk Reference: BID:1160 Reference: URL:http://www.securityfocus.com/bid/1160 The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. ED_PRI CAN-2000-0344 3 VOTE: ================================= Candidate: CAN-2000-0345 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 Possible issue with Cisco on-line help? Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com Reference: BID:1161 Reference: URL:http://www.securityfocus.com/bid/1161 The on-line help system options in Cisco routers allows non-privileged users without "enabled" access to obtain sensitive information via the show command. ED_PRI CAN-2000-0345 3 VOTE: ================================= Candidate: CAN-2000-0347 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2 Reference: BID:1163 Reference: URL:http://www.securityfocus.com/bid/1163 Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NETBIOS session request packet with a NULL source name. ED_PRI CAN-2000-0347 3 VOTE:
|
||||
