[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-18 - 14 candidates



The following cluster contains 14 candidates that were announced
between April 27 and May 17, 2000.  Note that this cluster does not
include all new issues between these dates; those will be added in a
future posting.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0303
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000503
Category: SF
Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
Reference: URL:http://xforce.iss.net/alerts/advise50.php3
Reference: CONFIRM:http://www.quake3arena.com/news/index.html

Quake3 Arena allows malicious server operators to read or modify
files on a client via a dot dot (..) attack.


ED_PRI CAN-2000-0303 1


VOTE:

=================================
Candidate: CAN-2000-0304
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000508
Category: SF
Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
Reference: URL:http://xforce.iss.net/alerts/advise52.php3
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory
installed allows a remote attacker to cause a denial of servoce via a
malformed request to the inetinfo.exe program


ED_PRI CAN-2000-0304 1


VOTE:

=================================
Candidate: CAN-2000-0342
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
Reference: BID:1157
Reference: URL:http://www.securityfocus.com/bid/1157

Eudora 4.x allows remote attackers to bypass the user warning for
executable attachments by using a .lnk file that refers to the
attachment.


ED_PRI CAN-2000-0342 2


VOTE:

=================================
Candidate: CAN-2000-0346
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com
Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
Reference: BID:1162
Reference: URL:http://www.securityfocus.com/bid/1162

AppleShare IP 6.1 and later allows a remote attacker to read
potentially sensitive information via an invalid range request to the
web server


ED_PRI CAN-2000-0346 2


VOTE:

=================================
Candidate: CAN-2000-0350
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000516
Category: SF
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/

A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is
enabled, which allows a remote attacker to bypass the weak
authentication and post unencrypted events.


ED_PRI CAN-2000-0350 2


VOTE:

=================================
Candidate: CAN-2000-0332
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com
Reference: BID:1164
Reference: URL:http://www.securityfocus.com/bid/1164

UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows
remote attackers to read arbitrary files via a pathname string that
includes a dot dot (..) and ends with a null byte.


ED_PRI CAN-2000-0332 3


VOTE:

=================================
Candidate: CAN-2000-0333
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 Denial of service attack against tcpdump
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca
Reference: BID:1165
Reference: URL:http://www.securityfocus.com/bid/1165

tcpdump, Ethereal, and other sniffer packages allow remote attackers
to cause a denial of service via malformed DNS packets in which a jump
offset refers to itself, which causes tcpdump to enter an infinite
loop while decompressing the packet.


ED_PRI CAN-2000-0333 3


VOTE:

=================================
Candidate: CAN-2000-0335
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 glibc resolver weakness
Reference: BID:1166
Reference: URL:http://www.securityfocus.com/bid/1166

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local
attacker to spoof DNS query results.


ED_PRI CAN-2000-0335 3


VOTE:

=================================
Candidate: CAN-2000-0340
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub
Reference: BID:1155
Reference: URL:http://www.securityfocus.com/bid/1155

Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to
execute arbitrary commands via the DISPLAY environmental variable.


ED_PRI CAN-2000-0340 3


VOTE:

=================================
Candidate: CAN-2000-0341
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2
Reference: BID:1156
Reference: URL:http://www.securityfocus.com/bid/1156

ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a
denial of service via a long login name.


ED_PRI CAN-2000-0341 3


VOTE:

=================================
Candidate: CAN-2000-0343
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 spj-003-000 - S0ftPj Advisory
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005021736.TAA01991@ALuSSi
Reference: BID:1158
Reference: URL:http://www.securityfocus.com/bid/1158

Buffer overflow in Sniffit 0.3.x with the -L logging option enabled
allows remote attackers to execute arbitrary commands via a long MAIL
FROM mail header.


ED_PRI CAN-2000-0343 3


VOTE:

=================================
Candidate: CAN-2000-0344
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000501 Linux knfsd DoS issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk
Reference: BID:1160
Reference: URL:http://www.securityfocus.com/bid/1160

The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to
cause a denial of service via a negative size value.


ED_PRI CAN-2000-0344 3


VOTE:

=================================
Candidate: CAN-2000-0345
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 Possible issue with Cisco on-line help?
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com
Reference: BID:1161
Reference: URL:http://www.securityfocus.com/bid/1161

The on-line help system options in Cisco routers allows non-privileged
users without "enabled" access to obtain sensitive information via
the show command.


ED_PRI CAN-2000-0345 3


VOTE:

=================================
Candidate: CAN-2000-0347
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2
Reference: BID:1163
Reference: URL:http://www.securityfocus.com/bid/1163

Windows 95 and Windows 98 allow a remote attacker to cause a denial of
service via a NETBIOS session request packet with a NULL source name.


ED_PRI CAN-2000-0347 3


VOTE:

 
Page Last Updated: May 22, 2007