|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-17 - 15 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000518 00:49]: > The following cluster contains 15 candidates that were announced > between April 13 and April 25, 2000. > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0311 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: MS:MS00-026 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp > Reference: BID:1145 > Reference: URL:http://www.securityfocus.com/bid/1145 > > The Windows 2000 domain controller allows a malicious user to modify > Active Directory information by modifying an unprotected attribute, > aka the "Mixed Object Access" vulnerability. > > > ED_PRI CAN-2000-0311 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0331 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420) > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html > Reference: MS:MS00-027 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp > Reference: BID:1135 > Reference: URL:http://www.securityfocus.com/bid/1135 > > Buffer overflow in Microsoft command processor (CMD.EXE) for Windows > NT and Windows 2000 allows a local user to cause a denial of service > via a long environment variable, aka the "Malformed Environment > Variable" vulnerability. > > > ED_PRI CAN-2000-0331 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0334 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: ALLAIRE:ASB00-10 > Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full > > The Allaire Spectra container editor preview tool does not properly > enforce object security, which allows an attacker to conduct > unauthorized activities via an object-method that is added to the > container object with a publishing rule. > > > ED_PRI CAN-2000-0334 1 > > > VOTE: MODIFY Reference: BID 1181 > ================================= > Candidate: CAN-2000-0336 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: REDHAT:RHSA-2000:012-05 > Reference: URL:http://www.redhat.com/support/errata/RHSA-2000012-05.html > > OpenLDAP server in Red Hat Linux allows local users to modify > arbitrary files via a symlink attack. > > > ED_PRI CAN-2000-0336 1 > > > VOTE: MODIFY Reference: BID 1232 > > ================================= > Candidate: CAN-2000-0317 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000424 Solaris 7 x86 lpset exploit. > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0192.html > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html > Reference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !) > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95729763119559&w=2 > Reference: SUNBUG:4334568 > Reference: BID:1138 > Reference: URL:http://www.securityfocus.com/bid/1138 > > Buffer overflow in Solaris 7 lpset allows local users to gain root > privileges via a long -r option. > > > ED_PRI CAN-2000-0317 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0316 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html > Reference: BID:1143 > Reference: URL:http://www.securityfocus.com/bid/1143 > > Buffer overflow in Solaris 7 lp allows local users to gain root > privileges via a long -d option. > > > ED_PRI CAN-2000-0316 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0318 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20 > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html > Reference: BID:1144 > Reference: URL:http://www.securityfocus.com/bid/1144 > > Atrium Mercur Mail Server 3.2 allows local attackers to read other > user's email and create arbitrary files via a dot dot (..) attack. > > > ED_PRI CAN-2000-0318 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0319 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU > Reference: BID:1146 > Reference: URL:http://www.securityfocus.com/bid/1146 > > mail.local in Sendmail 8.10.x does not properly identify the .\n > string which identifies the end of message text, which allows a remote > attacker to cause a denial of service or corrupt mailboxes via a > message line that is 2047 characters long and ends in .\n. > > > ED_PRI CAN-2000-0319 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0320 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU > Reference: BID:1133 > Reference: URL:http://www.securityfocus.com/bid/1133 > > Qpopper 2.53 and 3.0 does not properly identify the \n string which > identifies the end of message text, which allows a remote attacker to > cause a denial of service or corrupt mailboxes via a message line that > is 1023 characters long and ends in \n. > > > ED_PRI CAN-2000-0320 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0321 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000424 Buffer Overflow in version .14 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0190.html > Reference: BID:1147 > Reference: URL:http://www.securityfocus.com/bid/1147 > > Buffer overflow in IC Radius package allows a remote attacker to cause > a denial of service via a long user name. > > > ED_PRI CAN-2000-0321 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0322 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000424 piranha default password/exploit > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com > Reference: BID:1149 > Reference: URL:http://www.securityfocus.com/bid/1149 > > The passwd.php3 CGI script in the Red Hat Piranha Virtual Server > Package allows local users to execure arbitrary commands via shell > metacharacters. > > > ED_PRI CAN-2000-0322 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0324 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere. > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com > Reference: BID:1150 > Reference: URL:http://www.securityfocus.com/bid/1150 > > pcAnywhere 8.x and 9.x allows remote attackers to cause a denial of > service via a TCP SYN scan, e.g. by nmap. > > > ED_PRI CAN-2000-0324 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0326 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BID:1151 > Reference: URL:http://www.securityfocus.com/bid/1151 > Reference: CONFIRM:http://support.on.com/support/mmxp.nsf/31af51e08bcc93eb852565a90056138b/11af70407a16b165852568c50056a952?OpenDocument > > Meeting Maker uses weak encryption (a polyalphabetic substitution > cipher) for passwords, which allows remote attackers to sniff and > decrypt passwords for Meeting Maker accounts. > > > ED_PRI CAN-2000-0326 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0337 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow. > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html > Reference: BID:1140 > Reference: URL:http://www.securityfocus.com/bid/1140 > > Buffer overflow in Xsun X server in Solaris 7 allows local users to > gain root privileges via a long -dev parameter. > > > ED_PRI CAN-2000-0337 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0338 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BID:1136 > Reference: URL:http://www.securityfocus.com/bid/1136 > > Concurrent Versions Software (CVS) uses predictable temporary file > names for locking, which allows local users to cause a denial of > service by creating the lock directory before it is created for use by > a legitimate CVS user. > > > ED_PRI CAN-2000-0338 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0339 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000420 ZoneAlarm > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com > Reference: BID:1137 > Reference: URL:http://www.securityfocus.com/bid/1137 > > ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source > port of 67, which allows remote attackers to bypass the firewall > rules. > > > ED_PRI CAN-2000-0339 3 > > > VOTE: ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
