[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-21 - 28 candidates



The following cluster contains 28 candidates that were announced
between 5/21/2000 and 6/8/2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0376
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000606
Category: SF
Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software

Buffer overflow in the HTTP proxy server for the i-drive Filo software
allows remote attackers to execute arbitrary commands via a long HTTP
GET request.


ED_PRI CAN-2000-0376 1


VOTE:

=================================
Candidate: CAN-2000-0377
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000608
Category: SF
Reference: MS:MS00-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp

The Remote Registry server in Windows NT 4.0 allows local
authenticated users to cause a denial of service via a malformed
request, which causes the winlogon process to fail, aka the "Remote
Registry Access Authentication" vulnerability.


ED_PRI CAN-2000-0377 1


VOTE:

=================================
Candidate: CAN-2000-0402
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp
Reference: BID:1281
Reference: URL:http://www.securityfocus.com/bid/1281
Reference: XF:mssql-agent-stored-pw

The Mixed Mode authentication capability in Microsoft SQL Server 7.0
stores the System Administrator (sa) account in plaintext in a log
file which is readable by any user, aka the "SQL Server 7.0 Service
Pack Password" vulnerability.


ED_PRI CAN-2000-0402 1


VOTE:

=================================
Candidate: CAN-2000-0403
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: XF:win-browser-hostannouncement
Reference: BID:1261
Reference: URL:http://www.securityfocus.com/bid/1261

The CIFS Computer Browser service on Windows NT 4.0 allows a remote
attacker to cause a denial of service by sending a large number of
host announcement requests to the master browse tables, aka the
"HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.


ED_PRI CAN-2000-0403 1


VOTE:

=================================
Candidate: CAN-2000-0404
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: BID:1262
Reference: URL:http://www.securityfocus.com/bid/1262

The CIFS Computer Browser service allows remote attackers to cause a
denial of service by sending a ResetBrowser frame to the Master
Browser, aka the "ResetBrowser Frame" vulnerability.


ED_PRI CAN-2000-0404 1


VOTE:

=================================
Candidate: CAN-2000-0441
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: IBM:ERS-OAR-E01-2000:087.1
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html
Reference: BID:1241
Reference: URL:http://www.securityfocus.com/bid/1241

Vulnerability in AIX 3.2.x and 4.x allows local users to gain write
access to files on locally or remotely mounted AIX filesystems.


ED_PRI CAN-2000-0441 1


VOTE:

=================================
Candidate: CAN-2000-0455
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NAI:20000529 Initialized Data Overflow in Xlock
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp
Reference: NETBSD:NetBSD-SA2000-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc
Reference: TURBO:TLSA2000012-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html
Reference: BID:1267
Reference: URL:http://www.securityfocus.com/bid/1267
Reference: XF:xlock-bo-read-passwd

Buffer overflow in xlockmore xlock program version 4.16 and earlier
allows local users to read sensitive data from memory via a long -mode
option.


ED_PRI CAN-2000-0455 1


VOTE:

=================================
Candidate: CAN-2000-0456
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NETBSD:NetBSD-SA2000-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc
Reference: BID:1272
Reference: URL:http://www.securityfocus.com/bid/1272
Reference: XF:bsd-syscall-cpu-dos

NetBSD 1.4.2 and earlier allows local users to cause a denial of
service by repeatedly running certain system calls in the kernel which
do not yield the CPU, aka "cpu-hog".


ED_PRI CAN-2000-0456 1


VOTE:

=================================
Candidate: CAN-2000-0461
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: OPENBSD:20000526
Reference: URL:http://www.openbsd.org/errata26.html#semconfig
Reference: NETBSD:NetBSD-SA2000-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
Reference: BID:1270
Reference: URL:http://www.securityfocus.com/bid/1270

The undocumented semconfig system call in BSD freezes the state of
semaphores, which allows local users to cause a denial of service of
the semaphore system by using the semconfig call.


ED_PRI CAN-2000-0461 1


VOTE:

=================================
Candidate: CAN-2000-0462
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NETBSD:NetBSD-SA2000-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc
Reference: BID:1273
Reference: URL:http://www.securityfocus.com/bid/1273

ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot
and does not chroot the specified users, which allows those users to
access other files outside of their home directory.


ED_PRI CAN-2000-0462 1


VOTE:

=================================
Candidate: CAN-2000-0431
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522  Problem with FrontPage on Cobalt RaQ2/RaQ3
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Reference: BID:1238
Reference: URL:http://www.securityfocus.com/bid/1238
Reference: XF:cobalt-cgiwrap-bypass

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and
ownership for files that are uploaded via FrontPage, which allows
attackers to bypass cgiwrap and modify files.


ED_PRI CAN-2000-0431 2


VOTE:

=================================
Candidate: CAN-2000-0437
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html
Reference: XF:gauntlet-cyberdaemon-bo
Reference: BID:1234
Reference: URL:http://www.securityfocus.com/bid/1234

Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in
gauntlet and WebShield allows remote attackers to cause a denial of
service or execute arbitrary commands.


ED_PRI CAN-2000-0437 2


VOTE:

=================================
Candidate: CAN-2000-0438
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522 fdmount buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html
Reference: XF:linux-fdmount-bo
Reference: BID:1239
Reference: URL:http://www.securityfocus.com/bid/1239

Buffer overflow in fdmount on Linux systems allows local users in the
"floppy" group to execute arbitrary commands via a long mountpoint
parameter.


ED_PRI CAN-2000-0438 2


VOTE:

=================================
Candidate: CAN-2000-0442
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html
Reference: BID:1242
Reference: URL:http://www.securityfocus.com/bid/1242
Reference: XF:qualcomm-qpopper-euidl

Qpopper 2.53 and earlier allows local users to gain privileges via a
formatting string in the From: header, which is processed by the euidl
command.


ED_PRI CAN-2000-0442 2


VOTE:

=================================
Candidate: CAN-2000-0454
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html
Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html
Reference: BID:1265
Reference: URL:http://www.securityfocus.com/bid/1265
Reference: XF:linux-cdrecord-execute

Buffer overflow in Linux cdrecord allows local users to gain
privileges via the dev parameter.


ED_PRI CAN-2000-0454 2


VOTE:

=================================
Candidate: CAN-2000-0460
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html
Reference: BID:1274
Reference: URL:http://www.securityfocus.com/bid/1274

Buffer overflow in kdesud on Mandrake Linux allows local uses to gain
privileges via a long DISPLAY environmental variable.


ED_PRI CAN-2000-0460 2


VOTE:

=================================
Candidate: CAN-2000-0396
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
Reference: BID:1245
Reference: URL:http://www.securityfocus.com/bid/1245
Reference: XF:carello-file-duplication

The add.exe program in the Carello shopping cart software allows
remote attackers to duplicate files on the server, which could allow
the attacker to read source code for web scripts such as .ASP files.


ED_PRI CAN-2000-0396 3


VOTE:

=================================
Candidate: CAN-2000-0398
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html
Reference: BID:1244
Reference: URL:http://www.securityfocus.com/bid/1244
Reference: XF:mailsite-get-overflow

Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent
allows remote attackers to execute arbitrary commands via a long
query_string parameter in the HTTP GET request.


ED_PRI CAN-2000-0398 3


VOTE:

=================================
Candidate: CAN-2000-0399
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html
Reference: XF:deerfield-mdaemon-dos
Reference: BID:1250
Reference: URL:http://www.securityfocus.com/bid/1250

Buffer overflow in MDaemon POP server allows remote attackers to cause
a denial of service via a long user name.


ED_PRI CAN-2000-0399 3


VOTE:

=================================
Candidate: CAN-2000-0401
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000525 Alert: PDG Cart Overflows
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95928319715983&w=2
Reference: NTBUGTRAQ:20000525 Alert: PDG Cart Overflows
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95928667119963&w=2
Reference: CONFIRM:http://www.pdgsoft.com/Security/security2.html
Reference: BID:1256
Reference: URL:http://www.securityfocus.com/bid/1256

Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping
cart allow remote attackers to execute arbitrary commands via a long
query string.


ED_PRI CAN-2000-0401 3


VOTE:

=================================
Candidate: CAN-2000-0418
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-dsl-dos
Reference: BID:1240
Reference: URL:http://www.securityfocus.com/bid/1240

The Cayman 3220-H DSL router allows remote attackers to cause a denial
of service via oversized ICMP echo (ping) requests.


ED_PRI CAN-2000-0418 3


VOTE:

=================================
Candidate: CAN-2000-0443
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html
Reference: XF:hp-jetadmin-directory-traversal
Reference: BID:1243
Reference: URL:http://www.securityfocus.com/bid/1243

The web interface server in HP Web JetAdmin 5.6 allows remote
attackers to read arbitrary files via a .. (dot dot) attack.


ED_PRI CAN-2000-0443 3


VOTE:

=================================
Candidate: CAN-2000-0444
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0277.html
Reference: XF:hp-jetadmin-malformed-url-dos
Reference: BID:1246
Reference: URL:http://www.securityfocus.com/bid/1246

HP Web JetAdmin 6.0 allows remote attackers to cause a denial of
service via a malformed URL to port 8000.


ED_PRI CAN-2000-0444 3


VOTE:

=================================
Candidate: CAN-2000-0445
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html
Reference: BID:1251
Reference: URL:http://www.securityfocus.com/bid/1251

The pgpk command in PGP 5.x on Unix systems uses an insufficiently
random data source for non-interactive key pair generation, which
may produce predictable keys.


ED_PRI CAN-2000-0445 3


VOTE:

=================================
Candidate: CAN-2000-0446
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Remote xploit for MDBMS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html
Reference: XF:mdbms-bo
Reference: BID:1252
Reference: URL:http://www.securityfocus.com/bid/1252

Buffer overflow in MDBMS database server allows remote attackers to
execute arbitrary commands via a long string.


ED_PRI CAN-2000-0446 3


VOTE:

=================================
Candidate: CAN-2000-0447
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: XF:nai-webshield-bo
Reference: BID:1254
Reference: URL:http://www.securityfocus.com/bid/1254

Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to
execute arbitrary commands via a long configuration parameter to the
WebShield remote management service.


ED_PRI CAN-2000-0447 3


VOTE:

=================================
Candidate: CAN-2000-0448
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: XF:nai-webshield-config-mod
Reference: BID:1253
Reference: URL:http://www.securityfocus.com/bid/1253

The WebShield SMTP Management Tool version 4.5.44 does not properly
restrict access to the management port when an IP address does not
resolve to a hostname, which allows remote attackers to access the
configuration via the GET_CONFIG command.


ED_PRI CAN-2000-0448 3


VOTE:

=================================
Candidate: CAN-2000-0449
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000525 Omnis Weak Encryption - Many products affected
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html
Reference: BID:1255
Reference: URL:http://www.securityfocus.com/bid/1255

Omnis Studio 2.4 uses weak encryption (trivial encoding) for
encrypting database fields.


ED_PRI CAN-2000-0449 3


VOTE:

 
Page Last Updated: May 22, 2007