|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-21 - 28 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000615 03:02]: > The following cluster contains 28 candidates that were announced > between 5/21/2000 and 6/8/2000. > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0376 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000606 > Category: SF > Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software > > Buffer overflow in the HTTP proxy server for the i-drive Filo software > allows remote attackers to execute arbitrary commands via a long HTTP > GET request. > > > ED_PRI CAN-2000-0376 1 > > > VOTE: MODIFY Reference: BID 1324 > > ================================= > Candidate: CAN-2000-0377 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000608 > Category: SF > Reference: MS:MS00-040 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp > > The Remote Registry server in Windows NT 4.0 allows local > authenticated users to cause a denial of service via a malformed > request, which causes the winlogon process to fail, aka the "Remote > Registry Access Authentication" vulnerability. > > > ED_PRI CAN-2000-0377 1 > > > VOTE: MODIFY Reference: BID 1331 > ================================= > Candidate: CAN-2000-0402 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: MS:MS00-035 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp > Reference: BID:1281 > Reference: URL:http://www.securityfocus.com/bid/1281 > Reference: XF:mssql-agent-stored-pw > > The Mixed Mode authentication capability in Microsoft SQL Server 7.0 > stores the System Administrator (sa) account in plaintext in a log > file which is readable by any user, aka the "SQL Server 7.0 Service > Pack Password" vulnerability. > > > ED_PRI CAN-2000-0402 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0403 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: MS:MS00-036 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp > Reference: XF:win-browser-hostannouncement > Reference: BID:1261 > Reference: URL:http://www.securityfocus.com/bid/1261 > > The CIFS Computer Browser service on Windows NT 4.0 allows a remote > attacker to cause a denial of service by sending a large number of > host announcement requests to the master browse tables, aka the > "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. > > > ED_PRI CAN-2000-0403 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0404 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: MS:MS00-036 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp > Reference: BID:1262 > Reference: URL:http://www.securityfocus.com/bid/1262 > > The CIFS Computer Browser service allows remote attackers to cause a > denial of service by sending a ResetBrowser frame to the Master > Browser, aka the "ResetBrowser Frame" vulnerability. > > > ED_PRI CAN-2000-0404 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0441 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: IBM:ERS-OAR-E01-2000:087.1 > Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html > Reference: BID:1241 > Reference: URL:http://www.securityfocus.com/bid/1241 > > Vulnerability in AIX 3.2.x and 4.x allows local users to gain write > access to files on locally or remotely mounted AIX filesystems. > > > ED_PRI CAN-2000-0441 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0455 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: NAI:20000529 Initialized Data Overflow in Xlock > Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp > Reference: NETBSD:NetBSD-SA2000-003 > Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc > Reference: TURBO:TLSA2000012-1 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html > Reference: BID:1267 > Reference: URL:http://www.securityfocus.com/bid/1267 > Reference: XF:xlock-bo-read-passwd > > Buffer overflow in xlockmore xlock program version 4.16 and earlier > allows local users to read sensitive data from memory via a long -mode > option. > > > ED_PRI CAN-2000-0455 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0456 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: NETBSD:NetBSD-SA2000-005 > Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc > Reference: BID:1272 > Reference: URL:http://www.securityfocus.com/bid/1272 > Reference: XF:bsd-syscall-cpu-dos > > NetBSD 1.4.2 and earlier allows local users to cause a denial of > service by repeatedly running certain system calls in the kernel which > do not yield the CPU, aka "cpu-hog". > > > ED_PRI CAN-2000-0456 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0461 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: OPENBSD:20000526 > Reference: URL:http://www.openbsd.org/errata26.html#semconfig > Reference: NETBSD:NetBSD-SA2000-004 > Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc > Reference: FREEBSD:FreeBSD-SA-00:19 > Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc > Reference: BID:1270 > Reference: URL:http://www.securityfocus.com/bid/1270 > > The undocumented semconfig system call in BSD freezes the state of > semaphores, which allows local users to cause a denial of service of > the semaphore system by using the semconfig call. > > > ED_PRI CAN-2000-0461 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0462 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: NETBSD:NetBSD-SA2000-006 > Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc > Reference: BID:1273 > Reference: URL:http://www.securityfocus.com/bid/1273 > > ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot > and does not chroot the specified users, which allows those users to > access other files outside of their home directory. > > > ED_PRI CAN-2000-0462 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0431 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3 > Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net > Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage > Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html > Reference: BID:1238 > Reference: URL:http://www.securityfocus.com/bid/1238 > Reference: XF:cobalt-cgiwrap-bypass > > Cobalt RaQ2 and RaQ3 does not properly set the access permissions and > ownership for files that are uploaded via FrontPage, which allows > attackers to bypass cgiwrap and modify files. > > > ED_PRI CAN-2000-0431 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0437 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html > Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp > Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html > Reference: XF:gauntlet-cyberdaemon-bo > Reference: BID:1234 > Reference: URL:http://www.securityfocus.com/bid/1234 > > Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in > gauntlet and WebShield allows remote attackers to cause a denial of > service or execute arbitrary commands. > > > ED_PRI CAN-2000-0437 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0438 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000522 fdmount buffer overflow > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html > Reference: XF:linux-fdmount-bo > Reference: BID:1239 > Reference: URL:http://www.securityfocus.com/bid/1239 > > Buffer overflow in fdmount on Linux systems allows local users in the > "floppy" group to execute arbitrary commands via a long mountpoint > parameter. > > > ED_PRI CAN-2000-0438 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0442 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html > Reference: BID:1242 > Reference: URL:http://www.securityfocus.com/bid/1242 > Reference: XF:qualcomm-qpopper-euidl > > Qpopper 2.53 and earlier allows local users to gain privileges via a > formatting string in the From: header, which is processed by the euidl > command. > > > ED_PRI CAN-2000-0442 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0454 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html > Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html > Reference: BID:1265 > Reference: URL:http://www.securityfocus.com/bid/1265 > Reference: XF:linux-cdrecord-execute > > Buffer overflow in Linux cdrecord allows local users to gain > privileges via the dev parameter. > > > ED_PRI CAN-2000-0454 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0460 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit > Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html > Reference: BID:1274 > Reference: URL:http://www.securityfocus.com/bid/1274 > > Buffer overflow in kdesud on Mandrake Linux allows local uses to gain > privileges via a long DISPLAY environmental variable. > > > ED_PRI CAN-2000-0460 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0396 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html > Reference: BID:1245 > Reference: URL:http://www.securityfocus.com/bid/1245 > Reference: XF:carello-file-duplication > > The add.exe program in the Carello shopping cart software allows > remote attackers to duplicate files on the server, which could allow > the attacker to read source code for web scripts such as .ASP files. > > > ED_PRI CAN-2000-0396 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0398 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html > Reference: BID:1244 > Reference: URL:http://www.securityfocus.com/bid/1244 > Reference: XF:mailsite-get-overflow > > Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent > allows remote attackers to execute arbitrary commands via a long > query_string parameter in the HTTP GET request. > > > ED_PRI CAN-2000-0398 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0399 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html > Reference: XF:deerfield-mdaemon-dos > Reference: BID:1250 > Reference: URL:http://www.securityfocus.com/bid/1250 > > Buffer overflow in MDaemon POP server allows remote attackers to cause > a denial of service via a long user name. > > > ED_PRI CAN-2000-0399 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0401 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000525 Alert: PDG Cart Overflows > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95928319715983&w=2 > Reference: NTBUGTRAQ:20000525 Alert: PDG Cart Overflows > Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95928667119963&w=2 > Reference: CONFIRM:http://www.pdgsoft.com/Security/security2.html > Reference: BID:1256 > Reference: URL:http://www.securityfocus.com/bid/1256 > > Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping > cart allow remote attackers to execute arbitrary commands via a long > query string. > > > ED_PRI CAN-2000-0401 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0418 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html > Reference: XF:cayman-dsl-dos > Reference: BID:1240 > Reference: URL:http://www.securityfocus.com/bid/1240 > > The Cayman 3220-H DSL router allows remote attackers to cause a denial > of service via oversized ICMP echo (ping) requests. > > > ED_PRI CAN-2000-0418 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0443 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html > Reference: XF:hp-jetadmin-directory-traversal > Reference: BID:1243 > Reference: URL:http://www.securityfocus.com/bid/1243 > > The web interface server in HP Web JetAdmin 5.6 allows remote > attackers to read arbitrary files via a .. (dot dot) attack. > > > ED_PRI CAN-2000-0443 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0444 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0277.html > Reference: XF:hp-jetadmin-malformed-url-dos > Reference: BID:1246 > Reference: URL:http://www.securityfocus.com/bid/1246 > > HP Web JetAdmin 6.0 allows remote attackers to cause a denial of > service via a malformed URL to port 8000. > > > ED_PRI CAN-2000-0444 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0445 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html > Reference: BID:1251 > Reference: URL:http://www.securityfocus.com/bid/1251 > > The pgpk command in PGP 5.x on Unix systems uses an insufficiently > random data source for non-interactive key pair generation, which > may produce predictable keys. > > > ED_PRI CAN-2000-0445 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0446 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000524 Remote xploit for MDBMS > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html > Reference: XF:mdbms-bo > Reference: BID:1252 > Reference: URL:http://www.securityfocus.com/bid/1252 > > Buffer overflow in MDBMS database server allows remote attackers to > execute arbitrary commands via a long string. > > > ED_PRI CAN-2000-0446 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0447 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net > Reference: XF:nai-webshield-bo > Reference: BID:1254 > Reference: URL:http://www.securityfocus.com/bid/1254 > > Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to > execute arbitrary commands via a long configuration parameter to the > WebShield remote management service. > > > ED_PRI CAN-2000-0447 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0448 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net > Reference: XF:nai-webshield-config-mod > Reference: BID:1253 > Reference: URL:http://www.securityfocus.com/bid/1253 > > The WebShield SMTP Management Tool version 4.5.44 does not properly > restrict access to the management port when an IP address does not > resolve to a hostname, which allows remote attackers to access the > configuration via the GET_CONFIG command. > > > ED_PRI CAN-2000-0448 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0449 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000615 > Assigned: 20000614 > Category: SF > Reference: BUGTRAQ:20000525 Omnis Weak Encryption - Many products affected > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html > Reference: BID:1255 > Reference: URL:http://www.securityfocus.com/bid/1255 > > Omnis Studio 2.4 uses weak encryption (trivial encoding) for > encrypting database fields. > > > ED_PRI CAN-2000-0449 3 > > > VOTE: ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
