|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [PROPOSAL] Cluster RECENT-19 - 33 candidates
> -----Original Message-----
> From: Steven M. Christey [mailto:coley@LINUS.MITRE.ORG]
> Sent: Wednesday, June 14, 2000 9:47 PM
> To: cve-editorial-board-list@lists.mitre.org
> Subject: [PROPOSAL] Cluster RECENT-19 - 33 candidates
>
>
> The next 3 RECENT-XX clusters identify a total of 92 candidates - it's
> been very busy these last few months.
>
> The following cluster contains 33 candidates that were announced
> between 4/24/2000 and 5/10/2000.
>
> The candidates are listed in order of priority. Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
>
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
>
> - Steve
>
>
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
>
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g.
> reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or
> needs more info
> RECAST - candidate must be significantly modified, e.g. split
> or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
>
> 1) Please write your vote on the line that starts with "VOTE: ". If
> you want to add comments or details, add them to lines after the
> VOTE: line.
>
> 2) If you see any missing references, please mention them so that they
> can be included. References help greatly during mapping.
>
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
> So if you don't have sufficient information for a candidate but you
> don't want to NOOP, use a REVIEWING.
>
> ********** NOTE ********** NOTE ********** NOTE **********
> NOTE **********
>
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
>
> =================================
> Candidate: CAN-2000-0249
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000425
> Category: SF
> Reference: ISS:20000426 Insecure file handling in IBM AIX
> frcactrl program
> Reference: URL:http://xforce.iss.net/alerts/advise47.php3
>
> The AIX Fast Response Cache Accelerator (FRCA) allows local users to
> modify arbitrary files via the configuration capability in the
> frcactrl program.
>
>
> ED_PRI CAN-2000-0249 1
>
>
> VOTE: Modify, add source IBM ERS-OAR-E01-2000:075.1,
http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/8525680F006
B9445852568CE0055C78A/$file/oar075.txt
Actually just a repeat of the X-Force Bulletin but provides vendor
confirmation.
> =================================
> Candidate: CAN-2000-0380
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
> Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
> Reference:
> URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
> Reference: XF:cisco-ios-http-dos
>
> The IOS HTTP service in Cisco routers and switches running IOS 11.1
> through 12.1 allows remote attackers to cause a denial of service by
> requesting a URL that contains a %% string.
>
>
> ED_PRI CAN-2000-0380 1
>
>
> VOTE: Accept
>
> =================================
> Candidate: CAN-2000-0382
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: ALLAIRE:ASB00-12
> Reference:
> URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full
> Reference: BID:1179
> Reference: URL:http://www.securityfocus.com/bid/1179
> Reference: XF:allaire-clustercats-url-redirect
>
> ColdFusion ClusterCATS appends stale query string arguments to a URL
> during HTML redirection, which may provide sensitive information to
> the redirected site.
>
>
> ED_PRI CAN-2000-0382 1
>
>
> VOTE: Accept
>
> =================================
> Candidate: CAN-2000-0387
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: FREEBSD:FreeBSD-SA-00:16
> Reference:
> URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-
> SA-00:16.golddig.asc
> Reference: BID:1184
> Reference: URL:http://www.securityfocus.com/bid/1184
>
> The makelev program in the golddig game from the FreeBSD ports
> collection allows local users to overwrite arbitrary files.
>
>
> ED_PRI CAN-2000-0387 1
>
>
> VOTE: NOOP
>
> =================================
> Candidate: CAN-2000-0388
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: FREEBSD:FreeBSD-SA-00:17
> Reference:
> URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-
> SA-00%3A17.libmytinfo.asc
> Reference: BID:1185
> Reference: URL:http://www.securityfocus.com/bid/1185
> Reference: XF:libmytinfo-bo
>
> Buffer overflow in FreeBSD libmytinfo library allows local users to
> execute commands via a long TERMCAP environmental variable.
>
>
> ED_PRI CAN-2000-0388 1
>
>
> VOTE: Accept
>
> =================================
> Candidate: CAN-2000-0414
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: HP:HPSBUX0005-113
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html
> Reference: XF:hp-shutdown-privileges
> Reference: BID:1214
> Reference: URL:http://www.securityfocus.com/bid/1214
>
> Vulnerability in shutdown command in HP-UX 11.X and 10.X allows allows
> local users to gain privileges via malformed input variables.
>
>
> ED_PRI CAN-2000-0414 1
>
>
> VOTE:Accept, comment: another link for the HP Bulletins and Patches is
the IT Resource Center @ http://itrc.hp.com
>
> =================================
> Candidate: CAN-2000-0433
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: SUSE:20000502 aaabase < 2000.5.2
> Reference:
> URL:http://www.suse.de/de/support/security/suse_security_annou
> nce_47.txt
> Reference: XF:aaabase-execute-dot-files
>
> The SuSE aaa_base package installs some system accounts with home
> directories set to /tmp, which allows local users to gain privileges
> to those accounts by creating standard user startup scripts such as
> profiles.
>
>
> ED_PRI CAN-2000-0433 1
>
>
> VOTE:Modify, add source:
SecurityFocus
BID1357
SuSE Linux aaabase User Account with /tmp Home Vulnerability
http://www.securityfocus.com/bid/1357
>
> =================================
> Candidate: CAN-2000-0439
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
> Reference:
> URL:http://www.securityfocus.com/templates/archive.pike?list=1
> &msg=20000511135609.D7774@securityfocus.com
> Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability
> is an Email problem also
> Reference:
> URL:http://www.securityfocus.com/templates/archive.pike?list=1
> &msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net
> Reference: MS:MS00-033
> Reference:
> URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
> Reference: BID:1194
> Reference: URL:http://www.securityfocus.com/bid/1194
> Reference: XF:ie-cookie-disclosure
>
> Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain
> client cookies from another domain by including that domain name and
> escaped characters in a URL, aka the "Unauthorized Cookie Access"
> vulnerability.
>
>
> ED_PRI CAN-2000-0439 1
>
>
> VOTE: Accept
>
> =================================
> Candidate: CAN-2000-0440
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: NETBSD:NetBSD-SA2000-002
> Reference:
> URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/N
> etBSD-SA2000-002.txt.asc
> Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics
> when sent unaligned IP options]
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html
> Reference: BID:1173
> Reference: URL:http://www.securityfocus.com/bid/1173
>
> NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of
> service by sending a packet with an unaligned IP timestamp option.
>
>
> ED_PRI CAN-2000-0440 1
>
>
> VOTE: Accept
>
> =================================
> Candidate: CAN-2000-0457
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
> Reference:
> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2
> Reference: MS:MS00-031
> Reference:
> URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.asp
> Reference: BID:1193
> Reference: URL:http://www.securityfocus.com/bid/1193
>
> ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file
> contents by requesting the file and appending a large number of
> encoded spaces (%20) and terminated with a .htr extension, aka the
> ".HTR File Fragment Reading" or "File Fragment Reading via .HTR"
> vulnerability.
>
>
> ED_PRI CAN-2000-0457 1
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0379
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router
> vulnerability
> Reference:
> http://www.securityfocus.com/templates/archive.pike?list=1&msg
> =200005082054.NAA32590@linux.mtndew.com
> Reference:
> CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
> Reference: BID:1177
> Reference: URL:http://www.securityfocus.com/bid/1177
> Reference: XF:netopia-snmp-comm-strings
>
> The Netopia R9100 router does not prevent authenticated users from
> modifying SNMP tables, even if the administrator has configured it to
> do so.
>
>
> ED_PRI CAN-2000-0379 2
>
>
> VOTE: Accept
>
> =================================
> Candidate: CAN-2000-0427
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: unknown
> Reference: L0PHT:20000504 eToken Private Information
> Extraction and Physical Attack
> Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt
> Reference: XF:aladdin-etoken-pin-reset
> Reference: BID:1170
> Reference: URL:http://www.securityfocus.com/bid/1170
>
> The Aladdin Knowledge Systems eToken device allows attackers with
> physical access to the device to obtain sensitive information without
> knowing the PIN of the owner by resetting the PIN the EEPROM.
>
>
> ED_PRI CAN-2000-0427 2
>
>
> VOTE:NOOP
>
> =================================
> Candidate: CAN-2000-0428
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: NAI:20000503 Trend Micro InterScan VirusWall
> Remote Overflow
> Reference:
> URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp
> Reference: BID:1168
> Reference: URL:http://www.securityfocus.com/bid/1168
> Reference: XF:interscan-viruswall-bo
>
> Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and
> earlier allows a remote attacker to execute arbitrary commands via a
> long filename for a uuencoded attachment.
>
>
> ED_PRI CAN-2000-0428 2
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0378
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000502 pam_console bug
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html
> Reference: BID:1176
> Reference: URL:http://www.securityfocus.com/bid/1176
>
> The pam_console PAM module in Linux systems performs a chown on
> various devices upon a user login, but the ownership of some devices
> is not reset when the user logs out, which allows that user to sniff
> activity on these devices when subsequent users log in.
>
>
> ED_PRI CAN-2000-0378 3
>
>
> VOTE:NOOP
>
> =================================
> Candidate: CAN-2000-0381
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
> Reference: http://www.perfectotech.com/blackwatchlabs/vul5_05.html
> MISC:
> Reference: XF:http-cgi-dbman-db
> Reference: BID:1178
> Reference: URL:http://www.securityfocus.com/bid/1178
>
> The Gossamer Threads DBMan db.cgi CGI script allows remote attackers
> to view environmental variables and setup information by referencing a
> non-existing database in the db parameter.
>
>
> ED_PRI CAN-2000-0381 3
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0383
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: XF:aolim-file-path
> Reference: BugTraq Mailing List: "AOL Instant Messenger" at:
> Reference:
> http://www.securityfocus.com/templates/archive.pike?list=1&msg
> =002401bfb918$7310d5a0$1ef084ce@karemor.com
> Reference: BID:1180
> Reference: URL:http://www.securityfocus.com/bid/1180
>
> The file transfer component of AOL Instant Messenger (AIM) reveals the
> physical path of the transferred file to the remote recipient.
>
>
> ED_PRI CAN-2000-0383 3
>
>
> VOTE:NOOP
>
> =================================
> Candidate: CAN-2000-0384
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: CF
> Reference: L0PHT:20000508 NetStructure 7180 remote backdoor
> vulnerability
> Reference: URL:http://www.lopht.com/advisories/ipivot7110.html
> Reference: L0PHT:20000508 NetStructure 7110 console backdoor
> Reference: URL:http://www.l0pht.com/advisories/ipivot7180.html
> Reference: CONFIRM:http://216.188.41.136/
> Reference: XF:netstructure-root-compromise
> Reference: XF:netstructure-wizard-mode
> Reference: BID:1182
> Reference: URL:http://www.securityfocus.com/bid/1182
> Reference: BID:1183
> Reference: URL:http://www.securityfocus.com/bid/1183
>
> NetStructure 7110 and 7180 have undocumented accounts (servnow, root,
> and wizard) whose passwords are easily guessable from the
> NetStructure's MAC address, which could allow remote attackers to gain
> root access.
>
>
> ED_PRI CAN-2000-0384 3
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0385
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference:
> MISC:http://www.blueworld.com/blueworld/news/05.01.00-FM5_Secu
> rity.html
> Reference: CONFIRM:http://www.filemaker.com/support/webcompanion.html
> Reference: XF:macos-filemaker-xml
> Reference: XF:macos-filemaker-email
>
> FileMaker Pro 5 Web Companion allows remote attackers to bypass
> Field-Level database security restrictions via the XML publishing
> or email capabilities.
>
>
> ED_PRI CAN-2000-0385 3
>
>
> VOTE: Accept
>
> =================================
> Candidate: CAN-2000-0386
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference:
> MISC:http://www.blueworld.com/blueworld/news/05.01.00-FM5_Secu
> rity.html
> Reference: CONFIRM:http://www.filemaker.com/support/webcompanion.html
> Reference: XF:macos-filemaker-anonymous-email
>
> FileMaker Pro 5 Web Companion allows remote attackers to send
> anonymous or forged email.
>
>
> ED_PRI CAN-2000-0386 3
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0409
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000510 Possible symlink problems with
> Netscape 4.73
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html
> Reference: BID:1201
> Reference: URL:http://www.securityfocus.com/bid/1201
> Reference: XF:netscape-import-certificate-symlink
>
> Netscape 4.73 and earlier follows symlinks when it imports a new
> certificate, which allows local users to overwrite files of the user
> importing the certificate.
>
>
> ED_PRI CAN-2000-0409 3
>
>
> VOTE:NOOP
>
> =================================
> Candidate: CAN-2000-0410
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS
> Vulnerability.
> Reference:
> URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind00
> 05&L=ntbugtraq&F=&S=&P=4843
> Reference: XF:coldfusion-cfcache-dos
> Reference: BID:1192
> Reference: URL:http://www.securityfocus.com/bid/1192
>
> Cold Fusion Server 4.5.1 allows remote attackers to cause a denial of
> service by making repeated requests to a CFCACHE tagged cache file
> that is not stored in memory.
>
>
> ED_PRI CAN-2000-0410 3
>
>
> VOTE: Modify add source Security BugWare
http://161.53.42.3/~crv/security/bugs/NT/cf12.html
>
> =================================
> Candidate: CAN-2000-0411
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html
> Reference:
> MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
> Reference: XF:http-cgi-formmail-environment
> Reference: BID:1187
> Reference: URL:http://www.securityfocus.com/bid/1187
>
> Matt Wright's FormMail CGI script allows remote attackers to obtain
> environmental variables via the env_report parameter.
>
>
> ED_PRI CAN-2000-0411 3
>
>
> VOTE: Accept
>
> =================================
> Candidate: CAN-2000-0412
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000510 KNapster Vulnerability
> Compromises User-readable Files
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0124.html
> Reference: BUGTRAQ:20000510 Gnapster Vulnerability
> Compromises User-readable Files
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0127.html
> Reference: FREEBSD:FreeBSD-SA-00:18
> Reference:
> URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-
> SA-00:18-gnapster.adv
> Reference: XF:gnapster-view-files
> Reference: BID:1186
> Reference: URL:http://www.securityfocus.com/bid/1186
>
> The gnapster and knapster clients for Napster do not properly restrict
> access only to MP3 files, which allows remote attackers to read
> arbitrary files from the client by specifying the full pathname for
> the file.
>
>
> ED_PRI CAN-2000-0412 3
>
>
> VOTE:NOOP
>
> =================================
> Candidate: CAN-2000-0413
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000506 shtml.exe reveal local path of
> IIS web directory
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html
> Reference: BID:1174
> Reference: URL:http://www.securityfocus.com/bid/1174
> Reference: XF:iis-shtml-reveal-path
>
> The shtml.exe program in the FrontPage extensions package of IIS 4.0
> and 5.0 allows remote attackers to determine the physical path of
> HTML, HTM, ASP, and SHTML files by requesting a file that does not
> exist, which generates an error message that reveals the path.
>
>
> ED_PRI CAN-2000-0413 3
>
>
> VOTE:Modify additional source Security BugWare
http://161.53.42.3/~crv/security/bugs/NT/fpse10.html comments on page re:
"MS soon to be released service release OSR 1.2 with needed changes."
I haven't located anything on MS site yet. Anyone help?
> =================================
> Candidate: CAN-2000-0417
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html
> Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software
> Update and New Bonus Attack
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
> Reference: BID:1219
> Reference: URL:http://www.securityfocus.com/bid/1219
>
> The HTTP administration interface to the Cayman 3220-H DSL router
> allows remote attackers to cause a denial of service via a long
> username or password.
>
>
> ED_PRI CAN-2000-0417 3
>
>
> VOTE: NOOP
>
> =================================
> Candidate: CAN-2000-0422
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000504 Alert: DMailWeb buffer overflow
> Reference:
> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95749276827558&w=2
> Reference: XF:http-cgi-dmailweb-bo
> Reference: BID:1171
> Reference: URL:http://www.securityfocus.com/bid/1171
>
> Buffer overflow in Netwin DMailWeb CGI program allows remote attackers
> to execute arbitrary commands via a long utoken parameter.
>
>
> ED_PRI CAN-2000-0422 3
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0423
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000505 Alert: DNewsWeb buffer overflow
> Reference:
> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95764950403250&w=2
> Reference: XF:http-cgi-dnews-bo
> Reference: BID:1172
> Reference: URL:http://www.securityfocus.com/bid/1172
>
> Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers
> to execute arbitrary commands via long parameters such as group, cmd,
> and utag.
>
>
> ED_PRI CAN-2000-0423 3
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0425
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference:
> CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
> Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa)
> buffer overflow
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html
> Reference: XF:http-cgi-listserv-wa-bo
> Reference: BID:1167
> Reference: URL:http://www.securityfocus.com/bid/1167
>
> Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8
> allows remote attackers to execute arbitrary commands.
>
>
> ED_PRI CAN-2000-0425 3
>
>
> VOTE:Modify, add source:
Lsoft Security Advisory 5,May 2000
http://www.lsoft.com/news/Advisory0.asp
>
> =================================
> Candidate: CAN-2000-0426
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X
> Reference:
> URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html
> Reference: BID:1175
> Reference: URL:http://www.securityfocus.com/bid/1175
> Reference: XF:ultraboard-cgi-dos
>
> UltraBoard 1.6 and other versions allow remote attackers to cause a
> denial of service by referencing UltraBoard in the Session parameter,
> which causes UltraBoard to fork copies of itself.
>
>
> ED_PRI CAN-2000-0426 3
>
>
> VOTE: NOOP
>
> =================================
> Candidate: CAN-2000-0429
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000427 Alert: Cart32 secret password
> backdoor (CISADV000427)
> Reference:
> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95686068203138&w=2
> Reference: CONFIRM:http://www.cart32.com/kbshow.asp?article=c048
>
> A backdoor password in Cart32 3.0 and earlier allows remote attackers
> to execute arbitrary commands.
>
>
> ED_PRI CAN-2000-0429 3
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0430
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000503 Another interesting Cart32 command
> Reference:
> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2
> Reference: XF:cart32-expdate
>
> Cart32 allows remote attackers to access sensitive debugging
> information by appending /expdate to the URL request.
>
>
> ED_PRI CAN-2000-0430 3
>
>
> VOTE:Accept
>
> =================================
> Candidate: CAN-2000-0458
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000424 Two Problems in IMP 2
> Reference:
> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
> Reference: XF:imp-tmpfile-view
>
> The MSWordView application in IMP creates world-readable files in the
> /tmp directory, which allows other local users to read potentially
> sensitive information.
>
>
> ED_PRI CAN-2000-0458 3
>
>
> VOTE:NOOP
>
> =================================
> Candidate: CAN-2000-0459
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000424 Two Problems in IMP 2
> Reference:
> URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
> Reference: XF:imp-wordfile-dos
>
> IMP does not remove files properly if the MSWordView application
> quits, which allows local users to cause a denial of service by
> filling up the disk space by requesting a large number of documents
> and prematurely stopping the request.
>
>
> ED_PRI CAN-2000-0459 3
>
>
> VOTE:NOOP
>
application/ms-tnef
|
|
