|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 67 very recent candidates (Final 7/12)
I have made an Interim Decision to ACCEPT the following 67 candidates from the RECENT-18 through RECENT-21 clusters. I will make a Final Decision on July 12. These candidates took approximately 0.8 months from proposal to Interim Decision, with an average of 1.7 months from initial public announcement to Interim Decision. Some candidates received 6 or 7 votes, which is quite rare (if it ever happened before). These include most of the first candidates whose initial public announcment identified the candidate number (what I'm calling "pre-publication candidate assignment"). They are CAN-2000-0249, CAN-2000-0303, CAN-2000-0304, CAN-2000-0305, CAN-2000-0350, and CAN-2000-0376. The breakdown by cluster is as follows: 5 RECENT-18 17 RECENT-19 25 RECENT-20 20 RECENT-21 Voters: Wall ACCEPT(11) NOOP(39) Levy ACCEPT(60) MODIFY(7) LeBlanc ACCEPT(5) NOOP(20) Ozancin ACCEPT(31) MODIFY(2) NOOP(8) REVIEWING(1) Cole ACCEPT(23) NOOP(44) Stracener ACCEPT(55) MODIFY(10) Frech ACCEPT(40) MODIFY(27) Northcutt ACCEPT(3) Christey NOOP(8) Armstrong NOOP(5) Prosser ACCEPT(10) MODIFY(3) NOOP(4) ================================= Candidate: CAN-2000-0249 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000425 Category: SF Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program Reference: URL:http://xforce.iss.net/alerts/advise47.php3 Reference: IBM:ERS-OAR-E01-2000:075.1 Reference: BID:1152 Reference: URL:http://www.securityfocus.com/bid/1152 The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program. Modifications: ADDREF BID:1152 ADDREF IBM:ERS-OAR-E01-2000:075.1 INFERRED ACTION: CAN-2000-0249 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(3) Levy, Prosser, Frech NOOP(3) Christey, Cole, Ozancin Comments: Christey> ADDREF BID:1152 URL:http://www.securityfocus.com/bid/1152 Levy> Reference: BID 1152 Prosser> add source IBM ERS-OAR-E01-2000:075.1, http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/8525680F006 B9445852568CE0055C78A/$file/oar075.txt Actually just a repeat of the X-Force Bulletin but provides vendor confirmation. Frech> XF:aix-frcactrl ================================= Candidate: CAN-2000-0303 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000503 Category: SF Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature Reference: URL:http://xforce.iss.net/alerts/advise50.php3 Reference: CONFIRM:http://www.quake3arena.com/news/index.html Reference: BID:1169 Reference: XF:quake3-auto-download Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. Modifications: ADDREF BID:1169 ADDREF XF:quake3-auto-download INFERRED ACTION: CAN-2000-0303 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(2) Levy, Frech NOOP(3) Cole, Wall, Armstrong Comments: Levy> Reference: BID 1169 Frech> XF:quake3-auto-download ================================= Candidate: CAN-2000-0304 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-02 Proposed: 20000518 Assigned: 20000508 Category: SF Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack Reference: URL:http://xforce.iss.net/alerts/advise52.php3 Reference: MS:MS00-031 Reference: URL:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905 Reference: BID:1191 Reference: XF:iis-authchangeurl-dos Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. Modifications: ADDREF BID:1191 ADDREF XF:iis-authchangeurl-dos INFERRED ACTION: CAN-2000-0304 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Wall MODIFY(2) Levy, Frech NOOP(2) Christey, Armstrong Comments: Levy> Reference: BID 1191 Christey> Say this is the "Undelimited .HTR Request" vulnerability, and change "servoce" to "service" Frech> XF:iis-ism-file-access In the description, please end the sentence with a period. :-) ================================= Candidate: CAN-2000-0305 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000509 Category: SF Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240 Reference: MS:MS00-029 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp Reference: BID:1236 Reference: URL:http://www.securityfocus.com/bid/1236 Reference: XF:ip-fragment-reassembly-dos Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability. INFERRED ACTION: CAN-2000-0305 ACCEPT (7 accept, 2 ack, 0 review) Current Votes: ACCEPT(7) LeBlanc, Wall, Cole, Frech, Levy, Stracener, Ozancin ================================= Candidate: CAN-2000-0342 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077 Reference: BID:1157 Reference: URL:http://www.securityfocus.com/bid/1157 Reference: XF:eudora-warning-message Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment." Modifications: ADDREF XF:eudora-warning-message DESC Add "Stealth Attachment" phrase INFERRED ACTION: CAN-2000-0342 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(3) Wall, Christey, Armstrong Comments: Christey> Add "Stealth Attachment" phrase to description to support lookup, along with affected extensions (.exe, .com, .bat) ADDREF XF:eudora-warning-message Frech> XF:eudora-warning-message ================================= Candidate: CAN-2000-0346 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670 Reference: XF:macos-appleshare-invalid-range Reference: BID:1162 Reference: URL:http://www.securityfocus.com/bid/1162 AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server. Modifications: ADDREF XF:macos-appleshare-invalid-range DESC Add period. INFERRED ACTION: CAN-2000-0346 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Stracener MODIFY(1) Frech NOOP(3) Cole, Wall, Armstrong Comments: Frech> XF:macos-appleshare-invalid-range End sentence with a period. ================================= Candidate: CAN-2000-0350 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000516 Category: SF Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220 Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/ Reference: BID:1216 Reference: XF:netice-icecap-alert-execute Reference: XF:netice-icecap-default A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events. Modifications: ADDREF BID:1216 ADDREF XF:netice-icecap-alert-execute ADDREF XF:netice-icecap-default INFERRED ACTION: CAN-2000-0350 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(2) Levy, Frech NOOP(3) Cole, Wall, Armstrong Comments: Levy> Reference: BID 1216 Frech> XF:netice-icecap-alert-execute XF:netice-icecap-default (I may already have voted on this one, but just in case.) ================================= Candidate: CAN-2000-0376 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000606 Category: SF Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software Reference: BID:1324 Reference: XF:idrive-filo-bo Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request. Modifications: ADDREF BID:1324 ADDREF XF:idrive-filo-bo INFERRED ACTION: CAN-2000-0376 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(2) Frech, Levy NOOP(2) Wall, Cole Comments: Frech> XF:idrive-filo-bo Levy> Reference: BID 1324 ================================= Candidate: CAN-2000-0377 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000608 Category: SF Reference: MS:MS00-040 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp Reference: MSKB:Q264684 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684 Reference: XF:nt-registry-request-dos Reference: BID:1331 Reference: URL:http://www.securityfocus.com/bid/1331 The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability. Modifications: ADDREF XF:nt-registry-request-dos ADDREF BID:1331 ADDREF MSKB:Q264684 INFERRED ACTION: CAN-2000-0377 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole MODIFY(3) Frech, Levy, Stracener NOOP(1) Christey Comments: Frech> XF:nt-registry-request-dos Levy> Reference: BID 1331 Stracener> AddRef: MS: MSKB Q264684 AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=264684 Christey> ADDREF BID:1331 URL:http://www.securityfocus.com/bid/1331 ================================= Candidate: CAN-2000-0379 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html Reference: BID:1177 Reference: URL:http://www.securityfocus.com/bid/1177 Reference: XF:netopia-snmp-comm-strings The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. INFERRED ACTION: CAN-2000-0379 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech NOOP(1) Cole ================================= Candidate: CAN-2000-0380 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000426 Cisco HTTP possible bug: Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml Reference: XF:cisco-ios-http-dos Reference: BID:1154 The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string. Modifications: ADDREF BID:1154 INFERRED ACTION: CAN-2000-0380 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Ozancin, Prosser, Stracener, Frech MODIFY(1) Levy Comments: Levy> Reference BID 1154 ================================= Candidate: CAN-2000-0381 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html Reference: XF:http-cgi-dbman-db Reference: BID:1178 Reference: URL:http://www.securityfocus.com/bid/1178 The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter. INFERRED ACTION: CAN-2000-0381 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Levy, Prosser, Stracener, Frech NOOP(2) Cole, Ozancin ================================= Candidate: CAN-2000-0382 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: ALLAIRE:ASB00-12 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full Reference: BID:1179 Reference: URL:http://www.securityfocus.com/bid/1179 Reference: XF:allaire-clustercats-url-redirect ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site. INFERRED ACTION: CAN-2000-0382 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech NOOP(1) Cole ================================= Candidate: CAN-2000-0387 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: FREEBSD:FreeBSD-SA-00:16 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc Reference: BID:1184 Reference: URL:http://www.securityfocus.com/bid/1184 The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files. INFERRED ACTION: CAN-2000-0387 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Levy, Ozancin, Stracener MODIFY(1) Frech NOOP(2) Cole, Prosser Comments: Frech> XF:golddig-overwrite-files ================================= Candidate: CAN-2000-0388 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: FREEBSD:FreeBSD-SA-00:17 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc Reference: BID:1185 Reference: URL:http://www.securityfocus.com/bid/1185 Reference: XF:libmytinfo-bo Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. INFERRED ACTION: CAN-2000-0388 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech ================================= Candidate: CAN-2000-0389 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000-025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-krb-rd-req-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. Modifications: ADDREF REDHAT:RHSA-2000-025 INFERRED ACTION: CAN-2000-0389 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Frech, Levy, Ozancin MODIFY(1) Stracener NOOP(2) LeBlanc, Wall Comments: Stracener> AddRef: REDHAT:RHSA-2000-025 AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html ================================= Candidate: CAN-2000-0390 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000-025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Reference: XF:kerberos-krb425-conv-principal-bo Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. Modifications: ADDREF REDHAT:RHSA-2000-025 INFERRED ACTION: CAN-2000-0390 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(5) Northcutt, Cole, Frech, Levy, Ozancin MODIFY(1) Stracener NOOP(2) LeBlanc, Wall Comments: Stracener> AddRef: REDHAT:RHSA-2000-025 AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html ================================= Candidate: CAN-2000-0391 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000-025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-krshd-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. Modifications: ADDREF REDHAT:RHSA-2000-025 ADDREF XF:kerberos-krshd-bo INFERRED ACTION: CAN-2000-0391 ACCEPT (6 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Northcutt, Cole, Levy, Ozancin MODIFY(2) Frech, Stracener NOOP(2) LeBlanc, Wall Comments: Frech> XF:kerberos-krshd-bo Stracener> AddRef: REDHAT:RHSA-2000-025 AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html ================================= Candidate: CAN-2000-0392 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html Reference: CERT:CA-2000-06 Reference: URL:http://www.cert.org/advisories/CA-2000-06.html Reference: FREEBSD:FreeBSD-SA-00:20 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html Reference: REDHAT:RHSA-2000-025 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html Reference: XF:kerberos-ksu-bo Reference: BID:1220 Reference: URL:http://www.securityfocus.com/bid/1220 Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. Modifications: ADDREF REDHAT:RHSA-2000-025 INFERRED ACTION: CAN-2000-0392 ACCEPT (5 accept, 3 ack, 0 review) Current Votes: ACCEPT(4) Cole, Frech, Levy, Ozancin MODIFY(1) Stracener NOOP(2) LeBlanc, Wall Comments: Stracener> AddRef: REDHAT:RHSA-2000-025 AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html ================================= Candidate: CAN-2000-0393 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000516 kscd vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html Reference: SUSE:20000529 kmulti <= 1.1.2 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_50.txt Reference: XF:kscd-shell-env-variable Reference: BID:1206 Reference: URL:http://www.securityfocus.com/bid/1206 The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. INFERRED ACTION: CAN-2000-0393 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Frech, Levy, Stracener, Ozancin NOOP(3) LeBlanc, Wall, Cole ================================= Candidate: CAN-2000-0394 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2 Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com Reference: XF:axent-netprowler-ipfrag-dos Reference: BID:1225 Reference: URL:http://www.securityfocus.com/bid/1225 NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature. INFERRED ACTION: CAN-2000-0394 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Frech, Levy, Stracener, Ozancin NOOP(3) LeBlanc, Wall, Cole ================================= Candidate: CAN-2000-0395 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org Reference: XF:cproxy-http-dos Reference: BID:1213 Reference: URL:http://www.securityfocus.com/bid/1213 Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request. INFERRED ACTION: CAN-2000-0395 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Frech, Levy, Stracener, Ozancin NOOP(3) LeBlanc, Wall, Cole ================================= Candidate: CAN-2000-0396 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html Reference: BID:1245 Reference: URL:http://www.securityfocus.com/bid/1245 Reference: XF:carello-file-duplication The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files. INFERRED ACTION: CAN-2000-0396 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(2) Wall, Cole ================================= Candidate: CAN-2000-0397 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html Reference: XF:emurl-account-access Reference: BID:1203 Reference: URL:http://www.securityfocus.com/bid/1203 The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account. INFERRED ACTION: CAN-2000-0397 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Frech, Levy, Stracener, Ozancin NOOP(3) LeBlanc, Wall, Cole ================================= Candidate: CAN-2000-0398 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html Reference: BID:1244 Reference: URL:http://www.securityfocus.com/bid/1244 Reference: XF:mailsite-get-overflow Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request. INFERRED ACTION: CAN-2000-0398 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(2) Wall, Cole ================================= Candidate: CAN-2000-0399 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html Reference: XF:deerfield-mdaemon-dos Reference: BID:1250 Reference: URL:http://www.securityfocus.com/bid/1250 Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name. INFERRED ACTION: CAN-2000-0399 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(2) Wall, Cole ================================= Candidate: CAN-2000-0402 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: MS:MS00-035 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp Reference: MSKB:Q263968 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968 Reference: BID:1281 Reference: URL:http://www.securityfocus.com/bid/1281 Reference: XF:mssql-agent-stored-pw Reference: XF:mssql-sa-pw-in-sqlsplog The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability. Modifications: ADDREF XF:mssql-sa-pw-in-sqlsplog ADDREF MSKB:Q263968 INFERRED ACTION: CAN-2000-0402 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Levy, Stracener MODIFY(1) Frech Comments: Frech> ADDREF XF:mssql-sa-pw-in-sqlsplog Stracener> AddRef: MS: MSKB Q263968 AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=263968 ================================= Candidate: CAN-2000-0403 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: MS:MS00-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp Reference: MSKB:Q263307 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307 Reference: XF:win-browser-hostannouncement Reference: BID:1261 Reference: URL:http://www.securityfocus.com/bid/1261 The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability. Modifications: ADDREF MSKB:Q263307 INFERRED ACTION: CAN-2000-0403 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Wall, Cole, Frech, Levy, Stracener Comments: Stracener> AddRef: MS: MSKB Q263307 AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=263307 ================================= Candidate: CAN-2000-0404 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: MS:MS00-036 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp Reference: MSKB:Q262694 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694 Reference: BID:1262 Reference: URL:http://www.securityfocus.com/bid/1262 Reference: XF:win-browser-reset-frame The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability. Modifications: ADDREF XF:win-browser-reset-frame ADDREF MSKB:Q262694 INFERRED ACTION: CAN-2000-0404 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Levy, Stracener MODIFY(1) Frech Comments: Frech> XF:win-browser-reset-frame Stracener> AddRef: MS: MSKB Q262694 AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=262694 ================================= Candidate: CAN-2000-0405 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt Reference: BID:1207 Reference: URL:http://www.securityfocus.com/bid/1207 Reference: XF:antisniff-dns-overflow Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet. INFERRED ACTION: CAN-2000-0405 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Frech, Levy, Stracener, Ozancin NOOP(2) LeBlanc, Wall ================================= Candidate: CAN-2000-0406 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: XF:netscape-invalid-ssl-sessions Reference: CERT:CA-2000-05 Reference: URL:http://www.cert.org/advisories/CA-2000-05.html Reference: REDHAT:RHSA-2000:028-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html Reference: BID:1188 Reference: URL:http://www.securityfocus.com/bid/1188 Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability. INFERRED ACTION: CAN-2000-0406 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(6) Wall, Cole, Frech, Levy, Stracener, Ozancin NOOP(1) LeBlanc ================================= Candidate: CAN-2000-0407 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html Reference: XF:sol-netpr-bo Reference: BID:1200 Reference: URL:http://www.securityfocus.com/bid/1200 Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option. INFERRED ACTION: CAN-2000-0407 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Northcutt, Frech, Levy, Stracener, Ozancin NOOP(3) LeBlanc, Wall, Cole ================================= Candidate: CAN-2000-0408 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: MISC:http://www.ussrback.com/labs40.html Reference: MS:MS00-030 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-030.asp Reference: MSKB:Q260205 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205 Reference: XF:iis-url-extension-data-dos Reference: BID:1190 Reference: URL:http://www.securityfocus.com/bid/1190 IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. Modifications: DELREF XF:iis-malformed-information-extension ADDREF MSKB:Q260205 INFERRED ACTION: CAN-2000-0408 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) LeBlanc, Wall, Cole, Levy MODIFY(2) Frech, Stracener NOOP(1) Ozancin Comments: Frech> DELREF: XF:iis-malformed-information-extension (obsolete; points to iis-url-extension-data-dos) Stracener> AddRef: MS:MSKB Q260205 AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=260205 ================================= Candidate: CAN-2000-0409 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html Reference: BID:1201 Reference: URL:http://www.securityfocus.com/bid/1201 Reference: XF:netscape-import-certificate-symlink Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. INFERRED ACTION: CAN-2000-0409 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Levy, Ozancin, Stracener, Frech NOOP(2) Cole, Prosser ================================= Candidate: CAN-2000-0410 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability. Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843 Reference: XF:coldfusion-cfcache-dos Reference: BID:1192 Reference: URL:http://www.securityfocus.com/bid/1192 Cold Fusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory. INFERRED ACTION: CAN-2000-0410 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Stracener, Frech MODIFY(1) Prosser NOOP(2) Cole, Ozancin Comments: Prosser> add source Security BugWare http://161.53.42.3/~crv/security/bugs/NT/cf12.html Frech> In description, product name is ColdFusion (one word, uppercase F). ================================= Candidate: CAN-2000-0411 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html Reference: XF:http-cgi-formmail-environment Reference: BID:1187 Reference: URL:http://www.securityfocus.com/bid/1187 Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter. INFERRED ACTION: CAN-2000-0411 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech NOOP(1) Cole ================================= Candidate: CAN-2000-0414 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: HP:HPSBUX0005-113 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html Reference: XF:hp-shutdown-privileges Reference: BID:1214 Reference: URL:http://www.securityfocus.com/bid/1214 Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables. Modifications: DESC wording change INFERRED ACTION: CAN-2000-0414 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Levy, Prosser, Stracener, Frech MODIFY(1) Ozancin NOOP(2) Cole, Christey Comments: Ozancin> Change: "shutdown command in HP-UX 11.X and 10.X" to "shutdown command for HP-UX 11.X and 10.X" Prosser> comment: another link for the HP Bulletins and Patches is the IT Resource Center @ http://itrc.hp.com Christey> Due to the difficulties in forming a URL that reliably points to an HP advisory for any user, alternate URL's that are easier to access may be provided. Unlike other vendor advisory collections, HP's web site requires user registration and generates unique ID's for each session, which makes it impossible to bookmark and access for future reference. ================================= Candidate: CAN-2000-0416 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000511 NTMail Proxy Exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm Reference: XF:ntmail-bypass-proxy Reference: BID:1196 Reference: URL:http://www.securityfocus.com/bid/1196 NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server. Modifications: ADDREF CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm ADDREF XF:ntmail-bypass-proxy INFERRED ACTION: CAN-2000-0416 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Stracener MODIFY(1) Frech NOOP(5) LeBlanc, Wall, Cole, Christey, Ozancin Comments: Stracener> FYI, here is the message referred to in the bugtraq post: http://www.gordano.com/support/archives/ntmail/2000-05/00001106.htm Christey> Actual confirmation is at: http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm Frech> XF:ntmail-bypass-proxy ================================= Candidate: CAN-2000-0417 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html Reference: BID:1219 Reference: URL:http://www.securityfocus.com/bid/1219 The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password. INFERRED ACTION: CAN-2000-0417 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Ozancin, Stracener MODIFY(1) Frech NOOP(2) Cole, Prosser Comments: Frech> XF:cayman-router-dos ================================= Candidate: CAN-2000-0418 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html Reference: XF:cayman-dsl-dos Reference: BID:1240 Reference: URL:http://www.securityfocus.com/bid/1240 The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests. INFERRED ACTION: CAN-2000-0418 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(2) Wall, Cole ================================= Candidate: CAN-2000-0419 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: MS:MS00-034 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-034.asp Reference: MSKB:Q262767 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767 Reference: BID:1197 Reference: URL:http://www.securityfocus.com/bid/1197 Reference: XF:office-ua-control The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability. Modifications: ADDREF MSKB:Q262767 ADDREF XF:office-ua-control INFERRED ACTION: CAN-2000-0419 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) LeBlanc, Wall, Levy, Ozancin MODIFY(2) Frech, Stracener NOOP(1) Cole Comments: Frech> XF:office-ua-control Stracener> AddRef: MS:MSKB Q262767 AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=262767 ================================= Candidate: CAN-2000-0421 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html Reference: XF:bugzilla-unchecked-system-call Reference: BID:1199 Reference: URL:http://www.securityfocus.com/bid/1199 The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters. Modifications: DESC fix typo ADDREF XF:bugzilla-unchecked-system-call INFERRED ACTION: CAN-2000-0421 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(2) Stracener, Frech NOOP(3) LeBlanc, Wall, Cole Comments: Stracener> "...shell metacharacters" Frech> XF:bugzilla-unchecked-system-call ================================= Candidate: CAN-2000-0424 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil Reference: BID:1202 Reference: URL:http://www.securityfocus.com/bid/1202 Reference: XF:http-cgi-burgyan-counter The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters. Modifications: ADDREF XF:http-cgi-burgyan-counter CHANGEREF BUGTRAQ [add subject] INFERRED ACTION: CAN-2000-0424 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Stracener, Ozancin MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:http-cgi-burgyan-counter ================================= Candidate: CAN-2000-0425 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0 Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html Reference: XF:http-cgi-listserv-wa-bo Reference: BID:1167 Reference: URL:http://www.securityfocus.com/bid/1167 Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands. INFERRED ACTION: CAN-2000-0425 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Levy, Ozancin, Stracener, Frech MODIFY(1) Prosser Comments: Prosser> add source: Lsoft Security Advisory 5,May 2000 http://www.lsoft.com/news/Advisory0.asp ================================= Candidate: CAN-2000-0427 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: unknown Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt Reference: XF:aladdin-etoken-pin-reset Reference: BID:1170 Reference: URL:http://www.securityfocus.com/bid/1170 The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM. Modifications: DESC fix typo INFERRED ACTION: CAN-2000-0427 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Stracener, Frech MODIFY(1) Ozancin NOOP(2) Cole, Prosser Comments: Ozancin> Change: "resetting the PIN the EEPROM" to "resetting the PIN in the EEPROM" ================================= Candidate: CAN-2000-0428 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp Reference: BID:1168 Reference: URL:http://www.securityfocus.com/bid/1168 Reference: XF:interscan-viruswall-bo Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment. INFERRED ACTION: CAN-2000-0428 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech ================================= Candidate: CAN-2000-0431 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3 Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html Reference: BID:1238 Reference: URL:http://www.securityfocus.com/bid/1238 Reference: XF:cobalt-cgiwrap-bypass Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. INFERRED ACTION: CAN-2000-0431 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(2) Wall, Cole ================================= Candidate: CAN-2000-0432 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html Reference: BID:1215 Reference: URL:http://www.securityfocus.com/bid/1215 Reference: XF:http-cgi-calendar-execute The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters. Modifications: ADDREF XF:http-cgi-calendar-execute INFERRED ACTION: CAN-2000-0432 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Stracener, Ozancin MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:http-cgi-calendar-execute ================================= Candidate: CAN-2000-0435 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html Reference: XF:http-cgi-allmanage-account-access Reference: BID:1217 Reference: URL:http://www.securityfocus.com/bid/1217 The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages. Modifications: ADDREF XF:http-cgi-allmanage-account-access INFERRED ACTION: CAN-2000-0435 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Stracener, Ozancin MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:http-cgi-allmanage-account-access ================================= Candidate: CAN-2000-0436 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html Reference: BID:1231 Reference: URL:http://www.securityfocus.com/bid/1231 Reference: XF:offline-explorer-directory-traversal MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:offline-explorer-directory-traversal INFERRED ACTION: CAN-2000-0436 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Stracener MODIFY(1) Frech NOOP(4) LeBlanc, Wall, Cole, Ozancin Comments: Frech> XF:offline-explorer-directory-traversal ================================= Candidate: CAN-2000-0437 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html Reference: XF:gauntlet-cyberdaemon-bo Reference: BID:1234 Reference: URL:http://www.securityfocus.com/bid/1234 Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands. INFERRED ACTION: CAN-2000-0437 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(2) Wall, Cole ================================= Candidate: CAN-2000-0438 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000522 fdmount buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html Reference: XF:linux-fdmount-bo Reference: BID:1239 Reference: URL:http://www.securityfocus.com/bid/1239 Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter. INFERRED ACTION: CAN-2000-0438 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Frech, Levy, Stracener NOOP(1) Wall ================================= Candidate: CAN-2000-0439 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net Reference: MS:MS00-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp Reference: BID:1194 Reference: URL:http://www.securityfocus.com/bid/1194 Reference: XF:ie-cookie-disclosure Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability. INFERRED ACTION: CAN-2000-0439 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech ================================= Candidate: CAN-2000-0441 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: IBM:ERS-OAR-E01-2000:087.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html Reference: BID:1241 Reference: URL:http://www.securityfocus.com/bid/1241 Reference: XF:aix-local-filesystem Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems. Modifications: ADDREF XF:aix-local-filesystem INFERRED ACTION: CAN-2000-0441 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Stracener MODIFY(1) Frech NOOP(2) Wall, Cole Comments: Frech> XF:aix-local-filesystem ================================= Candidate: CAN-2000-0442 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html Reference: BID:1242 Reference: URL:http://www.securityfocus.com/bid/1242 Reference: XF:qualcomm-qpopper-euidl Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. INFERRED ACTION: CAN-2000-0442 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(2) Wall, Cole ================================= Candidate: CAN-2000-0452 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html Reference: XF:lotus-domino-esmtp-bo Reference: BID:1229 Reference: URL:http://www.securityfocus.com/bid/1229 Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command. INFERRED ACTION: CAN-2000-0452 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Frech, Levy, Stracener, Ozancin NOOP(3) LeBlanc, Wall, Cole ================================= Candidate: CAN-2000-0453 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html Reference: BID:1235 Reference: URL:http://www.securityfocus.com/bid/1235 XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000. INFERRED ACTION: CAN-2000-0453 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Stracener, Ozancin MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:linux-xserver-dos ================================= Candidate: CAN-2000-0454 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html Reference: BID:1265 Reference: URL:http://www.securityfocus.com/bid/1265 Reference: XF:linux-cdrecord-execute Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter. Modifications: ADDREF BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord INFERRED ACTION: CAN-2000-0454 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(3) Wall, Cole, Christey Comments: Christey> ADDREF BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html ================================= Candidate: CAN-2000-0455 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: NAI:20000529 Initialized Data Overflow in Xlock Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp Reference: NETBSD:NetBSD-SA2000-003 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc Reference: TURBO:TLSA2000012-1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html Reference: BID:1267 Reference: URL:http://www.securityfocus.com/bid/1267 Reference: XF:xlock-bo-read-passwd Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option. INFERRED ACTION: CAN-2000-0455 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(2) Wall, Cole ================================= Candidate: CAN-2000-0456 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: NETBSD:NetBSD-SA2000-005 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc Reference: BID:1272 Reference: URL:http://www.securityfocus.com/bid/1272 Reference: XF:bsd-syscall-cpu-dos NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog". INFERRED ACTION: CAN-2000-0456 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Frech, Levy, Stracener NOOP(1) Wall ================================= Candidate: CAN-2000-0457 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2 Reference: MS:MS00-031 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.asp Reference: BID:1193 Reference: URL:http://www.securityfocus.com/bid/1193 ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. INFERRED ACTION: CAN-2000-0457 ACCEPT_REV (5 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Cole, Levy, Prosser, Stracener MODIFY(1) Frech REVIEWING(1) Ozancin Comments: Frech> XF:iis-ism-file-access ================================= Candidate: CAN-2000-0460 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html Reference: BID:1274 Reference: URL:http://www.securityfocus.com/bid/1274 Reference: XF:kde-display-environment-overflow Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable. Modifications: ADDREF XF:kde-display-environment-overflow DESC remove Mandrake, include KDE INFERRED ACTION: CAN-2000-0460 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Stracener MODIFY(1) Frech NOOP(3) Wall, Cole, Christey Comments: Frech> XF:kde-display-environment-overflow Christey> Remove Mandrake - other Linuxes are affected too - and mention KDE. ================================= Candidate: CAN-2000-0461 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: OPENBSD:20000526 Reference: URL:http://www.openbsd.org/errata26.html#semconfig Reference: NETBSD:NetBSD-SA2000-004 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc Reference: FREEBSD:FreeBSD-SA-00:19 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc Reference: XF:bsd-semaphore-dos Reference: BID:1270 Reference: URL:http://www.securityfocus.com/bid/1270 The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call. Modifications: ADDREF XF:bsd-semaphore-dos INFERRED ACTION: CAN-2000-0461 ACCEPT (4 accept, 3 ack, 0 review) Current Votes: ACCEPT(3) Cole, Levy, Stracener MODIFY(1) Frech NOOP(1) Wall Comments: Frech> XF:bsd-semaphore-dos ================================= Candidate: CAN-2000-0462 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: NETBSD:NetBSD-SA2000-006 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc Reference: BID:1273 Reference: URL:http://www.securityfocus.com/bid/1273 Reference: XF:netbsd-ftpchroot-parsing ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory. Modifications: ADDREF XF:netbsd-ftpchroot-parsing INFERRED ACTION: CAN-2000-0462 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Stracener MODIFY(1) Frech NOOP(2) Wall, Cole Comments: Frech> XF:netbsd-ftpchroot-parsing ================================= Candidate: CAN-2000-0463 Published: Final-Decision: Interim-Decision: 20000707 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html Reference: XF:beos-tcp-frag-dos Reference: BID:1222 Reference: URL:http://www.securityfocus.com/bid/1222 BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets. INFERRED ACTION: CAN-2000-0463 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Levy, Stracener NOOP(4) LeBlanc, Wall, Cole, Ozancin ================================= Candidate: CAN-2000-0464 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: MS:MS00-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp Reference: MSKB:Q261257 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=261257 Reference: XF:ie-malformed-component-attribute Reference: BID:1223 Reference: URL:http://www.securityfocus.com/bid/1223 Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability. Modifications: ADDREF MSKB:Q261257 INFERRED ACTION: CAN-2000-0464 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) LeBlanc, Wall, Frech, Levy, Ozancin MODIFY(1) Stracener NOOP(1) Cole Comments: Stracener> AddRef: MS: MSKB Q261257 AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=261257 ================================= Candidate: CAN-2000-0465 Published: Final-Decision: Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: MS:MS00-033 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp Reference: MSKB:Q251108 Reference: http://www.microsoft.com/technet/support/kb.asp?ID=251108 Reference: MSKB:Q255676 Reference: http://www.microsoft.com/technet/support/kb.asp?ID=255676 Reference: BID:1224 Reference: URL:http://www.securityfocus.com/bid/1224 Reference: XF:ie-frame-domain-verification Internet Explorer 4.x and 5.x does properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability. Modifications: ADDREF MSKB:Q251108 ADDREF MSKB:Q255676 INFERRED ACTION: CAN-2000-0465 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) LeBlanc, Wall, Frech, Levy MODIFY(1) Stracener NOOP(2) Cole, Ozancin Comments: Stracener> AddRef:MS: MSKB Q251108 AddRef: http://www.microsoft.com/technet/support/kb.asp?ID=251108 AddRef:MS: MSKB Q255676 AddRef:http://www.microsoft.com/technet/support/kb.asp?ID=255676
|
||||
