|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [VOTEPRI] 17 high priority candidates as of 7/5/2000
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000706 01:55]: > The following candidates have vendor acknowledgement and require one > more vote to be accepted. > > - Steve > > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > KEY FOR INFERRED ACTIONS > ------------------------ > > Inferred actions capture the voting status of a candidate. They may > be used by the Editor to determine whether or not a candidate is added > to CVE. Where there is disagreement, the Editor must resolve the > issue and achieve consensus, or make the final decision if consensus > cannot be reached. > > - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT > - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement > - MOREVOTES = needs more votes > - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING > - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright > - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's > - REVIEWING = at least one member is REVIEWING > - REJECT = at least one member REJECTed > - REVOTE = members should review their vote on this candidate > > ================================= > Candidate: CAN-1999-0247 > Published: > Final-Decision: > Interim-Decision: > Modified: 19991130-01 > Proposed: 19990728 > Assigned: 19990607 > Category: SF > Reference: NAI:17 > > Buffer overflow in nnrpd program in INN up to version 1.6 allows > remote users to execute arbitrary commands. > > Modifications: > ADDREF NAI:17 > add version number > > INFERRED ACTION: CAN-1999-0247 MOREVOTES-1 (1 accept, 1 ack, 0 review) > > Current Votes: > ACCEPT(1) Stracener > NOOP(1) Northcutt > > > VOTE: REVIEWING > > ================================= > Candidate: CAN-1999-0298 > Published: > Final-Decision: > Interim-Decision: > Modified: 20000524-01 > Proposed: 19990714 > Assigned: 19990607 > Category: SF > Reference: NAI:19970205 Vulnerabilities in Ypbind when run with -ypset/-ypsetme > Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/06_ypbindsetme_adv.asp > > ypbind with -ypset and -ypsetme options activated in Linux Slackware > and SunOS allows local and remote attackers to overwrite files via a > .. (dot dot) attack. > > Modifications: > CHANGEREF NAI:NAI-6 > Add details to description. > > INFERRED ACTION: CAN-1999-0298 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > ACCEPT(1) Northcutt > NOOP(1) Shostack > REVIEWING(1) Frech > > > VOTE: REVIEWING > > ================================= > Candidate: CAN-2000-0045 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000125 > Assigned: 20000122 > Category: SF > Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling. > Reference: BUGTRAQ:20000113 New MySQL Available > Reference: BID:926 > Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=926 > > MySQL allows local users to modify passwords for arbitrary MySQL users > via the GRANT privilege. > > INFERRED ACTION: CAN-2000-0045 MOREVOTES-1 (1 accept, 1 ack, 0 review) > > Current Votes: > ACCEPT(1) Stracener > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0063 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000125 > Assigned: 20000122 > Category: SF > Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability > Reference: BID:938 > Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938 > > cgiproc CGI script in Nortel Contivity HTTP server allows remote > attackers to read arbitrary files by specifying the filename in a > parameter to the script. > > INFERRED ACTION: CAN-2000-0063 MOREVOTES-1 (1 accept, 1 ack, 0 review) > > Current Votes: > ACCEPT(1) Stracener > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0064 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000125 > Assigned: 20000122 > Category: SF > Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability > Reference: BID:938 > Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938 > > cgiproc CGI script in Nortel Contivity HTTP server allows remote > attackers to cause a denial of service via a malformed URL that > includes shell metacharacters. > > INFERRED ACTION: CAN-2000-0064 MOREVOTES-1 (1 accept, 1 ack, 0 review) > > Current Votes: > ACCEPT(1) Stracener > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0076 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000125 > Assigned: 20000122 > Category: SF > Reference: BUGTRAQ:19991230 vibackup.sh > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2 > Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script > Reference: URL:http://www.debian.org/security/2000/20000108 > > nviboot boot script in the Debian nvi package allows local users to > delete files via malformed entries in vi.recover. > > INFERRED ACTION: CAN-2000-0076 MOREVOTES-1 (1 accept, 1 ack, 0 review) > > Current Votes: > ACCEPT(1) Stracener > NOOP(3) Levy, Wall, Cole > > > VOTE: REVIEWING > > ================================= > Candidate: CAN-2000-0094 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000208 > Assigned: 20000202 > Category: SF > Reference: BUGTRAQ:20000121 *BSD procfs vulnerability > Reference: FREEBSD:FreeBSD-SA-00:02 > Reference: BID:940 > Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=940 > > procfs in BSD systems allows local users to gain root privileges by > modifying the /proc/pid/mem interface via a modified file descriptor > for stderr. > > INFERRED ACTION: CAN-2000-0094 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > MODIFY(1) Frech > NOOP(2) Wall, Christey > REVIEWING(1) Cole > > Comments: > Christey> BID:987 and NETBSD:2000-001 refer to a NetBSD procfs mem > problem that's probably the same problem as this one. > Frech> XF:netbsd-procfs > Christey> BID:987 has since been deleted, so I guess they agree ;-) > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0117 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000208 > Assigned: 20000208 > Category: SF > Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password.. > Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000 > > The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site > Administrator to modify passwords for other users, site > administrators, and possibly admin (root). > > INFERRED ACTION: CAN-2000-0117 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > MODIFY(1) Frech > NOOP(1) Wall > REVIEWING(1) Cole > > Comments: > Frech> XF:http-cgi-cobalt-passwords > > > VOTE: MODIFY Reference: BID 951 > > ================================= > Candidate: CAN-2000-0120 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000208 > Assigned: 20000208 > Category: SF > Reference: ALLAIRE:ASB00-04 > Reference: BID:955 > Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=955 > > The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 > allows users to bypass authentication via the bAuthenticated > parameter. > > INFERRED ACTION: CAN-2000-0120 MOREVOTES-1 (1 accept, 1 ack, 2 review) > > Current Votes: > MODIFY(1) Frech > REVIEWING(2) Wall, Cole > > Comments: > Frech> XF:allaire-spectra-ras-access > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0264 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000426 > Assigned: 20000426 > Category: SF/CF/MP/SA/AN/unknown > Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0 > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es > Reference: BID:1119 > Reference: URL:http://www.securityfocus.com/bid/1119 > > Panda Security 3.0 with registry editing disabled allows users to edit > the registry and gain privileges by directly executing a .reg file or > using other methods. > > INFERRED ACTION: CAN-2000-0264 MOREVOTES-1 (1 accept, 1 ack, 0 review) > > Current Votes: > ACCEPT(1) Stracener > NOOP(3) Wall, Cole, Christey > > Comments: > Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0265 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000426 > Assigned: 20000426 > Category: SF > Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0 > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es > Reference: BID:1119 > Reference: URL:http://www.securityfocus.com/bid/1119 > > Panda Security 3.0 allows users to uninstall the Panda software via > its Add/Remove Programs applet. > > INFERRED ACTION: CAN-2000-0265 MOREVOTES-1 (1 accept, 1 ack, 0 review) > > Current Votes: > ACCEPT(1) Stracener > NOOP(3) Wall, Cole, Christey > > Comments: > Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0353 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000524 > Assigned: 20000523 > Category: SF > Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html > Reference: SUSE:19990628 Execution of commands in Pine 4.x > Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_6.txt > Reference: SUSE:19990911 Update for Pine (fixed IMAP support) > Reference: URL:http://www.suse.de/de/support/security/pine_update_announcement.txt > > Pine 4.x allows a remote attacker to execute arbitrary commands via an > index.html file which executes lynx and obtains a uudecoded file from > a malicious web server, which is then executed by Pine. > > INFERRED ACTION: CAN-2000-0353 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > ACCEPT(1) Stracener > NOOP(1) Christey > REVIEWING(1) Frech > > Comments: > Christey> ADDREF BID:1247 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0359 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000524 > Assigned: 20000523 > Category: SF > Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6) > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html > Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04 > Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_30.txt > > Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to > cause a denial of service or execute arbitrary commands via a long > If-Modified-Since header. > > INFERRED ACTION: CAN-2000-0359 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > ACCEPT(1) Stracener > NOOP(1) Christey > REVIEWING(1) Frech > > Comments: > Christey> ADDREF BID:1248 > Frech> (not thttpd-file-read) > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0366 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000524 > Assigned: 20000523 > Category: SF > Reference: DEBIAN:19991202 problem restoring symlinks > Reference: URL:http://www.debian.org/security/1999/19991202 > > dump in Debian Linux 2.1 does not properly restore symlinks, which > allows a local user to modify the ownership of arbitrary files. > > INFERRED ACTION: CAN-2000-0366 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > ACCEPT(1) Stracener > REVIEWING(1) Frech > > > VOTE: REVIEWING > > ================================= > Candidate: CAN-2000-0369 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000524 > Assigned: 20000523 > Category: SF > Reference: CALDERA:CSSA-1999-029.1 > Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt > > The IDENT server in Caldera Linux 2.3 creates multiple threads for > each IDENT request, which allows remote attackers to cause a denial of > service. > > INFERRED ACTION: CAN-2000-0369 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > ACCEPT(1) Stracener > NOOP(1) Christey > REVIEWING(1) Frech > > Comments: > Christey> ADDREF BID:1266 > Christey> ADDREF BID:1266 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0370 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000524 > Assigned: 20000523 > Category: SF > Reference: CALDERA:CSSA-1999-001.0 > Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt > > The debug option in Caldera Linux smail allows remote attackers to > execute commands via shell metacharacters in the -D option for the > rmail command. > > INFERRED ACTION: CAN-2000-0370 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > ACCEPT(1) Stracener > NOOP(1) Christey > REVIEWING(1) Frech > > Comments: > Christey> ADDREF BID:1268 > Christey> ADDREF BID:1268 > URL:http://www.securityfocus.com/bid/1268 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0374 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000524 > Assigned: 20000523 > Category: SF > Reference: CALDERA:CSSA-1999-021.0 > Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt > > The default configuration of kdm in Caldera Linux allows XDMCP > connections from any host, which allows remote attackers to obtain > sensitive information or bypass additional access restrictions. > > INFERRED ACTION: CAN-2000-0374 MOREVOTES-1 (1 accept, 1 ack, 1 review) > > Current Votes: > ACCEPT(1) Stracener > REVIEWING(1) Frech > > Comments: > Frech> (not xdm-xdmcp-remote-bo) > > > VOTE: REVIEWING -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
