|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-24 - 31 candidates
The following cluster contains 31 candidates that were announced between 6/14/2000 and 6/22/2000. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0466 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000620 Category: SF Reference: ISS:20000620 Insecure call of external program in AIX cdmount Reference: URL:http://xforce.iss.net/alerts/advise55.php Reference: BID:1384 Reference: URL:http://www.securityfocus.com/bid/1384 AIX cdmount allows local users to gain root privileges via shell metacharacters. ED_PRI CAN-2000-0466 1 VOTE: ================================= Candidate: CAN-2000-0475 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: MS:MS00-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-020.asp Reference: BID:1350 Reference: URL:http://www.securityfocus.com/bid/1350 Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. ED_PRI CAN-2000-0475 1 VOTE: ================================= Candidate: CAN-2000-0483 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert Reference: REDHAT:RHSA-2000:038-01 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2350 Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br Reference: BID:1354 Reference: URL:http://www.securityfocus.com/bid/1354 The Zope DocumentTemplate package allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization. ED_PRI CAN-2000-0483 1 VOTE: ================================= Candidate: CAN-2000-0485 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: MS:MS00-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp Reference: BID:1292 Reference: URL:http://www.securityfocus.com/bid/1292 Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. ED_PRI CAN-2000-0485 1 VOTE: ================================= Candidate: CAN-2000-0533 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: SGI:20000601-01-P Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P Reference: BID:1379 Reference: URL:http://www.securityfocus.com/bid/1379 Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files. ED_PRI CAN-2000-0533 1 VOTE: ================================= Candidate: CAN-2000-0539 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: ALLAIRE:ASB00-015 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full Reference: BID:1386 Reference: URL:http://www.securityfocus.com/bid/1386 Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. ED_PRI CAN-2000-0539 1 VOTE: ================================= Candidate: CAN-2000-0540 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: ALLAIRE:ASB00-015 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full Reference: BID:1386 Reference: URL:http://www.securityfocus.com/bid/1386 JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. ED_PRI CAN-2000-0540 1 VOTE: ================================= Candidate: CAN-2000-0469 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net Reference: BID:1347 Reference: URL:http://www.securityfocus.com/bid/1347 Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. ED_PRI CAN-2000-0469 2 VOTE: ================================= Candidate: CAN-2000-0477 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html Reference: BID:1351 Reference: URL:http://www.securityfocus.com/bid/1351 Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. ED_PRI CAN-2000-0477 2 VOTE: ================================= Candidate: CAN-2000-0478 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html Reference: BID:1351 Reference: URL:http://www.securityfocus.com/bid/1351 In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. ED_PRI CAN-2000-0478 2 VOTE: ================================= Candidate: CAN-2000-0510 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. ED_PRI CAN-2000-0510 2 VOTE: ================================= Candidate: CAN-2000-0511 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. ED_PRI CAN-2000-0511 2 VOTE: ================================= Candidate: CAN-2000-0512 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. ED_PRI CAN-2000-0512 2 VOTE: ================================= Candidate: CAN-2000-0513 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. ED_PRI CAN-2000-0513 2 VOTE: ================================= Candidate: CAN-2000-0514 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt Reference: BID:1374 Reference: URL:http://www.securityfocus.com/bid/1374 GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. ED_PRI CAN-2000-0514 2 VOTE: ================================= Candidate: CAN-2000-0528 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000619 Net Tools PKI server exploits Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt Reference: BID:1364 Reference: URL:http://www.securityfocus.com/bid/1364 Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files. ED_PRI CAN-2000-0528 2 VOTE: ================================= Candidate: CAN-2000-0529 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000619 Net Tools PKI server exploits Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt Reference: BID:1363 Reference: URL:http://www.securityfocus.com/bid/1363 Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request. ED_PRI CAN-2000-0529 2 VOTE: ================================= Candidate: CAN-2000-0562 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and earlier, do not properly block Back Orifice traffic when the security setting is Nervous or lower. ED_PRI CAN-2000-0562 2 VOTE: ================================= Candidate: CAN-2000-0471 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html Reference: BID:1348 Reference: URL:http://www.securityfocus.com/bid/1348 Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. ED_PRI CAN-2000-0471 3 VOTE: ================================= Candidate: CAN-2000-0473 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1 Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm Reference: BID:1349 Reference: URL:http://www.securityfocus.com/bid/1349 Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker to cause a denial of service via a long GET request for a program in the cgi-bin directory. ED_PRI CAN-2000-0473 3 VOTE: ================================= Candidate: CAN-2000-0479 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000616 Multiples Remotes DoS Attacks in Dragon Server v1.00 and v2.00 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2 Reference: BID:1352 Reference: URL:http://www.securityfocus.com/bid/1352 Dragon FTP server allows remote attackers to cause a denial of service via a long USER command. ED_PRI CAN-2000-0479 3 VOTE: ================================= Candidate: CAN-2000-0480 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000616 Multiples Remotes DoS Attacks in Dragon Server v1.00 and v2.00 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2 Reference: BID:1352 Reference: URL:http://www.securityfocus.com/bid/1352 Dragon telnet server allows remote attackers to cause a denial of service via a long username. ED_PRI CAN-2000-0480 3 VOTE: ================================= Candidate: CAN-2000-0484 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2 Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2 Reference: BID:1355 Reference: URL:http://www.securityfocus.com/bid/1355 Buffer overflow in Small HTTP Server allows remote attackers to cause a denial of service via a long GET request. ED_PRI CAN-2000-0484 3 VOTE: ================================= Candidate: CAN-2000-0494 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html Reference: BID:1356 Reference: URL:http://www.securityfocus.com/bid/1356 Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script. ED_PRI CAN-2000-0494 3 VOTE: ================================= Candidate: CAN-2000-0500 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: CF Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2 Reference: BID:1378 Reference: URL:http://www.securityfocus.com/bid/1378 The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. ED_PRI CAN-2000-0500 3 VOTE: ================================= Candidate: CAN-2000-0501 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html Reference: BID:1366 Reference: URL:http://www.securityfocus.com/bid/1366 Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server. ED_PRI CAN-2000-0501 3 VOTE: ================================= Candidate: CAN-2000-0504 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000619 XFree86: libICE DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html Reference: BID:1369 Reference: URL:http://www.securityfocus.com/bid/1369 libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. ED_PRI CAN-2000-0504 3 VOTE: ================================= Candidate: CAN-2000-0531 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 Bug in gpm Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000@apollo.aci.com.pl Reference: BID:1377 Reference: URL:http://www.securityfocus.com/bid/1377 Linux gpm program allows local users to cause a denial of service by flooding the /dev/gpmctl device with STREAM sockets. ED_PRI CAN-2000-0531 3 VOTE: ================================= Candidate: CAN-2000-0541 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html Reference: BID:1359 Reference: URL:http://www.securityfocus.com/bid/1359 The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. ED_PRI CAN-2000-0541 3 VOTE: ================================= Candidate: CAN-2000-0543 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0107.html Reference: BID:1343 Reference: URL:http://www.securityfocus.com/bid/1343 The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows remote attackers to cause a denial of service if their hostname does not have a reverse DNS entry and they connect to port 4000. ED_PRI CAN-2000-0543 3 VOTE: ================================= Candidate: CAN-2000-0561 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html Reference: BID:1365 Reference: URL:http://www.securityfocus.com/bid/1365 Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request. ED_PRI CAN-2000-0561 3 VOTE:
|
||||
