|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-23 - 34 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000712 02:12]: > The following cluster contains 34 candidates that were announced > between 6/6/2000 and 6/13/2000. > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0472 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html > Reference: CALDERA:CSSA-2000-016.0 > Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt > Reference: BID:1316 > Reference: URL:http://www.securityfocus.com/bid/1316 > > Buffer overflow in innd 2.2.2 allows remote attackers to execute > arbitrary commands via a cancel request containing a long message ID. > > > ED_PRI CAN-2000-0472 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0525 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege. > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html > Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used. > Reference: URL:http://www.openbsd.org/errata.html#uselogin > Reference: BID:1334 > Reference: URL:http://www.securityfocus.com/bid/1334 > > OpenSSH does not properly drop privileges when the UseLogin option is > enabled, which allows local users to execute arbitrary commands by > providing the command to the ssh daemon. > > > ED_PRI CAN-2000-0525 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0532 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: CF > Reference: FREEBSD:FreeBSD-SA-00:21 > Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html > Reference: BID:1323 > Reference: URL:http://www.securityfocus.com/bid/1323 > > A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port > 722 as well as port 22, which might allow remote attackers to access > SSH through port 722 even if port 22 is otherwise filtered. > > > ED_PRI CAN-2000-0532 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0534 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: FREEBSD:FreeBSD-SA-00:22 Security Advisory > Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html > Reference: BID:1325 > Reference: URL:http://www.securityfocus.com/bid/1325 > > The apsfilter software in the FreeBSD ports package does not properly > read user filter configurations, which allows local users to execute > commands as the lpd user. > > > ED_PRI CAN-2000-0534 1 > > > VOTE: aCCEPT > > ================================= > Candidate: CAN-2000-0538 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2 > Reference: ALLAIRE:ASB00-14 > Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full > Reference: BID:1314 > Reference: URL:http://www.securityfocus.com/bid/1314 > > ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows > remote attackers to cause a denial of service via a long login > password. > > > ED_PRI CAN-2000-0538 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0548 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html > Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt > Reference: CERT:CA-2000-11 > Reference: URL:http://www.cert.org/advisories/CA-2000-11.html > Reference: CIAC:K-051 > Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml > Reference: BID:1338 > Reference: URL:http://www.securityfocus.com/bid/1338 > > Buffer overflow in Kerberos 4 KDC program allows remote attackers to > cause a denial of service via the e_msg variable in the kerb_err_reply > function. > > > ED_PRI CAN-2000-0548 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0549 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html > Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt > Reference: CERT:CA-2000-11 > Reference: URL:http://www.cert.org/advisories/CA-2000-11.html > Reference: CIAC:K-051 > Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml > > Kerberos 4 KDC program does not properly check for null termination of > AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause > a denial of service via a malformed request. > > > ED_PRI CAN-2000-0549 1 > > > VOTE: REVIEWING > > ================================= > Candidate: CAN-2000-0550 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html > Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt > Reference: CERT:CA-2000-11 > Reference: URL:http://www.cert.org/advisories/CA-2000-11.html > Reference: CIAC:K-051 > Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml > > Kerberos 4 KDC program improperly frees memory twice (aka > "double-free"), which allows remote attackers to cause a denial of > service. > > > ED_PRI CAN-2000-0550 1 > > > VOTE: REVIWEING > > ================================= > Candidate: CAN-2000-0497 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html > Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html > Reference: BID:1328 > Reference: URL:http://www.securityfocus.com/bid/1328 > > IBM WebSphere server 3.0.2 allows a remote attacker to view source > code of a JSP program by requesting a URL which provides the JSP > extension in upper case. > > > ED_PRI CAN-2000-0497 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0506 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5 > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl > Reference: BUGTRAQ:20000609 Trustix Security Advisory > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html > Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html > Reference: BID:1322 > Reference: URL:http://www.securityfocus.com/bid/1322 > Reference: TURBO:TLSA2000013-1 > Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-June/000012.html > > The "capabilities" feature in Linux before 2.2.16 allows local users > to cause a denial of service or gain privileges by setting the > capabilities to prevent a setuid program from dropping privileges, aka > the "Linux kernel setuid/setcap vulnerability." > > > ED_PRI CAN-2000-0506 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0515 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: CF > Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org > Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com > Reference: BID:1327 > Reference: URL:http://www.securityfocus.com/bid/1327 > > The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX > 11.0 is world writable, which allows local users to modify SNMP > configuration or gain privileges. > > > ED_PRI CAN-2000-0515 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0482 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html > Reference: BID:1312 > Reference: URL:http://www.securityfocus.com/bid/1312 > > Check Point Firewall-1 allows remote attackers to cause a denial of > service by sending a large number of malformed fragmented IP packets. > > > ED_PRI CAN-2000-0482 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0498 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html > Reference: BID:1328 > Reference: URL:http://www.securityfocus.com/bid/1328 > > Unify eWave ServletExec allows a remote attacker to view source code > of a JSP program by requesting a URL which provides the JSP extension > in upper case. > > > ED_PRI CAN-2000-0498 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0499 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm > Reference: BID:1328 > Reference: URL:http://www.securityfocus.com/bid/1328 > > BEA WebLogic allows a remote attacker to view source code of a JSP > program by requesting a URL which provides the JSP extension in upper > case. > > > ED_PRI CAN-2000-0499 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0502 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html > Reference: BID:1326 > Reference: URL:http://www.securityfocus.com/bid/1326 > > Mcafee VirusScan 4.03 does not properly restrict access to the alert > text file before it is sent to the Central Alert Server, which allows > local users to modify alerts in an arbitrary fashion. > > > ED_PRI CAN-2000-0502 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0503 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000606 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control > Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0154.html > Reference: BID:1311 > Reference: URL:http://www.securityfocus.com/bid/1311 > > The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows > a remote attacker to violate the cross frame security policy via the > NavigateComplete2 event. > > > ED_PRI CAN-2000-0503 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0508 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html > Reference: BID:1372 > Reference: URL:http://www.securityfocus.com/bid/1372 > > rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to > cause a denial of service via a malformed request. > > > ED_PRI CAN-2000-0508 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0516 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password. > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html > Reference: BID:1329 > Reference: URL:http://www.securityfocus.com/bid/1329 > > When configured to store configuration information in an LDAP > directory, Shiva Access Manager 5.0.0 stores the root DN > (Distinguished Name) name and password in cleartext in a file that is > world readable, which allows local users to compromise the LDAP > server. > > > ED_PRI CAN-2000-0516 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0520 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000630 CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96240393814071&w=2 > Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11880 > Reference: BID:1330 > Reference: URL:http://www.securityfocus.com/bid/1330 > > Buffer overflow in restore program 0.4b17 and earlier in dump package > allows local users to execute arbitrary commands via a long tape name. > > > ED_PRI CAN-2000-0520 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0522 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk > Reference: BID:1332 > Reference: URL:http://www.securityfocus.com/bid/1332 > > RSA ACE/Server allows remote attackers to cause a denial of service by > flooding the server's authentication request port with UDP packets, > which causes the server to crash. > > > ED_PRI CAN-2000-0522 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0523 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF/CF/MP/SA/AN/unknown > Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html > Reference: BID:1315 > Reference: URL:http://www.securityfocus.com/bid/1315 > > Buffer overflow in the logging feature of EServ 2.9.2 and earlier > allows an attacker to execute arbitrary commands via a long MKD > command. > > > ED_PRI CAN-2000-0523 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0526 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html > Reference: BID:1335 > Reference: URL:http://www.securityfocus.com/bid/1335 > > mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows > remote attackers to read arbitrary files via a .. (dot dot) attack. > > > ED_PRI CAN-2000-0526 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0527 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Mailstudio2000 CGI Vulnerabilities [S0ftPj.4] > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html > Reference: BID:1335 > Reference: URL:http://www.securityfocus.com/bid/1335 > > userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows > remote attackers to execute arbitrary commands via shell > metacharacters. > > > ED_PRI CAN-2000-0527 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0535 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: FREEBSD:FreeBSD-SA-00:25 > Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html > Reference: BID:1340 > Reference: URL:http://www.securityfocus.com/bid/1340 > > OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the > existence of the /dev/random or /dev/urandom devices, which are absent > on FreeBSD Alpha systems, which causes them to produce weak keys which > may be more easily broken. > > > ED_PRI CAN-2000-0535 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0542 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html > Reference: BID:1345 > Reference: URL:http://www.securityfocus.com/bid/1345 > > Tigris remote access server before 11.5.4.22 does not properly record > Radius accounting information when a user fails the initial login > authentication but subsequently succeeds. > > > ED_PRI CAN-2000-0542 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0546 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html > Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt > Reference: CERT:CA-2000-11 > Reference: URL:http://www.cert.org/advisories/CA-2000-11.html > Reference: CIAC:K-051 > Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml > Reference: BID:1338 > Reference: URL:http://www.securityfocus.com/bid/1338 > > Buffer overflow in Kerberos 4 KDC program allows remote attackers to > cause a denial of service via the lastrealm variable in the set_tgtkey > function. > > > ED_PRI CAN-2000-0546 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0547 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html > Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt > Reference: CERT:CA-2000-11 > Reference: URL:http://www.cert.org/advisories/CA-2000-11.html > Reference: CIAC:K-051 > Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml > Reference: BID:1338 > Reference: URL:http://www.securityfocus.com/bid/1338 > > Buffer overflow in Kerberos 4 KDC program allows remote attackers to > cause a denial of service via the localrealm variable in the > process_v4 function. > > > ED_PRI CAN-2000-0547 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0552 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html > Reference: BID:1307 > Reference: URL:http://www.securityfocus.com/bid/1307 > > ICQwebmail client for ICQ 2000A creates a world readable temporary > file during login and does not delete it, which allows local users to > obtain sensitive information. > > > ED_PRI CAN-2000-0552 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0554 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html > Reference: BID:1320 > Reference: URL:http://www.securityfocus.com/bid/1320 > > Ceilidh allows remote attackers to obtain the real path of the Ceilidh > directory via the translated_path hidden form field. > > > ED_PRI CAN-2000-0554 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0555 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html > Reference: BID:1320 > Reference: URL:http://www.securityfocus.com/bid/1320 > > Ceilidh allows remote attackers to cause a denial of service via a > large number of POST requests. > > > ED_PRI CAN-2000-0555 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0558 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1 > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html > Reference: BID:1317 > Reference: URL:http://www.securityfocus.com/bid/1317 > > Buffer overflow in HP Openview Network Node Manager 6.1 allows remote > attackers to execute arbitrary commands via the Alarm service > (OVALARMSRV) on port 2345. > > > ED_PRI CAN-2000-0558 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0559 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000607 SessionWall-3 Paper + (links to) code > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSO.4.21.0006072124320.28062-100000@bearclaw.bogus.net > Reference: BID:1341 > Reference: URL:http://www.securityfocus.com/bid/1341 > > eTrust Intrusion Detection System (formerly SessionWall-3) uses weak > encryption (XOR) to store administrative passwords in the registry, > which allows local users to easily decrypt the passwords. > > > ED_PRI CAN-2000-0559 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0563 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000609 Security Holes Found in URLConnection of MRJ and IE of Mac OS (was Re: Reappearance of an old IE security bug) > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html > Reference: BUGTRAQ:20000513 Re: Reappearance of an old IE security bug > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-8&msg=391C95DE2DA.5E3BTAKAGI@java-house.etl.go.jp > Reference: BID:1336 > Reference: URL:http://www.securityfocus.com/bid/1336 > > The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier > and the Microsoft virtual machine (VM) for MacOS allows a malicious > web site operator to connect to arbitrary hosts using a HTTP > redirection, in violation of the Java security model. > > > ED_PRI CAN-2000-0563 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0565 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000712 > Assigned: 20000711 > Category: SF > Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html > Reference: BID:1344 > Reference: URL:http://www.securityfocus.com/bid/1344 > > SmartFTP Daemon 0.2 allows a local user to access arbitrary files by > uploading and specifying an alternate user configuration file via a > .. (dot dot) attack. > > > ED_PRI CAN-2000-0565 3 > > > VOTE: ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
