|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-25 - 16 candidates
The following cluster contains 16 candidates that were announced between 6/19/2000 and 6/25/2000. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0573 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96171893218000&w=2 Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96179429114160&w=2 Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96299933720862&w=2 Reference: BUGTRAQ:20000623 ftpd: the advisory version Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com Reference: AUSCERT:AA-2000.02 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02 Reference: CERT:CA-2000-13 Reference: URL:http://www.cert.org/advisories/CA-2000-13.html Reference: DEBIAN:20000622 wu-ftp: remote root exploit in wu-ftp Reference: URL:http://www.debian.org/security/2000/20000623 Reference: CALDERA:CSSA-2000-020.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt Reference: REDHAT:RHSA-2000:039-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-039-02.html Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html Reference: FREEBSD:FreeBSD-SA-00:29 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1 Reference: NETBSD:NetBSD-SA2000-009 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-010.txt.asc Reference: XF:wuftp-format-string-stack-overwrite Reference: BID:1387 Reference: URL:http://www.securityfocus.com/bid/1387 The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. ED_PRI CAN-2000-0573 1 VOTE: ================================= Candidate: CAN-2000-0577 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211351280.23780-100000@nimue.tpi.pl Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html Reference: BID:1411 Reference: URL:http://www.securityfocus.com/bid/1411 Reference: XF:netscape-ftpserver-chroot Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. ED_PRI CAN-2000-0577 2 VOTE: ================================= Candidate: CAN-2000-0578 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html Reference: BID:1412 Reference: URL:http://www.securityfocus.com/bid/1412 SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in /tmp with predictable file names, which could allow local users to insert malicious contents into these files as they are being compiled by another user. ED_PRI CAN-2000-0578 3 VOTE: ================================= Candidate: CAN-2000-0579 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html Reference: BID:1413 Reference: URL:http://www.securityfocus.com/bid/1413 IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited. ED_PRI CAN-2000-0579 3 VOTE: ================================= Candidate: CAN-2000-0601 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000625 LeafChat Denial of Service Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net Reference: XF:irc-leafchat-dos Reference: BID:1396 Reference: URL:http://www.securityfocus.com/bid/1396 LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages. ED_PRI CAN-2000-0601 3 VOTE: ================================= Candidate: CAN-2000-0602 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl Reference: XF:redhat-secure-locate-path Reference: BID:1385 Reference: URL:http://www.securityfocus.com/bid/1385 Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable. ED_PRI CAN-2000-0602 3 VOTE: ================================= Candidate: CAN-2000-0604 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: CF Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl Reference: BID:1383 Reference: URL:http://www.securityfocus.com/bid/1383 Reference: XF:redhat-gkermit gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp. ED_PRI CAN-2000-0604 3 VOTE: ================================= Candidate: CAN-2000-0606 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000619 Problems with "kon2" package Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006192340340.19998-100000@ferret.lmh.ox.ac.uk Reference: XF:linux-kon-bo Reference: BID:1371 Reference: URL:http://www.securityfocus.com/bid/1371 Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. ED_PRI CAN-2000-0606 3 VOTE: ================================= Candidate: CAN-2000-0607 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000619 Problems with "kon2" package Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006192340340.19998-100000@ferret.lmh.ox.ac.uk Reference: XF:linux-kon-bo Reference: BID:1371 Reference: URL:http://www.securityfocus.com/bid/1371 Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings. ED_PRI CAN-2000-0607 3 VOTE: ================================= Candidate: CAN-2000-0608 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000620 NetWin dMailWeb Denial of Service Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=4.1.20000621113334.00996820@qlink.queensu.ca Reference: BID:1376 Reference: URL:http://www.securityfocus.com/bid/1376 Reference: XF:dmailweb-long-pophost-dos NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to cause a denial of service via a long POP parameter (pophost). ED_PRI CAN-2000-0608 3 VOTE: ================================= Candidate: CAN-2000-0609 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000620 NetWin dMailWeb Denial of Service Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=4.1.20000621113334.00996820@qlink.queensu.ca Reference: XF:dmailweb-long-username-dos Reference: BID:1376 Reference: URL:http://www.securityfocus.com/bid/1376 NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to cause a denial of service via a long username parameter. ED_PRI CAN-2000-0609 3 VOTE: ================================= Candidate: CAN-2000-0610 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000623203007.00944760@qlink.queensu.ca Reference: BID:1390 Reference: URL:http://www.securityfocus.com/bid/1390 NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return. ED_PRI CAN-2000-0610 3 VOTE: ================================= Candidate: CAN-2000-0611 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: CF Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html Reference: BID:1391 Reference: URL:http://www.securityfocus.com/bid/1391 The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service. ED_PRI CAN-2000-0611 3 VOTE: ================================= Candidate: CAN-2000-0617 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000622 RHL 6.2 xconq package - overflows yield gid games Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0222.html Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable. ED_PRI CAN-2000-0617 3 VOTE: ================================= Candidate: CAN-2000-0618 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000622 RHL 6.2 xconq package - overflows yield gid games Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0222.html Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable. ED_PRI CAN-2000-0618 3 VOTE: ================================= Candidate: CAN-2000-0620 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BID:1409 Reference: URL:http://www.securityfocus.com/bid/1409 libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop. ED_PRI CAN-2000-0620 3 VOTE:
|
||||
