|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-26 - 22 candidates
The following cluster contains 22 candidates that were announced between 6/26/2000 and 6/30/2000. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0585 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root. Reference: URL:http://www.openbsd.org/errata.html#dhclient Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client Reference: URL:http://www.debian.org/security/2000/20000628 Reference: BUGTRAQ:20000702 [Security Announce] dhcp update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html Reference: SUSE:20000711 Security Hole in dhclient < 2.0 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_56.txt Reference: XF:openbsd-isc-dhcp-bo Reference: NETBSD:NetBSD-SA2000-008 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-008.txt.asc Reference: BID:1388 Reference: URL:http://www.securityfocus.com/bid/1388 ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters. ED_PRI CAN-2000-0585 1 VOTE: ================================= Candidate: CAN-2000-0596 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu Reference: MS:MS00-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp Reference: XF:ie-access-vba-code-execute Reference: BID:1398 Reference: URL:http://www.securityfocus.com/bid/1398 Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. ED_PRI CAN-2000-0596 1 VOTE: ================================= Candidate: CAN-2000-0597 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg Reference: MS:MS00-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp Reference: BID:1399 Reference: URL:http://www.securityfocus.com/bid/1399 Reference: XF:ie-powerpoint-activex-object-execute Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. ED_PRI CAN-2000-0597 1 VOTE: ================================= Candidate: CAN-2000-0616 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: HP:HPSBMP0006-007 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html Reference: BID:1405 Reference: URL:http://www.securityfocus.com/bid/1405 Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS. ED_PRI CAN-2000-0616 1 VOTE: ================================= Candidate: CAN-2000-0582 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630162106.4619C-100000@fjord.fscinternet.com Reference: XF:fw1-resource-overload-dos Reference: BID:1416 Reference: URL:http://www.securityfocus.com/bid/1416 Check Point Firewall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of binary zeros to the SMTP Security Server proxy. ED_PRI CAN-2000-0582 2 VOTE: ================================= Candidate: CAN-2000-0583 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog Reference: BID:1418 Reference: URL:http://www.securityfocus.com/bid/1418 vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives. ED_PRI CAN-2000-0583 2 VOTE: ================================= Candidate: CAN-2000-0588 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html Reference: BID:1402 Reference: URL:http://www.securityfocus.com/bid/1402 Reference: XF:sawmill-file-access SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands. ED_PRI CAN-2000-0588 2 VOTE: ================================= Candidate: CAN-2000-0568 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se Reference: XF:sybergen-routing-table-modify Reference: BID:1417 Reference: URL:http://www.securityfocus.com/bid/1417 Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes. ED_PRI CAN-2000-0568 3 VOTE: ================================= Candidate: CAN-2000-0569 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MISC:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html Reference: BID:1420 Reference: URL:http://www.securityfocus.com/bid/1420 Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface. ED_PRI CAN-2000-0569 3 VOTE: ================================= Candidate: CAN-2000-0570 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html Reference: XF:firstclass-large-bcc-dos Reference: BID:1421 Reference: URL:http://www.securityfocus.com/bid/1421 FirstClass Internet Services server allows remote attackers to cause a denial of service by sending an email with a long To: mail header. ED_PRI CAN-2000-0570 3 VOTE: ================================= Candidate: CAN-2000-0575 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007010511.BAA16944@syrinx.oankali.net Reference: BID:1426 Reference: URL:http://www.securityfocus.com/bid/1426 SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS. ED_PRI CAN-2000-0575 3 VOTE: ================================= Candidate: CAN-2000-0580 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-2] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161935.4619B-100000@fjord.fscinternet.com Reference: XF:win2k-cpu-overload-dos Reference: BID:1415 Reference: URL:http://www.securityfocus.com/bid/1415 Windows 2000 Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros to various TCP and UDP ports, which significantly increases the CPU utilization. ED_PRI CAN-2000-0580 3 VOTE: ================================= Candidate: CAN-2000-0581 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com Reference: XF:win2k-telnetserver-dos Reference: BID:1414 Reference: URL:http://www.securityfocus.com/bid/1414 Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash. ED_PRI CAN-2000-0581 3 VOTE: ================================= Candidate: CAN-2000-0586 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html Reference: XF:ircd-dalnet-summon-bo Reference: BID:1404 Reference: URL:http://www.securityfocus.com/bid/1404 Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command. ED_PRI CAN-2000-0586 3 VOTE: ================================= Candidate: CAN-2000-0587 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: XF:glftpd-privpath-directive Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000@twix.thrijswijk.nl Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html Reference: BID:1401 Reference: URL:http://www.securityfocus.com/bid/1401 The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability. ED_PRI CAN-2000-0587 3 VOTE: ================================= Candidate: CAN-2000-0589 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html Reference: BID:1403 Reference: URL:http://www.securityfocus.com/bid/1403 Reference: XF:sawmill-weak-encryption SawMill 5.0.21 uses weak encryption to store passwords, which allows attackers to easily decrypt the password and modify the SawMill configuration. ED_PRI CAN-2000-0589 3 VOTE: ================================= Candidate: CAN-2000-0592 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp Reference: XF:winproxy-command-bo Reference: BID:1400 Reference: URL:http://www.securityfocus.com/bid/1400 Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow remote attackers to execute arbitrary commands via long USER, PASS, LIST, RETR, or DELE commands. ED_PRI CAN-2000-0592 3 VOTE: ================================= Candidate: CAN-2000-0593 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp Reference: XF:winproxy-get-dos Reference: BID:1400 Reference: URL:http://www.securityfocus.com/bid/1400 WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number. ED_PRI CAN-2000-0593 3 VOTE: ================================= Candidate: CAN-2000-0598 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html Reference: BID:1395 Reference: URL:http://www.securityfocus.com/bid/1395 Reference: XF:fortech-proxy-telnet-gateway Reference: XF:proxyplus-telnet-gateway Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy. ED_PRI CAN-2000-0598 3 VOTE: ================================= Candidate: CAN-2000-0599 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html Reference: XF:imesh-tcp-port-overflow Reference: BID:1407 Reference: URL:http://www.securityfocus.com/bid/1407 Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port. ED_PRI CAN-2000-0599 3 VOTE: ================================= Candidate: CAN-2000-0600 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html Reference: BID:1393 Reference: URL:http://www.securityfocus.com/bid/1393 Reference: XF:netscape-virtual-directory-bo Reference: XF:netscape-enterprise-netware-bo Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL. ED_PRI CAN-2000-0600 3 VOTE: ================================= Candidate: CAN-2000-0612 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000629 Buggy ARP handling in Windoze Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395B7E64.9FB3D4DB@starzetz.de Reference: XF:win-arp-spoofing Reference: BID:1406 Reference: URL:http://www.securityfocus.com/bid/1406 Windows 95 and Windows 98 do not properly process spoofed ARP packets, which allows remote attackers to overwrite static entries in the cache table. ED_PRI CAN-2000-0612 3 VOTE:
|
||||
