|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-27 - 15 candidates
The following cluster contains 15 candidates that were announced between 7/1/2000 and 7/18/2000 (but all except CAN-2000-0567 were announced on or before 7/11). The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0566 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000712 Category: SF Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis Reference: REDHAT:RHSA-2000:041-02 Reference: BID:1434 Reference: CALDERA:CSSA-2000-021.0 Reference: BUGTRAQ:20000707 [Security Announce] man update makewhatis in Linux man package allows local users to overwrite files via a symlink attack. ED_PRI CAN-2000-0566 1 VOTE: ================================= Candidate: CAN-2000-0567 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MS:MS00-043 Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients Reference: BID:1481 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1481 Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. ED_PRI CAN-2000-0567 1 VOTE: ================================= Candidate: CAN-2000-0584 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html Reference: DEBIAN:20000701 canna server: buffer overflow Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q2/0062.html Reference: FREEBSD:FreeBSD-SA-00:31 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1 Reference: BID:1445 Reference: URL:http://www.securityfocus.com/bid/1445 Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name. ED_PRI CAN-2000-0584 1 VOTE: ================================= Candidate: CAN-2000-0594 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: VULN-DEV:20000704 BitchX /ignore bug Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html Reference: REDHAT:RHSA-2000:042-01 Reference: URL: Reference: FREEBSD:FreeBSD-SA-00:32 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html Reference: CALDERA:CSSA-2000-022.0 Reference: URL: Reference: BUGTRAQ:20000707 BitchX update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX Reference: http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html Reference: BID:1436 Reference: URL:http://www.securityfocus.com/bid/1436 BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters. ED_PRI CAN-2000-0594 1 VOTE: ================================= Candidate: CAN-2000-0595 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: FREEBSD:FreeBSD-SA-00:24 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html Reference: BID:1437 Reference: URL:http://www.securityfocus.com/bid/1437 libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory. ED_PRI CAN-2000-0595 1 VOTE: ================================= Candidate: CAN-2000-0603 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MS:MS00-048 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-048.asp Reference: BID:1444 Reference: URL:http://www.securityfocus.com/bid/1444 Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. ED_PRI CAN-2000-0603 1 VOTE: ================================= Candidate: CAN-2000-0613 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml Reference: BID:1454 Reference: URL:http://www.securityfocus.com/bid/1454 Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections. ED_PRI CAN-2000-0613 1 VOTE: ================================= Candidate: CAN-2000-0614 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: SUSE:20000710 Security Hole in tnef < 0-124 Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0002.html Reference: BID:1450 Reference: URL:http://www.securityfocus.com/bid/1450 Tnef program in Linux systems allows remote attackers to overwrite arbitrary files via TNEF encoded compressed attachments which specify absolute path names for the decompressed output. ED_PRI CAN-2000-0614 1 VOTE: ================================= Candidate: CAN-2000-0591 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0075.html Reference: BID:1432 Reference: URL:http://www.securityfocus.com/bid/1432 Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL. ED_PRI CAN-2000-0591 2 VOTE: ================================= Candidate: CAN-2000-0571 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com Reference: BID:1423 Reference: URL:http://www.securityfocus.com/bid/1423 LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request. ED_PRI CAN-2000-0571 3 VOTE: ================================= Candidate: CAN-2000-0572 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000704 Recovering Passwords in Visible Systems' Razor Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=613309F30B6DD2118C020000F809376C05CABD49@emss03m09.orl.lmco.com Reference: BID:1424 Reference: URL:http://www.securityfocus.com/bid/1424 The Razor configuration management tool uses weak encryption for its password file, which allows local users to gain privileges. ED_PRI CAN-2000-0572 3 VOTE: ================================= Candidate: CAN-2000-0574 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000705 proftp advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html Reference: BUGTRAQ:20000706 ftpd and setproctitle() Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html Reference: CERT:CA-2000-13 Reference: URL:http://www.cert.org/advisories/CA-2000-13.html Reference: BUGTRAQ:20000710 opieftpd setproctitle() patches Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html Reference: NETBSD:NetBSD-SA2000-009 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc Reference: BID:1425 Reference: URL:http://www.securityfocus.com/bid/1425 Reference: BID:1438 Reference: URL:http://www.securityfocus.com/bid/1438 FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands. ED_PRI CAN-2000-0574 3 VOTE: ================================= Candidate: CAN-2000-0576 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html Reference: BID:1427 Reference: URL:http://www.securityfocus.com/bid/1427 Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL. ED_PRI CAN-2000-0576 3 VOTE: ================================= Candidate: CAN-2000-0590 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html Reference: BID:1431 Reference: URL:http://www.securityfocus.com/bid/1431 Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter. ED_PRI CAN-2000-0590 3 VOTE: ================================= Candidate: CAN-2000-0605 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000719 Assigned: 20000719 Category: unknown Reference: NTBUGTRAQ:20000710 Two issues: Blackboard CourseInfo 4.0 stores admin password in clear text; strange settings on the winreg key. Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=NTBUGTRAQ&P=R1647 Reference: BID:1460 Reference: URL:http://www.securityfocus.com/bid/1460 Blackboard CourseInfo 4.0 stores the local and SQL administrator user names and passwords in cleartext in a registry key whose access control allows users to access the passwords. ED_PRI CAN-2000-0605 3 VOTE:
|
||||
