|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-25 - 16 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000719 23:35]: > The following cluster contains 16 candidates that were announced > between 6/19/2000 and 6/25/2000. > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0573 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994 > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96171893218000&w=2 > Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96179429114160&w=2 > Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit > Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96299933720862&w=2 > Reference: BUGTRAQ:20000623 ftpd: the advisory version > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com > Reference: AUSCERT:AA-2000.02 > Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02 > Reference: CERT:CA-2000-13 > Reference: URL:http://www.cert.org/advisories/CA-2000-13.html > Reference: DEBIAN:20000622 wu-ftp: remote root exploit in wu-ftp > Reference: URL:http://www.debian.org/security/2000/20000623 > Reference: CALDERA:CSSA-2000-020.0 > Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt > Reference: REDHAT:RHSA-2000:039-02 > Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-039-02.html > Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html > Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html > Reference: FREEBSD:FreeBSD-SA-00:29 > Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1 > Reference: NETBSD:NetBSD-SA2000-009 > Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-010.txt.asc > Reference: XF:wuftp-format-string-stack-overwrite > Reference: BID:1387 > Reference: URL:http://www.securityfocus.com/bid/1387 > > The lreply function in wu-ftpd 2.6.0 and earlier does not properly > cleanse an untrusted format string, which allows remote attackers to > execute arbitrary commands via the SITE EXEC command. > > > ED_PRI CAN-2000-0573 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0577 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :> > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211351280.23780-100000@nimue.tpi.pl > Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd) > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html > Reference: BID:1411 > Reference: URL:http://www.securityfocus.com/bid/1411 > Reference: XF:netscape-ftpserver-chroot > > Netscape Professional Services FTP Server 1.3.6 allows remote > attackers to read arbitrary files via a .. (dot dot) attack. > > > ED_PRI CAN-2000-0577 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0578 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html > Reference: BID:1412 > Reference: URL:http://www.securityfocus.com/bid/1412 > > SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in > /tmp with predictable file names, which could allow local users to > insert malicious contents into these files as they are being compiled > by another user. > > > ED_PRI CAN-2000-0578 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0579 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html > Reference: BID:1413 > Reference: URL:http://www.securityfocus.com/bid/1413 > > IRIX crontab creates temporary files with predictable file names and > with the umask of the user, which could allow local users to modify > another user's crontab file as it is being edited. > > > ED_PRI CAN-2000-0579 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0601 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000625 LeafChat Denial of Service > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net > Reference: XF:irc-leafchat-dos > Reference: BID:1396 > Reference: URL:http://www.securityfocus.com/bid/1396 > > LeafChat 1.7 IRC client allows a remote IRC server to cause a denial > of service by rapidly sending a large amount of error messages. > > > ED_PRI CAN-2000-0601 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0602 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl > Reference: XF:redhat-secure-locate-path > Reference: BID:1385 > Reference: URL:http://www.securityfocus.com/bid/1385 > > Secure Locate (slocate) in Red Hat Linux allows local users to gain > privileges via a malformed configuration file that is specified in the > LOCATE_PATH environmental variable. > > > ED_PRI CAN-2000-0602 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0604 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: CF > Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl > Reference: BID:1383 > Reference: URL:http://www.securityfocus.com/bid/1383 > Reference: XF:redhat-gkermit > > gkermit in Red Hat Linux is improperly installed with setgid uucp, > which allows local users to modify files owned by uucp. > > > ED_PRI CAN-2000-0604 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0606 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000619 Problems with "kon2" package > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006192340340.19998-100000@ferret.lmh.ox.ac.uk > Reference: XF:linux-kon-bo > Reference: BID:1371 > Reference: URL:http://www.securityfocus.com/bid/1371 > > Buffer overflow in kon program in Kanji on Console (KON) package on > Linux may allow local users to gain root privileges via a long > -StartupMessage parameter. > > > ED_PRI CAN-2000-0606 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0607 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000619 Problems with "kon2" package > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006192340340.19998-100000@ferret.lmh.ox.ac.uk > Reference: XF:linux-kon-bo > Reference: BID:1371 > Reference: URL:http://www.securityfocus.com/bid/1371 > > Buffer overflow in fld program in Kanji on Console (KON) package on > Linux may allow local users to gain root privileges via an input file > containing long CHARSET_REGISTRY or CHARSET_ENCODING settings. > > > ED_PRI CAN-2000-0607 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0608 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000620 NetWin dMailWeb Denial of Service > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=4.1.20000621113334.00996820@qlink.queensu.ca > Reference: BID:1376 > Reference: URL:http://www.securityfocus.com/bid/1376 > Reference: XF:dmailweb-long-pophost-dos > > NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to > cause a denial of service via a long POP parameter (pophost). > > > ED_PRI CAN-2000-0608 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0609 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000620 NetWin dMailWeb Denial of Service > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-15&msg=4.1.20000621113334.00996820@qlink.queensu.ca > Reference: XF:dmailweb-long-username-dos > Reference: BID:1376 > Reference: URL:http://www.securityfocus.com/bid/1376 > > NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to > cause a denial of service via a long username parameter. > > > ED_PRI CAN-2000-0609 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0610 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000623203007.00944760@qlink.queensu.ca > Reference: BID:1390 > Reference: URL:http://www.securityfocus.com/bid/1390 > > NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to > bypass authentication and use the server for mail relay via a username > that contains a carriage return. > > > ED_PRI CAN-2000-0610 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0611 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: CF > Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html > Reference: BID:1391 > Reference: URL:http://www.securityfocus.com/bid/1391 > > The default configuration of NetWin dMailWeb and cwMail trusts all POP > servers, which allows attackers to bypass normal authentication and > cause a denial of service. > > > ED_PRI CAN-2000-0611 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0617 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000622 RHL 6.2 xconq package - overflows yield gid games > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0222.html > > Buffer overflow in xconq and cconq game programs on Red Hat Linux > allows local users to gain additional privileges via long USER > environmental variable. > > > ED_PRI CAN-2000-0617 3 > > > VOTE: REVIEWING > > ================================= > Candidate: CAN-2000-0618 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000622 RHL 6.2 xconq package - overflows yield gid games > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0222.html > > Buffer overflow in xconq and cconq game programs on Red Hat Linux > allows local users to gain additional privileges via long DISPLAY > environmental variable. > > > ED_PRI CAN-2000-0618 3 > > > VOTE: REVIEWING > > ================================= > Candidate: CAN-2000-0620 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BID:1409 > Reference: URL:http://www.securityfocus.com/bid/1409 > > libX11 X library allows remote attackers to cause a denial of service > via a resource mask of 0, which causes libX11 to go into an infinite > loop. > > > ED_PRI CAN-2000-0620 3 > > > VOTE: ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
