|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-27 - 15 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000719 23:42]: > The following cluster contains 15 candidates that were announced > between 7/1/2000 and 7/18/2000 (but all except CAN-2000-0567 were > announced on or before 7/11). > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0566 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000712 > Category: SF > Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis > Reference: REDHAT:RHSA-2000:041-02 > Reference: BID:1434 > Reference: CALDERA:CSSA-2000-021.0 > Reference: BUGTRAQ:20000707 [Security Announce] man update > > makewhatis in Linux man package allows local users to overwrite files > via a symlink attack. > > > ED_PRI CAN-2000-0566 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0567 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: MS:MS00-043 > Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients > Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients > Reference: BID:1481 > Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1481 > > Buffer overflow in Microsoft Outlook and Outlook Express allows remote > attackers to execute arbitrary commands via a long Date field in an > email header, aka the "Malformed E-mail Header" vulnerability. > > > ED_PRI CAN-2000-0567 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0584 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html > Reference: DEBIAN:20000701 canna server: buffer overflow > Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q2/0062.html > Reference: FREEBSD:FreeBSD-SA-00:31 > Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1 > Reference: BID:1445 > Reference: URL:http://www.securityfocus.com/bid/1445 > > Buffer overflow in Canna input system allows remote attackers to > execute arbitrary commands via an SR_INIT command with a long user > name or group name. > > > ED_PRI CAN-2000-0584 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0594 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: VULN-DEV:20000704 BitchX /ignore bug > Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html > Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html > Reference: REDHAT:RHSA-2000:042-01 > Reference: URL: > Reference: FREEBSD:FreeBSD-SA-00:32 > Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html > Reference: CALDERA:CSSA-2000-022.0 > Reference: URL: > Reference: BUGTRAQ:20000707 BitchX update > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html > Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX > Reference: http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html > Reference: BID:1436 > Reference: URL:http://www.securityfocus.com/bid/1436 > > BitchX IRC client does not properly cleanse an untrusted format > string, which allows remote attackers to cause a denial of service via > an invite to a channel whose name includes special formatting > characters. > > > ED_PRI CAN-2000-0594 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0595 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: FREEBSD:FreeBSD-SA-00:24 > Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html > Reference: BID:1437 > Reference: URL:http://www.securityfocus.com/bid/1437 > > libedit searches for the .editrc file in the current directory instead > of the user's home directory, which may allow local users to execute > arbitrary commands by installing a modified .editrc in another > directory. > > > ED_PRI CAN-2000-0595 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0603 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: MS:MS00-048 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-048.asp > Reference: BID:1444 > Reference: URL:http://www.securityfocus.com/bid/1444 > > Microsoft SQL Server 7.0 allows a local user to bypass permissions for > stored procedures by referencing them via a temporary stored > procedure, aka the "Stored Procedure Permissions" vulnerability. > > > ED_PRI CAN-2000-0603 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0613 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net > Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability > Reference: URL:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml > Reference: BID:1454 > Reference: URL:http://www.securityfocus.com/bid/1454 > > Cisco Secure PIX Firewall does not properly identify forged TCP Reset > (RST) packets, which allows remote attackers to force the firewall to > close legitimate connections. > > > ED_PRI CAN-2000-0613 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0614 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: SUSE:20000710 Security Hole in tnef < 0-124 > Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0002.html > Reference: BID:1450 > Reference: URL:http://www.securityfocus.com/bid/1450 > > Tnef program in Linux systems allows remote attackers to overwrite > arbitrary files via TNEF encoded compressed attachments which specify > absolute path names for the decompressed output. > > > ED_PRI CAN-2000-0614 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0591 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0075.html > Reference: BID:1432 > Reference: URL:http://www.securityfocus.com/bid/1432 > > Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL > filtering by encoding characters in the requested URL. > > > ED_PRI CAN-2000-0591 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0571 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com > Reference: BID:1423 > Reference: URL:http://www.securityfocus.com/bid/1423 > > LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial > of service via a long GET request. > > > ED_PRI CAN-2000-0571 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0572 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000704 Recovering Passwords in Visible Systems' Razor > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=613309F30B6DD2118C020000F809376C05CABD49@emss03m09.orl.lmco.com > Reference: BID:1424 > Reference: URL:http://www.securityfocus.com/bid/1424 > > The Razor configuration management tool uses weak encryption for its > password file, which allows local users to gain privileges. > > > ED_PRI CAN-2000-0572 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0574 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000705 proftp advisory > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0031.html > Reference: BUGTRAQ:20000706 ftpd and setproctitle() > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0061.html > Reference: CERT:CA-2000-13 > Reference: URL:http://www.cert.org/advisories/CA-2000-13.html > Reference: BUGTRAQ:20000710 opieftpd setproctitle() patches > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0121.html > Reference: NETBSD:NetBSD-SA2000-009 > Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-009.txt.asc > Reference: BID:1425 > Reference: URL:http://www.securityfocus.com/bid/1425 > Reference: BID:1438 > Reference: URL:http://www.securityfocus.com/bid/1438 > > FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do > not properly cleanse untrusted format strings that are used in the > setproctitle function (sometimes called by set_proc_title), which > allows remote attackers to cause a denial of service or execute > arbitrary commands. > > > ED_PRI CAN-2000-0574 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0576 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html > Reference: BID:1427 > Reference: URL:http://www.securityfocus.com/bid/1427 > > Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows > remote attackers to cause a denial of service via a malformed URL. > > > ED_PRI CAN-2000-0576 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0590 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html > Reference: BID:1431 > Reference: URL:http://www.securityfocus.com/bid/1431 > > Poll It 2.0 CGI script allows remote attackers to read arbitrary files > by specifying the file name in the data_dir parameter. > > > ED_PRI CAN-2000-0590 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0605 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: unknown > Reference: NTBUGTRAQ:20000710 Two issues: Blackboard CourseInfo 4.0 stores admin password in clear text; strange settings on the winreg key. > Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=NTBUGTRAQ&P=R1647 > Reference: BID:1460 > Reference: URL:http://www.securityfocus.com/bid/1460 > > Blackboard CourseInfo 4.0 stores the local and SQL administrator user > names and passwords in cleartext in a registry key whose access > control allows users to access the passwords. > > > ED_PRI CAN-2000-0605 3 > > > VOTE: ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
