|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-30 - 17 candidates
The following cluster contains 17 candidates that were announced between 7/21/2000 and 7/27/2000. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0621 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000726 Category: SF Reference: MS:MS00-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-046.asp Reference: CERT:CA-2000-14 Reference: URL:http://www.cert.org/advisories/CA-2000-14.html Reference: BID:1501 Reference: URL:http://www.securityfocus.com/bid/1501 Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. ED_PRI CAN-2000-0621 1 VOTE: ================================= Candidate: CAN-2000-0655 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com Reference: REDHAT:RHSA-2000:046-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046-02.html Reference: BID:1503 Reference: URL:http://www.securityfocus.com/bid/1503 Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. ED_PRI CAN-2000-0655 1 VOTE: ================================= Candidate: CAN-2000-0663 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: MS:MS00-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-052.asp Reference: MSKB:Q269049 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049 Reference: BID:1507 Reference: URL:http://www.securityfocus.com/bid/1507 The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. ED_PRI CAN-2000-0663 1 VOTE: ================================= Candidate: CAN-2000-0668 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: REDHAT:RHSA-2000:044-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044-02.html Reference: BID:1513 Reference: URL:http://www.securityfocus.com/bid/1513 pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled. ED_PRI CAN-2000-0668 1 VOTE: ================================= Candidate: CAN-2000-0673 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NAI:20000727 Windows NetBIOS Name Conflicts Reference: MS:MS00-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-047.asp Reference: BID:1514 Reference: URL:http://www.securityfocus.com/bid/1514 Reference: BID:1515 Reference: URL:http://www.securityfocus.com/bid/1515 The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability. ED_PRI CAN-2000-0673 1 VOTE: ================================= Candidate: CAN-2000-0664 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm Reference: BID:1508 Reference: URL:http://www.securityfocus.com/bid/1508 AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots. ED_PRI CAN-2000-0664 2 VOTE: ================================= Candidate: CAN-2000-0671 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html Reference: BID:1510 Reference: URL:http://www.securityfocus.com/bid/1510 Roxen web server earlier than 2.0.69 allows allows remote attackers to list directory contents and read source code by appending a null character (%00) to the URL. ED_PRI CAN-2000-0671 2 VOTE: ================================= Candidate: CAN-2000-0644 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html Reference: BID:1506 Reference: URL:http://www.securityfocus.com/bid/1506 WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing. ED_PRI CAN-2000-0644 3 VOTE: ================================= Candidate: CAN-2000-0645 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html Reference: BID:1506 Reference: URL:http://www.securityfocus.com/bid/1506 WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by using the RESTART (REST) command and writing beyond the end of a file, or writing to a file that does not exist, via commands such as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE). ED_PRI CAN-2000-0645 3 VOTE: ================================= Candidate: CAN-2000-0646 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html Reference: BID:1506 Reference: URL:http://www.securityfocus.com/bid/1506 WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real pathname for a file by executing a STATUS (STAT) command while the file is being transferred. ED_PRI CAN-2000-0646 3 VOTE: ================================= Candidate: CAN-2000-0647 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html Reference: BID:1506 Reference: URL:http://www.securityfocus.com/bid/1506 WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing an MLST command before logging into the server. ED_PRI CAN-2000-0647 3 VOTE: ================================= Candidate: CAN-2000-0652 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html Reference: BID:1500 Reference: URL:http://www.securityfocus.com/bid/1500 IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. ED_PRI CAN-2000-0652 3 VOTE: ================================= Candidate: CAN-2000-0656 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000724 AnalogX Proxy DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm Reference: BID:1504 Reference: URL:http://www.securityfocus.com/bid/1504 Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the FTP protocol. ED_PRI CAN-2000-0656 3 VOTE: ================================= Candidate: CAN-2000-0657 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000724 AnalogX Proxy DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm Reference: BID:1504 Reference: URL:http://www.securityfocus.com/bid/1504 Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long HELO command in the SMTP protocol. ED_PRI CAN-2000-0657 3 VOTE: ================================= Candidate: CAN-2000-0658 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000724 AnalogX Proxy DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm Reference: BID:1504 Reference: URL:http://www.securityfocus.com/bid/1504 Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long USER command in the POP3 protocol. ED_PRI CAN-2000-0658 3 VOTE: ================================= Candidate: CAN-2000-0659 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000724 AnalogX Proxy DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html Reference: BID:1504 Reference: URL:http://www.securityfocus.com/bid/1504 Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request. ED_PRI CAN-2000-0659 3 VOTE: ================================= Candidate: CAN-2000-0672 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. ED_PRI CAN-2000-0672 3 VOTE:
|
||||
