|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-28 - 18 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000803 02:55]: > The following cluster contains 18 candidates that were announced > between 7/7/2000 and 7/12/2000. > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0637 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg > Reference: MS:MS00-051 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-051.asp > Reference: BID:1451 > Reference: URL:http://www.securityfocus.com/bid/1451 > > Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary > commands by specifying a malicious .dll using the Register.ID > function, aka the "Excel REGISTER.ID Function" vulnerability. > > > ED_PRI CAN-2000-0637 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0654 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: MS:MS00-041 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp > Reference: BID:1466 > Reference: URL:http://www.securityfocus.com/bid/1466 > > Microsoft Enterprise Manager allows local users to obtain database > passwords via the Data Transformation Service (DTS) package Registered > Servers Dialog dialog, aka a variant of the "DTS Password" > vulnerability. > > > ED_PRI CAN-2000-0654 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0670 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html > Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html > Reference: DEBIAN:20000716 > Reference: URL:http://www.debian.org/security/2000/20000719b > Reference: BID:1469 > Reference: URL:http://www.securityfocus.com/bid/1469 > > The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with > write access to a CVS repository to execute arbitrary commands via > shell metacharacters. > > > ED_PRI CAN-2000-0670 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0628 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html > Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html > Reference: BID:1457 > Reference: URL:http://www.securityfocus.com/bid/1457 > > The source.asp example script in the Apache ASP module Apache::ASP > 1.93 and earlier allows remote attackers to modify files. > > > ED_PRI CAN-2000-0628 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0635 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html > Reference: BID:1449 > Reference: URL:http://www.securityfocus.com/bid/1449 > > The view_page.html sample page in the MiniVend shopping cart program > allows remote attackers to execute arbitrary commands via shell > metacharacters. > > > ED_PRI CAN-2000-0635 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0638 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html > Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html > Reference: CONFIRM:http://bb4.com/README.CHANGES > Reference: BID:1455 > Reference: URL:http://www.securityfocus.com/bid/1455 > > Big Brother 1.4h1 and earlier allows remote attackers to read > arbitrary files via a .. (dot dot) attack. > > > ED_PRI CAN-2000-0638 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0639 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: CF > Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html > Reference: BID:1494 > Reference: URL:http://www.securityfocus.com/bid/1494 > > The default configuration of Big Brother 1.4h2 and earlier does not > include proper access restrictions, which allows remote attackers to > execute arbitrary commands by using bbd to upload a file whose > extension will cause it to be executed as a CGI script by the web > server. > > > ED_PRI CAN-2000-0639 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0650 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: CF > Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5 > Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753 > Reference: BID:1458 > Reference: URL:http://www.securityfocus.com/bid/1458 > > The default installation of VirusScan 4.5 and NetShield 4.5 has > insecure permissions for the registry key that identifies the > AutoUpgrade directory, which allows local users to execute arbitrary > commands by replacing SETUP.EXE in that directory with a Trojan Horse. > > > ED_PRI CAN-2000-0650 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0629 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: CF > Reference: BUGTRAQ:20000711 Sun's Java Web Server remote command execution vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html > Reference: MISC:http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html > Reference: BID:1459 > Reference: URL:http://www.securityfocus.com/bid/1459 > > The default configuration of the Sun Java web server 2.0 and earlier > allows remote attackers to execute arbitrary commands by uploading > Java code to the server via board.html, then directly calling the JSP > compiler servlet. > > > ED_PRI CAN-2000-0629 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0640 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html > Reference: BID:1452 > Reference: URL:http://www.securityfocus.com/bid/1452 > > Guild FTPd allows remote attackers to determine the existence of files > outside the FTP root via a .. (dot dot) attack, which provides > different error messages depending on whether the file exists or not. > > > ED_PRI CAN-2000-0640 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0641 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html > Reference: BID:1453 > Reference: URL:http://www.securityfocus.com/bid/1453 > > Savant web server allows remote attackers to execute arbitrary > commands via a long GET request. > > > ED_PRI CAN-2000-0641 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0642 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: CF > Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org > Reference: BID:1497 > Reference: URL:http://www.securityfocus.com/bid/1497 > > The default configuration of WebActive HTTP Server 1.00 stores the web > access log active.log in the document root, which allows remote > attackers to view the logs by directly requesting the page. > > > ED_PRI CAN-2000-0642 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0648 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000711 WFTPD/WFTPD Pro 2.41 RC10 denial-of-service > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=E13BvU6-0007d8-00@dwarf.box.sk > Reference: BID:1456 > Reference: URL:http://www.securityfocus.com/bid/1456 > > WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of > service by executing the RENAME TO (RNTO) command before a RENAME FROM > (RNFR) command. > > > ED_PRI CAN-2000-0648 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0651 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com > Reference: BID:1440 > Reference: URL:http://www.securityfocus.com/bid/1440 > > The ClientTrust program in Novell BorderManager does not properly > verify the origin of authentication requests, which could allow remote > attackers to impersonate another user by replaying the authentication > requests and responses from port 3024 of the victim's machine. > > > ED_PRI CAN-2000-0651 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0660 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html > Reference: BID:1462 > Reference: URL:http://www.securityfocus.com/bid/1462 > > The WDaemon web server for WorldClient 2.1 allows remote attackers to > read arbitrary files via a .. (dot dot) attack. > > > ED_PRI CAN-2000-0660 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0661 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html > Reference: BID:1448 > Reference: URL:http://www.securityfocus.com/bid/1448 > > WircSrv IRC Server 5.07s allows remote attackers to cause a denial of > service via a long string to the server port. > > > ED_PRI CAN-2000-0661 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0669 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5 > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au > Reference: BID:1467 > Reference: URL:http://www.securityfocus.com/bid/1467 > > Novell Netware 5.0 allows remote attackers to cause a denial of > service by flooding port 40193 with random data. > > > ED_PRI CAN-2000-0669 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0674 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000712 ftp.pl vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html > Reference: BID:1471 > Reference: URL:http://www.securityfocus.com/bid/1471 > > ftp.pl CGI program for Virtual Visions FTP browser allows remote > attackers to read directories outside of the document root via a > .. (dot dot) attack. > > > ED_PRI CAN-2000-0674 3 > > > VOTE: ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
