|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-29 - 20 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000803 02:57]: > The following cluster contains 20 candidates that were announced > between 7/13/2000 and 7/20/2000. > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0622 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: NAI:20000719 O'Reilly WebSite Professional Overflow > Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2424 > Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt > Reference: BID:1487 > Reference: URL:http://www.securityfocus.com/bid/1487 > > Buffer overflow in Webfind CGI program in O'Reilly WebSite > Professional web server 2.x allows remote attackers to execute > arbitrary commands via a URL containing a long "keywords" parameter. > > > ED_PRI CAN-2000-0622 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0630 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: MS:MS00-044 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp > Reference: BID:1488 > Reference: URL:http://www.securityfocus.com/bid/1488 > > IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source > code by appending a +.htr to the URL, a variant of the "File Fragment > Reading via .HTR" vulnerability. > > > ED_PRI CAN-2000-0630 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0631 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: MS:MS00-044 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp > Reference: BID:1476 > Reference: URL:http://www.securityfocus.com/bid/1476 > > An administrative script from IIS 3.0, later included in IIS 4.0 and > 5.0, allows remote attackers to cause a denial of service by accessing > the script without a particular argument, aka the "Absent Directory > Browser Argument" vulnerability. > > > ED_PRI CAN-2000-0631 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0632 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0222.html > Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1 > Reference: BID:1490 > Reference: URL:http://www.securityfocus.com/bid/1490 > > Buffer overflow in the web archive component ot L-Soft Listserv 1.8d > and earlier allows remote attackers to execute arbitrary commands via > a long query string. > > > ED_PRI CAN-2000-0632 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0653 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: MS:MS00-045 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-045.asp > Reference: BID:1502 > Reference: URL:http://www.securityfocus.com/bid/1502 > > Microsoft Outlook Express allows remote attackers to monitor a user's > email by creating a persistent browser link to the Outlook Express > windows, aka the "Persistent Mail-Browser Link" vulnerability. > > > ED_PRI CAN-2000-0653 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0666 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html > Reference: DEBIAN:20000715 rpc.statd: remote root exploit > Reference: URL:http://www.debian.org/security/2000/20000719a > Reference: REDHAT:RHSA-2000:043-03 > Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043-03.html > Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html > Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html > Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html > Reference: CALDERA:CSSA-2000-025.0 > Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt > Reference: BID:1480 > Reference: URL:http://www.securityfocus.com/bid/1480 > > rpc.statd in the nfs-utils package in various Linux distributions does > not properly cleanse untrusted format strings, which allows remote > attackers to gain root privileges. > > > ED_PRI CAN-2000-0666 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0667 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: CALDERA:CSSA-2000-024.0 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0273.html > Reference: BID:1512 > Reference: URL:http://www.securityfocus.com/bid/1512 > > Vulnerability in gpm in Caldera Linux allows local users to delete > arbitrary files or conduct a denial of service. > > > ED_PRI CAN-2000-0667 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0633 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html > Reference: BID:1489 > Reference: URL:http://www.securityfocus.com/bid/1489 > > Vulnerability in Mandrake Linux usermode package allows local users to > to reboot or halt the system. > > > ED_PRI CAN-2000-0633 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0623 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: NTBUGTRAQ:20000719 Alert: Buffer Overrun is O'Reilly WebsitePro httpd32.exe (CISADV000717) > Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=5946 > Reference: BID:1492 > Reference: URL:http://www.securityfocus.com/bid/1492 > > Buffer overflow in O'Reilly WebSite Professional web server 2.4 and > earlier allows remote attackers to execute arbitrary commands via a > long GET request or Referrer header. > > > ED_PRI CAN-2000-0623 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0624 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html > Reference: BID:1496 > Reference: URL:http://www.securityfocus.com/bid/1496 > > Buffer overflow in WinAmp 2.64 and earlier allows remote attackers to > execute arbitrary commands via a long #EXTINF: extension in the M3U > playlist. > > > ED_PRI CAN-2000-0624 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0625 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: L0PHT:20000718 NetZero Password Encryption Algorithm > Reference: URL:http://www.l0pht.com/advisories/netzero.txt > Reference: BID:1483 > Reference: URL:http://www.securityfocus.com/bid/1483 > > NetZero 3.0 and earlier uses weak encryption for storing a user's > login information, which allows a local user to decrypt the password. > > > ED_PRI CAN-2000-0625 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0626 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000718 Multiple bugs in Alibaba 2.0 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html > Reference: BID:1482 > Reference: URL:http://www.securityfocus.com/bid/1482 > > Buffer overflow in Alibaba web server allows remote attackers to cause > a denial of service via a long GET request. > > > ED_PRI CAN-2000-0626 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0627 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html > Reference: BID:1486 > Reference: URL:http://www.securityfocus.com/bid/1486 > > BlackBoard CourseInfo 4.0 does not properly authenticate users, which > allows local users to modify CourseInfo database information and gain > privileges by directly calling the supporting CGI programs such as > user_update_passwd.pl and user_update_admin.pl. > > > ED_PRI CAN-2000-0627 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0634 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html > Reference: BID:1493 > Reference: URL:http://www.securityfocus.com/bid/1493 > > The web administration interface for CommuniGate Pro 3.2.5 and earlier > allows remote attackers to read arbitrary files via a .. (dot dot) > attack. > > > ED_PRI CAN-2000-0634 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0636 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html > Reference: BID:1491 > Reference: URL:http://www.securityfocus.com/bid/1491 > > HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow > remote attackers to cause a denial of service via a malformed FTP > quote command. > > > ED_PRI CAN-2000-0636 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0643 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org > Reference: BID:1470 > Reference: URL:http://www.securityfocus.com/bid/1470 > > Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers > to cause a denial of service via a long URL. > > > ED_PRI CAN-2000-0643 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0649 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: NTBUGTRAQ:20000713 IIS4 Basic authentication realm issue > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html > Reference: BID:1499 > Reference: URL:http://www.securityfocus.com/bid/1499 > > IIS 4.0 allows remote attackers to obtain the internal IP address of > the server via an HTTP 1.0 request for a web page which is protected > by basic authentication and has no realm defined. > > > ED_PRI CAN-2000-0649 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0662 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg > Reference: BID:1474 > Reference: URL:http://www.securityfocus.com/bid/1474 > > Internet Explorer 5.x and Microsoft Outlook allows remote attackers to > read arbitrary files by redirecting the contents of an IFRAME using > the DHTML Edit Control (DHTMLED). > > > ED_PRI CAN-2000-0662 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0665 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k. > Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html > Reference: BID:1478 > Reference: URL:http://www.securityfocus.com/bid/1478 > > AMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to > cause a denial of service via a long username. > > > ED_PRI CAN-2000-0665 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0675 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000803 > Assigned: 20000802 > Category: SF > Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion > Reference: BID:1477 > Reference: URL:http://www.securityfocus.com/bid/1477 > > Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote > attackers to execute arbitrary commands via a long string. > > > ED_PRI CAN-2000-0675 3 > > > VOTE: ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
