|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [VOTE] MOREVOTES-2000-A: Candidates from 2000 needing 1 more vote
Each of the following 30 candidates needs just one more ACCEPT vote. If you can help out, it is appreciated. There are 4 other messages similar to this one, with different candidates. Feel free to pick one at random if you don't have the time to vote on them all. It is strongly preferred that you get your votes in by October 9. Thanks, - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. KEY FOR INFERRED ACTIONS ------------------------ Inferred actions capture the voting status of a candidate. They may be used by the Editor to determine whether or not a candidate is added to CVE. Where there is disagreement, the Editor must resolve the issue and achieve consensus, or make the final decision if consensus cannot be reached. - ACCEPT = 3 non-MITRE votes to ACCEPT/MODIFY, and no REVIEWING or REJECT - ACCEPT_ACK = 2 non-MITRE ACCEPT/MODIFY, and vendor acknowledgement - MOREVOTES = needs more votes - ACCEPT_REV = 3 non-MITRE ACCEPT's but is delayed due to a REVIEWING - SMC_REJECT = REJECT by Steve Christey; likely to be rejected outright - SMC_REVIEW = REVIEWING by Steve Christey; likely related to CD's - REVIEWING = at least one member is REVIEWING - REJECT = at least one member REJECTed - REVOTE = members should review their vote on this candidate ====================================================== Candidate: CAN-2000-0002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0002 Final-Decision: Interim-Decision: Modified: 20000501-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556 Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2 Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es Buffer overflow in ZBServer Pro allows remote attackers to execute commands via a long GET request. Modifications: ADDREF BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT) INFERRED ACTION: CAN-2000-0002 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Armstrong Comments: Frech> XF:zbserver-get-bo CHANGE> [Armstrong changed vote from REVIEWING to NOOP] VOTE: ====================================================== Candidate: CAN-2000-0006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0006 Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991225 strace can lie strace allows local users to read arbitrary files via memory mapped file names. INFERRED ACTION: CAN-2000-0006 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Armstrong Comments: Frech> XF:linux-strace VOTE: ====================================================== Candidate: CAN-2000-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0009 Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 bna,sh Reference: BID:907 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=907 bna_pass program in Optivity NETarchitect allows local users to gain privileges via a symlink attack. INFERRED ACTION: CAN-2000-0009 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: MODIFY(2) Stracener, Frech NOOP(1) Armstrong Comments: Stracener> Not a symlink attack. Descritpion should be re-written. Thumbnail sketch: 1) script cd's to /tmp, 2) Creates ".logincheck" (bna_pass tries to delete this file by calling "rm"), 3) "PATH=.:" where the (dot) causes the PATH to first execute in the local environment, 4) "export PATH" resets the environment to the local dir (to /tmp via step 1), 5) a trojaned version of "rm" is created in /tmp such that when executed (due to the corrupted path environment) creates a setuid csh, 6) script executes "bna_pass". As a result of the ".:PATH" and its export,"bna_pass" uses /tmp and calls the trojaned "rm" = execution of code. Perhaps this description: "bna_pass program in Optivity NETarchitect allows local users to gain privileges via a trojaned version of rm." Frech> XF:netarchitect-path-vulnerability CHANGE> [Armstrong changed vote from REVIEWING to NOOP] VOTE: ====================================================== Candidate: CAN-2000-0027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0027 Final-Decision: Interim-Decision: Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit Reference: BID:900 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=900 IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. INFERRED ACTION: CAN-2000-0027 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(2) Stracener, Armstrong REVIEWING(1) Frech VOTE: ====================================================== Candidate: CAN-2000-0056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0056 Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 Reference: BID:914 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=914 IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. INFERRED ACTION: CAN-2000-0056 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Blake MODIFY(1) Frech Comments: Frech> XF:imail-imonitor-status-dos VOTE: ====================================================== Candidate: CAN-2000-0090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0090 Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability Reference: XF:linux-vmware-symlink Reference: BID:943 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=943 VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. INFERRED ACTION: CAN-2000-0090 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(1) Wall VOTE: ====================================================== Candidate: CAN-2000-0116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0116 Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. INFERRED ACTION: CAN-2000-0116 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Christey, Wall Comments: Christey> ADDREF BID:954 Frech> XF:http-script-bypass VOTE: ====================================================== Candidate: CAN-2000-0127 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0127 Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000203 Webspeed security issue Reference: BID:969 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=969 The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges. INFERRED ACTION: CAN-2000-0127 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Christey, Wall Comments: Frech> XF:webspeed-adminutil-auth Christey> URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003a01bf6ebf$25e867a0$0a1a90d8@eniac VOTE: ====================================================== Candidate: CAN-2000-0128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0128 Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000204 "The Finger Server" The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. INFERRED ACTION: CAN-2000-0128 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(1) Wall Comments: Frech> XF:finger-server-input Also, the owner's web site (http://www.glazed.org/finger/) indicates that versions up to 0.83BETA are vulnerable. You should make the appropriate modifications to the description. VOTE: ====================================================== Candidate: CAN-2000-0129 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0129 Final-Decision: Interim-Decision: Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: NTBUGTRAQ:20000204 Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability Reference: BUGTRAQ:20000204 Local / Remote D.o.S Attack in Serv-U FTP-Server v2.5b for Win9x/WinNT Vulnerability Reference: NTBUGTRAQ:20000204 Windows Api SHGetPathFromIDList Buffer Overflow Reference: BUGTRAQ:20000204 Windows Api SHGetPathFromIDList Buffer Overflow Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file. INFERRED ACTION: CAN-2000-0129 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech REVIEWING(1) Wall Comments: Frech> XF:win-shortcut-api-bo The real problem seems to be with the Windows API call, not the Serv-U FTP app. As the "Windows Api SHGetPathFromIDList Buffer Overflow" reference states, [The bug can] "cause whatever handles the shortcuts to crash." As a suggestion, rephrase the description from Windows's context, and state that the Serv-U FTP server is an example of an app that exhibits this problem. VOTE: ====================================================== Candidate: CAN-2000-0164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0164 Final-Decision: Interim-Decision: Modified: 20000321-01 Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000220 Sun Internet Mail Server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl Reference: BID:1004 Reference: URL:http://www.securityfocus.com/bid/1004 The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. Modifications: ADDREF BID:1004 INFERRED ACTION: CAN-2000-0164 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Wall, LeBlanc Comments: Frech> XF:sims-temp-world-readable VOTE: ====================================================== Candidate: CAN-2000-0166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0166 Final-Decision: Interim-Decision: Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com Reference: BID:995 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=995 Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. INFERRED ACTION: CAN-2000-0166 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(3) Christey, Wall, LeBlanc Comments: Christey> BUGTRAQ:20000223 Pragma Systems response to USSRLabs report is a followup from the vendor that acknowledges that this may be a problem in older builds, but not the current one. USSR's response questions this conclusion. Also see: BUGTRAQ:20000223 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD (fwd) Frech> XF:interaccess-telnet-login-bo VOTE: ====================================================== Candidate: CAN-2000-0191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0191 Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se Reference: BID:1025 Reference: URL:http://www.securityfocus.com/bid/1025 Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0191 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Ozancin MODIFY(1) Frech NOOP(4) Wall, Cole, Blake, LeBlanc Comments: Frech> XF:axis-storpoint-auth(4078) VOTE: ====================================================== Candidate: CAN-2000-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0193 Final-Decision: Interim-Decision: Modified: Proposed: 20000322 Assigned: 20000322 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au Reference: BID:1030 Reference: URL:http://www.securityfocus.com/bid/1030 The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges. INFERRED ACTION: CAN-2000-0193 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Ozancin MODIFY(1) Frech NOOP(4) Wall, Cole, Blake, LeBlanc Comments: Frech> XF:linux-dosemu-config(4066) VOTE: ====================================================== Candidate: CAN-2000-0227 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0227 Final-Decision: Interim-Decision: Modified: Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000323 Local Denial-of-Service attack against Linux Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000323175509.A23709@clearway.com Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0254.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0272.html Reference: BID:1072 Reference: URL:http://www.securityfocus.com/bid/1072 Reference: XF:linux-domain-socket-dos The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max paremeter, which allows local users to cause a denial of service by requesting a large number of sockets. INFERRED ACTION: CAN-2000-0227 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(2) Frech, Cole NOOP(1) Christey REVIEWING(1) Magdych Comments: Christey> Fix typo: 'paremeter' Magdych> I remember when this came up... seems like there were some wildly mixed results for the exploit. VOTE: ====================================================== Candidate: CAN-2000-0237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0237 Final-Decision: Interim-Decision: Modified: Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1 Reference: BID:1075 Reference: URL:http://www.securityfocus.com/bid/1075 Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. INFERRED ACTION: CAN-2000-0237 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Magdych MODIFY(1) Frech NOOP(1) Cole Comments: Frech> XF:netscape-webpublisher-invalid-access VOTE: ====================================================== Candidate: CAN-2000-0238 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0238 Final-Decision: Interim-Decision: Modified: Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000317 DoS with NAVIEG Reference: URL:http://www.securityfocus..com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us Reference: XF:nav-email-gateway-dos Reference: BID:1064 Reference: URL:http://www.securityfocus.com/bid/1064 Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. INFERRED ACTION: CAN-2000-0238 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Frech, Magdych NOOP(2) Christey, Cole Comments: Christey> Remove extra dot in URL for securityfocus..com VOTE: ====================================================== Candidate: CAN-2000-0257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0257 Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)... Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl Reference: BID:1118 Reference: URL:http://www.securityfocus.com/bid/1118 Buffer overflow in the Netware remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. INFERRED ACTION: CAN-2000-0257 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(1) Wall Comments: Frech> XF:netware-remote-admin-overflow In the description, Novell's product is spelled NetWare. VOTE: ====================================================== Candidate: CAN-2000-0263 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0263 Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000416 xfs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html Reference: BID:1111 Reference: URL:http://www.securityfocus.com/bid/1111 The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. INFERRED ACTION: CAN-2000-0263 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(2) Christey, Wall Comments: Frech> XF:redhat-fontserver-dos POTENTIAL DUPE: CAN-2000-0286: X fontserver xfs allows local users to cause a denial of service via malformed input to the server. Christey> As Andre observed, this is a duplicate of CAN-2000-0286. CAN-2000-0286 has been slated for rejection. VOTE: ====================================================== Candidate: CAN-2000-0273 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0273 Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html Reference: BID:1095 Reference: URL:http://www.securityfocus.com/bid/1095 PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. INFERRED ACTION: CAN-2000-0273 MOREVOTES-1 (2 accept, 0 ack, 1 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Wall Comments: Christey> ADDREF XF:pcanywhere-login-dos Frech> XF:pcanywhere-login-dos VOTE: ====================================================== Candidate: CAN-2000-0285 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0285 Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000416 XFree86 server overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter. INFERRED ACTION: CAN-2000-0285 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(2) Christey, Wall Comments: Christey> ADDREF BID:1306 Frech> XF:xfree86-xkbmap-parameter-bo(4867) VOTE: ====================================================== Candidate: CAN-2000-0289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0289 Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html Reference: BID:1078 Reference: URL:http://www.securityfocus.com/bid/1078 IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. INFERRED ACTION: CAN-2000-0289 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Christey, Wall Comments: Christey> ADDREF XF:linux-masquerading-dos ADDREF SUSE:20000520 Security hole in kernel < 2.2.15 http://www.suse.de/de/support/security/suse_security_announce_48.txt Frech> XF:linux-ip-masquerading VOTE: ====================================================== Candidate: CAN-2000-0290 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0290 Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request. INFERRED ACTION: CAN-2000-0290 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(1) Wall Comments: Frech> XF:macos-webstar-get-bo VOTE: ====================================================== Candidate: CAN-2000-0298 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0298 Final-Decision: Interim-Decision: Modified: Proposed: 20000426 Assigned: 20000426 Category: CF Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories. INFERRED ACTION: CAN-2000-0298 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Wall MODIFY(1) Frech NOOP(2) Christey, Cole Comments: Christey> ADDREF XF:win2k-unattended-install Frech> XF:win2k-unattended-install VOTE: ====================================================== Candidate: CAN-2000-0318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0318 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html Reference: BID:1144 Reference: URL:http://www.securityfocus.com/bid/1144 Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack. INFERRED ACTION: CAN-2000-0318 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, LeBlanc Comments: Frech> XF:mercur-remote-dot-attack VOTE: ====================================================== Candidate: CAN-2000-0320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0320 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU Reference: BID:1133 Reference: URL:http://www.securityfocus.com/bid/1133 Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n. INFERRED ACTION: CAN-2000-0320 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Christey, Wall, Cole, LeBlanc Comments: Frech> XF:qpopper-fgets-spoofing Christey> CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=95715275707934&w=2 VOTE: ====================================================== Candidate: CAN-2000-0322 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0322 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 piranha default password/exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com Reference: BID:1149 Reference: URL:http://www.securityfocus.com/bid/1149 The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. INFERRED ACTION: CAN-2000-0322 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Christey, Wall, Cole, LeBlanc Comments: Frech> XF:piranha-passwd-execute Christey> CONFIRM:http://www.redhat.com/support/errata/RHSA-2000014-10.html CD:SF-LOC says to distinguish between this and CAN-2000-0248. CAN-2000-0248 is the default password that allowed anyone to become a piranha admin. This one is a shell metacharacter problem that's only accessible to a piranha admin - the default password just makes this bug accessible to arbitrary attackers. However, if someone needs to be an admin to run piranha in the first place, this candidate doesn't give anyone any additional privileges, so maybe it should be REJECTed. VOTE: ====================================================== Candidate: CAN-2000-0332 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0332 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com Reference: BID:1164 Reference: URL:http://www.securityfocus.com/bid/1164 UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. INFERRED ACTION: CAN-2000-0332 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, Armstrong Comments: Frech> XF:ultraboard-printabletopic-fileread VOTE: ====================================================== Candidate: CAN-2000-0335 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0335 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 glibc resolver weakness Reference: BID:1166 Reference: URL:http://www.securityfocus.com/bid/1166 The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. INFERRED ACTION: CAN-2000-0335 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, Armstrong Comments: Frech> XF:glibc-resolver-id-predictable VOTE: ====================================================== Candidate: CAN-2000-0338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0338 Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BID:1136 Reference: URL:http://www.securityfocus.com/bid/1136 Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. INFERRED ACTION: CAN-2000-0338 MOREVOTES-1 (2 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Cole, LeBlanc Comments: Frech> XF:cvs-tempfile-dos VOTE:
|
||||
