|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 80 recent candidates (Final 10/13)
I have made an Interim Decision to ACCEPT the following 80 candidates from the RECENT-03 through RECENT-22 clusters. These clusters cover candidates that were publicly announced between December 13, 1999 and June 5, 2000. I will make a Final Decision on October 13. Thanks to all the Board members who got their votes in! 15 different members have voted since October 1. Voters: Wall ACCEPT(12) MODIFY(3) NOOP(54) Levy ACCEPT(68) MODIFY(2) LeBlanc ACCEPT(3) NOOP(33) Ozancin ACCEPT(34) NOOP(23) Landfield NOOP(1) Cole ACCEPT(44) NOOP(18) Bishop ACCEPT(2) Baker MODIFY(4) Stracener ACCEPT(16) MODIFY(1) NOOP(2) Dik ACCEPT(1) Frech ACCEPT(10) MODIFY(70) Christey NOOP(37) Magdych ACCEPT(2) REVIEWING(1) Armstrong ACCEPT(9) NOOP(19) REVIEWING(6) Prosser ACCEPT(2) NOOP(4) Blake ACCEPT(24) NOOP(4) ====================================================== Candidate: CAN-1999-1004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1004 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS Reference: URL:http://www.securityfocus.com/archive/1/38970 Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum) Reference: URL:http://www.securityfocus.com/archive/1/39194 Reference: CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command. Modifications: ADDREF CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy INFERRED ACTION: CAN-1999-1004 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Stracener, Armstrong, Wall MODIFY(2) Frech, Baker NOOP(3) Ozancin, Landfield, Christey Voter Comments: Frech> XF:nav-pop-user CHANGE> [Wall changed vote from NOOP to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy The Document ID is 2000011400475506. Baker> http://www.securityfocus.com/archive/1/38970 http://www.securityfocus.com/archive/1/39194 Vendor Acknowledgement - http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument ====================================================== Candidate: CAN-2000-0002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0002 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-02 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556 Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94598388530358&w=2 Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es Reference: BID:889 Reference: XF:zbserver-get-bo Buffer overflow in ZBServer Pro allows remote attackers to execute commands via a long GET request. Modifications: ADDREF BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT) ADDREF BID:889 ADDREF XF:zbserver-get-bo INFERRED ACTION: CAN-2000-0002 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Cole, Stracener, Wall, Blake MODIFY(2) Levy, Frech NOOP(2) Armstrong, Ozancin Voter Comments: Frech> XF:zbserver-get-bo Wall> Confirmed by UssrLabs and they have exploit code. Wall> Found by Ussr labs. Levy> Ref: BID 889 CHANGE> [Armstrong changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0009 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0009 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 bna,sh Reference: XF:netarchitect-path-vulnerability Reference: BID:907 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=907 The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands. Modifications: ADDREF XF:netarchitect-path-vulnerability DESC [provide correct vulnerability details] INFERRED ACTION: CAN-2000-0009 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Blake MODIFY(2) Stracener, Frech NOOP(4) Cole, Armstrong, Wall, Ozancin Voter Comments: Stracener> Not a symlink attack. Descritpion should be re-written. Thumbnail sketch: 1) script cd's to /tmp, 2) Creates ".logincheck" (bna_pass tries to delete this file by calling "rm"), 3) "PATH=.:" where the (dot) causes the PATH to first execute in the local environment, 4) "export PATH" resets the environment to the local dir (to /tmp via step 1), 5) a trojaned version of "rm" is created in /tmp such that when executed (due to the corrupted path environment) creates a setuid csh, 6) script executes "bna_pass". As a result of the ".:PATH" and its export,"bna_pass" uses /tmp and calls the trojaned "rm" = execution of code. Perhaps this description: "bna_pass program in Optivity NETarchitect allows local users to gain privileges via a trojaned version of rm." Frech> XF:netarchitect-path-vulnerability CHANGE> [Armstrong changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0056 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 Reference: BID:914 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=914 Reference: XF:imail-imonitor-status-dos IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. Modifications: ADDREF XF:imail-imonitor-status-dos INFERRED ACTION: CAN-2000-0056 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Levy, Wall, Blake, Ozancin MODIFY(1) Frech NOOP(2) Christey, Armstrong Voter Comments: Frech> XF:imail-imonitor-status-dos Wall> found by eeye CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> Possible acknowledgement in "What is changed in version 6.04" KB article at http://support.ipswitch.com/kb/IM-20000801-DM02.htm. Under "IMail Monitor" section, see: "Corrected memory leaks under heavy load. Prevents Denial of Service (DoS) when attacked by connection script." ====================================================== Candidate: CAN-2000-0063 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0063 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability Reference: XF:http-cgi-cgiproc-file-read Reference: BID:938 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938 cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. Modifications: ADDREF XF:http-cgi-cgiproc-file-read INFERRED ACTION: CAN-2000-0063 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Levy MODIFY(1) Frech Voter Comments: Frech> XF:http-cgi-cgiproc-file-read ====================================================== Candidate: CAN-2000-0064 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0064 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability Reference: BID:938 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=938 Reference: XF:http-cgi-cgiproc-dos cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. Modifications: ADDREF XF:http-cgi-cgiproc-dos INFERRED ACTION: CAN-2000-0064 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Levy MODIFY(1) Frech Voter Comments: Frech> XF:http-cgi-cgiproc-dos ====================================================== Candidate: CAN-2000-0065 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0065 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0 Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94820747229579&w=2 Reference: XF:inetserv-get-bo Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request. Modifications: ADDREF XF:inetserv-get-bo DESC [Add version number] INFERRED ACTION: CAN-2000-0065 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Wall MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> Add "webmail" term to description to facilitate search. Frech> XF:inetserv-get-bo Wall> Exploit script on Packetstorm. ====================================================== Candidate: CAN-2000-0075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0075 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Reference: BID:930 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=930 Reference: XF:supermail-memleak-dos Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. Modifications: ADDREF XF:supermail-memleak-dos INFERRED ACTION: CAN-2000-0075 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(2) Wall, Frech Voter Comments: Frech> XF:supermail-memleak-dos Wall> I believe this is the MsgCore ZetaMail 2.0 (Windows NT) Mail POP3/SMTP Server and earlier that has the DoS. ====================================================== Candidate: CAN-2000-0076 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0076 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-02 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:19991230 vibackup.sh Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2 Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script Reference: URL:http://www.debian.org/security/2000/20000108 Reference: XF:nvi-delete-files Reference: BID:1439 nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. Modifications: ADDREF XF:nvi-delete-files ADDREF BID:1439 INFERRED ACTION: CAN-2000-0076 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Frech> XF:nvi-delete-files Christey> ADDREF BID:1439 Levy> BID1439 ====================================================== Candidate: CAN-2000-0090 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0090 Final-Decision: Interim-Decision: 20001011 Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability Reference: XF:linux-vmware-symlink Reference: BID:943 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=943 VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack. INFERRED ACTION: CAN-2000-0090 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(6) Frech, Cole, Armstrong, Levy, Blake, Ozancin NOOP(1) Wall ====================================================== Candidate: CAN-2000-0094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0094 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000208 Assigned: 20000202 Category: SF Reference: BUGTRAQ:20000121 *BSD procfs vulnerability Reference: FREEBSD:FreeBSD-SA-00:02 Reference: NETBSD:NetBSD-SA2000-001 Reference: XF:netbsd-procfs Reference: BID:940 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=940 procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr. Modifications: ADDREF NETBSD:NetBSD-SA2000-001 ADDREF XF:netbsd-procfs INFERRED ACTION: CAN-2000-0094 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Christey> BID:987 and NETBSD:2000-001 refer to a NetBSD procfs mem problem that's probably the same problem as this one. Frech> XF:netbsd-procfs Christey> BID:987 has since been deleted, so I guess they agree ;-) ====================================================== Candidate: CAN-2000-0116 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0116 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented Reference: BID:954 Reference: XF:http-script-bypass Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag. Modifications: ADDREF BID:954 ADDREF XF:http-script-bypass INFERRED ACTION: CAN-2000-0116 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Cole, Blake MODIFY(2) Frech, Baker NOOP(4) Christey, Armstrong, Wall, Ozancin Voter Comments: Christey> ADDREF BID:954 Frech> XF:http-script-bypass Baker> Vulnerability Reference (HTML) Reference Type Buqtraq database www.securityfocus.com/bid/954 Misc Defensive Info Bugtraq initial posting http://www.securityfocus.com/archive/1/44250 Misc Offensive Info X-Force Entry http://xforce.iss.net/static/3905.php Misc Defensive Info ====================================================== Candidate: CAN-2000-0117 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0117 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password.. Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000 Reference: XF:http-cgi-cobalt-passwords Reference: BID:951 The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root). Modifications: ADDREF XF:http-cgi-cobalt-passwords ADDREF BID:951 INFERRED ACTION: CAN-2000-0117 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(2) Frech, Levy NOOP(1) Wall Voter Comments: Frech> XF:http-cgi-cobalt-passwords Levy> Reference: BID 951 ====================================================== Candidate: CAN-2000-0127 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0127 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000203 Webspeed security issue Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed Reference: BID:969 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=969 Reference: XF:webspeed-adminutil-auth The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges. Modifications: ADDREF CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed ADDREF XF:webspeed-adminutil-auth INFERRED ACTION: CAN-2000-0127 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Cole, Levy, Wall, Blake MODIFY(1) Frech NOOP(3) Christey, Armstrong, Ozancin Voter Comments: Frech> XF:webspeed-adminutil-auth Christey> URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003a01bf6ebf$25e867a0$0a1a90d8@eniac CHANGE> [Wall changed vote from NOOP to ACCEPT] Christey> CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed ====================================================== Candidate: CAN-2000-0128 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0128 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000204 "The Finger Server" Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt Reference: XF:finger-server-input The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters. Modifications: ADDREF XF:finger-server-input ADDREF CONFIRM:http://www.glazed.org/finger/changelog.txt INFERRED ACTION: CAN-2000-0128 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Blake, Ozancin MODIFY(2) Frech, Baker NOOP(3) Christey, Armstrong, Wall Voter Comments: Frech> XF:finger-server-input Also, the owner's web site (http://www.glazed.org/finger/) indicates that versions up to 0.83BETA are vulnerable. You should make the appropriate modifications to the description. Christey> CONFIRM:http://www.glazed.org/finger/changelog.txt Acknowledges "Noam Rathaus," not the discloser, and describes the same underlying programming flaw, but doesn't directly mention Bugtraq/others. However, source code analysis indicates that they did an extremely basic fix. Baker> Vulnerability Reference (HTML) Reference Type Initial Bugtraq posting http://www.securityfocus.com/archive/1/45139 Misc Defensive Info X-Force Entry http://xforce.iss.net/static/4006.php Misc Defensive Info Vendor's Acknowledgement http://www.glazed.org/finger/changelog.txt Vendor Info ====================================================== Candidate: CAN-2000-0130 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0130 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000127 New SCO patches... Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94908470928258&w=2 Reference: SCO:SB-00.02a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a Reference: XF:sco-help-bo Buffer overflow in SCO scohelp program allows remote attackers to execute commands. Modifications: ADDREF XF:sco-help-bo ADDREF SCO:SB-00.02a INFERRED ACTION: CAN-2000-0130 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Christey> The Bugtraq posting only alludes to this problem. The SCO web site simply doesn't provide many details. See ftp://ftp.sco.com/SSE/sse060.ltr Is this the same as the following, which blames Netscape but mentions scohelp in the exploit? BUGTRAQ:20001231 Netscape FastTrack httpd remote exploit http://marc.theaimsgroup.com/?l=bugtraq&m=94666184914653&w=2 Frech> XF:sco-help-bo Christey> CONFIRM:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a ====================================================== Candidate: CAN-2000-0141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0141 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-02 Proposed: 20000216 Assigned: 20000216 Category: SF Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl Reference: BID:991 Reference: URL:http://www.securityfocus.com/bid/991 Reference: MISC:http://www.ultimatebb.com/home/versions.shtml Reference: XF:http-cgi-ultimatebb Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field. Modifications: ADDREF MISC:http://www.ultimatebb.com/home/versions.shtml ADDREF BUGTRAQ:20000225 FW: Important UBB News For Licensed Users ADDREF BID:991 ADDREF XF:http-cgi-ultimatebb INFERRED ACTION: CAN-2000-0141 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Bishop, Blake MODIFY(1) Frech NOOP(2) Christey, LeBlanc Voter Comments: Christey> ADDREF BID:991 ADDREF URL:http://www.securityfocus.com/bid/991 The following could be a confirmation by UBB: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Frech> XF:http-cgi-ultimatebb ====================================================== Candidate: CAN-2000-0146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0146 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000216 Assigned: 20000216 Category: SF Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e Reference: BID:972 Reference: URL:http://www.securityfocus.com/bid/972 Reference: XF:novell-groupwise-url-dos The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet. Modifications: ADDREF XF:novell-groupwise-url-dos INFERRED ACTION: CAN-2000-0146 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Bishop, Blake MODIFY(1) Frech NOOP(1) LeBlanc Voter Comments: Frech> XF:novell-groupwise-url-dos ====================================================== Candidate: CAN-2000-0164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0164 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-02 Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000220 Sun Internet Mail Server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl Reference: SUNBUG:4316521 Reference: BID:1004 Reference: URL:http://www.securityfocus.com/bid/1004 Reference: XF:sims-temp-world-readable The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords. Modifications: ADDREF BID:1004 ADDREF SUNBUG:4316521 ADDREF XF:sims-temp-world-readable INFERRED ACTION: CAN-2000-0164 ACCEPT_REV (6 accept, 1 ack, 1 review) Current Votes: ACCEPT(5) Dik, Cole, Levy, Blake, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc REVIEWING(1) Armstrong Voter Comments: Frech> XF:sims-temp-world-readable Dik> bug 4316521 ====================================================== Candidate: CAN-2000-0166 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0166 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000223 Assigned: 20000223 Category: SF Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95171674614819&w=2 Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report Reference: BID:995 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=995 Reference: XF:interaccess-telnet-login-bo Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name. Modifications: ADDREF BUGTRAQ:20000223 Pragma Systems response to USSRLabs report ADDREF XF:interaccess-telnet-login-bo INFERRED ACTION: CAN-2000-0166 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Levy, Blake MODIFY(1) Frech NOOP(5) Christey, Armstrong, Wall, LeBlanc, Ozancin Voter Comments: Christey> BUGTRAQ:20000223 Pragma Systems response to USSRLabs report is a followup from the vendor that acknowledges that this may be a problem in older builds, but not the current one. USSR's response questions this conclusion. Also see: BUGTRAQ:20000223 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD (fwd) Frech> XF:interaccess-telnet-login-bo Christey> CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=95142498000781&w=2 ====================================================== Candidate: CAN-2000-0179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0179 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000322 Assigned: 20000322 Category: unknown Reference: BUGTRAQ:20000228 HP Omniback remote DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html Reference: HP:HPSBUX0006-115 Reference: BID:1015 Reference: URL:http://www.securityfocus.com/bid/1015 Reference: XF:omniback-connection-dos HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555. Modifications: ADDREF HP:HPSBUX0006-115 ADDREF XF:omniback-connection-dos INFERRED ACTION: CAN-2000-0179 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Ozancin MODIFY(1) Frech NOOP(4) Christey, Wall, Blake, LeBlanc Voter Comments: Christey> ADDREF HP:HPSBUX0006-115 Frech> XF:omniback-connection-dos(4022) ====================================================== Candidate: CAN-2000-0191 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0191 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se Reference: XF:axis-storpoint-auth Reference: BID:1025 Reference: URL:http://www.securityfocus.com/bid/1025 Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack. Modifications: ADDREF XF:axis-storpoint-auth INFERRED ACTION: CAN-2000-0191 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Cole, Levy, Blake, Ozancin MODIFY(1) Frech NOOP(3) Armstrong, Wall, LeBlanc Voter Comments: Frech> XF:axis-storpoint-auth(4078) CHANGE> [Blake changed vote from NOOP to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0193 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0193 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000322 Assigned: 20000322 Category: CF Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au Reference: BID:1030 Reference: URL:http://www.securityfocus.com/bid/1030 Reference: XF:linux-dosemu-config The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges. Modifications: ADDREF XF:linux-dosemu-config INFERRED ACTION: CAN-2000-0193 ACCEPT_REV (5 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Cole, Levy, Blake, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc REVIEWING(1) Armstrong Voter Comments: Frech> XF:linux-dosemu-config(4066) CHANGE> [Blake changed vote from NOOP to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0225 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0225 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER Reference: BID:1032 Reference: URL:http://www.securityfocus.com/bid/1032 Reference: XF:telnet-pocsag The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled. Modifications: ADDREF XF:telnet-pocsag INFERRED ACTION: CAN-2000-0225 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Ozancin, Cole MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Blake Voter Comments: Frech> XF:telnet-pocsag(4171) ====================================================== Candidate: CAN-2000-0237 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0237 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1 Reference: BID:1075 Reference: URL:http://www.securityfocus.com/bid/1075 Reference: XF:netscape-webpublisher-invalid-access Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories. Modifications: ADDREF XF:netscape-webpublisher-invalid-access INFERRED ACTION: CAN-2000-0237 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Magdych, Cole, Levy, Wall, Blake MODIFY(1) Frech NOOP(2) Ozancin, Armstrong Voter Comments: Frech> XF:netscape-webpublisher-invalid-access CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0238 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0238 Final-Decision: Interim-Decision: 20001011 Modified: Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000317 DoS with NAVIEG Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us Reference: XF:nav-email-gateway-dos Reference: BID:1064 Reference: URL:http://www.securityfocus.com/bid/1064 Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL. INFERRED ACTION: CAN-2000-0238 ACCEPT (7 accept, 0 ack, 0 review) Current Votes: ACCEPT(7) Ozancin, Frech, Magdych, Armstrong, Levy, Wall, Blake NOOP(2) Christey, Cole Voter Comments: Christey> Remove extra dot in URL for securityfocus..com ====================================================== Candidate: CAN-2000-0240 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0240 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000321 vqserver /........../ Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html Reference: XF:vqserver-dir-traverse Reference: BID:1067 Reference: URL:http://www.securityfocus.com/bid/1067 vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack. Modifications: ADDREF CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html INFERRED ACTION: CAN-2000-0240 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Frech, Cole, Levy NOOP(1) Christey REVIEWING(1) Magdych Voter Comments: Christey> CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html Note, however, that the vendor says that this was corrected in early 1999. ====================================================== Candidate: CAN-2000-0257 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0257 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)... Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl Reference: BID:1118 Reference: URL:http://www.securityfocus.com/bid/1118 Reference: XF:netware-remote-admin-overflow Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL. Modifications: ADDREF XF:netware-remote-admin-overflow DESC [change Netware to NetWare] INFERRED ACTION: CAN-2000-0257 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Blake, Cole, Levy MODIFY(1) Frech NOOP(2) Ozancin, Wall REVIEWING(1) Armstrong Voter Comments: Frech> XF:netware-remote-admin-overflow In the description, Novell's product is spelled NetWare. ====================================================== Candidate: CAN-2000-0263 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0263 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000416 xfs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html Reference: XF:redhat-fontserver-dos Reference: BID:1111 Reference: URL:http://www.securityfocus.com/bid/1111 The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request. Modifications: ADDREF XF:redhat-fontserver-dos INFERRED ACTION: CAN-2000-0263 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Cole, Armstrong, Levy MODIFY(1) Frech NOOP(3) Blake, Christey, Wall Voter Comments: Frech> XF:redhat-fontserver-dos POTENTIAL DUPE: CAN-2000-0286: X fontserver xfs allows local users to cause a denial of service via malformed input to the server. Christey> As Andre observed, this is a duplicate of CAN-2000-0286. CAN-2000-0286 has been slated for rejection. ====================================================== Candidate: CAN-2000-0265 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0265 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip Reference: BID:1119 Reference: URL:http://www.securityfocus.com/bid/1119 Reference: XF:panda-uninstall-program Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet. Modifications: ADDREF CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip ADDREF XF:panda-uninstall-program INFERRED ACTION: CAN-2000-0265 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip Frech> XF:panda-uninstall-program(4865) ====================================================== Candidate: CAN-2000-0272 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0272 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2 Reference: CONFIRM:http://service.real.com/help/faq/servg270.html Reference: XF:realserver-remote-dos Reference: BID:1128 Reference: URL:http://www.securityfocus.com/bid/1128 RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070. Modifications: ADDREF CONFIRM:http://service.real.com/help/faq/servg270.html ADDREF XF:realserver-remote-dos INFERRED ACTION: CAN-2000-0272 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF CONFIRM:http://service.real.com/help/faq/servg270.html Frech> XF:realserver-remote-dos ====================================================== Candidate: CAN-2000-0273 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0273 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html Reference: BID:1095 Reference: URL:http://www.securityfocus.com/bid/1095 Reference: XF:pcanywhere-login-dos PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt. Modifications: ADDREF XF:pcanywhere-login-dos INFERRED ACTION: CAN-2000-0273 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Blake, Cole, Armstrong, Levy, Wall MODIFY(1) Frech NOOP(2) Ozancin, Christey Voter Comments: Christey> ADDREF XF:pcanywhere-login-dos Frech> XF:pcanywhere-login-dos CHANGE> [Wall changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0282 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0282 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html Reference: BID:1102 Reference: URL:http://www.securityfocus.com/bid/1102 Reference: XF:talentsoft-web-input TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program. Modifications: ADDREF CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html ADDREF XF:talentsoft-web-input INFERRED ACTION: CAN-2000-0282 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> ADDREF CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/webplus46p%20Read%20me.html Frech> XF:talentsoft-web-input Christey> URL for CONFIRM has apparently changed. Use this now: ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html ====================================================== Candidate: CAN-2000-0285 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0285 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000416 XFree86 server overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html Reference: BID:1306 Reference: XF:xfree86-xkbmap-parameter-bo Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter. Modifications: ADDREF BID:1306 ADDREF XF:xfree86-xkbmap-parameter-bo INFERRED ACTION: CAN-2000-0285 ACCEPT (6 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Blake, Ozancin, Cole, Armstrong, Levy MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF BID:1306 Frech> XF:xfree86-xkbmap-parameter-bo(4867) ====================================================== Candidate: CAN-2000-0289 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0289 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html Reference: SUSE:20000520 Security hole in kernel < 2.2.15 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_48.txt Reference: BID:1078 Reference: URL:http://www.securityfocus.com/bid/1078 Reference: XF:linux-masquerading-dos IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection. Modifications: ADDREF XF:linux-masquerading-dos ADDREF SUSE:20000520 Security hole in kernel < 2.2.15 INFERRED ACTION: CAN-2000-0289 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Blake, Ozancin, Cole, Armstrong, Levy MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF XF:linux-masquerading-dos ADDREF SUSE:20000520 Security hole in kernel < 2.2.15 http://www.suse.de/de/support/security/suse_security_announce_48.txt Frech> XF:linux-ip-masquerading ====================================================== Candidate: CAN-2000-0301 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0301 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95507019226096&w=2 Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm Reference: BID:1094 Reference: URL:http://www.securityfocus.com/bid/1094 Reference: XF:ipswitch-imail-dos Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command. Modifications: ADDREF CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm ADDREF XF:ipswitch-imail-dos INFERRED ACTION: CAN-2000-0301 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Christey> This description may need to be modified. It appears that the problem is in the SMTP login capability of Eudora. Also see a CONFIRM at http://support.ipswitch.com/kb/IM-20000208-DM02.htm Frech> XF:ipswitch-imail-dos Christey> On further review of the vendor's acknowledgement, they provide a fix for their software, and offer a workaround in Eudora. So it's a problem with IMail. As the advisory says, "[after the workaround], Eudora will not use the CRAM-MD5 authentication scheme, but will use LOGIN, which works with IMail servers." ====================================================== Candidate: CAN-2000-0318 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0318 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html Reference: BID:1144 Reference: URL:http://www.securityfocus.com/bid/1144 Reference: XF:mercur-remote-dot-attack Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack. Modifications: ADDREF XF:mercur-remote-dot-attack INFERRED ACTION: CAN-2000-0318 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Blake, Levy MODIFY(1) Frech NOOP(5) Wall, LeBlanc, Ozancin, Cole, Armstrong Voter Comments: Frech> XF:mercur-remote-dot-attack ====================================================== Candidate: CAN-2000-0319 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0319 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU Reference: XF:sendmail-maillocal-dos Reference: BID:1146 Reference: URL:http://www.securityfocus.com/bid/1146 mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n. Modifications: ADDREF XF:sendmail-maillocal-dos INFERRED ACTION: CAN-2000-0319 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Christey, Cole Voter Comments: Frech> XF:sendmail-maillocal-dos Christey> Greg Shapiro, in a response to an advisory for the Linux "capabilities" bug, states: "There are no unsafe fgets() in sendmail or mail.local." However, there was no response related to this particular candidate. See http://archives.neohapsis.com/archives/bugtraq/2000-06/0311.html Christey> Subsequent email discussion with Greg Shapiro indicates that he was talking about a later version of Sendmail when discussing the capabilities bug. Confirmation of this problem is in the release notes for Sendmail 8.10.0 ====================================================== Candidate: CAN-2000-0320 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0320 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95715275707934&w=2 Reference: BID:1133 Reference: URL:http://www.securityfocus.com/bid/1133 Reference: XF:qpopper-fgets-spoofing Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n. Modifications: ADDREF XF:qpopper-fgets-spoofing INFERRED ACTION: CAN-2000-0320 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Blake, Ozancin, Armstrong, Levy MODIFY(2) Frech, Baker NOOP(4) Wall, LeBlanc, Christey, Cole Voter Comments: Frech> XF:qpopper-fgets-spoofing Christey> CONFIRM:http://marc.theaimsgroup.com/?l=bugtraq&m=95715275707934&w=2 Christey> Acknowledged by the vendor in a followup post. Baker> http://www.securityfocus.com/archive/1/56400 http://www.securityfocus.com/archive/1/57788 Confirm by Qualcom to Bugtraq ====================================================== Candidate: CAN-2000-0322 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0322 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 piranha default password/exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com Reference: REDHAT:RHSA-2000014-16 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000014-16.html Reference: BID:1149 Reference: URL:http://www.securityfocus.com/bid/1149 Reference: XF:piranha-passwd-execute The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. Modifications: ADDREF REDHAT:RHSA-2000014-10 ADDREF XF:piranha-passwd-execute INFERRED ACTION: CAN-2000-0322 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(6) Wall, Blake, LeBlanc, Ozancin, Christey, Armstrong Voter Comments: Frech> XF:piranha-passwd-execute Christey> CONFIRM:http://www.redhat.com/support/errata/RHSA-2000014-10.html CD:SF-LOC says to distinguish between this and CAN-2000-0248. CAN-2000-0248 is the default password that allowed anyone to become a piranha admin. This one is a shell metacharacter problem that's only accessible to a piranha admin - the default password just makes this bug accessible to arbitrary attackers. However, if someone needs to be an admin to run piranha in the first place, this candidate doesn't give anyone any additional privileges, so maybe it should be REJECTed. CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> CONFIRM:http://www.redhat.com/support/errata/RHSA-2000014-10.html ====================================================== Candidate: CAN-2000-0332 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0332 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com Reference: BID:1164 Reference: URL:http://www.securityfocus.com/bid/1164 Reference: XF:ultraboard-printabletopic-fileread UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte. Modifications: ADDREF XF:ultraboard-printabletopic-fileread INFERRED ACTION: CAN-2000-0332 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Blake, Cole, Levy MODIFY(1) Frech NOOP(3) Wall, Ozancin, Armstrong Voter Comments: Frech> XF:ultraboard-printabletopic-fileread CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0335 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0335 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000502 glibc resolver weakness Reference: BID:1166 Reference: URL:http://www.securityfocus.com/bid/1166 Reference: XF:glibc-resolver-id-predictable The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results. Modifications: ADDREF XF:glibc-resolver-id-predictable INFERRED ACTION: CAN-2000-0335 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Blake, Ozancin, Cole, Levy MODIFY(1) Frech NOOP(3) Wall, Christey, Armstrong Voter Comments: Frech> XF:glibc-resolver-id-predictable CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> In a followup post, Steve Bellovin says: "When this code was being written, Paul Vixie and I had a lot of discussions about what to do... what you see is an engineering judgement, that given the other (very serious) vulnerabilities of the DNS, all that was called for here was bringing it up to at least the same level of protection. ====================================================== Candidate: CAN-2000-0338 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0338 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000423 CVS DoS Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl Reference: BID:1136 Reference: URL:http://www.securityfocus.com/bid/1136 Reference: XF:cvs-tempfile-dos Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. Modifications: ADDREF XF:cvs-tempfile-dos ADDREF BUGTRAQ:20000423 CVS DoS INFERRED ACTION: CAN-2000-0338 ACCEPT_REV (5 accept, 0 ack, 1 review) Current Votes: ACCEPT(4) Blake, Ozancin, Cole, Levy MODIFY(1) Frech NOOP(2) Wall, LeBlanc REVIEWING(1) Armstrong Voter Comments: Frech> XF:cvs-tempfile-dos CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0340 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0340 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html Reference: BID:1155 Reference: URL:http://www.securityfocus.com/bid/1155 Reference: XF:linux-gnomelib-bo Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable. Modifications: ADDREF XF:linux-gnomelib-bo ADDREF CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html INFERRED ACTION: CAN-2000-0340 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Ozancin, Levy MODIFY(1) Frech NOOP(4) Wall, Christey, Cole, Armstrong Voter Comments: Frech> XF:linux-gnomelib-bo Christey> CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html ====================================================== Candidate: CAN-2000-0344 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0344 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000501 Linux knfsd DoS issue Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk Reference: BID:1160 Reference: URL:http://www.securityfocus.com/bid/1160 Reference: XF:linux-knfsd-dos The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value. Modifications: ADDREF XF:linux-knfsd-dos INFERRED ACTION: CAN-2000-0344 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Ozancin, Cole, Levy MODIFY(1) Frech NOOP(3) Wall, Christey, Armstrong Voter Comments: Christey> ADDREF XF:linux-knfsd-dos Frech> XF:linux-knfsd-dos CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0347 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0347 Final-Decision: Interim-Decision: 20001011 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c) Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2 Reference: BID:1163 Reference: URL:http://www.securityfocus.com/bid/1163 Reference: XF:win-netbios-source-null Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name. Modifications: ADDREF XF:win-netbios-source-null DESC Change spelling for NetBIOS INFERRED ACTION: CAN-2000-0347 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Wall, Cole, Armstrong, Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:win-netbios-source-null Consider NetBIOS as correct spelling in description. Christey> Acknowledged via personal communication with Microsoft personnel, who say that this issue is pretty obscure. ====================================================== Candidate: CAN-2000-0378 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0378 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000502 pam_console bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html Reference: BID:1176 Reference: URL:http://www.securityfocus.com/bid/1176 Reference: XF:linux-pam-sniff-activities The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in. Modifications: ADDREF XF:linux-pam-sniff-activities DESC [make details more accurate] INFERRED ACTION: CAN-2000-0378 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Ozancin, Stracener, Levy MODIFY(1) Frech NOOP(2) Prosser, Cole Voter Comments: Levy> Please note that its not that the ownership is not reset. Its that a program can maintain an open file descriptor to the devices while someone else uses them. Frech> XF:linux-pam-sniff-activities(4869) ====================================================== Candidate: CAN-2000-0426 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0426 Final-Decision: Interim-Decision: 20001011 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html Reference: BID:1175 Reference: URL:http://www.securityfocus.com/bid/1175 Reference: XF:ultraboard-cgi-dos UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself. INFERRED ACTION: CAN-2000-0426 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Frech, Stracener NOOP(3) Ozancin, Prosser, Cole ====================================================== Candidate: CAN-2000-0430 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0430 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000503 Another interesting Cart32 command Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2 Reference: XF:cart32-expdate Reference: BID:1358 Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request. Modifications: ADDREF BID:1358 INFERRED ACTION: CAN-2000-0430 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(5) Levy, Ozancin, Frech, Prosser, Stracener NOOP(2) Christey, Cole Voter Comments: Christey> ADDREF BID:1358 ADDREF URL:http://www.securityfocus.com/bid/1358 CHANGE> [Levy changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0440 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0440 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: NETBSD:NetBSD-SA2000-002 Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc Reference: FREEBSD:FreeBSD-SA-00:23 Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html Reference: BID:1173 Reference: URL:http://www.securityfocus.com/bid/1173 Reference: XF:netbsd-unaligned-ip-options NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option. Modifications: ADDREF FREEBSD:FreeBSD-SA-00:23 ADDREF XF:netbsd-unaligned-ip-options INFERRED ACTION: CAN-2000-0440 ACCEPT (6 accept, 2 ack, 0 review) Current Votes: ACCEPT(5) Levy, Ozancin, Prosser, Cole, Stracener MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:netbsd-unaligned-ip-options(4868) Christey> ADDREF FREEBSD:FreeBSD-SA-00:23 http://archives.neohapsis.com/archives/freebsd/2000-06/0193.html ====================================================== Candidate: CAN-2000-0443 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0443 Final-Decision: Interim-Decision: 20001011 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html Reference: XF:hp-jetadmin-directory-traversal Reference: BID:1243 Reference: URL:http://www.securityfocus.com/bid/1243 The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0443 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Frech, Stracener NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2000-0445 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0445 Final-Decision: Interim-Decision: 20001011 Modified: 20001009-01 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html Reference: CERT:CA-2000-09 Reference: URL:http://www.cert.org/advisories/CA-2000-09.html Reference: BID:1251 Reference: URL:http://www.securityfocus.com/bid/1251 Reference: XF:pgp-key-predictable The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys. Modifications: ADDREF CERT:CA-2000-09 ADDREF XF:pgp-key-predictable INFERRED ACTION: CAN-2000-0445 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Levy, Cole, Stracener MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Frech> XF:pgp-key-predictable Christey> ADDREF CERT:CA-2000-09 ADDREF http://www.securityfocus.com/templates/advisory.html?id=2296 ====================================================== Candidate: CAN-2000-0446 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0446 Final-Decision: Interim-Decision: 20001011 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000524 Remote xploit for MDBMS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html Reference: XF:mdbms-bo Reference: BID:1252 Reference: URL:http://www.securityfocus.com/bid/1252 Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string. INFERRED ACTION: CAN-2000-0446 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Frech, Stracener NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2000-0447 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0447 Final-Decision: Interim-Decision: 20001011 Modified: Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net Reference: XF:nai-webshield-bo Reference: BID:1254 Reference: URL:http://www.securityfocus.com/bid/1254 Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service. INFERRED ACTION: CAN-2000-0447 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Frech, Stracener NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2000-0448 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0448 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net Reference: XF:nai-webshield-getconfig Reference: BID:1253 Reference: URL:http://www.securityfocus.com/bid/1253 The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command. Modifications: DELREF XF:nai-webshield-config-mod ADDREF XF:nai-webshield-getconfig INFERRED ACTION: CAN-2000-0448 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Stracener MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Frech> DELREF XF:nai-webshield-config-mod (it's obsolete) ADDREF XF:nai-webshield-getconfig Comment: The Delphis advisory describes two bugs. See XF:nai-webshield-setconfig or from the Delphis advisory: Secondly if you pass an oversized buffer of 208 bytes or more within one of the configuration parameters (there may be more) the service will crash overwriting the stack but and the EIP (208 + 4) with what ever was passed within the parameter. SET_CONFIG<CR> Quarantine_Path='Ax208'+ EIP Christey> With respect to the buffer overflow that Andre is referring to, that's CAN-2000-0447. ====================================================== Candidate: CAN-2000-0451 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0451 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html Reference: XF:intel-8100-remote-dos Reference: BID:1228 Reference: URL:http://www.securityfocus.com/bid/1228 The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets. Modifications: ADDREF XF:intel-8100-remote-dos INFERRED ACTION: CAN-2000-0451 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Stracener MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Ozancin, Cole Voter Comments: Frech> XF:intel-8100-remote-dos ====================================================== Candidate: CAN-2000-0458 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0458 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000424 Two Problems in IMP 2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2 Reference: BID:1360 Reference: XF:imp-tmpfile-view The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information. Modifications: ADDREF BID:1360 INFERRED ACTION: CAN-2000-0458 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Levy, Ozancin, Frech, Cole NOOP(3) Prosser, Christey, Stracener REVIEWING(1) Armstrong Voter Comments: Christey> ADDREF BID:1360 CHANGE> [Levy changed vote from REVIEWING to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> See imp-2.2.2/docs/CHANGES in ftp://ftp.horde.org/pub/imp/tarballs/imp-2.2.2.tar.gz Under the v2.2.0-pre11 section, the only apparent fix could be "Set the umask ($default->umask) for the current process." This is confirmed in imp-2.2.2/config/defaults.php3.dist ====================================================== Candidate: CAN-2000-0459 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0459 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000615 Assigned: 20000614 Category: SF Reference: BUGTRAQ:20000424 Two Problems in IMP 2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2 Reference: BID:1361 Reference: XF:imp-wordfile-dos IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request. Modifications: ADDREF BID:1361 INFERRED ACTION: CAN-2000-0459 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Levy, Ozancin, Frech, Cole NOOP(3) Prosser, Christey, Stracener REVIEWING(1) Armstrong Voter Comments: Christey> ADDREF BID:1361 CHANGE> [Levy changed vote from REVIEWING to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> See imp-2.2.2/docs/CHANGES in ftp://ftp.horde.org/pub/imp/tarballs/imp-2.2.2.tar.gz Under the v2.2.1 section, the vendor says "fix file upload vulnerability." This is probably acknowledgement of this problem. ====================================================== Candidate: CAN-2000-0467 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0467 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Splitvt exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html Reference: DEBIAN:20000605 root exploit in splitvt Reference: URL:http://www.debian.org/security/2000/20000605a Reference: BID:1346 Reference: URL:http://www.securityfocus.com/bid/1346 Reference: splitvt-screen-lock-bo Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function. Modifications: ADDREF splitvt-screen-lock-bo INFERRED ACTION: CAN-2000-0467 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:splitvt-screen-lock-bo(4977) ====================================================== Candidate: CAN-2000-0468 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0468 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000@nofud.nwest.attws.com Reference: BID:1302 Reference: URL:http://www.securityfocus.com/bid/1302 Reference: hp-man-file-overwrite man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack. Modifications: ADDREF hp-man-file-overwrite INFERRED ACTION: CAN-2000-0468 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:hp-man-file-overwrite(4590) ====================================================== Candidate: CAN-2000-0470 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0470 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html Reference: BID:1290 Reference: URL:http://www.securityfocus.com/bid/1290 Reference: rompager-malformed-dos Reference: URL:http://xforce.iss.net/static/4588.php Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request. Modifications: ADDREF rompager-malformed-dos INFERRED ACTION: CAN-2000-0470 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(4) Armstrong, Wall, LeBlanc, Ozancin Voter Comments: Frech> XF:rompager-malformed-dos(4588) CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0474 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0474 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html Reference: BID:1288 Reference: URL:http://www.securityfocus.com/bid/1288 Reference: XF:realserver-malformed-remote-dos Reference: URL:http://xforce.iss.net/static/4587.php Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory. Modifications: ADDREF realserver-malformed-remote-dos INFERRED ACTION: CAN-2000-0474 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Voter Comments: Frech> XF:realserver-malformed-remote-dos(4587) ====================================================== Candidate: CAN-2000-0481 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0481 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: VULN-DEV:20000601 Kmail heap overflow Reference: URL:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez Reference: BID:1380 Reference: URL:http://www.securityfocus.com/bid/1380 Reference: XF:kde-kmail-attachment-dos Reference: URL:http://xforce.iss.net/static/4993.php Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name. Modifications: ADDREF XF:kde-kmail-attachment-dos INFERRED ACTION: CAN-2000-0481 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:kde-kmail-attachment-dos() ====================================================== Candidate: CAN-2000-0486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0486 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html Reference: BID:1293 Reference: URL:http://www.securityfocus.com/bid/1293 Reference: XF:tacacsplus-packet-length-dos Reference: URL:http://xforce.iss.net/static/4985.php Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field. Modifications: ADDREF XF:tacacsplus-packet-length-dos INFERRED ACTION: CAN-2000-0486 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:tacacsplus-packet-length-dos(4985) ====================================================== Candidate: CAN-2000-0489 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0489 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:19990826 Local DoS in FreeBSD Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com Reference: BID:622 Reference: URL:http://www.securityfocus.com/bid/622 Reference: XF:bsd-setsockopt-dos Reference: URL:http://xforce.iss.net/static/3298.php FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers. Modifications: ADDREF XF:bsd-setsockopt-dos INFERRED ACTION: CAN-2000-0489 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:bsd-setsockopt-dos(3298) ====================================================== Candidate: CAN-2000-0490 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0490 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 Netwin's Dmail package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html Reference: CONFIRM:http://netwinsite.com/dmail/security.htm Reference: BID:1297 Reference: URL:http://www.securityfocus.com/bid/1297 Reference: XF:dmail-etrn-dos Reference: URL:http://xforce.iss.net/static/4579.php Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request. Modifications: ADDREF CONFIRM:http://netwinsite.com/dmail/security.htm ADDREF XF:dmail-etrn-dos INFERRED ACTION: CAN-2000-0490 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Christey Voter Comments: Frech> XFdmail-etrn-dos(4579) CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> CONFIRM:http://netwinsite.com/dmail/security.htm ACKNOWLEDGEMENT: Under FAQs/HowTos is a "Security Mailout Page" at http://netwinsite.com/dmail/security.htm See "DMAIL Security Fault Notice 5 June 2000." section that says: "A fault was reported that allows root access to be gained." Since the initial disclosure was on June 1, this is probably the issue. More confirmation is in the following statement: On Linux to find out if your system has been attacked do this: grep "etrn" /usr/local/dmail/dwatch/*.ded ====================================================== Candidate: CAN-2000-0493 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0493 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: VULN-DEV:20000601 Vulnerability in SNTS Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html Reference: BID:1289 Reference: URL:http://www.securityfocus.com/bid/1289 Reference: XF:timesync-bo-execute Reference: URL:http://xforce.iss.net/static/4602.php Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string. Modifications: ADDREF XF:timesync-bo-execute DESC [add execute commands possibility] INFERRED ACTION: CAN-2000-0493 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:timesync-bo-execute(4602) Description does not match references; please consider revising. From all references, this seems more like a buffer overflow with the ability to remotely run arbitrary code, rather than a DoS that infers only an abnormal termination outcome, and not subsequent actions. ====================================================== Candidate: CAN-2000-0495 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0495 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: MS:MS00-038 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-038.asp Reference: BID:1282 Reference: URL:http://www.securityfocus.com/bid/1282 Reference: XF:ms-malformed-media-dos Reference: URL:http://xforce.iss.net/static/4585.php Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability. Modifications: ADDREF XF:ms-malformed-media-dos INFERRED ACTION: CAN-2000-0495 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Levy, Wall, LeBlanc MODIFY(1) Frech NOOP(1) Ozancin Voter Comments: Frech> XF:ms-malformed-media-dos(4585) ====================================================== Candidate: CAN-2000-0505 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0505 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com Reference: BID:1284 Reference: URL:http://www.securityfocus.com/bid/1284 Reference: XF:ibm-http-file-retrieve Reference: URL:http://xforce.iss.net/static/4575.php The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters. Modifications: ADDREF XF:ibm-http-file-retrieve INFERRED ACTION: CAN-2000-0505 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Levy, Wall, Ozancin MODIFY(1) Frech NOOP(1) LeBlanc Voter Comments: Frech> XF:ibm-http-file-retrieve(4575) ====================================================== Candidate: CAN-2000-0507 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0507 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2 Reference: BID:1286 Reference: URL:http://www.securityfocus.com/bid/1286 Reference: XF:nt-webmail-dos Reference: URL:http://xforce.iss.net/static/4586.php Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command. Modifications: ADDREF XF:nt-webmail-dos INFERRED ACTION: CAN-2000-0507 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(4) Armstrong, Wall, LeBlanc, Ozancin Voter Comments: Frech> XF:nt-webmail-dos(4586) CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0517 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0517 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: CERT:CA-2000-08 Reference: URL:http://www.cert.org/advisories/CA-2000-08.html Reference: BID:1260 Reference: URL:http://www.securityfocus.com/bid/1260 Reference: XF:netscape-ssl-certificate Reference: URL:http://xforce.iss.net/static/4550.php Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information. Modifications: ADDREF XF:netscape-ssl-certificate INFERRED ACTION: CAN-2000-0517 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Levy, Wall, Ozancin MODIFY(1) Frech NOOP(1) LeBlanc Voter Comments: Frech> XF:netscape-ssl-certificate(4550) ====================================================== Candidate: CAN-2000-0518 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0518 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: MS:MS00-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp Reference: BID:1309 Reference: URL:http://www.securityfocus.com/bid/1309 Reference: XF:ie-invalid-frame-image-certificate Reference: URL:http://xforce.iss.net/static/4624.php Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities. Modifications: ADDREF XF:ie-invalid-frame-image-certificate DESC generalize to include other versions INFERRED ACTION: CAN-2000-0518 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, LeBlanc MODIFY(2) Wall, Frech NOOP(1) Ozancin Voter Comments: Wall> Include IE 4.01 and IE 5.01 Frech> XF:ie-invalid-frame-image-certificate(4624) ====================================================== Candidate: CAN-2000-0519 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0519 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: MS:MS00-039 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-039.asp Reference: BID:1309 Reference: URL:http://www.securityfocus.com/bid/1309 Reference: XF:ie-revalidate-certificate Reference: URL:http://xforce.iss.net/static/4627.php Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities. Modifications: ADDREF XF:ie-revalidate-certificate DESC generalize to include other versions INFERRED ACTION: CAN-2000-0519 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, LeBlanc MODIFY(2) Wall, Frech NOOP(1) Ozancin Voter Comments: Wall> Include IE 4.01 and IE 5.01 Frech> XF:ie-revalidate-certificate(4627) ====================================================== Candidate: CAN-2000-0521 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0521 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html Reference: BID:1313 Reference: URL:http://www.securityfocus.com/bid/1313 Reference: XF:savant-source-read Reference: URL:http://xforce.iss.net/static/4616.php Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number. Modifications: ADDREF savant-source-read(4616) INFERRED ACTION: CAN-2000-0521 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:savant-source-read(4616) ====================================================== Candidate: CAN-2000-0530 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0530 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000531 KDE::KApplication feature? Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html Reference: CALDERA:CSSA-2000-015.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-015.0.txt Reference: BID:1291 Reference: URL:http://www.securityfocus.com/bid/1291 Reference: XF:kde-configuration-file-creation Reference: URL:http://xforce.iss.net/static/4583.php The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files. Modifications: ADDREF XF:kde-configuration-file-creation INFERRED ACTION: CAN-2000-0530 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:kde-configuration-file-creation(4583) ====================================================== Candidate: CAN-2000-0536 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0536 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: CONFIRM:http://www.synack.net/xinetd/ Reference: DEBIAN:20000619 xinetd: bug in access control mechanism Reference: URL:http://www.debian.org/security/2000/20000619 Reference: BID:1381 Reference: URL:http://www.securityfocus.com/bid/1381 Reference: XF:xinetd-improper-restrictions Reference: URL:http://xforce.iss.net/static/4986.php xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry. Modifications: ADDREF XF:xinetd-improper-restrictions INFERRED ACTION: CAN-2000-0536 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Frech> XF:xinetd-improper-restrictions(4986) Christey> http://www.debian.org/security/2000/20000619 ====================================================== Candidate: CAN-2000-0537 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0537 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000606 BRU Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html Reference: CALDERA:CSSA-2000-018.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt Reference: BID:1321 Reference: URL:http://www.securityfocus.com/bid/1321 Reference: XF:bru-execlog-env-variable Reference: URL:http://xforce.iss.net/static/4644.php BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable. Modifications: ADDREF XF:bru-execlog-env-variable INFERRED ACTION: CAN-2000-0537 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:bru-execlog-env-variable(4644) ====================================================== Candidate: CAN-2000-0553 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0553 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: unknown Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html Reference: BID:1308 Reference: URL:http://www.securityfocus.com/bid/1308 Reference: XF:ipfilter-firewall-race-condition Reference: URL:http://xforce.iss.net/static/4994.php Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions. Modifications: ADDREF XF:ipfilter-firewall-race-condition INFERRED ACTION: CAN-2000-0553 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:ipfilter-firewall-race-condition(4994) ====================================================== Candidate: CAN-2000-0556 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0556 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html Reference: BID:1319 Reference: URL:http://www.securityfocus.com/bid/1319 Reference: XF:cmail-long-username-dos Reference: URL:http://xforce.iss.net/static/4625.php Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002. Modifications: ADDREF cmail-long-username-dos(4625) INFERRED ACTION: CAN-2000-0556 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Voter Comments: Frech> XF:cmail-long-username-dos(4625) ====================================================== Candidate: CAN-2000-0557 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0557 Final-Decision: Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html Reference: BID:1318 Reference: URL:http://www.securityfocus.com/bid/1318 Reference: XF:cmail-get-overflow-execute Reference: URL:http://xforce.iss.net/static/4626.php Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request. Modifications: ADDREF XF:cmail-get-overflow-execute INFERRED ACTION: CAN-2000-0557 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(4) Armstrong, Wall, LeBlanc, Ozancin Voter Comments: Frech> XF:cmail-get-overflow-execute(4626)
|
||||
