|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 68 recent candidates from RECENT-23 to RECENT-27
I have made a Final Decision to ACCEPT the following candidates from the RECENT-23 through RECENT-27 clusters. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-2000-0466 CVE-2000-0466 CAN-2000-0469 CVE-2000-0469 CAN-2000-0471 CVE-2000-0471 CAN-2000-0472 CVE-2000-0472 CAN-2000-0475 CVE-2000-0475 CAN-2000-0477 CVE-2000-0477 CAN-2000-0478 CVE-2000-0478 CAN-2000-0482 CVE-2000-0482 CAN-2000-0483 CVE-2000-0483 CAN-2000-0484 CVE-2000-0484 CAN-2000-0485 CVE-2000-0485 CAN-2000-0494 CVE-2000-0494 CAN-2000-0497 CVE-2000-0497 CAN-2000-0499 CVE-2000-0499 CAN-2000-0500 CVE-2000-0500 CAN-2000-0501 CVE-2000-0501 CAN-2000-0506 CVE-2000-0506 CAN-2000-0508 CVE-2000-0508 CAN-2000-0510 CVE-2000-0510 CAN-2000-0511 CVE-2000-0511 CAN-2000-0512 CVE-2000-0512 CAN-2000-0513 CVE-2000-0513 CAN-2000-0514 CVE-2000-0514 CAN-2000-0515 CVE-2000-0515 CAN-2000-0516 CVE-2000-0516 CAN-2000-0522 CVE-2000-0522 CAN-2000-0525 CVE-2000-0525 CAN-2000-0528 CVE-2000-0528 CAN-2000-0529 CVE-2000-0529 CAN-2000-0532 CVE-2000-0532 CAN-2000-0533 CVE-2000-0533 CAN-2000-0534 CVE-2000-0534 CAN-2000-0538 CVE-2000-0538 CAN-2000-0539 CVE-2000-0539 CAN-2000-0540 CVE-2000-0540 CAN-2000-0548 CVE-2000-0548 CAN-2000-0549 CVE-2000-0549 CAN-2000-0550 CVE-2000-0550 CAN-2000-0552 CVE-2000-0552 CAN-2000-0555 CVE-2000-0555 CAN-2000-0558 CVE-2000-0558 CAN-2000-0561 CVE-2000-0561 CAN-2000-0566 CVE-2000-0566 CAN-2000-0567 CVE-2000-0567 CAN-2000-0571 CVE-2000-0571 CAN-2000-0579 CVE-2000-0579 CAN-2000-0582 CVE-2000-0582 CAN-2000-0583 CVE-2000-0583 CAN-2000-0584 CVE-2000-0584 CAN-2000-0585 CVE-2000-0585 CAN-2000-0586 CVE-2000-0586 CAN-2000-0587 CVE-2000-0587 CAN-2000-0588 CVE-2000-0588 CAN-2000-0591 CVE-2000-0591 CAN-2000-0594 CVE-2000-0594 CAN-2000-0595 CVE-2000-0595 CAN-2000-0596 CVE-2000-0596 CAN-2000-0597 CVE-2000-0597 CAN-2000-0598 CVE-2000-0598 CAN-2000-0599 CVE-2000-0599 CAN-2000-0601 CVE-2000-0601 CAN-2000-0602 CVE-2000-0602 CAN-2000-0603 CVE-2000-0603 CAN-2000-0604 CVE-2000-0604 CAN-2000-0610 CVE-2000-0610 CAN-2000-0611 CVE-2000-0611 CAN-2000-0613 CVE-2000-0613 CAN-2000-0616 CVE-2000-0616 ====================================================== Candidate: CAN-2000-0466 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0466 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000620 Category: SF Reference: ISS:20000620 Insecure call of external program in AIX cdmount Reference: URL:http://xforce.iss.net/alerts/advise55.php Reference: XF:aix-cdmount-insecure-call Reference: BID:1384 Reference: URL:http://www.securityfocus.com/bid/1384 AIX cdmount allows local users to gain root privileges via shell metacharacters. Modifications: ADDREF XF:aix-cdmount-insecure-call INFERRED ACTION: CAN-2000-0466 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:aix-cdmount-insecure-call Frech> XF:aix-cdmount-insecure-call(4724) ====================================================== Candidate: CAN-2000-0469 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0469 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net Reference: BID:1347 Reference: URL:http://www.securityfocus.com/bid/1347 Reference: XF:webbanner-input-validation-exe Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:webbanner-input-validation-exe INFERRED ACTION: CAN-2000-0469 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:webbanner-input-validation-exe Frech> XF:webbanner-input-validation-exe(4696) ====================================================== Candidate: CAN-2000-0471 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0471 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html Reference: SUNBUG:4339366 Reference: BID:1348 Reference: URL:http://www.securityfocus.com/bid/1348 Reference: XF:sol-ufsrestore-bo Reference: URL:http://xforce.iss.net/static/4711.php Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. Modifications: ADDREF XF:sol-ufsrestore-bo ADDREF SUNBUG:4339366 INFERRED ACTION: CAN-2000-0471 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Ozancin, Dik, Cole MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Armstrong Voter Comments: Christey> XF:sol-ufsrestore-bo Frech> XF:sol-ufsrestore-bo(4711) Dik> sun bug: 4339366 ====================================================== Candidate: CAN-2000-0472 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0472 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html Reference: CALDERA:CSSA-2000-016.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt Reference: BUGTRAQ:20000707 inn update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html Reference: BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html Reference: BUGTRAQ:20000722 MDKSA-2000:023 inn update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html Reference: BID:1316 Reference: URL:http://www.securityfocus.com/bid/1316 Reference: XF:innd-cancel-overflow Reference: URL:http://xforce.iss.net/static/4615.php Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID. Modifications: ADDREF BUGTRAQ:20000607 inn update ADDREF BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available ADDREF BUGTRAQ:20000722 MDKSA-2000:023 inn update ADDREF XF:innd-cancel-overflow INFERRED ACTION: CAN-2000-0472 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> Add Mandrake confirmation from: http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html Christey> http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html Christey> ADDREF BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html ADDREF BUGTRAQ:20000722 MDKSA-2000:023 inn update URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html Frech> XF:innd-cancel-overflow(4615) ====================================================== Candidate: CAN-2000-0475 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0475 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: MS:MS00-020 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-020.asp Reference: BID:1350 Reference: URL:http://www.securityfocus.com/bid/1350 Reference: XF:win2k-desktop-separation Reference: URL:http://xforce.iss.net/static/4714.php Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability. Modifications: ADDREF XF:win2k-desktop-separation INFERRED ACTION: CAN-2000-0475 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> ADDREF XF:win2k-desktop-separation Frech> XF:win2k-desktop-separation(4714) ====================================================== Candidate: CAN-2000-0477 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0477 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0316.html Reference: BID:1351 Reference: URL:http://www.securityfocus.com/bid/1351 Reference: XF:antivirus-nav-zip-bo Reference: URL:http://xforce.iss.net/static/4710.php Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names. Modifications: ADDREF XF:antivirus-nav-zip-bo INFERRED ACTION: CAN-2000-0477 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Prosser MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:antivirus-nav-zip-bo Frech> XF:antivirus-nav-zip-bo(4710) Prosser> This problem along with CAN-2000-0478 was verified by the NAVMSE team in the same message, ref Bugtraq message, Wed Jun 28 2000 09:31:49 Subj: Re: Vulnerabilities in Norton Antivirus for Exchange with fix coded in NAVMSE 2.1. ====================================================== Candidate: CAN-2000-0478 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0478 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html Reference: BID:1351 Reference: URL:http://www.securityfocus.com/bid/1351 Reference: XF:antivirus-nav-fail-open Reference: URL:http://xforce.iss.net/static/4709.php In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server. Modifications: ADDREF XF:antivirus-nav-fail-open INFERRED ACTION: CAN-2000-0478 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Prosser MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:antivirus-nav-fail-open Frech> XF:antivirus-nav-fail-open(4709) Prosser> This was verified by the NAVMSE team, ref Bugtraq message, Wed Jun 28 2000 09:31:49 Subj: Re: Vulnerabilities in Norton Antivirus for Exchange with fix coded in NAVMSE 2.1. ====================================================== Candidate: CAN-2000-0482 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0482 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation Reference: BID:1312 Reference: URL:http://www.securityfocus.com/bid/1312 Reference: XF:fw1-packet-fragment-dos Reference: URL:http://xforce.iss.net/static/4609.php Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets. Modifications: DESC [correct spelling for FireWall-1] ADDREF CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation ADDREF XF:fw1-packet-fragment-dos INFERRED ACTION: CAN-2000-0482 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Frech> XF:fw1-packet-fragment-dos(4609) Check Point's product in question is spelled FireWall-1. Christey> It looks like this is confirmed by Check Point in: http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation ====================================================== Candidate: CAN-2000-0483 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0483 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert Reference: REDHAT:RHSA-2000:038-01 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2350 Reference: FREEBSD:FreeBSD-SA-00:38 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc Reference: BUGTRAQ:20000728 MDKSA-2000:026 Zope update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br Reference: BID:1354 Reference: URL:http://www.securityfocus.com/bid/1354 Reference: XF:zope-dtml-remote-modify Reference: URL:http://xforce.iss.net/static/4716.php The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization. Modifications: ADDREF XF:zope-dtml-remote-modify ADDREF BUGTRAQ:20000728 MDKSA-2000:026 Zope update ADDREF FREEBSD:FreeBSD-SA-00:38 DESC [add version info] INFERRED ACTION: CAN-2000-0483 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:zope-dtml-remote-modify Frech> XF:zope-dtml-remote-modify(4716) Christey> ADDREF BUGTRAQ:20000728 MDKSA-2000:026 Zope update http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html ADDREF FREEBSD:FreeBSD-SA-00:38 URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc Add affected versions, too. ====================================================== Candidate: CAN-2000-0484 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0484 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2 Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2 Reference: BID:1355 Reference: URL:http://www.securityfocus.com/bid/1355 Reference: XF:small-http-get-overflow-dos Reference: URL:http://xforce.iss.net/static/4692.php Buffer overflow in Small HTTP Server allows remote attackers to cause a denial of service via a long GET request. Modifications: ADDREF XF:small-http-get-overflow-dos INFERRED ACTION: CAN-2000-0484 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Wall, Cole MODIFY(1) Frech NOOP(3) Armstrong, Ozancin, Christey Voter Comments: Christey> XF:small-http-get-overflow-dos Frech> XF:small-http-get-overflow-dos(4692) Wall> Confirmed by UssrLabs for version 1.212 of Small HTTP Server. ====================================================== Candidate: CAN-2000-0485 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0485 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000530 Fw: Steal Passwords Using SQL Server EM Reference: URL:http://www.securityfocus.com/archive/1/62771 Reference: MS:MS00-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp Reference: BID:1292 Reference: URL:http://www.securityfocus.com/bid/1292 Reference: XF:mssql-dts-reveal-passwords Reference: URL:http://xforce.iss.net/static/4582.php Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability. Modifications: ADDREF XF:mssql-dts-reveal-passwords INFERRED ACTION: CAN-2000-0485 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> mssql-dts-reveal-passwords(4582) Christey> ADDREF http://www.securityfocus.com/templates/archive.pike?list=1&msg=002201bfca52$9ce75ac0$78779dd0@adscorp.com Christey> There are 2 different dialogs which allow you to get to the database passwords; one is captured in CAN-2000-0485, and the other in CAN-2000-0485. CD:SF-LOC suggests keeping these split. ====================================================== Candidate: CAN-2000-0494 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0494 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html Reference: CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm Reference: BID:1356 Reference: URL:http://www.securityfocus.com/bid/1356 Reference: XF:veritas-volume-manager Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script. Modifications: ADDREF XF:veritas-volume-manager ADDREF CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm INFERRED ACTION: CAN-2000-0494 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Armstrong, Ozancin, Christey, Cole Voter Comments: Frech> XF:veritas-volume-manager(5009) Christey> CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm This is dated September 1, 2000 and has TechNote ID 230053. Confirmation text is: VERITAS has uncovered a security issue ... Since the umask at boot time for Solaris versions prior to 2.8 is 000, the permissions for files such as /var/opt/vmsa/logs/.server_pids are set to 666. This allows any user to enter commands in this file, and these commands will be executed when vmsa_server is stopped by an administrator. System security is compromised as a result. ====================================================== Candidate: CAN-2000-0497 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0497 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html Reference: BID:1328 Reference: URL:http://www.securityfocus.com/bid/1328 Reference: XF:websphere-jsp-source-read IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Modifications: ADDREF XF:websphere-jsp-source-read INFERRED ACTION: CAN-2000-0497 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Ozancin, Christey Voter Comments: Christey> XF:websphere-jsp-source-read Frech> XF:websphere-jsp-source-read(4697) ====================================================== Candidate: CAN-2000-0499 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0499 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: CF Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm Reference: CONFIRM:http://developer.bea.com/alerts/security_000612.html Reference: BID:1328 Reference: URL:http://www.securityfocus.com/bid/1328 Reference: XF:weblogic-jsp-source-read Reference: URL:http://xforce.iss.net/static/4694.php The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Modifications: ADDREF XF:weblogic-jsp-source-read ADDREF CONFIRM:http://developer.bea.com/alerts/security_000612.html DESC change to identify as configuration problem, add versions INFERRED ACTION: CAN-2000-0499 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Ozancin, Christey Voter Comments: Frech> XF:weblogic-jsp-source-read(4694) In description, change to: "by requesting a URL that ..." Christey> CONFIRM:http://developer.bea.com/alerts/security_000612.html Christey> Change description to reflect that this is a default configuration problem. CONFIRM:http://developer.bea.com/alerts/security_000612.html ====================================================== Candidate: CAN-2000-0500 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0500 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: CF Reference: CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2 Reference: BID:1378 Reference: URL:http://www.securityfocus.com/bid/1378 Reference: XF:weblogic-file-source-read Reference: URL:http://xforce.iss.net/static/4775.php The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing. Modifications: ADDREF CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file ADDREF XF:weblogic-file-source-read INFERRED ACTION: CAN-2000-0500 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file Frech> XF:weblogic-file-source-read(4775) Christey> Change description to reflect that this is a default configuration problem. CONFIRM:http://developer.bea.com/alerts/security_000621.html ====================================================== Candidate: CAN-2000-0501 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0501 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html Reference: BID:1366 Reference: URL:http://www.securityfocus.com/bid/1366 Reference: XF:mdaemon-pass-dos Reference: URL:http://xforce.iss.net/static/4745.php Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server. Modifications: ADDREF XF:mdaemon-pass-dos INFERRED ACTION: CAN-2000-0501 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Armstrong, Levy, Wall, Cole MODIFY(1) Frech NOOP(2) Ozancin, Christey Voter Comments: Christey> XF:mdaemon-pass-dos Frech> XF:mdaemon-pass-dos(4745) Wall> Vendor agrees and has put out a patch. CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0506 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0506 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl Reference: REDHAT:RHSA-2000:037-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-037-05.html Reference: TURBO:TLSA2000013-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-June/000012.html Reference: SGI:20000802-01-P Reference: URL:ftp://sgigate.sgi.com/security/20000802-01-P Reference: BUGTRAQ:20000609 Trustix Security Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html Reference: BID:1322 Reference: URL:http://www.securityfocus.com/bid/1322 Reference: XF:linux-kernel-capabilities The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability." Modifications: ADDREF REDHAT:RHSA-2000:037-05 ADDREF XF:linux-kernel-capabilities ADDREF SGI:20000802-01-P INFERRED ACTION: CAN-2000-0506 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> ADDREF REDHAT:RHSA-2000:037-05 URL:http://www.redhat.com/support/errata/RHSA-2000-037-05.html Frech> XF:linux-kernel-capabilities(4650) Christey> ADDREF SGI:20000802-01-P ftp://sgigate.sgi.com/security/20000802-01-P ====================================================== Candidate: CAN-2000-0508 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0508 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html Reference: BID:1372 Reference: URL:http://www.securityfocus.com/bid/1372 Reference: XF:linux-lockd-remote-dos Reference: URL:http://xforce.iss.net/static/5050.php rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request. Modifications: ADDREF XF:linux-lockd-remote-dos INFERRED ACTION: CAN-2000-0508 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:linux-lockd-remote-dos(5050) ====================================================== Candidate: CAN-2000-0510 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0510 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 Reference: XF:debian-cups-malformed-ipp Reference: URL:http://xforce.iss.net/static/4846.php CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request. Modifications: ADDREF XF:debian-cups-malformed-ipp INFERRED ACTION: CAN-2000-0510 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:debian-cups-malformed-ipp Frech> XF:debian-cups-posts(4846) ====================================================== Candidate: CAN-2000-0511 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0511 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 Reference: XF:debian-cups-posts Reference: URL:http://xforce.iss.net/static/4846.php CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request. Modifications: ADDREF XF:debian-cups-posts INFERRED ACTION: CAN-2000-0511 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech Voter Comments: Frech> XF:debian-cups-posts(4846) ====================================================== Candidate: CAN-2000-0512 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0512 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 Reference: XF:debian-cups-posts Reference: URL:http://xforce.iss.net/static/4846.php CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service. Modifications: ADDREF XF:debian-cups-posts INFERRED ACTION: CAN-2000-0512 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech Voter Comments: Frech> XF:debian-cups-posts(4846) ====================================================== Candidate: CAN-2000-0513 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0513 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 CUPS DoS Bugs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch Reference: BID:1373 Reference: URL:http://www.securityfocus.com/bid/1373 Reference: XF:debian-cups-posts Reference: URL:http://xforce.iss.net/static/4846.php CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password. Modifications: ADDREF XF:debian-cups-posts INFERRED ACTION: CAN-2000-0513 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech Voter Comments: Frech> XF:debian-cups-posts(4846) ====================================================== Candidate: CAN-2000-0514 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0514 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt Reference: BID:1374 Reference: URL:http://www.securityfocus.com/bid/1374 Reference: XF:kerberos-gssftpd-dos Reference: URL:http://xforce.iss.net/static/4734.php GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges. Modifications: ADDREF XF:kerberos-gssftpd-dos(4734) INFERRED ACTION: CAN-2000-0514 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:kerberos-gssftpd-dos Frech> XF:kerberos-gssftpd-dos(4734) ====================================================== Candidate: CAN-2000-0515 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0515 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: CF Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com Reference: BID:1327 Reference: URL:http://www.securityfocus.com/bid/1327 Reference: XF:hpux-snmp-daemon Reference: URL:http://xforce.iss.net/static/4643.php The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges. Modifications: ADDREF XF:hpux-snmp-daemon INFERRED ACTION: CAN-2000-0515 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:hpux-snmp-daemon(4643) ====================================================== Candidate: CAN-2000-0516 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0516 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html Reference: BID:1329 Reference: URL:http://www.securityfocus.com/bid/1329 Reference: XF:shiva-plaintext-ldap-password Reference: URL:http://xforce.iss.net/static/4612.php When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server. Modifications: ADDREF XF:shiva-plaintext-ldap-password INFERRED ACTION: CAN-2000-0516 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:shiva-plaintext-ldap-password(4612) ====================================================== Candidate: CAN-2000-0522 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0522 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk Reference: CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt Reference: BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html Reference: BID:1332 Reference: URL:http://www.securityfocus.com/bid/1332 Reference: XF:aceserver-udp-packet-dos Reference: URL:http://xforce.iss.net/static/5053.php RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash. Modifications: ADDREF CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt ADDREF BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability ADDREF XF:aceserver-udp-packet-dos INFERRED ACTION: CAN-2000-0522 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> ADDREF CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt ADDREF http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html Frech> XF:aceserver-udp-packet-dos(5053) ====================================================== Candidate: CAN-2000-0525 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0525 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used. Reference: URL:http://www.openbsd.org/errata.html#uselogin Reference: BID:1334 Reference: URL:http://www.securityfocus.com/bid/1334 Reference: XF:openssh-uselogin-remote-exec Reference: URL:http://xforce.iss.net/static/4646.php OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon. Modifications: ADDREF XF:openssh-uselogin-remote-exec INFERRED ACTION: CAN-2000-0525 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> XF:openssh-uselogin-remote-exec http://archives.neohapsis.com/archives/freebsd/2000-07/0040.html Frech> XF:openssh-uselogin-remote-exec(4646) ====================================================== Candidate: CAN-2000-0528 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0528 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000619 Net Tools PKI server exploits Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt Reference: BID:1364 Reference: URL:http://www.securityfocus.com/bid/1364 Reference: XF:nettools-pki-unauthenticated-access Reference: URL:http://xforce.iss.net/static/4743.php Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files. Modifications: ADDREF XF:nettools-pki-unauthenticated-access INFERRED ACTION: CAN-2000-0528 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:nettools-pki-unauthenticated-access Frech> XF:nettools-pki-unauthenticated-access(4743) ====================================================== Candidate: CAN-2000-0529 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0529 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000619 Net Tools PKI server exploits Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt Reference: BID:1363 Reference: URL:http://www.securityfocus.com/bid/1363 Reference: XF:nettools-pki-http-bo Reference: URL:http://xforce.iss.net/static/4744.php Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request. Modifications: ADDREF XF:nettools-pki-http-bo INFERRED ACTION: CAN-2000-0529 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:nettools-pki-http-bo Frech> XF:nettools-pki-http-bo(4744) ====================================================== Candidate: CAN-2000-0532 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0532 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: CF Reference: FREEBSD:FreeBSD-SA-00:21 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html Reference: BID:1323 Reference: URL:http://www.securityfocus.com/bid/1323 Reference: XF:freebsd-ssh-ports Reference: URL:http://xforce.iss.net/static/4638.php A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered. Modifications: ADDREF XF:freebsd-ssh-ports INFERRED ACTION: CAN-2000-0532 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:freebsd-ssh-ports(4638) ====================================================== Candidate: CAN-2000-0533 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0533 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: SGI:20000601-01-P Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P Reference: BID:1379 Reference: URL:http://www.securityfocus.com/bid/1379 Reference: XF:irix-workshop-cvconnect-overwrite Reference: URL:http://xforce.iss.net/static/4725.php Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files. Modifications: ADDREF irix-workshop-cvconnect-overwrite(4725) INFERRED ACTION: CAN-2000-0533 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:irix-workshop-cvconnect-overwrite Frech> XF:irix-workshop-cvconnect-overwrite(4725) ====================================================== Candidate: CAN-2000-0534 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0534 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: FREEBSD:FreeBSD-SA-00:22 Security Advisory Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html Reference: BID:1325 Reference: URL:http://www.securityfocus.com/bid/1325 Reference: XF:apsfilter-elevate-privileges Reference: URL:http://xforce.iss.net/static/4617.php The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user. Modifications: ADDREF XF:apsfilter-elevate-privileges INFERRED ACTION: CAN-2000-0534 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin Voter Comments: Frech> XF:apsfilter-elevate-privileges(4617) ====================================================== Candidate: CAN-2000-0538 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0538 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2 Reference: ALLAIRE:ASB00-14 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full Reference: BID:1314 Reference: URL:http://www.securityfocus.com/bid/1314 Reference: XF:coldfusion-parse-dos Reference: URL:http://xforce.iss.net/static/4611.php ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password. Modifications: ADDREF XF:coldfusion-parse-dos INFERRED ACTION: CAN-2000-0538 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Wall, Ozancin MODIFY(1) Frech NOOP(1) LeBlanc Voter Comments: Frech> XF:coldfusion-parse-dos(4611) ====================================================== Candidate: CAN-2000-0539 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0539 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: ALLAIRE:ASB00-015 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full Reference: BID:1386 Reference: URL:http://www.securityfocus.com/bid/1386 Reference: XF:jrun-read-sample-files Reference: URL:http://xforce.iss.net/static/4774.php Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet. Modifications: ADDREF XF:jrun-read-sample-files INFERRED ACTION: CAN-2000-0539 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech Voter Comments: Frech> XF:jrun-read-sample-files(4774) ====================================================== Candidate: CAN-2000-0540 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0540 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: ALLAIRE:ASB00-015 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full Reference: BID:1386 Reference: URL:http://www.securityfocus.com/bid/1386 Reference: XF:jrun-read-sample-files Reference: URL:http://xforce.iss.net/static/4774.php JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information. Modifications: ADDREF XF:jrun-read-sample-files INFERRED ACTION: CAN-2000-0540 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech Voter Comments: Frech> XF:jrun-read-sample-files(4774) ====================================================== Candidate: CAN-2000-0548 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0548 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt Reference: CERT:CA-2000-11 Reference: URL:http://www.cert.org/advisories/CA-2000-11.html Reference: CIAC:K-051 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml Reference: XF:kerberos-emsg-bo Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function. Modifications: ADDREF XF:kerberos-emsg-bo DELREF BID:1338 INFERRED ACTION: CAN-2000-0548 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> ADDREF XF:kerberos-emsg-bo Frech> XF:kerberos-emsg-bo(4658) Shouldn't BID:1338 (Kerberos4 KDC AUTH_MSG_KDC_REQUEST NULL termination Vulnerability) be assigned to CAN-2000-0549? Christey> Andre's right, BID:1338 should be assigned to CAN-2000-0549. So which BID should this one get? ====================================================== Candidate: CAN-2000-0549 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0549 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt Reference: CERT:CA-2000-11 Reference: URL:http://www.cert.org/advisories/CA-2000-11.html Reference: CIAC:K-051 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request. INFERRED ACTION: CAN-2000-0549 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Ozancin MODIFY(2) Levy, Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> ADDREF BID:1464 URL:http://www.securityfocus.com/bid/1464 Frech> XF:kerberos-authmsgkdcrequests(4659) CHANGE> [Levy changed vote from REVIEWING to MODIFY] Levy> Remove reference to BID 1464. Add reference to BID 1338. ====================================================== Candidate: CAN-2000-0550 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0550 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt Reference: CERT:CA-2000-11 Reference: URL:http://www.cert.org/advisories/CA-2000-11.html Reference: CIAC:K-051 Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml Reference: XF:kerberos-free-memory Reference: BID:1465 Reference: URL:http://www.securityfocus.com/bid/1465 Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service. Modifications: ADDREF XF:kerberos-free-memory ADDREF BID:1465 INFERRED ACTION: CAN-2000-0550 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> XF:kerberos-free-memory Christey> ADDREF BID:1465 URL:http://www.securityfocus.com/bid/1465 Frech> XF:kerberos-free-memory(4660) CHANGE> [Levy changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0552 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0552 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html Reference: BID:1307 Reference: URL:http://www.securityfocus.com/bid/1307 Reference: XF:icq-temp-link Reference: URL:http://xforce.iss.net/static/4607.php ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information. Modifications: ADDREF XF:icq-temp-link INFERRED ACTION: CAN-2000-0552 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:icq-temp-link(4607) ====================================================== Candidate: CAN-2000-0555 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0555 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html Reference: BID:1320 Reference: URL:http://www.securityfocus.com/bid/1320 Reference: XF:ceilidh-post-dos Reference: URL:http://xforce.iss.net/static/4622.php Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests. Modifications: ADDREF XF:ceilidh-post-dos INFERRED ACTION: CAN-2000-0555 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> ADDREF XF:ceilidh-post-dos Frech> XF:ceilidh-post-dos(4622) ====================================================== Candidate: CAN-2000-0558 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0558 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html Reference: BID:1317 Reference: URL:http://www.securityfocus.com/bid/1317 Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345. INFERRED ACTION: CAN-2000-0558 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Ozancin MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Frech> XF:hp-openview-nnm-bo(4619) Christey> HP:HPSBUX0008-119 describes a vulnerability in NMM 6.1, but its sparse comments imply that the problem is related to web passwords, but there's no mention of that in the original Bugtraq post for this candidate. Christey> ADDREF HP:HPSBUX0009-122 URL:http://www.securityfocus.com/templates/advisory.html?id=2675 The advisory is pretty clearly related to this vulnerability. So, which one is HP:HPSBUX0008-119 addressing? ====================================================== Candidate: CAN-2000-0561 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0561 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html Reference: BID:1365 Reference: URL:http://www.securityfocus.com/bid/1365 Reference: XF:webbbs-get-request-overflow Reference: URL:http://xforce.iss.net/static/4742.php Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request. Modifications: ADDREF XF:webbbs-get-request-overflow INFERRED ACTION: CAN-2000-0561 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(3) Armstrong, Ozancin, Christey Voter Comments: Christey> XF:webbbs-get-request-overflow Frech> XF:webbbs-get-request-overflow(4742) CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0566 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0566 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000712 Category: SF Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis Reference: REDHAT:RHSA-2000:041-02 Reference: BID:1434 Reference: CALDERA:CSSA-2000-021.0 Reference: BUGTRAQ:20000707 [Security Announce] man update Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html Reference: XF:linux-man-makewhatis-tmp Reference: URL:http://xforce.iss.net/static/4900.php makewhatis in Linux man package allows local users to overwrite files via a symlink attack. Modifications: ADDREF XF:linux-man-makewhatis-tmp ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN INFERRED ACTION: CAN-2000-0566 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Magdych, Cole MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Frech> XF:linux-man-makewhatis-tmp(4900) Christey> ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html ====================================================== Candidate: CAN-2000-0567 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0567 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MS:MS00-043 Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients Reference: BID:1481 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1481 Reference: XF:outlook-date-overflow Reference: URL:http://xforce.iss.net/static/4953.php Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability. Modifications: ADDREF XF:outlook-date-overflow INFERRED ACTION: CAN-2000-0567 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, Magdych, Cole MODIFY(2) LeBlanc, Frech Voter Comments: LeBlanc> Need to add recent MS bulletin as reference Frech> XF:outlook-date-overflow(4953) ====================================================== Candidate: CAN-2000-0571 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0571 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com Reference: BID:1423 Reference: URL:http://www.securityfocus.com/bid/1423 Reference: XF:localweb-get-bo Reference: URL:http://xforce.iss.net/static/4896.php LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request. Modifications: ADDREF XF:localweb-get-bo INFERRED ACTION: CAN-2000-0571 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Magdych, Cole MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:localweb-get-bo(4896) ====================================================== Candidate: CAN-2000-0579 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0579 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html Reference: BID:1413 Reference: URL:http://www.securityfocus.com/bid/1413 Reference: XF:irix-cron-modify-crontab IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited. Modifications: ADDREF XF:irix-cron-modify-crontab INFERRED ACTION: CAN-2000-0579 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Blake, Ozancin, Cole MODIFY(1) Frech NOOP(3) Armstrong, Wall, LeBlanc REVIEWING(1) Magdych Voter Comments: Frech> XF:irix-cron-modify-crontab(5008) CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0582 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0582 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3] Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630162106.4619C-100000@fjord.fscinternet.com Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security Reference: XF:fw1-resource-overload-dos Reference: BID:1416 Reference: URL:http://www.securityfocus.com/bid/1416 Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy. Modifications: ADDREF CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security DESC Mention "invalid commands" instead of just binary zeros. INFERRED ACTION: CAN-2000-0582 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Frech, Cole NOOP(3) Wall, LeBlanc, Christey REVIEWING(1) Magdych Voter Comments: Christey> It looks like this is confirmed by Check Point in: http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security ====================================================== Candidate: CAN-2000-0583 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0583 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog Reference: BID:1418 Reference: URL:http://www.securityfocus.com/bid/1418 Reference: XF:vpopmail-format-string vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives. Modifications: ADDREF XF:vpopmail-format-string INFERRED ACTION: CAN-2000-0583 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Cole REVIEWING(1) Magdych Voter Comments: Frech> XF:vpopmail-format-string(5046) ====================================================== Candidate: CAN-2000-0584 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0584 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html Reference: DEBIAN:20000701 canna server: buffer overflow Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q2/0062.html Reference: FREEBSD:FreeBSD-SA-00:31 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1 Reference: BID:1445 Reference: URL:http://www.securityfocus.com/bid/1445 Reference: XF:canna-bin-execute-bo Reference: URL:http://xforce.iss.net/static/4912.php Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name. Modifications: ADDREF XF:canna-bin-execute-bo INFERRED ACTION: CAN-2000-0584 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Magdych MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Cole Voter Comments: Frech> XF:canna-bin-execute-bo(4912) ====================================================== Candidate: CAN-2000-0585 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0585 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root. Reference: URL:http://www.openbsd.org/errata.html#dhclient Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client Reference: URL:http://www.debian.org/security/2000/20000628 Reference: FREEBSD:FreeBSD-SA-00:34 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:34.dhclient.asc Reference: BUGTRAQ:20000702 [Security Announce] dhcp update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html Reference: SUSE:20000711 Security Hole in dhclient < 2.0 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_56.txt Reference: NETBSD:NetBSD-SA2000-008 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-008.txt.asc Reference: BID:1388 Reference: URL:http://www.securityfocus.com/bid/1388 Reference: XF:openbsd-isc-dhcp Reference: URL:http://xforce.iss.net/static/4772.php ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters. Modifications: DELREF XF:openbsd-isc-dhcp-bo ADDREF XF:openbsd-isc-dhcp ADDREF FREEBSD:FreeBSD-SA-00:34 INFERRED ACTION: CAN-2000-0585 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Magdych, Cole MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Frech> DELREF:XF:openbsd-isc-dhcp-bo ADDREF:XF:openbsd-isc-dhcp(4772) Christey> ADDREF FREEBSD:FreeBSD-SA-00:34 ====================================================== Candidate: CAN-2000-0586 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0586 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html Reference: XF:ircd-dalnet-summon-bo Reference: BID:1404 Reference: URL:http://www.securityfocus.com/bid/1404 Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command. INFERRED ACTION: CAN-2000-0586 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Frech, Magdych NOOP(3) Wall, LeBlanc, Cole ====================================================== Candidate: CAN-2000-0587 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0587 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: XF:glftpd-privpath-directive Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000@twix.thrijswijk.nl Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html Reference: BID:1401 Reference: URL:http://www.securityfocus.com/bid/1401 The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability. INFERRED ACTION: CAN-2000-0587 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Frech, Magdych NOOP(3) Wall, LeBlanc, Cole ====================================================== Candidate: CAN-2000-0588 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0588 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html Reference: BID:1402 Reference: URL:http://www.securityfocus.com/bid/1402 Reference: XF:sawmill-file-access SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands. INFERRED ACTION: CAN-2000-0588 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Frech NOOP(3) Wall, LeBlanc, Cole REVIEWING(1) Magdych ====================================================== Candidate: CAN-2000-0591 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0591 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0075.html Reference: BID:1432 Reference: URL:http://www.securityfocus.com/bid/1432 Reference: XF:bordermanager-bypass-url-restriction Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL. Modifications: ADDREF XF:bordermanager-bypass-url-restriction INFERRED ACTION: CAN-2000-0591 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(2) Wall, LeBlanc REVIEWING(1) Magdych Voter Comments: Frech> XF:bordermanager-bypass-url-restriction(4906) ====================================================== Candidate: CAN-2000-0594 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0594 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: VULN-DEV:20000704 BitchX /ignore bug Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html Reference: REDHAT:RHSA-2000:042-01 Reference: URL:http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D2383 Reference: FREEBSD:FreeBSD-SA-00:32 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html Reference: CALDERA:CSSA-2000-022.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt Reference: BUGTRAQ:20000707 BitchX update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html Reference: BID:1436 Reference: URL:http://www.securityfocus.com/bid/1436 Reference: XF:irc-bitchx-invite-dos Reference: URL:http://xforce.iss.net/static/4897.php BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters. Modifications: ADDREF XF:irc-bitchx-invite-dos INFERRED ACTION: CAN-2000-0594 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Magdych, Cole MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:irc-bitchx-invite-dos(4897) Caldera's advisory is at http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.tx t. In the interim, the Red Hat advisory is listed at http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3 D2383. ====================================================== Candidate: CAN-2000-0595 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0595 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: FREEBSD:FreeBSD-SA-00:24 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html Reference: BID:1437 Reference: URL:http://www.securityfocus.com/bid/1437 Reference: XF:bsd-libedit-editrc libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory. Modifications: ADDREF XF:bsd-libedit-editrc INFERRED ACTION: CAN-2000-0595 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(2) Wall, LeBlanc REVIEWING(1) Magdych Voter Comments: Frech> XF:bsd-libedit-editrc(4911) ====================================================== Candidate: CAN-2000-0596 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0596 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu Reference: MS:MS00-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp Reference: CERT:CA-2000-16 Reference: URL:http://www.cert.org/advisories/CA-2000-16.html Reference: XF:ie-access-vba-code-execute Reference: BID:1398 Reference: URL:http://www.securityfocus.com/bid/1398 Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability. Modifications: ADDREF CERT:CA-2000-16 INFERRED ACTION: CAN-2000-0596 FINAL (Final Decision 20001013) Current Votes: ACCEPT(6) Levy, Wall, LeBlanc, Frech, Magdych, Cole NOOP(1) Christey Voter Comments: Christey> ADDREF CERT:CA-2000-16 ====================================================== Candidate: CAN-2000-0597 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0597 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg Reference: MS:MS00-049 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp Reference: BID:1399 Reference: URL:http://www.securityfocus.com/bid/1399 Reference: XF:ie-powerpoint-activex-object-execute Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability. INFERRED ACTION: CAN-2000-0597 FINAL (Final Decision 20001013) Current Votes: ACCEPT(6) Levy, Wall, LeBlanc, Frech, Magdych, Cole ====================================================== Candidate: CAN-2000-0598 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0598 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html Reference: MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm Reference: BID:1395 Reference: URL:http://www.securityfocus.com/bid/1395 Reference: XF:fortech-proxy-telnet-gateway Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy. Modifications: DELREF XF:proxyplus-telnet-gateway ADDREF MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm INFERRED ACTION: CAN-2000-0598 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, Blake, Ozancin MODIFY(1) Frech NOOP(4) Armstrong, LeBlanc, Christey, Cole REVIEWING(1) Magdych Voter Comments: Frech> DELREF XF:proxyplus-telnet-gateway CHANGE> [Wall changed vote from NOOP to ACCEPT] Wall> Included in X-Force and USSR Lab advisories. Christey> Possible vendor acknowledgement in a Change Log dated July 7 2000, at http://www.proxyplus.cz/faq/articles/EN/art01002.htm "Version 2.40 #184 07.07.2000" section says: Solved bug which could cause incorrect Insecure Interfaces detection. Solved bug with evaluating Access List ClientIP and InterfaceIP objects. In some cases parameters of the objects were improperly compared with client/interface IP addresses. Without knowing the product, it's hard to tell if this could be fixing the problem the discloser identified or not. These fixes appear to happen within 2 weeks of the original post, so maybe this *is* fixing that problem. ====================================================== Candidate: CAN-2000-0599 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0599 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html Reference: MISC:http://www.imesh.com/download/download.html Reference: XF:imesh-tcp-port-overflow Reference: BID:1407 Reference: URL:http://www.securityfocus.com/bid/1407 Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port. Modifications: ADDREF MISC:http://www.imesh.com/download/download.html INFERRED ACTION: CAN-2000-0599 FINAL (Final Decision 20001013) Current Votes: ACCEPT(5) Levy, Wall, Blake, Frech, Cole NOOP(4) Armstrong, LeBlanc, Ozancin, Christey REVIEWING(1) Magdych Voter Comments: CHANGE> [Wall changed vote from NOOP to ACCEPT] Wall> SecuriTeam has perl exploit. Also included in X-Force and USSR Labs. CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> Possible acknowledgement at: http://www.imesh.com/download/download.html A news column says version 1.02 build 118 was released; since discloser said 1.02 builds 116 and 117 were affected, this could be a fix. Select "new features" link to go to http://www.imesh.com/download/download.html Release date is listed as June 20, but discloser's post was June 29. So, did vendor provide the patch contrary to what discloser said they were told? Under "client side:" section of new features, a comment says "Critical known issues have been solved." Not certain if these refer to security, and/or if they refer to discloser's vulnerability. Timing is interesting since discloser said the vendor was notified on June 18. ====================================================== Candidate: CAN-2000-0601 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0601 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000625 LeafChat Denial of Service Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net Reference: CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html Reference: XF:irc-leafchat-dos Reference: BID:1396 Reference: URL:http://www.securityfocus.com/bid/1396 LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages. Modifications: ADDREF CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html INFERRED ACTION: CAN-2000-0601 FINAL (Final Decision 20001013) Current Votes: ACCEPT(5) Levy, Wall, Blake, Frech, Cole NOOP(4) Armstrong, LeBlanc, Ozancin, Christey REVIEWING(1) Magdych Voter Comments: CHANGE> [Wall changed vote from NOOP to ACCEPT] Wall> Java exploit code at SecuriTeam. Other multiple references. CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html Statement in change log says: "Fixed (hopefully) some security flaws in message processing; invalid data received from server should now just be displayed to user [MDMA Crew]" Discloser identifies self as member of MDMA crew, so this is a confirmation. ====================================================== Candidate: CAN-2000-0602 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0602 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl Reference: XF:redhat-secure-locate-path Reference: BID:1385 Reference: URL:http://www.securityfocus.com/bid/1385 Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable. INFERRED ACTION: CAN-2000-0602 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Frech, Magdych NOOP(3) Wall, LeBlanc, Cole ====================================================== Candidate: CAN-2000-0603 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0603 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: MS:MS00-048 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-048.asp Reference: BID:1444 Reference: URL:http://www.securityfocus.com/bid/1444 Reference: XF:mssql-procedure-perms Reference: URL:http://xforce.iss.net/static/4921.php Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability. Modifications: ADDREF XF:mssql-procedure-perms INFERRED ACTION: CAN-2000-0603 FINAL (Final Decision 20001013) Current Votes: ACCEPT(5) Levy, Wall, LeBlanc, Magdych, Cole MODIFY(1) Frech Voter Comments: Frech> XF:mssql-procedure-perms(4921) ====================================================== Candidate: CAN-2000-0604 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0604 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000719 Assigned: 20000719 Category: CF Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl Reference: BID:1383 Reference: URL:http://www.securityfocus.com/bid/1383 Reference: XF:redhat-gkermit gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp. INFERRED ACTION: CAN-2000-0604 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Frech, Magdych NOOP(3) Wall, LeBlanc, Cole ====================================================== Candidate: CAN-2000-0610 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0610 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000623203007.00944760@qlink.queensu.ca Reference: BID:1390 Reference: URL:http://www.securityfocus.com/bid/1390 Reference: XF:netwin-dmailweb-newline Reference: URL:http://xforce.iss.net/static/4770.php NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return. Modifications: ADDREF XF:netwin-dmailweb-newline INFERRED ACTION: CAN-2000-0610 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Magdych MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Cole Voter Comments: Frech> XF:netwin-dmailweb-newline(4770) ====================================================== Candidate: CAN-2000-0611 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0611 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: CF Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html Reference: BID:1391 Reference: URL:http://www.securityfocus.com/bid/1391 Reference: XF:netwin-dmailweb-auth Reference: URL:http://xforce.iss.net/static/4771.php The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service. Modifications: ADDREF XF:netwin-dmailweb-auth INFERRED ACTION: CAN-2000-0611 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Magdych MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Cole Voter Comments: Frech> XF:netwin-dmailweb-auth(4771) ====================================================== Candidate: CAN-2000-0613 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0613 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml Reference: BID:1454 Reference: URL:http://www.securityfocus.com/bid/1454 Reference: XF:cisco-pix-firewall-tcp Reference: URL:http://xforce.iss.net/static/4928.php Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections. Modifications: ADDREF XF:cisco-pix-firewall-tcp INFERRED ACTION: CAN-2000-0613 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Magdych, Cole MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:cisco-pix-firewall-tcp(4928) ====================================================== Candidate: CAN-2000-0616 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0616 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: HP:HPSBMP0006-007 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html Reference: BID:1405 Reference: URL:http://www.securityfocus.com/bid/1405 Reference: XF:hp-turboimage-dbutil Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS. Modifications: ADDREF XF:hp-turboimage-dbutil INFERRED ACTION: CAN-2000-0616 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Cole REVIEWING(1) Magdych Voter Comments: Frech> XF:hp-turboimage-dbutil(4943)
|
||||
