|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-38 - 26 candidates
The following cluster contains 26 candidates that were announced between September 9 and September 18, 2000. Note that the voting web site will not be updated with this cluster until late tonight. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0834 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0834 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: CF Reference: ATSTAKE:A091400-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt Reference: MS:MS00-067 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-067.asp Reference: BID:1683 Reference: URL:http://www.securityfocus.com/bid/1683 Reference: XF:win2k-telnet-ntlm-authentication Reference: URL:http://xforce.iss.net/static/5242.php The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0834 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0852 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0852 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: FREEBSD:FreeBSD-SA-00:49 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html Reference: BID:1686 Reference: URL:http://www.securityfocus.com/bid/1686 Reference: XF:freebsd-eject-port Reference: URL:http://xforce.iss.net/static/5248.php Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. Analysis ---------------- ED_PRI CAN-2000-0852 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0863 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0863 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: FREEBSD:FreeBSD-SA-00:50 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges. Analysis ---------------- ED_PRI CAN-2000-0863 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0867 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000917 klogd format bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html Reference: REDHAT:RHSA-2000:061-02 Reference: DEBIAN:20000919 Reference: MANDRAKE:MDKSA-2000:050 Reference: CALDERA:CSSA-2000-032.0 Reference: XF:klogd-format-string Reference: URL:http://xforce.iss.net/static/5259.php Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. Analysis ---------------- ED_PRI CAN-2000-0867 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0883 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0883 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: CF Reference: MANDRAKE:MDKSA-2000:046 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html Reference: BID:1678 Reference: URL:http://www.securityfocus.com/bid/1678 Reference: XF:linux-mod-perl Reference: URL:http://xforce.iss.net/static/5257.php The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory. Analysis ---------------- ED_PRI CAN-2000-0883 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0829 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0829 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root Reference: URL:http://www.securityfocus.com/archive/1/81364 Reference: BID:1664 Reference: URL:http://www.securityfocus.com/bid/1664 Reference: XF:linux-tmpwatch-fork-dos Reference: URL:http://xforce.iss.net/static/5217.php The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/. Analysis ---------------- ED_PRI CAN-2000-0829 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0830 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0830 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: 20000913 trivial DoS in webTV Reference: URL:http://www.securityfocus.com/archive/1/81852 Reference: BID:1671 Reference: URL:http://www.securityfocus.com/bid/1671 Reference: XF:webtv-udp-dos Reference: URL:http://xforce.iss.net/static/5216.php annclist.exe in webTV allows a remote attacker to cause a denial of service by sending a large, malformed UDP packet to ports 22701 through 22705. Analysis ---------------- ED_PRI CAN-2000-0830 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0831 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0831 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: WIN2KSEC:20000912 DST2K0027: DoS in Faststream FTP++ 2.0 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0109.html Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long username. Analysis ---------------- ED_PRI CAN-2000-0831 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0833 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0833 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:2000911 WinSMTPD remote exploit/DoS problem Reference: URL:http://www.securityfocus.com/archive/1/81693 Reference: BID:1680 Reference: URL:http://www.securityfocus.com/bid/1680 Reference: XF:winsmtp-helo-bo Reference: URL:http://xforce.iss.net/static/5255.php Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to cause a denial of service via a long USER or HELO command. Analysis ---------------- ED_PRI CAN-2000-0833 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0835 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0835 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000915 Sambar Server search CGI vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0175.html Reference: BID:1684 Reference: URL:http://www.securityfocus.com/bid/1684 search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 allows remote attackers to read arbitrary directories by specifying the directory in the query paramater. Analysis ---------------- ED_PRI CAN-2000-0835 3 Vendor Acknowledgement: Content Decisions: EX-BETA INCLUSION: CD:EX-BETA says that CVE should not include problems in beta software that hasn't had widespread distribution. However, a Bugtraq thread in September 2000 indicated that some people even want to know about bugs in beta software. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0836 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0836 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000915 [NEWS] Vulnerability in CamShot server (Authorization) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0176.html Reference: BID:1685 Reference: URL:http://www.securityfocus.com/bid/1685 Reference: XF:camshot-password-bo Reference: URL:http://xforce.iss.net/static/5246.php Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to execute arbitrary commands via a long Authorization header. Analysis ---------------- ED_PRI CAN-2000-0836 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0838 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0838 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: WIN2KSEC:DST2K0028: DoS in FUR HTTP Server v1.0b Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0111.html Reference: XF:fur-get-dos Reference: URL:http://xforce.iss.net/static/5237.php Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request. Analysis ---------------- ED_PRI CAN-2000-0838 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0839 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0839 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0212.html Reference: BID:1701 Reference: URL:http://www.securityfocus.com/bid/1701 Reference: XF:wincom-lpd-dos Reference: URL:http://xforce.iss.net/static/5258.php WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service by sending a large number of LPD options to the LPD port (515). Analysis ---------------- ED_PRI CAN-2000-0839 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0842 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0842 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911 SCO scohelhttp documentation webserver exposes local files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0086.html Reference: BID:1663 Reference: URL:http://www.securityfocus.com/bid/1663 The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2000-0842 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0843 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0843 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000910 (SRADV00002) Remote root compromise through pam_smb and pam_ntdom Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0073.html Reference: DEBIAN:20000911 libpam-smb: remote root exploit Reference: URL:http://www.debian.org/security/2000/20000911 Reference: SUSE:20000913 pam_smb remotely exploitable buffer overflow Reference: URL:http://www.suse.de/de/support/security/adv8_draht_pam_smb_txt.txt Reference: MANDRAKE:MDKSA-2000:047 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-047.php3 Reference: BUGTRAQ:20000911 Conectiva Linux Security Announcement - pam_smb Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0114.html Reference: BID:1666 Reference: URL:http://www.securityfocus.com/bid/1666 Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules (PAM) allow remote attackers to execute arbitrary commands via a login with a long user name. Analysis ---------------- ED_PRI CAN-2000-0843 3 Vendor Acknowledgement: yes Content Decisions: SF-CODEBASE, SF-LOC, SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0845 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0845 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000918 [ENIGMA] Digital UNIX/Tru64 UNIX remote kdebug Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0204.html kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet. Analysis ---------------- ED_PRI CAN-2000-0845 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0848 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0848 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security Reference: BID:1691 Reference: URL:http://www.securityfocus.com/bid/1691 Reference: XF:websphere-header-dos Reference: URL:http://xforce.iss.net/static/5252.php Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. Analysis ---------------- ED_PRI CAN-2000-0848 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0850 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: ATSTAKE:A091100-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt Reference: BID:1681 Reference: URL:http://www.securityfocus.com/bid/1681 Reference: XF:siteminder-bypass-authentication Reference: URL:http://xforce.iss.net/static/5230.php Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. Analysis ---------------- ED_PRI CAN-2000-0850 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0853 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0853 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html Reference: BID:1668 Reference: URL:http://www.securityfocus.com/bid/1668 Reference: XF:yabb-file-access Reference: URL:http://xforce.iss.net/static/5254.php YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2000-0853 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0854 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0854 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0118.html Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html Reference: BID:1699 Reference: URL:http://www.securityfocus.com/bid/1699 Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. Analysis ---------------- ED_PRI CAN-2000-0854 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0857 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0857 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000909 format string bug in muh Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0067.html Reference: BUGTRAQ:20000909 Re: format string bug in muh Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0068.html Reference: BID:1665 Reference: URL:http://www.securityfocus.com/bid/1665 Reference: XF:muh-log-dos Reference: URL:http://xforce.iss.net/static/5215.php The logging capability in muh 2.05d IRC server does not properly cleanse user-injected format strings, which allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed nickname. Analysis ---------------- ED_PRI CAN-2000-0857 3 Vendor Acknowledgement: yes followup Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC might suggest that there should be at least 3 separate entries (based on the source code fixes posted in a followup), but it is not necesarily clear how to distinguish between the problems. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0865 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html Reference: BID:1697 Reference: URL:http://www.securityfocus.com/bid/1697 Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. Analysis ---------------- ED_PRI CAN-2000-0865 3 Vendor Acknowledgement: unknown claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0870 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0870 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html Reference: BID:1675 Reference: URL:http://www.securityfocus.com/bid/1675 Reference: XF:eftp-bo Reference: URL:http://xforce.iss.net/static/5219.php Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string. Analysis ---------------- ED_PRI CAN-2000-0870 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0871 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0871 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html Reference: BID:1677 Reference: URL:http://www.securityfocus.com/bid/1677 Reference: XF:eftp-newline-dos Reference: URL:http://xforce.iss.net/static/5220.php Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. Analysis ---------------- ED_PRI CAN-2000-0871 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0877 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0877 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html Reference: BID:1670 Reference: URL:http://www.securityfocus.com/bid/1670 Reference: XF:mailform-attach-file Reference: URL:http://xforce.iss.net/static/5224.php mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker. Analysis ---------------- ED_PRI CAN-2000-0877 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0878 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0878 Final-Decision: Interim-Decision: Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html Reference: BID:1669 Reference: URL:http://www.securityfocus.com/bid/1669 The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharactwers in the emailadd form field. Analysis ---------------- ED_PRI CAN-2000-0878 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
