|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-45 - 33 candidates
The following cluster contains 33 candidates that were announced between November 13 and November 20, 2000. Note that the voting web site will not be updated with this cluster until sometime Wednesday. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-1096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1096 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001116 vixie cron... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html Reference: DEBIAN:20001118 cron: local privilege escalation Reference: URL:http://www.debian.org/security/2000/20001118a Reference: BID:1960 Reference: URL:http://www.securityfocus.com/bid/1960 crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file. Analysis ---------------- ED_PRI CAN-2000-1096 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1108 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 Problems with cons.saver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html Reference: DEBIAN:20001125 mc: local DoS Reference: URL:http://www.debian.org/security/2000/20001125 Reference: BID:1945 Reference: URL:http://www.securityfocus.com/bid/1945 cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument. Analysis ---------------- ED_PRI CAN-2000-1108 1 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1139 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: CF Reference: MS:MS00-088 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-088.asp Reference: BID:1958 Reference: URL:http://www.securityfocus.com/bid/1958 The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1139 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1167 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: FREEBSD:FreeBSD-SA-00:70 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc Reference: BID:1974 Reference: URL:http://www.securityfocus.com/bid/1974 ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system. Analysis ---------------- ED_PRI CAN-2000-1167 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1169 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html Reference: MANDRAKE:MDKSA-2000:068 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3 Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html Reference: DEBIAN:20001118 openssh: possible remote exploit Reference: URL:http://www.debian.org/security/2000/20001118 Reference: CONECTIVA:CLSA-2000:345 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345 Reference: REDHAT:RHSA-2000-111 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html Reference: SUSE:SuSE-SA:2000:47 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html Reference: BID:1949 Reference: URL:http://www.securityfocus.com/bid/1949 OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent. Analysis ---------------- ED_PRI CAN-2000-1169 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1174 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html Reference: DEBIAN:20001121 ethereal: remote exploit Reference: URL:http://www.debian.org/security/2000/20001122a Reference: CONECTIVA:CLSA-2000:342 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342 Reference: REDHAT:RHSA-2000:116-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-116.html Reference: BID:1972 Reference: URL:http://www.securityfocus.com/bid/1972 Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username. Analysis ---------------- ED_PRI CAN-2000-1174 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1178 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html Reference: REDHAT:RHSA-2000:110-06 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html Reference: MANDRAKE:MDKSA-2000:072 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3 Reference: CONECTIVA:CLA-2000:356 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356 Reference: DEBIAN:20001121 joe: symlink attack Reference: URL:http://www.debian.org/security/2000/20001122 Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack Reference: URL:http://www.debian.org/security/2000/20001201 Reference: BUGTRAQ:20001121 Immunix OS Security update for joe Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500174210821&w=2 Reference: BID:1959 Reference: URL:http://www.securityfocus.com/bid/1959 Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. Analysis ---------------- ED_PRI CAN-2000-1178 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1184 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: FREEBSD:FreeBSD-SA-00:69 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file. Analysis ---------------- ED_PRI CAN-2000-1184 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1132 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html Reference: BID:1951 Reference: URL:http://www.securityfocus.com/bid/1951 Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1 DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable. Analysis ---------------- ED_PRI CAN-2000-1132 2 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1179 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97440068130051&w=2 Reference: BID:1952 Reference: URL:http://www.securityfocus.com/bid/1952 Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. Analysis ---------------- ED_PRI CAN-2000-1179 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1181 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1181 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html Reference: BID:1957 Reference: URL:http://www.securityfocus.com/bid/1957 Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL. Analysis ---------------- ED_PRI CAN-2000-1181 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1182 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html Reference: CONFIRM:https://www.watchguard.com/support/patches.html Reference: BID:1953 Reference: URL:http://www.securityfocus.com/bid/1953 WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling. Analysis ---------------- ED_PRI CAN-2000-1182 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0897 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0897 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001114 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2 Reference: BID:1941 Reference: URL:http://www.securityfocus.com/bid/1941 Small HTTP Server 2.01 allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed. Analysis ---------------- ED_PRI CAN-2000-0897 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0898 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0898 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001114 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2 Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file. Analysis ---------------- ED_PRI CAN-2000-0898 3 Vendor Acknowledgement: unknown INCLUSION: One could argue that this may not be a vulnerability. A remote attacker could probably only do this by exploiting another vulnerability in the server, one that allows them to modify content of HTML files (say, via cross-site scripting), or to upload new files (whether by server configuration or a bug in the server). It could be argued that if a local attacker does this, then it only matters if the server crashes and "stays" crashed. It is not known whether this is the case or not. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0899 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0899 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001114 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2 Reference: BID:1942 Reference: URL:http://www.securityfocus.com/bid/1942 Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests. Analysis ---------------- ED_PRI CAN-2000-0899 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1126 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1126 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: HP:HPSBUX0011-130 Reference: URL:http://www.securityfocus.com/advisories/2850 Reference: BID:1954 Reference: URL:http://www.securityfocus.com/bid/1954 Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service. Analysis ---------------- ED_PRI CAN-2000-1126 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-EXEC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1150 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1150 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 beos vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html Felix IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. Analysis ---------------- ED_PRI CAN-2000-1150 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1151 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1151 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 beos vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html Baxter IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. Analysis ---------------- ED_PRI CAN-2000-1151 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1152 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1152 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 beos vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html Browser IRC client in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. Analysis ---------------- ED_PRI CAN-2000-1152 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1153 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1153 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 beos vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to conduct a denial of service via a message that contains a long URL. Analysis ---------------- ED_PRI CAN-2000-1153 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1154 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1154 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 beos vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request. ABSTRACTION: The discloser indicates that the errors occur in 2 different source files, when calling 2 different functions, so CD:SF-LOC suggests that the bug in RHConsole should remain separate from the one in RHDaemon. Analysis ---------------- ED_PRI CAN-2000-1154 3 Vendor Acknowledgement: Content Decisions: SF-EXEC, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1155 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1155 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 beos vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request. ABSTRACTION: The discloser indicates that the errors occur in 2 different source files, when calling 2 different functions, so CD:SF-LOC suggests that the bug in RHConsole should remain separate from the one in RHDaemon. Analysis ---------------- ED_PRI CAN-2000-1155 3 Vendor Acknowledgement: Content Decisions: SF-EXEC, SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1161 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1161 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: CF Reference: BUGTRAQ:20001120 security problem in AdCycle installation Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0271.html Reference: BID:1969 Reference: URL:http://www.securityfocus.com/bid/1969 The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases. Analysis ---------------- ED_PRI CAN-2000-1161 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1164 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: CF Reference: BUGTRAQ:20001118 WinVNC 3.3.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html Reference: BID:1961 Reference: URL:http://www.securityfocus.com/bid/1961 WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system. Analysis ---------------- ED_PRI CAN-2000-1164 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1170 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001115 Netsnap Webcam Software Remote Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97439536016554&w=2 Reference: BID:1956 Reference: URL:http://www.securityfocus.com/bid/1956 Reference: CONFIRM:http://www.netsnap.com/new.htm Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request. Analysis ---------------- ED_PRI CAN-2000-1170 3 Vendor Acknowledgement: ACKNOWLEDGEMENT: NetSnap version history for version 1.2.9 says: "Fixed a problem in http server which could leave NetSnap open to DOS (Denial of Service) attacks." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1171 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1171 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001120 CGIForum 1.0 Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html Reference: BID:1963 Reference: URL:http://www.securityfocus.com/bid/1963 Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter. Analysis ---------------- ED_PRI CAN-2000-1171 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1175 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1175 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001120 local exploit for linux's Koules1.4 package Reference: URL:http://www.securityfocus.com/archive/1/145823 Reference: BID:1967 Reference: URL:http://www.securityfocus.com/bid/1967 Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument. Analysis ---------------- ED_PRI CAN-2000-1175 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1177 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1177 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001121 Big Brother Advisory - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0284.html Reference: CONFIRM:http://bb4.com/incident.nov21 Reference: BID:1971 Reference: URL:http://www.securityfocus.com/bid/1971 bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to determine the existence of files and user ID's by specifying the target file in the HISTFILE parameter. Analysis ---------------- ED_PRI CAN-2000-1177 3 Vendor Acknowledgement: yes Content Decisions: SF-EXEC ABSTRACTION: CD:SF-EXEC suggests that since these are closely related programs in the same software package with the same bug, then they should be combined. However, it could also be argued that, since each bug appears separately in each script (instead of a common "library"), that each bug should be separated. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1180 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BID:1968 Reference: URL:http://www.securityfocus.com/bid/1968 Reference: BUGTRAQ:20001120 vulnerability in Connection Manager Control binary in Oracle Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97474521003453&w=2 Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument. Analysis ---------------- ED_PRI CAN-2000-1180 3 Vendor Acknowledgement: unknown discloser-claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1183 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1183 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001115 socks5 remote exploit / linux x86 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0219.html Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request. Analysis ---------------- ED_PRI CAN-2000-1183 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1185 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1185 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 Rideway PN Telnet DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0201.html Reference: BID:1938 Reference: URL:http://www.securityfocus.com/bid/1938 The telnet proxy in RideWay PN proxy server allows remote attackers to cause a denial of service via a flood of connections that contain malformed requests. Analysis ---------------- ED_PRI CAN-2000-1185 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1186 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1186 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001115 Exploit: phf buffer overflow (CGI) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0221.html Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header. Analysis ---------------- ED_PRI CAN-2000-1186 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1188 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1188 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001120 Cgisecurity Quickstore Shopping cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0283.html Directory traversal vulnerability in Quikstore shopping cart program allows rmeote attackers to read arbitrary files via a .. (dot dot) attack in the "page" parameter. Analysis ---------------- ED_PRI CAN-2000-1188 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
