|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 55 candidates from 2000 (Final 5/7)
I have made an Interim Decision to ACCEPT the following 55 candidates, which were assigned and proposed in 2000. I will make a Final Decision on May 7. Voters: Ziese ACCEPT(3) Levy ACCEPT(15) Wall ACCEPT(4) NOOP(27) REVIEWING(6) LeBlanc ACCEPT(2) NOOP(4) Ozancin ACCEPT(1) NOOP(1) Cole ACCEPT(32) NOOP(23) Collins ACCEPT(11) Baker ACCEPT(39) Dik ACCEPT(2) Frech ACCEPT(6) MODIFY(29) Mell ACCEPT(5) NOOP(1) Christey NOOP(22) Balinsky ACCEPT(1) Armstrong ACCEPT(8) NOOP(5) Magdych ACCEPT(2) NOOP(2) Bollinger ACCEPT(5) ====================================================== Candidate: CAN-2000-0120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0120 Final-Decision: Interim-Decision: 20010502 Modified: 20010501-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: ALLAIRE:ASB00-04 Reference: BID:955 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=955 Reference: XF:allaire-spectra-ras-access(4025) Reference: URL:http://xforce.iss.net/static/4025.php The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. Modifications: ADDREF XF:allaire-spectra-ras-access(4025) INFERRED ACTION: CAN-2000-0120 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(1) Cole REVIEWING(1) Wall Voter Comments: Frech> XF:allaire-spectra-ras-access ====================================================== Candidate: CAN-2000-0302 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0302 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95453598317340&w=2 Reference: MS:MS00-006 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp Reference: BID:1084 Reference: URL:http://www.securityfocus.com/bid/1084 Reference: XF:http-indexserver-asp-source Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL. Modifications: ADDREF XF:http-indexserver-asp-source INFERRED ACTION: CAN-2000-0302 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, Levy MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:http-indexserver-asp-source Christey> This is a variant of CVE-2000-0098, as mentioned in the Microsoft advisory: "... on March 31, 2000. This variant could allow the source of server-side files such as .ASP files to be read." Christey> According to Mark Burnett: "CISADV000330 [says that] IDQ files are vulnerable to a double-dot bug that allows files on the same partition as the web root to be viewed." ====================================================== Candidate: CAN-2000-0306 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0306 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: SF Reference: SCO:SB-99.02 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message. INFERRED ACTION: CAN-2000-0306 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0307 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0307 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: SF Reference: SCO:SB-99.07 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024. INFERRED ACTION: CAN-2000-0307 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0308 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0308 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: CF Reference: SCO:SB-99.08 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges. INFERRED ACTION: CAN-2000-0308 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0309 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0309 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: SF Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash. Reference: URL:http://www.openbsd.org/errata24.html#trctrap The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service. INFERRED ACTION: CAN-2000-0309 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0310 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0310 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: SF Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems. Reference: URL:http://www.openbsd.org/errata24.html#maxqueue IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets. INFERRED ACTION: CAN-2000-0310 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0313 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0313 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: SF Reference: OPENBSD:19991109 Any user can change interface media configurations. Reference: URL:http://www.openbsd.org/errata.html#ifmedia Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations. INFERRED ACTION: CAN-2000-0313 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0314 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0314 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: SF Reference: BUGTRAQ:19990213 traceroute as a flooder Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2 Reference: NETBSD:NetBSD-SA1999-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero. INFERRED ACTION: CAN-2000-0314 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0315 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0315 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: SF Reference: BUGTRAQ:19990213 traceroute as a flooder Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=91893782027835&w=2 Reference: NETBSD:NetBSD-SA1999-004 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks. INFERRED ACTION: CAN-2000-0315 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0348 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0348 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: CF Reference: SCO:SB-99.10 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges. INFERRED ACTION: CAN-2000-0348 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0349 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0349 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000511 Category: unknown Reference: SCO:SB-99.13 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service. INFERRED ACTION: CAN-2000-0349 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0351 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0351 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000523 Category: unknown Reference: SCO:SB-99.09 Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages. INFERRED ACTION: CAN-2000-0351 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0368 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0368 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000523 Category: SF Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml Reference: CIAC:J-009 Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml Classic Cisco IOS 9.1 and later allows attackers with access to the loging prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data. INFERRED ACTION: CAN-2000-0368 ACCEPT (4 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Ziese, Balinsky, Baker, Cole Voter Comments: Ziese> VERIFIED-BY-MY-ORG ====================================================== Candidate: CAN-2000-0375 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0375 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010214 Assigned: 20000523 Category: SF Reference: FREEBSD:FreeBSD-SA-99:04 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-99:04.core.asc The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files. INFERRED ACTION: CAN-2000-0375 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Cole ====================================================== Candidate: CAN-2000-0504 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0504 Final-Decision: Interim-Decision: 20010502 Modified: 20001010-1 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000619 XFree86: libICE DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html Reference: CONFIRM:http://www.xfree86.org/security/ Reference: BID:1369 Reference: URL:http://www.securityfocus.com/bid/1369 Reference: XF:linux-libice-dos libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro. Modifications: ADDREF XF:linux-libice-dos ADDREF CONFIRM:http://www.xfree86.org/security/ INFERRED ACTION: CAN-2000-0504 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Collins, Armstrong, Levy, Ozancin, Cole MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> XF:linux-libice-dos Frech> XF:linux-libice-dos(4761) Christey> CONFIRM:http://www.xfree86.org/security/ Fix for 4.0.1 says "Fixed recently publicized security issues in some of the X libraries, including: a possible libICE DoS, a possible xdmcp DoS, and some potentially exploitable integer overflows." CHANGE> [Armstrong changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0541 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0541 Final-Decision: Interim-Decision: 20010502 Modified: 20010417-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html Reference: XF:panda-antivirus-remote-admin(4707) Reference: BID:1359 Reference: URL:http://www.securityfocus.com/bid/1359 The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command. Modifications: ADDREF XF:panda-antivirus-remote-admin(4707) INFERRED ACTION: CAN-2000-0541 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Collins, Levy, Baker MODIFY(1) Frech NOOP(4) Armstrong, Ozancin, Christey, Cole Voter Comments: Christey> XF:panda-antivirus-remote-admin Frech> XF:panda-antivirus-remote-admin(4707) CHANGE> [Armstrong changed vote from REVIEWING to NOOP] ====================================================== Candidate: CAN-2000-0573 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0573 Final-Decision: Interim-Decision: 20010502 Modified: 20010417-01 Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96171893218000&w=2 Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96179429114160&w=2 Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96299933720862&w=2 Reference: BUGTRAQ:20000623 ftpd: the advisory version Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com Reference: AUSCERT:AA-2000.02 Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02 Reference: CERT:CA-2000-13 Reference: URL:http://www.cert.org/advisories/CA-2000-13.html Reference: DEBIAN:20000622 wu-ftp: remote root exploit in wu-ftp Reference: URL:http://www.debian.org/security/2000/20000623 Reference: CALDERA:CSSA-2000-020.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt Reference: REDHAT:RHSA-2000:039-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-039-02.html Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html Reference: BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current Reference: FREEBSD:FreeBSD-SA-00:29 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1 Reference: NETBSD:NetBSD-SA2000-009 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-010.txt.asc Reference: XF:wuftp-format-string-stack-overwrite Reference: BID:1387 Reference: URL:http://www.securityfocus.com/bid/1387 Reference: XF:wuftp-format-string-stack-overwrite(4773) The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command. Modifications: ADDREF BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current ADDREF XF:wuftp-format-string-stack-overwrite(4773) INFERRED ACTION: CAN-2000-0573 ACCEPT (5 accept, 7 ack, 0 review) Current Votes: ACCEPT(4) Levy, Wall, Magdych, Cole MODIFY(1) Frech NOOP(2) LeBlanc, Christey Voter Comments: Frech> XF:wuftp-format-string-stack-overwrite(4773) Christey> CD:SF-CODEBASE may apply here. Does the SITE EXEC problem documented by HP come from the same codebase as wu-ftpd? If so, then ADDREF HP:HPSBUX0007-117 and ADDREF BID:1505. URL:http://www.securityfocus.com/templates/advisory.html?id=2404 URL:http://www.securityfocus.com/bid/1505 Christey> ADDREF BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current http://archives.neohapsis.com/archives/bugtraq/2000-09/0348.html CHANGE> [Christey changed vote from REVIEWING to NOOP] Christey> I'm withdrawing my REVIEWING vote so that this candidate can be ACCEPTed. The HP reference should stay removed until there is some assurance that it is related to this problem. ====================================================== Candidate: CAN-2000-0577 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0577 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20000719 Assigned: 20000719 Category: SF Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211351280.23780-100000@nimue.tpi.pl Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html Reference: BID:1411 Reference: URL:http://www.securityfocus.com/bid/1411 Reference: XF:netscape-ftpserver-chroot Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0577 ACCEPT_REV (4 accept, 1 ack, 1 review) Current Votes: ACCEPT(4) Levy, Frech, Magdych, Cole NOOP(1) LeBlanc REVIEWING(1) Wall ====================================================== Candidate: CAN-2000-0622 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0622 Final-Decision: Interim-Decision: 20010502 Modified: 20010501-01 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NAI:20000719 O'Reilly WebSite Professional Overflow Reference: URL:http://www.pgp.com/research/covert/advisories/043.asp Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt Reference: XF:website-webfind-bo(4962) Reference: URL:http://xforce.iss.net/static/4962.php Reference: BID:1487 Reference: URL:http://www.securityfocus.com/bid/1487 Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. Modifications: ADDREF XF:website-webfind-bo(4962) INFERRED ACTION: CAN-2000-0622 ACCEPT_REV (3 accept, 2 ack, 1 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(1) LeBlanc REVIEWING(1) Wall Voter Comments: Frech> XF:website-webfind-bo(4962) Suggest that the canonical NAI reference is housed at http://www.nai.com/nai_labs/asp_set/advisory/42_Advisory.asp ====================================================== Candidate: CAN-2000-0650 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0650 Final-Decision: Interim-Decision: 20010502 Modified: 20010501-01 Proposed: 20000803 Assigned: 20000802 Category: CF Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753 Reference: BID:1458 Reference: URL:http://www.securityfocus.com/bid/1458 Reference: XF:nai-virusscan-netshield-autoupgrade(5177) The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse. Modifications: ADDREF XF:nai-virusscan-netshield-autoupgrade(5177) INFERRED ACTION: CAN-2000-0650 ACCEPT_REV (3 accept, 1 ack, 1 review) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(1) LeBlanc REVIEWING(1) Wall Voter Comments: Frech> XF:nai-virusscan-netshield-autoupgrade(5177) ====================================================== Candidate: CAN-2000-0693 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0693 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html Reference: BID:1563 Reference: URL:http://www.securityfocus.com/bid/1563 pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program. INFERRED ACTION: CAN-2000-0693 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Levy, Dik, Baker NOOP(2) Wall, Cole Voter Comments: Dik> Unfortunately, there have been many different versions of the tool, and when it came to confirmation it turned out that the program had long since been superceded by a non-setuid version. It was, however, reproducable in much older versions of the software. ====================================================== Candidate: CAN-2000-0694 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0694 Final-Decision: Interim-Decision: 20010502 Modified: 20010417-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack. Modifications: DESC Remove "may" INFERRED ACTION: CAN-2000-0694 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Levy, Dik, Baker NOOP(2) Wall, Cole Voter Comments: Dik> as CAN-2000-0693 ====================================================== Candidate: CAN-2000-0717 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0717 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=02ff01c0124c$e9387660$0201a8c0@aviram Reference: BID:1619 Reference: URL:http://www.securityfocus.com/bid/1619 Reference: XF:ftp-goodtech-rnto-dos(5166) GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands. Modifications: ADDREF XF:ftp-goodtech-rnto-dos(5166) INFERRED ACTION: CAN-2000-0717 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:ftp-goodtech-rnto-dos(5166) The original poster said that a patch has been made available. Frech> XF:ftp-goodtech-rnto-dos(5166) ====================================================== Candidate: CAN-2000-0720 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0720 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000829 News Publisher CGI Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b$18f8c1a0$953b29d4@e8s9s4 Reference: BID:1621 Reference: URL:http://www.securityfocus.com/bid/1621 Reference: XF:news-publisher-add-author(5169) Reference: URL:http://xforce.iss.net/static/5169.php news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program. Modifications: CHANGEREF BUGTRAQ [correct date] ADDREF XF:news-publisher-add-author(5169) INFERRED ACTION: CAN-2000-0720 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> Change date on Bugtraq post to 20000829. Christey> ADDREF XF:news-publisher-add-author URL:http://xforce.iss.net/static/5169.php Christey> Change Bugtraq date to 20000829 Frech> XF:news-publisher-add-author(5169) ====================================================== Candidate: CAN-2000-0726 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0726 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000829 Stalker's CGImail Gives Read Access to All Server Files Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000829194618.H7744@thathost.com Reference: BID:1623 Reference: URL:http://www.securityfocus.com/bid/1623 Reference: XF:mailers-cgimail-spoof(5165) CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. Modifications: ADDREF XF:mailers-cgimail-spoof(5165) INFERRED ACTION: CAN-2000-0726 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:mailers-cgimail-spoof Frech> XF:mailers-cgimail-spoof(5165) ====================================================== Candidate: CAN-2000-0731 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0731 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html Reference: BID:1626 Reference: URL:http://www.securityfocus.com/bid/1626 Reference: XF:wormhttp-dir-traverse(5148) Reference: URL:http://xforce.iss.net/static/5148.php Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: DESC Add "directory traversal" term ADDREF XF:wormhttp-dir-traverse(5148) INFERRED ACTION: CAN-2000-0731 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:wormhttp-dir-traverse http://xforce.iss.net/static/5148.php Frech> XF:wormhttp-dir-traverse(5148) ====================================================== Candidate: CAN-2000-0742 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0742 Final-Decision: Interim-Decision: 20010502 Modified: 20010501-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000602 ipx storm Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&mid=63120 Reference: MS:MS00-054 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-054.asp Reference: BID:1544 Reference: URL:http://www.securityfocus.com/bid/1544 Reference: XF:win-ipx-ping-packet(5079) Reference: URL:http://xforce.iss.net/static/5079.php The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability. Modifications: ADDREF XF:win-ipx-ping-packet(5079) DESC Add "aka" INFERRED ACTION: CAN-2000-0742 ACCEPT_ACK_REV (2 accept, 1 ack, 1 review) Current Votes: ACCEPT(3) Cole, Levy, LeBlanc NOOP(1) Christey REVIEWING(1) Wall Voter Comments: Christey> Include Microsoft's name as an "aka". Christey> XF:win-ipx-ping-packet http://xforce.iss.net/static/5079.php ====================================================== Candidate: CAN-2000-0803 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0803 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20001129 Assigned: 20000922 Category: SF Reference: ISS:20001004 GNU Groff utilities read untrusted commands from current working directory Reference: XF:gnu-groff-utilities(5280) GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff. Modifications: ADDREF XF:gnu-groff-utilities(5280) INFERRED ACTION: CAN-2000-0803 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Collins MODIFY(1) Frech NOOP(2) Mell, Wall Voter Comments: Frech> XF:gnu-groff-utilities(5280) ====================================================== Candidate: CAN-2000-0816 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0816 Final-Decision: Interim-Decision: 20010502 Modified: 20010417-01 Proposed: 20001129 Assigned: 20000929 Category: SF Reference: ISS:20001006 Insecure call of external programs in Red Hat Linux tmpwatch Reference: URL:http://xforce.iss.net/alerts/advise64.php Reference: REDHAT:RHSA-2000:080-01 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080-01.html Reference: MANDRAKE:MDKSA-2000:056 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1 Reference: BID:1785 Reference: URL:http://www.securityfocus.com/bid/1785 Reference: XF:linux-tmpwatch-fuser(5320) Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters. Modifications: ADDREF XF:linux-tmpwatch-fuser(5320) INFERRED ACTION: CAN-2000-0816 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:linux-tmpwatch-fuser(5320) ====================================================== Candidate: CAN-2000-0818 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0818 Final-Decision: Interim-Decision: 20010502 Modified: 20010417-01 Proposed: 20001129 Assigned: 20001013 Category: CF Reference: ISS:20001025 Vulnerability in the Oracle Listener Program Reference: URL:http://xforce.iss.net/alerts/advise66.php Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf Reference: XF:oracle-listener-connect-statements(5380) The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. Modifications: ADDREF XF:oracle-listener-connect-statements(5380) INFERRED ACTION: CAN-2000-0818 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) Armstrong Voter Comments: Frech> XF:oracle-listener-connect-statements(5380) ====================================================== Candidate: CAN-2000-0829 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0829 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root Reference: URL:http://www.securityfocus.com/archive/1/81364 Reference: BID:1664 Reference: URL:http://www.securityfocus.com/bid/1664 Reference: XF:linux-tmpwatch-fork-dos Reference: URL:http://xforce.iss.net/static/5217.php The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/. INFERRED ACTION: CAN-2000-0829 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Cole, Collins NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0854 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0854 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001018 Assigned: 20001018 Category: Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0118.html Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html Reference: BID:1699 Reference: URL:http://www.securityfocus.com/bid/1699 Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html Reference: XF:office-dll-execution(5263) Reference: URL:URL:http://xforce.iss.net/static/5263.php When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document. Modifications: ADDREF XF:office-dll-execution(5263) INFERRED ACTION: CAN-2000-0854 ACCEPT (7 accept, 0 ack, 0 review) Current Votes: ACCEPT(6) Baker, Cole, Collins, Armstrong, Wall, LeBlanc MODIFY(1) Frech NOOP(2) Magdych, Christey Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Christey> ADDREF XF:office-dll-execution URL:http://xforce.iss.net/static/5263.php Frech> XF:office-dll-execution(5263) Collins> http://www.guninski.com/officedll.html CHANGE> [Collins changed vote from MODIFY to ACCEPT] Collins> http://www.guninski.com/officedll.html ====================================================== Candidate: CAN-2000-0856 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0856 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html Reference: BID:1638 Reference: URL:http://www.securityfocus.com/bid/1638 Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request. INFERRED ACTION: CAN-2000-0856 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Collins NOOP(2) Armstrong, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0874 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0874 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: BUGTRAQ:20000907 Eudora disclosure Reference: URL:http://www.securityfocus.com/archive/1/80888 Reference: BID:1653 Reference: URL:http://www.securityfocus.com/bid/1653 Reference: XF:eudora-path-disclosure Reference: URL:http://xforce.iss.net/static/5206.php Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). INFERRED ACTION: CAN-2000-0874 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cole, Collins, Armstrong NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0875 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0875 Final-Decision: Interim-Decision: 20010502 Modified: 20010430-01 Proposed: 20001018 Assigned: 20001018 Category: Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html Reference: CONFIRM:http://www.wftpd.com/bug_gpf.htm Reference: XF:wftpd-long-string-dos Reference: URL:http://xforce.iss.net/static/5194.php WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters. Modifications: ADDREF CONFIRM:http://www.wftpd.com/bug_gpf.htm INFERRED ACTION: CAN-2000-0875 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Baker, Cole, Collins, Armstrong NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Collins> http://www.wftpd.com/bug_gpf.htm "Fixed in 2.41 RC13: Why would anyone do that?" ====================================================== Candidate: CAN-2000-0876 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0876 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html Reference: XF:wftpd-path-disclosure Reference: URL:http://xforce.iss.net/static/5196.php WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname. INFERRED ACTION: CAN-2000-0876 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Baker, Cole, Collins NOOP(2) Armstrong, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0890 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0890 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20010202 Assigned: 20001114 Category: SF/CF/MP/SA/AN/unknown Reference: CERT-VN:VU#626919 Reference: URL:http://www.kb.cert.org/vuls/id/626919 Reference: FREEBSD:FreeBSD-SA-01:12 Reference: XF:periodic-temp-file-symlink(6047) Reference: BID:2325 Reference: URL:http://www.securityfocus.com/bid/2325 periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack. Modifications: ADDREF XF:periodic-temp-file-symlink(6047) ADDREF FREEBSD:FreeBSD-SA-01:12 ADDREF BID:2325 Add version numbers to description. INFERRED ACTION: CAN-2000-0890 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Ziese, Baker MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Frech> XF:periodic-temp-file-symlink(6047) Christey> FREEBSD:FreeBSD-SA-01:12 BID:2325 ====================================================== Candidate: CAN-2000-0896 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0896 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20010202 Assigned: 20001114 Category: SF Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall Reference: URL:http://xforce.iss.net/alerts/advise70.php Reference: XF:watchguard-soho-fragmented-packets Reference: URL:http://xforce.iss.net/static/5749.php Reference: BID:2113 Reference: URL:http://www.securityfocus.com/bid/2113 WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets. INFERRED ACTION: CAN-2000-0896 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Ziese, Frech, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2000-0927 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0927 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NTBUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0173.html Reference: BUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09//0331.html Reference: BID:1724 Reference: URL:http://www.securityfocus.com/bid/1724 Reference: XF:quotaadvisor-quota-bypass Reference: URL:http://xforce.iss.net/static/5302.php WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions. INFERRED ACTION: CAN-2000-0927 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Mell, Collins NOOP(2) Cole, Wall ====================================================== Candidate: CAN-2000-0964 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0964 Final-Decision: Interim-Decision: 20010502 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000928 Another thingy. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0336.html Reference: BID:1727 Reference: URL:http://www.securityfocus.com/bid/1727 Reference: XF:hinet-ipphone-get-bo Reference: URL:http://xforce.iss.net/static/5298.php Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. INFERRED ACTION: CAN-2000-0964 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Frech, Mell, Collins NOOP(2) Cole, Wall ====================================================== Candidate: CAN-2000-1075 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1075 Final-Decision: Interim-Decision: 20010502 Modified: 20010417-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html Reference: CONFIRM:http://www.iplanet.com/downloads/patches/0122.html Reference: BID:1839 Reference: URL:http://www.securityfocus.com/bid/1839 Reference: XF:iplanet-netscape-directory-traversal Reference: URL:http://xforce.iss.net/static/5421.php Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services. Modifications: ADDREF CONFIRM:http://www.iplanet.com/downloads/patches/0122.html INFERRED ACTION: CAN-2000-1075 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(2) Christey, Cole Voter Comments: Christey> CONFIRM:http://www.iplanet.com/downloads/patches/0122.html "Security fix - Prohibit access to files outside of document root [#515951] (Problem on Windows NT Only)" ====================================================== Candidate: CAN-2000-1108 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1108 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-02 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001113 Problems with cons.saver Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html Reference: DEBIAN:20001125 mc: local DoS Reference: URL:http://www.debian.org/security/2000/20001125 Reference: MANDRAKE:MDKSA-2000:078 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-078.php3 Reference: BID:1945 Reference: URL:http://www.securityfocus.com/bid/1945 Reference: XF:midnight-commander-conssaver-symlink(5519) cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument. Modifications: ADDREF MANDRAKE:MDKSA-2000:078 ADDREF XF:midnight-commander-conssaver-symlink(5519) INFERRED ACTION: CAN-2000-1108 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Baker, Armstrong MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2000:078 Frech> XF:midnight-commander-conssaver-symlink(5519) ====================================================== Candidate: CAN-2000-1109 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1109 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001127 Midnight Commander Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html Reference: DEBIAN:DSA-036 Reference: URL:http://www.debian.org/security/2001/dsa-036 Reference: SUSE:SuSE-SA:2001:11 Reference: URL:http://www.suse.com/de/support/security/2001_011_mc.txt Reference: BID:2016 Reference: URL:http://www.securityfocus.com/bid/2016 Reference: XF:midnight-commander-elevate-privileges(5929) Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed. Modifications: ADDREF XF:midnight-commander-elevate-privileges(5929) ADDREF DEBIAN:DSA-036 ADDREF SUSE:SuSE-SA:2001:11 INFERRED ACTION: CAN-2000-1109 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Frech> XF:midnight-commander-elevate-privileges(5929) Christey> ADDREF DEBIAN:DSA-036 ADDREF SUSE:SuSE-SA:2001:11 ====================================================== Candidate: CAN-2000-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1119 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY08812 Reference: AIXAPAR:IY10721 Reference: BID:2032 Reference: URL:http://www.securityfocus.com/bid/2032 Reference: XF:aix-setsenv-bo(5621) Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument. Modifications: ADDREF AIXAPAR:IY08812 ADDREF AIXAPAR:IY10721 ADDREF XF:aix-setsenv-bo(5621) INFERRED ACTION: CAN-2000-1119 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Bollinger, Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Bollinger> Fixed by APARs IY10721 (4.2.x) and IY08812 (4.3.x). Christey> XF:aix-setsenv-bo URL:http://xforce.iss.net/static/5621.php Frech> XF:aix-setsenv-bo(5621) ====================================================== Candidate: CAN-2000-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1121 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY08143 Reference: AIXAPAR:IY08287 Reference: BID:2034 Reference: URL:http://www.securityfocus.com/bid/2034 Reference: XF:aix-enq-bo(5619) Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument. Modifications: ADDREF XF:aix-enq-bo(5619) INFERRED ACTION: CAN-2000-1121 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Bollinger, Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Christey> XF:aix-enq-bo URL:http://xforce.iss.net/static/5619.php Frech> XF:aix-enq-bo(5619) ====================================================== Candidate: CAN-2000-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1122 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY07831 Reference: AIXAPAR:IY07790 Reference: BID:2035 Reference: URL:http://www.securityfocus.com/bid/2035 Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument. Modifications: ADDREF AIXAPAR:IY07831 ADDREF AIXAPAR:IY07790 INFERRED ACTION: CAN-2000-1122 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Bollinger, Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Bollinger> Fixed in APARs IY07790 (4.2.x) and IY07831 (4.3.x). Christey> XF:aix-setclock-bo URL:http://xforce.iss.net/static/5618.php Frech> XF:aix-setclock-bo(5618) ====================================================== Candidate: CAN-2000-1123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1123 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY12638 Reference: BID:2036 Reference: URL:http://www.securityfocus.com/bid/2036 Reference: XF:aix-pioout-bo Reference: URL:http://xforce.iss.net/static/5617.php Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands. Modifications: ADDREF XF:aix-pioout-bo INFERRED ACTION: CAN-2000-1123 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Bollinger, Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Christey> XF:aix-pioout-bo URL:http://xforce.iss.net/static/5617.php Frech> XF:aix-pioout-bo(5617) ====================================================== Candidate: CAN-2000-1124 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1124 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY12638 Reference: BID:2037 Reference: URL:http://www.securityfocus.com/bid/2037 Reference: XF:aix-piobe-bo(5616) Reference: URL:http://xforce.iss.net/static/5616.php Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables. Modifications: ADDREF XF:aix-piobe-bo(5616) INFERRED ACTION: CAN-2000-1124 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Bollinger, Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Christey> XF:aix-piobe-bo URL:http://xforce.iss.net/static/5616.php Frech> XF:aix-piobe-bo(5616) ====================================================== Candidate: CAN-2000-1164 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1164 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: CF Reference: BUGTRAQ:20001118 WinVNC 3.3.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html Reference: BID:1961 Reference: URL:http://www.securityfocus.com/bid/1961 Reference: XF:winvnc-modify-registry(5545) WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system. Modifications: ADDREF XF:winvnc-modify-registry(5545) INFERRED ACTION: CAN-2000-1164 ACCEPT (4 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Wall, Baker MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:winvnc-modify-registry(5545) ====================================================== Candidate: CAN-2000-1165 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1165 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001122 DoS possibility in syslog-ng Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0300.html Reference: FREEBSD:FreeBSD-SA-01:02 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc Reference: CONFIRM:http://www.balabit.hu/products/syslog-ng/ Reference: BID:1981 Reference: URL:http://www.securityfocus.com/bid/1981 Reference: XF:balabit-syslog-ng-dos(5576) Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier. Modifications: ADDREF XF:balabit-syslog-ng-dos(5576) ADDREF INFERRED ACTION: CAN-2000-1165 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Frech> XF:balabit-syslog-ng-dos(5576) Christey> ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc ====================================================== Candidate: CAN-2000-1170 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1170 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001115 Netsnap Webcam Software Remote Overflow Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97439536016554&w=2 Reference: CONFIRM:http://www.netsnap.com/new.htm Reference: BID:1956 Reference: URL:http://www.securityfocus.com/bid/1956 Reference: XF:netsnap-remote-bo(5534) Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request. Modifications: ADDREF XF:netsnap-remote-bo(5534) INFERRED ACTION: CAN-2000-1170 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Armstrong, Wall, Cole Voter Comments: Frech> XF:netsnap-remote-bo(5534) ====================================================== Candidate: CAN-2000-1171 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1171 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001120 CGIForum 1.0 Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html Reference: XF:cgiforum-view-files(5553) Reference: BID:1963 Reference: URL:http://www.securityfocus.com/bid/1963 Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter. Modifications: ADDREF XF:cgiforum-view-files(5553) INFERRED ACTION: CAN-2000-1171 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Armstrong, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cgiforum-view-files(5553) ====================================================== Candidate: CAN-2000-1174 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1174 Final-Decision: Interim-Decision: 20010502 Modified: 20010501-02 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html Reference: DEBIAN:20001121 ethereal: remote exploit Reference: URL:http://www.debian.org/security/2000/20001122a Reference: CONECTIVA:CLSA-2000:342 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342 Reference: REDHAT:RHSA-2000:116-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-116.html Reference: FREEBSD:FreeBSD-SA-00:81 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc Reference: XF:ethereal-afs-bo(5557) Reference: BID:1972 Reference: URL:http://www.securityfocus.com/bid/1972 Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username. Modifications: ADDREF FREEBSD:FreeBSD-SA-00:81 ADDREF XF:ethereal-afs-bo(5557) INFERRED ACTION: CAN-2000-1174 ACCEPT_REV (4 accept, 3 ack, 1 review) Current Votes: ACCEPT(3) Armstrong, Baker, Cole MODIFY(1) Frech NOOP(1) Christey REVIEWING(1) Wall Voter Comments: Christey> FREEBSD:FreeBSD-SA-00:81 Frech> XF:ethereal-afs-bo(5557) ====================================================== Candidate: CAN-2000-1180 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1180 Final-Decision: Interim-Decision: 20010502 Modified: 20010425-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001120 vulnerability in Connection Manager Control binary in Oracle Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97474521003453&w=2 Reference: BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control Reference: BID:1968 Reference: URL:http://www.securityfocus.com/bid/1968 Reference: XF:oracle-cmctl-bo(5551) Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument. Modifications: ADDREF XF:oracle-cmctl-bo(5551) ADDREF BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control INFERRED ACTION: CAN-2000-1180 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Frech> XF:oracle-cmctl-bo(5551) Christey> Acknowledged by Oracle: BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0316.html Christey> It appears that this is confirmed by Oracle in: BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control http://archives.neohapsis.com/archives/bugtraq/2001-01/0316.html
|
||||
