|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] PROPOSAL: Cluster 21 - MORELOW (37 candidates)
This cluster contains low-controversy vulnerabilities. These were not included in earlier clusters because they required more research. Most were gleaned from Bugtraq between January and April, but they had not been sufficiently verified at the time that I initially created them. - Steve Summary of votes to use (in ascending order of "severity"): ACCEPT - member accepts the candidate as proposed NOOP - member has no opinion on the candidate MODIFY - member wants to change some minor detail (e.g. reference/description) REVIEWING - member is reviewing/researching the candidate RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. ================================= Candidate: CAN-1999-0012 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: CERT:CA-98.04.Win32.WebServers Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. VOTE: ================================= Candidate: CAN-1999-0063 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: AUSCERT:ESB-98.197 Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml Cisco IOS 12.0 and other versions can be crashed by nmap UDP scans VOTE: ================================= Candidate: CAN-1999-0123 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: XF:linux-mailx Race condition in Linux mailx command allows local users to read user files. VOTE: ================================= Candidate: CAN-1999-0125 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: XF:si-mailx-bo Reference: SGI:19980605-01-PX Buffer overflow in SGI IRIX mailx program. VOTE: ================================= Candidate: CAN-1999-0234 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: XF:bash-cmd Bash treats any character with a value of 255 as a command separator. VOTE: ================================= Candidate: CAN-1999-0275 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: XF:nt-dns-crash Reference: MS:Q169461 Denial of service in Windows NT DNS servers by flooding the server. VOTE: ================================= Candidate: CAN-1999-0299 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: NAI:NAI-9 Buffer overflow in FreeBSD lpd through long DNS hostnames. VOTE: ================================= Candidate: CAN-1999-0355 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software Reference: XF:controlit-reboot Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service. VOTE: ================================= Candidate: CAN-1999-0362 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: EEYE:AD02021999 Reference: XF:wsftp-remote-dos Reference: SF:217 WS_FTP server remote denial of service through cwd command. VOTE: ================================= Candidate: CAN-1999-0363 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb02,1999 Reference: XF:plp-lpc-bo Reference: SF:328 SuSe 5.2 PLP lpc program has a buffer overflow that leads to root compromise. VOTE: ================================= Candidate: CAN-1999-0365 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb04,1999 Reference: XF:metamail-header-commands The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry. VOTE: ================================= Candidate: CAN-1999-0371 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb11,1999 Reference: XF:lynx-temp-files-race Lynx allows a local user to overwrite sensitive files through /tmp symlinks. VOTE: ================================= Candidate: CAN-1999-0380 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb25,1999 Reference: SF:497 SLMail 3.2 or 3.1 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled. VOTE: ================================= Candidate: CAN-1999-0381 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb26,1999 Reference: Sekure:SUPER's log function buffer overflow Reference: XF:linux-super-logging-bo Reference: SF:342 super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access. VOTE: ================================= Candidate: CAN-1999-0383 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb02,1999 Reference: XF:acc-tigris-login ACC Tigris allowed public access without a login. VOTE: ================================= Candidate: CAN-1999-0392 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan10,1999 Reference: XF:http-cgic-library-bo Buffer overflow in Thomas Boutell's cgic library version 1.05. VOTE: ================================= Candidate: CAN-1999-0402 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb2,1999 Reference: XF:wget-permissions Reference: DEBIAN:19990220 wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself. VOTE: ================================= Candidate: CAN-1999-0404 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb14,1999 Reference: XF:mailmax-bo Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution. VOTE: ================================= Candidate: CAN-1999-0408 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb19,1999 Reference: XF:cobalt-raq-history-exposure Reference: SF:337 Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. VOTE: ================================= Candidate: CAN-1999-0409 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar4,1999 Reference: XF:gnuplot-home-overflow Reference: SF:319 Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. VOTE: ================================= Candidate: CAN-1999-0410 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar5,1999 Reference: XF:sol-cancel Reference: SF:293 The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access. VOTE: ================================= Candidate: CAN-1999-0412 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb19,1999 Reference: XF:iis-isapi-execute Reference: SF:501 In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension. VOTE: ================================= Candidate: CAN-1999-0417 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Mar9,1999 Reference: XF:solaris-psinfo-crash Reference: SF:448 64 bit Solaris 7 procfs allows local users to perform a denial of service. VOTE: ================================= Candidate: CAN-1999-0424 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-overwrite talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes. VOTE: ================================= Candidate: CAN-1999-0425 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: SUSE:Mar18,1999 Reference: XF:netscape-talkback-kill talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes. VOTE: ================================= Candidate: CAN-1999-0429 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: CF Reference: BUGTRAQ:Mar23,1999 Reference: XF:lotus-client-encryption The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference. VOTE: ================================= Candidate: CAN-1999-0439 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Apr4,1999 Reference: XF:procmail-overflow Buffer overflow in procmail before version 3.12 allows remote execution, or local attackers to gain privileges. VOTE: ================================= Candidate: CAN-1999-0440 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Apr4,1999 Reference: XF:java-unverified-code The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages. VOTE: ================================= Candidate: CAN-1999-0441 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: EEYE:AD02221999 Reference: XF:wingate-redirector-dos Reference: SF:509 Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service. VOTE: ================================= Candidate: CAN-1999-0442 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan7,1999 Reference: SF:327 Solaris ff.core allows local users to modify files. VOTE: ================================= Candidate: CAN-1999-0448 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: XF:iis-http-request-logging IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request. VOTE: ================================= Candidate: CAN-1999-0450 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan22,1999 Reference: SF:194 In IIS, an attacker could determine a real path using a request for a non-existent URLs that would be interpreted by Perl (perl.exe) . VOTE: ================================= Candidate: CAN-1999-0451 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan19,1999 Reference: SF:343 Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port. VOTE: ================================= Candidate: CAN-1999-0455 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: ALLAIRE:ASB-001 Reference: XF:coldfusion-expression-evaluator Reference: SF:115 The Expression Evaluator sample application in ColdFusion allows remote attackers to read or delete files on the server. VOTE: ================================= Candidate: CAN-1999-0457 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Jan17,1999 Reference: DEBIAN:19990117 Reference: XF:ftpwatch-vuln Reference: SF:317 Linux ftpwatch program allows local users to gain root privileges. VOTE: ================================= Candidate: CAN-1999-0460 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: BUGTRAQ:Feb18,1999 Reference: SF:312 Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service. VOTE: ================================= Candidate: CAN-1999-0477 Published: Final-Decision: Interim-Decision: Modified: Announced: 19990726 Assigned: 19990607 Category: SF Reference: L0PHT:Cold Fusion App Server Reference: XF:coldfusion-expression-evaluator Reference: SF:115 The Expression Evaluator in the ColdFusion Application Server allows a remote attacker to execute commands by uploading a file. VOTE:
|
||||
