|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster 45 - RECENT-02 (20 candidates)
This cluster covers recently announced problems from December 4 through December 12. "Recent" clusters will be proposed on a weekly basis for the foreseeable future as we consider issues related to going live with candidate assignment. You are strongly encouraged to ensure that your database is kept up-to-date with respect to RECENT candidates; otherwise, you will face the same amount of effort it's already taken for you to bring your database up to speed with respect to legacy problems. For those who are wondering, the "Same Codebase" content decision is what forced the split between CAN-1999-0983, CAN-1999-0984, and CAN-1999-0985. Sometime in the future, candidates may be annotated with the content decisions that affect them. - Steve Proposed: 12/13 Scheduled Proposed: 12/13 Scheduled Interim Decision: 12/27 Scheduled Final Decision: 12/31 Summary of votes to use (in ascending order of "severity"): ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ================================= Candidate: CAN-1999-0972 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow Reference: BID:863 Buffer overflow in Xshipwars xsw program. VOTE: ================================= Candidate: CAN-1999-0973 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:858 Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode. VOTE: ================================= Candidate: CAN-1999-0974 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: ISS:19991209 Buffer Overflow in Solaris Snoop Reference: SUN:00190 Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd) Reference: BID:864 Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service. VOTE: ================================= Candidate: CAN-1999-0975 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT Reference: BID:868 The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. VOTE: ================================= Candidate: CAN-1999-0976 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released Reference: BID:857 Sendmail in Debian GNU/Linux 2.1 allows local users to reinitialize the aliases database, then cause a denial of service by interrupting Sendmail. VOTE: ================================= Candidate: CAN-1999-0977 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: SF-INCIDENTS:19991209 sadmind Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability Reference: BID:866 Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request. VOTE: ================================= Candidate: CAN-1999-0978 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: DEBIAN:19991209 Reference: BID:867 Debian htdig allows remote attackers to execute commands via filenames with shell metacharacters. VOTE: ================================= Candidate: CAN-1999-0979 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security Reference: BID:869 The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed. VOTE: ================================= Candidate: CAN-1999-0980 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: MS:MS99-055 Reference: MSKB:Q246045 Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request. VOTE: ================================= Candidate: CAN-1999-0981 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: MS:MS99-050 Reference: MSKB:Q246094 Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect." VOTE: ================================= Candidate: CAN-1999-0982 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: unknown Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. VOTE: ================================= Candidate: CAN-1999-0983 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991109 Whois.cgi - ADVISORY. Whois Internic Lookup program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. VOTE: ================================= Candidate: CAN-1999-0984 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991109 Whois.cgi - ADVISORY. Matt's Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. VOTE: ================================= Candidate: CAN-1999-0985 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991109 Whois.cgi - ADVISORY. CC Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry. VOTE: ================================= Candidate: CAN-1999-0986 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991209 Big problem on 2.0.x? Reference: BID:870 The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option. VOTE: ================================= Candidate: CAN-1999-0987 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name Reference: MSKB:Q237923 Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name. VOTE: ================================= Candidate: CAN-1999-0988 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: BUGTRAQ:19991204 UnixWare pkg* command exploits UnixWare pkgtrans allows local users to read arbitrary files via a symlink attack. VOTE: ================================= Candidate: CAN-1999-0989 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991205 new IE5 remote exploit Reference: BUGTRAQ:19991205 new IE5 remote exploit Reference: BID:861 Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol. VOTE: ================================= Candidate: CAN-1999-0990 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF/CF/MP/SA/AN/unknown Reference: BUGTRAQ:19991205 gdm thing Error messages generated by gdm with the VerboseAuth setting allows an attacker to identify valid users on a system. VOTE: ================================= Candidate: CAN-1999-0991 Published: Final-Decision: Interim-Decision: Modified: Proposed: 19991214 Assigned: 19991214 Category: SF Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability Reference: BID:862 Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name. VOTE:
|
||||
