|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 25 candidates from WEB cluster
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0685 CVE-1999-0685 CAN-1999-0695 CVE-1999-0695 CAN-1999-0699 CVE-1999-0699 CAN-1999-0744 CVE-1999-0744 CAN-1999-0751 CVE-1999-0751 CAN-1999-0752 CVE-1999-0752 CAN-1999-0762 CVE-1999-0762 CAN-1999-0807 CVE-1999-0807 CAN-1999-0809 CVE-1999-0809 CAN-1999-0876 CVE-1999-0876 CAN-1999-0883 CVE-1999-0883 CAN-1999-0884 CVE-1999-0884 CAN-1999-0887 CVE-1999-0887 CAN-1999-0892 CVE-1999-0892 CAN-1999-0915 CVE-1999-0915 CAN-1999-0933 CVE-1999-0933 CAN-1999-0934 CVE-1999-0934 CAN-1999-0935 CVE-1999-0935 CAN-1999-0936 CVE-1999-0936 CAN-1999-0937 CVE-1999-0937 CAN-1999-0943 CVE-1999-0943 CAN-1999-0947 CVE-1999-0947 CAN-1999-0951 CVE-1999-0951 CAN-1999-0953 CVE-1999-0953 CAN-1999-0967 CVE-1999-0967 ================================= Candidate: CAN-1999-0685 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow Reference: BID:618 Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option. Modifications: DESC Add pluginspage option INFERRED VOTE: CAN-1999-0685 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole COMMENTS: Cole> This is located in the buffer is in the 'plugins page' option. This Cole> vulnerability can be exploited by a malicious webpage. ================================= Candidate: CAN-1999-0695 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs Reference: XF:http-powerdynamo-dotdotslash Reference: BID:620 The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack. Modifications: CHANGEREF BUGTRAQ [add date] INFERRED VOTE: CAN-1999-0695 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole COMMENTS: Cole> It allows the entire drive to be read. ================================= Candidate: CAN-1999-0699 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BID:623 The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs. INFERRED VOTE: CAN-1999-0699 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0744 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers Reference: BID:603 Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request. Modifications: DESC Add remote compromise INFERRED VOTE: CAN-1999-0744 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole COMMENTS: Cole> This can lead to a remote system compromise. ================================= Candidate: CAN-1999-0751 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2 Reference: BID:631 Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch. INFERRED VOTE: CAN-1999-0751 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole COMMENTS: Cole> This allows a DOS attack or arbitray commands to be executed. ================================= Candidate: CAN-1999-0752 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake. Modifications: DESC INFERRED VOTE: CAN-1999-0752 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole COMMENTS: Cole> I would be more specific. ================================= Candidate: CAN-1999-0762 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: XF:netscape-title Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in <TITLE> security vulnerability When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information. INFERRED VOTE: CAN-1999-0762 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0807 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: XF:netscape-dirsvc-password The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users. INFERRED VOTE: CAN-1999-0807 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0809 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed" INFERRED VOTE: CAN-1999-0809 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0876 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: MSKB:Q185959 Reference: MSKB:Q176697 Buffer overflow in Internet Explorer 4.0 via EMBED tag. INFERRED VOTE: CAN-1999-0876 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0883 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise Reference: BID:742 Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine. INFERRED VOTE: CAN-1999-0883 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0884 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise Reference: BID:742 The Zeus web server administrative interface uses weak encryption for its passwords. INFERRED VOTE: CAN-1999-0884 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0887 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability Reference: EEYE:AD05261999 FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack. INFERRED VOTE: CAN-1999-0887 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0892 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font. INFERRED VOTE: CAN-1999-0892 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0915 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer Reference: BID:746 URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED VOTE: CAN-1999-0915 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0933 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability Reference: BID:689 TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED VOTE: CAN-1999-0933 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0934 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: EL8:19991215 Classifieds (classifieds.cgi) classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters. INFERRED VOTE: CAN-1999-0934 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0935 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: EL8:19991215 Classifieds (classifieds.cgi) classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form. INFERRED VOTE: CAN-1999-0935 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0936 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: EL8:19981203 BNBSurvey (survey.cgi) BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters. INFERRED VOTE: CAN-1999-0936 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0937 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: EL8:19981203 BNBForm (bnbform.cgi) BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable. INFERRED VOTE: CAN-1999-0937 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0943 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator. INFERRED VOTE: CAN-1999-0943 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0947 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares Reference: BID:762 AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters. INFERRED VOTE: CAN-1999-0947 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole COMMENTS: Cole> This is due to poor error checking. ================================= Candidate: CAN-1999-0951 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: 19991228-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit Reference: BID:739 Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote attackers to execute commands. Modifications: DESC fix typo INFERRED VOTE: CAN-1999-0951 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(2) Blake, Stracener MODIFY(1) Cole COMMENTS: Cole> Minor spelling error teo xecute.. ================================= Candidate: CAN-1999-0953 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: CF Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability Reference: BUGTRAQ:19990916 More fun with WWWBoard WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers. INFERRED VOTE: CAN-1999-0953 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener ================================= Candidate: CAN-1999-0967 Published: Final-Decision: 20000104 Interim-Decision: 19991229 Modified: Proposed: 19991214 Assigned: 19991208 Category: SF Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. INFERRED VOTE: CAN-1999-0967 ACCEPT (3 accept, 0 review) VOTES: ACCEPT(3) Cole, Blake, Stracener
|
||||
