|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-05 - 20 candidates
The following cluster contains 20 candidates, most of which were announced between 12/30/1999 and 1/10/2000. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0045 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling. Reference: BUGTRAQ:20000113 New MySQL Available Reference: BID:926 MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. VOTE: ================================= Candidate: CAN-2000-0046 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:929 Reference: BUGTRAQ:20000111 ICQ Buffer Overflow Exploit Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to execute commands via a malformed URL within an ICQ message. VOTE: ================================= Candidate: CAN-2000-0047 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000117 Yahoo Pager/Messanger Buffer Overflow Buffer overflow in Yahoo Pager/Messenger client allows remote attackers to cause a denial of service via a long URL within a message. VOTE: ================================= Candidate: CAN-2000-0048 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:928 Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit) get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. VOTE: ================================= Candidate: CAN-2000-0060 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt Reference: BID:894 Buffer overflow in aVirt Rover POP3 server allows remote attackers to cause a denial of service via a long user name. VOTE: ================================= Candidate: CAN-2000-0063 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability Reference: BID:938 cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. VOTE: ================================= Candidate: CAN-2000-0064 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability Reference: BID:938 cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters. VOTE: ================================= Candidate: CAN-2000-0065 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0 Buffer overflow in InetServ allows remote attackers to execute commands via a long GET request. VOTE: ================================= Candidate: CAN-2000-0066 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000112 WebSitePro/2.3.18 is revealing Webdirectories WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. VOTE: ================================= Candidate: CAN-2000-0067 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000112 CyberCash MCK 3.2.0.4: Large /tmp hole CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0070 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4 Reference: MS:MS00-003 Reference: MSKB:Q247869 NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request." VOTE: ================================= Candidate: CAN-2000-0071 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000111 IIS still revealing paths for web directories Reference: BUGTRAQ:20000113 SV: IIS still revealing paths for web directories IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. VOTE: ================================= Candidate: CAN-2000-0072 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000118 Warning: VCasel security hole. Reference: BID:937 Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges. VOTE: ================================= Candidate: CAN-2000-0073 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: MS:MS00-005 Reference: MSKB:Q249973 Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word. VOTE: ================================= Candidate: CAN-2000-0074 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000111 PowerScripts PlusMail Vulnerablity PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. VOTE: ================================= Candidate: CAN-2000-0075 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Reference: BID:930 Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session. VOTE: ================================= Candidate: CAN-2000-0076 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:19991230 vibackup.sh Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover. VOTE: ================================= Candidate: CAN-2000-0079 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000118 Re: IIS still revealing paths for web directories Reference: BID:936 The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL. VOTE: ================================= Candidate: CAN-2000-0086 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000116 TB2 Pro sending NT passwords cleartext Reference: BID:935 Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which allows remote attackers to obtain them via sniffing. VOTE: ================================= Candidate: CAN-2000-0087 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext. VOTE:
|
||||
