|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-06 - 24 candidates
The following cluster contains 24 candidates, all of which were announced between 1/10/2000 and 1/18/2000. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0044 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS Reference: BID:919 Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands. VOTE: ================================= Candidate: CAN-2000-0049 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:925 Reference: NTBUGTRAQ:20000107 Winamp buffer overflow advisory Reference: BUGTRAQ:20000109 Buffer overflow with WinAmp 2.10 Buffer overflow in Winamp client allows remote attackers to execute commands via a long entry in a .pls file. VOTE: ================================= Candidate: CAN-2000-0050 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:915 Reference: ALLAIRE:ASB00-01 The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs. VOTE: ================================= Candidate: CAN-2000-0051 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:916 Reference: ALLAIRE:ASB00-02 The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL. VOTE: ================================= Candidate: CAN-2000-0052 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:913 Reference: L0PHT:20000104 PamSlam Reference: REDHAT:RHSA-2000:001-01 Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack. VOTE: ================================= Candidate: CAN-2000-0053 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:912 Reference: MS:MS00-001 Reference: MSKB:Q246731 Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request. VOTE: ================================= Candidate: CAN-2000-0054 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000104 Another search.cgi vulnerability Reference: BID:921 search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack. VOTE: ================================= Candidate: CAN-2000-0055 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000106 [Hackerslab bug_paper] Solaris chkperm buffer overflow Reference: BID:918 Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option. VOTE: ================================= Candidate: CAN-2000-0056 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08 Reference: BID:914 IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi. VOTE: ================================= Candidate: CAN-2000-0057 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:917 Reference: ALLAIRE:ASB00-03 Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information. VOTE: ================================= Candidate: CAN-2000-0058 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: http://www.security-express.com/archives/bugtraq/2000-01/0085.html Reference: BUGTRAQ:20000105 Handspring Visor Network HotSync Security Hole Reference: BID:920 Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files. VOTE: ================================= Candidate: CAN-2000-0059 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000103 PHP3 safe_mode and popen() Reference: BID:911 PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. VOTE: ================================= Candidate: CAN-2000-0061 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000107 IE 5 security vulnerablity - circumventing Cross-frame security policy and accessing the DOM of "old" documents. Reference: BID:923 Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript in a different security context while the document is loading. VOTE: ================================= Candidate: CAN-2000-0062 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BID:922 Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT] The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. VOTE: ================================= Candidate: CAN-2000-0068 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000104 [rootshell] Security Bulletin #27 daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. VOTE: ================================= Candidate: CAN-2000-0069 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000104 Security problem with Solstice Backup/Legato Networker recover command The recover program in Solstice Backup allows local users to restore sensitive files. VOTE: ================================= Candidate: CAN-2000-0077 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000102 HPUX Aserver revisited. Reference: HP:HPSBUX0001-108 The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands. VOTE: ================================= Candidate: CAN-2000-0078 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000102 HPUX Aserver revisited. Reference: HP:HPSBUX0001-108 The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command. VOTE: ================================= Candidate: CAN-2000-0080 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links Reference: BID:931 AIX techlibss allows local users to overwrite files via a symlink attack. VOTE: ================================= Candidate: CAN-2000-0081 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000110 Yet another Hotmail security hole - injecting JavaScript using "jAvascript:" Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript. VOTE: ================================= Candidate: CAN-2000-0082 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: http://net4tv.com/voice/story.cfm?StoryID=1823 Reference: MISC:http://www.wired.com/news/technology/0,1282,33420,00.html Reference: BUGTRAQ:20000104 The WebTV Email Exploit WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML. VOTE: ================================= Candidate: CAN-2000-0083 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: HP:HPSBUX0001-109 HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges. VOTE: ================================= Candidate: CAN-2000-0084 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000105 CuteFTP saved password 'encryption' weakness CuteFTP uses weak encryption to store password information in its tree.dat file. VOTE: ================================= Candidate: CAN-2000-0085 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000103 Hotmail security hole - injecting JavaScript using <IMG LOWSRC="javascript:...."> Reference: BUGTRAQ:20000104 Yet another Hotmail security hole - injecting JavaScript in IE using <IMG DYNRC="javascript:...."> Hotmail does not properly filter JavaScript code from a user's mailbox, which allows a remote attacker to execute code via the LOWSRC or DYNRC parameters in the IMG tag. VOTE:
|
||||
