|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 53 candidates from various clusters (Final 3/20)
I have made an Interim Decision to ACCEPT the following 53 candidates from various clusters. I will make a Final Decision on Monday, March 20, 2000. The candidates come from the following clusters: 4 UNIX-VEN 5 MISC-01 15 UNIX-UNCONF 3 RECENT-03 12 RECENT-04 4 RECENT-07 1 RECENT-08 6 RECENT-09 3 RECENT-10 Voters: Wall ACCEPT(7) MODIFY(1) NOOP(3) LeBlanc ACCEPT(4) NOOP(5) Ozancin ACCEPT(15) Cole ACCEPT(19) MODIFY(1) NOOP(1) Meunier ACCEPT(2) Bishop ACCEPT(6) Stracener ACCEPT(35) MODIFY(4) Frech ACCEPT(5) MODIFY(19) Christey NOOP(8) Armstrong ACCEPT(12) Prosser ACCEPT(3) MODIFY(1) Blake ACCEPT(10) ================================= Candidate: CAN-1999-0189 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19990607 Category: SF Reference: NAI:NAI-15 Reference: SUN:00142 Reference: XF:rpc-32771 Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. Modifications: ADDREF XF:rpc-32771 ADDREF NAI:NAI-15 INFERRED ACTION: CAN-1999-0189 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech Comments: Frech> XF:rpc-32771 ================================= Candidate: CAN-1999-0390 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000204-01 Proposed: 19991222 Assigned: 19990607 Category: SF Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit Reference: CALDERA:CSSA-1999-006.1 Reference: BID:187 Buffer overflow in Dosemu Slang library in Linux. Modifications: ADDREF CALDERA:CSSA-1999-006.1 INFERRED ACTION: CAN-1999-0390 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0678 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: CF Reference: XF:apache-debian-usrdoc Reference: BUGTRAQ:19990405 An issue with Apache on Debian Reference: BID:318 A default configuration of Apache on Debian Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server. Modifications: ADDREF BID:318 INFERRED ACTION: CAN-1999-0678 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Frech NOOP(1) Christey Comments: Christey> This candidate is unconfirmed by the vendor. ================================= Candidate: CAN-1999-0727 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext Reference: XF:openbsd-ipsec-cleartext A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted. Modifications: ADDREF OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext ADDREF XF:openbsd-ipsec-cleartext INFERRED ACTION: CAN-1999-0727 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Ozancin MODIFY(2) Stracener, Frech Comments: Stracener> Add Ref: OPENBSD:19990608 Packets that should have been handled by Stracener> IPsec maybe transmitted as cleartext. PF_KEY SA expirations may leak Stracener> kernel resources. Frech> XF:openbsd-ipsec-cleartext Frech> ADDREF OPENBSD:OpenBSD Security Advisory, August 6, 1999, "Packets that Frech> should have been handled by IPsec may be transmitted as cleartexrt" at Frech> http://www.openbsd.com/errata25.html#ipsec_in_use ================================= Candidate: CAN-1999-0733 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows Reference: XF:vmware-bo Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable. Modifications: DELREF XF:linux-vmware-buffer-overflows ADDREF XF:vmware-bo INFERRED ACTION: CAN-1999-0733 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech Comments: Frech> XF:vmware-bo Frech> DELREF XF:linux-vmware-buffer-overflows ================================= Candidate: CAN-1999-0740 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BID:594 Reference: XF:linux-telnetd-term Reference: CALDERA:CSSA-1999:022 Reference: REDHAT:RHSA1999029_01 Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable. INFERRED ACTION: CAN-1999-0740 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Frech ================================= Candidate: CAN-1999-0746 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: CF Reference: BUGTRAQ:19990814 DOS against SuSE's identd Reference: SUSE:19990824 Security hole in netcfg Reference: BID:587 Reference: XF:suse-identd-dos A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service. Modifications: ADDREF SUSE:19990824 Security hole in netcfg INFERRED ACTION: CAN-1999-0746 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Frech NOOP(1) Christey Comments: Christey> ADDREF SUSE:19990824 Security hole in netcfg ================================= Candidate: CAN-1999-0778 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: KSRT:011 Reference: XF:accelx-display-bo Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter. Modifications: CHANGEREF XF:accelx-bo XF:accelx-display-bo INFERRED ACTION: CAN-1999-0778 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:accelx-display-bo ================================= Candidate: CAN-1999-0783 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: FreeBSD:FreeBSD-SA-98:05 Reference: CIAC:I-057 Reference: XF:freebsd-nfs-link-dos FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system. Modifications: ADDREF XF:freebsd-nfs-link-dos INFERRED ACTION: CAN-1999-0783 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(4) Cole, Blake, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:freebsd-nfs-link-dos ================================= Candidate: CAN-1999-0785 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential Reference: SUSE:19990518 Security hole in INN Reference: XF:inn-pathrun Reference: BID:254 The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file. Modifications: ADDREF SUSE:19990518 Security hole in INN ADDREF BID:254 INFERRED ACTION: CAN-1999-0785 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Frech NOOP(1) Christey Comments: Christey> BID:255 and BID:254 have a good explanation for why this is Christey> different than CAN-1999-0754 Christey> Christey> ADDREF SUSE:19990518 Security hole in INN Christey> Also see http://www.redhat.com/corp/support/errata/inn99_05_22.html ================================= Candidate: CAN-1999-0786 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6 Reference: BID:659 The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack. INFERRED ACTION: CAN-1999-0786 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin ================================= Candidate: CAN-1999-0789 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-02 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000 Reference: IBM:ERS-SVA-E01-1999:004.1 Reference: CIAC:J-072 Reference: XF:aix-ftpd-bo Reference: BID:679 Buffer overflow in AIX ftpd in the libc library. Modifications: CHANGEREF BUGTRAQ [add date] ADDREF CIAC:J-072 CHANGEREF IBM:ERS-SVA-E01-1 IBM:ERS-SVA-E01-1999:004.1 ADDREF BID:679 ADDREF XF:aix-ftpd-bo INFERRED ACTION: CAN-1999-0789 ACCEPT (5 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Cole, Blake MODIFY(3) Stracener, Prosser, Frech Comments: Stracener> Add Ref: CIAC: J-072 Prosser> ref should read ERS-SVA-E01-1999:004.1 Prosser> add reference BID 679 Frech> XF:aix-ftpd-bo Frech> On BUGTRAQ reference, add 19990927 as date Frech> On IBM reference, correctly cite as ERS-SVA-E01-1999:004.1 ================================= Candidate: CAN-1999-0796 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991214 Assigned: 19991125 Category: SF Reference: FREEBSD:SA-98.03 Reference: XF:freebsd-ttcp-spoof FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks. Modifications: ADDREF XF:freebsd-ttcp-spoof INFERRED ACTION: CAN-1999-0796 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Blake, Stracener, Prosser MODIFY(1) Frech NOOP(1) Cole Comments: Frech> XF:freebsd-ttcp-spoof ================================= Candidate: CAN-1999-0797 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks. Reference: CIAC:I-070 Reference: XF:sun-nis-nisplus NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries. Modifications: ADDREF XF:sun-nis-nisplus ADDREF ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks. INFERRED ACTION: CAN-1999-0797 ACCEPT (3 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech Comments: Frech> XF:sun-nis-nisplus ================================= Candidate: CAN-1999-0806 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991125 Category: SF Reference: BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R1173 Reference: XF:cde-dtprintinfo Buffer overflow in Solaris dtprintinfo program. Modifications: ADDREF BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits INFERRED ACTION: CAN-1999-0806 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Ozancin, Frech MODIFY(1) Stracener NOOP(1) Christey Comments: Stracener> Add Ref: BUGTRAQ:19990510:Solaris2.6,2.7 dtprintinfo exploits Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Posted by UNYUN of Shadow Penguin Security; Darren J Christey> Moffat claims it is Sun Bug# 4139394. ================================= Candidate: CAN-1999-0890 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities Reference: XF:ihtml-merchant-file-access iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error. Modifications: ADDREF XF:ihtml-merchant-file-access INFERRED ACTION: CAN-1999-0890 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> ADDREF XF:ihtml-merchant-file-access ================================= Candidate: CAN-1999-0893 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow Reference: XF:sco-openserver-userosa-script userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack. Modifications: ADDREF XF:sco-openserver-userosa-script INFERRED ACTION: CAN-1999-0893 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech Comments: Frech> XF:sco-openserver-userosa-script ================================= Candidate: CAN-1999-0896 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.991105022225.914A-100000@attica.gen.nz Reference: MISC:http://service.real.com/help/faq/servg260.html Reference: XF:realserver-g2-pw-bo Reference: BID:767 Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password. Modifications: ADDREF XF:realserver-g2-pw-bo ADDREF MISC:http://service.real.com/help/faq/servg260.html INFERRED ACTION: CAN-1999-0896 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(1) Christey Comments: Frech> ADDREF XF:realserver-g2-pw-bo Christey> This candidate is unconfirmed by the vendor. ================================= Candidate: CAN-1999-0908 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990921 solaris DoS Reference: BID:655 Reference: XF:sun-tcp-mutex-enter-dos Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter. Modifications: ADDREF XF:sun-tcp-mutex-enter-dos INFERRED ACTION: CAN-1999-0908 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech Comments: Frech> sun-tcp-mutex-enter-dos ================================= Candidate: CAN-1999-0916 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 19991222 Assigned: 19991208 Category: CF Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software Reference: URL:http://xforce.iss.net/alerts/advise29.php3 WebTrends software stores account names and passwords in a file which does not have restricted access permissions. INFERRED ACTION: CAN-1999-0916 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> XF:webtrends-bad-perms ================================= Candidate: CAN-1999-0920 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d Reference: XF:pop2-fold-bo Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command. Modifications: ADDREF XF:pop2-fold-bo INFERRED ACTION: CAN-1999-0920 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Ozancin MODIFY(1) Frech Comments: Frech> ADDREF XF:pop2-fold-bo ================================= Candidate: CAN-1999-0931 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991208 Category: SF Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01 Reference: BID:734 Reference: XF:mediahouse-stats-login-bo Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands. Modifications: ADDREF XF:mediahouse-stats-login-bo INFERRED ACTION: CAN-1999-0931 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech Comments: Frech> ADDREF XF:mediahouse-stats-login-bo ================================= Candidate: CAN-1999-0964 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991214 Assigned: 19991208 Category: SF Reference: FREEBSD:FreeBSD-SA-97:01 Reference: XF:freebsd-setlocale-bo Buffer overflow in FreeBSD setlocale in the libc module. Modifications: ADDREF XF:freebsd-setlocale-bo INFERRED ACTION: CAN-1999-0964 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(5) Cole, Blake, Stracener, Prosser, Meunier MODIFY(1) Frech Comments: Frech> XF:freebsd-setlocale-bo ================================= Candidate: CAN-1999-0966 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 19991222 Assigned: 19991208 Category: SF Reference: L0PHT:19970127 Solaris libc - getopt(3) Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0]. INFERRED ACTION: CAN-1999-0966 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Ozancin, Meunier ================================= Candidate: CAN-1999-0996 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: EEYE:AD19991215 Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow Reference: XF:infoseek-ultraseek-bo Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request. Modifications: ADDREF XF:infoseek-ultraseek-bo INFERRED ACTION: CAN-1999-0996 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Comments: Frech> XF:infoseek-ultraseek-bo ================================= Candidate: CAN-1999-0998 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Reference: XF:cisco-cache-engine-replace Cisco Cache Engine allows an attacker to replace content in the cache. Modifications: ADDREF XF:cisco-cache-engine-replace INFERRED ACTION: CAN-1999-0998 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Stracener MODIFY(2) Cole, Frech NOOP(1) Wall Comments: Cole> This vulnerability exists in PPP CHAP authentication. Also the BID is 693. Cole> If I have the right vulnerability. The description is not that clear. Frech> XF:cisco-cache-engine-replace ================================= Candidate: CAN-1999-1000 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 19991222 Assigned: 19991221 Category: SF Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities Reference: XF:cisco-cache-engine-performance The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics. Modifications: ADDREF XF:cisco-cache-engine-performance INFERRED ACTION: CAN-1999-1000 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(1) Wall Comments: Frech> XF:cisco-cache-engine-performance ================================= Candidate: CAN-2000-0003 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion Reference: BUGTRAQ:20000127 New SCO patches... Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable. Modifications: ADDREF BUGTRAQ:20000127 New SCO patches... INFERRED ACTION: CAN-2000-0003 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong NOOP(1) Christey Comments: Christey> ADDREF BUGTRAQ:20000127 New SCO patches... ================================= Candidate: CAN-2000-0022 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory. INFERRED ACTION: CAN-2000-0022 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0023 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL. INFERRED ACTION: CAN-2000-0023 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0025 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: MS:MS99-058 Reference: MSKB:Q238606 IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. Modifications: ADDREF MSKB:Q238606 INFERRED ACTION: CAN-2000-0025 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Armstrong MODIFY(1) Stracener Comments: Stracener> Add Ref: MSKB:Q238606 ================================= Candidate: CAN-2000-0026 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000120-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string. Modifications: ADDREF BUGTRAQ:19991223 FYI, SCO Security patches available. INFERRED ACTION: CAN-2000-0026 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0029 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000120-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991227 UnixWare local pis exploit Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware. Reference: BID:901 UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack. Modifications: ADDREF BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware. INFERRED ACTION: CAN-2000-0029 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0031 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1 Reference: REDHAT:RHSA-1999:052-04 The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack. INFERRED ACTION: CAN-2000-0031 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0036 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: MS:MS99-060 Reference: MSKB:Q249082 Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability. INFERRED ACTION: CAN-2000-0036 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0037 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000207-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991228 majordomo local exploit Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware. Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities Reference: BID:903 Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. Modifications: ADDREF BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware. ADDREF BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities INFERRED ACTION: CAN-2000-0037 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0039 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000121-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991229 AltaVista Reference: BUGTRAQ:19991230 Follow UP AltaVista Reference: BUGTRAQ:19991229 AltaVista followup and monitor script Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability Reference: BUGTRAQ:20000109 Altavista followup Reference: BID:896 AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program. INFERRED ACTION: CAN-2000-0039 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0040 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions) glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command. INFERRED ACTION: CAN-2000-0040 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0041 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections Reference: BID:890 Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack. INFERRED ACTION: CAN-2000-0041 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Armstrong ================================= Candidate: CAN-2000-0088 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: MS:MS00-002 Reference: XF:office-malformed-convert Reference: BID:946 Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability. INFERRED ACTION: CAN-2000-0088 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0089 Published: Final-Decision: Interim-Decision: 20000315 Modified: 20000313-01 Proposed: 20000208 Assigned: 20000202 Category: SF Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition Reference: MS:MS00-004 Reference: MSKB:Q249108 Reference: BID:947 Reference: XF:nt-rdisk-enum-file The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability. Modifications: DESC Add Win NT 4.0 INFERRED ACTION: CAN-2000-0089 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Wall Comments: Wall> Add Windows NT 4.0 server and workstation as well. It works on these platforms Wall> as well. ================================= Candidate: CAN-2000-0097 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126) Reference: MS:MS00-006 Reference: BID:950 Reference: XF:http-indexserver-dirtrans The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability. INFERRED ACTION: CAN-2000-0097 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0098 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000208 Assigned: 20000202 Category: SF Reference: MS:MS00-006 Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist. INFERRED ACTION: CAN-2000-0098 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0121 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000208 Assigned: 20000208 Category: SF Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000 Reference: MS:MS00-007 Reference: MSKB:Q248399 Reference: BID:963 The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. INFERRED ACTION: CAN-2000-0121 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0139 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000216 Assigned: 20000216 Category: SF Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2 Reference: BID:982 Reference: URL:http://www.securityfocus.com/bid/982 Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command. INFERRED ACTION: CAN-2000-0139 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Cole, Blake NOOP(2) LeBlanc, Christey Comments: Christey> This candidate is unconfirmed by the vendor. Christey> Christey> Reported by Nobuo Miwa, moderator of BUGTRAQ-JP. Blake> In his Bugtraq post, Nobuo claims to have discussed it with the vendor and Blake> that they said they were working on a fix. That's good enough for me. ================================= Candidate: CAN-2000-0145 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000216 Assigned: 20000216 Category: CF Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0038.html Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0 The libguile.so library file used by gnucash in Debian Linux is installed with world-writable permissions. INFERRED ACTION: CAN-2000-0145 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Blake, Cole NOOP(2) LeBlanc, Christey ================================= Candidate: CAN-2000-0148 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000216 Assigned: 20000216 Category: SF Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions Reference: BUGTRAQ:20000214 MySQL 3.22.32 released Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSO.4.21.0002141636590.27495-100000@birdie.sekure.net Reference: BID:975 Reference: URL:http://www.securityfocus.com/bid/975 MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string. INFERRED ACTION: CAN-2000-0148 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Blake, Cole NOOP(1) LeBlanc ================================= Candidate: CAN-2000-0149 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000216 Assigned: 20000216 Category: SF Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings Reference: BID:977 Reference: URL:http://www.securityfocus.com/bid/977 Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL. INFERRED ACTION: CAN-2000-0149 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Blake, Cole NOOP(1) LeBlanc ================================= Candidate: CAN-2000-0150 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000216 Assigned: 20000216 Category: SF Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=51A8E31DE32DD211A0590008C71E7E4C59686E@tro-03-msg.merkantildata.no Reference: BID:979 Reference: URL:http://www.securityfocus.com/bid/979 Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets which Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt. INFERRED ACTION: CAN-2000-0150 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) LeBlanc, Bishop, Blake, Cole ================================= Candidate: CAN-2000-0152 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000216 Assigned: 20000216 Category: SF Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable. Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000. INFERRED ACTION: CAN-2000-0152 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Bishop, Blake, Cole NOOP(1) LeBlanc ================================= Candidate: CAN-2000-0156 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: MS:MS00-009 Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-009.asp Internet Explorer 4.x and 5.x allow a remote web server to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability. INFERRED ACTION: CAN-2000-0156 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, LeBlanc ================================= Candidate: CAN-2000-0161 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: MS:MS00-010 Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-010.asp Reference: BID:994 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=994 Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands. INFERRED ACTION: CAN-2000-0161 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, LeBlanc ================================= Candidate: CAN-2000-0162 Published: Final-Decision: Interim-Decision: 20000315 Modified: Proposed: 20000223 Assigned: 20000223 Category: SF Reference: MS:MS00-011 Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-011.asp The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability. INFERRED ACTION: CAN-2000-0162 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Wall, Cole, LeBlanc
|
||||
