[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-11 - 19 candidates

The following cluster contains 19 candidates that were announced
between February 3 and February 26, 2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0211
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS00-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-013.asp
Reference: XF:win-media-dos
Reference: BID:1000
Reference: URL:http://www.securityfocus.com/bid/1000

The Windows Media server allows remote attackers to cause a denial of
service via a series of client handshake packets that are sent in an
improper sequence, aka the "Misordered Windows Media Services
Handshake" vulnerability.


ED_PRI CAN-2000-0211 1


VOTE:

=================================
Candidate: CAN-2000-0215
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: SCO:SB-00.05
Reference: URL:ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.05a
Reference: BID:1019
Reference: URL:http://www.securityfocus.com/bid/1019

Vulnerability in SCO cu program in UnixWare 7.x allows local users to
gain privileges.


ED_PRI CAN-2000-0215 1


VOTE:

=================================
Candidate: CAN-2000-0218
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: SUSE:20000210 util < 2.10f
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_39.txt
Reference: CALDERA:CSSA-2000-002.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-002.0.txt

Buffer overflow in Linux mount and umount allows local users to gain
root privileges via a long relative pathname.


ED_PRI CAN-2000-0218 1


VOTE:

=================================
Candidate: CAN-2000-0224
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: NAI:20000215 ARCserve symlink vulnerability
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/37_ARCserve.asp
Reference: SCO:SSE063
Reference: URL:ftp://ftp.sco.com/SSE/sse063.ltr
Reference: XF:sco-openserver-arc-symlink

ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root
privileges via a symlink attack.


ED_PRI CAN-2000-0224 1


VOTE:

=================================
Candidate: CAN-2000-0170
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0348.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0078.html
Reference: BID:1011
Reference: URL:http://www.securityfocus.com/bid/1011

Buffer overflow in the man program in Linux allows local users to
gain privileges via the MANPAGER environmental variable.


ED_PRI CAN-2000-0170 2


VOTE:

=================================
Candidate: CAN-2000-0212
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPEELFCCAA.labs@ussrback.com
Reference: BID:1001
Reference: URL:http://www.securityfocus.com/bid/1001

InterAccess TelnetID Server 4.0 allows remote attackers to conduct a
denial of service via malformed terminal client configuration
information.


ED_PRI CAN-2000-0212 2


VOTE:

=================================
Candidate: CAN-2000-0182
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0276.html

iPlanet Web Server 4.1 allows remote attackers to cause a denial of
service via a large number of GET commands, which consumes memory and
causes a kernel panic.


ED_PRI CAN-2000-0182 3


VOTE:

=================================
Candidate: CAN-2000-0194
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1007
Reference: URL:http://www.securityfocus.com/bid/1007

buildxconf in Corel Linux allows local users to modify or create
arbitrary files via the -x or -f parameters.


ED_PRI CAN-2000-0194 3


VOTE:

=================================
Candidate: CAN-2000-0195
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1008
Reference: URL:http://www.securityfocus.com/bid/1008

setxconf in Corel Linux allows local users to gain root access via the
-T parameter, which executes the user's .xserverrc file.


ED_PRI CAN-2000-0195 3


VOTE:

=================================
Candidate: CAN-2000-0203
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000228 Re: TrendMicro OfficeScan tmlisten.exe DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=412FC0AFD62ED31191B40008C7E9A11A0D481D@srvnt04.previnet.it
Reference: BUGTRAQ:20000315 Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com
Reference: MISC:http://www.antivirus.com/download/ofce_patch_35.htm
Reference: BID:1013
Reference: URL:http://www.securityfocus.com/bid/1013

The Trend Micro OfficeScan client tmlisten.exe allows remote attackers
to cause a denial of service via malformed data to port 12345.


ED_PRI CAN-2000-0203 3


VOTE:

=================================
Candidate: CAN-2000-0204
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000226 DOS in Trendmicro OfficeScan
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0340.html
Reference: BUGTRAQ:20000315 Trend Micro release patch for "OfficeScan DoS & Message Replay" V ulnerabilies
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=D129BBE1730AD2118A0300805FC1C2FE038AF28B@209-76-212-10.trendmicro.com
Reference: MISC:http://www.antivirus.com/download/ofce_patch_35.htm
Reference: BID:1013
Reference: URL:http://www.securityfocus.com/bid/1013

The Trend Micro OfficeScan client allows remote attackers to cause a
denial of service by making 5 connections to port 12345, which raises
CPU utilization to 100%.


ED_PRI CAN-2000-0204 3


VOTE:

=================================
Candidate: CAN-2000-0210
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0267.html
Reference: BID:998
Reference: URL:http://www.securityfocus.com/bid/998

The lit program in Sun Flex License Manager (FlexLM) follows symlinks,
which allows local users to modify arbitrary files.


ED_PRI CAN-2000-0210 3


VOTE:

=================================
Candidate: CAN-2000-0213
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000223 Sambar Server alert!
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38B3E60A.6A84FEC3@cybcom.net
Reference: CONFIRM:http://www.sambar.com/session/highlight?url=/syshelp/history.htm&words=security+&color=red
Reference: XF:sambar-batfiles
Reference: BID:1002
Reference: URL:http://www.securityfocus.com/bid/1002

The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the
CGI directory, which allow remote attackers to execute commands via
shell metacharacters.


ED_PRI CAN-2000-0213 3


VOTE:

=================================
Candidate: CAN-2000-0214
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000224 How the password could be recover using FTP Explorer's  registry!
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10002242035500.30645-100000@unreal.sekure.org
Reference: BID:1003
Reference: URL:http://www.securityfocus.com/bid/1003

FTP Explorer uses weak encryption for storing the username, password,
and profile of FTP sites.


ED_PRI CAN-2000-0214 3


VOTE:

=================================
Candidate: CAN-2000-0217
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000224 SSH & xauth
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0317.html
Reference: BID:1006
Reference: URL:http://www.securityfocus.com/bid/1006

The default configuration of SSH allows X forwarding, which could
allow a remote attacker to control a client's X sessions via a
malicious xauth program.


ED_PRI CAN-2000-0217 3


VOTE:

=================================
Candidate: CAN-2000-0219
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000223 redhat 6.0: single user boot security hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200002230248.NAA19185@cairo.anu.edu.au
Reference: BID:1005
Reference: URL:http://www.securityfocus.com/bid/1005

Red Hat 6.0 allows local users to gain root access by booting single
user and hitting ^C at the password prompt.


ED_PRI CAN-2000-0219 3


VOTE:

=================================
Candidate: CAN-2000-0220
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000225 Zonealarm exports sensitive data

ZoneAlarm sends sensitive system and network information in cleartext
to the Zone Labs server if a user requests more information about an
event.


ED_PRI CAN-2000-0220 3


VOTE:

=================================
Candidate: CAN-2000-0221
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000225 Scorpion Marlin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0324.html
Reference: BID:1009
Reference: URL:http://www.securityfocus.com/bid/1009

The Nautica Marlin bridge allows remote attackers to cause a denial of
service via a zero length UDP packet to the SNMP port.


ED_PRI CAN-2000-0221 3


VOTE:

=================================
Candidate: CAN-2000-0222
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr
Reference: BID:990
Reference: URL:http://www.securityfocus.com/bid/990

The installation for Windows 2000 does not activate the Administrator
password until the system has rebooted, which allows remote attackers
to connect to the ADMIN$ share without a password until the reboot
occurs.


ED_PRI CAN-2000-0222 3


VOTE:
Page Last Updated or Reviewed: May 22, 2007