|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-17 - 15 candidates
The following cluster contains 15 candidates that were announced between April 13 and April 25, 2000. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0311 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: MS:MS00-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp Reference: BID:1145 Reference: URL:http://www.securityfocus.com/bid/1145 The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. ED_PRI CAN-2000-0311 1 VOTE: ================================= Candidate: CAN-2000-0331 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html Reference: MS:MS00-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp Reference: BID:1135 Reference: URL:http://www.securityfocus.com/bid/1135 Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. ED_PRI CAN-2000-0331 1 VOTE: ================================= Candidate: CAN-2000-0334 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: ALLAIRE:ASB00-10 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. ED_PRI CAN-2000-0334 1 VOTE: ================================= Candidate: CAN-2000-0336 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: REDHAT:RHSA-2000:012-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000012-05.html OpenLDAP server in Red Hat Linux allows local users to modify arbitrary files via a symlink attack. ED_PRI CAN-2000-0336 1 VOTE: ================================= Candidate: CAN-2000-0317 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 Solaris 7 x86 lpset exploit. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0192.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html Reference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95729763119559&w=2 Reference: SUNBUG:4334568 Reference: BID:1138 Reference: URL:http://www.securityfocus.com/bid/1138 Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option. ED_PRI CAN-2000-0317 2 VOTE: ================================= Candidate: CAN-2000-0316 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html Reference: BID:1143 Reference: URL:http://www.securityfocus.com/bid/1143 Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. ED_PRI CAN-2000-0316 3 VOTE: ================================= Candidate: CAN-2000-0318 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20 Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html Reference: BID:1144 Reference: URL:http://www.securityfocus.com/bid/1144 Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack. ED_PRI CAN-2000-0318 3 VOTE: ================================= Candidate: CAN-2000-0319 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU Reference: BID:1146 Reference: URL:http://www.securityfocus.com/bid/1146 mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n. ED_PRI CAN-2000-0319 3 VOTE: ================================= Candidate: CAN-2000-0320 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU Reference: BID:1133 Reference: URL:http://www.securityfocus.com/bid/1133 Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n. ED_PRI CAN-2000-0320 3 VOTE: ================================= Candidate: CAN-2000-0321 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 Buffer Overflow in version .14 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0190.html Reference: BID:1147 Reference: URL:http://www.securityfocus.com/bid/1147 Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name. ED_PRI CAN-2000-0321 3 VOTE: ================================= Candidate: CAN-2000-0322 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 piranha default password/exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com Reference: BID:1149 Reference: URL:http://www.securityfocus.com/bid/1149 The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execure arbitrary commands via shell metacharacters. ED_PRI CAN-2000-0322 3 VOTE: ================================= Candidate: CAN-2000-0324 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere. Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com Reference: BID:1150 Reference: URL:http://www.securityfocus.com/bid/1150 pcAnywhere 8.x and 9.x allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap. ED_PRI CAN-2000-0324 3 VOTE: ================================= Candidate: CAN-2000-0326 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BID:1151 Reference: URL:http://www.securityfocus.com/bid/1151 Reference: CONFIRM:http://support.on.com/support/mmxp.nsf/31af51e08bcc93eb852565a90056138b/11af70407a16b165852568c50056a952?OpenDocument Meeting Maker uses weak encryption (a polyalphabetic substitution cipher) for passwords, which allows remote attackers to sniff and decrypt passwords for Meeting Maker accounts. ED_PRI CAN-2000-0326 3 VOTE: ================================= Candidate: CAN-2000-0337 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html Reference: BID:1140 Reference: URL:http://www.securityfocus.com/bid/1140 Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter. ED_PRI CAN-2000-0337 3 VOTE: ================================= Candidate: CAN-2000-0338 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BID:1136 Reference: URL:http://www.securityfocus.com/bid/1136 Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user. ED_PRI CAN-2000-0338 3 VOTE: ================================= Candidate: CAN-2000-0339 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000420 ZoneAlarm Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com Reference: BID:1137 Reference: URL:http://www.securityfocus.com/bid/1137 ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules. ED_PRI CAN-2000-0339 3 VOTE:
|
||||
