[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-17 - 15 candidates



The following cluster contains 15 candidates that were announced
between April 13 and April 25, 2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0311
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: MS:MS00-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp
Reference: BID:1145
Reference: URL:http://www.securityfocus.com/bid/1145

The Windows 2000 domain controller allows a malicious user to modify
Active Directory information by modifying an unprotected attribute,
aka the "Mixed Object Access" vulnerability.


ED_PRI CAN-2000-0311 1


VOTE:

=================================
Candidate: CAN-2000-0331
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html
Reference: MS:MS00-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp
Reference: BID:1135
Reference: URL:http://www.securityfocus.com/bid/1135

Buffer overflow in Microsoft command processor (CMD.EXE) for Windows
NT and Windows 2000 allows a local user to cause a denial of service
via a long environment variable, aka the "Malformed Environment
Variable" vulnerability.


ED_PRI CAN-2000-0331 1


VOTE:

=================================
Candidate: CAN-2000-0334
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: ALLAIRE:ASB00-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full

The Allaire Spectra container editor preview tool does not properly
enforce object security, which allows an attacker to conduct
unauthorized activities via an object-method that is added to the
container object with a publishing rule.


ED_PRI CAN-2000-0334 1


VOTE:

=================================
Candidate: CAN-2000-0336
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: REDHAT:RHSA-2000:012-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000012-05.html

OpenLDAP server in Red Hat Linux allows local users to modify
arbitrary files via a symlink attack.


ED_PRI CAN-2000-0336 1


VOTE:

=================================
Candidate: CAN-2000-0317
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 Solaris 7 x86 lpset exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0192.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
Reference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95729763119559&w=2
Reference: SUNBUG:4334568
Reference: BID:1138
Reference: URL:http://www.securityfocus.com/bid/1138

Buffer overflow in Solaris 7 lpset allows local users to gain root
privileges via a long -r option.


ED_PRI CAN-2000-0317 2


VOTE:

=================================
Candidate: CAN-2000-0316
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
Reference: BID:1143
Reference: URL:http://www.securityfocus.com/bid/1143

Buffer overflow in Solaris 7 lp allows local users to gain root
privileges via a long -d option.


ED_PRI CAN-2000-0316 3


VOTE:

=================================
Candidate: CAN-2000-0318
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html
Reference: BID:1144
Reference: URL:http://www.securityfocus.com/bid/1144

Atrium Mercur Mail Server 3.2 allows local attackers to read other
user's email and create arbitrary files via a dot dot (..) attack.


ED_PRI CAN-2000-0318 3


VOTE:

=================================
Candidate: CAN-2000-0319
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU
Reference: BID:1146
Reference: URL:http://www.securityfocus.com/bid/1146

mail.local in Sendmail 8.10.x does not properly identify the .\n
string which identifies the end of message text, which allows a remote
attacker to cause a denial of service or corrupt mailboxes via a
message line that is 2047 characters long and ends in .\n.


ED_PRI CAN-2000-0319 3


VOTE:

=================================
Candidate: CAN-2000-0320
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU
Reference: BID:1133
Reference: URL:http://www.securityfocus.com/bid/1133

Qpopper 2.53 and 3.0 does not properly identify the \n string which
identifies the end of message text, which allows a remote attacker to
cause a denial of service or corrupt mailboxes via a message line that
is 1023 characters long and ends in \n.


ED_PRI CAN-2000-0320 3


VOTE:

=================================
Candidate: CAN-2000-0321
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 Buffer Overflow in version .14
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0190.html
Reference: BID:1147
Reference: URL:http://www.securityfocus.com/bid/1147

Buffer overflow in IC Radius package allows a remote attacker to cause
a denial of service via a long user name.


ED_PRI CAN-2000-0321 3


VOTE:

=================================
Candidate: CAN-2000-0322
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 piranha default password/exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com
Reference: BID:1149
Reference: URL:http://www.securityfocus.com/bid/1149

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server
Package allows local users to execure arbitrary commands via shell
metacharacters.


ED_PRI CAN-2000-0322 3


VOTE:

=================================
Candidate: CAN-2000-0324
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com
Reference: BID:1150
Reference: URL:http://www.securityfocus.com/bid/1150

pcAnywhere 8.x and 9.x allows remote attackers to cause a denial of
service via a TCP SYN scan, e.g. by nmap.


ED_PRI CAN-2000-0324 3


VOTE:

=================================
Candidate: CAN-2000-0326
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BID:1151
Reference: URL:http://www.securityfocus.com/bid/1151
Reference: CONFIRM:http://support.on.com/support/mmxp.nsf/31af51e08bcc93eb852565a90056138b/11af70407a16b165852568c50056a952?OpenDocument

Meeting Maker uses weak encryption (a polyalphabetic substitution
cipher) for passwords, which allows remote attackers to sniff and
decrypt passwords for Meeting Maker accounts.


ED_PRI CAN-2000-0326 3


VOTE:

=================================
Candidate: CAN-2000-0337
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
Reference: BID:1140
Reference: URL:http://www.securityfocus.com/bid/1140

Buffer overflow in Xsun X server in Solaris 7 allows local users to
gain root privileges via a long -dev parameter.


ED_PRI CAN-2000-0337 3


VOTE:

=================================
Candidate: CAN-2000-0338
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BID:1136
Reference: URL:http://www.securityfocus.com/bid/1136

Concurrent Versions Software (CVS) uses predictable temporary file
names for locking, which allows local users to cause a denial of
service by creating the lock directory before it is created for use by
a legitimate CVS user.


ED_PRI CAN-2000-0338 3


VOTE:

=================================
Candidate: CAN-2000-0339
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000420 ZoneAlarm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com
Reference: BID:1137
Reference: URL:http://www.securityfocus.com/bid/1137

ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source
port of 67, which allows remote attackers to bypass the firewall
rules.


ED_PRI CAN-2000-0339 3


VOTE:

Page Last Updated or Reviewed: May 22, 2007