|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-18 - 14 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000518 00:58]: > The following cluster contains 14 candidates that were announced > between April 27 and May 17, 2000. Note that this cluster does not > include all new issues between these dates; those will be added in a > future posting. > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0303 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000503 > Category: SF > Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature > Reference: URL:http://xforce.iss.net/alerts/advise50.php3 > Reference: CONFIRM:http://www.quake3arena.com/news/index.html > > Quake3 Arena allows malicious server operators to read or modify > files on a client via a dot dot (..) attack. > > > ED_PRI CAN-2000-0303 1 > > > VOTE: MODIFY Reference: BID 1169 > > ================================= > Candidate: CAN-2000-0304 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000508 > Category: SF > Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack > Reference: URL:http://xforce.iss.net/alerts/advise52.php3 > Reference: MS:MS00-031 > Reference: URL:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905 > > Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory > installed allows a remote attacker to cause a denial of servoce via a > malformed request to the inetinfo.exe program > > > ED_PRI CAN-2000-0304 1 > > > VOTE: MODIFY Reference: BID 1191 > ================================= > Candidate: CAN-2000-0342 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html > Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077 > Reference: BID:1157 > Reference: URL:http://www.securityfocus.com/bid/1157 > > Eudora 4.x allows remote attackers to bypass the user warning for > executable attachments by using a .lnk file that refers to the > attachment. > > > ED_PRI CAN-2000-0342 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0346 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com > Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670 > Reference: BID:1162 > Reference: URL:http://www.securityfocus.com/bid/1162 > > AppleShare IP 6.1 and later allows a remote attacker to read > potentially sensitive information via an invalid range request to the > web server > > > ED_PRI CAN-2000-0346 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0350 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000516 > Category: SF > Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220 > Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/ > > A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is > enabled, which allows a remote attacker to bypass the weak > authentication and post unencrypted events. > > > ED_PRI CAN-2000-0350 2 > > > VOTE: MODIFY Reference: BID 1216 > > ================================= > Candidate: CAN-2000-0332 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com > Reference: BID:1164 > Reference: URL:http://www.securityfocus.com/bid/1164 > > UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows > remote attackers to read arbitrary files via a pathname string that > includes a dot dot (..) and ends with a null byte. > > > ED_PRI CAN-2000-0332 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0333 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000502 Denial of service attack against tcpdump > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca > Reference: BID:1165 > Reference: URL:http://www.securityfocus.com/bid/1165 > > tcpdump, Ethereal, and other sniffer packages allow remote attackers > to cause a denial of service via malformed DNS packets in which a jump > offset refers to itself, which causes tcpdump to enter an infinite > loop while decompressing the packet. > > > ED_PRI CAN-2000-0333 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0335 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000502 glibc resolver weakness > Reference: BID:1166 > Reference: URL:http://www.securityfocus.com/bid/1166 > > The resolver in glibc 2.1.3 uses predictable IDs, which allows a local > attacker to spoof DNS query results. > > > ED_PRI CAN-2000-0335 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0340 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub > Reference: BID:1155 > Reference: URL:http://www.securityfocus.com/bid/1155 > > Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to > execute arbitrary commands via the DISPLAY environmental variable. > > > ED_PRI CAN-2000-0340 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0341 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM > Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2 > Reference: BID:1156 > Reference: URL:http://www.securityfocus.com/bid/1156 > > ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a > denial of service via a long login name. > > > ED_PRI CAN-2000-0341 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0343 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000502 spj-003-000 - S0ftPj Advisory > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005021736.TAA01991@ALuSSi > Reference: BID:1158 > Reference: URL:http://www.securityfocus.com/bid/1158 > > Buffer overflow in Sniffit 0.3.x with the -L logging option enabled > allows remote attackers to execute arbitrary commands via a long MAIL > FROM mail header. > > > ED_PRI CAN-2000-0343 3 > > > VOTE:ACCEPT > > ================================= > Candidate: CAN-2000-0344 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000501 Linux knfsd DoS issue > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk > Reference: BID:1160 > Reference: URL:http://www.securityfocus.com/bid/1160 > > The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to > cause a denial of service via a negative size value. > > > ED_PRI CAN-2000-0344 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0345 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: BUGTRAQ:20000502 Possible issue with Cisco on-line help? > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com > Reference: BID:1161 > Reference: URL:http://www.securityfocus.com/bid/1161 > > The on-line help system options in Cisco routers allows non-privileged > users without "enabled" access to obtain sensitive information via > the show command. > > > ED_PRI CAN-2000-0345 3 > > > VOTE: Arguably this is not a vulnerability. Cisco replying saying this is standard behaviour that was simply not well documented. They have no plans to change it and will simply document it better. > > ================================= > Candidate: CAN-2000-0347 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000518 > Assigned: 20000511 > Category: SF > Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c) > Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2 > Reference: BID:1163 > Reference: URL:http://www.securityfocus.com/bid/1163 > > Windows 95 and Windows 98 allow a remote attacker to cause a denial of > service via a NETBIOS session request packet with a NULL source name. > > > ED_PRI CAN-2000-0347 3 > > > VOTE ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
