[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster RECENT-18 - 14 candidates



* Steven M. Christey (coley@LINUS.MITRE.ORG) [000518 00:58]:
> The following cluster contains 14 candidates that were announced
> between April 27 and May 17, 2000.  Note that this cluster does not
> include all new issues between these dates; those will be added in a
> future posting.
>
> The candidates are listed in order of priority.  Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
>
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
>
> - Steve
>
>
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
>
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
>
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
>
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
>
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
>
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
>
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
>
> =================================
> Candidate: CAN-2000-0303
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000503
> Category: SF
> Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
> Reference: URL:http://xforce.iss.net/alerts/advise50.php3
> Reference: CONFIRM:http://www.quake3arena.com/news/index.html
>
> Quake3 Arena allows malicious server operators to read or modify
> files on a client via a dot dot (..) attack.
>
>
> ED_PRI CAN-2000-0303 1
>
>
> VOTE: MODIFY

Reference: BID 1169

>
> =================================
> Candidate: CAN-2000-0304
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000508
> Category: SF
> Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
> Reference: URL:http://xforce.iss.net/alerts/advise52.php3
> Reference: MS:MS00-031
> Reference: URL:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905
>
> Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory
> installed allows a remote attacker to cause a denial of servoce via a
> malformed request to the inetinfo.exe program
>
>
> ED_PRI CAN-2000-0304 1
>
>
> VOTE: MODIFY

Reference: BID 1191

> =================================
> Candidate: CAN-2000-0342
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
> Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
> Reference: BID:1157
> Reference: URL:http://www.securityfocus.com/bid/1157
>
> Eudora 4.x allows remote attackers to bypass the user warning for
> executable attachments by using a .lnk file that refers to the
> attachment.
>
>
> ED_PRI CAN-2000-0342 2
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0346
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com
> Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
> Reference: BID:1162
> Reference: URL:http://www.securityfocus.com/bid/1162
>
> AppleShare IP 6.1 and later allows a remote attacker to read
> potentially sensitive information via an invalid range request to the
> web server
>
>
> ED_PRI CAN-2000-0346 2
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0350
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000516
> Category: SF
> Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
> Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/
>
> A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is
> enabled, which allows a remote attacker to bypass the weak
> authentication and post unencrypted events.
>
>
> ED_PRI CAN-2000-0350 2
>
>
> VOTE: MODIFY

Reference: BID 1216

>
> =================================
> Candidate: CAN-2000-0332
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com
> Reference: BID:1164
> Reference: URL:http://www.securityfocus.com/bid/1164
>
> UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows
> remote attackers to read arbitrary files via a pathname string that
> includes a dot dot (..) and ends with a null byte.
>
>
> ED_PRI CAN-2000-0332 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0333
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000502 Denial of service attack against tcpdump
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.10.10005021942380.2077-100000@paranoia.pgci.ca
> Reference: BID:1165
> Reference: URL:http://www.securityfocus.com/bid/1165
>
> tcpdump, Ethereal, and other sniffer packages allow remote attackers
> to cause a denial of service via malformed DNS packets in which a jump
> offset refers to itself, which causes tcpdump to enter an infinite
> loop while decompressing the packet.
>
>
> ED_PRI CAN-2000-0333 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0335
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000502 glibc resolver weakness
> Reference: BID:1166
> Reference: URL:http://www.securityfocus.com/bid/1166
>
> The resolver in glibc 2.1.3 uses predictable IDs, which allows a local
> attacker to spoof DNS query results.
>
>
> ED_PRI CAN-2000-0335 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0340
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub
> Reference: BID:1155
> Reference: URL:http://www.securityfocus.com/bid/1155
>
> Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to
> execute arbitrary commands via the DISPLAY environmental variable.
>
>
> ED_PRI CAN-2000-0340 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0341
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
> Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2
> Reference: BID:1156
> Reference: URL:http://www.securityfocus.com/bid/1156
>
> ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a
> denial of service via a long login name.
>
>
> ED_PRI CAN-2000-0341 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0343
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000502 spj-003-000 - S0ftPj Advisory
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005021736.TAA01991@ALuSSi
> Reference: BID:1158
> Reference: URL:http://www.securityfocus.com/bid/1158
>
> Buffer overflow in Sniffit 0.3.x with the -L logging option enabled
> allows remote attackers to execute arbitrary commands via a long MAIL
> FROM mail header.
>
>
> ED_PRI CAN-2000-0343 3
>
>
> VOTE:ACCEPT
>
> =================================
> Candidate: CAN-2000-0344
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000501 Linux knfsd DoS issue
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk
> Reference: BID:1160
> Reference: URL:http://www.securityfocus.com/bid/1160
>
> The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to
> cause a denial of service via a negative size value.
>
>
> ED_PRI CAN-2000-0344 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0345
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000502 Possible issue with Cisco on-line help?
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502222246.28423.qmail@securityfocus.com
> Reference: BID:1161
> Reference: URL:http://www.securityfocus.com/bid/1161
>
> The on-line help system options in Cisco routers allows non-privileged
> users without "enabled" access to obtain sensitive information via
> the show command.
>
>
> ED_PRI CAN-2000-0345 3
>
>
> VOTE:

Arguably this is not a vulnerability. Cisco replying saying this
is standard behaviour that was simply not well documented. They have
no plans to change it and will simply document it better.

>
> =================================
> Candidate: CAN-2000-0347
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)
> Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95737580922397&w=2
> Reference: BID:1163
> Reference: URL:http://www.securityfocus.com/bid/1163
>
> Windows 95 and Windows 98 allow a remote attacker to cause a denial of
> service via a NETBIOS session request packet with a NULL source name.
>
>
> ED_PRI CAN-2000-0347 3
>
>
> VOTE ACCEPT

--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Page Last Updated or Reviewed: May 22, 2007