[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster RECENT-17 - 15 candidates



* Steven M. Christey (coley@LINUS.MITRE.ORG) [000518 00:49]:
> The following cluster contains 15 candidates that were announced
> between April 13 and April 25, 2000.
> 
> The candidates are listed in order of priority.  Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
> 
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
> 
> - Steve
> 
> 
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
> 
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
> 
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
> 
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
> 
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
> 
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
> 
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
> 
> =================================
> Candidate: CAN-2000-0311
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: MS:MS00-026
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp
> Reference: BID:1145
> Reference: URL:http://www.securityfocus.com/bid/1145
> 
> The Windows 2000 domain controller allows a malicious user to modify
> Active Directory information by modifying an unprotected attribute,
> aka the "Mixed Object Access" vulnerability.
> 
> 
> ED_PRI CAN-2000-0311 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0331
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html
> Reference: MS:MS00-027
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp
> Reference: BID:1135
> Reference: URL:http://www.securityfocus.com/bid/1135
> 
> Buffer overflow in Microsoft command processor (CMD.EXE) for Windows
> NT and Windows 2000 allows a local user to cause a denial of service
> via a long environment variable, aka the "Malformed Environment
> Variable" vulnerability.
> 
> 
> ED_PRI CAN-2000-0331 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0334
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: ALLAIRE:ASB00-10
> Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full
> 
> The Allaire Spectra container editor preview tool does not properly
> enforce object security, which allows an attacker to conduct
> unauthorized activities via an object-method that is added to the
> container object with a publishing rule.
> 
> 
> ED_PRI CAN-2000-0334 1
> 
> 
> VOTE: MODIFY

Reference: BID 1181

> =================================
> Candidate: CAN-2000-0336
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: REDHAT:RHSA-2000:012-05
> Reference: URL:http://www.redhat.com/support/errata/RHSA-2000012-05.html
> 
> OpenLDAP server in Red Hat Linux allows local users to modify
> arbitrary files via a symlink attack.
> 
> 
> ED_PRI CAN-2000-0336 1
> 
> 
> VOTE: MODIFY

Reference: BID 1232
> 
> =================================
> Candidate: CAN-2000-0317
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000424 Solaris 7 x86 lpset exploit.
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0192.html
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
> Reference: BUGTRAQ:20000427 Re: Solaris/SPARC 2.7 lpset exploit (well not likely !)
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95729763119559&w=2
> Reference: SUNBUG:4334568
> Reference: BID:1138
> Reference: URL:http://www.securityfocus.com/bid/1138
> 
> Buffer overflow in Solaris 7 lpset allows local users to gain root
> privileges via a long -r option.
> 
> 
> ED_PRI CAN-2000-0317 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0316
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
> Reference: BID:1143
> Reference: URL:http://www.securityfocus.com/bid/1143
> 
> Buffer overflow in Solaris 7 lp allows local users to gain root
> privileges via a long -d option.
> 
> 
> ED_PRI CAN-2000-0316 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0318
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html
> Reference: BID:1144
> Reference: URL:http://www.securityfocus.com/bid/1144
> 
> Atrium Mercur Mail Server 3.2 allows local attackers to read other
> user's email and create arbitrary files via a dot dot (..) attack.
> 
> 
> ED_PRI CAN-2000-0318 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0319
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU
> Reference: BID:1146
> Reference: URL:http://www.securityfocus.com/bid/1146
> 
> mail.local in Sendmail 8.10.x does not properly identify the .\n
> string which identifies the end of message text, which allows a remote
> attacker to cause a denial of service or corrupt mailboxes via a
> message line that is 2047 characters long and ends in .\n.
> 
> 
> ED_PRI CAN-2000-0319 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0320
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU
> Reference: BID:1133
> Reference: URL:http://www.securityfocus.com/bid/1133
> 
> Qpopper 2.53 and 3.0 does not properly identify the \n string which
> identifies the end of message text, which allows a remote attacker to
> cause a denial of service or corrupt mailboxes via a message line that
> is 1023 characters long and ends in \n.
> 
> 
> ED_PRI CAN-2000-0320 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0321
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000424 Buffer Overflow in version .14
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0190.html
> Reference: BID:1147
> Reference: URL:http://www.securityfocus.com/bid/1147
> 
> Buffer overflow in IC Radius package allows a remote attacker to cause
> a denial of service via a long user name.
> 
> 
> ED_PRI CAN-2000-0321 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0322
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000424 piranha default password/exploit
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com
> Reference: BID:1149
> Reference: URL:http://www.securityfocus.com/bid/1149
> 
> The passwd.php3 CGI script in the Red Hat Piranha Virtual Server
> Package allows local users to execure arbitrary commands via shell
> metacharacters.
> 
> 
> ED_PRI CAN-2000-0322 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0324
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere.
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com
> Reference: BID:1150
> Reference: URL:http://www.securityfocus.com/bid/1150
> 
> pcAnywhere 8.x and 9.x allows remote attackers to cause a denial of
> service via a TCP SYN scan, e.g. by nmap.
> 
> 
> ED_PRI CAN-2000-0324 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0326
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BID:1151
> Reference: URL:http://www.securityfocus.com/bid/1151
> Reference: CONFIRM:http://support.on.com/support/mmxp.nsf/31af51e08bcc93eb852565a90056138b/11af70407a16b165852568c50056a952?OpenDocument
> 
> Meeting Maker uses weak encryption (a polyalphabetic substitution
> cipher) for passwords, which allows remote attackers to sniff and
> decrypt passwords for Meeting Maker accounts.
> 
> 
> ED_PRI CAN-2000-0326 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0337
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
> Reference: BID:1140
> Reference: URL:http://www.securityfocus.com/bid/1140
> 
> Buffer overflow in Xsun X server in Solaris 7 allows local users to
> gain root privileges via a long -dev parameter.
> 
> 
> ED_PRI CAN-2000-0337 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0338
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BID:1136
> Reference: URL:http://www.securityfocus.com/bid/1136
> 
> Concurrent Versions Software (CVS) uses predictable temporary file
> names for locking, which allows local users to cause a denial of
> service by creating the lock directory before it is created for use by
> a legitimate CVS user.
> 
> 
> ED_PRI CAN-2000-0338 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0339
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000518
> Assigned: 20000511
> Category: SF
> Reference: BUGTRAQ:20000420 ZoneAlarm
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com
> Reference: BID:1137
> Reference: URL:http://www.securityfocus.com/bid/1137
> 
> ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source
> port of 67, which allows remote attackers to bypass the firewall
> rules.
> 
> 
> ED_PRI CAN-2000-0339 3
> 
> 
> VOTE: ACCEPT

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

Page Last Updated or Reviewed: May 22, 2007