|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [INTERIM] ACCEPT 34 recent candidates (Final 6/1)
I have made an Interim Decision to ACCEPT the following 34 candidates from various RECENT-XX clusters, most of which were originally proposed sometime in 1999. I will make a Final Decision on the evening of June 1, 2000. The candidates come from the following clusters: 11 RECENT-01 1 RECENT-02 1 RECENT-04 1 RECENT-07 2 RECENT-13 11 RECENT-14 4 RECENT-15 3 RECENT-16 Voters: Wall ACCEPT(3) NOOP(9) Levy ACCEPT(3) LeBlanc NOOP(9) Ozancin ACCEPT(2) Cole ACCEPT(24) MODIFY(4) NOOP(5) Stracener ACCEPT(17) MODIFY(2) NOOP(1) Dik MODIFY(1) Frech ACCEPT(3) MODIFY(27) Northcutt ACCEPT(7) Christey NOOP(10) Armstrong ACCEPT(13) NOOP(6) Prosser ACCEPT(9) NOOP(1) REVIEWING(1) Blake NOOP(2) RECAST(1) ================================= Candidate: CAN-1999-0819 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: NTBUGTRAQ:19991130 NTmail and VRFY Reference: BUGTRAQ:19991130 NTmail and VRFY Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94398141118586&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94407764018739&w=2 Reference: XF:nt-mail-vrfy NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. Modifications: ADDREF XF:nt-mail-vrfy INFERRED ACTION: CAN-1999-0819 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Prosser MODIFY(2) Cole, Frech NOOP(2) Armstrong, Christey Comments: Cole> The references are wrong. The BID is 856 and the full ID is Cole> 19991129 not 30. Cole> I would add that NTMail does not disable the VRFY command on ESMTP Cole> servers, even ... This can be used to gather information about users email Cole> addresses. Frech> XF:nt-mail-vrfy Christey> Mike Prosser's REVIEWING vote expires on May 8, 2000 ================================= Candidate: CAN-1999-0832 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-02 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991109 undocumented bugs - nfsd Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.20.9911091058140.12964-100000@mail.zigzag.pl Reference: DEBIAN:19991111 buffer overflow in nfs server Reference: URL:http://www.debian.org/security/1999/19991111 Reference: SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_29.txt Reference: CALDERA:CSSA-1999-033.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-033.0.txt Reference: REDHAT:RHSA-1999:053-01 Reference: URL:http://www.redhat.com/support/errata/rh42-errata-general.html#NFS Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available] Reference: XF:linux-nfs-maxpath-bo Reference: BID:782 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=782 Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. Modifications: ADDREF BUGTRAQ:19991109 undocumented bugs - nfsd ADDREF DEBIAN:19991111 buffer overflow in nfs server ADDREF SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita ADDREF CALDERA:CSSA-1999-033.0 ADDREF REDHAT:RHSA-1999:053-01 ADDREF BID:782 ADDREF XF:linux-nfs-maxpath-bo DESC Remove Slackware, say it's on Linux systems. INFERRED ACTION: CAN-1999-0832 ACCEPT (5 accept, 4 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Cole, Prosser MODIFY(2) Stracener, Frech NOOP(1) Christey Comments: Stracener> Suggest removing "Slackware 7.0" from the description Stracener> Add Ref: CSSA-1999-033.0 Stracener> Add Ref: DEBIAN: nfs-server: buffer overflow in nfs server 11/11/99 Stracener> Add Ref: SuSE Security Announcement "nfs-server < 2.2beta47 within Stracener> nkita" 11/12/99 Frech> XF:linux-nfs-maxpath-bo Christey> ADDREF DEBIAN:19991111 buffer overflow in nfs server Christey> ADDREF SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita Christey> ADDREF CALDERA:CSSA-1999-033.0 Christey> ADDREF RHSA-1999:053-01 Christey> ADDREF? BID:782 Christey> ADDREF? BUGTRAQ:19991109 undocumented bugs - nfsd Prosser> agree that description should be generic Linux vice Slackware Prosser> only since multiple versions affected ================================= Candidate: CAN-1999-0836 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000501-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991202 UnixWare 7 uidadmin exploit + discussion Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net Reference: SCO:SB-99.22a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a Reference: BID:842 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=842 Reference: XF:unixware-uid-admin UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack. Modifications: ADDREF BID:842 ADDREF XF:unixware-uid-admin ADDREF SCO:SB-99.22a INFERRED ACTION: CAN-1999-0836 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Armstrong, Prosser MODIFY(2) Cole, Frech NOOP(1) Christey Comments: Cole> The BID is 842. Frech> unixware-uid-admin Christey> ADDREF ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a ================================= Candidate: CAN-1999-0838 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability Reference: XF:servu-ftp-site-bo Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command. Modifications: ADDREF XF:servu-ftp-site-bo INFERRED ACTION: CAN-1999-0838 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Armstrong, Cole, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:servu-ftp-site-bo ================================= Candidate: CAN-1999-0842 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Reference: BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com Reference: BID:827 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=827 Reference: XF:symantec-mail-dir-traversal Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:symantec-mail-dir-traversal INFERRED ACTION: CAN-1999-0842 ACCEPT (5 accept, 0 ack, 0 review) Current Votes: ACCEPT(4) Armstrong, Cole, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:symantec-mail-dir-traversal ================================= Candidate: CAN-1999-0854 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: unknown Reference: BUGTRAQ:19991130 Ultimate Bulletin Board v5.3x? Bug Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Reference: CONFIRM:http://www.ultimatebb.com/home/versions.shtml Reference: XF:http-ultimate-bbs Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file. Modifications: ADDREF BUGTRAQ:20000225 FW: Important UBB News For Licensed Users ADDREF CONFIRM:http://www.ultimatebb.com/home/versions.shtml INFERRED ACTION: CAN-1999-0854 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Armstrong, Cole MODIFY(1) Frech NOOP(3) Stracener, Christey, Prosser Comments: Frech> XF:http-ultimate-bbs Christey> The following could be a confirmation by UBB: Christey> BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Christey> Also see the entry for Version 5.44 on February 18, 2000 Christey> at http://www.ultimatebb.com/home/versions.shtml ================================= Candidate: CAN-1999-0856 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991202 Slackware 7.0 - login bug Reference: XF:slackware-remote-login login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. Modifications: ADDREF XF:slackware-remote-login INFERRED ACTION: CAN-1999-0856 ACCEPT_REV (4 accept, 0 ack, 1 review) Current Votes: ACCEPT(3) Armstrong, Cole, Stracener MODIFY(1) Frech REVIEWING(1) Prosser Comments: Frech> XF:slackware-remote-login ================================= Candidate: CAN-1999-0859 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991130 Solaris 2.x chkperm/arp vulnerabilities Reference: SUNBUG:4296166 Reference: BID:837 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=837 Reference: XF:sol-arp-parse Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. Modifications: ADDREF SUNBUG:4296166 ADDREF XF:sol-arp-parse INFERRED ACTION: CAN-1999-0859 ACCEPT (6 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Stracener, Prosser MODIFY(3) Cole, Frech, Dik Comments: Cole> This attack makes it possible to read bin and owned files to which Cole> read access is not permitted to local users through exploiting subtle Cole> vulenrabilties in arp and chkperm. Frech> XF:sol-arp-parse Dik> include reference to Sun bug 4296166 ================================= Candidate: CAN-1999-0864 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-02 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991202 UnixWare coredumps follow symlinks Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BUGTRAQ:19991220 SCO OpenServer Security Status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 Reference: XF:sco-coredump-symlink Reference: BID:851 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=851 UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. Modifications: ADDREF BUGTRAQ:19991223 FYI, SCO Security patches available. ADDREF BUGTRAQ:19991220 SCO OpenServer Security Status ADDREF XF:sco-coredump-symlink INFERRED ACTION: CAN-1999-0864 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Armstrong, Cole, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:sco-coredump-symlink Prosser> FYI, the ptf 7016m that fixes this problem in UnixWare 7.0 is Prosser> still available. However, it appears (at least I haven't been able to view Prosser> them) 7096n for 7.0.1, 7413j for 7.1.0, and 7626a for 7.1.1 are no longer Prosser> available from the SCO Security Site. Don't know if they are fixing them Prosser> since they were pre-release or have included them in other SSEs or upgrades. ================================= Candidate: CAN-1999-0865 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991203 CommuniGatePro 3.1 for NT DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94426440413027&w=2 Reference: NTBUGTRAQ:19991203 CommuniGatePro 3.1 for NT Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94454565726775&w=2 Reference: BID:860 Reference: XF:communigate-pro-bo Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. Modifications: ADDREF BID:860 ADDREF XF:communigate-pro-bo INFERRED ACTION: CAN-1999-0865 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(4) Armstrong, Cole, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:communigate-pro-bo Prosser> add BID 860, http://www.securityfocus.com/bid/860 ================================= Candidate: CAN-1999-0866 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000501-02 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991203 UnixWare gain root with non-su/gid binaries Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BUGTRAQ:19991220 SCO OpenServer Security Status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 Reference: SCO:SB-99.24a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a Reference: XF:sco-xauto-bo Reference: BID:848 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=848 Buffer overflow in UnixWare xauto program allows local users to gain root privilege. Modifications: ADDREF BUGTRAQ:19991223 FYI, SCO Security patches available. ADDREF BUGTRAQ:19991220 SCO OpenServer Security Status ADDREF XF:sco-xauto-bo ADDREF SCO:SB-99.24a INFERRED ACTION: CAN-1999-0866 ACCEPT (5 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Armstrong, Stracener, Prosser MODIFY(2) Cole, Frech NOOP(1) Christey Comments: Cole> I would take out the word local. Frech> XF:sco-xauto-bo Christey> ADDREF ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a ================================= Candidate: CAN-1999-0976 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991214 Assigned: 19991214 Category: SF Reference: OPENBSD:19991204 Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released Reference: XF:sendmail-bi-alias Reference: BID:857 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=857 Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail. Modifications: ADDREF OPENBSD:19991204 ADDREF XF:sendmail-bi-alias INFERRED ACTION: CAN-1999-0976 RECAST (1 recast, 3 accept, 0 review) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(1) Christey RECAST(1) Blake Comments: Blake> *This issue is insufficiently defined. I can't see why it should be Blake> restricted to Debian, in fact, I just ran newaliases on FreeBSD-3.2 as a Blake> regular user and is ran. Perhaps the entry can be broadened to include Blake> incorrect permissions on the newaliases binary... Frech> XF:sendmail-bi-alias Christey> ADDREF OPENBSD:19991204 Christey> http://www.openbsd.org/errata.html#sendmail ================================= Candidate: CAN-2000-0004 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-02 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2 Reference: XF:zbserver-url-dot ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL. Modifications: ADDREF XF:zbserver-url-dot INFERRED ACTION: CAN-2000-0004 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(1) Armstrong MODIFY(2) Stracener, Frech NOOP(1) Christey Comments: Stracener> The references don't discuss the (dot) attack mentioned in the Stracener> description. Suggest changing the description or citing the relevant Stracener> sources. Christey> An email followup mentioned another possible bug. Christey> See http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2 Christey> Frech> XF:zbserver-url-dot ================================= Candidate: CAN-2000-0113 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000419-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94934808714972&w=2 Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952641025328&w=2 Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973281714994&w=2 Reference: CONFIRM:http://www.sybergen.com/support/fix.htm Reference: BID:952 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=952 The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics. INFERRED ACTION: CAN-2000-0113 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Cole, Levy NOOP(2) Christey, Wall Comments: Christey> Sygate confirms this in 01/2000 - Build 563 (Beta) with Christey> the comment: "fix to block external telnet to port 7323 Christey> without enhanced security." ================================= Candidate: CAN-2000-0169 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html Reference: BID:1053 Reference: URL:http://www.securityfocus.com/bid/1053 Reference: XF:oracle-weblistener-remote-attack Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. Modifications: ADDREF XF:oracle-weblistener-remote-attack INFERRED ACTION: CAN-2000-0169 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Ozancin, Cole MODIFY(1) Frech NOOP(3) Wall, Blake, LeBlanc Comments: Frech> XF:oracle-weblistener-remote-attack ================================= Candidate: CAN-2000-0171 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000311 TESO advisory -- atsadc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html Reference: XF:atsar-root-access Reference: BID:1048 Reference: URL:http://www.securityfocus.com/bid/1048 atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges. Modifications: ADDREF XF:atsar-root-access INFERRED ACTION: CAN-2000-0171 ACCEPT (3 accept, 0 ack, 0 review) Current Votes: ACCEPT(2) Ozancin, Cole MODIFY(1) Frech NOOP(3) Wall, Blake, LeBlanc Comments: Frech> XF:atsar-root-access ================================= Candidate: CAN-2000-0226 Published: Final-Decision: Interim-Decision: 20000530 Modified: Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-018.asp Reference: BID:1066 Reference: URL:http://www.securityfocus.com/bid/1066 Reference: XF:iis-chunked-encoding-dos IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." INFERRED ACTION: CAN-2000-0226 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole ================================= Candidate: CAN-2000-0228 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-016.asp Reference: BID:1058 Reference: URL:http://www.securityfocus.com/bid/1058 Reference: XF:mwmt-malformed-media-license Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. Modifications: ADDREF XF:mwmt-malformed-media-license INFERRED ACTION: CAN-2000-0228 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech Comments: Frech> XF:mwmt-malformed-media-license ================================= Candidate: CAN-2000-0229 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000424-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000322 gpm-root Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000322182143.4498.qmail@securityfocus.com Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html Reference: SUSE:20000405 Security hole in gpm < 1.18.1 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_45.txt Reference: REDHAT:RHSA-2000:009-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000009-02.html Reference: BID:1069 Reference: URL:http://www.securityfocus.com/bid/1069 Reference: XF:linux-gpm-root gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. Modifications: ADDREF SUSE:20000405 Security hole in gpm < 1.18.1 ADDREF REDHAT:RHSA-2000:009-02 INFERRED ACTION: CAN-2000-0229 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(2) Frech, Levy NOOP(2) Cole, Wall ================================= Candidate: CAN-2000-0230 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-02 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html Reference: REDHAT:RHSA-2000:016-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000016-02.html Reference: XF:linux-imwheel-bo Reference: BID:1060 Reference: URL:http://www.securityfocus.com/bid/1060 Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. Modifications: ADDREF REDHAT:RHSA-2000:016-02 ADDREF XF:linux-imwheel-bo INFERRED ACTION: CAN-2000-0230 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(2) Cole, Wall Comments: Frech> XF:linux-imwheel-bo ================================= Candidate: CAN-2000-0231 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000421-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at: Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_46.txt Reference: XF:linux-kreatecd-path Reference: BID:1061 Reference: URL:http://www.securityfocus.com/bid/1061 Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges. Modifications: ADDREF SUSE:20000405 Security hole in kreatecd < 0.3.8b INFERRED ACTION: CAN-2000-0231 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Frech, Cole ================================= Candidate: CAN-2000-0232 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-021.asp Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html Reference: BID:1082 Reference: URL:http://www.securityfocus.com/bid/1082 Reference: XF:win-tcpip-printing-dos Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. Modifications: ADDREF XF:win-tcpip-printing-dos INFERRED ACTION: CAN-2000-0232 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech Comments: Frech> XF:win-tcpip-printing-dos ================================= Candidate: CAN-2000-0233 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html Reference: XF:linux-imap-remote-unauthorized-access SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges. Modifications: ADDREF XF:linux-imap-remote-unauthorized-access INFERRED ACTION: CAN-2000-0233 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Northcutt, Armstrong MODIFY(1) Frech NOOP(2) Cole, LeBlanc Comments: Frech> XF:linux-imap-remote-unauthorized-access ================================= Candidate: CAN-2000-0234 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: CF Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150 Reference: BID:1083 Reference: URL:http://www.securityfocus.com/bid/1083 Reference: XF:cobalt-raq-remote-access The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file. Modifications: ADDREF XF:cobalt-raq-remote-access INFERRED ACTION: CAN-2000-0234 ACCEPT (3 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Stracener, Northcutt MODIFY(1) Frech NOOP(3) Cole, LeBlanc, Armstrong Comments: Frech> XF:cobalt-raq-remote-access ================================= Candidate: CAN-2000-0235 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: FREEBSD:FreeBSD-SA-00:10 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc Reference: BID:1070 Reference: URL:http://www.securityfocus.com/bid/1070 Reference: XF:freebsd-orvillewrite-bo Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. Modifications: ADDREF XF:freebsd-orvillewrite-bo INFERRED ACTION: CAN-2000-0235 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Stracener, Northcutt, Armstrong MODIFY(1) Frech NOOP(2) Cole, LeBlanc Comments: Frech> XF:freebsd-orvillewrite-bo ================================= Candidate: CAN-2000-0245 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000328 Objectserver vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil Reference: SGI:20000303-01-PX Reference: URL:ftp://sgigate.sgi.com/security/20000303-01-PX Reference: XF:irix-objectserver-create-accounts Reference: BID:1079 Reference: URL:http://www.securityfocus.com/bid/1079 Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. Modifications: ADDREF XF:irix-objectserver-create-accounts INFERRED ACTION: CAN-2000-0245 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech Comments: Frech> XF:irix-objectserver-create-accounts ================================= Candidate: CAN-2000-0246 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-019.asp Reference: MSKB:Q249599 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=249599 Reference: BID:1081 Reference: URL:http://www.securityfocus.com/bid/1081 Reference: XF:iis-virtual-unc-share IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. Modifications: ADDREF XF:iis-virtual-unc-share DESC include "Virtualized UNC Share" phrase. INFERRED ACTION: CAN-2000-0246 ACCEPT_ACK (2 accept, 2 ack, 0 review) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:iis-virtual-unc-share Christey> Modify desc to include "Virtualized UNC Share" phrase. ================================= Candidate: CAN-2000-0258 Published: Final-Decision: Interim-Decision: 20000530 Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: MS:MS00-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-023.asp Reference: BID:1101 Reference: URL:http://www.securityfocus.com/bid/1101 IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. INFERRED ACTION: CAN-2000-0258 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0260 Published: Final-Decision: Interim-Decision: 20000530 Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: MS:MS00-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-025.asp Reference: BID:1109 Reference: URL:http://www.securityfocus.com/bid/1109 Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. INFERRED ACTION: CAN-2000-0260 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0267 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml Reference: XF:cisco-catalyst-password-bypass Reference: BID:1122 Reference: URL:http://www.securityfocus.com/bid/1122 Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. Modifications: ADDREF XF:cisco-catalyst-password-bypass INFERRED ACTION: CAN-2000-0267 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Northcutt MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Armstrong Comments: Frech> XF:cisco-catalyst-password-bypass ================================= Candidate: CAN-2000-0268 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml Reference: BID:1123 Reference: URL:http://www.securityfocus.com/bid/1123 Reference: XF:cisco-ios-option-handling Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. Modifications: ADDREF XF:cisco-ios-option-handling INFERRED ACTION: CAN-2000-0268 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Northcutt MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Armstrong Comments: Frech> ADDREF XF:cisco-ios-option-handling ================================= Candidate: CAN-2000-0274 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html Reference: XF:linux-trustees-patch-dos Reference: BID:1096 Reference: URL:http://www.securityfocus.com/bid/1096 The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name. Modifications: ADDREF XF:linux-trustees-patch-dos INFERRED ACTION: CAN-2000-0274 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Northcutt MODIFY(1) Frech NOOP(4) Wall, Christey, LeBlanc, Armstrong Comments: Christey> This problem is confirmed in the News section for Mar 31,2000, Christey> which mentions "a fix for the 'extra long directory name' problem." Frech> XF:linux-trustees-patch-dos ================================= Candidate: CAN-2000-0277 Published: Final-Decision: Interim-Decision: 20000530 Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: MS:MS00-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-022.asp Reference: BID:1087 Reference: URL:http://www.securityfocus.com/bid/1087 Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. INFERRED ACTION: CAN-2000-0277 ACCEPT_ACK (2 accept, 1 ack, 0 review) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0294 Published: Final-Decision: Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: FREEBSD:FreeBSD-SA-00:12 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162 Reference: BID:1107 Reference: URL:http://www.securityfocus.com/bid/1107 Reference: XF:freebsd-healthd Buffer overflow in healthd for FreeBSD allows local users to gain root privileges. Modifications: ADDREF XF:freebsd-healthd INFERRED ACTION: CAN-2000-0294 ACCEPT (4 accept, 1 ack, 0 review) Current Votes: ACCEPT(3) Cole, Stracener, Northcutt MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Armstrong Comments: Frech> XF:freebsd-healthd
|
||||
