|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 34 recent candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0819 CVE-1999-0819 CAN-1999-0832 CVE-1999-0832 CAN-1999-0836 CVE-1999-0836 CAN-1999-0838 CVE-1999-0838 CAN-1999-0842 CVE-1999-0842 CAN-1999-0854 CVE-1999-0854 CAN-1999-0856 CVE-1999-0856 CAN-1999-0859 CVE-1999-0859 CAN-1999-0864 CVE-1999-0864 CAN-1999-0865 CVE-1999-0865 CAN-1999-0866 CVE-1999-0866 CAN-1999-0976 CVE-1999-0976 CAN-2000-0004 CVE-2000-0004 CAN-2000-0113 CVE-2000-0113 CAN-2000-0169 CVE-2000-0169 CAN-2000-0171 CVE-2000-0171 CAN-2000-0226 CVE-2000-0226 CAN-2000-0228 CVE-2000-0228 CAN-2000-0229 CVE-2000-0229 CAN-2000-0230 CVE-2000-0230 CAN-2000-0231 CVE-2000-0231 CAN-2000-0232 CVE-2000-0232 CAN-2000-0233 CVE-2000-0233 CAN-2000-0234 CVE-2000-0234 CAN-2000-0235 CVE-2000-0235 CAN-2000-0245 CVE-2000-0245 CAN-2000-0246 CVE-2000-0246 CAN-2000-0258 CVE-2000-0258 CAN-2000-0260 CVE-2000-0260 CAN-2000-0267 CVE-2000-0267 CAN-2000-0268 CVE-2000-0268 CAN-2000-0274 CVE-2000-0274 CAN-2000-0277 CVE-2000-0277 CAN-2000-0294 CVE-2000-0294 ================================= Candidate: CAN-1999-0819 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: NTBUGTRAQ:19991130 NTmail and VRFY Reference: BUGTRAQ:19991130 NTmail and VRFY Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94398141118586&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94407764018739&w=2 Reference: XF:nt-mail-vrfy NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it. Modifications: ADDREF XF:nt-mail-vrfy INFERRED ACTION: CAN-1999-0819 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Stracener, Prosser MODIFY(2) Cole, Frech NOOP(2) Armstrong, Christey Comments: Cole> The references are wrong. The BID is 856 and the full ID is Cole> 19991129 not 30. Cole> I would add that NTMail does not disable the VRFY command on ESMTP Cole> servers, even ... This can be used to gather information about users email Cole> addresses. Frech> XF:nt-mail-vrfy Christey> Mike Prosser's REVIEWING vote expires on May 8, 2000 ================================= Candidate: CAN-1999-0832 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-02 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991109 undocumented bugs - nfsd Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.20.9911091058140.12964-100000@mail.zigzag.pl Reference: DEBIAN:19991111 buffer overflow in nfs server Reference: URL:http://www.debian.org/security/1999/19991111 Reference: SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_29.txt Reference: CALDERA:CSSA-1999-033.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-033.0.txt Reference: REDHAT:RHSA-1999:053-01 Reference: URL:http://www.redhat.com/support/errata/rh42-errata-general.html#NFS Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available] Reference: XF:linux-nfs-maxpath-bo Reference: BID:782 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=782 Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname. Modifications: ADDREF BUGTRAQ:19991109 undocumented bugs - nfsd ADDREF DEBIAN:19991111 buffer overflow in nfs server ADDREF SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita ADDREF CALDERA:CSSA-1999-033.0 ADDREF REDHAT:RHSA-1999:053-01 ADDREF BID:782 ADDREF XF:linux-nfs-maxpath-bo DESC Remove Slackware, say it's on Linux systems. INFERRED ACTION: CAN-1999-0832 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Armstrong, Cole, Prosser MODIFY(2) Stracener, Frech NOOP(1) Christey Comments: Stracener> Suggest removing "Slackware 7.0" from the description Stracener> Add Ref: CSSA-1999-033.0 Stracener> Add Ref: DEBIAN: nfs-server: buffer overflow in nfs server 11/11/99 Stracener> Add Ref: SuSE Security Announcement "nfs-server < 2.2beta47 within Stracener> nkita" 11/12/99 Frech> XF:linux-nfs-maxpath-bo Christey> ADDREF DEBIAN:19991111 buffer overflow in nfs server Christey> ADDREF SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita Christey> ADDREF CALDERA:CSSA-1999-033.0 Christey> ADDREF RHSA-1999:053-01 Christey> ADDREF? BID:782 Christey> ADDREF? BUGTRAQ:19991109 undocumented bugs - nfsd Prosser> agree that description should be generic Linux vice Slackware Prosser> only since multiple versions affected ================================= Candidate: CAN-1999-0836 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000501-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991202 UnixWare 7 uidadmin exploit + discussion Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net Reference: SCO:SB-99.22a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a Reference: BID:842 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=842 Reference: XF:unixware-uid-admin UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack. Modifications: ADDREF BID:842 ADDREF XF:unixware-uid-admin ADDREF SCO:SB-99.22a INFERRED ACTION: CAN-1999-0836 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Stracener, Armstrong, Prosser MODIFY(2) Cole, Frech NOOP(1) Christey Comments: Cole> The BID is 842. Frech> unixware-uid-admin Christey> ADDREF ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a ================================= Candidate: CAN-1999-0838 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability Reference: XF:servu-ftp-site-bo Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command. Modifications: ADDREF XF:servu-ftp-site-bo INFERRED ACTION: CAN-1999-0838 FINAL (Final Decision 20000602) Current Votes: ACCEPT(4) Armstrong, Cole, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:servu-ftp-site-bo ================================= Candidate: CAN-1999-0842 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Reference: BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com Reference: BID:827 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=827 Reference: XF:symantec-mail-dir-traversal Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:symantec-mail-dir-traversal INFERRED ACTION: CAN-1999-0842 FINAL (Final Decision 20000602) Current Votes: ACCEPT(4) Armstrong, Cole, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:symantec-mail-dir-traversal ================================= Candidate: CAN-1999-0854 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: unknown Reference: BUGTRAQ:19991130 Ultimate Bulletin Board v5.3x? Bug Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Reference: CONFIRM:http://www.ultimatebb.com/home/versions.shtml Reference: XF:http-ultimate-bbs Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file. Modifications: ADDREF BUGTRAQ:20000225 FW: Important UBB News For Licensed Users ADDREF CONFIRM:http://www.ultimatebb.com/home/versions.shtml INFERRED ACTION: CAN-1999-0854 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Armstrong, Cole MODIFY(1) Frech NOOP(3) Stracener, Christey, Prosser Comments: Frech> XF:http-ultimate-bbs Christey> The following could be a confirmation by UBB: Christey> BUGTRAQ:20000225 FW: Important UBB News For Licensed Users Christey> Also see the entry for Version 5.44 on February 18, 2000 Christey> at http://www.ultimatebb.com/home/versions.shtml ================================= Candidate: CAN-1999-0856 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991202 Slackware 7.0 - login bug Reference: XF:slackware-remote-login login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. Modifications: ADDREF XF:slackware-remote-login INFERRED ACTION: CAN-1999-0856 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Armstrong, Cole, Stracener MODIFY(1) Frech REVIEWING(1) Prosser Comments: Frech> XF:slackware-remote-login ================================= Candidate: CAN-1999-0859 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991130 Solaris 2.x chkperm/arp vulnerabilities Reference: SUNBUG:4296166 Reference: BID:837 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=837 Reference: XF:sol-arp-parse Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. Modifications: ADDREF SUNBUG:4296166 ADDREF XF:sol-arp-parse INFERRED ACTION: CAN-1999-0859 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Armstrong, Stracener, Prosser MODIFY(3) Cole, Frech, Dik Comments: Cole> This attack makes it possible to read bin and owned files to which Cole> read access is not permitted to local users through exploiting subtle Cole> vulenrabilties in arp and chkperm. Frech> XF:sol-arp-parse Dik> include reference to Sun bug 4296166 ================================= Candidate: CAN-1999-0864 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-02 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991202 UnixWare coredumps follow symlinks Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BUGTRAQ:19991220 SCO OpenServer Security Status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 Reference: XF:sco-coredump-symlink Reference: BID:851 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=851 UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. Modifications: ADDREF BUGTRAQ:19991223 FYI, SCO Security patches available. ADDREF BUGTRAQ:19991220 SCO OpenServer Security Status ADDREF XF:sco-coredump-symlink INFERRED ACTION: CAN-1999-0864 FINAL (Final Decision 20000602) Current Votes: ACCEPT(4) Armstrong, Cole, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:sco-coredump-symlink Prosser> FYI, the ptf 7016m that fixes this problem in UnixWare 7.0 is Prosser> still available. However, it appears (at least I haven't been able to view Prosser> them) 7096n for 7.0.1, 7413j for 7.1.0, and 7626a for 7.1.1 are no longer Prosser> available from the SCO Security Site. Don't know if they are fixing them Prosser> since they were pre-release or have included them in other SSEs or upgrades. ================================= Candidate: CAN-1999-0865 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991203 CommuniGatePro 3.1 for NT DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94426440413027&w=2 Reference: NTBUGTRAQ:19991203 CommuniGatePro 3.1 for NT Buffer Overflow Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=94454565726775&w=2 Reference: BID:860 Reference: XF:communigate-pro-bo Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. Modifications: ADDREF BID:860 ADDREF XF:communigate-pro-bo INFERRED ACTION: CAN-1999-0865 FINAL (Final Decision 20000602) Current Votes: ACCEPT(4) Armstrong, Cole, Stracener, Prosser MODIFY(1) Frech Comments: Frech> XF:communigate-pro-bo Prosser> add BID 860, http://www.securityfocus.com/bid/860 ================================= Candidate: CAN-1999-0866 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000501-02 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991203 UnixWare gain root with non-su/gid binaries Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94530783815434&w=2 Reference: BUGTRAQ:19991223 FYI, SCO Security patches available. Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606167110764&w=2 Reference: BUGTRAQ:19991220 SCO OpenServer Security Status Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94581379905584&w=2 Reference: SCO:SB-99.24a Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a Reference: XF:sco-xauto-bo Reference: BID:848 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=848 Buffer overflow in UnixWare xauto program allows local users to gain root privilege. Modifications: ADDREF BUGTRAQ:19991223 FYI, SCO Security patches available. ADDREF BUGTRAQ:19991220 SCO OpenServer Security Status ADDREF XF:sco-xauto-bo ADDREF SCO:SB-99.24a INFERRED ACTION: CAN-1999-0866 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Armstrong, Stracener, Prosser MODIFY(2) Cole, Frech NOOP(1) Christey Comments: Cole> I would take out the word local. Frech> XF:sco-xauto-bo Christey> ADDREF ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a ================================= Candidate: CAN-1999-0976 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 19991214 Assigned: 19991214 Category: SF Reference: OPENBSD:19991204 Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released Reference: XF:sendmail-bi-alias Reference: BID:857 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=857 Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail. Modifications: ADDREF OPENBSD:19991204 ADDREF XF:sendmail-bi-alias INFERRED ACTION: CAN-1999-0976 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Cole, Stracener MODIFY(1) Frech NOOP(1) Christey RECAST(1) Blake Comments: Blake> *This issue is insufficiently defined. I can't see why it should be Blake> restricted to Debian, in fact, I just ran newaliases on FreeBSD-3.2 as a Blake> regular user and is ran. Perhaps the entry can be broadened to include Blake> incorrect permissions on the newaliases binary... Frech> XF:sendmail-bi-alias Christey> ADDREF OPENBSD:19991204 Christey> http://www.openbsd.org/errata.html#sendmail ================================= Candidate: CAN-2000-0004 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-02 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2 Reference: XF:zbserver-url-dot ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL. Modifications: ADDREF XF:zbserver-url-dot INFERRED ACTION: CAN-2000-0004 FINAL (Final Decision 20000602) Current Votes: ACCEPT(1) Armstrong MODIFY(2) Stracener, Frech NOOP(1) Christey Comments: Stracener> The references don't discuss the (dot) attack mentioned in the Stracener> description. Suggest changing the description or citing the relevant Stracener> sources. Christey> An email followup mentioned another possible bug. Christey> See http://marc.theaimsgroup.com/?l=bugtraq&m=94606572912422&w=2 Christey> Frech> XF:zbserver-url-dot ================================= Candidate: CAN-2000-0113 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000419-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94934808714972&w=2 Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952641025328&w=2 Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973281714994&w=2 Reference: CONFIRM:http://www.sybergen.com/support/fix.htm Reference: BID:952 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=952 The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics. INFERRED ACTION: CAN-2000-0113 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Cole, Levy NOOP(2) Christey, Wall Comments: Christey> Sygate confirms this in 01/2000 - Build 563 (Beta) with Christey> the comment: "fix to block external telnet to port 7323 Christey> without enhanced security." ================================= Candidate: CAN-2000-0169 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html Reference: BID:1053 Reference: URL:http://www.securityfocus.com/bid/1053 Reference: XF:oracle-weblistener-remote-attack Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'. Modifications: ADDREF XF:oracle-weblistener-remote-attack INFERRED ACTION: CAN-2000-0169 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Ozancin, Cole MODIFY(1) Frech NOOP(3) Wall, Blake, LeBlanc Comments: Frech> XF:oracle-weblistener-remote-attack ================================= Candidate: CAN-2000-0171 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000311 TESO advisory -- atsadc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html Reference: XF:atsar-root-access Reference: BID:1048 Reference: URL:http://www.securityfocus.com/bid/1048 atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges. Modifications: ADDREF XF:atsar-root-access INFERRED ACTION: CAN-2000-0171 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Ozancin, Cole MODIFY(1) Frech NOOP(3) Wall, Blake, LeBlanc Comments: Frech> XF:atsar-root-access ================================= Candidate: CAN-2000-0226 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-018 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-018.asp Reference: BID:1066 Reference: URL:http://www.securityfocus.com/bid/1066 Reference: XF:iis-chunked-encoding-dos IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." INFERRED ACTION: CAN-2000-0226 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Frech, Cole, Wall ================================= Candidate: CAN-2000-0228 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-016 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-016.asp Reference: BID:1058 Reference: URL:http://www.securityfocus.com/bid/1058 Reference: XF:mwmt-malformed-media-license Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. Modifications: ADDREF XF:mwmt-malformed-media-license INFERRED ACTION: CAN-2000-0228 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Cole, Wall MODIFY(1) Frech Comments: Frech> XF:mwmt-malformed-media-license ================================= Candidate: CAN-2000-0229 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000424-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000322 gpm-root Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000322182143.4498.qmail@securityfocus.com Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html Reference: SUSE:20000405 Security hole in gpm < 1.18.1 Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_45.txt Reference: REDHAT:RHSA-2000:009-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000009-02.html Reference: BID:1069 Reference: URL:http://www.securityfocus.com/bid/1069 Reference: XF:linux-gpm-root gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. Modifications: ADDREF SUSE:20000405 Security hole in gpm < 1.18.1 ADDREF REDHAT:RHSA-2000:009-02 INFERRED ACTION: CAN-2000-0229 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Frech, Levy NOOP(2) Cole, Wall ================================= Candidate: CAN-2000-0230 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-02 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html Reference: REDHAT:RHSA-2000:016-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000016-02.html Reference: XF:linux-imwheel-bo Reference: BID:1060 Reference: URL:http://www.securityfocus.com/bid/1060 Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. Modifications: ADDREF REDHAT:RHSA-2000:016-02 ADDREF XF:linux-imwheel-bo INFERRED ACTION: CAN-2000-0230 FINAL (Final Decision 20000602) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(2) Cole, Wall Comments: Frech> XF:linux-imwheel-bo ================================= Candidate: CAN-2000-0231 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000421-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at: Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_46.txt Reference: XF:linux-kreatecd-path Reference: BID:1061 Reference: URL:http://www.securityfocus.com/bid/1061 Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges. Modifications: ADDREF SUSE:20000405 Security hole in kreatecd < 0.3.8b INFERRED ACTION: CAN-2000-0231 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Frech, Cole ================================= Candidate: CAN-2000-0232 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-021 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-021.asp Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html Reference: BID:1082 Reference: URL:http://www.securityfocus.com/bid/1082 Reference: XF:win-tcpip-printing-dos Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. Modifications: ADDREF XF:win-tcpip-printing-dos INFERRED ACTION: CAN-2000-0232 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Cole, Wall MODIFY(1) Frech Comments: Frech> XF:win-tcpip-printing-dos ================================= Candidate: CAN-2000-0233 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html Reference: XF:linux-imap-remote-unauthorized-access SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges. Modifications: ADDREF XF:linux-imap-remote-unauthorized-access INFERRED ACTION: CAN-2000-0233 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Stracener, Northcutt, Armstrong MODIFY(1) Frech NOOP(2) Cole, LeBlanc Comments: Frech> XF:linux-imap-remote-unauthorized-access ================================= Candidate: CAN-2000-0234 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: CF Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150 Reference: BID:1083 Reference: URL:http://www.securityfocus.com/bid/1083 Reference: XF:cobalt-raq-remote-access The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file. Modifications: ADDREF XF:cobalt-raq-remote-access INFERRED ACTION: CAN-2000-0234 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Stracener, Northcutt MODIFY(1) Frech NOOP(3) Cole, LeBlanc, Armstrong Comments: Frech> XF:cobalt-raq-remote-access ================================= Candidate: CAN-2000-0235 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: FREEBSD:FreeBSD-SA-00:10 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc Reference: BID:1070 Reference: URL:http://www.securityfocus.com/bid/1070 Reference: XF:freebsd-orvillewrite-bo Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. Modifications: ADDREF XF:freebsd-orvillewrite-bo INFERRED ACTION: CAN-2000-0235 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Stracener, Northcutt, Armstrong MODIFY(1) Frech NOOP(2) Cole, LeBlanc Comments: Frech> XF:freebsd-orvillewrite-bo ================================= Candidate: CAN-2000-0245 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000328 Objectserver vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil Reference: SGI:20000303-01-PX Reference: URL:ftp://sgigate.sgi.com/security/20000303-01-PX Reference: XF:irix-objectserver-create-accounts Reference: BID:1079 Reference: URL:http://www.securityfocus.com/bid/1079 Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. Modifications: ADDREF XF:irix-objectserver-create-accounts INFERRED ACTION: CAN-2000-0245 FINAL (Final Decision 20000602) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech Comments: Frech> XF:irix-objectserver-create-accounts ================================= Candidate: CAN-2000-0246 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: MS:MS00-019 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-019.asp Reference: MSKB:Q249599 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=249599 Reference: BID:1081 Reference: URL:http://www.securityfocus.com/bid/1081 Reference: XF:iis-virtual-unc-share IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability. Modifications: ADDREF XF:iis-virtual-unc-share DESC include "Virtualized UNC Share" phrase. INFERRED ACTION: CAN-2000-0246 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Cole, Wall MODIFY(1) Frech NOOP(1) Christey Comments: Frech> XF:iis-virtual-unc-share Christey> Modify desc to include "Virtualized UNC Share" phrase. ================================= Candidate: CAN-2000-0258 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: MS:MS00-023 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-023.asp Reference: BID:1101 Reference: URL:http://www.securityfocus.com/bid/1101 IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. INFERRED ACTION: CAN-2000-0258 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0260 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: MS:MS00-025 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-025.asp Reference: BID:1109 Reference: URL:http://www.securityfocus.com/bid/1109 Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. INFERRED ACTION: CAN-2000-0260 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0267 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml Reference: XF:cisco-catalyst-password-bypass Reference: BID:1122 Reference: URL:http://www.securityfocus.com/bid/1122 Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. Modifications: ADDREF XF:cisco-catalyst-password-bypass INFERRED ACTION: CAN-2000-0267 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Cole, Stracener, Northcutt MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Armstrong Comments: Frech> XF:cisco-catalyst-password-bypass ================================= Candidate: CAN-2000-0268 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml Reference: BID:1123 Reference: URL:http://www.securityfocus.com/bid/1123 Reference: XF:cisco-ios-option-handling Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot. Modifications: ADDREF XF:cisco-ios-option-handling INFERRED ACTION: CAN-2000-0268 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Cole, Stracener, Northcutt MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Armstrong Comments: Frech> ADDREF XF:cisco-ios-option-handling ================================= Candidate: CAN-2000-0274 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html Reference: XF:linux-trustees-patch-dos Reference: BID:1096 Reference: URL:http://www.securityfocus.com/bid/1096 The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name. Modifications: ADDREF XF:linux-trustees-patch-dos INFERRED ACTION: CAN-2000-0274 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Cole, Stracener, Northcutt MODIFY(1) Frech NOOP(4) Wall, Christey, LeBlanc, Armstrong Comments: Christey> This problem is confirmed in the News section for Mar 31,2000, Christey> which mentions "a fix for the 'extra long directory name' problem." Frech> XF:linux-trustees-patch-dos ================================= Candidate: CAN-2000-0277 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: Proposed: 20000426 Assigned: 20000426 Category: SF Reference: MS:MS00-022 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-022.asp Reference: BID:1087 Reference: URL:http://www.securityfocus.com/bid/1087 Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability. INFERRED ACTION: CAN-2000-0277 FINAL (Final Decision 20000602) Current Votes: ACCEPT(2) Wall, Cole ================================= Candidate: CAN-2000-0294 Published: Final-Decision: 20000602 Interim-Decision: 20000530 Modified: 20000526-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: FREEBSD:FreeBSD-SA-00:12 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162 Reference: BID:1107 Reference: URL:http://www.securityfocus.com/bid/1107 Reference: XF:freebsd-healthd Buffer overflow in healthd for FreeBSD allows local users to gain root privileges. Modifications: ADDREF XF:freebsd-healthd INFERRED ACTION: CAN-2000-0294 FINAL (Final Decision 20000602) Current Votes: ACCEPT(3) Cole, Stracener, Northcutt MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Armstrong Comments: Frech> XF:freebsd-healthd
|
||||
