[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-19 - 33 candidates



The next 3 RECENT-XX clusters identify a total of 92 candidates - it's
been very busy these last few months.

The following cluster contains 33 candidates that were announced
between 4/24/2000 and 5/10/2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0249
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000425
Category: SF
Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program
Reference: URL:http://xforce.iss.net/alerts/advise47.php3

The AIX Fast Response Cache Accelerator (FRCA) allows local users to
modify arbitrary files via the configuration capability in the
frcactrl program.


ED_PRI CAN-2000-0249 1


VOTE:

=================================
Candidate: CAN-2000-0380
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
Reference: XF:cisco-ios-http-dos

The IOS HTTP service in Cisco routers and switches running IOS 11.1
through 12.1 allows remote attackers to cause a denial of service by
requesting a URL that contains a %% string.


ED_PRI CAN-2000-0380 1


VOTE:

=================================
Candidate: CAN-2000-0382
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: ALLAIRE:ASB00-12
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full
Reference: BID:1179
Reference: URL:http://www.securityfocus.com/bid/1179
Reference: XF:allaire-clustercats-url-redirect

ColdFusion ClusterCATS appends stale query string arguments to a URL
during HTML redirection, which may provide sensitive information to
the redirected site.


ED_PRI CAN-2000-0382 1


VOTE:

=================================
Candidate: CAN-2000-0387
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:16
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc
Reference: BID:1184
Reference: URL:http://www.securityfocus.com/bid/1184

The makelev program in the golddig game from the FreeBSD ports
collection allows local users to overwrite arbitrary files.


ED_PRI CAN-2000-0387 1


VOTE:

=================================
Candidate: CAN-2000-0388
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:17
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc
Reference: BID:1185
Reference: URL:http://www.securityfocus.com/bid/1185
Reference: XF:libmytinfo-bo

Buffer overflow in FreeBSD libmytinfo library allows local users to
execute commands via a long TERMCAP environmental variable.


ED_PRI CAN-2000-0388 1


VOTE:

=================================
Candidate: CAN-2000-0414
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: HP:HPSBUX0005-113
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html
Reference: XF:hp-shutdown-privileges
Reference: BID:1214
Reference: URL:http://www.securityfocus.com/bid/1214

Vulnerability in shutdown command in HP-UX 11.X and 10.X allows allows
local users to gain privileges via malformed input variables.


ED_PRI CAN-2000-0414 1


VOTE:

=================================
Candidate: CAN-2000-0433
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: SUSE:20000502 aaabase < 2000.5.2
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_47.txt
Reference: XF:aaabase-execute-dot-files

The SuSE aaa_base package installs some system accounts with home
directories set to /tmp, which allows local users to gain privileges
to those accounts by creating standard user startup scripts such as
profiles.


ED_PRI CAN-2000-0433 1


VOTE:

=================================
Candidate: CAN-2000-0439
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com
Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: BID:1194
Reference: URL:http://www.securityfocus.com/bid/1194
Reference: XF:ie-cookie-disclosure

Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain
client cookies from another domain by including that domain name and
escaped characters in a URL, aka the "Unauthorized Cookie Access"
vulnerability.


ED_PRI CAN-2000-0439 1


VOTE:

=================================
Candidate: CAN-2000-0440
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NETBSD:NetBSD-SA2000-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc
Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html
Reference: BID:1173
Reference: URL:http://www.securityfocus.com/bid/1173

NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of
service by sending a packet with an unaligned IP timestamp option.


ED_PRI CAN-2000-0440 1


VOTE:

=================================
Candidate: CAN-2000-0457
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.asp
Reference: BID:1193
Reference: URL:http://www.securityfocus.com/bid/1193

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file
contents by requesting the file and appending a large number of
encoded spaces (%20) and terminated with a .htr extension, aka the
".HTR File Fragment Reading" or "File Fragment Reading via .HTR"
vulnerability.


ED_PRI CAN-2000-0457 1


VOTE:

=================================
Candidate: CAN-2000-0379
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com
Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
Reference: BID:1177
Reference: URL:http://www.securityfocus.com/bid/1177
Reference: XF:netopia-snmp-comm-strings

The Netopia R9100 router does not prevent authenticated users from
modifying SNMP tables, even if the administrator has configured it to
do so.


ED_PRI CAN-2000-0379 2


VOTE:

=================================
Candidate: CAN-2000-0427
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: unknown
Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack
Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt
Reference: XF:aladdin-etoken-pin-reset
Reference: BID:1170
Reference: URL:http://www.securityfocus.com/bid/1170

The Aladdin Knowledge Systems eToken device allows attackers with
physical access to the device to obtain sensitive information without
knowing the PIN of the owner by resetting the PIN the EEPROM.


ED_PRI CAN-2000-0427 2


VOTE:

=================================
Candidate: CAN-2000-0428
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp
Reference: BID:1168
Reference: URL:http://www.securityfocus.com/bid/1168
Reference: XF:interscan-viruswall-bo

Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and
earlier allows a remote attacker to execute arbitrary commands via a
long filename for a uuencoded attachment.


ED_PRI CAN-2000-0428 2


VOTE:

=================================
Candidate: CAN-2000-0378
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000502 pam_console bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html
Reference: BID:1176
Reference: URL:http://www.securityfocus.com/bid/1176

The pam_console PAM module in Linux systems performs a chown on
various devices upon a user login, but the ownership of some devices
is not reset when the user logs out, which allows that user to sniff
activity on these devices when subsequent users log in.


ED_PRI CAN-2000-0378 3


VOTE:

=================================
Candidate: CAN-2000-0381
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Reference: XF:http-cgi-dbman-db
Reference: BID:1178
Reference: URL:http://www.securityfocus.com/bid/1178

The Gossamer Threads DBMan db.cgi CGI script allows remote attackers
to view environmental variables and setup information by referencing a
non-existing database in the db parameter.


ED_PRI CAN-2000-0381 3


VOTE:

=================================
Candidate: CAN-2000-0383
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: XF:aolim-file-path
Reference: BugTraq Mailing List: "AOL Instant Messenger" at:
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=002401bfb918$7310d5a0$1ef084ce@karemor.com
Reference: BID:1180
Reference: URL:http://www.securityfocus.com/bid/1180

The file transfer component of AOL Instant Messenger (AIM) reveals the
physical path of the transferred file to the remote recipient.


ED_PRI CAN-2000-0383 3


VOTE:

=================================
Candidate: CAN-2000-0384
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: CF
Reference: L0PHT:20000508 NetStructure 7180 remote backdoor vulnerability
Reference: URL:http://www.lopht.com/advisories/ipivot7110.html
Reference: L0PHT:20000508 NetStructure 7110 console backdoor
Reference: URL:http://www.l0pht.com/advisories/ipivot7180.html
Reference: CONFIRM:http://216.188.41.136/
Reference: XF:netstructure-root-compromise
Reference: XF:netstructure-wizard-mode
Reference: BID:1182
Reference: URL:http://www.securityfocus.com/bid/1182
Reference: BID:1183
Reference: URL:http://www.securityfocus.com/bid/1183

NetStructure 7110 and 7180 have undocumented accounts (servnow, root,
and wizard) whose passwords are easily guessable from the
NetStructure's MAC address, which could allow remote attackers to gain
root access.


ED_PRI CAN-2000-0384 3


VOTE:

=================================
Candidate: CAN-2000-0385
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MISC:http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html
Reference: CONFIRM:http://www.filemaker.com/support/webcompanion.html
Reference: XF:macos-filemaker-xml
Reference: XF:macos-filemaker-email

FileMaker Pro 5 Web Companion allows remote attackers to bypass
Field-Level database security restrictions via the XML publishing
or email capabilities.


ED_PRI CAN-2000-0385 3


VOTE:

=================================
Candidate: CAN-2000-0386
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MISC:http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html
Reference: CONFIRM:http://www.filemaker.com/support/webcompanion.html
Reference: XF:macos-filemaker-anonymous-email

FileMaker Pro 5 Web Companion allows remote attackers to send
anonymous or forged email.


ED_PRI CAN-2000-0386 3


VOTE:

=================================
Candidate: CAN-2000-0409
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html
Reference: BID:1201
Reference: URL:http://www.securityfocus.com/bid/1201
Reference: XF:netscape-import-certificate-symlink

Netscape 4.73 and earlier follows symlinks when it imports a new
certificate, which allows local users to overwrite files of the user
importing the certificate.


ED_PRI CAN-2000-0409 3


VOTE:

=================================
Candidate: CAN-2000-0410
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843
Reference: XF:coldfusion-cfcache-dos
Reference: BID:1192
Reference: URL:http://www.securityfocus.com/bid/1192

Cold Fusion Server 4.5.1 allows remote attackers to cause a denial of
service by making repeated requests to a CFCACHE tagged cache file
that is not stored in memory.


ED_PRI CAN-2000-0410 3


VOTE:

=================================
Candidate: CAN-2000-0411
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
Reference: XF:http-cgi-formmail-environment
Reference: BID:1187
Reference: URL:http://www.securityfocus.com/bid/1187

Matt Wright's FormMail CGI script allows remote attackers to obtain
environmental variables via the env_report parameter.


ED_PRI CAN-2000-0411 3


VOTE:

=================================
Candidate: CAN-2000-0412
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 KNapster Vulnerability Compromises User-readable Files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0124.html
Reference: BUGTRAQ:20000510 Gnapster Vulnerability Compromises User-readable Files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0127.html
Reference: FREEBSD:FreeBSD-SA-00:18
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:18-gnapster.adv
Reference: XF:gnapster-view-files
Reference: BID:1186
Reference: URL:http://www.securityfocus.com/bid/1186

The gnapster and knapster clients for Napster do not properly restrict
access only to MP3 files, which allows remote attackers to read
arbitrary files from the client by specifying the full pathname for
the file.


ED_PRI CAN-2000-0412 3


VOTE:

=================================
Candidate: CAN-2000-0413
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000506 shtml.exe reveal local path of IIS web directory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html
Reference: BID:1174
Reference: URL:http://www.securityfocus.com/bid/1174
Reference: XF:iis-shtml-reveal-path

The shtml.exe program in the FrontPage extensions package of IIS 4.0
and 5.0 allows remote attackers to determine the physical path of
HTML, HTM, ASP, and SHTML files by requesting a file that does not
exist, which generates an error message that reveals the path.


ED_PRI CAN-2000-0413 3


VOTE:

=================================
Candidate: CAN-2000-0417
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: BID:1219
Reference: URL:http://www.securityfocus.com/bid/1219

The HTTP administration interface to the Cayman 3220-H DSL router
allows remote attackers to cause a denial of service via a long
username or password.


ED_PRI CAN-2000-0417 3


VOTE:

=================================
Candidate: CAN-2000-0422
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000504 Alert: DMailWeb buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95749276827558&w=2
Reference: XF:http-cgi-dmailweb-bo
Reference: BID:1171
Reference: URL:http://www.securityfocus.com/bid/1171

Buffer overflow in Netwin DMailWeb CGI program allows remote attackers
to execute arbitrary commands via a long utoken parameter.


ED_PRI CAN-2000-0422 3


VOTE:

=================================
Candidate: CAN-2000-0423
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Alert: DNewsWeb buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95764950403250&w=2
Reference: XF:http-cgi-dnews-bo
Reference: BID:1172
Reference: URL:http://www.securityfocus.com/bid/1172

Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers
to execute arbitrary commands via long parameters such as group, cmd,
and utag.


ED_PRI CAN-2000-0423 3


VOTE:

=================================
Candidate: CAN-2000-0425
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html
Reference: XF:http-cgi-listserv-wa-bo
Reference: BID:1167
Reference: URL:http://www.securityfocus.com/bid/1167

Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8
allows remote attackers to execute arbitrary commands.


ED_PRI CAN-2000-0425 3


VOTE:

=================================
Candidate: CAN-2000-0426
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html
Reference: BID:1175
Reference: URL:http://www.securityfocus.com/bid/1175
Reference: XF:ultraboard-cgi-dos

UltraBoard 1.6 and other versions allow remote attackers to cause a
denial of service by referencing UltraBoard in the Session parameter,
which causes UltraBoard to fork copies of itself.


ED_PRI CAN-2000-0426 3


VOTE:

=================================
Candidate: CAN-2000-0429
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000427 Alert: Cart32 secret password backdoor (CISADV000427)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95686068203138&w=2
Reference: CONFIRM:http://www.cart32.com/kbshow.asp?article=c048

A backdoor password in Cart32 3.0 and earlier allows remote attackers
to execute arbitrary commands.


ED_PRI CAN-2000-0429 3


VOTE:

=================================
Candidate: CAN-2000-0430
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000503 Another interesting Cart32 command
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95738697301956&w=2
Reference: XF:cart32-expdate

Cart32 allows remote attackers to access sensitive debugging
information by appending /expdate to the URL request.


ED_PRI CAN-2000-0430 3


VOTE:

=================================
Candidate: CAN-2000-0458
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
Reference: XF:imp-tmpfile-view

The MSWordView application in IMP creates world-readable files in the
/tmp directory, which allows other local users to read potentially
sensitive information.


ED_PRI CAN-2000-0458 3


VOTE:

=================================
Candidate: CAN-2000-0459
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95672120116627&w=2
Reference: XF:imp-wordfile-dos

IMP does not remove files properly if the MSWordView application
quits, which allows local users to cause a denial of service by
filling up the disk space by requesting a large number of documents
and prematurely stopping the request.


ED_PRI CAN-2000-0459 3


VOTE:

 
Page Last Updated: May 22, 2007