[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster RECENT-24 - 31 candidates

* Steven M. Christey (coley@LINUS.MITRE.ORG) [000712 02:33]:
> The following cluster contains 31 candidates that were announced
> between 6/14/2000 and 6/22/2000.
> 
> The candidates are listed in order of priority.  Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
> 
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
> 
> - Steve
> 
> 
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
> 
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
> 
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
> 
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
> 
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
> 
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
> 
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
> 
> =================================
> Candidate: CAN-2000-0466
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000620
> Category: SF
> Reference: ISS:20000620 Insecure call of external program in AIX cdmount
> Reference: URL:http://xforce.iss.net/alerts/advise55.php
> Reference: BID:1384
> Reference: URL:http://www.securityfocus.com/bid/1384
> 
> AIX cdmount allows local users to gain root privileges via shell
> metacharacters.
> 
> 
> ED_PRI CAN-2000-0466 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0475
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: MS:MS00-020
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-020.asp
> Reference: BID:1350
> Reference: URL:http://www.securityfocus.com/bid/1350
> 
> Windows 2000 allows a local user process to access another user's
> desktop within the same windows station, aka the "Desktop Separation"
> vulnerability.
> 
> 
> ED_PRI CAN-2000-0475 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0483
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html
> Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
> Reference: REDHAT:RHSA-2000:038-01
> Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2350
> Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br
> Reference: BID:1354
> Reference: URL:http://www.securityfocus.com/bid/1354
> 
> The Zope DocumentTemplate package allows a remote attacker to modify
> DTMLDocuments or DTMLMethods without authorization.
> 
> 
> ED_PRI CAN-2000-0483 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0485
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: MS:MS00-041
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
> Reference: BID:1292
> Reference: URL:http://www.securityfocus.com/bid/1292
> 
> Microsoft SQL Server allows local users to obtain database passwords
> via the Data Transformation Service (DTS) package Properties dialog,
> aka the "DTS Password" vulnerability.
> 
> 
> ED_PRI CAN-2000-0485 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0533
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: SGI:20000601-01-P
> Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P
> Reference: BID:1379
> Reference: URL:http://www.securityfocus.com/bid/1379
> 
> Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to
> overwrite arbitrary files.
> 
> 
> ED_PRI CAN-2000-0533 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0539
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: ALLAIRE:ASB00-015
> Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
> Reference: BID:1386
> Reference: URL:http://www.securityfocus.com/bid/1386
> 
> Servlet examples in Allaire JRun 2.3.x allow remote attackers to
> obtain sensitive information, e.g. listing HttpSession ID's via the
> SessionServlet servlet.
> 
> 
> ED_PRI CAN-2000-0539 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0540
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: ALLAIRE:ASB00-015
> Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
> Reference: BID:1386
> Reference: URL:http://www.securityfocus.com/bid/1386
> 
> JSP sample files in Allaire JRun 2.3.x allow remote attackers to
> access arbitrary files (e.g. via viewsource.jsp) or obtain
> configuration information.
> 
> 
> ED_PRI CAN-2000-0540 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0469
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl
> Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net
> Reference: BID:1347
> Reference: URL:http://www.securityfocus.com/bid/1347
> 
> Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary
> files via a .. (dot dot) attack.
> 
> 
> ED_PRI CAN-2000-0469 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0477
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
> Reference: BID:1351
> Reference: URL:http://www.securityfocus.com/bid/1351
> 
> Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows
> remote attackers to cause a denial of service via a .zip file that
> contains long file names.
> 
> 
> ED_PRI CAN-2000-0477 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0478
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
> Reference: BID:1351
> Reference: URL:http://www.securityfocus.com/bid/1351
> 
> In some cases, Norton Antivirus for Exchange (NavExchange) enters a
> "fail-open" state which allows viruses to pass through the server.
> 
> 
> ED_PRI CAN-2000-0478 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0510
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000620 CUPS DoS Bugs
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
> Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
> Reference: BID:1373
> Reference: URL:http://www.securityfocus.com/bid/1373
> 
> CUPS (Common Unix Printing System) 1.04 and earlier allows remote
> attackers to cause a denial of service via a malformed IPP request.
> 
> 
> ED_PRI CAN-2000-0510 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0511
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000620 CUPS DoS Bugs
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
> Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
> Reference: BID:1373
> Reference: URL:http://www.securityfocus.com/bid/1373
> 
> CUPS (Common Unix Printing System) 1.04 and earlier allows remote
> attackers to cause a denial of service via a CGI POST request.
> 
> 
> ED_PRI CAN-2000-0511 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0512
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000620 CUPS DoS Bugs
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
> Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
> Reference: BID:1373
> Reference: URL:http://www.securityfocus.com/bid/1373
> 
> CUPS (Common Unix Printing System) 1.04 and earlier does not properly
> delete request files, which allows a remote attacker to cause a denial
> of service.
> 
> 
> ED_PRI CAN-2000-0512 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0513
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000620 CUPS DoS Bugs
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
> Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
> Reference: BID:1373
> Reference: URL:http://www.securityfocus.com/bid/1373
> 
> CUPS (Common Unix Printing System) 1.04 and earlier allows remote
> attackers to cause a denial of service by authenticating with a user
> name that does not exist or does not have a shadow password.
> 
> 
> ED_PRI CAN-2000-0513 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0514
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu
> Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt
> Reference: BID:1374
> Reference: URL:http://www.securityfocus.com/bid/1374
> 
> GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict
> access to some FTP commands, which allows remote attackers to cause a
> denial of service, and local users to gain root privileges.
> 
> 
> ED_PRI CAN-2000-0514 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0528
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
> Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
> Reference: BID:1364
> Reference: URL:http://www.securityfocus.com/bid/1364
> 
> Net Tools PKI Server does not properly restrict access to remote
> attackers when the XUDA template files do not contain absolute
> pathnames for other files.
> 
> 
> ED_PRI CAN-2000-0528 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0529
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
> Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
> Reference: BID:1363
> Reference: URL:http://www.securityfocus.com/bid/1363
> 
> Net Tools PKI Server allows remote attackers to cause a denial of
> service via a long HTTP request.
> 
> 
> ED_PRI CAN-2000-0529 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0562
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000620 BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html
> 
> BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and
> earlier, do not properly block Back Orifice traffic when the security
> setting is Nervous or lower.
> 
> 
> ED_PRI CAN-2000-0562 2
> 
> 
> VOTE: REVIEWING
> 


What do others think? Should this be a vuln? I can see the argument
that some features are simply not available unless you use the maximum
security settings.

> =================================
> Candidate: CAN-2000-0471
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html
> Reference: BID:1348
> Reference: URL:http://www.securityfocus.com/bid/1348
> 
> Buffer overflow in ufsrestore in Solaris 8 and earlier allows local
> users to gain root privileges via a long pathname.
> 
> 
> ED_PRI CAN-2000-0471 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0473
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
> Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
> Reference: BID:1349
> Reference: URL:http://www.securityfocus.com/bid/1349
> 
> Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker
> to cause a denial of service via a long GET request for a program in
> the cgi-bin directory.
> 
> 
> ED_PRI CAN-2000-0473 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0479
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000616 Multiples Remotes DoS Attacks in Dragon Server v1.00 and v2.00
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2
> Reference: BID:1352
> Reference: URL:http://www.securityfocus.com/bid/1352
> 
> Dragon FTP server allows remote attackers to cause a denial of service
> via a long USER command.
> 
> 
> ED_PRI CAN-2000-0479 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0480
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000616 Multiples Remotes DoS Attacks in Dragon Server v1.00 and v2.00
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2
> Reference: BID:1352
> Reference: URL:http://www.securityfocus.com/bid/1352
> 
> Dragon telnet server allows remote attackers to cause a denial of service
> via a long username.
> 
> 
> ED_PRI CAN-2000-0480 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0484
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2
> Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
> Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2
> Reference: BID:1355
> Reference: URL:http://www.securityfocus.com/bid/1355
> 
> Buffer overflow in Small HTTP Server allows remote attackers to cause
> a denial of service via a long GET request.
> 
> 
> ED_PRI CAN-2000-0484 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0494
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html
> Reference: BID:1356
> Reference: URL:http://www.securityfocus.com/bid/1356
> 
> Veritas Volume Manager creates a world writable .server_pids file,
> which allows local users to add arbitrary commands into the file,
> which is then executed by the vmsa_server script.
> 
> 
> ED_PRI CAN-2000-0494 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0500
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: CF
> Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2
> Reference: BID:1378
> Reference: URL:http://www.securityfocus.com/bid/1378
> 
> The default configuration of BEA WebLogic 5.1.0 allows a remote
> attacker to view source code of programs by requesting a URL beginning
> with /file/, which causes the default servlet to display the file
> without further processing.
> 
> 
> ED_PRI CAN-2000-0500 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0501
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html
> Reference: BID:1366
> Reference: URL:http://www.securityfocus.com/bid/1366
> 
> Race condition in MDaemon 2.8.5.0 POP server allows local users to
> cause a denial of service by entering a UIDL command and quickly
> exiting the server.
> 
> 
> ED_PRI CAN-2000-0501 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0504
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000619 XFree86: libICE DoS
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html
> Reference: BID:1369
> Reference: URL:http://www.securityfocus.com/bid/1369
> 
> libICE in XFree86 allows remote attackers to cause a denial of service
> by specifying a large value which is not properly checked by the
> SKIP_STRING macro.
> 
> 
> ED_PRI CAN-2000-0504 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0531
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000620 Bug in gpm
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000@apollo.aci.com.pl
> Reference: BID:1377
> Reference: URL:http://www.securityfocus.com/bid/1377
> 
> Linux gpm program allows local users to cause a denial of service by
> flooding the /dev/gpmctl device with STREAM sockets.
> 
> 
> ED_PRI CAN-2000-0531 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0541
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html
> Reference: BID:1359
> Reference: URL:http://www.securityfocus.com/bid/1359
> 
> The Panda Antivirus console on port 2001 allows local users to execute
> arbitrary commands without authentication via the CMD command.
> 
> 
> ED_PRI CAN-2000-0541 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0543
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000614 Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0107.html
> Reference: BID:1343
> Reference: URL:http://www.securityfocus.com/bid/1343
> 
> The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows
> remote attackers to cause a denial of service if their hostname does
> not have a reverse DNS entry and they connect to port 4000.
> 
> 
> ED_PRI CAN-2000-0543 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0561
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html
> Reference: BID:1365
> Reference: URL:http://www.securityfocus.com/bid/1365
> 
> Buffer overflow in WebBBS 1.15 allows remote attackers to execute
> arbitrary commands via a long HTTP GET request.
> 
> 
> ED_PRI CAN-2000-0561 3
> 
> 
> VOTE: ACCEPT

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Page Last Updated or Reviewed: May 22, 2007