|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 30 recent candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-1999-0820 CVE-1999-0820 CAN-2000-0001 CVE-2000-0001 CAN-2000-0011 CVE-2000-0011 CAN-2000-0013 CVE-2000-0013 CAN-2000-0015 CVE-2000-0015 CAN-2000-0018 CVE-2000-0018 CAN-2000-0030 CVE-2000-0030 CAN-2000-0032 CVE-2000-0032 CAN-2000-0034 CVE-2000-0034 CAN-2000-0045 CVE-2000-0045 CAN-2000-0092 CVE-2000-0092 CAN-2000-0157 CVE-2000-0157 CAN-2000-0168 CVE-2000-0168 CAN-2000-0174 CVE-2000-0174 CAN-2000-0175 CVE-2000-0175 CAN-2000-0195 CVE-2000-0195 CAN-2000-0236 CVE-2000-0236 CAN-2000-0251 CVE-2000-0251 CAN-2000-0261 CVE-2000-0261 CAN-2000-0262 CVE-2000-0262 CAN-2000-0264 CVE-2000-0264 CAN-2000-0279 CVE-2000-0279 CAN-2000-0297 CVE-2000-0297 CAN-2000-0311 CVE-2000-0311 CAN-2000-0316 CVE-2000-0316 CAN-2000-0331 CVE-2000-0331 CAN-2000-0334 CVE-2000-0334 CAN-2000-0336 CVE-2000-0336 CAN-2000-0337 CVE-2000-0337 CAN-2000-0339 CVE-2000-0339 ================================= Candidate: CAN-1999-0820 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 19991208 Assigned: 19991207 Category: SF Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities Reference: BID:838 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=838 Reference: XF:freebsd-seyon-dir-add FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands. Modifications: ADDREF XF:freebsd-seyon-dir-add INFERRED ACTION: CAN-1999-0820 FINAL (Final Decision 20000712) Current Votes: ACCEPT(3) Armstrong, Stracener, Prosser MODIFY(2) Cole, Frech NOOP(2) Christey, Christey Comments: Cole> There are actually several vulenrabilities with seyon which allow users to elevate priviliges Frech> XF:freebsd-seyon-dir-add Christey> ADDREF? CALDERA:CSSA-1999-037.0 Prosser> agree there are also earlier seyon vulnerabilites reported as well but in different areas. The Caldera bulletin refers to a seyon problem that allows uucp privileges. Christey> The Caldera advisory is vaguely worded, so it's not certain whether it should be added here. As Eric points out, other seyon problems are identified in the related Bugtraq post. They are covered by CAN-1999-0863 and CAN-1999-0821. ================================= Candidate: CAN-2000-0001 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-02 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c) Reference: BID:888 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=888 Reference: XF:realserver-ramgen-dos RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. Modifications: ADDREF BID:888 ADDREF XF:realserver-ramgen-dos INFERRED ACTION: CAN-2000-0001 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:realserver-ramgen-dos ================================= Candidate: CAN-2000-0011 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-03 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1 Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm Reference: XF:simpleserver-get-bo Reference: BID:906 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=906 Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request. Modifications: DESC add "http server" ADDREF MISC:http://www.analogx.com/contents/download/network/sswww.htm ADDREF XF:simpleserver-get-bo INFERRED ACTION: CAN-2000-0011 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:simpleserver-get-bo ================================= Candidate: CAN-2000-0013 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991231 irix-soundplayer.sh Reference: XF:irix-soundplayer-symlink Reference: BID:909 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=909 IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program. Modifications: DESC change to reflect bug in soundplayer, specify correct bug ADDREF XF:irix-soundplayer-symlink INFERRED ACTION: CAN-2000-0013 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Armstrong MODIFY(2) Stracener, Frech NOOP(1) Christey Comments: Christey> The description should be modified. The problem is not a symlink attack, rather being able to route a command using shell metacharacters. Stracener> This is not a symlink attack. Description should be changed (see below). Here is what is going on: 1) script creates a file containing C code to spawn a setuid shell in /tmp when compiled and executed, 2) compiles the C source file with output to /tmp/kungfoo, 3) executes midikeys 4) user opens a wav file (via soundplayer) and saves the file as "foo;/tmp/kungfoo". The "exploitable condition" in soundplayer is a software flaw allowing for command separation when saving files (i.e., whatever is placed after the ";" is executed by soundplayer). I suggest the description read: "A bug soundplayer (part of midikeys) allows user to save a wav file with a command separator (i.e. ";") and issue multiple commands, resulting in the execution of arbitrary code." Frech> XF:irix-soundplayer-symlink ================================= Candidate: CAN-2000-0015 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991231 tftpserv.sh Reference: BID:910 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=910 Reference: XF:cascadeview-tftp-symlink CascadeView TFTP server allows local users to gain privileges via a symlink attack. Modifications: ADDREF XF:cascadeview-tftp-symlink INFERRED ACTION: CAN-2000-0015 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:cascadeview-tftp-symlink ================================= Candidate: CAN-2000-0018 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991221 Wmmon under FreeBSD Reference: BID:885 Reference: XF:freebsd-wmmon-root-exploit wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file. Modifications: ADDREF XF:freebsd-wmmon-root-exploit ADDREF BID:885 INFERRED ACTION: CAN-2000-0018 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:freebsd-wmmon-root-exploit ================================= Candidate: CAN-2000-0030 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems Reference: XF:sol-dmispd-fill-disk Reference: BID:878 Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database. Modifications: ADDREF XF:sol-dmispd-fill-disk ADDREF BID:878 INFERRED ACTION: CAN-2000-0030 FINAL (Final Decision 20000712) Current Votes: ACCEPT(3) Stracener, Armstrong, Dik MODIFY(1) Frech Comments: Frech> XF:sol-dmispd-fill-disk ================================= Candidate: CAN-2000-0032 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems Reference: XF:sol-dmispd-dos Reference: BID:878 Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database. Modifications: ADDREF XF:sol-dmispd-dos ADDREF BID:878 INFERRED ACTION: CAN-2000-0032 FINAL (Final Decision 20000712) Current Votes: ACCEPT(3) Stracener, Armstrong, Dik MODIFY(1) Frech Comments: Frech> XF:sol-dmispd-dos ================================= Candidate: CAN-2000-0034 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000111 Assigned: 20000111 Category: SF Reference: BUGTRAQ:19991222 More Netscape Passwords Available. Reference: XF:netscape-password-preferences Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords." Modifications: ADDREF XF:netscape-password-preferences INFERRED ACTION: CAN-2000-0034 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Stracener, Armstrong MODIFY(1) Frech Comments: Frech> XF:netscape-password-preferences ================================= Candidate: CAN-2000-0045 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling. Reference: BUGTRAQ:20000113 New MySQL Available Reference: XF:mysql-pwd-grant Reference: BID:926 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=926 MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege. Modifications: ADDREF XF:mysql-pwd-grant INFERRED ACTION: CAN-2000-0045 FINAL (Final Decision 20000712) Current Votes: ACCEPT(3) Stracener, Levy, Cole MODIFY(1) Frech Comments: Frech> XF:mysql-pwd-grant ================================= Candidate: CAN-2000-0092 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000208 Assigned: 20000202 Category: SF Reference: FREEBSD:FreeBSD-SA-00:01 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc Reference: BID:939 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=939 Reference: XF:gnu-makefile-tmp-root The BSD make program allows local users to modify files via a symlink attack when the -j option is being used. Modifications: ADDREF XF:gnu-makefile-tmp-root INFERRED ACTION: CAN-2000-0092 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(2) Wall, Cole Comments: Cole> please change mine from reviewing to NOOP, I could not find the information I was looking for Frech> XF:gnu-makefile-tmp-root ================================= Candidate: CAN-2000-0157 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000321-01 Proposed: 20000223 Assigned: 20000223 Category: SF Reference: NETBSD:1999-012 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc Reference: XF:netbsd-ptrace NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process. Modifications: ADDREF XF:netbsd-ptrace INFERRED ACTION: CAN-2000-0157 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) LeBlanc, Wall, Cole Comments: Frech> XF:netbsd-ptrace ================================= Candidate: CAN-2000-0168 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0087.html Reference: MS:MS00-017 Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126 Reference: BID:1043 Reference: URL:http://www.securityfocus.com/bid/1043 Reference: XF:win-dos-devicename-dos Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability. Modifications: ADDREF XF:win-dos-devicename-dos DESC [add versions] INFERRED ACTION: CAN-2000-0168 FINAL (Final Decision 20000712) Current Votes: ACCEPT(3) Blake, Ozancin, Cole MODIFY(2) LeBlanc, Frech REVIEWING(1) Wall Comments: LeBlanc> this only affects Win9x, not Windows NT or Windows 2000 Frech> XF:win-dos-devicename-dos ================================= Candidate: CAN-2000-0174 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html Reference: BID:1040 Reference: URL:http://www.securityfocus.com/bid/1040 Reference: XF:staroffice-scheduler-fileread StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:staroffice-scheduler-fileread INFERRED ACTION: CAN-2000-0174 FINAL (Final Decision 20000712) Current Votes: ACCEPT(3) Blake, Ozancin, Dik MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Cole, Christey Comments: Christey> Sun patch ID 109185, dated March 27 2000, reports on SD#73159, "Security problems in the shttpd.bin using StarSchedule Server." But did they fix 2000-0174, 2000-0175, or both? Frech> XF:staroffice-scheduler-fileread ================================= Candidate: CAN-2000-0175 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000626-01 Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html Reference: XF:staroffice-scheduler-bo Reference: BID:1039 Reference: URL:http://www.securityfocus.com/bid/1039 Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command. Modifications: ADDREF XF:staroffice-scheduler-bo INFERRED ACTION: CAN-2000-0175 FINAL (Final Decision 20000712) Current Votes: ACCEPT(3) Blake, Ozancin, Dik MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Cole, Christey Comments: Christey> Sun patch ID 109185, dated March 27 2000, reports on SD#73159, "Security problems in the shttpd.bin using StarSchedule Server." But did they fix 2000-0174, 2000-0175, or both? Frech> XF:staroffice-scheduler-bo ================================= Candidate: CAN-2000-0195 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: Proposed: 20000322 Assigned: 20000322 Category: SF Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html Reference: BID:1008 Reference: URL:http://www.securityfocus.com/bid/1008 Reference: XF:corel-linux-setxconf-root setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file. INFERRED ACTION: CAN-2000-0195 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Armstrong, Ozancin MODIFY(1) Frech NOOP(4) Wall, Blake, LeBlanc, Cole Comments: Frech> XF:corel-linux-setxconf-root ================================= Candidate: CAN-2000-0236 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000712 Proposed: 20000412 Assigned: 20000412 Category: SF Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0191.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0238.html Reference: BID:1063 Reference: URL:http://www.securityfocus.com/bid/1063 Reference: XF:netscape-server-directory-indexing Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump. Modifications: DESC Change Web Publishing to "Directory Indexing" INFERRED ACTION: CAN-2000-0236 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Frech, Cole MODIFY(1) Magdych Comments: Magdych> Change first instance of "Web Publishing" to "Directory Indexing". ================================= Candidate: CAN-2000-0251 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: HP:HPSBUX0004-112 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html Reference: BID:1090 Reference: URL:http://www.securityfocus.com/bid/1090 Reference: XF:hp-virtual-vault HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses. Modifications: ADDREF XF:hp-virtual-vault INFERRED ACTION: CAN-2000-0251 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(2) Wall, Cole Comments: Frech> XF:hp-virtual-vault ================================= Candidate: CAN-2000-0261 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000415 (no subject) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html Reference: BUGTRAQ:20000418 AVM's Statement Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com Reference: XF:ken-download-files Reference: BID:1103 Reference: URL:http://www.securityfocus.com/bid/1103 The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:ken-download-files INFERRED ACTION: CAN-2000-0261 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(2) Wall, Cole Comments: Frech> XF:ken-download-files ================================= Candidate: CAN-2000-0262 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000415 (no subject) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html Reference: BUGTRAQ:20000418 AVM's Statement Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com Reference: BID:1103 Reference: URL:http://www.securityfocus.com/bid/1103 Reference: XF:ken-dos The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request. Modifications: ADDREF XF:ken-dos INFERRED ACTION: CAN-2000-0262 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(2) Wall, Cole Comments: Frech> XF:ken-dos ================================= Candidate: CAN-2000-0264 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000426 Assigned: 20000426 Category: unknown Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip Reference: XF:panda-admin-privileges Reference: BID:1119 Reference: URL:http://www.securityfocus.com/bid/1119 Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods. Modifications: ADDREF CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip ADDREF XF:panda-admin-privileges INFERRED ACTION: CAN-2000-0264 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Stracener, Levy MODIFY(1) Frech NOOP(3) Wall, Cole, Christey Comments: Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip Frech> XF:panda-admin-privileges ================================= Candidate: CAN-2000-0279 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000407 BeOS Networking DOS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312 Reference: BID:1100 Reference: URL:http://www.securityfocus.com/bid/1100 Reference: XF:beos-networking-dos BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers. Modifications: ADDREF XF:beos-networking-dos INFERRED ACTION: CAN-2000-0279 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(2) Wall, Cole Comments: Frech> XF:beos-networking-dos ================================= Candidate: CAN-2000-0297 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: ALLAIRE:ASB00-06 Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full Reference: BID:1085 Reference: URL:http://www.securityfocus.com/bid/1085 Reference: XF:allaire-forums-allaccess Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables. Modifications: ADDREF XF:allaire-forums-allaccess INFERRED ACTION: CAN-2000-0297 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Stracener MODIFY(1) Frech NOOP(3) Wall, Cole, Christey Comments: Christey> ADDREF XF:allaire-forums-allaccess Frech> XF:allaire-forums-allaccess ================================= Candidate: CAN-2000-0311 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: MS:MS00-026 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp Reference: XF:ms-mixed-object Reference: BID:1145 Reference: URL:http://www.securityfocus.com/bid/1145 The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability. Modifications: ADDREF XF:ms-mixed-object INFERRED ACTION: CAN-2000-0311 FINAL (Final Decision 20000712) Current Votes: ACCEPT(4) LeBlanc, Cole, Wall, Levy MODIFY(1) Frech Comments: Frech> XF:ms-mixed-object ================================= Candidate: CAN-2000-0316 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html Reference: SUNBUG:4314312 Reference: BID:1143 Reference: URL:http://www.securityfocus.com/bid/1143 Reference: XF:solaris-lp-bo Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option. Modifications: ADDREF SUNBUG:4314312 ADDREF XF:solaris-lp-bo INFERRED ACTION: CAN-2000-0316 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Levy MODIFY(2) Dik, Frech NOOP(3) LeBlanc, Cole, Wall Comments: Dik> this is one of many buffer overflows in libprint.so.2; Reference: SUNBUG 4314312 Frech> XF:solaris-lp-bo ================================= Candidate: CAN-2000-0331 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html Reference: MS:MS00-027 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp Reference: BID:1135 Reference: URL:http://www.securityfocus.com/bid/1135 Reference: XF:nt-cmd-overflow Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability. Modifications: ADDREF XF:nt-cmd-overflow INFERRED ACTION: CAN-2000-0331 FINAL (Final Decision 20000712) Current Votes: ACCEPT(4) LeBlanc, Cole, Wall, Levy MODIFY(1) Frech Comments: Frech> XF:nt-cmd-overflow ================================= Candidate: CAN-2000-0334 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: ALLAIRE:ASB00-10 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full Reference: BID:1181 Reference: XF:allaire-spectra-container-editor-preview The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule. Modifications: ADDREF BID:1181 ADDREF XF:allaire-spectra-container-editor-preview INFERRED ACTION: CAN-2000-0334 FINAL (Final Decision 20000712) Current Votes: MODIFY(2) Levy, Frech NOOP(3) LeBlanc, Cole, Wall Comments: Levy> Reference: BID 1181 Frech> XF:allaire-spectra-container-editor-preview ================================= Candidate: CAN-2000-0336 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: REDHAT:RHSA-2000:012-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000012-05.html Reference: CALDERA:CSSA-2000-009.0 Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt Reference: TURBO:TLSA2000010-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html Reference: BID:1232 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1232 Reference: XF:openldap-symlink-attack Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. Modifications: ADDREF BID:1232 ADDREF XF:openldap-symlink-attack ADDREF CALDERA:CSSA-2000-009.0 ADDREF TURBO:TLSA2000010-1 DESC remove Red Hat INFERRED ACTION: CAN-2000-0336 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Cole MODIFY(2) Levy, Frech NOOP(3) LeBlanc, Wall, Christey Comments: Levy> Reference: BID 1232 Frech> XF:openldap-symlink-attack Note: This is not just a Red Hat issue. See ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt and http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.htm l, and you might as well add them as references too. :-) Christey> Also ADDREF BID:1232 ================================= Candidate: CAN-2000-0337 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html Reference: SUNBUG:4335411 Reference: XF:solaris-xsun-bo Reference: BID:1140 Reference: URL:http://www.securityfocus.com/bid/1140 Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter. Modifications: ADDREF SUNBUG:4335411 ADDREF XF:solaris-xsun-bo INFERRED ACTION: CAN-2000-0337 FINAL (Final Decision 20000712) Current Votes: ACCEPT(1) Levy MODIFY(2) Dik, Frech NOOP(3) LeBlanc, Cole, Wall Comments: Dik> Reference: SUNBUG: 4335411 Frech> XF:solaris-xsun-bo ================================= Candidate: CAN-2000-0339 Published: Final-Decision: 20000712 Interim-Decision: 20000707 Modified: 20000706-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: BUGTRAQ:20000420 ZoneAlarm Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com Reference: BID:1137 Reference: URL:http://www.securityfocus.com/bid/1137 Reference: XF:zonealarm-portscan ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules. Modifications: ADDREF XF:zonealarm-portscan INFERRED ACTION: CAN-2000-0339 FINAL (Final Decision 20000712) Current Votes: ACCEPT(2) Wall, Levy MODIFY(1) Frech NOOP(2) LeBlanc, Cole Comments: Frech> XF:zonealarm-portscan
|
||||
