|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PROPOSAL] Cluster RECENT-26 - 22 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000719 23:37]: > The following cluster contains 22 candidates that were announced > between 6/26/2000 and 6/30/2000. > > The candidates are listed in order of priority. Priority 1 and > Priority 2 candidates both deal with varying levels of vendor > confirmation, so they should be easy to review and it can be trusted > that the problems are real. > > If you discover that any RECENT-XX cluster is incomplete with respect > to the problems discovered during the associated time frame, please > send that information to me so that candidates can be assigned. > > - Steve > > > Summary of votes to use (in ascending order of "severity") > ---------------------------------------------------------- > > ACCEPT - voter accepts the candidate as proposed > NOOP - voter has no opinion on the candidate > MODIFY - voter wants to change some MINOR detail (e.g. reference/description) > REVIEWING - voter is reviewing/researching the candidate, or needs more info > RECAST - candidate must be significantly modified, e.g. split or merged > REJECT - candidate is "not a vulnerability", or a duplicate, etc. > > 1) Please write your vote on the line that starts with "VOTE: ". If > you want to add comments or details, add them to lines after the > VOTE: line. > > 2) If you see any missing references, please mention them so that they > can be included. References help greatly during mapping. > > 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. > So if you don't have sufficient information for a candidate but you > don't want to NOOP, use a REVIEWING. > > ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** > > Please keep in mind that your vote and comments will be recorded and > publicly viewable in the mailing list archives or in other formats. > > ================================= > Candidate: CAN-2000-0585 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client. > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html > Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root. > Reference: URL:http://www.openbsd.org/errata.html#dhclient > Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client > Reference: URL:http://www.debian.org/security/2000/20000628 > Reference: BUGTRAQ:20000702 [Security Announce] dhcp update > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html > Reference: SUSE:20000711 Security Hole in dhclient < 2.0 > Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_56.txt > Reference: XF:openbsd-isc-dhcp-bo > Reference: NETBSD:NetBSD-SA2000-008 > Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-008.txt.asc > Reference: BID:1388 > Reference: URL:http://www.securityfocus.com/bid/1388 > > ISC DHCP client program dhclient allows remote attackers to execute > arbitrary commands via shell metacharacters. > > > ED_PRI CAN-2000-0585 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0596 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg > Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu > Reference: MS:MS00-049 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp > Reference: XF:ie-access-vba-code-execute > Reference: BID:1398 > Reference: URL:http://www.securityfocus.com/bid/1398 > > Internet Explorer 5.x does not warn a user before opening a Microsoft > Access database file that is referenced within ActiveX OBJECT tags in > an HTML document, which could allow remote attackers to execute > arbitrary commands, aka the "IE Script" vulnerability. > > > ED_PRI CAN-2000-0596 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0597 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg > Reference: MS:MS00-049 > Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-049.asp > Reference: BID:1399 > Reference: URL:http://www.securityfocus.com/bid/1399 > Reference: XF:ie-powerpoint-activex-object-execute > > Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are > marked as safe for scripting, which allows remote attackers to force > Internet Explorer or some email clients to save files to arbitrary > locations via the Visual Basic for Applications (VBA) SaveAs function, > aka the "Office HTML Script" vulnerability. > > > ED_PRI CAN-2000-0597 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0616 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: HP:HPSBMP0006-007 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html > Reference: BID:1405 > Reference: URL:http://www.securityfocus.com/bid/1405 > > Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain > additional privileges via DBUTIL.PUB.SYS. > > > ED_PRI CAN-2000-0616 1 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0582 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3] > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630162106.4619C-100000@fjord.fscinternet.com > Reference: XF:fw1-resource-overload-dos > Reference: BID:1416 > Reference: URL:http://www.securityfocus.com/bid/1416 > > Check Point Firewall-1 4.0 and 4.1 allows remote attackers to cause a > denial of service by sending a stream of binary zeros to the SMTP > Security Server proxy. > > > ED_PRI CAN-2000-0582 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0583 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com > Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog > Reference: BID:1418 > Reference: URL:http://www.securityfocus.com/bid/1418 > > vchkpw program in vpopmail before version 4.8 does not properly cleanse > an untrusted format string used in a call to syslog, which allows > remote attackers to cause a denial of service via a USER or PASS > command that contains arbitrary formatting directives. > > > ED_PRI CAN-2000-0583 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0588 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html > Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html > Reference: BID:1402 > Reference: URL:http://www.securityfocus.com/bid/1402 > Reference: XF:sawmill-file-access > > SawMill 5.0.21 CGI program allows remote attackers to read the first > line of arbitrary files by listing the file in the rfcf parameter, > whose contents SawMill attempts to parse as configuration commands. > > > ED_PRI CAN-2000-0588 2 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0568 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se > Reference: XF:sybergen-routing-table-modify > Reference: BID:1417 > Reference: URL:http://www.securityfocus.com/bid/1417 > > Sybergen Secure Desktop 2.1 does not properly protect against false > router advertisements (ICMP type 9), which allows remote attackers to > modify default routes. > > > ED_PRI CAN-2000-0568 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0569 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: MISC:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html > Reference: BID:1420 > Reference: URL:http://www.securityfocus.com/bid/1420 > > Sybergen Sygate allows remote attackers to cause a denial of service > by sending a malformed DNS UDP packet to its internal interface. > > > ED_PRI CAN-2000-0569 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0570 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770 > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html > Reference: XF:firstclass-large-bcc-dos > Reference: BID:1421 > Reference: URL:http://www.securityfocus.com/bid/1421 > > FirstClass Internet Services server allows remote attackers to cause a > denial of service by sending an email with a long To: mail header. > > > ED_PRI CAN-2000-0570 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0575 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1 > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007010511.BAA16944@syrinx.oankali.net > Reference: BID:1426 > Reference: URL:http://www.securityfocus.com/bid/1426 > > SSH 1.2.27 with Kerberos authentication support stores Kerberos > tickets in a file which is created in the current directory of the > user who is logging in, which could allow remote attackers to sniff > the ticket cache if the home directory is installed on NFS. > > > ED_PRI CAN-2000-0575 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0580 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-2] > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161935.4619B-100000@fjord.fscinternet.com > Reference: XF:win2k-cpu-overload-dos > Reference: BID:1415 > Reference: URL:http://www.securityfocus.com/bid/1415 > > Windows 2000 Server allows remote attackers to cause a denial of > service by sending a continuous stream of binary zeros to various TCP > and UDP ports, which significantly increases the CPU utilization. > > > ED_PRI CAN-2000-0580 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0581 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1] > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com > Reference: XF:win2k-telnetserver-dos > Reference: BID:1414 > Reference: URL:http://www.securityfocus.com/bid/1414 > > Windows 2000 Telnet Server allows remote attackers to cause a denial > of service by sending a continuous stream of binary zeros, which > causes the server to crash. > > > ED_PRI CAN-2000-0581 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0586 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability > Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html > Reference: XF:ircd-dalnet-summon-bo > Reference: BID:1404 > Reference: URL:http://www.securityfocus.com/bid/1404 > > Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to > cause a denial of service or execute arbitrary commands via the SUMMON > command. > > > ED_PRI CAN-2000-0586 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0587 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: XF:glftpd-privpath-directive > Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000@twix.thrijswijk.nl > Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html > Reference: BID:1401 > Reference: URL:http://www.securityfocus.com/bid/1401 > > The privpath directive in glftpd 1.18 allows remote attackers to > bypass access restrictions for directories by using the file name > completion capability. > > > ED_PRI CAN-2000-0587 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0589 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html > Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html > Reference: BID:1403 > Reference: URL:http://www.securityfocus.com/bid/1403 > Reference: XF:sawmill-weak-encryption > > SawMill 5.0.21 uses weak encryption to store passwords, which allows > attackers to easily decrypt the password and modify the SawMill > configuration. > > > ED_PRI CAN-2000-0589 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0592 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp > Reference: XF:winproxy-command-bo > Reference: BID:1400 > Reference: URL:http://www.securityfocus.com/bid/1400 > > Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow > remote attackers to execute arbitrary commands via long USER, PASS, > LIST, RETR, or DELE commands. > > > ED_PRI CAN-2000-0592 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0593 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp > Reference: XF:winproxy-get-dos > Reference: BID:1400 > Reference: URL:http://www.securityfocus.com/bid/1400 > > WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of > service by sending an HTTP GET request without listing an HTTP version > number. > > > ED_PRI CAN-2000-0593 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0598 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html > Reference: BID:1395 > Reference: URL:http://www.securityfocus.com/bid/1395 > Reference: XF:fortech-proxy-telnet-gateway > Reference: XF:proxyplus-telnet-gateway > > Fortech Proxy+ allows remote attackers to bypass access restrictions > for to the administration service by redirecting their connections > through the telnet proxy. > > > ED_PRI CAN-2000-0598 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0599 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html > Reference: XF:imesh-tcp-port-overflow > Reference: BID:1407 > Reference: URL:http://www.securityfocus.com/bid/1407 > > Buffer overflow in iMesh 1.02 allows remote attackers to execute > arbitrary commands via a long string to the iMesh port. > > > ED_PRI CAN-2000-0599 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0600 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility > Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html > Reference: BID:1393 > Reference: URL:http://www.securityfocus.com/bid/1393 > Reference: XF:netscape-virtual-directory-bo > Reference: XF:netscape-enterprise-netware-bo > > Netscape Enterprise Server in NetWare 5.1 allows remote attackers to > cause a denial of service or execute arbitrary commands via a > malformed URL. > > > ED_PRI CAN-2000-0600 3 > > > VOTE: ACCEPT > > ================================= > Candidate: CAN-2000-0612 > Published: > Final-Decision: > Interim-Decision: > Modified: > Proposed: 20000719 > Assigned: 20000719 > Category: SF > Reference: BUGTRAQ:20000629 Buggy ARP handling in Windoze > Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395B7E64.9FB3D4DB@starzetz.de > Reference: XF:win-arp-spoofing > Reference: BID:1406 > Reference: URL:http://www.securityfocus.com/bid/1406 > > Windows 95 and Windows 98 do not properly process spoofed ARP packets, > which allows remote attackers to overwrite static entries in the cache > table. > > > ED_PRI CAN-2000-0612 3 > > > VOTE: ACCEPT -- Elias Levy SecurityFocus.com http://www.securityfocus.com/ Si vis pacem, para bellum
|
||||
