|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-29 - 20 candidates
The following cluster contains 20 candidates that were announced between 7/13/2000 and 7/20/2000. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ================================= Candidate: CAN-2000-0622 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NAI:20000719 O'Reilly WebSite Professional Overflow Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2424 Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt Reference: BID:1487 Reference: URL:http://www.securityfocus.com/bid/1487 Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter. ED_PRI CAN-2000-0622 1 VOTE: ================================= Candidate: CAN-2000-0630 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: MS:MS00-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp Reference: BID:1488 Reference: URL:http://www.securityfocus.com/bid/1488 IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. ED_PRI CAN-2000-0630 1 VOTE: ================================= Candidate: CAN-2000-0631 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: MS:MS00-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp Reference: BID:1476 Reference: URL:http://www.securityfocus.com/bid/1476 An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. ED_PRI CAN-2000-0631 1 VOTE: ================================= Candidate: CAN-2000-0632 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0222.html Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1 Reference: BID:1490 Reference: URL:http://www.securityfocus.com/bid/1490 Buffer overflow in the web archive component ot L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. ED_PRI CAN-2000-0632 1 VOTE: ================================= Candidate: CAN-2000-0653 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: MS:MS00-045 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-045.asp Reference: BID:1502 Reference: URL:http://www.securityfocus.com/bid/1502 Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability. ED_PRI CAN-2000-0653 1 VOTE: ================================= Candidate: CAN-2000-0666 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html Reference: DEBIAN:20000715 rpc.statd: remote root exploit Reference: URL:http://www.debian.org/security/2000/20000719a Reference: REDHAT:RHSA-2000:043-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043-03.html Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html Reference: CALDERA:CSSA-2000-025.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt Reference: BID:1480 Reference: URL:http://www.securityfocus.com/bid/1480 rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. ED_PRI CAN-2000-0666 1 VOTE: ================================= Candidate: CAN-2000-0667 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: CALDERA:CSSA-2000-024.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0273.html Reference: BID:1512 Reference: URL:http://www.securityfocus.com/bid/1512 Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service. ED_PRI CAN-2000-0667 1 VOTE: ================================= Candidate: CAN-2000-0633 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html Reference: BID:1489 Reference: URL:http://www.securityfocus.com/bid/1489 Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system. ED_PRI CAN-2000-0633 2 VOTE: ================================= Candidate: CAN-2000-0623 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NTBUGTRAQ:20000719 Alert: Buffer Overrun is O'Reilly WebsitePro httpd32.exe (CISADV000717) Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=5946 Reference: BID:1492 Reference: URL:http://www.securityfocus.com/bid/1492 Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header. ED_PRI CAN-2000-0623 3 VOTE: ================================= Candidate: CAN-2000-0624 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html Reference: BID:1496 Reference: URL:http://www.securityfocus.com/bid/1496 Buffer overflow in WinAmp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. ED_PRI CAN-2000-0624 3 VOTE: ================================= Candidate: CAN-2000-0625 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: L0PHT:20000718 NetZero Password Encryption Algorithm Reference: URL:http://www.l0pht.com/advisories/netzero.txt Reference: BID:1483 Reference: URL:http://www.securityfocus.com/bid/1483 NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password. ED_PRI CAN-2000-0625 3 VOTE: ================================= Candidate: CAN-2000-0626 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000718 Multiple bugs in Alibaba 2.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html Reference: BID:1482 Reference: URL:http://www.securityfocus.com/bid/1482 Buffer overflow in Alibaba web server allows remote attackers to cause a denial of service via a long GET request. ED_PRI CAN-2000-0626 3 VOTE: ================================= Candidate: CAN-2000-0627 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html Reference: BID:1486 Reference: URL:http://www.securityfocus.com/bid/1486 BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. ED_PRI CAN-2000-0627 3 VOTE: ================================= Candidate: CAN-2000-0634 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html Reference: BID:1493 Reference: URL:http://www.securityfocus.com/bid/1493 The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. ED_PRI CAN-2000-0634 3 VOTE: ================================= Candidate: CAN-2000-0636 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html Reference: BID:1491 Reference: URL:http://www.securityfocus.com/bid/1491 HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command. ED_PRI CAN-2000-0636 3 VOTE: ================================= Candidate: CAN-2000-0643 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org Reference: BID:1470 Reference: URL:http://www.securityfocus.com/bid/1470 Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL. ED_PRI CAN-2000-0643 3 VOTE: ================================= Candidate: CAN-2000-0649 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NTBUGTRAQ:20000713 IIS4 Basic authentication realm issue Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html Reference: BID:1499 Reference: URL:http://www.securityfocus.com/bid/1499 IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. ED_PRI CAN-2000-0649 3 VOTE: ================================= Candidate: CAN-2000-0662 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg Reference: BID:1474 Reference: URL:http://www.securityfocus.com/bid/1474 Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED). ED_PRI CAN-2000-0662 3 VOTE: ================================= Candidate: CAN-2000-0665 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html Reference: BID:1478 Reference: URL:http://www.securityfocus.com/bid/1478 AMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username. ED_PRI CAN-2000-0665 3 VOTE: ================================= Candidate: CAN-2000-0675 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion Reference: BID:1477 Reference: URL:http://www.securityfocus.com/bid/1477 Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string. ED_PRI CAN-2000-0675 3 VOTE:
|
||||
