|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-35 - 18 candidates
The following cluster contains 18 candidates that were announced between 8/25/2000 and 8/31/2000. Board members can use the voting web site instead of this ballot, which is posted for other Board members and as a part of the public record. These voting ballots include the new Analysis field as discussed in a previous post with explanations of applications of content decisions. The degree of vendor acknowledgement is also made more prominent. Finally, a new ACCEPT_REASON form has been added for Board members to include the reason why they vote to ACCEPT or MODIFY an item. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0727 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2 Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2 Reference: DEBIAN:20000910 xpdf: local exploit Reference: URL:http://www.debian.org/security/2000/20000910a Reference: REDHAT:RHSA-2000:060-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060-03.html Reference: CALDERA:CSSA-2000-031.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt Reference: BID:1624 Reference: URL:http://www.securityfocus.com/bid/1624 xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters. Analysis ---------------- ED_PRI CAN-2000-0727 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0728 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2 Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2 Reference: DEBIAN:20000910 xpdf: local exploit Reference: URL:http://www.debian.org/security/2000/20000910a Reference: REDHAT:RHSA-2000:060-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060-03.html Reference: CALDERA:CSSA-2000-031.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt Reference: BID:1624 Reference: URL:http://www.securityfocus.com/bid/1624 xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack. Analysis ---------------- ED_PRI CAN-2000-0728 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0729 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: FREEBSD:FreeBSD-SA-00:41 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html Reference: BID:1625 Reference: URL:http://www.securityfocus.com/bid/1625 FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. Analysis ---------------- ED_PRI CAN-2000-0729 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0749 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: FREEBSD:FreeBSD-SA-00:42 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html Reference: BID:1628 Reference: URL:http://www.securityfocus.com/bid/1628 Buffer overflow in the Linux binary compatability module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. Analysis ---------------- ED_PRI CAN-2000-0749 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0771 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-062.asp Reference: BID:1613 Reference: URL:http://www.securityfocus.com/bid/1613 Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0771 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0777 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-061.asp Reference: BID:1615 Reference: URL:http://www.securityfocus.com/bid/1615 The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0777 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0690 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000830 More problems with Auction Weaver & CGI Script Center. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0370.html Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0452.html Auction Weaver CGI script 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the fromfile parameter. Analysis ---------------- ED_PRI CAN-2000-0690 3 Vendor Acknowledgement: yes email-followup Content Decisions: SF-LOC This bug is vaguely alluded to in the Readme.txt for the download at http://www.cgiscriptcenter.com/awl/awl10.zip and acknowledged in an email followup. In addition, you can see the patches in the source code. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0691 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000826 Advisory: mgetty local compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0329.html Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-08/0330.html Reference: CALDERA:CSSA-2000-029.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-029.0.txt Reference: BID:1612 Reference: URL:http://www.securityfocus.com/bid/1612 The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file. Analysis ---------------- ED_PRI CAN-2000-0691 3 Vendor Acknowledgement: yes followup Content Decisions: SF-EXEC ABSTRACTION ISSUES: CD:SF-EXEC suggests to keep faxrunq and faxrunqd in the same CVE item because there are 2 binaries in the same package with the same flaw. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0717 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=02ff01c0124c$e9387660$0201a8c0@aviram Reference: BID:1619 Reference: URL:http://www.securityfocus.com/bid/1619 GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands. Analysis ---------------- ED_PRI CAN-2000-0717 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0720 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000929 News Publisher CGI Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b$18f8c1a0$953b29d4@e8s9s4 Reference: BID:1621 Reference: URL:http://www.securityfocus.com/bid/1621 news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program. Analysis ---------------- ED_PRI CAN-2000-0720 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0726 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000829 Stalker's CGImail Gives Read Access to All Server Files Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000829194618.H7744@thathost.com Reference: BID:1623 Reference: URL:http://www.securityfocus.com/bid/1623 CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable. Analysis ---------------- ED_PRI CAN-2000-0726 3 Vendor Acknowledgement: unknown INCLUSION: The poster indicates that he tested it successfully on a server, but the vendor web site appears to be down. This should not be included in CVE without strong proof that it is (or was) a known problem. However, it appears that a few ISP's still offer this as a service. ANALYSIS: The best documentation on the product seems to be at: http://www.cnsp.com/cgimail/cgimailins.htm and the "Reserved Variables" certainly indicates the potential for abuse. This appears to have been originally discovered by Mnemonix in 1998 (http://ftp.hackzone.ru/nsp/info/www/cgi-bugs.htm) and replicated by a few more sources (e.g. http://webm43ac.ntx.net/Articles/cgimail.html) but there is still a question of whether this can be sufficiently proven to exist. The cgichk CGI scanner included this at least as recently as mid-1999, but CGI scanners are notorious for cutting and pasting URL's from other scanners, which makes it easy to introduce errors. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0731 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html Reference: BID:1626 Reference: URL:http://www.securityfocus.com/bid/1626 Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2000-0731 3 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: As of 9/16/2000, the binary could not be downloaded from the vendor web site, and there was no concrete acknowledgement of the vulnerability. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0732 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html Reference: BID:1626 Reference: URL:http://www.securityfocus.com/bid/1626 Worm HTTP server allows remote attackers to cause a denial of service via a long URL. Analysis ---------------- ED_PRI CAN-2000-0732 3 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: As of 9/16/2000, the binary could not be downloaded from the vendor web site, and there was no acknowledgement of the vulnerability on the site. This product appears to be freeware. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0734 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000831 Remote DoS Attack in Eeye Iris 1.01 and SpyNet CaptureNet v3.12 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96774637326591&w=2 Reference: BID:1627 Reference: URL:http://www.securityfocus.com/bid/1627 eEye IRIS 1.01 beta allows remote attackers to cause a denial of service via a large number of UDP connections. Analysis ---------------- ED_PRI CAN-2000-0734 3 Vendor Acknowledgement: unknown Content Decisions: EX-BETA INCLUSION: CD:EX-BETA suggests that this should not be included in CVE because it is a beta version, unless this has been widely distributed. This thread also highlighted many issues related to the CD:EX-BETA discussion, e.g.: http://marc.theaimsgroup.com/?l=bugtraq&m=96784626915584&w=2 http://marc.theaimsgroup.com/?l=bugtraq&m=96783686531301&w=2 Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0752 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: FREEBSD:FreeBSD-SA-00:43 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0339.html Reference: BID:1629 Reference: URL:http://www.securityfocus.com/bid/1629 Buffer overflows in brouted in FreeBSD and possibly other OSes allows local users to gain root privileges via long command line arguments. Analysis ---------------- ED_PRI CAN-2000-0752 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC CD:SF-LOC would suggest to SPLIT this for each buffer overflow, but more detailed analysis at the source code level would be necessary. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0756 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000831 vCard DoS on Outlook 2000 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Springmail.105.967737080.0.16997300@www.springmail.com Reference: BID:1633 Reference: URL:http://www.securityfocus.com/bid/1633 Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service. Analysis ---------------- ED_PRI CAN-2000-0756 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0764 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html Reference: BID:1609 Reference: URL:http://www.securityfocus.com/bid/1609 Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet. Analysis ---------------- ED_PRI CAN-2000-0764 3 Vendor Acknowledgement: unknown ACKNOWLEDGEMENT: could not find vendor acknowledgement on web site. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0775 Published: Final-Decision: Interim-Decision: Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000828 [NT] Viking security vulnerabilities enable remote code execution (long URL, date parsing) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=399a01c01122$0d7f2310$0201a8c0@aviram Reference: CONFIRM:http://www.robtex.com/viking/bugs.htm Reference: BID:1614 Reference: URL:http://www.securityfocus.com/bid/1614 Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers. Analysis ---------------- ED_PRI CAN-2000-0775 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: There are multiple attacks that can trigger a buffer overflow, both in a long GET as well as long MIME headers. If these are all due to the same line of code (e.g. an fgets() call), then CD:SF-LOC says to combine them all. Otherwise, if there are separate lines of code for each bad header, then separate entries should be created. But should CD:SF-LOC have a maximum number of entries for each different bug? A poorly written application might have dozens (or hundreds) of buffer overflows in it, but should CVE have a separate entry for each one? The level of abstraction of this candidate is the same as that for CAN-2000-0623, which also has HTTP GET and header request problems. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
