|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-39 - 29 candidates
The following cluster contains 29 candidates that were announced between August 10 and September 24, 2000. Note that the voting web site will not be updated with this cluster until sometime Wednesday. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0901 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0901 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability Reference: URL:http://www.securityfocus.com/archive/1/80178 Reference: DEBIAN:20000902 screen: local exploit Reference: URL:http://www.debian.org/security/2000/20000902a Reference: MANDRAKE:MDKSA-2000:044 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3 Reference: SUSE:20000906 screen format string parsing security problem Reference: URL:http://www.suse.com/de/support/security/adv6_draht_screen_txt.txt Reference: REDHAT:RHSA-2000:058-03 Reference: URL:http://www.redhat.com Reference: FREEBSD:FreeBSD-SA-00:46 Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc Reference: BID:1641 Reference: URL:http://www.securityfocus.com/bid/1641 Reference: XF:screen-format-string Reference: URL:http://xforce.iss.net/static/5188.php Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable. Analysis ---------------- ED_PRI CAN-2000-0901 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0909 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000922 [ no subject ] Reference: URL:http://www.securityfocus.com/archive/1/84901 Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html Reference: FREEBSD:FreeBSD-SA-00:59 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc Reference: REDHAT:RHSA-2000-102-04 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html Reference: BID:1709 Reference: URL:http://www.securityfocus.com/bid/1709 Reference: XF:pine-check-mail-bo Reference: URL:http://xforce.iss.net/static/5283.php Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. Analysis ---------------- ED_PRI CAN-2000-0909 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0910 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0910 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html Reference: DEBIAN:20000910 imp: remote compromise Reference: URL:http://www.debian.org/security/2000/20000910 Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch Reference: BID:1674 Reference: URL:http://www.securityfocus.com/bid/1674 Reference: XF:horde-imp-sendmail-command Reference: URL:http://xforce.iss.net/static/5278.php Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. Analysis ---------------- ED_PRI CAN-2000-0910 1 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0934 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0934 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: REDHAT:RHSA-2000:062-03 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0250.html Reference: BID:1703 Reference: URL:http://www.securityfocus.com/bid/1703 Reference: XF:glint-symlink Reference: URL:http://xforce.iss.net/static/5271.php Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. Analysis ---------------- ED_PRI CAN-2000-0934 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1022 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html Reference: BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html Reference: CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml Reference: BID:1698 Reference: URL:http://www.securityfocus.com/bid/1698 Reference: XF:cisco-pix-smtp-filtering Reference: URL:http://xforce.iss.net/static/5277.php The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. Analysis ---------------- ED_PRI CAN-2000-1022 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1031 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List ) Reference: URL:http://www.securityfocus.com/archive/1/75188 Reference: HP:HPSBUX0011-128 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html Reference: BID:1889 Reference: URL:http://www.securityfocus.com/bid/1889 Buffer overflow in dtterm in HP-UX 11.0 allows a local user to gain privileges via a long -tn option. Analysis ---------------- ED_PRI CAN-2000-1031 1 Vendor Acknowledgement: yes advisory REFERENCE: HP:HPSBUX0011-128 does not provide enough details to be certain that it addresses the vulnerability described in the August 10th Bugtraq post. ABSTRACTION: The dtterm buffer overflow as described in CVE-1999-0112 occurs via a different option, so it probably isn't the same as this overflow. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1054 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1705 Reference: URL:http://www.securityfocus.com/bid/1705 Reference: XF:ciscosecure-csadmin-bo Reference: URL:http://xforce.iss.net/static/5272.php Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. Analysis ---------------- ED_PRI CAN-2000-1054 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1055 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1706 Reference: URL:http://www.securityfocus.com/bid/1706 Reference: XF:ciscosecure-tacacs-dos Reference: URL:http://xforce.iss.net/static/5273.php Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. Analysis ---------------- ED_PRI CAN-2000-1055 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1056 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1708 Reference: URL:http://www.securityfocus.com/bid/1708 Reference: XF:ciscosecure-ldap-bypass-authentication Reference: URL:http://xforce.iss.net/static/5274.php CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. Analysis ---------------- ED_PRI CAN-2000-1056 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1057 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: unknown Reference: HP:HPSBUX0009-120 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html Reference: BID:1682 Reference: URL:http://www.securityfocus.com/bid/1682 Reference: XF:hp-openview-nnm-scripts Reference: URL:http://xforce.iss.net/static/5229.php Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions. Analysis ---------------- ED_PRI CAN-2000-1057 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0908 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0908 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96956211605302&w=2 Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest Reference: XF:browsegate-http-dos Reference: URL:http://xforce.iss.net/static/5270.php Reference: BID:1702 Reference: URL:http://www.securityfocus.com/bid/1702 BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. Analysis ---------------- ED_PRI CAN-2000-0908 2 Vendor Acknowledgement: yes changelog ACKNOWLEDGEMENT: This is acknowledged in the change log under the "v2.80.1 and later" section. The vendor states: "A request buffer problem has been fixed." However, Delphis is not directly credited, so the vendor may have fixed a different buffer problem. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0911 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0911 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP Reference: URL:http://www.securityfocus.com/archive/1/82088 Reference: BID:1679 Reference: URL:http://www.securityfocus.com/bid/1679 Reference: XF:imp-attach-file Reference: URL:http://xforce.iss.net/static/5227.php IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. Analysis ---------------- ED_PRI CAN-2000-0911 2 Vendor Acknowledgement: yes patch Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0912 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0912 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000913 MultiHTML vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html Reference: XF:http-cgi-multihtml Reference: URL:http://xforce.iss.net/static/5285.php MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. Analysis ---------------- ED_PRI CAN-2000-0912 2 Vendor Acknowledgement: yes changelog The initial report says that a call to open(FILE, "$multi") is used. If the $multi variable isn't cleansed of shell metacharacters, then it's possible that the attacker could execute commands. I don't have the source code to analyze the software, though. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1016 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: CF Reference: BUGTRAQ:20000921 httpd.conf in Suse 6.4 Reference: URL:http://www.securityfocus.com/archive/1/84360 Reference: BID:1707 Reference: URL:http://www.securityfocus.com/bid/1707 Reference: XF:suse-installed-packages-exposed Reference: URL:http://xforce.iss.net/static/5276.php The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL. Analysis ---------------- ED_PRI CAN-2000-1016 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1038 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1038 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: AIXAPAR:SA90544 Reference: CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument Reference: XF:as400-firewall-dos Reference: URL:http://xforce.iss.net/static/5266.php The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. Analysis ---------------- ED_PRI CAN-2000-1038 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1079 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1079 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: NAI:20000829 Windows NetBIOS Unsolicited Cache Corruption Reference: URL:http://www.pgp.com/research/covert/advisories/045.asp Reference: NTBUGTRAQ:20000829 Re: [COVERT-2000-10] Windows NetBIOS Unsolicited Cache Corruption Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0116.html Reference: BID:1620 Reference: URL:http://www.securityfocus.com/bid/1620 Reference: XF:win-netbios-corrupt-cache Reference: URL:http://xforce.iss.net/static/5168.php Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram. Analysis ---------------- ED_PRI CAN-2000-1079 2 Vendor Acknowledgement: unknown disputed DESCRIPTION: In a followup post, Russ Cooper says that the vulnerability is not an implementation flaw per se, but a design flaw in NetBIOS/CIFS. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0902 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0902 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000907 Re: PhotoAlbum 0.9.9 explorer.php Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/80858 Reference: XF:phpphotoalbum-getalbum-directory-traversal Reference: URL:http://xforce.iss.net/static/5209.php getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2000-0902 3 Vendor Acknowledgement: Content Decisions: SF-EXEC CAN-2000-0872 is a close match. For this one, getalbum.php was in earlier versions. CD:SF-EXEC might suggest SPLIT, but was the program just renamed? Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0903 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0903 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000901 Multiple QNX Voyager Issues Reference: URL:http://www.securityfocus.com/archive/1/79956 Reference: BID:1648 Reference: URL:http://www.securityfocus.com/bid/1648 Directory traversal vulnerability in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read arbitrary files via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2000-0903 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0904 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0904 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000901 Multiple QNX Voyager Issues Reference: URL:http://www.securityfocus.com/archive/1/79956 Reference: BID:1648 Reference: URL:http://www.securityfocus.com/bid/1648 Voyager web server 2.01B in the demo disks for QNX 405 stores sensitive web client information in the .photon directory in the web document root, which allows remote attackers to obtain that information. Analysis ---------------- ED_PRI CAN-2000-0904 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0905 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0905 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000901 Multiple QNX Voyager Issues Reference: URL:http://www.securityfocus.com/archive/1/79956 Reference: BID:1648 Reference: URL:http://www.securityfocus.com/bid/1648 QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page. Analysis ---------------- ED_PRI CAN-2000-0905 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0918 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0918 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BID:1700 Reference: URL:http://www.securityfocus.com/bid/1700 Reference: BUGTRAQ:20000919 kvt format bug Reference: URL:http://www.securityfocus.com/archive/1/83914 Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters. INCLUSION: It has not been proven that this bug is exploitable. Analysis ---------------- ED_PRI CAN-2000-0918 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1020 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1020 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000917 VIGILANTE-2000012: Mdaemon Web Services Heap Overflow DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96925269716274&w=2 Reference: BID:1689 Reference: URL:http://www.securityfocus.com/bid/1689 Reference: XF:mdaemon-url-dos Reference: URL:http://xforce.iss.net/static/5250.php Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. Analysis ---------------- ED_PRI CAN-2000-1020 3 Vendor Acknowledgement: unknown claimed Content Decisions: SF-EXEC This would appear to be a duplicate of CAN-1999-0844 at first glance, but VIGILANTE says this is not the case in their advisory. CD:SF-EXEC also suggests that separate entries might need to be created for WorldClient and WebConfig. Since Board members have voted to RECAST CAN-1999-0844 (which combines WorldClient and WebConfig), that also suggests that separate items should be recorded for WorldClient versus WebConfig. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1021 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1021 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000917 VIGILANTE-2000012: Mdaemon Web Services Heap Overflow DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96925269716274&w=2 Reference: BID:1689 Reference: URL:http://www.securityfocus.com/bid/1689 Reference: XF:mdaemon-url-dos Reference: URL:http://xforce.iss.net/static/5250.php Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL. Analysis ---------------- ED_PRI CAN-2000-1021 3 Vendor Acknowledgement: unknown claimed Content Decisions: SF-EXEC This would appear to be a duplicate of CAN-1999-0844 at first glance, but VIGILANTE says this is not the case in their advisory. CD:SF-EXEC also suggests that separate entries might need to be created for WorldClient and WebConfig. Since Board members have voted to RECAST CAN-1999-0844 (which combines WorldClient and WebConfig), that also suggests that separate items should be recorded for WorldClient versus WebConfig. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1023 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1023 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000924 Major Vulnerability in Alabanza Control Panel Reference: URL:http://www.securityfocus.com/archive/1/84766 Reference: BID:1710 Reference: URL:http://www.securityfocus.com/bid/1710 Reference: XF:alabanza-unauthorized-access Reference: URL:http://xforce.iss.net/static/5284.php The Alabanza Control Panel does not require passwords to access administrative commands, which allows remote attackers to modify domain name information via the nsManager.cgi CGI program. Analysis ---------------- ED_PRI CAN-2000-1023 3 Vendor Acknowledgement: Content Decisions: EX-ONLINE-SVC INCLUSION: It is not clear if Alabanza is an online service/ASP whose server is centrally located, though a page at http://www.alabanza.com says "verything is managed automatically and online with no administration required by you or any member of your staff." If a single fix at Alabanza could solve the problem without client intervention, then CD:EX-ONLINE-SVC suggests that this item should not be included in CVE. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1035 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1035 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000912 TYPSoft FTP Server remote DoS Problem Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96879389027478&w=2 Reference: MISC:http://www.synnergy.net/Archives/Advisories/dethy/typsoft-ftpd.txt Reference: BID:1690 Reference: URL:http://www.securityfocus.com/bid/1690 Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command. Analysis ---------------- ED_PRI CAN-2000-1035 3 Vendor Acknowledgement: Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1036 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000920 Extent RBS directory Transversal. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html Reference: BID:1704 Reference: URL:http://www.securityfocus.com/bid/1704 Reference: XF:rbs-isp-directory-traversal Reference: URL:http://xforce.iss.net/static/5275.php Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter. Analysis ---------------- ED_PRI CAN-2000-1036 3 Vendor Acknowledgement: unknown claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1037 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1037 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000815 Firewall-1 session agent 3.0 -> 4.1, dictionnary and brute force attack Reference: URL:http://www.securityfocus.com/archive/1/76389 Reference: BID:1662 Reference: URL:http://www.securityfocus.com/bid/1662 Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack. Analysis ---------------- ED_PRI CAN-2000-1037 3 Vendor Acknowledgement: unknown vague advisory INCLUSION: It is possible that this is a duplicate of CAN-2000-0808. However, the Check Point advisory for CAN-2000-0808 was released in July, and it seems to fault S/Key's seed generation mechanism. This item was announced in mid-August and does not seem to be related to S/Key. Consultation with FW1 experts or the vendor would help resolve this issue. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1046 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1046 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20000911 Advisory Code: VIGILANTE-2000011 Lotus Domino ESMTP Service Buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0093.html Buffer overflows in ESMTP service of Lotus Domino 5.0.2c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long "RCPT TO," "SAML FROM," or "SOML FROM" command. Analysis ---------------- ED_PRI CAN-2000-1046 3 Vendor Acknowledgement: unknown claimed CD:SF-LOC indicates that this item may need to be split, since there may be multiple bugs in a single program. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1047 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1047 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server Reference: URL:http://www.securityfocus.com/archive/1/143071 Reference: BID:1905 Reference: URL:http://www.securityfocus.com/bid/1905 Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command. Analysis ---------------- ED_PRI CAN-2000-1047 3 Vendor Acknowledgement: unknown claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
