|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-47 - 27 candidates
The following cluster contains 27 candidates that were announced between November 29 and December 13, 2000. Note that the voting web site will not be updated with this cluster until sometime Wednesday. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-1039 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1039 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001128 Category: SF/CF/MP/SA/AN/unknown Reference: BINDVIEW:20001130 The NAPTHA DoS vulnerabilities Reference: URL:http://razor.bindview.com/publish/advisories/adv_NAPTHA.html Reference: WIN2KSEC:20001204 NAPTHA Advisory Updated - BindView RAZOR Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0105.html Reference: CERT:CA-2000-21 Reference: URL:http://www.cert.org/advisories/CA-2000-21.html Reference: MS:MS00-091 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-091.asp Reference: BID:2022 Reference: URL:http://www.securityfocus.com/bid/2022 Various TCP/IP stacks and network applications allow remote attackers to cause a denial of service by flooding a target host with TCP connection attempts and completing the TCP/IP handshake without maintaining the connection state on the attacker host, aka the "NAPTHA" class of vulnerabilities. NOTE: this candidate may change significantly as the security community discusses the technical nature of NAPTHA and learns more about the affected applications. This candidate is at a higher level of abstraction than is typical for CVE. Analysis ---------------- ED_PRI CAN-2000-1039 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1085 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1085 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:20001201 SQL Server 2000 Extended Stored Procedure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97570884410184&w=2 Reference: MS:MS00-092 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-092.asp Reference: BID:2040 Reference: URL:http://www.securityfocus.com/bid/2040 The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1085 1 Vendor Acknowledgement: yes advisory ABSTRACTION: CD:SF-LOC suggests having separate items, one for each buffer overflow in each separate "line of code." Thus xp_peekqueue, xp_printstatements, xp_proxiedmetadata, and xp_SetSQLSecurity should be separate. However, CD:SF-LOC is still under discussion by the Editorial Board, so these may be MERGED together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1086 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1086 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:20001201 SQL Server 2000 Extended Stored Procedure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97570884410184&w=2 Reference: MS:MS00-092 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-092.asp Reference: BID:2041 Reference: URL:http://www.securityfocus.com/bid/2041 The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1086 1 Vendor Acknowledgement: yes advisory ABSTRACTION: CD:SF-LOC suggests having separate items, one for each buffer overflow in each separate "line of code." Thus xp_peekqueue, xp_printstatements, xp_proxiedmetadata, and xp_SetSQLSecurity should be separate. However, CD:SF-LOC is still under discussion by the Editorial Board, so these may be MERGED together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1087 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1087 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:20001201 SQL Server 2000 Extended Stored Procedure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97570884410184&w=2 Reference: MS:MS00-092 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-092.asp Reference: BID:2042 Reference: URL:http://www.securityfocus.com/bid/2042 The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1087 1 Vendor Acknowledgement: yes advisory ABSTRACTION: CD:SF-LOC suggests having separate items, one for each buffer overflow in each separate "line of code." Thus xp_peekqueue, xp_printstatements, xp_proxiedmetadata, and xp_SetSQLSecurity should be separate. However, CD:SF-LOC is still under discussion by the Editorial Board, so these may be MERGED together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1088 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1088 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:20001201 SQL Server 2000 Extended Stored Procedure Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97570884410184&w=2 Reference: MS:MS00-092 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-092.asp Reference: BID:2043 Reference: URL:http://www.securityfocus.com/bid/2043 The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1088 1 Vendor Acknowledgement: yes advisory ABSTRACTION: CD:SF-LOC suggests having separate items, one for each buffer overflow in each separate "line of code." Thus xp_peekqueue, xp_printstatements, xp_proxiedmetadata, and xp_SetSQLSecurity should be separate. However, CD:SF-LOC is still under discussion by the Editorial Board, so these may be MERGED together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1089 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF Reference: ATSTAKE:A120400-1 Reference: URL:http://www.stake.com/research/advisories/2000/a120400-1.txt Reference: MS:MS00-094 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-094.asp Reference: BID:2048 Reference: URL:http://www.securityfocus.com/bid/2048 Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1089 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1099 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: SUN:00199 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba Reference: HP:HPSBUX0011-132 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0061.html Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities. Analysis ---------------- ED_PRI CAN-2000-1099 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1135 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: DEBIAN:20001130 DSA-002-1 fsh: symlink attack Reference: URL:http://www.debian.org/security/2000/20001130 fshd (fsh daemon) in Debian Linux allows local users to overwrite files of other users via a symlink attack. Analysis ---------------- ED_PRI CAN-2000-1135 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1137 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: DEBIAN:20001129 DSA-001-1 ed: symlink attack Reference: URL:http://www.debian.org/security/2000/20001129 Reference: MANDRAKE:MDKSA-2000:076 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3 Reference: REDHAT:RHSA-2000:123-01 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-123.html Reference: BUGTRAQ:20001211 Immunix OS Security update for ed GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. Analysis ---------------- ED_PRI CAN-2000-1137 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1189 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: REDHAT:RHSA-2000:120 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-120.html Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges. Analysis ---------------- ED_PRI CAN-2000-1189 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1097 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html Reference: BID:2013 Reference: URL:http://www.securityfocus.com/bid/2013 The web server for the Sonicwall SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. Analysis ---------------- ED_PRI CAN-2000-1097 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1098 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1098 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Re: DoS in Sonicwall SOHO firewall Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0439.html Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html The web server for the Sonicwall SOHO firewall allows remote attackers to cause a denial of service via an empty GET or POST request. Analysis ---------------- ED_PRI CAN-2000-1098 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1120 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY08143 Reference: AIXAPAR:IY08287 Reference: BID:2033 Reference: URL:http://www.securityfocus.com/bid/2033 Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2000-1120 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1081 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1081 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:20001201 Microsoft SQL Server extended stored procedure vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97570878710037&w=2 Reference: MS:MS00-092 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-092.asp Reference: BID:2030 Reference: URL:http://www.securityfocus.com/bid/2030 The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1081 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests having separate items, one for each buffer overflow in each separate "line of code." Thus xp_displayparamstmt, xp_enumresultset, xp_showcolv, and xp_showcolv should be separate. However, CD:SF-LOC is still under discussion by the Editorial Board, so these may be MERGED together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1082 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1082 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:20001201 Microsoft SQL Server extended stored procedure vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97570878710037&w=2 Reference: MS:MS00-092 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-092.asp Reference: BID:2031 Reference: URL:http://www.securityfocus.com/bid/2031 The xp_enumresultset function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1082 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests having separate items, one for each buffer overflow in each separate "line of code." Thus xp_displayparamstmt, xp_enumresultset, xp_showcolv, and xp_showcolv should be separate. However, CD:SF-LOC is still under discussion by the Editorial Board, so these may be MERGED together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1083 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1083 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:20001201 Microsoft SQL Server extended stored procedure vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97570878710037&w=2 Reference: MS:MS00-092 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-092.asp Reference: BID:2038 Reference: URL:http://www.securityfocus.com/bid/2038 The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1083 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests having separate items, one for each buffer overflow in each separate "line of code." Thus xp_displayparamstmt, xp_enumresultset, xp_showcolv, and xp_showcolv should be separate. However, CD:SF-LOC is still under discussion by the Editorial Board, so these may be MERGED together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1084 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1084 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001201 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:20001201 Microsoft SQL Server extended stored procedure vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97570878710037&w=2 Reference: MS:MS00-092 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-092.asp Reference: BID:2039 Reference: URL:http://www.securityfocus.com/bid/2039 The xp_updatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-1084 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC ABSTRACTION: CD:SF-LOC suggests having separate items, one for each buffer overflow in each separate "line of code." Thus xp_displayparamstmt, xp_enumresultset, xp_showcolv, and xp_showcolv should be separate. However, CD:SF-LOC is still under discussion by the Editorial Board, so these may be MERGED together. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1092 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1092 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001211 Category: SF/CF/MP/SA/AN/unknown loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote attackers to list and read files in the EZshopper data directory by inserting a "/" in front of the target filename in the "file" parameter. Analysis ---------------- ED_PRI CAN-2000-1092 3 Vendor Acknowledgement: unknown Content Decisions: SF-EXEC, SF-LOC ABSTRACTION: An extremely similar problem is documented in CAN-2000-0187, but that one is a .. directory traversal problem. In this case, it appears that the ".." are being filtered, but the program isn't restricting which files in the data directory can be accessed (presumably there are some HTML pages that *should* be loaded that are stored somewhere in the data directory). Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1093 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1093 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001212 Category: SF Reference: ATSTAKE:A121200-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command. Analysis ---------------- ED_PRI CAN-2000-1093 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1094 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001212 Category: SF/CF/MP/SA/AN/unknown Reference: ATSTAKE:A121200-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. Analysis ---------------- ED_PRI CAN-2000-1094 3 Vendor Acknowledgement: unknown Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1100 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1100 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001130 PostACI Webmail Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0433.html Reference: BID:2029 Reference: URL:http://www.securityfocus.com/bid/2029 The default configuration for PostACI webmail system installs the /includes/global.inc configuration file within the web root, which allows remote attackers to read sensitive information such as database usernames and passwords via a direct HTTP GET request. Analysis ---------------- ED_PRI CAN-2000-1100 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1111 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001129 Windows 2000 Telnet Service DoS Reference: URL:http://www.securityfocus.com/archive/1/147914 Reference: BID:2018 Reference: URL:http://www.securityfocus.com/bid/2018 Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input. Analysis ---------------- ED_PRI CAN-2000-1111 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1119 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1119 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: BID:2032 Reference: URL:http://www.securityfocus.com/bid/2032 Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument. Analysis ---------------- ED_PRI CAN-2000-1119 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1121 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1121 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY08143 Reference: AIXAPAR:IY08287 Reference: BID:2034 Reference: URL:http://www.securityfocus.com/bid/2034 Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument. Analysis ---------------- ED_PRI CAN-2000-1121 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1122 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1122 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: BID:2035 Reference: URL:http://www.securityfocus.com/bid/2035 Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument. Analysis ---------------- ED_PRI CAN-2000-1122 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1123 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1123 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY12638 Reference: BID:2036 Reference: URL:http://www.securityfocus.com/bid/2036 Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands. Analysis ---------------- ED_PRI CAN-2000-1123 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1124 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1124 Final-Decision: Interim-Decision: Modified: Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY12638 Reference: BID:2037 Reference: URL:http://www.securityfocus.com/bid/2037 Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables. Analysis ---------------- ED_PRI CAN-2000-1124 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
