[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-09 - 14 candidates



The following cluster contains 14 candidates, all of which were
announced between February 4 and February 14, 2000.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0139
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:982
Reference: URL:http://www.securityfocus.com/bid/982

Internet Anywhere POP3 Mail Server allows local users to cause a
denial of service via a malformed RETR command.


VOTE:

=================================
Candidate: CAN-2000-0140
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:980
Reference: URL:http://www.securityfocus.com/bid/980

Internet Anywhere POP3 Mail Server allows remote attackers to cause a
denial of service via a large number of connections.


VOTE:

=================================
Candidate: CAN-2000-0141
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru

Infopop Ultimate Bulletin Board (UBB) allows remote attackers to
execute commands via shell metacharacters in the topic hidden field.


VOTE:

=================================
Candidate: CAN-2000-0142
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000211 Timbuktu Pro 2.0b650 DoS

The authentication protocol in Timbuktu Pro 2.0b650 allows remote
attackers to cause a denial of service via connections to port 407 and
1417.


VOTE:

=================================
Candidate: CAN-2000-0143
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000211 sshd and pop/ftponly users incorrect configuration

The SSH protocol server sshd allows local users without shell access
to redirect a TCP connection through a service that uses the standard
system password database for authentication, such as POP or FTP.


VOTE:

=================================
Candidate: CAN-2000-0144
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
Reference: BID:971
Reference: URL:http://www.securityfocus.com/bid/971

Axis 700 Network Scanner does not properly restrict access to
administrator URLs, which allows users to bypass the password
protection via a .. (dot dot) attack.


VOTE:

=================================
Candidate: CAN-2000-0145
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: CF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0038.html
Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0

The libguile.so library file used by gnucash in Debian Linux is
installed with world-writable permissions.


VOTE:

=================================
Candidate: CAN-2000-0146
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html
Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Servic e
Reference: BID:972
Reference: URL:http://www.securityfocus.com/bid/972

The Java Server in the Novell GroupWise Web Access Enhancement Pack
allows remote attackers to cause a denial of service via a long URL
to the servlet.


VOTE:

=================================
Candidate: CAN-2000-0147
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: CF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0045.html
Reference: NAI:20000207 SNMPD default writable community string
Reference: BID:973
Reference: URL:http://www.securityfocus.com/bid/973

snmpd in SCO OpenServer has an SNMP community string that is writable
by default, which allows local attackers to modify the host's
configuration.


VOTE:

=================================
Candidate: CAN-2000-0148
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html
Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions
Reference: BUGTRAQ:20000214 MySQL 3.22.32 released
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSO.4.21.0002141636590.27495-100000@birdie.sekure.net
Reference: BID:975
Reference: URL:http://www.securityfocus.com/bid/975

MySQL 3.22 allows remote attackers to bypass password authentication
and access a database via a short check string.


VOTE:

=================================
Candidate: CAN-2000-0149
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html
Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts
Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings
Reference: BID:977
Reference: URL:http://www.securityfocus.com/bid/977

Zeus web server allows remote attackers to view the source code for
CGI programs via a null character (%00) at the end of a URL.


VOTE:

=================================
Candidate: CAN-2000-0150
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=51A8E31DE32DD211A0590008C71E7E4C59686E@tro-03-msg.merkantildata.no
Reference: BID:979
Reference: URL:http://www.securityfocus.com/bid/979

Firewall-1 allows remote attackers to bypass port access restrictions
on an FTP server by forcing it to send malicious packets which
Firewall-1 misinterprets as a valid 227 response to a client's PASV
attempt.


VOTE:

=================================
Candidate: CAN-2000-0151
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: SUSE:20000209 make-3.77-44
Reference: BID:981
Reference: URL:http://www.securityfocus.com/bid/981

GNU make follows symlinks when it reads a Makefile from stdin, which
allows other local users to execute commands.


VOTE:

=================================
Candidate: CAN-2000-0152
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death
Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable.

Remote attackers can cause a denial of service in Novell BorderManager
3.5 by pressing the enter key in a telnet connection to port 2000.


VOTE:

Page Last Updated or Reviewed: May 22, 2007