[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-10 - 15 candidates



The following cluster contains 15 candidates that were announced
between February 15 and February 21, 2000.  As with the last cluster,
this one includes URLs for the references.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0153
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000216 Doubledot bug in FrontPage FrontPage Personal Web Server.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000801bf780a$9ad4b2e0$0100007f@localhost
Reference: BID:989
Reference: URL:http://www.securityfocus.com/bid/989

FrontPage Personal Web Server (PWS) allows remote attackers to read
files via a .... (dot dot) attack.


VOTE:

=================================
Candidate: CAN-2000-0154
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: NAI:20000215 ARCserve symlink vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com
Reference: BID:988
Reference: URL:http://www.securityfocus.com/bid/988

The ARCserve agent in UnixWare allows local attackers to modify
arbitrary files via a symlink attack.


VOTE:

=================================
Candidate: CAN-2000-0155
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000218 AUTORUN.INF Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000701bf79cd$fdb5a620$4c4342a6@mightye.org
Reference: BID:993
Reference: URL:http://www.securityfocus.com/bid/993

Windows NT Autorun executes the autorun.inf file on non-removable
media, which allows local attackers to specify an alternate program to
execute when other users access a drive.


VOTE:

=================================
Candidate: CAN-2000-0156
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: MS:MS00-009
Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-009.asp

Internet Explorer 4.x and 5.x allow a remote web server to access
files on the client that are outside of its security domain, aka the
"Image Source Redirect" vulnerability.


VOTE:

=================================
Candidate: CAN-2000-0157
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: NETBSD:1999-012
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc

NetBSD ptrace call on VAX allows local users to gain privileges by
modifying the PSL contents in the debugging process.


VOTE:

=================================
Candidate: CAN-2000-0158
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: NAI:20000215 Remote Vulnerability in the MMDF SMTP Daemon
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000001bf78af$6d0d47a0$4d2f45a1@jmagdych.na.nai.com
Reference: BUGTRAQ:20000218 MMDF
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=200002181449.JAA03436@dragonfly.corp.home.net
Reference: BID:997
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=997

Buffer overflow in MMDF server allows remote attackers to gain
privileges via a long MAIL FROM command to the SMTP daemon.


VOTE:

=================================
Candidate: CAN-2000-0159
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: HP:HPSBUX0002-111
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org

HP Ignite-UX does not save /etc/passwd when it creates an image of a
trusted system, which can set the password field to a blank and allow
an attacker to gain privileges.


VOTE:

=================================
Candidate: CAN-2000-0160
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000221 Microsoft signed software can be install software without prompting users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000221103938.T21312@securityfocus.com

The Microsoft Active Setup ActiveX component in Internet Explorer 4.x
and 5.x allows a remote attacker to install software components
without prompting the user by stating that the software's manufacturer
is Microsoft.


VOTE:

=================================
Candidate: CAN-2000-0161
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: MS:MS00-010
Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-010.asp
Reference: BID:994
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=994

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not
validate an identification number, which allows remote attackers to
execute SQL commands.


VOTE:

=================================
Candidate: CAN-2000-0162
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: MS:MS00-011
Reference: URL:http://www.microsoft.com/technet/security/bulletins/ms00-011.asp

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x
allows a remote attacker to read files via a malicious Java applet
that escapes the Java sandbox, aka the "VM File Reading"
vulnerability.


VOTE:

=================================
Candidate: CAN-2000-0163
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:03
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2092
Reference: BID:996
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=996

asmon and ascpu in FreeBSD allow local users to gain root privileges
via a configuration file.


VOTE:

=================================
Candidate: CAN-2000-0164
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000220 Sun Internet Mail Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl

The installation of Sun Internet Mail Server (SIMS) creates a
world-readable file that allows local users to obtain passwords.


VOTE:

=================================
Candidate: CAN-2000-0165
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net

The Delegate application proxy has several buffer overflows which
allow a remote attacker to execute commands.


VOTE:

=================================
Candidate: CAN-2000-0166
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com
Reference: BID:995
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=995

Buffer overflow in the InterAccess telnet server TelnetD allows remote
attackers to execute commands via a long login name.


VOTE:

=================================
Candidate: CAN-2000-0167
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: NTBUGTRAQ:20000215 Crashing Inetinfo.exe by using a longfilename in the \mailroot\pickup directory
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0002&L=ntbugtraq&F=&S=&P=8800

IIS Inetinfo.exe allows local users to cause a denial of service by
creating a mail file with a long name and a .txt.eml extension in the
pickup directory.


VOTE:

Page Last Updated or Reviewed: May 22, 2007