[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[INTERIM] ACCEPT 34 candidates from various clusters (Final 4/24)

To: cve-editorial-board-list@lists.mitre.org
Subject: [INTERIM] ACCEPT 34 candidates from various clusters (Final 4/24)
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Tue, 18 Apr 2000 19:43:05 -0400 (EDT)
Delivery-Date: Tue Apr 18 19:43:12 2000
Sender: owner-cve-editorial-board-list@lists.mitre.org
I have made an Interim Decision to ACCEPT the following 34 candidates
from various clusters.  I will make a Final Decision on Monday, April
24, 2000.

The candidates come from the following clusters:

   1 RESTLOW
   1 RECENT-01
   1 WEB
   2 MISC-01
   4 UNIX-UNCONF
   2 NET-01
   4 RECENT-03
   8 RECENT-04
   1 RECENT-05
   2 RECENT-06
   1 RECENT-08
   1 RECENT-10
   6 RECENT-13

Voters:
  Wall ACCEPT(2) NOOP(10)
  LeBlanc NOOP(17)
  Ozancin ACCEPT(12) NOOP(5)
  Cole ACCEPT(18) NOOP(2)
  Meunier ACCEPT(1)
  Stracener ACCEPT(21) MODIFY(1)
  Frech MODIFY(28)
  Hill ACCEPT(1)
  Northcutt ACCEPT(1)
  Christey NOOP(11)
  Armstrong ACCEPT(9)
  Balinsky ACCEPT(1)
  Prosser ACCEPT(6)
  Blake ACCEPT(12) NOOP(1)


=================================
Candidate: CAN-1999-0203
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: CERT:CA-95.08
Reference: CIAC:E-03
Reference: XF:smtp-sendmail-version5

In Sendmail, attackers can gain root privileges via SMTP by specifying
an improper "mail from" address and an invalid "rcpt to" address that would
cause the mail to bounce to a program.

Modifications:
  ADDREF CERT:CA-95.08
  ADDREF CIAC:E-03
  ADDREF XF:smtp-sendmail-version5

INFERRED ACTION: CAN-1999-0203 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Hill, Blake, Balinsky, Ozancin, Northcutt
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Christey> Description needs to be more specific to distinguish between
 Christey> this and CAN-1999-0163, as alluded to by Adam Shostack
 Frech> XF:smtp-sendmail-version5


=================================
Candidate: CAN-1999-0780
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-process-kill

KDE klock allows local users to kill arbitrary processes by specifying
an arbitrary PID in the .kss.pid file.

Modifications:
  ADDREF XF:kde-klock-process-kill

INFERRED ACTION: CAN-1999-0780 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:kde-klock-process-kill
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0781
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-bindir-trojans

KDE allows local users to execute arbitrary commands by setting the
KDEDIR environmental variable to modify the search path that KDE uses
to locate its executables.

Modifications:
  ADDREF XF:kde-klock-bindir-trojans

INFERRED ACTION: CAN-1999-0781 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:kde-klock-bindir-trojans
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0782
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-kppp-directory-create

KDE kppp allows local users to create a directory in an arbitrary
location via the HOME environmental variable.

Modifications:
  ADDREF XF:kde-kppp-directory-create

INFERRED ACTION: CAN-1999-0782 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> kde-kppp-directory-create
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0803
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2
Reference: XF:ibm-enfirewall-tmpfiles

The fwluser script in AIX eNetwork Firewall allows local users to
write to arbitrary files via a symlink attack.

Modifications:
  CHANGEREF BUGTRAQ [add date]
  ADDREF XF:ibm-enfirewall-tmpfiles

INFERRED ACTION: CAN-1999-0803 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:ibm-efirewall-tmpfiles
 Frech> BUGTRAQ: add 19990525
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Poster claims that APAR (IR39562) was created.


=================================
Candidate: CAN-1999-0824
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BID:833
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=833
Reference: NTBUGTRAQ:19991130 SUBST problem
Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd)

A Windows NT user can use SUBST to map a drive letter to a folder,
which is not unmapped after the user logs off, potentially allowing
that user to modify the location of folders accessed by later users.

INFERRED ACTION: CAN-1999-0824 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Prosser, Armstrong
   MODIFY(1) Frech
   NOOP(1) Cole

Comments:
 Frech> XF:nt-subst


=================================
Candidate: CAN-1999-0889
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense
Reference: XF:cisco-cbos-telnet

Cisco 675 routers running CBOS allow remote attackers to establish
telnet sessions if an exec or superuser password has not been set.

Modifications:
  ADDREF XF:cisco-cbos-telnet

INFERRED ACTION: CAN-1999-0889 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:cisco-cbos-telnet


=================================
Candidate: CAN-1999-0895
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net
Reference: BID:725
Reference: XF:checkpoint-ldap-auth

Firewall-1 does not properly restrict access to LDAP attributes.

Modifications:
  ADDREF BID:725
  ADDREF XF:checkpoint-ldap-auth

INFERRED ACTION: CAN-1999-0895 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Frech> XF:checkpoint-ldap-auth


=================================
Candidate: CAN-1999-0897
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2
Reference: XF:ichat-file-read-vuln

iChat ROOMS Webserver allows remote attackers to read arbitrary files
via a .. (dot dot) attack.

Modifications:
  ADDREF XF:ichat-file-read-vuln
  CHANGEREF BUGTRAQ [correct date]

INFERRED ACTION: CAN-1999-0897 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Stracener
   MODIFY(1) Frech
   NOOP(3) Cole, Christey, LeBlanc

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Two Bugtraq followups claim the problem has been fixed.
 Frech> XF:ichat-file-read-vuln
 Frech> BUGTRAQ: reference date may be wrong. verify that it is not 199_8_0908.


=================================
Candidate: CAN-1999-0950
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Reference: BID:747
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=747
Reference: XF:wftpd-mkd-bo

Buffer overflow in WFTPD FTP server allows remote attackers to gain
root access via	a series of MKD and CWD commands that create nested
directories.

Modifications:
  ADDREF XF:wftpd-mkd-bo

INFERRED ACTION: CAN-1999-0950 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:wftpd-mkd-bo


=================================
Candidate: CAN-1999-0957
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3
Reference: XF:majorcool-file-overwrite-vuln

MajorCool mj_key_cache program allows local users to modify files via
a symlink attack.

Modifications:
  ADDREF XF:majorcool-file-overwrite-vuln

INFERRED ACTION: CAN-1999-0957 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Meunier
   MODIFY(1) Frech

Comments:
 Frech> XF:majorcool-file-overwrite-vuln


=================================
Candidate: CAN-1999-0997
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: CF
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
Reference: XF:wuftp-ftp-conversion

wu-ftp with FTP conversion enabled allows an attacker to execute
commands via a malformed file name that is interpreted as an argument
to the program that does the conversion, e.g. tar or uncompress.

Modifications:
  ADDREF XF:wuftp-ftp-conversion

INFERRED ACTION: CAN-1999-0997 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:wuftp-ftp-conversion
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:wuftp-ftp-conversion does not exist.
 Christey>
 Christey> Posted by suid@suid.kg.  See http://www.suid.edu/advisories/001.txt
 Christey> for details.


=================================
Candidate: CAN-1999-1005
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2
Reference: XF:groupwise-web-read-files
Reference: BID:879

Groupwise web server GWWEB.EXE allows remote attackers to read
arbitrary files with .htm extensions via a .. (dot dot) attack using
the HELP parameter.

Modifications:
  ADDREF XF:groupwise-web-read-files
  ADDREF BID:879

INFERRED ACTION: CAN-1999-1005 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, LeBlanc

Comments:
 Frech> XF:groupwise-web-read-files
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:groupwise-web-read-files does not exist.
 Christey>
 Christey> Multiple Bugtraq followups indicate the problem may be more
 Christey> severe than the current CVE description indicates.


=================================
Candidate: CAN-1999-1007
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2
Reference: XF:vdolive-bo-execute
Reference: BID:872
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=872

Buffer overflow in VDO Live Player allows remote attackers to execute
commands on the VDO client via a malformed .vdo file.

Modifications:
  ADDREF XF:vdolive-bo-execute

INFERRED ACTION: CAN-1999-1007 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Wall, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:vdolive-bo-execute
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:vdolive-bo-execute does not exist.
 Christey>
 Christey> Posted by UNYUN of Shadow Penguin Security.


=================================
Candidate: CAN-1999-1010
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2
Reference: XF:ssh-policy-bypass

An SSH 1.2.27 server allows a client to use the "none" cipher, even if
it is not allowed by the server policy.

Modifications:
  ADDREF XF:ssh-policy-bypass

INFERRED ACTION: CAN-1999-1010 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, LeBlanc

Comments:
 Frech> XF:ssh-policy-bypass
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-2000-0010
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Reference: XF:http-cgi-webwhoplus

WebWho+ whois.cgi program allows remote attackers to execute commands
via shell metacharacters in the TLD parameter.

Modifications:
  ADDREF XF:http-cgi-webwhoplus

INFERRED ACTION: CAN-2000-0010 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> http-cgi-webwhoplus


=================================
Candidate: CAN-2000-0012
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
Reference: BID:898
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=898
Reference: XF:w3-msql-scanf-bo

Buffer overflow in w3-msql CGI program in miniSQL package allows
remote attackers to execute commands.

Modifications:
  ADDREF XF:w3-msql-scanf-bo

INFERRED ACTION: CAN-2000-0012 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:w3-msql-scanf-bo


=================================
Candidate: CAN-2000-0014
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
Reference: BID:897
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=897
Reference: XF:savant-server-null-dos

Denial of service in Savant web server via a null character in the
requested URL.

Modifications:
  ADDREF XF:savant-server-null-dos

INFERRED ACTION: CAN-2000-0014 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:savant-server-null-dos


=================================
Candidate: CAN-2000-0020
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos

DNS PRO allows remote attackers to conduct a denial of service via a
large number of connections.

Modifications:
  ADDREF XF:dnspro-flood-dos

INFERRED ACTION: CAN-2000-0020 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:dnspro-flood-dos


=================================
Candidate: CAN-2000-0024
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: MS:MS99-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: XF:iis-badescapes
Reference: MSKB:Q246401

IIS does not properly canonicalize URLs, potentially allowing remote
attackers to bypass access restrictions in third-party software via
escape characters, aka the "Escape Character Parsing" vulnerability.

Modifications:
  ADDREF XF:iis-badescapes
  ADDREF MSKB:Q246401

INFERRED ACTION: CAN-2000-0024 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Ozancin, Armstrong, Cole
   MODIFY(2) Stracener, Frech

Comments:
 Stracener> Add Ref: MSKB:Q246401
 Ozancin> with Stracenr's addition
 Frech> XF:iis-badescapes


=================================
Candidate: CAN-2000-0033
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Reference: BID:899
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=899
Reference: XF:interscan-viruswall-bypass

InterScan VirusWall SMTP scanner does not properly scan messages with
malformed attachments.

Modifications:
  ADDREF XF:interscan-viruswall-bypass

INFERRED ACTION: CAN-2000-0033 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:interscan-viruswall-bypass


=================================
Candidate: CAN-2000-0042
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in  CSM Mail Server for Windows 95/NT v.2000.08.A
Reference: XF:csm-server-bo
Reference: BID:895
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=895

Buffer overflow in CSM mail server allows remote attackers to cause a
denial of service or execute commands via a long HELO command.

Modifications:
  ADDREF XF:csm-server-bo

INFERRED ACTION: CAN-2000-0042 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:csm-server-bo


=================================
Candidate: CAN-2000-0043
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Reference: BID:905
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=905
Reference: XF:camshot-http-get-overflow

Buffer overflow in CamShot WebCam HTTP server allows remote attackers
to execute commands via a long GET request.

Modifications:
  ADDREF XF:camshot-http-get-overflow

INFERRED ACTION: CAN-2000-0043 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:camshot-http-get-overflow


=================================
Candidate: CAN-2000-0050
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full
Reference: XF:allaire-webtop-access
Reference: BID:915
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=915

The Allaire Spectra Webtop allows authenticated users to access other
Webtop sections by specifying explicit URLs.

Modifications:
  ADDREF XF:allaire-webtop-access

INFERRED ACTION: CAN-2000-0050 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Prosser, Cole
   MODIFY(1) Frech
   NOOP(1) Ozancin

Comments:
 Frech> XF:allaire-webtop-access


=================================
Candidate: CAN-2000-0051
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full
Reference: BID:916
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=916
Reference: XF:allaire-spectra-config-dos

The Allaire Spectra Configuration Wizard allows remote attackers to
cause a denial of service by repeatedly resubmitting data collections
for indexing via a URL.

Modifications:
  ADDREF XF:allaire-spectra-config-dos

INFERRED ACTION: CAN-2000-0051 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Prosser, Cole
   MODIFY(1) Frech
   NOOP(1) Ozancin

Comments:
 Frech> XF:allaire-spectra-config-dos


=================================
Candidate: CAN-2000-0070
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp
Reference: MSKB:Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port
Reference: BID:934

NtImpersonateClientOfPort local procedure call in Windows NT 4.0
allows local users to gain privileges, aka "Spoofed LPC Port Request."

Modifications:
  ADDREF XF:nt-spoofed-lpc-port
  ADDREF BID:934

INFERRED ACTION: CAN-2000-0070 ACCEPT (4 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Prosser, Cole
   MODIFY(1) Frech
   NOOP(1) Ozancin

Comments:
 Frech> ADDREF XF:nt-spoofed-lpc-port


=================================
Candidate: CAN-2000-0112
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000208
Assigned: 20000208
Category: CF
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952030018431&w=2
Reference: BID:960
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=960
Reference: XF:debian-mbr-bypass-security

The default installation of Debian Linux uses an insecure Master Boot
Record (MBR) which allows a local user to boot from a floppy disk
during the installation.

Modifications:
  ADDREF XF:debian-mbr-bypass-security

INFERRED ACTION: CAN-2000-0112 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Prosser
   MODIFY(1) Frech
   NOOP(3) Wall, Ozancin, Blake

Comments:
 Prosser> Add BID 934
 Frech> XF:debian-mbr-bypass-security


=================================
Candidate: CAN-2000-0165
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net
Reference: CIAC:K-023
Reference: XF:delegate-proxy-bo

The Delegate application proxy has several buffer overflows which
allow a remote attacker to execute commands.

Modifications:
  ADDREF CIAC:K-023
  ADDREF XF:delegate-proxy-bo

INFERRED ACTION: CAN-2000-0165 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Blake, Prosser
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Ozancin

Comments:
 Frech> XF:delegate-proxy-bo
 Frech> Also consider Reference:CIAC:K-023


=================================
Candidate: CAN-2000-0181
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html
Reference: BID:1054
Reference: URL:http://www.securityfocus.com/bid/1054

Firewall-1 3.0 and 4.0 leaks packets with private IP address
information, which could allow remote attackers to determine the real
IP address of the host that is making the connection.

INFERRED ACTION: CAN-2000-0181 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0184
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000309
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html
Reference: BID:1037
Reference: URL:http://www.securityfocus.com/bid/1037

Linux printtool sets the permissions of printer configuration files to
be world-readable, which allows local attackers to obtain printer
share passwords.

INFERRED ACTION: CAN-2000-0184 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0185
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html
Reference: BID:1049
Reference: URL:http://www.securityfocus.com/bid/1049

RealMedia RealServer reveals the real IP address of a Real Server,
even if the address is supposed to be private.

INFERRED ACTION: CAN-2000-0185 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0192
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html
Reference: BID:1036
Reference: URL:http://www.securityfocus.com/bid/1036

The default installation of Caldera OpenLinux 2.3 includes the CGI
program rpm_query, which allows remote attackers to determine what
packages are installed on the system.

INFERRED ACTION: CAN-2000-0192 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0206
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000305 Oracle installer problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html
Reference: BID:1035
Reference: URL:http://www.securityfocus.com/bid/1035

The installation of Oracle 8.1.5.x on Linux follows symlinks and
creates the orainstRoot.sh file with world-writeable permissions,
which allows local users to gain privileges.

INFERRED ACTION: CAN-2000-0206 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0223
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html
Reference: BID:1047
Reference: URL:http://www.securityfocus.com/bid/1047

Buffer overflow in the wmcdplay CD player program for the WindowMaker
desktop allows local users to gain root privileges via a long
parameter.

INFERRED ACTION: CAN-2000-0223 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc
Prev by Date: [CVEPRI] CVE version 20000418 to be released
Next by Date: [BOARD] Casper Dik has joined the Editorial Board
Prev by thread: [CVEPRI] CVE version 20000418 to be released
Next by thread: [BOARD] Casper Dik has joined the Editorial Board
Index(es):
- Date
- Thread