[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FINAL] ACCEPT 34 candidates from various clusters



I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below.  The
resulting CVE entries will be published in the near future in a new
version of CVE.  Voting details and comments are provided at the end
of this report.

- Steve


Candidate	CVE Name
---------	----------
CAN-1999-0203	CVE-1999-0203
CAN-1999-0780	CVE-1999-0780
CAN-1999-0781	CVE-1999-0781
CAN-1999-0782	CVE-1999-0782
CAN-1999-0803	CVE-1999-0803
CAN-1999-0824	CVE-1999-0824
CAN-1999-0889	CVE-1999-0889
CAN-1999-0895	CVE-1999-0895
CAN-1999-0897	CVE-1999-0897
CAN-1999-0950	CVE-1999-0950
CAN-1999-0957	CVE-1999-0957
CAN-1999-0997	CVE-1999-0997
CAN-1999-1005	CVE-1999-1005
CAN-1999-1007	CVE-1999-1007
CAN-1999-1010	CVE-1999-1010
CAN-2000-0010	CVE-2000-0010
CAN-2000-0012	CVE-2000-0012
CAN-2000-0014	CVE-2000-0014
CAN-2000-0020	CVE-2000-0020
CAN-2000-0024	CVE-2000-0024
CAN-2000-0033	CVE-2000-0033
CAN-2000-0042	CVE-2000-0042
CAN-2000-0043	CVE-2000-0043
CAN-2000-0050	CVE-2000-0050
CAN-2000-0051	CVE-2000-0051
CAN-2000-0070	CVE-2000-0070
CAN-2000-0112	CVE-2000-0112
CAN-2000-0165	CVE-2000-0165
CAN-2000-0181	CVE-2000-0181
CAN-2000-0184	CVE-2000-0184
CAN-2000-0185	CVE-2000-0185
CAN-2000-0192	CVE-2000-0192
CAN-2000-0206	CVE-2000-0206
CAN-2000-0223	CVE-2000-0223


=================================
Candidate: CAN-1999-0203
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: CERT:CA-95.08
Reference: CIAC:E-03
Reference: XF:smtp-sendmail-version5

In Sendmail, attackers can gain root privileges via SMTP by specifying
an improper "mail from" address and an invalid "rcpt to" address that would
cause the mail to bounce to a program.

Modifications:
  ADDREF CERT:CA-95.08
  ADDREF CIAC:E-03
  ADDREF XF:smtp-sendmail-version5

INFERRED ACTION: CAN-1999-0203 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(5) Hill, Blake, Balinsky, Ozancin, Northcutt
   MODIFY(1) Frech
   NOOP(1) Christey

Comments:
 Christey> Description needs to be more specific to distinguish between
 Christey> this and CAN-1999-0163, as alluded to by Adam Shostack
 Frech> XF:smtp-sendmail-version5


=================================
Candidate: CAN-1999-0780
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-process-kill

KDE klock allows local users to kill arbitrary processes by specifying
an arbitrary PID in the .kss.pid file.

Modifications:
  ADDREF XF:kde-klock-process-kill

INFERRED ACTION: CAN-1999-0780 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:kde-klock-process-kill
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0781
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-bindir-trojans

KDE allows local users to execute arbitrary commands by setting the
KDEDIR environmental variable to modify the search path that KDE uses
to locate its executables.

Modifications:
  ADDREF XF:kde-klock-bindir-trojans

INFERRED ACTION: CAN-1999-0781 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:kde-klock-bindir-trojans
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0782
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-kppp-directory-create

KDE kppp allows local users to create a directory in an arbitrary
location via the HOME environmental variable.

Modifications:
  ADDREF XF:kde-kppp-directory-create

INFERRED ACTION: CAN-1999-0782 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> kde-kppp-directory-create
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-1999-0803
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2
Reference: XF:ibm-enfirewall-tmpfiles

The fwluser script in AIX eNetwork Firewall allows local users to
write to arbitrary files via a symlink attack.

Modifications:
  CHANGEREF BUGTRAQ [add date]
  ADDREF XF:ibm-enfirewall-tmpfiles

INFERRED ACTION: CAN-1999-0803 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:ibm-efirewall-tmpfiles
 Frech> BUGTRAQ: add 19990525
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Poster claims that APAR (IR39562) was created.


=================================
Candidate: CAN-1999-0824
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BID:833
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=833
Reference: NTBUGTRAQ:19991130 SUBST problem
Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd)

A Windows NT user can use SUBST to map a drive letter to a folder,
which is not unmapped after the user logs off, potentially allowing
that user to modify the location of folders accessed by later users.

INFERRED ACTION: CAN-1999-0824 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Stracener, Prosser, Armstrong
   MODIFY(1) Frech
   NOOP(1) Cole

Comments:
 Frech> XF:nt-subst


=================================
Candidate: CAN-1999-0889
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense
Reference: XF:cisco-cbos-telnet

Cisco 675 routers running CBOS allow remote attackers to establish
telnet sessions if an exec or superuser password has not been set.

Modifications:
  ADDREF XF:cisco-cbos-telnet

INFERRED ACTION: CAN-1999-0889 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:cisco-cbos-telnet


=================================
Candidate: CAN-1999-0895
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net
Reference: BID:725
Reference: XF:checkpoint-ldap-auth

Firewall-1 does not properly restrict access to LDAP attributes.

Modifications:
  ADDREF BID:725
  ADDREF XF:checkpoint-ldap-auth

INFERRED ACTION: CAN-1999-0895 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Frech> XF:checkpoint-ldap-auth


=================================
Candidate: CAN-1999-0897
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2
Reference: XF:ichat-file-read-vuln

iChat ROOMS Webserver allows remote attackers to read arbitrary files
via a .. (dot dot) attack.

Modifications:
  ADDREF XF:ichat-file-read-vuln
  CHANGEREF BUGTRAQ [correct date]

INFERRED ACTION: CAN-1999-0897 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Blake, Stracener
   MODIFY(1) Frech
   NOOP(3) Cole, Christey, LeBlanc

Comments:
 Christey> This candidate is unconfirmed by the vendor.
 Christey>
 Christey> Two Bugtraq followups claim the problem has been fixed.
 Frech> XF:ichat-file-read-vuln
 Frech> BUGTRAQ: reference date may be wrong. verify that it is not 199_8_0908.


=================================
Candidate: CAN-1999-0950
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Reference: BID:747
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=747
Reference: XF:wftpd-mkd-bo

Buffer overflow in WFTPD FTP server allows remote attackers to gain
root access via	a series of MKD and CWD commands that create nested
directories.

Modifications:
  ADDREF XF:wftpd-mkd-bo

INFERRED ACTION: CAN-1999-0950 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:wftpd-mkd-bo


=================================
Candidate: CAN-1999-0957
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3
Reference: XF:majorcool-file-overwrite-vuln

MajorCool mj_key_cache program allows local users to modify files via
a symlink attack.

Modifications:
  ADDREF XF:majorcool-file-overwrite-vuln

INFERRED ACTION: CAN-1999-0957 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Meunier
   MODIFY(1) Frech

Comments:
 Frech> XF:majorcool-file-overwrite-vuln


=================================
Candidate: CAN-1999-0997
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: CF
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
Reference: XF:wuftp-ftp-conversion

wu-ftp with FTP conversion enabled allows an attacker to execute
commands via a malformed file name that is interpreted as an argument
to the program that does the conversion, e.g. tar or uncompress.

Modifications:
  ADDREF XF:wuftp-ftp-conversion

INFERRED ACTION: CAN-1999-0997 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Wall, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:wuftp-ftp-conversion
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:wuftp-ftp-conversion does not exist.
 Christey>
 Christey> Posted by suid@suid.kg.  See http://www.suid.edu/advisories/001.txt
 Christey> for details.


=================================
Candidate: CAN-1999-1005
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2
Reference: XF:groupwise-web-read-files
Reference: BID:879

Groupwise web server GWWEB.EXE allows remote attackers to read
arbitrary files with .htm extensions via a .. (dot dot) attack using
the HELP parameter.

Modifications:
  ADDREF XF:groupwise-web-read-files
  ADDREF BID:879

INFERRED ACTION: CAN-1999-1005 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, LeBlanc

Comments:
 Frech> XF:groupwise-web-read-files
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:groupwise-web-read-files does not exist.
 Christey>
 Christey> Multiple Bugtraq followups indicate the problem may be more
 Christey> severe than the current CVE description indicates.


=================================
Candidate: CAN-1999-1007
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2
Reference: XF:vdolive-bo-execute
Reference: BID:872
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=872

Buffer overflow in VDO Live Player allows remote attackers to execute
commands on the VDO client via a malformed .vdo file.

Modifications:
  ADDREF XF:vdolive-bo-execute

INFERRED ACTION: CAN-1999-1007 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Wall, Cole, Stracener
   MODIFY(1) Frech
   NOOP(2) Christey, LeBlanc

Comments:
 Frech> XF:vdolive-bo-execute
 Christey> This candidate is unconfirmed by the vendor.
 Christey> XF:vdolive-bo-execute does not exist.
 Christey>
 Christey> Posted by UNYUN of Shadow Penguin Security.


=================================
Candidate: CAN-1999-1010
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2
Reference: XF:ssh-policy-bypass

An SSH 1.2.27 server allows a client to use the "none" cipher, even if
it is not allowed by the server policy.

Modifications:
  ADDREF XF:ssh-policy-bypass

INFERRED ACTION: CAN-1999-1010 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Cole, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, LeBlanc

Comments:
 Frech> XF:ssh-policy-bypass
 Christey> This candidate is unconfirmed by the vendor.


=================================
Candidate: CAN-2000-0010
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Reference: XF:http-cgi-webwhoplus

WebWho+ whois.cgi program allows remote attackers to execute commands
via shell metacharacters in the TLD parameter.

Modifications:
  ADDREF XF:http-cgi-webwhoplus

INFERRED ACTION: CAN-2000-0010 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> http-cgi-webwhoplus


=================================
Candidate: CAN-2000-0012
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
Reference: BID:898
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=898
Reference: XF:w3-msql-scanf-bo

Buffer overflow in w3-msql CGI program in miniSQL package allows
remote attackers to execute commands.

Modifications:
  ADDREF XF:w3-msql-scanf-bo

INFERRED ACTION: CAN-2000-0012 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:w3-msql-scanf-bo


=================================
Candidate: CAN-2000-0014
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
Reference: BID:897
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=897
Reference: XF:savant-server-null-dos

Denial of service in Savant web server via a null character in the
requested URL.

Modifications:
  ADDREF XF:savant-server-null-dos

INFERRED ACTION: CAN-2000-0014 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:savant-server-null-dos


=================================
Candidate: CAN-2000-0020
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos

DNS PRO allows remote attackers to conduct a denial of service via a
large number of connections.

Modifications:
  ADDREF XF:dnspro-flood-dos

INFERRED ACTION: CAN-2000-0020 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:dnspro-flood-dos


=================================
Candidate: CAN-2000-0024
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: MS:MS99-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: XF:iis-badescapes
Reference: MSKB:Q246401

IIS does not properly canonicalize URLs, potentially allowing remote
attackers to bypass access restrictions in third-party software via
escape characters, aka the "Escape Character Parsing" vulnerability.

Modifications:
  ADDREF XF:iis-badescapes
  ADDREF MSKB:Q246401

INFERRED ACTION: CAN-2000-0024 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Ozancin, Armstrong, Cole
   MODIFY(2) Stracener, Frech

Comments:
 Stracener> Add Ref: MSKB:Q246401
 Ozancin> with Stracenr's addition
 Frech> XF:iis-badescapes


=================================
Candidate: CAN-2000-0033
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Reference: BID:899
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=899
Reference: XF:interscan-viruswall-bypass

InterScan VirusWall SMTP scanner does not properly scan messages with
malformed attachments.

Modifications:
  ADDREF XF:interscan-viruswall-bypass

INFERRED ACTION: CAN-2000-0033 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:interscan-viruswall-bypass


=================================
Candidate: CAN-2000-0042
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in  CSM Mail Server for Windows 95/NT v.2000.08.A
Reference: XF:csm-server-bo
Reference: BID:895
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=895

Buffer overflow in CSM mail server allows remote attackers to cause a
denial of service or execute commands via a long HELO command.

Modifications:
  ADDREF XF:csm-server-bo

INFERRED ACTION: CAN-2000-0042 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:csm-server-bo


=================================
Candidate: CAN-2000-0043
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Reference: BID:905
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=905
Reference: XF:camshot-http-get-overflow

Buffer overflow in CamShot WebCam HTTP server allows remote attackers
to execute commands via a long GET request.

Modifications:
  ADDREF XF:camshot-http-get-overflow

INFERRED ACTION: CAN-2000-0043 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:camshot-http-get-overflow


=================================
Candidate: CAN-2000-0050
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full
Reference: XF:allaire-webtop-access
Reference: BID:915
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=915

The Allaire Spectra Webtop allows authenticated users to access other
Webtop sections by specifying explicit URLs.

Modifications:
  ADDREF XF:allaire-webtop-access

INFERRED ACTION: CAN-2000-0050 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Prosser, Cole
   MODIFY(1) Frech
   NOOP(1) Ozancin

Comments:
 Frech> XF:allaire-webtop-access


=================================
Candidate: CAN-2000-0051
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full
Reference: BID:916
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=916
Reference: XF:allaire-spectra-config-dos

The Allaire Spectra Configuration Wizard allows remote attackers to
cause a denial of service by repeatedly resubmitting data collections
for indexing via a URL.

Modifications:
  ADDREF XF:allaire-spectra-config-dos

INFERRED ACTION: CAN-2000-0051 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Prosser, Cole
   MODIFY(1) Frech
   NOOP(1) Ozancin

Comments:
 Frech> XF:allaire-spectra-config-dos


=================================
Candidate: CAN-2000-0070
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp
Reference: MSKB:Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port
Reference: BID:934

NtImpersonateClientOfPort local procedure call in Windows NT 4.0
allows local users to gain privileges, aka "Spoofed LPC Port Request."

Modifications:
  ADDREF XF:nt-spoofed-lpc-port
  ADDREF BID:934

INFERRED ACTION: CAN-2000-0070 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Prosser, Cole
   MODIFY(1) Frech
   NOOP(1) Ozancin

Comments:
 Frech> ADDREF XF:nt-spoofed-lpc-port


=================================
Candidate: CAN-2000-0112
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000208
Assigned: 20000208
Category: CF
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952030018431&w=2
Reference: BID:960
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=960
Reference: XF:debian-mbr-bypass-security

The default installation of Debian Linux uses an insecure Master Boot
Record (MBR) which allows a local user to boot from a floppy disk
during the installation.

Modifications:
  ADDREF XF:debian-mbr-bypass-security

INFERRED ACTION: CAN-2000-0112 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(2) Cole, Prosser
   MODIFY(1) Frech
   NOOP(3) Wall, Ozancin, Blake

Comments:
 Prosser> Add BID 934
 Frech> XF:debian-mbr-bypass-security


=================================
Candidate: CAN-2000-0165
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net
Reference: CIAC:K-023
Reference: XF:delegate-proxy-bo

The Delegate application proxy has several buffer overflows which
allow a remote attacker to execute commands.

Modifications:
  ADDREF CIAC:K-023
  ADDREF XF:delegate-proxy-bo

INFERRED ACTION: CAN-2000-0165 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Cole, Blake, Prosser
   MODIFY(1) Frech
   NOOP(3) Wall, LeBlanc, Ozancin

Comments:
 Frech> XF:delegate-proxy-bo
 Frech> Also consider Reference:CIAC:K-023


=================================
Candidate: CAN-2000-0181
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html
Reference: BID:1054
Reference: URL:http://www.securityfocus.com/bid/1054

Firewall-1 3.0 and 4.0 leaks packets with private IP address
information, which could allow remote attackers to determine the real
IP address of the host that is making the connection.

INFERRED ACTION: CAN-2000-0181 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0184
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: CF
Reference: BUGTRAQ:20000309
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html
Reference: BID:1037
Reference: URL:http://www.securityfocus.com/bid/1037

Linux printtool sets the permissions of printer configuration files to
be world-readable, which allows local attackers to obtain printer
share passwords.

INFERRED ACTION: CAN-2000-0184 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0185
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html
Reference: BID:1049
Reference: URL:http://www.securityfocus.com/bid/1049

RealMedia RealServer reveals the real IP address of a Real Server,
even if the address is supposed to be private.

INFERRED ACTION: CAN-2000-0185 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0192
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: CF
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html
Reference: BID:1036
Reference: URL:http://www.securityfocus.com/bid/1036

The default installation of Caldera OpenLinux 2.3 includes the CGI
program rpm_query, which allows remote attackers to determine what
packages are installed on the system.

INFERRED ACTION: CAN-2000-0192 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0206
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000305 Oracle installer problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html
Reference: BID:1035
Reference: URL:http://www.securityfocus.com/bid/1035

The installation of Oracle 8.1.5.x on Linux follows symlinks and
creates the orainstRoot.sh file with world-writeable permissions,
which allows local users to gain privileges.

INFERRED ACTION: CAN-2000-0206 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0223
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html
Reference: BID:1047
Reference: URL:http://www.securityfocus.com/bid/1047

Buffer overflow in the wmcdplay CD player program for the WindowMaker
desktop allows local users to gain root privileges via a long
parameter.

INFERRED ACTION: CAN-2000-0223 FINAL (Final Decision 20000425)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   NOOP(2) Wall, LeBlanc

Page Last Updated or Reviewed: May 22, 2007