[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-16 - 25 candidates

The following cluster contains 25 candidates that were announced
between April 14 and April 24, 2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0256
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: MS:MS00-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-028.asp
Reference: BID:1117
Reference: URL:http://www.securityfocus.com/bid/1117

Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and
98 Server Extensions allow a user to conduct activities that are not
otherwise available through the web site, aka the "Server-Side Image
Map Components" vulnerability.


ED_PRI CAN-2000-0256 1


VOTE:

=================================
Candidate: CAN-2000-0260
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: MS:MS00-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-025.asp
Reference: BID:1109
Reference: URL:http://www.securityfocus.com/bid/1109

Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0
allows users to cause a denial of service or execute commands, aka
the "Link View Server-Side Component" vulnerability.


ED_PRI CAN-2000-0260 1


VOTE:

=================================
Candidate: CAN-2000-0267
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml
Reference: BID:1122
Reference: URL:http://www.securityfocus.com/bid/1122

Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode
without a password.


ED_PRI CAN-2000-0267 1


VOTE:

=================================
Candidate: CAN-2000-0268
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml
Reference: BID:1123
Reference: URL:http://www.securityfocus.com/bid/1123

Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of
service by sending the ENVIRON option to the Telnet daemon before it
is ready to accept it, which causes the system to reboot.


ED_PRI CAN-2000-0268 1


VOTE:

=================================
Candidate: CAN-2000-0264
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119

Panda Security 3.0 with registry editing disabled allows users to edit
the registry and gain privileges by directly executing a .reg file or
using other methods.


ED_PRI CAN-2000-0264 2


VOTE:

=================================
Candidate: CAN-2000-0265
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119

Panda Security 3.0 allows users to uninstall the Panda software via
its Add/Remove Programs applet.


ED_PRI CAN-2000-0265 2


VOTE:

=================================
Candidate: CAN-2000-0248
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000420
Category: SF/CF/MP/SA/AN/unknown
Reference: ISS:20000424 Backdoor Password in Red Hat Linux Virtual Server Package
Reference: REDHAT:RHSA-2000:014-10

The web GUI for the Linux Virtual Server (LVS) software in the Red Hat
Linux Piranha package has a backdoor passowrd that allows remote
attackers to execute arbitrary commands.


ED_PRI CAN-2000-0248 3


VOTE:

=================================
Candidate: CAN-2000-0250
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000414 qnx crypt comprimised
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0072.html
Reference: BID:1114
Reference: URL:http://www.securityfocus.com/bid/1114

The crypt function in QNX uses weak encryption, which allows local
users to decrypt passwords.


ED_PRI CAN-2000-0250 3


VOTE:

=================================
Candidate: CAN-2000-0252
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115

The dansie shopping cart application cart.pl allows remote attackers
to execute commands via a shell metacharacters in a form variable.


ED_PRI CAN-2000-0252 3


VOTE:

=================================
Candidate: CAN-2000-0253
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0061.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115

The dansie shopping cart application cart.pl allows remote attackers
to modify sensitive purchase information via hidden form fields.


ED_PRI CAN-2000-0253 3


VOTE:

=================================
Candidate: CAN-2000-0254
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0088.html
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115

The dansie shopping cart application cart.pl allows remote attackers
to obtain the shopping cart database and configuration information via
a URL that references either the env, db, or vars form variables.


ED_PRI CAN-2000-0254 3


VOTE:

=================================
Candidate: CAN-2000-0257
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl
Reference: BID:1118
Reference: URL:http://www.securityfocus.com/bid/1118

Buffer overflow in the Netware remote web administration utility
allows remote attackers to cause a denial of service or execute
commands via a long URL.


ED_PRI CAN-2000-0257 3


VOTE:

=================================
Candidate: CAN-2000-0263
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000416 xfs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html
Reference: BID:1111
Reference: URL:http://www.securityfocus.com/bid/1111

The X font server xfs in Red Hat Linux 6.x allows an attacker to cause
a denial of service via a malformed request.


ED_PRI CAN-2000-0263 3


VOTE:

=================================
Candidate: CAN-2000-0266
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 IE 5 security vulnerablity - circumventing Cross-frame security policy using Java/JavaScript (and disabling Active Scripting is not that easy)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FC6130.D6D178FD@nat.bg
Reference: BID:1121
Reference: URL:http://www.securityfocus.com/bid/1121

Internet Explorer 5.01 allows remote attackers to bypass the cross
frame security policy via a malicious applet that interacts with the
Java JSObject to modify the DOM properties to set the IFRAME to an
arbitrary Javascript URL.


ED_PRI CAN-2000-0266 3


VOTE:

=================================
Candidate: CAN-2000-0269
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de
Reference: BID:1125
Reference: URL:http://www.securityfocus.com/bid/1125

Emacs 20 does not properly set permissions for a slave PTY device when
starting a new subprocess, which allows local users to read or modify
communications between Emacs and the subprocess.


ED_PRI CAN-2000-0269 3


VOTE:

=================================
Candidate: CAN-2000-0270
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de
Reference: BID:1125
Reference: URL:http://www.securityfocus.com/bid/1126

The make-temp-name Lisp function in Emacs 20 creates temporary files
with predictable names, which allows attackers to conduct a symlink
attack.


ED_PRI CAN-2000-0270 3


VOTE:

=================================
Candidate: CAN-2000-0271
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 RUS-CERT Advisory 200004-01: GNU Emacs 20
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-04-15&msg=tg4s8zioxq.fsf@mercury.rus.uni-stuttgart.de
Reference: BID:1125
Reference: URL:http://www.securityfocus.com/bid/1125

read-passwd and other Lisp functions in Emacs 20 do not properly clear
the history of recently typed keys, which allows an attacker to read
unencrypted passwords.


ED_PRI CAN-2000-0271 3


VOTE:

=================================
Candidate: CAN-2000-0272
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95625288231045&w=2
Reference: BID:1128
Reference: URL:http://www.securityfocus.com/bid/1128

RealNetworks RealServer allows remote attackers to cause a denial of
service by sending malformed input to the server at port 7070.


ED_PRI CAN-2000-0272 3


VOTE:

=================================
Candidate: CAN-2000-0284
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000416 imapd4r1 v12.264
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0074.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0085.html
Reference: BID:1110
Reference: URL:http://www.securityfocus.com/bid/1110

Buffer overflow in University of Washington imapd version 4.7 allows
users with a valid account to execute commands via LIST or other
commands.


ED_PRI CAN-2000-0284 3


VOTE:

=================================
Candidate: CAN-2000-0285
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000416 XFree86 server overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html

Buffer overflow in XFree86 3.3.x allows local users to execute
arbitrary commands via a long -xkbmap parameter.


ED_PRI CAN-2000-0285 3


VOTE:

=================================
Candidate: CAN-2000-0286
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000416 xfs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004161525040.1186-200000@localhost
Reference: BID:1111
Reference: URL:http://www.securityfocus.com/bid/1111

X fontserver xfs allows local users to cause a denial of service via
malformed input to the server.


ED_PRI CAN-2000-0286 3


VOTE:

=================================
Candidate: CAN-2000-0291
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000416 StarOffice 5.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0077.html
Reference: BID:1112
Reference: URL:http://www.securityfocus.com/bid/1112

Buffer overflow in Star Office 5.1 allows attackers to cause a denial
of service by embedding a long URL within a document.


ED_PRI CAN-2000-0291 3


VOTE:

=================================
Candidate: CAN-2000-0292
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000418 Adtran DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain
Reference: BID:1129
Reference: URL:http://www.securityfocus.com/bid/1129

The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a
denial of service via a ping flood to the Ethernet interface, which
causes the device to crash.


ED_PRI CAN-2000-0292 3


VOTE:

=================================
Candidate: CAN-2000-0293
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000421 local user can delete arbitrary files on SuSE-Linux
Reference: BID:1130
Reference: URL:http://www.securityfocus.com/bid/1130

aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow
local users to delete arbitrary files by creating files whose names
include spaces, which are then incorrectly interpreted by aaa_base
when it deletes expired files from the /tmp directory.


ED_PRI CAN-2000-0293 3


VOTE:

=================================
Candidate: CAN-2000-0295
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000420 Remote vulnerability in LCDproc 0.4
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000421010946.15318I-200000@schizo.strange.net
Reference: BID:1131
Reference: URL:http://www.securityfocus.com/bid/1131

Buffer overflow in LCDproc allows remote attackers to gain root
privileges via the screen_add command.


ED_PRI CAN-2000-0295 3


VOTE:
Page Last Updated or Reviewed: May 22, 2007