[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[INTERIM] ACCEPT 31 recent candidates (Final 7/12)



I have made an Interim Decision to ACCEPT the following 31 candidates
from the RECENT-01 through RECENT-17 clusters.  I will make a Final
Decision on July 12.

The breakdown by cluster is as follows:

   1 RECENT-01
   8 RECENT-04
   2 RECENT-05
   1 RECENT-07
   1 RECENT-10
   1 RECENT-11
   3 RECENT-13
   1 RECENT-14
   5 RECENT-15
   1 RECENT-16
   7 RECENT-17


Voters:
  Levy ACCEPT(7) MODIFY(2) NOOP(1)
  Wall ACCEPT(3) NOOP(16) REVIEWING(1)
  LeBlanc ACCEPT(2) MODIFY(1) NOOP(9)
  Ozancin ACCEPT(4)
  Cole ACCEPT(5) MODIFY(1) NOOP(16)
  Stracener ACCEPT(16) MODIFY(1)
  Frech ACCEPT(1) MODIFY(30)
  Dik ACCEPT(4) MODIFY(2)
  Christey NOOP(8)
  Magdych MODIFY(1)
  Armstrong ACCEPT(10)
  Prosser ACCEPT(1)
  Blake ACCEPT(3) NOOP(1)


=================================
Candidate: CAN-1999-0820
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:838
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=838
Reference: XF:freebsd-seyon-dir-add

FreeBSD seyon allows users to gain privileges via a modified PATH
variable for finding the xterm and seyon-emu commands.

Modifications:
  ADDREF XF:freebsd-seyon-dir-add

INFERRED ACTION: CAN-1999-0820 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Armstrong, Stracener, Prosser
   MODIFY(2) Cole, Frech
   NOOP(2) Christey, Christey

Comments:
 Cole> There are actually several vulenrabilities with seyon which allow
   users to elevate priviliges
 Frech> XF:freebsd-seyon-dir-add
 Christey> ADDREF? CALDERA:CSSA-1999-037.0
 Prosser> agree there are also earlier seyon vulnerabilites reported as
   well but in different areas.  The Caldera bulletin refers to a seyon problem
   that allows uucp privileges.
 Christey> The Caldera advisory is vaguely worded, so it's not certain
   whether it should be added here.

   As Eric points out, other seyon problems are identified in the
   related Bugtraq post.  They are covered by CAN-1999-0863 and
   CAN-1999-0821.


=================================
Candidate: CAN-2000-0001
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-02
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c)
Reference: BID:888
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=888
Reference: XF:realserver-ramgen-dos

RealMedia server allows remote attackers to cause a denial of service
via a long ramgen request.

Modifications:
  ADDREF BID:888
  ADDREF XF:realserver-ramgen-dos

INFERRED ACTION: CAN-2000-0001 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:realserver-ramgen-dos


=================================
Candidate: CAN-2000-0011
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-03
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-get-bo
Reference: BID:906
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=906

Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote
attackers to execute commands via a long GET request.

Modifications:
  DESC add "http server"
  ADDREF MISC:http://www.analogx.com/contents/download/network/sswww.htm
  ADDREF XF:simpleserver-get-bo

INFERRED ACTION: CAN-2000-0011 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:simpleserver-get-bo


=================================
Candidate: CAN-2000-0013
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991231 irix-soundplayer.sh
Reference: XF:irix-soundplayer-symlink
Reference: BID:909
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=909

IRIX soundplayer program allows local users to gain privileges by
including shell metacharacters in a .wav file, which is executed via
the midikeys program.

Modifications:
  DESC change to reflect bug in soundplayer, specify correct bug
  ADDREF XF:irix-soundplayer-symlink

INFERRED ACTION: CAN-2000-0013 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(1) Armstrong
   MODIFY(2) Stracener, Frech
   NOOP(1) Christey

Comments:
 Christey> The description should be modified.  The problem is not a
   symlink attack, rather being able to route a command using
   shell metacharacters.
 Stracener> This is not a symlink attack. Description should be changed (see below).

   Here is what is going on: 1) script creates a file containing C code to
   spawn a setuid shell in /tmp when compiled and executed, 2) compiles the
   C source file with output to /tmp/kungfoo, 3) executes midikeys  4) user
   opens a wav file (via soundplayer) and saves the file as
   "foo;/tmp/kungfoo". The "exploitable condition" in soundplayer is a
   software flaw allowing for command separation when saving files (i.e.,
   whatever is placed after the ";" is executed by soundplayer). I suggest
   the description read: "A bug soundplayer (part of midikeys) allows user
   to save a wav file with a command separator (i.e. ";") and issue
   multiple commands, resulting in the execution of arbitrary code."
 Frech> XF:irix-soundplayer-symlink


=================================
Candidate: CAN-2000-0015
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991231 tftpserv.sh
Reference: BID:910
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=910
Reference: XF:cascadeview-tftp-symlink

CascadeView TFTP server allows local users to gain privileges via a
symlink attack.

Modifications:
  ADDREF XF:cascadeview-tftp-symlink

INFERRED ACTION: CAN-2000-0015 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:cascadeview-tftp-symlink


=================================
Candidate: CAN-2000-0018
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991221 Wmmon under FreeBSD
Reference: BID:885
Reference: XF:freebsd-wmmon-root-exploit

wmmon in FreeBSD allows local users to gain privileges via the
.wmmonrc configuration file.

Modifications:
  ADDREF XF:freebsd-wmmon-root-exploit
  ADDREF BID:885

INFERRED ACTION: CAN-2000-0018 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:freebsd-wmmon-root-exploit


=================================
Candidate: CAN-2000-0030
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-fill-disk
Reference: BID:878

Solaris dmispd dmi_cmd allows local users to fill up restricted disk
space by adding files to the /var/dmi/db database.

Modifications:
  ADDREF XF:sol-dmispd-fill-disk
  ADDREF BID:878

INFERRED ACTION: CAN-2000-0030 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Armstrong, Dik
   MODIFY(1) Frech

Comments:
 Frech> XF:sol-dmispd-fill-disk


=================================
Candidate: CAN-2000-0032
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-dos
Reference: BID:878

Solaris dmi_cmd allows local users to crash the dmispd daemon by
adding a malformed file to the /var/dmi/db database.

Modifications:
  ADDREF XF:sol-dmispd-dos
  ADDREF BID:878

INFERRED ACTION: CAN-2000-0032 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Stracener, Armstrong, Dik
   MODIFY(1) Frech

Comments:
 Frech> XF:sol-dmispd-dos


=================================
Candidate: CAN-2000-0034
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 More Netscape Passwords Available.
Reference: XF:netscape-password-preferences

Netscape 4.7 records user passwords in the preferences.js file during
an IMAP or POP session, even if the user has not enabled "remember
passwords."

Modifications:
  ADDREF XF:netscape-password-preferences

INFERRED ACTION: CAN-2000-0034 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Stracener, Armstrong
   MODIFY(1) Frech

Comments:
 Frech> XF:netscape-password-preferences


=================================
Candidate: CAN-2000-0045
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
Reference: BUGTRAQ:20000113 New MySQL Available
Reference: XF:mysql-pwd-grant
Reference: BID:926
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=926

MySQL allows local users to modify passwords for arbitrary MySQL users
via the GRANT privilege.

Modifications:
  ADDREF XF:mysql-pwd-grant

INFERRED ACTION: CAN-2000-0045 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:mysql-pwd-grant


=================================
Candidate: CAN-2000-0076
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:19991230 vibackup.sh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2
Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script
Reference: URL:http://www.debian.org/security/2000/20000108
Reference: XF:nvi-delete-files

nviboot boot script in the Debian nvi package allows local users to
delete files via malformed entries in vi.recover.

Modifications:
  ADDREF XF:nvi-delete-files

INFERRED ACTION: CAN-2000-0076 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(3) Levy, Wall, Cole

Comments:
 Frech> XF:nvi-delete-files


=================================
Candidate: CAN-2000-0092
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:01
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc
Reference: BID:939
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=939
Reference: XF:gnu-makefile-tmp-root

The BSD make program allows local users to modify files via a symlink
attack when the -j option is being used.

Modifications:
  ADDREF XF:gnu-makefile-tmp-root

INFERRED ACTION: CAN-2000-0092 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Cole> please change mine from reviewing to NOOP, I could not find the
   information I was looking for
 Frech> XF:gnu-makefile-tmp-root


=================================
Candidate: CAN-2000-0157
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000321-01
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: NETBSD:1999-012
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc
Reference: XF:netbsd-ptrace

NetBSD ptrace call on VAX allows local users to gain privileges by
modifying the PSL contents in the debugging process.

Modifications:
  ADDREF XF:netbsd-ptrace

INFERRED ACTION: CAN-2000-0157 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:netbsd-ptrace


=================================
Candidate: CAN-2000-0168
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0087.html
Reference: MS:MS00-017
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126
Reference: BID:1043
Reference: URL:http://www.securityfocus.com/bid/1043
Reference: XF:win-dos-devicename-dos

Microsoft Windows 9x operating systems allow an attacker to cause a
denial of service via a pathname that includes file device names, aka
the "DOS Device in Path Name" vulnerability.

Modifications:
  ADDREF XF:win-dos-devicename-dos
  DESC [add versions]

INFERRED ACTION: CAN-2000-0168 ACCEPT_REV (5 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Cole
   MODIFY(2) LeBlanc, Frech
   REVIEWING(1) Wall

Comments:
 LeBlanc> this only affects Win9x, not Windows NT or Windows 2000
 Frech> XF:win-dos-devicename-dos


=================================
Candidate: CAN-2000-0174
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: BID:1040
Reference: URL:http://www.securityfocus.com/bid/1040
Reference: XF:staroffice-scheduler-fileread

StarOffice StarScheduler web server allows remote attackers to read
arbitrary files via a .. (dot dot) attack.

Modifications:
  ADDREF XF:staroffice-scheduler-fileread

INFERRED ACTION: CAN-2000-0174 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Dik
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Cole, Christey

Comments:
 Christey> Sun patch ID 109185, dated March 27 2000, reports on SD#73159,
   "Security problems in the shttpd.bin using StarSchedule
   Server."  But did they fix 2000-0174, 2000-0175, or both?
 Frech> XF:staroffice-scheduler-fileread


=================================
Candidate: CAN-2000-0175
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: XF:staroffice-scheduler-bo
Reference: BID:1039
Reference: URL:http://www.securityfocus.com/bid/1039

Buffer overflow in StarOffice StarScheduler web server allows remote
attackers to gain root access via a long GET command.

Modifications:
  ADDREF XF:staroffice-scheduler-bo

INFERRED ACTION: CAN-2000-0175 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Ozancin, Dik
   MODIFY(1) Frech
   NOOP(4) Wall, LeBlanc, Cole, Christey

Comments:
 Christey> Sun patch ID 109185, dated March 27 2000, reports on SD#73159,
   "Security problems in the shttpd.bin using StarSchedule
   Server."  But did they fix 2000-0174, 2000-0175, or both?
 Frech> XF:staroffice-scheduler-bo


=================================
Candidate: CAN-2000-0195
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1008
Reference: URL:http://www.securityfocus.com/bid/1008
Reference: XF:corel-linux-setxconf-root

setxconf in Corel Linux allows local users to gain root access via the
-T parameter, which executes the user's .xserverrc file.

INFERRED ACTION: CAN-2000-0195 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Armstrong, Ozancin
   MODIFY(1) Frech
   NOOP(4) Wall, Blake, LeBlanc, Cole

Comments:
 Frech> XF:corel-linux-setxconf-root


=================================
Candidate: CAN-2000-0236
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0191.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0238.html
Reference: BID:1063
Reference: URL:http://www.securityfocus.com/bid/1063
Reference: XF:netscape-server-directory-indexing

Netscape Enterprise Server with Web Publishing enabled allows remote
attackers to list server directories via web publishing tags such as
?wp-ver-info and ?wp-cs-dump.

INFERRED ACTION: CAN-2000-0236 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Frech, Cole
   MODIFY(1) Magdych

Comments:
 Magdych> Change first instance of "Web Publishing" to "Directory Indexing".


=================================
Candidate: CAN-2000-0251
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: HP:HPSBUX0004-112
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html
Reference: BID:1090
Reference: URL:http://www.securityfocus.com/bid/1090
Reference: XF:hp-virtual-vault

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes
via an interface that has multiple aliased IP addresses.

Modifications:
  ADDREF XF:hp-virtual-vault

INFERRED ACTION: CAN-2000-0251 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:hp-virtual-vault


=================================
Candidate: CAN-2000-0261
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: XF:ken-download-files
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103

The AVM KEN! web server allows remote attackers to read arbitrary
files via a .. (dot dot) attack.

Modifications:
  ADDREF XF:ken-download-files

INFERRED ACTION: CAN-2000-0261 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:ken-download-files


=================================
Candidate: CAN-2000-0262
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: XF:ken-dos

The AVM KEN! ISDN Proxy server allows remote attackers to cause a
denial of service via a malformed request.

Modifications:
  ADDREF XF:ken-dos

INFERRED ACTION: CAN-2000-0262 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:ken-dos


=================================
Candidate: CAN-2000-0264
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: unknown
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-admin-privileges
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119

Panda Security 3.0 with registry editing disabled allows users to edit
the registry and gain privileges by directly executing a .reg file or
using other methods.

Modifications:
  ADDREF CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
  ADDREF XF:panda-admin-privileges

INFERRED ACTION: CAN-2000-0264 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Christey

Comments:
 Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
 Frech> XF:panda-admin-privileges


=================================
Candidate: CAN-2000-0279
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000407 BeOS Networking DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html
Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312
Reference: BID:1100
Reference: URL:http://www.securityfocus.com/bid/1100
Reference: XF:beos-networking-dos

BeOS allows remote attackers to cause a denial of service via
malformed packets whose length field is less than the length of the
headers.

Modifications:
  ADDREF XF:beos-networking-dos

INFERRED ACTION: CAN-2000-0279 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:beos-networking-dos


=================================
Candidate: CAN-2000-0297
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: ALLAIRE:ASB00-06
Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full
Reference: BID:1085
Reference: URL:http://www.securityfocus.com/bid/1085
Reference: XF:allaire-forums-allaccess

Allaire Forums 2.0.5 allows remote attackers to bypass access
restrictions to secure conferences via the rightAccessAllForums or
rightModerateAllForums variables.

Modifications:
  ADDREF XF:allaire-forums-allaccess

INFERRED ACTION: CAN-2000-0297 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Christey

Comments:
 Christey> ADDREF XF:allaire-forums-allaccess
 Frech> XF:allaire-forums-allaccess


=================================
Candidate: CAN-2000-0311
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: MS:MS00-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp
Reference: XF:ms-mixed-object
Reference: BID:1145
Reference: URL:http://www.securityfocus.com/bid/1145

The Windows 2000 domain controller allows a malicious user to modify
Active Directory information by modifying an unprotected attribute,
aka the "Mixed Object Access" vulnerability.

Modifications:
  ADDREF XF:ms-mixed-object

INFERRED ACTION: CAN-2000-0311 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) LeBlanc, Cole, Wall, Levy
   MODIFY(1) Frech

Comments:
 Frech> XF:ms-mixed-object


=================================
Candidate: CAN-2000-0316
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
Reference: SUNBUG:4314312
Reference: BID:1143
Reference: URL:http://www.securityfocus.com/bid/1143
Reference: XF:solaris-lp-bo

Buffer overflow in Solaris 7 lp allows local users to gain root
privileges via a long -d option.

Modifications:
  ADDREF SUNBUG:4314312
  ADDREF XF:solaris-lp-bo

INFERRED ACTION: CAN-2000-0316 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(2) Dik, Frech
   NOOP(3) LeBlanc, Cole, Wall

Comments:
 Dik> this is one of many buffer overflows in libprint.so.2;
   Reference: SUNBUG 4314312
 Frech> XF:solaris-lp-bo


=================================
Candidate: CAN-2000-0331
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html
Reference: MS:MS00-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp
Reference: BID:1135
Reference: URL:http://www.securityfocus.com/bid/1135
Reference: XF:nt-cmd-overflow

Buffer overflow in Microsoft command processor (CMD.EXE) for Windows
NT and Windows 2000 allows a local user to cause a denial of service
via a long environment variable, aka the "Malformed Environment
Variable" vulnerability.

Modifications:
  ADDREF XF:nt-cmd-overflow

INFERRED ACTION: CAN-2000-0331 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) LeBlanc, Cole, Wall, Levy
   MODIFY(1) Frech

Comments:
 Frech> XF:nt-cmd-overflow


=================================
Candidate: CAN-2000-0334
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: ALLAIRE:ASB00-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full
Reference: BID:1181
Reference: XF:allaire-spectra-container-editor-preview

The Allaire Spectra container editor preview tool does not properly
enforce object security, which allows an attacker to conduct
unauthorized activities via an object-method that is added to the
container object with a publishing rule.

Modifications:
  ADDREF BID:1181
  ADDREF XF:allaire-spectra-container-editor-preview

INFERRED ACTION: CAN-2000-0334 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   MODIFY(2) Levy, Frech
   NOOP(3) LeBlanc, Cole, Wall

Comments:
 Levy> Reference: BID 1181
 Frech> XF:allaire-spectra-container-editor-preview


=================================
Candidate: CAN-2000-0336
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: REDHAT:RHSA-2000:012-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000012-05.html
Reference: CALDERA:CSSA-2000-009.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
Reference: TURBO:TLSA2000010-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
Reference: BID:1232
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1232
Reference: XF:openldap-symlink-attack

Linux OpenLDAP server allows local users to modify arbitrary files via
a symlink attack.

Modifications:
  ADDREF BID:1232
  ADDREF XF:openldap-symlink-attack
  ADDREF CALDERA:CSSA-2000-009.0
  ADDREF TURBO:TLSA2000010-1
  DESC remove Red Hat

INFERRED ACTION: CAN-2000-0336 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Cole
   MODIFY(2) Levy, Frech
   NOOP(3) LeBlanc, Wall, Christey

Comments:
 Levy> Reference: BID 1232
 Frech> XF:openldap-symlink-attack
   Note: This is not just a Red Hat issue. See
   ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt and
   http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.htm
   l, and you might as well add them as references too. :-)
 Christey> Also ADDREF BID:1232


=================================
Candidate: CAN-2000-0337
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
Reference: SUNBUG:4335411
Reference: XF:solaris-xsun-bo
Reference: BID:1140
Reference: URL:http://www.securityfocus.com/bid/1140

Buffer overflow in Xsun X server in Solaris 7 allows local users to
gain root privileges via a long -dev parameter.

Modifications:
  ADDREF SUNBUG:4335411
  ADDREF XF:solaris-xsun-bo

INFERRED ACTION: CAN-2000-0337 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Levy
   MODIFY(2) Dik, Frech
   NOOP(3) LeBlanc, Cole, Wall

Comments:
 Dik> Reference: SUNBUG: 4335411
 Frech> XF:solaris-xsun-bo


=================================
Candidate: CAN-2000-0339
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000420 ZoneAlarm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com
Reference: BID:1137
Reference: URL:http://www.securityfocus.com/bid/1137
Reference: XF:zonealarm-portscan

ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source
port of 67, which allows remote attackers to bypass the firewall
rules.

Modifications:
  ADDREF XF:zonealarm-portscan

INFERRED ACTION: CAN-2000-0339 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Wall, Levy
   MODIFY(1) Frech
   NOOP(2) LeBlanc, Cole

Comments:
 Frech> XF:zonealarm-portscan

Page Last Updated or Reviewed: May 22, 2007