[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-23 - 34 candidates

The following cluster contains 34 candidates that were announced
between 6/6/2000 and 6/13/2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0472
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html
Reference: CALDERA:CSSA-2000-016.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt
Reference: BID:1316
Reference: URL:http://www.securityfocus.com/bid/1316

Buffer overflow in innd 2.2.2 allows remote attackers to execute
arbitrary commands via a cancel request containing a long message ID.


ED_PRI CAN-2000-0472 1


VOTE:

=================================
Candidate: CAN-2000-0525
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.
Reference: URL:http://www.openbsd.org/errata.html#uselogin
Reference: BID:1334
Reference: URL:http://www.securityfocus.com/bid/1334

OpenSSH does not properly drop privileges when the UseLogin option is
enabled, which allows local users to execute arbitrary commands by
providing the command to the ssh daemon.


ED_PRI CAN-2000-0525 1


VOTE:

=================================
Candidate: CAN-2000-0532
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: CF
Reference: FREEBSD:FreeBSD-SA-00:21
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html
Reference: BID:1323
Reference: URL:http://www.securityfocus.com/bid/1323

A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port
722 as well as port 22, which might allow remote attackers to access
SSH through port 722 even if port 22 is otherwise filtered.


ED_PRI CAN-2000-0532 1


VOTE:

=================================
Candidate: CAN-2000-0534
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:22 Security Advisory
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html
Reference: BID:1325
Reference: URL:http://www.securityfocus.com/bid/1325

The apsfilter software in the FreeBSD ports package does not properly
read user filter configurations, which allows local users to execute
commands as the lpd user.


ED_PRI CAN-2000-0534 1


VOTE:

=================================
Candidate: CAN-2000-0538
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2
Reference: ALLAIRE:ASB00-14
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
Reference: BID:1314
Reference: URL:http://www.securityfocus.com/bid/1314

ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows
remote attackers to cause a denial of service via a long login
password.


ED_PRI CAN-2000-0538 1


VOTE:

=================================
Candidate: CAN-2000-0548
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: BID:1338
Reference: URL:http://www.securityfocus.com/bid/1338

Buffer overflow in Kerberos 4 KDC program allows remote attackers to
cause a denial of service via the e_msg variable in the kerb_err_reply
function.


ED_PRI CAN-2000-0548 1


VOTE:

=================================
Candidate: CAN-2000-0549
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml

Kerberos 4 KDC program does not properly check for null termination of
AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause
a denial of service via a malformed request.


ED_PRI CAN-2000-0549 1


VOTE:

=================================
Candidate: CAN-2000-0550
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml

Kerberos 4 KDC program improperly frees memory twice (aka
"double-free"), which allows remote attackers to cause a denial of
service.


ED_PRI CAN-2000-0550 1


VOTE:

=================================
Candidate: CAN-2000-0497
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328

IBM WebSphere server 3.0.2 allows a remote attacker to view source
code of a JSP program by requesting a URL which provides the JSP
extension in upper case.


ED_PRI CAN-2000-0497 2


VOTE:

=================================
Candidate: CAN-2000-0506
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl
Reference: BUGTRAQ:20000609 Trustix Security Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html
Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html
Reference: BID:1322
Reference: URL:http://www.securityfocus.com/bid/1322
Reference: TURBO:TLSA2000013-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-June/000012.html

The "capabilities" feature in Linux before 2.2.16 allows local users
to cause a denial of service or gain privileges by setting the
capabilities to prevent a setuid program from dropping privileges, aka
the "Linux kernel setuid/setcap vulnerability."


ED_PRI CAN-2000-0506 2


VOTE:

=================================
Candidate: CAN-2000-0515
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: CF
Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org
Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com
Reference: BID:1327
Reference: URL:http://www.securityfocus.com/bid/1327

The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX
11.0 is world writable, which allows local users to modify SNMP
configuration or gain privileges.


ED_PRI CAN-2000-0515 2


VOTE:

=================================
Candidate: CAN-2000-0482
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html
Reference: BID:1312
Reference: URL:http://www.securityfocus.com/bid/1312

Check Point Firewall-1 allows remote attackers to cause a denial of
service by sending a large number of malformed fragmented IP packets.


ED_PRI CAN-2000-0482 3


VOTE:

=================================
Candidate: CAN-2000-0498
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328

Unify eWave ServletExec allows a remote attacker to view source code
of a JSP program by requesting a URL which provides the JSP extension
in upper case.


ED_PRI CAN-2000-0498 3


VOTE:

=================================
Candidate: CAN-2000-0499
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328

BEA WebLogic allows a remote attacker to view source code of a JSP
program by requesting a URL which provides the JSP extension in upper
case.


ED_PRI CAN-2000-0499 3


VOTE:

=================================
Candidate: CAN-2000-0502
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html
Reference: BID:1326
Reference: URL:http://www.securityfocus.com/bid/1326

Mcafee VirusScan 4.03 does not properly restrict access to the alert
text file before it is sent to the Central Alert Server, which allows
local users to modify alerts in an arbitrary fashion.


ED_PRI CAN-2000-0502 3


VOTE:

=================================
Candidate: CAN-2000-0503
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000606 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0154.html
Reference: BID:1311
Reference: URL:http://www.securityfocus.com/bid/1311

The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows
a remote attacker to violate the cross frame security policy via the
NavigateComplete2 event.


ED_PRI CAN-2000-0503 3


VOTE:

=================================
Candidate: CAN-2000-0508
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html
Reference: BID:1372
Reference: URL:http://www.securityfocus.com/bid/1372

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to
cause a denial of service via a malformed request.


ED_PRI CAN-2000-0508 3


VOTE:

=================================
Candidate: CAN-2000-0516
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html
Reference: BID:1329
Reference: URL:http://www.securityfocus.com/bid/1329

When configured to store configuration information in an LDAP
directory, Shiva Access Manager 5.0.0 stores the root DN
(Distinguished Name) name and password in cleartext in a file that is
world readable, which allows local users to compromise the LDAP
server.


ED_PRI CAN-2000-0516 3


VOTE:

=================================
Candidate: CAN-2000-0520
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000630 CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96240393814071&w=2
Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11880
Reference: BID:1330
Reference: URL:http://www.securityfocus.com/bid/1330

Buffer overflow in restore program 0.4b17 and earlier in dump package
allows local users to execute arbitrary commands via a long tape name.


ED_PRI CAN-2000-0520 3


VOTE:

=================================
Candidate: CAN-2000-0522
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk
Reference: BID:1332
Reference: URL:http://www.securityfocus.com/bid/1332

RSA ACE/Server allows remote attackers to cause a denial of service by
flooding the server's authentication request port with UDP packets,
which causes the server to crash.


ED_PRI CAN-2000-0522 3


VOTE:

=================================
Candidate: CAN-2000-0523
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
Reference: BID:1315
Reference: URL:http://www.securityfocus.com/bid/1315

Buffer overflow in the logging feature of EServ 2.9.2 and earlier
allows an attacker to execute arbitrary commands via a long MKD
command.


ED_PRI CAN-2000-0523 3


VOTE:

=================================
Candidate: CAN-2000-0526
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Mailstudio2000 CGI Vulnerabilities [S0ftPj.4]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html
Reference: BID:1335
Reference: URL:http://www.securityfocus.com/bid/1335

mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows
remote attackers to read arbitrary files via a .. (dot dot) attack.


ED_PRI CAN-2000-0526 3


VOTE:

=================================
Candidate: CAN-2000-0527
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Mailstudio2000 CGI Vulnerabilities [S0ftPj.4]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html
Reference: BID:1335
Reference: URL:http://www.securityfocus.com/bid/1335

userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows
remote attackers to execute arbitrary commands via shell
metacharacters.


ED_PRI CAN-2000-0527 3


VOTE:

=================================
Candidate: CAN-2000-0535
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:25
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html
Reference: BID:1340
Reference: URL:http://www.securityfocus.com/bid/1340

OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the
existence of the /dev/random or /dev/urandom devices, which are absent
on FreeBSD Alpha systems, which causes them to produce weak keys which
may be more easily broken.


ED_PRI CAN-2000-0535 3


VOTE:

=================================
Candidate: CAN-2000-0542
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
Reference: BID:1345
Reference: URL:http://www.securityfocus.com/bid/1345

Tigris remote access server before 11.5.4.22 does not properly record
Radius accounting information when a user fails the initial login
authentication but subsequently succeeds.


ED_PRI CAN-2000-0542 3


VOTE:

=================================
Candidate: CAN-2000-0546
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: BID:1338
Reference: URL:http://www.securityfocus.com/bid/1338

Buffer overflow in Kerberos 4 KDC program allows remote attackers to
cause a denial of service via the lastrealm variable in the set_tgtkey
function.


ED_PRI CAN-2000-0546 3


VOTE:

=================================
Candidate: CAN-2000-0547
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: BID:1338
Reference: URL:http://www.securityfocus.com/bid/1338

Buffer overflow in Kerberos 4 KDC program allows remote attackers to
cause a denial of service via the localrealm variable in the
process_v4 function.


ED_PRI CAN-2000-0547 3


VOTE:

=================================
Candidate: CAN-2000-0552
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html
Reference: BID:1307
Reference: URL:http://www.securityfocus.com/bid/1307

ICQwebmail client for ICQ 2000A creates a world readable temporary
file during login and does not delete it, which allows local users to
obtain sensitive information.


ED_PRI CAN-2000-0552 3


VOTE:

=================================
Candidate: CAN-2000-0554
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
Reference: BID:1320
Reference: URL:http://www.securityfocus.com/bid/1320

Ceilidh allows remote attackers to obtain the real path of the Ceilidh
directory via the translated_path hidden form field.


ED_PRI CAN-2000-0554 3


VOTE:

=================================
Candidate: CAN-2000-0555
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
Reference: BID:1320
Reference: URL:http://www.securityfocus.com/bid/1320

Ceilidh allows remote attackers to cause a denial of service via a
large number of POST requests.


ED_PRI CAN-2000-0555 3


VOTE:

=================================
Candidate: CAN-2000-0558
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html
Reference: BID:1317
Reference: URL:http://www.securityfocus.com/bid/1317

Buffer overflow in HP Openview Network Node Manager 6.1 allows remote
attackers to execute arbitrary commands via the Alarm service
(OVALARMSRV) on port 2345.


ED_PRI CAN-2000-0558 3


VOTE:

=================================
Candidate: CAN-2000-0559
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000607 SessionWall-3 Paper + (links to) code
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSO.4.21.0006072124320.28062-100000@bearclaw.bogus.net
Reference: BID:1341
Reference: URL:http://www.securityfocus.com/bid/1341

eTrust Intrusion Detection System (formerly SessionWall-3) uses weak
encryption (XOR) to store administrative passwords in the registry,
which allows local users to easily decrypt the passwords.


ED_PRI CAN-2000-0559 3


VOTE:

=================================
Candidate: CAN-2000-0563
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000609 Security Holes Found in URLConnection of MRJ and IE of Mac OS (was Re: Reappearance of an old IE security bug)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html
Reference: BUGTRAQ:20000513 Re: Reappearance of an old IE security bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-8&msg=391C95DE2DA.5E3BTAKAGI@java-house.etl.go.jp
Reference: BID:1336
Reference: URL:http://www.securityfocus.com/bid/1336

The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier
and the Microsoft virtual machine (VM) for MacOS allows a malicious
web site operator to connect to arbitrary hosts using a HTTP
redirection, in violation of the Java security model.


ED_PRI CAN-2000-0563 3


VOTE:

=================================
Candidate: CAN-2000-0565
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html
Reference: BID:1344
Reference: URL:http://www.securityfocus.com/bid/1344

SmartFTP Daemon 0.2 allows a local user to access arbitrary files by
uploading and specifying an alternate user configuration file via a
.. (dot dot) attack.


ED_PRI CAN-2000-0565 3


VOTE:
Page Last Updated or Reviewed: May 22, 2007