[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-24 - 31 candidates

The following cluster contains 31 candidates that were announced
between 6/14/2000 and 6/22/2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0466
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000620
Category: SF
Reference: ISS:20000620 Insecure call of external program in AIX cdmount
Reference: URL:http://xforce.iss.net/alerts/advise55.php
Reference: BID:1384
Reference: URL:http://www.securityfocus.com/bid/1384

AIX cdmount allows local users to gain root privileges via shell
metacharacters.


ED_PRI CAN-2000-0466 1


VOTE:

=================================
Candidate: CAN-2000-0475
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: MS:MS00-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-020.asp
Reference: BID:1350
Reference: URL:http://www.securityfocus.com/bid/1350

Windows 2000 allows a local user process to access another user's
desktop within the same windows station, aka the "Desktop Separation"
vulnerability.


ED_PRI CAN-2000-0475 1


VOTE:

=================================
Candidate: CAN-2000-0483
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
Reference: REDHAT:RHSA-2000:038-01
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2350
Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br
Reference: BID:1354
Reference: URL:http://www.securityfocus.com/bid/1354

The Zope DocumentTemplate package allows a remote attacker to modify
DTMLDocuments or DTMLMethods without authorization.


ED_PRI CAN-2000-0483 1


VOTE:

=================================
Candidate: CAN-2000-0485
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: MS:MS00-041
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
Reference: BID:1292
Reference: URL:http://www.securityfocus.com/bid/1292

Microsoft SQL Server allows local users to obtain database passwords
via the Data Transformation Service (DTS) package Properties dialog,
aka the "DTS Password" vulnerability.


ED_PRI CAN-2000-0485 1


VOTE:

=================================
Candidate: CAN-2000-0533
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: SGI:20000601-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P
Reference: BID:1379
Reference: URL:http://www.securityfocus.com/bid/1379

Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to
overwrite arbitrary files.


ED_PRI CAN-2000-0533 1


VOTE:

=================================
Candidate: CAN-2000-0539
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386

Servlet examples in Allaire JRun 2.3.x allow remote attackers to
obtain sensitive information, e.g. listing HttpSession ID's via the
SessionServlet servlet.


ED_PRI CAN-2000-0539 1


VOTE:

=================================
Candidate: CAN-2000-0540
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386

JSP sample files in Allaire JRun 2.3.x allow remote attackers to
access arbitrary files (e.g. via viewsource.jsp) or obtain
configuration information.


ED_PRI CAN-2000-0540 1


VOTE:

=================================
Candidate: CAN-2000-0469
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl
Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net
Reference: BID:1347
Reference: URL:http://www.securityfocus.com/bid/1347

Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary
files via a .. (dot dot) attack.


ED_PRI CAN-2000-0469 2


VOTE:

=================================
Candidate: CAN-2000-0477
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351

Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows
remote attackers to cause a denial of service via a .zip file that
contains long file names.


ED_PRI CAN-2000-0477 2


VOTE:

=================================
Candidate: CAN-2000-0478
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351

In some cases, Norton Antivirus for Exchange (NavExchange) enters a
"fail-open" state which allows viruses to pass through the server.


ED_PRI CAN-2000-0478 2


VOTE:

=================================
Candidate: CAN-2000-0510
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373

CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service via a malformed IPP request.


ED_PRI CAN-2000-0510 2


VOTE:

=================================
Candidate: CAN-2000-0511
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373

CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service via a CGI POST request.


ED_PRI CAN-2000-0511 2


VOTE:

=================================
Candidate: CAN-2000-0512
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373

CUPS (Common Unix Printing System) 1.04 and earlier does not properly
delete request files, which allows a remote attacker to cause a denial
of service.


ED_PRI CAN-2000-0512 2


VOTE:

=================================
Candidate: CAN-2000-0513
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373

CUPS (Common Unix Printing System) 1.04 and earlier allows remote
attackers to cause a denial of service by authenticating with a user
name that does not exist or does not have a shadow password.


ED_PRI CAN-2000-0513 2


VOTE:

=================================
Candidate: CAN-2000-0514
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt
Reference: BID:1374
Reference: URL:http://www.securityfocus.com/bid/1374

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict
access to some FTP commands, which allows remote attackers to cause a
denial of service, and local users to gain root privileges.


ED_PRI CAN-2000-0514 2


VOTE:

=================================
Candidate: CAN-2000-0528
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1364
Reference: URL:http://www.securityfocus.com/bid/1364

Net Tools PKI Server does not properly restrict access to remote
attackers when the XUDA template files do not contain absolute
pathnames for other files.


ED_PRI CAN-2000-0528 2


VOTE:

=================================
Candidate: CAN-2000-0529
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: BID:1363
Reference: URL:http://www.securityfocus.com/bid/1363

Net Tools PKI Server allows remote attackers to cause a denial of
service via a long HTTP request.


ED_PRI CAN-2000-0529 2


VOTE:

=================================
Candidate: CAN-2000-0562
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 BlackICE by Network ICE Corp vulnerability against Back Orifice 1.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0190.html

BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and
earlier, do not properly block Back Orifice traffic when the security
setting is Nervous or lower.


ED_PRI CAN-2000-0562 2


VOTE:

=================================
Candidate: CAN-2000-0471
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html
Reference: BID:1348
Reference: URL:http://www.securityfocus.com/bid/1348

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local
users to gain root privileges via a long pathname.


ED_PRI CAN-2000-0471 3


VOTE:

=================================
Candidate: CAN-2000-0473
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: BID:1349
Reference: URL:http://www.securityfocus.com/bid/1349

Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker
to cause a denial of service via a long GET request for a program in
the cgi-bin directory.


ED_PRI CAN-2000-0473 3


VOTE:

=================================
Candidate: CAN-2000-0479
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000616 Multiples Remotes DoS Attacks in Dragon Server v1.00 and v2.00
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2
Reference: BID:1352
Reference: URL:http://www.securityfocus.com/bid/1352

Dragon FTP server allows remote attackers to cause a denial of service
via a long USER command.


ED_PRI CAN-2000-0479 3


VOTE:

=================================
Candidate: CAN-2000-0480
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000616 Multiples Remotes DoS Attacks in Dragon Server v1.00 and v2.00
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113734714517&w=2
Reference: BID:1352
Reference: URL:http://www.securityfocus.com/bid/1352

Dragon telnet server allows remote attackers to cause a denial of service
via a long username.


ED_PRI CAN-2000-0480 3


VOTE:

=================================
Candidate: CAN-2000-0484
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96113651713414&w=2
Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96151775004229&w=2
Reference: BID:1355
Reference: URL:http://www.securityfocus.com/bid/1355

Buffer overflow in Small HTTP Server allows remote attackers to cause
a denial of service via a long GET request.


ED_PRI CAN-2000-0484 3


VOTE:

=================================
Candidate: CAN-2000-0494
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html
Reference: BID:1356
Reference: URL:http://www.securityfocus.com/bid/1356

Veritas Volume Manager creates a world writable .server_pids file,
which allows local users to add arbitrary commands into the file,
which is then executed by the vmsa_server script.


ED_PRI CAN-2000-0494 3


VOTE:

=================================
Candidate: CAN-2000-0500
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: CF
Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96161462915381&w=2
Reference: BID:1378
Reference: URL:http://www.securityfocus.com/bid/1378

The default configuration of BEA WebLogic 5.1.0 allows a remote
attacker to view source code of programs by requesting a URL beginning
with /file/, which causes the default servlet to display the file
without further processing.


ED_PRI CAN-2000-0500 3


VOTE:

=================================
Candidate: CAN-2000-0501
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html
Reference: BID:1366
Reference: URL:http://www.securityfocus.com/bid/1366

Race condition in MDaemon 2.8.5.0 POP server allows local users to
cause a denial of service by entering a UIDL command and quickly
exiting the server.


ED_PRI CAN-2000-0501 3


VOTE:

=================================
Candidate: CAN-2000-0504
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000619 XFree86: libICE DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html
Reference: BID:1369
Reference: URL:http://www.securityfocus.com/bid/1369

libICE in XFree86 allows remote attackers to cause a denial of service
by specifying a large value which is not properly checked by the
SKIP_STRING macro.


ED_PRI CAN-2000-0504 3


VOTE:

=================================
Candidate: CAN-2000-0531
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 Bug in gpm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006201453090.1812-200000@apollo.aci.com.pl
Reference: BID:1377
Reference: URL:http://www.securityfocus.com/bid/1377

Linux gpm program allows local users to cause a denial of service by
flooding the /dev/gpmctl device with STREAM sockets.


ED_PRI CAN-2000-0531 3


VOTE:

=================================
Candidate: CAN-2000-0541
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html
Reference: BID:1359
Reference: URL:http://www.securityfocus.com/bid/1359

The Panda Antivirus console on port 2001 allows local users to execute
arbitrary commands without authentication via the CMD command.


ED_PRI CAN-2000-0541 3


VOTE:

=================================
Candidate: CAN-2000-0543
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000614 Remote DoS attack in Networks Associates PGP Certificate Server Version 2.5 Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0107.html
Reference: BID:1343
Reference: URL:http://www.securityfocus.com/bid/1343

The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows
remote attackers to cause a denial of service if their hostname does
not have a reverse DNS entry and they connect to port 4000.


ED_PRI CAN-2000-0543 3


VOTE:

=================================
Candidate: CAN-2000-0561
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000712
Assigned: 20000711
Category: SF
Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html
Reference: BID:1365
Reference: URL:http://www.securityfocus.com/bid/1365

Buffer overflow in WebBBS 1.15 allows remote attackers to execute
arbitrary commands via a long HTTP GET request.


ED_PRI CAN-2000-0561 3


VOTE:
Page Last Updated or Reviewed: May 22, 2007