[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster RECENT-22 - 33 candidates

* Steven M. Christey (coley@LINUS.MITRE.ORG) [000712 02:06]:
> The following cluster contains 33 candidates that were announced
> between 5/21/2000 and 6/5/2000.
> 
> The candidates are listed in order of priority.  Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
> 
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
> 
> - Steve
> 
> 
> 
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
> 
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
> 
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
> 
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
> 
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
> 
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
> 
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
> 
> =================================
> Candidate: CAN-2000-0467
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000614 Splitvt exploit
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html
> Reference: DEBIAN:20000605 root exploit in splitvt
> Reference: URL:http://www.debian.org/security/2000/20000605a
> Reference: BID:1346
> Reference: URL:http://www.securityfocus.com/bid/1346
> 
> Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users
> to gain root privileges via a long password in the screen locking
> function.
> 
> 
> ED_PRI CAN-2000-0467 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0495
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: MS:MS00-038
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-038.asp
> Reference: BID:1282
> Reference: URL:http://www.securityfocus.com/bid/1282
> 
> Microsoft Windows Media Encoder allows remote attackers to cause a
> denial of service via a malformed request, aka the "Malformed Windows
> Media Encoder Request" vulnerability.
> 
> 
> ED_PRI CAN-2000-0495 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0517
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: CERT:CA-2000-08
> Reference: URL:http://www.cert.org/advisories/CA-2000-08.html
> Reference: BID:1260
> Reference: URL:http://www.securityfocus.com/bid/1260
> 
> Netscape 4.73 and earlier does not properly warn users about a
> potentially invalid certificate if the user has previously accepted
> the certificate for a different web site, which could allow remote
> attackers to spoof a legitimate web site by compromising that site's
> DNS information.
> 
> 
> ED_PRI CAN-2000-0517 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0518
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: MS:MS00-039
> Reference: http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
> Reference: BID:1309
> Reference: URL:http://www.securityfocus.com/bid/1309
> 
> Internet Explorer 4.0 and 5.0 does not properly verify all contents of
> an SSL certificate if a connection is made to the server via an image
> or a frame, aka one of two different "SSL Certificate Validation"
> vulnerabilities.
> 
> 
> ED_PRI CAN-2000-0518 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0519
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: MS:MS00-039
> Reference: http://www.microsoft.com/technet/security/bulletin/ms00-039.asp
> Reference: BID:1309
> Reference: URL:http://www.securityfocus.com/bid/1309
> 
> Internet Explorer 4.0 and 5.0 does not properly re-validate an SSL
> certificate if the user establishes a new SSL session with the same
> server during the same Internet Explorer session, aka one of two
> different "SSL Certificate Validation" vulnerabilities.
> 
> 
> ED_PRI CAN-2000-0519 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0530
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000531 KDE::KApplication feature?
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html
> Reference: CALDERA:CSSA-2000-015.0
> Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-015.0.txt
> Reference: BID:1291
> Reference: URL:http://www.securityfocus.com/bid/1291
> 
> The KApplication class in the KDE 1.1.2 configuration file management
> capability allows local users to overwrite arbitrary files.
> 
> 
> ED_PRI CAN-2000-0530 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0537
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000606 BRU Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html
> Reference: CALDERA:CSSA-2000-018.0
> Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt
> Reference: BID:1321
> Reference: URL:http://www.securityfocus.com/bid/1321
> 
> BRU backup software allows local users to append data to arbitrary
> files by specifying an alternate configuration file with the
> BRUEXECLOG environmental variable.
> 
> 
> ED_PRI CAN-2000-0537 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0545
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000602 /usr/bin/Mail exploit for Slackware 7.0 (mail-slack.c)
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0435.html
> Reference: DEBIAN:20000605 mailx: mail group exploit in mailx
> Reference: URL:http://www.debian.org/security/2000/20000605
> Reference: BID:1305
> Reference: URL:http://www.securityfocus.com/bid/1305
> 
> Buffer overflow in mailx mail command (aka Mail) on Linux systems
> allows local users to gain privileges via a long -c (carbon copy)
> parameter.
> 
> 
> ED_PRI CAN-2000-0545 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0474
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html
> Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html
> Reference: BID:1288
> Reference: URL:http://www.securityfocus.com/bid/1288
> 
> Real Networks RealServer 7.x allows remote attackers to cause a denial
> of service via a malformed request for a page in the viewsource
> directory.
> 
> 
> ED_PRI CAN-2000-0474 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0486
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html
> Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html
> Reference: BID:1293
> Reference: URL:http://www.securityfocus.com/bid/1293
> 
> Buffer overflow in Cisco TACACS+ tac_plus server allows remote
> attackers to cause a denial of service via a malformed packet with a
> long length field.
> 
> 
> ED_PRI CAN-2000-0486 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0505
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com
> Reference: BID:1284
> Reference: URL:http://www.securityfocus.com/bid/1284
> 
> The Apache 1.3.x HTTP server for Windows platforms allows remote
> attackers to list directory contents by requesting a URL containing a
> large number of / characters.
> 
> 
> ED_PRI CAN-2000-0505 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0536
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: CONFIRM:http://www.synack.net/xinetd/
> Reference: BID:1381
> Reference: URL:http://www.securityfocus.com/bid/1381
> 
> xinetd 2.1.8.x does not properly restrict connections if hostnames are
> used for access control and the connecting host does not have a
> reverse DNS entry.
> 
> 
> ED_PRI CAN-2000-0536 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0468
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000@nofud.nwest.attws.com
> Reference: BID:1302
> Reference: URL:http://www.securityfocus.com/bid/1302
> 
> man in HP-UX 10.20 and 11 allows local attackers to overwrite files
> via a symlink attack.
> 
> 
> ED_PRI CAN-2000-0468 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0470
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html
> Reference: BID:1290
> Reference: URL:http://www.securityfocus.com/bid/1290
> 
> Allegro RomPager HTTP server allows remote attackers to cause a denial
> of service via a malformed authentication request.
> 
> 
> ED_PRI CAN-2000-0470 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0476
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000601 [rootshell.com] Xterm DoS Attack
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0409.html
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0420.html
> Reference: BID:1298
> Reference: URL:http://www.securityfocus.com/bid/1298
> 
> xterm, Eterm, and rxvt allow an attacker to cause a denial of service
> by embedding certain escape characters which force the window to be
> resized.
> 
> 
> ED_PRI CAN-2000-0476 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0481
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: VULN-DEV:20000601 Kmail heap overflow
> Reference: URL:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez
> Reference: BID:1380
> Reference: URL:http://www.securityfocus.com/bid/1380
> 
> Buffer overflow in KDE Kmail allows a remote attacker to cause a
> denial of service via an attachment with a long file name.
> 
> 
> ED_PRI CAN-2000-0481 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0487
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: MS:MS00-032
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-032.asp
> Reference: BID:1295
> Reference: URL:http://www.securityfocus.com/bid/1295
> 
> The Protected Store in Windows 2000 does not properly select the
> strongest encryption when available, which causes it to use a default
> of 40-bit encryption instead of 56-bit DES encryption, aka the
> "Protected Store Key Length" vulnerability.
> 
> 
> ED_PRI CAN-2000-0487 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0488
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
> Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html
> Reference: BID:1285
> Reference: URL:http://www.securityfocus.com/bid/1285
> 
> Buffer overflow in ITHouse mail server 1.04 allows remote attackers to
> execute arbitrary commands via a long RCPT TO mail command.
> 
> 
> ED_PRI CAN-2000-0488 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0489
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:19990826 Local DoS in FreeBSD
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org
> Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com
> Reference: BID:622
> Reference: URL:http://www.securityfocus.com/bid/622
> 
> FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of
> service by creating a large number of socket pairs using the
> socketpair function, setting a large buffer size via setsockopt, then
> writing large buffers.
> 
> 
> ED_PRI CAN-2000-0489 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0490
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000601 Netwin's Dmail package
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html
> Reference: BID:1297
> Reference: URL:http://www.securityfocus.com/bid/1297
> 
> Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package
> allows remote attackers to execute arbitrary commands via a long ETRN
> request.
> 
> 
> ED_PRI CAN-2000-0490 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0491
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000521 "gdm" remote hole
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0241.html
> Reference: SUSE:20000524 Security hole in gdm <= 2.0beta4-25
> Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_49.txt
> Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - gdm
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0025.html
> Reference: CALDERA:CSSA-2000-013.0
> Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-013.0.txt
> Reference: BID:1233
> Reference: URL:http://www.securityfocus.com/bid/1233
> Reference: BID:1279
> Reference: URL:http://www.securityfocus.com/bid/1279
> Reference: BID:1370
> Reference: URL:http://www.securityfocus.com/bid/1370
> 
> Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and
> wdm allows remote attackers to execute arbitrary commands or cause a
> denial of service via a long FORWARD_QUERY request.
> 
> 
> ED_PRI CAN-2000-0491 3
> 
> 
> VOTE: MODIFY

The BID 1233 vulns is different from the other ones. BID 1233 uses
a FORWARD_QUERY request to overflow an in_addr structure via a memmove
in daemon/xdmcp.c, gdm_xdmcp_handle_forward_query(). In BID 1370
a buffer is overflowed by a sprintf in xdmcp.c, send_failed().

> =================================
> Candidate: CAN-2000-0492
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Insecure encryption in PassWD v1.2
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0450.html
> Reference: BID:1300
> Reference: URL:http://www.securityfocus.com/bid/1300
> 
> PassWD 1.2 uses weak encryption (trivial encoding) to store passwords,
> which allows an attacker who can read the password file to easliy
> decrypt the passwords.
> 
> 
> ED_PRI CAN-2000-0492 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0493
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: VULN-DEV:20000601 Vulnerability in SNTS
> Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html
> Reference: BID:1289
> Reference: URL:http://www.securityfocus.com/bid/1289
> 
> Buffer overflow in Simple Network Time Sync (SMTS) daemon allows
> remote attackers to cause a denial of service via a long command.
> 
> 
> ED_PRI CAN-2000-0493 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0507
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95990195708509&w=2
> Reference: BID:1286
> Reference: URL:http://www.securityfocus.com/bid/1286
> 
> Imate Webmail Server 2.5 allows remote attackers to cause a denial of
> service via a long HELO command.
> 
> 
> ED_PRI CAN-2000-0507 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0509
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000601 DST2K0008: Buffer Overrun in Sambar Server 4.3
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95990103207665&w=2
> Reference: BID:1287
> Reference: URL:http://www.securityfocus.com/bid/1287
> 
> Buffer overflows in the finger and whois demonstration scripts in
> Sambar Server 4.3 allow remote attackers to execute arbitrary commands
> via a long hostname.
> 
> 
> ED_PRI CAN-2000-0509 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0521
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html
> Reference: BID:1313
> Reference: URL:http://www.securityfocus.com/bid/1313
> 
> Savant web server allows remote attackers to read source code of CGI
> scripts via a GET request that does not include the HTTP version
> number.
> 
> 
> ED_PRI CAN-2000-0521 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0524
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000604 Microsoft Outlook (Express) bug..
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0045.html
> Reference: BID:1333
> Reference: URL:http://www.securityfocus.com/bid/1333
> 
> Microsoft Outlook and Outlook Express allow remote attackers to cause
> a denial of service by sending email messages with blank fields such
> as BCC, Reply-To, Return-Path, or From.
> 
> 
> ED_PRI CAN-2000-0524 3
> 
> 
> VOTE: 

There was plenty of people that could not reproduce the problem although
some did. More research (as in actual testing) is probably required.

> =================================
> Candidate: CAN-2000-0544
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000604 anonymous SMBwriteX DoS
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0231.html
> Reference: BID:1304
> Reference: URL:http://www.securityfocus.com/bid/1304
> 
> Windows NT and Windows 2000 hosts allow a remote attacker to cause a
> denial of service via malformed DCE/RPC SMBwriteX requests
> that contain an invalid data length.
> 
> 
> ED_PRI CAN-2000-0544 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0551
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000523 I think
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html
> Reference: BID:1263
> Reference: URL:http://www.securityfocus.com/bid/1263
> 
> The file transfer mechanism in Danware NetOp 6.0 does not provide
> authentication, which allows remote attackers to access and modify
> arbitrary files.
> 
> 
> ED_PRI CAN-2000-0551 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0553
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: unknown
> Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html
> Reference: BID:1308
> Reference: URL:http://www.securityfocus.com/bid/1308
> 
> Race condition in IPFilter firewall 3.4.3 and earlier, when configured
> with overlapping "return-rst" and "keep state" rules, allows remote
> attackers to bypass access restrictions.
> 
> 
> ED_PRI CAN-2000-0553 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0556
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
> Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html
> Reference: BID:1319
> Reference: URL:http://www.securityfocus.com/bid/1319
> 
> Buffer overflow in the web interface for Cmail 2.4.7 allows remote
> attackers to cause a denial of service by sending a large user name to
> the user dialog running on port 8002.
> 
> 
> ED_PRI CAN-2000-0556 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0557
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
> Reference: BID:1318
> Reference: URL:http://www.securityfocus.com/bid/1318
> 
> Buffer overflow in the web interface for Cmail 2.4.7 allows remote
> attackers to execute arbitrary commands via a long GET request.
> 
> 
> ED_PRI CAN-2000-0557 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0564
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000529 ICQ Web Front Remote DoS Attack Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0218.html
> 
> The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b,
> and others allows remote attackers to cause a denial of service via a
> URL with a long name parameter.
> 
> 
> ED_PRI CAN-2000-0564 3
> 
> 
> VOTE: REVIEWING

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Page Last Updated or Reviewed: May 22, 2007