[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster RECENT-23 - 34 candidates

* Steven M. Christey (coley@LINUS.MITRE.ORG) [000712 02:12]:
> The following cluster contains 34 candidates that were announced
> between 6/6/2000 and 6/13/2000.
> 
> The candidates are listed in order of priority.  Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
> 
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
> 
> - Steve
> 
> 
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
> 
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
> 
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
> 
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
> 
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
> 
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
> 
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
> 
> =================================
> Candidate: CAN-2000-0472
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html
> Reference: CALDERA:CSSA-2000-016.0
> Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt
> Reference: BID:1316
> Reference: URL:http://www.securityfocus.com/bid/1316
> 
> Buffer overflow in innd 2.2.2 allows remote attackers to execute
> arbitrary commands via a cancel request containing a long message ID.
> 
> 
> ED_PRI CAN-2000-0472 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0525
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege.
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
> Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.
> Reference: URL:http://www.openbsd.org/errata.html#uselogin
> Reference: BID:1334
> Reference: URL:http://www.securityfocus.com/bid/1334
> 
> OpenSSH does not properly drop privileges when the UseLogin option is
> enabled, which allows local users to execute arbitrary commands by
> providing the command to the ssh daemon.
> 
> 
> ED_PRI CAN-2000-0525 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0532
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: CF
> Reference: FREEBSD:FreeBSD-SA-00:21
> Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html
> Reference: BID:1323
> Reference: URL:http://www.securityfocus.com/bid/1323
> 
> A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port
> 722 as well as port 22, which might allow remote attackers to access
> SSH through port 722 even if port 22 is otherwise filtered.
> 
> 
> ED_PRI CAN-2000-0532 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0534
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: FREEBSD:FreeBSD-SA-00:22 Security Advisory
> Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0030.html
> Reference: BID:1325
> Reference: URL:http://www.securityfocus.com/bid/1325
> 
> The apsfilter software in the FreeBSD ports package does not properly
> read user filter configurations, which allows local users to execute
> commands as the lpd user.
> 
> 
> ED_PRI CAN-2000-0534 1
> 
> 
> VOTE: aCCEPT
> 
> =================================
> Candidate: CAN-2000-0538
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96045469627806&w=2
> Reference: ALLAIRE:ASB00-14
> Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
> Reference: BID:1314
> Reference: URL:http://www.securityfocus.com/bid/1314
> 
> ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows
> remote attackers to cause a denial of service via a long login
> password.
> 
> 
> ED_PRI CAN-2000-0538 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0548
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
> Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
> Reference: CERT:CA-2000-11
> Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
> Reference: CIAC:K-051
> Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
> Reference: BID:1338
> Reference: URL:http://www.securityfocus.com/bid/1338
> 
> Buffer overflow in Kerberos 4 KDC program allows remote attackers to
> cause a denial of service via the e_msg variable in the kerb_err_reply
> function.
> 
> 
> ED_PRI CAN-2000-0548 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0549
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
> Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
> Reference: CERT:CA-2000-11
> Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
> Reference: CIAC:K-051
> Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
> 
> Kerberos 4 KDC program does not properly check for null termination of
> AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause
> a denial of service via a malformed request.
> 
> 
> ED_PRI CAN-2000-0549 1
> 
> 
> VOTE: REVIEWING
> 
> =================================
> Candidate: CAN-2000-0550
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
> Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
> Reference: CERT:CA-2000-11
> Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
> Reference: CIAC:K-051
> Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
> 
> Kerberos 4 KDC program improperly frees memory twice (aka
> "double-free"), which allows remote attackers to cause a denial of
> service.
> 
> 
> ED_PRI CAN-2000-0550 1
> 
> 
> VOTE: REVIWEING
> 
> =================================
> Candidate: CAN-2000-0497
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html
> Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html
> Reference: BID:1328
> Reference: URL:http://www.securityfocus.com/bid/1328
> 
> IBM WebSphere server 3.0.2 allows a remote attacker to view source
> code of a JSP program by requesting a URL which provides the JSP
> extension in upper case.
> 
> 
> ED_PRI CAN-2000-0497 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0506
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl
> Reference: BUGTRAQ:20000609 Trustix Security Advisory
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html
> Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html
> Reference: BID:1322
> Reference: URL:http://www.securityfocus.com/bid/1322
> Reference: TURBO:TLSA2000013-1
> Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-June/000012.html
> 
> The "capabilities" feature in Linux before 2.2.16 allows local users
> to cause a denial of service or gain privileges by setting the
> capabilities to prevent a setuid program from dropping privileges, aka
> the "Linux kernel setuid/setcap vulnerability."
> 
> 
> ED_PRI CAN-2000-0506 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0515
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: CF
> Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org
> Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com
> Reference: BID:1327
> Reference: URL:http://www.securityfocus.com/bid/1327
> 
> The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX
> 11.0 is world writable, which allows local users to modify SNMP
> configuration or gain privileges.
> 
> 
> ED_PRI CAN-2000-0515 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0482
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html
> Reference: BID:1312
> Reference: URL:http://www.securityfocus.com/bid/1312
> 
> Check Point Firewall-1 allows remote attackers to cause a denial of
> service by sending a large number of malformed fragmented IP packets.
> 
> 
> ED_PRI CAN-2000-0482 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0498
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
> Reference: BID:1328
> Reference: URL:http://www.securityfocus.com/bid/1328
> 
> Unify eWave ServletExec allows a remote attacker to view source code
> of a JSP program by requesting a URL which provides the JSP extension
> in upper case.
> 
> 
> ED_PRI CAN-2000-0498 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0499
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
> Reference: BID:1328
> Reference: URL:http://www.securityfocus.com/bid/1328
> 
> BEA WebLogic allows a remote attacker to view source code of a JSP
> program by requesting a URL which provides the JSP extension in upper
> case.
> 
> 
> ED_PRI CAN-2000-0499 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0502
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html
> Reference: BID:1326
> Reference: URL:http://www.securityfocus.com/bid/1326
> 
> Mcafee VirusScan 4.03 does not properly restrict access to the alert
> text file before it is sent to the Central Alert Server, which allows
> local users to modify alerts in an arbitrary fashion.
> 
> 
> ED_PRI CAN-2000-0502 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0503
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000606 IE 5 Cross-frame security vulnerability using IFRAME and WebBrowser control
> Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0154.html
> Reference: BID:1311
> Reference: URL:http://www.securityfocus.com/bid/1311
> 
> The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows
> a remote attacker to violate the cross frame security policy via the
> NavigateComplete2 event.
> 
> 
> ED_PRI CAN-2000-0503 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0508
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html
> Reference: BID:1372
> Reference: URL:http://www.securityfocus.com/bid/1372
> 
> rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to
> cause a denial of service via a malformed request.
> 
> 
> ED_PRI CAN-2000-0508 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0516
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html
> Reference: BID:1329
> Reference: URL:http://www.securityfocus.com/bid/1329
> 
> When configured to store configuration information in an LDAP
> directory, Shiva Access Manager 5.0.0 stores the root DN
> (Distinguished Name) name and password in cleartext in a file that is
> world readable, which allows local users to compromise the LDAP
> server.
> 
> 
> ED_PRI CAN-2000-0516 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0520
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000630 CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96240393814071&w=2
> Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=11880
> Reference: BID:1330
> Reference: URL:http://www.securityfocus.com/bid/1330
> 
> Buffer overflow in restore program 0.4b17 and earlier in dump package
> allows local users to execute arbitrary commands via a long tape name.
> 
> 
> ED_PRI CAN-2000-0520 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0522
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk
> Reference: BID:1332
> Reference: URL:http://www.securityfocus.com/bid/1332
> 
> RSA ACE/Server allows remote attackers to cause a denial of service by
> flooding the server's authentication request port with UDP packets,
> which causes the server to crash.
> 
> 
> ED_PRI CAN-2000-0522 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0523
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF/CF/MP/SA/AN/unknown
> Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
> Reference: BID:1315
> Reference: URL:http://www.securityfocus.com/bid/1315
> 
> Buffer overflow in the logging feature of EServ 2.9.2 and earlier
> allows an attacker to execute arbitrary commands via a long MKD
> command.
> 
> 
> ED_PRI CAN-2000-0523 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0526
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Mailstudio2000 CGI Vulnerabilities [S0ftPj.4]
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html
> Reference: BID:1335
> Reference: URL:http://www.securityfocus.com/bid/1335
> 
> mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows
> remote attackers to read arbitrary files via a .. (dot dot) attack.
> 
> 
> ED_PRI CAN-2000-0526 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0527
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Mailstudio2000 CGI Vulnerabilities [S0ftPj.4]
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0081.html
> Reference: BID:1335
> Reference: URL:http://www.securityfocus.com/bid/1335
> 
> userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows
> remote attackers to execute arbitrary commands via shell
> metacharacters.
> 
> 
> ED_PRI CAN-2000-0527 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0535
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: FREEBSD:FreeBSD-SA-00:25
> Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html
> Reference: BID:1340
> Reference: URL:http://www.securityfocus.com/bid/1340
> 
> OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the
> existence of the /dev/random or /dev/urandom devices, which are absent
> on FreeBSD Alpha systems, which causes them to produce weak keys which
> may be more easily broken.
> 
> 
> ED_PRI CAN-2000-0535 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0542
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
> Reference: BID:1345
> Reference: URL:http://www.securityfocus.com/bid/1345
> 
> Tigris remote access server before 11.5.4.22 does not properly record
> Radius accounting information when a user fails the initial login
> authentication but subsequently succeeds.
> 
> 
> ED_PRI CAN-2000-0542 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0546
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
> Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
> Reference: CERT:CA-2000-11
> Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
> Reference: CIAC:K-051
> Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
> Reference: BID:1338
> Reference: URL:http://www.securityfocus.com/bid/1338
> 
> Buffer overflow in Kerberos 4 KDC program allows remote attackers to
> cause a denial of service via the lastrealm variable in the set_tgtkey
> function.
> 
> 
> ED_PRI CAN-2000-0546 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0547
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
> Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
> Reference: CERT:CA-2000-11
> Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
> Reference: CIAC:K-051
> Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
> Reference: BID:1338
> Reference: URL:http://www.securityfocus.com/bid/1338
> 
> Buffer overflow in Kerberos 4 KDC program allows remote attackers to
> cause a denial of service via the localrealm variable in the
> process_v4 function.
> 
> 
> ED_PRI CAN-2000-0547 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0552
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html
> Reference: BID:1307
> Reference: URL:http://www.securityfocus.com/bid/1307
> 
> ICQwebmail client for ICQ 2000A creates a world readable temporary
> file during login and does not delete it, which allows local users to
> obtain sensitive information.
> 
> 
> ED_PRI CAN-2000-0552 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0554
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
> Reference: BID:1320
> Reference: URL:http://www.securityfocus.com/bid/1320
> 
> Ceilidh allows remote attackers to obtain the real path of the Ceilidh
> directory via the translated_path hidden form field.
> 
> 
> ED_PRI CAN-2000-0554 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0555
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
> Reference: BID:1320
> Reference: URL:http://www.securityfocus.com/bid/1320
> 
> Ceilidh allows remote attackers to cause a denial of service via a
> large number of POST requests.
> 
> 
> ED_PRI CAN-2000-0555 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0558
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html
> Reference: BID:1317
> Reference: URL:http://www.securityfocus.com/bid/1317
> 
> Buffer overflow in HP Openview Network Node Manager 6.1 allows remote
> attackers to execute arbitrary commands via the Alarm service
> (OVALARMSRV) on port 2345.
> 
> 
> ED_PRI CAN-2000-0558 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0559
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000607 SessionWall-3 Paper + (links to) code
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSO.4.21.0006072124320.28062-100000@bearclaw.bogus.net
> Reference: BID:1341
> Reference: URL:http://www.securityfocus.com/bid/1341
> 
> eTrust Intrusion Detection System (formerly SessionWall-3) uses weak
> encryption (XOR) to store administrative passwords in the registry,
> which allows local users to easily decrypt the passwords.
> 
> 
> ED_PRI CAN-2000-0559 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0563
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000609 Security Holes Found in URLConnection of MRJ and IE of Mac OS (was Re: Reappearance of an old IE security bug)
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0056.html
> Reference: BUGTRAQ:20000513 Re: Reappearance of an old IE security bug
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-05-8&msg=391C95DE2DA.5E3BTAKAGI@java-house.etl.go.jp
> Reference: BID:1336
> Reference: URL:http://www.securityfocus.com/bid/1336
> 
> The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier
> and the Microsoft virtual machine (VM) for MacOS allows a malicious
> web site operator to connect to arbitrary hosts using a HTTP
> redirection, in violation of the Java security model.
> 
> 
> ED_PRI CAN-2000-0563 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0565
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000712
> Assigned: 20000711
> Category: SF
> Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html
> Reference: BID:1344
> Reference: URL:http://www.securityfocus.com/bid/1344
> 
> SmartFTP Daemon 0.2 allows a local user to access arbitrary files by
> uploading and specifying an alternate user configuration file via a
> .. (dot dot) attack.
> 
> 
> ED_PRI CAN-2000-0565 3
> 
> 
> VOTE: ACCEPT

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Page Last Updated or Reviewed: May 22, 2007