[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster RECENT-28 - 18 candidates

* Steven M. Christey (coley@LINUS.MITRE.ORG) [000803 02:55]:
> The following cluster contains 18 candidates that were announced
> between 7/7/2000 and 7/12/2000.
> 
> The candidates are listed in order of priority.  Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
> 
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
> 
> - Steve
> 
> 
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
> 
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
> 
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
> 
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
> 
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
> 
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
> 
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
> 
> =================================
> Candidate: CAN-2000-0637
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg
> Reference: MS:MS00-051
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-051.asp
> Reference: BID:1451
> Reference: URL:http://www.securityfocus.com/bid/1451
> 
> Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary
> commands by specifying a malicious .dll using the Register.ID
> function, aka the "Excel REGISTER.ID Function" vulnerability.
> 
> 
> ED_PRI CAN-2000-0637 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0654
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: MS:MS00-041
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp
> Reference: BID:1466
> Reference: URL:http://www.securityfocus.com/bid/1466
> 
> Microsoft Enterprise Manager allows local users to obtain database
> passwords via the Data Transformation Service (DTS) package Registered
> Servers Dialog dialog, aka a variant of the "DTS Password"
> vulnerability.
> 
> 
> ED_PRI CAN-2000-0654 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0670
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html
> Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html
> Reference: DEBIAN:20000716
> Reference: URL:http://www.debian.org/security/2000/20000719b
> Reference: BID:1469
> Reference: URL:http://www.securityfocus.com/bid/1469
> 
> The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with
> write access to a CVS repository to execute arbitrary commands via
> shell metacharacters.
> 
> 
> ED_PRI CAN-2000-0670 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0628
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html
> Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html
> Reference: BID:1457
> Reference: URL:http://www.securityfocus.com/bid/1457
> 
> The source.asp example script in the Apache ASP module Apache::ASP
> 1.93 and earlier allows remote attackers to modify files.
> 
> 
> ED_PRI CAN-2000-0628 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0635
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html
> Reference: BID:1449
> Reference: URL:http://www.securityfocus.com/bid/1449
> 
> The view_page.html sample page in the MiniVend shopping cart program
> allows remote attackers to execute arbitrary commands via shell
> metacharacters.
> 
> 
> ED_PRI CAN-2000-0635 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0638
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html
> Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html
> Reference: CONFIRM:http://bb4.com/README.CHANGES
> Reference: BID:1455
> Reference: URL:http://www.securityfocus.com/bid/1455
> 
> Big Brother 1.4h1 and earlier allows remote attackers to read
> arbitrary files via a .. (dot dot) attack.
> 
> 
> ED_PRI CAN-2000-0638 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0639
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: CF
> Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
> Reference: BID:1494
> Reference: URL:http://www.securityfocus.com/bid/1494
> 
> The default configuration of Big Brother 1.4h2 and earlier does not
> include proper access restrictions, which allows remote attackers to
> execute arbitrary commands by using bbd to upload a file whose
> extension will cause it to be executed as a CGI script by the web
> server.
> 
> 
> ED_PRI CAN-2000-0639 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0650
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: CF
> Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5
> Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753
> Reference: BID:1458
> Reference: URL:http://www.securityfocus.com/bid/1458
> 
> The default installation of VirusScan 4.5 and NetShield 4.5 has
> insecure permissions for the registry key that identifies the
> AutoUpgrade directory, which allows local users to execute arbitrary
> commands by replacing SETUP.EXE in that directory with a Trojan Horse.
> 
> 
> ED_PRI CAN-2000-0650 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0629
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: CF
> Reference: BUGTRAQ:20000711 Sun's Java Web Server remote command execution vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0163.html
> Reference: MISC:http://www.sun.com/software/jwebserver/faq/jwsca-2000-02.html
> Reference: BID:1459
> Reference: URL:http://www.securityfocus.com/bid/1459
> 
> The default configuration of the Sun Java web server 2.0 and earlier
> allows remote attackers to execute arbitrary commands by uploading
> Java code to the server via board.html, then directly calling the JSP
> compiler servlet.
> 
> 
> ED_PRI CAN-2000-0629 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0640
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
> Reference: BID:1452
> Reference: URL:http://www.securityfocus.com/bid/1452
> 
> Guild FTPd allows remote attackers to determine the existence of files
> outside the FTP root via a .. (dot dot) attack, which provides
> different error messages depending on whether the file exists or not.
> 
> 
> ED_PRI CAN-2000-0640 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0641
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
> Reference: BID:1453
> Reference: URL:http://www.securityfocus.com/bid/1453
> 
> Savant web server allows remote attackers to execute arbitrary
> commands via a long GET request.
> 
> 
> ED_PRI CAN-2000-0641 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0642
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: CF
> Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
> Reference: BID:1497
> Reference: URL:http://www.securityfocus.com/bid/1497
> 
> The default configuration of WebActive HTTP Server 1.00 stores the web
> access log active.log in the document root, which allows remote
> attackers to view the logs by directly requesting the page.
> 
> 
> ED_PRI CAN-2000-0642 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0648
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000711 WFTPD/WFTPD Pro 2.41 RC10 denial-of-service
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=E13BvU6-0007d8-00@dwarf.box.sk
> Reference: BID:1456
> Reference: URL:http://www.securityfocus.com/bid/1456
> 
> WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of
> service by executing the RENAME TO (RNTO) command before a RENAME FROM
> (RNFR) command.
> 
> 
> ED_PRI CAN-2000-0648 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0651
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com
> Reference: BID:1440
> Reference: URL:http://www.securityfocus.com/bid/1440
> 
> The ClientTrust program in Novell BorderManager does not properly
> verify the origin of authentication requests, which could allow remote
> attackers to impersonate another user by replaying the authentication
> requests and responses from port 3024 of the victim's machine.
> 
> 
> ED_PRI CAN-2000-0651 3
> 
> 
> VOTE: ACCEPT
>  
> =================================
> Candidate: CAN-2000-0660
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html
> Reference: BID:1462
> Reference: URL:http://www.securityfocus.com/bid/1462
> 
> The WDaemon web server for WorldClient 2.1 allows remote attackers to
> read arbitrary files via a .. (dot dot) attack.
> 
> 
> ED_PRI CAN-2000-0660 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0661
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html
> Reference: BID:1448
> Reference: URL:http://www.securityfocus.com/bid/1448
> 
> WircSrv IRC Server 5.07s allows remote attackers to cause a denial of
> service via a long string to the server port.
> 
> 
> ED_PRI CAN-2000-0661 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0669
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au
> Reference: BID:1467
> Reference: URL:http://www.securityfocus.com/bid/1467
> 
> Novell Netware 5.0 allows remote attackers to cause a denial of
> service by flooding port 40193 with random data.
> 
> 
> ED_PRI CAN-2000-0669 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0674
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000712 ftp.pl vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html
> Reference: BID:1471
> Reference: URL:http://www.securityfocus.com/bid/1471
> 
> ftp.pl CGI program for Virtual Visions FTP browser allows remote
> attackers to read directories outside of the document root via a
> .. (dot dot) attack.
> 
> 
> ED_PRI CAN-2000-0674 3
> 
> 
> VOTE: ACCEPT

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Page Last Updated or Reviewed: May 22, 2007