[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PROPOSAL] Cluster RECENT-29 - 20 candidates

* Steven M. Christey (coley@LINUS.MITRE.ORG) [000803 02:57]:
> The following cluster contains 20 candidates that were announced
> between 7/13/2000 and 7/20/2000.
> 
> The candidates are listed in order of priority.  Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
> 
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
> 
> - Steve
> 
> 
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
> 
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
> 
> 1) Please write your vote on the line that starts with "VOTE: ".  If
>    you want to add comments or details, add them to lines after the
>    VOTE: line.
> 
> 2) If you see any missing references, please mention them so that they
>    can be included.  References help greatly during mapping.
> 
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
>    So if you don't have sufficient information for a candidate but you
>    don't want to NOOP, use a REVIEWING.
> 
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
> 
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
> 
> =================================
> Candidate: CAN-2000-0622
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: NAI:20000719 O'Reilly WebSite Professional Overflow
> Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2424
> Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt
> Reference: BID:1487
> Reference: URL:http://www.securityfocus.com/bid/1487
> 
> Buffer overflow in Webfind CGI program in O'Reilly WebSite
> Professional web server 2.x allows remote attackers to execute
> arbitrary commands via a URL containing a long "keywords" parameter.
> 
> 
> ED_PRI CAN-2000-0622 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0630
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: MS:MS00-044
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
> Reference: BID:1488
> Reference: URL:http://www.securityfocus.com/bid/1488
> 
> IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source
> code by appending a +.htr to the URL, a variant of the "File Fragment
> Reading via .HTR" vulnerability.
> 
> 
> ED_PRI CAN-2000-0630 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0631
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: MS:MS00-044
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
> Reference: BID:1476
> Reference: URL:http://www.securityfocus.com/bid/1476
> 
> An administrative script from IIS 3.0, later included in IIS 4.0 and
> 5.0, allows remote attackers to cause a denial of service by accessing
> the script without a particular argument, aka the "Absent Directory
> Browser Argument" vulnerability.
> 
> 
> ED_PRI CAN-2000-0631 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0632
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0222.html
> Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1
> Reference: BID:1490
> Reference: URL:http://www.securityfocus.com/bid/1490
> 
> Buffer overflow in the web archive component ot L-Soft Listserv 1.8d
> and earlier allows remote attackers to execute arbitrary commands via
> a long query string.
> 
> 
> ED_PRI CAN-2000-0632 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0653
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: MS:MS00-045
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-045.asp
> Reference: BID:1502
> Reference: URL:http://www.securityfocus.com/bid/1502
> 
> Microsoft Outlook Express allows remote attackers to monitor a user's
> email by creating a persistent browser link to the Outlook Express
> windows, aka the "Persistent Mail-Browser Link" vulnerability.
> 
> 
> ED_PRI CAN-2000-0653 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0666
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
> Reference: DEBIAN:20000715 rpc.statd: remote root exploit
> Reference: URL:http://www.debian.org/security/2000/20000719a
> Reference: REDHAT:RHSA-2000:043-03
> Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043-03.html
> Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
> Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
> Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html
> Reference: CALDERA:CSSA-2000-025.0
> Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
> Reference: BID:1480
> Reference: URL:http://www.securityfocus.com/bid/1480
> 
> rpc.statd in the nfs-utils package in various Linux distributions does
> not properly cleanse untrusted format strings, which allows remote
> attackers to gain root privileges.
> 
> 
> ED_PRI CAN-2000-0666 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0667
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: CALDERA:CSSA-2000-024.0
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0273.html
> Reference: BID:1512
> Reference: URL:http://www.securityfocus.com/bid/1512
> 
> Vulnerability in gpm in Caldera Linux allows local users to delete
> arbitrary files or conduct a denial of service.
> 
> 
> ED_PRI CAN-2000-0667 1
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0633
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html
> Reference: BID:1489
> Reference: URL:http://www.securityfocus.com/bid/1489
> 
> Vulnerability in Mandrake Linux usermode package allows local users to
> to reboot or halt the system.
> 
> 
> ED_PRI CAN-2000-0633 2
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0623
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: NTBUGTRAQ:20000719 Alert: Buffer Overrun is O'Reilly WebsitePro httpd32.exe (CISADV000717)
> Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=5946
> Reference: BID:1492
> Reference: URL:http://www.securityfocus.com/bid/1492
> 
> Buffer overflow in O'Reilly WebSite Professional web server 2.4 and
> earlier allows remote attackers to execute arbitrary commands via a
> long GET request or Referrer header.
> 
> 
> ED_PRI CAN-2000-0623 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0624
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html
> Reference: BID:1496
> Reference: URL:http://www.securityfocus.com/bid/1496
> 
> Buffer overflow in WinAmp 2.64 and earlier allows remote attackers to
> execute arbitrary commands via a long #EXTINF: extension in the M3U
> playlist.
> 
> 
> ED_PRI CAN-2000-0624 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0625
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: L0PHT:20000718 NetZero Password Encryption Algorithm
> Reference: URL:http://www.l0pht.com/advisories/netzero.txt
> Reference: BID:1483
> Reference: URL:http://www.securityfocus.com/bid/1483
> 
> NetZero 3.0 and earlier uses weak encryption for storing a user's
> login information, which allows a local user to decrypt the password.
> 
> 
> ED_PRI CAN-2000-0625 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0626
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000718 Multiple bugs in Alibaba 2.0
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html
> Reference: BID:1482
> Reference: URL:http://www.securityfocus.com/bid/1482
> 
> Buffer overflow in Alibaba web server allows remote attackers to cause
> a denial of service via a long GET request.
> 
> 
> ED_PRI CAN-2000-0626 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0627
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html
> Reference: BID:1486
> Reference: URL:http://www.securityfocus.com/bid/1486
> 
> BlackBoard CourseInfo 4.0 does not properly authenticate users, which
> allows local users to modify CourseInfo database information and gain
> privileges by directly calling the supporting CGI programs such as
> user_update_passwd.pl and user_update_admin.pl.
> 
> 
> ED_PRI CAN-2000-0627 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0634
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html
> Reference: BID:1493
> Reference: URL:http://www.securityfocus.com/bid/1493
> 
> The web administration interface for CommuniGate Pro 3.2.5 and earlier
> allows remote attackers to read arbitrary files via a .. (dot dot)
> attack.
> 
> 
> ED_PRI CAN-2000-0634 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0636
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html
> Reference: BID:1491
> Reference: URL:http://www.securityfocus.com/bid/1491
> 
> HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow
> remote attackers to cause a denial of service via a malformed FTP
> quote command.
> 
> 
> ED_PRI CAN-2000-0636 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0643
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
> Reference: BID:1470
> Reference: URL:http://www.securityfocus.com/bid/1470
> 
> Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers
> to cause a denial of service via a long URL.
> 
> 
> ED_PRI CAN-2000-0643 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0649
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: NTBUGTRAQ:20000713 IIS4 Basic authentication realm issue
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html
> Reference: BID:1499
> Reference: URL:http://www.securityfocus.com/bid/1499
> 
> IIS 4.0 allows remote attackers to obtain the internal IP address of
> the server via an HTTP 1.0 request for a web page which is protected
> by basic authentication and has no realm defined.
> 
> 
> ED_PRI CAN-2000-0649 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0662
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg
> Reference: BID:1474
> Reference: URL:http://www.securityfocus.com/bid/1474
> 
> Internet Explorer 5.x and Microsoft Outlook allows remote attackers to
> read arbitrary files by redirecting the contents of an IFRAME using
> the DHTML Edit Control (DHTMLED).
> 
> 
> ED_PRI CAN-2000-0662 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0665
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
> Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html
> Reference: BID:1478
> Reference: URL:http://www.securityfocus.com/bid/1478
> 
> AMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to
> cause a denial of service via a long username.
> 
> 
> ED_PRI CAN-2000-0665 3
> 
> 
> VOTE: ACCEPT
> 
> =================================
> Candidate: CAN-2000-0675
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000803
> Assigned: 20000802
> Category: SF
> Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion
> Reference: BID:1477
> Reference: URL:http://www.securityfocus.com/bid/1477
> 
> Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote
> attackers to execute arbitrary commands via a long string.
> 
> 
> ED_PRI CAN-2000-0675 3
> 
> 
> VOTE: ACCEPT

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
Page Last Updated or Reviewed: May 22, 2007