[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-30 - 17 candidates

The following cluster contains 17 candidates that were announced
between 7/21/2000 and 7/27/2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0621
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000726
Category: SF
Reference: MS:MS00-046
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-046.asp
Reference: CERT:CA-2000-14
Reference: URL:http://www.cert.org/advisories/CA-2000-14.html
Reference: BID:1501
Reference: URL:http://www.securityfocus.com/bid/1501

Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x,
allow remote attackers to read files on the client's system via a
malformed HTML message that stores files outside of the cache, aka the
"Cache Bypass" vulnerability.


ED_PRI CAN-2000-0621 1


VOTE:

=================================
Candidate: CAN-2000-0655
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com
Reference: REDHAT:RHSA-2000:046-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046-02.html
Reference: BID:1503
Reference: URL:http://www.securityfocus.com/bid/1503

Netscape Communicator 4.73 and earlier allows remote attackers to
cause a denial of service or execute arbitrary commands via a JPEG
image containing a comment with an illegal field length of 1.


ED_PRI CAN-2000-0655 1


VOTE:

=================================
Candidate: CAN-2000-0663
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-052
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-052.asp
Reference: MSKB:Q269049
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049
Reference: BID:1507
Reference: URL:http://www.securityfocus.com/bid/1507

The registry entry for the Windows Shell executable (Explorer.exe) in
Windows NT and Windows 2000 uses a relative path name, which allows
local users to execute arbitrary commands by inserting a Trojan Horse
named Explorer.exe into the %Systemdrive% directory, aka the "Relative
Shell Path" vulnerability.


ED_PRI CAN-2000-0663 1


VOTE:

=================================
Candidate: CAN-2000-0668
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: REDHAT:RHSA-2000:044-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044-02.html
Reference: BID:1513
Reference: URL:http://www.securityfocus.com/bid/1513

pam_console PAM module in Linux systems allows a user to access the
system console and reboot the system when a display manager such as
gdm or kdm has XDMCP enabled.


ED_PRI CAN-2000-0668 1


VOTE:

=================================
Candidate: CAN-2000-0673
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NAI:20000727 Windows NetBIOS Name Conflicts
Reference: MS:MS00-047
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-047.asp
Reference: BID:1514
Reference: URL:http://www.securityfocus.com/bid/1514
Reference: BID:1515
Reference: URL:http://www.securityfocus.com/bid/1515

The NetBIOS Name Server (NBNS) protocol does not perform
authentication, which allows remote attackers to cause a denial of
service by sending a spoofed Name Conflict or Name Release datagram,
aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.


ED_PRI CAN-2000-0673 1


VOTE:

=================================
Candidate: CAN-2000-0664
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: BID:1508
Reference: URL:http://www.securityfocus.com/bid/1508

AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read
arbitrary files via a modified .. (dot dot) attack that uses the %2E
URL encoding for the dots.


ED_PRI CAN-2000-0664 2


VOTE:

=================================
Candidate: CAN-2000-0671
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html
Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html
Reference: BID:1510
Reference: URL:http://www.securityfocus.com/bid/1510

Roxen web server earlier than 2.0.69 allows allows remote attackers to
list directory contents and read source code by appending a null
character (%00) to the URL.


ED_PRI CAN-2000-0671 2


VOTE:

=================================
Candidate: CAN-2000-0644
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of
service by executing a STAT command while the LIST command is still
executing.


ED_PRI CAN-2000-0644 3


VOTE:

=================================
Candidate: CAN-2000-0645
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of
service by using the RESTART (REST) command and writing beyond the end
of a file, or writing to a file that does not exist, via commands such
as STORE UNIQUE (STOU), STORE (STOR), or APPEND (APPE).


ED_PRI CAN-2000-0645 3


VOTE:

=================================
Candidate: CAN-2000-0646
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506

WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real
pathname for a file by executing a STATUS (STAT) command while the
file is being transferred.


ED_PRI CAN-2000-0646 3


VOTE:

=================================
Candidate: CAN-2000-0647
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of
service by executing an MLST command before logging into the server.


ED_PRI CAN-2000-0647 3


VOTE:

=================================
Candidate: CAN-2000-0652
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html
Reference: BID:1500
Reference: URL:http://www.securityfocus.com/bid/1500

IBM WebSphere allows remote attackers to read source code for
executable web files by directly calling the default InvokerServlet
using a URL which contains the "/servlet/file" string.


ED_PRI CAN-2000-0652 3


VOTE:

=================================
Candidate: CAN-2000-0656
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000724 AnalogX Proxy DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm
Reference: BID:1504
Reference: URL:http://www.securityfocus.com/bid/1504

Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote
attackers to cause a denial of service via a long USER command in the
FTP protocol.


ED_PRI CAN-2000-0656 3


VOTE:

=================================
Candidate: CAN-2000-0657
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000724 AnalogX Proxy DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm
Reference: BID:1504
Reference: URL:http://www.securityfocus.com/bid/1504

Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote
attackers to cause a denial of service via a long HELO command in the
SMTP protocol.


ED_PRI CAN-2000-0657 3


VOTE:

=================================
Candidate: CAN-2000-0658
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000724 AnalogX Proxy DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/proxy.htm
Reference: BID:1504
Reference: URL:http://www.securityfocus.com/bid/1504

Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote
attackers to cause a denial of service via a long USER command in the
POP3 protocol.


ED_PRI CAN-2000-0658 3


VOTE:

=================================
Candidate: CAN-2000-0659
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000724 AnalogX Proxy DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html
Reference: BID:1504
Reference: URL:http://www.securityfocus.com/bid/1504

Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote
attackers to cause a denial of service via a long user ID in a SOCKS4
CONNECT request.


ED_PRI CAN-2000-0659 3


VOTE:

=================================
Candidate: CAN-2000-0672
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html

The default configuration of Jakarta Tomcat does not restrict access
to the /admin context, which allows remote attackers to read arbitrary
files by directly calling the administrative servlets to add a context
for the root directory.


ED_PRI CAN-2000-0672 3


VOTE:
Page Last Updated or Reviewed: May 22, 2007