[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: PROPOSAL: Cluster 21 - MORELOW (37 candidates)



=================================
Candidate: CAN-1999-0012
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: CERT:CA-98.04.Win32.WebServers

Some web servers under Microsoft Windows allow remote attackers
to bypass access restrictions for files with long file names.

VOTE: Accept

=================================
Candidate: CAN-1999-0063
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: AUSCERT:ESB-98.197
Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml

Cisco IOS 12.0 and other versions can be crashed by nmap UDP scans

VOTE: Accept

=================================
Candidate: CAN-1999-0123
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: XF:linux-mailx

Race condition in Linux mailx command allows local users to
read user files.

VOTE: Accept

=================================
Candidate: CAN-1999-0125
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: XF:si-mailx-bo
Reference: SGI:19980605-01-PX

Buffer overflow in SGI IRIX mailx program.

VOTE: Accept

=================================
Candidate: CAN-1999-0234
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: XF:bash-cmd

Bash treats any character with a value of 255 as a command separator.

VOTE: Accept

=================================
Candidate: CAN-1999-0275
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: XF:nt-dns-crash
Reference: MS:Q169461

Denial of service in Windows NT DNS servers by flooding the server.

VOTE: Accept

=================================
Candidate: CAN-1999-0299
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: NAI:NAI-9

Buffer overflow in FreeBSD lpd through long DNS hostnames.

VOTE: Accept

=================================
Candidate: CAN-1999-0355
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely
Possible/32) enterprise management software
Reference: XF:controlit-reboot

Local or remote users can force ControlIT 4.5 to reboot or force a
user to log out, resulting in a denial of service.

VOTE: Accept

=================================
Candidate: CAN-1999-0362
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: EEYE:AD02021999
Reference: XF:wsftp-remote-dos
Reference: SF:217

WS_FTP server remote denial of service through cwd command.

VOTE: Accept

=================================
Candidate: CAN-1999-0363
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb02,1999
Reference: XF:plp-lpc-bo
Reference: SF:328

SuSe 5.2 PLP lpc program has a buffer overflow that leads to root
compromise.

VOTE: Accept

=================================
Candidate: CAN-1999-0365
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb04,1999
Reference: XF:metamail-header-commands

The metamail package allows remote command execution using shell
metacharacters that are not quoted in a mailcap entry.

VOTE: Accept

=================================
Candidate: CAN-1999-0371
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb11,1999
Reference: XF:lynx-temp-files-race

Lynx allows a local user to overwrite sensitive files through /tmp
symlinks.

VOTE: Accept

=================================
Candidate: CAN-1999-0380
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb25,1999
Reference: SF:497

SLMail 3.2 or 3.1 allows local users to access any file in the
NTFS file system when the Remote Administration Service (RAS) is
enabled.

VOTE: Accept

=================================
Candidate: CAN-1999-0381
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb26,1999
Reference: Sekure:SUPER's log function buffer overflow
Reference: XF:linux-super-logging-bo
Reference: SF:342

super 3.11.6 and other versions have a buffer overflow in the syslog
utility which allows a local user to gain root access.

VOTE: Accept

=================================
Candidate: CAN-1999-0383
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb02,1999
Reference: XF:acc-tigris-login

ACC Tigris allowed public access without a login.

VOTE: Accept

=================================
Candidate: CAN-1999-0392
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan10,1999
Reference: XF:http-cgic-library-bo

Buffer overflow in Thomas Boutell's cgic library version 1.05.

VOTE: Accept

=================================
Candidate: CAN-1999-0402
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb2,1999
Reference: XF:wget-permissions
Reference: DEBIAN:19990220

wget 1.5.3 follows symlinks to change permissions of the target file
instead of the symlink itself.

VOTE: Accept

=================================
Candidate: CAN-1999-0404
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb14,1999
Reference: XF:mailmax-bo

Buffer overflow in the Mail-Max SMTP server for Windows systems allows
remote command execution.

VOTE: Accept

=================================
Candidate: CAN-1999-0408
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb19,1999
Reference: XF:cobalt-raq-history-exposure
Reference: SF:337

Files created from interactive shell sessions in Cobalt RaQ
microservers (e.g. .bash_history) are world readable, and thus are
accessible from the web server.

VOTE: Accept

=================================
Candidate: CAN-1999-0409
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar4,1999
Reference: XF:gnuplot-home-overflow
Reference: SF:319

Buffer overflow in gnuplot in Linux version 3.5 allows local users to
obtain root access.

VOTE: Accept

=================================
Candidate: CAN-1999-0410
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar5,1999
Reference: XF:sol-cancel
Reference: SF:293

The cancel command in Solaris 2.6 (i386) has a buffer overflow that
allows local users to obtain root access.

VOTE: Accept

=================================
Candidate: CAN-1999-0412
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb19,1999
Reference: XF:iis-isapi-execute
Reference: SF:501

In IIS and other web servers, an attacker can attack commands as
SYSTEM if the server is running as SYSTEM and loading an ISAPI
extension.

VOTE: Noop

=================================
Candidate: CAN-1999-0417
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Mar9,1999
Reference: XF:solaris-psinfo-crash
Reference: SF:448

64 bit Solaris 7 procfs allows local users to perform a denial of
service.

VOTE: Accept

=================================
Candidate: CAN-1999-0424
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: SUSE:Mar18,1999
Reference: XF:netscape-talkback-overwrite

talkback in Netscape 4.5 allows a local user to overwrite
arbitrary files of another user whose Netscape crashes.

VOTE: Accept

=================================
Candidate: CAN-1999-0425
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: SUSE:Mar18,1999
Reference: XF:netscape-talkback-kill

talkback in Netscape 4.5 allows a local user to kill an arbitrary
process of another user whose Netscape crashes.

VOTE: Accept

=================================
Candidate: CAN-1999-0429
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: CF
Reference: BUGTRAQ:Mar23,1999
Reference: XF:lotus-client-encryption

The Lotus Notes 4.5 client may send a copy of encrypted mail in the
clear across the network if the user does not set the "Encrypt Saved
Mail" preference.

VOTE: Accept

=================================
Candidate: CAN-1999-0439
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Apr4,1999
Reference: XF:procmail-overflow

Buffer overflow in procmail before version 3.12 allows remote
execution, or local attackers to gain privileges.

VOTE: Accept

=================================
Candidate: CAN-1999-0440
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Apr4,1999
Reference: XF:java-unverified-code

The byte code verifier component of the Java Virtual Machine (JVM)
allows remote execution through malicious web pages.

VOTE: Accept

=================================
Candidate: CAN-1999-0441
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: EEYE:AD02221999
Reference: XF:wingate-redirector-dos
Reference: SF:509

Remote attackers can perform a denial of service in WinGate machines
using a buffer overflow in the Winsock Redirector Service.

VOTE: Accept

=================================
Candidate: CAN-1999-0442
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan7,1999
Reference: SF:327

Solaris ff.core allows local users to modify files.

VOTE: Accept

=================================
Candidate: CAN-1999-0448
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: XF:iis-http-request-logging

IIS 4.0 and Apache log HTTP request methods, regardless of how long
they are, allowing a remote attacker to hide the URL they really
request.

VOTE: Noop

=================================
Candidate: CAN-1999-0450
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan22,1999
Reference: SF:194

In IIS, an attacker could determine a real path using a request for a
non-existent URLs that would be interpreted by Perl (perl.exe) .

VOTE: Accept

=================================
Candidate: CAN-1999-0451
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan19,1999
Reference: SF:343

Denial of service in Linux 2.0.36 allows local users to prevent
any server from listening on any non-privileged port.

VOTE: Accept

=================================
Candidate: CAN-1999-0455
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: ALLAIRE:ASB-001
Reference: XF:coldfusion-expression-evaluator
Reference: SF:115

The Expression Evaluator sample application in ColdFusion allows
remote attackers to read or delete files on the server.

VOTE: Accept

=================================
Candidate: CAN-1999-0457
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Jan17,1999
Reference: DEBIAN:19990117
Reference: XF:ftpwatch-vuln
Reference: SF:317

Linux ftpwatch program allows local users to gain root privileges.

VOTE: Modify

A little vague.

=================================
Candidate: CAN-1999-0460
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: BUGTRAQ:Feb18,1999
Reference: SF:312

Buffer overflow in Linux autofs module through long directory names
allows local users to perform a denial of service.

VOTE: Accept

=================================
Candidate: CAN-1999-0477
Published:
Final-Decision:
Interim-Decision:
Modified:
Announced: 19990726
Assigned: 19990607
Category: SF
Reference: L0PHT:Cold Fusion App Server
Reference: XF:coldfusion-expression-evaluator
Reference: SF:115

The Expression Evaluator in the ColdFusion Application Server allows a
remote attacker to execute commands by uploading a file.

VOTE: Accept

Page Last Updated or Reviewed: May 22, 2007