[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[FINAL] ACCEPT 25 candidates from WEB cluster
I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below. The
resulting CVE entries will be published in the near future in a new
version of CVE. Voting details and comments are provided at the end
of this report.
- Steve
Candidate CVE Name
--------- ----------
CAN-1999-0685 CVE-1999-0685
CAN-1999-0695 CVE-1999-0695
CAN-1999-0699 CVE-1999-0699
CAN-1999-0744 CVE-1999-0744
CAN-1999-0751 CVE-1999-0751
CAN-1999-0752 CVE-1999-0752
CAN-1999-0762 CVE-1999-0762
CAN-1999-0807 CVE-1999-0807
CAN-1999-0809 CVE-1999-0809
CAN-1999-0876 CVE-1999-0876
CAN-1999-0883 CVE-1999-0883
CAN-1999-0884 CVE-1999-0884
CAN-1999-0887 CVE-1999-0887
CAN-1999-0892 CVE-1999-0892
CAN-1999-0915 CVE-1999-0915
CAN-1999-0933 CVE-1999-0933
CAN-1999-0934 CVE-1999-0934
CAN-1999-0935 CVE-1999-0935
CAN-1999-0936 CVE-1999-0936
CAN-1999-0937 CVE-1999-0937
CAN-1999-0943 CVE-1999-0943
CAN-1999-0947 CVE-1999-0947
CAN-1999-0951 CVE-1999-0951
CAN-1999-0953 CVE-1999-0953
CAN-1999-0967 CVE-1999-0967
=================================
Candidate: CAN-1999-0685
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow
Reference: BID:618
Buffer overflow in Netscape Communicator via EMBED tags in the
pluginspage option.
Modifications:
DESC Add pluginspage option
INFERRED VOTE: CAN-1999-0685 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
COMMENTS:
Cole> This is located in the buffer is in the 'plugins page' option. This
Cole> vulnerability can be exploited by a malicious webpage.
=================================
Candidate: CAN-1999-0695
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs
Reference: XF:http-powerdynamo-dotdotslash
Reference: BID:620
The Sybase PowerDynamo personal web server allows attackers to
read arbitrary files through a .. (dot dot) attack.
Modifications:
CHANGEREF BUGTRAQ [add date]
INFERRED VOTE: CAN-1999-0695 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
COMMENTS:
Cole> It allows the entire drive to be read.
=================================
Candidate: CAN-1999-0699
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BID:623
The Bluestone Sapphire web server allows session hijacking via easily
guessable session IDs.
INFERRED VOTE: CAN-1999-0699 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0744
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers
Reference: BID:603
Buffer overflow in Netscape Enterprise Server and FastTrask Server
allows remote attackers to gain privileges via a long HTTP GET
request.
Modifications:
DESC Add remote compromise
INFERRED VOTE: CAN-1999-0744 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
COMMENTS:
Cole> This can lead to a remote system compromise.
=================================
Candidate: CAN-1999-0751
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2
Reference: BID:631
Buffer overflow in Accept command in Netscape Enterprise Server 3.6
with the SSL Handshake Patch.
INFERRED VOTE: CAN-1999-0751 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
COMMENTS:
Cole> This allows a DOS attack or arbitray commands to be executed.
=================================
Candidate: CAN-1999-0752
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug
Denial of service in Netscape Enterprise Server via a buffer overflow
in the SSL handshake.
Modifications:
DESC
INFERRED VOTE: CAN-1999-0752 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
COMMENTS:
Cole> I would be more specific.
=================================
Candidate: CAN-1999-0762
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: XF:netscape-title
Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in <TITLE> security vulnerability
When Javascript is embedded within the TITLE tag, Netscape
Communicator allows a remote attacker to use the "about" protocol to
gain access to browser information.
INFERRED VOTE: CAN-1999-0762 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0807
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: XF:netscape-dirsvc-password
The Netscape Directory Server installation procedure leaves sensitive
information in a file that is accessible to local users.
INFERRED VOTE: CAN-1999-0807 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0809
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings
Netscape Communicator 4.x with Javascript enabled does not warn a user
of cookie settings, even if they have selected the option to "Only
accept cookies originating from the same server as the page being
viewed"
INFERRED VOTE: CAN-1999-0809 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0876
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: MSKB:Q185959
Reference: MSKB:Q176697
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
INFERRED VOTE: CAN-1999-0876 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0883
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
Reference: BID:742
Zeus web server allows remote attackers to read arbitrary files by
specifying the file name in an option to the search engine.
INFERRED VOTE: CAN-1999-0883 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0884
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
Reference: BID:742
The Zeus web server administrative interface uses weak encryption for
its passwords.
INFERRED VOTE: CAN-1999-0884 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0887
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability
Reference: EEYE:AD05261999
FTGate web interface server allows remote attackers to read files via
a .. (dot dot) attack.
INFERRED VOTE: CAN-1999-0887 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0892
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font
whose length field is less than the size of the font.
INFERRED VOTE: CAN-1999-0892 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0915
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer
Reference: BID:746
URL Live! web server allows remote attackers to read arbitrary files
via a .. (dot dot) attack.
INFERRED VOTE: CAN-1999-0915 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0933
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability
Reference: BID:689
TeamTrack web server allows remote attackers to read arbitrary files
via a .. (dot dot) attack.
INFERRED VOTE: CAN-1999-0933 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0934
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: EL8:19991215 Classifieds (classifieds.cgi)
classifieds.cgi allows remote attackers to read arbitrary files via
shell metacharacters.
INFERRED VOTE: CAN-1999-0934 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0935
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: EL8:19991215 Classifieds (classifieds.cgi)
classifieds.cgi allows remote attackers to execute arbitrary commands
by specifying them in a hidden variable in a CGI form.
INFERRED VOTE: CAN-1999-0935 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0936
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: EL8:19981203 BNBSurvey (survey.cgi)
BNBSurvey survey.cgi program allows remote attackers to execute
commands via shell metacharacters.
INFERRED VOTE: CAN-1999-0936 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0937
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: EL8:19981203 BNBForm (bnbform.cgi)
BNBForm allows remote attackers to read arbitrary files via the
automessage hidden form variable.
INFERRED VOTE: CAN-1999-0937 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0943
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory
Buffer overflow in OpenLink 3.2 allows remote attackers to gain
privileges via a long GET request to the web configurator.
INFERRED VOTE: CAN-1999-0943 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0947
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: BID:762
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat,
and envout.bat, which allow remote attackers to execute commands via
shell metacharacters.
INFERRED VOTE: CAN-1999-0947 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
COMMENTS:
Cole> This is due to poor error checking.
=================================
Candidate: CAN-1999-0951
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified: 19991228-01
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit
Reference: BID:739
Buffer overflow in OmniHTTPd CGI program imagemap.cgi allows remote
attackers to execute commands.
Modifications:
DESC fix typo
INFERRED VOTE: CAN-1999-0951 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(2) Blake, Stracener
MODIFY(1) Cole
COMMENTS:
Cole> Minor spelling error teo xecute..
=================================
Candidate: CAN-1999-0953
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: CF
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Reference: BUGTRAQ:19990916 More fun with WWWBoard
WWWBoard stores encrypted passwords in a password file that is
under the web root and thus accessible by remote attackers.
INFERRED VOTE: CAN-1999-0953 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener
=================================
Candidate: CAN-1999-0967
Published:
Final-Decision: 20000104
Interim-Decision: 19991229
Modified:
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite
Buffer overflow in the HTML library used by Internet Explorer, Outlook
Express, and Windows Explorer via the res: local resource protocol.
INFERRED VOTE: CAN-1999-0967 ACCEPT (3 accept, 0 review)
VOTES:
ACCEPT(3) Cole, Blake, Stracener