[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[INTERIM] ACCEPT 23 candidates from RECENT clusters (Final 4/7)



I have made an Interim Decision to ACCEPT the following 23 candidates
from the RECENT-11, RECENT-12, and RECENT-13 clusters.  There are
still 35 candidates from these clusters that need more votes or are
being held back by content decisions.

I will make a Final Decision on these candidates on Friday, April 7.

The candidates come from the following clusters:

  12 RECENT-11
   9 RECENT-12
   2 RECENT-13

Voters:
  Wall ACCEPT(6) NOOP(17)
  LeBlanc ACCEPT(5) NOOP(18)
  Ozancin ACCEPT(17) MODIFY(1) NOOP(5)
  Cole ACCEPT(15) NOOP(6)
  Armstrong ACCEPT(12)
  Blake ACCEPT(19) NOOP(4)


- Steve


=================================
Candidate: CAN-2000-0170
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0348.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0078.html
Reference: BID:1011
Reference: URL:http://www.securityfocus.com/bid/1011

Buffer overflow in the man program in Linux allows local users to
gain privileges via the MANPAGER environmental variable.

INFERRED ACTION: CAN-2000-0170 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Blake, Cole, Armstrong, Ozancin
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0172
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000303 Potential security problem with mtr
Reference: DEBIAN:20000309 mtr
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0032.html
Reference: FREEBSD:FreeBSD-SA-00:09
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2131
Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0072.html
Reference: BID:1038
Reference: URL:http://www.securityfocus.com/bid/1038

The mtr program does not properly drop privileges, which could allow
local users to gain privileges.

INFERRED ACTION: CAN-2000-0172 ACCEPT_ACK (2 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Blake
   MODIFY(1) Ozancin
   NOOP(3) Wall, Cole, LeBlanc

Comments:
 Ozancin> Description does not give enough information


=================================
Candidate: CAN-2000-0178
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability
Reference: MISC:http://www.foundrynet.com/bugTraq.html
Reference: BID:1017
Reference: URL:http://www.securityfocus.com/bid/1017

ServerIron switches by Foundry Networks have predictable TCP/IP
sequence numbers, which allows remote attackers to spoof or hijack
sessions.

INFERRED ACTION: CAN-2000-0178 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Ozancin
   NOOP(3) Wall, Cole, LeBlanc


=================================
Candidate: CAN-2000-0182
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0276.html

iPlanet Web Server 4.1 allows remote attackers to cause a denial of
service via a large number of GET commands, which consumes memory and
causes a kernel panic.

INFERRED ACTION: CAN-2000-0182 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Ozancin
   NOOP(3) Wall, Blake, LeBlanc


=================================
Candidate: CAN-2000-0186
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0375.html
Reference: TURBO:TLSA200007-1
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2130
Reference: BID:1020
Reference: URL:http://www.securityfocus.com/bid/1020

Buffer overflow in the dump utility in the Linux ext2fs backup package
allows local users to gain privileges via a long command line
argument.

INFERRED ACTION: CAN-2000-0186 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Ozancin
   NOOP(3) Wall, Blake, LeBlanc


=================================
Candidate: CAN-2000-0189
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0178.html
Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0033.html
Reference: BID:1021
Reference: URL:http://www.securityfocus.com/bid/1021

ColdFusion Server 4.x allows remote attackers to determine the real
pathname of the server via an HTTP request to the application.cfm or
onrequestend.cfm files.

INFERRED ACTION: CAN-2000-0189 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Blake, Cole, Ozancin
   NOOP(1) LeBlanc


=================================
Candidate: CAN-2000-0194
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1007
Reference: URL:http://www.securityfocus.com/bid/1007

buildxconf in Corel Linux allows local users to modify or create
arbitrary files via the -x or -f parameters.

INFERRED ACTION: CAN-2000-0194 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Armstrong, Ozancin
   NOOP(3) Wall, Blake, LeBlanc


=================================
Candidate: CAN-2000-0196
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: DEBIAN:20000228 remote exploit in nmh
Reference: URL:http://www.debian.org/security/2000/20000229
Reference: URL:
Reference: BID:1018
Reference: URL:http://www.securityfocus.com/bid/1018

Buffer overflow in mhshow in the Linux nmh package allows remote
attackers to execute commands via malformed MIME headers in an email
message.

INFERRED ACTION: CAN-2000-0196 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Cole, Ozancin
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0200
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS00-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-015.asp
Reference: BID:1034
Reference: URL:http://www.securityfocus.com/bid/1034

Buffer overflow in Microsoft Clip Art Gallery allows remote attackers
to cause a denial of service or execute commands via a malformed CIL
(clip art library) file, aka the "Clip Art Buffer Overrun"
vulnerability.

INFERRED ACTION: CAN-2000-0200 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Blake, LeBlanc, Ozancin


=================================
Candidate: CAN-2000-0201
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0408.html
Reference: BID:1033
Reference: URL:http://www.securityfocus.com/bid/1033

The window.showHelp() method in Internet Explorer 5.x does not
restrict HTML help files (.chm) to be executed from the local host,
which allows remote attackers to execute arbitrary commands via
Microsoft Networking.

INFERRED ACTION: CAN-2000-0201 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Blake, Cole, LeBlanc
   NOOP(1) Ozancin


=================================
Candidate: CAN-2000-0202
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: MS:MS00-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-014.asp
Reference: BID:1041
Reference: URL:http://www.securityfocus.com/bid/1041

Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow
remote attackers to gain privileges via a malformed Select statement
in an SQL query.

INFERRED ACTION: CAN-2000-0202 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Blake, LeBlanc, Ozancin


=================================
Candidate: CAN-2000-0207
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10003021059360.21162-100000@inetarena.com
Reference: BID:1031
Reference: URL:http://www.securityfocus.com/bid/1031

SGI InfoSearch CGI program infosrch.cgi allows remote attackers to
execute commands via shell metacharacters.

INFERRED ACTION: CAN-2000-0207 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Cole, Ozancin
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0208
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000228 ht://Dig remote information exposure
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10002281422420.30728-100000@wso.williams.edu
Reference: FREEBSD:FreeBSD-SA-00:06
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2107
Reference: DEBIAN:20000226 remote users can read files with webserver uid
Reference: URL:http://www.debian.org/security/2000/20000227
Reference: TURBO:TLSA200005-1
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2113
Reference: BID:1026
Reference: URL:http://www.securityfocus.com/bid/1026

The htdig (ht://Dig) CGI program htsearch allows remote attackers to
read arbitrary files by enclosing the file name with backticks (`) in
parameters to htsearch.

INFERRED ACTION: CAN-2000-0208 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Cole, Ozancin
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0209
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0002271629490.15796-100000@dione.ids.pl
Reference: FREEBSD:FreeBSD-SA-00:08
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2127
Reference: BID:1012
Reference: URL:http://www.securityfocus.com/bid/1012

Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and
possibly execute commands via a long URL in a malicious web page.

INFERRED ACTION: CAN-2000-0209 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Cole, Ozancin
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0210
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0267.html
Reference: BID:998
Reference: URL:http://www.securityfocus.com/bid/998

The lit program in Sun Flex License Manager (FlexLM) follows symlinks,
which allows local users to modify arbitrary files.

INFERRED ACTION: CAN-2000-0210 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Armstrong, Ozancin
   NOOP(3) Wall, LeBlanc, Cole


=================================
Candidate: CAN-2000-0211
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: MS:MS00-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-013.asp
Reference: XF:win-media-dos
Reference: BID:1000
Reference: URL:http://www.securityfocus.com/bid/1000

The Windows Media server allows remote attackers to cause a denial of
service via a series of client handshake packets that are sent in an
improper sequence, aka the "Misordered Windows Media Services
Handshake" vulnerability.

INFERRED ACTION: CAN-2000-0211 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Blake, LeBlanc, Cole, Armstrong
   NOOP(1) Ozancin


=================================
Candidate: CAN-2000-0212
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPEELFCCAA.labs@ussrback.com
Reference: BID:1001
Reference: URL:http://www.securityfocus.com/bid/1001

InterAccess TelnetID Server 4.0 allows remote attackers to conduct a
denial of service via malformed terminal client configuration
information.

INFERRED ACTION: CAN-2000-0212 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Armstrong
   NOOP(4) Wall, Blake, LeBlanc, Ozancin


=================================
Candidate: CAN-2000-0215
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: SCO:SB-00.05
Reference: URL:ftp://ftp.sco.COM/SSE/security_bulletins/SB-00.05a
Reference: BID:1019
Reference: URL:http://www.securityfocus.com/bid/1019

Vulnerability in SCO cu program in UnixWare 7.x allows local users to
gain privileges.

INFERRED ACTION: CAN-2000-0215 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Armstrong
   NOOP(4) Wall, LeBlanc, Cole, Ozancin


=================================
Candidate: CAN-2000-0217
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000224 SSH & xauth
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0317.html
Reference: BID:1006
Reference: URL:http://www.securityfocus.com/bid/1006

The default configuration of SSH allows X forwarding, which could
allow a remote attacker to control a client's X sessions via a
malicious xauth program.

INFERRED ACTION: CAN-2000-0217 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Blake, Cole, Armstrong, Ozancin
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0218
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: SUSE:20000210 util < 2.10f
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_39.txt
Reference: CALDERA:CSSA-2000-002.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-002.0.txt

Buffer overflow in Linux mount and umount allows local users to gain
root privileges via a long relative pathname.

INFERRED ACTION: CAN-2000-0218 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Blake, Cole, Armstrong, Ozancin
   NOOP(2) Wall, LeBlanc


=================================
Candidate: CAN-2000-0221
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000225 Scorpion Marlin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0324.html
Reference: BID:1009
Reference: URL:http://www.securityfocus.com/bid/1009

The Nautica Marlin bridge allows remote attackers to cause a denial of
service via a zero length UDP packet to the SNMP port.

INFERRED ACTION: CAN-2000-0221 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Blake, Armstrong, Ozancin
   NOOP(3) Wall, LeBlanc, Cole


=================================
Candidate: CAN-2000-0222
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr
Reference: BID:990
Reference: URL:http://www.securityfocus.com/bid/990

The installation for Windows 2000 does not activate the Administrator
password until the system has rebooted, which allows remote attackers
to connect to the ADMIN$ share without a password until the reboot
occurs.

INFERRED ACTION: CAN-2000-0222 ACCEPT (6 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Blake, LeBlanc, Cole, Armstrong, Ozancin


=================================
Candidate: CAN-2000-0224
Published:
Final-Decision:
Interim-Decision: 20000404
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: NAI:20000215 ARCserve symlink vulnerability
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/37_ARCserve.asp
Reference: SCO:SSE063
Reference: URL:ftp://ftp.sco.com/SSE/sse063.ltr
Reference: XF:sco-openserver-arc-symlink

ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root
privileges via a symlink attack.

INFERRED ACTION: CAN-2000-0224 ACCEPT_ACK (2 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Blake, Armstrong
   NOOP(4) Wall, LeBlanc, Cole, Ozancin

Page Last Updated or Reviewed: May 22, 2007