[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 31 candidates from various clusters (Final 4/14)
I have made an Interim Decision to ACCEPT the following 31 candidates
from various clusters. I will make a Final Decision on Friday, April
14, 2000.
If these candidates are ACCEPTed, the next version of CVE will exceed
600 entries.
The candidates come from the following clusters:
1 WEB
12 UNIX-UNCONF
1 RECENT-03
1 RECENT-05
6 RECENT-06
4 RECENT-07
2 RECENT-08
2 RECENT-09
1 RECENT-10
1 RECENT-13
Voters:
Wall ACCEPT(1) NOOP(8)
LeBlanc NOOP(12)
Ozancin ACCEPT(24) NOOP(1)
Cole ACCEPT(11) MODIFY(1)
Meunier ACCEPT(2)
Bishop ACCEPT(2)
Stracener ACCEPT(11) MODIFY(3)
Frech ACCEPT(4) MODIFY(17)
Christey NOOP(11)
Prosser ACCEPT(1)
Blake ACCEPT(5)
=================================
Candidate: CAN-1999-0676
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990808 sdtcm_convert
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org
Reference: XF:sun-sdtcm-convert
Reference: BID:575
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=575
sdtcm_convert in Solaris 2.6 allows a local user to overwrite
sensitive files via a symlink attack.
Modifications:
Changed DESC and XF/Bugtraq REF's from stdcm_convert to
sdtcm_convert.
INFERRED ACTION: CAN-1999-0676 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(1) LeBlanc
Comments:
Frech> CHGREF XF:sun-sdtcm-convert
Frech> CHGREF BUGTRAQ:19990808 sdtcm_convert
Frech> Description needs to be changed to sdtcm_convert
=================================
Candidate: CAN-1999-0711
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-02
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed
Reference: URL:http://marc.theaimsgroup.com/?t=92550157100002&w=2&r=1
Reference: BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92609807906778&w=2
Reference: XF:oracle-oratclsh
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix
allows local users to execute Tcl commands as root.
Modifications:
CHANGEREF BUGTRAQ [add date]
ADDREF BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh
INFERRED ACTION: CAN-1999-0711 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Stracener, Ozancin, Frech
NOOP(2) Christey, LeBlanc
Comments:
Christey> This candidate is unconfirmed by the vendor.
Christey>
Christey> Multiple verifications in Bugtraq.
=================================
Candidate: CAN-1999-0720
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl
Reference: BID:597
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=597
Reference: XF:linux-pt-chown
The pt_chown command in Linux allows local users to modify TTY
terminal devices that belong to other users.
Modifications:
ADDREF BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
ADDREF URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl
INFERRED ACTION: CAN-1999-0720 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Ozancin, Frech
MODIFY(1) Stracener
NOOP(1) LeBlanc
Comments:
Stracener> Add Ref: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD
Stracener> / lynx /
Stracener> vlock / mc / glibc 2.0.x
=================================
Candidate: CAN-1999-0747
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net
Reference: BID:589
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=589
Reference: XF:bsdi-smp-dos
Denial of service in BSDi Symmetric Multiprocessing (SMP) when an
fstat call is made when the system has a high CPU load.
Modifications:
CHANGEREF BUGTRAQ [add date]
INFERRED ACTION: CAN-1999-0747 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Ozancin, Frech
MODIFY(1) Stracener
NOOP(2) Christey, LeBlanc
Comments:
Stracener> Add a date to the Ref above: BUGTRAQ:19990817 Symmetric...
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-1999-0773
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017
Reference: XF:sol-lpset-bo
Buffer overflow in Solaris lpset program allows local users to gain
root access.
INFERRED ACTION: CAN-1999-0773 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Stracener, Ozancin, Frech
NOOP(2) Christey, LeBlanc
Comments:
Christey> This candidate is unconfirmed by the vendor. Posted by UNYUN
Christey> of Shadow Penguin Security.
Christey>
Christey> Followups indicate that the scope of the exploit is limited
Christey> to group 14.
=================================
Candidate: CAN-1999-0790
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991214
Assigned: 19991125
Category: SF
Reference: MISC:http://home.netscape.com/security/notes/jscachebrowsing.html
Reference: XF:netscape-javascript
A remote attacker can read information from a Netscape user's cache
via JavaScript.
Modifications:
ADDREF XF:netscape-javascript
ADDREF MISC:http://home.netscape.com/security/notes/jscachebrowsing.html
INFERRED ACTION: CAN-1999-0790 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Blake, Stracener
MODIFY(2) Cole, Frech
NOOP(1) Christey
Comments:
Cole> What is being exploited?
Christey> http://home.netscape.com/security/notes/jscachebrowsing.html
Frech> XF:netscape-javascript
Frech> NETSCAPE:http://home.netscape.com/security/notes/jscachebrowsing.html
=================================
Candidate: CAN-1999-0799
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices)
Reference: XF:bootpd-bo
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file
location.
Modifications:
ADDREF XF:bootpd-bo
INFERRED ACTION: CAN-1999-0799 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
Comments:
Frech> XF:bootpd-bo
=================================
Candidate: CAN-1999-0813
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-02
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0
Reference: BUGTRAQ:19980724 CFINGERD root security hole
Reference: DEBIAN:19990814
Reference: XF:cfingerd-privileges
Cfingerd with ALLOW_EXECUTION enabled does not properly drop
privileges when it executes a program on behalf of the user, allowing
local users to gain root privileges.
Modifications:
ADDREF DEBIAN:19990814
ADDREF BUGTRAQ:19980724 CFINGERD root security hole
DESC add ALLOW_EXECUTION qualifier
ADDREF XF:cfingerd-privileges
INFERRED ACTION: CAN-1999-0813 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(1) Ozancin
Comments:
Frech> XF:cfingerd-privileges
=================================
Candidate: CAN-1999-0888
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990817 Security Bug in Oracle
Reference: XF:oracle-dbsnmp
Reference: BID:585
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=585
dbsnmp in Oracle Intelligent Agent allows local users to gain
privileges by setting the ORACLE_HOME environmental variable, which
dbsnmp uses to find the nmiconf.tcl script.
Modifications:
ADDREF XF:oracle-dbsnmp
INFERRED ACTION: CAN-1999-0888 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
Comments:
Frech> XF:oracle-dbsnmp
=================================
Candidate: CAN-1999-0903
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module
Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup)
Reference: XF:aix-genfilt-filtering
genfilt in the AIX Packet Filtering Module does not properly filter
traffic to destination ports greater than 32767.
Modifications:
ADDREF XF:aix-genfilt-filtering
INFERRED ACTION: CAN-1999-0903 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
Comments:
Frech> XF:aix-genfilt-filtering
=================================
Candidate: CAN-1999-0906
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit
Reference: SUSE:19990926 Security hole in sccw (Part II)
Reference: BID:656
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=656
Reference: XF:linux-sccw-bo
Buffer overflow in sccw allows local users to gain root access via the
HOME environmental variable.
Modifications:
ADDREF SUSE:19990926 Security hole in sccw (Part II)
ADDREF XF:linux-sccw-bo
INFERRED ACTION: CAN-1999-0906 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Ozancin
MODIFY(2) Stracener, Frech
NOOP(1) Christey
Comments:
Stracener> Add Ref:SUSE: Security hole in sccw (Part II) 26.09.1999
Christey> ADDREF SUSE:19990926 Security hole in sccw (Part II)
Frech> XF:linux-sccw-bo
=================================
Candidate: CAN-1999-0958
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=88465708614896&w=2
Reference: XF:sudo-dot-dot-attack
sudo 1.5.x allows local users to execute arbitrary commands via a
.. (dot dot) attack.
Modifications:
ADDREF XF:sudo-dot-dot-attack
INFERRED ACTION: CAN-1999-0958 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Stracener, Ozancin, Meunier
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Christey> Confirmed in a Bugtraq followup.
Frech> XF:sudo-dot-dot-attack
=================================
Candidate: CAN-1999-0961
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167419906&w=2
Reference: CIAC:H-03
Reference: XF:hp-sysdiag-symlink
HPUX sysdiag allows local users to gain root privileges via a symlink
attack during log file creation.
Modifications:
ADDREF CIAC:H-03
ADDREF XF:hp-sysdiag-symlink
INFERRED ACTION: CAN-1999-0961 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Stracener, Ozancin, Meunier
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Christey> This candidate is unconfirmed by the vendor.
Christey>
Christey> Verified by two posters in Bugtraq followups.
Frech> XF:hp-sysdiag-symlink
Frech> Description should start with HP-UX, not HPUX.
=================================
Candidate: CAN-1999-1008
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-02
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit
Reference: MISC:http://marc.theaimsgroup.com/?l=freebsd-security&m=94531826621620&w=2
Reference: BID:871
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=871
Reference: XF:unix-xsoldier-overflow
xsoldier program allows local users to gain root access via a
long argument.
Modifications:
ADDREF XF:unix-xsoldier-overflow
INFERRED ACTION: CAN-1999-1008 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Stracener, Blake
MODIFY(1) Frech
NOOP(3) Wall, Christey, LeBlanc
Comments:
Frech> XF:unix-xsoldier-overflow
Christey> Confirmed in freebsd-security mailing list.
Blake> Confirmed on the mailing list is equivalent to vendor confirmation in my
Blake> mind.
=================================
Candidate: CAN-2000-0044
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
Reference: BID:919
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=919
Reference: XF:warftp-macro-access-files
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to
read arbitrary files or execute commands.
Modifications:
ADDREF XF:warftp-macro-access-files
INFERRED ACTION: CAN-2000-0044 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Ozancin
MODIFY(1) Frech
Comments:
Frech> XF:warftp-macro-access-files
=================================
Candidate: CAN-2000-0052
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000204-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: L0PHT:20000104 PamSlam
Reference: URL:http://www.l0pht.com/advisories/pam_advisory
Reference: REDHAT:RHSA-2000:001-01
Reference: URL:http://www.redhat.com/support/errata/RHSA2000001-03.html
Reference: XF:linux-pam-userhelper
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper
Reference: BID:913
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=913
Red Hat userhelper program in the usermode package allows local users
to gain root access via PAM and a .. (dot dot) attack.
Modifications:
ADDREF XF:linux-pam-userhelper
INFERRED ACTION: CAN-2000-0052 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Ozancin
MODIFY(1) Frech
Comments:
Frech> XF:linux-pam-userhelper
=================================
Candidate: CAN-2000-0053
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: MS:MS00-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-001.asp
Reference: MSKB:Q246731
Reference: BID:912
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=912
Reference: XF:mcis-malformed-imap
Microsoft Commercial Internet System (MCIS) IMAP server allows remote
attackers to cause a denial of service via a malformed IMAP request.
Modifications:
ADDREF XF:mcis-malformed-imap
INFERRED ACTION: CAN-2000-0053 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(1) Prosser
MODIFY(1) Frech
Comments:
Frech> XF:mcis-malformed-imap
=================================
Candidate: CAN-2000-0057
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-03
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full
Reference: XF:coldfusion-cfcache
Reference: BID:917
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=917
Cold Fusion CFCACHE tag places temporary cache files within the web
document root, allowing remote attackers to obtain sensitive system
information.
Modifications:
ADDREF XF:coldfusion-cfcache
INFERRED ACTION: CAN-2000-0057 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Ozancin
MODIFY(1) Frech
Comments:
Frech> XF:coldfusion-cfcache
=================================
Candidate: CAN-2000-0062
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net
Reference: BID:922
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=922
Reference: XF:zope-dtml
The DTML implementation in the Z Object Publishing Environment (Zope)
allows remote attackers to conduct unauthorized activities.
Modifications:
ADDREF XF:zope-dtml
INFERRED ACTION: CAN-2000-0062 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Ozancin
MODIFY(1) Frech
Comments:
Frech> XF:zope-dtml
=================================
Candidate: CAN-2000-0073
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000204-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: MS:MS00-005
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-005.asp
Reference: MSKB:Q249973
Reference: XF:win-malformed-rtf-control-word
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows
attackers to cause a denial of service via a malformed control word.
Modifications:
ADDREF XF:win-malformed-rtf-control-word
INFERRED ACTION: CAN-2000-0073 ACCEPT_ACK (2 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(1) Ozancin
MODIFY(1) Frech
Comments:
Frech> ADDREF XF:win-malformed-rtf-control-word
=================================
Candidate: CAN-2000-0083
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000410-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: HP:HPSBUX0001-109
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031
Reference: XF:hp-audio-security-perms
HP asecure creates the Audio Security File audio.sec with insecure
permissions, which allows local users to cause a denial of service or
gain additional privileges.
Modifications:
ADDREF XF:hp-audio-security-perms
INFERRED ACTION: CAN-2000-0083 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Ozancin
MODIFY(1) Frech
Comments:
Frech> XF:hp-audio-security-perms
=================================
Candidate: CAN-2000-0091
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000403-01
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch
Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit
Reference: BID:942
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=942
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog
Reference: MISC:http://www.inter7.com/vpopmail/
Buffer overflow in vchkpw/vpopmail POP authentication package allows
remote attackers to gain root privileges via a long username or
password.
Modifications:
ADDREF MISC:http://www.inter7.com/vpopmail/ChangeLog
ADDREF MISC:http://www.inter7.com/vpopmail/
INFERRED ACTION: CAN-2000-0091 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Ozancin
NOOP(1) Wall
=================================
Candidate: CAN-2000-0095
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: HP:HPSBUX0001-110
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041
Reference: BID:944
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=944
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for
determining the optimum MTU generates large amounts of traffic in
response to small packets, allowing remote attackers to cause the
system to be used as a packet amplifier.
INFERRED ACTION: CAN-2000-0095 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Ozancin
NOOP(1) Wall
=================================
Candidate: CAN-2000-0099
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: BUGTRAQ:20000119 Unixware ppptalk
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94848865112897&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94840959614790&w=2
Buffer overflow in UnixWare ppptalk command allows local users to gain
privileges via a long prompt argument.
INFERRED ACTION: CAN-2000-0099 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Ozancin
NOOP(1) Wall
=================================
Candidate: CAN-2000-0100
Published:
Final-Decision:
Interim-Decision: 20000411
Modified: 20000321-01
Proposed: 20000208
Assigned: 20000202
Category: CF
Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html
Reference: MS:MS00-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-012.asp
The SMS Remote Control program is installed with insecure permissions,
which allows local users to gain privileges by modifying or replacing
the program.
Modifications:
ADDREF MS:MS00-012
INFERRED ACTION: CAN-2000-0100 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Wall, Cole
=================================
Candidate: CAN-2000-0107
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: DEBIAN:20000201
Reference: URL:http://www.debian.org/security/2000/20000201
Reference: BID:958
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=958
Linux apcd program allows local attackers to modify arbitrary files
via a symlink attack.
INFERRED ACTION: CAN-2000-0107 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Ozancin
NOOP(1) Wall
=================================
Candidate: CAN-2000-0131
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 20000208
Assigned: 20000208
Category: SF
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94960703721503&w=2
Reference: BID:966
Reference: URL:http://www.securityfocus.com/bid/966
Buffer overflow in War FTPd 1.6x allows users to cause a denial of
service via long MKD and CWD commands.
INFERRED ACTION: CAN-2000-0131 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Ozancin
NOOP(2) Wall, Christey
Comments:
Christey> Vendor acknowledges that it is a DoS in http://war.jgaa.com/alert/
=================================
Candidate: CAN-2000-0140
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95021326417936&w=2
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: BID:980
Reference: URL:http://www.securityfocus.com/bid/980
Internet Anywhere POP3 Mail Server allows remote attackers to cause a
denial of service via a large number of connections.
INFERRED ACTION: CAN-2000-0140 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Bishop, Cole, Blake
NOOP(2) LeBlanc, Christey
Comments:
Christey> This candidate is unconfirmed by the vendor.
Christey>
Christey> Reported by Nobuo Miwa, moderator of BUGTRAQ-JP.
Blake> Same as CAN-2000-0139.
=================================
Candidate: CAN-2000-0144
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 20000216
Assigned: 20000216
Category: SF
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
Reference: BID:971
Reference: URL:http://www.securityfocus.com/bid/971
Axis 700 Network Scanner does not properly restrict access to
administrator URLs, which allows users to bypass the password
protection via a .. (dot dot) attack.
INFERRED ACTION: CAN-2000-0144 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Bishop, Cole, Blake
NOOP(2) LeBlanc, Christey
Comments:
Christey> Poster claims that the vendor has issued a patch.
Blake> Actually, the poster indicates that they ignored the question. However,
Blake> it's straightforward enough that it seems unlikely to have been screwed
Blake> up.
=================================
Candidate: CAN-2000-0159
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: HP:HPSBUX0002-111
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org
HP Ignite-UX does not save /etc/passwd when it creates an image of a
trusted system, which can set the password field to a blank and allow
an attacker to gain privileges.
INFERRED ACTION: CAN-2000-0159 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Ozancin
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0183
Published:
Final-Decision:
Interim-Decision: 20000411
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html
Reference: BID:1046
Reference: URL:http://www.securityfocus.com/bid/1046
Buffer overflow in ircII 4.4 IRC client allows remote attackers to
execute commands via the DCC chat capability.
INFERRED ACTION: CAN-2000-0183 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc