[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 34 candidates from various clusters (Final 4/24)
I have made an Interim Decision to ACCEPT the following 34 candidates
from various clusters. I will make a Final Decision on Monday, April
24, 2000.
The candidates come from the following clusters:
1 RESTLOW
1 RECENT-01
1 WEB
2 MISC-01
4 UNIX-UNCONF
2 NET-01
4 RECENT-03
8 RECENT-04
1 RECENT-05
2 RECENT-06
1 RECENT-08
1 RECENT-10
6 RECENT-13
Voters:
Wall ACCEPT(2) NOOP(10)
LeBlanc NOOP(17)
Ozancin ACCEPT(12) NOOP(5)
Cole ACCEPT(18) NOOP(2)
Meunier ACCEPT(1)
Stracener ACCEPT(21) MODIFY(1)
Frech MODIFY(28)
Hill ACCEPT(1)
Northcutt ACCEPT(1)
Christey NOOP(11)
Armstrong ACCEPT(9)
Balinsky ACCEPT(1)
Prosser ACCEPT(6)
Blake ACCEPT(12) NOOP(1)
=================================
Candidate: CAN-1999-0203
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: CERT:CA-95.08
Reference: CIAC:E-03
Reference: XF:smtp-sendmail-version5
In Sendmail, attackers can gain root privileges via SMTP by specifying
an improper "mail from" address and an invalid "rcpt to" address that would
cause the mail to bounce to a program.
Modifications:
ADDREF CERT:CA-95.08
ADDREF CIAC:E-03
ADDREF XF:smtp-sendmail-version5
INFERRED ACTION: CAN-1999-0203 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(5) Hill, Blake, Balinsky, Ozancin, Northcutt
MODIFY(1) Frech
NOOP(1) Christey
Comments:
Christey> Description needs to be more specific to distinguish between
Christey> this and CAN-1999-0163, as alluded to by Adam Shostack
Frech> XF:smtp-sendmail-version5
=================================
Candidate: CAN-1999-0780
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-process-kill
KDE klock allows local users to kill arbitrary processes by specifying
an arbitrary PID in the .kss.pid file.
Modifications:
ADDREF XF:kde-klock-process-kill
INFERRED ACTION: CAN-1999-0780 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:kde-klock-process-kill
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-1999-0781
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-bindir-trojans
KDE allows local users to execute arbitrary commands by setting the
KDEDIR environmental variable to modify the search path that KDE uses
to locate its executables.
Modifications:
ADDREF XF:kde-klock-bindir-trojans
INFERRED ACTION: CAN-1999-0781 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:kde-klock-bindir-trojans
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-1999-0782
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-kppp-directory-create
KDE kppp allows local users to create a directory in an arbitrary
location via the HOME environmental variable.
Modifications:
ADDREF XF:kde-kppp-directory-create
INFERRED ACTION: CAN-1999-0782 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> kde-kppp-directory-create
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-1999-0803
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2
Reference: XF:ibm-enfirewall-tmpfiles
The fwluser script in AIX eNetwork Firewall allows local users to
write to arbitrary files via a symlink attack.
Modifications:
CHANGEREF BUGTRAQ [add date]
ADDREF XF:ibm-enfirewall-tmpfiles
INFERRED ACTION: CAN-1999-0803 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:ibm-efirewall-tmpfiles
Frech> BUGTRAQ: add 19990525
Christey> This candidate is unconfirmed by the vendor.
Christey>
Christey> Poster claims that APAR (IR39562) was created.
=================================
Candidate: CAN-1999-0824
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BID:833
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=833
Reference: NTBUGTRAQ:19991130 SUBST problem
Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd)
A Windows NT user can use SUBST to map a drive letter to a folder,
which is not unmapped after the user logs off, potentially allowing
that user to modify the location of folders accessed by later users.
INFERRED ACTION: CAN-1999-0824 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Stracener, Prosser, Armstrong
MODIFY(1) Frech
NOOP(1) Cole
Comments:
Frech> XF:nt-subst
=================================
Candidate: CAN-1999-0889
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense
Reference: XF:cisco-cbos-telnet
Cisco 675 routers running CBOS allow remote attackers to establish
telnet sessions if an exec or superuser password has not been set.
Modifications:
ADDREF XF:cisco-cbos-telnet
INFERRED ACTION: CAN-1999-0889 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
Comments:
Frech> XF:cisco-cbos-telnet
=================================
Candidate: CAN-1999-0895
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net
Reference: BID:725
Reference: XF:checkpoint-ldap-auth
Firewall-1 does not properly restrict access to LDAP attributes.
Modifications:
ADDREF BID:725
ADDREF XF:checkpoint-ldap-auth
INFERRED ACTION: CAN-1999-0895 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Christey> This candidate is unconfirmed by the vendor.
Frech> XF:checkpoint-ldap-auth
=================================
Candidate: CAN-1999-0897
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2
Reference: XF:ichat-file-read-vuln
iChat ROOMS Webserver allows remote attackers to read arbitrary files
via a .. (dot dot) attack.
Modifications:
ADDREF XF:ichat-file-read-vuln
CHANGEREF BUGTRAQ [correct date]
INFERRED ACTION: CAN-1999-0897 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Blake, Stracener
MODIFY(1) Frech
NOOP(3) Cole, Christey, LeBlanc
Comments:
Christey> This candidate is unconfirmed by the vendor.
Christey>
Christey> Two Bugtraq followups claim the problem has been fixed.
Frech> XF:ichat-file-read-vuln
Frech> BUGTRAQ: reference date may be wrong. verify that it is not 199_8_0908.
=================================
Candidate: CAN-1999-0950
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Reference: BID:747
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=747
Reference: XF:wftpd-mkd-bo
Buffer overflow in WFTPD FTP server allows remote attackers to gain
root access via a series of MKD and CWD commands that create nested
directories.
Modifications:
ADDREF XF:wftpd-mkd-bo
INFERRED ACTION: CAN-1999-0950 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:wftpd-mkd-bo
=================================
Candidate: CAN-1999-0957
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3
Reference: XF:majorcool-file-overwrite-vuln
MajorCool mj_key_cache program allows local users to modify files via
a symlink attack.
Modifications:
ADDREF XF:majorcool-file-overwrite-vuln
INFERRED ACTION: CAN-1999-0957 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Meunier
MODIFY(1) Frech
Comments:
Frech> XF:majorcool-file-overwrite-vuln
=================================
Candidate: CAN-1999-0997
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: CF
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
Reference: XF:wuftp-ftp-conversion
wu-ftp with FTP conversion enabled allows an attacker to execute
commands via a malformed file name that is interpreted as an argument
to the program that does the conversion, e.g. tar or uncompress.
Modifications:
ADDREF XF:wuftp-ftp-conversion
INFERRED ACTION: CAN-1999-0997 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Stracener
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:wuftp-ftp-conversion
Christey> This candidate is unconfirmed by the vendor.
Christey> XF:wuftp-ftp-conversion does not exist.
Christey>
Christey> Posted by suid@suid.kg. See http://www.suid.edu/advisories/001.txt
Christey> for details.
=================================
Candidate: CAN-1999-1005
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2
Reference: XF:groupwise-web-read-files
Reference: BID:879
Groupwise web server GWWEB.EXE allows remote attackers to read
arbitrary files with .htm extensions via a .. (dot dot) attack using
the HELP parameter.
Modifications:
ADDREF XF:groupwise-web-read-files
ADDREF BID:879
INFERRED ACTION: CAN-1999-1005 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
NOOP(3) Wall, Christey, LeBlanc
Comments:
Frech> XF:groupwise-web-read-files
Christey> This candidate is unconfirmed by the vendor.
Christey> XF:groupwise-web-read-files does not exist.
Christey>
Christey> Multiple Bugtraq followups indicate the problem may be more
Christey> severe than the current CVE description indicates.
=================================
Candidate: CAN-1999-1007
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2
Reference: XF:vdolive-bo-execute
Reference: BID:872
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=872
Buffer overflow in VDO Live Player allows remote attackers to execute
commands on the VDO client via a malformed .vdo file.
Modifications:
ADDREF XF:vdolive-bo-execute
INFERRED ACTION: CAN-1999-1007 ACCEPT (4 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Wall, Cole, Stracener
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:vdolive-bo-execute
Christey> This candidate is unconfirmed by the vendor.
Christey> XF:vdolive-bo-execute does not exist.
Christey>
Christey> Posted by UNYUN of Shadow Penguin Security.
=================================
Candidate: CAN-1999-1010
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2
Reference: XF:ssh-policy-bypass
An SSH 1.2.27 server allows a client to use the "none" cipher, even if
it is not allowed by the server policy.
Modifications:
ADDREF XF:ssh-policy-bypass
INFERRED ACTION: CAN-1999-1010 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
NOOP(3) Wall, Christey, LeBlanc
Comments:
Frech> XF:ssh-policy-bypass
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-2000-0010
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Reference: XF:http-cgi-webwhoplus
WebWho+ whois.cgi program allows remote attackers to execute commands
via shell metacharacters in the TLD parameter.
Modifications:
ADDREF XF:http-cgi-webwhoplus
INFERRED ACTION: CAN-2000-0010 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> http-cgi-webwhoplus
=================================
Candidate: CAN-2000-0012
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
Reference: BID:898
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=898
Reference: XF:w3-msql-scanf-bo
Buffer overflow in w3-msql CGI program in miniSQL package allows
remote attackers to execute commands.
Modifications:
ADDREF XF:w3-msql-scanf-bo
INFERRED ACTION: CAN-2000-0012 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:w3-msql-scanf-bo
=================================
Candidate: CAN-2000-0014
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
Reference: BID:897
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=897
Reference: XF:savant-server-null-dos
Denial of service in Savant web server via a null character in the
requested URL.
Modifications:
ADDREF XF:savant-server-null-dos
INFERRED ACTION: CAN-2000-0014 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:savant-server-null-dos
=================================
Candidate: CAN-2000-0020
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos
DNS PRO allows remote attackers to conduct a denial of service via a
large number of connections.
Modifications:
ADDREF XF:dnspro-flood-dos
INFERRED ACTION: CAN-2000-0020 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:dnspro-flood-dos
=================================
Candidate: CAN-2000-0024
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: MS:MS99-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: XF:iis-badescapes
Reference: MSKB:Q246401
IIS does not properly canonicalize URLs, potentially allowing remote
attackers to bypass access restrictions in third-party software via
escape characters, aka the "Escape Character Parsing" vulnerability.
Modifications:
ADDREF XF:iis-badescapes
ADDREF MSKB:Q246401
INFERRED ACTION: CAN-2000-0024 ACCEPT (5 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Ozancin, Armstrong, Cole
MODIFY(2) Stracener, Frech
Comments:
Stracener> Add Ref: MSKB:Q246401
Ozancin> with Stracenr's addition
Frech> XF:iis-badescapes
=================================
Candidate: CAN-2000-0033
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Reference: BID:899
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=899
Reference: XF:interscan-viruswall-bypass
InterScan VirusWall SMTP scanner does not properly scan messages with
malformed attachments.
Modifications:
ADDREF XF:interscan-viruswall-bypass
INFERRED ACTION: CAN-2000-0033 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:interscan-viruswall-bypass
=================================
Candidate: CAN-2000-0042
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A
Reference: XF:csm-server-bo
Reference: BID:895
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=895
Buffer overflow in CSM mail server allows remote attackers to cause a
denial of service or execute commands via a long HELO command.
Modifications:
ADDREF XF:csm-server-bo
INFERRED ACTION: CAN-2000-0042 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:csm-server-bo
=================================
Candidate: CAN-2000-0043
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Reference: BID:905
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=905
Reference: XF:camshot-http-get-overflow
Buffer overflow in CamShot WebCam HTTP server allows remote attackers
to execute commands via a long GET request.
Modifications:
ADDREF XF:camshot-http-get-overflow
INFERRED ACTION: CAN-2000-0043 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:camshot-http-get-overflow
=================================
Candidate: CAN-2000-0050
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full
Reference: XF:allaire-webtop-access
Reference: BID:915
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=915
The Allaire Spectra Webtop allows authenticated users to access other
Webtop sections by specifying explicit URLs.
Modifications:
ADDREF XF:allaire-webtop-access
INFERRED ACTION: CAN-2000-0050 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Prosser, Cole
MODIFY(1) Frech
NOOP(1) Ozancin
Comments:
Frech> XF:allaire-webtop-access
=================================
Candidate: CAN-2000-0051
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full
Reference: BID:916
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=916
Reference: XF:allaire-spectra-config-dos
The Allaire Spectra Configuration Wizard allows remote attackers to
cause a denial of service by repeatedly resubmitting data collections
for indexing via a URL.
Modifications:
ADDREF XF:allaire-spectra-config-dos
INFERRED ACTION: CAN-2000-0051 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Prosser, Cole
MODIFY(1) Frech
NOOP(1) Ozancin
Comments:
Frech> XF:allaire-spectra-config-dos
=================================
Candidate: CAN-2000-0070
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp
Reference: MSKB:Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port
Reference: BID:934
NtImpersonateClientOfPort local procedure call in Windows NT 4.0
allows local users to gain privileges, aka "Spoofed LPC Port Request."
Modifications:
ADDREF XF:nt-spoofed-lpc-port
ADDREF BID:934
INFERRED ACTION: CAN-2000-0070 ACCEPT (4 accept, 3 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Prosser, Cole
MODIFY(1) Frech
NOOP(1) Ozancin
Comments:
Frech> ADDREF XF:nt-spoofed-lpc-port
=================================
Candidate: CAN-2000-0112
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000208
Assigned: 20000208
Category: CF
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952030018431&w=2
Reference: BID:960
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=960
Reference: XF:debian-mbr-bypass-security
The default installation of Debian Linux uses an insecure Master Boot
Record (MBR) which allows a local user to boot from a floppy disk
during the installation.
Modifications:
ADDREF XF:debian-mbr-bypass-security
INFERRED ACTION: CAN-2000-0112 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Cole, Prosser
MODIFY(1) Frech
NOOP(3) Wall, Ozancin, Blake
Comments:
Prosser> Add BID 934
Frech> XF:debian-mbr-bypass-security
=================================
Candidate: CAN-2000-0165
Published:
Final-Decision:
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net
Reference: CIAC:K-023
Reference: XF:delegate-proxy-bo
The Delegate application proxy has several buffer overflows which
allow a remote attacker to execute commands.
Modifications:
ADDREF CIAC:K-023
ADDREF XF:delegate-proxy-bo
INFERRED ACTION: CAN-2000-0165 ACCEPT (4 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(3) Cole, Blake, Prosser
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Ozancin
Comments:
Frech> XF:delegate-proxy-bo
Frech> Also consider Reference:CIAC:K-023
=================================
Candidate: CAN-2000-0181
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html
Reference: BID:1054
Reference: URL:http://www.securityfocus.com/bid/1054
Firewall-1 3.0 and 4.0 leaks packets with private IP address
information, which could allow remote attackers to determine the real
IP address of the host that is making the connection.
INFERRED ACTION: CAN-2000-0181 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0184
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000309
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html
Reference: BID:1037
Reference: URL:http://www.securityfocus.com/bid/1037
Linux printtool sets the permissions of printer configuration files to
be world-readable, which allows local attackers to obtain printer
share passwords.
INFERRED ACTION: CAN-2000-0184 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0185
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html
Reference: BID:1049
Reference: URL:http://www.securityfocus.com/bid/1049
RealMedia RealServer reveals the real IP address of a Real Server,
even if the address is supposed to be private.
INFERRED ACTION: CAN-2000-0185 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0192
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html
Reference: BID:1036
Reference: URL:http://www.securityfocus.com/bid/1036
The default installation of Caldera OpenLinux 2.3 includes the CGI
program rpm_query, which allows remote attackers to determine what
packages are installed on the system.
INFERRED ACTION: CAN-2000-0192 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0206
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000305 Oracle installer problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html
Reference: BID:1035
Reference: URL:http://www.securityfocus.com/bid/1035
The installation of Oracle 8.1.5.x on Linux follows symlinks and
creates the orainstRoot.sh file with world-writeable permissions,
which allows local users to gain privileges.
INFERRED ACTION: CAN-2000-0206 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0223
Published:
Final-Decision:
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html
Reference: BID:1047
Reference: URL:http://www.securityfocus.com/bid/1047
Buffer overflow in the wmcdplay CD player program for the WindowMaker
desktop allows local users to gain root privileges via a long
parameter.
INFERRED ACTION: CAN-2000-0223 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc