[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[FINAL] ACCEPT 34 candidates from various clusters
I have made a Final Decision to ACCEPT the following candidates.
These candidates are now assigned CVE names as noted below. The
resulting CVE entries will be published in the near future in a new
version of CVE. Voting details and comments are provided at the end
of this report.
- Steve
Candidate CVE Name
--------- ----------
CAN-1999-0203 CVE-1999-0203
CAN-1999-0780 CVE-1999-0780
CAN-1999-0781 CVE-1999-0781
CAN-1999-0782 CVE-1999-0782
CAN-1999-0803 CVE-1999-0803
CAN-1999-0824 CVE-1999-0824
CAN-1999-0889 CVE-1999-0889
CAN-1999-0895 CVE-1999-0895
CAN-1999-0897 CVE-1999-0897
CAN-1999-0950 CVE-1999-0950
CAN-1999-0957 CVE-1999-0957
CAN-1999-0997 CVE-1999-0997
CAN-1999-1005 CVE-1999-1005
CAN-1999-1007 CVE-1999-1007
CAN-1999-1010 CVE-1999-1010
CAN-2000-0010 CVE-2000-0010
CAN-2000-0012 CVE-2000-0012
CAN-2000-0014 CVE-2000-0014
CAN-2000-0020 CVE-2000-0020
CAN-2000-0024 CVE-2000-0024
CAN-2000-0033 CVE-2000-0033
CAN-2000-0042 CVE-2000-0042
CAN-2000-0043 CVE-2000-0043
CAN-2000-0050 CVE-2000-0050
CAN-2000-0051 CVE-2000-0051
CAN-2000-0070 CVE-2000-0070
CAN-2000-0112 CVE-2000-0112
CAN-2000-0165 CVE-2000-0165
CAN-2000-0181 CVE-2000-0181
CAN-2000-0184 CVE-2000-0184
CAN-2000-0185 CVE-2000-0185
CAN-2000-0192 CVE-2000-0192
CAN-2000-0206 CVE-2000-0206
CAN-2000-0223 CVE-2000-0223
=================================
Candidate: CAN-1999-0203
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 19990630
Assigned: 19990607
Category: SF
Reference: CERT:CA-95.08
Reference: CIAC:E-03
Reference: XF:smtp-sendmail-version5
In Sendmail, attackers can gain root privileges via SMTP by specifying
an improper "mail from" address and an invalid "rcpt to" address that would
cause the mail to bounce to a program.
Modifications:
ADDREF CERT:CA-95.08
ADDREF CIAC:E-03
ADDREF XF:smtp-sendmail-version5
INFERRED ACTION: CAN-1999-0203 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(5) Hill, Blake, Balinsky, Ozancin, Northcutt
MODIFY(1) Frech
NOOP(1) Christey
Comments:
Christey> Description needs to be more specific to distinguish between
Christey> this and CAN-1999-0163, as alluded to by Adam Shostack
Frech> XF:smtp-sendmail-version5
=================================
Candidate: CAN-1999-0780
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-process-kill
KDE klock allows local users to kill arbitrary processes by specifying
an arbitrary PID in the .kss.pid file.
Modifications:
ADDREF XF:kde-klock-process-kill
INFERRED ACTION: CAN-1999-0780 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:kde-klock-process-kill
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-1999-0781
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-klock-bindir-trojans
KDE allows local users to execute arbitrary commands by setting the
KDEDIR environmental variable to modify the search path that KDE uses
to locate its executables.
Modifications:
ADDREF XF:kde-klock-bindir-trojans
INFERRED ACTION: CAN-1999-0781 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:kde-klock-bindir-trojans
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-1999-0782
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9811C&L=bugtraq&P=R2457
Reference: XF:kde-kppp-directory-create
KDE kppp allows local users to create a directory in an arbitrary
location via the HOME environmental variable.
Modifications:
ADDREF XF:kde-kppp-directory-create
INFERRED ACTION: CAN-1999-0782 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> kde-kppp-directory-create
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-1999-0803
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000313-01
Proposed: 19991222
Assigned: 19991125
Category: SF
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=92765973207648&w=2
Reference: XF:ibm-enfirewall-tmpfiles
The fwluser script in AIX eNetwork Firewall allows local users to
write to arbitrary files via a symlink attack.
Modifications:
CHANGEREF BUGTRAQ [add date]
ADDREF XF:ibm-enfirewall-tmpfiles
INFERRED ACTION: CAN-1999-0803 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Ozancin
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:ibm-efirewall-tmpfiles
Frech> BUGTRAQ: add 19990525
Christey> This candidate is unconfirmed by the vendor.
Christey>
Christey> Poster claims that APAR (IR39562) was created.
=================================
Candidate: CAN-1999-0824
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BID:833
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=833
Reference: NTBUGTRAQ:19991130 SUBST problem
Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd)
A Windows NT user can use SUBST to map a drive letter to a folder,
which is not unmapped after the user logs off, potentially allowing
that user to modify the location of folders accessed by later users.
INFERRED ACTION: CAN-1999-0824 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Stracener, Prosser, Armstrong
MODIFY(1) Frech
NOOP(1) Cole
Comments:
Frech> XF:nt-subst
=================================
Candidate: CAN-1999-0889
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense
Reference: XF:cisco-cbos-telnet
Cisco 675 routers running CBOS allow remote attackers to establish
telnet sessions if an exec or superuser password has not been set.
Modifications:
ADDREF XF:cisco-cbos-telnet
INFERRED ACTION: CAN-1999-0889 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
Comments:
Frech> XF:cisco-cbos-telnet
=================================
Candidate: CAN-1999-0895
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net
Reference: BID:725
Reference: XF:checkpoint-ldap-auth
Firewall-1 does not properly restrict access to LDAP attributes.
Modifications:
ADDREF BID:725
ADDREF XF:checkpoint-ldap-auth
INFERRED ACTION: CAN-1999-0895 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Christey> This candidate is unconfirmed by the vendor.
Frech> XF:checkpoint-ldap-auth
=================================
Candidate: CAN-1999-0897
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 19991214
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=90538488231977&w=2
Reference: XF:ichat-file-read-vuln
iChat ROOMS Webserver allows remote attackers to read arbitrary files
via a .. (dot dot) attack.
Modifications:
ADDREF XF:ichat-file-read-vuln
CHANGEREF BUGTRAQ [correct date]
INFERRED ACTION: CAN-1999-0897 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Blake, Stracener
MODIFY(1) Frech
NOOP(3) Cole, Christey, LeBlanc
Comments:
Christey> This candidate is unconfirmed by the vendor.
Christey>
Christey> Two Bugtraq followups claim the problem has been fixed.
Frech> XF:ichat-file-read-vuln
Frech> BUGTRAQ: reference date may be wrong. verify that it is not 199_8_0908.
=================================
Candidate: CAN-1999-0950
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Reference: BID:747
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=747
Reference: XF:wftpd-mkd-bo
Buffer overflow in WFTPD FTP server allows remote attackers to gain
root access via a series of MKD and CWD commands that create nested
directories.
Modifications:
ADDREF XF:wftpd-mkd-bo
INFERRED ACTION: CAN-1999-0950 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:wftpd-mkd-bo
=================================
Candidate: CAN-1999-0957
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991208
Category: SF
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3
Reference: XF:majorcool-file-overwrite-vuln
MajorCool mj_key_cache program allows local users to modify files via
a symlink attack.
Modifications:
ADDREF XF:majorcool-file-overwrite-vuln
INFERRED ACTION: CAN-1999-0957 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Meunier
MODIFY(1) Frech
Comments:
Frech> XF:majorcool-file-overwrite-vuln
=================================
Candidate: CAN-1999-0997
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: CF
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
Reference: XF:wuftp-ftp-conversion
wu-ftp with FTP conversion enabled allows an attacker to execute
commands via a malformed file name that is interpreted as an argument
to the program that does the conversion, e.g. tar or uncompress.
Modifications:
ADDREF XF:wuftp-ftp-conversion
INFERRED ACTION: CAN-1999-0997 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Wall, Cole, Stracener
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:wuftp-ftp-conversion
Christey> This candidate is unconfirmed by the vendor.
Christey> XF:wuftp-ftp-conversion does not exist.
Christey>
Christey> Posted by suid@suid.kg. See http://www.suid.edu/advisories/001.txt
Christey> for details.
=================================
Candidate: CAN-1999-1005
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94571433731824&w=2
Reference: XF:groupwise-web-read-files
Reference: BID:879
Groupwise web server GWWEB.EXE allows remote attackers to read
arbitrary files with .htm extensions via a .. (dot dot) attack using
the HELP parameter.
Modifications:
ADDREF XF:groupwise-web-read-files
ADDREF BID:879
INFERRED ACTION: CAN-1999-1005 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
NOOP(3) Wall, Christey, LeBlanc
Comments:
Frech> XF:groupwise-web-read-files
Christey> This candidate is unconfirmed by the vendor.
Christey> XF:groupwise-web-read-files does not exist.
Christey>
Christey> Multiple Bugtraq followups indicate the problem may be more
Christey> severe than the current CVE description indicates.
=================================
Candidate: CAN-1999-1007
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: http://marc.theaimsgroup.com/?l=bugtraq&m=94512259331599&w=2
Reference: XF:vdolive-bo-execute
Reference: BID:872
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=872
Buffer overflow in VDO Live Player allows remote attackers to execute
commands on the VDO client via a malformed .vdo file.
Modifications:
ADDREF XF:vdolive-bo-execute
INFERRED ACTION: CAN-1999-1007 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Wall, Cole, Stracener
MODIFY(1) Frech
NOOP(2) Christey, LeBlanc
Comments:
Frech> XF:vdolive-bo-execute
Christey> This candidate is unconfirmed by the vendor.
Christey> XF:vdolive-bo-execute does not exist.
Christey>
Christey> Posted by UNYUN of Shadow Penguin Security.
=================================
Candidate: CAN-1999-1010
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 19991222
Assigned: 19991221
Category: SF
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94519142415338&w=2
Reference: XF:ssh-policy-bypass
An SSH 1.2.27 server allows a client to use the "none" cipher, even if
it is not allowed by the server policy.
Modifications:
ADDREF XF:ssh-policy-bypass
INFERRED ACTION: CAN-1999-1010 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Cole, Stracener
MODIFY(1) Frech
NOOP(3) Wall, Christey, LeBlanc
Comments:
Frech> XF:ssh-policy-bypass
Christey> This candidate is unconfirmed by the vendor.
=================================
Candidate: CAN-2000-0010
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Reference: XF:http-cgi-webwhoplus
WebWho+ whois.cgi program allows remote attackers to execute commands
via shell metacharacters in the TLD parameter.
Modifications:
ADDREF XF:http-cgi-webwhoplus
INFERRED ACTION: CAN-2000-0010 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> http-cgi-webwhoplus
=================================
Candidate: CAN-2000-0012
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
Reference: BID:898
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=898
Reference: XF:w3-msql-scanf-bo
Buffer overflow in w3-msql CGI program in miniSQL package allows
remote attackers to execute commands.
Modifications:
ADDREF XF:w3-msql-scanf-bo
INFERRED ACTION: CAN-2000-0012 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:w3-msql-scanf-bo
=================================
Candidate: CAN-2000-0014
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
Reference: BID:897
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=897
Reference: XF:savant-server-null-dos
Denial of service in Savant web server via a null character in the
requested URL.
Modifications:
ADDREF XF:savant-server-null-dos
INFERRED ACTION: CAN-2000-0014 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:savant-server-null-dos
=================================
Candidate: CAN-2000-0020
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos
DNS PRO allows remote attackers to conduct a denial of service via a
large number of connections.
Modifications:
ADDREF XF:dnspro-flood-dos
INFERRED ACTION: CAN-2000-0020 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:dnspro-flood-dos
=================================
Candidate: CAN-2000-0024
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: MS:MS99-061
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms99-061.asp
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: XF:iis-badescapes
Reference: MSKB:Q246401
IIS does not properly canonicalize URLs, potentially allowing remote
attackers to bypass access restrictions in third-party software via
escape characters, aka the "Escape Character Parsing" vulnerability.
Modifications:
ADDREF XF:iis-badescapes
ADDREF MSKB:Q246401
INFERRED ACTION: CAN-2000-0024 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Ozancin, Armstrong, Cole
MODIFY(2) Stracener, Frech
Comments:
Stracener> Add Ref: MSKB:Q246401
Ozancin> with Stracenr's addition
Frech> XF:iis-badescapes
=================================
Candidate: CAN-2000-0033
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Reference: BID:899
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=899
Reference: XF:interscan-viruswall-bypass
InterScan VirusWall SMTP scanner does not properly scan messages with
malformed attachments.
Modifications:
ADDREF XF:interscan-viruswall-bypass
INFERRED ACTION: CAN-2000-0033 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:interscan-viruswall-bypass
=================================
Candidate: CAN-2000-0042
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A
Reference: XF:csm-server-bo
Reference: BID:895
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=895
Buffer overflow in CSM mail server allows remote attackers to cause a
denial of service or execute commands via a long HELO command.
Modifications:
ADDREF XF:csm-server-bo
INFERRED ACTION: CAN-2000-0042 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:csm-server-bo
=================================
Candidate: CAN-2000-0043
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Reference: BID:905
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=905
Reference: XF:camshot-http-get-overflow
Buffer overflow in CamShot WebCam HTTP server allows remote attackers
to execute commands via a long GET request.
Modifications:
ADDREF XF:camshot-http-get-overflow
INFERRED ACTION: CAN-2000-0043 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:camshot-http-get-overflow
=================================
Candidate: CAN-2000-0050
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full
Reference: XF:allaire-webtop-access
Reference: BID:915
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=915
The Allaire Spectra Webtop allows authenticated users to access other
Webtop sections by specifying explicit URLs.
Modifications:
ADDREF XF:allaire-webtop-access
INFERRED ACTION: CAN-2000-0050 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Prosser, Cole
MODIFY(1) Frech
NOOP(1) Ozancin
Comments:
Frech> XF:allaire-webtop-access
=================================
Candidate: CAN-2000-0051
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full
Reference: BID:916
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=916
Reference: XF:allaire-spectra-config-dos
The Allaire Spectra Configuration Wizard allows remote attackers to
cause a denial of service by repeatedly resubmitting data collections
for indexing via a URL.
Modifications:
ADDREF XF:allaire-spectra-config-dos
INFERRED ACTION: CAN-2000-0051 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Prosser, Cole
MODIFY(1) Frech
NOOP(1) Ozancin
Comments:
Frech> XF:allaire-spectra-config-dos
=================================
Candidate: CAN-2000-0070
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-02
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-003.asp
Reference: MSKB:Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port
Reference: BID:934
NtImpersonateClientOfPort local procedure call in Windows NT 4.0
allows local users to gain privileges, aka "Spoofed LPC Port Request."
Modifications:
ADDREF XF:nt-spoofed-lpc-port
ADDREF BID:934
INFERRED ACTION: CAN-2000-0070 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Prosser, Cole
MODIFY(1) Frech
NOOP(1) Ozancin
Comments:
Frech> ADDREF XF:nt-spoofed-lpc-port
=================================
Candidate: CAN-2000-0112
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000208
Assigned: 20000208
Category: CF
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94973075614088&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94952030018431&w=2
Reference: BID:960
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=960
Reference: XF:debian-mbr-bypass-security
The default installation of Debian Linux uses an insecure Master Boot
Record (MBR) which allows a local user to boot from a floppy disk
during the installation.
Modifications:
ADDREF XF:debian-mbr-bypass-security
INFERRED ACTION: CAN-2000-0112 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(2) Cole, Prosser
MODIFY(1) Frech
NOOP(3) Wall, Ozancin, Blake
Comments:
Prosser> Add BID 934
Frech> XF:debian-mbr-bypass-security
=================================
Candidate: CAN-2000-0165
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified: 20000418-01
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=Pine.BSF.4.10.10002100058420.43483-100000@hydrant.intranova.net
Reference: CIAC:K-023
Reference: XF:delegate-proxy-bo
The Delegate application proxy has several buffer overflows which
allow a remote attacker to execute commands.
Modifications:
ADDREF CIAC:K-023
ADDREF XF:delegate-proxy-bo
INFERRED ACTION: CAN-2000-0165 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Cole, Blake, Prosser
MODIFY(1) Frech
NOOP(3) Wall, LeBlanc, Ozancin
Comments:
Frech> XF:delegate-proxy-bo
Frech> Also consider Reference:CIAC:K-023
=================================
Candidate: CAN-2000-0181
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html
Reference: BID:1054
Reference: URL:http://www.securityfocus.com/bid/1054
Firewall-1 3.0 and 4.0 leaks packets with private IP address
information, which could allow remote attackers to determine the real
IP address of the host that is making the connection.
INFERRED ACTION: CAN-2000-0181 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0184
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: CF
Reference: BUGTRAQ:20000309
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html
Reference: BID:1037
Reference: URL:http://www.securityfocus.com/bid/1037
Linux printtool sets the permissions of printer configuration files to
be world-readable, which allows local attackers to obtain printer
share passwords.
INFERRED ACTION: CAN-2000-0184 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0185
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html
Reference: BID:1049
Reference: URL:http://www.securityfocus.com/bid/1049
RealMedia RealServer reveals the real IP address of a Real Server,
even if the address is supposed to be private.
INFERRED ACTION: CAN-2000-0185 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0192
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: CF
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html
Reference: BID:1036
Reference: URL:http://www.securityfocus.com/bid/1036
The default installation of Caldera OpenLinux 2.3 includes the CGI
program rpm_query, which allows remote attackers to determine what
packages are installed on the system.
INFERRED ACTION: CAN-2000-0192 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0206
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000305 Oracle installer problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html
Reference: BID:1035
Reference: URL:http://www.securityfocus.com/bid/1035
The installation of Oracle 8.1.5.x on Linux follows symlinks and
creates the orainstRoot.sh file with world-writeable permissions,
which allows local users to gain privileges.
INFERRED ACTION: CAN-2000-0206 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc
=================================
Candidate: CAN-2000-0223
Published:
Final-Decision: 20000425
Interim-Decision: 20000418
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html
Reference: BID:1047
Reference: URL:http://www.securityfocus.com/bid/1047
Buffer overflow in the wmcdplay CD player program for the WindowMaker
desktop allows local users to gain root privileges via a long
parameter.
INFERRED ACTION: CAN-2000-0223 FINAL (Final Decision 20000425)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
NOOP(2) Wall, LeBlanc