[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-15 - 29 candidates



The following cluster contains 29 candidates that were announced
between March 26 and April 12, 2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0251
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: HP:HPSBUX0004-112
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html
Reference: BID:1090
Reference: URL:http://www.securityfocus.com/bid/1090

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes
via an interface that has multiple aliased IP addresses.


ED_PRI CAN-2000-0251 1


VOTE:

=================================
Candidate: CAN-2000-0258
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: MS:MS00-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-023.asp
Reference: BID:1101
Reference: URL:http://www.securityfocus.com/bid/1101

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service
by sending many URLs with a large number of escaped characters, aka
the "Myriad Escaped Characters" Vulnerability.


ED_PRI CAN-2000-0258 1


VOTE:

=================================
Candidate: CAN-2000-0277
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: MS:MS00-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-022.asp
Reference: BID:1087
Reference: URL:http://www.securityfocus.com/bid/1087

Microsoft Excel 97 and 2000 does not warn the user when executing
Excel Macro Language (XLM) macros in external text files, which could
allow an attacker to execute a macro virus, aka the "XLM Text Macro"
vulnerability.


ED_PRI CAN-2000-0277 1


VOTE:

=================================
Candidate: CAN-2000-0294
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF/CF/MP/SA/AN/unknown
Reference: FREEBSD:FreeBSD-SA-00:12
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162
Reference: BID:1107
Reference: URL:http://www.securityfocus.com/bid/1107

Buffer overflow in healthd for FreeBSD allows local users to gain root
privileges.


ED_PRI CAN-2000-0294 1


VOTE:

=================================
Candidate: CAN-2000-0297
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: ALLAIRE:ASB00-06
Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full
Reference: BID:1085
Reference: URL:http://www.securityfocus.com/bid/1085

Allaire Forums 2.0.5 allows remote attackers to bypass access
restrictions to secure conferences via the rightAccessAllForums or
rightModerateAllForums variables.


ED_PRI CAN-2000-0297 1


VOTE:

=================================
Candidate: CAN-2000-0261
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103

The AVM KEN! web server allows remote attackers to read arbitrary
files via a .. (dot dot) attack.


ED_PRI CAN-2000-0261 2


VOTE:

=================================
Candidate: CAN-2000-0262
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103

The AVM KEN! ISDN Proxy server allows remote attackers to cause a
denial of service via a malformed request.


ED_PRI CAN-2000-0262 2


VOTE:

=================================
Candidate: CAN-2000-0274
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html
Reference: MISC:http://www.braysystems.com/linux/trustees.html
Reference: BID:1096
Reference: URL:http://www.securityfocus.com/bid/1096

The Linux trustees kernel patch allows attackers to cause a denial of
service by accessing a file or directory with a long name.


ED_PRI CAN-2000-0274 2


VOTE:

=================================
Candidate: CAN-2000-0279
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000407 BeOS Networking DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html
Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312
Reference: BID:1100
Reference: URL:http://www.securityfocus.com/bid/1100

BeOS allows remote attackers to cause a denial of service via
malformed packets whose length field is less than the length of the
headers.


ED_PRI CAN-2000-0279 2


VOTE:

=================================
Candidate: CAN-2000-0255
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html
Reference: BID:1091
Reference: URL:http://www.securityfocus.com/bid/1091

The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a
denial of service via a scan for the FormMail CGI program.


ED_PRI CAN-2000-0255 3


VOTE:

=================================
Candidate: CAN-2000-0259
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: CF
Reference: MS:MS00-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-024.asp
Reference: BID:1105
Reference: URL:http://www.securityfocus.com/bid/1105

The default permissions for the Cryptography\Offload registry key used
by the OffloadModExpo in Windows NT 4.0 allows local users to obtain
compromise the cryptographic keys of other users.


ED_PRI CAN-2000-0259 3


VOTE:

=================================
Candidate: CAN-2000-0273
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html
Reference: BID:1095
Reference: URL:http://www.securityfocus.com/bid/1095

PCAnywhere allows remote attackers to cause a denial of service by
terminating the connection before PCAnywhere provides a login prompt.


ED_PRI CAN-2000-0273 3


VOTE:

=================================
Candidate: CAN-2000-0275
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: L0PHT:20000410 CRYPTOCard PalmToken PIN Extraction
Reference: URL:http://www.l0pht.com/advisories/cc-pinextract.txt
Reference: BUGTRAQ:20000410 CRYPTOAdmin 4.1 server with PalmPilot PT-1 token 1.04 PIN Extract ion
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0033.html
Reference: BID:1097
Reference: URL:http://www.securityfocus.com/bid/1097

CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a
user's PIN number, which allows an attacker with access to the .PDB
file to generate valid PT-1 tokens after cracking the PIN.


ED_PRI CAN-2000-0275 3


VOTE:

=================================
Candidate: CAN-2000-0276
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000410 BeOS syscall bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com
Reference: BID:1098
Reference: URL:http://www.securityfocus.com/bid/1098

BeOS 4.5 and 5.0 allow local users to cause a denial of service via
malformed direct system calls using interrupt 37.


ED_PRI CAN-2000-0276 3


VOTE:

=================================
Candidate: CAN-2000-0278
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html
Reference: BID:1089
Reference: URL:http://www.securityfocus.com/bid/1089

The SalesLogix Eviewer allows remote attackers to cause a denial of
service by accessing the URL for the slxweb.dll administration
program, which does not authenticate the user.


ED_PRI CAN-2000-0278 3


VOTE:

=================================
Candidate: CAN-2000-0280
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000403 Win32 RealPlayer 6/7 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0018.html
Reference: BID:1088
Reference: URL:http://www.securityfocus.com/bid/1088

Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7
allows remote attackers to cause a denial of service via a long
Location URL.


ED_PRI CAN-2000-0280 3


VOTE:

=================================
Candidate: CAN-2000-0281
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000326 neat little napster bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0277.html
Reference: BUGTRAQ:20000330 Napster, Inc. response to Colten Edwards
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0299.html

Buffer overflow in the Napster client beta 5 allows remote attackers
to cause a denial of service via a long message.


ED_PRI CAN-2000-0281 3


VOTE:

=================================
Candidate: CAN-2000-0282
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html
Reference: BID:1102
Reference: URL:http://www.securityfocus.com/bid/1102

TalentSoft webpsvr daemon in the Web+ shopping cart application allows
remote attackers to read arbitrary files via a .. (dot dot) attack on
the webplus CGI program.


ED_PRI CAN-2000-0282 3


VOTE:

=================================
Candidate: CAN-2000-0283
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: CF
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: BID:1106
Reference: URL:http://www.securityfocus.com/bid/1106

The default installation of IRIX Performance Copilot allows remote
attackers to access sensitive system information via the pmcd daemon.


ED_PRI CAN-2000-0283 3


VOTE:

=================================
Candidate: CAN-2000-0287
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
Reference: BID:1104
Reference: URL:http://www.securityfocus.com/bid/1104

The BizDB CGI script bizdb-search.cgi allows remote attackers to
execute arbitrary commands via shell metacharacters in the dbname
parameter.


ED_PRI CAN-2000-0287 3


VOTE:

=================================
Candidate: CAN-2000-0288
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000412 Infonautic's getdoc.cgi may allow unauthorized access to documents
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0049.html

Infonautics getdoc.cgi allows remote attackers to bypass the payment
phase for accessing documents via a modified form variable.


ED_PRI CAN-2000-0288 3


VOTE:

=================================
Candidate: CAN-2000-0289
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
Reference: BID:1078
Reference: URL:http://www.securityfocus.com/bid/1078

IP masquerading in Linux 2.2.x allows remote attackers to route UDP
packets through the internal interface by modifying the external
source IP address and port number to match those of an established
connection.


ED_PRI CAN-2000-0289 3


VOTE:

=================================
Candidate: CAN-2000-0290
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html

Buffer overflow in Webstar HTTP server allows remote attackers to
cause a denial of service via a long GET request.


ED_PRI CAN-2000-0290 3


VOTE:

=================================
Candidate: CAN-2000-0296
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system()
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html
Reference: BID:1086
Reference: URL:http://www.securityfocus.com/bid/1086

fcheck allows local users to gain privileges by embedding shell
metacharacters into file names that are processed by fcheck.


ED_PRI CAN-2000-0296 3


VOTE:

=================================
Candidate: CAN-2000-0298
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: CF
Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html

The unattended installation of Windows 2000 with the OEMPreinstall
option sets insecure permissions for the All Users and Default Users
directories.


ED_PRI CAN-2000-0298 3


VOTE:

=================================
Candidate: CAN-2000-0299
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000404 WebObjects DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0020.html

Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5
package allows remote attackers to cause a denial of service via an
HTTP request with long headers such as Accept.


ED_PRI CAN-2000-0299 3


VOTE:

=================================
Candidate: CAN-2000-0300
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000405 PcAnywhere weak password encryption
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000406030958.23902.qmail@securityfocus.com
Reference: BID:1093
Reference: URL:http://www.securityfocus.com/bid/1093

The default encryption method of PcAnywhere 9.x uses weak encryption,
which allows remote attackers to sniff and decrypt PcAnywhere or NT
domain accounts.


ED_PRI CAN-2000-0300 3


VOTE:

=================================
Candidate: CAN-2000-0301
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95505800117143&w=2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95507019226096&w=2
Reference: BID:1094
Reference: URL:http://www.securityfocus.com/bid/1094

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to
cause a denial of service via the AUTH CRAM-MD5 command.


ED_PRI CAN-2000-0301 3


VOTE:

=================================
Candidate: CAN-2000-0302
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95453598317340&w=2
Reference: MS:MS00-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-006.asp
Reference: BID:1084
Reference: URL:http://www.securityfocus.com/bid/1084

Microsoft Index Server allows remote attackers to view the source code
of ASP files by appending a %20 to the filename in the CiWebHitsFile
argument to the null.htw URL.


ED_PRI CAN-2000-0302 3


VOTE:

Page Last Updated or Reviewed: May 22, 2007