[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-20 - 31 candidates



The following cluster contains 31 candidates that were announced
between 5/11/2000 and 5/19/2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0305
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000509
Category: SF
Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240
Reference: MS:MS00-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp
Reference: BID:1236
Reference: URL:http://www.securityfocus.com/bid/1236
Reference: XF:ip-fragment-reassembly-dos

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal
Server systems allow a remote attacker to cause a denial of service by
sending a large number of identical fragmented IP packets, aka jolt2
or the "IP Fragment Reassembly" vulnerability.


ED_PRI CAN-2000-0305 1


VOTE:

=================================
Candidate: CAN-2000-0389
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: XF:kerberos-krb-rd-req-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows
remote attackers to gain root privileges.


ED_PRI CAN-2000-0389 1


VOTE:

=================================
Candidate: CAN-2000-0390
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: XF:kerberos-krb425-conv-principal-bo

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows
remote attackers to gain root privileges.


ED_PRI CAN-2000-0390 1


VOTE:

=================================
Candidate: CAN-2000-0391
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain
root privileges.


ED_PRI CAN-2000-0391 1


VOTE:

=================================
Candidate: CAN-2000-0392
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: XF:kerberos-ksu-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in ksu in Kerberos 5 allows local users to gain root
privileges.


ED_PRI CAN-2000-0392 1


VOTE:

=================================
Candidate: CAN-2000-0393
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 kscd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html
Reference: SUSE:20000529 kmulti <= 1.1.2
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_50.txt
Reference: XF:kscd-shell-env-variable
Reference: BID:1206
Reference: URL:http://www.securityfocus.com/bid/1206

The KDE kscd program does not drop privileges when executing a program
specified in a user's SHELL environmental variable, which allows the
user to gain privileges by specifying an alternate program to execute.


ED_PRI CAN-2000-0393 1


VOTE:

=================================
Candidate: CAN-2000-0405
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow
Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt
Reference: BID:1207
Reference: URL:http://www.securityfocus.com/bid/1207
Reference: XF:antisniff-dns-overflow

Buffer overflow in L0pht AntiSniff allows remote attackers to execute
arbitrary commands via a malformed DNS response packet.


ED_PRI CAN-2000-0405 1


VOTE:

=================================
Candidate: CAN-2000-0406
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: XF:netscape-invalid-ssl-sessions
Reference: CERT:CA-2000-05
Reference: URL:http://www.cert.org/advisories/CA-2000-05.html
Reference: REDHAT:RHSA-2000:028-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html
Reference: BID:1188
Reference: URL:http://www.securityfocus.com/bid/1188

Netscape Communicator before version 4.73 and Navigator 4.07 do not
properly validate SSL certificates, which allows remote attackers to
steal information by redirecting traffic from a legitimate web server
to their own malicious server, aka the "Acros-Suencksen SSL"
vulnerability.


ED_PRI CAN-2000-0406 1


VOTE:

=================================
Candidate: CAN-2000-0408
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MISC:http://www.ussrback.com/labs40.html
Reference: MS:MS00-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-030.asp
Reference: XF:iis-malformed-information-extension
Reference: XF:iis-url-extension-data-dos
Reference: BID:1190
Reference: URL:http://www.securityfocus.com/bid/1190

IIS 4.05 and 5.0 allow remote attackers to cause a denial of service
via a long, complex URL that appears to contain a large number of file
extensions, aka the "Malformed Extension Data in URL" vulnerability.


ED_PRI CAN-2000-0408 1


VOTE:

=================================
Candidate: CAN-2000-0419
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
Reference: BID:1197
Reference: URL:http://www.securityfocus.com/bid/1197

The Office 2000 UA ActiveX Control is marked as "safe for scripting,"
which allows remote attackers to conduct unauthorized activities via
the "Show Me" function in Office Help, aka the "Office 2000 UA
Control" vulnerability.


ED_PRI CAN-2000-0419 1


VOTE:

=================================
Candidate: CAN-2000-0464
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: XF:ie-malformed-component-attribute
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: BID:1223
Reference: URL:http://www.securityfocus.com/bid/1223

Internet Explorer 4.x and 5.x allows remote attackers to execute
arbitrary commands via a buffer overflow in the ActiveX parameter
parsing capability, aka the "Malformed Component Attribute"
vulnerability.


ED_PRI CAN-2000-0464 1


VOTE:

=================================
Candidate: CAN-2000-0465
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: XF:ie-frame-domain-verification
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: BID:1224
Reference: URL:http://www.securityfocus.com/bid/1224

Internet Explorer 4.x and 5.x does properly verify the domain of a
frame within a browser window, which allows a remote attacker to read
client files via the frame, aka the "Frame Domain Verification"
vulnerability.


ED_PRI CAN-2000-0465 1


VOTE:

=================================
Candidate: CAN-2000-0394
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2
Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com
Reference: XF:axent-netprowler-ipfrag-dos
Reference: BID:1225
Reference: URL:http://www.securityfocus.com/bid/1225

NetProwler 3.0 allows remote attackers to cause a denial of service by
sending malformed IP packets that trigger NetProwler's
Man-in-the-Middle signature.


ED_PRI CAN-2000-0394 2


VOTE:

=================================
Candidate: CAN-2000-0407
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html
Reference: XF:sol-netpr-bo
Reference: BID:1200
Reference: URL:http://www.securityfocus.com/bid/1200

Buffer overflow in Solaris netpr program allows local users to execute
arbitrary commands via a long -p option.


ED_PRI CAN-2000-0407 2


VOTE:

=================================
Candidate: CAN-2000-0436
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html
Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html
Reference: BID:1231
Reference: URL:http://www.securityfocus.com/bid/1231

MetaProducts Offline Explorer 1.2 and earlier allows remote attackers
to access arbitrary files via a .. (dot dot) attack.


ED_PRI CAN-2000-0436 2


VOTE:

=================================
Candidate: CAN-2000-0395
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org
Reference: XF:cproxy-http-dos
Reference: BID:1213
Reference: URL:http://www.securityfocus.com/bid/1213

Buffer overflow in CProxy 3.3 allows remote users to cause a denial of
service via a long HTTP request.


ED_PRI CAN-2000-0395 3


VOTE:

=================================
Candidate: CAN-2000-0397
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html
Reference: XF:emurl-account-access
Reference: BID:1203
Reference: URL:http://www.securityfocus.com/bid/1203

The EMURL web-based email account software encodes predictable
identifiers in user session URLs, which allows a remote attacker to
access a user's email account.


ED_PRI CAN-2000-0397 3


VOTE:

=================================
Candidate: CAN-2000-0400
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 MICROSOFT SECURITY FLAW?
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95868514521257&w=2
Reference: BID:1221
Reference: URL:http://www.securityfocus.com/bid/1221
Reference: XF:ie-active-movie-control

The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does
not restrict which file types can be downloaded, which allows an
attacker to download any type of file to a user's system by encoding
it within an email message or news post.


ED_PRI CAN-2000-0400 3


VOTE:

=================================
Candidate: CAN-2000-0415
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000512 Overflow in Outlook Express 4.* - too long filenames with graphic format extension
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0140.html
Reference: BID:1195
Reference: URL:http://www.securityfocus.com/bid/1195

Buffer overflow in Outlook Express 4.x allows attackers to cause a
denial of service via a mail or news message that has a .jpg or .bmp
attachment with a long file name.


ED_PRI CAN-2000-0415 3


VOTE:

=================================
Candidate: CAN-2000-0416
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000511 NTMail Proxy Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net
Reference: BID:1196
Reference: URL:http://www.securityfocus.com/bid/1196

NTMail 5.x allows network users to bypass the NTMail proxy
restrictions by redirecting their requests to NTMail's web
configuration server.


ED_PRI CAN-2000-0416 3


VOTE:

=================================
Candidate: CAN-2000-0420
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: CF
Reference: NTBUGTRAQ:20000511 ISS SAVANT Advisory 00/26
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0112.html
Reference: BID:1198
Reference: URL:http://www.securityfocus.com/bid/1198

The default configuration of SYSKEY in Windows 2000 stores the startup
key in the registry, which could allow an attacker tor ecover it and
use it to decrypt Encrypted File System (EFS) data.


ED_PRI CAN-2000-0420 3


VOTE:

=================================
Candidate: CAN-2000-0421
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html
Reference: BID:1199
Reference: URL:http://www.securityfocus.com/bid/1199

The process_bug.cgi script in Bugzilla allows remote attackers to
execute arbitrary commands via sehll metacharacters.


ED_PRI CAN-2000-0421 3


VOTE:

=================================
Candidate: CAN-2000-0424
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000514
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil
Reference: BID:1202
Reference: URL:http://www.securityfocus.com/bid/1202

The CGI counter 4.0.7 by George Burgyan allows remote attackers to
execute arbitrary commands via shell metacharacters.


ED_PRI CAN-2000-0424 3


VOTE:

=================================
Candidate: CAN-2000-0432
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html
Reference: BID:1215
Reference: URL:http://www.securityfocus.com/bid/1215

The calender.pl and the calendar_admin.pl calendar scripts by Matt
Kruse allow remote attackers to execute arbitrary commands via shell
metacharacters.


ED_PRI CAN-2000-0432 3


VOTE:

=================================
Candidate: CAN-2000-0434
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: CF
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
Reference: BID:1217
Reference: URL:http://www.securityfocus.com/bid/1217

The administrative password for the Allmanage web site administration
software is stored in plaintext in a file which could be accessed by
remote attackers.


ED_PRI CAN-2000-0434 3


VOTE:

=================================
Candidate: CAN-2000-0435
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
Reference: BID:1217
Reference: URL:http://www.securityfocus.com/bid/1217

The allmanageup.pl file upload CGI script in the Allmanage Website
administration software 2.6 can be called directly by remote
attackers, which allows them to modify user accounts or web pages.


ED_PRI CAN-2000-0435 3


VOTE:

=================================
Candidate: CAN-2000-0450
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 FW: Security Notice: Big Brother System and Network Monitor
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0216.html
Reference: BID:1257
Reference: URL:http://www.securityfocus.com/bid/1257

Vulnerability in bbd server in Big Brother System and Network Monitor
allows an attacker to execute arbitrary commands.


ED_PRI CAN-2000-0450 3


VOTE:

=================================
Candidate: CAN-2000-0451
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html
Reference: BID:1228
Reference: URL:http://www.securityfocus.com/bid/1228

The Intel express 8100 ISDN router allows remote attackers to cause a
denial of service via oversized or fragmented ICMP packets.


ED_PRI CAN-2000-0451 3


VOTE:

=================================
Candidate: CAN-2000-0452
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html
Reference: XF:lotus-domino-esmtp-bo
Reference: BID:1229
Reference: URL:http://www.securityfocus.com/bid/1229

Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1
allows remote attackers to cause a denial of service via a long MAIL
FROM command.


ED_PRI CAN-2000-0452 3


VOTE:

=================================
Candidate: CAN-2000-0453
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html
Reference: BID:1235
Reference: URL:http://www.securityfocus.com/bid/1235

XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a
negative counter value in a malformed TCP packet that is sent to port
6000.


ED_PRI CAN-2000-0453 3


VOTE:

=================================
Candidate: CAN-2000-0463
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html
Reference: XF:beos-tcp-frag-dos
Reference: BID:1222
Reference: URL:http://www.securityfocus.com/bid/1222

BeOS 5.0 allows remote attackers to cause a denial of service via
fragmented TCP packets.


ED_PRI CAN-2000-0463 3


VOTE:

Page Last Updated or Reviewed: May 22, 2007