[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: [PROPOSAL] Cluster RECENT-21 - 28 candidates
* Steven M. Christey (coley@LINUS.MITRE.ORG) [000615 03:02]:
> The following cluster contains 28 candidates that were announced
> between 5/21/2000 and 6/8/2000.
>
> The candidates are listed in order of priority. Priority 1 and
> Priority 2 candidates both deal with varying levels of vendor
> confirmation, so they should be easy to review and it can be trusted
> that the problems are real.
>
> If you discover that any RECENT-XX cluster is incomplete with respect
> to the problems discovered during the associated time frame, please
> send that information to me so that candidates can be assigned.
>
> - Steve
>
>
> Summary of votes to use (in ascending order of "severity")
> ----------------------------------------------------------
>
> ACCEPT - voter accepts the candidate as proposed
> NOOP - voter has no opinion on the candidate
> MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
> REVIEWING - voter is reviewing/researching the candidate, or needs more info
> RECAST - candidate must be significantly modified, e.g. split or merged
> REJECT - candidate is "not a vulnerability", or a duplicate, etc.
>
> 1) Please write your vote on the line that starts with "VOTE: ". If
> you want to add comments or details, add them to lines after the
> VOTE: line.
>
> 2) If you see any missing references, please mention them so that they
> can be included. References help greatly during mapping.
>
> 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
> So if you don't have sufficient information for a candidate but you
> don't want to NOOP, use a REVIEWING.
>
> ********** NOTE ********** NOTE ********** NOTE ********** NOTE **********
>
> Please keep in mind that your vote and comments will be recorded and
> publicly viewable in the mailing list archives or in other formats.
>
> =================================
> Candidate: CAN-2000-0376
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000606
> Category: SF
> Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software
>
> Buffer overflow in the HTTP proxy server for the i-drive Filo software
> allows remote attackers to execute arbitrary commands via a long HTTP
> GET request.
>
>
> ED_PRI CAN-2000-0376 1
>
>
> VOTE: MODIFY
Reference: BID 1324
>
> =================================
> Candidate: CAN-2000-0377
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000608
> Category: SF
> Reference: MS:MS00-040
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp
>
> The Remote Registry server in Windows NT 4.0 allows local
> authenticated users to cause a denial of service via a malformed
> request, which causes the winlogon process to fail, aka the "Remote
> Registry Access Authentication" vulnerability.
>
>
> ED_PRI CAN-2000-0377 1
>
>
> VOTE: MODIFY
Reference: BID 1331
> =================================
> Candidate: CAN-2000-0402
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: MS:MS00-035
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp
> Reference: BID:1281
> Reference: URL:http://www.securityfocus.com/bid/1281
> Reference: XF:mssql-agent-stored-pw
>
> The Mixed Mode authentication capability in Microsoft SQL Server 7.0
> stores the System Administrator (sa) account in plaintext in a log
> file which is readable by any user, aka the "SQL Server 7.0 Service
> Pack Password" vulnerability.
>
>
> ED_PRI CAN-2000-0402 1
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0403
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: MS:MS00-036
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
> Reference: XF:win-browser-hostannouncement
> Reference: BID:1261
> Reference: URL:http://www.securityfocus.com/bid/1261
>
> The CIFS Computer Browser service on Windows NT 4.0 allows a remote
> attacker to cause a denial of service by sending a large number of
> host announcement requests to the master browse tables, aka the
> "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
>
>
> ED_PRI CAN-2000-0403 1
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0404
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: MS:MS00-036
> Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
> Reference: BID:1262
> Reference: URL:http://www.securityfocus.com/bid/1262
>
> The CIFS Computer Browser service allows remote attackers to cause a
> denial of service by sending a ResetBrowser frame to the Master
> Browser, aka the "ResetBrowser Frame" vulnerability.
>
>
> ED_PRI CAN-2000-0404 1
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0441
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: IBM:ERS-OAR-E01-2000:087.1
> Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html
> Reference: BID:1241
> Reference: URL:http://www.securityfocus.com/bid/1241
>
> Vulnerability in AIX 3.2.x and 4.x allows local users to gain write
> access to files on locally or remotely mounted AIX filesystems.
>
>
> ED_PRI CAN-2000-0441 1
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0455
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: NAI:20000529 Initialized Data Overflow in Xlock
> Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp
> Reference: NETBSD:NetBSD-SA2000-003
> Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc
> Reference: TURBO:TLSA2000012-1
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html
> Reference: BID:1267
> Reference: URL:http://www.securityfocus.com/bid/1267
> Reference: XF:xlock-bo-read-passwd
>
> Buffer overflow in xlockmore xlock program version 4.16 and earlier
> allows local users to read sensitive data from memory via a long -mode
> option.
>
>
> ED_PRI CAN-2000-0455 1
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0456
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: NETBSD:NetBSD-SA2000-005
> Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc
> Reference: BID:1272
> Reference: URL:http://www.securityfocus.com/bid/1272
> Reference: XF:bsd-syscall-cpu-dos
>
> NetBSD 1.4.2 and earlier allows local users to cause a denial of
> service by repeatedly running certain system calls in the kernel which
> do not yield the CPU, aka "cpu-hog".
>
>
> ED_PRI CAN-2000-0456 1
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0461
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: OPENBSD:20000526
> Reference: URL:http://www.openbsd.org/errata26.html#semconfig
> Reference: NETBSD:NetBSD-SA2000-004
> Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
> Reference: FREEBSD:FreeBSD-SA-00:19
> Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
> Reference: BID:1270
> Reference: URL:http://www.securityfocus.com/bid/1270
>
> The undocumented semconfig system call in BSD freezes the state of
> semaphores, which allows local users to cause a denial of service of
> the semaphore system by using the semconfig call.
>
>
> ED_PRI CAN-2000-0461 1
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0462
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: NETBSD:NetBSD-SA2000-006
> Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc
> Reference: BID:1273
> Reference: URL:http://www.securityfocus.com/bid/1273
>
> ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot
> and does not chroot the specified users, which allows those users to
> access other files outside of their home directory.
>
>
> ED_PRI CAN-2000-0462 1
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0431
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3
> Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
> Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
> Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
> Reference: BID:1238
> Reference: URL:http://www.securityfocus.com/bid/1238
> Reference: XF:cobalt-cgiwrap-bypass
>
> Cobalt RaQ2 and RaQ3 does not properly set the access permissions and
> ownership for files that are uploaded via FrontPage, which allows
> attackers to bypass cgiwrap and modify files.
>
>
> ED_PRI CAN-2000-0431 2
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0437
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
> Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
> Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html
> Reference: XF:gauntlet-cyberdaemon-bo
> Reference: BID:1234
> Reference: URL:http://www.securityfocus.com/bid/1234
>
> Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in
> gauntlet and WebShield allows remote attackers to cause a denial of
> service or execute arbitrary commands.
>
>
> ED_PRI CAN-2000-0437 2
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0438
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000522 fdmount buffer overflow
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html
> Reference: XF:linux-fdmount-bo
> Reference: BID:1239
> Reference: URL:http://www.securityfocus.com/bid/1239
>
> Buffer overflow in fdmount on Linux systems allows local users in the
> "floppy" group to execute arbitrary commands via a long mountpoint
> parameter.
>
>
> ED_PRI CAN-2000-0438 2
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0442
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html
> Reference: BID:1242
> Reference: URL:http://www.securityfocus.com/bid/1242
> Reference: XF:qualcomm-qpopper-euidl
>
> Qpopper 2.53 and earlier allows local users to gain privileges via a
> formatting string in the From: header, which is processed by the euidl
> command.
>
>
> ED_PRI CAN-2000-0442 2
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0454
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html
> Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html
> Reference: BID:1265
> Reference: URL:http://www.securityfocus.com/bid/1265
> Reference: XF:linux-cdrecord-execute
>
> Buffer overflow in Linux cdrecord allows local users to gain
> privileges via the dev parameter.
>
>
> ED_PRI CAN-2000-0454 2
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0460
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
> Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html
> Reference: BID:1274
> Reference: URL:http://www.securityfocus.com/bid/1274
>
> Buffer overflow in kdesud on Mandrake Linux allows local uses to gain
> privileges via a long DISPLAY environmental variable.
>
>
> ED_PRI CAN-2000-0460 2
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0396
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
> Reference: BID:1245
> Reference: URL:http://www.securityfocus.com/bid/1245
> Reference: XF:carello-file-duplication
>
> The add.exe program in the Carello shopping cart software allows
> remote attackers to duplicate files on the server, which could allow
> the attacker to read source code for web scripts such as .ASP files.
>
>
> ED_PRI CAN-2000-0396 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0398
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html
> Reference: BID:1244
> Reference: URL:http://www.securityfocus.com/bid/1244
> Reference: XF:mailsite-get-overflow
>
> Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent
> allows remote attackers to execute arbitrary commands via a long
> query_string parameter in the HTTP GET request.
>
>
> ED_PRI CAN-2000-0398 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0399
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html
> Reference: XF:deerfield-mdaemon-dos
> Reference: BID:1250
> Reference: URL:http://www.securityfocus.com/bid/1250
>
> Buffer overflow in MDaemon POP server allows remote attackers to cause
> a denial of service via a long user name.
>
>
> ED_PRI CAN-2000-0399 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0401
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000525 Alert: PDG Cart Overflows
> Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95928319715983&w=2
> Reference: NTBUGTRAQ:20000525 Alert: PDG Cart Overflows
> Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95928667119963&w=2
> Reference: CONFIRM:http://www.pdgsoft.com/Security/security2.html
> Reference: BID:1256
> Reference: URL:http://www.securityfocus.com/bid/1256
>
> Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping
> cart allow remote attackers to execute arbitrary commands via a long
> query string.
>
>
> ED_PRI CAN-2000-0401 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0418
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
> Reference: XF:cayman-dsl-dos
> Reference: BID:1240
> Reference: URL:http://www.securityfocus.com/bid/1240
>
> The Cayman 3220-H DSL router allows remote attackers to cause a denial
> of service via oversized ICMP echo (ping) requests.
>
>
> ED_PRI CAN-2000-0418 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0443
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html
> Reference: XF:hp-jetadmin-directory-traversal
> Reference: BID:1243
> Reference: URL:http://www.securityfocus.com/bid/1243
>
> The web interface server in HP Web JetAdmin 5.6 allows remote
> attackers to read arbitrary files via a .. (dot dot) attack.
>
>
> ED_PRI CAN-2000-0443 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0444
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 6.0 Remote DoS attack Vulnerability
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0277.html
> Reference: XF:hp-jetadmin-malformed-url-dos
> Reference: BID:1246
> Reference: URL:http://www.securityfocus.com/bid/1246
>
> HP Web JetAdmin 6.0 allows remote attackers to cause a denial of
> service via a malformed URL to port 8000.
>
>
> ED_PRI CAN-2000-0444 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0445
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html
> Reference: BID:1251
> Reference: URL:http://www.securityfocus.com/bid/1251
>
> The pgpk command in PGP 5.x on Unix systems uses an insufficiently
> random data source for non-interactive key pair generation, which
> may produce predictable keys.
>
>
> ED_PRI CAN-2000-0445 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0446
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000524 Remote xploit for MDBMS
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html
> Reference: XF:mdbms-bo
> Reference: BID:1252
> Reference: URL:http://www.securityfocus.com/bid/1252
>
> Buffer overflow in MDBMS database server allows remote attackers to
> execute arbitrary commands via a long string.
>
>
> ED_PRI CAN-2000-0446 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0447
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
> Reference: XF:nai-webshield-bo
> Reference: BID:1254
> Reference: URL:http://www.securityfocus.com/bid/1254
>
> Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to
> execute arbitrary commands via a long configuration parameter to the
> WebShield remote management service.
>
>
> ED_PRI CAN-2000-0447 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0448
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
> Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
> Reference: XF:nai-webshield-config-mod
> Reference: BID:1253
> Reference: URL:http://www.securityfocus.com/bid/1253
>
> The WebShield SMTP Management Tool version 4.5.44 does not properly
> restrict access to the management port when an IP address does not
> resolve to a hostname, which allows remote attackers to access the
> configuration via the GET_CONFIG command.
>
>
> ED_PRI CAN-2000-0448 3
>
>
> VOTE: ACCEPT
>
> =================================
> Candidate: CAN-2000-0449
> Published:
> Final-Decision:
> Interim-Decision:
> Modified:
> Proposed: 20000615
> Assigned: 20000614
> Category: SF
> Reference: BUGTRAQ:20000525 Omnis Weak Encryption - Many products affected
> Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0311.html
> Reference: BID:1255
> Reference: URL:http://www.securityfocus.com/bid/1255
>
> Omnis Studio 2.4 uses weak encryption (trivial encoding) for
> encrypting database fields.
>
>
> ED_PRI CAN-2000-0449 3
>
>
> VOTE: ACCEPT
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum