[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[INTERIM] ACCEPT 67 very recent candidates (Final 7/12)



I have made an Interim Decision to ACCEPT the following 67 candidates
from the RECENT-18 through RECENT-21 clusters.  I will make a Final
Decision on July 12.

These candidates took approximately 0.8 months from proposal to
Interim Decision, with an average of 1.7 months from initial public
announcement to Interim Decision.  Some candidates received 6 or 7
votes, which is quite rare (if it ever happened before).

These include most of the first candidates whose initial public
announcment identified the candidate number (what I'm calling
"pre-publication candidate assignment").  They are CAN-2000-0249,
CAN-2000-0303, CAN-2000-0304, CAN-2000-0305, CAN-2000-0350, and
CAN-2000-0376.

The breakdown by cluster is as follows:

   5 RECENT-18
  17 RECENT-19
  25 RECENT-20
  20 RECENT-21


Voters:
  Wall ACCEPT(11) NOOP(39)
  Levy ACCEPT(60) MODIFY(7)
  LeBlanc ACCEPT(5) NOOP(20)
  Ozancin ACCEPT(31) MODIFY(2) NOOP(8) REVIEWING(1)
  Cole ACCEPT(23) NOOP(44)
  Stracener ACCEPT(55) MODIFY(10)
  Frech ACCEPT(40) MODIFY(27)
  Northcutt ACCEPT(3)
  Christey NOOP(8)
  Armstrong NOOP(5)
  Prosser ACCEPT(10) MODIFY(3) NOOP(4)



=================================
Candidate: CAN-2000-0249
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000425
Category: SF
Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program
Reference: URL:http://xforce.iss.net/alerts/advise47.php3
Reference: IBM:ERS-OAR-E01-2000:075.1
Reference: BID:1152
Reference: URL:http://www.securityfocus.com/bid/1152

The AIX Fast Response Cache Accelerator (FRCA) allows local users to
modify arbitrary files via the configuration capability in the
frcactrl program.

Modifications:
  ADDREF BID:1152
  ADDREF IBM:ERS-OAR-E01-2000:075.1

INFERRED ACTION: CAN-2000-0249 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(3) Levy, Prosser, Frech
   NOOP(3) Christey, Cole, Ozancin

Comments:
 Christey> ADDREF BID:1152
   URL:http://www.securityfocus.com/bid/1152
 Levy> Reference: BID 1152
 Prosser> add source IBM ERS-OAR-E01-2000:075.1,
   http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/8525680F006
   B9445852568CE0055C78A/$file/oar075.txt
   Actually just a repeat of the X-Force Bulletin but provides vendor
   confirmation.
 Frech> XF:aix-frcactrl


=================================
Candidate: CAN-2000-0303
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000503
Category: SF
Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
Reference: URL:http://xforce.iss.net/alerts/advise50.php3
Reference: CONFIRM:http://www.quake3arena.com/news/index.html
Reference: BID:1169
Reference: XF:quake3-auto-download

Quake3 Arena allows malicious server operators to read or modify
files on a client via a dot dot (..) attack.

Modifications:
  ADDREF BID:1169
  ADDREF XF:quake3-auto-download

INFERRED ACTION: CAN-2000-0303 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Levy, Frech
   NOOP(3) Cole, Wall, Armstrong

Comments:
 Levy> Reference: BID 1169
 Frech> XF:quake3-auto-download


=================================
Candidate: CAN-2000-0304
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-02
Proposed: 20000518
Assigned: 20000508
Category: SF
Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
Reference: URL:http://xforce.iss.net/alerts/advise52.php3
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/Downloads/Release.asp?ReleaseID=20905
Reference: BID:1191
Reference: XF:iis-authchangeurl-dos

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory
installed allows a remote attacker to cause a denial of service via a
malformed request to the inetinfo.exe program, aka the "Undelimited
.HTR Request" vulnerability.

Modifications:
  ADDREF BID:1191
  ADDREF XF:iis-authchangeurl-dos

INFERRED ACTION: CAN-2000-0304 ACCEPT (4 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Wall
   MODIFY(2) Levy, Frech
   NOOP(2) Christey, Armstrong

Comments:
 Levy> Reference: BID 1191
 Christey> Say this is the "Undelimited .HTR Request" vulnerability,
   and change "servoce" to "service"
 Frech> XF:iis-ism-file-access
   In the description, please end the sentence with a period. :-)


=================================
Candidate: CAN-2000-0305
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000509
Category: SF
Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240
Reference: MS:MS00-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-029.asp
Reference: BID:1236
Reference: URL:http://www.securityfocus.com/bid/1236
Reference: XF:ip-fragment-reassembly-dos

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal
Server systems allow a remote attacker to cause a denial of service by
sending a large number of identical fragmented IP packets, aka jolt2
or the "IP Fragment Reassembly" vulnerability.

INFERRED ACTION: CAN-2000-0305 ACCEPT (7 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(7) LeBlanc, Wall, Cole, Frech, Levy, Stracener, Ozancin


=================================
Candidate: CAN-2000-0342
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
Reference: BID:1157
Reference: URL:http://www.securityfocus.com/bid/1157
Reference: XF:eudora-warning-message

Eudora 4.x allows remote attackers to bypass the user warning for
executable attachments such as .exe, .com, and .bat by using a .lnk
file that refers to the attachment, aka "Stealth Attachment."

Modifications:
  ADDREF XF:eudora-warning-message
  DESC Add "Stealth Attachment" phrase

INFERRED ACTION: CAN-2000-0342 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Cole, Levy
   MODIFY(1) Frech
   NOOP(3) Wall, Christey, Armstrong

Comments:
 Christey> Add "Stealth Attachment" phrase to description to support
   lookup, along with affected extensions (.exe, .com, .bat)
   ADDREF XF:eudora-warning-message
 Frech> XF:eudora-warning-message


=================================
Candidate: CAN-2000-0346
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com
Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
Reference: XF:macos-appleshare-invalid-range
Reference: BID:1162
Reference: URL:http://www.securityfocus.com/bid/1162

AppleShare IP 6.1 and later allows a remote attacker to read
potentially sensitive information via an invalid range request to the
web server.

Modifications:
  ADDREF XF:macos-appleshare-invalid-range
  DESC Add period.

INFERRED ACTION: CAN-2000-0346 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(3) Cole, Wall, Armstrong

Comments:
 Frech> XF:macos-appleshare-invalid-range
   End sentence with a period.


=================================
Candidate: CAN-2000-0350
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000516
Category: SF
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/
Reference: BID:1216
Reference: XF:netice-icecap-alert-execute
Reference: XF:netice-icecap-default

A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is
enabled, which allows a remote attacker to bypass the weak
authentication and post unencrypted events.

Modifications:
  ADDREF BID:1216
  ADDREF XF:netice-icecap-alert-execute
  ADDREF XF:netice-icecap-default

INFERRED ACTION: CAN-2000-0350 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Levy, Frech
   NOOP(3) Cole, Wall, Armstrong

Comments:
 Levy> Reference: BID 1216
 Frech> XF:netice-icecap-alert-execute
   XF:netice-icecap-default
   (I may already have voted on this one, but just in case.)


=================================
Candidate: CAN-2000-0376
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000606
Category: SF
Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software
Reference: BID:1324
Reference: XF:idrive-filo-bo

Buffer overflow in the HTTP proxy server for the i-drive Filo software
allows remote attackers to execute arbitrary commands via a long HTTP
GET request.

Modifications:
  ADDREF BID:1324
  ADDREF XF:idrive-filo-bo

INFERRED ACTION: CAN-2000-0376 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(1) Stracener
   MODIFY(2) Frech, Levy
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:idrive-filo-bo
 Levy> Reference: BID 1324


=================================
Candidate: CAN-2000-0377
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000608
Category: SF
Reference: MS:MS00-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-040.asp
Reference: MSKB:Q264684
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684
Reference: XF:nt-registry-request-dos
Reference: BID:1331
Reference: URL:http://www.securityfocus.com/bid/1331

The Remote Registry server in Windows NT 4.0 allows local
authenticated users to cause a denial of service via a malformed
request, which causes the winlogon process to fail, aka the "Remote
Registry Access Authentication" vulnerability.

Modifications:
  ADDREF XF:nt-registry-request-dos
  ADDREF BID:1331
  ADDREF MSKB:Q264684

INFERRED ACTION: CAN-2000-0377 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(2) Wall, Cole
   MODIFY(3) Frech, Levy, Stracener
   NOOP(1) Christey

Comments:
 Frech> XF:nt-registry-request-dos
 Levy> Reference: BID 1331
 Stracener> AddRef: MS: MSKB Q264684
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=264684
 Christey> ADDREF BID:1331
   URL:http://www.securityfocus.com/bid/1331


=================================
Candidate: CAN-2000-0379
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com
Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
Reference: BID:1177
Reference: URL:http://www.securityfocus.com/bid/1177
Reference: XF:netopia-snmp-comm-strings

The Netopia R9100 router does not prevent authenticated users from
modifying SNMP tables, even if the administrator has configured it to
do so.

INFERRED ACTION: CAN-2000-0379 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech
   NOOP(1) Cole


=================================
Candidate: CAN-2000-0380
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
Reference: XF:cisco-ios-http-dos
Reference: BID:1154

The IOS HTTP service in Cisco routers and switches running IOS 11.1
through 12.1 allows remote attackers to cause a denial of service by
requesting a URL that contains a %% string.

Modifications:
  ADDREF BID:1154

INFERRED ACTION: CAN-2000-0380 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Cole, Ozancin, Prosser, Stracener, Frech
   MODIFY(1) Levy

Comments:
 Levy> Reference BID 1154


=================================
Candidate: CAN-2000-0381
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Reference: XF:http-cgi-dbman-db
Reference: BID:1178
Reference: URL:http://www.securityfocus.com/bid/1178

The Gossamer Threads DBMan db.cgi CGI script allows remote attackers
to view environmental variables and setup information by referencing a
non-existing database in the db parameter.

INFERRED ACTION: CAN-2000-0381 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Levy, Prosser, Stracener, Frech
   NOOP(2) Cole, Ozancin


=================================
Candidate: CAN-2000-0382
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: ALLAIRE:ASB00-12
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full
Reference: BID:1179
Reference: URL:http://www.securityfocus.com/bid/1179
Reference: XF:allaire-clustercats-url-redirect

ColdFusion ClusterCATS appends stale query string arguments to a URL
during HTML redirection, which may provide sensitive information to
the redirected site.

INFERRED ACTION: CAN-2000-0382 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech
   NOOP(1) Cole


=================================
Candidate: CAN-2000-0387
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:16
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc
Reference: BID:1184
Reference: URL:http://www.securityfocus.com/bid/1184

The makelev program in the golddig game from the FreeBSD ports
collection allows local users to overwrite arbitrary files.

INFERRED ACTION: CAN-2000-0387 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Ozancin, Stracener
   MODIFY(1) Frech
   NOOP(2) Cole, Prosser

Comments:
 Frech> XF:golddig-overwrite-files


=================================
Candidate: CAN-2000-0388
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:17
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc
Reference: BID:1185
Reference: URL:http://www.securityfocus.com/bid/1185
Reference: XF:libmytinfo-bo

Buffer overflow in FreeBSD libmytinfo library allows local users to
execute commands via a long TERMCAP environmental variable.

INFERRED ACTION: CAN-2000-0388 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech


=================================
Candidate: CAN-2000-0389
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000-025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krb-rd-req-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows
remote attackers to gain root privileges.

Modifications:
  ADDREF REDHAT:RHSA-2000-025

INFERRED ACTION: CAN-2000-0389 ACCEPT (5 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Levy, Ozancin
   MODIFY(1) Stracener
   NOOP(2) LeBlanc, Wall

Comments:
 Stracener> AddRef: REDHAT:RHSA-2000-025
   AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html


=================================
Candidate: CAN-2000-0390
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000-025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: XF:kerberos-krb425-conv-principal-bo

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows
remote attackers to gain root privileges.

Modifications:
  ADDREF REDHAT:RHSA-2000-025

INFERRED ACTION: CAN-2000-0390 ACCEPT (6 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(5) Northcutt, Cole, Frech, Levy, Ozancin
   MODIFY(1) Stracener
   NOOP(2) LeBlanc, Wall

Comments:
 Stracener> AddRef: REDHAT:RHSA-2000-025
   AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html


=================================
Candidate: CAN-2000-0391
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000-025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krshd-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain
root privileges.

Modifications:
  ADDREF REDHAT:RHSA-2000-025
  ADDREF XF:kerberos-krshd-bo

INFERRED ACTION: CAN-2000-0391 ACCEPT (6 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Northcutt, Cole, Levy, Ozancin
   MODIFY(2) Frech, Stracener
   NOOP(2) LeBlanc, Wall

Comments:
 Frech> XF:kerberos-krshd-bo
 Stracener> AddRef: REDHAT:RHSA-2000-025
   AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html


=================================
Candidate: CAN-2000-0392
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000-025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-ksu-bo
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220

Buffer overflow in ksu in Kerberos 5 allows local users to gain root
privileges.

Modifications:
  ADDREF REDHAT:RHSA-2000-025

INFERRED ACTION: CAN-2000-0392 ACCEPT (5 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Levy, Ozancin
   MODIFY(1) Stracener
   NOOP(2) LeBlanc, Wall

Comments:
 Stracener> AddRef: REDHAT:RHSA-2000-025
   AddRef: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html


=================================
Candidate: CAN-2000-0393
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 kscd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html
Reference: SUSE:20000529 kmulti <= 1.1.2
Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_50.txt
Reference: XF:kscd-shell-env-variable
Reference: BID:1206
Reference: URL:http://www.securityfocus.com/bid/1206

The KDE kscd program does not drop privileges when executing a program
specified in a user's SHELL environmental variable, which allows the
user to gain privileges by specifying an alternate program to execute.

INFERRED ACTION: CAN-2000-0393 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0394
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95878603510835&w=2
Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com
Reference: XF:axent-netprowler-ipfrag-dos
Reference: BID:1225
Reference: URL:http://www.securityfocus.com/bid/1225

NetProwler 3.0 allows remote attackers to cause a denial of service by
sending malformed IP packets that trigger NetProwler's
Man-in-the-Middle signature.

INFERRED ACTION: CAN-2000-0394 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0395
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org
Reference: XF:cproxy-http-dos
Reference: BID:1213
Reference: URL:http://www.securityfocus.com/bid/1213

Buffer overflow in CProxy 3.3 allows remote users to cause a denial of
service via a long HTTP request.

INFERRED ACTION: CAN-2000-0395 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0396
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
Reference: BID:1245
Reference: URL:http://www.securityfocus.com/bid/1245
Reference: XF:carello-file-duplication

The add.exe program in the Carello shopping cart software allows
remote attackers to duplicate files on the server, which could allow
the attacker to read source code for web scripts such as .ASP files.

INFERRED ACTION: CAN-2000-0396 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0397
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html
Reference: XF:emurl-account-access
Reference: BID:1203
Reference: URL:http://www.securityfocus.com/bid/1203

The EMURL web-based email account software encodes predictable
identifiers in user session URLs, which allows a remote attacker to
access a user's email account.

INFERRED ACTION: CAN-2000-0397 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0398
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html
Reference: BID:1244
Reference: URL:http://www.securityfocus.com/bid/1244
Reference: XF:mailsite-get-overflow

Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent
allows remote attackers to execute arbitrary commands via a long
query_string parameter in the HTTP GET request.

INFERRED ACTION: CAN-2000-0398 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0399
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html
Reference: XF:deerfield-mdaemon-dos
Reference: BID:1250
Reference: URL:http://www.securityfocus.com/bid/1250

Buffer overflow in MDaemon POP server allows remote attackers to cause
a denial of service via a long user name.

INFERRED ACTION: CAN-2000-0399 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0402
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-035.asp
Reference: MSKB:Q263968
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968
Reference: BID:1281
Reference: URL:http://www.securityfocus.com/bid/1281
Reference: XF:mssql-agent-stored-pw
Reference: XF:mssql-sa-pw-in-sqlsplog

The Mixed Mode authentication capability in Microsoft SQL Server 7.0
stores the System Administrator (sa) account in plaintext in a log
file which is readable by any user, aka the "SQL Server 7.0 Service
Pack Password" vulnerability.

Modifications:
  ADDREF XF:mssql-sa-pw-in-sqlsplog
  ADDREF MSKB:Q263968

INFERRED ACTION: CAN-2000-0402 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Levy, Stracener
   MODIFY(1) Frech

Comments:
 Frech> ADDREF XF:mssql-sa-pw-in-sqlsplog
 Stracener> AddRef: MS: MSKB Q263968
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=263968


=================================
Candidate: CAN-2000-0403
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: MSKB:Q263307
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307
Reference: XF:win-browser-hostannouncement
Reference: BID:1261
Reference: URL:http://www.securityfocus.com/bid/1261

The CIFS Computer Browser service on Windows NT 4.0 allows a remote
attacker to cause a denial of service by sending a large number of
host announcement requests to the master browse tables, aka the
"HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.

Modifications:
  ADDREF MSKB:Q263307

INFERRED ACTION: CAN-2000-0403 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) Wall, Cole, Frech, Levy, Stracener

Comments:
 Stracener> AddRef: MS: MSKB Q263307
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=263307


=================================
Candidate: CAN-2000-0404
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-036.asp
Reference: MSKB:Q262694
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694
Reference: BID:1262
Reference: URL:http://www.securityfocus.com/bid/1262
Reference: XF:win-browser-reset-frame

The CIFS Computer Browser service allows remote attackers to cause a
denial of service by sending a ResetBrowser frame to the Master
Browser, aka the "ResetBrowser Frame" vulnerability.

Modifications:
  ADDREF XF:win-browser-reset-frame
  ADDREF MSKB:Q262694

INFERRED ACTION: CAN-2000-0404 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) Wall, Cole, Levy, Stracener
   MODIFY(1) Frech

Comments:
 Frech> XF:win-browser-reset-frame
 Stracener> AddRef: MS: MSKB Q262694
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=262694


=================================
Candidate: CAN-2000-0405
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow
Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt
Reference: BID:1207
Reference: URL:http://www.securityfocus.com/bid/1207
Reference: XF:antisniff-dns-overflow

Buffer overflow in L0pht AntiSniff allows remote attackers to execute
arbitrary commands via a malformed DNS response packet.

INFERRED ACTION: CAN-2000-0405 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Cole, Frech, Levy, Stracener, Ozancin
   NOOP(2) LeBlanc, Wall


=================================
Candidate: CAN-2000-0406
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: XF:netscape-invalid-ssl-sessions
Reference: CERT:CA-2000-05
Reference: URL:http://www.cert.org/advisories/CA-2000-05.html
Reference: REDHAT:RHSA-2000:028-02
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html
Reference: BID:1188
Reference: URL:http://www.securityfocus.com/bid/1188

Netscape Communicator before version 4.73 and Navigator 4.07 do not
properly validate SSL certificates, which allows remote attackers to
steal information by redirecting traffic from a legitimate web server
to their own malicious server, aka the "Acros-Suencksen SSL"
vulnerability.

INFERRED ACTION: CAN-2000-0406 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(6) Wall, Cole, Frech, Levy, Stracener, Ozancin
   NOOP(1) LeBlanc


=================================
Candidate: CAN-2000-0407
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html
Reference: XF:sol-netpr-bo
Reference: BID:1200
Reference: URL:http://www.securityfocus.com/bid/1200

Buffer overflow in Solaris netpr program allows local users to execute
arbitrary commands via a long -p option.

INFERRED ACTION: CAN-2000-0407 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Northcutt, Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0408
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MISC:http://www.ussrback.com/labs40.html
Reference: MS:MS00-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-030.asp
Reference: MSKB:Q260205
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205
Reference: XF:iis-url-extension-data-dos
Reference: BID:1190
Reference: URL:http://www.securityfocus.com/bid/1190

IIS 4.05 and 5.0 allow remote attackers to cause a denial of service
via a long, complex URL that appears to contain a large number of file
extensions, aka the "Malformed Extension Data in URL" vulnerability.

Modifications:
  DELREF XF:iis-malformed-information-extension
  ADDREF MSKB:Q260205

INFERRED ACTION: CAN-2000-0408 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) LeBlanc, Wall, Cole, Levy
   MODIFY(2) Frech, Stracener
   NOOP(1) Ozancin

Comments:
 Frech> DELREF: XF:iis-malformed-information-extension (obsolete; points to
   iis-url-extension-data-dos)
 Stracener> AddRef: MS:MSKB Q260205
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=260205


=================================
Candidate: CAN-2000-0409
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html
Reference: BID:1201
Reference: URL:http://www.securityfocus.com/bid/1201
Reference: XF:netscape-import-certificate-symlink

Netscape 4.73 and earlier follows symlinks when it imports a new
certificate, which allows local users to overwrite files of the user
importing the certificate.

INFERRED ACTION: CAN-2000-0409 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Levy, Ozancin, Stracener, Frech
   NOOP(2) Cole, Prosser


=================================
Candidate: CAN-2000-0410
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843
Reference: XF:coldfusion-cfcache-dos
Reference: BID:1192
Reference: URL:http://www.securityfocus.com/bid/1192

Cold Fusion Server 4.5.1 allows remote attackers to cause a denial of
service by making repeated requests to a CFCACHE tagged cache file
that is not stored in memory.

INFERRED ACTION: CAN-2000-0410 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Stracener, Frech
   MODIFY(1) Prosser
   NOOP(2) Cole, Ozancin

Comments:
 Prosser> add source Security BugWare
   http://161.53.42.3/~crv/security/bugs/NT/cf12.html
 Frech> In description, product name is ColdFusion (one word, uppercase F).


=================================
Candidate: CAN-2000-0411
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
Reference: XF:http-cgi-formmail-environment
Reference: BID:1187
Reference: URL:http://www.securityfocus.com/bid/1187

Matt Wright's FormMail CGI script allows remote attackers to obtain
environmental variables via the env_report parameter.

INFERRED ACTION: CAN-2000-0411 ACCEPT (5 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(5) Levy, Ozancin, Prosser, Stracener, Frech
   NOOP(1) Cole


=================================
Candidate: CAN-2000-0414
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: HP:HPSBUX0005-113
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html
Reference: XF:hp-shutdown-privileges
Reference: BID:1214
Reference: URL:http://www.securityfocus.com/bid/1214

Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows
local users to gain privileges via malformed input variables.

Modifications:
  DESC wording change

INFERRED ACTION: CAN-2000-0414 ACCEPT (5 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Levy, Prosser, Stracener, Frech
   MODIFY(1) Ozancin
   NOOP(2) Cole, Christey

Comments:
 Ozancin> Change: "shutdown command in HP-UX 11.X and 10.X" to "shutdown command for
   HP-UX 11.X and 10.X"
 Prosser> comment:  another link for the HP Bulletins and Patches is
   the IT Resource Center @ http://itrc.hp.com
 Christey> Due to the difficulties in forming a URL that reliably
   points to an HP advisory for any user, alternate URL's that
   are easier to access may be provided.  Unlike other
   vendor advisory collections, HP's web site requires
   user registration and generates unique ID's for each
   session, which makes it impossible to bookmark and access
   for future reference.


=================================
Candidate: CAN-2000-0416
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000511 NTMail Proxy Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net
Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
Reference: XF:ntmail-bypass-proxy
Reference: BID:1196
Reference: URL:http://www.securityfocus.com/bid/1196

NTMail 5.x allows network users to bypass the NTMail proxy
restrictions by redirecting their requests to NTMail's web
configuration server.

Modifications:
  ADDREF CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
  ADDREF XF:ntmail-bypass-proxy

INFERRED ACTION: CAN-2000-0416 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(5) LeBlanc, Wall, Cole, Christey, Ozancin

Comments:
 Stracener> FYI, here is the message referred to in the bugtraq post:
   http://www.gordano.com/support/archives/ntmail/2000-05/00001106.htm
 Christey> Actual confirmation is at:
   http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
 Frech> XF:ntmail-bypass-proxy


=================================
Candidate: CAN-2000-0417
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: BID:1219
Reference: URL:http://www.securityfocus.com/bid/1219

The HTTP administration interface to the Cayman 3220-H DSL router
allows remote attackers to cause a denial of service via a long
username or password.

INFERRED ACTION: CAN-2000-0417 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Ozancin, Stracener
   MODIFY(1) Frech
   NOOP(2) Cole, Prosser

Comments:
 Frech> XF:cayman-router-dos


=================================
Candidate: CAN-2000-0418
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-dsl-dos
Reference: BID:1240
Reference: URL:http://www.securityfocus.com/bid/1240

The Cayman 3220-H DSL router allows remote attackers to cause a denial
of service via oversized ICMP echo (ping) requests.

INFERRED ACTION: CAN-2000-0418 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0419
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-034.asp
Reference: MSKB:Q262767
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767
Reference: BID:1197
Reference: URL:http://www.securityfocus.com/bid/1197
Reference: XF:office-ua-control

The Office 2000 UA ActiveX Control is marked as "safe for scripting,"
which allows remote attackers to conduct unauthorized activities via
the "Show Me" function in Office Help, aka the "Office 2000 UA
Control" vulnerability.

Modifications:
  ADDREF MSKB:Q262767
  ADDREF XF:office-ua-control

INFERRED ACTION: CAN-2000-0419 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) LeBlanc, Wall, Levy, Ozancin
   MODIFY(2) Frech, Stracener
   NOOP(1) Cole

Comments:
 Frech> XF:office-ua-control
 Stracener> AddRef: MS:MSKB Q262767
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=262767


=================================
Candidate: CAN-2000-0421
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html
Reference: XF:bugzilla-unchecked-system-call
Reference: BID:1199
Reference: URL:http://www.securityfocus.com/bid/1199

The process_bug.cgi script in Bugzilla allows remote attackers to
execute arbitrary commands via shell metacharacters.

Modifications:
  DESC fix typo
  ADDREF XF:bugzilla-unchecked-system-call

INFERRED ACTION: CAN-2000-0421 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Ozancin
   MODIFY(2) Stracener, Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Stracener> "...shell metacharacters"
 Frech> XF:bugzilla-unchecked-system-call


=================================
Candidate: CAN-2000-0424
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil
Reference: BID:1202
Reference: URL:http://www.securityfocus.com/bid/1202
Reference: XF:http-cgi-burgyan-counter

The CGI counter 4.0.7 by George Burgyan allows remote attackers to
execute arbitrary commands via shell metacharacters.

Modifications:
  ADDREF XF:http-cgi-burgyan-counter
  CHANGEREF BUGTRAQ [add subject]

INFERRED ACTION: CAN-2000-0424 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:http-cgi-burgyan-counter


=================================
Candidate: CAN-2000-0425
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html
Reference: XF:http-cgi-listserv-wa-bo
Reference: BID:1167
Reference: URL:http://www.securityfocus.com/bid/1167

Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8
allows remote attackers to execute arbitrary commands.

INFERRED ACTION: CAN-2000-0425 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(5) Cole, Levy, Ozancin, Stracener, Frech
   MODIFY(1) Prosser

Comments:
 Prosser> add source:
   Lsoft Security Advisory 5,May 2000
   http://www.lsoft.com/news/Advisory0.asp


=================================
Candidate: CAN-2000-0427
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: unknown
Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack
Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt
Reference: XF:aladdin-etoken-pin-reset
Reference: BID:1170
Reference: URL:http://www.securityfocus.com/bid/1170

The Aladdin Knowledge Systems eToken device allows attackers with
physical access to the device to obtain sensitive information without
knowing the PIN of the owner by resetting the PIN in the EEPROM.

Modifications:
  DESC fix typo

INFERRED ACTION: CAN-2000-0427 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Stracener, Frech
   MODIFY(1) Ozancin
   NOOP(2) Cole, Prosser

Comments:
 Ozancin> Change: "resetting the PIN the EEPROM" to "resetting the PIN in the EEPROM"


=================================
Candidate: CAN-2000-0428
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp
Reference: BID:1168
Reference: URL:http://www.securityfocus.com/bid/1168
Reference: XF:interscan-viruswall-bo

Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and
earlier allows a remote attacker to execute arbitrary commands via a
long filename for a uuencoded attachment.

INFERRED ACTION: CAN-2000-0428 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech


=================================
Candidate: CAN-2000-0431
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522  Problem with FrontPage on Cobalt RaQ2/RaQ3
Reference: http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Reference: BID:1238
Reference: URL:http://www.securityfocus.com/bid/1238
Reference: XF:cobalt-cgiwrap-bypass

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and
ownership for files that are uploaded via FrontPage, which allows
attackers to bypass cgiwrap and modify files.

INFERRED ACTION: CAN-2000-0431 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0432
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html
Reference: BID:1215
Reference: URL:http://www.securityfocus.com/bid/1215
Reference: XF:http-cgi-calendar-execute

The calender.pl and the calendar_admin.pl calendar scripts by Matt
Kruse allow remote attackers to execute arbitrary commands via shell
metacharacters.

Modifications:
  ADDREF XF:http-cgi-calendar-execute

INFERRED ACTION: CAN-2000-0432 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:http-cgi-calendar-execute


=================================
Candidate: CAN-2000-0435
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
Reference: XF:http-cgi-allmanage-account-access
Reference: BID:1217
Reference: URL:http://www.securityfocus.com/bid/1217

The allmanageup.pl file upload CGI script in the Allmanage Website
administration software 2.6 can be called directly by remote
attackers, which allows them to modify user accounts or web pages.

Modifications:
  ADDREF XF:http-cgi-allmanage-account-access

INFERRED ACTION: CAN-2000-0435 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:http-cgi-allmanage-account-access


=================================
Candidate: CAN-2000-0436
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html
Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html
Reference: BID:1231
Reference: URL:http://www.securityfocus.com/bid/1231
Reference: XF:offline-explorer-directory-traversal

MetaProducts Offline Explorer 1.2 and earlier allows remote attackers
to access arbitrary files via a .. (dot dot) attack.

Modifications:
  ADDREF XF:offline-explorer-directory-traversal

INFERRED ACTION: CAN-2000-0436 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(4) LeBlanc, Wall, Cole, Ozancin

Comments:
 Frech> XF:offline-explorer-directory-traversal


=================================
Candidate: CAN-2000-0437
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html
Reference: XF:gauntlet-cyberdaemon-bo
Reference: BID:1234
Reference: URL:http://www.securityfocus.com/bid/1234

Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in
gauntlet and WebShield allows remote attackers to cause a denial of
service or execute arbitrary commands.

INFERRED ACTION: CAN-2000-0437 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0438
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000522 fdmount buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html
Reference: XF:linux-fdmount-bo
Reference: BID:1239
Reference: URL:http://www.securityfocus.com/bid/1239

Buffer overflow in fdmount on Linux systems allows local users in the
"floppy" group to execute arbitrary commands via a long mountpoint
parameter.

INFERRED ACTION: CAN-2000-0438 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Levy, Stracener
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0439
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com
Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: BID:1194
Reference: URL:http://www.securityfocus.com/bid/1194
Reference: XF:ie-cookie-disclosure

Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain
client cookies from another domain by including that domain name and
escaped characters in a URL, aka the "Unauthorized Cookie Access"
vulnerability.

INFERRED ACTION: CAN-2000-0439 ACCEPT (6 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(6) Cole, Levy, Ozancin, Prosser, Stracener, Frech


=================================
Candidate: CAN-2000-0441
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: IBM:ERS-OAR-E01-2000:087.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html
Reference: BID:1241
Reference: URL:http://www.securityfocus.com/bid/1241
Reference: XF:aix-local-filesystem

Vulnerability in AIX 3.2.x and 4.x allows local users to gain write
access to files on locally or remotely mounted AIX filesystems.

Modifications:
  ADDREF XF:aix-local-filesystem

INFERRED ACTION: CAN-2000-0441 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:aix-local-filesystem


=================================
Candidate: CAN-2000-0442
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html
Reference: BID:1242
Reference: URL:http://www.securityfocus.com/bid/1242
Reference: XF:qualcomm-qpopper-euidl

Qpopper 2.53 and earlier allows local users to gain privileges via a
formatting string in the From: header, which is processed by the euidl
command.

INFERRED ACTION: CAN-2000-0442 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0452
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html
Reference: XF:lotus-domino-esmtp-bo
Reference: BID:1229
Reference: URL:http://www.securityfocus.com/bid/1229

Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1
allows remote attackers to cause a denial of service via a long MAIL
FROM command.

INFERRED ACTION: CAN-2000-0452 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(4) Frech, Levy, Stracener, Ozancin
   NOOP(3) LeBlanc, Wall, Cole


=================================
Candidate: CAN-2000-0453
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html
Reference: BID:1235
Reference: URL:http://www.securityfocus.com/bid/1235

XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a
negative counter value in a malformed TCP packet that is sent to port
6000.

INFERRED ACTION: CAN-2000-0453 ACCEPT (4 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Levy, Stracener, Ozancin
   MODIFY(1) Frech
   NOOP(3) LeBlanc, Wall, Cole

Comments:
 Frech> XF:linux-xserver-dos


=================================
Candidate: CAN-2000-0454
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html
Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html
Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html
Reference: BID:1265
Reference: URL:http://www.securityfocus.com/bid/1265
Reference: XF:linux-cdrecord-execute

Buffer overflow in Linux cdrecord allows local users to gain
privileges via the dev parameter.

Modifications:
  ADDREF BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord

INFERRED ACTION: CAN-2000-0454 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(3) Wall, Cole, Christey

Comments:
 Christey> ADDREF BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
   URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html


=================================
Candidate: CAN-2000-0455
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NAI:20000529 Initialized Data Overflow in Xlock
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp
Reference: NETBSD:NetBSD-SA2000-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc
Reference: TURBO:TLSA2000012-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html
Reference: BID:1267
Reference: URL:http://www.securityfocus.com/bid/1267
Reference: XF:xlock-bo-read-passwd

Buffer overflow in xlockmore xlock program version 4.16 and earlier
allows local users to read sensitive data from memory via a long -mode
option.

INFERRED ACTION: CAN-2000-0455 ACCEPT (3 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(2) Wall, Cole


=================================
Candidate: CAN-2000-0456
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NETBSD:NetBSD-SA2000-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc
Reference: BID:1272
Reference: URL:http://www.securityfocus.com/bid/1272
Reference: XF:bsd-syscall-cpu-dos

NetBSD 1.4.2 and earlier allows local users to cause a denial of
service by repeatedly running certain system calls in the kernel which
do not yield the CPU, aka "cpu-hog".

INFERRED ACTION: CAN-2000-0456 ACCEPT (4 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(4) Cole, Frech, Levy, Stracener
   NOOP(1) Wall


=================================
Candidate: CAN-2000-0457
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=95810120719608&w=2
Reference: MS:MS00-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-031.asp
Reference: BID:1193
Reference: URL:http://www.securityfocus.com/bid/1193

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file
contents by requesting the file and appending a large number of
encoded spaces (%20) and terminated with a .htr extension, aka the
".HTR File Fragment Reading" or "File Fragment Reading via .HTR"
vulnerability.

INFERRED ACTION: CAN-2000-0457 ACCEPT_REV (5 accept, 1 ack, 1 review)

Current Votes:
   ACCEPT(4) Cole, Levy, Prosser, Stracener
   MODIFY(1) Frech
   REVIEWING(1) Ozancin

Comments:
 Frech> XF:iis-ism-file-access


=================================
Candidate: CAN-2000-0460
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
Reference: http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html
Reference: BID:1274
Reference: URL:http://www.securityfocus.com/bid/1274
Reference: XF:kde-display-environment-overflow

Buffer overflow in KDE kdesud on Linux allows local uses to gain
privileges via a long DISPLAY environmental variable.

Modifications:
  ADDREF XF:kde-display-environment-overflow
  DESC remove Mandrake, include KDE

INFERRED ACTION: CAN-2000-0460 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(3) Wall, Cole, Christey

Comments:
 Frech> XF:kde-display-environment-overflow
 Christey> Remove Mandrake - other Linuxes are affected too - and mention
   KDE.


=================================
Candidate: CAN-2000-0461
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: OPENBSD:20000526
Reference: URL:http://www.openbsd.org/errata26.html#semconfig
Reference: NETBSD:NetBSD-SA2000-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
Reference: FREEBSD:FreeBSD-SA-00:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
Reference: XF:bsd-semaphore-dos
Reference: BID:1270
Reference: URL:http://www.securityfocus.com/bid/1270

The undocumented semconfig system call in BSD freezes the state of
semaphores, which allows local users to cause a denial of service of
the semaphore system by using the semconfig call.

Modifications:
  ADDREF XF:bsd-semaphore-dos

INFERRED ACTION: CAN-2000-0461 ACCEPT (4 accept, 3 ack, 0 review)

Current Votes:
   ACCEPT(3) Cole, Levy, Stracener
   MODIFY(1) Frech
   NOOP(1) Wall

Comments:
 Frech> XF:bsd-semaphore-dos


=================================
Candidate: CAN-2000-0462
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: NETBSD:NetBSD-SA2000-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc
Reference: BID:1273
Reference: URL:http://www.securityfocus.com/bid/1273
Reference: XF:netbsd-ftpchroot-parsing

ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot
and does not chroot the specified users, which allows those users to
access other files outside of their home directory.

Modifications:
  ADDREF XF:netbsd-ftpchroot-parsing

INFERRED ACTION: CAN-2000-0462 ACCEPT (3 accept, 1 ack, 0 review)

Current Votes:
   ACCEPT(2) Levy, Stracener
   MODIFY(1) Frech
   NOOP(2) Wall, Cole

Comments:
 Frech> XF:netbsd-ftpchroot-parsing


=================================
Candidate: CAN-2000-0463
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html
Reference: XF:beos-tcp-frag-dos
Reference: BID:1222
Reference: URL:http://www.securityfocus.com/bid/1222

BeOS 5.0 allows remote attackers to cause a denial of service via
fragmented TCP packets.

INFERRED ACTION: CAN-2000-0463 ACCEPT (3 accept, 0 ack, 0 review)

Current Votes:
   ACCEPT(3) Frech, Levy, Stracener
   NOOP(4) LeBlanc, Wall, Cole, Ozancin


=================================
Candidate: CAN-2000-0464
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: MSKB:Q261257
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=261257
Reference: XF:ie-malformed-component-attribute
Reference: BID:1223
Reference: URL:http://www.securityfocus.com/bid/1223

Internet Explorer 4.x and 5.x allows remote attackers to execute
arbitrary commands via a buffer overflow in the ActiveX parameter
parsing capability, aka the "Malformed Component Attribute"
vulnerability.

Modifications:
  ADDREF MSKB:Q261257

INFERRED ACTION: CAN-2000-0464 ACCEPT (6 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(5) LeBlanc, Wall, Frech, Levy, Ozancin
   MODIFY(1) Stracener
   NOOP(1) Cole

Comments:
 Stracener> AddRef: MS: MSKB Q261257
   AddRef: URL: http://www.microsoft.com/technet/support/kb.asp?ID=261257


=================================
Candidate: CAN-2000-0465
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000615
Assigned: 20000614
Category: SF
Reference: MS:MS00-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-033.asp
Reference: MSKB:Q251108
Reference: http://www.microsoft.com/technet/support/kb.asp?ID=251108
Reference: MSKB:Q255676
Reference: http://www.microsoft.com/technet/support/kb.asp?ID=255676
Reference: BID:1224
Reference: URL:http://www.securityfocus.com/bid/1224
Reference: XF:ie-frame-domain-verification

Internet Explorer 4.x and 5.x does properly verify the domain of a
frame within a browser window, which allows a remote attacker to read
client files via the frame, aka the "Frame Domain Verification"
vulnerability.

Modifications:
  ADDREF MSKB:Q251108
  ADDREF MSKB:Q255676

INFERRED ACTION: CAN-2000-0465 ACCEPT (5 accept, 2 ack, 0 review)

Current Votes:
   ACCEPT(4) LeBlanc, Wall, Frech, Levy
   MODIFY(1) Stracener
   NOOP(2) Cole, Ozancin

Comments:
 Stracener> AddRef:MS: MSKB Q251108
   AddRef: http://www.microsoft.com/technet/support/kb.asp?ID=251108
   AddRef:MS: MSKB Q255676
   AddRef:http://www.microsoft.com/technet/support/kb.asp?ID=255676

Page Last Updated or Reviewed: May 22, 2007