[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[INTERIM] ACCEPT 31 recent candidates (Final 7/12)
I have made an Interim Decision to ACCEPT the following 31 candidates
from the RECENT-01 through RECENT-17 clusters. I will make a Final
Decision on July 12.
The breakdown by cluster is as follows:
1 RECENT-01
8 RECENT-04
2 RECENT-05
1 RECENT-07
1 RECENT-10
1 RECENT-11
3 RECENT-13
1 RECENT-14
5 RECENT-15
1 RECENT-16
7 RECENT-17
Voters:
Levy ACCEPT(7) MODIFY(2) NOOP(1)
Wall ACCEPT(3) NOOP(16) REVIEWING(1)
LeBlanc ACCEPT(2) MODIFY(1) NOOP(9)
Ozancin ACCEPT(4)
Cole ACCEPT(5) MODIFY(1) NOOP(16)
Stracener ACCEPT(16) MODIFY(1)
Frech ACCEPT(1) MODIFY(30)
Dik ACCEPT(4) MODIFY(2)
Christey NOOP(8)
Magdych MODIFY(1)
Armstrong ACCEPT(10)
Prosser ACCEPT(1)
Blake ACCEPT(3) NOOP(1)
=================================
Candidate: CAN-1999-0820
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 19991208
Assigned: 19991207
Category: SF
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: BID:838
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=838
Reference: XF:freebsd-seyon-dir-add
FreeBSD seyon allows users to gain privileges via a modified PATH
variable for finding the xterm and seyon-emu commands.
Modifications:
ADDREF XF:freebsd-seyon-dir-add
INFERRED ACTION: CAN-1999-0820 ACCEPT (5 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(3) Armstrong, Stracener, Prosser
MODIFY(2) Cole, Frech
NOOP(2) Christey, Christey
Comments:
Cole> There are actually several vulenrabilities with seyon which allow
users to elevate priviliges
Frech> XF:freebsd-seyon-dir-add
Christey> ADDREF? CALDERA:CSSA-1999-037.0
Prosser> agree there are also earlier seyon vulnerabilites reported as
well but in different areas. The Caldera bulletin refers to a seyon problem
that allows uucp privileges.
Christey> The Caldera advisory is vaguely worded, so it's not certain
whether it should be added here.
As Eric points out, other seyon problems are identified in the
related Bugtraq post. They are covered by CAN-1999-0863 and
CAN-1999-0821.
=================================
Candidate: CAN-2000-0001
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-02
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c)
Reference: BID:888
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=888
Reference: XF:realserver-ramgen-dos
RealMedia server allows remote attackers to cause a denial of service
via a long ramgen request.
Modifications:
ADDREF BID:888
ADDREF XF:realserver-ramgen-dos
INFERRED ACTION: CAN-2000-0001 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:realserver-ramgen-dos
=================================
Candidate: CAN-2000-0011
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-03
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: XF:simpleserver-get-bo
Reference: BID:906
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=906
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote
attackers to execute commands via a long GET request.
Modifications:
DESC add "http server"
ADDREF MISC:http://www.analogx.com/contents/download/network/sswww.htm
ADDREF XF:simpleserver-get-bo
INFERRED ACTION: CAN-2000-0011 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:simpleserver-get-bo
=================================
Candidate: CAN-2000-0013
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991231 irix-soundplayer.sh
Reference: XF:irix-soundplayer-symlink
Reference: BID:909
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=909
IRIX soundplayer program allows local users to gain privileges by
including shell metacharacters in a .wav file, which is executed via
the midikeys program.
Modifications:
DESC change to reflect bug in soundplayer, specify correct bug
ADDREF XF:irix-soundplayer-symlink
INFERRED ACTION: CAN-2000-0013 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(1) Armstrong
MODIFY(2) Stracener, Frech
NOOP(1) Christey
Comments:
Christey> The description should be modified. The problem is not a
symlink attack, rather being able to route a command using
shell metacharacters.
Stracener> This is not a symlink attack. Description should be changed (see below).
Here is what is going on: 1) script creates a file containing C code to
spawn a setuid shell in /tmp when compiled and executed, 2) compiles the
C source file with output to /tmp/kungfoo, 3) executes midikeys 4) user
opens a wav file (via soundplayer) and saves the file as
"foo;/tmp/kungfoo". The "exploitable condition" in soundplayer is a
software flaw allowing for command separation when saving files (i.e.,
whatever is placed after the ";" is executed by soundplayer). I suggest
the description read: "A bug soundplayer (part of midikeys) allows user
to save a wav file with a command separator (i.e. ";") and issue
multiple commands, resulting in the execution of arbitrary code."
Frech> XF:irix-soundplayer-symlink
=================================
Candidate: CAN-2000-0015
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991231 tftpserv.sh
Reference: BID:910
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=910
Reference: XF:cascadeview-tftp-symlink
CascadeView TFTP server allows local users to gain privileges via a
symlink attack.
Modifications:
ADDREF XF:cascadeview-tftp-symlink
INFERRED ACTION: CAN-2000-0015 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:cascadeview-tftp-symlink
=================================
Candidate: CAN-2000-0018
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991221 Wmmon under FreeBSD
Reference: BID:885
Reference: XF:freebsd-wmmon-root-exploit
wmmon in FreeBSD allows local users to gain privileges via the
.wmmonrc configuration file.
Modifications:
ADDREF XF:freebsd-wmmon-root-exploit
ADDREF BID:885
INFERRED ACTION: CAN-2000-0018 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:freebsd-wmmon-root-exploit
=================================
Candidate: CAN-2000-0030
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-fill-disk
Reference: BID:878
Solaris dmispd dmi_cmd allows local users to fill up restricted disk
space by adding files to the /var/dmi/db database.
Modifications:
ADDREF XF:sol-dmispd-fill-disk
ADDREF BID:878
INFERRED ACTION: CAN-2000-0030 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Stracener, Armstrong, Dik
MODIFY(1) Frech
Comments:
Frech> XF:sol-dmispd-fill-disk
=================================
Candidate: CAN-2000-0032
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-dos
Reference: BID:878
Solaris dmi_cmd allows local users to crash the dmispd daemon by
adding a malformed file to the /var/dmi/db database.
Modifications:
ADDREF XF:sol-dmispd-dos
ADDREF BID:878
INFERRED ACTION: CAN-2000-0032 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Stracener, Armstrong, Dik
MODIFY(1) Frech
Comments:
Frech> XF:sol-dmispd-dos
=================================
Candidate: CAN-2000-0034
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000111
Assigned: 20000111
Category: SF
Reference: BUGTRAQ:19991222 More Netscape Passwords Available.
Reference: XF:netscape-password-preferences
Netscape 4.7 records user passwords in the preferences.js file during
an IMAP or POP session, even if the user has not enabled "remember
passwords."
Modifications:
ADDREF XF:netscape-password-preferences
INFERRED ACTION: CAN-2000-0034 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Stracener, Armstrong
MODIFY(1) Frech
Comments:
Frech> XF:netscape-password-preferences
=================================
Candidate: CAN-2000-0045
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
Reference: BUGTRAQ:20000113 New MySQL Available
Reference: XF:mysql-pwd-grant
Reference: BID:926
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=926
MySQL allows local users to modify passwords for arbitrary MySQL users
via the GRANT privilege.
Modifications:
ADDREF XF:mysql-pwd-grant
INFERRED ACTION: CAN-2000-0045 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
Comments:
Frech> XF:mysql-pwd-grant
=================================
Candidate: CAN-2000-0076
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000125
Assigned: 20000122
Category: SF
Reference: BUGTRAQ:19991230 vibackup.sh
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94709988232618&w=2
Reference: DEBIAN:20000109 nvi: incorrect file removal in boot script
Reference: URL:http://www.debian.org/security/2000/20000108
Reference: XF:nvi-delete-files
nviboot boot script in the Debian nvi package allows local users to
delete files via malformed entries in vi.recover.
Modifications:
ADDREF XF:nvi-delete-files
INFERRED ACTION: CAN-2000-0076 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(3) Levy, Wall, Cole
Comments:
Frech> XF:nvi-delete-files
=================================
Candidate: CAN-2000-0092
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000208
Assigned: 20000202
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:01
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc
Reference: BID:939
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=939
Reference: XF:gnu-makefile-tmp-root
The BSD make program allows local users to modify files via a symlink
attack when the -j option is being used.
Modifications:
ADDREF XF:gnu-makefile-tmp-root
INFERRED ACTION: CAN-2000-0092 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(2) Wall, Cole
Comments:
Cole> please change mine from reviewing to NOOP, I could not find the
information I was looking for
Frech> XF:gnu-makefile-tmp-root
=================================
Candidate: CAN-2000-0157
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000321-01
Proposed: 20000223
Assigned: 20000223
Category: SF
Reference: NETBSD:1999-012
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc
Reference: XF:netbsd-ptrace
NetBSD ptrace call on VAX allows local users to gain privileges by
modifying the PSL contents in the debugging process.
Modifications:
ADDREF XF:netbsd-ptrace
INFERRED ACTION: CAN-2000-0157 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(1) Frech
NOOP(3) LeBlanc, Wall, Cole
Comments:
Frech> XF:netbsd-ptrace
=================================
Candidate: CAN-2000-0168
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0087.html
Reference: MS:MS00-017
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126
Reference: BID:1043
Reference: URL:http://www.securityfocus.com/bid/1043
Reference: XF:win-dos-devicename-dos
Microsoft Windows 9x operating systems allow an attacker to cause a
denial of service via a pathname that includes file device names, aka
the "DOS Device in Path Name" vulnerability.
Modifications:
ADDREF XF:win-dos-devicename-dos
DESC [add versions]
INFERRED ACTION: CAN-2000-0168 ACCEPT_REV (5 accept, 1 ack, 1 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Cole
MODIFY(2) LeBlanc, Frech
REVIEWING(1) Wall
Comments:
LeBlanc> this only affects Win9x, not Windows NT or Windows 2000
Frech> XF:win-dos-devicename-dos
=================================
Candidate: CAN-2000-0174
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: BID:1040
Reference: URL:http://www.securityfocus.com/bid/1040
Reference: XF:staroffice-scheduler-fileread
StarOffice StarScheduler web server allows remote attackers to read
arbitrary files via a .. (dot dot) attack.
Modifications:
ADDREF XF:staroffice-scheduler-fileread
INFERRED ACTION: CAN-2000-0174 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Dik
MODIFY(1) Frech
NOOP(4) Wall, LeBlanc, Cole, Christey
Comments:
Christey> Sun patch ID 109185, dated March 27 2000, reports on SD#73159,
"Security problems in the shttpd.bin using StarSchedule
Server." But did they fix 2000-0174, 2000-0175, or both?
Frech> XF:staroffice-scheduler-fileread
=================================
Candidate: CAN-2000-0175
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000626-01
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: XF:staroffice-scheduler-bo
Reference: BID:1039
Reference: URL:http://www.securityfocus.com/bid/1039
Buffer overflow in StarOffice StarScheduler web server allows remote
attackers to gain root access via a long GET command.
Modifications:
ADDREF XF:staroffice-scheduler-bo
INFERRED ACTION: CAN-2000-0175 ACCEPT (4 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(3) Blake, Ozancin, Dik
MODIFY(1) Frech
NOOP(4) Wall, LeBlanc, Cole, Christey
Comments:
Christey> Sun patch ID 109185, dated March 27 2000, reports on SD#73159,
"Security problems in the shttpd.bin using StarSchedule
Server." But did they fix 2000-0174, 2000-0175, or both?
Frech> XF:staroffice-scheduler-bo
=================================
Candidate: CAN-2000-0195
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000322
Assigned: 20000322
Category: SF
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: BID:1008
Reference: URL:http://www.securityfocus.com/bid/1008
Reference: XF:corel-linux-setxconf-root
setxconf in Corel Linux allows local users to gain root access via the
-T parameter, which executes the user's .xserverrc file.
INFERRED ACTION: CAN-2000-0195 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Armstrong, Ozancin
MODIFY(1) Frech
NOOP(4) Wall, Blake, LeBlanc, Cole
Comments:
Frech> XF:corel-linux-setxconf-root
=================================
Candidate: CAN-2000-0236
Published:
Final-Decision:
Interim-Decision: 20000707
Modified:
Proposed: 20000412
Assigned: 20000412
Category: SF
Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0191.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0238.html
Reference: BID:1063
Reference: URL:http://www.securityfocus.com/bid/1063
Reference: XF:netscape-server-directory-indexing
Netscape Enterprise Server with Web Publishing enabled allows remote
attackers to list server directories via web publishing tags such as
?wp-ver-info and ?wp-cs-dump.
INFERRED ACTION: CAN-2000-0236 ACCEPT (3 accept, 0 ack, 0 review)
Current Votes:
ACCEPT(2) Frech, Cole
MODIFY(1) Magdych
Comments:
Magdych> Change first instance of "Web Publishing" to "Directory Indexing".
=================================
Candidate: CAN-2000-0251
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: HP:HPSBUX0004-112
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html
Reference: BID:1090
Reference: URL:http://www.securityfocus.com/bid/1090
Reference: XF:hp-virtual-vault
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes
via an interface that has multiple aliased IP addresses.
Modifications:
ADDREF XF:hp-virtual-vault
INFERRED ACTION: CAN-2000-0251 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(2) Wall, Cole
Comments:
Frech> XF:hp-virtual-vault
=================================
Candidate: CAN-2000-0261
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: XF:ken-download-files
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
The AVM KEN! web server allows remote attackers to read arbitrary
files via a .. (dot dot) attack.
Modifications:
ADDREF XF:ken-download-files
INFERRED ACTION: CAN-2000-0261 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(2) Wall, Cole
Comments:
Frech> XF:ken-download-files
=================================
Candidate: CAN-2000-0262
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: XF:ken-dos
The AVM KEN! ISDN Proxy server allows remote attackers to cause a
denial of service via a malformed request.
Modifications:
ADDREF XF:ken-dos
INFERRED ACTION: CAN-2000-0262 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(2) Wall, Cole
Comments:
Frech> XF:ken-dos
=================================
Candidate: CAN-2000-0264
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: unknown
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-admin-privileges
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Panda Security 3.0 with registry editing disabled allows users to edit
the registry and gain privileges by directly executing a .reg file or
using other methods.
Modifications:
ADDREF CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
ADDREF XF:panda-admin-privileges
INFERRED ACTION: CAN-2000-0264 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(3) Wall, Cole, Christey
Comments:
Christey> CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Frech> XF:panda-admin-privileges
=================================
Candidate: CAN-2000-0279
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: BUGTRAQ:20000407 BeOS Networking DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html
Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312
Reference: BID:1100
Reference: URL:http://www.securityfocus.com/bid/1100
Reference: XF:beos-networking-dos
BeOS allows remote attackers to cause a denial of service via
malformed packets whose length field is less than the length of the
headers.
Modifications:
ADDREF XF:beos-networking-dos
INFERRED ACTION: CAN-2000-0279 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(2) Wall, Cole
Comments:
Frech> XF:beos-networking-dos
=================================
Candidate: CAN-2000-0297
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000426
Assigned: 20000426
Category: SF
Reference: ALLAIRE:ASB00-06
Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full
Reference: BID:1085
Reference: URL:http://www.securityfocus.com/bid/1085
Reference: XF:allaire-forums-allaccess
Allaire Forums 2.0.5 allows remote attackers to bypass access
restrictions to secure conferences via the rightAccessAllForums or
rightModerateAllForums variables.
Modifications:
ADDREF XF:allaire-forums-allaccess
INFERRED ACTION: CAN-2000-0297 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Stracener
MODIFY(1) Frech
NOOP(3) Wall, Cole, Christey
Comments:
Christey> ADDREF XF:allaire-forums-allaccess
Frech> XF:allaire-forums-allaccess
=================================
Candidate: CAN-2000-0311
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: MS:MS00-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-026.asp
Reference: XF:ms-mixed-object
Reference: BID:1145
Reference: URL:http://www.securityfocus.com/bid/1145
The Windows 2000 domain controller allows a malicious user to modify
Active Directory information by modifying an unprotected attribute,
aka the "Mixed Object Access" vulnerability.
Modifications:
ADDREF XF:ms-mixed-object
INFERRED ACTION: CAN-2000-0311 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) LeBlanc, Cole, Wall, Levy
MODIFY(1) Frech
Comments:
Frech> XF:ms-mixed-object
=================================
Candidate: CAN-2000-0316
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0236.html
Reference: SUNBUG:4314312
Reference: BID:1143
Reference: URL:http://www.securityfocus.com/bid/1143
Reference: XF:solaris-lp-bo
Buffer overflow in Solaris 7 lp allows local users to gain root
privileges via a long -d option.
Modifications:
ADDREF SUNBUG:4314312
ADDREF XF:solaris-lp-bo
INFERRED ACTION: CAN-2000-0316 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(2) Dik, Frech
NOOP(3) LeBlanc, Cole, Wall
Comments:
Dik> this is one of many buffer overflows in libprint.so.2;
Reference: SUNBUG 4314312
Frech> XF:solaris-lp-bo
=================================
Candidate: CAN-2000-0331
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html
Reference: MS:MS00-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-027.asp
Reference: BID:1135
Reference: URL:http://www.securityfocus.com/bid/1135
Reference: XF:nt-cmd-overflow
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows
NT and Windows 2000 allows a local user to cause a denial of service
via a long environment variable, aka the "Malformed Environment
Variable" vulnerability.
Modifications:
ADDREF XF:nt-cmd-overflow
INFERRED ACTION: CAN-2000-0331 ACCEPT (5 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(4) LeBlanc, Cole, Wall, Levy
MODIFY(1) Frech
Comments:
Frech> XF:nt-cmd-overflow
=================================
Candidate: CAN-2000-0334
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: ALLAIRE:ASB00-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full
Reference: BID:1181
Reference: XF:allaire-spectra-container-editor-preview
The Allaire Spectra container editor preview tool does not properly
enforce object security, which allows an attacker to conduct
unauthorized activities via an object-method that is added to the
container object with a publishing rule.
Modifications:
ADDREF BID:1181
ADDREF XF:allaire-spectra-container-editor-preview
INFERRED ACTION: CAN-2000-0334 ACCEPT_ACK (2 accept, 1 ack, 0 review)
Current Votes:
MODIFY(2) Levy, Frech
NOOP(3) LeBlanc, Cole, Wall
Comments:
Levy> Reference: BID 1181
Frech> XF:allaire-spectra-container-editor-preview
=================================
Candidate: CAN-2000-0336
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: REDHAT:RHSA-2000:012-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000012-05.html
Reference: CALDERA:CSSA-2000-009.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
Reference: TURBO:TLSA2000010-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
Reference: BID:1232
Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1232
Reference: XF:openldap-symlink-attack
Linux OpenLDAP server allows local users to modify arbitrary files via
a symlink attack.
Modifications:
ADDREF BID:1232
ADDREF XF:openldap-symlink-attack
ADDREF CALDERA:CSSA-2000-009.0
ADDREF TURBO:TLSA2000010-1
DESC remove Red Hat
INFERRED ACTION: CAN-2000-0336 ACCEPT (3 accept, 2 ack, 0 review)
Current Votes:
ACCEPT(1) Cole
MODIFY(2) Levy, Frech
NOOP(3) LeBlanc, Wall, Christey
Comments:
Levy> Reference: BID 1232
Frech> XF:openldap-symlink-attack
Note: This is not just a Red Hat issue. See
ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt and
http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.htm
l, and you might as well add them as references too. :-)
Christey> Also ADDREF BID:1232
=================================
Candidate: CAN-2000-0337
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
Reference: SUNBUG:4335411
Reference: XF:solaris-xsun-bo
Reference: BID:1140
Reference: URL:http://www.securityfocus.com/bid/1140
Buffer overflow in Xsun X server in Solaris 7 allows local users to
gain root privileges via a long -dev parameter.
Modifications:
ADDREF SUNBUG:4335411
ADDREF XF:solaris-xsun-bo
INFERRED ACTION: CAN-2000-0337 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(1) Levy
MODIFY(2) Dik, Frech
NOOP(3) LeBlanc, Cole, Wall
Comments:
Dik> Reference: SUNBUG: 4335411
Frech> XF:solaris-xsun-bo
=================================
Candidate: CAN-2000-0339
Published:
Final-Decision:
Interim-Decision: 20000707
Modified: 20000706-01
Proposed: 20000518
Assigned: 20000511
Category: SF
Reference: BUGTRAQ:20000420 ZoneAlarm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com
Reference: BID:1137
Reference: URL:http://www.securityfocus.com/bid/1137
Reference: XF:zonealarm-portscan
ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source
port of 67, which allows remote attackers to bypass the firewall
rules.
Modifications:
ADDREF XF:zonealarm-portscan
INFERRED ACTION: CAN-2000-0339 ACCEPT (3 accept, 1 ack, 0 review)
Current Votes:
ACCEPT(2) Wall, Levy
MODIFY(1) Frech
NOOP(2) LeBlanc, Cole
Comments:
Frech> XF:zonealarm-portscan