[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-29 - 20 candidates



The following cluster contains 20 candidates that were announced
between 7/13/2000 and 7/20/2000.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

=================================
Candidate: CAN-2000-0622
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NAI:20000719 O'Reilly WebSite Professional Overflow
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2424
Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt
Reference: BID:1487
Reference: URL:http://www.securityfocus.com/bid/1487

Buffer overflow in Webfind CGI program in O'Reilly WebSite
Professional web server 2.x allows remote attackers to execute
arbitrary commands via a URL containing a long "keywords" parameter.


ED_PRI CAN-2000-0622 1


VOTE:

=================================
Candidate: CAN-2000-0630
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
Reference: BID:1488
Reference: URL:http://www.securityfocus.com/bid/1488

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source
code by appending a +.htr to the URL, a variant of the "File Fragment
Reading via .HTR" vulnerability.


ED_PRI CAN-2000-0630 1


VOTE:

=================================
Candidate: CAN-2000-0631
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp
Reference: BID:1476
Reference: URL:http://www.securityfocus.com/bid/1476

An administrative script from IIS 3.0, later included in IIS 4.0 and
5.0, allows remote attackers to cause a denial of service by accessing
the script without a particular argument, aka the "Absent Directory
Browser Argument" vulnerability.


ED_PRI CAN-2000-0631 1


VOTE:

=================================
Candidate: CAN-2000-0632
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0222.html
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1
Reference: BID:1490
Reference: URL:http://www.securityfocus.com/bid/1490

Buffer overflow in the web archive component ot L-Soft Listserv 1.8d
and earlier allows remote attackers to execute arbitrary commands via
a long query string.


ED_PRI CAN-2000-0632 1


VOTE:

=================================
Candidate: CAN-2000-0653
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: MS:MS00-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-045.asp
Reference: BID:1502
Reference: URL:http://www.securityfocus.com/bid/1502

Microsoft Outlook Express allows remote attackers to monitor a user's
email by creating a persistent browser link to the Outlook Express
windows, aka the "Persistent Mail-Browser Link" vulnerability.


ED_PRI CAN-2000-0653 1


VOTE:

=================================
Candidate: CAN-2000-0666
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
Reference: DEBIAN:20000715 rpc.statd: remote root exploit
Reference: URL:http://www.debian.org/security/2000/20000719a
Reference: REDHAT:RHSA-2000:043-03
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043-03.html
Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html
Reference: CALDERA:CSSA-2000-025.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
Reference: BID:1480
Reference: URL:http://www.securityfocus.com/bid/1480

rpc.statd in the nfs-utils package in various Linux distributions does
not properly cleanse untrusted format strings, which allows remote
attackers to gain root privileges.


ED_PRI CAN-2000-0666 1


VOTE:

=================================
Candidate: CAN-2000-0667
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: CALDERA:CSSA-2000-024.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0273.html
Reference: BID:1512
Reference: URL:http://www.securityfocus.com/bid/1512

Vulnerability in gpm in Caldera Linux allows local users to delete
arbitrary files or conduct a denial of service.


ED_PRI CAN-2000-0667 1


VOTE:

=================================
Candidate: CAN-2000-0633
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html
Reference: BID:1489
Reference: URL:http://www.securityfocus.com/bid/1489

Vulnerability in Mandrake Linux usermode package allows local users to
to reboot or halt the system.


ED_PRI CAN-2000-0633 2


VOTE:

=================================
Candidate: CAN-2000-0623
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NTBUGTRAQ:20000719 Alert: Buffer Overrun is O'Reilly WebsitePro httpd32.exe (CISADV000717)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=5946
Reference: BID:1492
Reference: URL:http://www.securityfocus.com/bid/1492

Buffer overflow in O'Reilly WebSite Professional web server 2.4 and
earlier allows remote attackers to execute arbitrary commands via a
long GET request or Referrer header.


ED_PRI CAN-2000-0623 3


VOTE:

=================================
Candidate: CAN-2000-0624
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html
Reference: BID:1496
Reference: URL:http://www.securityfocus.com/bid/1496

Buffer overflow in WinAmp 2.64 and earlier allows remote attackers to
execute arbitrary commands via a long #EXTINF: extension in the M3U
playlist.


ED_PRI CAN-2000-0624 3


VOTE:

=================================
Candidate: CAN-2000-0625
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: L0PHT:20000718 NetZero Password Encryption Algorithm
Reference: URL:http://www.l0pht.com/advisories/netzero.txt
Reference: BID:1483
Reference: URL:http://www.securityfocus.com/bid/1483

NetZero 3.0 and earlier uses weak encryption for storing a user's
login information, which allows a local user to decrypt the password.


ED_PRI CAN-2000-0625 3


VOTE:

=================================
Candidate: CAN-2000-0626
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 Multiple bugs in Alibaba 2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0237.html
Reference: BID:1482
Reference: URL:http://www.securityfocus.com/bid/1482

Buffer overflow in Alibaba web server allows remote attackers to cause
a denial of service via a long GET request.


ED_PRI CAN-2000-0626 3


VOTE:

=================================
Candidate: CAN-2000-0627
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html
Reference: BID:1486
Reference: URL:http://www.securityfocus.com/bid/1486

BlackBoard CourseInfo 4.0 does not properly authenticate users, which
allows local users to modify CourseInfo database information and gain
privileges by directly calling the supporting CGI programs such as
user_update_passwd.pl and user_update_admin.pl.


ED_PRI CAN-2000-0627 3


VOTE:

=================================
Candidate: CAN-2000-0634
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html
Reference: BID:1493
Reference: URL:http://www.securityfocus.com/bid/1493

The web administration interface for CommuniGate Pro 3.2.5 and earlier
allows remote attackers to read arbitrary files via a .. (dot dot)
attack.


ED_PRI CAN-2000-0634 3


VOTE:

=================================
Candidate: CAN-2000-0636
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html
Reference: BID:1491
Reference: URL:http://www.securityfocus.com/bid/1491

HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow
remote attackers to cause a denial of service via a malformed FTP
quote command.


ED_PRI CAN-2000-0636 3


VOTE:

=================================
Candidate: CAN-2000-0643
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: BID:1470
Reference: URL:http://www.securityfocus.com/bid/1470

Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers
to cause a denial of service via a long URL.


ED_PRI CAN-2000-0643 3


VOTE:

=================================
Candidate: CAN-2000-0649
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NTBUGTRAQ:20000713 IIS4 Basic authentication realm issue
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html
Reference: BID:1499
Reference: URL:http://www.securityfocus.com/bid/1499

IIS 4.0 allows remote attackers to obtain the internal IP address of
the server via an HTTP 1.0 request for a web page which is protected
by basic authentication and has no realm defined.


ED_PRI CAN-2000-0649 3


VOTE:

=================================
Candidate: CAN-2000-0662
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg
Reference: BID:1474
Reference: URL:http://www.securityfocus.com/bid/1474

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to
read arbitrary files by redirecting the contents of an IFRAME using
the DHTML Edit Control (DHTMLED).


ED_PRI CAN-2000-0662 3


VOTE:

=================================
Candidate: CAN-2000-0665
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html
Reference: BID:1478
Reference: URL:http://www.securityfocus.com/bid/1478

AMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to
cause a denial of service via a long username.


ED_PRI CAN-2000-0665 3


VOTE:

=================================
Candidate: CAN-2000-0675
Published:
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20000803
Assigned: 20000802
Category: SF
Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion
Reference: BID:1477
Reference: URL:http://www.securityfocus.com/bid/1477

Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote
attackers to execute arbitrary commands via a long string.


ED_PRI CAN-2000-0675 3


VOTE:

Page Last Updated or Reviewed: May 22, 2007