|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 81 recent candidates from RECENT-28 to RECENT-35
I have made a Final Decision to ACCEPT the following candidates from the RECENT-28 through RECENT-35 clusters. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-2000-0621 CVE-2000-0621 CAN-2000-0624 CVE-2000-0624 CAN-2000-0627 CVE-2000-0627 CAN-2000-0628 CVE-2000-0628 CAN-2000-0630 CVE-2000-0630 CAN-2000-0631 CVE-2000-0631 CAN-2000-0632 CVE-2000-0632 CAN-2000-0633 CVE-2000-0633 CAN-2000-0634 CVE-2000-0634 CAN-2000-0635 CVE-2000-0635 CAN-2000-0636 CVE-2000-0636 CAN-2000-0637 CVE-2000-0637 CAN-2000-0638 CVE-2000-0638 CAN-2000-0639 CVE-2000-0639 CAN-2000-0640 CVE-2000-0640 CAN-2000-0641 CVE-2000-0641 CAN-2000-0642 CVE-2000-0642 CAN-2000-0643 CVE-2000-0643 CAN-2000-0644 CVE-2000-0644 CAN-2000-0651 CVE-2000-0651 CAN-2000-0652 CVE-2000-0652 CAN-2000-0654 CVE-2000-0654 CAN-2000-0655 CVE-2000-0655 CAN-2000-0660 CVE-2000-0660 CAN-2000-0661 CVE-2000-0661 CAN-2000-0663 CVE-2000-0663 CAN-2000-0664 CVE-2000-0664 CAN-2000-0665 CVE-2000-0665 CAN-2000-0666 CVE-2000-0666 CAN-2000-0668 CVE-2000-0668 CAN-2000-0669 CVE-2000-0669 CAN-2000-0670 CVE-2000-0670 CAN-2000-0671 CVE-2000-0671 CAN-2000-0673 CVE-2000-0673 CAN-2000-0674 CVE-2000-0674 CAN-2000-0675 CVE-2000-0675 CAN-2000-0676 CVE-2000-0676 CAN-2000-0677 CVE-2000-0677 CAN-2000-0678 CVE-2000-0678 CAN-2000-0681 CVE-2000-0681 CAN-2000-0682 CVE-2000-0682 CAN-2000-0683 CVE-2000-0683 CAN-2000-0684 CVE-2000-0684 CAN-2000-0685 CVE-2000-0685 CAN-2000-0700 CVE-2000-0700 CAN-2000-0703 CVE-2000-0703 CAN-2000-0705 CVE-2000-0705 CAN-2000-0706 CVE-2000-0706 CAN-2000-0707 CVE-2000-0707 CAN-2000-0708 CVE-2000-0708 CAN-2000-0711 CVE-2000-0711 CAN-2000-0712 CVE-2000-0712 CAN-2000-0718 CVE-2000-0718 CAN-2000-0725 CVE-2000-0725 CAN-2000-0727 CVE-2000-0727 CAN-2000-0728 CVE-2000-0728 CAN-2000-0730 CVE-2000-0730 CAN-2000-0733 CVE-2000-0733 CAN-2000-0737 CVE-2000-0737 CAN-2000-0743 CVE-2000-0743 CAN-2000-0744 CVE-2000-0744 CAN-2000-0745 CVE-2000-0745 CAN-2000-0750 CVE-2000-0750 CAN-2000-0751 CVE-2000-0751 CAN-2000-0754 CVE-2000-0754 CAN-2000-0758 CVE-2000-0758 CAN-2000-0761 CVE-2000-0761 CAN-2000-0763 CVE-2000-0763 CAN-2000-0765 CVE-2000-0765 CAN-2000-0767 CVE-2000-0767 CAN-2000-0768 CVE-2000-0768 CAN-2000-0770 CVE-2000-0770 CAN-2000-0771 CVE-2000-0771 CAN-2000-0777 CVE-2000-0777 CAN-2000-0778 CVE-2000-0778 CAN-2000-0779 CVE-2000-0779 CAN-2000-0780 CVE-2000-0780 CAN-2000-0782 CVE-2000-0782 CAN-2000-0786 CVE-2000-0786 CAN-2000-0787 CVE-2000-0787 CAN-2000-0792 CVE-2000-0792 ====================================================== Candidate: CAN-2000-0621 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0621 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000726 Category: SF Reference: MS:MS00-046 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-046.asp Reference: CERT:CA-2000-14 Reference: URL:http://www.cert.org/advisories/CA-2000-14.html Reference: BID:1501 Reference: URL:http://www.securityfocus.com/bid/1501 Reference: XF:outlook-cache-bypass Reference: URL:http://xforce.iss.net/static/5013.php Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability. Modifications: ADDREF XF:outlook-cache-bypass INFERRED ACTION: CAN-2000-0621 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, LeBlanc, Cole MODIFY(1) Frech Voter Comments: Frech> XF:outlook-cache-bypass(5013) ====================================================== Candidate: CAN-2000-0624 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0624 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html Reference: CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml Reference: BID:1496 Reference: URL:http://www.securityfocus.com/bid/1496 Reference: XF:winamp-playlist-parser-bo Reference: URL:http://xforce.iss.net/static/4956.php Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist. Modifications: ADDREF XF:winamp-playlist-parser-bo ADDREF CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml DESC COrrect spelling for Winamp INFERRED ACTION: CAN-2000-0624 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Christey, Cole Voter Comments: Frech> XF:winamp-playlist-parser-bo(4956) In the description, Nullsoft spells their product as "Winamp." Christey> CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml Comment in version 2.65: "Fix to ex-m3u bug/security hole." ====================================================== Candidate: CAN-2000-0627 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0627 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html Reference: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0 Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com Reference: BID:1486 Reference: URL:http://www.securityfocus.com/bid/1486 Reference: XF:blackboard-courseinfo-dbase-modification Reference: URL:http://xforce.iss.net/static/4946.php BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl. Modifications: ADDREF XF:blackboard-courseinfo-dbase-modification ADDREF BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0 INFERRED ACTION: CAN-2000-0627 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Wall, Blake MODIFY(1) Frech NOOP(5) Armstrong, LeBlanc, Ozancin, Christey, Cole Voter Comments: Frech> XF:blackboard-courseinfo-dbase-modification(4946) Christey> Vendor acknowledgement is at: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0 URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com CHANGE> [Wall changed vote from NOOP to ACCEPT] Wall> Vendor has released a patch for this vulnerability. ====================================================== Candidate: CAN-2000-0628 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0628 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html Reference: BID:1457 Reference: URL:http://www.securityfocus.com/bid/1457 Reference: XF:apache-source-asp-file-write Reference: URL:http://xforce.iss.net/static/4931.php The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files. Modifications: ADDREF XF:apache-source-asp-file-write INFERRED ACTION: CAN-2000-0628 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Cole Voter Comments: Frech> XF:apache-source-asp-file-write(4931) ====================================================== Candidate: CAN-2000-0630 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0630 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: MS:MS00-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp Reference: BID:1488 Reference: URL:http://www.securityfocus.com/bid/1488 Reference: XF:iis-htr-obtain-code Reference: URL:http://xforce.iss.net/static/5104.php IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability. Modifications: ADDREF XF:iis-htr-obtain-code INFERRED ACTION: CAN-2000-0630 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, LeBlanc, Cole MODIFY(1) Frech Voter Comments: Frech> XF:iis-htr-obtain-code(5104) ====================================================== Candidate: CAN-2000-0631 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0631 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2 Reference: MS:MS00-044 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-044.asp Reference: BID:1476 Reference: URL:http://www.securityfocus.com/bid/1476 Reference: XF:iis-absent-directory-dos Reference: URL:http://xforce.iss.net/static/4951.php An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability. Modifications: ADDREF BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02) ADDREF XF:iis-absent-directory-dos INFERRED ACTION: CAN-2000-0631 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, LeBlanc, Cole MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:iis-absent-directory-dos(4951) Christey> ADDREF BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02) URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96390444022878&w=2 ====================================================== Candidate: CAN-2000-0632 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0632 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1 Reference: BID:1490 Reference: URL:http://www.securityfocus.com/bid/1490 Reference: XF:lsoft-listserv-querystring-bo Reference: URL:http://xforce.iss.net/static/4952.php Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. Modifications: DESC fix typo: change "ot" to "of" ADDREF XF:lsoft-listserv-querystring-bo INFERRED ACTION: CAN-2000-0632 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> Fix typo: "ot" Frech> XF:lsoft-listserv-querystring-bo(4952) Suggest that canonical NAI reference is housed at http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp. ====================================================== Candidate: CAN-2000-0633 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0633 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: REDHAT:RHSA-2000:053-01 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-053-02.html Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html Reference: BUGTRAQ:20000812 Conectiva Linux security announcement - usermode Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html Reference: BID:1489 Reference: URL:http://www.securityfocus.com/bid/1489 Reference: XF:linux-usermode-dos Reference: URL:http://xforce.iss.net/static/4944.php Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system. Modifications: ADDREF XF:linux-usermode-dos ADDREF BUGTRAQ:20000812 Conectiva Linux security announcement - usermode ADDREF REDHAT:RHSA-2000:053-01 INFERRED ACTION: CAN-2000-0633 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Christey, Cole Voter Comments: Frech> XF:linux-usermode-dos(4944) Christey> ADDREF BUGTRAQ:20000812 Conectiva Linux security announcement - usermode http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html ADDREF REDHAT:RHSA-2000:053-01 http://www.redhat.com/support/errata/RHSA-2000-053-02.html ====================================================== Candidate: CAN-2000-0634 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0634 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html Reference: BID:1493 Reference: URL:http://www.securityfocus.com/bid/1493 Reference: XF:communigate-pro-file-read Reference: URL:http://xforce.iss.net/static/5105.php The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:communigate-pro-file-read INFERRED ACTION: CAN-2000-0634 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, Blake, Cole MODIFY(1) Frech NOOP(3) Armstrong, LeBlanc, Ozancin Voter Comments: Frech> XF:communigate-pro-file-read(5105) CHANGE> [Wall changed vote from NOOP to ACCEPT] Wall> SecuriTeam and bugtraq seem to be the only source; first discovered by a Japanese fellow. CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0635 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0635 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html Reference: CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html Reference: BID:1449 Reference: URL:http://www.securityfocus.com/bid/1449 Reference: XF:minivend-viewpage-sample Reference: URL:http://xforce.iss.net/static/4880.php The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters. Modifications: ADDREF XF:minivend-viewpage-sample ADDREF CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html INFERRED ACTION: CAN-2000-0635 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Christey, Cole Voter Comments: Frech> XF:minivend-viewpage-sample(4880) Christey> CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html ====================================================== Candidate: CAN-2000-0636 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0636 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html Reference: BID:1491 Reference: URL:http://www.securityfocus.com/bid/1491 Reference: XF:hp-jetdirect-quote-dos Reference: URL:http://xforce.iss.net/static/4947.php HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command. Modifications: ADDREF hp-jetdirect-quote-dos(4947) INFERRED ACTION: CAN-2000-0636 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, Blake, Cole MODIFY(1) Frech NOOP(2) LeBlanc, Ozancin REVIEWING(1) Armstrong Voter Comments: Frech> XF:hp-jetdirect-quote-dos(4947) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] Wall> ISS and SecuriTeam include this as a vulnerability. CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0637 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0637 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg Reference: MS:MS00-051 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-051.asp Reference: BID:1451 Reference: URL:http://www.securityfocus.com/bid/1451 Reference: XF:excel-register-function Reference: URL:http://xforce.iss.net/static/5016.php Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability. Modifications: ADDREF XF:excel-register-function INFERRED ACTION: CAN-2000-0637 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, LeBlanc, Cole MODIFY(1) Frech Voter Comments: Frech> XF:excel-register-function(5016) ====================================================== Candidate: CAN-2000-0638 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0638 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html Reference: CONFIRM:http://bb4.com/README.CHANGES Reference: BID:1455 Reference: URL:http://www.securityfocus.com/bid/1455 Reference: XF:http-cgi-bigbrother-bbhostsvc Reference: URL:http://xforce.iss.net/static/4879.php Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:http-cgi-bigbrother-bbhostsvc INFERRED ACTION: CAN-2000-0638 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(2) Wall, LeBlanc Voter Comments: Frech> XF:http-cgi-bigbrother-bbhostsvc(4879) ====================================================== Candidate: CAN-2000-0639 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0639 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: CF Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html Reference: BID:1494 Reference: URL:http://www.securityfocus.com/bid/1494 Reference: XF:big-brother-filename-extension Reference: URL:http://xforce.iss.net/static/5103.php The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server. Modifications: ADDREF XF:big-brother-filename-extension INFERRED ACTION: CAN-2000-0639 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Cole Voter Comments: Frech> XF:big-brother-filename-extension(5103) ====================================================== Candidate: CAN-2000-0640 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0640 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html Reference: BID:1452 Reference: URL:http://www.securityfocus.com/bid/1452 Reference: XF:guild-ftpd-disclosure Reference: URL:http://xforce.iss.net/static/4922.php Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not. Modifications: ADDREF XF:guild-ftpd-disclosure INFERRED ACTION: CAN-2000-0640 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Blake, Ozancin, Cole MODIFY(2) Wall, Frech NOOP(2) Armstrong, LeBlanc Voter Comments: Frech> XF:guild-ftpd-disclosure(4922) CHANGE> [Wall changed vote from NOOP to MODIFY] Wall> "Guild FTPd for Windows 98 and Windows NT 4.0 allows" ... CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0641 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0641 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html Reference: BID:1453 Reference: URL:http://www.securityfocus.com/bid/1453 Reference: XF:savant-get-bo Reference: URL:http://xforce.iss.net/static/4901.php Savant web server allows remote attackers to execute arbitrary commands via a long GET request. Modifications: ADDREF XF:savant-get-bo INFERRED ACTION: CAN-2000-0641 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, Blake, Ozancin MODIFY(1) Frech NOOP(3) Armstrong, LeBlanc, Cole Voter Comments: Frech> XF:savant-get-bo(4901) CHANGE> [Wall changed vote from NOOP to ACCEPT] Wall> USSR Labs and multiple references. ====================================================== Candidate: CAN-2000-0642 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0642 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: CF Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org Reference: BID:1497 Reference: URL:http://www.securityfocus.com/bid/1497 Reference: XF:webactive-active-log Reference: URL:http://xforce.iss.net/static/5184.php The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page. Modifications: ADDREF XF:webactive-active-log INFERRED ACTION: CAN-2000-0642 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, Blake, Cole MODIFY(1) Frech NOOP(3) Armstrong, LeBlanc, Ozancin Voter Comments: Frech> XF:webactive-active-log(5184) CHANGE> [Wall changed vote from REVIEWING to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0643 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0643 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org Reference: BID:1470 Reference: URL:http://www.securityfocus.com/bid/1470 Reference: XF:webactive-long-get-dos Reference: URL:http://xforce.iss.net/static/4949.php Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL. Modifications: ADDREF XF:webactive-long-get-dos INFERRED ACTION: CAN-2000-0643 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Wall, Blake MODIFY(1) Frech NOOP(4) Armstrong, LeBlanc, Ozancin, Cole Voter Comments: Frech> XF:webactive-long-get-dos(4949) CHANGE> [Wall changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0644 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0644 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html Reference: BID:1506 Reference: URL:http://www.securityfocus.com/bid/1506 Reference: XF:wftpd-stat-dos Reference: URL:http://xforce.iss.net/static/5003.php WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing. Modifications: ADDREF XF:wftpd-stat-dos INFERRED ACTION: CAN-2000-0644 FINAL (Final Decision 20001013) Current Votes: ACCEPT(5) Levy, Wall, Blake, Ozancin, Cole MODIFY(1) Frech NOOP(2) LeBlanc, Christey REVIEWING(1) Armstrong Voter Comments: Frech> XF:wftpd-stat-dos(5003) CHANGE> [Wall changed vote from NOOP to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> See http://www.wftpd.com/bugpage.htm Bug details for RC12 identify other vuln's found by the discloser, but not this one. Did the vendor forget to fix it, or did they forget to document the fix? ====================================================== Candidate: CAN-2000-0651 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0651 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com Reference: BID:1440 Reference: URL:http://www.securityfocus.com/bid/1440 Reference: XF:novell-bordermanager-verification Reference: URL:http://xforce.iss.net/static/5186.php The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine. Modifications: ADDREF XF:novell-bordermanager-verification INFERRED ACTION: CAN-2000-0651 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Blake, Cole MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin REVIEWING(1) Armstrong Voter Comments: Frech> XF:novell-bordermanager-verification(5186) CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0652 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0652 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html Reference: BID:1500 Reference: URL:http://www.securityfocus.com/bid/1500 Reference: XF:websphere-showcode Reference: URL:http://xforce.iss.net/static/5012.php IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string. Modifications: ADDREF XF:websphere-showcode INFERRED ACTION: CAN-2000-0652 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Bollinger, Blake MODIFY(1) Frech NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole Voter Comments: Frech> F:websphere-showcode(5012) Christey> The discoverers claim that APAR PQ39857 fixes the problem, but it could not be found on: http://www-4.ibm.com/software/webservers/appserv/efix.html ====================================================== Candidate: CAN-2000-0654 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0654 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: MS:MS00-041 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-041.asp Reference: BID:1466 Reference: URL:http://www.securityfocus.com/bid/1466 Reference: XF:mssql-dts-reveal-passwords Reference: URL:http://xforce.iss.net/static/4582.php Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability. Modifications: ADDREF XF:mssql-dts-reveal-passwords INFERRED ACTION: CAN-2000-0654 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, LeBlanc, Cole MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:mssql-dts-reveal-passwords(4582) We show a duplicate with CAN-2000-0485; this may be a LoA issue. Christey> There are 2 different dialogs which allow you to get to the database passwords; one is captured in CAN-2000-0485, and the other in CAN-2000-0654. CD:SF-LOC suggests keeping these split. ====================================================== Candidate: CAN-2000-0655 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0655 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com Reference: REDHAT:RHSA-2000:046-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046-02.html Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_60.txt Reference: TURBO:TLSA2000017-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html Reference: NETBSD:NetBSD-SA2000-011 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc Reference: FREEBSD:FreeBSD-SA-00:39 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc Reference: BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html Reference: BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html Reference: BID:1503 Reference: URL:http://www.securityfocus.com/bid/1503 Reference: XF:netscape-jpg-comment Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1. Modifications: ADDREF XF:netscape-jpg-comment ADDREF FREEBSD:FreeBSD-SA-00:39 ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others ADDREF NETBSD:NetBSD-SA2000-011 ADDREF TURBO:TLSA2000017-1 ADDREF BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update ADDREF BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape INFERRED ACTION: CAN-2000-0655 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Wall, Cole MODIFY(1) Frech NOOP(2) LeBlanc, Christey Voter Comments: Frech> XF:netscape-jpg-comment(5014) Christey> ADDREF FREEBSD:FreeBSD-SA-00:39 ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others http://www.suse.de/de/support/security/suse_security_announce_60.txt ADDREF TURBO:TLSA2000017-1 URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html ADDREF BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html ADDREF NETBSD:NetBSD-SA2000-011 URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc ADDREF BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html ====================================================== Candidate: CAN-2000-0660 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0660 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html Reference: CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt Reference: BID:1462 Reference: URL:http://www.securityfocus.com/bid/1462 Reference: XF:worldclient-dir-traverse Reference: URL:http://xforce.iss.net/static/4913.php The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:worldclient-dir-traverse ADDREF CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt INFERRED ACTION: CAN-2000-0660 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Christey, Cole Voter Comments: Frech> XF:worldclient-dir-traverse(4913) Christey> CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt ====================================================== Candidate: CAN-2000-0661 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0661 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html Reference: BID:1448 Reference: URL:http://www.securityfocus.com/bid/1448 Reference: XF:wircsrv-character-flood-dos Reference: URL:http://xforce.iss.net/static/4914.php WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port. Modifications: ADDREF XF:wircsrv-character-flood-dos INFERRED ACTION: CAN-2000-0661 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, Blake, Cole MODIFY(1) Frech NOOP(3) Armstrong, LeBlanc, Ozancin Voter Comments: Frech> XF:wircsrv-character-flood-dos(4914) CHANGE> [Wall changed vote from NOOP to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0663 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0663 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: MS:MS00-052 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-052.asp Reference: MSKB:Q269049 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049 Reference: BID:1507 Reference: URL:http://www.securityfocus.com/bid/1507 Reference: XF:explorer-relative-path-name Reference: URL:http://xforce.iss.net/static/5040.php The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability. Modifications: ADDREF XF:explorer-relative-path-name INFERRED ACTION: CAN-2000-0663 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, LeBlanc, Cole MODIFY(1) Frech Voter Comments: Frech> XF:explorer-relative-path-name(5040) ====================================================== Candidate: CAN-2000-0664 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0664 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm Reference: BID:1508 Reference: URL:http://www.securityfocus.com/bid/1508 Reference: XF:analogx-simpleserver-directory-path Reference: URL:http://xforce.iss.net/static/4999.php AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots. Modifications: ADDREF XF:analogx-simpleserver-directory-path INFERRED ACTION: CAN-2000-0664 FINAL (Final Decision 20001013) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Cole Voter Comments: Frech> XF:analogx-simpleserver-directory-path(4999) ====================================================== Candidate: CAN-2000-0665 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0665 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html Reference: NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html Reference: BID:1478 Reference: URL:http://www.securityfocus.com/bid/1478 Reference: XF:gamsoft-telsrv-dos Reference: URL:http://xforce.iss.net/static/4945.php GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username. Modifications: ADDREF XF:gamsoft-telsrv-dos ADDREF NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack DESC Change vendor name to "GAMSoft" INFERRED ACTION: CAN-2000-0665 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Blake, Cole MODIFY(1) Frech NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Christey Voter Comments: Frech> XF:gamsoft-telsrv-dos(4945) Christey> Change vendor name to "GAMSoft" ADDREF NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html This is an additional impact of the same DoS described in the earlier NTBUGTRAQ post. CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0666 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0666 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html Reference: DEBIAN:20000715 rpc.statd: remote root exploit Reference: URL:http://www.debian.org/security/2000/20000719a Reference: REDHAT:RHSA-2000:043-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043-03.html Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html Reference: CALDERA:CSSA-2000-025.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt Reference: CERT:CA-2000-17 Reference: URL:http://www.cert.org/advisories/CA-2000-17.html Reference: BID:1480 Reference: URL:http://www.securityfocus.com/bid/1480 Reference: XF:linux-rpcstatd-format-overwrite Reference: URL:http://xforce.iss.net/static/4939.php rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges. Modifications: ADDREF CERT:CA-2000-17 ADDREF XF:linux-rpcstatd-format-overwrite INFERRED ACTION: CAN-2000-0666 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Christey> ADDREF CERT:CA-2000-17 Frech> XF:linux-rpcstatd-format-overwrite(4939) ====================================================== Candidate: CAN-2000-0668 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0668 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: REDHAT:RHSA-2000:044-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044-02.html Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html Reference: BUGTRAQ:20000801 MDKSA-2000:029 pam update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html Reference: BID:1513 Reference: URL:http://www.securityfocus.com/bid/1513 Reference: XF:linux-pam-console Reference: URL:http://xforce.iss.net/static/5001.php pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled. Modifications: ADDREF XF:linux-pam-console ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM ADDREF BUGTRAQ:20000801 MDKSA-2000:029 pam update INFERRED ACTION: CAN-2000-0668 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Frech> XF:linux-pam-console(5001) Christey> ADDREF BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html ADDREF BUGTRAQ:20000801 MDKSA-2000:029 pam update http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html ====================================================== Candidate: CAN-2000-0669 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0669 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5 Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au Reference: BID:1467 Reference: URL:http://www.securityfocus.com/bid/1467 Reference: XF:netware-port40193-dos Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data. Modifications: ADDREF XF:netware-port40193-dos DESC Change spelling to "NetWare" INFERRED ACTION: CAN-2000-0669 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Blake, Cole MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Ozancin REVIEWING(1) Armstrong Voter Comments: Frech> XF:netware-port40193-dos(4932) In the description, correct spelling is NetWare. CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0670 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0670 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html Reference: DEBIAN:20000716 Reference: URL:http://www.debian.org/security/2000/20000719b Reference: FREEBSD:FreeBSD-SA-00:37 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.asc Reference: TURBO:TLSA2000016-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html Reference: BID:1469 Reference: URL:http://www.securityfocus.com/bid/1469 Reference: XF:cvsweb-shell-access Reference: URL:http://xforce.iss.net/static/4925.php The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters. Modifications: ADDREF XF:cvsweb-shell-access ADDREF TURBO:TLSA2000016-1 INFERRED ACTION: CAN-2000-0670 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(3) Wall, LeBlanc, Christey Voter Comments: Frech> XF:cvsweb-shell-access(4925) Christey> ADDREF FREEBSD: http://archives.neohapsis.com/archives/freebsd/2000-08/0096.html ADDREF TURBO:TLSA2000016-1 http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html ====================================================== Candidate: CAN-2000-0671 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0671 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html Reference: BID:1510 Reference: URL:http://www.securityfocus.com/bid/1510 Reference: XF:roxen-null-char-url Reference: URL:http://xforce.iss.net/static/4965.php Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL. Modifications: DESC Clarify problem ADDREF XF:roxen-null-char-url INFERRED ACTION: CAN-2000-0671 FINAL (Final Decision 20001013) Current Votes: MODIFY(2) Levy, Frech NOOP(3) Wall, LeBlanc, Cole Voter Comments: Levy> There really is more to this problem than simply being able to list the contents of a directory. Roxen uses Pike. Pike can handle strings with nulls in them, but the underlying OS truncates the string at the first null. Thus Roxen and the OS do not agree on what file the string really points to. On symptom is being able to list a directory. More dangerous is being able to bypass access restrictions by sending a query that passes the web server's ACLs but is valid to the underlying OS. You could also use it to download the source code to scripts by sending a request that the web server will not think is a file type that should be parsed or executed but that will make the underlying OS open the script for reading. Frech> XF:roxen-null-char-url(4965) ====================================================== Candidate: CAN-2000-0673 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0673 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: NAI:20000727 Windows NetBIOS Name Conflicts Reference: URL:http://www.pgp.com/research/covert/advisories/044.asp Reference: MS:MS00-047 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-047.asp Reference: BID:1514 Reference: URL:http://www.securityfocus.com/bid/1514 Reference: BID:1515 Reference: URL:http://www.securityfocus.com/bid/1515 Reference: XF:netbios-name-server-spoofing Reference: URL:http://xforce.iss.net/static/5035.php The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability. Modifications: ADDREF XF:netbios-name-server-spoofing INFERRED ACTION: CAN-2000-0673 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Wall, LeBlanc, Cole MODIFY(2) Levy, Frech NOOP(1) Christey Voter Comments: Levy> It seems you are conbining these two problems because they have the same root problem: that NetBIOS trusts everyone and its not authenticated. But if that is your reasoning then you can classify this as a software fault (SF), it should be a design flaw. Frech> XF:netbios-name-server-spoofing(5035) Christey> There isn't a "design flaw" category, although maybe there should be. The "SF" (software fault) category encompasses both implementation flaws and design flaws. ====================================================== Candidate: CAN-2000-0674 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0674 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000712 ftp.pl vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html Reference: BID:1471 Reference: URL:http://www.securityfocus.com/bid/1471 Reference: XF:virtualvision-ftp-browser Reference: URL:http://xforce.iss.net/static/5187.php ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack. Modifications: ADDREF XF:virtualvision-ftp-browser INFERRED ACTION: CAN-2000-0674 FINAL (Final Decision 20001013) Current Votes: ACCEPT(5) Levy, Wall, Blake, Ozancin, Cole MODIFY(1) Frech NOOP(3) Armstrong, LeBlanc, Christey Voter Comments: Frech> XF:virtualvision-ftp-browser(5187) CHANGE> [Wall changed vote from NOOP to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] Christey> I verified this via code inspection of ftp.pl as downloaded from http://www.arc-s.com/virtual_visions/files/ftp.zip on October 5, 2000. The vulnerable lines are: line 114: $check_dir = $FORM_DATA{"dir"}; line 116: $full_path = "$full_path/$check_dir"; line 128: opendir (DIR, $full_path); line 129: @allfiles = readdir(DIR); It appears that the feartech vendor is no longer maintaining the code, as the feartech site (http://www.feartech.com/vv/ftp.shtml) points to the www.arc-s.com site I just referenced. ====================================================== Candidate: CAN-2000-0675 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0675 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion Reference: BID:1477 Reference: URL:http://www.securityfocus.com/bid/1477 Reference: XF:gatekeeper-long-string-bo Reference: URL:http://xforce.iss.net/static/4948.php Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string. Modifications: ADDREF XF:gatekeeper-long-string-bo INFERRED ACTION: CAN-2000-0675 FINAL (Final Decision 20001013) Current Votes: ACCEPT(4) Levy, Wall, Blake, Cole MODIFY(1) Frech NOOP(3) Armstrong, LeBlanc, Ozancin Voter Comments: Frech> XF:gatekeeper-long-string-bo(4948) CHANGE> [Wall changed vote from NOOP to ACCEPT] CHANGE> [Cole changed vote from NOOP to ACCEPT] ====================================================== Candidate: CAN-2000-0676 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0676 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001011-2 Proposed: 20000921 Assigned: 20000811 Category: SF Reference: BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html Reference: REDHAT:RHSA-2000:054-01 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-054-01.html Reference: CALDERA:CSSA-2000-027.1 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt Reference: FREEBSD:FreeBSD-SA-00:39 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_60.txt Reference: BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html Reference: BUGTRAQ:20000821 MDKSA-2000:036 - netscape update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html Reference: BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html Reference: CERT:CA-2000-15 Reference: URL:http://www.cert.org/advisories/CA-2000-15.html Reference: BID:1546 Reference: URL:http://www.securityfocus.com/bid/1546 Reference: XF:java-brownorifice Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice. Modifications: ADDREF BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole ADDREF REDHAT:RHSA-2000:054-01 ADDREF CALDERA:CSSA-2000-027.1 ADDREF FREEBSD:FreeBSD-SA-00:39 ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others ADDREF BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability ADDREF BUGTRAQ:20000821 MDKSA-2000:036 - netscape update ADDREF BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape ADDREF XF:java-brownorifice INFERRED ACTION: CAN-2000-0676 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Wall, Cole MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> ADDREF BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html ADDREF BUGTRAQ:20000821 MDKSA-2000:036 - netscape update URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html ADDREF BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html ADDREF REDHAT:RHSA-2000:054-01 ADDREF CALDERA:CSSA-2000-027.1 Christey> ADDREF FREEBSD:FreeBSD-SA-00:39 ADDREF SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others http://www.suse.de/de/support/security/suse_security_announce_60.txt ADDREF BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html Christey> ADDREF BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com Frech> XF:java-brownorifice ====================================================== Candidate: CAN-2000-0677 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0677 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000823 Category: SF Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program. Reference: URL:http://xforce.iss.net/alerts/advise60.php Reference: XF:ibm-netdata-db2www-bo Reference: URL:http://xforce.iss.net/static/4976.php Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable. Modifications: ADDREF XF:ibm-netdata-db2www-bo INFERRED ACTION: CAN-2000-0677 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Bollinger, Blake, Cole MODIFY(1) Frech NOOP(3) Armstrong, Wall, Ozancin Voter Comments: Frech> XF:ibm-netdata-db2www-bo(4976) Change ISS URL to http://xforce.iss.net/alerts/advise60.php ====================================================== Candidate: CAN-2000-0678 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0678 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000825 Category: SF Reference: CERT:CA-2000-18 Reference: URL:http://www.cert.org/advisories/CA-2000-18.html Reference: BID:1606 Reference: URL:http://www.securityfocus.com/bid/1606 PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate. INFERRED ACTION: CAN-2000-0678 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Levy, Wall, Cole ====================================================== Candidate: CAN-2000-0681 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0681 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000815 BEA Weblogic server proxy library vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html Reference: BID:1570 Reference: URL:http://www.securityfocus.com/bid/1570 Reference: XF:weblogic-plugin-bo Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension. Modifications: ADDREF XF:weblogic-plugin-bo INFERRED ACTION: CAN-2000-0681 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:weblogic-plugin-bo ====================================================== Candidate: CAN-2000-0682 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0682 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html Reference: BID:1518 Reference: URL:http://www.securityfocus.com/bid/1518 Reference: XF:weblogic-fileservlet-show-code BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet. Modifications: ADDREF XF:weblogic-fileservlet-show-code INFERRED ACTION: CAN-2000-0682 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:weblogic-fileservlet-show-code ====================================================== Candidate: CAN-2000-0683 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0683 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html Reference: CONFIRM:http://developer.bea.com/alerts/security_000728.html Reference: BID:1517 Reference: URL:http://www.securityfocus.com/bid/1517 BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet. INFERRED ACTION: CAN-2000-0683 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole NOOP(1) Wall ====================================================== Candidate: CAN-2000-0684 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0684 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html Reference: BID:1525 Reference: URL:http://www.securityfocus.com/bid/1525 Reference: XF:html-malicious-tags BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file. Modifications: ADDREF XF:html-malicious-tags INFERRED ACTION: CAN-2000-0684 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:html-malicious-tags ====================================================== Candidate: CAN-2000-0685 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0685 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html Reference: BID:1525 Reference: URL:http://www.securityfocus.com/bid/1525 Reference: XF:html-malicious-tags BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file. Modifications: ADDREF XF:html-malicious-tags INFERRED ACTION: CAN-2000-0685 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Levy, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:html-malicious-tags ====================================================== Candidate: CAN-2000-0700 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0700 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards Reference: URL:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml Reference: BID:1541 Reference: URL:http://www.securityfocus.com/bid/1541 Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets. Modifications: DESC extend version info INFERRED ACTION: CAN-2000-0700 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Balinsky NOOP(1) Wall Voter Comments: Balinsky> Modify description to say "starting with 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0" ====================================================== Candidate: CAN-2000-0703 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0703 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html Reference: SUSE:20000810 Security Hole in perl, all versions Reference: URL:http://www.suse.de/de/support/security/suse_security_announce_59.txt Reference: CALDERA:CSSA-2000-026.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt Reference: DEBIAN:20000808 mailx: local exploit Reference: URL:http://www.debian.org/security/2000/20000810 Reference: REDHAT:RHSA-2000:048-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-048-03.html Reference: TURBO:TLSA2000018-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html Reference: BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html Reference: BUGTRAQ:20000808 MDKSA-2000:031 perl update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html Reference: BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html Reference: BID:1547 Reference: URL:http://www.securityfocus.com/bid/1547 Reference: XF:perl-shell-escape suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence. Modifications: ADDREF XF:perl-shell-escape INFERRED ACTION: CAN-2000-0703 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:perl-shell-escape ====================================================== Candidate: CAN-2000-0705 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0705 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html Reference: REDHAT:RHSA-2000:049-02 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0065.html Reference: BID:1550 Reference: URL:http://www.securityfocus.com/bid/1550 Reference: XF:ntop-remote-file-access ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:ntop-remote-file-access INFERRED ACTION: CAN-2000-0705 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ntop-remote-file-access ====================================================== Candidate: CAN-2000-0706 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0706 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: FREEBSD:FreeBSD-SA-00:36 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc Reference: DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows Reference: URL:http://www.debian.org/security/2000/20000830 Reference: BID:1576 Reference: URL:http://www.securityfocus.com/bid/1576 Reference: XF:ntop-bo Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands. Modifications: ADDREF XF:ntop-bo INFERRED ACTION: CAN-2000-0706 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ntop-bo ====================================================== Candidate: CAN-2000-0707 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0707 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html Reference: CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324 Reference: BID:1557 Reference: URL:http://www.securityfocus.com/bid/1557 Reference: XF:pccs-mysql-admin-tool PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password. Modifications: ADDREF XF:pccs-mysql-admin-tool INFERRED ACTION: CAN-2000-0707 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:pccs-mysql-admin-tool ====================================================== Candidate: CAN-2000-0708 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0708 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: 20001010-1 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247 Reference: CONFIRM:http://www.pragmasys.com/TelnetServer/ Reference: BID:1605 Reference: URL:http://www.securityfocus.com/bid/1605 Reference: XF:telnetserver-rpc-bo Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port. Modifications: ADDREF XF:telnetserver-rpc-bo ADDREF CONFIRM:http://www.pragmasys.com/TelnetServer/ INFERRED ACTION: CAN-2000-0708 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:telnetserver-rpc-bo ====================================================== Candidate: CAN-2000-0711 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0711 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!) Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp Reference: BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com Reference: CERT:CA-2000-15 Reference: URL:http://www.cert.org/advisories/CA-2000-15.html Reference: BID:1545 Reference: URL:http://www.securityfocus.com/bid/1545 Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice. INFERRED ACTION: CAN-2000-0711 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN-2000-0712 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0712 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MISC:http://www.egroups.com/message/lids/1038 Reference: BUGTRAQ:2000803 LIDS severe bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html Reference: CONFIRM:http://www.lids.org/changelog.html Reference: BID:1549 Reference: URL:http://www.securityfocus.com/bid/1549 Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option. INFERRED ACTION: CAN-2000-0712 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0718 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0718 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html Reference: BID:1567 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1567 A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. INFERRED ACTION: CAN-2000-0718 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0725 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0725 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert Reference: REDHAT:RHSA-2000:052-02 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0131.html Reference: DEBIAN:20000821 zope: unauthorized escalation of privilege (update) Reference: URL:http://www.debian.org/security/2000/20000821 Reference: BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html Reference: BUGTRAQ:20000816 MDKSA-2000:035 Zope update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html Reference: BID:1577 Reference: URL:http://www.securityfocus.com/bid/1577 Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request. INFERRED ACTION: CAN-2000-0725 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0727 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0727 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2 Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2 Reference: DEBIAN:20000910 xpdf: local exploit Reference: URL:http://www.debian.org/security/2000/20000910a Reference: REDHAT:RHSA-2000:060-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060-03.html Reference: CALDERA:CSSA-2000-031.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt Reference: BID:1624 Reference: URL:http://www.securityfocus.com/bid/1624 xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters. INFERRED ACTION: CAN-2000-0727 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0728 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0728 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96766355023239&w=2 Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96886599829687&w=2 Reference: DEBIAN:20000910 xpdf: local exploit Reference: URL:http://www.debian.org/security/2000/20000910a Reference: REDHAT:RHSA-2000:060-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060-03.html Reference: CALDERA:CSSA-2000-031.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt Reference: BID:1624 Reference: URL:http://www.securityfocus.com/bid/1624 xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack. INFERRED ACTION: CAN-2000-0728 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0730 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0730 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: HP:HPSBUX0008-118 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html Reference: BID:1580 Reference: URL:http://www.securityfocus.com/bid/1580 Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges. INFERRED ACTION: CAN-2000-0730 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0733 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0733 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html Reference: SGI:20000801-02-P Reference: URL:ftp://sgigate.sgi.com/security/20000801-02-P Reference: BID:1572 Reference: URL:http://www.securityfocus.com/bid/1572 Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request. INFERRED ACTION: CAN-2000-0733 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0737 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0737 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-053 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-053.asp Reference: BID:1535 Reference: URL:http://www.securityfocus.com/bid/1535 The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. INFERRED ACTION: CAN-2000-0737 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN-2000-0743 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0743 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html Reference: BID:1569 Reference: URL:http://www.securityfocus.com/bid/1569 Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. INFERRED ACTION: CAN-2000-0743 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0744 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0744 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html Reference: BID:1569 Reference: URL:http://www.securityfocus.com/bid/1569 Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value. INFERRED ACTION: CAN-2000-0744 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0745 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0745 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke, versions less than 3 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html Reference: BID:1592 Reference: URL:http://www.securityfocus.com/bid/1592 admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter. INFERRED ACTION: CAN-2000-0745 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0750 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0750 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html Reference: FREEBSD:FreeBSD-SA-00:40 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html Reference: OPENBSD:20000705 Mopd contained a buffer overflow. Reference: URL:http://www.openbsd.org/errata.html#mopd Reference: REDHAT:RHSA-2000-050-01 Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-050-01.html Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h Reference: BID:1558 Reference: URL:http://www.securityfocus.com/bid/1558 Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name. INFERRED ACTION: CAN-2000-0750 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0751 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0751 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html Reference: FREEBSD:FreeBSD-SA-00:40 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html Reference: OPENBSD:20000705 Mopd contained a buffer overflow. Reference: URL:http://www.openbsd.org/errata.html#mopd Reference: REDHAT:RHSA-2000-050-01 Reference: URL:http://www.redhat.com/support/errata/powertools/RHSA-2000-050-01.html Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h Reference: BID:1559 Reference: URL:http://www.securityfocus.com/bid/1559 mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands. INFERRED ACTION: CAN-2000-0751 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0754 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0754 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: HP:HPSBUX0008-119 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html Reference: BID:1581 Reference: URL:http://www.securityfocus.com/bid/1581 Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords. INFERRED ACTION: CAN-2000-0754 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0758 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0758 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000811 Lyris List Manager Administration Hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html Reference: CONFIRM:http://www.lyris.com/lm/lm_updates.html Reference: BID:1584 Reference: URL:http://www.securityfocus.com/bid/1584 The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field. INFERRED ACTION: CAN-2000-0758 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0761 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0761 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0166.html Reference: CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README Reference: BID:1582 Reference: URL:http://www.securityfocus.com/bid/1582 OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username. INFERRED ACTION: CAN-2000-0761 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0763 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0763 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000816 xlock vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net Reference: DEBIAN:20000816 xlockmore: possible shadow file compromise Reference: URL:http://www.debian.org/security/2000/20000816 Reference: FREEBSD:FreeBSD-SA-00:44.xlockmore Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html Reference: BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html Reference: BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html Reference: BID:1585 Reference: URL:http://www.securityfocus.com/bid/1585 xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option. INFERRED ACTION: CAN-2000-0763 FINAL (Final Decision 20001013) Current Votes: ACCEPT(2) Cole, Levy NOOP(1) Wall ====================================================== Candidate: CAN-2000-0765 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0765 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-056 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-056.asp Reference: BID:1561 Reference: URL:http://www.securityfocus.com/bid/1561 Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability. INFERRED ACTION: CAN-2000-0765 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN-2000-0767 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0767 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp Reference: BID:1564 Reference: URL:http://www.securityfocus.com/bid/1564 The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability. INFERRED ACTION: CAN-2000-0767 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN-2000-0768 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0768 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-055 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-055.asp Reference: BID:1564 Reference: URL:http://www.securityfocus.com/bid/1564 A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability. INFERRED ACTION: CAN-2000-0768 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN-2000-0770 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0770 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-057 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-057.asp Reference: BID:1565 Reference: URL:http://www.securityfocus.com/bid/1565 IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability. INFERRED ACTION: CAN-2000-0770 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN-2000-0771 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0771 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-062 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-062.asp Reference: BID:1613 Reference: URL:http://www.securityfocus.com/bid/1613 Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability. INFERRED ACTION: CAN-2000-0771 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN-2000-0777 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0777 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-061 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-061.asp Reference: BID:1615 Reference: URL:http://www.securityfocus.com/bid/1615 The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability. INFERRED ACTION: CAN-2000-0777 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN-2000-0778 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0778 Final-Decision: 20001013 Interim-Decision: 20001011 Modified: Proposed: 20000921 Assigned: 20000919 Category: SF Reference: MS:MS00-058 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-058.asp Reference: BUGTRAQ:20000815 Translate:f summary, history and thoughts Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz Reference: NTBUGTRAQ:20000816 Translate: f Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212 Reference: BID:1578 Reference: URL:http://www.securityfocus.com/bid/1578 IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability. INFERRED ACTION: CAN-2000-0778 FINAL (Final Decision 20001013) Current Votes: ACCEPT(3) Cole, Levy, Wall ====================================================== Candidate: CAN- | ||||