CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1720 | CVE-2000-0142 | Candidate | The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417. | Proposed (20000216) | ACCEPT(4) Bishop, Blake, Cole, LeBlanc | MODIFY(2) Frech, Levy | NOOP(2) Baker, Christey | Frech> XF:timbuktu-auth-dos | Levy> BID 984 | Christey> BUGTRAQ:20000412 Timbuktu DoS repaired by Netopia | http://www.securityfocus.com/archive/1/54850 | BID:984 | View |
| 1729 | CVE-2000-0151 | Candidate | GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | Proposed (20000216) | ACCEPT(3) Bishop, Blake, Levy | MODIFY(1) Frech | NOOP(3) Baker, Cole, LeBlanc | REJECT(1) Christey | Frech> XF:gnu-makefile-tmp-root | (We have made assignment to two CANs. Requesting confirmation that this is | not a duplicate of CVE-2000-0092: The BSD make program allows local users to | modify files via a symlink attack when the -j option is being used.) | Christey> To confirm Andre"s question, this is being treated as | different from CVE-2000-0092, based largely on the fact | that the exploit is different. I believe there was | another reason for keeping these distinct, but that | "deeper analysis" was not recorded :-( While it"s possible | that this is the same bug from some common version of make, | in the absence of other information we should probably | keep these two split. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | CHANGE> [Christey changed vote from REVIEWING to REJECT] | Christey> Taking a fresh look at the diff"s for FreeBSD make: | ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc | And Debian make: | http://security.debian.org/dists/slink/updates/source/make_3.77-5slink.diff.gz | | OK... now that I"ve hurt my brain looking at the code, while | there are major differences in the surrounding code, | ultimately both FreeBSD and Debian create an "outfile" file | descriptor for the temporary file, within main() in main.c. | In addition, child_execute_job() in job.c uses an outfile | variable - for both sources. | | Perhaps FreeBSD reported the -j problem without seeing that it | could come in from stdin as well, and/or Debian/etc. didn"t realize | that it was exploitable from job control, or maybe a combination of | the two. Regardless, the two problems are the same. | | Phew! There goes a half-hour of my life that I"ll never be | able to get back... | View |
| 1731 | CVE-2000-0153 | Candidate | FrontPage Personal Web Server (PWS) allows remote attackers to read files via a .... (dot dot) attack. | Proposed (20000223) | ACCEPT(3) Cole, Levy, Wall | MODIFY(1) Frech | NOOP(2) Baker, Christey | REJECT(1) LeBlanc | LeBlanc> I think this is the same as | http://www.microsoft.com/technet/security/bulletin/ms99-010.asp | If that is true, and you already have it logged, we don"t want to have an | entry for the same bug. | Christey> MS:MS99-010 describes CVE-1999-0386. Are there sufficient | details to ensure that this is the same problem? | | See http://www.securityfocus.com/templates/archive.pike?list=1&msg=01bae51a$9ab232b0$0100007f@nordnode | | Frech> XF:pws-file-access | (We currently have this issue assigned to this CAN and to CVE-1999-0386. I | see that others have similar concerns that this is a duplicate; please | confirm on current status of this candidate.) | Christey> [note to self: review comments by Mark Burnett] | View |
| 1733 | CVE-2000-0155 | Candidate | Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | Proposed (20000223) | ACCEPT(4) Baker, Cole, Levy, Wall | MODIFY(1) Frech | REVIEWING(1) Christey | Frech> XF:nt-autorun-notdefault | Christey> Consider: | http://support.microsoft.com/support/kb/articles/Q155/2/17.asp | http://support.microsoft.com/support/kb/articles/Q136/2/14.asp | View |
| 1741 | CVE-2000-0163 | Candidate | asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file. | Proposed (20000223) | ACCEPT(3) Baker, Cole, Levy | MODIFY(1) Frech | NOOP(2) LeBlanc, Wall | Frech> XF:asmon-ascpu-execute-commands | (Not sims-slapd-logfiles) | View |
Page 20569 of 20943, showing 5 records out of 104715 total, starting on record 102841, ending on 102845
