CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1696 | CVE-2000-0118 | Candidate | The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local attackers to conduct brute force password guessing. | Proposed (20000208) | ACCEPT(3) Baker, Cole, Levy | MODIFY(1) Frech | NOOP(1) Wall | REVIEWING(1) Christey | Frech> Is this the same issue as BugTraq Mailing List, Wed, 9 Jun 1999 14:07:27 | -0700 "vulnerability in su/PAM in redhat" at | http://www.netspace.org/cgi-bin/wa?A2=ind9906b&L=bugtraq&F=&S=&P=5356 and | "Solaris 2.5 /bin/su [was: vulnerability in su/PAM in redhat]" at | http://www.netspace.org/cgi-bin/wa?A2=ind9906b&L=bugtraq&F=&S=&P=6051 | If so, then MODIFY XF:su-brute | Christey> BID:320 | URL:http://www.securityfocus.com/vdb/bottom.html?vid=320 | CHANGE> [Frech changed vote from REVIEWING to MODIFY] | Frech> XF:su-brute(2278) | This issue involves more platforms than Red Hat. See BugTraq | Mailing List, Thu Jun 10 1999 12:13:06, "Solaris 2.5 /bin/su [was: | vulnerability in su/PAM in redhat]", | http://www.securityfocus.com/archive/1/14854 | Christey> It does look like this is the same issue as the other Bugtraq | post that explicitly mentions Red Hat and PAM. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | View |
| 1697 | CVE-2000-0119 | Candidate | The default configurations for McAfee Virus Scan and Norton Anti-Virus virus checkers do not check files in the RECYCLED folder that is used by the Windows Recycle Bin utility, which allows attackers to store malicious code without detection. | Proposed (20000208) | ACCEPT(2) Cole, Wall | MODIFY(1) Frech | NOOP(1) Baker | REVIEWING(1) Christey | Christey> ADDREF BID:956 | | A followup post on Feb 8 by Paul L Schmehl claims that this | would not work, because the anti-virus checkers would | activate if the user attempts to execute the program. | Frech> XF:win-trojan-detection-bypass | Much earlier possible reference at NTBugtraq Mailing List, Wed, 22 Dec 1999 | 20:37:43 -0800, "Bypass Virus Checking under 95/98/NT" at | http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=ntbugtraq&F=&S=&P=6030 | CHANGE> [Cole changed vote from REVIEWING to ACCEPT] | Christey> NTBUGTRAQ:19991222 Bypass Virus Checking under 95/98/NT | http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=ntbugtraq&F=&S=&P=6030 | View |
| 1698 | CVE-2000-0120 | Entry | The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter. | View | |||
| 1699 | CVE-2000-0121 | Entry | The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim"s SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. | View | |||
| 1700 | CVE-2000-0122 | Candidate | Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. | Modified (20070607) | ACCEPT(4) Baker, Cole, LeBlanc, Wall | MODIFY(1) Frech | NOOP(1) Christey | Frech> XF:ms-frontpage-get-htimage | Christey> It appears that this was rediscovered in April 18, 2000: | BUGTRAQ:20000418 More vulnerabilities in FP | URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D38FCAC0C.869611C0%40hobbiton.org | | This in turn may match BID:1141 | Christey> According to Scott Culp of Microsoft, this was patched in MS:MS00-028. | Christey> BID:1141 ?? | View |
Page 340 of 20943, showing 5 records out of 104715 total, starting on record 1696, ending on 1700
