CVE List
| Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
|---|---|---|---|---|---|---|---|
| 1733 | CVE-2000-0155 | Candidate | Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | Proposed (20000223) | ACCEPT(4) Baker, Cole, Levy, Wall | MODIFY(1) Frech | REVIEWING(1) Christey | Frech> XF:nt-autorun-notdefault | Christey> Consider: | http://support.microsoft.com/support/kb/articles/Q155/2/17.asp | http://support.microsoft.com/support/kb/articles/Q136/2/14.asp | View |
| 1741 | CVE-2000-0163 | Candidate | asmon and ascpu in FreeBSD allow local users to gain root privileges via a configuration file. | Proposed (20000223) | ACCEPT(3) Baker, Cole, Levy | MODIFY(1) Frech | NOOP(2) LeBlanc, Wall | Frech> XF:asmon-ascpu-execute-commands | (Not sims-slapd-logfiles) | View |
| 1745 | CVE-2000-0167 | Candidate | IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | Proposed (20000223) | ACCEPT(1) Cole | MODIFY(1) Frech | NOOP(1) Baker | REVIEWING(4) Christey, LeBlanc, Levy, Wall | Frech> XF:iis-pickup-directory-dos | Christey> BID:1819 | URL:http://www.securityfocus.com/bid/1819 | LeBlanc> Trying to get more info | View |
| 1720 | CVE-2000-0142 | Candidate | The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417. | Proposed (20000216) | ACCEPT(4) Bishop, Blake, Cole, LeBlanc | MODIFY(2) Frech, Levy | NOOP(2) Baker, Christey | Frech> XF:timbuktu-auth-dos | Levy> BID 984 | Christey> BUGTRAQ:20000412 Timbuktu DoS repaired by Netopia | http://www.securityfocus.com/archive/1/54850 | BID:984 | View |
| 1729 | CVE-2000-0151 | Candidate | GNU make follows symlinks when it reads a Makefile from stdin, which allows other local users to execute commands. | Proposed (20000216) | ACCEPT(3) Bishop, Blake, Levy | MODIFY(1) Frech | NOOP(3) Baker, Cole, LeBlanc | REJECT(1) Christey | Frech> XF:gnu-makefile-tmp-root | (We have made assignment to two CANs. Requesting confirmation that this is | not a duplicate of CVE-2000-0092: The BSD make program allows local users to | modify files via a symlink attack when the -j option is being used.) | Christey> To confirm Andre"s question, this is being treated as | different from CVE-2000-0092, based largely on the fact | that the exploit is different. I believe there was | another reason for keeping these distinct, but that | "deeper analysis" was not recorded :-( While it"s possible | that this is the same bug from some common version of make, | in the absence of other information we should probably | keep these two split. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | CHANGE> [Christey changed vote from REVIEWING to REJECT] | Christey> Taking a fresh look at the diff"s for FreeBSD make: | ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc | And Debian make: | http://security.debian.org/dists/slink/updates/source/make_3.77-5slink.diff.gz | | OK... now that I"ve hurt my brain looking at the code, while | there are major differences in the surrounding code, | ultimately both FreeBSD and Debian create an "outfile" file | descriptor for the temporary file, within main() in main.c. | In addition, child_execute_job() in job.c uses an outfile | variable - for both sources. | | Perhaps FreeBSD reported the -j problem without seeing that it | could come in from stdin as well, and/or Debian/etc. didn"t realize | that it was exploitable from job control, or maybe a combination of | the two. Regardless, the two problems are the same. | | Phew! There goes a half-hour of my life that I"ll never be | able to get back... | View |
Page 375 of 20943, showing 5 records out of 104715 total, starting on record 1871, ending on 1875
