|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [PROPOSAL] Cluster RECENT-42 - 37 candidates
The following cluster contains 37 candidates that were announced between October 13 and October 25, 2000. Note that the voting web site will not be updated with this cluster until sometime Wednesday. The candidates are listed in order of priority. Priority 1 and Priority 2 candidates both deal with varying levels of vendor confirmation, so they should be easy to review and it can be trusted that the problems are real. If you discover that any RECENT-XX cluster is incomplete with respect to the problems discovered during the associated time frame, please send that information to me so that candidates can be assigned. - Steve Summary of votes to use (in ascending order of "severity") ---------------------------------------------------------- ACCEPT - voter accepts the candidate as proposed NOOP - voter has no opinion on the candidate MODIFY - voter wants to change some MINOR detail (e.g. reference/description) REVIEWING - voter is reviewing/researching the candidate, or needs more info RECAST - candidate must be significantly modified, e.g. split or merged REJECT - candidate is "not a vulnerability", or a duplicate, etc. 1) Please write your vote on the line that starts with "VOTE: ". If you want to add comments or details, add them to lines after the VOTE: line. 2) If you see any missing references, please mention them so that they can be included. References help greatly during mapping. 3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes. So if you don't have sufficient information for a candidate but you don't want to NOOP, use a REVIEWING. ********** NOTE ********** NOTE ********** NOTE ********** NOTE ********** Please keep in mind that your vote and comments will be recorded and publicly viewable in the mailing list archives or in other formats. ====================================================== Candidate: CAN-2000-0818 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0818 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001013 Category: SF/CF/MP/SA/AN/unknown Reference: ISS:20001025 Vulnerability in the Oracle Listener Program Reference: URL:http://xforce.iss.net/alerts/advise66.php Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands. Analysis ---------------- ED_PRI CAN-2000-0818 1 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0884 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0884 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001019 Category: SF Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution Reference: MS:MS00-078 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp Reference: BID:1806 IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0884 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0915 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0915 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html Reference: FREEBSD:FreeBSD-SA-00:54 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc Reference: BID:1803 Reference: URL:http://www.securityfocus.com/bid/1803 Reference: XF:freebsd-fingerd-files Reference: URL:http://xforce.iss.net/static/5385.php fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. Analysis ---------------- ED_PRI CAN-2000-0915 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0966 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0966 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: HP:HPSBUX0010-125 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html Reference: XF:hp-lpspooler-bo Reference: URL:http://xforce.iss.net/static/5379.php Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges. Analysis ---------------- ED_PRI CAN-2000-0966 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0970 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0970 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-080 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp Reference: XF:session-cookie-remote-retrieval Reference: URL:http://xforce.iss.net/static/5396.php IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0970 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0973 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0973 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: DEBIAN:20001013 curl and curl-ssl: remote exploit Reference: URL:http://www.debian.org/security/2000/20001013a Reference: REDHAT:RHBA-2000:092-01 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html Reference: BID:1804 Reference: URL:http://www.securityfocus.com/bid/1804 Reference: XF:curl-error-bo Reference: URL:http://xforce.iss.net/static/5374.php Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated. Analysis ---------------- ED_PRI CAN-2000-0973 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0983 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0983 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting Reference: URL:http://www.securityfocus.com/archive/1/140341 Reference: MS:MS00-077 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp Reference: MSKB:Q273854 Reference: BID:1798 Reference: URL:http://www.securityfocus.com/bid/1798 Reference: XF:netmeeting-desktop-sharing-dos Reference: URL:http://xforce.iss.net/static/5368.php Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0983 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0984 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0984 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml Reference: XF:cisco-ios-query-dos Reference: URL:http://xforce.iss.net/static/5412.php The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. Analysis ---------------- ED_PRI CAN-2000-0984 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0991 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0991 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-079 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-079.asp Reference: BID:1815 Reference: URL:http://www.securityfocus.com/bid/1815 Reference: XF:win-hyperterminal-telnet-bo Reference: URL:http://xforce.iss.net/static/5387.php Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability. Analysis ---------------- ED_PRI CAN-2000-0991 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1040 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: DEBIAN:20001014 nis: local exploit Reference: URL:http://www.debian.org/security/2000/20001014 Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: REDHAT:RHSA-2000:086-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086-05.html Reference: CALDERA:CSSA-2000-039.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html Reference: XF:ypbind-printf-format-string Reference: URL:http://xforce.iss.net/static/5394.php Reference: BID:1820 Reference: URL:http://www.securityfocus.com/bid/1820 Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service. Analysis ---------------- ED_PRI CAN-2000-1040 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1041 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1041 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: CALDERA:CSSA-2000-039.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges. Analysis ---------------- ED_PRI CAN-2000-1041 1 Vendor Acknowledgement: yes advisory INCLUSION: Various sources say that an overflow exists, but it might not be exploitable. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1044 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: BID:1820 Reference: URL:http://www.securityfocus.com/bid/1820 Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges. Analysis ---------------- ED_PRI CAN-2000-1044 1 Vendor Acknowledgement: yes advisory REFERENCES: Various OS vendors reported problems in ypbind, but SuSE is the only one that specifically mentioned ypbind-mt. The advisory seems to imply that this is a rewrite of original YP functionality. ABSTRACTION: There is a possibility that this is the same format string problem as the ypserv/vsyslog problem as described in MANDRAKE:MDKSA-2000:064. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1050 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236316510117&w=2 Reference: ALLAIRE:ASB00-027 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full Reference: XF:allaire-jrun-webinf-access Reference: URL:http://xforce.iss.net/static/5407.php Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). Analysis ---------------- ED_PRI CAN-2000-1050 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1051 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2 Reference: ALLAIRE:ASB00-028 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full Reference: XF:allaire-jrun-ssifilter-url Reference: URL:http://xforce.iss.net/static/5405.php Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. Analysis ---------------- ED_PRI CAN-2000-1051 1 Vendor Acknowledgement: yes advisory Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0810 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0810 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20000926 Category: SF Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Reference: BID:1782 Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. Analysis ---------------- ED_PRI CAN-2000-0810 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0811 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0811 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20000926 Category: SF Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Reference: BID:1783 Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. Analysis ---------------- ED_PRI CAN-2000-0811 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0968 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0968 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01 Reference: URL:http://www.securityfocus.com/archive/1/141060 Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html Reference: BID:1799 Reference: URL:http://www.securityfocus.com/bid/1799 Reference: XF:halflife-server-changelevel-bo Reference: URL:http://xforce.iss.net/static/5375.php Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command. Analysis ---------------- ED_PRI CAN-2000-0968 2 Vendor Acknowledgement: yes followup There seem to be conflicting or duplicate reports on Bugtraq. It appears that the 2 posts referenced in this candidate both describe an rcon buffer overflow. A followup by the vendor does not mention the changelevel command in conjunction with the buffer overflow. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0969 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01 Reference: URL:http://www.securityfocus.com/archive/1/141060 Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html Reference: XF:halflife-rcon-format-string Reference: URL:http://xforce.iss.net/static/5413.php Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. Analysis ---------------- ED_PRI CAN-2000-0969 2 Vendor Acknowledgement: yes followup A followup by the vendor indicates that the problem is in the changelevel command as opposed to the rcon command, as implied by other sources. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0981 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0981 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security Reference: XF:mysql-authentication Reference: URL:http://xforce.iss.net/static/5409.php MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. Analysis ---------------- ED_PRI CAN-2000-0981 2 Vendor Acknowledgement: yes Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0990 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0990 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html Reference: BID:1809 Reference: URL:http://www.securityfocus.com/bid/1809 Reference: XF:cmd5checkpw-qmail-bypass-authentication Reference: URL:http://xforce.iss.net/static/5382.php cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username. Analysis ---------------- ED_PRI CAN-2000-0990 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1001 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:200024 Price modification in Element InstantShop Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97240616129614&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97267884631455&w=2 add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable. Analysis ---------------- ED_PRI CAN-2000-1001 2 Vendor Acknowledgement: yes followup Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1042 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. Analysis ---------------- ED_PRI CAN-2000-1042 2 Vendor Acknowledgement: yes advisory REFERENCES: Various OS vendors reported problems in ypbind, but Mandrake is the only one that specifically mentioned ypserv. It is possible that the other vendors fixed this ypserv problem but did not report it. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1043 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. Analysis ---------------- ED_PRI CAN-2000-1043 2 Vendor Acknowledgement: yes advisory REFERENCES: Various OS vendors reported problems in ypbind, but Mandrake is the only one that specifically mentioned ypserv. It is possible that the other vendors fixed the ypserv problem but did not report it. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0958 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0958 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html Reference: XF:hotjava-browser-dom-access Reference: URL:http://xforce.iss.net/static/5428.php HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. Analysis ---------------- ED_PRI CAN-2000-0958 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0971 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0971 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001023 Avirt Mail 4.x DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0301.html Reference: XF:avirt-mail-from-dos Reference: URL:http://xforce.iss.net/static/5397.php Reference: XF:avirt-rcpt-to-dos Reference: URL:http://xforce.iss.net/static/5398.php Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of service and possible execute arbitrary commands via a long "RCPT TO" or "MAIL FROM" command. Analysis ---------------- ED_PRI CAN-2000-0971 3 Vendor Acknowledgement: unknown discloser ignored Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0972 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0972 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html Reference: XF:hp-crontab-read-files Reference: URL:http://xforce.iss.net/static/5410.php HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. Analysis ---------------- ED_PRI CAN-2000-0972 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0986 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0986 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0294.html Reference: XF:oracle-home-bo Reference: URL:http://xforce.iss.net/static/5390.php Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable. Analysis ---------------- ED_PRI CAN-2000-0986 3 Vendor Acknowledgement: Content Decisions: SF-LOC, SF-EXEC ABSTRACTION: Multiple binaries are listed, but it's not certain if this is a library problem (in which case, CD:SF-LOC would suggest keeping all binaries together), or separate bugs in different programs (where CD:SF-EXEC would suggest separating the binaries). INCLUSION: While an exploit is posted, it is not specified whether the affected applications are running as setuid/setgid at the time the overflow occurs, so it is possible that this is not exploitable. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0987 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0987 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: XF:oracle-oidldap-bo Reference: URL:http://xforce.iss.net/static/5401.php Reference: BUGTRAQ:20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6 Reference: URL:http://www.securityfocus.com/archive/1/140340 Reference: BUGTRAQ:20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6 Reference: URL:http://www.securityfocus.com/archive/1/140709 Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter. Analysis ---------------- ED_PRI CAN-2000-0987 3 Vendor Acknowledgement: unknown followup Content Decisions: SF-LOC INCLUSION: While an exploit is posted, it is not specified whether the affected applications are running as setuid/setgid at the time the overflow occurs, so it is possible that this is not exploitable. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0988 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0988 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001013 WinU Backdoor passwords!!!! Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0238.html Reference: CONFIRM:http://www.bardon.com/pwdcrack.htm Reference: BID:1801 Reference: URL:http://www.securityfocus.com/bid/1801 Reference: XF:winu-backdoor Reference: URL:http://xforce.iss.net/static/5376.php WinU 1.0 through 5.1 has a backdoor password that allows remote attackers to gain access to its administrative interface and modify configuration. Analysis ---------------- ED_PRI CAN-2000-0988 3 Vendor Acknowledgement: yes advisory Content Decisions: CF-PASS ACKNOWLEDGEMENT: On October 20, 2000, Bardon Data Systems posted the following to http://www.bardon.com/pwdcrack.htm: "The emergency password mechanisms used by WinU 1.0 through 5.1, and Full Control 1.0 through 2.6, have been compromised and published. All users should immediately upgrade to WinU 5.2 or Full Control 2.7 as appropriate." Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-0989 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0989 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station' Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html Reference: XF:intel-email-username-bo Reference: URL:http://xforce.iss.net/static/5414.php Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username. Analysis ---------------- ED_PRI CAN-2000-0989 3 Vendor Acknowledgement: unknown claimed dispute Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1007 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. Analysis ---------------- ED_PRI CAN-2000-1007 3 Vendor Acknowledgement: unknown claimed Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1048 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001016 Wingate 4.1 Beta A vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0245.html Reference: XF:wingate-view-files Reference: URL:http://xforce.iss.net/static/5373.php Directory traversal vulnerability in the logfile service of Wingate 4.1 Beta A and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack via an HTTP GET request that uses encoded characters in the URL. Analysis ---------------- ED_PRI CAN-2000-1048 3 Vendor Acknowledgement: Content Decisions: EX-BETA CD:EX-BETA does not apply because, while the most recent version affected is a beta version, several production versions were affected as well. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1052 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1052 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2 Allaire JRun 2.3 server allows remote attackers to obtain source code for executable content by directly calling the SSIFilter servlet. Analysis ---------------- ED_PRI CAN-2000-1052 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC This problem would exist even if JRun 2.3 didn't have the directory traversal problem, therefore CD:SF-LOC suggests that this should be recorded separately. Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1053 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1053 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Remote command execution Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236125107957&w=2 Reference: ALLAIRE:ASB00-029 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17969&Method=Full Reference: XF:allaire-jrun-jsp-execute Reference: URL:http://xforce.iss.net/static/5406.php Allaire JRun 2.3.3 server allows remote attackers to compile and execute JSP code by inserting it via a cross-site scripting (CSS) attack and directly calling the com.livesoftware.jrun.plugins.JSP JSP servlet. Analysis ---------------- ED_PRI CAN-2000-1053 3 Vendor Acknowledgement: yes advisory Content Decisions: SF-LOC Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1068 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter. Analysis ---------------- ED_PRI CAN-2000-1068 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1069 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 Reference: XF:pollit-admin-password-var Reference: URL:http://xforce.iss.net/static/5419.php pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters. Analysis ---------------- ED_PRI CAN-2000-1069 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS: ====================================================== Candidate: CAN-2000-1070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1070 Final-Decision: Interim-Decision: Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information. Analysis ---------------- ED_PRI CAN-2000-1070 3 Vendor Acknowledgement: Voting Section -------------- Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT If ACCEPT or MODIFY, include reason for acceptance: VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST, HAS-INDEPENDENT-CONFIRMATION, or provide other reason. VOTE: ACCEPT_REASON: COMMENTS:
|
||||
