[PROPOSAL] Cluster RECENT-37 - 27 candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: [PROPOSAL] Cluster RECENT-37 - 27 candidates
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Wed, 18 Oct 2000 15:59:25 -0400 (EDT)
Delivery-Date: Wed Oct 18 16:07:51 2000
Sender: owner-cve-editorial-board-list@lists.mitre.org
The following cluster contains 27 candidates that were announced
between September 1 and September 8, 2000.

Note that the voting web site will not be updated with this cluster
until late tonight.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-0847
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0847
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000901 UW c-client library vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html
Reference: BUGTRAQ:20000901 More about UW c-client library
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html
Reference: FREEBSD:FreeBSD-SA-00:47.pine
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html
Reference: BID:1646
Reference: URL:http://www.securityfocus.com/bid/1646
Reference: BID:1687
Reference: URL:http://www.securityfocus.com/bid/1687

Buffer overflow in University of Washington c-client library (used by
pine and other programs) allows remote attackers to execute arbitrary
commands via a long X-Keywords header.

Analysis
----------------
ED_PRI CAN-2000-0847 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0849
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0849
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: MS:MS00-064
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-064.asp
Reference: BID:1655
Reference: URL:http://www.securityfocus.com/bid/1655

Race condition in Microsoft Windows Media server allows remote attackers
to cause a denial of service in the Windows Media Unicast Service via a
malformed request, aka the "Unicast Service Race Condition" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0849 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0851
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0851
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: ATSTAKE:A090700-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt
Reference: MS:MS00-065
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-065.asp
Reference: BID:1651
Reference: URL:http://www.securityfocus.com/bid/1651
Reference: XF:w2k-still-image-service
Reference: URL:http://xforce.iss.net/static/5203.php

Buffer overflow in the Still Image Service in Windows 2000 allows local
users to gain additional privileges via a long WM_USER message, aka the
"Still Image Service Privilege Escalation" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0851 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0858
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0858
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS
Reference: URL:http://www.securityfocus.com/archive/1/80413
Reference: MS:MS00-063
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html
Reference: BID:1642
Reference: URL:http://www.securityfocus.com/bid/1642
Reference: XF:iis-invald-url-dos
Reference: URL:http://xforce.iss.net/static/5202.php

Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to
cause a denial of service in IIS by sending it a series of malformed
requests which cause INETINFO.EXE to fail, aka the "Invalid URL"
vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0858 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0861
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0861
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html
Reference: FREEBSD:FreeBSD-SA-00:51
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html
Reference: BID:1667
Reference: URL:http://www.securityfocus.com/bid/1667

Mailman 1.1 allows list administrators to execute arbitrary commands
via shell metacharacters in the %(listname) macro expansion.

Analysis
----------------
ED_PRI CAN-2000-0861 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0868
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0868
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: ATSTAKE:A090700-2
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: BID:1658
Reference: URL:http://www.securityfocus.com/bid/1658
Reference: XF:suse-apache-cgi-source-code
Reference: URL:http://xforce.iss.net/static/5197.php

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows
remote attackers to read source code for CGI scripts by replacing the
/cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Analysis
----------------
ED_PRI CAN-2000-0868 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0869
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0869
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: ATSTAKE:A090700-3
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: BID:1656
Reference: URL:http://www.securityfocus.com/bid/1656
Reference: XF:apache-webdav-directory-listings
Reference: URL:http://xforce.iss.net/static/5204.php

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables
WebDAV, which allows remote attackers to list arbitrary diretories via
the PROPFIND HTTP request method.

Analysis
----------------
ED_PRI CAN-2000-0869 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0844
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0844
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html
Reference: BID:1634
Reference: URL:http://www.securityfocus.com/bid/1634

Some functions that implement the locale subsystem on Unix do not
properly cleanse user-injected format strings, which allows local attackers
to execute arbitrary commands via functions such as gettext and catopen.

Analysis
----------------
ED_PRI CAN-2000-0844 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0860
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0860
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html
Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html
Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
Reference: MANDRAKE:MDKSA-2000:048
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html
Reference: BID:1649
Reference: URL:http://www.securityfocus.com/bid/1649
Reference: XF:php-file-upload
Reference: URL:http://xforce.iss.net/static/5190.php

The file upload capability in PHP versions 3 and 4 allows remote
attackers to read arbitrary files by setting hidden form fields whose
names match the names of internal PHP script variables.

Analysis
----------------
ED_PRI CAN-2000-0860 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0873
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0873
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000903 aix allows clearing the interface stats
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html
Reference: BID:1660
Reference: URL:http://www.securityfocus.com/bid/1660
Reference: XF:aix-clear-netstat
Reference: URL:http://xforce.iss.net/static/5214.php

netstat in AIX 4.x.x does not properly restrict access to the -Zi
option, which allows local users to clear network interface statistics
and possibly hiding evidence of unusual network activities.

Analysis
----------------
ED_PRI CAN-2000-0873 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0826
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0826
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: ATSTAKE:A090800-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090800-1.txt
Reference: BID:1657
Reference: URL:http://www.securityfocus.com/bid/1657
Reference: XF:documentdirect-get-bo
Reference: URL:http://xforce.iss.net/static/5210.php

Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the
Internet 1.2 allows remote attackers to execute arbitrary commands via
a long GET request.

Analysis
----------------
ED_PRI CAN-2000-0826 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0827
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0827
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: ATSTAKE:A090800-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090800-1.txt
Reference: BID:1657
Reference: URL:http://www.securityfocus.com/bid/1657
Reference: XF:documentdirect-username-bo
Reference: URL:http://xforce.iss.net/static/5211.php

Buffer overflow in the web authorization form of Mobius DocumentDirect
for the Internet 1.2 allows remote attackers to cause a denial of
service or execute arbitrary commands via a long username.

Analysis
----------------
ED_PRI CAN-2000-0827 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0828
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0828
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001015
Category: SF
Reference: ATSTAKE:A090800-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090800-1.txt
Reference: BID:1657
Reference: URL:http://www.securityfocus.com/bid/1657
Reference: XF:documentdirect-user-agent-bo
Reference: URL:http://xforce.iss.net/static/5212.php

Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the
Internet 1.2 allows remote attackers to execute arbitrary commands via
a long User-Agent parameter.

Analysis
----------------
ED_PRI CAN-2000-0828 3
Vendor Acknowledgement: yes
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0840
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0840
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 [NEWS] XMail vulnerable to a remotely exploitable buffer overflow (APOP, USER)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0001.html
Reference: BID:1652
Reference: URL:http://www.securityfocus.com/bid/1652
Reference: XF:xmail-long-user-bo
Reference: URL:http://xforce.iss.net/static/5192.php

Buffer overflow in XMail POP3 server before version 0.59 allows remote
attackers to execute arbitrary commands via a long USER command.

Analysis
----------------
ED_PRI CAN-2000-0840 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0841
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0841
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 [NEWS] XMail vulnerable to a remotely exploitable buffer overflow (APOP, USER)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0001.html
Reference: BID:1652
Reference: URL:http://www.securityfocus.com/bid/1652
Reference: XF:xmail-long-apop-bo
Reference: URL:http://xforce.iss.net/static/5191.php

Buffer overflow in XMail POP3 server before version 0.59 allows remote
attackers to execute arbitrary commands via a long APOP command.

Analysis
----------------
ED_PRI CAN-2000-0841 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0855
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0855
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html
Reference: BID:1637
Reference: URL:http://www.securityfocus.com/bid/1637

SunFTP build 9(1) allows remote attackers to cause a denial of service
by connecting to the server and disconnecting before sending a
newline.

Analysis
----------------
ED_PRI CAN-2000-0855 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0856
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0856
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html
Reference: BID:1638
Reference: URL:http://www.securityfocus.com/bid/1638

Buffer overflow in SunFTP build 9(1) allows remote attackers to cause
a denial of service or possibly execute arbitrary commands via a long
GET request.

Analysis
----------------
ED_PRI CAN-2000-0856 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0859
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0859
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000904 VIGILANTE-2000008: NTMail Configuration Service DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0471.html
Reference: BID:1640
Reference: URL:http://www.securityfocus.com/bid/1640
Reference: XF:ntmail-incomplete-http-requests
Reference: URL:http://xforce.iss.net/static/5182.php

The web configuration server for NTMail V5 and V6 allows remote
attackers to cause a denial of service via a series of partial HTTP
requests.

Analysis
----------------
ED_PRI CAN-2000-0859 3
Vendor Acknowledgement: unknown claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0866
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0866
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000907 SEGFAULTING Interbase 6 SS Linux
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0027.html
Reference: BID:1654
Reference: URL:http://www.securityfocus.com/bid/1654
Reference: XF:interbase-query-dos
Reference: URL:http://xforce.iss.net/static/5205.php

Interbase 6 SuperServer for Linux allows an attacker to cause a denial
of service via a query containing 0 bytes.

Analysis
----------------
ED_PRI CAN-2000-0866 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0872
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0872
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 PhotoAlbum 0.9.9 explorer.php Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0015.html
Reference: BID:1650
Reference: URL:http://www.securityfocus.com/bid/1650
Reference: XF:phpphoto-dir-traverse
Reference: URL:http://xforce.iss.net/static/5198.php

explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read
arbitrary files via a .. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2000-0872 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0874
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0874
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BID:1653
Reference: URL:http://www.securityfocus.com/bid/1653
Reference: BUGTRAQ:20000907 Eudora disclosure
Reference: URL:http://www.securityfocus.com/archive/1/80888
Reference: XF:eudora-path-disclosure
Reference: URL:http://xforce.iss.net/static/5206.php

Eudora mail client includes the absolute path of the sender's host
within a virtual card (VCF).

Analysis
----------------
ED_PRI CAN-2000-0874 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0875
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0875
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: XF:wftpd-long-string-dos
Reference: URL:http://xforce.iss.net/static/5194.php

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a
denial of service by sending a long string of unprintable characters.

Analysis
----------------
ED_PRI CAN-2000-0875 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0876
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0876
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category:
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: XF:wftpd-path-disclosure
Reference: URL:http://xforce.iss.net/static/5196.php

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the
full pathname of the server via a "%C" command, which generates an
error message that includes the pathname.

Analysis
----------------
ED_PRI CAN-2000-0876 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0879
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0879
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 Multiple Security Holes in LPPlus
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html
Reference: BID:1643
Reference: URL:http://www.securityfocus.com/bid/1643
Reference: XF:lpplus-permissions-dos
Reference: URL:http://xforce.iss.net/static/5199.php

LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and
dccbkstshut are installed setuid root and world executable, which
allows arbitrary local users to start and stop various LPD services.

Analysis
----------------
ED_PRI CAN-2000-0879 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0880
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0880
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 Multiple Security Holes in LPPlus
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html
Reference: BID:1643
Reference: URL:http://www.securityfocus.com/bid/1643
Reference: XF:lpplus-process-perms-dos
Reference: URL:http://xforce.iss.net/static/5200.php

LPPlus creates the lpdprocess file with world-writeable permissions,
which allows local users to kill arbitrary processes by specifying an
alternate process ID and using the setuid dcclpdshut program to kill
the process that was specified in the lpdprocess file.

Analysis
----------------
ED_PRI CAN-2000-0880 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0881
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0881
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 Multiple Security Holes in LPPlus
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0531.html
Reference: BID:1644
Reference: URL:http://www.securityfocus.com/bid/1644
Reference: XF:lpplus-dccscan-file-read
Reference: URL:http://xforce.iss.net/static/5201.php

The dccscan setuid program in LPPlus does not properly check if the
user has the permissions to print the file that is specified to
dccscan, which allows local users to print arbitrary files.

Analysis
----------------
ED_PRI CAN-2000-0881 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0882
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0882
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001018
Assigned: 20001018
Category: SF
Reference: BUGTRAQ:20000906 VIGILANTE-2000010: Intel Express Switch series 500 DoS #2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0533.html
Reference: BID:1647
Reference: URL:http://www.securityfocus.com/bid/1647

Intel Express 500 series switches allow a remote attacker to cause a
denial of service via a malformed ICMP packet, which causes the CPU to
crash.

Analysis
----------------
ED_PRI CAN-2000-0882 3
Vendor Acknowledgement: unknown claimed patch

ABSTRACTION:

This looks similar to CAN-2000-0764, except the protocol here is ICMP
instead of IP.  However, the discloser for this one identifies a
different patch than for CAN-2000-0764, which is evidence that this
bug isn't in the same library.  So, these should remain split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Prev by Date: [PROPOSAL] Cluster RECENT-36 - 15 candidates
Next by Date: [PROPOSAL] Cluster RECENT-38 - 26 candidates
Prev by thread: [PROPOSAL] Cluster RECENT-36 - 15 candidates
Next by thread: [PROPOSAL] Cluster RECENT-38 - 26 candidates
Index(es):
- Date
- Thread
Page Last Updated: May 22, 2007
Common Vulnerabilities and Exposures

[PROPOSAL] Cluster RECENT-37 - 27 candidates
