[PROPOSAL] Cluster RECENT-41 - 42 candidates

To: cve-editorial-board-list@lists.mitre.org
Subject: [PROPOSAL] Cluster RECENT-41 - 42 candidates
From: "Steven M. Christey" <coley@linus.mitre.org>
Date: Tue, 28 Nov 2000 22:26:06 -0500 (EST)
Delivery-Date: Tue Nov 28 22:26:10 2000
Sender: owner-cve-editorial-board-list@lists.mitre.org
The following cluster contains 42 candidates that were announced
between October 5 and October 12, 2000.

Note that the voting web site will not be updated with this cluster
until sometime Wednesday.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve



Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-0816
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0816
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20000929
Category: SF
Reference: ISS:20001006 Insecure call of external programs in Red Hat Linux tmpwatch
Reference: URL:http://xforce.iss.net/alerts/advise64.php
Reference: REDHAT:RHSA-2000:080-01
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080-01.html
Reference: MANDRAKE:MDKSA-2000:056
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1
Reference: BID:1785
Reference: URL:http://www.securityfocus.com/bid/1785

Linux tmpwatch --fuser option allows local users to execute arbitrary
commands by creating files whose names contain shell metacharacters.

Analysis
----------------
ED_PRI CAN-2000-0816 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0916
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0916
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:52
Reference: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:52.tcp-iss.asc
Reference: BID:1766
Reference: URL:http://www.securityfocus.com/bid/1766

FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an
insufficient random number generator to generate initial TCP sequence
numbers (ISN), which allows remote attackers to spoof TCP connections.

Analysis
----------------
ED_PRI CAN-2000-0916 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0920
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0920
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html
Reference: FREEBSD:FreeBSD-SA-00:60
Reference: ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc
Reference: DEBIAN:20001009 boa: exposes contents of local files
Reference: URL:http://www.debian.org/security/2000/20001009
Reference: BID:1770
Reference: URL:http://www.securityfocus.com/bid/1770
Reference: XF:boa-webserver-get-dir-traversal
Reference: URL:http://xforce.iss.net/static/5330.php

Directory traversal vulnerability in BOA web server 0.94.8.2 and
earlier allows remote attackers to read arbitrary files via a modified
.. (dot dot) attack in the GET HTTP request that uses a "%2E" instead
of a "."

Analysis
----------------
ED_PRI CAN-2000-0920 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0965
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0965
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: XF:hp-virtualvault-nsapi-dos
Reference: URL:http://xforce.iss.net/static/5361.php
Reference: HP:HPSBUX0010-124
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0012.html

The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS
10.24 and 11.04 allows an attacker to cause a denial of service (high
CPU utilization)

Analysis
----------------
ED_PRI CAN-2000-0965 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0967
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0967
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: ATSTAKE:A101200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-1.txt
Reference: MANDRAKE:MDKSA-2000:062
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1
Reference: DEBIAN:20001014 php3: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001014a
Reference: DEBIAN:20001014 php4: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001014b
Reference: CALDERA:CSSA-2000-037.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt
Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html
Reference: BID:1786
Reference: URL:http://www.securityfocus.com/bid/1786
Reference: XF:php-logging-format-string
Reference: URL:http://xforce.iss.net/static/5359.php

PHP 3 and 4 do not properly cleanse user-injected format strings,
which allows remote attackers to execute arbitrary commands by
triggering error messages that are improperly written to the error
logs.

Analysis
----------------
ED_PRI CAN-2000-0967 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0974
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0974
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html
Reference: REDHAT:RHSA-2000:089-04
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-089-04.html
Reference: CALDERA:CSSA-2000-038.0
Reference: MANDRAKE:MDKSA-2000:063-1
Reference: CONECTIVA:CLSA-2000:334
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334
Reference: BUGTRAQ:20001025 Immunix OS Security Update for gnupg package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html
Reference: XF:gnupg-message-modify
Reference: URL:http://xforce.iss.net/static/5386.php
Reference: BID:1797
Reference: URL:http://www.securityfocus.com/bid/1797

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file
containing multiple documents, which allows an attacker to modify
contents of all documents but the first without detection.

Analysis
----------------
ED_PRI CAN-2000-0974 1
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0979
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0979
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97147777618139&w=2
Reference: MS:MS00-072
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-072.asp
Reference: BID:1780
Reference: URL:http://www.securityfocus.com/bid/1780
Reference: XF:win9x-share-level-password
Reference: URL:http://xforce.iss.net/static/5395.php

File and Print Sharing service in Windows 95, Windows 98, and Windows
Me does not properly check the password for a file share, which allows
remote attackers to bypass share access controls by sending a 1-byte
password that matches the first character of the real password, aka
the "Share Level Password" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0979 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0980
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0980
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-073
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-073.asp
Reference: BID:1781
Reference: URL:http://www.securityfocus.com/bid/1781
Reference: XF:win-nmpi-packet-dos
Reference: URL:http://xforce.iss.net/static/5357.php

NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink
does not properly filter packets from a broadcast address, which
allows remote attackers to cause a broadcast storm and flood the
network.

Analysis
----------------
ED_PRI CAN-2000-0980 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0982
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0982
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: MS:MS00-076
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-076.asp
Reference: BID:1793
Reference: URL:http://www.securityfocus.com/bid/1793
Reference: XF:ie-cache-info
Reference: URL:http://xforce.iss.net/static/5367.php

Internet Explorer before 5.5 forwards cached user credentials for a
secure web site to insecure pages on the same web site, which could
allow remote attackers to obtain the credentials by monitoring
connections to the web server, aka the "Cached Web Credentials"
vulnerability.

Analysis
----------------
ED_PRI CAN-2000-0982 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1061
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1061
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category:
Reference: MS:MS00-075
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-075.asp

Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows
an unsigned applet to create and use ActiveX controls, which allows a
remote attacker to bypass Internet Explorer's security settings and
execute arbitrary commands via a malicious web page or email, aka the
"Microsoft VM ActiveX Component" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-1061 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0946
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0946
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html
Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html

Compaq Easy Access Keyboard software 1.3 does not properly disable
access to custom buttons when the screen is locked, which could allow
an attacker to gain privileges or execute programs without
authorization.

Analysis
----------------
ED_PRI CAN-2000-0946 2
Vendor Acknowledgement: yes changelog

ACKNOWLEDGEMENT:
The Changelog for Version 1.51 A states: "[this patch] provides
enhanced security, by locking down the Easy Access Keyboard buttons"

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0978
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0978
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html
Reference: BID:1779
Reference: URL:http://www.securityfocus.com/bid/1779

bbd server in Big Brother System and Network Monitor before 1.5c2
allows remote attackers to execute arbitrary commands via the "&"
shell metacharacter.

Analysis
----------------
ED_PRI CAN-2000-0978 2
Vendor Acknowledgement: yes email-announce

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1005
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1005
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/138495
Reference: BID:1774
Reference: URL:http://www.securityfocus.com/bid/1774
Reference: XF:extropia-webstore-fileread
Reference: URL:http://xforce.iss.net/static/5347.php

Directory traversal vulnerability in html_web_store.cgi and
web_store.cgi CGI programs in eXtropia WebStore allows remote
attackers to read arbitrary files via a .. (dot dot) attack on the
page parameter.

Analysis
----------------
ED_PRI CAN-2000-1005 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1010
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1010
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory]
Reference: URL:http://www.securityfocus.com/archive/1/137890
Reference: BID:1764
Reference: URL:http://www.securityfocus.com/bid/1764
Reference: XF:linux-talkd-overwrite-root
Reference: URL:http://xforce.iss.net/static/5344.php

Format string vulnerability in talkd in OpenBSD and possibly other
BSD-based OSes allows remote attackers to execute arbitrary commands
via a user name that contains format characters.

Analysis
----------------
ED_PRI CAN-2000-1010 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0914
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0914
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001005 obsd_fun.c
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html
Reference: BID:1759
Reference: URL:http://www.securityfocus.com/bid/1759
Reference: XF:bsd-arp-request-dos
Reference: URL:http://xforce.iss.net/static/5340.php

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of
service by flooding the server with ARP requests.

Analysis
----------------
ED_PRI CAN-2000-0914 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0919
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0919
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001007 PHPix advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html
Reference: BID:1773
Reference: URL:http://www.securityfocus.com/bid/1773
Reference: XF:phpix-dir-traversal
Reference: URL:http://xforce.iss.net/static/5331.php

Directory traversal vulnerability in PHPix Photo Album 1.0.2 and
earlier allows remote attackers to read arbitrary files via a .. (dot
dot) attack.

Analysis
----------------
ED_PRI CAN-2000-0919 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0921
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0921
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html
Reference: BID:1777
Reference: URL:http://www.securityfocus.com/bid/1777
Reference: XF:hassan-shopping-cart-dir-traversal
Reference: URL:http://xforce.iss.net/static/5342.php

Directory traversal vulnerability in Hassan Consulting shop.cgi
shopping cart program allows remote attackers to read arbitrary files
via a .. (dot dot) attack on the page parameter.

Analysis
----------------
ED_PRI CAN-2000-0921 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0922
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0922
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html
Reference: BID:1776
Reference: URL:http://www.securityfocus.com/bid/1776
Reference: XF:web-shopper-directory-traversal
Reference: URL:http://xforce.iss.net/static/5351.php

Directory traversal vulnerability in Bytes Interactive Web Shopper
shopping cart program (shopper.cgi) 2.0 and earlier allows remote
attackers to read arbitrary files via a .. (dot dot) attack on the
newpage parameter.

Analysis
----------------
ED_PRI CAN-2000-0922 3
Vendor Acknowledgement: no

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0923
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0923
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html
Reference: XF:uclinux-apliophone-bin-execute
Reference: URL:http://xforce.iss.net/static/5333.php
Reference: BID:1784
Reference: URL:http://www.securityfocus.com/bid/1784

authenticate.cgi CGI program in Aplio PRO allows remote attackers to
execute arbitrary commands via shell metacharacters in the password
parameter.

Analysis
----------------
ED_PRI CAN-2000-0923 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0924
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0924
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Master Index traverse advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html
Reference: BID:1772
Reference: URL:http://www.securityfocus.com/bid/1772

Directory traversal vulnerability in search.cgi CGI script in Armada
Master Index allows remote attackers to read arbitrary files via a
.. (dot dot) attack in the "catigory" parameter.

Analysis
----------------
ED_PRI CAN-2000-0924 3
Vendor Acknowledgement:

It is possible that the affected parameter is spelled "category" and
the discloser did not report it accurately.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0928
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0928
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html
Reference: BID:1765
Reference: URL:http://www.securityfocus.com/bid/1765

WQuinn QuotaAdvisor 4.1 allows users to list directories and files by
running a report on the targeted shares.

Analysis
----------------
ED_PRI CAN-2000-0928 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0953
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0953
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html
Reference: BID:1778
Reference: URL:http://www.securityfocus.com/bid/1778
Reference: XF:shambala-connection-dos
Reference: URL:http://xforce.iss.net/static/5345.php

Shambala Server 4.5 allows remote attackers to cause a denial of
service by opening then closing a connection.

Analysis
----------------
ED_PRI CAN-2000-0953 3
Vendor Acknowledgement: unknown claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0954
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0954
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html
Reference: BID:1771
Reference: URL:http://www.securityfocus.com/bid/1771
Reference: XF:shambala-password-plaintext
Reference: URL:http://xforce.iss.net/static/5346.php

Shambala Server 4.5 stores passwords in plaintext, which could allow
local users to obtain the passwords and compromise the server.

Analysis
----------------
ED_PRI CAN-2000-0954 3
Vendor Acknowledgement: unknown claimed
Content Decisions: DESIGN-NO-ENCRYPTION

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0960
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0960
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97138100426121&w=2
Reference: BID:1787
Reference: URL:http://www.securityfocus.com/bid/1787
Reference: XF:netscape-messaging-email-verify
Reference: URL:http://xforce.iss.net/static/5364.php

The POP3 server in Netscape Messaging Server 4.15p1 generates
different error messages for incorrect user names versus incorrect
passwords, which allows remote attackers to determine valid users on
the system and harvest email addresses for spam abuse.

Analysis
----------------
ED_PRI CAN-2000-0960 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0961
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0961
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html
Reference: BID:1721
Reference: URL:http://www.securityfocus.com/bid/1721
Reference: XF:netscape-messaging-list-dos
Reference: URL:http://xforce.iss.net/static/5292.php

Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch
2 allows local users to execute arbitrary commands via a long LIST
command.

Analysis
----------------
ED_PRI CAN-2000-0961 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0963
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0963
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001009 ncurses buffer overflows
Reference: URL:http://www.securityfocus.com/archive/1/138550
Reference: CALDERA:CSSA-2000-036.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-036.0.txt
Reference: BID:1142
Reference: URL:http://www.securityfocus.com/bid/1142

Buffer overflow in ncurses library allows local users to execute
arbitrary commands via long environmental information such as TERM or
TERMINFO_DIRS.

Analysis
----------------
ED_PRI CAN-2000-0963 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0975
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0975
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 Anaconda Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html

Directory traversal vulnerability in apexec.pl in Anaconda Foundation
Directory allows remote attackers to read arbitrary files via a
.. (dot dot) attack.

Analysis
----------------
ED_PRI CAN-2000-0975 3
Vendor Acknowledgement: unknown claimed notification

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0976
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0976
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 another Xlib buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0211.html
Reference: BID:1805
Reference: URL:http://www.securityfocus.com/bid/1805

Buffer overflow in xlib in XFree 3.3.x possibly allows local users to
execute arbitrary commands via a long DISPLAY environment variable or
a -display command line parameter.

Analysis
----------------
ED_PRI CAN-2000-0976 3
Vendor Acknowledgement:

INCLUSION:
This might not be exploitable, as a post by Robert van der Meulen says
that "the display number can only contain numeric values."  See
http://archives.neohapsis.com/archives/bugtraq/2000-10/0237.html

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0977
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0977
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001011 Mail File POST Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
Reference: BID:1807
Reference: URL:http://www.securityfocus.com/bid/1807

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to
read arbitrary files by specifying the target file name in the
"filename" parameter in a POST request, which is then sent by email to
the address specified in the "email" parameter.

Analysis
----------------
ED_PRI CAN-2000-0977 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0985
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0985
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: ATSTAKE:A101200-2
Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-2.txt
Reference: BID:1789
Reference: URL:http://www.securityfocus.com/bid/1789

Buffer overflow in All-Mail 1.1 allows remote attackers to execute
arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.

Analysis
----------------
ED_PRI CAN-2000-0985 3
Vendor Acknowledgement: unknown unsopported

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1002
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1002
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings
Reference: URL:http://www.securityfocus.com/archive/1/139523
Reference: XF:communigate-email-verify
Reference: URL:http://xforce.iss.net/static/5363.php
Reference: BID:1792
Reference: URL:http://www.securityfocus.com/bid/1792

POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error
messages for invalid usernames versus invalid passwords, which allows
remote attackers to determine valid email addresses on the server for
SPAM attacks.

Analysis
----------------
ED_PRI CAN-2000-1002 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1003
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1003
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/139511
Reference: BID:1794
Reference: URL:http://www.securityfocus.com/bid/1794
Reference: XF:win-netbios-driver-type-dos
Reference: URL:http://xforce.iss.net/static/5370.php

NETBIOS client in Windows 95 and Windows 98 allows a remote attacker
to cause a denial of service by changing a file sharing service to
return an unknown driver type, which causes the client to crash.

Analysis
----------------
ED_PRI CAN-2000-1003 3
Vendor Acknowledgement: unknown claimed notified

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1018
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1018
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001124
Category: SF
Reference: BUGTRAQ:20001010 Shred 1.0 Bug Report
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119799515246&w=2
Reference: BUGTRAQ:20001011 Shred v1.0 Fix
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97131166004145&w=2
Reference: BID:1788
Reference: URL:http://www.securityfocus.com/bid/1788

shred 1.0 file wiping utility does not properly open a file for
overwriting or flush its buffers, which prevents shred from properly
replacing the file's data and allows local users to recover the file.

Analysis
----------------
ED_PRI CAN-2000-1018 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1062
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1062
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001010 VIGILANTE-2000014: HP Jetdirect multiple DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119729613778&w=2
Reference: BID:1775
Reference: URL:http://www.securityfocus.com/bid/1775
Reference: XF:hp-jetdirect-firmware-dos
Reference: URL:http://xforce.iss.net/static/5353.php

Buffer overflow in the FTP service in HP JetDirect printer card
Firmware x.08.20 and earlier allows remote attackers to cause a denial
of service.

Analysis
----------------
ED_PRI CAN-2000-1062 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

CD:SF-LOC suggests having separate CVE entries for separate buffer
overflows.  While the VIGILANTE advisory indicates that multiple
services are affected, it is not completely clear whether each service
has a separate buffer overflow, or if there is a single overflow in a
library used by all services.  If it is the latter, then CD:SF-LOC
suggests merging this item with the others for the Telnet and LPD
services.  However, in the absence of complete information, the
default action is to keep these items split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1063
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1063
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001010 VIGILANTE-2000014: HP Jetdirect multiple DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119729613778&w=2
Reference: BID:1775
Reference: URL:http://www.securityfocus.com/bid/1775
Reference: XF:hp-jetdirect-firmware-dos
Reference: URL:http://xforce.iss.net/static/5353.php

Buffer overflow in the Telnet service in HP JetDirect printer card
Firmware x.08.20 and earlier allows remote attackers to cause a denial
of service.

Analysis
----------------
ED_PRI CAN-2000-1063 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

CD:SF-LOC suggests having separate CVE entries for separate buffer
overflows.  While the VIGILANTE advisory indicates that multiple
services are affected, it is not completely clear whether each service
has a separate buffer overflow, or if there is a single overflow in a
library used by all services.  If it is the latter, then CD:SF-LOC
suggests combining this item with the others for the FTP and LPD
services.  However, in the absence of complete information, the
default action is to keep these items split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1064
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1064
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001010 VIGILANTE-2000014: HP Jetdirect multiple DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119729613778&w=2
Reference: BID:1775
Reference: URL:http://www.securityfocus.com/bid/1775
Reference: XF:hp-jetdirect-firmware-dos
Reference: URL:http://xforce.iss.net/static/5353.php

Buffer overflow in the LPD service in HP JetDirect printer card
Firmware x.08.20 and earlier allows remote attackers to cause a denial
of service.

Analysis
----------------
ED_PRI CAN-2000-1064 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

CD:SF-LOC suggests having separate CVE entries for separate buffer
overflows.  While the VIGILANTE advisory indicates that multiple
services are affected, it is not completely clear whether each service
has a separate buffer overflow, or if there is a single overflow in a
library used by all services.  If it is the latter, then CD:SF-LOC
suggests combining this item with the others for the FTP and Telnet
services.  However, in the absence of complete information, the
default action is to keep these items split.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1065
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1065
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001010 VIGILANTE-2000014: HP Jetdirect multiple DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119729613778&w=2
Reference: BID:1775
Reference: URL:http://www.securityfocus.com/bid/1775
Reference: XF:hp-jetdirect-ip-implementation
Reference: URL:http://xforce.iss.net/static/5354.php

Vulnerability in IP implementation of HP JetDirect printer card
Firmware x.08.20 and earlier allows remote attackers to cause a denial
of service (printer crash) via a malformed packet.

Analysis
----------------
ED_PRI CAN-2000-1065 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1071
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1071
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1767
Reference: URL:http://www.securityfocus.com/bid/1767

The GUI installation for iCal 2.1 Patch 2 disables access control for
the X server using an "xhost +" command, which allows remote attackers
to monitor X Windows events and gain privileges.

Analysis
----------------
ED_PRI CAN-2000-1071 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1072
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1072
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: CF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1768
Reference: URL:http://www.securityfocus.com/bid/1768

iCal 2.1 Patch 2 installs many files with world-writeable permissions,
which allows local users to modify the iCal configuration and execute
arbitrary commands by replacing the iplncal.sh program with a Trojan
horse.

Analysis
----------------
ED_PRI CAN-2000-1072 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1073
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1073
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769

csstart program in iCal 2.1 Patch 2 searches for the cshttpd program
in the current working directory, which allows local users to gain
root privileges by creating a Trojan Horse cshttpd program in a
directory and calling csstart from that directory.

Analysis
----------------
ED_PRI CAN-2000-1073 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1074
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1074
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769

csstart program in iCal 2.1 Patch 2 uses relative pathnames to install
the libsocket and libnsl libraries, which could allow the icsuser
account to gain root privileges by creating a Trojan Horse library in
the current or parent directory.

Analysis
----------------
ED_PRI CAN-2000-1074 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1078
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1078
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001129
Assigned: 20001129
Category: SF
Reference: BUGTRAQ:20001007 ICQ WebFront HTTPd DoS
Reference: URL:http://www.securityfocus.com/archive/1/138332
Reference: XF:icq-webfront-url-dos
Reference: URL:http://xforce.iss.net/static/5332.php

ICQ Web Front HTTPd allows remote attackers to cause a denial of
service by requesting a URL that contains a "?" character.

Analysis
----------------
ED_PRI CAN-2000-1078 3
Vendor Acknowledgement:
Content Decisions: EX-CLIENT-DOS

INCLUSION:

While this could be viewed as a client-side DoS, there are 2 reasons
why CD:EX-CLIENT-DOS does *not* apply here: (a) the attacker can cause
the DoS without forcing the client to trigger it; and (b) the
vulnerable component is, effectively, a web server.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Prev by Date: [PROPOSAL] Cluster RECENT-40 - 42 candidates
Next by Date: [PROPOSAL] Cluster RECENT-42 - 37 candidates
Prev by thread: [PROPOSAL] Cluster RECENT-40 - 42 candidates
Next by thread: [PROPOSAL] Cluster RECENT-42 - 37 candidates
Index(es):
- Date
- Thread
Page Last Updated: May 22, 2007
Common Vulnerabilities and Exposures

[PROPOSAL] Cluster RECENT-41 - 42 candidates
