[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster RECENT-45 - 33 candidates

The following cluster contains 33 candidates that were announced
between November 13 and November 20, 2000.

Note that the voting web site will not be updated with this cluster
until sometime Wednesday.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.

If you discover that any RECENT-XX cluster is incomplete with respect
to the problems discovered during the associated time frame, please
send that information to me so that candidates can be assigned.

- Steve


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2000-1096
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1096
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 vixie cron...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html
Reference: DEBIAN:20001118 cron: local privilege escalation
Reference: URL:http://www.debian.org/security/2000/20001118a
Reference: BID:1960
Reference: URL:http://www.securityfocus.com/bid/1960

crontab by Paul Vixie uses predictable file names for a temporary file
and does not properly ensure that the file is owned by the user
executing the crontab -e command, which allows local users with write
access to the crontab spool directory to execute arbitrary commands by
creating world-writeable temporary files and modifying them while the
victim is editing the file.

Analysis
----------------
ED_PRI CAN-2000-1096 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1108
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1108
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 Problems with cons.saver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html
Reference: DEBIAN:20001125 mc: local DoS
Reference: URL:http://www.debian.org/security/2000/20001125
Reference: BID:1945
Reference: URL:http://www.securityfocus.com/bid/1945

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not
properly verify if an output file descriptor is a TTY, which allows
local users to corrupt files by creating a symbolic link to the target
file, calling mc, and specifying that link as a TTY argument.

Analysis
----------------
ED_PRI CAN-2000-1108 1
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1139
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1139
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: MS:MS00-088
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-088.asp
Reference: BID:1958
Reference: URL:http://www.securityfocus.com/bid/1958

The installation of Microsoft Exchange 2000 before Rev. A creates a
user account with a known password, which could allow attackers to
gain privileges, aka the "Exchange User Account" vulnerability.

Analysis
----------------
ED_PRI CAN-2000-1139 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1167
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1167
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:70
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc
Reference: BID:1974
Reference: URL:http://www.securityfocus.com/bid/1974

ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict
access as specified by the "nat deny_incoming" command, which allows
remote attackers to connect to the target system.

Analysis
----------------
ED_PRI CAN-2000-1167 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1169
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1169
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html
Reference: MANDRAKE:MDKSA-2000:068
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: DEBIAN:20001118 openssh: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001118
Reference: CONECTIVA:CLSA-2000:345
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345
Reference: REDHAT:RHSA-2000-111
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html
Reference: SUSE:SuSE-SA:2000:47
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html
Reference: BID:1949
Reference: URL:http://www.securityfocus.com/bid/1949

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent
forwarding, which could allow a malicious SSH server to gain access to
the X11 display and sniff X11 events, or gain access to the ssh-agent.

Analysis
----------------
ED_PRI CAN-2000-1169 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1174
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1174
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html
Reference: DEBIAN:20001121 ethereal: remote exploit
Reference: URL:http://www.debian.org/security/2000/20001122a
Reference: CONECTIVA:CLSA-2000:342
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342
Reference: REDHAT:RHSA-2000:116-05
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-116.html
Reference: BID:1972
Reference: URL:http://www.securityfocus.com/bid/1972

Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and
earlier allows remote attackers to execute arbitrary commands via a
packet with a long username.

Analysis
----------------
ED_PRI CAN-2000-1174 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1178
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1178
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html
Reference: REDHAT:RHSA-2000:110-06
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html
Reference: MANDRAKE:MDKSA-2000:072
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3
Reference: CONECTIVA:CLA-2000:356
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356
Reference: DEBIAN:20001121 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001122
Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001201
Reference: BUGTRAQ:20001121 Immunix OS Security update for joe
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500174210821&w=2
Reference: BID:1959
Reference: URL:http://www.securityfocus.com/bid/1959

Joe text editor follows symbolic links when creating a rescue copy
called DEADJOE during an abnormal exit, which allows local users to
overwrite the files of other users whose joe session crashes.

Analysis
----------------
ED_PRI CAN-2000-1178 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1184
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1184
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: FREEBSD:FreeBSD-SA-00:69
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc

telnetd in FreeBSD 4.2 and earlier, and possibly other operating
systems, allows remote attackers to cause a denial of service by
specifying an arbitrary large file in the TERMCAP environmental
variable, which consumes resources as the server processes the file.

Analysis
----------------
ED_PRI CAN-2000-1184 1
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1132
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1132
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html
Reference: BID:1951
Reference: URL:http://www.securityfocus.com/bid/1951
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1

DCForum cgforum.cgi CGI script allows remote attackers to read
arbitrary files, and delete the program itself, via a malformed
"forum" variable.

Analysis
----------------
ED_PRI CAN-2000-1132 2
Vendor Acknowledgement: yes advisory

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1179
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1179
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97440068130051&w=2
Reference: BID:1952
Reference: URL:http://www.securityfocus.com/bid/1952

Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to
read system logs without authentication by directly connecting to the
login screen and typing certain control characters.

Analysis
----------------
ED_PRI CAN-2000-1179 2
Vendor Acknowledgement: yes followup

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1181
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1181
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html
Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html
Reference: BID:1957
Reference: URL:http://www.securityfocus.com/bid/1957

Real Networks RealServer 7 and earlier allows remote attackers to
obtain portions of RealServer's memory contents, possibly including
sensitive information, by accessing the /admin/includes/ URL.

Analysis
----------------
ED_PRI CAN-2000-1181 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1182
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1182
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html
Reference: CONFIRM:https://www.watchguard.com/support/patches.html
Reference: BID:1953
Reference: URL:http://www.securityfocus.com/bid/1953

WatchGuard Firebox II allows remote attackers to cause a denial of
service by flooding the Firebox with a large number of FTP or SMTP
requests, which disables proxy handling.

Analysis
----------------
ED_PRI CAN-2000-1182 2
Vendor Acknowledgement: yes

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0897
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0897
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2
Reference: BID:1941
Reference: URL:http://www.securityfocus.com/bid/1941

Small HTTP Server 2.01 allows remote attackers to cause a denial of
service by repeatedly requesting a URL that references a directory
that does not contain an index.html file, which consumes memory that
is not released after the request is completed.

Analysis
----------------
ED_PRI CAN-2000-0897 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0898
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0898
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2

Small HTTP Server 2.01 does not properly process Server Side Includes
(SSI) tags that contain null values, which allows local users, and
possibly remote attackers, to cause the server to crash by inserting
the SSI into an HTML file.

Analysis
----------------
ED_PRI CAN-2000-0898 3
Vendor Acknowledgement: unknown

INCLUSION:

One could argue that this may not be a vulnerability.  A remote
attacker could probably only do this by exploiting another
vulnerability in the server, one that allows them to modify content of
HTML files (say, via cross-site scripting), or to upload new files
(whether by server configuration or a bug in the server).

It could be argued that if a local attacker does this, then it only
matters if the server crashes and "stays" crashed.  It is not known
whether this is the case or not.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-0899
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0899
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001114
Category: SF/CF/MP/SA/AN/unknown
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97421834001092&w=2
Reference: BID:1942
Reference: URL:http://www.securityfocus.com/bid/1942

Small HTTP Server 2.01 allows remote attackers to cause a denial of
service by connecting to the server and sending out multiple GET,
HEAD, or POST requests and closing the connection before the server
responds to the requests.

Analysis
----------------
ED_PRI CAN-2000-0899 3
Vendor Acknowledgement: unknown

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1126
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1126
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: HP:HPSBUX0011-130
Reference: URL:http://www.securityfocus.com/advisories/2850
Reference: BID:1954
Reference: URL:http://www.securityfocus.com/bid/1954

Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier
allows remote attackers to execute arbitrary commands or cause a
denial of service.

Analysis
----------------
ED_PRI CAN-2000-1126 3
Vendor Acknowledgement: yes advisory
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1150
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1150
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 beos vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html

Felix IRC client in BeOS r5 pro and earlier allows remote attackers to
conduct a denial of service via a message that contains a long URL.

Analysis
----------------
ED_PRI CAN-2000-1150 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1151
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1151
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 beos vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html

Baxter IRC client in BeOS r5 pro and earlier allows remote attackers
to conduct a denial of service via a message that contains a long URL.

Analysis
----------------
ED_PRI CAN-2000-1151 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1152
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1152
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 beos vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html

Browser IRC client in BeOS r5 pro and earlier allows remote attackers
to conduct a denial of service via a message that contains a long URL.

Analysis
----------------
ED_PRI CAN-2000-1152 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1153
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1153
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 beos vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html

PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to
conduct a denial of service via a message that contains a long URL.

Analysis
----------------
ED_PRI CAN-2000-1153 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1154
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1154
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 beos vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html

RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows
remote attackers to cause a denial of service via long HTTP request.

ABSTRACTION:
The discloser indicates that the errors occur in 2 different source files,
when calling 2 different functions, so CD:SF-LOC suggests that the bug
in RHConsole should remain separate from the one in RHDaemon.

Analysis
----------------
ED_PRI CAN-2000-1154 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1155
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1155
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 beos vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html

RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows
remote attackers to cause a denial of service via long HTTP request.

ABSTRACTION:
The discloser indicates that the errors occur in 2 different source files,
when calling 2 different functions, so CD:SF-LOC suggests that the bug
in RHConsole should remain separate from the one in RHDaemon.

Analysis
----------------
ED_PRI CAN-2000-1155 3
Vendor Acknowledgement:
Content Decisions: SF-EXEC, SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1161
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1161
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: BUGTRAQ:20001120 security problem in AdCycle installation
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0271.html
Reference: BID:1969
Reference: URL:http://www.securityfocus.com/bid/1969

The installation of AdCycle banner management system leaves the
build.cgi program in a web-accessible directory, which allows remote
attackers to execute the program and view passwords or delete
databases.

Analysis
----------------
ED_PRI CAN-2000-1161 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1164
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1164
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: CF
Reference: BUGTRAQ:20001118 WinVNC 3.3.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html
Reference: BID:1961
Reference: URL:http://www.securityfocus.com/bid/1961

WinVNC installs the WinVNC3 registry key with permissions that give
Special Access (read and modify) to the Everybody group, which allows
users to read and modify sensitive information such as passwords and
gain access to the system.

Analysis
----------------
ED_PRI CAN-2000-1164 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1170
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1170
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001115 Netsnap Webcam Software Remote Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97439536016554&w=2
Reference: BID:1956
Reference: URL:http://www.securityfocus.com/bid/1956
Reference: CONFIRM:http://www.netsnap.com/new.htm

Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows
remote attackers to execute arbitrary commands via a long GET request.

Analysis
----------------
ED_PRI CAN-2000-1170 3
Vendor Acknowledgement:

ACKNOWLEDGEMENT:
NetSnap version history for version 1.2.9 says: "Fixed a problem in http
server which could leave NetSnap open to DOS (Denial of Service) attacks."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1171
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1171
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001120 CGIForum 1.0 Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html
Reference: BID:1963
Reference: URL:http://www.securityfocus.com/bid/1963

Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0
allows remote attackers to ready arbitrary files via a .. (dot dot)
attack in the "thesection" parameter.

Analysis
----------------
ED_PRI CAN-2000-1171 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1175
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1175
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001120 local exploit for linux's Koules1.4 package
Reference: URL:http://www.securityfocus.com/archive/1/145823
Reference: BID:1967
Reference: URL:http://www.securityfocus.com/bid/1967

Buffer overflow in Koules 1.4 allows local users to execute arbitrary
commands via a long command line argument.

Analysis
----------------
ED_PRI CAN-2000-1175 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1177
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1177
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001121 Big Brother Advisory - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0284.html
Reference: CONFIRM:http://bb4.com/incident.nov21
Reference: BID:1971
Reference: URL:http://www.securityfocus.com/bid/1971

bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and
bb-ack.sh in Big Brother (BB) before 1.5d3 allows remote attackers to
determine the existence of files and user ID's by specifying the
target file in the HISTFILE parameter.

Analysis
----------------
ED_PRI CAN-2000-1177 3
Vendor Acknowledgement: yes
Content Decisions: SF-EXEC

ABSTRACTION:
CD:SF-EXEC suggests that since these are closely related programs in the
same software package with the same bug, then they should be combined.
However, it could also be argued that, since each bug appears separately
in each script (instead of a common "library"), that each bug should be
separated.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1180
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1180
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BID:1968
Reference: URL:http://www.securityfocus.com/bid/1968
Reference: BUGTRAQ:20001120 vulnerability in Connection Manager Control binary in Oracle
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97474521003453&w=2

Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control
allows local users to gain privileges via a long command line argument.

Analysis
----------------
ED_PRI CAN-2000-1180 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1183
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1183
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001115 socks5 remote exploit / linux x86
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0219.html

Buffer overflow in socks5 server on Linux allows attackers to execute
arbitrary commands via a long connection request.

Analysis
----------------
ED_PRI CAN-2000-1183 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1185
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1185
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001113 Rideway PN Telnet DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0201.html
Reference: BID:1938
Reference: URL:http://www.securityfocus.com/bid/1938

The telnet proxy in RideWay PN proxy server allows remote attackers to
cause a denial of service via a flood of connections that contain
malformed requests.

Analysis
----------------
ED_PRI CAN-2000-1185 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1186
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1186
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001115 Exploit: phf buffer overflow (CGI)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0221.html

Buffer overflow in phf CGI program allows remote attackers to execute
arbitrary commands by specifying a large number of arguments and
including a long MIME header.

Analysis
----------------
ED_PRI CAN-2000-1186 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2000-1188
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1188
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20001219
Assigned: 20001214
Category: SF
Reference: BUGTRAQ:20001120 Cgisecurity Quickstore Shopping cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0283.html

Directory traversal vulnerability in Quikstore shopping cart program
allows rmeote attackers to read arbitrary files via a .. (dot dot)
attack in the "page" parameter.

Analysis
----------------
ED_PRI CAN-2000-1188 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007