|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FINAL] ACCEPT 232 recent candidates
I have made a Final Decision to ACCEPT the following candidates. These candidates are now assigned CVE names as noted below. The resulting CVE entries will be published in the near future in a new version of CVE. Voting details and comments are provided at the end of this report. - Steve Candidate CVE Name --------- ---------- CAN-2000-0048 CVE-2000-0048 CAN-2000-0080 CVE-2000-0080 CAN-2000-0111 CVE-2000-0111 CAN-2000-0252 CVE-2000-0252 CAN-2000-0253 CVE-2000-0253 CAN-2000-0254 CVE-2000-0254 CAN-2000-0255 CVE-2000-0255 CAN-2000-0276 CVE-2000-0276 CAN-2000-0278 CVE-2000-0278 CAN-2000-0283 CVE-2000-0283 CAN-2000-0287 CVE-2000-0287 CAN-2000-0292 CVE-2000-0292 CAN-2000-0296 CVE-2000-0296 CAN-2000-0341 CVE-2000-0341 CAN-2000-0488 CVE-2000-0488 CAN-2000-0498 CVE-2000-0498 CAN-2000-0523 CVE-2000-0523 CAN-2000-0542 CVE-2000-0542 CAN-2000-0565 CVE-2000-0565 CAN-2000-0672 CVE-2000-0672 CAN-2000-0679 CVE-2000-0679 CAN-2000-0698 CVE-2000-0698 CAN-2000-0702 CVE-2000-0702 CAN-2000-0716 CVE-2000-0716 CAN-2000-0729 CVE-2000-0729 CAN-2000-0732 CVE-2000-0732 CAN-2000-0738 CVE-2000-0738 CAN-2000-0749 CVE-2000-0749 CAN-2000-0762 CVE-2000-0762 CAN-2000-0764 CVE-2000-0764 CAN-2000-0766 CVE-2000-0766 CAN-2000-0783 CVE-2000-0783 CAN-2000-0804 CVE-2000-0804 CAN-2000-0805 CVE-2000-0805 CAN-2000-0806 CVE-2000-0806 CAN-2000-0807 CVE-2000-0807 CAN-2000-0808 CVE-2000-0808 CAN-2000-0809 CVE-2000-0809 CAN-2000-0810 CVE-2000-0810 CAN-2000-0811 CVE-2000-0811 CAN-2000-0813 CVE-2000-0813 CAN-2000-0824 CVE-2000-0824 CAN-2000-0834 CVE-2000-0834 CAN-2000-0837 CVE-2000-0837 CAN-2000-0844 CVE-2000-0844 CAN-2000-0846 CVE-2000-0846 CAN-2000-0847 CVE-2000-0847 CAN-2000-0848 CVE-2000-0848 CAN-2000-0849 CVE-2000-0849 CAN-2000-0850 CVE-2000-0850 CAN-2000-0851 CVE-2000-0851 CAN-2000-0852 CVE-2000-0852 CAN-2000-0853 CVE-2000-0853 CAN-2000-0858 CVE-2000-0858 CAN-2000-0860 CVE-2000-0860 CAN-2000-0861 CVE-2000-0861 CAN-2000-0862 CVE-2000-0862 CAN-2000-0863 CVE-2000-0863 CAN-2000-0864 CVE-2000-0864 CAN-2000-0865 CVE-2000-0865 CAN-2000-0867 CVE-2000-0867 CAN-2000-0868 CVE-2000-0868 CAN-2000-0869 CVE-2000-0869 CAN-2000-0870 CVE-2000-0870 CAN-2000-0871 CVE-2000-0871 CAN-2000-0873 CVE-2000-0873 CAN-2000-0878 CVE-2000-0878 CAN-2000-0883 CVE-2000-0883 CAN-2000-0884 CVE-2000-0884 CAN-2000-0886 CVE-2000-0886 CAN-2000-0887 CVE-2000-0887 CAN-2000-0888 CVE-2000-0888 CAN-2000-0900 CVE-2000-0900 CAN-2000-0901 CVE-2000-0901 CAN-2000-0908 CVE-2000-0908 CAN-2000-0909 CVE-2000-0909 CAN-2000-0910 CVE-2000-0910 CAN-2000-0911 CVE-2000-0911 CAN-2000-0912 CVE-2000-0912 CAN-2000-0913 CVE-2000-0913 CAN-2000-0914 CVE-2000-0914 CAN-2000-0915 CVE-2000-0915 CAN-2000-0917 CVE-2000-0917 CAN-2000-0919 CVE-2000-0919 CAN-2000-0920 CVE-2000-0920 CAN-2000-0921 CVE-2000-0921 CAN-2000-0922 CVE-2000-0922 CAN-2000-0923 CVE-2000-0923 CAN-2000-0924 CVE-2000-0924 CAN-2000-0925 CVE-2000-0925 CAN-2000-0926 CVE-2000-0926 CAN-2000-0928 CVE-2000-0928 CAN-2000-0929 CVE-2000-0929 CAN-2000-0930 CVE-2000-0930 CAN-2000-0932 CVE-2000-0932 CAN-2000-0933 CVE-2000-0933 CAN-2000-0934 CVE-2000-0934 CAN-2000-0935 CVE-2000-0935 CAN-2000-0936 CVE-2000-0936 CAN-2000-0937 CVE-2000-0937 CAN-2000-0938 CVE-2000-0938 CAN-2000-0941 CVE-2000-0941 CAN-2000-0942 CVE-2000-0942 CAN-2000-0943 CVE-2000-0943 CAN-2000-0944 CVE-2000-0944 CAN-2000-0946 CVE-2000-0946 CAN-2000-0947 CVE-2000-0947 CAN-2000-0948 CVE-2000-0948 CAN-2000-0949 CVE-2000-0949 CAN-2000-0951 CVE-2000-0951 CAN-2000-0952 CVE-2000-0952 CAN-2000-0953 CVE-2000-0953 CAN-2000-0956 CVE-2000-0956 CAN-2000-0957 CVE-2000-0957 CAN-2000-0958 CVE-2000-0958 CAN-2000-0959 CVE-2000-0959 CAN-2000-0960 CVE-2000-0960 CAN-2000-0961 CVE-2000-0961 CAN-2000-0962 CVE-2000-0962 CAN-2000-0965 CVE-2000-0965 CAN-2000-0966 CVE-2000-0966 CAN-2000-0967 CVE-2000-0967 CAN-2000-0968 CVE-2000-0968 CAN-2000-0969 CVE-2000-0969 CAN-2000-0970 CVE-2000-0970 CAN-2000-0972 CVE-2000-0972 CAN-2000-0973 CVE-2000-0973 CAN-2000-0974 CVE-2000-0974 CAN-2000-0975 CVE-2000-0975 CAN-2000-0977 CVE-2000-0977 CAN-2000-0978 CVE-2000-0978 CAN-2000-0979 CVE-2000-0979 CAN-2000-0980 CVE-2000-0980 CAN-2000-0981 CVE-2000-0981 CAN-2000-0982 CVE-2000-0982 CAN-2000-0983 CVE-2000-0983 CAN-2000-0984 CVE-2000-0984 CAN-2000-0989 CVE-2000-0989 CAN-2000-0990 CVE-2000-0990 CAN-2000-0991 CVE-2000-0991 CAN-2000-0992 CVE-2000-0992 CAN-2000-0993 CVE-2000-0993 CAN-2000-0994 CVE-2000-0994 CAN-2000-0995 CVE-2000-0995 CAN-2000-0996 CVE-2000-0996 CAN-2000-1000 CVE-2000-1000 CAN-2000-1001 CVE-2000-1001 CAN-2000-1002 CVE-2000-1002 CAN-2000-1003 CVE-2000-1003 CAN-2000-1004 CVE-2000-1004 CAN-2000-1005 CVE-2000-1005 CAN-2000-1006 CVE-2000-1006 CAN-2000-1007 CVE-2000-1007 CAN-2000-1010 CVE-2000-1010 CAN-2000-1011 CVE-2000-1011 CAN-2000-1014 CVE-2000-1014 CAN-2000-1016 CVE-2000-1016 CAN-2000-1018 CVE-2000-1018 CAN-2000-1019 CVE-2000-1019 CAN-2000-1022 CVE-2000-1022 CAN-2000-1024 CVE-2000-1024 CAN-2000-1026 CVE-2000-1026 CAN-2000-1027 CVE-2000-1027 CAN-2000-1031 CVE-2000-1031 CAN-2000-1032 CVE-2000-1032 CAN-2000-1034 CVE-2000-1034 CAN-2000-1036 CVE-2000-1036 CAN-2000-1038 CVE-2000-1038 CAN-2000-1040 CVE-2000-1040 CAN-2000-1041 CVE-2000-1041 CAN-2000-1042 CVE-2000-1042 CAN-2000-1043 CVE-2000-1043 CAN-2000-1044 CVE-2000-1044 CAN-2000-1045 CVE-2000-1045 CAN-2000-1049 CVE-2000-1049 CAN-2000-1050 CVE-2000-1050 CAN-2000-1051 CVE-2000-1051 CAN-2000-1054 CVE-2000-1054 CAN-2000-1055 CVE-2000-1055 CAN-2000-1056 CVE-2000-1056 CAN-2000-1057 CVE-2000-1057 CAN-2000-1058 CVE-2000-1058 CAN-2000-1059 CVE-2000-1059 CAN-2000-1060 CVE-2000-1060 CAN-2000-1061 CVE-2000-1061 CAN-2000-1068 CVE-2000-1068 CAN-2000-1069 CVE-2000-1069 CAN-2000-1070 CVE-2000-1070 CAN-2000-1071 CVE-2000-1071 CAN-2000-1072 CVE-2000-1072 CAN-2000-1073 CVE-2000-1073 CAN-2000-1074 CVE-2000-1074 CAN-2000-1077 CVE-2000-1077 CAN-2000-1080 CVE-2000-1080 CAN-2000-1089 CVE-2000-1089 CAN-2000-1094 CVE-2000-1094 CAN-2000-1095 CVE-2000-1095 CAN-2000-1096 CVE-2000-1096 CAN-2000-1097 CVE-2000-1097 CAN-2000-1099 CVE-2000-1099 CAN-2000-1106 CVE-2000-1106 CAN-2000-1107 CVE-2000-1107 CAN-2000-1112 CVE-2000-1112 CAN-2000-1113 CVE-2000-1113 CAN-2000-1115 CVE-2000-1115 CAN-2000-1120 CVE-2000-1120 CAN-2000-1131 CVE-2000-1131 CAN-2000-1132 CVE-2000-1132 CAN-2000-1135 CVE-2000-1135 CAN-2000-1136 CVE-2000-1136 CAN-2000-1137 CVE-2000-1137 CAN-2000-1139 CVE-2000-1139 CAN-2000-1140 CVE-2000-1140 CAN-2000-1141 CVE-2000-1141 CAN-2000-1142 CVE-2000-1142 CAN-2000-1143 CVE-2000-1143 CAN-2000-1144 CVE-2000-1144 CAN-2000-1145 CVE-2000-1145 CAN-2000-1146 CVE-2000-1146 CAN-2000-1148 CVE-2000-1148 CAN-2000-1149 CVE-2000-1149 CAN-2000-1162 CVE-2000-1162 CAN-2000-1163 CVE-2000-1163 CAN-2000-1167 CVE-2000-1167 CAN-2000-1169 CVE-2000-1169 CAN-2000-1178 CVE-2000-1178 CAN-2000-1179 CVE-2000-1179 CAN-2000-1181 CVE-2000-1181 CAN-2000-1182 CVE-2000-1182 CAN-2000-1184 CVE-2000-1184 CAN-2000-1187 CVE-2000-1187 CAN-2000-1189 CVE-2000-1189 ====================================================== Candidate: CAN-2000-0048 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0048 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-02 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit) Reference: BID:928 Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=928 Reference: XF:linux-corel-update get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program. Modifications: ADDREF XF:linux-corel-update ADDREF CONFIRM:http://linux.corel.com/support/clos_patch1.htm INFERRED ACTION: CAN-2000-0048 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> ADDREF XF:linux-corel-update Christey> CONFIRM:http://linux.corel.com/support/clos_patch1.htm ====================================================== Candidate: CAN-2000-0080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0080 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000125 Assigned: 20000122 Category: SF Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=94757136413681&w=2 Reference: BID:931 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=931 Reference: XF:aix-techlibss-symbolic-link AIX techlibss allows local users to overwrite files via a symlink attack. Modifications: ADDREF XF:aix-techlibss-symbolic-link INFERRED ACTION: CAN-2000-0080 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Bollinger MODIFY(1) Frech NOOP(1) Christey Voter Comments: Frech> XF:aix-techlibss-symbolic-link Christey> The poster claims that some fileset "techlib.service.rte.1.0.0.4" fixes the problem, but I can't find it in the AIX database, so this problem is not vendor-confirmed. ====================================================== Candidate: CAN-2000-0111 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0111 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000208 Assigned: 20000208 Category: SF Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2 Reference: BID:953 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=953 Reference: XF:avt-rightfax-predict-session The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions. Modifications: ADDREF XF:avt-rightfax-predict-session INFERRED ACTION: CAN-2000-0111 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:avt-rightfax-predict-session CHANGE> [Cole changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0252 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0252 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:dansie-shell-metacharacters Reference: URL:http://xforce.iss.net/static/4975.php The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable. Modifications: ADDREF XF:dansie-shell-metacharacters(4975) INFERRED ACTION: CAN-2000-0252 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:dansie-shell-metacharacters(4975) ====================================================== Candidate: CAN-2000-0253 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0253 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0061.html Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:shopping-cart-form-tampering Reference: URL:http://xforce.iss.net/static/4621.php The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields. Modifications: ADDREF XF:shopping-cart-form-tampering(4621) INFERRED ACTION: CAN-2000-0253 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:shopping-cart-form-tampering(4621) ====================================================== Candidate: CAN-2000-0254 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0254 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0088.html Reference: BID:1115 Reference: URL:http://www.securityfocus.com/bid/1115 Reference: XF:dansie-form-variables Reference: URL:http://xforce.iss.net/static/4954.php The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables. Modifications: ADDREF XF:dansie-form-variables(4954) INFERRED ACTION: CAN-2000-0254 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:dansie-form-variables(4954) ====================================================== Candidate: CAN-2000-0255 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0255 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html Reference: BID:1091 Reference: URL:http://www.securityfocus.com/bid/1091 Reference: XF:nbase-xyplex-router The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program. Modifications: ADDREF XF:nbase-xyplex-router INFERRED ACTION: CAN-2000-0255 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:nbase-xyplex-router ====================================================== Candidate: CAN-2000-0276 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0276 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000410 BeOS syscall bug Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com Reference: BID:1098 Reference: URL:http://www.securityfocus.com/bid/1098 Reference: XF:beos-syscall-dos BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37. Modifications: ADDREF XF:beos-syscall-dos INFERRED ACTION: CAN-2000-0276 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:beos-syscall-dos ====================================================== Candidate: CAN-2000-0278 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0278 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html Reference: BID:1089 Reference: URL:http://www.securityfocus.com/bid/1089 Reference: XF:eviewer-admin-request-dos The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. Modifications: ADDREF XF:eviewer-admin-request-dos INFERRED ACTION: CAN-2000-0278 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:eviewer-admin-request-dos ====================================================== Candidate: CAN-2000-0283 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0283 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: CF Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html Reference: BID:1106 Reference: URL:http://www.securityfocus.com/bid/1106 Reference: XF:irix-pmcd-info The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. Modifications: ADDREF XF:irix-pmcd-info INFERRED ACTION: CAN-2000-0283 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:irix-pmcd-info ====================================================== Candidate: CAN-2000-0287 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0287 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html Reference: BID:1104 Reference: URL:http://www.securityfocus.com/bid/1104 Reference: XF:http-cgi-bizdb The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter. Modifications: ADDREF XF:http-cgi-bizdb INFERRED ACTION: CAN-2000-0287 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:http-cgi-bizdb ====================================================== Candidate: CAN-2000-0292 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0292 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000418 Adtran DoS Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain Reference: BID:1129 Reference: URL:http://www.securityfocus.com/bid/1129 Reference: XF:adtran-ping-dos The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. Modifications: ADDREF XF:adtran-ping-dos INFERRED ACTION: CAN-2000-0292 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> ADDREF XF:adtran-ping-dos Frech> XF:adtran-ping-dos ====================================================== Candidate: CAN-2000-0296 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0296 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000426 Assigned: 20000426 Category: SF Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system() Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html Reference: BID:1086 Reference: URL:http://www.securityfocus.com/bid/1086 Reference: XF:fcheck-shell fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck. Modifications: ADDREF XF:fcheck-shell INFERRED ACTION: CAN-2000-0296 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Frech> XF:fcheck-shell Christey> There is no apparent vendor acknowledgement; however, I reviewed the source code, and the vulnerable system() call is now being called in the safe fashion (i.e. splitting command-line arguments out as separate parameters to the system function itself). This, in conjunction with the code mentioned in the discloser's original post, shows conclusively that the code was modified. The version of source code that I reviewed was 2.7.51. Christey> http://sites.netscape.net/fcheck/FCheck_2.07.51.tar.gz Line 385 of 2.07.51 seems to be fixed. While the filename isn't being cleansed, system() is being called with multiple arguments, so the metacharacters aren't being executed in a shell context. ====================================================== Candidate: CAN-2000-0341 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0341 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000518 Assigned: 20000511 Category: SF Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=95736106504870&w=2 Reference: BID:1156 Reference: URL:http://www.securityfocus.com/bid/1156 Reference: XF:nntpserver-cassandra-bo ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. Modifications: ADDREF XF:nntpserver-cassandra-bo INFERRED ACTION: CAN-2000-0341 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(4) Wall, Ozancin, Cole, Armstrong Voter Comments: Frech> XF:nntpserver-cassandra-bo ====================================================== Candidate: CAN-2000-0488 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0488 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html Reference: BID:1285 Reference: URL:http://www.securityfocus.com/bid/1285 Reference: XF:ithouse-rcpt-overflow(4580) Reference: URL:http://xforce.iss.net/static/4580.php Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. Modifications: ADDREF XF:ithouse-rcpt-overflow(4580) INFERRED ACTION: CAN-2000-0488 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole Voter Comments: Frech> XF:ithouse-rcpt-overflow(4580) ====================================================== Candidate: CAN-2000-0498 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0498 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html Reference: BID:1328 Reference: URL:http://www.securityfocus.com/bid/1328 Reference: XF:ewave-servletexec-jsp-source-read(4649) Reference: URL:http://xforce.iss.net/static/4649.php Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Modifications: ADDREF XF:ewave-servletexec-jsp-source-read(4649) INFERRED ACTION: CAN-2000-0498 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole Voter Comments: Frech> XF:ewave-servletexec-jsp-source-read(4649) ====================================================== Candidate: CAN-2000-0523 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0523 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html Reference: BID:1315 Reference: URL:http://www.securityfocus.com/bid/1315 Reference: XF:eserv-logging-overflow Reference: URL:http://xforce.iss.net/static/4614.php Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. Modifications: ADDREF XF:eserv-logging-overflow(4614) INFERRED ACTION: CAN-2000-0523 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(5) Armstrong, Wall, LeBlanc, Ozancin, Cole Voter Comments: Frech> XF:eserv-logging-overflow(4614) ====================================================== Candidate: CAN-2000-0542 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0542 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html Reference: BID:1345 Reference: URL:http://www.securityfocus.com/bid/1345 Reference: XF:tigris-radius-login-failure Reference: URL:http://xforce.iss.net/static/4705.php Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. Modifications: ADDREF XF:tigris-radius-login-failure(4705) INFERRED ACTION: CAN-2000-0542 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole Voter Comments: Christey> XF:tigris-radius-login-failure Frech> XF:tigris-radius-login-failure(4705) ====================================================== Candidate: CAN-2000-0565 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0565 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000712 Assigned: 20000711 Category: SF Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html Reference: BID:1344 Reference: URL:http://www.securityfocus.com/bid/1344 Reference: XF:smartftp-directory-traversal Reference: URL:http://xforce.iss.net/static/4706.php SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack. Modifications: ADDREF XF:smartftp-directory-traversal(4706) INFERRED ACTION: CAN-2000-0565 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(6) Armstrong, Wall, LeBlanc, Ozancin, Christey, Cole Voter Comments: Christey> XF:smartftp-directory-traversal Frech> XF:smartftp-directory-traversal(4706) ====================================================== Candidate: CAN-2000-0672 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0672 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000803 Assigned: 20000802 Category: SF Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html Reference: BID:1548 Reference: URL:http://www.securityfocus.com/bid/1548 Reference: XF:jakarta-tomcat-admin Reference: URL:http://xforce.iss.net/static/5160.php The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory. Modifications: ADDREF XF:jakarta-tomcat-admin(5160) ADDREF ADDREF BID:1548 INFERRED ACTION: CAN-2000-0672 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(4) Wall, LeBlanc, Christey, Cole Voter Comments: Frech> XF:jakarta-tomcat-admin(5160) Christey> ADDREF BID:1548 Christey> ADDREF BID:1548 URL:http://www.securityfocus.com/bid/1548 CHANGE> [Levy changed vote from REVIEWING to ACCEPT] ====================================================== Candidate: CAN-2000-0679 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0679 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000728 cvs security problem Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org Reference: BID:1523 Reference: URL:http://www.securityfocus.com/bid/1523 Reference: XF:cvs-client-creates-file The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files. Modifications: XF:cvs-client-creates-file INFERRED ACTION: CAN-2000-0679 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(2) Wall, Cole Voter Comments: Frech> XF:cvs-client-creates-file ====================================================== Candidate: CAN-2000-0698 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0698 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability Reference: URL:http://www.securityfocus.com/archive/1/77361 Reference: BID:1599 Reference: URL:http://www.securityfocus.com/bid/1599 Reference: XF:minicom-capture-groupown Reference: URL:http://xforce.iss.net/static/5151.php Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack. Modifications: ADDREF XF:minicom-capture-groupown DESC mention only uucp-owned files that are affected. INFERRED ACTION: CAN-2000-0698 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Levy, Baker MODIFY(1) Frech NOOP(3) Wall, Christey, Cole Voter Comments: Frech> XF:minicom-capture-groupown Christey> Change phrasing to indicate that it's only uucp-owned files that can be affected. ADDREF XF:minicom-capture-groupown http://xforce.iss.net/static/5151.php Frech> XF:minicom-capture-groupown(5151) ====================================================== Candidate: CAN-2000-0702 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0702 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.html Reference: BID:1602 Reference: URL:http://www.securityfocus.com/bid/1602 Reference: XF:hp-netinit-symlink Reference: URL:http://xforce.iss.net/static/5131.php The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file. Modifications: ADDREF XF:hp-netinit-symlink(5131) INFERRED ACTION: CAN-2000-0702 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Frech> XF:hp-netinit-symlink Christey> XF:hp-netinit-symlink http://xforce.iss.net/static/5131.php Frech> XF:hp-netinit-symlink(5131) ====================================================== Candidate: CAN-2000-0716 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0716 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8 Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459 Reference: BID:1553 Reference: URL:http://www.securityfocus.com/bid/1553 Reference: XF:mdaemon-session-id-hijack Reference: URL:http://xforce.iss.net/static/5070.php WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijcak the session ID and read the user's email. Modifications: ADDREF XF:mdaemon-session-id-hijack(5070) INFERRED ACTION: CAN-2000-0716 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:mdaemon-session-id-hijack http://xforce.iss.net/static/5070.php Frech> XF:mdaemon-session-id-hijack(5070) ====================================================== Candidate: CAN-2000-0729 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0729 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: FREEBSD:FreeBSD-SA-00:41 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html Reference: BID:1625 Reference: URL:http://www.securityfocus.com/bid/1625 Reference: XF:freebsd-elf-dos(5967) FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header. Modifications: ADDREF XF:freebsd-elf-dos(5967) INFERRED ACTION: CAN-2000-0729 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:freebsd-elf-dos(5967) ====================================================== Candidate: CAN-2000-0732 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0732 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html Reference: BID:1626 Reference: URL:http://www.securityfocus.com/bid/1626 Reference: XF:wormhttp-filename-dos Reference: URL:http://xforce.iss.net/static/5149.php Worm HTTP server allows remote attackers to cause a denial of service via a long URL. Modifications: ADDREF XF:wormhttp-filename-dos(5149) INFERRED ACTION: CAN-2000-0732 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Baker, Cole, Levy, Frech NOOP(2) Christey, Wall Voter Comments: Christey> XF:wormhttp-filename-dos http://xforce.iss.net/static/5149.php ====================================================== Candidate: CAN-2000-0738 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0738 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0101.html Reference: BID:1589 Reference: URL:http://www.securityfocus.com/bid/1589 Reference: XF:webshield-smtp-dos Reference: URL:http://xforce.iss.net/static/5100.php WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail. Modifications: ADDREF XF:webshield-smtp-dos(5100) INFERRED ACTION: CAN-2000-0738 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:webshield-smtp-dos http://xforce.iss.net/static/5100.php Frech> XF:webshield-smtp-dos(5100) ====================================================== Candidate: CAN-2000-0749 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0749 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: FREEBSD:FreeBSD-SA-00:42 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html Reference: BID:1628 Reference: URL:http://www.securityfocus.com/bid/1628 Reference: XF:freebsd-linux-module-bo(5968) Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system. Modifications: DESC fix typo: "compatibility" ADDREF XF:freebsd-linux-module-bo(5968) INFERRED ACTION: CAN-2000-0749 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> fix typo: "compatibility" Frech> XF:freebsd-linux-module-bo(5968) ====================================================== Candidate: CAN-2000-0762 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0762 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: CF Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=004601c003a1$ba473260$ddeaa2cd@itradefair.net Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html Reference: BID:1583 Reference: URL:http://www.securityfocus.com/bid/1583 Reference: XF:etrust-access-control-default Reference: URL:http://xforce.iss.net/static/5076.php The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges. Modifications: ADDREF XF:etrust-access-control-default(5076) INFERRED ACTION: CAN-2000-0762 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:etrust-access-control-default http://xforce.iss.net/static/5076.php Frech> XF:etrust-access-control-default(5076) ====================================================== Candidate: CAN-2000-0764 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0764 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html Reference: BID:1609 Reference: URL:http://www.securityfocus.com/bid/1609 Reference: XF:intel-express-switch-dos Reference: URL:http://xforce.iss.net/static/5154.php Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet. Modifications: ADDREF XF:intel-express-switch-dos(5154) INFERRED ACTION: CAN-2000-0764 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Baker, Cole, Levy, Frech NOOP(2) Christey, Wall Voter Comments: Christey> XF:intel-express-switch-dos(5154) ====================================================== Candidate: CAN-2000-0766 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0766 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com Reference: BID:1610 Reference: URL:http://www.securityfocus.com/bid/1610 Reference: XF:vqserver-get-dos Reference: URL:http://xforce.iss.net/static/5152.php Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request. Modifications: ADDREF XF:vqserver-get-dos(5152) INFERRED ACTION: CAN-2000-0766 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:vqserver-get-dos http://xforce.iss.net/static/5152.php Frech> XF:vqserver-get-dos(5152) ====================================================== Candidate: CAN-2000-0783 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0783 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 200116-01 Proposed: 20000921 Assigned: 20000919 Category: SF Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html Reference: BID:1573 Reference: URL:http://www.securityfocus.com/bid/1573 Reference: XF:firebox-url-dos Reference: URL:http://xforce.iss.net/static/5098.php Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100. Modifications: ADDREF XF:firebox-url-dos(5098) INFERRED ACTION: CAN-2000-0783 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Levy MODIFY(1) Frech NOOP(3) Christey, Cole, Wall Voter Comments: Christey> XF:firebox-url-dos http://xforce.iss.net/static/5098.php Frech> XF:firebox-url-dos(5098) ====================================================== Candidate: CAN-2000-0804 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0804 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection Reference: XF:fw1-remote-bypass Reference: URL:http://xforce.iss.net/static/5468.php Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass." Modifications: ADDREF XF:fw1-remote-bypass(5468) INFERRED ACTION: CAN-2000-0804 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-remote-bypass(5468) ====================================================== Candidate: CAN-2000-0805 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0805 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of Reference: XF:fw1-client-spoof Reference: URL:http://xforce.iss.net/static/5469.php Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets." Modifications: ADDREF XF:fw1-client-spoof(5469) INFERRED ACTION: CAN-2000-0805 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-client-spoof(5469) ====================================================== Candidate: CAN-2000-0806 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0806 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications Reference: XF:fw1-fwa1-auth-replay Reference: URL:http://xforce.iss.net/static/5162.php The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass." Modifications: ADDREF XF:fw1-fwa1-auth-replay(5162) INFERRED ACTION: CAN-2000-0806 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-fwa1-auth-replay(5162) ====================================================== Candidate: CAN-2000-0807 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0807 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication Reference: XF:fw1-opsec-auth-spoof Reference: URL:http://xforce.iss.net/static/5471.php The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability." Modifications: ADDREF XF:fw1-opsec-auth-spoof(5471) INFERRED ACTION: CAN-2000-0807 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-opsec-auth-spoof(5471) ====================================================== Candidate: CAN-2000-0808 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0808 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password Reference: XF:fw1-localhost-auth Reference: URL:http://xforce.iss.net/static/5137.php The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication." Modifications: ADDREF XF:fw1-localhost-auth(5137) DESC Correct typo: "mecahnism" INFERRED ACTION: CAN-2000-0808 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-localhost-auth(5137) Christey> Correct typo: "mecahnism" ====================================================== Candidate: CAN-2000-0809 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0809 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000925 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer Reference: XF:fw1-getkey-bo Reference: URL:http://xforce.iss.net/static/5139.php Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service. Modifications: ADDREF XF:fw1-getkey-bo(5139) INFERRED ACTION: CAN-2000-0809 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:fw1-getkey-bo(5139) ====================================================== Candidate: CAN-2000-0810 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0810 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20000926 Category: SF Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Reference: BID:1782 Reference: XF:auction-weaver-delete-files Reference: URL:http://xforce.iss.net/static/5371.php Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack. Modifications: ADDREF XF:auction-weaver-delete-files(5371) INFERRED ACTION: CAN-2000-0810 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Christey, Mell Voter Comments: Frech> XF:auction-weaver-username-bidfile(5372) Christey> Actually, the reference is XF:auction-weaver-delete-files(5371) ====================================================== Candidate: CAN-2000-0811 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0811 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20000926 Category: SF Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04 Reference: BID:1783 Reference: XF:auction-weaver-username-bidfile Reference: URL:http://xforce.iss.net/static/5372.php Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields. Modifications: ADDREF XF:auction-weaver-username-bidfile(5372) INFERRED ACTION: CAN-2000-0811 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(1) Mell Voter Comments: Frech> XF:auction-weaver-username-bidfile(5372) ====================================================== Candidate: CAN-2000-0813 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0813 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20000926 Category: SF/CF/MP/SA/AN/unknown Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection Reference: XF:fw1-ftp-redirect Reference: URL:http://xforce.iss.net/static/5474.php Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass." Modifications: ADDREF XF:fw1-ftp-redirect(5474) INFERRED ACTION: CAN-2000-0813 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:fw1-ftp-redirect(5474) ====================================================== Candidate: CAN-2000-0824 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0824 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:19990917 A few bugs... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/0992.html Reference: BUGTRAQ:20000831 glibc unsetenv bug Reference: URL:http://www.securityfocus.com/archive/1/79537 Reference: CALDERA:CSSA-2000-028.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt Reference: DEBIAN:20000902 glibc: local root exploit Reference: URL:http://www.debian.org/security/2000/20000902 Reference: MANDRAKE:MDKSA-2000:040 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3 Reference: MANDRAKE:MDKSA-2000:045 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3 Reference: REDHAT:RHSA-2000:057-04 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057-04.html Reference: TURBO:TLSA2000020-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html Reference: SUSE:20000924 glibc locale security problem Reference: URL:http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html Reference: BID:648 Reference: URL:http://www.securityfocus.com/bid/648 Reference: BID:1639 Reference: URL:http://www.securityfocus.com/bid/1639 Reference: XF:glibc-ld-unsetenv Reference: URL:http://xforce.iss.net/static/5173.php The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH. Modifications: ADDREF XF:glibc-ld-unsetenv(5173) INFERRED ACTION: CAN-2000-0824 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:glibc-ld-unsetenv(5173) ====================================================== Candidate: CAN-2000-0834 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0834 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001015 Category: CF Reference: ATSTAKE:A091400-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt Reference: MS:MS00-067 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-067.asp Reference: BID:1683 Reference: URL:http://www.securityfocus.com/bid/1683 Reference: XF:win2k-telnet-ntlm-authentication Reference: URL:http://xforce.iss.net/static/5242.php The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability. INFERRED ACTION: CAN-2000-0834 FINAL (Final Decision 20010122) Current Votes: ACCEPT(5) Frech, Baker, Magdych, Cole, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Magdych> ACKNOWLEDGED-BY-VENDOR ====================================================== Candidate: CAN-2000-0837 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0837 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001015 Category: SF Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability. Reference: URL:http://www.securityfocus.com/archive/1/73843 Reference: BID:1543 Reference: URL:http://www.securityfocus.com/bid/1543 Reference: XF:servu-null-character-dos Reference: URL:http://xforce.iss.net/static/5029.php FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes. INFERRED ACTION: CAN-2000-0837 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:servu-null-character-dos(5029) ====================================================== Candidate: CAN-2000-0844 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0844 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html Reference: DEBIAN:20000902 glibc: local root exploit Reference: URL:http://www.debian.org/security/2000/20000902 Reference: CALDERA:CSSA-2000-030.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt Reference: REDHAT:RHSA-2000-057-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057-02.html Reference: SUSE:20000906 glibc locale security problem Reference: URL:http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt Reference: TURBO:TLSA2000020-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html Reference: AIXAPAR:IY13753 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html Reference: COMPAQ:SSRT0689U Reference: URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html Reference: SGI:20000901-01-P Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc Reference: URL:http://www.securityfocus.com/archive/1/79960 Reference: BID:1634 Reference: URL:http://www.securityfocus.com/bid/1634 Reference: XF:unix-locale-format-string(5176) Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. Modifications: ADDREF BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc ADDREF DEBIAN:20000902 glibc: local root exploit ADDREF CALDERA:CSSA-2000-030.0 ADDREF REDHAT:RHSA-2000-057-02 ADDREF SUSE:20000906 glibc locale security problem ADDREF TURBO:TLSA2000020-1 ADDREF AIXAPAR:IY13753 ADDREF COMPAQ:SSRT0689U ADDREF SGI:20000901-01-P ADDREF XF:unix-locale-format-string(5176) INFERRED ACTION: CAN-2000-0844 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Baker, Cole, Bollinger MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Christey> ADDREF BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc http://www.securityfocus.com/archive/1/79960 DEBIAN:20000902 glibc: local root exploit http://www.debian.org/security/2000/20000902 CALDERA:CSSA-2000-030.0 http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt REDHAT:RHSA-2000-057-02 http://www.redhat.com/support/errata/RHSA-2000-057-02.html SUSE:20000906 glibc locale security problem http://www.suse.de/de/support/security/adv5_draht_glibc_txt.txt TURBO:TLSA2000020-1 http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html Christey> ADDREF AIXAPAR:IY13753 http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html Christey> ADDREF COMPAQ:SSRT0689U URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html ADDREF SGI:20000901-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P Frech> XF:unix-locale-format-string(5176) ====================================================== Candidate: CAN-2000-0846 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0846 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html Reference: BID:1598 Reference: URL:http://www.securityfocus.com/bid/1598 Reference: XF:darxite-login-bo Reference: URL:http://xforce.iss.net/static/5134.php Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password. INFERRED ACTION: CAN-2000-0846 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:darxite-login-bo(5143) ====================================================== Candidate: CAN-2000-0847 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0847 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000901 UW c-client library vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html Reference: BUGTRAQ:20000901 More about UW c-client library Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html Reference: FREEBSD:FreeBSD-SA-00:47.pine Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html Reference: BID:1646 Reference: URL:http://www.securityfocus.com/bid/1646 Reference: BID:1687 Reference: URL:http://www.securityfocus.com/bid/1687 Reference: XF:c-client-dos(5223) Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header. Modifications: ADDREF XF:c-client-dos(5223) INFERRED ACTION: CAN-2000-0847 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:c-client-dos(5223) ====================================================== Candidate: CAN-2000-0848 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0848 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security Reference: BID:1691 Reference: URL:http://www.securityfocus.com/bid/1691 Reference: XF:websphere-header-dos Reference: URL:http://xforce.iss.net/static/5252.php Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header. INFERRED ACTION: CAN-2000-0848 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0849 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0849 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: MS:MS00-064 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-064.asp Reference: BID:1655 Reference: URL:http://www.securityfocus.com/bid/1655 Reference: XF:unicast-service-dos(5193) Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability. Modifications: ADDREF XF:unicast-service-dos(5193) INFERRED ACTION: CAN-2000-0849 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Baker, Cole, Wall MODIFY(1) Frech Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:unicast-service-dos(5193) ====================================================== Candidate: CAN-2000-0850 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0850 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: ATSTAKE:A091100-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt Reference: BID:1681 Reference: URL:http://www.securityfocus.com/bid/1681 Reference: XF:siteminder-bypass-authentication Reference: URL:http://xforce.iss.net/static/5230.php Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL. INFERRED ACTION: CAN-2000-0850 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0851 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0851 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: ATSTAKE:A090700-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt Reference: MS:MS00-065 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-065.asp Reference: BID:1651 Reference: URL:http://www.securityfocus.com/bid/1651 Reference: XF:w2k-still-image-service Reference: URL:http://xforce.iss.net/static/5203.php Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability. INFERRED ACTION: CAN-2000-0851 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0852 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0852 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: FREEBSD:FreeBSD-SA-00:49 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html Reference: BID:1686 Reference: URL:http://www.securityfocus.com/bid/1686 Reference: XF:freebsd-eject-port Reference: URL:http://xforce.iss.net/static/5248.php Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges. INFERRED ACTION: CAN-2000-0852 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Magdych, Cole NOOP(1) Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Magdych> ACKNOWLEDGED-BY-VENDOR ====================================================== Candidate: CAN-2000-0853 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0853 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html Reference: BID:1668 Reference: URL:http://www.securityfocus.com/bid/1668 Reference: XF:yabb-file-access Reference: URL:http://xforce.iss.net/static/5254.php YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0853 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0858 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0858 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS Reference: URL:http://www.securityfocus.com/archive/1/80413 Reference: MS:MS00-063 Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html Reference: BID:1642 Reference: URL:http://www.securityfocus.com/bid/1642 Reference: XF:iis-invald-url-dos Reference: URL:http://xforce.iss.net/static/5202.php Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability. INFERRED ACTION: CAN-2000-0858 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> We may be changing this to iis-invalid-url-dos (to correct the misspelling in the tagname), but the URL will remain constant. I'll let MITRE know if/when this happens, but I didn't want to hold up the voting. ====================================================== Candidate: CAN-2000-0860 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0860 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u Reference: MANDRAKE:MDKSA-2000:048 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html Reference: BID:1649 Reference: URL:http://www.securityfocus.com/bid/1649 Reference: XF:php-file-upload Reference: URL:http://xforce.iss.net/static/5190.php The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables. INFERRED ACTION: CAN-2000-0860 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0861 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0861 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html Reference: FREEBSD:FreeBSD-SA-00:51 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html Reference: BID:1667 Reference: URL:http://www.securityfocus.com/bid/1667 Reference: XF:mailman-execute-external-commands(5493) Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. Modifications: ADDREF XF:mailman-execute-external-commands(5493) INFERRED ACTION: CAN-2000-0861 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Christey> Mention the external archiving mechanism? Frech> XF:mailman-execute-external-commands(5493) ====================================================== Candidate: CAN-2000-0862 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0862 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: Reference: ALLAIRE:ASB00-23 Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html Reference: XF:allaire-spectra-admin-access Reference: URL:http://xforce.iss.net/static/5466.php Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information. Modifications: ADDREF XF:allaire-spectra-admin-access(5466) INFERRED ACTION: CAN-2000-0862 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Baker MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:allaire-spectra-admin-access(5466) ====================================================== Candidate: CAN-2000-0863 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0863 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: FREEBSD:FreeBSD-SA-00:50 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html Reference: XF:listmanager-port-bo Reference: URL:http://xforce.iss.net/static/5503.php Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges. Modifications: ADDREF XF:listmanager-port-bo(5503) INFERRED ACTION: CAN-2000-0863 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Baker, Magdych, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Magdych> ACKNOWLEDGED-BY-VENDOR Frech> XF:listmanager-port-bo(5503) ====================================================== Candidate: CAN-2000-0864 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0864 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: Reference: FREEBSD:FreeBSD-SA-00:45 Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html Reference: BUGTRAQ:20000911 Patch for esound-0.2.19 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html Reference: MANDRAKE:MDKSA-2000:051 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm Reference: REDHAT:RHSA-2000:077-03 Reference: DEBIAN:20001008 esound: race condition Reference: URL:http://www.debian.org/security/2000/20001008 Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html Reference: SUSE:20001012 esound daemon race condition Reference: URL:http://www.suse.de/de/support/security//esound_daemon_race_condition.txt Reference: BID:1659 Reference: URL:http://www.securityfocus.com/bid/1659 Reference: XF:gnome-esound-symlink Reference: URL:http://xforce.iss.net/static/5213.php Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack. Modifications: ADDREF XF:gnome-esound-symlink(5213) ADDREF DEBIAN:20001008 esound: race condition ADDREF BUGTRAQ:20001006 Immunix OS Security Update for esound ADDREF SUSE:20001012 esound daemon race condition INFERRED ACTION: CAN-2000-0864 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Christey, Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> XF:gnome-esound-symlink(5213) Christey> ADDREF DEBIAN:20001008 esound: race condition http://www.debian.org/security/2000/20001008 ADDREF BUGTRAQ:20001006 Immunix OS Security Update for esound http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html ADDREF SUSE:20001012 esound daemon race condition http://www.suse.de/de/support/security//esound_daemon_race_condition.txt ====================================================== Candidate: CAN-2000-0865 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0865 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html Reference: BID:1697 Reference: URL:http://www.securityfocus.com/bid/1697 Reference: XF:doublevision-dvtermtype-bo Reference: URL:http://xforce.iss.net/static/5261.php Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument. Modifications: ADDREF XF:doublevision-dvtermtype-bo(5261) INFERRED ACTION: CAN-2000-0865 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Magdych, Christey, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Christey> ADDREF XF:doublevision-dvtermtype-bo URL:http://xforce.iss.net/static/5261.php Frech> XF:doublevision-dvtermtype-bo(5261) ====================================================== Candidate: CAN-2000-0867 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0867 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000917 klogd format bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html Reference: REDHAT:RHSA-2000:061-02 Reference: DEBIAN:20000919 Reference: MANDRAKE:MDKSA-2000:050 Reference: CALDERA:CSSA-2000-032.0 Reference: TURBO:TLSA2000022-2 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html Reference: SUSE:20000920 syslogd + klogd format string parsing error Reference: URL:http://www.suse.de/de/support/security//adv9_draht_syslogd_txt.txt Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97726239017741&w=2 Reference: XF:klogd-format-string Reference: URL:http://xforce.iss.net/static/5259.php Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. Modifications: ADDREF TURBO:TLSA2000022-2 ADDREF SUSE:20000920 syslogd + klogd format string parsing error ADDREF BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd INFERRED ACTION: CAN-2000-0867 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Magdych, Cole NOOP(2) Christey, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Magdych> ACKNOWLEDGED-BY-VENDOR Christey> ADDREF TURBO:TLSA2000022-2 http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html ADDREF SUSE:20000920 syslogd + klogd format string parsing error http://www.suse.de/de/support/security//adv9_draht_syslogd_txt.txt Christey> ADDREF BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd ====================================================== Candidate: CAN-2000-0868 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0868 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: ATSTAKE:A090700-2 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt Reference: SUSE:20000907 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html Reference: BID:1658 Reference: URL:http://www.securityfocus.com/bid/1658 Reference: XF:suse-apache-cgi-source-code Reference: URL:http://xforce.iss.net/static/5197.php The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/. INFERRED ACTION: CAN-2000-0868 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0869 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0869 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: Reference: ATSTAKE:A090700-3 Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt Reference: SUSE:20000907 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html Reference: BID:1656 Reference: URL:http://www.securityfocus.com/bid/1656 Reference: XF:apache-webdav-directory-listings Reference: URL:http://xforce.iss.net/static/5204.php The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary diretories via the PROPFIND HTTP request method. INFERRED ACTION: CAN-2000-0869 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0870 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0870 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html Reference: BID:1675 Reference: URL:http://www.securityfocus.com/bid/1675 Reference: XF:eftp-bo Reference: URL:http://xforce.iss.net/static/5219.php Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string. INFERRED ACTION: CAN-2000-0870 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0871 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0871 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html Reference: BID:1677 Reference: URL:http://www.securityfocus.com/bid/1677 Reference: XF:eftp-newline-dos Reference: URL:http://xforce.iss.net/static/5220.php Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server. INFERRED ACTION: CAN-2000-0871 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Cole NOOP(2) Magdych, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION ====================================================== Candidate: CAN-2000-0873 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0873 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000903 aix allows clearing the interface stats Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html Reference: BID:1660 Reference: URL:http://www.securityfocus.com/bid/1660 Reference: XF:aix-clear-netstat Reference: URL:http://xforce.iss.net/static/5214.php netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities. Modifications: DESC Change "hiding" to "hide" INFERRED ACTION: CAN-2000-0873 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Bollinger NOOP(1) Wall Voter Comments: Cole> INDEPENDENT-CONFIRMATION Frech> Consider changing "possibly hiding evidence" to "possibly hide evidence" (parallelism with "clear") ====================================================== Candidate: CAN-2000-0878 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0878 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001018 Assigned: 20001018 Category: SF Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html Reference: BID:1669 Reference: URL:http://www.securityfocus.com/bid/1669 Reference: XF:mailto-piped-address Reference: URL:http://xforce.iss.net/static/5241.php The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field. Modifications: ADDREF XF:mailto-piped-address(5241) DESC Fix typo: "metacharactwers" INFERRED ACTION: CAN-2000-0878 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(3) Magdych, Christey, Wall Voter Comments: Cole> HAS-INDEPENDENT-CONFIRMATION Christey> Correct Barbara Walters-style spelling of "metacharactwers" Christey> ADDREF XF:mailto-piped-address Frech> XF:mailto-piped-address(5241) ====================================================== Candidate: CAN-2000-0883 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0883 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001018 Assigned: 20001018 Category: CF Reference: MANDRAKE:MDKSA-2000:046 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html Reference: BID:1678 Reference: URL:http://www.securityfocus.com/bid/1678 Reference: XF:linux-mod-perl Reference: URL:http://xforce.iss.net/static/5257.php The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory. INFERRED ACTION: CAN-2000-0883 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Magdych NOOP(2) Cole, Wall Voter Comments: Magdych> ACKNOWLEDGED-BY-VENDOR ====================================================== Candidate: CAN-2000-0884 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0884 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001019 Category: SF Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution Reference: MS:MS00-078 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-078.asp Reference: BID:1806 Reference: XF:iis-unicode-translation Reference: URL:http://xforce.iss.net/static/5377.php IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability. Modifications: ADDREF XF:iis-unicode-translation(5377) INFERRED ACTION: CAN-2000-0884 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:iis-unicode-translation(5377) ====================================================== Candidate: CAN-2000-0886 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0886 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001129 Assigned: 20001102 Category: SF Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&; Reference: MS:MS00-086 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp Reference: BID:1912 Reference: URL:http://www.securityfocus.com/vdb/bottom.html?vid=1912 Reference: XF:iis-invalid-filename-passing(5470) IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability. Modifications: ADDREF XF:iis-invalid-filename-passing(5470) INFERRED ACTION: CAN-2000-0886 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:iis-invalid-filename-passing(5470) Frech> XF:iis-invalid-filename-passing(5470) ====================================================== Candidate: CAN-2000-0887 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0887 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001129 Assigned: 20001114 Category: SF Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS Reference: URL:http://www.securityfocus.com/archive/1/143843 Reference: CERT:CA-2000-20 Reference: URL:http://www.cert.org/advisories/CA-2000-20.html Reference: REDHAT:RHSA-2000:107-01 Reference: DEBIAN:20001112 bind: remote Denial of Service Reference: URL:http://www.debian.org/security/2000/20001112 Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html Reference: SUSE:SuSE-SA:2000:45 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html Reference: IBM:ERS-SVA-E01-2000:005.1 Reference: MANDRAKE:MDKSA-2000:067 Reference: CONECTIVA:CLSA-2000:338 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 Reference: CONECTIVA:CLSA-2000:339 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 Reference: BID:1923 Reference: URL:http://www.securityfocus.com/bid/1923 Reference: XF:bind-zxfr-dos(5540) named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug." Modifications: ADDREF DEBIAN:20001112 bind: remote Denial of Service ADDREF BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) ADDREF SUSE:SuSE-SA:2000:45 ADDREF IBM:ERS-SVA-E01-2000:005.1 ADDREF XF:bind-zxfr-dos(5540) INFERRED ACTION: CAN-2000-0887 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Baker, Cole, Mell, TempVoter4 MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> ADDREF DEBIAN:20001112 bind: remote Denial of Service http://www.debian.org/security/2000/20001112 ADDREF BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html SUSE:SuSE-SA:2000:45 http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html ADDREF IBM:ERS-SVA-E01-2000:005.1 Frech> XF:bind-zxfr-dos(5540) Frech> XF:bind-zxfr-dos(5540) ====================================================== Candidate: CAN-2000-0888 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0888 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001129 Assigned: 20001114 Category: SF Reference: CERT:CA-2000-20 Reference: URL:http://www.cert.org/advisories/CA-2000-20.html Reference: REDHAT:RHSA-2000:107-01 Reference: MANDRAKE:MDKSA-2000:067 Reference: CONECTIVA:CLSA-2000:338 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338 Reference: CONECTIVA:CLSA-2000:339 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339 Reference: DEBIAN:20001112 bind: remote Denial of Service Reference: URL:http://www.debian.org/security/2000/20001112 Reference: IBM:ERS-SVA-E01-2000:005.1 Reference: SUSE:SuSE-SA:2000:45 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html Reference: XF:bind-srv-dos(5814) named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug." Modifications: ADDREF DEBIAN:20001112 bind: remote Denial of Service ADDREF IBM:ERS-SVA-E01-2000:005.1 ADDREF SUSE:SuSE-SA:2000:45 ADDREF XF:bind-srv-dos(5814) INFERRED ACTION: CAN-2000-0888 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> ADDREF DEBIAN:20001112 bind: remote Denial of Service http://www.debian.org/security/2000/20001112 ADDREF IBM:ERS-SVA-E01-2000:005.1 SUSE:SuSE-SA:2000:45 http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html Frech> XF:bind-srv-dos(5814) ====================================================== Candidate: CAN-2000-0900 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0900 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html Reference: FREEBSD:FreeBSD-SA-00:73 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc Reference: XF:acme-thttpd-ssi Reference: URL:http://xforce.iss.net/static/5313.php Reference: BID:1737 Reference: URL:http://www.securityfocus.com/bid/1737 Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack. Modifications: ADDREF FREEBSD:FreeBSD-SA-00:73 INFERRED ACTION: CAN-2000-0900 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-00:73 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc ====================================================== Candidate: CAN-2000-0901 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0901 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability Reference: URL:http://www.securityfocus.com/archive/1/80178 Reference: DEBIAN:20000902 screen: local exploit Reference: URL:http://www.debian.org/security/2000/20000902a Reference: MANDRAKE:MDKSA-2000:044 Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3 Reference: SUSE:20000906 screen format string parsing security problem Reference: URL:http://www.suse.com/de/support/security/adv6_draht_screen_txt.txt Reference: REDHAT:RHSA-2000:058-03 Reference: URL:http://www.redhat.com Reference: FREEBSD:FreeBSD-SA-00:46 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc Reference: BID:1641 Reference: URL:http://www.securityfocus.com/bid/1641 Reference: XF:screen-format-string Reference: URL:http://xforce.iss.net/static/5188.php Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable. INFERRED ACTION: CAN-2000-0901 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0908 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0908 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=96956211605302&w=2 Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H) Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest Reference: XF:browsegate-http-dos Reference: URL:http://xforce.iss.net/static/5270.php Reference: BID:1702 Reference: URL:http://www.securityfocus.com/bid/1702 BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request. INFERRED ACTION: CAN-2000-0908 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0909 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0909 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000922 [ no subject ] Reference: URL:http://www.securityfocus.com/archive/1/84901 Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html Reference: FREEBSD:FreeBSD-SA-00:59 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc Reference: REDHAT:RHSA-2000-102-04 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html Reference: MANDRAKE:MDKSA-2000:073 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3 Reference: BID:1709 Reference: URL:http://www.securityfocus.com/bid/1709 Reference: XF:pine-check-mail-bo Reference: URL:http://xforce.iss.net/static/5283.php Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header. Modifications: ADDREF MANDRAKE:MDKSA-2000:073 INFERRED ACTION: CAN-2000-0909 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF MANDRAKE:MDKSA-2000:073 http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3 ====================================================== Candidate: CAN-2000-0910 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0910 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html Reference: DEBIAN:20000910 imp: remote compromise Reference: URL:http://www.debian.org/security/2000/20000910 Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch Reference: BID:1674 Reference: URL:http://www.securityfocus.com/bid/1674 Reference: XF:horde-imp-sendmail-command Reference: URL:http://xforce.iss.net/static/5278.php Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address. INFERRED ACTION: CAN-2000-0910 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0911 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0911 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP Reference: URL:http://www.securityfocus.com/archive/1/82088 Reference: BID:1679 Reference: URL:http://www.securityfocus.com/bid/1679 Reference: XF:imp-attach-file Reference: URL:http://xforce.iss.net/static/5227.php IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment. INFERRED ACTION: CAN-2000-0911 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0912 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0912 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000913 MultiHTML vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html Reference: XF:http-cgi-multihtml Reference: URL:http://xforce.iss.net/static/5285.php MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter. INFERRED ACTION: CAN-2000-0912 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0913 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0913 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html Reference: MANDRAKE:MDKSA-2000:060 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1 Reference: REDHAT:RHSA-2000:088-04 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088-04.html Reference: CALDERA:CSSA-2000-035.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt Reference: HP:HPSBUX0010-126 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0021.html Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html Reference: BID:1728 Reference: URL:http://www.securityfocus.com/bid/1728 Reference: XF:apache-rewrite-view-files Reference: URL:http://xforce.iss.net/static/5310.php mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression. INFERRED ACTION: CAN-2000-0913 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0914 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0914 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001005 obsd_fun.c Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html Reference: BID:1759 Reference: URL:http://www.securityfocus.com/bid/1759 Reference: XF:bsd-arp-request-dos Reference: URL:http://xforce.iss.net/static/5340.php OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests. INFERRED ACTION: CAN-2000-0914 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0915 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0915 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html Reference: FREEBSD:FreeBSD-SA-00:54 Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc Reference: BID:1803 Reference: URL:http://www.securityfocus.com/bid/1803 Reference: XF:freebsd-fingerd-files Reference: URL:http://xforce.iss.net/static/5385.php fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name. INFERRED ACTION: CAN-2000-0915 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0917 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0917 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html Reference: CERT:CA-2000-22 Reference: URL:http://www.cert.org/advisories/CA-2000-22.html Reference: CALDERA:CSSA-2000-033.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt Reference: REDHAT:RHSA-2000:065-06 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-065-06.html Reference: FREEBSD:FreeBSD-SA-00:56 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc Reference: XF:lprng-format-string Reference: URL:http://xforce.iss.net/static/5287.php Reference: BID:1712 Reference: URL:http://www.securityfocus.com/bid/1712 Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands. Modifications: ADDREF CERT:CA-2000-22 INFERRED ACTION: CAN-2000-0917 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(2) Christey, Wall Voter Comments: Christey> ADDREF CERT:CA-2000-22 URL:http://www.cert.org/advisories/CA-2000-22.html ====================================================== Candidate: CAN-2000-0919 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0919 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001007 PHPix advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html Reference: BID:1773 Reference: URL:http://www.securityfocus.com/bid/1773 Reference: XF:phpix-dir-traversal Reference: URL:http://xforce.iss.net/static/5331.php Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack. INFERRED ACTION: CAN-2000-0919 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0920 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0920 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html Reference: FREEBSD:FreeBSD-SA-00:60 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc Reference: DEBIAN:20001009 boa: exposes contents of local files Reference: URL:http://www.debian.org/security/2000/20001009 Reference: BID:1770 Reference: URL:http://www.securityfocus.com/bid/1770 Reference: XF:boa-webserver-get-dir-traversal Reference: URL:http://xforce.iss.net/static/5330.php Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "." INFERRED ACTION: CAN-2000-0920 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0921 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0921 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html Reference: BID:1777 Reference: URL:http://www.securityfocus.com/bid/1777 Reference: XF:hassan-shopping-cart-dir-traversal Reference: URL:http://xforce.iss.net/static/5342.php Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. INFERRED ACTION: CAN-2000-0921 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0922 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0922 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html Reference: BID:1776 Reference: URL:http://www.securityfocus.com/bid/1776 Reference: XF:web-shopper-directory-traversal Reference: URL:http://xforce.iss.net/static/5351.php Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter. INFERRED ACTION: CAN-2000-0922 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0923 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0923 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html Reference: XF:uclinux-apliophone-bin-execute Reference: URL:http://xforce.iss.net/static/5333.php Reference: BID:1784 Reference: URL:http://www.securityfocus.com/bid/1784 authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter. INFERRED ACTION: CAN-2000-0923 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0924 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0924 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001009 Master Index traverse advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html Reference: BID:1772 Reference: URL:http://www.securityfocus.com/bid/1772 Reference: XF:master-index-directory-traversal Reference: URL:http://xforce.iss.net/static/5355.php Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter. Modifications: ADDREF XF:master-index-directory-traversal(5355) INFERRED ACTION: CAN-2000-0924 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:master-index-directory-traversal(5355) ====================================================== Candidate: CAN-2000-0925 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0925 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: CF Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050819812055&w=2 Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2 Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0001.html Reference: BID:1734 Reference: URL:http://www.securityfocus.com/bid/1734 Reference: XF:cyberoffice-world-readable-directory Reference: URL:http://xforce.iss.net/static/5318.php The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information. Modifications: XF:cyberoffice-world-readable-directory(5318) INFERRED ACTION: CAN-2000-0925 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:cyberoffice-world-readable-directory(5318) ====================================================== Candidate: CAN-2000-0926 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0926 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97050627707128&w=2 Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html Reference: BID:1733 Reference: URL:http://www.securityfocus.com/bid/1733 Reference: XF:cyberoffice-price-modification Reference: URL:http://xforce.iss.net/static/5319.php SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable. Modifications: ADDREF XF:cyberoffice-price-modification(5319) INFERRED ACTION: CAN-2000-0926 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:cyberoffice-price-modification(5319) ====================================================== Candidate: CAN-2000-0928 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0928 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html Reference: BID:1765 Reference: URL:http://www.securityfocus.com/bid/1765 Reference: XF:quotaadvisor-list-files Reference: URL:http://xforce.iss.net/static/5327.php WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. Modifications: ADDREF XF:quotaadvisor-list-files(5327) INFERRED ACTION: CAN-2000-0928 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:quotaadvisor-list-files(5327) ====================================================== Candidate: CAN-2000-0929 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0929 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment" Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97024839222747&w=2 Reference: MS:MS00-068 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-068.asp Reference: BID:1714 Reference: URL:http://www.securityfocus.com/bid/1714 Reference: XF:mediaplayer-outlook-dos Reference: URL:http://xforce.iss.net/static/5309.php Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. INFERRED ACTION: CAN-2000-0929 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Cole, Mell, Wall ====================================================== Candidate: CAN-2000-0930 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0930 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0436.html Reference: BID:1738 Reference: URL:http://www.securityfocus.com/bid/1738 Reference: XF:pegasus-file-forwarding Reference: URL:http://xforce.iss.net/static/5326.php Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. INFERRED ACTION: CAN-2000-0930 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0932 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0932 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html Reference: XF:mailsweeper-smtp-dos Reference: URL:http://xforce.iss.net/static/5641.php MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. Modifications: ADDREF XF:mailsweeper-smtp-dos(5641) INFERRED ACTION: CAN-2000-0932 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Mell, Wall Voter Comments: Frech> XF:mailsweeper-smtp-dos(5641) ====================================================== Candidate: CAN-2000-0933 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0933 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-069 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-069.asp Reference: BID:1729 Reference: URL:http://www.securityfocus.com/bid/1729 Reference: XF:win2k-simplified-chinese-ime Reference: URL:http://xforce.iss.net/static/5301.php The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability. INFERRED ACTION: CAN-2000-0933 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Cole, Mell, Wall ====================================================== Candidate: CAN-2000-0934 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0934 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: REDHAT:RHSA-2000:062-03 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0250.html Reference: BID:1703 Reference: URL:http://www.securityfocus.com/bid/1703 Reference: XF:glint-symlink Reference: URL:http://xforce.iss.net/static/5271.php Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. INFERRED ACTION: CAN-2000-0934 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0935 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0935 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1872 Reference: URL:http://www.securityfocus.com/bid/1872 Reference: XF:samba-swat-logging-sym-link Reference: URL:http://xforce.iss.net/static/5443.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. INFERRED ACTION: CAN-2000-0935 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(2) Cole, TempVoter4 ====================================================== Candidate: CAN-2000-0936 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0936 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1874 Reference: URL:http://www.securityfocus.com/bid/1874 Reference: XF:samba-swat-logfile-info Reference: URL:http://xforce.iss.net/static/5445.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. INFERRED ACTION: CAN-2000-0936 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(2) Cole, TempVoter4 ====================================================== Candidate: CAN-2000-0937 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0937 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: BID:1873 Reference: URL:http://www.securityfocus.com/bid/1873 Reference: XF:samba-swat-brute-force Reference: URL:http://xforce.iss.net/static/5442.php Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks. INFERRED ACTION: CAN-2000-0937 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0938 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0938 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html Reference: XF:samba-swat-brute-force(5442) Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server. Modifications: ADDREF XF:samba-swat-brute-force(5442) INFERRED ACTION: CAN-2000-0938 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Mell, TempVoter4 MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:samba-swat-brute-force(5442) ====================================================== Candidate: CAN-2000-0941 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0941 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt Reference: BID:1883 Reference: URL:http://www.securityfocus.com/bid/1883 Reference: XF:kw-whois-meta Reference: URL:http://xforce.iss.net/static/5438.php Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. INFERRED ACTION: CAN-2000-0941 FINAL (Final Decision 20010122) Current Votes: ACCEPT(5) Frech, Baker, Cole, Mell, TempVoter4 ====================================================== Candidate: CAN-2000-0942 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0942 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw Reference: URL:http://www.securityfocus.com/archive/1/141903 Reference: MS:MS00-084 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-084.asp Reference: BID:1861 Reference: URL:http://www.securityfocus.com/bid/1861 Reference: XF:iis-htw-cross-scripting Reference: URL:http://xforce.iss.net/static/5441.php The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability. INFERRED ACTION: CAN-2000-0942 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0943 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0943 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html Reference: BID:1858 Reference: XF:bftpd-user-bo Reference: URL:http://xforce.iss.net/static/5426.php Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. Modifications: ADDREF BID:1858 INFERRED ACTION: CAN-2000-0943 FINAL (Final Decision 20010122) Current Votes: ACCEPT(5) Frech, Baker, Cole, Mell, TempVoter4 NOOP(1) Christey Voter Comments: Christey> ADDREF BID:1858 ====================================================== Candidate: CAN-2000-0944 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0944 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html Reference: BID:1881 Reference: URL:http://www.securityfocus.com/bid/1881 Reference: XF:news-update-bypass-password Reference: URL:http://xforce.iss.net/static/5433.php CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. INFERRED ACTION: CAN-2000-0944 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0946 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0946 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html Reference: XF:compaq-ea-elevate-privileges Reference: URL:http://xforce.iss.net/static/5718.php Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. Modifications: ADDREF XF:compaq-ea-elevate-privileges(5718) INFERRED ACTION: CAN-2000-0946 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:compaq-ea-elevate-privileges(5718) ====================================================== Candidate: CAN-2000-0947 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0947 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html Reference: MANDRAKE:MDKSA-2000:061 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1 Reference: NETBSD:NetBSD-SA2000-013 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc Reference: BID:1757 Reference: URL:http://www.securityfocus.com/bid/1757 Reference: XF:cfengine-cfd-format-string Reference: URL:http://xforce.iss.net/static/5630.php Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command. Modifications: ADDREF XF:cfengine-cfd-format-string(5630) INFERRED ACTION: CAN-2000-0947 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:cfengine-cfd-format-string(5630) ====================================================== Candidate: CAN-2000-0948 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0948 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability Reference: URL:http://www.securityfocus.com/archive/1/136866 Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0043.html Reference: MANDRAKE:MDKSA-2000:055 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-055.php3?dis=7.0 Reference: REDHAT:RHSA-2000:072-07 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-072.html Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0184.html Reference: BID:1761 Reference: URL:http://www.securityfocus.com/bid/1761 Reference: XF:gnorpm-temp-symlink Reference: URL:http://xforce.iss.net/static/5317.php GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack. INFERRED ACTION: CAN-2000-0948 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0949 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0949 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000928 Very interesting traceroute flaw Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html Reference: CALDERA:CSSA-2000-034.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt Reference: MANDRAKE:MDKSA-2000:053 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1 Reference: REDHAT:RHSA-2000:078-02 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-078-02.html Reference: DEBIAN:20001013 traceroute: local root exploit Reference: URL:http://www.debian.org/security/2000/20001013 Reference: TURBO:TLSA2000023-1 Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html Reference: BID:1739 Reference: URL:http://www.securityfocus.com/bid/1739 Reference: XF:traceroute-heap-overflow Reference: URL:http://xforce.iss.net/static/5311.php Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option. INFERRED ACTION: CAN-2000-0949 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0951 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0951 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: CF Reference: ATSTAKE:A100400-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100400-1.txt Reference: MSKB:Q272079 Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=272079 Reference: BID:1756 Reference: URL:http://www.securityfocus.com/bid/1756 Reference: XF:iis-index-dir-traverse Reference: URL:http://xforce.iss.net/static/5335.php A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search. INFERRED ACTION: CAN-2000-0951 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Cole, Mell, Wall ====================================================== Candidate: CAN-2000-0952 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0952 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NETBSD:NetBSD-SA2000-014 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc Reference: XF:global-execute-remote-commands Reference: URL:http://xforce.iss.net/static/5424.php global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters. INFERRED ACTION: CAN-2000-0952 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0953 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0953 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html Reference: BID:1778 Reference: URL:http://www.securityfocus.com/bid/1778 Reference: XF:shambala-connection-dos Reference: URL:http://xforce.iss.net/static/5345.php Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection. INFERRED ACTION: CAN-2000-0953 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0956 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0956 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: REDHAT:RHSA-2000:094-01 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html Reference: BID:1875 Reference: URL:http://www.securityfocus.com/bid/1875 Reference: XF:cyrus-sasl-gain-access Reference: URL:http://xforce.iss.net/static/5427.php cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions. INFERRED ACTION: CAN-2000-0956 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) TempVoter4 ====================================================== Candidate: CAN-2000-0957 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0957 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html Reference: XF:pammysql-auth-input Reference: URL:http://xforce.iss.net/static/5447.php The pluggable authentication module for msql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes. INFERRED ACTION: CAN-2000-0957 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Mell, TempVoter4 NOOP(1) Cole ====================================================== Candidate: CAN-2000-0958 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0958 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html Reference: XF:hotjava-browser-dom-access Reference: URL:http://xforce.iss.net/static/5428.php HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. INFERRED ACTION: CAN-2000-0958 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0959 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0959 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks Reference: URL:http://www.securityfocus.com/archive/1/85028 Reference: BID:1719 Reference: URL:http://www.securityfocus.com/bid/1719 Reference: XF:glibc-unset-symlink Reference: URL:http://xforce.iss.net/static/5299.php glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack. INFERRED ACTION: CAN-2000-0959 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(2) Cole, Wall ====================================================== Candidate: CAN-2000-0960 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0960 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97138100426121&w=2 Reference: BID:1787 Reference: URL:http://www.securityfocus.com/bid/1787 Reference: XF:netscape-messaging-email-verify Reference: URL:http://xforce.iss.net/static/5364.php The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse. INFERRED ACTION: CAN-2000-0960 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0961 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0961 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ] Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html Reference: BID:1721 Reference: URL:http://www.securityfocus.com/bid/1721 Reference: XF:netscape-messaging-list-dos Reference: URL:http://xforce.iss.net/static/5292.php Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command. INFERRED ACTION: CAN-2000-0961 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0962 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0962 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions. Reference: BID:1723 Reference: URL:http://www.securityfocus.com/bid/1723 Reference: XF:openbsd-nmap-dos Reference: URL:http://xforce.iss.net/static/5634.php The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service. Modifications: ADDREF XF:openbsd-nmap-dos(5634) INFERRED ACTION: CAN-2000-0962 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:openbsd-nmap-dos(5634) ====================================================== Candidate: CAN-2000-0965 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0965 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: XF:hp-virtualvault-nsapi-dos Reference: URL:http://xforce.iss.net/static/5361.php Reference: HP:HPSBUX0010-124 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0012.html The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization) INFERRED ACTION: CAN-2000-0965 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0966 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0966 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: HP:HPSBUX0010-125 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html Reference: XF:hp-lpspooler-bo Reference: URL:http://xforce.iss.net/static/5379.php Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges. INFERRED ACTION: CAN-2000-0966 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0967 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0967 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: ATSTAKE:A101200-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-1.txt Reference: MANDRAKE:MDKSA-2000:062 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1 Reference: DEBIAN:20001014 php3: possible remote exploit Reference: URL:http://www.debian.org/security/2000/20001014a Reference: DEBIAN:20001014 php4: possible remote exploit Reference: URL:http://www.debian.org/security/2000/20001014b Reference: CALDERA:CSSA-2000-037.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt Reference: FREEBSD:FreeBSD-SA-00:75 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html Reference: BID:1786 Reference: URL:http://www.securityfocus.com/bid/1786 Reference: XF:php-logging-format-string Reference: URL:http://xforce.iss.net/static/5359.php PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs. Modifications: ADDREF FREEBSD:FreeBSD-SA-00:75 INFERRED ACTION: CAN-2000-0967 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Christey Voter Comments: Christey> FREEBSD:FreeBSD-SA-00:75 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc ====================================================== Candidate: CAN-2000-0968 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0968 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01 Reference: URL:http://www.securityfocus.com/archive/1/141060 Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html Reference: BID:1799 Reference: URL:http://www.securityfocus.com/bid/1799 Reference: XF:halflife-server-changelevel-bo Reference: URL:http://xforce.iss.net/static/5375.php Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command. INFERRED ACTION: CAN-2000-0968 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0969 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0969 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01 Reference: URL:http://www.securityfocus.com/archive/1/141060 Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html Reference: XF:halflife-rcon-format-string Reference: URL:http://xforce.iss.net/static/5413.php Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon. INFERRED ACTION: CAN-2000-0969 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0970 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0970 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-080 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-080.asp Reference: XF:session-cookie-remote-retrieval Reference: URL:http://xforce.iss.net/static/5396.php IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability. INFERRED ACTION: CAN-2000-0970 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0972 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0972 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html Reference: XF:hp-crontab-read-files Reference: URL:http://xforce.iss.net/static/5410.php HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates. INFERRED ACTION: CAN-2000-0972 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0973 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0973 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: DEBIAN:20001013 curl and curl-ssl: remote exploit Reference: URL:http://www.debian.org/security/2000/20001013a Reference: REDHAT:RHBA-2000:092-01 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html Reference: FREEBSD:FreeBSD-SA-00:72 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc Reference: BID:1804 Reference: URL:http://www.securityfocus.com/bid/1804 Reference: XF:curl-error-bo Reference: URL:http://xforce.iss.net/static/5374.php Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated. Modifications: ADDREF FREEBSD:FreeBSD-SA-00:72 INFERRED ACTION: CAN-2000-0973 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Christey Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-00:72 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc ====================================================== Candidate: CAN-2000-0974 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0974 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html Reference: DEBIAN:20001111 gnupg: incorrect signature verification Reference: URL:http://www.debian.org/security/2000/20001111 Reference: FREEBSD:FreeBSD-SA-00:67 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc Reference: REDHAT:RHSA-2000:089-04 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-089-04.html Reference: CALDERA:CSSA-2000-038.0 Reference: MANDRAKE:MDKSA-2000:063-1 Reference: CONECTIVA:CLSA-2000:334 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334 Reference: BUGTRAQ:20001025 Immunix OS Security Update for gnupg package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html Reference: XF:gnupg-message-modify Reference: URL:http://xforce.iss.net/static/5386.php Reference: BID:1797 Reference: URL:http://www.securityfocus.com/bid/1797 GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection. Modifications: ADDREF DEBIAN:20001111 gnupg: incorrect signature verification ADDREF FREEBSD:FreeBSD-SA-00:67 INFERRED ACTION: CAN-2000-0974 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Christey Voter Comments: Christey> ADDREF DEBIAN:20001111 gnupg: incorrect signature verification http://www.debian.org/security/2000/20001111 ADDREF FREEBSD:FreeBSD-SA-00:67 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc ====================================================== Candidate: CAN-2000-0975 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0975 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001012 Anaconda Advisory Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html Reference: XF:anaconda-apexec-directory-traversal Reference: URL:http://xforce.iss.net/static/5750.php Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:anaconda-apexec-directory-traversal(5750) INFERRED ACTION: CAN-2000-0975 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:anaconda-apexec-directory-traversal(5750) ====================================================== Candidate: CAN-2000-0977 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0977 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001011 Mail File POST Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html Reference: BID:1807 Reference: URL:http://www.securityfocus.com/bid/1807 Reference: XF:mailfile-post-file-read Reference: URL:http://xforce.iss.net/static/5358.php mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter. Modifications: ADDREF XF:mailfile-post-file-read(5358) INFERRED ACTION: CAN-2000-0977 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:mailfile-post-file-read(5358) ====================================================== Candidate: CAN-2000-0978 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0978 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html Reference: BID:1779 Reference: URL:http://www.securityfocus.com/bid/1779 Reference: XF:bb4-netmon-execute-commands Reference: URL:http://xforce.iss.net/static/5719.php bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter. Modifications: ADDREF XF:bb4-netmon-execute-commands(5719) INFERRED ACTION: CAN-2000-0978 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:bb4-netmon-execute-commands(5719) ====================================================== Candidate: CAN-2000-0979 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0979 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97147777618139&w=2 Reference: MS:MS00-072 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-072.asp Reference: BID:1780 Reference: URL:http://www.securityfocus.com/bid/1780 Reference: XF:win9x-share-level-password Reference: URL:http://xforce.iss.net/static/5395.php File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability. INFERRED ACTION: CAN-2000-0979 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0980 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0980 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-073 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-073.asp Reference: BID:1781 Reference: URL:http://www.securityfocus.com/bid/1781 Reference: XF:win-nmpi-packet-dos Reference: URL:http://xforce.iss.net/static/5357.php NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network. INFERRED ACTION: CAN-2000-0980 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0981 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0981 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security Reference: XF:mysql-authentication Reference: URL:http://xforce.iss.net/static/5409.php MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password. INFERRED ACTION: CAN-2000-0981 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0982 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0982 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-076 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-076.asp Reference: BID:1793 Reference: URL:http://www.securityfocus.com/bid/1793 Reference: XF:ie-cache-info Reference: URL:http://xforce.iss.net/static/5367.php Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability. INFERRED ACTION: CAN-2000-0982 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0983 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0983 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting Reference: URL:http://www.securityfocus.com/archive/1/140341 Reference: MS:MS00-077 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp Reference: MSKB:Q273854 Reference: BID:1798 Reference: URL:http://www.securityfocus.com/bid/1798 Reference: XF:netmeeting-desktop-sharing-dos Reference: URL:http://xforce.iss.net/static/5368.php Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability. INFERRED ACTION: CAN-2000-0983 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0984 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0984 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml Reference: XF:cisco-ios-query-dos Reference: URL:http://xforce.iss.net/static/5412.php The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string. INFERRED ACTION: CAN-2000-0984 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0989 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0989 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station' Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html Reference: XF:intel-email-username-bo Reference: URL:http://xforce.iss.net/static/5414.php Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username. INFERRED ACTION: CAN-2000-0989 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-0990 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0990 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html Reference: BID:1809 Reference: URL:http://www.securityfocus.com/bid/1809 Reference: XF:cmd5checkpw-qmail-bypass-authentication Reference: URL:http://xforce.iss.net/static/5382.php cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username. INFERRED ACTION: CAN-2000-0990 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0991 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0991 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-079 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-079.asp Reference: BID:1815 Reference: URL:http://www.securityfocus.com/bid/1815 Reference: XF:win-hyperterminal-telnet-bo Reference: URL:http://xforce.iss.net/static/5387.php Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability. INFERRED ACTION: CAN-2000-0991 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-0992 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0992 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000930 scp file transfer hole Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html Reference: MANDRAKE:MDKSA-2000:057 Reference: BID:1742 Reference: URL:http://www.securityfocus.com/bid/1742 Reference: XF:scp-overwrite-files Reference: URL:http://xforce.iss.net/static/5312.php Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack. Modifications: ADDREF XF:scp-overwrite-files(5312) INFERRED ACTION: CAN-2000-0992 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(2) Cole, Wall Voter Comments: Frech> XF:scp-overwrite-files(5312) ====================================================== Candidate: CAN-2000-0993 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0993 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function. Reference: URL:http://www.openbsd.org/errata27.html#pw_error Reference: NETBSD:NetBSD-SA2000-015 Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc Reference: FREEBSD:FreeBSD-SA-00:58 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/137482 Reference: BID:1744 Reference: URL:http://www.securityfocus.com/bid/1744 Reference: XF:bsd-libutil-format Reference: URL:http://xforce.iss.net/static/5339.php Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd. INFERRED ACTION: CAN-2000-0993 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0994 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0994 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://www.securityfocus.com/archive/1/137482 Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: BID:1746 Reference: URL:http://www.securityfocus.com/bid/1746 Reference: XF:bsd-fstat-format Reference: URL:http://xforce.iss.net/static/5338.php Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable. INFERRED ACTION: CAN-2000-0994 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-0995 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0995 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: XF:bsd-yp-passwd-format Reference: URL:http://xforce.iss.net/static/5635.php Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name. Modifications: ADDREF XF:bsd-yp-passwd-format(5635) INFERRED ACTION: CAN-2000-0995 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Mell, Wall Voter Comments: Frech> XF:bsd-yp-passwd-format(5635) ====================================================== Candidate: CAN-2000-0996 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0996 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs. Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Reference: XF:bsd-su-format Reference: URL:http://xforce.iss.net/static/5636.php Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell. Modifications: ADDREF XF:bsd-su-format(5636) INFERRED ACTION: CAN-2000-0996 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Cole MODIFY(1) Frech NOOP(2) Mell, Wall Voter Comments: Frech> XF:bsd-su-format(5636) ====================================================== Candidate: CAN-2000-1000 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1000 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001003 AOL Instant Messenger DoS Reference: URL:http://www.securityfocus.com/archive/1/137374 Reference: BID:1747 Reference: URL:http://www.securityfocus.com/bid/1747 Reference: XF:aim-file-transfer-dos Reference: URL:http://xforce.iss.net/static/5314.php Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters. INFERRED ACTION: CAN-2000-1000 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Mell, Wall NOOP(1) Cole ====================================================== Candidate: CAN-2000-1001 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1001 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001024 Price modification in Element InstantShop Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97240616129614&w=2 Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97267884631455&w=2 Reference: XF:instantshop-modify-price Reference: URL:http://xforce.iss.net/static/5402.php add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable. Modifications: ADDREF XF:instantshop-modify-price(5402) DESC CHANGEREF BUGTRAQ [fix date] INFERRED ACTION: CAN-2000-1001 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> Change date in Bugtraq reference to 20001024 Frech> XF:instantshop-modify-price(5402) ====================================================== Candidate: CAN-2000-1002 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1002 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings Reference: URL:http://www.securityfocus.com/archive/1/139523 Reference: XF:communigate-email-verify Reference: URL:http://xforce.iss.net/static/5363.php Reference: BID:1792 Reference: URL:http://www.securityfocus.com/bid/1792 POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks. INFERRED ACTION: CAN-2000-1002 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-1003 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1003 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability Reference: URL:http://www.securityfocus.com/archive/1/139511 Reference: BID:1794 Reference: URL:http://www.securityfocus.com/bid/1794 Reference: XF:win-netbios-driver-type-dos Reference: URL:http://xforce.iss.net/static/5370.php NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash. INFERRED ACTION: CAN-2000-1003 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-1004 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1004 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97068555106135&w=2 Reference: XF:bsd-photurisd-format Reference: URL:http://xforce.iss.net/static/5336.php Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters. INFERRED ACTION: CAN-2000-1004 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Mell, Wall NOOP(1) Cole ====================================================== Candidate: CAN-2000-1005 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1005 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability Reference: URL:http://www.securityfocus.com/archive/1/138495 Reference: BID:1774 Reference: URL:http://www.securityfocus.com/bid/1774 Reference: XF:extropia-webstore-fileread Reference: URL:http://xforce.iss.net/static/5347.php Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter. INFERRED ACTION: CAN-2000-1005 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-1006 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1006 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: MS:MS00-082 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-082.asp Reference: XF:ms-exchange-mime-dos Reference: URL:http://xforce.iss.net/static/5448.php Reference: BID:1869 Reference: URL:http://www.securityfocus.com/bid/1869 Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability. INFERRED ACTION: CAN-2000-1006 FINAL (Final Decision 20010122) Current Votes: ACCEPT(5) Frech, Baker, Cole, Mell, TempVoter4 ====================================================== Candidate: CAN-2000-1007 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1007 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix. Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html Reference: XF:igear-invalid-log(5791) Reference: URL:http://xforce.iss.net/static/5791.php I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors. Modifications: ADDREF XF:igear-invalid-log(5791) INFERRED ACTION: CAN-2000-1007 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:igear-invalid-log(5791) ====================================================== Candidate: CAN-2000-1010 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1010 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory] Reference: URL:http://www.securityfocus.com/archive/1/137890 Reference: BID:1764 Reference: URL:http://www.securityfocus.com/bid/1764 Reference: XF:linux-talkd-overwrite-root Reference: URL:http://xforce.iss.net/static/5344.php Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters. INFERRED ACTION: CAN-2000-1010 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-1011 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1011 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: FREEBSD:FreeBSD-SA-00:53 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc Reference: XF:freebsd-catopen-bo Reference: URL:http://xforce.iss.net/static/5638.php Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable. Modifications: XF:freebsd-catopen-bo(5638) INFERRED ACTION: CAN-2000-1011 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:freebsd-catopen-bo(5638) ====================================================== Candidate: CAN-2000-1014 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1014 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.html Reference: BID:1717 Reference: URL:http://www.securityfocus.com/bid/1717 Reference: XF:unixware-scohelp-format Reference: URL:http://xforce.iss.net/static/5291.php Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter. INFERRED ACTION: CAN-2000-1014 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(2) Wall, Cole ====================================================== Candidate: CAN-2000-1016 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1016 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: CF Reference: BUGTRAQ:20000921 httpd.conf in Suse 6.4 Reference: URL:http://www.securityfocus.com/archive/1/84360 Reference: BID:1707 Reference: URL:http://www.securityfocus.com/bid/1707 Reference: XF:suse-installed-packages-exposed Reference: URL:http://xforce.iss.net/static/5276.php The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL. INFERRED ACTION: CAN-2000-1016 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1018 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1018 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001010 Shred 1.0 Bug Report Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97119799515246&w=2 Reference: BUGTRAQ:20001011 Shred v1.0 Fix Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97131166004145&w=2 Reference: BID:1788 Reference: URL:http://www.securityfocus.com/bid/1788 Reference: XF:shred-recover-files Reference: URL:http://xforce.iss.net/static/5722.php shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file. Modifications: ADDREF XF:shred-recover-files(5722) INFERRED ACTION: CAN-2000-1018 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:shred-recover-files(5722) ====================================================== Candidate: CAN-2000-1019 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1019 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97301487015664&w=2 Reference: BID:1866 Reference: URL:http://www.securityfocus.com/bid/1866 Reference: XF:ultraseek-malformed-url-dos Reference: URL:http://xforce.iss.net/static/5439.php Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL. INFERRED ACTION: CAN-2000-1019 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Mell, TempVoter4 NOOP(1) Cole ====================================================== Candidate: CAN-2000-1022 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1022 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html Reference: BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html Reference: CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability Reference: URL:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml Reference: BID:1698 Reference: URL:http://www.securityfocus.com/bid/1698 Reference: XF:cisco-pix-smtp-filtering Reference: URL:http://xforce.iss.net/static/5277.php The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands. INFERRED ACTION: CAN-2000-1022 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1024 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1024 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97306581513537&w=2 Reference: BID:1876 Reference: URL:http://www.securityfocus.com/bid/1876 Reference: XF:ewave-servletexec-file-upload Reference: URL:http://xforce.iss.net/static/5450.php eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands. INFERRED ACTION: CAN-2000-1024 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Mell, TempVoter4 NOOP(1) Cole ====================================================== Candidate: CAN-2000-1026 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1026 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: FREEBSD:FreeBSD-SA-00:61 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc Reference: SUSE:SuSE-SA:2000:46 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html Reference: DEBIAN:20001120 tcpdump: remote denial of service Reference: URL:http://www.debian.org/security/2000/20001120a Reference: BID:1870 Reference: URL:http://www.securityfocus.com/bid/1870 Reference: XF:tcpdump-afs-packet-overflow(5480) Multiple buffer overflows in LBNL tcpdump allows remote attackers to execute arbitrary commands. Modifications: ADDREF SUSE:SuSE-SA:2000:46 ADDREF DEBIAN:20001120 tcpdump: remote denial of service ADDREF XF:tcpdump-afs-packet-overflow(5480) INFERRED ACTION: CAN-2000-1026 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> SUSE:SuSE-SA:2000:46 http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html DEBIAN:20001120 tcpdump: remote denial of service URL:http://www.debian.org/security/2000/20001120a Frech> XF:tcpdump-afs-packet-overflow(5480) ====================================================== Candidate: CAN-2000-1027 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1027 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97059440000367&w=2 Reference: BID:1877 Reference: URL:http://www.securityfocus.com/bid/1877 Reference: XF:cisco-pix-reveal-address Reference: URL:http://xforce.iss.net/static/5646.php Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established. Modifications: ADDREF XF:cisco-pix-reveal-address(5646) INFERRED ACTION: CAN-2000-1027 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(2) Wall, Cole Voter Comments: Frech> XF:cisco-pix-reveal-address(5646) ====================================================== Candidate: CAN-2000-1031 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1031 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List ) Reference: URL:http://www.securityfocus.com/archive/1/75188 Reference: HP:HPSBUX0011-128 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html Reference: BID:1889 Reference: URL:http://www.securityfocus.com/bid/1889 Reference: XF:hp-dtterm(5461) Buffer overflow in dtterm in HP-UX 11.0 allows a local user to gain privileges via a long -tn option. Modifications: ADDREF XF:hp-dtterm(5461) INFERRED ACTION: CAN-2000-1031 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Baker, Cole, Mell MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:hp-dtterm(5461) ====================================================== Candidate: CAN-2000-1032 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1032 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities Reference: URL:http://www.securityfocus.com/archive/1/142808 Reference: BID:1890 Reference: URL:http://www.securityfocus.com/bid/1890 Reference: XF:fw1-login-response(5816) The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall. Modifications: ADDREF XF:fw1-login-response(5816) INFERRED ACTION: CAN-2000-1032 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Baker, Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:fw1-login-response(5816) ====================================================== Candidate: CAN-2000-1034 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1034 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349782305448&w=2 Reference: MS:MS00-085 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-085.asp Reference: BID:1899 Reference: URL:http://www.securityfocus.com/bid/1899 Reference: XF:system-monitor-activex-bo(5467) Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability. Modifications: ADDREF XF:system-monitor-activex-bo(5467) INFERRED ACTION: CAN-2000-1034 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech NOOP(1) TempVoter4 Voter Comments: Frech> XF:system-monitor-activex-bo(5467) ====================================================== Candidate: CAN-2000-1036 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1036 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: BUGTRAQ:20000920 Extent RBS directory Transversal. Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html Reference: BID:1704 Reference: URL:http://www.securityfocus.com/bid/1704 Reference: XF:rbs-isp-directory-traversal Reference: URL:http://xforce.iss.net/static/5275.php Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter. INFERRED ACTION: CAN-2000-1036 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1038 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1038 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001124 Category: SF Reference: AIXAPAR:SA90544 Reference: CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument Reference: XF:as400-firewall-dos Reference: URL:http://xforce.iss.net/static/5266.php The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request. INFERRED ACTION: CAN-2000-1038 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1040 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1040 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: DEBIAN:20001014 nis: local exploit Reference: URL:http://www.debian.org/security/2000/20001014 Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: REDHAT:RHSA-2000:086-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086-05.html Reference: CALDERA:CSSA-2000-039.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html Reference: XF:ypbind-printf-format-string Reference: URL:http://xforce.iss.net/static/5394.php Reference: BID:1820 Reference: URL:http://www.securityfocus.com/bid/1820 Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service. INFERRED ACTION: CAN-2000-1040 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-1041 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1041 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: CALDERA:CSSA-2000-039.0 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt Reference: XF:ypbind-remote-bo Reference: URL:http://xforce.iss.net/static/5759.php Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges. Modifications: ADDREF XF:ypbind-remote-bo(5759) INFERRED ACTION: CAN-2000-1041 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:ypbind-remote-bo(5759) ====================================================== Candidate: CAN-2000-1042 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1042 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: XF:linux-ypserv-bo Reference: URL:http://xforce.iss.net/static/5730.php Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. Modifications: ADDREF XF:linux-ypserv-bo(5730) INFERRED ACTION: CAN-2000-1042 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:linux-ypserv-bo(5730) ====================================================== Candidate: CAN-2000-1043 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1043 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: MANDRAKE:MDKSA-2000:064 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1 Reference: XF:linux-ypserv-format-string Reference: URL:http://xforce.iss.net/static/5731.php Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. Modifications: XF:linux-ypserv-format-string(5731) INFERRED ACTION: CAN-2000-1043 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:linux-ypserv-format-string(5731) ====================================================== Candidate: CAN-2000-1044 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1044 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: SUSE:SuSE-SA:2000:042 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html Reference: BID:1820 Reference: URL:http://www.securityfocus.com/bid/1820 Reference: XF:ypbind-printf-format-string Reference: URL:http://xforce.iss.net/static/5394.php Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges. Modifications: ADDREF XF:ypbind-printf-format-string(5394) INFERRED ACTION: CAN-2000-1044 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:ypbind-printf-format-string(5394) ====================================================== Candidate: CAN-2000-1045 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1045 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: REDHAT:RHSA-2000:024 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html Reference: MANDRAKE:MDKSA-2000-066 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3 Reference: BID:1863 Reference: URL:http://www.securityfocus.com/bid/1863 Reference: XF:nssldap-nscd-dos Reference: URL:http://xforce.iss.net/static/5449.php nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests. INFERRED ACTION: CAN-2000-1045 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-1049 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1049 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001101 Allaire's JRUN DoS Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97310314724964&w=2 Reference: ALLAIRE:ASB00-030 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full Reference: XF:allaire-jrun-servlet-dos Reference: URL:http://xforce.iss.net/static/5452.php Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters. INFERRED ACTION: CAN-2000-1049 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-1050 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1050 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236316510117&w=2 Reference: ALLAIRE:ASB00-027 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full Reference: XF:allaire-jrun-webinf-access Reference: URL:http://xforce.iss.net/static/5407.php Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash"). INFERRED ACTION: CAN-2000-1050 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-1051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1051 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236692714978&w=2 Reference: ALLAIRE:ASB00-028 Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full Reference: XF:allaire-jrun-ssifilter-url Reference: URL:http://xforce.iss.net/static/5405.php Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet. INFERRED ACTION: CAN-2000-1051 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell ====================================================== Candidate: CAN-2000-1054 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1054 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1705 Reference: URL:http://www.securityfocus.com/bid/1705 Reference: XF:ciscosecure-csadmin-bo Reference: URL:http://xforce.iss.net/static/5272.php Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet. INFERRED ACTION: CAN-2000-1054 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1055 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1055 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1706 Reference: URL:http://www.securityfocus.com/bid/1706 Reference: XF:ciscosecure-tacacs-dos Reference: URL:http://xforce.iss.net/static/5273.php Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet. INFERRED ACTION: CAN-2000-1055 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1056 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1056 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml Reference: BID:1708 Reference: URL:http://www.securityfocus.com/bid/1708 Reference: XF:ciscosecure-ldap-bypass-authentication Reference: URL:http://xforce.iss.net/static/5274.php CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords. INFERRED ACTION: CAN-2000-1056 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1057 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1057 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: unknown Reference: HP:HPSBUX0009-120 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html Reference: BID:1682 Reference: URL:http://www.securityfocus.com/bid/1682 Reference: XF:hp-openview-nnm-scripts Reference: URL:http://xforce.iss.net/static/5229.php Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions. INFERRED ACTION: CAN-2000-1057 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1058 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1058 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97004856403173&w=2 Reference: HP:HPSBUX0009-121 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0274.html Reference: XF:openview-nmm-snmp-bo Reference: URL:http://xforce.iss.net/static/5282.php Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem." INFERRED ACTION: CAN-2000-1058 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1059 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1059 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: CF Reference: BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security. Reference: URL:http://www.securityfocus.com/archive/1/136495 Reference: MANDRAKE:MDKSA-2000:052 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3 Reference: BID:1735 Reference: URL:http://www.securityfocus.com/bid/1735 Reference: XF:xinitrc-bypass-xauthority Reference: URL:http://xforce.iss.net/static/5305.php The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. INFERRED ACTION: CAN-2000-1059 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Cole, Mell NOOP(1) Wall ====================================================== Candidate: CAN-2000-1060 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1060 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: CF Reference: BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1 Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html Reference: FREEBSD:FreeBSD-SA-00:65 Reference: BID:1736 Reference: URL:http://www.securityfocus.com/bid/1736 Reference: XF:xinitrc-bypass-xauthority Reference: URL:http://xforce.iss.net/static/5305.php The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges. Modifications: ADDREF FREEBSD:FreeBSD-SA-00:65 INFERRED ACTION: CAN-2000-1060 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(3) Wall, Christey, Cole Voter Comments: Christey> ADDREF FREEBSD:FreeBSD-SA-00:65 ====================================================== Candidate: CAN-2000-1061 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1061 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: Reference: MS:MS00-075 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-075.asp Reference: XF:java-vm-applet Reference: URL:http://xforce.iss.net/static/5127.php Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability. Modifications: ADDREF XF:java-vm-applet(5127) INFERRED ACTION: CAN-2000-1061 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:java-vm-applet(5127) ====================================================== Candidate: CAN-2000-1068 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1068 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 Reference: CONFIRM:http://www.cgi-world.com/pollit.html Reference: XF:pollit-polloptions-execute-commands Reference: URL:http://xforce.iss.net/static/5792.php pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter. Modifications: ADDREF CONFIRM:http://www.cgi-world.com/pollit.html ADDREF XF:pollit-polloptions-execute-commands(5792) INFERRED ACTION: CAN-2000-1068 FINAL (Final Decision 20010122) Current Votes: ACCEPT(1) Mell MODIFY(1) Frech NOOP(2) Christey, Cole Voter Comments: Christey> CONFIRM:http://www.cgi-world.com/pollit.html Under the "product features" section, an item titled "Version 2.05 (Released: 10.24.00)" says: "Update to Fix Security Issues (Upgrade Suggested)" Frech> XF:pollit-polloptions-execute-commands(5792) ====================================================== Candidate: CAN-2000-1069 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1069 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 Reference: XF:pollit-admin-password-var Reference: URL:http://xforce.iss.net/static/5419.php pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters. INFERRED ACTION: CAN-2000-1069 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Frech, Baker, Mell NOOP(1) Cole ====================================================== Candidate: CAN-2000-1070 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1070 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again) Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97236719315352&w=2 Reference: XF:pollit-webroot-gain-access Reference: URL:http://xforce.iss.net/static/5794.php pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information. Modifications: ADDREF XF:pollit-webroot-gain-access(5794) INFERRED ACTION: CAN-2000-1070 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:pollit-webroot-gain-access(5794) ====================================================== Candidate: CAN-2000-1071 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1071 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: CF Reference: ATSTAKE:A100900-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt Reference: BID:1767 Reference: URL:http://www.securityfocus.com/bid/1767 Reference: XF:ical-xhost-gain-privileges Reference: URL:http://xforce.iss.net/static/5752.php The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges. Modifications: ADDREF XF:ical-xhost-gain-privileges(5752) INFERRED ACTION: CAN-2000-1071 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:ical-xhost-gain-privileges(5752) ====================================================== Candidate: CAN-2000-1072 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1072 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: CF Reference: ATSTAKE:A100900-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt Reference: BID:1768 Reference: URL:http://www.securityfocus.com/bid/1768 Reference: XF:ical-iplncal-gain-access Reference: URL:http://xforce.iss.net/static/5756.php iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse. Modifications: ADDREF XF:ical-iplncal-gain-access(5756) INFERRED ACTION: CAN-2000-1072 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:ical-iplncal-gain-access(5756) ====================================================== Candidate: CAN-2000-1073 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1073 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: ATSTAKE:A100900-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt Reference: BID:1769 Reference: URL:http://www.securityfocus.com/bid/1769 Reference: XF:ical-csstart-gain-access Reference: URL:http://xforce.iss.net/static/5757.php csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory. Modifications: ADDREF XF:ical-csstart-gain-access(5757) INFERRED ACTION: CAN-2000-1073 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Cole, Mell MODIFY(1) Frech Voter Comments: Frech> XF:ical-csstart-gain-access(5757) ====================================================== Candidate: CAN-2000-1074 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1074 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: ATSTAKE:A100900-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt Reference: BID:1769 Reference: URL:http://www.securityfocus.com/bid/1769 Reference: XF:ical-csstart-gain-access Reference: URL:http://xforce.iss.net/static/5757.php csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory. Modifications: ADDREF XF:ical-csstart-gain-access(5757) INFERRED ACTION: CAN-2000-1074 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:ical-csstart-gain-access(5757) ====================================================== Candidate: CAN-2000-1077 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1077 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module Reference: URL:http://www.securityfocus.com/archive/1/141435 Reference: XF:iplanet-web-server-shtml-bo Reference: URL:http://xforce.iss.net/static/5446.php Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension. INFERRED ACTION: CAN-2000-1077 FINAL (Final Decision 20010122) Current Votes: ACCEPT(4) Frech, Baker, Mell, TempVoter4 NOOP(1) Cole ====================================================== Candidate: CAN-2000-1080 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1080 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001129 Assigned: 20001129 Category: SF Reference: BUGTRAQ:20001102 dos on quake1 servers Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97318797630246&w=2 Reference: CONFIRM:http://proquake.ai.mit.edu/ Reference: BID:1900 Reference: URL:http://www.securityfocus.com/bid/1900 Reference: XF:quake-empty-udp-dos(5527) Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet. Modifications: ADDREF XF:quake-empty-udp-dos(5527) INFERRED ACTION: CAN-2000-1080 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Mell MODIFY(1) Frech NOOP(1) Cole Voter Comments: Frech> XF:quake-empty-udp-dos(5527) ====================================================== Candidate: CAN-2000-1089 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1089 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001201 Category: SF Reference: ATSTAKE:A120400-1 Reference: URL:http://www.stake.com/research/advisories/2000/a120400-1.txt Reference: MS:MS00-094 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-094.asp Reference: BID:2048 Reference: URL:http://www.securityfocus.com/bid/2048 Reference: XF:phone-book-service-bo(5623) Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability. Modifications: ADDREF XF:phone-book-service-bo(5623) INFERRED ACTION: CAN-2000-1089 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Wall, Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:phone-book-service-bo(5623) ====================================================== Candidate: CAN-2000-1094 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1094 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001212 Category: SF Reference: ATSTAKE:A121200-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt Reference: BUGTRAQ:20001213 Administrivia & AOL IM Advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97668265628917&w=2 Reference: BUGTRAQ:20001214 Re: AIM & @stake's advisory Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97683774417132&w=2 Reference: XF:aolim-buddyicon-bo Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument. Modifications: ADDREF BUGTRAQ:20001213 Administrivia & AOL IM Advisory ADDREF BUGTRAQ:20001214 Re: AIM & @stake's advisory ADDREF XF:aolim-buddyicon-bo INFERRED ACTION: CAN-2000-1094 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Wall, Baker, Cole MODIFY(1) Frech NOOP(1) Christey Voter Comments: Christey> ADDREF BUGTRAQ:20001213 Administrivia & AOL IM Advisory URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97668265628917&w=2 ADDREF BUGTRAQ:20001214 Re: AIM & @stake's advisory URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97683774417132&w=2 Frech> XF:aolim-buddyicon-bo ====================================================== Candidate: CAN-2000-1095 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1095 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html Reference: SUSE:SuSE-SA:2000:44 Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html Reference: MANDRAKE:MDKSA-2000:071 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1 Reference: REDHAT:RHSA-2000:108-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-108.html Reference: DEBIAN:20001120 modutils: local exploit Reference: URL:http://www.debian.org/security/2000/20001120 Reference: CONECTIVA:CLSA-2000:340 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340 Reference: BID:1936 Reference: URL:http://www.securityfocus.com/bid/1936 Reference: XF:linux-modprobe-execute-code Reference: URL:http://xforce.iss.net/static/5516.php modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters. Modifications: ADDREF XF:linux-modprobe-execute-code(5516) INFERRED ACTION: CAN-2000-1095 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-modprobe-execute-code(5516) ====================================================== Candidate: CAN-2000-1096 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1096 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001116 vixie cron... Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html Reference: DEBIAN:20001118 cron: local privilege escalation Reference: URL:http://www.debian.org/security/2000/20001118a Reference: BID:1960 Reference: URL:http://www.securityfocus.com/bid/1960 Reference: XF:vixie-cron-execute-commands(5543) crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file. Modifications: ADDREF XF:vixie-cron-execute-commands(5543) INFERRED ACTION: CAN-2000-1096 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:vixie-cron-execute-commands(5543) ====================================================== Candidate: CAN-2000-1097 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1097 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html Reference: BID:2013 Reference: URL:http://www.securityfocus.com/bid/2013 Reference: XF:sonicwall-soho-dos(5596) The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page. Modifications: ADDREF XF:sonicwall-soho-dos(5596) DESC Change name to "SonicWALL" INFERRED ACTION: CAN-2000-1097 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:sonicwall-soho-dos(5596) The company's name is SonicWALL. ====================================================== Candidate: CAN-2000-1099 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1099 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: SUN:00199 Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba Reference: HP:HPSBUX0011-132 Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0061.html Reference: XF:jdk-untrusted-java-class(5605) Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities. Modifications: ADDREF XF:jdk-untrusted-java-class(5605) INFERRED ACTION: CAN-2000-1099 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:jdk-untrusted-java-class(5605) ====================================================== Candidate: CAN-2000-1106 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1106 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001128 TrendMicro InterScan VirusWall shared folder problem Reference: URL:http://www.securityfocus.com/archive/1/147563 Reference: BUGTRAQ:20001201 Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability" Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0016.html Reference: BID:2014 Reference: URL:http://www.securityfocus.com/bid/2014 Reference: XF:interscan-viruswall-unauth-access Reference: URL:http://xforce.iss.net/static/5606.php Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs. Modifications: ADDREF XF:interscan-viruswall-unauth-access(5606) INFERRED ACTION: CAN-2000-1106 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:interscan-viruswall-unauth-access(5606) ====================================================== Candidate: CAN-2000-1107 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1107 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001128 SuSE Linux 6.x 7.0 Ident buffer overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html Reference: BID:2015 Reference: URL:http://www.securityfocus.com/bid/2015 Reference: XF:linux-ident-bo Reference: URL:http://xforce.iss.net/static/5590.php in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash. Modifications: ADDREF XF:linux-ident-bo(5590) INFERRED ACTION: CAN-2000-1107 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-ident-bo(5590) Baker> http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26start%3D2001-01-14%26fromthread%3D1%26threads%3D0%26end%3D2001-01-20%26mid%3D147592%26 ====================================================== Candidate: CAN-2000-1112 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1112 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: MS:MS00-090 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp Reference: BID:1976 Reference: URL:http://www.securityfocus.com/bid/1976 Reference: XF:mediaplayer-wms-script-exe Reference: URL:http://xforce.iss.net/static/5575.php Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability. Modifications: ADDREF XF:mediaplayer-wms-script-exe(5575) INFERRED ACTION: CAN-2000-1112 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Wall, Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:mediaplayer-wms-script-exe(5575) ====================================================== Candidate: CAN-2000-1113 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1113 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: ATSTAKE:A112300-1 Reference: URL:http://www.atstake.com/research/advisories/2000/a112300-1.txt Reference: MS:MS00-090 Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-090.asp Reference: BID:1980 Reference: URL:http://www.securityfocus.com/bid/1980 Reference: XF:mediaplayer-asx-bo Reference: URL:http://xforce.iss.net/static/5574.php Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability. Modifications: ADDREF XF:mediaplayer-asx-bo(5574) INFERRED ACTION: CAN-2000-1113 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Wall, Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:mediaplayer-asx-bo(5574) ====================================================== Candidate: CAN-2000-1115 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1115 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001122 602Pro Lan Suite Web Admin Overflow Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html Reference: CONFIRM:http://www.software602.com/products/ls/support/newbuild.html Reference: BID:1979 Reference: URL:http://www.securityfocus.com/bid/1979 Reference: XF:software602-lan-suite-bo Reference: URL:http://xforce.iss.net/static/5583.php Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request. Modifications: ADDREF XF:software602-lan-suite-bo(5583) INFERRED ACTION: CAN-2000-1115 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:software602-lan-suite-bo(5583) ====================================================== Candidate: CAN-2000-1120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1120 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97569466809056&w=2 Reference: AIXAPAR:IY08143 Reference: AIXAPAR:IY08287 Reference: BID:2033 Reference: URL:http://www.securityfocus.com/bid/2033 Reference: XF:aix-digest-bo(5620) Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands. Modifications: ADDREF XF:aix-digest-bo(5620) INFERRED ACTION: CAN-2000-1120 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Bollinger, Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:aix-digest-bo(5620) ====================================================== Candidate: CAN-2000-1131 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1131 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0144.html Reference: BID:1940 Reference: URL:http://www.securityfocus.com/bid/1940 Reference: XF:gbook-cgi-remote-execution Reference: URL:http://xforce.iss.net/static/5509.php Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable. Modifications: ADDREF XF:gbook-cgi-remote-execution(5509) INFERRED ACTION: CAN-2000-1131 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:gbook-cgi-remote-execution(5509) ====================================================== Candidate: CAN-2000-1132 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1132 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html Reference: BID:1951 Reference: URL:http://www.securityfocus.com/bid/1951 Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1 Reference: XF:dcforum-cgi-view-files(5533) DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable. Modifications: ADDREF XF:dcforum-cgi-view-files(5533) INFERRED ACTION: CAN-2000-1132 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:dcforum-cgi-view-files(5533) ====================================================== Candidate: CAN-2000-1135 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1135 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: DEBIAN:20001130 DSA-002-1 fsh: symlink attack Reference: URL:http://www.debian.org/security/2000/20001130 Reference: XF:linux-fsh-symlink(5633) fshd (fsh daemon) in Debian Linux allows local users to overwrite files of other users via a symlink attack. Modifications: ADDREF XF:linux-fsh-symlink(5633) INFERRED ACTION: CAN-2000-1135 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-fsh-symlink(5633) ====================================================== Candidate: CAN-2000-1136 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1136 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001122 New version of elvis-tiny released Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97502995616099&w=2 Reference: BID:1984 Reference: URL:http://www.securityfocus.com/bid/1984 Reference: XF:linux-tinyelvis-tmpfiles Reference: URL:http://xforce.iss.net/static/5632.php elvis-tiny before 1.4-10 in Debian Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack. Modifications: ADDREF XF:linux-tinyelvis-tmpfiles(5632) INFERRED ACTION: CAN-2000-1136 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:linux-tinyelvis-tmpfiles(5632) Baker> http://www.securityfocus.com/frames/?content=/templates/advisory.html%3Fid%3D2887 ====================================================== Candidate: CAN-2000-1137 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1137 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: DEBIAN:20001129 DSA-001-1 ed: symlink attack Reference: URL:http://www.debian.org/security/2000/20001129 Reference: MANDRAKE:MDKSA-2000:076 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3 Reference: REDHAT:RHSA-2000:123-01 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-123.html Reference: BUGTRAQ:20001211 Immunix OS Security update for ed Reference: CONECTIVA:CLA-2000:359-2 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000359 Reference: XF:gnu-ed-symlink(5723) GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack. Modifications: ADDREF CONECTIVA:CLA-2000:359-2 ADDREF XF:gnu-ed-symlink(5723) INFERRED ACTION: CAN-2000-1137 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2000:359-2 Frech> XF:gnu-ed-symlink(5723) ====================================================== Candidate: CAN-2000-1139 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1139 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: CF Reference: MS:MS00-088 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-088.asp Reference: BID:1958 Reference: URL:http://www.securityfocus.com/bid/1958 Reference: XF:ms-exchange-username-pwd(5537) The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability. Modifications: ADDREF XF:ms-exchange-username-pwd(5537) INFERRED ACTION: CAN-2000-1139 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Wall, Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:ms-exchange-username-pwd(5537) ====================================================== Candidate: CAN-2000-1140 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1140 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BID:1908 Reference: URL:http://www.securityfocus.com/bid/1908 Reference: XF:mantrap-hidden-processes Reference: URL:http://xforce.iss.net/static/5473.php Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem. Modifications: ADDREF XF:mantrap-hidden-processes(5473) INFERRED ACTION: CAN-2000-1140 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:mantrap-hidden-processes(5473) ====================================================== Candidate: CAN-2000-1141 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1141 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-hidden-processes Reference: URL:http://xforce.iss.net/static/5473.php Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system. Modifications: ADDREF XF:mantrap-hidden-processes(5473) INFERRED ACTION: CAN-2000-1141 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:mantrap-hidden-processes(5473) ====================================================== Candidate: CAN-2000-1142 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1142 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-pwd-reveal-information Reference: URL:http://xforce.iss.net/static/5949.php Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system. Modifications: ADDREF XF:mantrap-pwd-reveal-information(5949) INFERRED ACTION: CAN-2000-1142 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:mantrap-pwd-reveal-information(5949) ====================================================== Candidate: CAN-2000-1143 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1143 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-hidden-processes Reference: URL:http://xforce.iss.net/static/5473.php Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system. Modifications: ADDREF XF:mantrap-hidden-processes(5473) DESC Change "process" to "processes" INFERRED ACTION: CAN-2000-1143 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:mantrap-hidden-processes(5473) ====================================================== Candidate: CAN-2000-1144 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1144 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BID:1909 Reference: URL:http://www.securityfocus.com/bid/1909 Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-inode-disclosure Reference: URL:http://xforce.iss.net/static/5472.php Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment. Modifications: ADDREF XF:mantrap-inode-disclosure(5472) INFERRED ACTION: CAN-2000-1144 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:mantrap-inode-disclosure(5472) ====================================================== Candidate: CAN-2000-1145 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1145 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-identify-processes Reference: URL:http://xforce.iss.net/static/5950.php Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files. Modifications: ADDREF XF:mantrap-identify-processes(5950) INFERRED ACTION: CAN-2000-1145 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:mantrap-identify-processes(5950) ====================================================== Candidate: CAN-2000-1146 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1146 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html Reference: BID:1913 Reference: URL:http://www.securityfocus.com/bid/1913 Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97349791405580&w=2 Reference: XF:mantrap-dir-dos Reference: URL:http://xforce.iss.net/static/5528.php Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd. Modifications: ADDREF XF:mantrap-dir-dos(5528) INFERRED ACTION: CAN-2000-1146 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:mantrap-dir-dos(5528) ====================================================== Candidate: CAN-2000-1148 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1148 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: CF Reference: BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html Reference: BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html Reference: BID:1906 Reference: URL:http://www.securityfocus.com/bid/1906 Reference: XF:volanochatpro-plaintext-password Reference: URL:http://xforce.iss.net/static/5465.php The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server. Modifications: ADDREF XF:volanochatpro-plaintext-password(5465) INFERRED ACTION: CAN-2000-1148 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:volanochatpro-plaintext-password(5465) ====================================================== Candidate: CAN-2000-1149 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1149 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow Reference: URL:http://www.securityfocus.com/archive/1/143991 Reference: MS:MS00-087 Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-087.asp Reference: BID:1924 Reference: URL:http://www.securityfocus.com/bid/1924 Reference: XF:nt-termserv-gina-bo Reference: URL:http://xforce.iss.net/static/5489.php Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability. Modifications: ADDREF XF:nt-termserv-gina-bo(5489) INFERRED ACTION: CAN-2000-1149 FINAL (Final Decision 20010122) Current Votes: ACCEPT(3) Wall, Baker, Cole MODIFY(1) Frech Voter Comments: Frech> XF:nt-termserv-gina-bo(5489) ====================================================== Candidate: CAN-2000-1162 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1162 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: CALDERA:CSSA-2000-041 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt Reference: MANDRAKE:MDKSA-2000:074 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 Reference: CONECTIVA:CLSA-2000:343 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 Reference: REDHAT:RHSA-2000:114-03 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-114.html Reference: DEBIAN:20001123 ghostscript: symlink attack Reference: URL:http://www.debian.org/security/2000/20001123 Reference: BID:1990 Reference: URL:http://www.securityfocus.com/bid/1990 Reference: XF:ghostscript-sym-link Reference: URL:http://xforce.iss.net/static/5563.php ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack. Modifications: ADDREF XF:ghostscript-sym-link(5563) INFERRED ACTION: CAN-2000-1162 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ghostscript-sym-link(5563) ====================================================== Candidate: CAN-2000-1163 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1163 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: CALDERA:CSSA-2000-041 Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt Reference: MANDRAKE:MDKSA-2000:074 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3 Reference: CONECTIVA:CLSA-2000:343 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343 Reference: DEBIAN:20001123 ghostscript: symlink attack Reference: URL:http://www.debian.org/security/2000/20001123 Reference: BID:1991 Reference: URL:http://www.securityfocus.com/bid/1991 Reference: XF:ghostscript-env-variable Reference: URL:http://xforce.iss.net/static/5564.php ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript. Modifications: ADDREF XF:ghostscript-env-variable(5564) INFERRED ACTION: CAN-2000-1163 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:ghostscript-env-variable(5564) ====================================================== Candidate: CAN-2000-1167 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1167 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: FREEBSD:FreeBSD-SA-00:70 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc Reference: BID:1974 Reference: URL:http://www.securityfocus.com/bid/1974 Reference: XF:freebsd-ppp-bypass-gateway(5584) ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system. Modifications: ADDREF XF:freebsd-ppp-bypass-gateway(5584) INFERRED ACTION: CAN-2000-1167 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:freebsd-ppp-bypass-gateway(5584) ====================================================== Candidate: CAN-2000-1169 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1169 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html Reference: MANDRAKE:MDKSA-2000:068 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3 Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils) Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html Reference: DEBIAN:20001118 openssh: possible remote exploit Reference: URL:http://www.debian.org/security/2000/20001118 Reference: CONECTIVA:CLSA-2000:345 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345 Reference: REDHAT:RHSA-2000-111 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html Reference: SUSE:SuSE-SA:2000:47 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html Reference: BID:1949 Reference: URL:http://www.securityfocus.com/bid/1949 Reference: XF:openssh-unauthorized-access(5517) OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent. Modifications: ADDREF XF:openssh-unauthorized-access(5517) INFERRED ACTION: CAN-2000-1169 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:openssh-unauthorized-access(5517) ====================================================== Candidate: CAN-2000-1178 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1178 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html Reference: REDHAT:RHSA-2000:110-06 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html Reference: MANDRAKE:MDKSA-2000:072 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3 Reference: CONECTIVA:CLA-2000:356 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356 Reference: DEBIAN:20001121 joe: symlink attack Reference: URL:http://www.debian.org/security/2000/20001122 Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack Reference: URL:http://www.debian.org/security/2000/20001201 Reference: BUGTRAQ:20001121 Immunix OS Security update for joe Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500174210821&w=2 Reference: BID:1959 Reference: URL:http://www.securityfocus.com/bid/1959 Reference: XF:joe-symlink-corruption(5546) Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes. Modifications: ADDREF XF:joe-symlink-corruption(5546) INFERRED ACTION: CAN-2000-1178 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:joe-symlink-corruption(5546) ====================================================== Candidate: CAN-2000-1179 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1179 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97440068130051&w=2 Reference: BID:1952 Reference: URL:http://www.securityfocus.com/bid/1952 Reference: XF:netopia-view-system-log(5536) Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters. Modifications: ADDREF XF:netopia-view-system-log(5536) INFERRED ACTION: CAN-2000-1179 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:netopia-view-system-log(5536) ====================================================== Candidate: CAN-2000-1181 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1181 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html Reference: BID:1957 Reference: URL:http://www.securityfocus.com/bid/1957 Reference: XF:realserver-gain-access(5538) Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL. Modifications: ADDREF XF:realserver-gain-access(5538) INFERRED ACTION: CAN-2000-1181 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:realserver-gain-access(5538) ====================================================== Candidate: CAN-2000-1182 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1182 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html Reference: CONFIRM:https://www.watchguard.com/support/patches.html Reference: BID:1953 Reference: URL:http://www.securityfocus.com/bid/1953 Reference: XF:watchguard-firebox-ftp-dos(5535) WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling. Modifications: ADDREF XF:watchguard-firebox-ftp-dos(5535) INFERRED ACTION: CAN-2000-1182 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:watchguard-firebox-ftp-dos(5535) ====================================================== Candidate: CAN-2000-1184 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1184 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: FREEBSD:FreeBSD-SA-00:69 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc Reference: XF:telnetd-termcap-dos(5959) telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file. Modifications: ADDREF XF:telnetd-termcap-dos(5959) INFERRED ACTION: CAN-2000-1184 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:telnetd-termcap-dos(5959) ====================================================== Candidate: CAN-2000-1187 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1187 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010116-01 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: REDHAT:RHSA-2000:109-05 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-109.html Reference: CONECTIVA:CLSA-2000:344 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344 Reference: SUSE:SuSE-SA:2000:48 Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html Reference: FREEBSD:FreeBSD-SA-00:66 Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc Reference: BUGTRAQ:20001121 Immunix OS Security update for netscape Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97500270012529&w=2 Reference: XF:netscape-client-html-bo Reference: URL:http://xforce.iss.net/static/5542.php Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field. Modifications: ADDREF XF:netscape-client-html-bo(5542) INFERRED ACTION: CAN-2000-1187 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(1) Wall Voter Comments: Frech> XF:netscape-client-html-bo(5542) ====================================================== Candidate: CAN-2000-1189 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1189 Final-Decision: 20010122 Interim-Decision: 20010117 Modified: 20010119-02 Proposed: 20001219 Assigned: 20001214 Category: SF Reference: REDHAT:RHSA-2000:120 Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-120.html Reference: CONECTIVA:CLA-2000:358 Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000358 Reference: MANDRAKE:MDKSA-2000:082-1 Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-082.php3 Reference: XF:pam-localuser-bo(5747) Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges. Modifications: ADDREF CONECTIVA:CLA-2000:358 ADDREF MANDRAKE:MDKSA-2000:082-1 ADDREF XF:pam-localuser-bo(5747) INFERRED ACTION: CAN-2000-1189 FINAL (Final Decision 20010122) Current Votes: ACCEPT(2) Baker, Cole MODIFY(1) Frech NOOP(2) Wall, Christey Voter Comments: Christey> ADDREF CONECTIVA:CLA-2000:358 ADDREF MANDRAKE:MDKSA-2000:082-1 Frech> XF:pam-localuser-bo(5747)
|
||||
